Table of Contents

Document Contents
Release 5.x Memory Requirements
Release 5.x Software Upgrade Path
Release 5.x Supervisor Engine Support Matrix
Supervisor Engine Redundancy
Product and Software Version Support Matrix
Release 5.x Orderable Software Images
New Features for Supervisor Engine Software Release 5.5
New Features for Supervisor Engine Software Release 5.4
New Features for Supervisor Engine Software Release 5.2
New Features for Supervisor Engine Software Release 5.1(2a)
New Features for Supervisor Engine Software Release 5.1
Open and Resolved Caveats in Software Release 5.5(3)

Open Caveats in Software Release 5.5(3)
Resolved Caveats in Software Release 5.5(3)

Open and Resolved Caveats in Software Release 5.5(2)

Open Caveats in Software Release 5.5(2)
Resolved Caveats in Software Release 5.5(2)

Open and Resolved Caveats in Software Release 5.5(1)

Open Caveats in Software Release 5.5(1)
Resolved Caveats in Software Release 5.5(1)

Open and Resolved Caveats in Software Release 5.4(4)

Open Caveats in Software Release 5.4(4)
Resolved Caveats in Software Release 5.4(4)

Open and Resolved Caveats in Software Release 5.4(3)

Open Caveats in Software Release 5.4(3)
Resolved Caveats in Software Release 5.4(3)

Open and Resolved Caveats in Software Release 5.4(2)

Open Caveats in Software Release 5.4(2)
Resolved Caveats in Software Release 5.4(2)

Open and Resolved Caveats in Software Release 5.4(1)

Open Caveats in Software Release 5.4(1)
Resolved Caveats in Software Release 5.4(1)

Open and Resolved Caveats in Software Release 5.2(4)

Open Caveats in Software Release 5.2(4)
Resolved Caveats in Software Release 5.2(4)

Open and Resolved Caveats in Software Release 5.2(3)

Open Caveats in Software Release 5.2(3)
Resolved Caveats in Software Release 5.2(3)

Open and Resolved Caveats in Software Release 5.2(2)

Open Caveats in Software Release 5.2(2)
Resolved Caveats in Software Release 5.2(2)

Open and Resolved Caveats in Software Release 5.2(1)

Open Caveats in Software Release 5.2(1)
Resolved Caveats in Software Release 5.2(1)

Open and Resolved Caveats in Software Release 5.1(2a)

Open Caveats in Software Release 5.1(2a)
Resolved Caveats in Software Release 5.1(2a)

Open Caveats in Software Release 5.1(1)
Usage Guidelines, Restrictions, and Troubleshooting

System and Supervisor Engine
Modules and Switch Ports
Transceivers
Spanning Tree
VTP, VLANs, and VLAN Trunks
EtherChannel
SPAN
Multicast
Network Analysis Module and TrafficDirector

Documentation Updates for Software Release 5.2
Documentation Updates for Software Release 5.1
Additional Documentation
Obtaining Documentation

World Wide Web
Documentation CD-ROM
Ordering Documentation

Obtaining Technical Assistance

Cisco Connection Online
Technical Assistance Center
Documentation Feedback

Release Notes for Catalyst 5000 Family Software Release 5.x

Current Releases:
5.5(3) - September 11, 2000
5.4(4) - July 13, 2000

Previous Releases: 5.5(2), 5.5(1), 5.4(3), 5.4(2), 5.4(1)-Deferred, 5.2(4), 5.2(3), 5.2(2), 5.2(1), 5.1(2a), 5.1(1)

These release notes describe the features, modifications, and caveats for Catalyst 5000 family supervisor engine software release 5.x and all 5.x maintenance releases. The most current 5.x release is supervisor engine software release 5.5(3). These release notes apply to Catalyst 5000 family switches as well as to Catalyst 2926G series switches running Catalyst 5000 family supervisor engine software.

Caution We strongly recommend that you read these release notes before using your switch or upgrading your switch software.

Note   Although the software image in a new Catalyst 5000 family switch operates correctly, later software images containing the latest upgrades and modifications are released regularly to provide you with the most optimized software available. We strongly recommend that you check for the latest released software images at the World Wide Web locations listed in the "Cisco Connection Online" section.

Note   Release notes for prior Catalyst 5000 family software releases were accurate at the time of release. However, for information on the latest caveats and updates to previously released Catalyst 5000 family software releases, refer to the release notes for the latest maintenance release in your software release train. You can access all Catalyst 5000 family release notes at the World Wide Web locations listed in the "Cisco Connection Online" section.

Document Contents

This document consists of these sections:

• Release 5.x Memory Requirements

• Release 5.x Memory Requirements

• Release 5.x Software Upgrade Path

• Release 5.x Supervisor Engine Support Matrix

• Supervisor Engine Redundancy

• Product and Software Version Support Matrix

• Release 5.x Orderable Software Images

• New Features for Supervisor Engine Software Release 5.5

• New Features for Supervisor Engine Software Release 5.4

• New Features for Supervisor Engine Software Release 5.2

• New Features for Supervisor Engine Software Release 5.1(2a)

• New Features for Supervisor Engine Software Release 5.1

• Open and Resolved Caveats in Software Release 5.5(3)

• Open and Resolved Caveats in Software Release 5.5(2)

• Open and Resolved Caveats in Software Release 5.5(1)

• Open and Resolved Caveats in Software Release 5.4(4)

• Open and Resolved Caveats in Software Release 5.4(3)

• Open and Resolved Caveats in Software Release 5.4(2)

• Open and Resolved Caveats in Software Release 5.4(1)

• Open and Resolved Caveats in Software Release 5.2(4)

• Open and Resolved Caveats in Software Release 5.2(3)

• Open and Resolved Caveats in Software Release 5.2(2)

• Open and Resolved Caveats in Software Release 5.2(1)

• Open and Resolved Caveats in Software Release 5.1(2a)

• Open Caveats in Software Release 5.1(1)

• Usage Guidelines, Restrictions, and Troubleshooting

• Documentation Updates for Software Release 5.2

• Documentation Updates for Software Release 5.1

• Additional Documentation

• Obtaining Documentation

• Obtaining Technical Assistance

Release 5.x Memory Requirements

The Catalyst 5000 family supervisor engine 5.x software releases require a minimum of 32-MB DRAM installed on your supervisor engine.

All Catalyst 5000 family supervisor engines with at least 32-MB DRAM fully support software release 5.x, with the exception of Supervisor Engine I.

Release 5.x Software Upgrade Path

Caution Always back up the switch configuration file before upgrading or downgrading the switch software to avoid losing all or part of the configuration stored in nonvolatile RAM (NVRAM). Note that a software downgrade will always cause the configuration to be lost. Use the write network command (Supervisor Engine II, II G, or III G) or the copy config tftp command (Supervisor Engine III or III F, and on the Catalyst 2926G) to back up your configuration to a Trivial File Transfer Protocol (TFTP) server. Use the copy config flash command on a Supervisor Engine III or III F, and on the Catalyst 2926G, to back up the configuration to a Flash device.

Catalyst 5000 family supervisor engine software image files are available in the Software Center on Cisco Connection Online (CCO), Cisco's WWW site (software downloads are available to registered CCO users only):
http://www.cisco.com/kobayashi/sw-center/switching/cat2900-5000-planner.shtml

Note   Supervisor Engine I and the Catalyst 2926 series switches are not supported in software release 5.x.

Caution On Supervisor Engine II, you must have NMP boot ROM version 5.1(2) or later, MCP boot ROM version 4.1(3) or later, and at least 32-MB DRAM to upgrade to any 5.x release. A boot ROM and SIMM upgrade kit is available for Supervisor Engine II (MEM-C5K-SUP2-UPGD).

Caution Upgrading from software release versions 4.5(1), 4.5(2), 4.5(3), 5.1(x), or 5.2(1) causes Token Ring module configurations to be lost. The workaround is to upload the configuration to a TFTP server before upgrading and reload the configuration after the upgrade is complete. Note that this problem only affects the configuration for the actual Token Ring module itself and not general configurations such as Token Ring VLANS.

Table 1 shows the supervisor engine software upgrade path to software release 5.x from previous supervisor engine software releases.

Table 1: Catalyst 5000 Family 5.x Software Upgrade Path

Desired Upgrade	Upgrade Path
2.4(3) or earlier to 5.x	Supervisor Engine II Follow these steps to upgrade to 5.x: 1. Upgrade to software release 2.4(5) 2. Upgrade to release 3.2(4) 3. Upgrade to release 5.x.
2.4(4) through 3.2(2) to 5.x	Supervisor Engine II Follow these steps to upgrade to 5.x: 1. Upgrade to release 3.2(4) 2. Upgrade to release 5.x. Supervisor Engine III No restriction. Upgrade directly to software release 5.x.
3.2(3) or later to 5.x	All Supervisor Engines No restriction. Upgrade directly to software release 5.x.

---

Note   In some cases, when upgrading to software release 5.x from release 4.4(1) or earlier, a "Corrupted nvlog area" error is generated. This error is harmless and can be safely ignored.

---

Release 5.x Supervisor Engine Support Matrix

Catalyst 5000 family switches support these supervisor engine modules in software release 5.x:

• Supervisor Engine II

• Supervisor Engine II G

• Supervisor Engine III

• Supervisor Engine III F

• Supervisor Engine III G

Some supervisor engine types are not supported in certain switch chassis. Table 2 shows which supervisor engine types are supported in which Catalyst 5000 family switch chassis.

In addition, the supervisor engines are compatible with specific software releases. For more information, see the "Product and Software Version Support Matrix" section.

Table 2: Supervisor Engine Chassis Support Matrix

Switch Chassis	Supervisor Engine II1	Supervisor Engine II G	Supervisor Engine III	Supervisor Engine III F	Supervisor Engine III G
Catalyst 2926G	N/A	N/A	Fixed	N/A	N/A
Catalyst 5002 (155W power supplies)	Yes	Yes	No	No	Yes
Catalyst 5002 (175W power supplies with PFC2)	Yes	Yes	Yes	Yes	Yes
Catalyst 5000	Yes	Yes	Yes	Yes	Yes
Catalyst 5505	Yes	Yes	Yes	Yes	Yes
Catalyst 5509	Yes	Yes	Yes	Yes	Yes
Catalyst 5500	Yes	Yes	Yes	Yes	Yes

132-MB DRAM minimum 2PFC=power factor correction

Supervisor Engine Redundancy

You can install redundant supervisor engines in your switch if the following conditions are met:

• The switch must be a Catalyst 5500 series switch.

• The supervisor engines must be Supervisor Engine II, II G, III, III F or III G in the following configurations:

  • Two Supervisor Engine IIs

  • Two Supervisor Engine IIIs with EARL 1

  • Two Supervisor Engine IIIs with the NFFC

  • Two Supervisor Engine IIIs with the NFFC II

  • Two Supervisor Engine III Fs with EARL 1

  • Two Supervisor Engine III Fs with NFFC

  • Two Supervisor Engine III Fs with NFFC II

  • Two Supervisor Engine II Gs without the RSFC

  • Two Supervisor Engine II Gs with RSFC

  • Two Supervisor Engine III Gs without the RSFC

  • Two Supervisor Engine III Gs with RSFC

  • One Supervisor Engine II G with the RSFC and one Supervisor Engine II G without the RSFC

  • One Supervisor Engine III G with the RSFC and one Supervisor Engine III G without the RSFC

For more information on configuring supervisor engines for redundant operation, refer to the Software Configuration Guide for your switch.

Product and Software Version Support Matrix

Table 3 lists the minimum supervisor engine version and the recommended supervisor engine version for Catalyst 5000 family modules and chassis.

Note   There might be additional minimum software version requirements for intelligent modules (modules that run an additional, separate software image). Refer to the software release notes for the module type for more information.

Note   Software Release 4.5(4) is the General Deployment (GD) release for the Catalyst 5000 family switches.

Table 3: Product/Supervisor Engine Software Version Matrix

Product Number append with "=" for spares	Product Description	Minimum Supervisor Software Version	Recommended Supervisor Software Version
Supervisor Engine II
WS-X5505	Supervisor Engine II dual-port 100BaseFX SMF uplinks	2.2(1)	4.5(8)
WS-X5506	Supervisor Engine II dual-port 100BaseFX MMF uplinks
WS-X5509	Supervisor Engine II dual-port 100BaseTX RJ-45/MII uplinks
Supervisor Engine II G
WS-X5540	Supervisor Engine II G base module	5.1(1a)	5.1(1a)
Supervisor Engine III
WS-X5530-E1	Supervisor Engine III base module	3.1(1)	4.5(8)
WS-X5530-E2	Supervisor Engine III base module with NFFC	4.1(1)	4.5(8)
WS-X5530-E2A	Supervisor Engine III base module with enhanced NFFC	4.5(4)	4.5(8)
WS-X5530-E3	Supervisor Engine III base module with NFFC II	4.3(1a)	4.5(8)
WS-X5530-E3A	Supervisor Engine III base module with enhanced NFFC II	4.5(4)	4.5(8)
Supervisor Engine III F
WS-X5534-E1-GESX	Supervisor Engine III FSX dual-port 1000BaseSX uplinks	4.3(1a)	4.5(8)
WS-X5536-E1-GELX	Supervisor Engine III FLX dual-port 1000BaseLX/LH uplinks
Supervisor Engine III G
WS-X5550	Supervisor Engine III G dual-port 1000BaseX uplinks	5.1(1a)	5.1(1a)
Supervisor Engine Uplink Modules
WS-U5531-FETX	Dual-port 10/100BaseTX Fast Ethernet uplink module	3.1(1)	4.5(8)
WS-U5533-FEFX-MMF	Dual-port 100BaseFX MMF Fast Ethernet uplink module
WS-U5535-FEFX-SMF	Dual-port 100BaseFX SMF Fast Ethernet uplink module
WS-U5537-FETX	4-port 10/100BaseTX Fast EtherChannel uplink module	4.3(1a)	4.5(8)
WS-U5534-GESX	Dual-port 1000BaseSX Gigabit Ethernet uplink module	4.1(1)	4.5(8)
WS-U5536-GELX	Dual-port 1000BaseLX/LH Gigabit Ethernet uplink module
WS-U5538-FEFX-MMF	4-port 100BaseFX MMF MT-RJ Fast EtherChannel uplink module	4.5(1)	4.5(8)
Supervisor Engine III Feature Cards
WS-F5521=	NetFlow Feature Card (NFFC)	4.1(1)	4.5(8)
WS-F5521A=1	NetFlow Feature Card (NFFC-A)	4.5(4)	4.5(8)
WS-F5531=2	NFFC II	4.5(4)	4.5(8)
WS-F5531A=	NFFC II-A	4.5(4)	4.5(8)
WS-F5541=	Route Switch Feature Card (RSFC)	5.1(1a)	5.2(3)
Ethernet, Fast Ethernet, and Gigabit Ethernet
WS-X5010	24-port 10BaseT Ethernet Telco	1.1	4.5(8)
WS-X5011	12-port 10BaseFL Ethernet MMF ST	1.2
WS-X5012	48-port 10BaseT Ethernet	2.4(1)	4.5(8)
WS-X5012A	48-port 10BaseT Ethernet Telco	4.2(1)	4.5(8)
WS-X5013	24-port 10BaseT Ethernet RJ-45	2.2(1)	4.5(8)
WS-X5014	48-port, 2-slot 10BaseT Ethernet	4.2(1)	4.5(8)
WS-X5015-MT	24-port 10BaseFL Ethernet MT-RJ	5.1(1)	5.1(1)
WS-X5020	48-port, 4-segment 10BaseT Ethernet Telco	2.1(1)	4.5(8)
WS-X5111	12-port 100BaseFX Fast Ethernet MMF SC	1.4
WS-X5113	12-port 100BaseTX Fast Ethernet RJ-45	1.2
WS-X5114	12-port (6-port SMF, 6-port MMF) 100BaseFX Fast Ethernet SC	2.1(5)
WS-X5201	12-port 100BaseFX Fast EtherChannel SC	2.3(1)
WS-X5201R	12-port 100BaseFX backbone Fast Ethernet SC	4.1(2)	4.5(8)
WS-X5203	12-port 10/100BaseTX Fast EtherChannel RJ-45	2.3(1)	4.5(8)
WS-X52133	12-port 10/100BaseTX Fast Ethernet RJ-45	1.5(4)
WS-X5213A	12-port 10/100BaseTX Fast Ethernet RJ-45	2.1(7)
WS-X5223	24-port, 3-segment 100BaseTX Fast Ethernet RJ-45	2.2(1)
WS-X5224	24-port 10/100BaseTX RJ-45	2.4(2)
WS-X5225R	24-port 10/100BaseTX Fast Ethernet RJ-45	4.1(2)	4.5(8)
WS-X5234-RJ45	24-port 10/100BaseTX Fast Ethernet RJ-45	4.5(1)	4.5(8)
WS-X5236-FX-MT	24-port 100BaseFX Fast Ethernet MMF MT-RJ
WS-X5239-RJ21	36-port 10/100BaseTX Fast Ethernet Telco	5.1(2a)	5.1(2a)
WS-X5403	3-port 1000BaseX Gigabit Ethernet	4.1(1)	4.5(8)
WS-X5410	9-port, 2-slot 1000BaseX Gigabit EtherChannel module4	4.2(1)
WS-X5237-FX-MT	24-port 100Base-FX Fast Ethernet SMF MT-RJ	5.4(2)	5.4(2)
Gigabit Interface Converters (GBICs)
WS-G5484=	1000BaseSX GBIC	4.1(1)	4.5(8)
WS-G5486=	1000BaseLX/LH GBIC
WS-G5487=	1000BaseZX GBIC	4.5(1)
Token Ring
WS-X5030	16-port Token Ring module, UTP/FTP, RJ-45	3.1(1)	4.5(8)
WS-X5031	16-port Token Ring module, Volition, VF-45
FDDI/CDDI
WS-X5101	1 Dual-attach Multimode FDDI MIC	1.3	4.5(8)
WS-X5103	1 Dual-attach CDDI RJ-45
WS-X5104	1 Dual-attach Single-Mode FDDI ST
WS-X5105	1 Dual-attach Multimode FDDI SC
ATM
WS-X51533	1-port OC-3 UTP RJ-45	1.4	4.5(8)
WS-X51543	1-port OC-3 Single-Mode SC
WS-X51553	1-port OC-3 Multimode SC
WS-X5156	1 Dual PHY OC-3 UTP RJ-45	2.1(5)
WS-X5157	1 Dual PHY OC-3 Single-Mode SC
WS-X5158	1 Dual PHY OC-3 Multimode SC
WS-X5161	1 Dual PHY OC-12 MMF SC, MPOA/LANE	3.2(1)	4.5(8)
WS-X5162	1 Dual PHY OC-12 SC, MPOA/LANE
WS-X5166	1 Dual PHY DS3, BNC connectors	3.1(1)
WS-X5167	1 Dual PHY OC-3 MMF SC, MPOA/LANE	3.2(1)
WS-X5168	1 Dual PHY OC-3 SMF SC, MPOA/LANE
Route Switch Module
WS-X5302	Route Switch Module	2.3(1)	4.5(8)
Fabric Integration Modules
WS-X5165	ATM fabric integration module	4.3(1a)	4.5(8)
WS-X5305	Layer 3 fabric integration module	4.4(1)
Network Analysis Module
WS-X5380	Network Analysis Module (32 MB DRAM)	4.3(1a)	4.5(8)
WS-X5381	Network Analysis Module (128 MB DRAM)	4.3(1a)	4.5(8)
Modular Chassis
WS-C5000	Catalyst 5000 chassis (5-slot)	1.1	4.5(8)
WS-C5002	Catalyst 5002 chassis (2-slot)	2.2(1)	4.5(8)
WS-C5500	Catalyst 5500 chassis (13-slot)
WS-C5505	Catalyst 5505 chassis (5-slot)	2.3(1)
WS-C5509	Catalyst 5509 chassis (9-slot)	4.2(1)	4.5(8)
Fixed-Configuration Chassis
WS-C2901	Catalyst 2900 with two 100BaseTX uplinks and 12 10/100BaseTX ports	2.1(1)	4.5(8)
WS-C2902	Catalyst 2900 with two 100BaseTX uplinks and 12 10/100BaseFX ports
WS-C2926T	Catalyst 2926 with two 100BaseTX uplinks and 24 10/100BaseTX ports	2.4(2)
WS-C2926F	Catalyst 2926 with two 100BaseFX uplinks and 24 10/100BaseTX ports
WS-C2926GS	Catalyst 2926G with NFFC, two 1000BaseSX uplinks and 24 10/100BaseTX ports	4.3(1a)	4.5(8)
WS-C2926GL	Catalyst 2926G with NFFC, two 1000BaseLX/LH uplinks and 24 10/100BaseTX ports

1Latest hardware revision of the NFFC. 2Latest hardware revision of the NFFC II. 3The WS-X5213, WS-X5153, WS-X5154, and WS-X5155 modules have been moved to end-of-life (EOL) status. 4The Gigabit EtherChannel module (WS-X5410) is supported with Supervisor Engine I or II or in a Catalyst 5000 chassis with supervisor engine software release 4.3(1) or later in conjunction with Gigabit EtherChannel module software release 4.3(1) or later. This hardware was not fully tested with the Gigabit EtherChannel module in earlier releases.

Release 5.x Orderable Software Images

Table 4 lists the software versions and applicable ordering information for Catalyst 5000 family supervisor engine software release 5.x.

Table 4: Release 5.x Orderable Software Image Matrix

Software Version	Filename	Orderable Product Number Flash on System	Orderable Product Number Spare Upgrade (Floppy Media)
Supervisor Engine II (32 MB minimum)
5.1(1)	cat5000-sup.5-1-1.bin	SFC5K-SUP-5.1.1	SWC5K-SUP-5.1.1=
5.1(2a)	cat5000-sup.5-1-2a.bin	SFC5K-SUP-5.1.2	SWC5K-SUP-5.1.2=
5.2(1)	cat5000-sup.5-2-1.bin	SFC5K-SUP-5.2.1	SWC5K-SUP-5.2.1=
5.2(2)	cat5000-sup.5-2-2.bin	SFC5K-SUP-5.2.2	SWC5K-SUP-5.2.2=
5.2(3)	cat5000-sup.5-2-3.bin	SFC5K-SUP-5.2.3	SWC5K-SUP-5.2.3=
5.2(4)	cat5000-sup.5-2-4.bin	SFC5K-SUP-5.2.4	SWC5K-SUP-5.2.4=
5.4(1)	cat5000-sup.5-4-1.bin	SFC5K-SUP-5.4.1	SFC5K-SUP-5.4.1=
5.4(2)	cat5000-sup.5-4-2.bin	SC5K-SUP-5.4.2	SC5K-SUP-5.4.2=
5.4(3)	cat5000-sup.5-4-3.bin	SC5K-SUP-5.4.3	SC5K-SUP-5.4.3=
5.4(4)	cat5000-sup.5-4-4.bin	SC5K-SUP-5.4.4	SC5K-SUP-5.4.4=
5.5(1)	cat5000-sup.5-5-1.bin	SC5K-SUP-5.5.1	SC5K-SUP-5.5.1=
5.5(2)	cat5000-sup.5-5-2.bin	SC5K-SUP-5.5.2	SC5K-SUP-5.5.2=
5.5(3)	cat5000-sup.5-5-3.bin	SC5K-SUP-5.5.3	SC5K-SUP-5.5.3=
Supervisor Engine II G and III G
5.1(1)	cat5000-supg.5-1-1.bin	N/A	N/A
5.1(1a)	cat5000-supg.5-1-1a.bin	SFC5K-SUPG-5.1.1	SFC5K-SUPG-5.1.1=
5.1(2a)	cat5000-supg.5-1-2a.bin	SFC5K-SUPG-5.1.2	SFC5K-SUPG-5.1.2=
5.2(1)	cat5000-supg.5-2-1.bin	SFC5K-SUPG-5.2.1	SFC5K-SUPG-5.2.1=
5.2(2)	cat5000-supg.5-2-2.bin	SFC5K-SUPG-5.2.2	SFC5K-SUPG-5.2.2=
5.2(3)	cat5000-supg.5-2-3.bin	SFC5K-SUPG-5.2.3	SFC5K-SUPG-5.2.3=
5.2(4)	cat5000-supg.5-2-4.bin	SFC5K-SUPG-5.2.4	SFC5K-SUPG-5.2.4=
5.4(1)	cat5000-supg.5-4-1.bin	SFC5K-SUPG-5.4.1	SFC5K-SUPG-5.4.1=
5.4(2)	cat5000-supg.5-4-2.bin	SC5K-SUPG-5.4.2	SC5K-SUPG-5.4.2=
5.4(3)	cat5000-supg.5-4-3.bin	SC5K-SUPG-5.4.3	SC5K-SUPG-5.4.3=
5.4(4)	cat5000-supg.5-4-4.bin	SC5K-SUPG-5.4.4	SC5K-SUPG-5.4.4=
5.5(1)	cat5000-supg.5-5-1.bin	SC5K-SUPG-5.5.1	SC5K-SUPG-5.5.1=
5.5(2)	cat5000-supg.5-5-2.bin	SC5K-SUPG-5.5.2	SC5K-SUPG-5.5.2=
5.5(3)	cat5000-supg.5-5-3.bin	SC5K-SUPG-5.5.3	SC5K-SUPG-5.5.3=
Supervisor Engine III and III F
5.1(1)	cat5000-sup3.5-1-1.bin	SFC5K-SUP3-5.1.1	SWC5K-SUP3-5.1.1=
5.1(2a)	cat5000-sup3.5-1-2a.bin	SFC5K-SUP3-5.1.2	SWC5K-SUP3-5.1.2=
5.2(1)	cat5000-sup3.5-2-1.bin	SFC5K-SUP3-5.2.1	SWC5K-SUP3-5.2.1=
5.2(2)	cat5000-sup3.5-2-2.bin	SFC5K-SUP3-5.2.2	SWC5K-SUP3-5.2.2=
5.2(3)	cat5000-sup3.5-2-3.bin	SFC5K-SUP3-5.2.3	SWC5K-SUP3-5.2.3=
5.2(4)	cat5000-sup3.5-2-4.bin	SFC5K-SUP3-5.2.4	SWC5K-SUP3-5.2.4=
5.4(1)	cat5000-sup3.5-4-1.bin	SFC5K-SUP3-5.4.1	SFC5K-SUP3-5.4.1=
5.4(2)	cat5000-sup3.5-4-2.bin	SC5K-SUP3-5.4.2	SC5K-SUP3-5.4.2=
5.4(2) flash image w/CiscoView	cat5000-sup3cv.5-4-2.bin	SC5K-SUP3CV-5.4.2	SC5K-SUP3CV-5.4.2=
5.4(3)	cat5000-sup3.5-4-3.bin	SC5K-SUP3-5.4.3	SC5K-SUP3-5.4.3=
5.4(3) flash image w/CiscoView	cat5000-sup3cv.5-4-3.bin	SC5K-SUP3CV-5.4.3	SC5K-SUP3CV-5.4.3=
5.4(4)	cat5000-sup3.5-4-4.bin	SC5K-SUP3-5.4.4	SC5K-SUP3-5.4.4=
5.4(4) flash image w/CiscoView	cat5000-sup3cv.5-4-4.bin	SC5K-SUP3CV-5.4.4	SC5K-SUP3CV-5.4.4=
5.5(1)	cat5000-sup3.5-5-1.bin	SC5K-SUP3-5.5.1	SC5K-SUP3-5.5.1=
5.5(1) flash image1 w/CiscoView	cat5000-sup3cv.5-5-1.bin	SC5K-SUP3CV-5.5.1	SC5K-SUP3CV-5.5.1=
5.5(2)	cat5000-sup3.5-5-2.bin	SC5K-SUP3-5.5.2	SC5K-SUP3-5.5.2=
5.5(2) flash image w/CiscoView	cat5000-sup3cv.5-5-2.bin	SC5K-SUP3CV-5.5.2	SC5K-SUP3CV-5.5.2=
5.5(3)	cat5000-sup3.5-5-3.bin	SC5K-SUP3-5.5.3	SC5K-SUP3-5.5.3=
5.5(3) flash image w/CiscoView	cat5000-sup3cv.5-5-3.bin	SC5K-SUP3CV-5.5.3	SC5K-SUP3CV-5.5.3=

1The 5.5(1) flash image with CiscoView will be available approximately 2 weeks after the release of 5.5(1).

New Features for Supervisor Engine Software Release 5.5

This section describes the new features available in software release 5.5.

• AuxiliaryVLANs on 10/100 ports that support 802.1Q trunking.

New Features for Supervisor Engine Software Release 5.4

This section describes the new features available in software release 5.4.

• UDLD enhancements—With supervisor engine software releases 5.4(3) and later, you can specify the message interval between UDLD messages. Previously, the message interval was fixed at 60 seconds. With a configurable message interval, UDLD reacts much faster to link failures.

  Additionally, releases 5.4(3) and later have UDLD aggressive mode. UDLD aggressive mode is disabled by default and its use is recommended only for point-to-point links between Cisco switches running software release 5.4(3) or later. With aggressive mode enabled, when a port on a bidirectional link stops receiving UDLD packets, UDLD tries to reestablish the connection with the neighbor. After eight failed retries, the port is put into errdisable state.

  In order to prevent spanning tree loops, normal UDLD with the message interval of 15 seconds is fast enough to shutdown a unidirectional link before a blocking port transitions to forwarding state (when default spanning tree parameters are used).

  Enabling UDLD aggressive mode provides additional benefits in the following cases:

• One side of a link has a port stuck (both tx and rx)

• One side of a link remains up while the other side of the link has gone down

  In these cases UDLD aggressive mode errordisables one of the ports on the link and stops the blackholing of traffic. Even with aggressive mode disabled, there would have been no risk for a broadcast storm due to a spanning tree loop in this situation, as one port is unable to pass traffic in both directions.

  For detailed information on configuring the message interval and UDLD aggressive mode, refer to the online version of the Software Configuration Guide—Catalyst 5000 Family, 4000 Family, 2928G Series, 2948G, and 2980G Switches, Release 5.4.

• Catalyst Web Interface (CWI)—A browser-based tool for configuring the Catalyst 6000, 5000, and 4000 family switches.

• RADIUS authorization and accounting—Provides client-server authentication and accounting for users attempting to connect to the switch.

• TACACS+ authorization and accounting—Provides client-server authentication and accounting for access to network devices.

• Generic summertime—Allows you to configure non-US summertime.

• ErrDisable timeout—Allows you to automatically enable or reset a port minutes after a port is disabled by the software due to excessive errors.

• Case-sensitive password—Allows you to set case-sensitive passwords.

• IP Permit List enhancements—Increases the number of IP entries allowed.

• Banner improvement—Increases the banner string to 3,070 characters long, and includes a tab character.

• Scheduled reset—Allows you to reset the switch at a specified date and time.

• Permanent ARP entries—Allows you to save a static APR entry in the NVRAM (or Flash) configuration file so a reset or power cycle does not clear the entry.

• Show Config Non-Default and Default Filename for device config file—Allows you to specify non-default values only in the show config command.

• VLAN 1 disable on trunks—Allows you to disable VLAN 1 on any individual VLAN trunk link.

• Portfast guard—Provides a means to shut the port down when any received BPDUs are detected.

• RGMP support—Allows the switch to forward IP multicast traffic to only those multicast routers that are interested in receiving the traffic, which offloads unnecessary packet processing from multicast router and improving the network bandwidth.

• IGMP fast leave—Provides a mechanism where you can leave multicast sessions without any latency.

• Disable Port Startup Option—Allows the administrator to specify the default operation for all ports to be shutdown, and once set, in the event of a complete configuration erase or a corrupted configuration, no traffic will be transmitted through the switch.

• Diagnotics options on bootup—Provides options to bypass all diagnostics completely, run a minimal set, or run the complete set.

• SNMPv3—Provides security and remote configuration capabilities of SNMPv3.

• Improved SNMP Response Time—Minimizes the response time for the SNMP subsystem in the Catalyst 5000 family switch.

• Common Open Policy Service (COPS) for Differentiated Services (DS)—Allows QoS to be configured from a central policy decision point server.

New Features for Supervisor Engine Software Release 5.2

This section describes the new features available in software release 5.2.

• Enhanced NFFC and Enhanced NFFC II provides increased performance and supports forwarding of multilayer traffic through uplink ports of standby supervisor engines in redundant configurations.

• DHCP client—Allows the switch to obtain its IP configuration automatically from a DHCP server.

• Configure from Flash at startup—Allows the switch to execute one or more configuration files stored in Flash memory when the switch is powered on or reset.

• Minimal downtime software upgrade—Significantly reduces the downtime required for a software upgrade in a Catalyst 5500 series switch with redundant supervisor engines.

• Flexible PAgP—Provides enhancements and new functionality to existing EtherChannel port bundling features.

• Port security enhancements—Provides additional port security features, such as restricting traffic on a secure port instead of shutting down the port, and allowing multiple secure addresses on a port.

• UDLD on copper—Provides support for the UniDirectional Link Detection (UDLD) protocol on copper media.

• Kerberos Telnet—Provides support for encrypted Telnet sessions on the switch using Kerberos.

• rcp support—Provides an alternative method for copying system software image files and configuration files over the network, using remote copy (rcp).

• SPAN enhancements—Provides a "don't learn" option to prevent a SPAN destination port with the inpkts enable option set from learning addresses from the incoming traffic.

• Command completion—Provides new command-line options such as keyword completion using the Tab key and context-sensitive help using ?.

• New and enhanced commands:

  • show config, write terminal, copy config—Now display only changes to the default switch configuration by default. Use the all keyword to display both the default and non-default configuration.

  • set port host—Provides a command-macro that optimizes a port for host connections by enabling spanning-tree PortFast mode and setting the trunking mode and EtherChannel mode to off.

  • set tokenring explorer-throttle—Allows you to limit the number of explorer frames that are allowed to enter a port on the Token Ring modules.

• Support for the following SNMP MIBS:

  • CISCO-PAGP-MIB

  • Support for rcp in CISCO-FLASH-MIB

  • Enhanced the CISCO-STACK-MIB to support the following software features:
    Minimal downtime software upgrade
    Port Security Enhancements
    Configure from Flash at startup
    fileCopyGrp for rcp support

New Features for Supervisor Engine Software Release 5.1(2a)

This section describes the new features available in software release 5.1(2a).

Support for the 36-port Telco 10/100 switching module (WS-X5239-RJ21) (software release 5.1(2a) and later)

New Features for Supervisor Engine Software Release 5.1

This section describes the new features available in software release 5.1.

• Support for the following hardware:

  • Supervisor Engine II G (WS-X5540)—Supervisor engine with modular uplinks, NFFC II chipset, and support for the RSFC, for high-performance wiring-closet applications.

  • Supervisor Engine III G (WS-X5550)—Supervisor engine with two 1000BaseX (GBIC) uplinks, NFFC II chipset, and support for the RSFC, for high-performance wiring-closet applications.

  • Route Switch Feature Card (RSFC, WS-F5541=)—Router feature card for the Catalyst 5000 family Supervisor Engine II G and III G that provides multiprotocol interVLAN routing.

  • 24-port 10BaseFL switching module (WS-X5015-MT)

• RADIUS authentication—Provides client-server authentication for users attempting to connect to the switch.

• SPAN enhancements—Provides more flexibility in configuring SPAN sessions, including multiple SPAN sources independent of VLAN membership.

• CDP Version 2—Provides additional information on connected Cisco devices, including native VLAN and port duplex mismatches.

• IEEE 802.1Q to ISL VLAN mapping—Allows you to map 802.1Q VLANs that are greater than VLAN 1000 to ISL VLANs.

• IEEE GVRP— GARP application that provides 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports.

• IEEE GMRP—GARP application that provides a constrained multicast flooding facility similar to IGMP snooping and CGMP.

• Quality of Service (QoS)—Classifies frames by assigning priority-indexed IEEE 802.1p class of service (CoS) values to them at supported ingress ports.

• IP multicast Multilayer Switching (MLS)—Provides high-performance hardware-based Layer 3 switching of IP multicast traffic, offloading processor-intensive multicast packet routing from network routers.

• IPX MLS—Provides high-performance hardware-based Layer 3 switching of IPX traffic, offloading processor-intensive packet routing from network routers.

• CIDR IP routes—Allows you to specify classless IP routes for IP traffic originating on the switch.

• UniDirectional Link Detection (UDLD)—Detects unidirectional connections on fiber-optic links.

• NTP authentication—Prevents the switch from accepting NTP updates from untrusted sources, as described in RFC 1305.

• Redundant supervisor engine ports enhancement—Removes the 20-VLAN restriction on the standby supervisor engine uplink ports.

• Support for the following SNMP MIBs:

  • ENTITY-MIB

  • CISCO-SYSLOG-MIB

  • CISCO-PROCESS-MIB

  • CISCO-IMAGE-MIB (Catalyst 5000 family)

  • Mini-RMON groups in HC-RMON MIB

  • usrHistory and probeConfig groups in RFC2021 RMON2 MIB

  • portCopyTable in SMON-MIB

  • CISCO-UDLDP-MIB

  • Latest CISCO-CDP-MIB

  • Enhanced the CISCO-SWITCH-ENGINE-MIB to support the IPX and Multicast Shortcut features

  • Enhanced the CISCO-STP-EXTENSIONS-MIB to support the BackboneFast feature

  • Enhanced the CISCO-STACK-MIB to support the following software features:

  Port Capability
  Config File Management
  Port TopN
  Trace Route
  Multiple Default Gateway
  NTP Authentication
  RADIUS authentication
  

Open and Resolved Caveats in Software Release 5.5(3)

These sections describe the open and resolved caveats in supervisor engine software release 5.5(3):

• Open Caveats in Software Release 5.5(3)

• Resolved Caveats in Software Release 5.5(3)

Open Caveats in Software Release 5.5(3)

Note   For a description of caveats resolved in software release 5.5(3), see the "Resolved Caveats in Software Release 5.5(3)" section.

This section describes open caveats in software release 5.5(3):

• If you download a COPS policy containing a DSCP range to a Catalyst 5000 family switch, the COPS policy will fail to apply with the following error:

%COPS-3-APPLY_CAT5K_FAIL_DSCPRANGE: Applying COPS policy failed since DSCP policy range not set to full range 
 

  Policies not containing a full DSCP range are not supported on Catalyst 5000 family switches. (CSCdr23429)

• The Catalyst 5000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)

• If no COPS policies are defined on the COPS server and a Catalyst 5000 family switch attempts to make a COPS DS connection to the COPS server, local QoS policies will be applied to, or the Catalyst 5000 family switch might reset.

  The workaround is to define COPS DS policies on the COPS server before attempting to connect devices to it. (CSCdr43041, CSCdr54688, CSCdr60174, CSCdr61165)

• The clear cops role command might cause the switch to reset with a TLB exception. (CSCdr59342)

• The set/clear cops domain-name commands might close Telnet sessions to the supervisor engine. When the set cops domain-name command is run over a Telnet session to the supervisor engine, the Telnet session might terminate with a "connection lost" message. This could also happen with commands such as set qos enable/disable or set/clear port cops roles if the QoS policy source is set to COPS. (CSCdr54368)

• If you change the MTU size of a Catalyst 5000 Token Ring port while the port is active, the port will block traffic.

  The workaround is to disable the port before changing the MTU size and enable the port when the change is completed. Alternatively, you can disable and enable the port after the change is made. (CSCdr59090)

• Under certain circumstances the WS-X5225R modules might report a second MAC address on a secure port with only one client attached.

  The workaround is to use the set port security mod_num maximum command to set the maximum to 2. (CSCdr37143)

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a nontrunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• Sometimes unplugging a cable from a port in older ATM modules (WS-X5156, WS-X5157, WS-X5158) does not remove the port from Spanning Tree Protocol when many VLANs are active on the switch. For this reason the show port command might indicate that the port is not connected, while the show spantree command will indicate that the port is in forwarding state.

Resolved Caveats in Software Release 5.5(3)

Note   For a description of open caveats in software release 5.5(3), see the "Open Caveats in Software Release 5.5(3)" section.

This section describes resolved caveats in software release 5.5(3):

• Ports on WS-X5225r, WS-X5234, and WS-X5201r stop transmitting unicast frames after a scheduled test of the packet buffers. The workaround is to disable and enable the affected port. This problem is resolved in software release 5.5(3). (CSCdr50629)

• On a Supervisor Engine IIG, the command show flash might hog the switch CPU and cause the switch to fail to respond to pings. This problem is resolved in software release 5.5(3). (CSCdr90907)

• A memory leak occurs when you create an entry in cseStaticExtRouterTable with an non-empty string value for the cseStaticRouterOwner object. This problem is resolved in software release 5.5(3). (CSCdr98533)

• A memory leak occurs when you create an entry in cseStaticIpxExtRouterTable with an non-empty string value for the cseStaticIpxRouterOwner object. This problem is resolved in software release 5.5(3). (CSCdr99264)

• A minor hardware problem that causes the switching bus to time out occurs during the power on self test (POST) on the supervisor engine if the configuration includes a single WS-X550x (Supervisor Engine II) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, and WS-X5237-FX-MT modules. This problem occurs during every boot-up.

  This problem applies only to switch configurations that consist of a single Supervisor Engine II (WS-X550x) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, or WS-X5237-FX-MT modules. Redundant configurations of Supervisor Engine II, Supervisor Engine IIG (WS-X5540), Supervisor Engine III (WS-X5530), and Supervisor Engine IIIG (WS-X5550) are not affected by this problem. This problem is resolved in software release 5.5(3). (CSCdr27879)

• In some instances when IGMP snooping is used, a device might not be added to a multicast group on its first attempt to join. A related problem occurs when a switch has only multicast sources for a given group of MAC addresses directly attached. Because of problems with entries periodically timing out, packet loss may occur when this entry is removed and reinstalled. This problem is resolved in software release 5.5(3). (CSCdr54030)

• The switch might display "Out of memory" messages, which can cause VMPS to become inactive. This could be due to duplicate MAC addresses in the VMPS database. The workaround is to reboot the switch. This problem is resolved in software release 5.5(3). (CSCdr95115)

• The switch might run out of memory if many RMON related entries are created. This problem may exist in releases 5.4(x), 5.5(1), and 5.5(2). This problem is resolved in software release 5.5(3). (CSCdr99175)

• In a redundancy setup with two WS-X5530 supervisor engines where the standby supervisor engine contains any of the uplink cards WS-U5537, WS-U5538, WS-U5539, and the standby port feature is disabled, do not use the administrative group already used for the uplink ports. (Use the show port channel standby_mod info command to display the administrative group information). If you use the same administrative group, the supervisor engine may try to form an EtherChannel across modules when the standby port is enabled later. This problem is resolved in software release 5.5(3). (CSCdr77054)

• VMPS client malfunctions occur with SUN and SGI workstations. The problem occurs when reconfirm VMPS requests are retransmitted and as a result multiple replies are received from the VMPS server. This problem is resolved in software release 5.5(3). (CSCdr82526)

• When a WS-X5236 is used to trunk Token Ring VLANS in a redundant supervisor engine setup, trunking fails after a switchover from the active to the passive supervisor engine. The only workaround is to disable and enable the ports. This problem is resolved in software release 5.5(3). (CSCdr83488)

• Entries for EtherChannel in the vlanTrunkPortTable show incorrect values. This problem is resolved in software release 5.5(3). (CSCdr89734)

• In 5.x software releases prior to 5.5(3), after a reboot, traps are sent only to the first trap receiver. This problem is resolved in software release 5.5(3). (CSCdr91480)

• In a redundant supervisor engine configuration with a WS-X5530 as the standby supervisor engine, ports on the standby supervisor engine are disabled after the switch resets or the standby supervisor engine resets. This problem is resolved in software release 5.5(3). (CSCds14696)

Open and Resolved Caveats in Software Release 5.5(2)

These sections describe the open and resolved caveats in supervisor engine software release 5.5(2):

• Open Caveats in Software Release 5.5(2)

• Resolved Caveats in Software Release 5.5(2)

Open Caveats in Software Release 5.5(2)

Note   For a description of caveats resolved in software release 5.5(2), see the "Resolved Caveats in Software Release 5.5(2)" section.

This section describes open caveats in software release 5.5(2):

• A minor hardware problem that causes the switching bus to time out occurs during the Power On Self Test on the supervisor engine if the configuration includes a single WS-X550x (Supervisor Engine II) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, and WS-X5237-FX-MT modules. This problem occurs during every boot-up.

  This problem applies only to switch configurations that consist of a single Supervisor Engine II (WS-X550x) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, or WS-X5237-FX-MT modules. Redundant configurations of Supervisor Engine II, Supervisor Engine IIG (WS-X5540), Supervisor Engine III (WS-X5530), and Supervisor Engine IIIG (WS-X5550) are not affected by this problem. (CSCdr27879)

• Ports on WS-X5225r, WS-X5234, and WS-X5201r stop transmitting unicast frames after a scheduled test of the packet buffers. The workaround is to disable and enable the affected port. (CSCdr50629)

• If you download a COPS policy containing a DSCP range to a Catalyst 5000 family switch, the COPS policy will fail to apply with the following error:

%COPS-3-APPLY_CAT5K_FAIL_DSCPRANGE: Applying COPS policy failed since DSCP policy range not set to full range 
 

  Policies not containing a full DSCP range are not supported on Catalyst 5000 family switches. (CSCdr23429)

• The Catalyst 5000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)

• If there no COPS policies are defined on the COPS server and a Catalyst 5000 family switch attempts to make a COPS DS connection to the COPS server, local QoS policies will be applied to, or the Catalyst 5000 family switch might reset.

  The workaround is to define COPS DS policies on the COPS server before attempting to connect devices to it. (CSCdr43041, CSCdr54688, CSCdr60174, CSCdr61165)

• The clear cops role command might cause the switch to reset with a TLB exception. (CSCdr59342)

• The set/clear cops domain-name commands might close Telnet sessions to the supervisor engine. When the set cops domain-name command is run over a Telnet session to the supervisor engine, the Telnet session might terminate with a "connection lost" message. This could also happen with commands such as set qos enable/disable or set/clear port cops roles if the QoS policy source is set to COPS. (CSCdr54368)

• If you change the MTU size of a Catalyst 5000 Token Ring port while the port is active, the port will block traffic.

  The workaround is to disable the port before changing the MTU size and enable the port when the change is completed. Alternatively, you can disable and enable the port after the change is made. (CSCdr59090)

• Under certain circumstances the WS-X5225R modules might report a second MAC address on a secure port with only one client attached.

  The workaround is to use the set port security mod_num maximum command to set the maximum to 2. (CSCdr37143)

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a nontrunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• Sometimes unplugging a cable from a port in older ATM modules (WS-X5156, WS-X5157, WS-X5158) does not remove the port from Spanning Tree Protocol when many VLANs are active on the switch. For this reason the show port command might indicate that the port is not connected, while the show spantree command will indicate that the port is in forwarding state.

Resolved Caveats in Software Release 5.5(2)

Note   For a description of open caveats in software release 5.5(2), see the "Open Caveats in Software Release 5.5(2)" section.

This section describes resolved caveats in software release 5.5(2):

• When large amounts of data display during a Telnet session, the Telnet session will sometimes hang. This situation usually happens if you have set the screen length to 0 and long show commands are being displayed or if you have cut and pasted several show commands onto the window.

  The workaround for this problem is to avoid using cut and paste in a Telnet session and setting the screen length to non-zero. This problem is resolved in software release 5.5(2). (CSCdp47176, CSCdr40184)

• If you enable and disable QoS repeatedly, then depending on the complexity of the QoS configuration, the switch might reset. This problem is resolved in software release 5.5(2). (CSCdr60464)

• The show cops pib command might cause the switch to reset if COPS is used.This problem is resolved in software release 5.5(2). (CSCdr52849)

• Frame Priority is set incorrectly from Ethernet to FDDI. A new command, set option fddi-user-pri, has been added to enable the priority field in the FDDI packets. This command requires FDDI software release 3.2(1a) and supervisor engine software release 5.5(2) or later. This problem is resolved in software release 5.5(2). (CSCdr42228)

• In Catalyst 5000 family switch software releases prior to 5.4(3) and 5.5(2) when you enable a SPAN session with inpkts and the SPAN source ports include a trunking port, if you turn trunking off and on or add VLANs to the trunking port, the system will not respond to pings through the SPAN destination port. This problem is resolved in software release 5.4(3) and 5.5(2).

• The SNMP OID dot3StatsFrameTooLong is not consistent with CLI. This problem is resolved in software release 5.5(2). (CSCdp77600)

• The FDDI dual-port module returns the ifIndex of the first port. This problem occurs in software release 4.5.7 and all earlier versions of 4.x software and in software release 5.5(1) and all earlier versions of 5.x software. This problem is resolved in software release 5.5(2). (CSCdp81474)

• The show top command incorrectly reports errors on trunk. This problem is resolved in software releases 4.5(7), 5.4(3), and 5.5(2).(CSCdr23551)

• When you disable a module with no NVRAM and then bring it back online, the administrative group used by the module ports might be shared with ports on another module. This situation could cause a system reset because bundling ports across modules is not supported. This problem is resolved in software release 5.4(3) and 5.5(2). (CSCdr25839)

• QoS classification does not work properly when an EtherChannel is disabled. This problem is resolved in software releases 5.4(3) and 5.5(2). (CSCdr28804)

• Broadcast/multicast suppression on modules that support hardware suppression does not filter out multicasts to DA FF FF FF FF FF 00. This problem is resolved in software releases 4.5(7), 5.4(3), and 5.5(2). (CSCdr30012)

• If the four ports on the WS-U5538 uplink module on the Supervisor Engine II G are grouped into two 2-port port channels, the second 2-port channel is configured incorrectly. This problem is resolved in software release 5.4(3) and 5.5(2). (CSCdr37866)

• For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration guidelines:

  • When enabling aggressive UDLD, the recommended default is 30 seconds.

  • We recommend that you do not use UDLD or aggressive UDLD with the ON - AUTO trunk combination. UDLD and aggressive UDLD can be used with any other valid trunk combination. This problem is resolved in software release 5.5(2). (CSCdr50206)

• The link light of the Supervisor Engine III G uplink port stays in amber. Output from the show spantree command shows the port is in forwarding mode and is able to pass traffic normally. This problem is resolved in software release 5.5(2). (CSCdr51720)

• The MLS-SE running software release 5.4(2) or 5.5(1) is unable to process FCP packets after the MLS configuration is removed and then configured again. This problem is resolved in software release 5.5(2). (CSCdr56070)

• On Catalyst 5000 family platforms, if you enable the protocol filtering feature when the switch is reset, IGMP snooping will not be able to process IGMP reports or other IGMP messages. The workaround is to disable protocol filtering before a switch is reset. Once you reset the switch with protocol filtering disabled, IGMP will work correctly. If you desire both features, the following workaround can be applied:

  1. Enable IGMP snooping

  2. Disable protocol filtering

  3. Reset the switch

  4. Enable protocol filtering

Note   In the above scenario, IGMP snooping will not work if the switch is reset a second time (since now both features are enabled).

  This problem is resolved in software releases 5.4(4), and 5.5(2). (CSCdr61567)

• The set spantree enable all command hangs the console. This problem is resolved in software release 5.5(2). (CSCdr66291)

• CGMP is not operational when the system is booted and CGMP is enabled in the NVRAM. This problem is resolved in software releases 5.5(2) and 5.4(4). (CSCdr67677)

• After upgrading from a pre-5.2(1) software release to release 5.2(1) and later, EtherChannel configurations might be broken, or two 2-port channels might be combined into one 4-port channel on the following modules:

  • WS-X5201 12 port 100BASE-FX MM (SC connector)

  • WS-X5203 12 port 10/100BASE-TX (RJ-45 connector)

  • WS-U5537 Primo: 4-port uplink card

  • WS-U5531 2 port 10/100BASE-TX

  • WS-U5533 2 port 100 BASE-FX (MMF)

  • WS-U5535 2 port 100 BASE-FX (SMF)

  • WS-X5410 Gigabit EtherChannel Switching Module

  This problem is resolved in software release 5.5(2) (CSCdr74463)

• The Catalyst 5000 family switch is unable to resolve DNS names if the DNS server has more than seven entries. This problem is resolved in software release 5.5(2). (CSCdr808353)

• Under certain conditions the CPU on the supervisor engine might stay at 90 percent or higher utilization. This situation might affect management and essential operation of the system. Switching of data traffic will be unaffected. This problem is resolved in software release 5.5(2). (CSCdr71528)

• If you Telnet to a Supervisor Engine III running software version 4.5 and then Telnet to another device, displaying a large list or file can cause the Telnet session to hang. This problem is resolved in software releases 5.4(4) and 5.5(2). (CSCdm79404)

• When large amounts of data display during a Telnet session, the Telnet session sometimes hangs. This situation usually happens if you have set the screen length to 0 and long show commands are being displayed or if you have cut and pasted several show commands onto the window.

  The workaround for this problem is to avoid using cut and paste in a Telnet session and setting the screen length to non-zero. This problem is resolved in software releases 5.4(4) and 5.5(2). (CSCdp47176, CSCdr40184)

• When cut-and-paste is used in an inbound or outbound Telnet session, some characters are missing and the Telnet session appears to hang. This problem is resolved in software releases 5.4(4) and 5.5(2). (CSCdr40184)

Open and Resolved Caveats in Software Release 5.5(1)

These sections describe the open and resolved caveats in supervisor engine software release 5.5(1):

• Open Caveats in Software Release 5.5(1)

• Resolved Caveats in Software Release 5.5(1)

Open Caveats in Software Release 5.5(1)

Note   For a description of caveats resolved in software release 5.5(1), see the "Resolved Caveats in Software Release 5.5(1)" section.

This section describes open caveats in software release 5.5(1):

• A minor hardware problem that causes the switching bus to time out occurs during the Power On Self Test on the supervisor engine if the configuration includes a single WS-X550x (Supervisor Engine II) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, and WS-X5237-FX-MT modules. This problem occurs during every boot-up.

  This problem applies only to switch configurations that consist of a single Supervisor Engine II (WS-X550x) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, or WS-X5237-FX-MT modules. Redundant configurations of Supervisor Engine II, Supervisor Engine IIG (WS-X5540), Supervisor Engine III (WS-X5530), and Supervisor Engine IIIG (WS-X5550) are not affected by this problem. (CSCdr27879)

• If a COPS policy containing a DSCP range is downloaded to a Catalyst 5000 family switch, the COPS policy will fail to apply with the following error:

%COPS-3-APPLY_CAT5K_FAIL_DSCPRANGE: Applying COPS policy failed since DSCP policy range not set to full range 
 

  Policies not containing a full DSCP range are not supported on Catalyst 5000 family switches.(CSCdr23429)

• The Catalyst 5000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends down a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)

• If there are no COPS policies defined on the COPS server and a Catalyst 5000 switch attempts to make a COPS DS connection to the COPS server, local QoS policies will be applied to, or the Catalyst 5000 switch might reset.

  The workaround is to define COPS DS policies on the COPS server before attempting to connect devices to it. (CSCdr43041, CSCdr54688, CSCdr60174, CSCdr61165)

• The clear cops role command might cause the switch to reset with a TLB exception.(CSCdr59342)

• The show cops pib command might cause the switch to reset if COPS is used. (CSCdr52849)

• The set/clear cops domain-name commands might close Telnet sessions to the supervisor engine. When the set cops domain-name command is run over a Telnet session to the supervisor engine, the Telnet session might get terminated with a "connection lost" message. This could also happen with commands such as set qos enable/disable or set/clear port cops roles if the QoS policy source is set to COPS. (CSCdr54368)

• If QoS is enabled and disabled repeatedly, then depending on the complexity of the QoS configuration, the switch might experience a reset. (CSCdr60464)

• If the MTU size of a Catalyst 5000 TokenRing port is changed while the port is active, the port will block traffic.

  The workaround is to disable the port before changing the MTU size and enable the port when the change is completed. Alternatively, the port can be disabled and enabled after the change is made.(CSCdr59090)

• For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration guidelines:

  • When enabling aggressive UDLD, the recommended default is 30 seconds.

  • We recommend that you do not use UDLD or aggressive UDLD with the ON - AUTO trunk combination. UDLD and aggressive UDLD can be used with any other valid trunk combination. (CSCdr50206)

• If the MTU size of a Catalyst 5000 TokenRing port is changed while the port is active, the port will block traffic.

  The workaround is to disable the port before changing the MTU size and enable the port when the change is completed. Alternatively, the port can be disabled and enabled after the change is made.(CSCdr59090)

• Under certain circumstances the WS-X5225R modules might report a second MAC address on a secure port with only one client attached.

  The workaround is to use the set port security mod_num maximum command to set the maximum to 2. (CSCdr37143)

• Ports on WS-X5225r, WS-X5234 and WS-X5201r stop transmitting unicast frames after a scheduled test of the packet buffers.

  The workaround is to disable and enable the affected port. (CSCdr50629)

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a non-trunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• If you telnet to a Supervisor Engine III running software version 4.5 and from there telnet to another device, displaying a large list or file can cause the telnet session to hang. (CSCdm79404)

• When large amounts of data are being displayed during a telnet session, the telnet session will sometimes hang. This usually happens if you have set the screen length to 0 and long show commands are being displayed or if you have cut and pasted several show commands onto the window.

Resolved Caveats in Software Release 5.5(1)

Note   For a description of open caveats in software release 5.5(1), see the "Open Caveats in Software Release 5.5(1)" section.

This section describes resolved caveats in software release 5.5(1):

• The WS-X5225R module fails to negotiate the duplex mode correctly after a system reset or power cycle with Sun workstations "Ultra 5." This problem is resolved in software release 4.5(7). (CSCdr03818)

• RSM TokenRing VLAN interfaces stay up when no ports are connected to VLANs. This problem is resolved in software release 5.5(1).(CSCdp90466)

• A link problem occurs between WS-X5225R and WS-X6248-RJ-45 when the port is at a fixed 10M speed and connected ports are disabled and enabled or the module or system is reset. The link remains up on WS-X5225R but down on WS-X6248-RJ-45. The workaround is to unplug and then plug the ports. This problem is resolved in software releases 5.4(2) and 5.5(1)

Open and Resolved Caveats in Software Release 5.4(4)

These sections describe the open and resolved caveats in supervisor engine software release 5.4(4):

• Open Caveats in Software Release 5.4(4)

• Resolved Caveats in Software Release 5.4(4)

Open Caveats in Software Release 5.4(4)

Note   For a description of caveats resolved in software release 5.4(4), see the "Resolved Caveats in Software Release 5.4(4)" section.

This section describes open caveats in software release 5.4(4):

• A minor hardware problem that causes the switching bus to time out occurs during the Power On Self Test on the supervisor engine if the configuration includes a single WS-X550x (Supervisor Engine II) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, and WS-X5237-FX-MT modules. This problem occurs during every boot-up.

  This problem applies only to switch configurations that consist of a single Supervisor Engine II (WS-X550x) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, or WS-X5237-FX-MT modules. Redundant configurations of Supervisor Engine II, Supervisor Engine IIG (WS-X5540), Supervisor Engine III (WS-X5530), and Supervisor Engine IIIG (WS-X5550) are not affected by this problem. (CSCdr27879)

• After upgrading from a pre-5.2(1) software release to release 5.2(1) and later, EtherChannel configurations might be broken, or two 2-port channels might change into one 4-port channel on the following modules:

  • WS-X5201 12 port 100BaseFX MM (SC connector)

  • WS-X5203 12 port 10/100BaseTX (RJ-45 connector)

  • WS-U5537 Primo: 4-port Uplink card

  • WS-U5531 2 port 10/100BASE-TX

  • WS-U5533 2 port 100 BASE-FX (MMF)

  • WS-U5535 2 port 100 BASE-FX (SMF)

  • WS-X5410 Gigabit EtherChannel Switching Module (CSCdr74463)

• If a COPS policy containing a DSCP range is downloaded to a Catalyst 5000 family switch, the COPS policy will fail to apply with the following error:

%COPS-3-APPLY_CAT5K_FAIL_DSCPRANGE: Applying COPS policy failed since DSCP policy range not set to full range 
 

  Policies not containing a full DSCP range are not supported on Catalyst 5000 family switches.(CSCdr23429)

• The set port qos and show port qos commands have extraneous output in the display. This is cosmetic and does not affect operation. (CSCdr74527)

• If you set port security on an RSM module (WS-X5302), the set port security command returns an incorrect port range. The RSM should deny the port security setting altogether. (CSCdr74496)

• The Catalyst 5000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends down a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)

• If there are no COPS policies defined on the COPS server and a Catalyst 5000 switch attempts to make a COPS DS connection to the COPS server, local QoS policies will be applied to, or the Catalyst 5000 switch might reset.

  The workaround is to define COPS DS policies on the COPS server before attempting to connect devices to it. (CSCdr43041, CSCdr61165)

• The clear cops role command might cause the switch to reset with a TLB exception.(CSCdr59342)

• The show cops pib command might cause the switch to reset if COPS is used. (CSCdr52849)

• If the MTU size of a Catalyst 5000 TokenRing port is changed while the port is active, the port will block traffic.

  The workaround is to disable the port before changing the MTU size and enable the port when the change is completed. Alternatively, the port can be disabled and enabled after the change is made.(CSCdr59090)

• If the MTU size of a Catalyst 5000 TokenRing port is changed while the port is active, the port will block traffic.

  The workaround is to disable the port before changing the MTU size and enable the port when the change is completed. Alternatively, the port can be disabled and enabled after the change is made.(CSCdr59090)

• Under certain circumstances the WS-X5225R modules might report a second MAC address on a secure port with only one client attached.

  The workaround is to use the set port security mod_num maximum command to set the maximum to 2. (CSCdr37143)

• Ports on WS-X5225r, WS-X5234 and WS-X5201r stop transmitting unicast frames after a scheduled test of the packet buffers.

  The workaround is to disable and enable the affected port. (CSCdr50629)

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a non-trunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• Sometimes unplugging a cable from a port in older ATM modules (WS-X5156, WS-X5157, WS-X5158) does not remove the port from Spanning Tree Protocol when many VLANs are active on the switch. For this reason the show port command might indicate that the port is not connected, while the show spantree command will indicate that the port is in forwarding state.

Resolved Caveats in Software Release 5.4(4)

Note   For a description of open caveats in software release 5.4(4), see the "Open Caveats in Software Release 5.4(4)" section

This section describes resolved caveats in software release 5.4(4):

• For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration guidelines:

  • When enabling aggressive UDLD, the recommended default is 30 seconds.

  • We recommend that you do not use UDLD or aggressive UDLD with the ON - AUTO trunk combination. UDLD and aggressive UDLD can be used with any other valid trunk combination. This problem is resolved in software release 5.4(4). (CSCdr50206)

• CGMP is not operational when the system boots up and CGMP is enabled in the NVRAM. The workaround is to disable and reenable CGMP using the CLI. This problem is resolved in software release 5.4(4). (CSCdr67677)

• On Catalyst 5000 platforms, if the protocol filtering feature is enabled when the switch is reset, IGMP Snooping will not be able to process IGMP reports or other IGMP messages. The workaround is to ensure that protocol filtering is disabled when a switch is reset. Once the switch is reset with protocol filtering disabled, IGMP will work correctly. If you desire both features, the following workaround can be applied:

  1. Enable IGMP Snooping

  2. Disable protocol filtering

  3. Reset the switch

  4. Enable protocol filtering

Note   Note, in the above scenario, IGMP Snooping will again not work if the switch is reset a second time (since now both features are enabled).

  This problem is resolved in software releases 5.4(4) and 5.5(2). (CSCdr61567)

• CGMP is not operational when the system is booted and CGMP is enabled in the NVRAM. This problem is resolved in software releases 5.5(2) and 5.4(4). (CSCdr67677)

• If you telnet to a Supervisor Engine III running software version 4.5 and from there telnet to another device, displaying a large list or file can cause the telnet session to hang. This problem is resolved in software releases 5.4(4) and 5.5(2). (CSCdm79404)

• When large amounts of data are being displayed during a telnet session, the telnet session will sometimes hang. This usually happens if you have set the screen length to 0 and long show commands are being displayed or if you have cut and pasted several show commands onto the window.

  The workaround for this problem is to avoid using cut and paste in a telnet session and setting the screen length to non-zero. This problem is resolved in software releases 5.4(4) and 5.5(2). (CSCdp47176, CSCdr40184)

• When cut-and-paste is used in an inbound or outbound Telnet session, some characters are missing and the Telnet session appears to hang. This problem is resolved in software releases 5.4(4) and 5.5(2). (CSCdr40184)

Open and Resolved Caveats in Software Release 5.4(3)

These sections describe the open and resolved caveats in supervisor engine software release 5.4(3):

• Open Caveats in Software Release 5.4(3)

• Resolved Caveats in Software Release 5.4(3)

Open Caveats in Software Release 5.4(3)

Note   For a description of caveats resolved in software release 5.4(3), see the "Resolved Caveats in Software Release 5.4(3)" section.

This section describes open caveats in software release 5.4(3):

• A minor hardware problem that causes the switching bus to time out occurs during the Power On Self Test on the supervisor engine if the configuration includes a single WS-X550x (Supervisor Engine II) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, and WS-X5237-FX-MT modules. This problem occurs during every boot-up.

  This problem applies only to switch configurations that consist of a single Supervisor Engine II (WS-X550x) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, or WS-X5237-FX-MT modules. Redundant configurations of Supervisor Engine II, Supervisor Engine IIG (WS-X5540), Supervisor Engine III (WS-X5530), and Supervisor Engine IIIG (WS-X5550) are not affected by this problem. (CSCdr27879)

• If a COPS policy containing a DSCP range is downloaded to a Catalyst 5000 family switch, the COPS policy will fail to apply with the following error:

%COPS-3-APPLY_CAT5K_FAIL_DSCPRANGE: Applying COPS policy failed since DSCP policy range not set to full range 
 

  Policies not containing a full DSCP range are not supported on Catalyst 5000 family switches.(CSCdr23429)

• The Catalyst 5000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends down a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)

• If there are no COPS policies defined on the COPS server and a Catalyst 5000 switch attempts to make a COPS DS connection to the COPS server, local QoS policies will be applied to, or the Catalyst 5000 switch might reset.

  The workaround is to define COPS DS policies on the COPS server before attempting to connect devices to it. (CSCdr43041, CSCdr54688, CSCdr60174, CSCdr61165)

• The clear cops role command might cause the switch to reset with a TLB exception.(CSCdr59342)

• The show cops pib command might cause the switch to reset if COPS is used. (CSCdr52849)

• The set/clear cops domain-name commands might close Telnet sessions to the supervisor engine. When the set cops domain-name command is run over a Telnet session to the supervisor engine, the Telnet session might get terminated with a "connection lost" message. This could also happen with commands such as set qos enable/disable or set/clear port cops roles if the QoS policy source is set to COPS. (CSCdr54368)

• If QoS is enabled and disabled repeatedly, then depending on the complexity of the QoS configuration, the switch might experience a reset. (CSCdr60464)

• If the MTU size of a Catalyst 5000 TokenRing port is changed while the port is active, the port will block traffic.

  The workaround is to disable the port before changing the MTU size and enable the port when the change is completed. Alternatively, the port can be disabled and enabled after the change is made.(CSCdr59090)

• For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration guidelines:

  • When enabling aggressive UDLD, the recommended default is 30 seconds.

  • We recommend that you do not use UDLD or aggressive UDLD with the ON - AUTO trunk combination. UDLD and aggressive UDLD can be used with any other valid trunk combination. (CSCdr50206)

• Under certain circumstances the WS-X5225R modules might report a second MAC address on a secure port with only one client attached.

  The workaround is to use the set port security mod_num maximum command to set the maximum to 2. (CSCdr37143)

• Ports on WS-X5225r, WS-X5234 and WS-X5201r stop transmitting unicast frames after a scheduled test of the packet buffers.

  The workaround is to disable and enable the affected port. (CSCdr50629)

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a non-trunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• If you telnet to a Supervisor Engine III running software version 4.5 and from there telnet to another device, displaying a large list or file can cause the telnet session to hang. (CSCdm79404)

• When large amounts of data are being displayed during a telnet session, the telnet session will sometimes hang. This usually happens if you have set the screen length to 0 and long show commands are being displayed or if you have cut and pasted several show commands onto the window.

Resolved Caveats in Software Release 5.4(3)

Note   For a description of open caveats in software release 5.4(3), see the "Open Caveats in Software Release 5.4(3)" section.

This section describes resolved caveats in software release 5.4(3):

• The show top command incorrectly reports errors on trunk. This problem is resolved in software releases 4.5(7), 5.4(3), and 5.5(2).(CSCdr23551)

• UplinkFast transitions and Serial Communications Protocol (SCP) messages are sent in incorrect order. During an UplinkFast transition, this situation might cause both the old and new root ports to be in FORWARDING state, creating the potential for Spanning Tree loops. This problem is resolved in software release 5.4(3). (CSCdr39668)

• If the SNMP PDU size is greater than 1300 bytes, memory corruption occurs and the system might reset. This problem is resolved in software release 5.4(3). (CSCdr33785)

• TACACS+ allows users with privilege level 1 access to enable mode if their passwords are accepted. This problem is resolved in software release 5.4(3). (CSCdr45221)

• When routers are in PIMV1V2 mode, they send odd-length PIM packets. The IGMP Snooping checksum algorithm calculates the checksum incorrectly for odd-length packets and drops them, causing routers to time out their PIM neighbors. This problem is resolved in software release 5.4(3). (CSCdr25218)

• In a shared-media environment, the UDLD detection mechanism may get stuck if many linkup and linkdown events occur concurrently. This problem is resolved in software release 5.4(3). (CSCdp97787)

• UDLD enhancements, including an aggressive UDLD mode, have been added to software release 5.3(4) and later releases. For more information, refer to the "New Features for Supervisor Engine Software Release 5.4" section. This problem is resolved in software release 5.4(3). (CSCdp69036)

• After a system reset under traffic, the switch initializes to VLAN 0 and Spanning Tree Protocol sets the ports to Forwarding state. Due to a short delay before the correct VLAN is set, packets might come in with VLAN 0 learned, which causes VLAN 0 CAM entries to be created and isolates the ports from connected devices. This problem is resolved in software release 5.4(3). (CSCdr21314)

• When you upgrade from 5.4(1) or 5.4(2) to 5.4(3), 5.5(1) and newer software releases, the local snmpEngineID will automatically be converted from 10 bytes to 12 bytes if there is no local user configured in usmUserTable. If there are any local users in the usmUserTable, the 10 byte snmpEngineID will still remain unless you do one of the following:

  • Delete all the local users from usmUserTable and then reset the system.

  • Enter the clear config snmp or clear config all commands.

  This problem is resolved in software release 5.4(3). (CSCdr22335)

• The clear config all command does not clear a port's UDLD configuration. For example, UDLD and aggressive UDLD are enabled on port 3/3. After clearing the system configuration and enabling system wide UDLD, port 3/3 UDLD shows enabled (show udld port 3/3). The clear config all command should have set the port UDLD to disable. This problem is resolved in software release 5.4(3). (CSCdr35885)

• When an EtherChannel is configured between two switches and the Spanning Tree Protocol is disabled, under some circumstances (such as a reboot or the presence of a lot of broadcasts on the sc0 VLAN), the EtherChannel might take a long time to come up. The workaround is to enable the Spanning Tree Protocol. This problem is resolved in software release 5.4(3). (CSCdr16565)

• Under certain conditions, after closing a Telnet session, the switch still shows the session as open. Using the disconnect ip_address command to disconnect a user and manually close the session does not close the session. This problem is fixed in software release 5.4(3). (CSCdp33649)

• In certain situations, incoming traffic is missing on the SPAN port when spanning from WS-X5012A module to WS-X5011 module or from WS-X5011 to WS-X5224 module using a different bus. This problem is resolved in software release 5.4(3). (CSCdr22775)

• CAM entries for dynamic VLAN ports get corrupted during the aging time. As a result, the port connections are lost until the entries are relearned. This problem is resolved in software release 5.4(3). (CSCdr27492)

• The show TopN utility reports errors on trunk ports when no errors occurred. This problem is resolved in software release 5.4(3). (CSCdr23551)

• QoS classification does not work properly when an EtherChannel is disabled. This problem is resolved in software releases 5.4(3) and 5.5(2). (CSCdr28804)

• Broadcast/multicast suppression on modules that support hardware suppression does not filter out Multicasts to DA FF FF FF FF FF 00. This problem is resolved in software releases 4.5(7), 5.4(3), and 5.5(2). (CSCdr30012)

• When ISL trunking is enabled on a TokenRing module, BPDUs are dropped because the minimum size for ISL frames is set to 72 bytes while the minimum size for TokenRing frames is 58 bytes. This problem is resolved in software release 5.4(3). (CSCdr29164)

• When a module with no NVRAM is disabled and then brought back online, the administrative group used by the module ports might be shared with ports on another module. This could cause a system reset since bundling ports across modules is not supported. This problem is resolved in software release 5.4(3) and 5.5(2). (CSCdr25839)

• Repeatedly removing and creating an entry in cseStaticExtRouterTable using SNMP causes a system reset. This problem is resolved in software release 5.4(3). (CSCdr40101)

• A system reset might occur during SNMP polling of the switch ports (SWPoll64bCnt) if a module goes on- and off-line frequently. This problem is resolved in software release 5.4(3). (CSCdr41609)

• For the WS-U5534 uplink modules, the etherStatsOversizePkts RMON counters incorrectly reports increases for trunk links. This problem is resolved in software release 5.4(3). (CSCdr38895)

• The show mls and show mls statistics ipx rp commands show that the switch has active IPX shortcut entries, but the show mls entry ipx and show mls entry ipx destination ipx_addr commands do not show the shortcut entries. This problem is resolved in software release 5.4(3). (CSCdr18182)

• If the four ports on the WS-U5538 uplink module on the Supervisor Engine II G are grouped into two 2-port port channels, the second 2-port channel is configured incorrectly. This problem is resolved in software release 5.4(3) and 5.5(2). (CSCdr37866)

• In software release 5.4(1) and later, for authentication retries, TACACS+ prompts for a password only but not for a user name. This problem is resolved in software release 5.4(3). (CSCdr44356)

Open and Resolved Caveats in Software Release 5.4(2)

These sections describe the open and resolved caveats in supervisor engine software release 5.4(2):

• Open Caveats in Software Release 5.4(2)

• Resolved Caveats in Software Release 5.4(2)

Open Caveats in Software Release 5.4(2)

Note   For a description of caveats resolved in software release 5.4(2), see the "Resolved Caveats in Software Release 5.4(2)" section.

This section describes open caveats in software release 5.4(2):

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• A minor hardware problem that causes the switching bus to time out occurs during the Power On Self Test on the supervisor engine if the configuration includes a single WS-X550x (Supervisor Engine II) and any combination of the WS-X5234-RJ45, WS-X5236-FX-MT, and WS-X5237-FX-MT modules. This problem occurs during every boot-up.

• The link light of the Supervisor Engine III G uplink port stays in amber. Output from the show spantree command shows the port is in forwarding mode and is able to pass traffic normally. (CSCdr51720)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a non-trunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• If you telnet to a Supervisor Engine III running software version 4.5 and from there telnet to another device, displaying a large list or file can cause the telnet session to hang. (CSCdm79404)

• When large amounts of data are being displayed during a telnet session, the telnet session will sometimes hang. This usually happens if you have set the screen length to 0 and long show commands are being displayed or if you have cut and pasted several show commands onto the window.

Resolved Caveats in Software Release 5.4(2)

Note   For a description of open caveats in software release 5.4(2), see the "Open Caveats in Software Release 5.4(2)" section.

This section describes resolved caveats in software release 5.4(2):

• Packets are not marked with the correct CoS value when they exit a port which has EtherChannel turned on.This problem is resolved in release 5.4(2). (CSCdp71805)

• TACACS+ allows users with a privilege level of 1 access to enable mode if their password is accepted. This problem is resolved in software release 5.4(3).

• If a VTP client is connected to a VTP server by just one trunk and the VTP client is reset, the link on the client side may incorrectly be disabled. This problem is resolved in release 5.4(2). (CSCdp89198)

• When a Catalyst 5000 family switch with a FDDI switching module installed resets, the FDDI module does not forward traffic if the FDDI VLAN is not the same as the native VLAN. This problem is resolved in release 5.4(2). (CSCdp68378)

• In a dual supervisor engine configuration, the ports on the standby supervisor engine fail to come up when they are disabled and then enabled using the set standbyports disable/enable commandsh.This problem is resolved in release 5.4(2). (CSCdp49323)

• On the Catalyst supervisor engine II and IIG, GetNextUnicastEarlEntry does not return module and port number for Fast EtherChannel ports to the dot1dTpFdbTable.This problem is resolved in release 5.4(2). (CSCdp71680)

• When the logging level is changed over a telnet session, the change does not take effect until the switch is reloaded. This problem is resolved in release 5.4(2). (CSCdp91935)

• The ifOutUcastPkts and ifInUcastPkts counter sometimes decrements instead of increments on 10/100 Ethernet ports. This problem is resolved in software release 5.4(2). (CSCdp71615)

• In WS-C5500 and WS-C5509 chassis with redundant WS-X5530 supervisors running software versions 5.2(1) or 5.4(1) and multiple WS-X5239-RJ21 Ethernet switching modules, the Ethernet switching modules may become non-functional after a system reset or power cycle. This problem is resolved in software release 5.4(2). (CSCdp95858)

• On Catalyst 5000 family switches running software versions prior to 5.4(2), the administrative source ports in the show span command display disappears if a module is removed. Once the module is reinserted, the ports reappear in the show span display. This problem is resolved in 5.4(2). (CSCdp75909)

• RGMP does not use an official IANA address. This problem is resolved in 5.4(2). (CSCdr05497)

• The Catalyst 5000 family switches do not support PIB version 0.6. As a result, error messages may display when certain unsupported policies are downloaded. This problem is resolved in software release 5.4(2). (CSCdp92562)

• Ports remain in blocking state due to a Spanning Tree Protocol error, causing VLANs to become isolated. This problem is resolved in software release 5.4(2) (CSCdp93234)

• The SNMP getone and getnext commands produce different values for the same dot1dTpFdbPort object when they retrieve LANE module port index information from the CAM table. This problem is resolved in software release 5.4(2). (CSCdp80044)

• Use the following command sequence to avoid Spanning Tree errors on EtherChannel trunks configured with both the on channelling keyword and the nonegotiate trunking keyword:

set port channel <mod/port> on
set trunk <mod/port> nonegotiate

  Do not use the set port channel module_num/port_num mode on command. This problem is resolved in release 5.4(2). (CSCdp85804)

• Summertime start and end dates are not calculated correctly when using the generic summertime rule if the start and end rules span across year-end (southern hemisphere rule). The workaround is to use a fixed date for the southern hemisphere. This problem is resolved in release 5.4(2). (CSCdp91755)

• A Catalyst switch configured with two IIIG supervisor engines (ws-x5550) with RSFC cards forwards packets larger than 1454 bytes after a redundancy failover.This problem is resolved in release 5.4(2).(CSCdp92661)

• Auto-recovery operation for ASIC may function incorrectly. This problem is resolved in release 5.4(2). (CSCdr14225)

• The WS-X5225R module fails to negotiate the duplex mode correctly after a system reset or power cycle with Sun workstations "Ultra 5." This problem is resolved in release 5.4(2). (CSCdr03818)

• When upgrading from software version 4.x to versions prior to 5.4(2) with RMON history entries installed, the system may reset. This problem is resolved in release 5.4(2). (CSCdr01233)

• The clear cops command is not recognized in the 5.4(1) software release on the WS-X5540 and WS-X5550 supervisors engines. This problem is resolved in release 5.4(2). (CSCdr09635)

• Attempts to telnet out of a Supervisor Engine IIIG from within a telnet session causes the switch to reset. This problem is resolved in release 5.4(2). (CSCdp96050)

Open and Resolved Caveats in Software Release 5.4(1)

These sections describe the open and resolved caveats in supervisor engine software release 5.4(1):

• Open Caveats in Software Release 5.4(1)

• Resolved Caveats in Software Release 5.4(1)

Open Caveats in Software Release 5.4(1)

Note   For a description of caveats resolved in software release 5.4(1), see the "Resolved Caveats in Software Release 5.4(1)" section.

This section describes open caveats in software release 5.4(1):

• Use the following command sequence to avoid Spanning Tree errors on EtherChannel trunks configured with both the on channelling keyword and the nonegotiate trunking keyword:

set port channel <mod/port> on
set trunk <mod/port> nonegotiate

  Do not use the set port channel module_num/port_num mode on command. (CSCdp85804)

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• If you power cycle or reset a chassis with redundant Supervisor Engine II G modules and two or more Catalyst 5000 family ATM modules with hardware version 1.3, the supervisor engine in slot 2 might report a "minor hardware failure." The workaround is to reset the supervisor engine in slot 2. (CSCdm33598)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a non-trunk port and an error message might be generated. When you reconnect the link, the trunk might not reform. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• On Catalyst 5500 switches with a Supervisor Engine III and NFFC, to avoid a broadcast storm, do not insert a WS-X5030 Token Ring module in slots 9 through 12 while the switch is in service. Reset the switch after inserting a WS-X5030 Token Ring module in slots 9 through 12. (CSCdk67305)

• Summertime start and end dates are not calculated correctly when using the generic summertime rule if the start and end rules span across year-end (southern hemisphere rule). The workaround is to use a fixed date for the southern hemisphere. (CSCdp91755)

Resolved Caveats in Software Release 5.4(1)

Note   For a description of open caveats in software release 5.4(1), see the "Open Caveats in Software Release 5.4(1)" section.

This section describes resolved caveats in software release 5.4(1):

• If you set the in-band (sc0) interface IP address to 0.0.0.0 (or if you clear the switch configuration using the clear config all command), the sc0 entry in the switch IP routing table might be replaced by a second entry for the SLIP (sl0) interface if the sl0 IP address is set to 0.0.0.0 (the default). The workaround is to set the sl0 interface IP address to a value other than 0.0.0.0. This problem is resolved in release 5.4(1). (CSCdm78466) (CSCdm78813)

• In some cases, the spanning-tree port-VLAN cost for a port might not change when you change the overall spanning-tree port cost for that port. In addition, if you create an EtherChannel from ports experiencing this problem, the port-VLAN costs (not the port costs) for the member ports are used to calculate the EtherChannel port cost, which might result in an unexpected EtherChannel cost. The workaround is to set the correct port-VLAN cost manually for the ports using the set spantree portvlancost command. This problem is resolved in release 5.4(1). (CSCdp01070)

Open and Resolved Caveats in Software Release 5.2(4)

These sections describe the open and resolved caveats in supervisor engine software release 5.2(4):

• Open Caveats in Software Release 5.2(4)

• Resolved Caveats in Software Release 5.2(4)

Open Caveats in Software Release 5.2(4)

Note   For a description of caveats resolved in software release 5.2(4), see the "Resolved Caveats in Software Release 5.2(4)" section.

This section describes open caveats in software release 5.2(4):

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• If you power cycle or reset a chassis with redundant Supervisor Engine II G modules and two or more Catalyst 5000 family ATM modules with hardware version 1.3, the supervisor engine in slot 2 might report a "minor hardware failure." The workaround is to reset the supervisor engine in slot 2. (CSCdm33598)

• In some cases, the spanning-tree port-VLAN cost for a port might not change when you change the overall spanning-tree port cost for that port. In addition, if you create an EtherChannel from ports experiencing this problem, the port-VLAN costs (not the port costs) for the member ports are used to calculate the EtherChannel port cost, which might result in an unexpected EtherChannel cost. The workaround is to set the correct port-VLAN cost manually for the ports using the set spantree portvlancost command. This problem is resolved in release 5.4(1). (CSCdp01070)

• If you set the in-band (sc0) interface IP address to 0.0.0.0 (or if you clear the switch configuration using the clear config all command), the sc0 entry in the switch IP routing table might be replaced by a second entry for the SLIP (sl0) interface if the sl0 IP address is set to 0.0.0.0 (the default). The workaround is to set the sl0 interface IP address to a value other than 0.0.0.0. This problem is resolved in release 5.4(1). (CSCdm78466) (CSCdm78813)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a non-trunk port and an error message might be generated. When you reconnect the link, the trunk might not re-form. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• On Catalyst 5500 switches with a Supervisor Engine III and NFFC, to avoid a broadcast storm, do not insert a WS-X5030 Token Ring module in slots 9 through 12 while the switch is in service. Reset the switch after inserting a WS-X5030 Token Ring module in slots 9 through 12. (CSCdk67305)

Resolved Caveats in Software Release 5.2(4)

Note   For a description of open caveats in software release 5.2(4), see the "Open Caveats in Software Release 5.2(4)" section.

This section describes resolved caveats in software release 5.2(4):

• Occasionally, when MLS detects a host move, the show mls entry command might display no entries. This problem is resolved in software release 5.2(4). (CSCdp39218)

• Configuring the RMON alarm for the ATM module-related MIB object might cause Catalyst 5000 family switches to stop responding to SNMP requests. This problem is resolved in software release 5.2(4). (CSCdp48766)

• When using VMPS on ports connected to routers running HSRP that are not configured to use the manufacturer-assigned MAC address, the switch might reset when the active HSRP router is being shut down. This problem is resolved in software release 5.2(4). (CSCdp51787)

• Occasionally, when a switch is reset, it may receive a TLB exception and reset again. This problem is resolved in software release 5.2(4). (CSCdm30574)

• The switch might reset following a show configuration command if the login banner, set via SNMP, is longer than 200 characters without a carriage return. This problem is resolved in software release 5.2(4). (CSCdp65405)

• Systems with a high level of SNMP activity may receive out of memory messages. This problem is resolved in software release 5.2(4). (CSCdp58575)

• Occasionally when a port is enabled, inline rewrite is not enabled. This problem is resolved in software release 5.2(4). (CSCdp27228)

• VTP updates received through other trunks might enable disabled trunks that have a default VLAN other than 1. This problem is resolved in software release 5.2(4). (CSCdp39638)

• A TLB exception might occur if the module status polling process attempts to access an uninitialized memory address. This problem is resolved in software release 5.2(4). (CSCdp60336)

• The Kerberos Client functionality on Cisco products, when configured to provide access control, will fail in a deny state when the expiration of the credentials is in January or February of leap years, which denies any Kerberos-authenticated access. This problem is resolved in software release 5.2(4). (CSCdp61840)

• A switch configured to use DHCP might reset if you enter a clear configuration command before the IP address is received and then enter a set interface sc0 dhcp renew command before the port has entered the spanning tree forwarding state and you then assign a static IP address. Assigning a static IP address kills the DHCP process, but some internal DHCP protocols are not freed, which leaves more than one IP protocol stack loaded and causes a reset. This problem is resolved in software release 5.2(4). (CSCdp34956)

• The link speed detected by SNMP does not change when a port is disconnected. This problem is resolved in software release 5.2(4). (CSCdp42337)

• After entry of a set int sc0 dhcp release command, the supervisor engine might not renew with DHCP and receive an IP address. This problem is resolved in software release 5.2(4). (CSCdp32813)

• (Description to be provided.) This problem is resolved in software release 5.2(4). (CSCdp37448)

• When a port channel is configured between the Catalyst 6000 and Catalyst 5000 family switches, the pings between the switches fail if more than 2 ports are added and if the CAM table is cleared when the pings are in progress. This problem is resolved in software release 5.2(4). (CSCdp35639)

• In software versions 4.5(3) and 4.5(4), when a VLAN designation is changed and portfast is enabled on a port on the WS-X5010, new MAC entries are not learned until the port is disabled and re-enabled. This problem is resolved in software release 5.2(4). (CSCdp38670)

• The SPANTREE-3-PORTDEL_FAILNOTFOUND message severity level needs to be changed to 7: debugging level. This problem is resolved in software release 5.2(4). (CSCdp50989)

• When upgrading from 4.4(1) to 5.2(2), two 2-port channels may be merged into one 4-port channel if the two 2-port channels fall into the same four port boundary. When adjacent two 2-port channels are merged, a spanning tree loop occurs, and the affected 4 ports enter the errdisable state. This problem is resolved in software release 5.2(4). (CSCdp44194)

• The system clock might stop. The time and date stamp then remains unchanged and appears on all subsequent system log events and show time output. This problem is resolved in software release 5.2(4). (CSCdp35421)

• In a Catalyst 5000 family switch with Supervisor Engine IIIG, some modules may not respond when a show module command is issued and then the non-responding modules reset. This problem is resolved in software release 5.2(4). (CSCdm29095)

• The switch might reset if a module is removed during redundant supervisor engine switchover. This problem is resolved in software release 5.2(4). (CSCdp59829)

• Entering a telnet command might cause the switch to reset. This problem is resolved in software release 5.2(4). (CSCdp75537)

• Permanent CAM entries created by MPOA are not removed when an ATM module is removed or reset. This problem is resolved in software release 5.2(4). (CSCdm94115)

• Following cable disconnection and reconnection, URT-supported NT workstations might not be able to login. This problem is resolved in software release 5.2(4). (CSCdp50922)

• When MLS is reenabled, QoS entries established based on the MLS-RP's MAC address are not removed. This problem is resolved in software release 5.2(4). (CSCdp73196)

Open and Resolved Caveats in Software Release 5.2(3)

These sections describe the open and resolved caveats in supervisor engine software release 5.2(3):

• Open Caveats in Software Release 5.2(3)

• Resolved Caveats in Software Release 5.2(3)

Open Caveats in Software Release 5.2(3)

Note   For a description of caveats resolved in software release 5.2(3), see the "Resolved Caveats in Software Release 5.2(3)" section.

This section describes open caveats in software release 5.2(3):

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• If you power cycle or reset a chassis with redundant Supervisor Engine II G modules and two or more Catalyst 5000 family ATM modules with hardware version 1.3, the supervisor engine in slot 2 might report a "minor hardware failure." The workaround is to reset the supervisor engine in slot 2. (CSCdm33598)

• In some cases, the spanning-tree port-VLAN cost for a port might not change when you change the overall spanning-tree port cost for that port. In addition, if you create an EtherChannel from ports experiencing this problem, the port-VLAN costs (not the port costs) for the member ports are used to calculate the EtherChannel port cost, which might result in an unexpected EtherChannel cost. The workaround is to set the correct port-VLAN cost manually for the ports using the set spantree portvlancost command. This problem is resolved in release 5.4(1). (CSCdp01070)

• If you set the in-band (sc0) interface IP address to 0.0.0.0 (or if you clear the switch configuration using the clear config all command), the sc0 entry in the switch IP routing table might be replaced by a second entry for the SLIP (sl0) interface if the sl0 IP address is set to 0.0.0.0 (the default). The workaround is to set the sl0 interface IP address to a value other than 0.0.0.0. This problem is resolved in release 5.4(1). (CSCdm78466) (CSCdm78813)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a non-trunk port and an error message might be generated. When you reconnect the link, the trunk might not re-form. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• On Catalyst 5500 switches with a Supervisor Engine III and NFFC, to avoid a broadcast storm, do not insert a WS-X5030 Token Ring module in slots 9 through 12 while the switch is in service. Reset the switch after inserting a WS-X5030 Token Ring module in slots 9 through 12. (CSCdk67305)

Resolved Caveats in Software Release 5.2(3)

Note   For a description of open caveats in software release 5.2(3), see the "Open Caveats in Software Release 5.2(3)" section.

This section describes caveats resolved in software release 5.2(3):

• When upgrading from any Catalyst 5000 4.x software release to software release 5.2(2), the SNMP trap receiver conversion causes SNMP trap receiver information to be lost and replaced with 10 incorrect SNMP trap receivers of 0.0.0.0. The workaround is to issue a clear snmp trap all command and reenter the valid SNMP trap receivers. This problem is resolved in software release 5.2(3) (CSCdp44206)

Open and Resolved Caveats in Software Release 5.2(2)

These sections describe the open and resolved caveats in supervisor engine software release 5.2(2):

• Open Caveats in Software Release 5.2(2)

• Resolved Caveats in Software Release 5.2(2)

Open Caveats in Software Release 5.2(2)

Note   For a description of caveats resolved in software release 5.2(2), see the "Resolved Caveats in Software Release 5.2(2)" section.

This section describes open caveats in software release 5.2(2):

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• If you power cycle or reset a chassis with redundant Supervisor Engine II G modules and two or more Catalyst 5000 family ATM modules with hardware version 1.3, the supervisor engine in slot 2 might report a "minor hardware failure." The workaround is to reset the supervisor engine in slot 2. (CSCdm33598)

• In some cases, the spanning-tree port-VLAN cost for a port might not change when you change the overall spanning-tree port cost for that port. In addition, if you create an EtherChannel from ports experiencing this problem, the port-VLAN costs (not the port costs) for the member ports are used to calculate the EtherChannel port cost, which might result in an unexpected EtherChannel cost. The workaround is to set the correct port-VLAN cost manually for the ports using the set spantree portvlancost command. This problem is resolved in release 5.4(1). (CSCdp01070)

• If you set the in-band (sc0) interface IP address to 0.0.0.0 (or if you clear the switch configuration using the clear config all command), the sc0 entry in the switch IP routing table might be replaced by a second entry for the SLIP (sl0) interface if the sl0 IP address is set to 0.0.0.0 (the default). The workaround is to set the sl0 interface IP address to a value other than 0.0.0.0. This problem is resolved in release 5.4(1). (CSCdm78466) (CSCdm78813)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a non-trunk port and an error message might be generated. When you reconnect the link, the trunk might not re-form. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• On Catalyst 5500 switches with a Supervisor Engine III and NFFC, to avoid a broadcast storm, do not insert a WS-X5030 Token Ring module in slots 9 through 12 while the switch is in service. Reset the switch after inserting a WS-X5030 Token Ring module in slots 9 through 12. (CSCdk67305)

Resolved Caveats in Software Release 5.2(2)

Note   For a description of open caveats in software release 5.2(2), see the "Open Caveats in Software Release 5.2(2)" section.

This section describes caveats resolved in software release 5.2(2):

• When the backup concentrator relay function (CRF) is configured on the Catalyst 5000 supervisor module, it is stored in the NVRAM, but when you enter a copy config command, the CRF configuration parameters do not get copied with the rest of the switch configuration. If the switch is power-cycled, the backup CRF configuration is retained in the NVRAM. This problem is resolved in software release 5.2(2). (CSCdp38648)

• RMON rising and falling threshold traps are not generated when the alarm variable is set to an RMON object with an instance that is not equal to (ifIndex-1)/16. This problem is resolved in software release 5.2(2). (CSCdm76987)

• Trunk connections may go up and down when the channel mode is ON and the trunk mode is non-negotiate. The workaround for this problem is to ensure that the ports are trunking before the channel is formed. This problem is resolved in software release 5.2(2). (CSCdp32703)

• Under certain conditions, when you perform a MIB walk on the switch, this message might appear on the console if you poll the cpmProcessTable object:

%SYS-3-LLC_SCPSTATNOTOK:Send scp message to module 1 status 255
 

  This problem does not affect the normal operation of the switch, and the correct values for the cpmProcessTable object are returned. This problem is resolved in software release 5.2(2). (CSCdm91242)

Entry not cleared

 

  This problem is resolved in software release 5.2(2). (CSCdm76686) (CSCdk48841)

• If you configure a Kerberos server using the set kerberos server kerberos-realm {hostname | ip-address} port-number command without specifying the port number, the Kerberized Telnet session fails. The workaround is to specify the port number. This problem is resolved in software release 5.2(2). (CSCdm83742)

• In some cases, power cycling or resetting the switch erases permanent CAM entries. The correct behavior is that permanent entries remain in the CAM through a power cycle or system reset. The workaround is to reenter permanent entries after power cycling or resetting the switch. This problem is resolved in software release 5.2(2). (CSCdm25544)

• The VTP client is unable to learn the ELAN names on an ATM LANE module connecting a Catalyst 5000 switch to an ATM backbone. This problem is resolved in software release 5.2(2). (CSCdp29056)

• Occasionally, no IP connectivity occurs between the Catalyst 5000 supervisor and a Catalyst 3900 over Token Ring ISL trunk. This problem is resolved in software release 5.2(2). (CSCdp07427)

• With the Multiple Default Gateway (MDG) feature, the switch pings its default gateway(s) every 10 seconds to verify they are still available. The set feature mdg enable/disable command is needed to turn off this feature if users do not want to have their switches sending out pings every 10 seconds. This problem is resolved in software release 5.2(2). (CSCdm69920)

• Multicast and broadcast related counters are not cleared correctly after the clear counter command is issued. This problem is resolved in software release 5.2(2). (CSCdm94354)

• The switch may reboot if the "help" keyword is abbreviated in the command line. This problem is resolved in software release 5.2(2). (CSCdp18798)

• Kerberos authentication lookups fail on me1 when the me1 address is not the same as the sc0 address. This problem is resolved in software release 5.2(2). (CSCdm82831)

• The supervisor software incorrectly discards Token Ring source-routed frames from the RSM destined to Token Ring ports on the chassis. This problem is resolved in software release 5.2(2). (CSCdp21155)

• In some cases, the Supervisor Engine III G fails to download a software image. This problem is resolved in software release 5.2(2). (CSCdp25702)

• A Catalyst 5509 switch with redundant supervisor (WS-X5550) engines erroneously shows that EARL tests failed. This problem is resolved in software release 5.2(2). (CSCdp21580)

• The Token Ring module is slow to recover from a supervisor engine switchover. This problem is resolved in software release 5.2(2). (CSCdp27114)

• When VTP v2 is enabled and port channels are configured and the port channel status is changed by resetting the module or disabling/reenabling the port channel, the RSM becomes unreachable. This problem is resolved in software release 5.2(2). (CSCdp28707)

• Ports on the standby supervisor engine are not included in the ifIndex-related MIB tables. The workaround is to reset the standby supervisor engine. This problem is resolved in software release 5.2(2). (CSCdm30287)

• When two Supervisor Engine III Gs are used, the active supervisor engine does not see the GBICs on the standby module, although ports stay fully operational. When the standby supervisor engine becomes active, it recognizes its own GBIC but is unable to see GBICs on the standby supervisor engine. This problem is resolved in software release 5.2(2). (CSCdp30570)

• If you set the spanning-tree port cost of an EtherChannel port bundle using the set channel cost command, the configured value might change if you reset the switch or the module on which the channel is configured. This problem is resolved in software release 5.2(2). (CSCdm89834)

• In some cases, if you change the SPAN source port of a SPAN session from a single switch port to an EtherChannel port using the same destination SPAN port, the following error message is displayed on the console:

 Invalid port number in SPAN source ports 
 

  However, all of the ports in the EtherChannel are set correctly as the SPAN source ports and the traffic on the EtherChannel is mirrored properly to the SPAN destination port. This problem is resolved in software release 5.2(2). (CSCdp00873)

1999 Aug 24 17:15:51 EDT -04:00 %PRUNING-4-NOBUF:no mbuf to build join 
 

  This message indicates that a protocol failed to find a memory buffer to perform an operation. The workaround is to configure the corresponding VLANs on the supervisor engine. The syslog messages should stop within a few minutes. This problem is resolved in software release 5.2(2). (CSCdm30975)

• Communication using SLIP on the console port of a Supervisor Engine II might fail. This problem is resolved in software release 5.2(2). (CSCdm45445)

• In certain redundant network topologies, if a spanning-tree topology change (route flap) causes the IP MLS entry for an HSRP router interface to be removed from the MLS cache, the entry might not be added back to the MLS cache properly when the link comes back up. This problem is resolved in software release 5.2(2). (CSCdm90511)

• If you configure a permanent multicast CAM entry for multiple ports and you then change the port-VLAN membership of two or more of those ports, the switch might reset. Only the first port specified in the list retains the new VLAN membership, and that port is removed from the permanent CAM entry. The workaround is to assign each port to the new VLAN individually. This problem is resolved in software release 5.2(2). (CSCdm91321)

• In a switch with redundant supervisor engines and 24-port 10/100BaseTX RJ-45 (WS-X5224) modules, if a port on a WS-X5224 module shuts down due to port security violation, the port will not recover the link to connected devices after a switchover from the active to the standby supervisor engine. In addition, if you disconnect the cables on the affected port, the Link LED remains green and the link is not dropped. The workaround is to disable and reenable the affected port. This problem is resolved in software release 5.2(2). (CSCdp08791)

Open and Resolved Caveats in Software Release 5.2(1)

These sections describe the open and resolved caveats in supervisor engine software release 5.2(1):

• Open Caveats in Software Release 5.2(1)

• Resolved Caveats in Software Release 5.2(1)

Open Caveats in Software Release 5.2(1)

Note   For a description of caveats resolved in software release 5.2(1), see the "Resolved Caveats in Software Release 5.2(1)" section.

This section describes open caveats in software release 5.2(1):

• In some cases, power cycling or resetting the switch erases permanent CAM entries. The correct behavior is that permanent entries remain in the CAM through a power cycle or system reset. The workaround is to reenter permanent entries after power cycling or resetting the switch. This problem is resolved in software release 5.2(2). (CSCdm25544)

• You cannot clear a specific user-configured dynamic CAM entry using the clear cam mac_addr command. The workaround is to clear all dynamic CAM entries using the clear cam dynamic command, or wait for the entry to age out (if no traffic from that address is received by the switch). This problem is resolved in software release 5.2(2). (CSCdk48841)

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• If you power cycle or reset a chassis with redundant Supervisor Engine II G modules and two or more Catalyst 5000 family ATM modules with hardware version 1.3, the supervisor engine in slot 2 might report a "minor hardware failure." The workaround is to reset the supervisor engine in slot 2. (CSCdm33598)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a non-trunk port and an error message might be generated. When you reconnect the link, the trunk might not re-form. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• You cannot clear a specific user-configured dynamic CAM entry using the clear cam mac_addr command. There is no workaround. However, you can clear all dynamic CAM entries (including user-configured dynamic entries) using the clear cam dynamic command. In addition, unused user-configured dynamic entries are aged out by the normal mechanisms. This problem is resolved in software release 5.2(2). (CSCdm76686)

• If you set the in-band (sc0) interface IP address to 0.0.0.0 (or if you clear the switch configuration using the clear config all command), the sc0 entry in the switch IP routing table might be replaced by a second entry for the SLIP (sl0) interface if the sl0 IP address is set to 0.0.0.0 (the default). The workaround is to set the sl0 interface IP address to a value other than 0.0.0.0. This problem is resolved in release 5.4(1). (CSCdm78466)

• In some cases, if you release a DHCP lease using the set interface sc0 dhcp release command and then attempt to obtain a new address using the set interface sc0 dhcp renew command, the switch might fail to obtain an IP address from the DHCP server. This problem is resolved in release 5.4(1). (CSCdm78813)

• If you configure a Kerberos server using the set kerberos server kerberos-realm {hostname | ip-address} port-number command without specifying the port number, the Kerberized Telnet session fails. The workaround is to specify the port number. This problem is resolved in software release 5.2(2). (CSCdm83742)

• If you set the spanning-tree port cost of an EtherChannel port bundle using the set channel cost command, the configured value might change if you reset the switch or the module on which the channel is configured. This problem is resolved in software release 5.2(2). (CSCdm89834)

• Under certain conditions, when you perform a MIB walk on the switch, this message might appear on the console if you poll the cpmProcessTable object:

%SYS-3-LLC_SCPSTATNOTOK:Send scp message to module 1 status 255
 

  This problem does not affect the normal operation of the switch and the correct values for the cpmProcessTable object are returned. This problem is resolved in software release 5.2(2). (CSCdm91242)

• If you configure a SPAN session, reset the switch, and then disable SPAN, the former SPAN destination port remains in a not-connected state even when an active device is attached to the port. The workaround is to disable and reenable the affected port. (CSCdp02036)

• In some cases, if you change the SPAN source port of a SPAN session from a single switch port to an EtherChannel port using the same destination SPAN port, the following error message is displayed on the console:

 Invalid port number in SPAN source ports 
 

  However, all of the ports in the EtherChannel are set correctly as the SPAN source ports and the traffic on the EtherChannel is mirrored properly to the SPAN destination port. This problem is resolved in software release 5.2(2). (CSCdp00873)

• In some cases, the spanning-tree port-VLAN cost for a port might not be changed when you change the overall spanning-tree port cost for that port. In addition, if you create an EtherChannel from ports experiencing this problem, the port-VLAN costs (not the port costs) for the member ports are used to calculate the EtherChannel port cost, which might result in an unexpected EtherChannel cost. The workaround is to manually set the correct port-VLAN cost for the ports using the set spantree portvlancost command. This problem is resolved in release 5.4(1). (CSCdp01070)

• When there are ELANs configured on an ATM module but a corresponding VLAN is not configured on the supervisor engine, you might see syslog message such as the following:

1999 Aug 24 17:15:51 EDT -04:00 %PRUNING-4-NOBUF:no mbuf to build join 
 

  These messages indicate that a protocol failed to find a memory buffer to perform an operation. The workaround is to configure the corresponding VLANs on the supervisor module. The syslog messages should stop within a few minutes. This problem is resolved in software release 5.2(2). (CSCdm30975)

• Communication using SLIP on the console port of a Supervisor Engine II might fail. This problem is resolved in software release 5.2(2). (CSCdm45445)

• In certain redundant network topologies, if a spanning-tree topology change (route flap) causes the IP MLS entry for an HSRP router interface to be removed from the MLS cache, the entry might not be added back to the MLS cache properly when the link comes back up. This problem is resolved in software release 5.2(2). (CSCdm90511)

• If you configure a permanent multicast CAM entry for multiple ports and you then change the port-VLAN membership of two or more of those ports, the switch might reset. Only the first port specified in the list retains the new VLAN membership, and that port is removed from the permanent CAM entry. The workaround is to assign each port to the new VLAN individually. This problem is resolved in software release 5.2(2). (CSCdm91321)

• In a switch with redundant supervisor engines and 24-port 10/100BaseTX RJ-45 (WS-X5224) modules, if a port on a WS-X5224 module is shutdown due to port security violation, the port will not recover link to connected devices after a switchover from the active to the standby supervisor engine. In addition, if you disconnect the cables on the affected port, the Link LED remains green and the link is not dropped. The workaround is to disable and reenable the affected port. This problem is resolved in software release 5.2(2). (CSCdp08791)

• On Catalyst 5500 switches with a Supervisor Engine III and NFFC, to avoid a broadcast storm, do not insert a WS-X5030 Token Ring module in slots 9 through 12 while the switch is in service. Reset the switch after inserting a WS-X5030 Token Ring module in slots 9 through 12. (CSCdk67305)

Resolved Caveats in Software Release 5.2(1)

Note   For a description of open caveats in software release 5.2(1), see the "Open Caveats in Software Release 5.2(1)" section.

This section describes caveats resolved in software release 5.2(1):

• In some cases, attempts to set the primary VMPS server using SNMP fail. The workaround is to set the primary VMPS server using the CLI. This problem is resolved in software release 5.2(1). (CSCdm31717)

• Enabling UplinkFast increases the portcost of Token Ring modules by 3000. The workaround is to reconfigure the portcost on Token Ring modules to the desired value after enabling UplinkFast on the switch. This problem is resolved in software release 5.2(1). (CSCdm39080)

• On certain modules, due to the manner in which the software polls the port for packet totals, the output of the show mac command might report an incorrect value (0xFFFF FFFF FFFF FFFF - broadcasts - multicasts + total packets) for the Xmit-Unicast counter. The problem occurs when the total packets transmitted value reported is less than the total (multicast + broadcast) packets transmitted value. These switching modules are affected:

  • WS-X5010—24-port 10BaseT (Telco connector)

  • WS-X5011—12-port 10BaseFL MMF (ST connector)

  • WS-X5013— 24-port 10BaseT (RJ-45 connector)

  • WS-X5113—12-port 100BaseTX (RJ-45 connector)

  This problem is resolved in software release 5.2(1). (CSCdm25614)

• If you configure RMON alarm entries, if the value of the sampled alarmVariable overflows during the configured alarmInterval, alarmValue will be reported as a negative value. If the alarmValue is reported as a negative value, you can use the following calculation to determine the correct value: (alarmValue + 2³²-1). This problem is resolved in software release 5.2(1). (CSCdm27392)

• IP multicast MLS traffic is not transmitted out the ATM interface on the Catalyst 5000 family dual-PHY OC-12 ATM LANE/MPOA modules (WS-X5161 and WS-X5162). This problem does not occur if you are running ATM module release 11.3(10)WA4(13) or 12.0(4a)W5(10) on the ATM module. This problem is resolved in software release 5.2(1). (CSCdm30413)

• If you attempt to form an EtherChannel between four ports on a Catalyst 5000 family switch and four ports on a Catalyst 6000 family switch, the Catalyst 6000 family switch might bundle the ports in such a manner that one of the ports is connected to an individual port on the Catalyst 5000 family switch, resulting in a spanning-tree loop. In this case, ports are placed in the errdisable state. The workaround is to remove the problem port on the Catalyst 6000 family switch from the EtherChannel administrative group. This problem is resolved in software release 5.2(1). (CSCdm63203)

• On some switch ports, if you enable port security on the port before the port is in the spanning-tree forwarding state, port security might shut the port down. This problem occurs only if BPDUs, broadcast packets, or other traffic is received on the port before the port enters the forwarding state. This problem affects these modules:

  • WS-X5223—24-port 3 segment 100BaseTX (RJ-45 connector)

  • WS-X5224— 24-port 10/100BaseTX (RJ-45 connector)

  • WS-X5020—48-port 4 segment 10BaseT (Telco connector)

  • WS-X5010—24-port 10BaseT (Telco connector)

  • WS-X5014—48-port 10BaseT (RJ-45 connector)

  • WS-X5012—48-port 10BaseT (Telco connector)

  • WS-X5012a—48-port 10BaseT (Telco connector)

  • WS-X5013— 24-port 10BaseT (RJ-45 connector)

  The workaround is to enable the port security feature after the port is in the forwarding state (use the show spantree mod_num/port_num command to verify the spanning-tree state). This problem is resolved in software release 5.2(1). (CSCdk73206)

• In some cases, autonegotiation fails when connecting some 10/100-Mbps Fast Ethernet modules to a Compaq 4000 system with the Netflex 3 NIC. This problem is resolved in software release 5.2(1). (CSCdk87853)

• In some cases, entering the show cdp neighbors detail command causes the switch to generate "alignment correction" syslog messages. These messages do not affect the functionality of the switch. This problem is resolved in software release 5.2(1). (CSCdk85671)

• Enabling an ISL trunk on a switch with many (spanning-tree enabled) VLANs can cause the switch to delay BPDU transmission on TrBRF and TrCRF VLANs if the switch is the root bridge for any of the defined VLANs. This problem is resolved in software release 5.2(1). (CSCdk69087)

• If DNS is enabled and none of the configured DNS servers is reachable, local password authentication can be excessively slow. This problem is resolved in software release 5.2(1). (CSCdm14239)

• In some cases, when the active link of an UplinkFast link pair is disconnected, the switch does not transmit broadcast frames on the secondary link. This problem is resolved in software release 5.2(1). (CSCdm23587)

• In some cases, if you enable PortFast on a port on the Gigabit Ethernet uplink module (WS-U5534) and the attached end station is rebooted, the port stops transmitting traffic. The port continues to receive traffic. The workaround is to disable and then reenable the port (using the set port disable and set port enable commands) after the end station has rebooted, or disable PortFast on the port (using the set spantree portfast disable command). This problem is resolved in software release 5.2(1). (CSCdm27416)

• In some cases, on a switch with both BackboneFast and UplinkFast enabled, the show spantree mod_num/port_num output shows that a port is in forwarding mode, but in reality the port is in listening mode. As a result, all data traffic received on the port is discarded. The workaround is to disable and reenable the affected port. This problem is resolved in software release 5.2(1). (CSCdm08504)

• In some cases, UplinkFast does not function correctly between a Catalyst 5000 family switch and a Catalyst 4000 family switch, a Catalyst 2948G switch, or a Catalyst 5000 family Gigabit EtherChannel module (WS-X5410). This problem is resolved in software release 5.2(1). (CSCdm34341)

• In some cases, if a Telnet session to the switch closes abnormally while the switch is authenticating a user with the TACACS+ server, the switch might not close the session to the server properly, eventually causing the server to reach the maximum number of supported sessions. Subsequent attempts to authenticate with the server will fail. This problem is resolved in software release 5.2(1). (CSCdk79831)

• Under specific conditions, a spanning-tree loop might occur in a redundant configuration with Catalyst 5000 family and Catalyst 3900 series switches connected using ISL trunks. This problem is resolved in software release 5.2(1). (CSCdm24178)

• In some cases, a Catalyst 5000 family switch might bridge an 802.1Q-encapsulated BPDU if spanning tree is disabled and both an 802.1Q trunk and an ATM LANE or ISL trunk are configured on the switch. This problem is resolved in software release 5.2(1). (CSCdm26165)

• In a switch with one or more 24-port 10/100BaseTX Fast Ethernet modules (WS-X5225R) or the 12-port 100BaseFX Ethernet (WS-X5201R) modules, the swBusSBDErrorDrop counter in the show counters output increments if the module detects invalid frames on the backplane. Such frames are discarded and have no effect on the normal operation of the switch. This problem is resolved in software release 5.2(1). (CSCdm02396)

• If you reset the switch with certain Lancast MII transceivers attached, the port to which the transceiver is attached is marked faulty. The workaround is to disconnect the transceiver, reset the switch, and then reattach the transceiver after the switch boots up. This problem is resolved in software release 5.2(1). (CSCdk70113)

• When you configure dynamic VLAN membership for any EtherChannel-capable port, spanning-tree convergence time is 7 to 8 seconds longer than usual for those ports. This problem is resolved in software release 5.2(1). (CSCdm40338)

• A syslog message for a given facility is not sent to the syslog server if the syslog server severity level is set to a value equal to or greater than the message severity but the default severity level for that facility is set to a value less than the message severity. The workaround is to set the default facility severity level to a value equal to or greater than the configured syslog severity level. In release 5.2(1), syslog messages are sent to the syslog server if the syslog server severity level is equal to or greater than the message severity and the default facility severity level is equal to or greater than the message severity. (CSCdm71889)

• If you configure a port as an ISL trunk in on mode and the neighbor port is configured in off mode, the switch still forwards Token Ring ISL frames over the link. The workaround is to correct the misconfiguration by configuring the ports to compatible trunk modes (for example, both off, both on, one desirable and one auto, and so forth). This problem is resolved in software release 5.2(1). (CSCdm44861)

• In some cases, when you clear the configuration using the clear config all command, not all routes are removed from the IP routing table. The workaround is to configure the in-band (sc0), out-of-band management Ethernet (me1), and SLIP (sl0) interfaces down using the set interface {sc0 | me1 | sl0} down command before clearing the configuration. This problem is resolved in software release 5.2(1). (CSCdm56746)

• If you configure an RMON threshold alarm on the switch and that alarm is triggered while a MIB walk is in progress, the MIB walking application might loop back to the first leaf of the MIB branch it is currently walking. The workaround is to disable RMON, not configure any RMON alarms on the switch, or increase the polling interval of the alarm (such as one poll every five minutes). This problem is resolved in software release 5.2(1). (CSCdm34091)

• In some cases, the CiscoView application fails to display a Catalyst 5000 family switch if the switch contains 24-port 10/100BaseTX RJ-45 (WS-X5224) or 24-port 10/100BaseTX Fast Ethernet RJ-45 (WS-X5225R) modules. The workaround is to increase the polling interval value on the CiscoView application. This problem is resolved in software release 5.2(1). (CSCdm34809)

• If you configure a switch from a configuration file on a TFTP server and the configuration applies to 24-port 10BaseT RJ-45 (WS-X5013) modules in the switch, one or more of the WS-X5013 modules might stop responding. In addition, if you enter the show mac command, this message is displayed for the affected module: "Unable to access counters." The workaround is to reset the module. This problem is resolved in software release 5.2(1). (CSCdm74925)

• In some topologies with MLS enabled on multiple switches, UplinkFast convergence time might be slower than expected, causing excessive packet drops. This problem is resolved in software release 5.2(1). (CSCdm67466)

• There is no SNMP MIB support for standby supervisor engine uplink ports. This problem is resolved in software release 5.2(1). (CSCdm12187)

• In some cases, the following message appears on the supervisor engine console:

%SYS-1-MOD_INVALIDSEQ:Bus asic invalid sequence occurred on module
 

  This message has no effect on the functionality of the system and can be safely ignored. This problem is resolved in software release 5.2(1). (CSCdm32301)

• In some cases, port utilization is reported incorrectly. This problem is resolved in software release 5.2(1). (CSCdm18211)

Open and Resolved Caveats in Software Release 5.1(2a)

These sections describe the open and resolved caveats in supervisor engine software release 5.1(2a):

• Open Caveats in Software Release 5.1(2a)

• Resolved Caveats in Software Release 5.1(2a)

Open Caveats in Software Release 5.1(2a)

Note   For a description of caveats resolved in software release 5.1(2a), see the "Resolved Caveats in Software Release 5.1(2a)" section.

This section describes open caveats in software release 5.1(2a).

• In some cases, power cycling or resetting the switch erases permanent CAM entries. The correct behavior is that permanent entries remain in the CAM through a power cycle or system reset. The workaround is to reenter permanent entries after power cycling or resetting the switch. This problem is resolved in software release 5.2(2). (CSCdm25544)

• You cannot clear a specific user-configured dynamic CAM entry using the clear cam mac_addr command. The workaround is to clear all dynamic CAM entries using the clear cam dynamic command, or wait for the entry to age out (if no traffic from that address is received by the switch). This problem is resolved in software release 5.2(2). (CSCdk48841)

• In some cases, attempts to set the primary VMPS server using SNMP fail. The workaround is to set the primary VMPS server using the CLI. This problem is resolved in software release 5.2(1). (CSCdm31717)

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• Enabling UplinkFast increases the portcost of Token Ring modules by 3000. The workaround is to reconfigure the portcost on Token Ring modules to the desired value after enabling UplinkFast on the switch. This problem is resolved in software release 5.2(1). (CSCdm39080)

• On certain modules, due to the manner in which the software polls the port for packet totals, the output of the show mac command might report an incorrect value (0xFFFF FFFF FFFF FFFF - broadcasts - multicasts + total packets) for the Xmit-Unicast counter. The problem occurs when the total packets transmitted value reported is less than the total (multicast + broadcast) packets transmitted value. These switching modules are affected:

  • WS-X5010—24-port 10BaseT (Telco connector)

  • WS-X5011—12-port 10BaseFL MMF (ST connector)

  • WS-X5013— 24-port 10BaseT (RJ-45 connector)

  • WS-X5113—12-port 100BaseTX (RJ-45 connector)

  This problem is resolved in software release 5.2(1). (CSCdm25614)

• If you configure RMON alarm entries, if the value of the sampled alarmVariable overflows during the configured alarmInterval, alarmValue will be reported as a negative value. If the alarmValue is reported as a negative value, you can use the following calculation to determine the correct value: (alarmValue + 2³²-1). This problem is resolved in software release 5.2(1). (CSCdm27392)

• IP multicast MLS traffic is not transmitted out the ATM interface on the Catalyst 5000 family dual-PHY OC-12 ATM LANE/MPOA modules (WS-X5161 and WS-X5162). This problem does not occur if you are running ATM module release 11.3(10)WA4(13) or 12.0(4a)W5(10) on the ATM module. This problem is resolved in software release 5.2(1). (CSCdm30413)

• If you power cycle or reset a chassis with redundant Supervisor Engine II G modules and two or more Catalyst 5000 family ATM modules with hardware version 1.3, the supervisor engine in slot 2 might report a "minor hardware failure." The workaround is to reset the supervisor engine in slot 2. (CSCdm33598)

• If you attempt to form an EtherChannel between four ports on a Catalyst 5000 family switch and four ports on a Catalyst 6000 family switch, the Catalyst 6000 family switch might bundle the ports in such a manner that one of the ports is connected to an individual port on the Catalyst 5000 family switch, resulting in a spanning-tree loop. In this case, ports are placed in the errdisable state. The workaround is to remove the problem port on the Catalyst 6000 family switch from the EtherChannel administrative group. This problem is resolved in software release 5.2(1). (CSCdm63203)

• If you disconnect the link between trunk ports with 100 or more active VLANs, one of the ports might fail to become a non-trunk port and an error message might be generated. When you reconnect the link, the trunk might not re-form. In this situation, disconnect and reconnect the link until the trunk comes up. (CSCdm60737)

• On Catalyst 5500 switches with a Supervisor Engine III and NFFC, to avoid a broadcast storm, do not insert a WS-X5030 Token Ring module in slots 9 through 12 while the switch is in service. Reset the switch after inserting a WS-X5030 Token Ring module in slots 9 through 12. (CSCdk67305)

Resolved Caveats in Software Release 5.1(2a)

Note   For a description of open caveats in software release 5.1(2a), see the "Open Caveats in Software Release 5.1(2a)" section.

This section describes caveats resolved in software release 5.1(2a):

• In some cases, if you boot a switch with a user-defined TrCRF VLAN configured but no active end user ports or trunk ports in that TrCRF, an RSM VLAN interface in that TrCRF is not properly added to the parent TrBRF, preventing routing for the TrCRF. The workaround is to not define a TrCRF without active ports in the TRCRF, add the TrCRF to an active trunk port, add an active port to the TrCRF, or disable RSM autostate. This problem is resolved in software release 5.1(2a). (CSCdm23217)

• If you delete the RMON alarmEntry or if you modify the alarmVariable of the RMON alarmEntry while that alarmVariable is being sampled, the switch might reset. This problem is resolved in software release 5.1(2a). (CSCdm49575)

• In some cases, when you connect a port on the 24-port 10/100BaseTX Fast Ethernet module (WS-X5225R) to an end station, the port might loop data back to itself. If spanning tree is disabled on the port, this problem can negatively affect switch performance. If spanning tree is enabled, the port is automatically disabled. You can verify that the problem is occurring, and identify the problem port, by entering the show cdp neighbors command and checking to see if the switch itself is listed as a neighbor. The workaround is to disable and reenable the problem port. This problem is resolved in software release 5.1(2a). (CSCdm26889)

• Under certain circumstances, an ISL packet can get corrupted in such a way that a blocked spanning-tree port will forward the packet. The packet can get flooded again, leading to packet storms in certain network topologies. This problem is resolved in software release 5.1(2a). (CSCdm34970)

• If you disconnect a Telnet session to the switch when the switch is at the "More" prompt (such as with show command output) or is waiting for user input (such as a "Yes/No" prompt), future Telnet sessions might stop accepting user input. This problem is resolved in software release 5.1(2a). (CSCdk83562)

• If you enable both UplinkFast and protocol filtering on the switch, when a spanning-tree topology change occurs that activates UplinkFast, UplinkFast multicast frames (using destination MAC address 0x0100 0CCD CDCD) might be transmitted on access ports. The workaround is to not use UplinkFast if protocol filtering is enabled. This problem is resolved in software release 5.1(2a). (CSCdm31699)

• After entering the configure network command, do not interrupt the configuration using Control-C. You might prevent the current command from completely executing, causing unexpected results. This problem is resolved in software release 5.1(2a). (CSCdm27473)

• If you enable GMRP on the switch, the Layer 2 multicast table entry required for MLS to receive MLSP messages is removed, preventing MLSP control traffic from being exchanged between the MLS-SE and the MLS-RP. The workaround is to make sure the MLS management interface is in the same VLAN as the switch in-band (sc0) interface (MLSP messages are flooded on the MLS management VLAN). Alternately, you can disable and reenable both IP and IPX MLS after you enable GMRP on the switch. However, this workaround must be repeated each time you reset the switch. This problem is resolved in software release 5.1(2a). (CSCdm51500)

• On certain supervisor engine Gigabit Ethernet uplink ports, if there is no unicast traffic through the ports (for example, if the ports are trunking), the output of the show mac command returns an incorrect value for the Rcv-Unicast and Xmit-Unicast counters. These supervisor engine modules are affected:

  • Supervisor Engine II G (WS-X5540) with dual-port 1000BaseSX MMF (WS-U5534-GESX) or dual-port 1000BaseLX/LH MMF/SMF (WS-U5536-GELX) uplink module

  • Supervisor Engine III G (WS-X5550)

  This problem is resolved in software release 5.1(2a). (CSCdm42255)

• Autonegotiation between Sun 10/100 NICs and certain Catalyst 5000 family modules (such as the WS-X5225R) might result in speed and or duplex mismatches under certain conditions. The problem typically occurs after you reset the module or you disable and reenable the switch port. The workaround is to disconnect and reconnect the cable connecting the workstation to the switch port. This problem is resolved in software release 5.1(2a). (CSCdm51653)

• In some situations, the "RxBPDUThresholdDrop" counter does not show the actual number of dropped frames. This problem is resolved in software release 5.1(2a). (CSCdm56862)

• When you configure a port with a connected workstation as the SPAN destination port (with the inpkts option enabled) for a SPAN source port configured as a VLAN trunk, attempts to ping other devices in the network from the workstation fail. This problem is resolved in software release 5.1(2a). (CSCdm48998)

Open Caveats in Software Release 5.1(1)

This section describes open caveats in software release 5.1(1).

• If you disconnect a Telnet session to the switch when the switch is at the "More" prompt (such as with show command output) or is waiting for user input (such as a "Yes/No" prompt), future Telnet sessions might stop accepting user input. This problem is resolved in software release 5.1(2a). (CSCdk83562)

• In some cases, power cycling or resetting the switch erases permanent CAM entries. The correct behavior is that permanent entries remain in the CAM through a power cycle or system reset. The workaround is to reenter permanent entries after power cycling or resetting the switch. This problem is resolved in software release 5.2(2). (CSCdm25544)

• If you enable both UplinkFast and protocol filtering on the switch, when a spanning-tree topology change occurs that activates UplinkFast, UplinkFast multicast frames (using destination MAC address 0x0100 0CCD CDCD) might be transmitted on access ports. The workaround is to not use UplinkFast if protocol filtering is enabled.This problem is resolved in software release 5.1(2a). (CSCdm31699)

• You cannot clear a specific user-configured dynamic CAM entry using the clear cam mac_addr command. The workaround is to clear all dynamic CAM entries using the clear cam dynamic command, or wait for the entry to age out (if no traffic from that address is received by the switch). This problem is resolved in software release 5.2(2). (CSCdk48841)

• In some cases, attempts to set the primary VMPS server using SNMP fail. The workaround is to set the primary VMPS server using the CLI. This problem is resolved in software release 5.2(1). (CSCdm31717)

• After entering the configure network command, do not interrupt the configuration using Control-C. You might prevent the current command from completely executing, causing unexpected results.This problem is resolved in software release 5.1(2a). (CSCdm27473)

• The clear log command does not clear the exception log for the Network Analysis Module (WS-X5380). (CSCdm32798)

• Enabling UplinkFast increases the portcost of Token Ring modules by 3000. The workaround is to reconfigure the portcost on Token Ring modules to the desired value after enabling UplinkFast on the switch. This problem is resolved in software release 5.2(1). (CSCdm39080)

• On certain modules, due to the manner in which the software polls the port for packet totals, the output of the show mac command might report an incorrect value (0xFFFF FFFF FFFF FFFF - broadcasts - multicasts + total packets) for the Xmit-Unicast counter. The problem occurs when the total packets transmitted value reported is less than the total (multicast + broadcast) packets transmitted value. These switching modules are affected:

  • WS-X5010—24-port 10BaseT (Telco connector)

  • WS-X5011—12-port 10BaseFL MMF (ST connector)

  • WS-X5013— 24-port 10BaseT (RJ-45 connector)

  • WS-X5113—12-port 100BaseTX (RJ-45 connector)

  This problem is resolved in software release 5.2(1). (CSCdm25614)

  This problem is resolved in software release 5.1(2a). (CSCdm42255)

• If you configure RMON alarm entries, if the value of the sampled alarmVariable overflows during the configured alarmInterval, alarmValue will be reported as a negative value. If the alarmValue is reported as a negative value, you can use the following calculation to determine the correct value: (alarmValue + 2³²-1). This problem is resolved in software release 5.2(1). (CSCdm27392)

• IP multicast MLS traffic is not transmitted out the ATM interface on the Catalyst 5000 family dual-PHY OC-12 ATM LANE/MPOA modules (WS-X5161 and WS-X5162). This problem does not occur if you are running ATM module release 11.3(10)WA4(13) or 12.0(4a)W5(10) on the ATM module. This problem is resolved in software release 5.2(1). (CSCdm30413)

• If you power cycle or reset a chassis with redundant Supervisor Engine II G modules and two or more Catalyst 5000 family ATM modules with hardware version 1.3, the supervisor engine in slot 2 might report a "minor hardware failure." The workaround is to reset the supervisor engine in slot 2. (CSCdm33598)

• If you enable GMRP on the switch, the Layer 2 multicast table entry required for MLS to receive MLSP messages is removed, preventing MLSP control traffic from being exchanged between the MLS-SE and the MLS-RP. The workaround is to make sure the MLS management interface is in the same VLAN as the switch in-band (sc0) interface (MLSP messages are flooded on the MLS management VLAN). Alternately, you can disable and reenable both IP and IPX MLS after you enable GMRP on the switch. However, this workaround must be repeated each time you reset the switch. This problem is resolved in software release 5.1(2a). (CSCdm51500)

• On Catalyst 5500 switches with a Supervisor Engine III and NFFC, to avoid a broadcast storm, do not insert a WS-X5030 Token Ring module in slots 9 through 12 while the switch is in service. Reset the switch after inserting a WS-X5030 Token Ring module in slots 9 through 12. (CSCdk67305)

Usage Guidelines, Restrictions, and Troubleshooting

These sections provide usage guidelines, restrictions, and troubleshooting information for Catalyst 5000 family switch hardware and software:

• System and Supervisor Engine

• Modules and Switch Ports

• Transceivers

• Spanning Tree

• VTP, VLANs, and VLAN Trunks

• EtherChannel

• SPAN

• Multicast

• Network Analysis Module and TrafficDirector

System and Supervisor Engine

This section contains usage guidelines, restrictions, and troubleshooting information that apply to the supervisor engine and to the switch at the system level.

• The following restrictions apply to the CWI (Catalyst Web Interface) on the Catalyst 5000 family switches:

  • CWI support is available for Supervisor Engine III (WS-X5530) only.

  • Because the CWI image is greater than 8 MB in size, you will need to download the image to the PCMCIA card since it will not fit on the bootflash. You must also manually synchronize the CWI image to the standby supervisor.

  • CWI does not support the RSM.

  • CWI requires Java Plug-in 1.2.2 to be installed on the client.

• If you attempt to boot a Catalyst 5000 family switch and the switch generates continuous MCP exception errors (and possibly fails to boot), make sure that the supervisor engine has the correct software version for all of the hardware in your configuration. For information on the minimum and recommended software versions for Catalyst 5000 family hardware, see the "Product and Software Version Support Matrix" section.

Caution Before powering up a Catalyst 5500 (WS-C5500) switch with redundant power supplies, install at least two modules in the chassis. If you power up a Catalyst 5500 switch with redundant power supplies with less than two modules installed, the red OUTPUT FAIL LED on one of the power supplies might light, even though the supply is not faulty.

• After downloading a new Flash image, the next reboot might take longer than normal if Erasable Programmable Logic Devices (EPLDs) on the supervisor engine module need to be reprogrammed. Whether this happens depends on which software version was running on the supervisor engine module before the download and which software version is downloaded. This can add up to 15 minutes to the normal reboot time the first time you reboot with the new image.

• The Catalyst 5500 series switches support redundant supervisor engine modules. Redundant supervisor engines must be the same type (for example, both Supervisor Engine IIs or both Supervisor Engine IIIs). You can use any combination of Supervisor Engine III and III F modules in a redundant configuration provided the feature card on both modules is the same (both EARL1+, both NFFC, or both NFFC II).

• The Supervisor Engine II G supports the following uplink modules:

  • Four-port 10/100BaseTX with RJ-45 MDIX interfaces (WS-U5537-FETX)

  • Four-port 100BaseFX Fast EtherChannel MMF (WS-U5538-FEFX-MMF)

  • Dual-port 1000BaseSX MMF (WS-U5534-GESX)

  • Dual-port 1000BaseLX/LH MMF/SMF (WS-U5536-GELX)

• After initiating a switchover from the active supervisor engine to the standby supervisor engine, or when inserting a redundant supervisor engine in an operating switch, always wait until the supervisor engines have synchronized and all modules are online before removing or inserting modules or supervisor engines, or performing another switchover.

• Under certain conditions, inserting a second supervisor engine module into a running Catalyst 5500 switch might cause the switch to reset.

• In supervisor engine software release 5.2 and later, the show config, write terminal, and copy config commands return only the non-default configuration (that is, only commands entered that change the default configuration are displayed). Use the all keyword to display both the default and non-default configuration (for example, show config all).

• If you need to download configuration files to many switches in a network topology with redundant EtherChannel links, download the configuration at each switch manually using the configure network command. Otherwise, in some situations, a broadcast storm can occur.

• Under certain conditions, Clock Module:B is Active after boot. This situation does not indicate any failure of Clock Module:A. It is related to fluctuations in the boot sequence that select Clock Module:B over Clock Module:A. All standard error query and notification processes accurately reflect the status of the primary and standby clock modules.

• If your configuration produces thousands of CAM entries, ensure that your screen length is set to a value greater than 0 before entering the show cam dynamic command.

• The LrnDiscard counter (displayed by entering the show mac command) indicates the number of times a CAM entry is replaced with a newly learned address when the CAM table is full. The counter value is not maintained for each port; instead, the value is maintained for the entire switch.

• The CLI command show cam dynamic and the SNMP query "getmany community@vlan dot1dTpFdbAddress" are sometimes out of sync.

Modules and Switch Ports

This section contains usage guidelines, restrictions, and troubleshooting information that apply to modules and switch ports.

• On Catalyst 5500 switches with a Supervisor Engine III and NFFC, to avoid a broadcast storm, do not insert a WS-X5030 Token Ring module in slots 9 through 12 while the switch is in service. Reset the switch after inserting a WS-X5030 Token Ring module in slots 9 through 12.

• If you power cycle or reset a chassis with redundant Supervisor Engine II G modules and two or more Catalyst 5000 family ATM modules with hardware version 1.3, the supervisor engine in slot 2 might report a "minor hardware failure." The workaround is to reset the supervisor engine in slot 2.

• Hardware restrictions in the WS-X5201 and WS-X5203 modules prevent the Ethernet Bundle Controller from forming channels with ports 3 and 4 if ports 1 and 2 are not included. As a result, the following restriction on the construction of circular topologies using the WS-X5201 and WS-X5203 modules applies to software release 5.2.(2):

  To construct a circular topology with channels using three or more switches, the circularity must be broken in the way the WS-X5201 and WS-X5203 modules are wired. For example, instead of using this topology:

B[3,4]—C[1,2] and C[3,4]—D[1,2],

  use

B[3,4]—C[3,4] and C[1,2]—D[1,2].

  Failure to modify the topology as suggested above may result in all four channels not being formed. (CSCdp30971)

• To avoid software timeouts on end stations that use IPX, DHCP, or BOOTP, use the following configuration on ports connected to such end stations:

  • Spanning-tree PortFast enabled

  • Trunking off

  • Channeling off

  In supervisor engine software release 5.2 and later you can use the set port host command to optimize the port configuration for host connections. This command automatically enables PortFast and sets the trunking and channeling modes to off.

  In software releases prior to release 5.2, you can optimize the port configuration for host connections as follows:

• Use the set spantree portfast mod_num/port_num enable command to enable PortFast on a port.

• Use the set trunk mod_num/port_num off command to disable trunking on a port.

• Use the set port channel port_list off command to disable channeling on a port.

---

Note   You must specify a valid port range when entering the set port channel command. You cannot specify a single port.

---

  This example shows how to configure a port for end station connectivity using the set port host command:

Console> (enable) set port host 2/1

 
Warning: Span tree port fast start should only be enabled on ports connected to a single 
host. Connecting hubs, concentrators, switches, bridges, etc. to a fast start port can 
cause temporary spanning tree loops. Use with caution.
 
Spantree port 2/1 fast start enabled.
Port(s) 2/1 trunk mode set to off.
Port(s) 2/1 channel mode set to off.
 
Console> (enable) 
 

  This example shows how to manually configure a port for end station connectivity:

Console> (enable) set spantree portfast 2/2 enable

 
Warning: Spantree port fast start should only be enabled on ports connected
to a single host. Connecting hubs, concentrators, switches, bridges, etc. to
a fast start port can cause temporary spanning tree loops. Use with caution.
 
Spantree port 2/2 fast start enabled.
Console> (enable) set trunk 2/2 off

Port(s) 2/2 trunk mode set to off.
Console> (enable) set port channel 2/1-2 off

Port(s) 2/1-2 channel mode set to off.
Console> (enable)
 

• If you plan to use the Gigabit EtherChannel module (WS-X5410) with Supervisor Engine II or in a Catalyst 5000 chassis, use supervisor engine software release 4.3(1) or later in conjunction with Gigabit EtherChannel module software release 4.3(1) or later. This hardware was not fully tested with the Gigabit EtherChannel module in earlier releases. The Gigabit EtherChannel module is supported in the Catalyst 5500 series chassis with a Supervisor Engine III module in software release 4.2(1) and later.

• A maximum of seven ATM modules or RSMs, in any combination, can be installed in a Catalyst 5500 or 5509 switch.

---

Caution If you plan to run both the Ethernet LANE software and the Token Ring LANE software, you must run them on separate ATM LANE modules.

---

• When inserting a module into a Catalyst 5000 family chassis, be sure to use the ejector levers on the front of the module to seat the backplane pins properly. Incorrectly inserting a module can cause unexpected behavior. For proper module installation instructions, refer to the Catalyst 5000 Series Module Installation Guide.

• When you replace a module (other than the supervisor engine module) with a module of a different type, or when you insert a module (other than the supervisor engine module) in an empty slot, enter the command clear config mod_num to clear the module configuration information in the supervisor engine module and obtain the correct spanning-tree parameters.

• If a module fails to come online, reset the module by entering the reset mod_num command.

• On a Catalyst 5000 family switch with a Supervisor Engine II, if you attempt to download a new supervisor engine software image file before one or more modules come online, those modules might fail to come online. After the download is complete and you reset the switch, the modules should come online correctly.

• If a port fails the physical-medium-dependent (PMD) loopback test (port LED is flashing orange) after the Catalyst 5000 family switch is reset, you must reset the affected module to recover.

• If the Catalyst 5000 family switch detects a port-duplex misconfiguration, the misconfigured switch port is disabled and placed in the "errdisable" state. Reconfigure the port-duplex setting and use the set port enable command to reenable the port.

• In Catalyst 5000 family supervisor engine software release 3.2(2) and later, when the 48-port 10BaseT Telco module (WS-X5012) detects excessive or late collisions on a port, that port is automatically disabled. The show port command output shows the state of the disabled port as "errdisable."

  These errors can occur when there is a port-duplex misconfiguration (both ends of the link are not configured for the same duplex mode) or when the attached cable is not to specification (too long or of the wrong type). If a port has been automatically disabled, make sure the duplex configuration is the same on both ends of the link, verify that the cable is within specification, and then reenable the port using the set port enable command.

• If you have a port whose port speed is set to auto connected to another port whose speed is set to a fixed value, configure the port whose speed is set to a fixed value for half duplex. Alternately, you can configure both ports to a fixed-value port speed and full duplex.

• If you connect an end station to a 10/100-Mbps port configured to autonegotiate port speed, and the port enters spanning-tree blocking mode (as reported by the show spantree command), configure a fixed speed on the port (either 10-Mbps or 100-Mbps, depending on the speed supported on the end station NIC).

• If the link state of a port connected to an end station with a Xircom CE2 PC card (PCMCIA) NIC toggles up and down, make sure you install the latest Xircom drivers for the NIC and disable auto-polarity on the NIC.

• Whenever you connect a Catalyst 5000 family port that is set to autonegotiate to an end station or another networking device, make sure that the other device is configured for autonegotiation as well. If the other device is not set to autonegotiate, the Catalyst 5000 family port will remain in half-duplex mode, which can cause a duplex mismatch resulting in packet loss, late collisions, and line errors on the link.

• The show mac command displays the InDiscard counter value as zero, instead of the actual counter value for Ethernet ports. (The InDiscard counter tracks the number of frames that the Catalyst 5000 family switch discards because the frames were destined for the local segment.)

• Under certain conditions, etherHistoryUtilization is not reported correctly if the counter value wraps between the two consecutive samples. The workaround is to reduce the sample interval.

• Under heavy traffic conditions, and with a duplex mismatch between connected ports, the following Catalyst 5000 family modules might transmit frames with bad CRC values:

  • 48-port 10BaseT Telco Ethernet module (WS-X5012)

  • 48-port 10BaseT Telco Ethernet module (WS-X5012A)

  • 2-slot 48-port 10BaseT RJ-45 Ethernet module (WS-X5014)

• If you are using FDDI modules in your Catalyst 5000 family switch, we recommend that you run FDDI software release 2.1(7) or later.

• If both PHY ports on an FDDI module are connected, you should disable and reenable them together. If you disable and reenable only one port, a broadcast storm might result.

• Serial download is supported for downloading Flash code to the supervisor engine module, but not to the switching modules.

• In some instances, when using the autonegotiating functions of either the WS-X5213 or WS-X5213A 10/100-Mbps Fast Ethernet 12-port switching modules to connect to another autonegotiating Ethernet or Fast Ethernet device over a cable distance of 98 to 131 feet (30 to 40 meters), the duplex mode and port speed might be incorrectly negotiated. In this case, the link between the devices cannot be established. To recover from this situation, manually set the port speed and duplex mode manually.

• Alignment and frame check sequence (FCS) errors are detected when 3Com 3c595 and 3c905 cards are attached to a Catalyst 5000 family switch. (CSCdj01465)

• You cannot disable an ATM module by entering the set module disable command. The workaround is to session to the ATM module and shut down the ATM interface using the shutdown interface configuration command.

• If you have an LECS or LES/BUS configured on an ATM module and you replace the supervisor engine module (on Catalyst 5000 series switches only) or move the ATM module from one slot to another, the ATM addresses (NSAPs) are modified. Be sure to update the LECS database configuration with the new NSAP values.

• ATM modules do not generate link up/down traps.

• UplinkFast is not supported over ATM.

• In a 10Base2 network, incorrect termination can cause the port to hang. To recover, disable and then reenable the port.

• Do not enable protocol filtering on the switch if you have configured port security on any ports and set the violation mode to restrict. There is no restriction if the violation mode is set to shutdown (you can enable protocol filtering on the switch).

• The following restrictions apply when configuring port security:

  • You cannot configure dynamic, static, or permanent CAM entries on a secure port.

  • When you enable port security on a port, any static or dynamic CAM entries associated with the port are cleared; any currently configured permanent CAM entries are treated as secure.

• If you configure a secure port in restrictive mode, and a station is connected to the port whose MAC address is already configured as a secure MAC address on another port on the switch, the port in restrictive mode will shut down rather than restrict traffic from that station. For example, if you configure MAC-1 as the secure MAC address on port 2/1 and MAC-2 as the secure MAC address on port 2/2, if you then connect the station with MAC-1 to port 2/2 when port 2/2 is configured for restrictive mode, port 2/2 will shut down instead of restricting traffic from MAC-1.

Transceivers

This section contains usage guidelines, restrictions, and troubleshooting information that apply to transceivers.

• If you experience trouble with a port that has an MII transceiver attached to it, check that the transceiver jumpers are set properly.

• If an MII transceiver is plugged in at an angle, the Catalyst 5000 family switch might stop transmitting data. To recover, reseat the MII transceiver so that it is not seated at an angle. If the Catalyst 5000 family switch still cannot transmit data, disable and then reenable the port.

• If you are using MII transceivers, make sure that you are using compliant MII transceivers. Enter the show portreg command for each MII port to ensure that the value 2100 appears in the first column of output, as shown in the following example:

Console> (enable) show portreg 1/1

Port/PHY registers for 1/1
 
0x00: 2100 780F 2000 5C00 0081 0000 0000 0000 
. 
. 
Console> (enable) 

  If you see a value of 0xffff instead of 2100, do not use the MII transceiver. An MII transceiver whose value is set to 0xffff can prevent the Catalyst 5000 family switch from receiving on this MII port, which can cause spanning-tree loops.

  Check the Disconnect Counter Register (DCR) and the False Carrier Sense Counter Register (FCSCR). These registers should remain at 0 (except for the moment at which the link comes up). A value other than 0 indicates a physical layer problem (most likely a problem with the transceiver).

Spanning Tree

The Spanning-Tree Protocol (STP) blocks certain ports to prevent physical loops in a redundant topology. On a blocked port, the Catalyst 5000 family switch receives spanning-tree bridge protocol data units (BPDUs) periodically from neighboring Layer 2 devices. You can configure the frequency with which BPDUs are received by entering the set spantree hello command (the default frequency is set to two seconds). If a Catalyst 5000 family switch does not receive a BPDU in the time period defined by the set spantree maxage command (20 seconds by default), the blocked port transitions to the listening state, the learning state, and to the forwarding state. As it transitions, the Catalyst 5000 family switch waits for the time period specified by the set spantree fwddelay command (15 seconds by default) in each of these intermediate states. Therefore, a blocked spanning-tree port moves into the forwarding state if it does not receive BPDUs from its neighbor within approximately 50 seconds.

This section contains usage guidelines, restrictions, and troubleshooting information that apply to spanning tree.

• If the Spanning Tree Protocol parameters are reduced in value, ensure that the number of instances Spanning Tree Protocol are also reduced proportionally in order to avoid spanning tree loops in the network.

• Ensure that the total number of logical ports across all instances of spanning tree for different VLANs does not exceed the maximum number supported for each supervisor engine type and memory configuration.

  You can use the show spantree summary command and this formula to compute the sum of logical ports on the switch:

  (number of non-ATM trunks on the switch * number of active VLANs on that trunk)
+ (number of ATM trunks on the switch * number of active VLANs on that trunk * 2)
+ number of nontrunking ports on the switch

  The sum of all logical ports, as calculated with the formula above, should be less than or equal to:

• 1500 for Supervisor Engine II and III F

• 1800 for Supervisor Engine II G and III G

• 4000 for Supervisor Engine III

Caution If you enable numerous memory-intensive features concurrently (such as VTP pruning, VMPS, EtherChannel, and RMON), or if there is switched data traffic on the management VLAN, the maximum number of supported logical ports is reduced.

---

Note   Count each port in an EtherChannel port bundle independently (do not count the bundle as a single port).

---

• A Catalyst family switch should be the root for all VLANs, especially VLAN 1. In order to recover from an extended broadcast storm caused by a faulty device in a network, Catalyst  family switches reset blocked ports. To ensure recovery, all Catalyst family switches in the network should perform this function at the same time by sending synchronization packets on VLAN 1. These synchronization packets are only sent by a Catalyst family switch if it is the root bridge.

• Use the most-powerful possible supervisor engine version for the root node (for example, Supervisor Engine III instead of Supervisor Engine II).

• On a switch with Supervisor Engine II G or III G, or Supervisor Engine III or III F with an NFFC or NFFC II, you cannot enable or disable spanning tree on a per-VLAN basis. You must enable or disable spanning tree on every VLAN using the set spantree enable all and set spantree disable all commands.

• Disabling spanning tree on the native VLAN of an IEEE 802.1Q trunk can potentially cause spanning-tree loops. We recommend that you leave spanning tree enabled on the native VLAN of an 802.1Q trunk. If you plan to disable spanning tree in an 802.1Q environment, disable spanning tree on every VLAN in the network and ensure a loop-free topology exists.

• Use these commands to monitor blocked spanning-tree ports:

  • show port—Check to see if the port has registered a lot of alignment, FCS, or any other type of line errors. If these errors are incrementing continuously, the port might drop input BPDUs.

  • show mac—If the Inlost counter is incrementing continuously, the port is losing input packets because of a lack of receive buffers. This problem can also cause the port to drop incoming BPDUs.

• On a blocked spanning-tree port, make sure that the Rcv-Frms and Rcv-Multi counters are incrementing continuously. If the Rcv-Frms counter stops incrementing, the port is not receiving any frames, including BPDUs. If the Rcv-Frms counter is incrementing but the Rcv-Multi counter is not, then this port is receiving non-multicast frames but is not receiving BPDUs.

• On a blocked spanning-tree port, check the duplex configuration to ensure that the port duplex is set to the same type as the port of the neighboring device.

• On trunk ports, make sure that the trunk configuration is set properly on both sides of the link.

• On trunk ports, make sure that the duplex is set to full on both sides of the link to prevent any collisions under heavy traffic conditions.

• Do not use spanning-tree PortFast on a trunk port. Although the show spantree command displays PortFast as enabled on a trunk port, PortFast has no effect on trunk ports.

• IEEE STP between a Cisco router and Catalyst 5000 family ATM LANE module over RFC 1483 PVCs does not function properly.

• Spanning-tree convergence on 802.1Q trunks on a switch with a large number of active VLANs (several hundred) can be delayed up to several minutes.

VTP, VLANs, and VLAN Trunks

This section contains usage guidelines, restrictions, and troubleshooting information that apply to VTP, VLANs, and VLAN trunks.

• Although the Dynamic Trunk Protocol (DTP) is a point-to-point protocol, some internetworking devices might forward DTP frames. To avoid connectivity problems, follow these guidelines:

  • For ports connected to non-Catalyst family devices in which trunking is not being used, configure trunk-capable Catalyst 5000 family switch ports to off by entering the set trunk mod_num/port_num off command.

  • When trunking to a Cisco router, use the set trunk mod_num/port_num nonegotiate command. The nonegotiate keyword transitions a link into trunking mode without sending DTP frames.

• With Cisco IOS software release 12.0(1a)W5(6b) or earlier, the Catalyst 8510 campus switch router (CSR) does not process untagged packets (packets on the native VLAN) received on an IEEE 802.1Q trunked interface (all such packets are dropped). If you configure Catalyst 8510 CSR subinterfaces to trunk using 802.1Q encapsulation, traffic cannot be carried successfully on the native VLAN for the trunk configured on the Catalyst 5000 family switch.

  The workaround is to create an unused VLAN and assign that VLAN as the native VLAN for the 802.1Q trunk on the Catalyst 5000 family switch. Verify the native VLAN assignment for the trunk using the show trunk command.

  This problem is tracked as a defect against the Catalyst 8510 CSR software (CSCdk77676) and is resolved in IOS release 12.0(1a)W5(6e).

• A VTP transparent switch with no VTP domain name configured might not relay VTP requests received from VTP client and server switches. Therefore, VTP client and server switches might not synchronize if they are separated by a VTP transparent switch with no domain name configured. The workaround is to configure a VTP domain name on the VTP transparent switch.

EtherChannel

This section contains usage guidelines, restrictions, and troubleshooting information that apply to Fast and Gigabit EtherChannel.

• When using Fast EtherChannel, if a "SPANTREE-2: Channel misconfig - x/x-x will be disabled" or similar syslog message is displayed, it indicates a mismatch of Fast EtherChannel modes on the connected ports. We recommend that you correct the configuration and reenable the ports by entering the set port enable command. Valid EtherChannel configurations include:

Port Channel Mode	Valid Neighbor Port Channel Modes
desirable	desirable or auto
auto	desirable or auto1
on	on
off	off

1If both the local and neighbor ports are in auto mode, an EtherChannel bundle will not form.

• If you are using media-independent interface (MII) connectors, Fast EtherChannel does not work on the 100BaseTX, RJ-45 supervisor engine module (WS-X5509).

• With a large number of channels, trunks, or VLANs, or a change of channel configuration (for example, off to auto), or upon Fast EtherChannel module reboot, ports might take up to five minutes to form a channel and to participate in spanning tree. (During this interval, the port does not appear in show spantree command output.) If it takes more than ten minutes for a channel to form and appear on spanning tree, disable and reenable the ports. In addition, it might take up to two minutes to unbundle a channel after changing the channel mode.

SPAN

This section contains usage guidelines, restrictions, and troubleshooting information that apply to the Switch Port Analyzer (SPAN).

• Incoming traffic on the SPAN destination port is disabled by default. You can enable it using the set span command with the inpkts enable keywords. However, while the port receives traffic for its assigned VLAN, it does not participate in spanning tree for that VLAN. To avoid creating spanning-tree loops with incoming traffic enabled, assign the SPAN destination port to an unused VLAN.

• A SPAN destination port receives flooded unicasts and broadcasts for the VLAN of the source SPAN port.

• The RSM does not support SPAN.

Multicast

This section contains usage guidelines, restrictions, and troubleshooting information that apply to multicast protocols and traffic on the switch.

• Due to a conflict with the Hot Standby Router Protocol (HSRP), Cisco Group Management Protocol (CGMP) leave processing is disabled by default.

  To enable CGMP leave processing, enter the set cgmp leave enable command.

---

Note   If both HSRP and CGMP leave processing are enabled, you might experience some unicast packet flooding.

---

• When CGMP leave processing is enabled, the Catalyst 5000 family switch learns router ports through PIM-v1, HSRP, and CGMP self-join messages. When CGMP leave processing is disabled, the Catalyst 5000 family switch learns router ports through CGMP self-join messages only.

• CGMP does not prune multicast traffic for any IP multicast address that maps to the MAC address range of 01-00-5E-00-00-00 to 01-00-5E-00-00-FF. The reserved IP multicast addresses, in the range 224.0.0.0 to 224.0.0.255, are used to forward local IP multicast traffic in a single Layer 3 hop.

• When you enable CGMP and IP multicast MLS on the switch, the multicast flow is not multilayer switched in these situations:

  • If the multicast source is not directly attached to the switch and belongs to a transit VLAN (that is, a VLAN with no multicast receivers present), then multicast flows for that source are not multilayer switched because the switch cannot create an entry in the Layer 2 multicast forwarding table.

  • If the path to a multicast receiver is through a transit VLAN, the multicast flow to that receiver is not multilayer switched. However, the traffic is still software forwarded to the receiver, and traffic for receivers not reached through a transit VLAN are still multilayer switched.

---

Note   These problems do not occur if IGMP snooping is enabled on the switch, even if some of the MLS-RP router interfaces are configured for CGMP in order to support downstream Cisco switches that support only CGMP.

---

Network Analysis Module and TrafficDirector

This section contains usage guidelines, restrictions, and troubleshooting information that apply to the Network Analysis Module (WS-X5380), including important caveats tracked against the TrafficDirector application.

• Using the TrafficDirector Data Capture tool with slice sizes greater than 1500 bytes might cause data collected by RMON2 to be lost. (CSCdm22949)

• TrafficDirector 5.6.1 does not set the Roving destination port correctly on the agent when the Configuration Manager Rove function is used. (CSCdm27588)

• In some cases, TrafficDirector 5.5.1 fails to configure the SNMP agent with the Property File configuration even though the application reports the configuration was successful. (CSCdm32749)

Documentation Updates for Software Release 5.2

This section describes caveats for the Catalyst 5000 family software release 5.2 documentation. These changes will be included in the next update to the documentation.

• The printed version of the Command Reference for software release 5.2 incorrectly includes the show tech-support command. This command is not supported in software release 5.2.

Documentation Updates for Software Release 5.1

This section describes caveats for the Catalyst 5000 family software release 5.1 documentation. These changes will be included in the next update to the documentation.

• The May 1999 Catalyst 5000 Series Supervisor Engine Installation Guide incorrectly states that the Supervisor Engine II G supports the following uplink modules:

  • WS-U5531-FETX

  • WS-U5533-FEFX-MMF

  • WS-U5535-FEFX-SMF

  The Supervisor Engine II G does not support these uplink modules.

• In the Software Configuration Guide for software release 5.1, the "Software and Hardware Requirements" sections in the "Configuring IP MLS," "Configuring IP Multicast MLS," and "Configuring IPX MLS" chapters mention Cisco IOS release 12.0(3a)W5(8). In all cases, the correct version number is 12.0(3c)W5(8).

• In the Software Configuration Guide for software release 5.1, the "Configuring IP MLS" chapter states that input access lists are not supported with IP MLS. Input access lists are supported with IP MLS in Cisco IOS release 12.0(2) and later.

• In the Software Configuration Guide for software release 5.1, the "Configuring IP MLS" chapter states that policy routing is not supported with IP MLS. Policy routing is supported with IP MLS in Cisco IOS release 12.0(3) and later. Enter the [no] mls rp ip route-map global configuration command to allow policy routing in conjunction with IP MLS. However, IP MLS cannot function on interfaces configured to policy route based on packet length.

• In the Software Configuration Guide and the Command Reference for software release 5.1, the set qos ip-filter command syntax is incorrect. The proper command syntax is:

  set qos ip-filter cos {src_ip_addr_spec} {dest_ip_addr_spec} [before ACE# | modify ACE#]

  set qos ip-filter cos protocol {src_ip_addr_spec} {src_port} {dest_ip_addr_spec} {dest_port) [before ACE# | modify ACE#]

• In the Command Reference for software release 5.1, the description for the set port qos cos command is incorrect. The description states, "Use the set port qos cos command to set the CoS value for unclassified frames from trusted ports and all frames from untrusted ports." The correct description is, "Use the set port qos cos command to set the CoS value for all unclassified frames."

• In the Software Configuration Guide and the Command Reference for software release 5.1, the screen output for the show qos ip command shows "both" as a possible value in the Protocol field. The command actually displays "any," not "both."

• In the Software Configuration Guide for software release 5.1, the following description of GMRP was omitted:

  GMRP software components run on both the switch and on the host (Cisco is not a source for GMRP host software). On the host, GMRP is typically used with IGMP: the host GMRP software generates Layer 2 GMRP versions of the host's Layer 3 IGMP control packets. The switch receives both the Layer 2 GMRP and the Layer 3 IGMP traffic from the host. The switch uses the received GMRP traffic to constrain multicasts at Layer 2 in the host's VLAN.

---

Note   In all cases, you can use CGMP or IGMP snooping to constrain multicasts at Layer 2 without the need to install or configure software on hosts.

---

  When a host wants to join an IP multicast group, it sends an IGMP join message, which generates a GMRP join message.

  Upon receipt of the GMRP join message, the switch adds the port through which the join message was received to the appropriate multicast group. The switch propagates the GMRP join message to all other hosts in the VLAN, one of which is typically the multicast source. When the source is multicasting to the group, the switch forwards the multicast only to the ports from which it received join messages for the group.

  The switch sends periodic GMRP queries. If a host wants to remain in a multicast group, it responds to the query. In this case, the switch does nothing. If a host does not want to remain in the multicast group, it can either send a leave message or not respond to the periodic queries from the switch. If the switch receives a leave message or receives no response from the host for the duration of the leaveall timer, the switch removes the host from the multicast group.

---

Note   To use GMRP in a routed environment, enable the GMRP forwardall option on all ports where routers are attached.

---

Additional Documentation

The following documents are available for Catalyst 5000 family switches:

• Quick Installation Guides—Available for the Catalyst 5002, Catalyst 5000 and Catalyst 5005, Catalyst 5509, and Catalyst 5500

• Quick Software Configuration—Catalyst 5000 Family, 4000 Family, 2926G Series, and 2948G Switches

• Catalyst 5000 Family Installation Guide

• Catalyst 5000 Family Supervisor Engine Installation Guide

• Catalyst 5000 Family Module Installation Guide

• Software Configuration Guide - Catalyst 5000 Family, 4000 Family, 2926G Series, and 2948G Switches

• Layer 3 Switching Software Configuration Guide - Catalyst 5000 Family, 4000 Family, 2926G Series, and 2948G Switches

• ATM Software Configuration Guide - Catalyst 6000 Family and 5000 Family Switches

• Command Reference - Catalyst 5000 Family, 4000 Family, 2926G Series, and 2948G Switches

• System Message Guide - Catalyst 5000 Family, 4000 Family, 2926G Series, and 2948G Switches

• Enterprise MIB User Quick Reference (online only)

Obtaining Documentation

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly. Therefore, it is probably more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.

Ordering Documentation

Registered CCO users can order the Documentation CD-ROM and other Cisco Product documentation through our online Subscription Services at http://www.cisco.com/cgi-bin/subcat/kaojump.cgi.

Nonregistered CCO users can order documentation through a local account representative by calling Cisco's corporate headquarters (California, USA) at 408 526-4000 or, in North America, call 800 553-NETS (6387).

Obtaining Technical Assistance

Cisco provides Cisco Connection Online (CCO) as a starting point for all technical assistance. Warranty or maintenance contract customers can use the Technical Assistance Center. All customers can submit technical feedback on Cisco documentation using the web, e-mail, a self-addressed stamped response card included in many printed docs, or by sending mail to Cisco.

Cisco Connection Online

Cisco continues to revolutionize how business is done on the Internet. Cisco Connection Online is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.

CCO's broad range of features and services helps customers and partners to streamline business processes and improve productivity. Through CCO, you will find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online support services, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.

Customers and partners can self-register on CCO to obtain additional personalized information and services. Registered users may order products, check on the status of an order and view benefits specific to their relationships with Cisco.

You can access CCO in the following ways:

• WWW: www.cisco.com

• Telnet: cco.cisco.com

• Modem using standard connection rates and the following terminal settings: VT100 emulation; 8 data bits; no parity; and 1 stop bit.

  • From North America, call 408 526-8070

  • From Europe, call 33 1 64 46 40 82

You can e-mail questions about using CCO to cco-team@cisco.com.

Technical Assistance Center

The Cisco Technical Assistance Center (TAC) is available to warranty or maintenance contract customers who need technical assistance with a Cisco product that is under warranty or covered by a maintenance contract.

To display the TAC web site that includes links to technical support information and software upgrades and for requesting TAC support, use www.cisco.com/techsupport.

To contact by e-mail, use one of the following:

In North America, TAC can be reached at 800 553-2447 or 408 526-7209. For other telephone numbers and TAC e-mail addresses worldwide, consult the following web site: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml.

Documentation Feedback

If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.

You can e-mail your comments to bug-doc@cisco.com.

To submit your comments by mail, for your convenience many documents contain a response card behind the front cover. Otherwise, you can mail your comments to the following address:

Cisco Systems, Inc.
Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate and value your comments.

Language	E-mail Address
English	tac@cisco.com
Hanzi (Chinese)	chinese-tac@cisco.com
Kanji (Japanese)	japan-tac@cisco.com
Hangul (Korean)	korea-tac@cisco.com
Spanish	tac@cisco.com
Thai	thai-tac@cisco.com

Posted: Mon Sep 25 09:22:05 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.