|
Table Of Contents
Release Notes for Catalyst 4000 Family Software Release 5.x
Release 5.x Memory Requirements
Product and Software Version Matrix
New Features for Supervisor Engine Software Release 5.5
New Features for Supervisor Engine Software Release 5.4
New Features for Supervisor Engine Software Release 5.2
New Features for Supervisor Engine Software Release 5.1
Open and Resolved Caveats in Software Release 5.5(21)
Open Caveats in Software Release 5.5(21)
Resolved Caveats in Software Release 5.5(21)
Open and Resolved Caveats in Software Release 5.5(20)
Open Caveats in Software Release 5.5(20)
Resolved Caveats in Software Release 5.5(20)
Open and Resolved Caveats in Software Release 5.5(19)
Open Caveats in Software Release 5.5(19)
Resolved Caveats in Software Release 5.5(19)
Open and Resolved Caveats in Software Release 5.5(18)
Open Caveats in Software Release 5.5(18)
Resolved Caveats in Software Release 5.5(18)
Open and Resolved Caveats in Software Release 5.5(17)
Open Caveats in Software Release 5.5(17)
Resolved Caveats in Software Release 5.5(17)
Open and Resolved Caveats in Software Release 5.5(16)
Open Caveats in Software Release 5.5(16)
Resolved Caveats in Software Release 5.5(16)
Open and Resolved Caveats in Software Release 5.5(15)
Open Caveats in Software Release 5.5(15)
Resolved Caveats in Software Release 5.5(15)
Open and Resolved Caveats in Software Release 5.5(14)
Open Caveats in Software Release 5.5(14)
Resolved Caveats in Software Release 5.5(14)
Open and Resolved Caveats in Software Release 5.5(13a)
Open Caveats in Software Release 5.5(13a)
Resolved Caveats in Software Release 5.5(13a)
Open and Resolved Caveats in Software Release 5.5(13)
Open Caveats in Software Release 5.5(13)
Resolved Caveats in Software Release 5.5(13)
Open and Resolved Caveats in Software Release 5.5(12a)
Open Caveats in Software Release 5.5(12a)
Resolved Caveats in Software Release 5.5(12a)
Open and Resolved Caveats in Software Release 5.5(12)
Open Caveats in Software Release 5.5(12)
Resolved Caveats in Software Release 5.5(12)
Open and Resolved Caveats in Software Release 5.5(11a)
Open Caveats in Software Release 5.5(11a)
Resolved Caveats in Software Release 5.5(11a)
Open and Resolved Caveats in Software Release 5.5(11)
Open Caveats in Software Release 5.5(11)
Resolved Caveats in Software Release 5.5(11)
Open and Resolved Caveats in Software Release 5.5(10a)
Open Caveats in Software Release 5.5(10a)
Resolved Caveats in Software Release 5.5(10a)
Open and Resolved Caveats in Software Release 5.5(10)
Open Caveats in Software Release 5.5(10)
Resolved Caveats in Software Release 5.5(10)
Open and Resolved Caveats in Software Release 5.5(9)
Open Caveats in Software Release 5.5(9)
Resolved Caveats in Software Release 5.5(9)
Open and Resolved Caveats in Software Release 5.5(8a) CiscoView
Open Caveats in Software Release 5.5(8a) CiscoView
Resolved Caveats in Software Release 5.5(8a) CiscoView
Open and Resolved Caveats in Software Release 5.5(8)
Open Caveats in Software Release 5.5(8)
Resolved Caveats in Software Release 5.5(8)
Open and Resolved Caveats in Software Release 5.5(7a)
Open Caveats in Software Release 5.5(7a)
Resolved Caveats in Software Release 5.5(7a)
Open and Resolved Caveats in Software Release 5.5(7)
Open Caveats in Software Release 5.5(7)
Resolved Caveats in Software Release 5.5(7)
Open and Resolved Caveats in Software Release 5.5(6)
Open Caveats in Software Release 5.5(6)
Resolved Caveats in Software Release 5.5(6)
Open and Resolved Caveats in Software Release 5.5(5)
Open Caveats in Software Release 5.5(5)
Resolved Caveats in Software Release 5.5(5)
Open and Resolved Caveats in Software Release 5.5(4b)
Open Caveats in Software Release 5.5(4b)
Resolved Caveats in Software Release 5.5(4b)
Open and Resolved Caveats in Software Release 5.5(4)
Open Caveats in Software Release 5.5(4)
Resolved Caveats in Software Release 5.5(4)
Open and Resolved Caveats in Software Release 5.5(3)
Open Caveats in Software Release 5.5(3)
Resolved Caveats in Software Release 5.5(3)
Open and Resolved Caveats in Software Release 5.5(2)
Open Caveats in Software Release 5.5(2)
Resolved Caveats in Software Release 5.5(2)
Open and Resolved Caveats in Software Release 5.5(1)
Open Caveats in Software Release 5.5(1)
Resolved Caveats in Software Release 5.5(1)
Open and Resolved Caveats in Software Release 5.4(4a)
Open Caveats in Software Release 5.4(4a)
Resolved Caveats in Software Release 5.4(4a)
Open and Resolved Caveats in Software Release 5.4(3)
Open Caveats in Software Release 5.4(3)
Resolved Caveats in Software Release 5.4(3)
Open and Resolved Caveats in Software Release 5.4(2a)
Open Caveats in Software Release 5.4(2a)
Resolved Caveats in Software Release 5.4(2a)
Open and Resolved Caveats in Software Release 5.4(2)
Open Caveats in Software Release 5.4(2)
Resolved Caveats in Software Release 5.4(2)
Open and Resolved Caveats in Software Release 5.4(1)
Open Caveats in Software Release 5.4(1)
Resolved Caveats in Software Release 5.4(1)
Open and Resolved Caveats in Software Release 5.2(7a)
Open Caveats in Software Release 5.2(7a)
Resolved Caveats in Software Release 5.2(7a)
Open and Resolved Caveats in Software Release 5.2(7)
Open Caveats in Software Release 5.2(7)
Resolved Caveats in Software Release 5.2(7)
Open and Resolved Caveats in Software Release 5.2(6)
Open Caveats in Software Release 5.2(6)
Resolved Caveats in Software Release 5.2(6)
Open and Resolved Caveats in Software Release 5.2(5)
Open Caveats in Software Release 5.2(5)
Resolved Caveats in Software Release 5.2(5)
Open and Resolved Caveats in Software Release 5.2(4)
Open Caveats in Software Release 5.2(4)
Resolved Caveats in Software Release 5.2(4)
Open and Resolved Caveats in Software Release 5.2(2)
Open Caveats in Software Release 5.2(2)
Resolved Caveats in Software Release 5.2(2)
Open and Resolved Caveats in Software Release 5.2(1)
Open Caveats in Software Release 5.2(1)
Resolved Caveats in Software Release 5.2(1)
Open and Resolved Caveats in Software Release 5.1(2b)
Open Caveats in Software Release 5.1(2b)
Resolved Caveats in Software Release 5.1(2b)
Open and Resolved Caveats in Software Release 5.1(2a)
Open Caveats in Software Release 5.1(2a)
Resolved Caveats in Software Release 5.1(2a)
Open and Resolved Caveats in Software Release 5.1(1a)
Open Caveats in Software Release 5.1(1a)
Resolved Caveats in Software Release 5.1(1a)
Open Caveats in Software Release 5.1(1)
Usage Guidelines, Restrictions, and Troubleshooting
Authentication, Authorization, and Accounting
Documentation Updates for Software Release 5.4
Documentation Updates for Software Release 5.2
Documentation Updates for Software Release 5.1
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Catalyst 4000 Family Software Release 5.x
Current Release
5.5(21)—May 20, 2005
Previous Releases
5.5(20), 5.5(19), 5.5(18), 5.5(17), 5.5(16), 5.5(15), 5.5(14), 5.5(13a), 5.5(13), 5.5(12a), 5.5(12), 5.5(11a), 5.5(11), 5.5(1a), 5.5(10), 5.5(9), 5.5(8a), 5.5(8), 5.5(7a), 5.5(7), 5.5(6), 5.5(5), 5.5(4b), 5.5(4), 5.5(3), 5.4(3), 5.5(2), 5.5(1), 5.4(4a), 5.4(2a), 5.4(2), 5.4(1), 5.2(7a), 5.2(7), 5.2(6), 5.2(5), 5.2(4), 5.2(2), 5.2(1), 5.1(2b), 5.1(2a), 5.1(1a), 5.1(1)These release notes describe the features, modifications, and caveats for Catalyst 4000 family supervisor engine software release 5.x and all 5.x maintenance releases. The latest 5.x release is supervisor engine software release 5.5(21). These release notes apply to Catalyst 4000 family switches as well as to Catalyst 2948G and 2980G switches running Catalyst 4000 family supervisor engine software.
Note Beginning with supervisor engine software release 5.2(1), you must have 64-MB DRAM installed on your supervisor engine. For more information, see the "Release 5.x Memory Requirements" section.
Note To avoid losing all or part of the configuration stored in nonvolatile RAM (NVRAM), always back up the switch configuration file before upgrading or downgrading the switch software. Use the copy config tftp command to back up your configuration to a Trivial File Transfer Protocol (TFTP) server. Use the copy config flash command to back up the configuration to a Flash device.
Contents
This document consists of these sections:
•Release 5.x Memory Requirements
•Product and Software Version Matrix
•New Features for Supervisor Engine Software Release 5.5
•New Features for Supervisor Engine Software Release 5.4
•New Features for Supervisor Engine Software Release 5.2
•New Features for Supervisor Engine Software Release 5.1
•Open and Resolved Caveats in Software Release 5.5(21)
•Open and Resolved Caveats in Software Release 5.5(20)
•Open and Resolved Caveats in Software Release 5.5(19)
•Open and Resolved Caveats in Software Release 5.5(18)
•Open and Resolved Caveats in Software Release 5.5(17)
•Open and Resolved Caveats in Software Release 5.5(16)
•Open and Resolved Caveats in Software Release 5.5(15)
•Open and Resolved Caveats in Software Release 5.5(14)
•Open and Resolved Caveats in Software Release 5.5(13a)
•Open and Resolved Caveats in Software Release 5.5(13)
•Open and Resolved Caveats in Software Release 5.5(12a)
•Open and Resolved Caveats in Software Release 5.5(12)
•Open and Resolved Caveats in Software Release 5.5(11a)
•Open and Resolved Caveats in Software Release 5.5(11)
•Open and Resolved Caveats in Software Release 5.5(10a)
•Open and Resolved Caveats in Software Release 5.5(10)
•Open and Resolved Caveats in Software Release 5.5(9)
•Open and Resolved Caveats in Software Release 5.5(8a) CiscoView
•Open and Resolved Caveats in Software Release 5.5(8)
•Open and Resolved Caveats in Software Release 5.5(7a)
•Open and Resolved Caveats in Software Release 5.5(7)
•Open and Resolved Caveats in Software Release 5.5(6)
•Open and Resolved Caveats in Software Release 5.5(5)
•Open and Resolved Caveats in Software Release 5.5(4b)
•Open and Resolved Caveats in Software Release 5.5(4)
•Open and Resolved Caveats in Software Release 5.5(3)
•Open and Resolved Caveats in Software Release 5.5(2)
•Open and Resolved Caveats in Software Release 5.5(1)
•Open and Resolved Caveats in Software Release 5.4(4a)
•Open and Resolved Caveats in Software Release 5.4(3)
•Open and Resolved Caveats in Software Release 5.4(2a)
•Open and Resolved Caveats in Software Release 5.4(2)
•Open and Resolved Caveats in Software Release 5.4(1)
•Open and Resolved Caveats in Software Release 5.2(7a)
•Open and Resolved Caveats in Software Release 5.2(7)
•Open and Resolved Caveats in Software Release 5.2(6)
•Open and Resolved Caveats in Software Release 5.2(5)
•Open and Resolved Caveats in Software Release 5.2(4)
•Open and Resolved Caveats in Software Release 5.2(2)
•Open and Resolved Caveats in Software Release 5.2(1)
•Open and Resolved Caveats in Software Release 5.1(2b)
•Open and Resolved Caveats in Software Release 5.1(2a)
•Open and Resolved Caveats in Software Release 5.1(1a)
•Open Caveats in Software Release 5.1(1)
•Usage Guidelines, Restrictions, and Troubleshooting
•Documentation Updates for Software Release 5.4
•Documentation Updates for Software Release 5.2
•Documentation Updates for Software Release 5.1
Deferred Software Releases
Caution Catalyst 4000 family supervisor engine software release 5.1(1) was deferred due to caveat CSCdm09827. When you upgrade the switch software to release 5.1(1) from any 4.x release, the switch configuration is lost. This problem is resolved in software release 5.1(1a).
If you intend to upgrade to release 5.x from any 4.x release, we strongly recommend that you upgrade directly to release 5.1(1a) or later, skipping release 5.1(1). Always back up the switch configuration file before upgrading or downgrading the switch software to avoid losing all or part of the configuration.
If you are already running software release 5.1(1), there is no need to upgrade to 5.1(1a).
Power Supply Requirements
The Catalyst 4006 switch requires dual power supplies.
Release 5.x Memory Requirements
Table 1 shows the specific memory requirements for running software release 5.x on the Catalyst 4000 family Supervisor Engine I.
If your Supervisor Engine I has less than 64 MB RAM, you can add more memory by ordering the 32-MB DIMM RAM upgrade (Cisco product number MEM-C4K-32-RAM=) for the Catalyst 4000 family Supervisor Engine I.
Product and Software Version Matrix
This section contains configuration matrixes to help you order Catalyst 4000 family products. Table 2 lists the minimum supervisor engine version and the current recommended and default supervisor engine version for Catalyst 4000 family modules and chassis.
Orderable Software Images
Table 3 lists the software versions and applicable ordering information for supervisor engine software release 5.x.
Table 3 Software Version and Orderable Product Numbers
Software Version Filename Orderable Product NumberFlash on System Orderable Product NumberSpare Upgrade (Floppy Media) Supervisor Engine I5.1(1)
cat4000.5-1-1.bin
—
—
5.1(1a)
cat4000.5-1-1a.bin
SFC4K-SUP-5.1.1
SFC4K-SUP-5.1.1=
5.1(2a)
cat4000.5-1-2a.bin
SFC4K-SUP-5.1.2
SFC4K-SUP-5.1.2=
5.1(2b)
cat4000.5-1-2b.bin
SFC4K-SUP-5.1.2b
SFC4K-SUP-5.1.2b=
5.2(1)
cat4000.5-2-1.bin
SFC4K-SUP-5.2.1
SFC4K-SUP-5.2.1=
5.2(2)
cat4000.5-2-2.bin
SFC4K-SUP-5.2.2
SFC4K-SUP-5.2.2=
5.2(4)
cat4000.5-2-4.bin
SFC4K-SUP-5.2.4
SFC4K-SUP-5.2.4=
5.2(5)
cat4000.5-2-5.bin
SFC4K-SUP-5.2.5
SFC4K-SUP-5.2.5=
5.2(6)
cat4000.5-2-6.bin
SFC4K-SUP-5.2.6
SFC4K-SUP-5.2.6=
5.2(7a)
cat4000.5-2-7a.bin
SFC4K-SUP-5.2.7a
SFC4K-SUP-5.2.7a=
5.2(7)
cat4000.5-2-7.bin
SFC4K-SUP-5.2.7
SFC4K-SUP-5.2.7=
5.4(2)
cat4000.5-4-2.bin
SC4K-SUP-5.4.2
SC4K-SUP-5.4.2=
5.4(2) CiscoView
cat4000-cv.5-4-2.bin
SC4K-SUPCV-5.4.2
SC4K-SUPCV-5.4.2=
5.4(2a)
cat4000.5-4-2a.bin
SC4K-SUP-5.4.2a
SC4K-SUP-5.4.2a=
5.4(3)
cat4000.5-4-3.bin
SC4K-SUP-5.4.3
SC4K-SUP-5.4.3=
5.4(4a)
cat4000.5-4-4a.bin
SC4K-SUP-5.4.4a
SC4K-SUP-5.4.4a=
5.5(1)
cat4000.5-5-1.bin
SC4K-SUP-5.5.1
SC4K-SUP-5.5.1=
5.5(1) CiscoView
cat4000-cv.5-5-1.bin
SC4K-SUPCV-5.4.1
SC4K-SUPCV-5.5.1=
5.5(2)
cat4000.5-5-2.bin
SC4K-SUP-5.5.2
SC4K-SUP-5.5.2=
5.5(2) CiscoView
cat4000-cv.5-5-2.bin
SC4K-SUPCV-5.5.2
SC4K-SUPCV-5.5.2=
5.5(3)
cat4000.5-5-3.bin
SC4K-SUP-5.5.3
SC4K-SUP-5.5.3=
5.5(3) CiscoView2
cat4000-cv.5-5-3.bin
SC4K-SUPCV-5.5.3
SC4K-SUPCV-5.5.3=
5.5(4)
cat4000.5-5-4.bin
SC4K-SUP-5.5.4
SC4K-SUP-5.5.4=
5.5(4) CiscoView1 , 2
cat4000-cv.5-5-4.bin
SC4K-SUPCV-5.5.4
SC4K-SUPCV-5.5.4=
5.5(4b)
cat4000.5-5-4b.bin
SC4K-SUP-5.5.4b
SC4K-SUP-5.5.4b=
5.5(5)
cat4000.5-5-5.bin
SC4K-SUP-5.5.5
SC4K-SUP-5.5.5=
5.5(6)
cat4000.5-5-6.bin
SC4K-SUP-5.5.6
SC4K-SUP-5.5.6=
5.5(7a)
cat4000.5-5-7a.bin
SC4K-SUP-5.5.7a
SC4K-SUP-5.5.7a=
5.5(7)
cat4000.5-5-7.bin
SC4K-SUP-5.5.7
SC4K-SUP-5.5.7=
5.5(8)
cat4000.5-5-8.bin
SC4K-SUP-5.5.8
SC4K-SUP-5.5.8=
5.5(9)
cat4000.5-5-9.bin
SC4K-SUP-5.5.9
SC4K-SUP-5.5.9=
5.5(10)
cat4000.5-5-10.bin
SC4K-SUP-5.5.10
SC4K-SUP-5.5.10=
5.5(10a)
cat4000.5-5-10a.bin
SC4K-SUP-5.5.10a
SC4K-SUP-5.5.10a=
5.5(11)
cat4000.5-5-11.bin
SC4K-SUP-5.5.11
SC4K-SUP-5.5.11=
5.5(11a)
cat4000.5-5-11a.bin
SC4K-SUP-5.5.11a
SC4K-SUP-5.5.11a=
5.5(12)
cat4000.5-5-12.bin
SC4K-SUP-5.5.12
SC4K-SUP-5.5.12=
5.5(12a)
cat4000.5-5-12a.bin
SC4K-SUP-5.5.12a
SC4K-SUP-5.5.12a=
5.5(13)
cat4000.5-5-13.bin
SC4K-SUP-5.5.13
SC4K-SUP-5.5.13=
5.5(13a)
cat4000.5-5-13a.bin
SC4K-SUP-5.5.13a
SC4K-SUP-5.5.13a=
5.5(14)
cat4000.5-5-14.bin
SC4K-SUP-5.5.14
SC4K-SUP-5.5.14=
5.5(15)
cat4000.5-5-15.bin
SC4K-SUP-5.5.15
SC4K-SUP-5.5.15=
5.5(16)
cat4000.5-5-16.bin
SC4K-SUP-5.5.16
SC4K-SUP-5.5.16=
5.5(17)
cat4000.5-5-17.bin
SC4K-SUP-5.5.17
SC4K-SUP-5.5.17=
5.5(18)
cat4000.5-5-18.bin
SC4K-SUP-5.5.18
SC4K-SUP-5.5.18=
5.5(19)
cat4000.5-5-19.bin
SC4K-SUP-5.5.19
SC4K-SUP-5.5.19=
Supervisor Engine II5.4(2)
cat4000.5-4-2.bin
SC4K-SUP-5.4.2
SC4K-SUP-5.4.2=
5.4(2) CiscoView2
cat4000-cv.5-4-.bin
SC4K-SUPCV-5.4.2
SC4K-SUPCV-5.4.2=
5.4(2a)
cat4000.5-4-2a.bin
SC4K-SUP-5.4.2a
SC4K-SUP-5.4.2a=
5.4(3)
cat4000.5-4-3.bin
SC4K-SUP-5.4.3
SC4K-SUP-5.4.3=
5.4(4a)
cat4000.5-4-4a.bin
SC4K-SUP-5.4.4a
SC4K-SUP-5.4.4a=
5.5(1)
cat4000.5-5-1.bin
SC4K-SUP-5.5.1
SC4K-SUP-5.5.1=
5.5(1) CiscoView1, 2
cat4000-cv.5-5-1.bin
SC4K-SUPCV-5.5.1
SC4K-SUPCV-5.5.1=
5.5(2)
cat4000.5-5-2.bin
SC4K-SUP-5.5.2
SC4K-SUP-5.5.2=
5.5(2) CiscoView1, 2
cat4000-cv.5-5-2.bin
SC4K-SUPCV-5.5.2
SC4K-SUPCV-5.5.2=
5.5(3)
cat4000.5-5-3.bin
SC4K-SUP-5.5.3
SC4K-SUP-5.5.3=
5.5(3) CiscoView1, 2
cat4000-cv.5-5-3.bin
SC4K-SUPCV-5.5.3
SC4K-SUPCV-5.5.3=
5.5(4)
cat4000.5-5-4.bin
SC4K-SUP-5.5.4
SC4K-SUP-5.5.4=
5.5(4) CiscoView 1, 2
cat4000-cv.5-5-4.bin
SC4K-SUPCV-5.5.4
SC4K-SUPCV-5.5.4=
5.5(4b)
cat4000.5-5-4b.bin
SC4K-SUP-5.5.4b
SC4K-SUP-5.5.4b=
5.5(5)
cat4000.5-5-5.bin
SC4K-SUP-5.5.5
SC4K-SUP-5.5.5=
5.5(5) CiscoView1, 2
cat4000-cv.5-5-5.bin
SC4K-SUPCV-5.5.5
SC4K-SUPCV-5.5.5=
5.5(6)
cat4000.5-5-6.bin
SC4K-SUP-5.5.6
SC4K-SUP-5.5.6=
5.5(7a)
cat4000.5-5-7.bin
SC4K-SUP-5.5.7
SC4K-SUP-5.5.7=
5.5(7)
cat4000.5-5-7a.bin
SC4K-SUP-5.5.7a
SC4K-SUP-5.5.7a=
5.5(8)
cat4000.5-5-8.bin
SC4K-SUP-5.5.8
SC4K-SUP-5.5.8=
5.5(8a)CiscoView1, 2
cat4000-cv.5-5-8a.bin
SC4K-SUPCV-5.5.8a
SC4K-SUPCV-5.5.8a=
5.5(9)
cat4000.5-5-9.bin
SC4K-SUP-5.5.9
SC4K-SUP-5.5.9=
5.5(10)
cat4000.5-5-10.bin
SC4K-SUP-5.5.10
SC4K-SUP-5.5.10=
5.5(10a)
cat4000.5-5-10a.bin
SC4K-SUP-5.5.10a
SC4K-SUP-5.5.10a=
5.5(11)
cat4000.5-5-11.bin
SC4K-SUP-5.5.11
SC4K-SUP-5.5.11=
5.5(11a)
cat4000.5-5-11a.bin
SC4K-SUP-5.5.11a
SC4K-SUP-5.5.11a=
5.5(12)
cat4000.5-5-12.bin
SC4K-SUP-5.5.12
SC4K-SUP-5.5.12=
5.5(12a)
cat4000.5-5-12a.bin
SC4K-SUP-5.5.12a
SC4K-SUP-5.5.12a=
5.5(13)
cat4000.5-5-13.bin
SC4K-SUP-5.5.13
SC4K-SUP-5.5.13=
5.5(13a)
cat4000.5-5-13a.bin
SC4K-SUP-5.5.13a
SC4K-SUP-5.5.13a=
5.5(14)
cat4000.5-5-14.bin
SC4K-SUP-5.5.14
SC4K-SUP-5.5.14=
5.5(15)
cat4000.5-5-15.bin
SC4K-SUP-5.5.15
SC4K-SUP-5.5.15=
5.5(16)
cat4000.5-5-16.bin
SC4K-SUP-5.5.16
SC4K-SUP-5.5.16=
5.5(17)
cat4000.5-5-17.bin
SC4K-SUP-5.5.17
SC4K-SUP-5.5.17=
5.5(18)
cat4000.5-5-18.bin
SC4K-SUP-5.5.18
SC4K-SUP-5.5.18=
5.5(19)
cat4000.5-5-19.bin
SC4K-SUP-5.5.19
SC4K-SUP-5.5.19=
5.5(20)
cat4000.5-5-20.bin
SC4K-SUP-5.5.20
SC4K-SUP-5.5.20=
5.5(21)
cat4000.5-5-21.bin
SC4K-SUP-5.5.21
SC4K-SUP-5.5.21=
1 The 5.5(4) and later CiscoView releases requires JPI (Java Plug-in) 1.3 in the browser. These releases are incompatible with 5.5(3) CiscoView and earlier releases, which require JPI 1.2.2.
2 All 5.x CiscoView images have been deferred due to CSCdu25881. You should upgrade to CiscoView release 5.5(8a)CiscoView. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml
New Features for Supervisor Engine Software Release 5.5
This section describes the new features available in software release 5.5.
Hardware Features
This section lists the new hardware features available in software release 5.5.
•Catalyst 4003 and 4006 Layer 3 Services Module (WS-X4232-L3)
•Catalyst 4000 Backplane Channel Module (WS-X4019)
•Catalyst 4006 DC Power Supply (WS-X4008)
Software Features
This section lists the new software features available in software release 5.5.
•Support for auxiliary virtual LANs (VLANs)
•Layer 3 support with the Catalyst 4003 and 4006 Layer 3 Services Module
•Switch Acceleration
New Features for Supervisor Engine Software Release 5.4
This section describes the new features available in software release 5.4.
Hardware Features
This section lists the new hardware features available in software release 5.4.
•Catalyst 4006 chassis (WS-C4006-S2)
•Catalyst 4006 Supervisor Engine (WS-X4013)
•Catalyst 2980G 80-port 10/100/1000 Fixed Configuration Switch (WS-C2980G)
•24-port 100BASE-FX Fast Ethernet Switching Module (WS-X4124-FX-MT)
•48-port 10/100-Mbps Fast Ethernet Switching Module (WS-X4148-RJ21)
•12-port 1000BASE-T Gigabit Ethernet Switching Module (WS-4412-2GB-TX)
Software Features
This section lists the new software features available in software release 5.4.
•Unidirectional Link Detection Protocol (UDLD) enhancements—With supervisor engine software releases 5.4(3) and later, you can specify the message interval between UDLD messages. Previously, the message interval was fixed at 60 seconds. With a configurable message interval, UDLD reacts much faster to link failures.
Additionally, releases 5.4(3) and later have UDLD aggressive mode, which is recommended only for point-to-point links between Cisco switches running software release 5.4(3) or later. UDLD aggressive mode is disabled by default. When aggressive mode is enabled and a port on a bidirectional link stops receiving UDLD packets, UDLD tries to reestablish the connection with the neighbor. After eight failed retries, the port enters an errdisable state.
In order to prevent spanning tree loops, set normal UDLD message intervals to 15 seconds. This setting is fast enough to shut down a unidirectional link before a blocking port transitions to forwarding state (when default spanning tree parameters are used).
Enabling UDLD aggressive mode provides additional benefits in the following cases:
–One side of a link has a port stuck (both Tx and Rx)
–One side of a link remains up while the other side of the link has gone down
In these cases, UDLD aggressive mode disables one of the ports on the link and stops dropping traffic. Even with aggressive mode disabled, there would have been no risk for a broadcast storm due to a spanning tree loop in this situation, as one port is unable to pass traffic in both directions.
Note Before using UDLD, read the "Open and Resolved Caveats in Software Release 5.5(1)" section, and note the recommendations listed for caveat CSCdr50206.
For detailed information on configuring the message interval and UDLD aggressive mode, refer to the online version of the Software Configuration Guide—Catalyst 5000 Family, 4000 Family, 2928G Series, 2948G, and 2980G Switches, Release 5.4.
•The Catalyst Web Interface (CWI) is a browser-based tool that you can use to configure the Catalyst 6000 family, 5000 family, and 4000 family switches. It consists of a graphical user interface (GUI) that runs on the client (a Catalyst version of CiscoView 5.0) and a Hypertext Transfer Protocol (HTTP) server that runs on the switch. A GUI alternative to the CLI and SNMP interfaces, the CWI provides a real-time graphical representation of the switch and detailed information such as port status, module status, chassis type, and installed modules. The CWI uses HTTP to download CiscoView from the server to the client.
For information on installing and using the CWI, refer to the Catalyst 6000 Family, 5000 Family, and 4000 Family Switches Web Interface Installation and Configuration Note.
•RADIUS authorization and accounting—Provides client-server authentication and accounting for users attempting to connect to the switch.
•TACACS+ authorization and accounting—Provides client-server authentication and accounting for access to network devices.
•Generic summertime—Allows you to configure non-US daylight saving time.
•ErrDisabletTimeout—Allows you to automatically enable or reset a port minutes after the port is disabled by the software due to excessive errors.
•Case-sensitive password—Allows you to set case-sensitive passwords.
•IP Permit List enhancements—Increases the number of IP entries allowed.
•Banner improvement—Increases the banner string length to 3,070 characters, and includes a tab character.
•Scheduled reset—Allows you to reset the switch at a specified date and time.
•Permanent Address Resolution Protocol (ARP) entries—Allows you to save a static ARP entry in the NVRAM (or Flash) configuration file so a reset or power cycle does not clear the entry.
•show tech-support command—Allows you to capture all of the information and statistics required by Cisco TAC for the entire device.
•VLAN 1 disable on trunks—Allows you to disable VLAN 1 on any individual VLAN trunk link.
•PortFast guard—Provides a way to shut the port down when any received BPDUs are detected.
•Simple Network Management Protocol version 3 (SNMPv3)—Provides security and remote configuration capabilities of SNMPv3.
New Features for Supervisor Engine Software Release 5.2
This section lists the new features available in software release 5.2.
•Quality of Service (QoS)—Allows the switch to set the 802.1p CoS value for incoming unmarked frames on the Catalyst 4000 family and 2948G switches.
•Dynamic Host Configuration Protocol (DHCP) client—Allows the switch to obtain its IP configuration automatically from a DHCP server.
•Configure from Flash at startup—Allows the switch to run one or more configuration files stored in Flash memory when the switch is powered on or reset.
•Flexible PAgP—Provides enhancements and new functionality to existing EtherChannel port bundling features, including non-contiguous port bundles, port bundles of up to eight ports, and port bundles across multiple modules.
•Port security enhancements—Provides additional port security features, such as restricting traffic on a secure port instead of shutting down the port, and allowing multiple secure addresses on a port.
•UDLD on copper—Provides support for the UDLD protocol on copper media.
•Kerberos Telnet—Provides support for encrypted Telnet sessions on the switch using Kerberos.
•Remote Copy Protocol (RCP) support—Provides an alternative method for copying system software image files and configuration files over the network, using rcp.
•Switched Port Analyzer (SPAN) enhancements—Provides a "don't learn" option to prevent a SPAN destination port with the inpkts enable option set from learning addresses from the incoming traffic.
•Command completion—Provides new command-line options such as keyword completion using the Tab key and context-sensitive help using?.
•New and enhanced commands:
–show config, write terminal, copy config—Provides a way to display, by default, the changes that have been made to the default switch configuration. Use the all keyword to display both the default and nondefault configuration.
–set port host—Provides a command macro that optimizes a port for host connections by enabling spanning tree PortFast mode and setting the trunking mode and EtherChannel mode to off.
New Features for Supervisor Engine Software Release 5.1
This section lists the new features available in Catalyst 4000 family software release 5.1.
•Support for the following hardware:
–32-port 10/100BASE-TX RJ-45 switching module with uplink module support
–4-port 100BASE-FX MT-RJ uplink module
•VMPS and dynamic VLANs—Provides VMPS client and dynamic VLAN membership support on the Catalyst 4000 family switches.
•RADIUS authentication—Provides client-server authentication for users attempting to connect to the switch.
•SPAN enhancements—Provides more flexibility in configuring SPAN sessions, including multiple SPAN sources independent of VLAN membership.
•CDP Version 2—Provides additional information on connected Cisco devices, including native VLAN and port duplex mismatches.
•IEEE 802.1Q to Inter-Switch Link (ISL) VLAN mapping—Allows you to map 802.1Q VLANs that are greater than VLAN 1000 to ISL VLANs.
•IEEE GVRP— GARP application that provides 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports.
•IEEE GMRP—GARP application that provides a constrained multicast flooding facility similar to IGMP snooping and CGMP.
•CIDR IP routes—Allows you to specify classless IP routes for IP traffic originating on the switch.
•UDLD—Detects unidirectional connections on fiber-optic links.
•NTP authentication—Prevents the switch from accepting NTP updates from untrusted sources, as described in RFC 1305.
•64-bit counters for mini-RMON groups.
•Support for RFC 2021 RMON2 User History group.
•Support for the following SNMP MIBs:
–ENTITY-MIB
–CISCO-SYSLOG-MIB
–CISCO-PROCESS-MIB
–CISCO-STP-EXTENSIONS-MIB
–Cisco Switch TopN MIB
–Cisco Trace Route MIB
–Cisco Show Port Capabilities MIB
–Cisco Config. File Management MIB
–Cisco Multiple Default Gateways MIB
Open and Resolved Caveats in Software Release 5.5(21)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(21):
•Open Caveats in Software Release 5.5(21)
•Resolved Caveats in Software Release 5.5(21)
Open Caveats in Software Release 5.5(21)
There are no open caveats in software release 5.5(21).
Resolved Caveats in Software Release 5.5(21)
This section describes resolved caveats in supervisor engine software release 5.5(21).
•Your switch could crash after completing a software upgrade from Cisco software release 5.5.13 to 5.5.20. The crash info decode indicates that Tacacs+ is involved.
Workaround: Remove the Tacacs+ configuration. This problem is resolved in software release 5.5(21). (CSCee87653)
Open and Resolved Caveats in Software Release 5.5(20)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(20):
•Open Caveats in Software Release 5.5(20)
•Resolved Caveats in Software Release 5.5(20)
Open Caveats in Software Release 5.5(20)
There are no open caveats in software release 5.5(20).
Resolved Caveats in Software Release 5.5(20)
This section describes resolved caveats in supervisor engine software release 5.5(20).
•A TTL of 32 is too low for some implementations. A TTL of 32 may decrement before the packets get out of a MPLS network. This situation can cause problems with any IP-based application. This problem is resolved in software release 5.5(20). (CSCea48092)
•The switch might incorrectly report an STP root change with the following message:
2003 Jun 09 11:42:28 EST -04:00 %SPANTREE-5-ROOTCHANGE:Root changed for Vlan Y:New root port n/m. New Root mac address is XX-XX-XX-XX-XX-XX.This is an informational message only and should not affect the operation of your switch. The workaround is to change the logging level on the SPANTREE facility down to level 4. This problem is resolved in software release 5.5(20). (CSCeb78548)
•The system does not synchronize local time through Network Time Protocol (NTP) when summertime is configured or changed. This problem is resolved in software release 5.5(20). (CSCdx42695)
•The set spantree root command does not work if the switch is already the root for the VLAN. This problem is resolved in software release 5.5(20). (CSCec13215)
Open and Resolved Caveats in Software Release 5.5(19)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(19):
•Open Caveats in Software Release 5.5(19)
•Resolved Caveats in Software Release 5.5(19)
Open Caveats in Software Release 5.5(19)
There are no open caveats in software release 5.5(19).
Resolved Caveats in Software Release 5.5(19)
This section describes resolved caveats in supervisor engine software release 5.5(19).
•A Catalyst 4000 family switch with a WS-X4012 occasionally returns an invalid value of 4.29497e+09 for CPU objects cpmCPUTotal5sec and cpmCPUTotal1min. This problem is resolved in software release 5.5(19). (CSCdz42365)
•A port with port security enabled is not included in the static CAM table when an MC receiver is on the port. When the host sends an IGMP join report to the MC router, the MC router sends a CGMP join to the switch but the switch does not add the host to the static CAM table.
If there are no other hosts, the switch will flood the MC traffic and all hosts will receive the traffic. However, if just one host with port security disabled joins the group, only that host will show up in the static CAM table and all other hosts will stop receiving the MC traffic.
Workaround: Disable either port security or CGMP on the switch. This problem is resolved in software release 5.5(19). (CSCdz89564)
•Moving a host from a secured port to an unsecured port causes a security violation. This problem is resolved in software release 5.5(19). (CSCea07450)
•The show log command on a Catalyst 4006 switch does not report power supply 3 failures.
Workaround: Install a syslog server to show power supply unit failures. This problem is resolved in software release 5.5(19). (CSCdz45426)
•The multicast entry for a trunk port in a nondefault VLAN disappears when you configure permanent CAM entries on the trunk port for any VLAN other than the default VLAN and reboot the system.
Workaround: Clear the permanent CAM and reconfigure the CAM entries. This problem is resolved in software release 5.5(19). (CSCea31013)
Open and Resolved Caveats in Software Release 5.5(18)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(18):
•Open Caveats in Software Release 5.5(18)
•Resolved Caveats in Software Release 5.5(18)
Open Caveats in Software Release 5.5(18)
There are no open caveats in software release 5.5(18).
Resolved Caveats in Software Release 5.5(18)
There are no resolved caveats in software release 5.5(18).
Open and Resolved Caveats in Software Release 5.5(17)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(17):
•Open Caveats in Software Release 5.5(17)
•Resolved Caveats in Software Release 5.5(17)
Open Caveats in Software Release 5.5(17)
There are no open caveats in software release 5.5(17).
Resolved Caveats in Software Release 5.5(17)
This section describes resolved caveats in supervisor engine software release 5.5(17).
•Under rare circumstances, a Catalyst 4000 family switch will crash after receiving a corrupted VTP packet with an invalid vlan_id. The switch will recover automatically.
Workaround: There is no workaround. (CSCdy60111)
•In a Catalyst 4006 switch that is fully populated with WS-X4148 cards running software version 7.1(2), the port security shutdown timer might not work as expected and you might not be able to reenable the shutdown ports on all line cards. This problem is resolved in software release 5.5(17). (CSCdy01966)
Open and Resolved Caveats in Software Release 5.5(16)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(16):
•Open Caveats in Software Release 5.5(16)
•Resolved Caveats in Software Release 5.5(16)
Open Caveats in Software Release 5.5(16)
There are no open caveats in software release 5.5(16).
Resolved Caveats in Software Release 5.5(16)
This section describes resolved caveats in supervisor engine software release 5.5(16).
•When you enter the show port and show counters commands using the CLI, FCS errors are generated, but when the SNMP object dot3StatFCSError is polled, no errors are indicated. This problem is resolved in software release 5.5(16). (CSCdx88030)
•If a static MAC address is installed using the port security feature, a flood-path can be installed instead of a unicast path. The port security feature automatically installs a static MAC address if there is a secure address configured on the port. This problem is resolved in software release 5.5(16). (CSCdy14154)
•When Spanning Tree Protocol (STP) tries to send a SCP message to set CBL for a channel port, it queries the Port Aggregation Protocol (PAgP) to get the corresponding physical ports. In some rare cases, the Network Management Protocol (NMP) gets a port that has been removed from STP (and now nontrunking) and sends an SCP message for that port which results in native VLAN inconsistencies.
Workaround: There is no workaround. This problem is resolved in software release 5.5(16). (CSCdw12370)
Open and Resolved Caveats in Software Release 5.5(15)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(15):
•Open Caveats in Software Release 5.5(15)
•Resolved Caveats in Software Release 5.5(15)
Open Caveats in Software Release 5.5(15)
There are no open caveats in software release 5.5(15).
Resolved Caveats in Software Release 5.5(15)
This section describes resolved caveats in supervisor engine software release 5.5(15).
•The total number of all received error packets (as represented in the CLI by the show mac command and its associated InLost counter) is not available through SNMP because the dot3StatsInternalMacRxErrs MIB is incorrect. This problem is resolved in software release 5.5(15). (CSCdw86025)
•When a reachable host and an unreachable host are configured as syslog servers on a Catalyst 2948G switch without a default-gateway, only the first syslog message is sent to the syslog server. After clearing the unreachable host, any unsent messages are sent to the reachable host all at once.
Workaround: Clear the unreachable host from the configuration. This problem is resolved in software release 5.5(15). (CSCdx52404)
Open and Resolved Caveats in Software Release 5.5(14)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(14):
•Open Caveats in Software Release 5.5(14)
•Resolved Caveats in Software Release 5.5(14)
Open Caveats in Software Release 5.5(14)
This section lists open caveats in software release 5.5(14).
•ARP packets from an AIX server connected to the Catalyst 4000 family switch with GEC links are not received. This problem is intermittent. (CSCdv15018)
•The Catalyst 2948G switch sends traps from unused ports. The traps are received even after disabling the trap from the port. (CSCdw19089)
Resolved Caveats in Software Release 5.5(14)
This section describes resolved caveats in supervisor engine software release 5.5(14).
•UplinkFast is delayed when a module fails. When you remove the fiber on the forwarding port, UplinkFast works fine and traffic recovers after a few seconds but, when you disable the module, it takes an average of 25 seconds to recover. This problem is resolved in software release 5.5(14). (CSCdt41259)
•The switch does not respond correctly to community strings containing "/". This problem is resolved in software release 5.5(14). (CSCdx03088)
•The HP Top Tools remote control joins or leaves a bridge group approximately once every minute. This problem is resolved in software release 5.5(14). (CSCdw00897)
•Under certain circumstances, it is possible that the UplinkFast feature can cause high CPU utilization on a Catalyst 4000 family switch running MST or MISTP.
Workaround: Reboot the switch. This problem is resolved in software release 5.5(14). (CSCdu61791)
•A switch in HSRP standby status is changed to active status. When status is restored, it does not return to active status from standby status.
Workaround: The switch recovers if the interface on the HSRP standby side is set to shutdown or no shutdown. This problem is resolved in software release 5.5(14). (CSCdw32957)
•The switch might reload if VTP is configured in client or server mode and connected to a Catalyst 4000 family switch with a Supervisor Engine III.
Workaround: Configure VTP to use transparent mode. This problem is resolved in software release 5.5(14). (CSCdw41158)
•On the Catalyst 2948G or 2980G switches, port negotiation or flow control commands are not saved in the configuration file. This can be seen when you issue the show config all command. This does not affect the functionality of the switch, but if you reload the switch with a tftp configuration file, the port negotiation and port flowcontrol configuration settings will be lost. However, the configuration remains intact in the NVRAM and rebooting will not affect the configuration. This issue is not apparent on Catalyst 4000 family switches. This problem is resolved in software release 5.5(14). (CSCdw44268)
•CISCO-STACK-MIB SNMP controlled configuration download is not functioning correctly. This problem is resolved in software release 5.5(14). (CSCdx04874)
Open and Resolved Caveats in Software Release 5.5(13a)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(13a):
•Open Caveats in Software Release 5.5(13a)
•Resolved Caveats in Software Release 5.5(13a)
Open Caveats in Software Release 5.5(13a)
This section lists open caveats in software release 5.5(13a).
•The HP Top Tools remote control joins or leaves a bridge group approximately once every minute.
Workaround: None. (CSCdw00897)
•A router in HSRP standby status is changed to active status. When status is restored by the router, it does not revert back to standby status from active status.
Workaround: The router recovers if the interface on the HSRP standby side is set to shutdown or no shutdown. (CSCdw32957)
•UplinkFast is delayed when a module fails. When you remove the fiber on the forwarding port, UplinkFast works fine and traffic recovers after a few seconds but, when you disable the module, it takes an average of 25 seconds to recover.
Workaround: None. (CSCdt41259)
•ARP packets from an AIX server connected to the Catalyst 4000 family switch with GEC links are not received. This problem is intermittent.
Workaround: None. (CSCdv15018)
•The Catalyst 2948G switch sends traps from unused ports. The traps are received even after disabling the trap from the port.
Workaround: None. (CSCdw19089)
Resolved Caveats in Software Release 5.5(13a)
This section describes resolved caveats in supervisor engine software release 5.5(13a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.5(13a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.5(13)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(13):
•Open Caveats in Software Release 5.5(13)
•Resolved Caveats in Software Release 5.5(13)
Open Caveats in Software Release 5.5(13)
This section lists open caveats in software release 5.5(13).
•The HP Top Tools remote control joins or leaves a bridge group approximately once every minute.
Workaround: None. (CSCdw00897)
•A router in HSRP standby status is changed to active status. When status is restored by the router, it does not revert back to standby status from active status.
Workaround: The router recovers if the interface on the HSRP standby side is set to shutdown or no shutdown. (CSCdw32957)
•UplinkFast is delayed when a module fails. When you remove the fiber on the forwarding port, UplinkFast works fine and traffic recovers after a few seconds but, when you disable the module, it takes an average of 25 seconds to recover.
Workaround: None. (CSCdt41259)
•ARP packets from an AIX server connected to the Catalyst 4000 family switch with GEC links are not received. This problem is intermittent.
Workaround: None. (CSCdv15018)
•The Catalyst 2948G switch sends traps from unused ports. The traps are received even after disabling the trap from the port.
Workaround: None. (CSCdw19089)
Resolved Caveats in Software Release 5.5(13)
This section lists caveats resolved in software release 5.5(13).
•A Catalyst 4003 switch cannot join to bridge ports when workstations are connected directly to the switch during reboot. This problem is resolved in software release 5.5(13). (CSCdu44423)
•When polling a Supervisor Engine 1A through SNMP, there must be at least a 1-millisecond delay between successive SNMP Gets. Without a minor delay, the Catalyst 4000 family switch will output the following display message:
2001 Mar 30 14:03:53 %IP-3-UDP_SOCKOVFL:UDP socket 1034 overflowThis problem does not affect switch performance. This problem is resolved in software release 5.5(13). (CSCdt86655)
•When accessing the system via an HTTP interface, an NMP exception occurs. This problem is resolved in software release 5.5(13). (CSCdw02887)
•VMPS does not work when a PC is moved between hubs. This problem is resolved in software release 5.5(13). (CSCdw23807)
Open and Resolved Caveats in Software Release 5.5(12a)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(12a):
•Open Caveats in Software Release 5.5(12a)
•Resolved Caveats in Software Release 5.5(12a)
Open Caveats in Software Release 5.5(12a)
This section lists open caveats in software release 5.5(12a).
•Some ports on a Catalyst 4003 switch cannot join to bridge ports when workstations are connected directly to a Catalyst switch at the time of reboot.
Workaround: Disconnect and reconnect the workstation. (CSCdu44423)
Resolved Caveats in Software Release 5.5(12a)
This section lists caveats resolved in software release 5.5(12a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.5(12a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.5(12)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(12):
•Open Caveats in Software Release 5.5(12)
•Resolved Caveats in Software Release 5.5(12)
Open Caveats in Software Release 5.5(12)
This section lists open caveats in software release 5.5(12).
•Some ports on a Catalyst 4003 switch cannot join to bridge ports when workstations are connected directly to a Catalyst switch at the time of reboot.
Workaround: Disconnect and reconnect the workstation. (CSCdu44423)
Resolved Caveats in Software Release 5.5(12)
This section lists caveats resolved in software release 5.5(12).
•The switch might experience a memory leak if TACACS accounting is enabled and multiple Telnet sessions are established (concurrently or nonconcurrently). The memory leak could lead to a system reset or the switch could become unreachable.
Workaround: Disable TACACS accounting and then reset the switch to free up the memory buffers. This problem is resolved in software release 5.5(12). (CSCdv38306)
•Creating an EtherChannel consisting of ports located on different modules might not work on Catalyst 4000 family switches.
Workaround: Upgrade the switch software. This problem is resolved in software release 5.5(12). (CSCdv39598)
•The switch might be unreachable on the management VLAN and not appear in the show cdp neighbors command output, however, user traffic is normal. Under these conditions, the switch displays a "Run out of system memory, screen scrolling disabled" message. The workaround is to disable TACACS accounting using the set accounting commands disable command and then reset the switch. This problem is resolved in software release 5.5(12). (CSCdu25416)
•While booting, a Catalyst 4000 family switch with EtherChannel activity might crash and display the following error message:
address on load errorThis problem is resolved in software release 5.5(12). (CSCdv21311)
•If you have IP permit configured on your switch and you upgrade your switch software from a version of 5.4.2 or earlier to any version later than 5.4.2, you will lose your IP permit entries. However, the main ip permit enable configuration will remain, and the switch might not be accessible from Telnet; even so, the switch might still be accessible using other protocols, such as SNMP or ssh.
Workaround: Upgrade the switch software. Before upgrading the switch software, back up the switch configuration and disable IP permit by using the set ip permit disable command. After you have upgraded the software, enable IP permit lists using the set ip permit enable command, or restore the configuration from the backup you made before performing the software upgrade. This problem is resolved in software release 5.5(12). (CSCdv81793)
Open and Resolved Caveats in Software Release 5.5(11a)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(11a):
•Open Caveats in Software Release 5.5(11a)
•Resolved Caveats in Software Release 5.5(11a)
Open Caveats in Software Release 5.5(11a)
This section lists open caveats in software release 5.5(11a).
•Opening configuration dialogs after resizing CiscoView browser window on a Solaris/Netscape Communicator client with Java plugin 1.3.0 causes a Java IlleagalComponentStateException error.
Workaround: Close and reopen the dialog. (CSCdu32555)
Resolved Caveats in Software Release 5.5(11a)
This section lists caveats resolved in software release 5.5(11a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.5(11a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.5(11)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(11):
•Open Caveats in Software Release 5.5(11)
•Resolved Caveats in Software Release 5.5(11)
Open Caveats in Software Release 5.5(11)
This section lists open caveats in software release 5.5(11).
•Opening configuration dialogs after resizing CiscoView browser window on a Solaris/Netscape Communicator client with Java plugin 1.3.0 causes a Java IlleagalComponentStateException error.
Workaround: Close and reopen the dialog. (CSCdu32555)
Resolved Caveats in Software Release 5.5(11)
This section lists caveats resolved in software release 5.5(11).
•If you configure more than one default gateway, the default gateway might change from the primary to the secondary and back without an obvious valid reason. This problem is resolved in software release 5.5(11). (CSCdt73765)
Open and Resolved Caveats in Software Release 5.5(10a)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(10a):
•Open Caveats in Software Release 5.5(10a)
•Resolved Caveats in Software Release 5.5(10a)
Open Caveats in Software Release 5.5(10a)
This section lists open caveats in software release 5.5(10a).
•Opening configuration dialogs after resizing CiscoView browser window on a Solaris/Netscape Communicator client with Java plugin 1.3.0 causes a Java IlleagalComponentStateException error.
Workaround: Reopen the dialog. (CSCdu32555)
Resolved Caveats in Software Release 5.5(10a)
This section lists caveats resolved in software release 5.5(10a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.5(10a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.5(10)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(10):
•Open Caveats in Software Release 5.5(10)
•Resolved Caveats in Software Release 5.5(10)
Open Caveats in Software Release 5.5(10)
This section lists open caveats in software release 5.5(10).
•Opening configuration dialogs after resizing CiscoView browser window on a Solaris/Netscape Communicator client with Java plugin 1.3.0 causes a Java IlleagalComponentStateException error.
Workaround: Reopen the dialog. (CSCdu32555)
Resolved Caveats in Software Release 5.5(10)
This section lists caveats resolved in software release 5.5(10).
•Including a control character, such as ^C, in a comment line of a configuration file causes the commands following the comment line to be ignored when the configuration file is copied to the running configuration. This problem occurs with all 5.x software releases prior to 5.5(10).
This problem is resolved in software release 5.5(10). (CSCdu58728)
•Under extremely rare conditions, a switch port might lose VLAN configuration. An affected trunk port transmits user traffic untagged. Connectivity to the rest of the network might be impacted if the affected port is an uplink. Spanning Tree Protocol, CDP and other control traffic continues to operate normally.
This problem is resolved in software release 5.5(10). (CSCdu48749)
•On a WS-X4013, the show sprom command does not display the GBIC see prom contents. The command works on all other modules. The GBIC type is displayed correctly in the output of the show port command.
This problem is resolved in software release 5.5(10). (CSCdu78230)
Open and Resolved Caveats in Software Release 5.5(9)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(9):
•Open Caveats in Software Release 5.5(9)
•Resolved Caveats in Software Release 5.5(9)
Open Caveats in Software Release 5.5(9)
This section lists open caveats in software release 5.5(9).
•Under extremely rare conditions, a switch port might lose VLAN configuration. An affected trunk port transmits user traffic untagged. Connectivity to the rest of the network might be impacted if the affected port is an uplink. Spanning Tree Protocol, CDP and other control traffic continues to operate normally.
Workaround: Disable and reenable the affected port to restore connectivity. (CSCdu48749)
•Opening configuration dialogs after resizing CiscoView browser window on a Solaris/Netscape Communicator client with Java plugin 1.3.0 causes a Java IlleagalComponentStateException error.
Workaround: Reopen the dialog. (CSCdu32555)
Resolved Caveats in Software Release 5.5(9)
This section lists caveats resolved in software release 5.5(9).
•When there is multicast and broadcast traffic on the WS-X4013 module, packets might be lost for a short period of time (milliseconds) when hosts are in the process of joining or leaving a multicast/broadcast group. This problem is resolved in software release 5.5(9). (CSCdp38859)
•RMON history, event, and alarm entries are not saved after reload. This problem is resolved in software release 5.5(9). (CSCdu26550)
•Console Telnet sessions might lock up while the switch is establishing the connection, if you cancel the Telnet client using Ctrl-C.
Workaround: Wait several seconds after establishing a connection before you cancel a Telnet session.
This problem is resolved in software release 5.5(9). (CSCdu29283)
•The console command, show test 1, does not correctly display all of the POST results. Operation of the switch is not affected. There are no false positives, when the supervisor is shown as faulty, but POST passed. If the supervisor is shown as faulty, then you know that POST failed. This problem is resolved in software release 5.5(9). (CSCdu33978)
•When an ISL trunk port is connected to an access port and QoS is enabled on the switch with the ISL trunk, the ISL header will have the USER bits set in the destination address. Currently, the QoS ASIC will drop the packets with user bits set to 0 and 1 only; therefore, packets with other bits set will be forwarded on the access VLAN of the nontrunk port. These packets will not go through the blocked ports.
Workaround: Fix the misconfiguration by setting both ends to trunking.
This problem is resolved in software release 5.5(9). (CSCdu10858)
•The Catalyst 4000 family switch sends the wrong trap OID (.1.3.6.1.2.1.47.2.1.0.1) for the entConfigChange MIB. This problem is resolved in software release 5.5(9). (CSCdu34057)
•You might not be able to enable logging for Dynamic VLANs using the set logging level dvlan command:
Console> (enable) set logging level dvlan 7Invalid FacilityConsole> (enable)This problem is resolved in software release 5.5(9). (CSCdu19163)
•There is a problem with parallel TACACS+/RADIUS/KERBEROS access. Authentication protocols (TACACS+, RADIUS, KERBEROS) use a global character array to store the user input (such as passwords). Because the buffer is global, it is shared by all console and Telnet sessions and might contain input from multiple Telnet sessions; this situation might cause incorrect password input for authentication. The following example is used for clarification:
–User A—username test, password cisco
–User B—username test2, password cisco
User A Telnets to the switch, types "test," presses Enter, and then types the password but does not press Enter. On the other host, User B also Telnets to the switch, types "test2," presses Enter, types the wrong password, and presses Enter which causes a login failure. User A goes back to the first switch and since the password is already there, User A presses Enter, but the password is treated as an incorrect password.
This problem is resolved in software release 5.5(9). (CSCdu35551)
•The "hidden" commands, set igmp mode and show igmp mode, have been moved to enable mode. For descriptions of these commands, refeer to the Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G Switches Command Reference, software release 5.5, located at: http://cco/univercd/cc/td/doc/product/lan/cat5000/rel_5_5/index.htm. This problem is resolved in software release 5.5(9). (CSCdu39547)
Open and Resolved Caveats in Software Release 5.5(8a) CiscoView
These sections describe the open and resolved caveats in supervisor engine software release 5.5(8a) CiscoView:
•Open Caveats in Software Release 5.5(8a) CiscoView
•Resolved Caveats in Software Release 5.5(8a) CiscoView
Open Caveats in Software Release 5.5(8a) CiscoView
This section lists open caveats in software release 5.5(8a) CiscoView.
•If CiscoView cannnot be launched on a Solaris/Netscape Communicator client or if an Access Control Error occurs, clear the browser cache or ensure that the plugin and JRE versions match. To change the JRE version to match the plugin version, open Java plugin ControlPanel under <JAVA_PLUGIN_INSTALL_DIRECTORY>/j2pi/ControlPanel (standard Java plugin installation directory is /opt/NSCPcom/ ). Then go to the Advanced tab and select Java Run Time Environment as "Use Java Plug-in Default." (CSCdu32540)
•Opening configuration dialogs after resizing CiscoView browser window on a Solaris/Netscape Communicator client with Java plugin 1.3.0, causes a java IlleagalComponentStateException error. The workaround is to open the same dialog again. (CSCdu32555)
•With multicast and broadcast traffic on the WS-X4013 module, packets might be lost when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
Resolved Caveats in Software Release 5.5(8a) CiscoView
This section lists caveats resolved in software release 5.5(8a) CiscoView.
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml
This problem is resolved in software release 5.5(8a)CiscoView (CSCdu25881).
Open and Resolved Caveats in Software Release 5.5(8)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(8):
•Open Caveats in Software Release 5.5(8)
•Resolved Caveats in Software Release 5.5(8)
Open Caveats in Software Release 5.5(8)
This section lists open caveats in software release 5.5(8).
•With multicast and broadcast traffic on the WS-X4013 module, packets might be lost when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
Resolved Caveats in Software Release 5.5(8)
This section lists caveats resolved in software release 5.5(8).
•The Catalyst 4006 switch fails SNMP walk on the following OID: .iso.org.dod.internet.mgmt.mib-2.dot1dBridge.dot1dTp.dot1dTpFdbTable.dot1dTpFdbEntry.dot1dTpFdbPort (.1.3.6.1.2.1.17.4.3.1.2). This problem is resolved in software release 5.5(8). (CSCdt36981)
•It might take up to two minutes for 1000BASE-T ports on the WS-X4412-2GB-T module to power on. This problem is resolved in software release 5.5(8). (CSCdp90760)
•The Catalyst 4000 family switch can temporarily forward HSRP hello packets out of a blocked port when UplinkFast and CGMP fast leave are enabled on the switch, and HSRP is enabled on a router in the network. The problem clears itself in about five minutes. This problem is resolved in software release 5.5(8). (CSCdt13403)
•The dot1dTpPortInDiscards will return 0 for a bridge port. This problem is resolved in software release 5.5(8). (CSCdt71890)
•With bundled FEC spans, whole spans might be lost when removing one admin port from SNMP and the CLI will display erroneous information. This problem is resolved in software release 5.5(8). (CSCdt90794)
•When the ifOperStatus value for the port changes (the port is enabled and disabled, or the link is brought up and down), the ifLastChange value for the port does not change. This problem is resolved in software release 5.5(8). (CSCdt69418)
Open and Resolved Caveats in Software Release 5.5(7a)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(7a):
•Open Caveats in Software Release 5.5(7a)
•Resolved Caveats in Software Release 5.5(7a)
Open Caveats in Software Release 5.5(7a)
This section lists open caveats in software release 5.5(7a).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•With multicast and broadcast traffic on the WS-X4013 module, packets might be lost when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•The Catalyst 4000 family switch can temporarily forward HSRP hello packets out of a blocked port when UplinkFast and CGMP fast leave are enabled on the switch, and HSRP is enabled on a router in the network. The problem clears itself in about five minutes.
Workaround: Disable CGMP fast leave on the switch when HSRP is enabled in the network. (CSCdt13403)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to power on.
Workaround: Connect the port to another device and then reconnect it to the desired device. As a final option, you can reset the module. (CSCdp90760)
Resolved Caveats in Software Release 5.5(7a)
This section lists caveats resolved in software release 5.5(7a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.5(7a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.5(7)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(7):
•Open Caveats in Software Release 5.5(7)
•Resolved Caveats in Software Release 5.5(7)
Open Caveats in Software Release 5.5(7)
This section lists open caveats in software release 5.5(7).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•With multicast and broadcast traffic on the WS-X4013 module, packets might be lost when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•The Catalyst 4000 family switch can temporarily forward HSRP hello packets out of a blocked port when UplinkFast and CGMP fast leave are enabled on the switch, and HSRP is enabled on a router in the network. The problem clears itself in about five minutes.
Workaround: Disable CGMP fast leave on the switch when HSRP is enabled in the network. (CSCdt13403)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to power on.
Workaround: Connect the port to another device and then reconnect it to the desired device. As a final option, you can reset the module. (CSCdp90760)
Resolved Caveats in Software Release 5.5(7)
This section lists caveats resolved in software release 5.5(7).
•When configured as an NTP client, the Catalyst 4000 family switch incorrectly reports summertime. The reported summertime end time is advanced by one year. The show ntp command displays the following information:
Console> (enable) show ntpCurrent time: Tue Feb 13 2001, 20:50:21 NZDTTimezone: 'NZST', offset from UTC is 12 hoursSummertime: 'NZDT', enabledStart : Sun Oct 1 2000, 02:00:00End : Sun Mar 17 2002, 03:00:00 <========= Here is the problemOffset: 60 minutesLast NTP update: Tue Feb 13 2001, 20:49:27This problem is resolved in software release 5.5(7). (CSCdt43350)
•If you run a script that contains a show command followed by several Ctrl-Cs, you might corrupt the stacktop of the next process. This problem is resolved in software release 5.5(7). (CSCdt30178)
•When you upgrade the supervisor engine software on a WS-X4013 supervisor module, the supervisor engine might hang and require a manual reset. When this happens, often this last message is displayed:
Upgrade NVRAM successful.This can occur when upgrading to any 5.4(x) release or 5.5(x) releases prior to 5.5(7). This fix also covers all the cases described in CSCdr96136. This problem is resolved in software release 5.5(7). (CSCdt69490)
•The system might reload if you delete a nonexistent VLAN from the vtpVlanEditTable through SNMP. This problem is resolved in software release 5.5(7). (CSCdt38160)
•On a Catalyst 4006 switch with a Supervisor Engine II, switch ports in the same VLAN might lose connectivity with one another. This loss of connectivity results in a VLAN appearing to be partitioned into several isolated segments. A host might be able to ping one set of devices in its VLAN, but it cannot ping another set of devices in the same VLAN.
This loss of connectivity is independent of the slot a module is installed in. The same set of ports on a module are affected regardless of the slot that the module is installed in. This problem is resolved in software releases 6.2(1) and 6.1(3). (CSCdt80707)
Open and Resolved Caveats in Software Release 5.5(6)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(6):
•Open Caveats in Software Release 5.5(6)
•Resolved Caveats in Software Release 5.5(6)
Open Caveats in Software Release 5.5(6)
This section lists open caveats in software release 5.5(6).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•With multicast and broadcast traffic on the WS-X4013 module, packets might be lost when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to power on.
Workaround: Connect the port to another device and then reconnect it to the desired device. As a final option, you can reset the module. (CSCdp90760)
Resolved Caveats in Software Release 5.5(6)
This section lists caveats resolved in software release 5.5(6).
•A switch can crash due to a rapid memory leak when UDP traffic with a destination port of 0 is processed by the SC0 management interface. This problem is resolved in software release 5.5(6). (CSCds46986)
•Immediately after booting up, some IPX clients might not able to connect to an IPX server. This problem is resolved in software release 5.5(6). (CSCds27476)
•Entering the show file bootflash: command might cause the supervisor engine to crash. This problem is resolved in software release 5.5(6). (CSCds89528)
•When autonegotiation is enabled on one end of a link and a speed setting is forced on the other end, the link might come up with mismatched duplex settings after a switch reboots. Specifically, the port that was configured to auto-negotiate might come up with half duplex, while its link partner comes up with full duplex. This problem is resolved in software release 5.5(6). (CSCds79273)
•The set spantree root diameter command generates the following error message and does not tune the timers if the switch is already the root switch of the spanning tree:
Switch is already the root switch for active VLAN xIf the switch is not the root switch, the command works correctly and tunes the timers to the specified diameter. This problem is resolved in software release 5.5(6). (CSCdt08211)
•Runt packets (packets that are shorter than 64 bytes and have an FCS error) received on 10/100 Mbps ports incorrectly cause both the FCS-error counter and the runt counter to be incremented. As of the 5.5(6) release, such packets increment only the runt counter. (CSCdt15053)
•Changes in the NTP client request packet format generated by the switch can cause problems with certain time servers. Specifically, the default content and length of the NTP authentication fields were changed between software release 4.x and 5.x. This problem is resolved in software release 5.5(6). (CSCds90575)
•A switch might reboot if you create a conceptual row with index 0.0.0.0 in vmVmpsTable. This problem is resolved in software release 5.5(6). (CSCdt25320)
•The Xmit-Err counter might increment on unconnected ports. This problem is resolved in software release 5.5(6). (CSCds89148)
•A WS-X4013 supervisor engine in a Catalyst 4006 chassis might fail a software upgrade. This commonly happens when migrating from software release 5.4(2) to 5.4(3) or 5.5(1), but it can happen with any set of software releases. The final message displayed on the console is as follows:
Update NVRAM successfulThis problem is resolved in software release 5.5(6). (CSCdr96136)
•A switch on which the console prompt has been customized with the set prompt command might crash if the set system name command is entered with a name longer than 64 characters. This problem is resolved in software release 5.5(6). (CSCds26711)
Open and Resolved Caveats in Software Release 5.5(5)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(5):
•Open Caveats in Software Release 5.5(5)
•Resolved Caveats in Software Release 5.5(5)
Open Caveats in Software Release 5.5(5)
This section lists open caveats in software release 5.5(5).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•With multicast and broadcast traffic on the WS-X4013 module, packets might be lost when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•IPX clients are not able to connect to a server at bootup. (CSCds27476)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter in the output of the show port command might erroneously show a value of 1, which indicates an error has occurred. In this event, a carrier sense error usually does not occur. (CSCdk69054)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to power on.
Workaround: Connect the port to another device and then reconnect it to the desired device. As a final option, you can reset the module. (CSCdp90760)
•The switch encounters a TLB exception due to a rapid memory leak when UDP traffic with a destination port of 0 is processed by the sc0 management interface. (CSCds46986)
Resolved Caveats in Software Release 5.5(5)
This section lists caveats resolved in software release 5.5(5).
•You cannot create an etherStatsEntry with the same ifIndex in the etherStatsDataSource as the one in the existing etherStatsEntry. This switch problem exists in all platforms that run software releases 5.x and 6.1(1). This problem is resolved in software release 5.5(5). (CSCds22815)
•Given a series of unathenticated Telnet attempts, the switch might fail to either pass traffic or accept management connections until you reboot the system (or perform a power cycle). This problem is resolved in software release 5.5(5). (CSCds66191)
•Sometimes the show cam dynamic command or an SNMP host query will generate the message "SYS-4-P2_WARN: 1/Filtering Ethernet MAC address of value zero from agent host table interface." This message indicates that the switch has observed a packet with the noncompliant source MAC address 00-00-00-00-00-00. This address is filtered from the show cam dynamic output and cannot be cleared from the switch's host table with the clear cam dynamic command. Consequently, for every host query of the switch by either SNMP or the CLI, this warning message will be logged until the switch is reset. This problem is resolved in software release 5.5(5). (CSCds69706).
•Very rarely when you perform an SNMP mibwalk on a very busy switch, the switch will encounter a TLB exception. This problem is resolved in software release 5.5(5). (CSCds79950)
•Very rarely a switch might reset under a heavy load. To determine whether the reset is due to this rare condition, issue the show crashdump 1 command after the switch reboots. If you observe that the switch crashed in Connection_onAckTimeout (a procedure in the image), you are probably experiencing this problem. This problem is resolved in software release 5.5(5). (CSCds84051)
Open and Resolved Caveats in Software Release 5.5(4b)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(4b):
•Open Caveats in Software Release 5.5(4b)
•Resolved Caveats in Software Release 5.5(4b)
Open Caveats in Software Release 5.5(4b)
This section lists open caveats in software release 5.5(4b).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•With multicast and broadcast traffic on the WS-X4013 module, packets might lost when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to power on.
Workaround: Connect the port to another device and then reconnect it to the desired device. As a final option, you can reset the module. (CSCdp90760)
•IPX clients are not able to connect to a server at bootup. (CSCds27476)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter in the output of the show port command might erroneously show a value of 1, which indicates an error has occurred. In this event, a carrier sense error usually does not occur. (CSCdk69054)
•Catalyst 4000 family switch crashes due to a rapid memory leak when UDP traffic with destination port 0 is processed by the SC0 management interface. (CSCds46986)
Resolved Caveats in Software Release 5.5(4b)
This section lists caveats resolved in software release 5.5(4b).
•A 1040-byte memory leak occurs every time a user fails to Telnet to the switch because of an authentication failure such as using the wrong password. It could also occur with a successful Telnet login if a script is used and the session is very short. This problem is resolved in software release 5.5(4b). (CSCds66191)
Open and Resolved Caveats in Software Release 5.5(4)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(4):
•Open Caveats in Software Release 5.5(4)
•Resolved Caveats in Software Release 5.5(4)
Open Caveats in Software Release 5.5(4)
This section lists open caveats in software release 5.5(4).
•IPX clients are not able to connect to a server at bootup. (CSCds27476)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to power on.
Workaround: Connect the port to another device and then reconnect it to the desired device. As a final option, you can reset the module. (CSCdp90760)
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•With multicast and broadcast traffic on the WS-X4013 module, packets might lost when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter in the output of the show port command might erroneously show a value of 1, which indicates an error has occurred. In this event, a carrier sense error usually does not occur. (CSCdk69054)
•Catalyst 4000 family switch crashes due to a rapid memory leak when UDP traffic with destination port 0 is processed by the sc0 management interface. (CSCds46986)
Resolved Caveats in Software Release 5.5(4)
This section lists caveats resolved in software release 5.5(4).
•SNMP mibwalks for dynamically learned hosts are very slow. This problem is resolved in software release 5.5(4). (CSCds30442)
•To avoid high CPU utilization from a show logging buffer command, do not display more than 20 messages when the screen length is set to 0 or greater than 24 with the set length command. This problem is resolved in software release 5.5(4). (CSCds05287)
•WS-X4124-FX-MT and WS-U4504-FX-MT power on with
SYS-3-MOD_MINORFAIL:Minor problem in module #if ports are receiving traffic. The problem exists in versions 5.4(3), 5.5(1) and later. Versions 5.4(2) and earlier do not have the problem. This problem is resolved in software release 5.5(4) and 6.1(2). (CSCds25826)
•The switch might run out of memory if multiple Telnet sessions are open simultaneously while other features are active. This problem is resolved in software release 5.5(4). (CSCds20681)
•If you use SNMP to create an SNMPv3 entry and then use the CLI to modify the entry, the switch might reload. This problem is resolved in software release 5.5(4). (CSCds29514)
•Nonalphanumeric characters are not valid in VTP domain names but can be configured in certain cases. This problem is resolved in software release 5.5(4). (CSCds34927)
•While a module is coming on line, occasionally a rare condition might cause a port's admin group to be initialized incorrectly. This problem is resolved in software release 5.5(4). (CSCds30044))
•If you reverse Telnet to the switch, allow the session to time out, and hit the space bar, the session reactivates and does not disconnect. This problem is resolved in software release 5.5(4). (CSCds08837)
•On IEEE 802.1Q trunk ports with a large number of active VLANs, spanning-tree convergence time can be delayed up to several minutes, depending on the number of active VLANs. This problem is resolved in software release 5.5(4). (CSCds06965)
•The switch does not allow you to create an etherStatsEntry with the same ifIndex in the etherStatsDataSource as the one in the existing etherStatsEntry. The problem exists in all platforms that run software releases 5.x and 6.1(1). This problem is resolved in software release 5.5(4). (CSCds22815)
•After you issue the clear config all command, the ifIndex is not reset when the system is reset or the standby supervisor module becomes active in the redundant configuration. This problem is resolved in software release 5.5(4), 5.5(4), 6.1(2), and later. (CSCds34328)
Open and Resolved Caveats in Software Release 5.5(3)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(3):
•Open Caveats in Software Release 5.5(3)
•Resolved Caveats in Software Release 5.5(3)
Open Caveats in Software Release 5.5(3)
This section lists open caveats in software release 5.5(3).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•With multicast and broadcast traffic on the WS-X4013 module, packets might lost when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to power on.
Workaround: Connect the port to another device and then reconnect to the desired device. As a final option, you can reset the module. (CSCdp90760)
•On Catalyst 4000 family modules that contain 10/100-Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•If a reverse Telnet session to the switch times out, press the space bar to reactivate the session, and you will be able to see the configuration of the switch. This situation affects the Catalyst 4000 family modules with a console port connected to a modem, communication server, or PC. (CSCds08837)
•On IEEE 802.1Q trunk ports with a large number of active VLANs (several hundred), spanning-tree convergence time when the last trunk goes down or the first trunk comes up can be delayed up to several minutes, depending on the number of active VLANs. The 802.1Q trunk port will eventually enter the correct spanning-tree state for each active VLAN. (CSCds06965)
Resolved Caveats in Software Release 5.5(3)
This section lists caveats resolved in software release 5.5(3).
•SNMP requests for specific dynamically learned MAC addresses returns the same information as if the MAC address has never been learned by the switch. (CSCdr09715)
•The switch might display "Out of memory" messages resulting in VMPS becoming inactive. This could be due to duplicate MAC addresses in the VMPS database. The workaround was to reboot the switch. This problem is resolved in software release 5.5(3). (CSCdr95115)
•If there is loopback cabling on forced half duplex, a particular traffic pattern might cause the following message to be generated inadvertently:
2000 Jun 02 00:20:30 cet +02:00 %SYS-4-P2_WARN: 1/Blocked queue on gigaport 2(CSCdr77637)
•The switch might run out of memory if a large number of RMON- related entries are created. This problem might exist in releases 5.4(x), 5.5(1), and 5.5(2). This problem is resolved in software release 5.5(3). (CSCdr99175)
•Newly learned secure MAC addresses intermittently do not show up after Port Security feature is turned off, and then on again, on a port.
Workaround: Set Port Security off, clear it, and then turn it on again. This problem is resolved in software release 5.5(3) and 6.1(1). (CSCds13570)
•TACACS+ command authorization fails if the switch is configured through the TFTP configuration file (copy tftp config command).
Workaround: Use the configure host file command. This problem is resolved in software release 5.5(3). (CSCdr85581)
•The output of the show tech command sometimes gets corrupted and Telnet session stalls. A new Telnet session must be opened to regain control of the switch. (CSCds04631)
•The hcRMONCapabilities MIB object is not implemented in the switch. This results in some applications failing to recognize the HCRMON capability of the devices. This issue also affects the TrafficDirector application. This problem is resolved in software release 5.5(3). (CSCdr89597)
Open and Resolved Caveats in Software Release 5.5(2)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(2):
•Open Caveats in Software Release 5.5(2)
•Resolved Caveats in Software Release 5.5(2)
Open Caveats in Software Release 5.5(2)
This section lists open caveats in software release 5.5(2).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•For normal UDLD, the recommended default interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
–When enabling aggressive UDLD, the recommended default is 30 seconds.
–It is recommended not to use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination. (CSCdr50206)
•On IEEE 802.1Q trunk ports with a large number of active VLANs (several hundred), spanning-tree convergence time when the last trunk goes down or the first trunk comes up can be delayed up to several minutes, depending on the number of active VLANs. The 802.1Q trunk port will eventually enter the correct spanning-tree state for each active VLAN. (CSCds06965)
•SNMP get requests for specific dynamically learned MAC addresses will respond as if the MAC address was not learned by the switch.
Workaround: Performing an SNMP walk of the address table will return the proper results. (CSCdr09715)
•Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to come up.
Workaround: Connect the port to another device and then reconnect to the desired device. As a final option, you can reset the module. (CSCdp90760)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
Resolved Caveats in Software Release 5.5(2)
This section lists caveats resolved in software release 5.5(2).
•UDLD might disable a port connected, directly or indirectly, to the VTP server on a switch that is configured in VTP client mode due to a timing issue. This condition applies to trunking ports. (CSCdr60391)
•When a Catalyst 4000 family or 2948G series switch has a large number (greater than 5000) of active paths, packets sometimes get reordered. An active path is a SA, DA pair. Reordered packets might cause SNA sessions to drop. There is no workaround. (CSCdr68833)
•On a switch configured in VTP client mode, UDLD might disable a port configured for trunking in on/desirable/auto mode. (CSCdr60391)
•When running version 4.5.6 on a Supervisor Engine III, the show top utility report might display errors on trunks even though no errors are detected on the port. (CSCdr23551)
•UDLD configuration guidelines are as follows:
–Normal UDLD message interval is 15 seconds.
–When enabling aggressive UDLD, the recommended default message interval is 30 seconds.
–Do not use UDLD or aggressive UDLD with the ON - AUTO trunk combination. UDLD and aggressive UDLD can be used with any other valid trunk combination.
(CSCdr50206)
•After upgrading from a pre-5.2(1) software release to release 5.2(1) and later, EtherChannel configurations might be broken, or two 2-port channels might be combined into one 4-port channel. This problem affects all modules and is resolved in software release 5.5(2).(CSCdr74463)
•Catalyst 4000 family switches are unable to resolve DNS name if the DNS server has more than 7 entries. (CSCdr80835)
•The switch might encounter exceptions in process SWPoll64bCnt. The problem exists in Catalyst software release 4.4(X), 4.5(1-7), 5.4(X). This problem has been fixed in software release 4.5(8), 5.4(3), and later releases. (CSCdr41609)
•When cutting and pasting in an inbound or outbound Telnet session, some characters disappear and Telnet might hang. This problem has been fixed in 4.5(8), 5.4(4), 5.5(2), and 6.1(1). (CSCdr40184)
•An invalid packet with length less than 64 bytes received on a 10/100 port will cause both the Runts and FCS-Error counters to increment on the port. In order to determine the actual number of FCS-Errors on valid length packets received on the port, subtract the value of the port Runts counter from the value of the port FCS-Error counter. (CSCdr37645)
Open and Resolved Caveats in Software Release 5.5(1)
These sections describe the open and resolved caveats in supervisor engine software release 5.5(1):
•Open Caveats in Software Release 5.5(1)
•Resolved Caveats in Software Release 5.5(1)
Open Caveats in Software Release 5.5(1)
This section lists open caveats in software release 5.5(1).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•For normal UDLD, the recommended default interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
–When enabling aggressive UDLD, the recommended default is 30 seconds.
–It is recommended not to use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination. (CSCdr50206)
•On IEEE 802.1Q trunk ports with a large number of active VLANs (several hundred), spanning-tree convergence time when the last trunk goes down or the first trunk comes up can be delayed up to several minutes, depending on the number of active VLANs. The 802.1Q trunk port will eventually enter the correct spanning-tree state for each active VLAN. (CSCds06965)
•Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•When an invalid packet with a length of less than 64 bytes is received on a 10/100 port, both the Runts and FCS-Error counters increment on the port. The correct behavior is to only increment the Runt counter upon reception of an undersized, bad packet. In order to determine the actual number of FCS-Errors on valid-length packets received on the port, subtract the value of the port Runts counter from the value of the port FCS-Error counter.(CSCdr37645)
•SNMP get requests for specific dynamically learned MAC addresses will respond as if the MAC address was not learned by the switch.
Workaround: Performing an SNMP walk of the address table will return the proper results. (CSCdr09715)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to come up.
Workaround: Connect the port to another device and then reconnect to the desired device. As a final option, you can reset the module. (CSCdp90760)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
Resolved Caveats in Software Release 5.5(1)
There are no new resolved caveats in software release 5.5(1).
Open and Resolved Caveats in Software Release 5.4(4a)
These sections describe the open and resolved caveats in supervisor engine software release 5.4(4a):
•Open Caveats in Software Release 5.4(4a)
•Resolved Caveats in Software Release 5.4(4a)
Open Caveats in Software Release 5.4(4a)
This section lists open caveats in software release 5.4(4a).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•After a user enters the clear config rmon and clear counters commands in sequence, the counter values in etherStats (tokenRingMLStats and tokenRingPStats) might show negative values. (CSCdp79498)
•Summertime start and end dates are not calculated correctly when using the generic summertime rule if the start and end rules span across year-end (southern hemisphere rule).
Workaround: Use a fixed date for the southern hemisphere. (CSCdp91755)
•Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to come up.
Workaround: Connect the port to another device and then reconnect to the desired device. As a final option, you can reset the module. (CSCdp90760)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the late collision counter does not increment when late collisions occur. Late collisions are handled correctly, but the collision counter does not increment. As a result, a late collision counter value of zero does not indicate that late collisions are not present. (CSCdp71818)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. This problem is resolved in software release 5.4(1). (CSCdm80016)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•If the HTTP server is enabled, subsequent resets might cause the HTTP configuration to be lost.
Workaround: Back up your configuration to TFTP (or filesys) and set up auto-config to prevent prolonged outage on the next reboot. You can achieve this on switches with Flash file systems running software release 5.4(x) and later releases using the following commands: (CSCdr49769)
–copy config bootflash:switch.cfg
–set boot auto-config bootflash:switch.cfg
–set boot config-register non-recurring
Resolved Caveats in Software Release 5.4(4a)
This section lists caveats resolved in software release 5.4(4a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.4(4a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.4(3)
These sections describe the open and resolved caveats in supervisor engine software release 5.4(3):
•Open Caveats in Software Release 5.4(3)
•Resolved Caveats in Software Release 5.4(3)
Open Caveats in Software Release 5.4(3)
This section lists open caveats in software release 5.4(3).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•If the switch displays this error message:
2000 Feb 15 16:15:28 %SYS-4-P2_WARN: 1/Internal Event: ScxSwitchMan - ProtocolTable Packet on address 00:00:01:76:01:00 arrived on unexpected port 2/37contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. (CSCdp93187)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•When an invalid packet with length less than 64 bytes is received on a 10/100 port, both the Runts and FCS-Error counters increment on the port. The correct behavior is to only increment the Runts counter upon reception of an undersized packet. In order to determine the actual number of FCS-Errors on valid-length packets received on the port, subtract the value of the port Runts counter from the value of the port FCS-Error counter.(CSCdr37645)
•Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•For normal UDLD, the recommended default interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
–When enabling aggressive UDLD, the recommended default is 30 seconds.
–It is recommended not to use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination. (CSCdr50206)
•SNMP get requests for specific dynamically learned MAC addresses will respond as if the MAC address was not learned by the switch.
Workaround: Performing an SNMP walk of the address table will return the proper results. (CSCdr09715)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to come up.
Workaround: Connect the port to another device and then reconnect to the desired device. As a final option, you can reset the module. (CSCdp90760)
Resolved Caveats in Software Release 5.4(3)
This section lists caveats resolved in software release 5.4(3).
•Under certain conditions, after closing a Telnet session, the switch still shows the session as open. Using the disconnect ip_address command to disconnect a user and manually close the session does not close the session. This caveat is fixed in software release 5.4(3). (CSCdp33649)
•If the SNMP PDU size is greater than 1300 bytes, memory corruption occurs and the system might reset. This problem is resolved in software release 5.4(3). (CSCdr33785)
•A system reset might occur during SNMP polling of the switch ports (SWPoll64bCnt) if a module goes on- and off-line frequently. This problem is resolved in software release 5.4(3). (CSCdr41609)
•In software release 5.4(1) and later, for authentication retries, TACACS+ prompts for a password only but not for a username. This problem is resolved in software release 5.4(3). (CSCdr44356)
•When you upgrade from 5.4(1) or 5.4(2) to 5.4(3), 5.5(1) and newer software releases, the local snmpEngineID will automatically be converted from 10 bytes to 12 bytes if there is no local user configured in usmUserTable. If there are any local users in the usmUserTable, the 10 byte snmpEngineID will still remain unless you do one of the following:
–Delete all the local users from usmUserTable and then reset the system.
–Enter the clear config snmp or clear config all commands.
This problem is resolved in software release 5.4(3). (CSCdr22335)
•The clear config all command does not clear a port's UDLD configuration. For example, if UDLD and aggressive UDLD are enabled on port 3/3, the clear config all command is entered, and system-wide UDLD is enabled, the show udld port 3/3 command will still display UDLD as enabled on port 3/3. The clear config all command should have disabled the port's UDLD configuration. This problem is resolved in software release 5.4(3). (CSCdr35885)
•When an EtherChannel is configured between two switches and the Spanning Tree protocol is disabled, under some circumstances (such as a reboot or the presence of a lot of broadcasts on the sc0 VLAN), the EtherChannel might take a long time to come up.
Workaround: Enable the Spanning Tree protocol. This problem is resolved in software release 5.4(3). (CSCdr16565)
•If two switches are connected by two 802.1Q trunk links and both switches are reset at the same time, a topology loop might occur.
Workaround: Disable and enable the links after both the systems come up. This problem is resolved in software release 5.4(3). (CSCdr33260)
•Packets that have nondefault CoS bits in their 802.1Q tags on VLAN 1 might be dropped by a WS-X4013 switch engine running software versions 5.4(1) and 5.4(2). This problem is resolved in software release 5.4(3). (CSCdr23164)
•If the HTTP server is enabled, subsequent resets might cause the HTTP configuration to be lost. This problem is resolved in software release 5.4(3). (CSCdr49769)
Open and Resolved Caveats in Software Release 5.4(2a)
These sections describe the open and resolved caveats in supervisor engine software release 5.4(2a):
•Open Caveats in Software Release 5.4(2a)
•Resolved Caveats in Software Release 5.4(2a)
Open Caveats in Software Release 5.4(2a)
This section lists open caveats in software release 5.4(2a).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to come up.
Workaround: Connect the port to another device and then reconnect to the desired device. As a final option, you can reset the module. (CSCdp90760)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the late collision counter does not increment when late collisions occur. Late collisions are handled correctly, but the collision counter does not increment. As a result, a late collision counter value of zero does not indicate that late collisions are not present. (CSCdp71818)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. This problem is resolved in software release 5.4(1). (CSCdm80016)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•If the HTTP server is enabled, subsequent resets might cause the HTTP configuration to be lost.
Workaround: Back up your configuration to TFTP (or filesys) and set up auto-config to prevent prolonged outage on the next reboot. You can achieve this on switches with Flash file systems running software release 5.4(x) and later releases using the following commands: (CSCdr49769)
–copy config bootflash:switch.cfg
–set boot auto-config bootflash:switch.cfg
–set boot config-register non-recurring
Resolved Caveats in Software Release 5.4(2a)
This section lists caveats resolved in software release 5.4(2a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.4(2a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.4(2)
These sections describe the open and resolved caveats in supervisor engine software release 5.4(2):
•Open Caveats in Software Release 5.4(2)
•Resolved Caveats in Software Release 5.4(2)
Open Caveats in Software Release 5.4(2)
This section lists open caveats in software release 5.4(2).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to come up.
Workaround: Connect the port to another device and then reconnect to the desired device. As a final option, you can reset the module. (CSCdp90760)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the late collision counter does not increment when late collisions occur. Late collisions are handled correctly, but the collision counter does not increment. As a result, a late collision counter value of zero does not indicate that late collisions are not present. (CSCdp71818)
Workaround: Boot the system image from the ROM monitor using the boot command. This problem is resolved in software release 5.4(1). (CSCdm80016)
•If the HTTP server is enabled, subsequent resets might cause the HTTP configuration to be lost.
Workaround: Back up your configuration to TFTP (or filesys) and set up auto-config to prevent prolonged outage on the next reboot. You can achieve this on switches with Flash file systems running software release 5.4(x) and later releases using the following commands:
–copy config bootflash:switch.cfg
–set boot auto-config bootflash:switch.cfg
–set boot config-register non-recurring
(CSCdr49769)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Resolved Caveats in Software Release 5.4(2)
This section lists caveats resolved in software release 5.4(2).
•This caveat occurs on Catalyst 2948G switches that run 5.2(2) code.
The switch sends a configuration change trap every time NTP is updated. The trap arrives with this message:
%SYS-6-CFG_CHG:Global block changed by sntp_recd//The reason for this behavior is unknown. The logging level for sys is set to 4 and should not display these messages.
Workaround: Disable NTP in the switch so the traps are not sent to the SNMP workstation or to the show logging buffer. This problem does not impact the functionality of the switch. (CSCdp87485)
•After a user enters the clear config rmon and clear counters commands in sequence, the counter values in etherStats (tokenRingMLStats and tokenRingPStats) might show negative values. (CSCdp79498)
•Summertime start and end dates are not calculated correctly when using the generic summertime rule if the start and end rules span across year-end (southern hemisphere rule).
Workaround: Use a fixed date for the southern hemisphere. (CSCdp91755)
•The problem occurs as follows:
–Config net creates a new process (tftp_request) that downloads the file and runs the commands in the file as a batch.
–For each command, an acct_send_bkg_proc is created that does the actual send of the accounting packets. This process depends on userstruct in the tftp_request process.
–Because there is a yield_cpu in the commands run by tftp_request, some of the accounting records are send out correctly when the acct_send_bkg_proc gets scheduled. Some acct_send_bkg_procs are left for some commands when tftp_request process is destroyed after having run all of the commands. As a result, the userstruct of the tftp_request process is no longer valid.
Workaround: Make a malloc of the userstruct in tftp_request instead of storing a pointer to it. (CSCdp98284)
•This caveat occurs in CATOS software release 5.4(1).
ciscoFlashCopyStatus always shows copyOperationSuccess(2) for entries in ciscoFlashCopyTable if the value of the corresponding instance of ciscoFlashCopyProtocol is rcp(2). (CSCdr06755)
Open and Resolved Caveats in Software Release 5.4(1)
These sections describe the open and resolved caveats in supervisor engine software release 5.4(1):
•Open Caveats in Software Release 5.4(1)
•Resolved Caveats in Software Release 5.4(1)
Open Caveats in Software Release 5.4(1)
This section lists open caveats in software release 5.4(1).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•After a user enters the clear config rmon and clear counters commands in sequence, the counter values in etherStats (tokenRingMLStats and tokenRingPStats) might show negative values. (CSCdp79498)
•Summertime start and end dates are not calculated correctly when using the generic summertime rule if the start and end rules span across year-end (southern hemisphere rule).
Workaround: Use a fixed date for the southern hemisphere. (CSCdp91755)
•It might take up to two minutes for 1000BASE-T ports on the WS-4412-2GB-TX and WS-4416-2GB-TX modules to come up.
Workaround: Connect the port to another device and then reconnect to the desired device. As a final option, you can reset the module. (CSCdp90760)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the late collision counter does not increment when late collisions occur. Late collisions are handled correctly, but the collision counter does not increment. As a result, a late collision counter value of zero does not indicate that late collisions are not present. (CSCdp71818)
•Multicast and broadcast traffic on the WS-X4013 module might experience lost packets when hosts are in the process of joining or leaving a multicast/broadcast group. (CSCdp38859)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. This problem is resolved in software release 5.4(1). (CSCdm80016)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•If the HTTP server is enabled, subsequent resets might cause the HTTP configuration to be lost.
Workaround: Back up your configuration to TFTP (or filesys) and set up auto-config to prevent prolonged outage on the next reboot. You can achieve this on switches with Flash file systems running software release 5.4(x) and later releases using the following commands:
–copy config bootflash:switch.cfg
–set boot auto-config bootflash:switch.cfg
–set boot config-register non-recurring
(CSCdr49769)
Resolved Caveats in Software Release 5.4(1)
This section lists caveats resolved in software release 5.4(1).
•Pressing Control-C at the "More" prompt (for example, when a show command is displaying multiple pages of output) does not interrupt the output and return to the Console> prompt.
Workaround: Press the q key instead. This problem is resolved in software release 5.4(1). (CSCdm11604)
•In some cases the switch might choose an inactive default gateway as the primary if the primary gateway goes down. The problem occurs when the inactive gateway is reachable only through either the me1 or the sc0 interface and that interface is configured down.
Workaround: Do not configure a default gateway that is reachable only through an interface that is configured down. Alternatively, do not configure multiple default gateways. This problem is resolved in software release 5.4(1). (CSCdm32625)
•If you set the in-band (sc0) interface IP address to 0.0.0.0 (or if you clear the switch configuration using the clear config all command), the sc0 entry in the switch IP routing table might be replaced by a second entry for the SLIP (sl0) interface if the sl0 IP address is set to 0.0.0.0 (the default).
Workaround: Set the sl0 interface IP address to a value other than 0.0.0.0. This problem is resolved in software release 5.4(1). (CSCdm78466)
•In some cases, if you release a DHCP lease using the set interface sc0 dhcp release command and then attempt to obtain a new address using the set interface sc0 dhcp renew command, the switch might fail to obtain an IP address from the DHCP server. This problem is resolved in software release 5.4(1). (CSCdm78813)
•If you configure a SPAN session, reset the switch, and then disable SPAN, the former SPAN destination port remains in a not-connected state even when an active device is attached to the port.
Workaround: Disable and reenable the affected port. This problem is resolved in software release 5.4(1). (CSCdp02036)
•In some cases the spanning tree port-VLAN cost for a port might not be changed when you change the overall spanning tree port cost for that port. In addition, if you create an EtherChannel from ports experiencing this problem, the port-VLAN costs (not the port costs) for the member ports are used to calculate the EtherChannel port cost, which might result in an unexpected EtherChannel cost.
Workaround: Manually set the correct port-VLAN cost for the ports using the set spantree portvlancost command. This problem is resolved in software release 5.4(1). (CSCdp01070)
Open and Resolved Caveats in Software Release 5.2(7a)
These sections describe the open and resolved caveats in supervisor engine software release 5.2(7a):
•Open Caveats in Software Release 5.2(7a)
•Resolved Caveats in Software Release 5.2(7a)
Open Caveats in Software Release 5.2(7a)
This section lists open caveats in software release 5.2(7a).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•After a user enters the clear config rmon and clear counters commands in sequence, the counter values in etherStats (tokenRingMLStats and tokenRingPStats) might show negative values. (CSCdp79498)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
Resolved Caveats in Software Release 5.2(7a)
This section lists caveats resolved in software release 5.2(7a).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.2(7a). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.2(7)
These sections describe the open and resolved caveats in supervisor engine software release 5.2(7):
•Open Caveats in Software Release 5.2(7)
•Resolved Caveats in Software Release 5.2(7)
Open Caveats in Software Release 5.2(7)
This section lists open caveats in software release 5.2(7).
•After a user enters the clear config rmon and clear counters commands in sequence, the counter values in etherStats (tokenRingMLStats and tokenRingPStats) might show negative values. (CSCdp79498)
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
Resolved Caveats in Software Release 5.2(7)
This section lists caveats resolved in software release 5.2(7).
•In the presence of loopback cabling on ports forced to half-duplex mode, particular traffic patterns might cause the following message to be generated inadvertently (CSCdr77637):
2000 Jun 02 00:20:30 cet +02:00 %SYS-4-P2_WARN:1/Blocked queue on gigaport 2Open and Resolved Caveats in Software Release 5.2(6)
These sections describe the open and resolved caveats in supervisor engine software release 5.2(6):
•Open Caveats in Software Release 5.2(6)
•Resolved Caveats in Software Release 5.2(6)
Open Caveats in Software Release 5.2(6)
This section lists open caveats in software release 5.2(6).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•After a user enters the clear config rmon and clear counters commands in sequence, the counter values in etherStats (tokenRingMLStats and tokenRingPStats) might show negative values. (CSCdp79498)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
Resolved Caveats in Software Release 5.2(6)
This section lists caveats resolved in software release 5.2(6).
•On a switch configured in VTP client mode, UDLD might disable a port configured for trunking in on/desirable/auto mode. (CSCdr60391)
•This caveat occurs on Catalyst 2948G switches that run software release 5.2(2).
The switch sends a configuration change trap every time NTP is updated. The trap arrives with this message:
%SYS-6-CFG_CHG:Global block changed by sntp_recd//The reason for this behavior is unknown. The logging level for sys is set to 4 and should not display these messages.
Workaround: Disable NTP in the switch so the traps are not sent to the SNMP workstation or to the show logging buffer. This problem does not impact the functionality of the switch. (CSCdp87485)
•On a loaded system, UDLD negotiation with a neighbor device might result in an inconsistent state with one end reporting "undetermined" and the other reporting "bidirectional." (CSCdr52866)
Open and Resolved Caveats in Software Release 5.2(5)
These sections describe the open and resolved caveats in supervisor engine software release 5.2(5):
•Open Caveats in Software Release 5.2(5)
•Resolved Caveats in Software Release 5.2(5)
Open Caveats in Software Release 5.2(5)
This section lists open caveats in software release 5.2(5).
•After a user enters the clear config rmon and clear counters commands in sequence, the counter values in etherStats (tokenRingMLStats and tokenRingPStats) might show negative values. (CSCdp79498)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
Resolved Caveats in Software Release 5.2(5)
This section lists caveats resolved in software release 5.2(5).
•In the presence of loopback cabling on ports forced to half-duplex mode, it is possible for related ports to experience permanent receive or transmit failure. (CSCdp68027)
Open and Resolved Caveats in Software Release 5.2(4)
These sections describe the open and resolved caveats in supervisor engine software release 5.2(4):
•Open Caveats in Software Release 5.2(4)
•Resolved Caveats in Software Release 5.2(4)
Open Caveats in Software Release 5.2(4)
This section lists open caveats in software release 5.2(4).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a nontrunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
Resolved Caveats in Software Release 5.2(4)
This section lists caveats resolved in software release 5.2(4).
•The Catalyst 4000 family switches do not allow the user to set or clear the 00:00:00:00:00:00 Ethernet Mac Address when using the set cam or clear cam commands.This problem is resolved in software release 5.2(4). (CSCdp30216)
•The system resets unexpectedly and an analysis of the dump by TAC indicates a reset cause consistent with that of CSCdp41038. This problem is resolved in software release 5.2(4). (CSCdp41038)
•Due to missing MIB objects, it is not possible to set a URT server as a VMPS server on a Catalyst 4000 family switch. This problem is resolved in software release 5.2(4). (CSCdp52403)
•If the port configuration process exits unexpectedly, the show port command might display port status that is inconsistent with the physical port status. This problem is resolved in software release 5.2(4). (CSCdp15151)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. This problem is resolved in software release 5.4(1). (CSCdm80016)
Open and Resolved Caveats in Software Release 5.2(2)
These sections describe the open and resolved caveats in supervisor engine software release 5.2(2):
•Open Caveats in Software Release 5.2(2)
•Resolved Caveats in Software Release 5.2(2)
Open Caveats in Software Release 5.2(2)
This section lists open caveats in software release 5.2(2).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. (CSCdm80016)
•Pressing Control-C at the "More" prompt (for example, when a show command is displaying multiple pages of output) does not interrupt the output and return the Console> prompt.
Workaround: Press the q key instead. (CSCdm11604)
•If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a nontrunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•In some cases the switch might choose an inactive default gateway as the primary if the primary gateway goes down. The problem occurs when the inactive gateway is reachable only through either the me1 or the sc0 interface and that interface is configured down.
Workaround: Do not configure a default gateway that is reachable only through an interface that is configured down. Alternatively, do not configure multiple default gateways. (CSCdm32625)
•In some cases if you release a DHCP lease using the set interface sc0 dhcp release command and then attempt to obtain a new address using the set interface sc0 dhcp renew command, the switch might fail to obtain an IP address from the DHCP server. (CSCdm78813)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. (CSCdm80016)
•If you set the in-band (sc0) interface IP address to 0.0.0.0 (or if you clear the switch configuration using the clear config all command), the sc0 entry in the switch IP routing table might be replaced by a second entry for the SLIP (sl0) interface if the sl0 IP address is set to 0.0.0.0 (the default).
Workaround: Set the sl0 interface IP address to a value other than 0.0.0.0. (CSCdm78466)
•In some cases the spanning tree port-VLAN cost for a port might not be changed when you change the overall spanning tree port cost for that port. In addition, if you create an EtherChannel from ports experiencing this problem, the port-VLAN costs (not the port costs) for the member ports are used to calculate the EtherChannel port cost, which might result in an unexpected EtherChannel cost.
Workaround: Manually set the correct port-VLAN cost for the ports using the set spantree portvlancost command. (CSCdp01070)
•If you configure a SPAN session, reset the switch, and then disable SPAN, the former SPAN destination port remains in a not-connected state even when an active device is attached to the port. Workaround: Disable and reenable the affected port. (CSCdp02036)
Resolved Caveats in Software Release 5.2(2)
This section lists caveats resolved in software release 5.2(2).
•Trunk connections might go up and down when the channel mode is on and the trunk mode is non-negotiate.
Workaround: Ensure that the ports are trunking before the channel is formed. (CSCdp32703)
•In some cases power cycling or resetting the switch erases permanent CAM entries. The correct behavior is that permanent entries remain in the CAM through a power cycle or system reset.
Workaround: Reenter permanent entries after power cycling or resetting the switch. (CSCdm25544)
•When you enable spanning tree PortFast on a port connected to a PC when the port is in the notconnect state (for example, when the PC is powered down), if the first subsequent link-up received on the port is an IPX client attempting to autosense the frame type, the operation will fail.
Workaround: Reset the module after you enable PortFast on the desired ports. (CSCdm62783)
•In some cases on a Catalyst 4000 family switch with an extremely heavy traffic load (such as from a traffic generator), modules that contain 10/100 Fast Ethernet ports might not come online after being reset.
Workaround: Reduce the traffic load and reset the module. (CSCdk74166)
•You cannot clear a specific user-configured dynamic CAM entry using the clear cam mac_addr command. There is no workaround. However, you can clear all dynamic CAM entries (including user-configured dynamic entries) using the clear cam dynamic command. In addition, unused user-configured dynamic entries are aged out by the normal mechanisms. (CSCdm76686)
•If you set the spanning tree port cost of an EtherChannel port bundle using the set channel cost command, the configured value might change if you reset the switch or the module on which the channel is configured. (CSCdm89834)
•Kerberos authentication fails if the Kerberos server is accessible only through the out-of-band management Ethernet (me1) interface.
Workaround: Verify the Kerberos server can be reached through the in-band (sc0) interface, or configure the sc0 interface down and set the sc0 IP address with the same address as the me1 interface. (CSCdm82831)
•If you configure a Kerberos server using the set kerberos server kerberos-realm {hostname | ip-address} port-number command without specifying the port number, the Kerberized Telnet session fails.
Workaround: Specify the port number. (CSCdm83742)
•Under certain conditions, when you perform a MIB walk on the switch, this message might appear on the console if you poll the cpmProcessTable object:
%SYS-3-LLC_SCPSTATNOTOK:Send scp message to module 1 status 255This problem does not affect the normal operation of the switch and the correct values for the cpmProcessTable object are returned. (CSCdm91242)
•When you configure SPAN for a port or VLAN, neither transmitted nor received spanning tree BPDUs are mirrored to the SPAN destination port. (CSCdm47129)
•In some cases if you change the SPAN source port of a SPAN session from a single switch port to an EtherChannel port using the same destination SPAN port, the following error message is displayed on the console:
Invalid port number in SPAN source portsHowever, all of the ports in the EtherChannel are set correctly as the SPAN source ports and the traffic on the EtherChannel is mirrored properly to the SPAN destination port. (CSCdp00873)
•On a switch with trunk links configured, if a VLAN is cleared by any method (CLI, SNMP, or learned through VTP) while CGMP fast-leave is enabled, CGMP fast-leave stops functioning on the remaining VLANs (ports are not pruned from the multicast tree until all multicast receivers leave the group).
Workaround: Disable and reenable CGMP (using the set cgmp {enable | disable} command) after the VLAN is cleared. (CSCdm08960)
•If you configure a permanent multicast CAM entry for multiple ports and you then change the port-VLAN membership of two or more of those ports, the switch might reset. Only the first port specified in the list retains the new VLAN membership, and that port is removed from the permanent CAM entry.
Workaround: Assign each port to the new VLAN individually. (CSCdm91321)
Open and Resolved Caveats in Software Release 5.2(1)
These sections describe the open and resolved caveats in supervisor engine software release 5.2(1):
•Open Caveats in Software Release 5.2(1)
•Resolved Caveats in Software Release 5.2(1)
Open Caveats in Software Release 5.2(1)
This section lists open caveats in software release 5.2(1).
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•Pressing Control-C at the "More" prompt (for example, when a show command is displaying multiple pages of output) does not interrupt the output and return the Console> prompt.
Workaround: Press the q key instead. (CSCdm11604)
•Spanning tree convergence on 802.1Q trunks on a switch with a large number of active VLANs (several hundred) can be delayed up to several minutes. (CSCdk70821)
•In some cases power cycling or resetting the switch erases permanent CAM entries. The correct behavior is that permanent entries remain in the CAM through a power cycle or system reset.
Workaround: Reenter permanent entries after power cycling or resetting the switch. (CSCdm25544)
•If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a nontrunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)
•When you enable spanning tree PortFast on a port connected to a PC when the port is in the notconnect state (for example, when the PC is powered down), if the first subsequent link-up received on the port is an IPX client attempting to autosense the frame type, the operation will fail.
Workaround: Reset the module after you enable PortFast on the desired ports. (CSCdm62783)
•In some cases, on a Catalyst 4000 family switch with an extremely heavy traffic load (such as from a traffic generator), modules that contain 10/100 Fast Ethernet ports might not come online after being reset.
Workaround: Reduce the traffic load and reset the module. (CSCdk74166)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•In some cases the switch might choose an inactive default gateway as the primary if the primary gateway goes down. The problem occurs when the inactive gateway is reachable only through either the me1 or the sc0 interface and that interface is configured down.
Workaround: Do not configure a default gateway that is reachable only through an interface that is configured down. Alternatively, do not configure multiple default gateways. (CSCdm32625)
•When you configure SPAN for a port or VLAN, neither transmitted nor received spanning tree BPDUs are mirrored to the SPAN destination port. (CSCdm47129)
•The link on a Gigabit Ethernet port with a 1000BASE-SX GBIC might go up and down even when there is no cable attached. You can disable the port when it is not in use to prevent the link from going up and down. (CSCdm63410)
•In some cases if you release a DHCP lease using the set interface sc0 dhcp release command and then attempt to obtain a new address using the set interface sc0 dhcp renew command, the switch might fail to obtain an IP address from the DHCP server. (CSCdm78813)
•You cannot clear a specific user-configured dynamic CAM entry using the clear cam mac_addr command. There is no workaround. However, you can clear all dynamic CAM entries (including user-configured dynamic entries) using the clear cam dynamic command. In addition, unused user-configured dynamic entries are aged out by the normal mechanisms. (CSCdm76686)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. (CSCdm80016)
•If you set the spanning tree port cost of an EtherChannel port bundle using the set channel cost command, the configured value might change if you reset the switch or the module on which the channel is configured. (CSCdm89834)
•If you set the in-band (sc0) interface IP address to 0.0.0.0 (or if you clear the switch configuration using the clear config all command), the sc0 entry in the switch IP routing table might be replaced by a second entry for the SLIP (sl0) interface if the sl0 IP address is set to 0.0.0.0 (the default).
Workaround: Set the sl0 interface IP address to a value other than 0.0.0.0. (CSCdm78466)
•Kerberos authentication fails if the Kerberos server is accessible only through the out-of-band management Ethernet (me1) interface.
Workaround: Verify the Kerberos server can be reached through the in-band (sc0) interface, or configure the sc0 interface down and set the sc0 IP address with the same address as the me1 interface. (CSCdm82831)
•If you configure a Kerberos server using the set kerberos server kerberos-realm {hostname | ip-address} port-number command without specifying the port number, the Kerberized Telnet session fails.
Workaround: Specify the port number. (CSCdm83742)
•Under certain conditions, when you perform a MIB walk on the switch, this message might appear on the console if you poll the cpmProcessTable object:
%SYS-3-LLC_SCPSTATNOTOK:Send scp message to module 1 status 255This problem does not affect the normal operation of the switch and the correct values for the cpmProcessTable object are returned. (CSCdm91242)
•If you configure a SPAN session, reset the switch, and then disable SPAN, the former SPAN destination port remains in a not-connected state even when an active device is attached to the port.
Workaround: Disable and reenable the affected port. (CSCdp02036)
•In some cases, if you change the SPAN source port of a SPAN session from a single switch port to an EtherChannel port using the same destination SPAN port, the following error message is displayed on the console:
Invalid port number in SPAN source portsHowever, all of the ports in the EtherChannel are set correctly as the SPAN source ports and the traffic on the EtherChannel is mirrored properly to the SPAN destination port. (CSCdp00873)
•In some cases the spanning tree port-VLAN cost for a port might not be changed when you change the overall spanning tree port cost for that port. In addition, if you create an EtherChannel from ports experiencing this problem, the port-VLAN costs (not the port costs) for the member ports are used to calculate the EtherChannel port cost, which might result in an unexpected EtherChannel cost.
Workaround: Manually set the correct port-VLAN cost for the ports using the set spantree portvlancost command. (CSCdp01070)
•In certain redundant network topologies, if a spanning tree topology change (route flap) causes the IP MLS entry for an HSRP router interface to be removed from the MLS cache, the entry might not be added back to the MLS cache properly when the link comes back up. (CSCdm90511)
•On a switch with trunk links configured, if a VLAN is cleared by any method (CLI, SNMP, or learned through VTP) while CGMP fast-leave is enabled, CGMP fast-leave stops functioning on the remaining VLANs (ports are not pruned from the multicast tree until all multicast receivers leave the group).
Workaround: Disable and reenable CGMP (using the set cgmp {enable | disable} command) after the VLAN is cleared. (CSCdm08960)
•If you configure a permanent multicast CAM entry for multiple ports and you then change the port-VLAN membership of two or more of those ports, the switch might reset. Only the first port specified in the list retains the new VLAN membership, and that port is removed from the permanent CAM entry.
Workaround: Assign each port to the new VLAN individually. (CSCdm91321)
Resolved Caveats in Software Release 5.2(1)
This section lists caveats resolved in software release 5.2(1).
•In some cases attempts fail to set the primary VMPS server using SNMP.
Workaround: Set the primary VMPS server using the CLI. This problem is resolved in software release 5.2(1). (CSCdm31717)
•If you configure RMON alarm entries, if the value of the sampled alarmVariable overflows during the configured alarmInterval, alarmValue will be reported as a negative value. If the alarmValue is reported as a negative value, you can use the following calculation to determine the correct value:
(alarmValue + 232-1).
This problem is resolved in software release 5.2(1). (CSCdm27392)
•In some cases autonegotiation fails when connecting some 10/100-Mbps Fast Ethernet modules to a Compaq 4000 system with the Netflex 3 NIC. This problem is resolved in software release 5.2(1). (CSCdk87853)
•In some cases entering the show cdp neighbors detail command causes the switch to generate "alignment correction" syslog messages. These messages do not affect the functionality of the switch. This problem is resolved in software release 5.2(1). (CSCdk85671)
•If DNS is enabled and none of the configured DNS servers are reachable, local password authentication can be excessively slow. This problem is resolved in software release 5.2(1). (CSCdm14239)
•In some cases when the active link of an UplinkFast link pair is disconnected, the switch does not transmit broadcast frames on the secondary link. This problem is resolved in software release 5.2(1). (CSCdm23587)
•In some case on a switch with both BackboneFast and UplinkFast enabled, the show spantree mod_num/port_num output shows that a port is in forwarding mode, but the port actually is in listening mode. As a result, all data traffic received on the port is discarded. This problem is resolved in software release 5.2(1). (CSCdm08504)
•When you configure dynamic VLAN membership for any EtherChannel-capable port, spanning tree convergence time is 7 to 8 seconds longer than usual for those ports. This problem is resolved in software release 5.2(1). (CSCdm40338)
•In some cases UplinkFast does not function correctly between a Catalyst 5000 family switch and a Catalyst 4000 family switch, a Catalyst 2948G switch, or a Catalyst 5000 family Gigabit EtherChannel module (WS-X5410). This problem is resolved in software release 5.2(1). (CSCdm34341)
•In some cases, if a Telnet session to the switch closes abnormally while the switch is authenticating a user with the TACACS+ server, the switch might not close the session to the server properly, eventually causing the server to reach the maximum number of supported sessions. Subsequent attempts to authenticate with the server will fail. This problem is resolved in software release 5.2(1). (CSCdk79831)
•A syslog message for a given facility is not sent to the syslog server if the syslog server severity level is set to a value equal to or greater than the message severity but the default severity level for that facility is set to a value less than the message severity.
Workaround: Set the default facility severity level to a value equal to or greater than the configured syslog severity level. In software release 5.2(1), syslog messages are sent to the syslog server if the syslog server severity level is equal to or greater than the message severity and the default facility severity level is equal to or greater than the message severity. (CSCdm71889)
•In some cases when you clear the configuration using the clear config all command, not all routes are removed from the IP routing table.
Workaround: Configure the in-band (sc0), out-of-band management Ethernet (me1), and SLIP (sl0) interfaces down using the set interface {sc0 | me1 | sl0} down command before clearing the configuration. This problem is resolved in software release 5.2(1). (CSCdm56746)
•If you configure an RMON threshold alarm on the switch and that alarm is triggered while a MIB walk is in progress, the MIB walking application might loop back to the first leaf of the MIB branch it is currently walking.
Workaround: Disable RMON, do not configure any RMON alarms on the switch, or increase the polling interval of the alarm (such as one poll every five minutes). This problem is resolved in software release 5.2(1). (CSCdm34091)
•In some cases port utilization is reported incorrectly. This problem is resolved in software release 5.2(1). (CSCdm18211)
•When powering a Catalyst 4912G or a Catalyst 2948G switch using only the Cisco Redundant Power System (RPS) (without plugging in the AC power supply on the switch), the switch will report the AC supply as faulty. This problem is resolved in software release 5.2(1). (CSCdm68030)
•In some cases the following message appears on the supervisor engine console:
%SYS-1-MOD_INVALIDSEQ:Bus asic invalid sequence occurred on moduleThis message has no effect on the functionality of the system and can be safely ignored. This problem is resolved in software release 5.2(1). (CSCdm32301)
•If you configure the port-VLAN cost of a port using the set spantree portvlancost command and then reset the module to which the port belongs, the port-VLAN cost for all of the ports on that module except the port you configured will be set to an incorrect value. This problem can occur on any Catalyst 4000 family module as well as ports on the Catalyst 4912G and 2948G switches. This problem is resolved in software release 5.2(1). (CSCdm93868)
•In some cases the spanning tree convergence time is not decreased when UplinkFast is enabled on a Catalyst 4003 switch. If the uplink port is on one module (for example, module 2), hosts connected to the other module (for example, module 3) will not notice a decrease in convergence time. This problem is resolved in software release 5.2(1). (CSCdm54393)
Open and Resolved Caveats in Software Release 5.1(2b)
These sections describe the open and resolved caveats in supervisor engine software release 5.1(2b):
•Open Caveats in Software Release 5.1(2b)
•Resolved Caveats in Software Release 5.1(2b)
Open Caveats in Software Release 5.1(2b)
This section lists open caveats in software release 5.1(2a).
•Pressing Control-C at the "More" prompt (for example, when a show command is displaying multiple pages of output) does not interrupt the output and return the Console> prompt.
Workaround: Press the q key instead. (CSCdm11604)
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•Spanning tree convergence on 802.1Q trunks on a switch with a large number of active VLANs (several hundred) can be delayed up to several minutes. (CSCdk70821)
•In some cases power cycling or resetting the switch erases permanent CAM entries. The correct behavior is that permanent entries remain in the CAM through a power cycle or system reset.
Workaround: Reenter permanent entries after power cycling or resetting the switch. (CSCdm25544)
•In some cases attempts to set the primary VMPS server using SNMP fail.
Workaround: Set the primary VMPS server using the CLI. (CSCdm31717)
•If you configure RMON alarm entries, and the value of the sampled alarmVariable overflows during the configured alarmInterval, alarmValue will be reported as a negative value. If the alarmValue is reported as a negative value, you can use the following calculation to determine the correct value:
(alarmValue + 232-1). (CSCdm27392)
•In some cases, on a Catalyst 4000 family switch with an extremely heavy traffic load (such as from a traffic generator), modules that contain 10/100 Fast Ethernet ports might not come online after being reset.
Workaround: Reduce the traffic load and reset the module. (CSCdk74166)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•If you configure the port-VLAN cost of a port using the set spantree portvlancost command and then reset the module to which the port belongs, the port-VLAN cost for all of the ports on that module except the port you configured will be set to an incorrect value. This problem can occur on any Catalyst 4000 family module as well as ports on the Catalyst 4912G and 2948G switches. (CSCdm93868)
•In some cases, the switch might choose an inactive default gateway as the primary if the primary gateway goes down. The problem occurs when the inactive gateway is reachable only through either the me1 or the sc0 interface and that interface is configured down.
Workaround: Do not configure a default gateway that is reachable only through an interface that is configured down. Alternatively, do not configure multiple default gateways. (CSCdm32625)
•When you configure SPAN for a port or VLAN, neither transmitted nor received spanning tree BPDUs are mirrored to the SPAN destination port. (CSCdm47129)
•If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a nontrunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)
•When you enable spanning tree PortFast on a port connected to a PC when the port is in the notconnect state (for example, when the PC is powered down), if the first subsequent link-up received on the port is an IPX client attempting to autosense the frame type, the operation will fail.
Workaround: Reset the module after you enable PortFast on the desired ports. (CSCdm62783)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. (CSCdm80016)
Resolved Caveats in Software Release 5.1(2b)
This section lists caveats resolved in software release 5.1(2b).
•An error can occur with management protocol processing. Use the following URL for further information:
http://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw67458
This problem is resolved in software release 5.1(2b). (CSCdw67458)
Open and Resolved Caveats in Software Release 5.1(2a)
These sections describe the open and resolved caveats in supervisor engine software release 5.1(2a):
•Open Caveats in Software Release 5.1(2a)
•Resolved Caveats in Software Release 5.1(2a)
Open Caveats in Software Release 5.1(2a)
This section lists open caveats in software release 5.1(2a).
•Pressing Control-C at the "More" prompt (for example, when a show command is displaying multiple pages of output) does not interrupt the output and return the Console> prompt.
Workaround: Press the q key instead. (CSCdm11604)
•Spanning tree convergence on 802.1Q trunks on a switch with a large number of active VLANs (several hundred) can be delayed up to several minutes. (CSCdk70821)
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•In some cases attempts to set the primary VMPS server using SNMP fail.
Workaround: Set the primary VMPS server using the CLI. (CSCdm31717)
•In some cases power cycling or resetting the switch erases permanent CAM entries. The correct behavior is that permanent entries remain in the CAM through a power cycle or system reset.
Workaround: Reenter permanent entries after power cycling or resetting the switch. (CSCdm25544)
•If you configure RMON alarm entries, and the value of the sampled alarmVariable overflows during the configured alarmInterval, alarmValue will be reported as a negative value. If the alarmValue is reported as a negative value, you can use the following calculation to determine the correct value:
(alarmValue + 232-1). (CSCdm27392)
•In some cases, on a Catalyst 4000 family switch with an extremely heavy traffic load (such as from a traffic generator), modules that contain 10/100 Fast Ethernet ports might not come online after being reset.
Workaround: Reduce the traffic load and reset the module. (CSCdk74166)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•If you configure the port-VLAN cost of a port using the set spantree portvlancost command and then reset the module to which the port belongs, the port-VLAN cost for all of the ports on that module except the port you configured will be set to an incorrect value. This problem can occur on any Catalyst 4000 family module as well as ports on the Catalyst 4912G and 2948G switches. (CSCdm93868)
•In some cases, the switch might choose an inactive default gateway as the primary if the primary gateway goes down. The problem occurs when the inactive gateway is reachable only through either the me1 or the sc0 interface and that interface is configured down.
Workaround: Do not configure a default gateway that is reachable only through an interface that is configured down. Alternatively, do not configure multiple default gateways. (CSCdm32625)
•When you configure SPAN for a port or VLAN, neither transmitted nor received spanning tree BPDUs are mirrored to the SPAN destination port. (CSCdm47129)
•If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a nontrunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)
•When you enable spanning tree PortFast on a port connected to a PC when the port is in the notconnect state (for example, when the PC is powered down), if the first subsequent link-up received on the port is an IPX client attempting to autosense the frame type, the operation will fail.
Workaround: Reset the module after you enable PortFast on the desired ports. (CSCdm62783)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. (CSCdm80016)
Resolved Caveats in Software Release 5.1(2a)
This section lists caveats resolved in software release 5.1(2a).
•If you delete the RMON alarmEntry or if you modify the alarmVariable of the RMON alarmEntry while that alarmVariable is being sampled, the switch might reset. This problem is resolved in software release 5.1(2a). (CSCdm49575)
•If you disconnect a Telnet session to the switch when the switch is at the "More" prompt (such as with show command output) or is waiting for user input (such as a "Yes/No" prompt), future Telnet sessions might stop accepting user input. This problem is resolved in software release 5.1(2a). (CSCdk83562)
•After entering the configure network command, do not interrupt the configuration using Control-C. You might prevent the current command from completely executing, causing unexpected results. This problem is resolved in software release 5.1(2a). (CSCdm27473)
•In some cases, autonegotiation with some Sun NICs might result in a non-optimal configuration (such as 10-Mbps half-duplex instead of 100-Mbps full-duplex).
Workaround: Disconnect and reconnect the cable connecting the workstation to the switch port. This problem is resolved in software release 5.1(2a). (CSCdm51653)
•In some situations, the "RxBPDUThresholdDrop" counter does not show the actual number of dropped frames. This problem is resolved in software release 5.1(2a). (CSCdm56862)
•When you configure a port with a connected workstation as the SPAN destination port (with the inpkts option enabled) for a SPAN source port configured as a VLAN trunk, attempts to ping other devices in the network from the workstation fail. This problem is resolved in software release 5.1(2a). (CSCdm48998)
•For ports on the 32-port 10/100 Fast Ethernet RJ-45 switching module (WS-X4232-RJ-XX), SNMP might report the flow control state as "disagree" even though these ports do not support flow control. This problem has no effect on the normal operation of the switch ports. This problem is resolved in software release 5.1(2a). (CSCdm41797)
•A PC equipped with a 3C905 NIC might fail to connect to Novell servers if the PC is configured for IPX auto-frame detection and the Novell servers do not use 802.2 framing. The problem only occurs on PCs when IPX is the only protocol stack bound to the NIC (the PC does not use IP or NetBEUI, for example).
Workaround: Verify the Novell servers use 802.2 framing, or manually configure the PC to use the appropriate IPX framing. This problem is resolved in software release 5.1(2a). However, a related caveat (CSCdm62783) is still open in software release 5.1(2a). For more information, see the "Open Caveats in Software Release 5.1(2a)" section. (CSCdm53125)
•If you enable both UplinkFast and protocol filtering on the switch, when a spanning tree topology change occurs that activates UplinkFast, UplinkFast multicast frames (using destination MAC address 0x0100 0CCD CDCD) might be transmitted on access ports.
Workaround: Do not use UplinkFast if protocol filtering is enabled. This problem is resolved in software release 5.1(2a). (CSCdm31699)
•In some cases, one or more ports on the 32-port 10/100 Fast Ethernet RJ-45 switching module (WS-X4232-RJ-XX) might fail power-on self-test (POST).
Workaround: Reset the switch. This problem is resolved in software release 5.1(2a). (CSCdm36338)
Open and Resolved Caveats in Software Release 5.1(1a)
These sections describe the open and resolved caveats in supervisor engine software release 5.1(1a):
•Open Caveats in Software Release 5.1(1a)
•Resolved Caveats in Software Release 5.1(1a)
Open Caveats in Software Release 5.1(1a)
This section lists open caveats in software release 5.1(1a).
•Spanning tree convergence on 802.1Q trunks on a switch with a large number of active VLANs (several hundred) can be delayed up to several minutes. (CSCdk70821)
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•If you disconnect a Telnet session to the switch when the switch is at the "More" prompt (such as with show command output) or is waiting for user input (such as a "Yes/No" prompt), future Telnet sessions might stop accepting user input. (CSCdk83562)
•Pressing Control-C at the "More" prompt (for example, when a show command is displaying multiple pages of output) does not interrupt the output and return the Console> prompt.
Workaround: Press the q key instead. (CSCdm11604)
•In some cases, on a Catalyst 4000 family switch with an extremely heavy traffic load (such as from a traffic generator), modules that contain 10/100 Fast Ethernet ports might not come online after being reset.
Workaround: Reduce the traffic load and reset the module. (CSCdk74166)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•In some cases, power cycling or resetting the switch erases permanent CAM entries. The correct behavior is that permanent entries remain in the CAM through a power cycle or system reset.
Workaround: Reenter permanent entries after power cycling or resetting the switch. (CSCdm25544)
•If you enable both UplinkFast and protocol filtering on the switch, when a spanning tree topology change occurs that activates UplinkFast, UplinkFast multicast frames (using destination MAC address 0x0100 0CCD CDCD) might be transmitted on access ports.
Workaround: Do not use UplinkFast if protocol filtering is enabled. (CSCdm31699)
•In some cases, the switch might choose an inactive default gateway as the primary if the primary gateway goes down. The problem occurs when the inactive gateway is reachable only through either the me1 or the sc0 interface and that interface is configured down.
Workaround: Do not configure a default gateway that is reachable only through an interface that is configured down. Alternatively, do not configure multiple default gateways. (CSCdm32625)
•If you configure RMON alarm entries, if the value of the sampled alarmVariable overflows during the configured alarmInterval, alarmValue will be reported as a negative value. If the alarmValue is reported as a negative value, you can use the following calculation to determine the correct value:
(alarmValue + 232-1). (CSCdm27392)
•In some cases, one or more ports on the 32-port 10/100 Fast Ethernet RJ-45 switching module (WS-X4232-RJ-XX) might fail power-on self-test (POST).
Workaround: Reset the switch. (CSCdm36338)
•For ports on the 32-port 10/100 Fast Ethernet RJ-45 switching module (WS-X4232-RJ-XX), SNMP might report the flow control state as "disagree" even though these ports do not support flow control. This problem has no effect on the normal operation of the switch ports. (CSCdm41797)
•In some cases, attempts to set the primary VMPS server using SNMP fail.
Workaround: Set the primary VMPS server using the CLI. (CSCdm31717)
•After entering the configure network command, do not interrupt the configuration using Control-C. You might prevent the current command from completely executing, causing unexpected results. (CSCdm27473)
•When you configure SPAN for a port or VLAN, neither transmitted nor received spanning tree BPDUs are mirrored to the SPAN destination port. (CSCdm47129)
•If you configure the port-VLAN cost of a port using the set spantree portvlancost command and then reset the module to which the port belongs, the port-VLAN cost for all of the ports on that module except the port you configured will be set to an incorrect value. This problem can occur on any Catalyst 4000 family module as well as ports on the Catalyst 4912G and 2948G switches. (CSCdm93868)
Resolved Caveats in Software Release 5.1(1a)
This section lists caveats resolved in software release 5.1(1a).
•When you upgrade the switch software to release 5.1(1) from any 4.x release, the switch configuration is lost. This problem is resolved in software release 5.1(1a). (CSCdm09827)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. (CSCdm80016)
Open Caveats in Software Release 5.1(1)
This section lists open caveats in software release 5.1(1).
Caution Catalyst 4000 family supervisor engine software release 5.1(1) was deferred due to caveat CSCdm09827. For more information, see the "Deferred Software Releases" section.
•When you upgrade the switch software to release 5.1(1) from any 4.x release, the switch configuration is lost. (CSCdm09827)
•Spanning tree convergence on 802.1Q trunks on a switch with a large number of active VLANs (several hundred) can be delayed up to several minutes. (CSCdk70821)
•All 5.x CiscoView images have been deferred due to CSCdu25881. The CiscoView that is embedded in Catalyst software will not work after May 11, 2001, because the digital certificates used to sign the Java classes have expired. You should upgrade to release 5.5(8a)CiscoView. For workarounds and additional information, see the following URL: http://www.cisco.com/warp/public/770/fn13613.shtml (CSCdu25881).
•If you disconnect a Telnet session to the switch when the switch is at the "More" prompt (such as with show command output) or is waiting for user input (such as a "Yes/No" prompt), future Telnet sessions might stop accepting user input. (CSCdk83562)
•Pressing Control-C at the "More" prompt (for example, when a show command is displaying multiple pages of output) does not interrupt the output and return the Console> prompt.
Workaround: Press the q key instead. (CSCdm11604)
•In some cases, on a Catalyst 4000 family switch with an extremely heavy traffic load (such as from a traffic generator), modules that contain 10/100 Fast Ethernet ports might not come online after being reset.
Workaround: Reduce the traffic load and reset the module. (CSCdk74166)
•On Catalyst 4000 family modules that contain 10/100 Fast Ethernet ports, the Carri-Sen counter (in the output of the show port command) might erroneously show a value of 1 indicating an error occurred, a carrier sense error usually does not occur. (CSCdk69054)
•In some cases, power cycling or resetting the switch erases permanent CAM entries. The correct behavior is that permanent entries remain in the CAM through a power cycle or system reset.
Workaround: Reenter permanent entries after power cycling or resetting the switch. (CSCdm25544)
•If you enable both UplinkFast and protocol filtering on the switch, when a spanning tree topology change occurs that activates UplinkFast, UplinkFast multicast frames (using destination MAC address 0x0100 0CCD CDCD) might be transmitted on access ports.
Workaround: Do not use UplinkFast if protocol filtering is enabled. (CSCdm31699)
•When you configure SPAN for a port or VLAN, neither transmitted nor received spanning tree BPDUs are mirrored to the SPAN destination port. (CSCdm47129)
•For ports on the 32-port 10/100 Fast Ethernet RJ-45 switching module (WS-X4232-RJ-XX), SNMP might report the flow control state as "disagree" even though these ports do not support flow control. This problem has no effect on the normal operation of the switch ports. (CSCdm41797)
•In some cases, the switch might choose an inactive default gateway as the primary if the primary gateway goes down. The problem occurs when the inactive gateway is reachable only through either the me1 or the sc0 interface and that interface is configured down.
Workaround: Do not configure a default gateway that is reachable only through an interface that is configured down. Alternatively, do not configure multiple default gateways. (CSCdm32625)
•In some cases, one or more ports on the 32-port 10/100 Fast Ethernet RJ-45 switching module (WS-X4232-RJ-XX) might fail power-on self-test (POST).
Workaround: Reset the switch. (CSCdm36338)
•If you configure RMON alarm entries, if the value of the sampled alarmVariable overflows during the configured alarmInterval, alarmValue will be reported as a negative value. If the alarmValue is reported as a negative value, you can use the following calculation to determine the correct value:
(alarmValue + 232-1). (CSCdm27392)
•In some cases, attempts to set the primary VMPS server using SNMP fail.
Workaround: Set the primary VMPS server using the CLI. (CSCdm31717)
•If you configure the port-VLAN cost of a port using the set spantree portvlancost command and then reset the module to which the port belongs, the port-VLAN cost for all of the ports on that module except the port you configured will be set to an incorrect value. This problem can occur on any Catalyst 4000 family module as well as ports on the Catalyst 4912G and 2948G switches. (CSCdm93868)
•If you reset the switch three or more times in rapid succession while the system is bringing the modules online, the switch might fail to boot the system image and remains in the ROM monitor.
Workaround: Boot the system image from the ROM monitor using the boot command. (CSCdm80016)
•After entering the configure network command, do not interrupt the configuration using Control-C. You might prevent the current command from completely executing, causing unexpected results. (CSCdm27473)
Usage Guidelines, Restrictions, and Troubleshooting
These sections provide usage guidelines, restrictions, and troubleshooting information for Catalyst 4000 family switch hardware and software:
•SPAN
•Authentication, Authorization, and Accounting
•MIBs
System and Supervisor Engine
This section contains usage guidelines, restrictions, and troubleshooting information that apply to the supervisor engine and to the switch at the system level.
•The Catalyst 4006 switch requires dual power supplies. Refer to the Catalyst 4003 and 4006 Switch Installation Guide for detailed information about power requirements for the Catalyst 4006 switch.
•In supervisor engine software release 5.2 and later, the show config, write terminal, and copy config commands return only the nondefault configuration (that is, only commands entered that change the default configuration are displayed). Use the all keyword to display both the default and nondefault configuration (for example, show config all).
•If you need to download configuration files to many switches in a network topology with redundant EtherChannel links, download the configuration at each switch manually using the configure network command. Otherwise, in some situations, a broadcast storm can occur.
•Under certain conditions, etherHistoryUtilization is not reported correctly if the counter value wraps between the two consecutive samples. The workaround is to reduce the sample interval.
•If your configuration produces thousands of CAM entries, ensure that your screen length is set to a value greater than 0 before entering the show cam dynamic command.
•The LrnDiscard counter (displayed by entering the show mac command) indicates the number of times a CAM entry is replaced with a newly learned address when the CAM table is full. The counter value is not maintained for each port; instead, the value is maintained for the entire switch.
•The CLI command show cam dynamic and the SNMP query "getmany community@vlan dot1dTpFdbAddress" are sometimes out of sync.
•Although the show spantree command displays the PortFast feature as enabled on a trunk port, spanning tree PortFast has no effect on trunk ports. Do not use the set portfast command on a trunk port. In addition, designating a port as a trunk port ignores the PortFast feature for the port.
•If you attach a long cable (20 ft or longer) that is disconnected at the far end to the console port of a Catalyst 4000 family or Catalyst 2948G switch, then the resulting crosstalk on the serial line may prevent the switch from booting until you disconnect the cable from the switch or plug the cable into an active serial port (such as a serial port on a PC or a terminal server) at the remote end. (CSCdw69459 and CSCdr73326)
Modules and Switch Ports
This section contains usage guidelines, restrictions, and troubleshooting information that apply to modules and switch ports.
•This message indicates a potential port configuration error:
2000 Feb 15 16:15:28 %SYS-4-P2_WARN: 1/Blocked queue on gigaport 5 ( 15 : 1 )If you receive this message, enter the command show port counters and check each port for excessive errored frames such as collisions, runts, and transmit errors.
•If a module fails to come online, reset the module by entering the reset mod_num command.
•When hot inserting a module into a Catalyst 4000 family chassis, be sure to use the ejector levers on the front of the module to seat the backplane pins properly. Incorrectly inserting a module can cause unexpected behavior. For proper module installation instructions, refer to the Catalyst 4003 Series Installation Guide.
•When connecting end stations (such as Windows 95/98/NT workstations) to Catalyst 4000 family 10/100-Mbps switch ports, use the following configuration if the end stations are using DHCP or IPX. If you use a different configuration, you might have problems obtaining an IP address using BOOTP/DHCP or getting an IPX login using IPX:
–Spanning tree PortFast enabled
–Trunking off
–Channeling off
In supervisor engine software release 5.2 and later you can use the set port host command to optimize the port configuration for host connections. This command automatically enables PortFast and sets the trunking and channeling modes to off.
In software releases prior to release 5.2, you can optimize the port configuration for host connections as follows:
–Use the set spantree portfast mod_num/port_num enable command to enable PortFast
on a port.
–Use the set trunk mod_num/port_num off command to disable trunking on a port.
–Use the set port channel port_list off command to disable channeling on a port.
Note You must specify a valid port range when entering the set port channel command. You cannot specify a single port.
This example shows how to configure a port for end station connectivity using the set port host command:
Console> (enable) set port host 2/1Warning: Span tree port fast start should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can cause temporary spanning tree loops. Use with caution.Spantree port 2/1 fast start enabled.Port(s) 2/1 trunk mode set to off.Port(s) 2/1 channel mode set to off.Console> (enable)This example shows how to manually configure a port for end station connectivity:
Console> (enable) set spantree portfast 2/2 enableWarning: Spantree port fast start should only be enabled on ports connectedto a single host. Connecting hubs, concentrators, switches, bridges, etc. toa fast start port can cause temporary spanning tree loops. Use with caution.Spantree port 2/2 fast start enabled.Console> (enable) set trunk 2/2 offPort(s) 2/2 trunk mode set to off.Console> (enable) set port channel 2/1-2 offPort(s) 2/1-2 channel mode set to off.Console> (enable)•When you replace a module (other than the supervisor engine) with a module of a different type, or when you insert a module (other than the supervisor engine) in an empty slot, enter the command clear config mod_num to clear the module configuration information in the supervisor engine and obtain the correct spanning tree parameters.
•If a port fails the physical-medium-dependent (PMD) loopback test (port LED is flashing orange) after the Catalyst 4000 family switch is reset, you must reset the affected module to recover.
•If the Catalyst 4000 family switch detects a port-duplex misconfiguration, the misconfigured switch port is disabled and placed in the "errdisable" state. Reconfigure the port-duplex setting and use the set port enable command to reenable the port.
•If you have a port whose port speed is set to auto connected to another port whose speed is set to a fixed value, configure the port whose speed is set to a fixed value for half duplex. Alternately, you can configure both ports to a fixed-value port speed and full duplex.
•Do not enable protocol filtering on the switch if you have configured port security on any ports and set the violation mode to restrict. There is no restriction if the violation mode is set to shutdown (you can enable protocol filtering on the switch).
•Whenever you connect a Catalyst 4000 family port that is set to autonegotiate to an end station or another networking device, make sure that the other device is configured for autonegotiation as well. If the other device is not set to autonegotiate, the Catalyst 4000 autonegotiating port will remain in half-duplex mode, which can cause a duplex mismatch resulting in packet loss, late collisions, and line errors on the link.
•The following restrictions apply when configuring port security:
–You cannot configure dynamic, static, or permanent CAM entries on a secure port
–When you enable port security on a port, any static or dynamic CAM entries associated with the port are cleared; any currently configured permanent CAM entries are treated as secure
•If you configure a secure port in restrictive mode, and a station is connected to the port whose MAC address is already configured as a secure MAC address on another port on the switch, the port in restrictive mode will shut down rather than restrict traffic from that station. For example, if you configure MAC-1 as the secure MAC address on port 2/1 and MAC-2 as the secure MAC address on port 2/2, if you then connect the station with MAC-1 to port 2/2 when port 2/2 is configured for restrictive mode, port 2/2 will shut down instead of restricting traffic from MAC-1.
•Some ports on the Catalyst 4000 family oversubscribed Gigabit Ethernet modules do not reliably autonegotiate Ethernet operational modes with some Sun Gigabit Ethernet NICs. The 18-port server switching 1000BASE-X (GBIC) Gigabit Ethernet module (WS-X4418-GB) is affected.
These Sun Gigabit Ethernet NICs are affected:
–X1140A Sun Gigabit Ethernet Sbus Adapter 2.0
–X1141A PCI Gigabit Ethernet PCI Adapter 2.0
Workaround: Use the following configuration:
Catalyst 4000 Family Ports Sun Gigabit Ethernet NIC Configuration Command Configuration CommandAutonegotiation disabled
set port negotiation mod_num/port_num disable
Autonegotiation disabled
ndd -set /dev/ge adv_1000autoneg_cap 0
N/A
N/A
Half-duplex off
ndd -set /dev/ge adv_1000hdx_cap 0
Send flow control on1
set port flowcontrol mod_num/port_num send on
Send flow control off
ndd -set /dev/ge adv_pauseTX 0
Receive flow control desired1
set port flowcontrol mod_num/port_num receive desired
Receive flow control on
ndd -set /dev/gs adv_pauseRX 1
1 Default setting
(CSCdm38405)
Spanning Tree
The Spanning Tree Protocol (STP) blocks certain ports to prevent physical loops in a redundant topology. On a blocked port, the Catalyst 4000 family switch receives spanning tree bridge protocol data units (BPDUs) periodically from the neighboring device. You can configure the frequency with which BPDUs are received by entering the set spantree hello command (the default frequency is set to two seconds). If a Catalyst 4000 family switch does not receive a BPDU in the time defined by the set spantree maxage command (20 seconds by default), the blocked port transitions to the listening state, the learning state, and to the forwarding state. As it transitions, the switch waits for the time period specified by the set spantree fwddelay command (15 seconds by default) in each of these intermediate states. Therefore, a blocked spanning tree port moves into the forwarding state if it does not receive BPDUs from its neighbor within approximately 50 seconds.
This section contains usage guidelines, restrictions, and troubleshooting information that apply to spanning tree.
•If the Spanning Tree Protocol parameters are reduced in value, ensure that the number of instances Spanning Tree Protocol are also reduced proportionally in order to avoid spanning tree loops in the network.
•On your Catalyst 4000 family switch, ensure that the total number of logical ports across all instances of spanning tree for different VLANs does not exceed the number allowed for your supervisor engine.
You can use the show spantree summary command and this formula to compute the sum of logical ports on the switch:
(number of trunks on the switch * number of active VLANs on those trunks) + number of non-trunking port on the switch
The sum of all logical ports, as calculated with the formula above, should be less than or equal to 1500 for the Catalyst 4000 family Supervisor Engine I and II.
Caution If you enable numerous memory-intensive features concurrently (such as VTP pruning, VMPS, EtherChannel, and RMON), or if there is switched data traffic on the management VLAN, the maximum number of supported logical ports is reduced.
Note Count each port in an EtherChannel port bundle independently (do not count the bundle as a single port).
•A Catalyst family switch should be the root for all VLANs, especially VLAN 1. In order to recover from an extended broadcast storm caused by a faulty device in a network, Catalyst family switches reset blocked ports. To ensure recovery, all Catalyst family switches in the network should perform this function at the same time by sending synchronization packets on VLAN 1. These synchronization packets are only sent by a Catalyst family switch if it is the root bridge.
•Use these commands to monitor blocked spanning tree ports:
–show port—Check to see if the port has registered a lot of alignment, FCS, or any other type of line errors. If these errors are incrementing continuously, the port might drop input BPDUs.
–show mac—If the Inlost counter is incrementing continuously, the port is losing input packets because of a lack of receive buffers. This problem can also cause the port to drop incoming BPDUs.
•Disabling spanning tree on the native VLAN of an IEEE 802.1Q trunk can potentially cause spanning tree loops. We recommend that you leave spanning tree enabled on the native VLAN of an 802.1Q trunk. If you plan to disable spanning tree in an 802.1Q environment, disable spanning tree on every VLAN in the network and ensure a loop-free topology exists.
•On a blocked spanning tree port, make sure that the Rcv-Frms and Rcv-Multi counters are incrementing continuously. If the Rcv-Frms counter stops incrementing, the port is not receiving any frames, including BPDUs. If the Rcv-Frms counter is incrementing but the Rcv-Multi counter is not, then this port is receiving nonmulticast frames but is not receiving any BPDUs.
•On a blocked spanning tree port, check the duplex configuration to ensure that the port duplex is set to the same type as the port of the neighboring device.
•On trunk ports, make sure that the trunk configuration is set properly on both sides of the link.
•On trunk ports, make sure that the duplex is set to full on both sides of the link to prevent any collisions under heavy traffic conditions.
•Do not use spanning tree PortFast on a trunk port. Although the show spantree command displays PortFast as enabled on a trunk port, PortFast has no effect on trunk ports.
VTP, VLANs, and VLAN Trunks
This section contains usage guidelines, restrictions, and troubleshooting information that apply to VTP, VLANs, and VLAN trunks.
•Although the Dynamic Trunk Protocol (DTP) is a point-to-point protocol, some internetworking devices might forward DTP frames. To avoid connectivity problems, follow these guidelines:
–For ports connected to non-Catalyst family devices in which trunking is not being used, configure trunk-capable Catalyst 4000 family switch ports to off by entering the set trunk mod_num/port_num off command.
–When trunking to a Cisco router, use the set trunk mod_num/port_num nonegotiate command. The nonegotiate keyword transitions a link into trunking mode without sending DTP frames.
•A VTP transparent switch with no VTP domain name configured might not relay VTP requests received from VTP client and server switches. Therefore, VTP client and server switches might not synchronize if they are separated by a VTP transparent switch with no domain name configured. The workaround is to configure a VTP domain name on the VTP transparent switch.
•With Cisco IOS software release 12.0, the Catalyst 8510 campus switch router (CSR) does not process untagged packets (packets on the native VLAN) received on an IEEE 802.1Q trunked interface (all such packets are dropped). If you configure Catalyst 8510 CSR subinterfaces to trunk using 802.1Q encapsulation, traffic cannot be carried successfully on the native VLAN for the trunk configured on the Catalyst 4000 family switch.
The workaround is to create an unused VLAN and assign that VLAN as the native VLAN for the 802.1Q trunk on the Catalyst 4000 family switch. Verify the native VLAN assignment for the trunk using the show trunk command.
This caveat is tracked as a defect against the Catalyst 8510 CSR software (CSCdk77676).
EtherChannel
This section contains usage guidelines, restrictions, and troubleshooting information that apply to Fast and Gigabit EtherChannel.
•When using Fast EtherChannel, if a "SPANTREE-2: Channel misconfig - x/x-x will be disabled" or similar syslog message is displayed, it indicates a mismatch of Fast EtherChannel modes on the connected ports. We recommend that you correct the configuration and reenable the ports by entering the set port enable command. The following are valid EtherChannel configurations:
Port Channel Mode Valid Neighbor Port Channel Modesdesirable
desirable or auto
auto
desirable or auto1
on
on
off
off
1 If both the local and neighbor ports are in auto mode, an EtherChannel bundle will not form.
•With a large number of channels, trunks, or VLANs, or a change of channel configuration (for example, off to auto), or upon Fast EtherChannel module reboot, ports might take up to five minutes to form a channel and to participate in spanning tree. (During this interval, the port does not appear in show spantree command output.) If it takes more than ten minutes for a channel to form and appear on spanning tree, disable and reenable the ports. In addition, it might take up to two minutes to unbundle a channel after changing the channel mode.
SPAN
This section contains usage guidelines, restrictions, and troubleshooting information that apply to the Switch Port Analyzer (SPAN).
•Incoming traffic on the SPAN destination port is disabled by default. You can enable it using the set span command with the inpkts enable keywords. However, while the port receives traffic for its assigned VLAN, it does not participate in spanning tree for that VLAN. To avoid creating spanning tree loops with incoming traffic enabled, assign the SPAN destination port to an unused VLAN.
•A SPAN destination port receives flooded unicasts and broadcasts for the VLAN of the source SPAN port.
Multicast
This section contains usage guidelines, restrictions, and troubleshooting information that apply to multicast protocols and traffic on the switch.
•Due to a conflict with the Hot Standby Router Protocol (HSRP), Cisco Group Management Protocol (CGMP) leave processing is disabled by default.
To enable CGMP leave processing, enter the set cgmp leave enable command.
Note If both HSRP and CGMP leave processing are enabled, you might experience some unicast packet flooding.
•When CGMP leave processing is enabled, the Catalyst 4000 family switch learns router ports through PIM-v1, HSRP, and CGMP self-join messages. When CGMP leave processing is disabled, the Catalyst 4000 family switch learns router ports through CGMP self-join messages only.
•CGMP does not prune multicast traffic for any IP multicast address that maps into the Media Access Control (MAC) address range of 01-00-5E-00-00-00 to 01-00-5E-00-00-FF. The reserved IP multicast addresses, in the range 224.0.0.0 to 224.0.0.255, are used to forward local IP multicast traffic in a single Layer 3 hop.
Authentication, Authorization, and Accounting
This section contains usage guidelines, restrictions, and troubleshooting information that apply to authentication, authorization, and accounting (AAA):
•For login authentication, starting from software releases 5.5(15), 6.3(7), and 7.3(1), if you press the Enter key and then type in your password (<Enter> <password>) the ACS TACACS+ server will treat it as an indication that you are attempting to change your password. This behavior is related to CSCdx08395. Before the CSCdx08395 fix, the user privilege level was hard coded to 15 in the TACACS+ authentication request packet. With the CSCdx08395 fix, the user privilege level is set based on the privilege level that the user is authenticated as. For example, if the user is doing a login authentication, the privilege level would be 1. If the user is doing an enable authentication, the privilege level would be 15.
The Cisco ACS TACACS+ server acts differently for <Enter> <password>. For login authentication, if the user priv-lvl is hard coded to 15, <Enter> <password> is treated as a regular password attempt. If the user priv-lvl is set to 1 (CSCdx08395) during login authentication, then <Enter> <password> is treated as an indication of a changing password. The latter case is a behavior consistent with TACACS+ enable authentication and Cisco IOS software handling of <Enter> <password>. (CSCdy35129)
MIBs
For general information on MIBs, RMON groups, and traps, refer to the Cisco public MIB directory (http://www.cisco.com/public/mibs/). For information on the specific MIBs supported by the Catalyst 4000 family switches, refer to the Catalyst 4000 MIB Support List located at ftp://ftp.cisco.com/pub/mibs/supportlists/wsc4000/wsc4000-supportlist.html
Non-Embedded CiscoView
•The digital security certificate that is used to sign the Java classes in supervisor engine software release 5.5(8a) will be valid until May 19, 2002. After the expiration date if embedded CiscoView cannot be launched or an Access Control Error occurs, upgrade to the latest supervisor engine image available at that time or upgrade the plugin/browser on the client machine.
•The CiscoView 5.5(4) and later releases require Java Plug-in 1.3.0-C in the browser. This version is incompatible with the CiscoView 5.5(3) and earlier releases which require the Java Plug-in 1.2.2.
The new releases of the Java Plug-in 1.3 (1.3.0_01 and 1.3.0_02) available for download from Sun Microsystem's website do not work with CiscoView versions 5.5.4 and later on the Catalyst 4000, Catalyst 5000, Catalyst 6000 and 2900/3500XL switches. The workaround is to install the previous release of the 1.3 Plug-in, 1.3.0-C.
To determine the version installed on your system, select Start > Settings > Control Panel. The Java Icon in the Control Panel displays the version. If it indicates "Java Plug-In" then it is the correct version. The incorrect versions have _01 or _02 next to the name. You can also double-click on the Java Icon and then click on the "About" tab to display the version, which should be 1.3.0-C for CiscoView to work properly. (CSCdt96453)
•The supported client platform/browser/plug-in versions to launch embedded CiscoView are as follows:
–Solaris 2.6/2.7, Netscape Communicator 4.7, plug-in 1.3.0 (JRE 1.3.0)
–Windows NT 4.0 and Windows 2000, Internet Explorer 5.5 and Netscape Communicator 4.7, plug-in 1.3.0-C (JRE 1.3.0)
Documentation Updates for Software Release 5.4
This section lists caveats for the Catalyst 4000 family software release 5.2 documentation. These changes are included in the next update to the documentation.
•CSCdm60737 was incorrectly listed as open in the release notes for software releases 5.1(2a) through 5.2(4).
•CSCdm80016 was incorrectly listed as resolved in the release notes for software release 5.2(4).
Documentation Updates for Software Release 5.2
This section lists caveats for the Catalyst 4000 family software release 5.2 documentation. These changes are included in the next update to the documentation.
•The printed version of the Command Reference for software release 5.2 incorrectly includes the show tech-support command. This command is not supported in software release 5.2.
Documentation Updates for Software Release 5.1
This section lists caveats for the Catalyst 4000 family software release 5.1 documentation. These changes will be included in the next update to the documentation.
•In the Software Configuration Guide for software release 5.1, the following description of GMRP was omitted:
GMRP software components run on both the switch and on the host (Cisco is not a source for GMRP host software). On the host, GMRP is typically used with IGMP: the host GMRP software creates Layer 2 GMRP versions of the host's Layer 3 IGMP control packets. The switch receives both the Layer 2 GMRP and the Layer 3 IGMP traffic from the host. The switch uses the received GMRP traffic to constrain multicasts at Layer 2 in the host's VLAN.
Note In all situations, you can use CGMP or IGMP snooping to constrain multicasts at Layer 2 without installing or configuring software on hosts.
When a host wants to join an IP multicast group, it sends an IGMP join message, which creates a GMRP join message.
When the switch receives the GMRP join message, it adds the port through which the join message was received to the appropriate multicast group. The switch propagates the GMRP join message to all other hosts in the VLAN, one of which is typically the multicast source. When the source is multicasting to the group, the switch forwards the multicast only to the ports from which it received join messages for the group.
The switch sends periodic GMRP queries. If a host wants to remain in a multicast group, it responds to the query. In this case, the switch does nothing. If a host does not want to remain in the multicast group, it can either send a leave message or not respond to the periodic queries from the switch. If the switch receives a leave message or receives no response from the host for the duration of the leaveall timer, the switch removes the host from the multicast group.
Note To use GMRP in a routed environment, enable the GMRP forwardall option on all ports where routers are attached.
Related Documentation
The following documents are available for Catalyst 4000 family switches:
•Catalyst 4003 and 4006 Switch Installation Guide
•Catalyst 4912G Installation Guide
•Catalyst 4000 Family, 2948G, and 2980 Switches Software Configuration Guide
•Layer 3 Switching Software Configuration Guide - Catalyst 5000 Family, 4000 Family, 2926G Series, and 2948G Switches
•Catalyst 4000 Family, 2948G, and 2980 Switches Command Reference
•Catalyst 6500 series, Catalyst 4000 Family, 2948G, and 2980G Switches System Message Guide
•Troubleshooting Tips—Catalyst 5000 Family, 4000 Family, 2926G Series, and 2948G Switches
•Enterprise MIB User Quick Reference (online only)
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation DVD
Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.
Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.
Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
Cisco Marketplace:
http://www.cisco.com/go/marketplace/
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 1 800 553-NETS (6387).
Documentation Feedback
You can send comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
•Report security vulnerabilities in Cisco products.
•Obtain assistance with security incidents that involve Cisco products.
•Register to receive security information from Cisco.
A current list of security advisories and notices for Cisco products is available at this URL:
If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:
•Emergencies — security-alert@cisco.com
•Nonemergencies — psirt@cisco.com
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product to encrypt any sensitive information that you send to Cisco. PSIRT can work from encrypted information that is compatible with PGP versions 2.x through 8.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:
http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on
In an emergency, you can also reach PSIRT by telephone:
•1 877 228-7302
•1 408 525-6532
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support Website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•Cisco Marketplace provides a variety of Cisco books, reference guides, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
http://www.cisco.com/go/marketplace/
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:
•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:
http://www.cisco.com/go/iqmagazine
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
•World-class networking training is available from Cisco. You can view current offerings at this URL:
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Copyright © 2001—2005 Cisco Systems, Inc. All rights reserved.