Table of Contents
Release Notes for Catalyst 6000 Family Software Release 5.x
Current Release:
5.5(3) - September 11, 2000
Previous Releases:
5.5(2), 5.5(1), 5.4(4), 5.4(3), 5.4(2), 5.4(1)-Deferred, 5.3(6)CSX, 5.3(5a)CSX, 5.3(5)CSX, 5.3(4)CSX, 5.3(3)CSX, 5.3(2)CSX, 5.3(1a)CSX, 5.2(3)CSX, 5.2(2)CSX, 5.2(1)CSX, 5.1(1)CSX
Note The minimum boot ROM required for software release 5.4(1) and later releases is 5.2(1).
Note Release notes for prior Catalyst 6000 family software releases were accurate at the time of release. However, for information on the latest caveats and updates to previously released Catalyst 6000 family software releases, refer to the release notes for the latest maintenance release in your software release train. You can access all Catalyst 6000 family release notes at the World Wide Web locations listed in the "Cisco Connection Online" section.
This document consists of these sections:
Release 5.x Memory Requirements
The Catalyst 6000 family Supervisor Engine 1 is shipped with 64-MB DRAM, which fully supports software release 5.x.
In systems with redundant supervisor engines, both supervisor engines must have the same daughter card configurations, for example:
- If the supervisor engine in slot 1 has a PFC and no MSFC, the supervisor engine in slot 2 must have a PFC and no MSFC. If the supervisor engine in slot 1 has a PFC and an MSFC, the supervisor engine in slot 2 must have a PFC and an MSFC.
- If the supervisor engine in slot 1 has a PFC and an MSFC2, the supervisor engine in slot 2 must have a PFC and an MSFC2. You cannot have an MSFC and an MSFC2 in the same chassis.
These configuration requirements apply to all Catalyst 6000 family switches; we do not support mismatched supervisor engine daughter card configurations.
This section contains configuration matrixes to help you order Catalyst 6000 family products. Table 1 lists the minimum supervisor engine version and the current recommended/default supervisor engine software version for Catalyst 6000 family modules and chassis.
Note There might be additional minimum software version requirements for intelligent modules (those that run an additional, separate software image). Refer to the software release notes for the module type for more information.
Table 1: Minimum, Recommended, and Default Supervisor Engine Software Versions
Product Number
append with "=" for spares
| Product Description
| Minimum Supervisor Software Version
| Recommended/Default Supervisor Software Version
|
| Supervisor Engine 1
|
WS-X6K-SUP1A-MSFC
| Supervisor Engine 1A, dual-port 1000BASE-X uplinks, with enhanced QoS features, Policy Feature Card, and Multilayer Switch Feature Card
| 5.3(1a)CSX
| 5.4(4)
|
WS-X6K-SUP1A-PFC
| Supervisor Engine 1A, dual-port 1000BASE-X uplinks, with enhanced QoS features, and Policy Feature Card
| 5.3(1a)CSX
| 5.4(4)
|
WS-X6K-SUP1A-2GE
| Supervisor Engine 1A, dual-port 1000BASE-X uplinks, with enhanced QoS features
| 5.3(1a)CSX
| 5.4(4)
|
WS-X6K-SUP1-2GE
| Supervisor Engine 1, dual-port 1000BASE-X uplinks
| 5.1(1)CSX
| 5.4(4)
|
WS-X6K-S1A-MSFC2
| Supervisor Engine 1A, dual-port 1000BASE-X uplinks, with enhanced QoS features, PFC, and MSFC2
| 5.4(3)
| 5.5(1)
|
| Ethernet, Fast Ethernet, and Gigabit Ethernet
|
WS-X6416-GBIC
| 16-Port Gigabit Ethernet switching module
| 5.4(2)
| 5.4(4)
|
WS-X6416-GE-MT
| 16-port Gigabit Ethernet MT-RJ with enhanced QoS features
| 5.3(5a)CSX
| 5.4(4)
|
WS-X6408A-GBIC
| 8-port Gigabit Ethernet GBIC with enhanced QoS features
| 5.3(1a)CSX
| 5.4(4)
|
WS-X6408-GBIC
| 8-port Gigabit Ethernet GBIC
| 5.1(1)CSX
| 5.4(4)
|
WS-X6224-100FX-MT
| 24-port 100FX Multimode MT-RJ
| 5.1(1)CSX
| 5.4(4)
|
WS-X6324-100FX-MT
| 24-port 100FX Multimode MT-RJ with 128K per port packet buffers.
| 5.4(2)
| 5.4(4)
|
WS-X6248-RJ-45
| 48-port 10/100TX RJ-45
| 5.1(1)CSX
| 5.4(4)
|
WS-X6248-TEL
| 48-Port 10/100TX RJ-21
| 5.2(1)CSX
| 5.4(4)
|
WS-X6248A-TEL
| 48-Port 10/100TX RJ-21 with 128K per port packet buffers
| 5.3(2)CSX
| 5.4(4)
|
WS-X6348-RJ-45 WS-X6348-RJ-45V
| 48-port 10/100TX RJ-45 with 128k per port packet buffers (WS-X6348-RJ-45 accepts a field-upgradable voice daughter card to provide inline power to IP telephones. Already installed on WS-X6348-RJ-45V)
| 5.4(2) - no voice daughter card
5.5(1) - voice daughter card installed
| 5.4(4) - no voice daughter card
5.5(1) - voice daughter card installed
|
WS-F6K-VPWR
| Inline-power field-upgrade module mounts on the 48-port 10/100TX RJ-45 module
| 5.5(1)
| 5.5(1)
|
WS-X6024-10FL-MT
| 24-port 10BASE-FL MT-RJ with enhanced QoS features
| 5.3(3)CSX
| 5.4(4)
|
WS-X6316-GE-TX
| 16-port 1000BASE-TX Gigabit Ethernet with RJ-45 interfaces for standard Category 5 UTP cabling
| 5.4(2)
| 5.4(4)
|
| ATM1
|
WS-X6101-OC12-SMF
| Single-port Single-Mode OC-12 ATM
| 5.3(2)CSX
| 5.4(4)
|
WS-X6101-OC12-MMF
| Single-port Multimode OC-12 ATM
| 5.3(2)CSX
| 5.4(4)
|
| Multilayer Switch Module (MSM)2
|
WS-X6302-MSM
| Multilayer Switch Module
| 5.2(1)CSX
| 5.4(4)
|
| FlexWan Module3
|
WS-X6182-2PA
| FlexWAN Module
| 5.4(2)
| 5.4(4)
|
Voice Modules
|
|
|
|
WS-X6224-FXS
| 24-port FXS analog interface module
| 5.5(1)
| 5.5(1)
|
WS-X6608-E1 WS-X6608-T1
| 8-Port T1/E1 PSTN interface modules
| 5.5(1)
| 5.5(1)
|
Network Analysis Module4
|
|
|
|
WS-X6380-NAM
| Network Analysis Module
| 5.5(1)
| 5.5(1)
|
| Modular Chassis
|
WS-C6009
| Catalyst 6009 chassis (9-slot)
| 5.1(1)CSX
| 5.4(4)
|
WS-C6509
| Catalyst 6509 chassis (9-slot)
| 5.1(1)CSX
| 5.4(4)
|
WS-C6509-NEB
| Catalyst 6509-NEB chassis (9 vertically-oriented slots)
| 5.4(2)
| 5.4(4)
|
WS-C6006
| Catalyst 6006 chassis (6-slot)
| 5.2(1)CSX
| 5.4(4)
|
WS-C6506
| Catalyst 6506 chassis (6-slot)
| 5.2(1)CSX
| 5.4(4)
|
1See the ATM Configuration Guide and Command Reference
2See the Multilayer Switch Module Release Notes
3See the Catalyst 6000 Family FlexWAN Module Installation and Configuration Note
4See the Network Analysis Module Installation and Configuration Note
|
Table 2 lists the software versions and applicable ordering information for the Catalyst 6000 family supervisor engine software.
 | Caution
Always back up the switch configuration file before upgrading or downgrading the switch software to avoid losing all or part of the configuration stored in nonvolatile RAM (NVRAM). When downgrading switch software, you will lose your configuration. Use the write network command or the copy config tftp command to back up your configuration to a Trivial File Transfer Protocol (TFTP) server. Use the copy config flash command to back up the configuration to a Flash device. |
Table 2: Orderable Software Images
| Software Version
| Filename
| Orderable Product Number
Flash on System
| Orderable Product Number
Spare Upgrade (Floppy Media)
|
| Supervisor Engine 1
|
5.5(3) Flash image
| cat6000-sup.5-5-3.bin
| SC6K-SUP-5.5.3
| SC6K-SUP-5.5.3=
|
5.5(3) Flash image w/CiscoView
| cat6000-supcv.5-5-3.bin
| SC6K-SUPCV-5.5.3
| SC6K-SUPCV-5.5.3=
|
5.5(2) Flash image
| cat6000-sup.5-5-2.bin
| SC6K-SUP-5.5.2
| SC6K-SUP-5.5.2=
|
5.5(2) Flash image w/CiscoView
| cat6000-supcv.5-5-2.bin
| SC6K-SUPCV-5.5.2
| SC6K-SUPCV-5.5.2=
|
5.5(1) Flash image
| cat6000-sup.5-5-1.bin
| SC6K-SUP-5.5.1
| SC6K-SUP-5.5.1=
|
5.5(1) Flash image w/CiscoView1
| cat6000-supcv.5-5-1.bin
| SC6K-SUPCV-5.5.1
| SC6K-SUPCV-5.5.1=
|
5.4(4) Flash image
| cat6000-sup.5-4-4.bin
| SC6K-SUP-5.4.4
| SC6K-SUP-5.4.4=
|
5.4(4) Flash image w/CiscoView
| cat6000-supcv.5-4-4.bin
| SC6K-SUPCV-5.4.4
| SC6K-SUPCV-5.4.4=
|
5.4(3) Flash image
| cat6000-sup.5-4-3.bin
| SC6K-SUP-5.4.3
| SC6K-SUP-5.4.3=
|
5.4(3) Flash image w/CiscoView2
| cat6000-supcv.5-4-3.bin
| SC6K-SUPCV-5.4.3
| SC6K-SUPCV-5.4.3=
|
5.4(2) Flash image
| cat6000-sup.5-4-2.bin
| SC6K-SUP-5.4.2
| SC6K-SUP-5.4.2=
|
5.4(2) Flash image w/CiscoView
| cat6000-supcv.5-4-2.bin
| SC6K-SUPCV-5.4.2
| SC6K-SUPCV-5.4.2=
|
5.3(6)CSX
| cat6000-sup.5-3-6-CSX.bin
| SFC6K-SUP-5.3.6-CSX
| SWC6K-SUP-5.3.6-CSX=
|
5.3(5a)CSX
| cat6000-sup.5-3-5a-CSX.bin
| SFC6K-SUP-5.3.5a-CSX
| SWC6K-SUP-5.3.5a-CSX=
|
5.3(4)CSX
| cat6000-sup.5-3-4-CSX.bin
| SFC6K-SUP-5.3.4-CSX
| SWC6K-SUP-5.3.4-CSX=
|
5.3(3)CSX
| cat6000-sup.5-3-3-CSX.bin
| SFC6K-SUP-5.3.3-CSX
| SWC6K-SUP-5.3.3-CSX=
|
5.3(2)CSX
| cat6000-sup.5-3-2-CSX.bin
| SFC6K-SUP-5.3.2-CSX
| SWC6K-SUP-5.3.2-CSX=
|
5.2(3)CSX
| cat6000-sup.5-2-3-CSX.bin
| SFC6K-SUP-5.2.3-CSX
| SWC6K-SUP-5.2.3-CSX=
|
5.2(2)CSX
| cat6000-sup.5-2-2-CSX.bin
| SFC6K-SUP-5.2.2-CSX
| SWC6K-SUP-5.2.2-CSX=
|
5.2(1)CSX
| cat6000-sup.5-2-1-CSX.bin
| SFC6K-SUP-5.2.1-CSX
| SWC6K-SUP-5.2.1-CSX=
|
5.1(1)CSX
| cat6000-sup.5-1-1-CSX.bin
| SFC6K-SUP-5.1.1-CSX
| SWC6K-SUP-5.1.1-CSX=
|
1The 5.5(1) Flash image with CiscoView will be available on CCO approximately two weeks after the 5.5(1) image release.
2The 5.4(3) Flash image with CiscoView will be available on CCO approximately two weeks after the 5.4(3) image release.
|
This section describes the new hardware and software features available in software release 5.5.
This section describes the new hardware component available in software release 5.5.
- 24-port FXS analog interface module (WS-X6224-FXS)Provides a standard RJ-21
Category 5 telco connector to connect directly to standard analog telephones or fax machines. The module interfaces supply ring voltage and dial tone. The module emulates the central office (CO) or private branch exchange (PBX) in that it provides a service to an analog telephone or fax machine. The telephone or fax machine connected through the FXS module behaves as if it is connected to a normal CO or PBX line. It requires an IP address, is registered with Cisco CallManager in its domain, and is managed by Cisco CallManager.
- 8-Port T1/E1 PSTN interface modules (WS-X6608-E1, WS-X6608-T1)High-density, eight port, T1/E1 VoIP module that can support both digital T1/E1 connectivity to the PSTN or transcoding and conferencing. It requires an IP address, is registered with Cisco CallManager in its domain, and is managed by Cisco CallManager.
- The module software is downloaded from a TFTP server. Depending upon which software you download, the ports can serve as T1/E1 interfaces or the ports will support transcoding and conferencing.
- Network Analysis Module (WS-X6380-NAM)Monitors and analyzes network traffic for the Catalyst 6000 family switches using RMON, RMON2, and other MIBs. The RMON support that the NAM provides for Ethernet VLANs is an extension of the RMON support provided by the Catalyst 6000 family supervisor engine. The switched port analyzer (SPAN) selects network traffic and directs it to the NAM. TrafficDirector, or any other IETF-compliant RMON application, can analyze link characteristics, packet layers for capacity planning or departmental accounting, differentiated service deployment and policies, and filter/capture packets for debugging.
- Catalyst Family Inline-Power Patch Panel (WS-PWR-PANEL)Works with any
Cisco 10/100 Mbps switching product capable of supporting IP telephones. The inline-power patch panel eliminates the need for external power sources; it is a standalone chassis that can be co-located with the Catalyst switch to provide -48 VDC power directly to the telephone through existing Catalyst family 10/100BASE-TX switching modules. When used with an uninterruptible power supply (UPS), the inline-power patch panel can provide power to the telephone even in a power failure. The inline-power patch panel has 48 RJ-45 input ports and 48 RJ-45 output ports. There are two RJ-45 connectors per port for a total of 48 ports.
- Inline-power field-upgrade module (WS-F6K-VPWR)Mounts on the 48-port 10/100TX RJ-45 module (WS-X6348-RJ-45) and provides 48 VDC inline power on all ports.
- 2500W AC-input power supply (WS-CAC-2500W)
This section describes the new software features available in software release 5.5.
Numerous software features are introduced in this release to support configuring a voice-over-IP (VoIP) network using the Catalyst 6000 family voice-related hardware described in the previous section.
For detailed information on the Catalyst 6000 family VoIP software, refer to the "Configuring a Voice-over-IP Network" chapter of the Catalyst 6000 Family Software Configuration Guide publication.
This section describes the new hardware and software features available in software release 5.4.
This section describes the new hardware component available in software release 5.4.
- WS-F6K-MSFC2MSFC2 router daughtercard
- 16-port Gigabit Ethernet module (WS-X6416-GBIC)Provides 16 switched, full-duplex Gigabit Ethernet ports that you can configure with any combination of 1000BASE-SX, LX/LH, and ZX GBICs. Ports have SC-type connectors for MMF and SMF.
- FlexWAN module (WS-X6182-2PA)Delivers flexible support for a wide range of
Cisco 7200/7500 WAN port adapters. Two port adapters per FlexWAN module are supported, scaling from T1/E1 to OC-3 interfaces and including protocol support for Frame Relay, ATM, Packet over SONET, PPP, and HDLC. The FlexWAN module resides in a single slot of any Catalyst 6000 family switch and has no slot dependencies or limitations. The FlexWAN module works in conjunction with the Policy Feature Card (PFC) on the supervisor engine of the Catalyst 6000 family switch to deliver wire-speed security access control, and can also deliver distributed quality of service (QoS) and granular traffic management functionality.
Note To use the FlexWAN module, you must have a supervisor engine with an MSFC and PFC. You configure the FlexWAN module through the MSFC. For information regarding the FlexWan module, refer to the Catalyst 6000 Family FlexWAN Module Installation and Configuration Note.
- 48-port 10/100TX RJ-45 Ethernet module (WS-X6348-RJ-45)Provides enhanced QoS features, 128k per port packet buffers, and accepts a field-upgradable voice daughter card in a future release to provide inline power to IP telephones.
- 48-port 10/100 Telco RJ-21 Ethernet module (WS-X6248A-TEL)Provides enhanced QoS features.
- 8-port Gigabit Ethernet module (WS-X6408A-GBIC)Provides enhanced QoS features.
- 24-port 100FX multimode MT-RJ Ethernet module (WS-X6324-100FX-MT)Provides
128K per port packet buffers.
- 16-port 1000BASE-TX RJ-45 Gigabit Ethernet module (WS-X6316-GE-TX)Provides Gigabit connectivity using standard Category 5 UTP cabling.
This section describes the new software features available in software release 5.4.
- UDLD enhancementsWith supervisor engine software releases 5.4(3) and later, you can specify the message interval between UDLD messages. Previously, the message interval was fixed at 60 seconds. With a configurable message interval, UDLD reacts much faster to link failures.
- Additionally, releases 5.4(3) and later have UDLD aggressive mode. UDLD aggressive mode is disabled by default and its use is recommended only for point-to-point links between Cisco switches running software release 5.4(3) or later. With aggressive mode enabled, when a port on a bidirectional link stops receiving UDLD packets, UDLD tries to reestablish the connection with the neighbor. After eight failed retries, the port is put into errdisable state.
- In order to prevent spanning tree loops, normal UDLD with the default interval of 15 seconds is fast enough to shut down a unidirectional link before a blocking port transitions to forwarding state (when default spanning tree parameters are used).
- Enabling UDLD aggressive mode provides additional benefits in the following cases:
- One side of a link has a port stuck (both Tx and Rx)
- One side of a link remains up while the other side of the link has gone down
- In these cases, UDLD aggressive mode errdisables one of the ports on the link and stops the blackholing of traffic. Even with aggressive mode disabled, there would have been no risk for a broadcast storm due to a spanning tree loop in this situation, as one port is unable to pass traffic in both directions.
- For detailed information on configuring the message interval and UDLD aggressive mode, refer to the online version of the Catalyst 6000 Family Software Configuration Guide, Release 5.4.
- The Catalyst Web Interface (CWI) is a browser-based tool that you can use to configure the Catalyst 6000, 5000, and 4000 family switches. It consists of a graphical user interface (GUI) that runs on the client (a Catalyst version of CiscoView 5.0) and a Hypertext Transfer Protocol (HTTP) server that runs on the switch. A GUI alternative to the CLI and SNMP interfaces, the CWI provides a real-time graphical representation of the switch and detailed information such as port status, module status, type of chassis, and modules. The CWI uses HTTP to download CiscoView from the server to the client.
Note For information on installing and using the CWI, refer to the Catalyst 6000, 5000, and 4000 Family Switches Web Interface Installation and Configuration Note publication.
- High AvailabilityProvides improved switchover time from the active supervisor engine to the standby supervisor engine by synchronizing the standby supervisor engine with the active supervisor engine. In the event of a switchover, the standby can take over and continue exactly where the failed supervisor engine left off. The high availability feature also provides a versioning option. High availability versioning allows you to have two different but compatible images on the active and standby supervisor engines. The active supervisor engine exchanges image version information with the standby supervisor engine and determines whether the images are compatible for enabling high availability.
- RADIUS authorization and accountingProvides client-server authentication and accounting for users attempting to connect to the switch.
- TACACS+ authorization and accountingProvides client-server authentication and accounting for access to network devices.
- Generic summertimeAllows you to configure non-US summertime.
- NTP enhancementsTrusted Key and Authorization supports the trusted key option where NTP time updates are only accepted from hosts with the correct key.
- Errdisable timeoutAllows you to automatically enable or reset a port minutes after a port is disabled by the software due to excessive errors.
- Case-sensitive passwordAllows you to set case-sensitive passwords.
- IP permit list enhancementsIncreases the number of IP entries allowed and provides you with the capability to configure separate permit lists for Telnet and SNMP traffic.
- Banner improvementIncreases the banner string to 3,070 characters long and includes a tab character.
- Scheduled resetAllows you to reset the switch at a specified date and time.
- Permanent ARP entriesAllows you to save a static APR entry in the NVRAM (or Flash) configuration file so a reset or power cycle does not clear the entry.
- Private VLANsAre sets of ports that have the features of normal VLANs and also provide some Layer 2 isolation from other ports on the Catalyst 6000 family switch.
- Port security enhancements and single device per port:
- Increases the number of learned and configurable MAC addresses for port security to 1 MAC address per port and 1024 shared MAC addresses.
- Supports an option to automatically enable/reset the port N minutes after a port security violation lockdown.
- Provides an option to allow port security to automatically enable or reset the port on a link down instead of after a timeout. (NOT supported)
- Supports aging on the learned address to allow a new MAC address to use switch port after a configurable aging time in minutes.
- Kerberos TelnetProvides support for encrypted Telnet sessions on the switch using Kerberos.
- DHCP client and rcpAllows the switch to obtain its IP configuration from a DHCP server automatically and provides an alternative method for copying system software image files and configuration files over the network, using remote copy (rcp).
- Command completionAllows you to use the tab key to automatically complete unambiguous commands.
- Show config non-default and default filename for device config fileAllows you to specify non-default values only in the show config command.
- Config from Flash on startupAllows the switch to use a configuration file on Flash instead of NVRAM.
- show tech-support commandAllows you to capture all of the information and statistics required by Cisco TAC for the entire device.
- set port host commandEssentially a CLI macro that executes these commands: set spantree portfast enable, set trunk off, and set port channel off. This new command will provide a quick and convenient way to configure host/access ports to a mode that allows the port to forward traffic in less than 1 second from link up.
- VLAN 1 disable on trunksAllows you to disable VLAN 1 on any individual VLAN trunk link.
- PortFast guardProvides a means to shut the port down when any received BPDUs are detected.
- RGMP supportAllows the switch to forward IP multicast traffic to only those multicast routers that are interested in receiving the traffic, thus offloading the multicast router from unnecessary packet processing and improving the network bandwidth.
Note You can configure the switch to forward IP multicast traffic to an external router only for RGMP; the MSFC will support RGMP in Release 12.1(1)E.
- IGMP fast leaveProvides a mechanism where you can leave multicast sessions without any latency.
- Disable port startup optionAllows you to specify the default operation for all ports to be shutdown, and once set, in the event of a complete configuration erase or a corrupted configuration, no traffic will be transmitted through the switch.
- Diagnostics options on bootupProvides options to bypass all diagnostics completely, run a minimal set, or run the complete set.
- Capture capability with VACLsAllows you to capture selective traffic and redirect it to one or multiple ports to which an Intrusion Detection appliance(s) can be connected.
- SNMPv3Provides security and remote configuration capabilities of SNMPv3.
- Improved SNMP response timeMinimizes the response time for the SNMP subsystem in the Catalyst 6000 family switch.
- External LDA with the internal routerSupports the internal router as the default router.
- QoS ACL and VACL configuration from Flash memoryConfigures and stores ACLs in Flash memory instead of NVRAM.
- System log messages for backplane traffic, low memory conditions, memory corruption, NVRAM conditions, inband communication errors, and TCP/UDP errors.
This section describes the new features available in software release 5.3.
- UniDirectional Link Detection (UDLD) detects unidirectional connections on both copper and fiber-optic links.
- RADIUS authentication provides client-server authentication for users attempting to connect to the switch.
- Jumbo frame support for intraVLAN traffic on Gigabit Ethernet links increases the MTU size to 9216 bytes (note that jumbo frames cannot be routed or fragmented for transmission through slower ports).
- Virtual Management Policy Server (VMPS) client support allows network administrators to define the VLAN membership policies for their network in a central database so that the switch automatically configures user ports to the correct VLAN.
- With the Single-Port OC-12 ATM Module (SMF or MMF):
- Reassembly of up to 255 buffers simultaneously (each buffer represents a packet)
- Support for up to 4096 virtual circuits
- Support for AAL 5
- ATM LANE 1.0, including LEC, LES, BUS, and LECS
- MPOA support
- On switches with a Policy Feature Card (PFC):
Note IPX VACLs, QoS ACLs, COPS-DS, and RSVP for Qualitative Service were introduced in software release 5.3(1a)CSX but were not fully tested; you were instructed not to use them. These features can be used in software releases 5.3(3)CSX or later as they have been fully tested.
- VLAN access control lists (VACLs) using IP, IPX, and MAC ACLs.
- VACL enhancements in software release 5.3(3)CSX are as follows:
- A VACL redirect ACE allows a unicast flow to be specified.
- Common Open Policy Service (COPS) for Differentiated Services (DS) allows QoS to be configured from a central policy decision point server.
- Resource ReSerVation Protocol (RSVP) for Qualitative Service allows hosts to request QoS.
- Remote SPAN (RSPAN) supports source and destination SPAN ports on other compatible switches.
- Quality of service (QoS) supports classification, marking, and policing using IP, IPX, and MAC ACLs.
- Accelerated server load balancing (ASLB) support enables Catalyst 6000 family switches to cache Cisco LocalDirector load balancing flows, accelerating the performance of the LocalDirector, which is a network appliance with a secure, real-time, embedded operating system that intelligently load balances IP traffic across multiple servers (refer to the
Catalyst 6000 Family Accelerated Server Load Balancing Installation and Configuration Note).
- ASLB enhancements in software release 5.3(3)CSX are as follows:
- A TCP port can be a wildcard (0).
- Up to 1024 virtual-IP addresses and TCP port pairs are supported.
Note Accelerated server load balancing was previously called LocalDirector Accelerator in these release notes.
- On switches with a Multilayer Switch Feature Card (MSFC):
- IP Multilayer Switching (MLS) provides high-performance hardware-based Layer 3 switching of IP unicast traffic, offloading processor-intensive IP packet routing from network routers.
- IP Multicast Multilayer Switching (IP MMLS) provides high-performance hardware-based Layer 3 switching of IP multicast traffic, offloading processor-intensive IP multicast packet routing from network routers.
- IPX MLS provides high-performance hardware-based Layer 3 switching of IPX unicast traffic, offloading processor-intensive IPX packet routing from network routers. Provides standard and extended IOS access control lists (ACLs) at wire rate.
- Netflow Data Export (NDE) allows a summary of intersubnet Layer 3 traffic statistics for all expired flows to be periodically exported to a network management data collector.
Note Refer to the Release Notes for Catalyst 6000 Family Multilayer Switch Feature Card.
This section describes the new features available in software release 5.2.
- GARP VLAN Registration Protocol (GVRP; see IEEE 802.1p) provides 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports.
- GARP Multicast Registration Protocol (GMRP; see IEEE 802.1p) maintains Layer 2 multicast groups that determine which switch ports need to participate in multicasts.
- EtherChannel frame distribution is configurable with Layer 2 Switching Feature Card II (WS-F6020A) and can use either Media Access Control (MAC) addresses or IP addresses and either source or destination or both source and destination addresses.
- Enter a show module command for the supervisor engine to determine if EtherChannel frame distribution is configurable on your switch. If the display shows the "Sub-Type" to be "L2 Switching Engine I WS-F6020," then EtherChannel frame distribution is not configurable on your switch; it uses source and destination MAC addresses. EtherChannel frame distribution is configurable with any other switching engine and the default is to use source and destination IP addresses.
- The Spanning Tree Protocol can be enabled and disabled on a per-VLAN basis.
This section describes the new features available in software release 5.1.
- IP supernetting, compatible with classless interdomain routing (CIDR) allows entry of a netmask instead of a subnet mask.
- 802.1Q-to-ISL VLAN mapping allows mapping of up to eight 802.1Q VLANs numbered above 1005 to ISL VLANs.
- Quality of service (QoS) prioritizes network traffic with class of service (CoS) values received in ISL or 802.1Q frame headers or with CoS values set in the switch.
- All Ethernet ports on all modules, including those on a standby supervisor engine, support EtherChannel (maximum of eight ports) with no requirement that ports be contiguous or on the same module.
- All Ethernet ports on all modules support Inter-Switch Link (ISL) and 802.1Q VLAN trunking.
- For transmitted traffic, provides up to four SPAN sessions; for received or both transmitted and received traffic, provides up to two SPAN sessions.
This section provides usage guidelines and restrictions for the Catalyst 6000 family switches.
- The minimum boot ROM required for software release 5.4(1) and later releases is 5.2(1).
- When you hot insert a module into a Catalyst 6000 or 6500 series chassis, be sure to use the ejector levers on the front of the module to seat the backplane pins properly. Inserting a module without using the ejector levers might cause the supervisor engine to display incorrect messages about the module.
- If you see minor hardware failures or Pinnacle sync errors on bootup, reconfirm that the supervisor engine and all the switching modules are fully seated, the ejector levers are fully depressed, and the thumbscrews are fully tightened.
- If the forward delay, max age, and hello time Spanning Tree Protocol (STP) parameters are reduced in value, ensure that the number of instances of STP are also reduced proportionally to avoid STP loops in the network.
- The Catalyst Web Interface (CWI) browser-based tool requires Java plug-in 1.2.2 be installed on the client.
- Note that VACLs access-control all traffic passing through a VLAN. This includes broadcast traffic and packets going to and from the router. Therefore, you must use care when defining a VACL.
- For example, to allow traffic from a local IPX client (daf11511) to a remote server (daf00402), the following VACL is configured (remote server is learned through a routing protocol):
set security acl ipx jg_ipx_permit
---------------------------------------------------
1. permit any DAF00402 DAF11511
2. permit any DAF11511 DAF00402
3. permit any DAF01023 DAF01023
4. permit any DAF11511 0
5. permit any 0 0
6. permit any DAF11511 DAF11511
- The VACL description is as follows:
- 1, 2. Allow IPX between client and server.
- 3. The router does need to see the RIP/SAP packets.
- 4. If packets are dropped during a connection, the client tries to find another route to the server by sending out RIP requests to IPX network 0.ffff.ffff.ffff. Not doing this results in a lost connection after packet drop.
- 5. A client starting up, sends its first packets to 0.ffff.ffff.ffff and uses 0.ffff.ffff.ffff as its one IPX address.
- 6. When a server connection socket is timed out, the client reconnects by sending a request to its local network to find its server.
- As the example shows, just 1 and 2 is not enough, you also have to define 3 through 6 to achieve the goal. (CSCdm55828)
- On a Catalyst 6000 family switch, when the switch QoS policy source is COPS, no COPS roles are defined for a port, and the port policy source is COPS, the values that you set for the QoS configuration (such as queue mappings and sizes) are inappropriate. For example, all CoS values get mapped to the strict priority queue on a 1P2Q2T or 1P1Q4T port type. This situation can lead to bandwidth starvation for other ports in the switch, especially, if these ports with a strict priority queue are generating high rates of traffic. The workaround to avoid this problem is to either configure a COPS role on all ports in the switch or configure all ports without a COPS role to use local policy. (CSCdp44965)
- If there are a large number of QoS ACLs defined on the system during switch boot up, some packets might get switched before the QoS ACLs are installed in hardware. This would result in some packets getting an incorrect ToS or no policing applied. After the QoS ACLs are installed in hardware, the correct ToS and policers are applied. It is considered inappropriate to block traffic from flowing until all the QoS policy is installed. (CSCdp68608)
- After setting the QoS policy source to local, you might need to wait approximately 20 seconds before the QoS policy source can be set back to COPS. (CSCdp34367)
- When you reset the supervisor engine from a Telnet connection, the connection will not get dropped and will appear as though Telnet is frozen. To back out from the Telnet session, you need to manually disconnect the Telnet connection using the escape commands of the Telnet program. (CSCdp32220)
- The high availability feature does not support use of the Reset button. Pressing the Reset button to initiate a switchover results in a high availability switchover failure. The workaround is to make the active supervisor engine the standby supervisor engine first, and then remove it from the chassis. (CSCdp76806)
- In the event you have routed flows with MLS disabled (no shortcuts created), candidate entries are aged out rapidly to ensure that the forwarding table is used as much as possible by shortcut flows. However, a side effect of this rapid aging of candidate entries is that the microflow policer does not work accurately. This is due to the fact that policing history is lost when the entries are aged out. When the same flow creates a new entry, it gets the entire traffic contract again even though it may have exceeded the contract before the entry was aged out. (CSCdp59086)
- If you perform a manual switchover or reset a switch while high availability events are waiting in the queue of the standby supervisor engine, when the events will be completely processed is not known, and all configurations may not synchronize to the standby supervisor engine properly. (High availability events are the result of changing the configuration through the CLI.) We suggest that after changing the configuration, you allow additional time before resetting the switch to allow the supervisor engine to process all synchronized events. (CSCdp59261)
- COPS policy fails to install on ports with a large number of QoS policers. The workaround is to unmap the local ACLs before installing the COPS policy. (CSCdp63138)
- The following debounce timer command options have been added to increase the jitter tolerance on 10/100 UTP ports to make them interoperable with out-of-spec NICs:
- set option debounce enableSets debounce to 3.1 seconds on 10/100 cards.
- set option debounce disableSets debounce to 300 ms. The default is 300 ms debounce. (CSCdp56343)
- Software release 5.x does not support full or destination-source flows for IPX traffic. As a result, note that the following caveat listed as open in release 5.3(3) will not be fixed:
- When you change an IPX flow to destination-source, the show mls entry ipx destination command used to specify a specific destination, displays all IPX Layer 3 entries rather than just those for a specific destination IPX address. (CSCdm46984)
- The following bug was mistakenly listed as open in software release 5.3(3)CSX. This bug never affected release 5.3(3)CSX or previous releases.
- Bug description: SNMP: A system reset might occur when generating TopN reports with portTopNMode set to portTopNForeground(1). The workaround is to set portTopNMode to portTopNBackground(2) for all entries in portTopNControlTable. (CSCdp27013)
- Please note that the following caveat, listed as open in previous releases, will not be fixed:
- Changing the console port baud rate from 19,200 to 38,400 incorrectly sets the console port to 9600 baud. After a reset, the console port baud rate is 38,400. Changing the rate to 38,400 from any other setting works correctly. (CSCdk86876)
- Note that the following caveat, listed as open in release 5.3(3)CSX will not be fixed:
- You cannot use the tftpGrp MIB object to download Catalyst 6000 ATM software. (CSCdp16574)
- Bug description: In some cases, a switch with redundant supervisor engines might reset as a result of the change from Daylight Saving Time to Standard Time. This problem only occurs if the Daylight Saving Time adjustment is enabled (using the set summertime enable command) and the switch has not been reset or power-cycled since the change to Standard Time. This problem is resolved in software release 5.3(1a)CSX. (CSCdk57762)
- You have to make sure that the redirect port defined in a VACL is on the same VLAN as the "incoming" VLAN for the packet that is to be redirected. Otherwise, the redirected packet will be dropped.
- For example, a redirect VACL is defined on VLAN 5 and the redirect destination port is also on VLAN 5. If an MLS entry is destined to VLAN 5, packets that are coming from VLAN 2 hit this MLS entry and also hit the VACL redirect ACE (both VLAN 2 and VLAN 5 ACLs will be checked) and are redirected in the incoming VLAN, VLAN 2. The redirect destination port will drop them on VLAN 5 rather than on VLAN 2.
- With QoS disabled, a Gigabit EtherChannel can contain ports with both strict-priority queues and ports without strict-priority queues. With QoS enabled, a Gigabit EtherChannel cannot contain both port types. If you enable QoS, ports drop out of any Gigabit EtherChannels that contain both port types.
- When a multicast goes to both bridged and routed addresses, the multicast packets going to the routed addresses are Layer 3 switched, and the multicast matches an ACL so that QoS should rewrite the ToS byte in the multicast packet, QoS rewrites the ToS byte for the multicast packets that are Layer 3 switched, but does not rewrite the ToS byte for the multicast packets that are bridged.
- 24-port 100FX Switching Modules (WS-X6224-100FX-MT) with a hardware version of 1.1 or lower only support IEEE 802.1Q VLAN trunking; they do not support ISL trunking. Do not configure ISL trunks on 24-port 100FX Switching Modules (WS-X6224-100FX-MT) with a hardware version of 1.1 or lower. The restriction against ISL VLAN trunking is the only known problem with hardware version 1.1 or lower of these modules. If you do not require ISL VLAN trunking, these modules are fully functional. The ISL VLAN trunking problem has been corrected in hardware version 1.2 or later of these modules. If you wish to return a WS-X6224-100FX-MT module with a hardware version of 1.1 or lower, contact Cisco Systems.
- You can identify WS-X6224-100FX-MT hardware versions using one of the following two methods:
- Command-line interface (CLI) methodUse the show version command to identify the hardware version of the WS-X6224-100FX-MT module as follows:
console> show version
< ... output truncated ... >
Mod Port Model Serial # Versions
--- ---- ------------------- ----------- --------------------------------------
< ... output truncated ... >
5 24 WS-X6224-100FX-MT SAD02470006 Hw : 1.1
< ... output truncated ... >
console>
- The example shows a WS-X6224-100FX-MT module with a hardware version of 1.1; this version does not support ISL VLAN trunking.
- Physical inspection methodLook for the part number that is printed on a label on the outer edge of the component side of the module. Versions 73-3245-04 or lower do not support ISL trunking.
- The set port qos trust command and the trust-ipprec and trust-dscp port keywords are not allowed on 10-, 10/100-, and 100-Mbps ports. Instead, configure ACLs with the trust-cos, trust-dscp, and trust-ipprec ACE keywords. Note that the trust-cos port keyword can be used on 10-, 10/100-, and 100-Mbps ports to enable receive queue drop thresholds.
- There is a cabling issue with the 48-Port 10/100TX Switching Module (WS-X6248-TEL). The WS-X6248-TEL module RJ-21 connectors do not support Category 3 RJ-21 telco connectors and cabling. Using Category 3 connectors and cabling causes carrier sense errors. The connectors are keyed for Category 5 telco connectors and cables. You must use Category 5 RJ-21 telco connectors and cables.
- To avoid the case where all traffic is out of profile, the burst size specified in a QoS policing rule must be at least as large as the maximum packet size permissible in the traffic to which the rule is applied.
- We recommend that you do not use more than 1500 multicast groups with GMRP. This restriction does not apply to IGMP.
- Release 5.4(1) and 5.4(2) images are not high availability (HA) compatible with HA versioning enabled. If one supervisor engine has 5.4(1) and the other has 5.4(2), you will get a switchover, but it will not be a fast switchover. The switch will lose its NVRAM configuration when you try to switch from the supervisor engine running 5.4(2) to the supervisor engine running 5.4(1). Therefore, we do not recommend running this configuration. (CSCdr21689)
- Release 5.4(2) and 5.4(3) images will not be high availability (HA) compatible with HA versioning enabled. If one supervisor engine has 5.4(2) and the other has 5.4(3), you will get a switchover, but it will not be a fast switchover. The switch will lose its NVRAM configuration when you try to switch from the supervisor engine running 5.4(3) to the supervisor engine running 5.4(2). Therefore, we do not recommend running this configuration. However, software releases 5.4.(4) and 5.4.(3) are HA compatible with HA versioning for these modules:
- WS-X6248-RJ-45
- WS-X6248-TEL
- WS-X6348-RJ-45
- WS-X6224-100FX-MT
- WS-X6024-10FL-MT
- The following modules are HA incompatible with HA versioning and will reset when you upgrade to 5.4(4):
- WS-X6408-GBIC
- WS-X6416-GE-MT
- The show module command might show different versions for different modules in the chassis when upgraded with versioning enabled. (CSCdr55665)
- In rare circumstances, multicast traffic might be blocked due to a mismatch between hardware and software entries. (CSCdp81324)
- With heavy COPS protocol traffic between either the COPS-DS client or the COPS-RSVP client and the PDP, it is possible for a connection keep-alive timeout event to occur and for the COPS connection manager to miss a Client Close from the PDP. When this happens, the switch may have an exception later. (CSCdp64213)
- If you configure aging for UDP, it could slow down the removal of TCP entries belonging to a terminated connection. As a result, you might see entries no longer being used in the NetFlow table being aged with the regular aging time of all the NetFlow entries, instead of the very fast LDA aging. The workaround is to enable the fast UDP aging only when really needed (for example, when load balancing UDP). (CSCdp79475)
- In rare corner cases, if you enter the show module command, the status of the MSFC on the standby supervisor might be displayed as other. This has no impact on MSFC behavior and you should ignore this display. (CSCdp87997)
- CiscoView images take approximately 12 minutes to download from a TFTP server to a PCMCIA Flash card. (CSCdr14437)
- When using a VLAN interface other than the VLAN 1 interface, a VLAN added on a Catalyst 3500XL running 120.5.1-XP does not appear in the Catalyst 6000 switch database. As soon as management interfaces are put back in VLAN 1, a VLAN configured on the 3500XL is sent properly to the Catalyst 6000 switch through VTP. Check the status of CSCdr80902 in your IOS release. (CSCdr66376)
- With PFC and a standard network topology as shown below where you have multicast senders in the core and multicast receivers on the access layer:
|
| Layer 3 distribution No. 1
|
|
|
| /
|
| \
|
|
Layer 2 access
|
|
|
| Core
|
| \
|
| /
|
|
|
| Layer 3 distribution No. 2
|
|
|
- If both distribution switches have two supervisor engines and MSFCs and are configured to provide multicast functionality for the same access VLANs, then you will see high CPU utilization on the non-DR routers due to non-RPF traffic. (CSCdr74908)
This section describes open and resolved caveats in supervisor engine software release 5.5(3).
This section describes open caveats in supervisor engine software release 5.5(3).
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times. The rise and fall times need to be shortened although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
- The set/clear cops domain-name commands might close Telnet sessions to the NMP. When the set cops domain-name command is run over a Telnet session to the NMP, the Telnet session might get terminated with a "connection lost" message. This could also happen with commands such as set qos enable/disable or set/clear port cops roles if the QoS policy source is set to COPS. (CSCdr54368)
- If there are no COPS policies defined on the COPS server and a Catalyst switch attempts to make a COPS DS connection to the COPS server, then local QoS policies will be applied or the NMP on the switch might experience a reset. The workaround is to define COPS DS policies on the COPS server before attempting to connect any devices to it. (CSCdr43041, CSCdr60174, CSCdr61165)
- If a COPS ACL containing a policer is downloaded to the switch and the switch cannot support the exact rate/burst supplied by the policer, there is no message to inform you that the rate/burst was rounded off to the nearest value that the hardware could support. (CSCdr28715)
- The Catalyst 6000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends down a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)
- If you create a security ACL with the redirect option and then replace the module that has the redirect port with another kind of module, the security ACL does not have the redirect port list anymore. The workaround is to manually modify the security ACL with the new redirect port information. (CSCdp74757)
- When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at 10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
- When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
- Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
- In some situations, if there is an error in installing any COPS policy, a successful commit is sent to the PDP even though the policy was not correctly installed. In such situations, any modifications to the port's role combination will not install the correct policy on the port with the error condition. This might result in a switch reset. (CSCdp66572)
- The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Online diagnostic failures are experienced on modules during boot up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, as the rate value specified in the policer decreases the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
This section describes resolved caveats in supervisor engine software release 5.5(3).
- The switch might display "Out of memory" messages resulting in VMPS becoming inactive. This could be due to duplicate MAC addresses in the VMPS database. The workaround is to reboot the switch. This problem is resolved in software release 5.5(3). (CSCdr95115)
- The switch might run out of memory if a lot of RMON related entries are created. This problem could exist in releases 5.4(x), 5.5(1), and 5.5(2). This problem is resolved in software release 5.5(3). (CSCdr99175)
- In some instances when IGMP snooping is used, a device might not be added to a multicast group on its first attempt to join. A related problem occurs when a switch has only multicast sources for a given group of MAC address directly attached. Because of problems with entries periodically timing out, packet loss might occur when this entry is removed and reinstalled. This problem is resolved in software release 5.5(3). (CSCdr54030)
- In systems with redundant supervisor engines and high availability enabled, the NAM module might fail to come online after a high availability switchover. This problem is resolved in software release 5.5(3). (CSCdr24405)
- When Cisco IP 7960 phones are connected to the WS-X6348-RJ-45 module with the inline power daughter card, some phones might not power up and the following message is displayed:
%SYS-3-PORT_DEVICENOLINK:Device on port 3/1 powered but no link up
- There is no workaround. This problem is resolved in software release 5.5(3). (CSCdr61759)
- A watchdog timeout might occur in systems with redundant supervisor engines and a four port Gigabit EtherChannel between the supervisor engine uplink ports. The timeout might happen when the switch does a high availability switchover from slot 1 to slot 2, as slot 2 is becoming the active supervisor engine. This problem is resolved in software release 5.5(3). (CSCdr72289)
- When the switch boots up, if there is a large ACL configuration and QoS is enabled, classification on channel ports might not work correctly. The workaround is to disable QoS and then enable it. This problem is resolved in software release 5.5(3). (CSCdr80892)
- When there are a large number of VLANs and trunks, the clear config command could result in some ports being stuck as trunks without being in spanning tree. The workaround is to disable and enable the port after using the clear config command. This problem is resolved in software release 5.5(3). (CSCdr81688)
- In TOPN reports, the Gigabit Ethernet port utilization is not correct. The actual value should be one half of the number showing up in the report. For example, if the report says it's 50% then the actual value should be 25% instead. This problem is resolved in software release 5.5(3). (CSCdr84143)
- TACACS+ command authorization fails if the switch is configured through the TFTP configuration file (copy tftp config command). The workaround is to use the configure host file command. This problem is resolved in software release 5.5(3). (CSCdr85581)
- The hcRMONCapabilities MIB object is not implemented in the switch. This results in some applications failing to recognize the HCRMON capability of the devices. This issue also affects TrafficDirector. This problem is resolved in software release 5.5(3). (CSCdr89597)
- The switch might reset with a TLB exception when the qos policy-source is changed from cops to local. This problem is resolved in software release 5.5(3). (CSCdr90417)
- If the file system is in use or a download is in progress when a scheduled reset occurs, the system might fail to reset and the switching modules might be powered down. This problem is resolved in software release 5.5(3). (CSCdr93503)
- Private VLAN mappings might be missing from show commands after a high availability switchover. This problem is resolved in software release 5.5(3). (CSCdr94109)
- A reset with minimum downtime (reset mindown command) might be stopped in the middle and never finish if the reset minimum downtime process is triggered by a scheduled reset mindown (reset mindown at hh:mm, or reset mindown in hh:mm) and you are doing any show commands between the time the scheduled reset mindown is happening and the active supervisor engine is being reset.
- A reset with minimum downtime might also be stopped in the middle if the scheduled reset mindown command is issued from a telnet session, and the telnet session is stopped when the scheduled reset mindown is occurring. The workaround is avoid doing any show commands during the time that the scheduled reset mindown is about to happen until the active supervisor engine is reset. Also, avoid stopping the telnet session while the scheduled reset mindown is happening. This problem is resolved in software release 5.5(3). (CSCdr97771)
- After you configure the scheduled reset time through SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are:
- Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
- If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
- This problem occurs when you configure the scheduled reset time through the SNMP MIB object, but does not occur when scheduling the reset time through the CLI. This problem is resolved in software release 5.5(3). (CSCdp86609)
- ASLB and ASLB+ problem: The LDA MLS cache might not be cleared even after the TCP session finishes. Also the LDA MLS cache might be cleared normally but appear to be recreated by a packet other than the SYN packet. In both cases the LDA MLS entry will remain in the cache until it is aged out.
- If you encounter these cache problems, you can use the hidden command set ld-d age [time in ms] to enable the aging of TCP cache entries faster than with the regular command. This hidden command is available in 5.5(3) and later releases. (CSCdr98794)
- The switch might reset with a TLB exception after using the show qos acl info config all command. This problem is resolved in software release 5.5(3). (CSCdr99011)
- BPDUs received on an ATM module interface might be dropped. This problem is resolved in software release 5.5(3). (CSCds04667)
- The switch might reset with a breakpoint exception when using the set banner motd command. This problem is resolved in software release 5.5(3). (CSCds07379)
- The IPX MLS aging time might not work correctly; shortcuts could remain active longer than the specified aging time. This problem is resolved in software release 5.5(3). (CSCds09546)
- LinkUp trap might be sent when changing a VLAN from "active" to "suspend" state. This problem is resolved in software release 5.5(3). (CSCds12806)
- When a port belongs to a private VLAN and RSVP is enabled, RSVP flows are not learned on the private VLAN port. This problem is resolved in software release 5.5(3). (CSCdr82784)
- When you configure the switch for auto-config and then reset the switch, ports might start forwarding before the auto-config starts execution. This is true for both a startup-config and an acl-config only file. This problem is resolved in software release 5.5(3). (CSCdr78762)
- The switch might reset with a TLB exception after issuing the set igmp disable command. This problem is resolved in software release 5.5(3). (CSCds14846)
- Under certain conditions different VLAN interfaces defined on the MSFC might incorrectly share the same default action for the output lookup. This does not happen on VLANs where IOS ACLs (router ACLs) are configured. This problem is resolved in software release 5.5(3). (CSCdr89081)
- With a large number of active dynamic host entries (100+) and a large number of port flaps, there is a possibility of corrupting the MAC address table, which might lead to an exception. The workaround is to disable VMPS or upgrade to 5.5(3) or later software. This problem is resolved in software release 5.5(3). (CSCdp67239)
- When there are a large number of dynamic host entries (100+), the dynamic VLAN reconfirmation procedure might report a timeout condition. This has no effect on the functionality of the system as the entry is reconfirmed immediately after this image is posted. To prevent these messages, you can lower the dvlan syslog level to 1 or upgrade to 5.5(3) or later. This problem is resolved in software release 5.5(3). (CSCdr54431)
- When an RSPAN source module is powered down during a high availability switchover, after the switchover the RSPAN destination port might still be seeing some broadcast/multicast traffic even without the source ports. This problem is resolved in software release 5.5(3). (CSCdr81151)
- When the IPX maximum hop count is changed on the MSFC it is not being accurately changed on the supervisor engine NMP (show mls command). Steps have been taken to check the validity of the IPX maximum hop count on the MSFC before passing it down to the supervisor engine NMP. In case of an invalid value, a default value of NOVELL_MAX_HOPS_ALLOWED (255) is sent down to NMP. This problem is resolved in software release 5.5(3). (CSCds08610)
- In systems with redundant supervisor engines, when a high availability switchover occurs, as the standby supervisor engine transitions to active it might experience a watchdog timeout and a series of Bus Timeout NMIs. The standby then remains inactive. The workaround is to power cycle the switch. This problem is resolved in software release 5.5(3). (CSCdr72885)
This section describes open and resolved caveats in supervisor engine software release 5.5(2).
This section describes open caveats in supervisor engine software release 5.5(2).
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times. The rise and fall times need to be shortened although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
- The set/clear cops domain-name commands might close Telnet sessions to the NMP. When the set cops domain-name command is run over a Telnet session to the NMP, the Telnet session might get terminated with a "connection lost" message. This could also happen with commands such as set qos enable/disable or set/clear port cops roles if the QoS policy source is set to COPS. (CSCdr54368)
- If there are no COPS policies defined on the COPS server and a Catalyst switch attempts to make a COPS DS connection to the COPS server, then local QoS policies will be applied or the NMP on the switch might experience a reset. The workaround is to define COPS DS policies on the COPS server before attempting to connect any devices to it. (CSCdr43041, CSCdr60174, CSCdr61165)
- If a COPS ACL containing a policer is downloaded to the switch and the switch cannot support the exact rate/burst supplied by the policer, there is no message to inform you that the rate/burst was rounded off to the nearest value that the hardware could support. (CSCdr28715)
- The Catalyst 6000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends down a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)
- If you create a security ACL with the redirect option and then replace the module that has the redirect port with another kind of module, the security ACL does not have the redirect port list anymore. The workaround is to manually modify the security ACL with the new redirect port information. (CSCdp74757)
- When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at 10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
- When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
- Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
- After you configure the scheduled reset time through the SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are:
- Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
- If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
- This problem occurs when you configure the scheduled reset time through SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
- In some situations, if there is an error in installing any COPS policy, a successful commit is sent to the PDP even though the policy was not correctly installed. In such situations, any modifications to the port's role combination will not install the correct policy on the port with the error condition. This might result in a switch reset. (CSCdp66572)
- The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Online diagnostic failures are experienced on modules during boot up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, as the rate value specified in the policer decreases the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
This section describes resolved caveats in supervisor engine software release 5.5(2).
- Occasionally, after a fast switchover (non-high availability) the 48-port 10/100TX RJ-45 module (WS-X6348-RJ-45) might report a minor hardware problem. If this occurs, all connected ports show faulty. The workaround is to reset the module and if the ports do not come up, reset the switch.This problem is resolved in software release 5.5(2). (CSCdr53825)
- When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. This problem is resolved in software release 5.5(2). (CSCdr67201)
- The QoS CoS DSCP map cannot be currently downloaded via COPS. The locally defined cos-dscp map is used instead when the QoS policy-source of the switch is set to COPS. This problem is resolved in software release 5.5(2). (CSCdr38648)
- The show cops pib command might cause the switch to reset if COPS is used. This problem is resolved in software release 5.5(2). (CSCdr52849)
- You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. This problem is resolved in software release 5.5(2). (CSCdr64288, CSCdr59094, CSCdr60993)
- If QoS is enabled and disabled repeatedly, then depending on the complexity of the QoS configuration, the switch might experience a reset. This problem is resolved in software
release 5.5(2). (CSCdr60464)
- QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. This problem is resolved in software release 5.5(2). (CSCdr57771)
- RSVP flows are not getting the correct DSCP values when the set port qos policy-source is set to local. This problem is resolved in software release 5.5(2). (CSCdr66180)
- Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. This problem is resolved in software release 5.5(2). (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
- Network Analysis Module Only: When you disable the SNMP-extended RMON NetFlow feature, NDE collection is not stopped automatically. This might cause high CPU utilization reaching to 100 percent. The workaround is to disable the MLS NDE feature manually when disabling the SNMP-extended RMON NetFlow feature. This problem is resolved in software release 5.5(2). (CSCdr56663)
- Network Analysis Module Only: When you disable the SNMP-extended RMON NetFlow feature, NDE collection is not stopped automatically. This might cause high CPU utilization reaching to 100 percent. The workaround is to disable the MLS NDE feature manually when disabling the SNMP-extended RMON NetFlow feature. This problem is resolved in software release 5.5(2). (CSCdr56698)
- For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
- We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
- When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the NMP is significantly loaded. This problem is resolved in software release 5.5(2). (CSCdr50206)
- After enabling DHCP on the 24-port FXS analog interface module (WS-X6224-FXS), the configuration shows DHCP disabled and the module does not register with Cisco CallManager but it does get the DHCP information. This problem is resolved in software release 5.5(2). (CSCdr67032)
- In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. This problem is resolved in software release 5.5(2). (CSCdp83157).
- If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing) and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. This problem is resolved in software release 5.5(2). (CSCdp75819)
- If the NVRAM is full and the software is upgraded to versions 5.4(x) or 5.5(1), the QoS and security ACL VLAN and port mapping configuration might be lost after the upgrade. This only happens if the ACL configuration is automatically moved to Flash memory during the upgrade, and that is only done when it is necessary to make more room in NVRAM to allow the upgrade process to work. A work around is to save the configuration before the upgrade and reapply the ACL mapping commands after the upgrade. This problem is resolved in software release 5.5(2). (CSCdr78755)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC) and high availability enabled and HSRP active, system CAM entries for HSRP might end up on the wrong MSFC after a high availability switchover.
- For example, if you reset the first supervisor engine, all system CAM entries for VLAN 440 are copied to the secondary MSFC (this is the correct behavior). The first supervisor engine finishes resetting and the MSFC comes online. HSRP is still active on the secondary supervisor engine. The system CAM entry for the VLAN 440 interface moves back to the first MSFC (this is the correct behavior). The system CAM entry for the HSRP interface for VLAN 440 also moves back to the first MSFC (this IS NOT the correct behavior). Consequently, all hosts using the HSRP interface as the default gateway cannot pass traffic beyond their subnets. The workaround is to configure HSRP with preemption and higher priority for one MSFC because when both MSFCs are up, the higher priority MSFC will always be active. In the case where the active MSFC goes down, the standby MSFC will become HSRP active, but when the MSFC comes back up, that MSFC will preempt the currently active MSFC to become HSRP active again. This problem is resolved in software release 5.5(2). (CSCdr01262)
- The NetFlow Data Export (NDE) task might cause high CPU utilization under heavy (fast) aging conditions. This problem is resolved in software release 5.5(2). (CSCdr10379)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), the show module command shows firmware (fw) as 0.0 for the MSFC after system bootup. This problem is resolved in software release 5.5(2). (CSCdr62924)
- IEEE llc registration entries are set when the first VLAN enabled is an inactive one. If spanning tree is disabled for all VLANs afterwards, the IEEE llc entry does not get cleared. The fix was to not set the IEEE llc entries when spanning tree is enabled for an inactive VLAN. This problem is resolved in software release 5.5(2). (CSCdr63409)
- During a "clear config all," the VTP database could be invalid (NULL domain and with no default VLANs) for a short period of time before high availability gets disabled. If some VTP events get into the high availability sync queue during this transition period, the VTP database on the standby supervisor engine could be corrupted. The fix ensures that the standby supervisor engine always has a valid VTP database during a "clear config all." This problem is resolved in software release 5.5(2). (CSCdr53367)
- Ports remain blocking after a high availability switchover. This is a corner case that would only occur with spanning tree disabled AND the user disabling/enabling a channel port during a high availability switchover. For example, spanning tree is disabled on the switch and a port in a channel is disabled. At this point you perform a high availability switchover and enable the channel port on the "new" active supervisor engine. Since spanning tree is disabled, the initialization on the new active supervisor engine did not go through the usual path and it did not take care of a field used to set the state in a channel port; therefore, the reenabled port stays in the blocking state. This problem is resolved in software release 5.5(2). (CSCdr19830)
- Port VLAN information is not displayed correctly after a system reset. This bug is restricted to 10/100 ports. If you add a port to a VLAN and then reset the system, the show vlan and show configuration commands might display different port VLAN information than the show port command. This problem is resolved in software release 5.5(2). (CSCdr77106)
- If RSVP path messages are received on an EtherChannel port, the switch might incorrectly send the NULL role combination to the COPS server, which results in applying the default policy to the flow. This problem is resolved in software release 5.5(2). (CSCdr72785)
- With RSVP disabled, creating a new Ethernet VLAN results in RSVP adding the SBM MAC addresses to the CAM; this prevents RSVP messages from being flooded downstream. This problem is resolved in software release 5.5(2). (CSCdr82555)
- On Catalyst 6000 family switches with redundant supervisor engines, if the uplink ports are already switching traffic and if the active supervisor engine synchronizes the runtime image and resets the standby supervisor engine, the port interface ASICs on the standby supervisor engine automatically reset. If a packet was switched on any of these ports, the sequence number seen by the rest of the system might not match with that of the packet that was lost due to the standby supervisor engine being reset. This could cause the switching modules and supervisor engines to report a "bus asic sequence mismatch." This problem is resolved in software release 5.5(2). (CSCdr72834)
- On Catalyst 6000 switches with redundant supervisor engines (MSFC and PFC), if IGMP snooping is disabled and subsequently enabled, the MSFCs will no longer be protected by the supervisor engine hardware from multicast traffic that arrives on their non-RPF interfaces, resulting in higher CPU utilization on the MSFCs. A reset of the switch is required to correct this condition. This problem is resolved in software release 5.5(2). (CSCdr82075)
- If you do a high availability switchover immediately (less than 3 seconds) after changing the trunk type (from isl to dot1q or vice versa), it is possible for that trunk to not be added to spanning tree. The workaround is to disable and reenable the port. This problem is resolved in software release 5.5(2). (CSCdr76108)
- The LTL flood index might not be cleared on the SPAN destination ports even after removing the SPAN source port modules. Because of that, traffic would be seen on the SPAN destination port even after removing the SPAN source port modules. This problem is resolved in software
release 5.5(2). (CSCdr79294)
- 8-Port T1/E1 ISDN PRI and 24-Port FXS Analog Station Interface modules: In CiscoView images, the Catalyst 6000 family voice module's port status information is not accurately reflected. The port status is always "other" or "ok." This has been corrected. For example, on the 24-port FXS module, when the phone is offhook (call in progress), the port status is "ok." When the phone is onhook, it is "other." And when it is disabled, the port status is "minorfault." This problem is resolved in software release 5.5(2). (CSCdr35662)
- The show port qos and show qos info ... commands do not work on ATM LANE modules (WS-X6101-OC12-MMF and WS-X6101-OC12-SMF). (CSCdr33320)
- 8-Port T1/E1 ISDN PRI and 24-Port FXS Analog Station Interface modules: While calls are active on these modules, you can disable individual port communication processors (860s) with the set port disable command; this disconnects all calls going through a particular 860. The NMP prompts you if any calls are currently active on the 860 when the set port disable command is issued. You will have the choice of terminating all calls on the 860 right away by disabling the 860 or you can opt to wait for the 860 call status to become idle before disabling the 860. (The 860 communications processor main functions are to act as an interface for the voice-data streams to the Ethernet, provide signaling for the T1/E1 line, and process call management commands.) This problem is resolved in software release 5.5(2). (CSCdr60305)
- This problem is due to module physical tolerances and is not present on all modules. You might see this problem when doing an online insertion or removal of a standby supervisor engine or a WS-X6348-RJ45 10/100 module while there is traffic present on the system. The problem manifests itself with a system reset with the following error message:
6509-#1-Dev-Lab:> (enable) 2000 Mar 30 17:28:47 %SYS-5-MOD_REMOVE:Module 16 has been
removed
2000 Mar 30 17:28:47 %SYS-5-MOD_REMOVE:Module 2 has been removed
cafe2_latte_seq_err_hdlr (Kernel and Idle), Exp:0, Rcv:0
PANIC:Earl is in panic
- The workaround is to issue a reset x, where x is the module number of the module to be removed, and then remove the module in slot x. This problem is resolved in software release 5.5(2). (CSCdp84973)
- The CLI does not allow flow control to be turned on when QoS is enabled. This problem is resolved in software release 5.5(2). (CSCdr38820)
This section describes open and resolved caveats in supervisor engine software release 5.5(1).
This section describes open caveats in supervisor engine software release 5.5(1).
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
- The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times. The rise and fall times need to be shortened although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
- The QoS CoS DSCP map cannot be currently downloaded via COPS. The locally defined cos-dscp map is used instead when the QoS policy-source of the switch is set to COPS. (CSCdr38648)
- The show cops pib command might cause the switch to reset if COPS is used. (CSCdr52849)
- The set/clear cops domain-name commands might close Telnet sessions to the NMP. When the set cops domain-name command is run over a Telnet session to the NMP, the Telnet session might get terminated with a "connection lost" message. This could also happen with commands such as set qos enable/disable or set/clear port cops roles if the QoS policy source is set to COPS. (CSCdr54368)
- If there are no COPS policies defined on the COPS server and a Catalyst switch attempts to make a COPS DS connection to the COPS server, then local QoS policies will be applied or the NMP on the switch might experience a reset. The workaround is to define COPS DS policies on the COPS server before attempting to connect any devices to it. (CSCdr43041, CSCdr60174, CSCdr61165)
- If a COPS ACL containing a policer is downloaded to the switch and the switch cannot support the exact rate/burst supplied by the policer, there is no message to inform you that the rate/burst was rounded off to the nearest value that the hardware could support. (CSCdr28715)
- The Catalyst 6000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends down a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)
- If the QoS policy source is changed from COPS to local and local to COPS quickly in succession, the switch might experience a reset. The workaround is to change the QoS policy source to local (set qos policy-source local), wait a few minutes, and then change the QoS policy source back to COPS (set qos policy-source cops). (CSCdr60530)
Note CSCdr60530 has not been seen in later releases.
- If QoS is enabled and disabled repeatedly, then depending on the complexity of the QoS configuration, the switch might experience a reset. (CSCdr60464)
- The show port qos and show qos info ... commands do not work on ATM LANE modules (WS-X6101-OC12-MMF and WS-X6101-OC12-SMF). (CSCdr33320)
- The ACL manager process might hang when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr60039)
Note CSCdr60039 has not been seen in later releases.
- You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
- If you create a security ACL with the redirect option and then replace the module that has the redirect port with another kind of module, the security ACL does not have the redirect port list anymore. The workaround is to manually modify the security ACL with the new redirect port information. (CSCdp74757)
- A port on the 48-port 10/100TX RJ-45 module (WS-X6348-RJ-45) with a status of errdisabled will not come up after enabling it; its status shows "notconnect." The workaround is to disconnect and then reconnect the cable attached to the port. (CSCdr31752)
Note CSCdr31752 has not been seen in later releases.
- QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
- Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
- Network Analysis Module Only: When you disable the SNMP-extended RMON NetFlow feature, NDE collection is not stopped automatically. This might cause high CPU utilization reaching to 100 percent. The workaround is to disable the MLS NDE feature manually when disabling the SNMP-extended RMON NetFlow feature. (CSCdr56663)
- Network Analysis Module Only: When you disable the SNMP-extended RMON NetFlow feature, NDE collection is not stopped automatically. This might cause high CPU utilization reaching to 100 percent. The workaround is to disable the MLS NDE feature manually when disabling the SNMP-extended RMON NetFlow feature. (CSCdr56698)
- Occasionally, after a high availability switchover, the now active supervisor engine might report a minor hardware problem. (CSCdr54908)
Note CSCdr54908 has not been seen in later releases.
- When a Cisco IP Phone 7960 is connected to a port on the 10/100 Ethernet switching module that supplies inline power, the phone might lose power after switching from wall power back to inline power. The link will remain up but the phone will be down. Note that this problem only occurs at 10 Mbps. The workaround is to disconnect and then reconnect the cable between the switch port and the phone. (CSCdr37056)
- Cisco IP Phone 7960: When you have a hub connected to the switch and IP phones connected to the hub, the phones might lose connectivity with Cisco CallManager if you remove and then reconnect power from one phone after a call has been established. The workaround is to power cycle the phone that had its power interrupted. This action brings up all phones connected to the hub. (CSCdr36895)
Note CSCdr36895 has not been seen in later releases.
- When enabling port security on a port, connectivity for that port gets broken. Although there is continuous traffic coming into the port, nothing gets through and no address is being secured. No static entry is present. As soon as port security is disabled on the port, a MAC address is dynamically learned and connectivity is reestablished. (CSCdr53893)
- Occasionally, after a fast switchover (non-high availability) the 48-port 10/100TX RJ-45 module (WS-X6348-RJ-45) might report a minor hardware problem. If this occurs, all connected ports show faulty. The workaround is to reset the module and if the ports do not come up, reset the switch.This problem is resolved in software release 5.5(2). (CSCdr53825)
- For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
- We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
- When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the NMP is significantly loaded. (CSCdr50206)
- In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. (CSCdp83157).
- Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
- After you configure the scheduled reset time through SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are:
- Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
- If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
- This problem occurs when you configure the scheduled reset time through the SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
- If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing) and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. (CSCdp75819)
- In some situations, if there is an error in installing any COPS policy, a successful commit is sent to the PDP even though the policy was not correctly installed. In such situations, any modifications to the port's role combination will not install the correct policy on the port with the error condition. This might result in a switch reset. (CSCdp66572)
- The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Online diagnostic failures are experienced on modules during boot up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, as the rate value specified in the policer decreases the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
This section describes resolved caveats in supervisor engine software release 5.5(1).
- MLS traffic might be interrupted for 10 to 20 seconds after a high availability switchover with ACLs. This problem was MSFC related and is resolved in MSFC IOS release 12.1(1)E2. (CSCdp87323)
This section describes open and resolved caveats in supervisor engine software release 5.4(4).
This section describes open caveats in supervisor engine software release 5.4(4).
- You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
- When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
- The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times. The rise and fall times need to be shortened although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
- We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
- When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the NMP is significantly loaded. (CSCdr50206)
- In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. (CSCdp83157).
- Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
- QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
- The QoS CoS DSCP map cannot be currently downloaded via COPS. The locally defined cos-dscp map is used instead when the QoS policy-source of the switch is set to COPS. (CSCdr38648)
- The show cops pib command might cause the switch to reset if COPS is used. (CSCdr52849)
- The set/clear cops domain-name commands might close Telnet sessions to the NMP. When the set cops domain-name command is run over a Telnet session to the NMP, the Telnet session might get terminated with a "connection lost" message. This could also happen with commands such as set qos enable/disable or set/clear port cops roles if the QoS policy source is set to COPS. (CSCdr54368)
- If there are no COPS policies defined on the COPS server and a Catalyst switch attempts to make a COPS DS connection to the COPS server, then local QoS policies will be applied or the NMP on the switch might experience a reset. The workaround is to define COPS DS policies on the COPS server before attempting to connect any devices to it. (CSCdr43041, CSCdr60174, CSCdr61165)
- If a COPS ACL containing a policer is downloaded to the switch and the switch cannot support the exact rate/burst supplied by the policer, there is no message to inform you that the rate/burst was rounded off to the nearest value that the hardware could support. (CSCdr28715)
- The Catalyst 6000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends down a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)
- In some situations, if there is an error in installing any COPS policy, a successful commit is sent to the PDP even though the policy was not correctly installed. In such situations, any modifications to the port's role combination will not install the correct policy on the port with the error condition. This might result in a switch reset. (CSCdp66572)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
- Online diagnostic failures are experienced on modules during boot up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, as the rate value specified in the policer decreases the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
- After you configure the scheduled reset time through SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are:
- Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
- If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
- This problem occurs when you configure the scheduled reset time through the SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
- If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing), and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. (CSCdp75819)
- The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
This section describes resolved caveats in supervisor engine software release 5.4(4).
- For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
- We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
- When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the NMP is significantly loaded. This problem is resolved in software release 5.4(4). (CSCdr50206)
- IGMP snooping does not relearn multicast router ports after a switchover. Only disabling and reenabling IGMP makes the router ports appear properly. This problem is resolved in software release 5.4(4). (CSCdp25436)
- When spanning tree is disabled in a VLAN, BPDUs are forwarded out on the same ATM interface on which they are received. This problem is resolved in software release 5.4(4). (CSCdr49743)
- The UDLD status between Catalyst 6000 family switches and Catalyst 6500 series switches in a large network may exhibit inconsistent behavior. Some links may show as "undetermined" on one or both sides, even though both sides are enabled and are passing UDLD packets. This problem is resolved in software release 5.4(4). (CSCdr52866)
- Using cut-and-paste during an inbound or outbound Telnet session might cause some characters to become lost and the Telnet session to hang. This problem is resolved in software release 5.4(4). (CSCdr40184)
This section describes open and resolved caveats in supervisor engine software release 5.4(3).
This section describes open caveats in supervisor engine software release 5.4(3).
- When an SNMP agent attempts to modify VLAN parameters (state, MTU, etc.), the attempt might fail with vtpVlanApplyStatus = someOtherError in the SNMP response from the switch. This is due to an inconsistency in the default Token Ring VLAN configuration in the VTP database with VTP V2 enabled. The workaround for this problem is to disable and then reenable VTP V2. (CSCdr56164)
Note CSCdr56164 has not been seen in later releases.
- You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
- When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
- The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times. The rise and fall times need to be shortened although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- For normal UDLD, the recommended message interval is 15 seconds. Caveat CSCdr50206 requires that you follow these configuration recommendations:
- We recommend that you do not use UDLD with the ON - AUTO trunk combination. UDLD can be used with any other valid trunk combination.
- When enabling aggressive UDLD, the recommended message interval is 30 seconds; beware that it might shut down the port on a link where there is an extended period of trunk state mismatch on two sides of the link, especially when the NMP is significantly loaded. (CSCdr50206)
- In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. (CSCdp83157).
- Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
- QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
- The QoS CoS DSCP map cannot be currently downloaded via COPS. The locally defined cos-dscp map is used instead when the QoS policy-source of the switch is set to COPS. (CSCdr38648)
- The show cops pib command might cause the switch to reset if COPS is used. (CSCdr52849)
- The set/clear cops domain-name commands might close Telnet sessions to the NMP. When the set cops domain-name command is run over a Telnet session to the NMP, the Telnet session might get terminated with a "connection lost" message. This could also happen with commands such as set qos enable/disable or set/clear port cops roles if the QoS policy source is set to COPS. (CSCdr54368)
- If there are no COPS policies defined on the COPS server and a Catalyst switch attempts to make a COPS DS connection to the COPS server, then local QoS policies will be applied or the NMP on the switch might experience a reset. The workaround is to define COPS DS policies on the COPS server before attempting to connect any devices to it. (CSCdr43041, CSCdr60174, CSCdr61165)
- If a COPS ACL containing a policer is downloaded to the switch and the switch cannot support the exact rate/burst supplied by the policer, there is no message to inform you that the rate/burst was rounded off to the nearest value that the hardware could support. (CSCdr28715)
- The Catalyst 6000 family switches do not support non-zero WRED minimum values. If a COPS QPM server sends down a COPS policy with a non-zero WRED minimum value, no error report is returned to the COPS server, and as a result, there is no indication to the user that the WRED minimum specified in the COPS policy was not used. (CSCdr28819)
- In some situations, if there is an error in installing any COPS policy, a successful commit is sent to the PDP even though the policy was not correctly installed. In such situations, any modifications to the port's role combination will not install the correct policy on the port with the error condition. This might result in a switch reset. (CSCdp66572)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDU's. (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
- Online diagnostic failures are experienced on modules during bring up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, as the rate value specified in the policer decreases the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
- After you configure the scheduled reset time through the SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are:
- Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
- If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
- This problem occurs when you configure the scheduled reset time through SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
- If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing), and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. (CSCdp75819)
- The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
This section describes resolved caveats in supervisor engine software release 5.4(3).
- When you insert a QoS-capable module below any module that is not QoS capable (except the ATM module), attempts to set one of the ports to port-based QoS fails and you receive a port busy error message. Modules that are not QoS capable are:
- This problem is resolved in software release 5.4(3). (CSCdr44006)
- Under certain conditions, the error message "QosSetVlanAcl Error" with a non-existent aclName appears. This problem is resolved in software release 5.4(3). (CSCdr29292)
- After a reset, the MSFC does not see IGMP packets until IGMP is disabled and then reenabled. This problem is resolved in software release 5.4(3). (CSCdr44200)
- Systems might reset with an exception if the SNMP PDU size is more than 1300 bytes. This problem exists in software releases 5.4(1) and 5.4(2). This problem is resolved in software release 5.4(3). (CSCdr33785)
- UplinkFast transitions and Serial Communications Protocol (SCP) messages are sent in incorrect order. During an UplinkFast transition, this could cause both the old and new root ports to be in FORWARDING state, creating the potential for spanning tree loops. This problem is resolved in software release 5.4(3). (CSCdr39668)
- If all the non-admin physical ports of EtherChannel sources become inactive (due to link down or disabled) in a PSPAN session, the ports are not removed from portCopyTable resulting in incorrect display of SPAN configuration through SNMP while CLI displays correct configuration. The only way to fix the problem is to reset the switch. This problem is resolved in software release 5.4(3). (CSCdr33492).
- After downloading the new LCP firmware image, the supervisor engine does not reboot. This problem is resolved in software release 5.4(3). (CSCdr11407)
- The show system command Sys-Status field shows "other" after a switchover to the redundant supervisor engine. This problem is resolved in software release 5.4(3). (CSCdr17119)
- In systems with redundant supervisor engines (PFCs) and high availability and QoS enabled, the TCAM utilization is not a problem with IP, IPX, and MAC QoS ACLs configured and mapped to ports. However, after the high availability switchover occurs, there are multiple TCAM FULL syslog messages. This problem is resolved in software release 5.4(3). (CSCdr14917)
- QoS ACLs are cleared on Gigabit EtherChannel ports after a high availability switchover. This behavior was observed in the following configuration: Redundant supervisor engines (PFCs), high availability and QoS enabled, and COPS as the policy source.
- There is a four-port Gigabit EtherChannel formed using the four supervisor engine uplink ports. There are local IPX and MAC ACLs mapped to these ports as well as the COPS IP ACL. A high availability switchover is performed and after ports on module 1 rejoin the four-port Gigabit EtherChannel, the reset 1 command is issued. When the ports on module 1 come back up, they join a two-port channel (1/1-2). A show port qos for module 2 shows no runtime ACLs and the runtime setting as VLAN-based. This problem is resolved in software release 5.4(3). (CSCdr18818)
- The IEEE llc registration entries are removed if the last .1q trunk port goes down and only one spanning tree is disabled. The problem will happen even if all spanning trees are disabled except one. In this case, the llc entries should be removed only if all spanning trees are disabled. This problem is resolved in software release 5.4(3). (CSCdr47799)
- When an EtherChannel is configured between two switches and the Spanning Tree Protocol is disabled, under some circumstances (such as a reboot or the presence of a lot of broadcasts on the sc0 VLAN), the EtherChannel might take a long time to come up. The workaround is to enable the Spanning Tree Protocol. This problem is resolved in software release 5.4(3). (CSCdr16565)
- In systems with redundant supervisor engines/MSFCs, reloading the active MSFC causes the other MSFC to take control of the FlexWAN module ports. However, after the new active MSFC come online, either one or both FlexWAN module ports are stuck in the "Down" state. The workaround is to power cycle the FlexWAN module. This problem is resolved in software
release 5.4(3). (CSCdr16997)
- Invalid IPX Protocol for IPX NetBIOS. The following example shows an error output for the IPX NetBIOS protocol option, although it appears as a valid option in "help" and "?" displays.
Console> (enable) set qos acl ipx ipxedit dscp 24 netbios any any
Invalid IPX protocol.
Console> (enable)
- The NetBIOS option was removed from the "help" and "?" displays. This problem is resolved in software release 5.4(3). (CSCdr29619)
- An example of this problem follows: You enter a large number of ACLs and map them to interface VLAN 4, but receive an error message:
Mapping in progress.
Cannot configure more than 9 logical operators (gt, lt, neq, range) in an IP ACL.
Failed to map VLAN 4 to ACL vlan4
- Hardware supports up to nine Layer 4 operators for each interface, two are reserved for fragment handling, so essentially, only seven are supported. When an ACL uses up the maximum number of supported Layer 4 operators, each subsequent ACE that needs more Layer 4 operators is expanded into an equivalent set of ACEs. A problem in the software caused the expansion logic from being called. This problem is resolved in software release 5.4(3). (CSCdr33104)
- In systems with redundant supervisor engines/MSFCs, if a TCAM update fails immediately after an MSFC switchover, the switch might reboot with a TLB exception in the ACL Manager. This problem is resolved in software release 5.4(3). (CSCdp88904)
- In a shared media environment, the UDLD detection mechanism might get stuck if there are concurrent linkup/link down events. This problem is resolved in software release 5.4(3). (CSCdp97787)
- Improper format of the snmpEngineID. The snmpEngineID should be 12 bytes instead of
10 bytes.
- When you upgrade from 5.4(1) or 5.4(2) to 5.4(3), 5.5(1) and newer software releases, the local snmpEngineID will automatically be converted from 10 bytes to 12 bytes if there is no local user configured in usmUserTable.
- If there are any local users in the usmUserTable, the 10-byte snmpEngineID will still remain unless you do one of the following:
- Delete all the local users from usmUserTable and then reset the system.
- Issue the clear config snmp or clear config all commands.
- This problem is resolved in software release 5.4(3). (CSCdr22335)
- When DSBM is enabled, the RSVP task calls the QoS task to set the port to do port-based QoS. However, the QoS task also attaches the CLI-configured ACL to the port, which removes any attached COPS ACL. This problem is resolved in software release 5.4(3). (CSCdr31596)
- In systems with redundant supervisor engines (PFCs) and high availability enabled, when you reset the system and then disable high availability, the standby supervisor engine might have a watchdog timeout. This problem is resolved in software release 5.4(3). (CSCdr32438)
- When several qos enable and qos disable commands are issued from within two different CLI processes (the console and a telnet session), there might be race conditions that cause a new enable/disable event to be processed before the previous one is completely finished. This causes an Assertion "head != NULL" failed .... assertion. This problem is resolved in software release 5.4(3). (CSCdr20448)
- The clear config all command does not clear a port's UDLD configuration. For example, UDLD and aggressive UDLD are enabled on port 3/3. After clearing the system configuration and enabling system wide UDLD, port 3/3 UDLD shows enabled (show udld port 3/3). The clear config all command should have set the port UDLD to disable. This problem is resolved in software release 5.4(3). (CSCdr35885)
- In a network where you have multicast senders and receivers in the same VLAN, if you apply an input RACL on the MSFC to deny multicast traffic, the access list will be honored in software. However, the system is not able to drop them in hardware. This might cause high CPU utilization on the MSFC if there is a lot of multicast traffic coming from the sender. The workaround is to have senders and receivers in different VLANs, in which case MMLS and MFD (multicast fast drop) can be used to drop the multicast traffic before it hits the CPU. This problem is resolved in software release 5.4(3). (CSCdr34122)
- A failed mapping on the MSFC can cause runtime and NVRAM to be out of synchronization. This problem is resolved in software release 5.4(3). (CSCdr23372)
- There might be inconsistent private VLAN mappings between the supervisor engine NMP and the MSFC. The show pvlan mapping command display on the switch might be inconsistent with what is displayed on the router using the show pvlan command. This problem is resolved in software release 5.4(3). (CSCdr45633)
- A private VLAN was deleted to enable GVRP, but GVRP still thinks the private VLAN exists. This problem might happen when a VLAN type is changed from primary, community, or isolated to none. In this case the VLAN was still considered to be part of a private VLAN, so VTP and GVRP could not be enabled. This problem is resolved in software release 5.4(3). (CSCdr35470)
- When you have two switches connected by link A and link B:
- link A
- SW-1(VTP client) ----------------------- SW-2(VTP server)
- | |
- --------------------------------
- link B
- If link A and link B are dot1q trunks and both SW-1 and SW-2 are reset at the same time, there could be a loop in the topology due to a race condition. The workaround is to disable and enable the links after both the systems come up. This problem is resolved in software release 5.4(3). (CSCdr33260)
- A port security bug was allowing traffic from VLANs 1 to 255 to be passed; the rest was getting dropped. This problem is resolved in software release 5.4(3). (CSCdr22508)
- Protocol Independent Multicast (PIM) Hello messages might be suppressed in PIM v1v2 mode. This problem happens only when routers are in PIM v1v2 mode; in this mode, they send odd length PIM packets. The IGMP snooping checksum algorithm was calculating the checksum incorrectly for odd length packets and dropping these packets in the software after capturing them. This caused the routers to time out their PIM neighbors. This problem is resolved in software release 5.4(3). (CSCdr25218)
- When trying to set ifAdminStatus to an invalid value, the SNMP agent might return "noAccess" instead of "wrongValue" and the ATM module might be reset. This problem is resolved in software release 5.4(3). (CSCdr39530)
- The switch might reboot with a breakpoint exception when the set qos acl map command is used. This problem is resolved in software release 5.4(3). (CSCdr45906)
- The switch might reboot with a TLB exception when using the set mls statistics protocol command with a very large protocol number string. This problem is resolved in software
release 5.4(3). (CSCdr43793)
- UDLD enhancements including an aggressive UDLD mode have been added to software release 5.3(4) and later releases. For more information, see the "Features for Supervisor Engine Software Release 5.4" section. This problem is resolved in software release 5.4(3). (CSCdp69036)
- The system time is reduced by 1 hour every time you issue the clear config all command. This problem is only in release 5.4(2). The following message will display when the time changes:
2000 May 04 05:43:22 %SYS-5-SYS_TIMECHNG:System time has changed due to summertime
- This problem is resolved in software release 5.4(3). (CSCdr41909)
- In software release 5.4(1) and later, for authentication retries, TACACS+ prompts for a password only but not for a username. This problem is resolved in software release 5.4(3). (CSCdr44356)
- After closing a Telnet session, the switch still shows the session as open. Using the disconnect ip_address command to disconnect a user and manually close the session does not close the session. This problem is resolved in software release 5.4(3). (CSCdp33649)
- The show TopN utility reports errors on trunk ports when no errors occurred. This problem is resolved in software release 5.4(3). (CSCdr23551)
- When a module with no NVRAM is disabled and then brought back online, the administrative group used by the module ports might be shared with ports on another module. This could cause a system reset since bundling ports across modules is not supported. This problem is resolved in software release 5.4(3). (CSCdr25839)
This section describes open and resolved caveats in supervisor engine software release 5.4(2).
This section describes open caveats in supervisor engine software release 5.4(2).
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
- The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times. The rise and fall times need to be shortened although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
- When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
- In rare corner cases, during a fast switchover of the supervisor engines, some of the unconnected ports on an Ethernet module might light up green as if connected and the software reports that the ports are connected and in spanning tree forwarding state. The workaround to clear the port's undefined state, is to reset the module. (CSCdp83157).
- Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
- QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
- If there are no COPS policies defined on the COPS server and a Catalyst switch attempts to make a COPS DS connection to the COPS server, then local QoS policies will be applied or the NMP on the switch might experience a reset. The workaround is to define COPS DS policies on the COPS server before attempting to connect any devices to it. (CSCdr43041, CSCdr60174, CSCdr61165)
- Release 5.4(1) and 5.4(2) images will not be high availability (HA) compatible with HA versioning enabled. If one supervisor engine has 5.4(1) and the other has 5.4(2) and HA and HA versioning are enabled, a fast switchover will occur. For such a configuration, on switchover, those modules whose bundled images are incompatible (different images), will be reset so that the correct image gets downloaded. The requirement is that all module images should be the same as that of the currently active supervisor engine. (CSCdr21689)
- MLS traffic might be interrupted for 10 to 20 seconds after a high availability switchover with ACLs. (CSCdp87323)
- Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
- After you configure the scheduled reset time through the SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are:
- Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
- If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
- This problem occurs when you configure the scheduled reset time through SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
- If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing), and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. (CSCdp75819)
- In some situations, if there is an error in installing any COPS policy, a successful commit is sent to the PDP even though the policy was not correctly installed. In such situations, any modifications to the port's role combination will not install the correct policy on the port with the error condition. This might result in a switch reset. (CSCdp66572)
- The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Online diagnostic failures are experienced on modules during bring up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, as the rate value specified in the policer decreases the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
This section describes resolved caveats in supervisor engine software release 5.4(2).
- After a high availability switchover and COPS-DS is unable to reconnect to the PDP, if a local IP ACL had been mapped to a channelling supervisor uplink port, this mapping may no longer exist when QoS policy reverts to local. This problem is resolved in software release 5.4(2). (CSCdp89069)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), after power cycling the system, some modules might show this message:
LC_DNLD_VERIFY: Error - Checksum verify fail errors.
- Note that this bug has no impact and you should ignore these messages. This problem is resolved in software release 5.4(2). (CSCdp06845)
- Summertime start and end dates are not calculated correctly when using the generic summertime rule if the start and end rules span across year-end (southern hemisphere rule). The workaround is to use a fixed date for the southern hemisphere. This problem is resolved in software release 5.4(2). (CSCdp91755)
- Autostate is a mechanism that shuts down the MSFC's VLAN interface if there are no active ports (physical ports) in that VLAN on the switch. However, in a dual-supervisor engine configuration with two MSFCs, if you have overlapping VLANs on both MSFCs, the MSFC's VLAN interface stays up even when there are no active switch ports in a VLAN. The supervisor engine software cannot determine if the last port in a VLAN is a router port or a switch port which prevents the autostate mechanism from working in dual MSFC configurations. This problem is resolved in software release 5.4(2). (CSCdp62432)
- During system switchover, the EOBC channel and the EOBC components on the MSFC and PFC might be heavily loaded. This is a rare condition, but RACL configuration messages from the MSFC and their replies from the PFC might be lost or timeout. Delivery ack and transmission retries have been added in software release 5.4.2 which increase the robustness of the communication. Worst case if all retries fail, RACL configuration download might be paused for 5 minutes. This problem is resolved in software release 5.4(2). (CSCdp68613)
- There was a bug in the parsing routines for COPS-RSVP DEC messages, that caused the switch to crash if a particular type of DEC for a Guaranteed or Controlled Load RSVP service was received. This bug only occurred with COPS-QPM 1.0, and was never experienced with previous versions of QPM. This problem is resolved in software release 5.4(2). (CSCdr17267)
- In a system with an MSM, if the MSM has a large configuration, the supervisor engine might reset the MSM before it fully boots up. This problem is resolved in software release 5.4(2). (CSCdr08977)
- When you change the port from VLAN-based to port-based QoS, the console hangs. Once the console hangs, you cannot run another console window to the switch. The workaround is to not specify multiple ports in a channel when using the set port qos {portlist} {port-based | vlan-based} command (for example, use set port qos 5/1 port-based instead of set port qos 5/1-4 port-based if ports 5/1-4 are channeling). This problem is resolved in software release 5.4(2). (CSCdp86860)
- When a channel includes uplink ports of the standby supervisor engine and QoS is disabled, after a switchover, the uplink ports in the channel might get separated into a different channel due to one inconsistent QoS parameter. The workaround is to make sure that you provide consistent QoS parameters so that the channel will remain intact. This problem is resolved in software release 5.4(2). (CSCdp83477)
- Configuring the filters for SPAN with the SNMP agent results in the failure of the underlying SPAN code to correctly set the filter. This only happens when SPAN has not already been configured with a filter using the CLI command set span src dest filter vlan. If SPAN is already configured with a filter, configuring the SPAN using the SNMP agent with a filter works fine. This problem is resolved in software release 5.4(2). (CSCdp88048)
- If you have just one supervisor engine with an MSFC installed, and it is in slot 2 (nothing in slot1), and you have an MSM installed, you might not be able to ping the MSFC after resetting the supervisor engine. The workaround is to do a shut/no-shut on the MSFC's VLAN interface, move the supervisor engine/MSFC to slot 1, or remove the MSM. This problem is resolved in software release 5.4(2). (CSCdp95738)
- Occasionally, after the MSFC is rebooted, the SCP message that identifies the router IP address and MAC address is lost, resulting in all packets used to download MLSM shortcuts from the MSFC to the NMP being dropped. This problem is resolved in software release 5.4(2). (CSCdp95610)
- A non-privileged user can obtain both the read and write SNMP community strings through the web interface. This problem is resolved in software release 5.4(2). (CSCdr05683)
- When a private VLAN has more than 128 secondary VLANs, the ACL code corrupts the stack because it wrongly assumes that the maximum number of secondary VLANs associated with a primary VLAN are 128. The maximum number of secondary VLANs is actually 1000. This problem is resolved in software release 5.4(2). (CSCdr08031)
- While connected to the console port of a Catalyst 6509 supervisor engine, if you Telnet out of the supervisor engine, the Catalyst 6509 switch reboots with a TLB exception. To avoid this problem, do not cut and paste a large amount of data onto the Telnet screen while Telnetting out of or sessioning into the MSM. This problem is resolved in software release 5.4(2). (CSCdp60430)
- If you disable one of the MSFCs on a redundant system using the set module disable {mNo} command, Layer 3 traffic might experience some problems. The workaround is to disable the MSFC by either resetting the MSFC and keeping it in ROM monitor state while disabled, or shutting down the interfaces and then disabling the MSFC. This problem is resolved in software release 5.4(2). (CSCdp87031) (CSCdp83535).
- The system might encounter an exception while trying to save a corrupted memory block to NVRAM. This problem is resolved in software release 5.4(2). (CSCdp99286)
- You cannot use the copy config tftp command (the write net command does work). This problem is resolved in software release 5.4(2). (CSCdp96537)
- If you set up VSPAN (for local SPAN or RSPAN) for an existing isolated or community VLAN, then the ports in that isolated or community VLAN will not be included as "Oper Source" by SPAN. The workaround for this problem is to configure SPAN for an isolated or community VLAN before you add ports to it so that SPAN can detect those ports and treat them appropriately. This problem is resolved in software release 5.4(2). (CSCdp83817)
- If snmpwalk is used against the MSFC, snmpwalk returns 0.0.0.0 for the MSFC moduleIPAddress. This problem is resolved in software release 5.4(2). (CSCdp95551)
- While connected to the console port of a Catalyst 6509 supervisor engine, if you Telnet out of the supervisor engine, the Catalyst 6509 switch reboots with a TLB exception. To avoid this problem, do not cut and paste a large amount of data onto the Telnet screen while Telnetting out of or sessioning into the MSM. This problem is resolved in software release 5.4(2). (CSCdp60430)
- If you enter the set qos txq-ratio, clear config, or the set qos enable or disable command when traffic was flowing, the Coil Packet Buffer Pointers are reset, and this may cause any of the following warning messages to display:
%SYS-5-SYS_LCPERR5:Module <n>:Coil Pinnacle Header Checksum Error - Port #<y>:
%SYS-5-SYS_LCPERR5:Module <n>:Coil Mdtif Packet CRC Error - Port #<y>:
%SYS-5-SYS_LCPERR5:Module <n>:Coil Mdtif State Machine Error - Port #<y>:
- If you see any of these warning messages after entering the set qos txq-ratio, clear config, or the set qos enable or disable command, ignore the warning message. This problem is resolved in software release 5.4(2). (CSCdp84355)
- When you configure a QoS MAC-CoS entry, the QoS information is synchronized to the standby supervisor engine and when a high availability switchover occurs, the CoS value is correctly assigned to all packets of the specified destination address. However, for existing permanent CAM entries with MAC-CoS configured earlier (for example, before the switch was rebooted), the CAM entries created on the standby do not have the correct QoS (CoS) value set and so for those entries, after HA switchover, the CoS value will not be correctly assigned to any packets of the specified destination address. This problem is resolved in software release 5.4(2). (CSCdp73056)
- If you disable high availability, after a switchover, the newly active supervisor engine displays a SPANTREE-3-SWOVER_TOOLONG event on the console. This problem is resolved in software release 5.4(2). (CSCdp81771)
- When you change an IPX flow to destination-source, the show mls entry ipx destination command used to specify a specific destination displays all IPX Layer 3 entries rather than just those for a specific destination IPX address. This problem is resolved in software release 5.4(2). (CSCdm46984)
- Occasionally, when a module is removed before it comes online (and before it is finished running diagnostics), memory corruption might occur. To avoid this problem, do not remove or reinsert a module during system power up and do not remove or reinsert a module before it comes online. This problem is resolved in software release 5.4(2). (CSCdp27673) (CSCdp27562)
- When you change the port from VLAN-based to port-based QoS, the console hangs. Once the console hangs, you cannot run another console window to the switch. The workaround is to not specify multiple ports in a channel when using the set port qos {portlist} {port-based | vlan-based} command (for example, use set port qos 5/1 port-based instead of set port qos 5/1-4 port-based if ports 5/1-4 are channeling). This problem is resolved in software release 5.4(2). (CSCdp86860)
- The Catalyst 6000 family switches do not support PIB version 0.6. As a result, error messages might display when unsupported policies are downloaded. This problem is resolved in software release 5.4(2). (CSCdp92562)
- If a system high availability switchover also involves a redundancy switchover of the MSFC, Layer 3 traffic for interfaces configured with RACLs might be temporarily denied until the switchover is complete. This problem is resolved in software release 5.4(2). (CSCdr13831)
- The switch crashes when doing a MIB walk on cseRouterVlanTable. The switch maintains a data structure for each MSFC it supports. In this instance, the MSFC comes up in the state "other" (meaning it is not online). Because of this, the data structure is not initialized, and therefore when accessed it causes the switch to crash. This problem is resolved in software release 5.4(2). (CSCdr08015)
- The switch crashes when using the clear config command. The switch in this case was a non-EARL5 system. The clear config code accessed the Layer 3 switching code, but since the non-EARL5 system does not have the Layer 3 switching hardware, the switch crashed. This problem is resolved in software release 5.4(2). (CSCdr09318)
- The show mls command displays VLANs that are down on the MSFC side. This problem is resolved in software release 5.4(2). (CSCdr09358)
- When SBM messages are received on a non-native VLAN of a port on which DSBM elections are enabled, the elections are disabled, because the switch only deals with elections on the native VLAN. Even though the elections are disabled, the switch still listens to SBM messages on the port, behaves as an SBM client, and maintains information about the current DSBM. If the current DSBM stops sending I_AM_DSBM messages or gives up, the switch resumes the election process. When a DSBM on a non-native VLAN gave up the DSBM status (by sending a DSBM_WILLING message with priority equals to 0), the switch was not resuming the election process. Election now resumes correctly. This problem is resolved in software release 5.4(2). (CSCdr09915)
- If the set pvlan command is issued for a port belonging to a module that is resetting, the configuration of that port might end up being incorrect in some cases. The code now handles the case of a module that is not online and rejects the command. This problem is resolved in software release 5.4(2). (CSCdr08064)
This section describes open and resolved caveats in supervisor engine software release 5.4(1).
This section describes open caveats in supervisor engine software release 5.4(1).
- Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
- The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times. The rise and fall times need to be shortened although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
- When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
- QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
- After a high availability switchover and COPS-DS is unable to reconnect to the PDP, if a local IP ACL had been mapped to a channelling supervisor uplink port, this mapping may no longer exist when QoS policy reverts to local. This problem is resolved in software release 5.4(2). (CSCdp89069)
- If there are no COPS policies defined on the COPS server and a Catalyst switch attempts to make a COPS DS connection to the COPS server, then local QoS policies will be applied or the NMP on the switch might experience a reset. The workaround is to define COPS DS policies on the COPS server before attempting to connect any devices to it. (CSCdr43041, CSCdr60174, CSCdr61165)
- Occasionally, a TLB exception might occur in the ACL manager after an MSM reload. (CSCdp77705)
- MLS traffic might be interrupted for 10 to 20 seconds after a high availability switchover with ACLs. (CSCdp87323)
- If you disable one of the MSFCs on a redundant system using the set module disable {mNo} command, Layer 3 traffic might experience some problems. The workaround is to disable the MSFC by either resetting the MSFC and keeping it in ROM monitor state while disabled, or shutting down the interfaces and then disabling the MSFC. (CSCdp87031) (CSCdp83535).
- If you set up VSPAN (for local SPAN or RSPAN) for an existing isolated or community VLAN, then the ports in that isolated or community VLAN will not be included as "Oper Source" by SPAN. The workaround for this problem is to configure SPAN for an isolated or community VLAN before you add ports to it so that SPAN can detect those ports and treat them appropriately. (CSCdp83817)
- While connected to the console port of a Catalyst 6509 supervisor engine, if you Telnet out of the supervisor engine, the Catalyst 6509 switch reboots with a TLB exception. To avoid this problem, do not cut and paste a large amount of data onto the Telnet screen while Telnetting out of or sessioning into the MSM. (CSCdp60430)
- After you configure the scheduled reset time through SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are:
- Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
- If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
- This problem occurs when you configure the scheduled reset time through SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
- If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing), and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. (CSCdp75819)
- If you enter the set qos txq-ratio, clear config, or the set qos enable or disable command when traffic was flowing, the Coil Packet Buffer Pointers are reset, and this may cause any of the following warning messages to display:
%SYS-5-SYS_LCPERR5:Module <n>:Coil Pinnacle Header Checksum Error - Port #<y>:
%SYS-5-SYS_LCPERR5:Module <n>:Coil Mdtif Packet CRC Error - Port #<y>:
%SYS-5-SYS_LCPERR5:Module <n>:Coil Mdtif State Machine Error - Port #<y>:
- If you see any of these warning messages after entering the set qos txq-ratio, clear config, or the set qos enable or disable command, ignore the warning message. (CSCdp84355)
- In some situations, if there is an error in installing any COPS policy, a successful commit is sent to the PDP even though the policy was not correctly installed. In such situations, any modifications to the port's role combination will not install the correct policy on the port with the error condition. This might result in a switch reset. (CSCdp66572)
- When you configure a QoS MAC-CoS entry, the QoS information is synchronized to the standby supervisor engine and when a high availability switchover occurs, the CoS value is correctly assigned to all packets of the specified destination address. However, for existing permanent CAM entries with MAC-CoS configured earlier (for example, before the switch was rebooted), the CAM entries created on the standby do not have the correct QoS (CoS) value set and so for those entries, after HA switchover, the CoS value will not be correctly assigned to any packets of the specified destination address. (CSCdp73056)
- If you disable high availability, after a switchover, the newly active supervisor engine displays a SPANTREE-3-SWOVER_TOOLONG event on the console. (CSCdp81771)
- The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Online diagnostic failures are experienced on modules during bring up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, as the rate value specified in the policer decreases the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
- When you change an IPX flow to destination-source, the show mls entry ipx destination command used to specify a specific destination displays all IPX Layer 3 entries rather than just those for a specific destination IPX address. (CSCdm46984)
- Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
- Occasionally, when a module is removed before it comes online (and before it is finished running diagnostics), memory corruption might occur. To avoid this problem, do not remove or reinsert a module during system power up and do not remove or reinsert a module before it comes online. (CSCdp27673) (CSCdp27562)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), after power cycling the system, some modules might show this message:
LC_DNLD_VERIFY: Error - Checksum verify fail errors.
- Note that this bug has no impact and you should ignore these messages. This problem is resolved in software release 5.4(2). (CSCdp06845)
- When you change the port from VLAN-based to port-based QoS, the console hangs. Once the console hangs, you cannot run another console window to the switch. The workaround is to not specify multiple ports in a channel when using the set port qos {portlist} {port-based | vlan-based} command (for example, use set port qos 5/1 port-based instead of set port qos 5/1-4 port-based if ports 5/1-4 are channeling). (CSCdp86860)
- Summertime start and end dates are not calculated correctly when using the generic summertime rule if the start and end rules span across year-end (southern hemisphere rule). The workaround is to use a fixed date for the southern hemisphere. (CSCdp91755)
This section describes resolved caveats in supervisor engine software release 5.4(1).
- If you remove a line module at the same time as you remove an active supervisor engine from a Catalyst 6000 family switch that is in a redundant supervisor configuration, the switch may become unreachable. To prevent this, wait at least 5 seconds after removing an active supervisor engine to allow the switchover to occur before you remove a line card. This problem is resolved in software release 5.4(1). (CSCdp59829)
- PAgP fails if you disable and then enable a 4-port channel. This problem is resolved in software release 5.4(1). (CSCdm09474)
- A disabled port may get link up and become trunk under certain scenarios. When a trunk port with a native VLAN other than 1 is disabled and that native VLAN is not active on the system, the switch may get VTP updates through other trunks in the switch and activate the VLAN. When the VLAN becomes active, the disabled port gets enabled and gets a link up. This problem is resolved in software release 5.4(1). (CSCdp39638)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), the following bus ASIC sequence mismatch might occur during a switchover:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 7 (asic=1,
srcidx=0x0, seq=0)
- Note that this bug has no impact and you should ignore these messages. This problem is resolved in software release 5.4(1). (CSCdp25633)
- The RSVP access control entry (ACE) does not attach over an EtherChannel port if the QoS policy for ports forming the channel are set at different times. The workaround is to execute the steps that cause the problem in a different order. Consider that ports 4/1-8 are to be channeled and have identical role combinations:
- set port qos 4/1 policy local
- set qos acl map acl1 4/1
- set qos policy cops
- set port qos 4/1 policy cops
- set port channel 4/1-8 des
- The above sequence of steps causes the problem. The following fix ensures that you never map different ACLs to different ports which might channel together and later switch them to all map to the same ACL.
- The fix involves performing an intermediate step, clearing the ACL mapping on the ports that have a different ACL mapping than the other ports, and mapping them to all have the same ACL before trying to channel them together (it is important to clear the older mapping first).
- set port qos 4/1 policy local
- set qos acl map acl1 4/1
- set qos policy cops
- clear qos acl map acl1 4/1
- set port qos 4/1 policy cops
- set port channel 4/1-8 des
- This problem is resolved in software release 5.4(1). (CSCdp26277)
- When a port channel is configured between the Catalyst 6000 and Catalyst 5000 family switches, and you add or remove a port from the channel, ping traffic affected by this action may be interrupted for a very short time. This is due to redistribution of hardware registers. Also, the pings between the switches fail if more than two ports are added to the channel or the CAM table is cleared while the pings are in progress. This problem is resolved in software release 5.4(1). (CSCdp35639)
- After clearing a COPS role or all COPS roles, the console might hang for approximately
20 seconds before showing that the roles cleared. This problem is resolved in software release 5.4(1). (CSCdp34381)
- When you remove a module and then reinsert a different module, after using the clear config mod_num command on the newly inserted module, the first port on the module might be shown as disabled in the port status field. There are two workarounds: 1) Do a second clear config mod_num. 2) Do a set port enable on the first port. This problem is resolved in software release 5.4(1). (CSCdp25328)
- In systems with redundant supervisor engines, after a switchover to the redundant supervisor engine, the following message might be reported to the console:
Got main interrupt val : 0x2
Interrupt in DBus Slave block: 0x200
Soft reset of titan : done
- Note that this bug has no impact and you should ignore these messages. This problem is resolved in software release 5.4(1). (CSCdp03131)
- Enabling RSVP installs local ACLs when COPS is the policy and DSBM is enabled on the port. This problem is caused when you configure a port to have COPS policy instead of local NVRAM policy and then you enable DSBM. The workaround is to enable DSBM first and then change the policy to COPS. If the port policy is already COPS, toggle this configuration to avoid the problem described. This problem is resolved in software release 5.4(1). (CSCdp52924)
- After clearing and copying the configuration back to the VLAN, VTP and channel information is not copied properly. This problem is resolved in software release 5.4(1). (CSCdp31695)
- After downloading a new image, the supervisor engine may reset. This problem is resolved in software release 5.4(1). (CSCdp43577)
- CDP entries are not found on the dot1q trunk of the 16-port Gigabit Ethernet module for the supervisor engine port. This occurred on a system where the neighboring port had 1 as the native VLAN, the local port had an inactive native VLAN, and the link was a trunk. This problem is resolved in software release 5.4(1). (CSCdp49380)
- If DNS lookup fails, a high rate of memory leaks occur for every DNS lookup. This problem is resolved in software release 5.4(1). (CSCdp71815)
- If you enter a clear configuration command in a system with redundant supervisor engines and then reboot the switch, the time offset DHCP parameter may change. When this happens, the software must adjust the clock and then the standby supervisor engine must be synchronized to the active supervisor engine. However, because DHCP has not been able to register with the standby supervisor engine it is unable to update it. This problem is resolved in software release 5.4(1). (CSCdp73974)
- Memory corruption might occur in the event of a TCAM allocation failure such as tcam full, and the switch may reset. This problem is resolved in software release 5.4(1). (CSCdp78629)
- The show trunk command displays LANE ports as not-trunking. However, there is no connectivity issue with PVC and LANE. This problem is resolved in software release 5.4(1). (CSCdr13492)
This section describes the open and resolved caveats in supervisor engine software release 5.3(6)CSX.
This section describes the open caveats in supervisor engine software release 5.3(6)CSX.
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- When the host from a dynamic VLAN port pings the switch sc0 interface in a different VLAN (so the ping has to go through the MSFC), the port that the host is attached to might get disabled by an EARL failure. The workaround is to use static VLANs for the host port or access sc0 from the same VLAN. (CSCdr67201)
- The WS-X6248-RJ-45 10/100 switching modules might occasionally send signals with long rise and fall times. The rise and fall times need to be shortened although testing shows that the existing signals are clear enough to be received correctly. (CSCdr39256)
- You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
- The clear cops role ... command might cause the switch to reset with a TLB exception. (CSCdr59342)
Note CSCdr59342 has not been seen in later releases.
- QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
- Occasionally, after a high availability switchover, when you enter any of the show qos commands, you might receive incorrect output about the QoS/COPS ACL mappings. Your output might show that your switch has no QoS/COPS ACL mappings when the ACLs are actually in the hardware. This applies with either COPS or locally configured ACLs (IP, IPX, MAC) and policers. This condition continues until the COPS-DS client on the new active supervisor engine establishes connection to the PDP and downloads the QoS policy, or until the local QoS configuration is reinstalled in the CLI output structures. (CSCdp45099)
- If there are no COPS policies defined on the COPS server and a Catalyst switch attempts to make a COPS DS connection to the COPS server, then local QoS policies will be applied or the NMP on the switch might experience a reset. The workaround is to define COPS DS policies on the COPS server before attempting to connect any devices to it. (CSCdr43041, CSCdr54688, CSCdr60174, CSCdr61165)
Note CSCdr54688 is not seen in later releases.
- After a high availability switchover and COPS-DS is unable to reconnect to the PDP, if a local IP ACL had been mapped to a channelling supervisor uplink port, this mapping may no longer exist when QoS policy reverts to local. This problem is resolved in software release 5.4(2). (CSCdp89069)
- Occasionally, a TLB exception might occur in the ACL manager after an MSM reload. (CSCdp77705)
- MLS traffic might be interrupted for 10 to 20 seconds after a high availability switchover with ACLs. (CSCdp87323)
- In some cases, when you try to map a QoS ACL to a port, the following message displays:
Transient error. Port state in transition. Please retry command.
Failed to map ACL mac-basic to port mod_num/port_num.
- This might be caused by a QoS ACL mismatch condition. If the error condition persists, you may try disabling the channel ports and reenabling them. (CSCdp86997)
Note CSCdp86997 has not been seen in later releases.
- If you disable one of the MSFCs on a redundant system using the set module disable {mNo} command, Layer 3 traffic might experience some problems. The workaround is to disable the MSFC by either resetting the MSFC and keeping it in ROM monitor state while disabled, or shutting down the interfaces and then disabling the MSFC. (CSCdp87031) (CSCdp83535).
- If you set up VSPAN (for local SPAN or RSPAN) for an existing isolated or community VLAN, then the ports in that isolated or community VLAN will not be included as "Oper Source" by SPAN. The workaround for this problem is to configure SPAN for an isolated or community VLAN before you add ports to it so that SPAN can detect those ports and treat them appropriately. (CSCdp83817)
- Occasionally, after a topology change, a port might be stuck in a blocking state with a point-to-point trunk blocking on both sides of a VLAN. The port might get stuck in the blocking state although it is not seeing any BPDUs. (CSCdr56738) (CSCdr69299 - duplicate of CSCdr56738)
- While connected to the console port of a Catalyst 6509 supervisor engine, if you Telnet out of the supervisor engine, the Catalyst 6509 switch reboots with a TLB exception. To avoid this problem, do not cut and paste a large amount of data onto the Telnet screen while Telnetting out of or sessioning into the MSM. (CSCdp60430)
- After you configure the scheduled reset time through SNMP MIB object csyScheduledResetTime, changes you make to the value of the csyScheduledResetAction object are accepted, but the new reset type does not take effect unless you set the csyScheduledResetTime again. The possible workarounds for this problem are:
- Always set the csyScheduledResetAction object before setting the csyScheduledResetTime object when you configure the scheduled reset feature through SNMP.
- If you need to change the csyScheduledResetAction object, you have to reset the csyScheduledResetTime object afterwards.
- This problem occurs when you configure the scheduled reset time through the SNMP MIB object, but does not occur when scheduling the reset time through the CLI. (CSCdp86609)
- If you accidentally create a router interface (for example, an interface created on the MSFC) for a secondary VLAN, and then delete it, Layer 3 traffic on the secondary VLAN might be dropped. If you accidentally create a router interface for a secondary VLAN, do not delete the interface until the corresponding VLAN on the switch is also cleared. Otherwise, the only workaround (other than resetting the whole switch) is to clear the VLAN on the switch (the corresponding interface on the MSFC should be already missing) and then enter the set vlan and set pvlan commands to set up the VLAN. This, unfortunately, might require that the ports assigned to that VLAN be moved temporarily to another VLAN. (CSCdp75819)
- In the event of a bus NMI timeout error, reset of the supervisor engine does not occur. (CSCdp81174)
Note CSCdp81174 has not been seen in later releases.
- If you enter the set qos txq-ratio, clear config, or the set qos enable or disable command when traffic was flowing, the Coil Packet Buffer Pointers are reset, and this may cause any of the following warning messages to display:
%SYS-5-SYS_LCPERR5:Module <n>:Coil Pinnacle Header Checksum Error - Port #<y>:
%SYS-5-SYS_LCPERR5:Module <n>:Coil Mdtif Packet CRC Error - Port #<y>:
%SYS-5-SYS_LCPERR5:Module <n>:Coil Mdtif State Machine Error - Port #<y>:
- If you see any of these warning messages after entering the set qos txq-ratio, clear config, or the set qos enable or disable command, ignore the warning message. (CSCdp84355)
- In some situations, if there is an error in installing any COPS policy, a successful commit is sent to the PDP even though the policy was not correctly installed. In such situations, any modifications to the port's role combination will not install the correct policy on the port with the error condition. This might result in a switch reset. (CSCdp66572)
- When you configure a QoS MAC-CoS entry, the QoS information is synchronized to the standby supervisor engine and when a high availability switchover occurs, the CoS value is correctly assigned to all packets of the specified destination address. However, for existing permanent CAM entries with MAC-CoS configured earlier (for example, before the switch was rebooted), the CAM entries created on the standby do not have the correct QoS (CoS) value set and so for those entries, after HA switchover, the CoS value will not be correctly assigned to any packets of the specified destination address. (CSCdp73056)
- If you disable high availability, after a switchover, the newly active supervisor engine displays a SPANTREE-3-SWOVER_TOOLONG event on the console. (CSCdp81771)
- The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Online diagnostic failures are experienced on modules during bring up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, as the rate value specified in the policer decreases the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
- When you change an IPX flow to destination-source, the show mls entry ipx destination command used to specify a specific destination displays all IPX Layer 3 entries rather than just those for a specific destination IPX address. (CSCdm46984)
- Occasionally, when a module is removed before it comes online (and before it is finished running diagnostics), memory corruption might occur. To avoid this problem, do not remove or reinsert a module during system power up and do not remove or reinsert a module before it comes online. (CSCdp27673) (CSCdp27562)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), after power cycling the system, some modules might show this message:
LC_DNLD_VERIFY: Error - Checksum verify fail errors.
- Note that this bug has no impact and you should ignore these messages. This problem is resolved in software release 5.4(2). (CSCdp06845)
- When you change the port from VLAN-based to port-based QoS, the console hangs. Once the console hangs, you cannot run another console window to the switch. The workaround is to not specify multiple ports in a channel when using the set port qos {portlist} {port-based | vlan-based} command (for example, use set port qos 5/1 port-based instead of set port qos 5/1-4 port-based if ports 5/1-4 are channeling). (CSCdp86860)
- Summertime start and end dates are not calculated correctly when using the generic summertime rule if the start and end rules span across year-end (southern hemisphere rule). The workaround is to use a fixed date for the southern hemisphere. (CSCdp91755)
This section describes the resolved caveats in supervisor engine software release 5.3(6)CSX.
- When connected to a Catalyst 8540 Gigabit port from a supervisor engine uplink port (port 1/1 or 2/1), you might have a problem with Gigabit autonegotiation. It could take up to four minutes to reestablish the link when either the cable or the GBIC is removed and replaced on either side of the link. The problem has been seen only on Supervisor Engine 1, not Supervisor Engine 1A. This problem is resolved in software release 5.3(6)CSX. (CSCdr56782)
- Under certain traffic conditions, packets originating from or destined to the supervisor engine NMP (including all protocol and inband management packets) might not be transmitted to or received from the network. This could cause the switch to be unreachable. This problem does not affect console operation. This problem is resolved in software release 5.3(6)CSX. (CSCdr57284)
- Under certain traffic conditions, a shared spanning tree BPDU received on the switch and destined for the supervisor engine NMP could wrongly be forwarded out supervisor engine port 1/1 as a dot1q BPDU. In some network topologies, this might cause temporary spanning tree instability and a resultant topology change notification. This problem is resolved in software release 5.3(6)CSX. (CSCdr17510) (See caveat CSCdr58387 below.)
- Under certain traffic conditions, a shared spanning tree BPDU received on the switch and destined for the supervisor engine NMP could wrongly be forwarded out supervisor engine port 1/1 as a dot1q BPDU. In some network topologies this might cause temporary spanning tree instability and a resultant topology change notification. This problem is resolved in software release 5.3(6)CSX. (CSCdp99406) (CSCdr04003 - duplicate of CSCdp99406)
- This caveat documents the removal of the fix implemented in caveat CSCdr17510; the fix implemented in caveat CSCdp99406 was used to address the BPDU flooding problem. (CSCdr58387)
This section describes the open and resolved caveats in supervisor engine software release 5.3(5a)CSX.
This section describes the open caveats in supervisor engine software release 5.3(5a)CSX.
- Memory corruption might occur in the event of a TCAM allocation failure such as tcam full, and the switch may reset. (CSCdp78629)
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- While connected to the console port of a Catalyst 6509 supervisor engine, if you Telnet out of the supervisor engine, the Catalyst 6509 switch reboots with a TLB exception. To avoid this problem, do not cut and paste a large amount of data onto the Telnet screen while Telnetting out of or sessioning into the MSM. (CSCdp60430)
- You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
- If you remove a line module at the same time as you remove an active supervisor engine from a Catalyst 6000 family switch that is in a redundant supervisor configuration, the switch may become unreachable. Wait at least 5 seconds after removing an active supervisor engine to allow the switchover to occur before you remove a line module (CSCdp59829)
- The ToS byte remains unchanged in bridged multicast packets when you enable Multicast Multilayer Switching (MMLS). The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
- The RSVP access control entry (ACE) does not attach over an EtherChannel port if the QoS policy for ports forming the channel are set at different times. The workaround is to execute the steps that cause the problem in a different order. Consider that ports 4/1-8 are to be channeled and have identical role combinations:
- set port qos 4/1 policy local
- set qos acl map acl1 4/1
- set qos policy cops
- set port qos 4/1 policy cops
- set port channel 4/1-8 des
- The above sequence of steps causes the problem. The fix is to clear the ACL mapping on the ports that have a different ACL mapping, and map them to the same ACL before trying to channel them together (it is important to clear the older mapping first). The following sequence of steps ensures that you never map different ACLs to different ports that might channel together and later switch them to all map to the same ACL.
- set port qos 4/1 policy local
- set qos acl map acl1 4/1
- set qos policy cops
- clear qos acl map acl1 4/1
- set port qos 4/1 policy cops
- set port channel 4/1-8 des
- (CSCdp26277)
- Under certain traffic conditions, a shared spanning tree BPDU received on the switch and destined for the supervisor engine NMP could wrongly be forwarded out supervisor engine port 1/1 as a dot1q BPDU. In some network topologies this might cause temporary spanning tree instability and a resultant topology change notification. This problem is resolved in software release 5.3(6)CSX. (CSCdp99406) (CSCdr04003 - duplicate of CSCdp99406)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Online diagnostic failures occur on modules during power-up, online insertion, or module reset if you reconfigure the QoS default-action MAC ACL to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. The rate value specified in the policer decreases as the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
- After setting the QoS policy source to local, you might need to wait approximately 20 seconds before the QoS policy source can be set back to COPS. (CSCdp34367)
- QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
- After clearing a COPS role or all COPS roles, the console might hang for approximately 20 seconds before showing that the roles cleared. (CSCdp34381)
- Occasionally, when you remove a module before it comes online (and before it is finished running diagnostics), memory corruption might occur. To avoid this problem, do not remove or reinsert a module during system power up and do not remove or reinsert a module before it comes online. (CSCdp27673) (CSCdp27562)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), after power cycling the system, some modules might show this message:
LC_DNLD_VERIFY: Error - Checksum verify fail errors.
- Note that this bug has no impact and you should ignore these messages. This problem is resolved in software release 5.4(2). (CSCdp06845)
- When you remove a module and then reinsert a different module, after entering the clear config mod_num command on the newly inserted module, the first port on the module might be shown as disabled in the port status field. There are two workarounds: 1) Enter a second clear config mod_num command, or 2) Enter the set port enable command on the first port. (CSCdp25328)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), the following bus ASIC sequence mismatch might occur during a switchover:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 7 (asic=1,
srcidx=0x0, seq=0)
- Note that this bug has no impact and you should ignore these messages. (CSCdp25633)
- When you change an IPX flow to destination-source, the show mls entry ipx destination command used to specify a specific destination displays all IPX Layer 3 entries rather than just those for a specific destination IPX address. (CSCdm46984)
- PAgP fails if you disable and then enable a 4-port channel. (CSCdm09474)
- A disabled port may get link up and become trunk under certain scenarios. When a trunk port with a native VLAN other than 1 is disabled and that native VLAN is not active on the system, the switch may get VTP updates through other trunks in the switch and activate the VLAN. When the VLAN becomes active, the disabled port gets enabled and gets a link up. (CSCdp39638)
This section describes the resolved caveats in supervisor engine software release 5.3(5a)CSX.
- Occasionally, when the switch is powered up or reset, one or more ports on the WS-X6416-GE-MT module might fail the local loopback test and will not come online. This problem is resolved in software release 5.3(5a)CSX. (CSCdp87602)
This section describes open and resolved caveats in supervisor engine software release 5.3(5)CSX.
This section describes the open caveats in supervisor engine software release 5.3(5)CSX.
- In the event of a TCAM allocation failure, such as a full TCAM, memory corruption might occur and the switch might reset. (CSCdp78629)
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- While connected to the console port of a Catalyst 6509 supervisor engine, if you Telnet out of the supervisor engine, the Catalyst 6509 switch reboots with a TLB exception. To avoid this problem, do not cut and paste a large amount of data onto the Telnet screen while Telnetting out of or sessioning into the MSM. (CSCdp60430)
- You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
- If you remove a line module at the same time as you remove an active supervisor engine from a Catalyst 6000 family switch that is in a redundant supervisor configuration, the switch may become unreachable. Wait at least 5 seconds after removing an active supervisor engine to allow the switchover to occur before you remove a line module (CSCdp59829)
- The ToS byte remains unchanged in bridged multicast packets when you enable Multicast Multilayer Switching (MMLS). The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
- The RSVP access control entry (ACE) does not attach over an EtherChannel port if the QoS policy for ports forming the channel are set at different times. The workaround is to execute the steps that cause the problem in a different order. Consider that ports 4/1-8 are to be channeled and have identical role combinations:
- set port qos 4/1 policy local
- set qos acl map acl1 4/1
- set qos policy cops
- set port qos 4/1 policy cops
- set port channel 4/1-8 des
- The above sequence of steps causes the problem. The fix is to clear the ACL mapping on the ports that have a different ACL mapping, and map them to the same ACL before trying to channel them together (it is important to clear the older mapping first). The following sequence of steps ensures that you never map different ACLs to different ports that might channel together and later switch them to all map to the same ACL.
- set port qos 4/1 policy local
- set qos acl map acl1 4/1
- set qos policy cops
- clear qos acl map acl1 4/1
- set port qos 4/1 policy cops
- set port channel 4/1-8 des
- (CSCdp26277)
- QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
- Under certain traffic conditions, a shared spanning tree BPDU received on the switch and destined for the supervisor engine NMP could wrongly be forwarded out supervisor engine port 1/1 as a dot1q BPDU. In some network topologies this might cause temporary spanning tree instability and a resultant topology change notification. This problem is resolved in software release 5.3(6)CSX. (CSCdp99406) (CSCdr04003 - duplicate of CSCdp99406)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Online diagnostic failures occur on modules during power-up, online insertion, or module reset if you reconfigure the QoS default-action MAC ACL to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. The rate value specified in the policer decreases as the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
- After setting the QoS policy source to local, you might need to wait approximately 20 seconds before the QoS policy source can be set back to COPS. (CSCdp34367)
- After clearing a COPS role or all COPS roles, the console might hang for approximately 20 seconds before showing that the roles cleared. (CSCdp34381)
- Occasionally, when you remove a module before it comes online (and before it is finished running diagnostics), memory corruption might occur. To avoid this problem, do not remove or reinsert a module during system power up and do not remove or reinsert a module before it comes online. (CSCdp27673) (CSCdp27562)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), after power cycling the system, some modules might show this message:
LC_DNLD_VERIFY: Error - Checksum verify fail errors.
- Note that this bug has no impact and you should ignore these messages. This problem is resolved in software release 5.4(2). (CSCdp06845)
- When you remove a module and then reinsert a different module, after entering the clear config mod_num command on the newly inserted module, the first port on the module might be shown as disabled in the port status field. There are two workarounds: 1) Enter a second clear config mod_num command, or 2) Enter the set port enable command on the first port. (CSCdp25328)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), the following bus ASIC sequence mismatch might occur during a switchover:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 7 (asic=1,
srcidx=0x0, seq=0)
- Note that this bug has no impact and you should ignore these messages. (CSCdp25633)
- In systems with redundant supervisor engines, after a switchover to the redundant supervisor engine, the following message might be reported to the console:
Got main interrupt val : 0x2
Interrupt in DBus Slave block: 0x200
Soft reset of titan : done
- Note that this bug has no impact and you should ignore these messages. (CSCdp03131)
- When you change an IPX flow to destination-source, the show mls entry ipx destination command used to specify a specific destination displays all IPX Layer 3 entries rather than just those for a specific destination IPX address. (CSCdm46984)
- PAgP fails if you disable and then enable a 4-port channel. (CSCdm09474)
- A disabled port may get link up and become trunk under certain scenarios. When a trunk port with a native VLAN other than 1 is disabled and that native VLAN is not active on the system, the switch may get VTP updates through other trunks in the switch and activate the VLAN. When the VLAN becomes active, the disabled port gets enabled and gets a link up. (CSCdp39638)
This section describes the resolved caveats in supervisor engine software release 5.3(5)CSX.
- In systems with redundant supervisor engines, after a switchover to the redundant supervisor engine, the following message might be reported to the console:
Got main interrupt val : 0x2
Interrupt in DBus Slave block: 0x200
Soft reset of titan : done
- Note that this bug has no impact and you should ignore these messages. This problem is resolved in software release 5.3(5)CSX. (CSCdp03131)
- Enabling RSVP installs local ACLs when COPS is the policy and DSBM is enabled on the port. This problem is caused when you configure a port to have COPS policy instead of local NVRAM policy and then you enable DSBM. The workaround is to enable DSBM first and then change the policy to COPS. If the port policy is already COPS, toggle this configuration to avoid the problem described. This problem is resolved in software release 5.3(5)CSX. (CSCdp52924)
- Removing the standby supervisor engine does not clear the MSM syslog CAM table. This problem is resolved in software release 5.3(5)CSX. (CSCdp81576)
- In systems with redundant supervisor engines, occasionally, during the removal of the active supervisor engine, a bus ASIC sequence error syslog message is reported to the console as follows:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 8
- Additionally, "CentauriInterrupt" and "perseus_intr_hdlr" syslog messages might be generated for some or all installed modules. Ignore these messages. This problem is resolved in software release 5.3(5)CSX. (CSCdm01334)
Note This problem also occurred after a system power up or a switchover to the redundant supervisor engine; these issues have been resolved in software release 5.3(3)CSX.
- Far end fault indication is disabled on the 24 port 100BASE-FX MT-RJ module, making it impossible to detect one fiber failure, when one link goes down and the other side link remains up, rendering FEC errdisabled or some traffic sent to nowhere. The workaround is to use Gigabit Ethernet ports with flow-control negotiation enabled. This problem is resolved in software release 5.3(5)CSX. (CSCdp69751)
- Occasionally, connected (link up) ports are not added to spanning tree. This problem is resolved in software release 5.3(5)CSX. (CSCdp63042)
- MMLS entry is not synchronized with the MSFC IP multicast router. This problem is resolved in software release 5.3(5)CSX. (CSCdp65580)
- When you enable port security on the switch port to dynamically learn the MAC address, the switch does not flush the CAM table entry. This problem is resolved in software release 5.3(5)CSX. (CSCdp57706)
- If an ACL with a source Layer 4 port range is downloaded from a COPS server, traffic with ports out of the source Layer 4 port range are classified. This problem is resolved in software release 5.3(5)CSX. (CSCdp73904)
- If there is a QoS ACL and a security ACL mapped to one VLAN and the same security ACL mapped to another VLAN, then the QoS policy from the QoS ACL is applied to the second VLAN as well. Also, if two VLANs have the same security and QoS ACL and you decide to remove the QoS ACL (or security ACL) from the second VLAN at a later date, these two interfaces could still share the same label. This problem is resolved in software release 5.3(5)CSX. (CSCdp70782)
- Occasionally, when a system has a large amount of RMON history and alarm and event entries deleting and adding continuously, you may experience an out-of-memory condition. This problem is resolved in software release 5.3(5)CSX. (CSCdp76517)
- The dot1dStpPortDesignatedPort object is not populated on trunk ports using 802.1Q encapsulation. This problem is resolved in software release 5.3(5)CSX. (CSCdp71440)
- If you have more than four outgoing interfaces installed at the creation of the shortcuts, the switch resets while processing Multicast MLS. This problem is resolved in software release 5.3(5)CSX. (CSCdp76409)
- After resetting the VTP client on trunk ports on native VLAN 1, the trunks do not trunk and the ports show inactive. This problem is resolved in software release 5.3(5)CSX. (CSCdp45140)
- The switch may lose the configuration upon switchover if a standby supervisor engine is inserted into a switch with more than 256 VLANs configured. The workaround is, if you want to configure more than 256 VLANs, before you configure the VLANs, install the standby supervisor engine. Alternatively, you can create more than 256 VLANs on the standby supervisor engine (in another chassis) before inserting it into the chassis as the standby supervisor engine. This problem is resolved in software release 5.3(5)CSX. (CSCdp47784)
- Reloading the redundant MSFC resets the active supervisor engine. This problem is resolved in software release 5.3(5)CSX. (CSCdp67148)
- If a disabled module comes up immediately after reenabling, memory corruption occurs in EthChnlRx. This problem is resolved in software release 5.3(5)CSX. (CSCdp56707)
- When a port goes into errdisable state, the SNMP agent does not a send linkDown trap. This problem is resolved in software release 5.3(5)CSX. (CSCdp64733)
- In Catalyst 6000 family switches configured with a redundant supervisor engine, resets in eob.c occur with an assert failure. This problem is resolved in software release 5.3(5)CSX. (CSCdp61862)
- When you configure a nonconnected port for nonneg-dot1q and disable STP for all the VLANs, the STP IEEE multicast address is still seen in the llc registration table. This problem is resolved in software release 5.3(5)CSX. (CSCdp55634)
- When you disable STP for all VLANs with dot1q trunks, the STP IEEE-registered address is missing after a high availability switchover. This problem is resolved in software release 5.3(5)CSX. (CSCdp52442)
- Occasionally, syslog traps display an incorrect OID. This problem is resolved in software release 5.3(5)CSX. (CSCdp51479)
- The system clock might get stuck. The time and date stamp remains stuck and appears on all subsequent system log events and show time output. This problem is resolved in software release 5.3(5)CSX. (CSCdp35421)
- When a port belongs to an EtherChannel, portCrossIndex object returns the bridge port ID based on the physical port number instead of the bridge port ID assigned to the EtherChannel interface. This problem is resolved in software release 5.3(5)CSX. (CSCdp69373)
This section describes open and resolved caveats in supervisor engine software release 5.3(4)CSX.
This section describes open caveats in supervisor engine software release 5.3(4)CSX.
- If you remove a line module at the same time as you remove an active supervisor from a
Catalyst 6000 family switch that is in a redundant supervisor configuration, the switch may become unreachable. To prevent this, wait at least 5 seconds after removing an active supervisor to allow the switchover to occur before you remove a line card (CSCdp59829)
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- You might experience an out-of-memory condition on the active or standby supervisor engine when performing a large number of commit/clear operations in quick succession on QoS ACLs and VACLs with a large number of ACEs. (CSCdr64288, CSCdr59094, CSCdr60993)
- The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, you have a multicast source in VLAN 13, a receiver in the same VLAN, and a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When you disable the MMLS feature, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When you enable the MMLS feature and establish a Layer 3 flow, the captured packet's ToS byte is unchanged from the value sent by the source. A ToS rewrite occurs on the replicated packets in the outgoing VLANs (other than VLAN 13). For the packets that are bridged in the same incoming VLAN, no ToS rewrite occurs. (CSCdm72364)
- The RSVP access control entry (ACE) does not attach over an EtherChannel port if the QoS policy for ports forming the channel are set at different times. The workaround is to execute the steps that cause the problem in a different order. Consider that ports 4/1-8 are to be channeled and have identical role combinations:
- set port qos 4/1 policy local
- set qos acl map acl1 4/1
- set qos policy cops
- set port qos 4/1 policy cops
- set port channel 4/1-8 des
- The above sequence of steps causes the problem. The following fix ensures that you never map different ACLs to different ports which might channel together and later switch them to all map to the same ACL.
- The fix involves performing an intermediate step, clearing the ACL mapping on the ports that have a different ACL mapping than the other ports, and mapping them to all have the same ACL before trying to channel them together (it is important to clear the older mapping first).
- set port qos 4/1 policy local
- set qos acl map acl1 4/1
- set qos policy cops
- clear qos acl map acl1 4/1
- set port qos 4/1 policy cops
- set port channel 4/1-8 des
- (CSCdp26277)
- Rapidly disabling and enabling QoS with the policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when the QoS policy source had been set to COPS. (CSCdp32467)
- Online diagnostic failures are experienced on modules during bring up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, as the rate value specified in the policer decreases the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
- Under certain traffic conditions, a shared spanning tree BPDU received on the switch and destined for the supervisor engine NMP could wrongly be forwarded out supervisor engine port 1/1 as a dot1q BPDU. In some network topologies this might cause temporary spanning tree instability and a resultant topology change notification. This problem is resolved in software release 5.3(6)CSX. (CSCdp99406) (CSCdr04003 - duplicate of CSCdp99406)
- After setting the QoS policy source to local, you might need to wait approximately 20 seconds before the QoS policy source can be set back to COPS. (CSCdp34367)
- QoS ACLs might not be mapped correctly to ATM modules. An attempt to map a QoS IP ACL to an ATM module appears to succeed. However, the ACL might not be mapped correctly causing traffic coming in from the ATM module to not get the correct QoS classification/policing decision. (CSCdr57771)
- After clearing a COPS role or all COPS roles, the console might hang for approximately 20 seconds before showing that the roles cleared. (CSCdp34381)
- Occasionally, when a module is removed before it comes online (and before it is finished running diagnostics), memory corruption might occur. To avoid this problem, do not remove or reinsert a module during system power up and do not remove or reinsert a module before it comes online. (CSCdp27673) (CSCdp27562)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), after power cycling the system, some modules might show this message:
LC_DNLD_VERIFY: Error - Checksum verify fail errors.
- Note that this bug has no impact and you should ignore these messages. This problem is resolved in software release 5.4(2). (CSCdp06845)
- When you remove a module and then reinsert a different module, after using the clear config mod_num command on the newly inserted module, the first port on the module might be shown as disabled in the port status field. There are two workarounds: 1) Do a second clear config mod_num. 2) Do a set port enable on the first port. (CSCdp25328)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), the following bus ASIC sequence mismatch might occur during a switchover:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 7 (asic=1,
srcidx=0x0, seq=0)
- Note that this bug has no impact and you should ignore these messages. (CSCdp25633)
- In systems with redundant supervisor engines, after a switchover to the redundant supervisor engine, the following message might be reported to the console:
Got main interrupt val : 0x2
Interrupt in DBus Slave block: 0x200
Soft reset of titan : done
- Note that this bug has no impact and you should ignore these messages. (CSCdp03131)
- When you change an IPX flow to destination-source, the show mls entry ipx destination command used to specify a specific destination displays all IPX Layer 3 entries rather than just those for a specific destination IPX address. (CSCdm46984)
- In systems with redundant supervisor engines, occasionally during the removal of the active supervisor engine, a bus ASIC sequence error syslog message is reported to the console as follows:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 8
- Additionally, "CentauriInterrupt" and "perseus_intr_hdlr" syslog messages might be generated. These messages might be generated for some or all installed modules. Ignore these messages. (CSCdm01334)
Note This problem also occurred after a system power up or a switchover to the redundant supervisor engine; these issues have been resolved in software release 5.3(3)CSX.
- Enabling RSVP installs local ACLs when COPS is the policy and DSBM is enabled on the port. This problem is caused when you configure a port to have COPS policy instead of local NVRAM policy and then you enable DSBM. The workaround is to enable DSBM first and then change the policy to COPS. If the port policy is already COPS, toggle this configuration to avoid the problem described. (CSCdp52924)
This section describes resolved caveats in supervisor engine software release 5.3(4)CSX.
- When a lot of QoS and/or Security ACLs are configured on the switch, the switch may occasionally reset. This problem is resolved in software release 5.3(4)CSX. (CSCdp17331)
- The clear configuration command on the MSM does not properly clear the configuration of the trunk. Some of the trunk ports have VLAN 1 removed and some do not. This might prevent setting the port channel with other MSM ports. The workaround is to reset the MSM module. This problem is resolved in software release 5.3(4)CSX. (CSCdp11427)
- Occasionally, after a system reset or power on, you will see that the standby supervisor engine shows 0 ports and the standby ports are not enabled. This problem might happen if one of the supervisor engine is approximately 20 seconds later than the other to begin booting the runtime image after a system reset or system power on. The workaround is to try to reset the standby supervisor engine from the active supervisor engine's console port. If that does not work or is not allowed, you must remove and reinsert the standby supervisor engine. This problem is resolved in software release 5.3(4)CSX. (CSCdp20622)
- When SPAN is configured with EtherChannel ports, the open sources might not be correct (based on EtherChannel status). This problem is resolved in software release 5.3(4)CSX. CSCdp23958
- The GBIC link status between two supervisor engines changes continually between link up and link down after a unidirectional link failure. This problem is resolved in software release 5.3(4)CSX. (CSCdp37412)
- The MSM Autostate feature is not shutting down MSM interfaces in a VLAN when the last external interface in the VLAN is disconnected. This problem is resolved in software release 5.3(4)CSX. (CSCdp34155)
- No registration was received from removed modules after a supervisor engine switchover. This problem is resolved in software release 5.3(4)CSX. (CSCdp34000)
- The routine GetNextUnicastEarlEntry() was designed to be used to search unicast MAC entries and then return the module and port number from which the MAC entry was learned. In the case of a multicast entry, or an entry having a flood index, you should skip the entry to avoid returning an invalid module and port number that SNMP cannot handle. This problem is resolved in software release 5.3(4)CSX. (CSCdp31964)
- The trunk is going up and down when the channel is in channel-on mode and the trunk is in non-negotiate mode. This problem is resolved in software release 5.3(4)CSX. (CSCdp32703)
- The switch might experience unexpected behavior if you configure 1024 different VIPs, producing a VACL with 4092 entries. A VACL of this size stresses the BDD library to the upper limits of memory usage.This problem is resolved in software release 5.3(4)CSX. (CSCdp32519)
- HSRP failed to route traffic to the trunk on the redundant router for one of five VLANs configured. This problem is resolved in software release 5.3(4)CSX. (CSCdp18397)
- If you add a new VLAN to the system, the CAM entries for this newly added VLAN for RSVP are not created. As a result, RSVP PATH messages coming in over the new VLAN are dropped. This problem is resolved in software release 5.3(4)CSX. CSCdp27505
- Gigabit Ethernet counters show incorrect values. This problem is resolved in software release 5.3(4)CSX. (CSCdp22433)
- Attachment of a dynamic RSVP ACL might cause a system reset. This problem is resolved in software release 5.3(4)CSX. (CSCdp31142)
- After modifying existing IP ACLs using a script to add a large number of ACEs, the microflow policers might stop working. This problem is resolved in software release 5.3(4). (CSCdp38913)
- Inconsistent channel-forming behavior occurs in PAgP for ports that support the strict priority queue and ports that do not. This problem is resolved in software release 5.3(4)CSX. (CSCdp34951)
- The LED light remains on indicating link speed even when the link is down. This problem is resolved in software release 5.3(4)CSX. (CSCdp42337)
- The following sequence of events results in the loss of the ASLB configuration:
(a) Configuring ASLB
(b) Successfully committing the ASLB configuration
(c) Modifying the configuration
(d) Unsuccessfully committing the modified configuration
- Step (d) results in an inconsistent state. In release 5.3(4)CSX, the configuration is restored to the original when the modified configuration is not successfully committed. This problem is resolved in software release 5.3(4)CSX. (SCdp42842)
- A race condition problem between DTP and VTP table checking caused VTP not to clear VLANs. This problem is resolved in software release 5.3(4)CSX. (CSCdp34876)
- MSFC generates MCAST-2-MAXGDALIMIT error messages with only 503 multicast entries. This problem is resolved in software release 5.3(4)CSX. (CSCdp36453)
- If you enable port security, a static CAM entry gets added and is marked as 'X' indicating security. Disabling security does not clear this CAM entry. Reboot also does not clear the entry. Capture shows CAM entries before and after enabling security and even after reboot. This problem is resolved in software release 5.3(4)CSX. (CSCdp31802)
This section describes open and resolved caveats in supervisor engine software release 5.3(3)CSX.
This section describes open caveats in supervisor engine software release 5.3(3)CSX.
- The ToS byte remains unchanged in bridged multicast packets when Multicast Multilayer Switching (MMLS) is enabled. The system does not support multiple, different rewrites for a single packet. The rewrite that is generated for multicast is a Layer 3 rewrite so there is no rewrite for the Layer 2 forwarding.
- For example, there is a multicast source in VLAN 13 and a receiver in the same VLAN. There is a QoS IP ACL configured and mapped to the source's ingress port that matches the traffic flow and specifies DSCP 31. When the MMLS feature is disabled, the IP packets captured on the receiver's port contain a ToS byte of x7C (the expected result). When the MMLS feature is enabled and a Layer 3 flow is established, the captured packet's ToS byte is unchanged from the value sent by the source. There is a ToS rewrite on the replicated packets in the outgoing VLANs but for the packets that are bridged in the same incoming VLAN, there is no ToS rewrite. (CSCdm72364)
- The above sequence of steps causes the problem. The fix shown below ensures that you never map different ACLs to different ports which might channel together, and later switch them to all map to the same ACL.
- As shown below, the fix involves performing an intermediate step, clearing the ACL mapping on the ports which have a different ACL mapping than the other ports and mapping them to all have the same ACL before trying to channel them together (it's important to clear the older mapping first).
- set port qos 4/1 policy local
- set qos acl map acl1 4/1
- set qos policy cops
- clear qos acl map acl1 4/1
- set port qos 4/1 policy cops
- set port channel 4/1-8 des
- (CSCdp26277)
- Rapidly disabling and enabling QoS with policy source set to COPS might cause the switch to reset. The workaround is to wait approximately 30 seconds after disabling QoS before reenabling it when QoS policy source had been set to COPS. (CSCdp32467)
- Online diagnostic failures are experienced on modules during power up, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, that is as the rate value specified in the policer decreases and/or the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
- After setting the QoS policy source to local, you might need to wait approximately 20 seconds before the QoS policy source can be set back to COPS. (CSCdp34367)
- After clearing a COPS role or all COPS roles, the console might hang for approximately
20 seconds before showing that the roles cleared. (CSCdp34381)
- Occasionally, when a module is removed before it comes online (and before it is finished running diagnostics), memory corruption might occur. To avoid this problem, do not remove or reinsert a module during system power up and do not remove or reinsert a module before it comes online. (CSCdp27673) (CSCdp27562)
- The clear configuration command on the MSM does not properly clear the configuration of the trunk. Some of the trunk ports have VLAN 1 removed and some do not. This might prevent setting the port-channel with other MSM ports. The workaround is to reset the MSM module. (CSCdp11427)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), after power cycling the system, some modules might show this message:
LC_DNLD_VERIFY: Error - Checksum verify fail errors.
- Note that this bug has no impact and you should ignore these messages. This problem is resolved in software release 5.4(2). (CSCdp06845)
- Occasionally, after a system reset or power on, you will see that the standby supervisor engine shows 0 ports and the standby ports are not enabled. This problem might happen if one of the supervisors is approximately 20 seconds later than the other to begin booting the runtime image after a system reset or system power on. The workaround is to try to reset the standby supervisor engine from the active supervisor engine's console port. If that does not work, or is not allowed, you must remove and reinsert the standby supervisor engine. (CSCdp20622)
- When you remove a module and then reinsert a different module, after using the clear config mod_num command on the newly inserted module, the first port on the module might be shown as disabled in the port status field. There are two workarounds: 1) Do a second clear config mod_num. 2) Do a set port enable on the first port. (CSCdp25328)
- You cannot use the tftpGrp MIB object to download Catalyst 6000 ATM software. (CSCdp16574)
- On Catalyst 6000 family switches with redundant supervisor engines (MSFC and PFC), the following bus ASIC sequence mismatch might occur during a switchover:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 7 (asic=1,
srcidx=0x0, seq=0)
- Note that this bug has no impact on the system and these messages should be ignored. (CSCdp25633)
- In systems with redundant supervisor engines, after a switchover to the redundant supervisor engine, the following message might be reported to the console:
Got main interrupt val : 0x2
Interrupt in DBus Slave block: 0x200
Soft reset of titan : done
- Note that this bug has no impact on the system and these messages should be ignored. (CSCdp03131)
- When you change an IPX flow to destination-source, the show mls entry ipx destination command used to specify a specific destination, displays all IPX Layer 3 entries rather than just those for a specific destination IPX address. (CSCdm46984)
- In systems with redundant supervisor engines, occasionally during the removal of the active supervisor engine, a bus ASIC sequence error syslog message is reported to the console as follows:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 8
- Additionally, "CentauriInterrupt" and "perseus_intr_hdlr" syslog messages might be generated. These messages might be generated for some or all installed modules. Ignore these messages. (CSCdm01334)
Note This problem also occurred after a system power up or a switchover to the redundant supervisor engine; these issues have been resolved in software release 5.3(3)CSX.
This section describes resolved caveats in supervisor engine software release 5.3(3)CSX:
Warning: ACL trust-cos should only be used with ports that are also configured with
port trust=trust-cos.
- This problem is resolved in software release 5.3(3)CSX. (CSCdm88257)
Cannot configure more than 10 logical operators (gt, lt, eq, neq, range) in an IP ACL.
- The message errors are that it should state 9 instead of 10 operators and should not include "eq" in the logical operator's list. This problem is resolved in software release 5.3(3)CSX. (CSCdm88490)
Usage: clear qos acl map <acl_name> <mod_num/port_num|vlan>
clear qos acl map <acl_name|mod_num/port_num|vlan|all>
- The second syntax form fails when entered with multiple port numbers or multiple VLAN numbers. This problem is resolved in software release 5.3(3)CSX. (CSCdm89542)
- Do not use Netflow Data Export (NDE) version 1 (the default NDE configuration is version 7). This problem is resolved in software release 5.3(3)CSX. (CSCdm89362)
- After a supervisor engine switchover, a supervisor engine port might go into a state where the port state is disabled in NVRAM. However, the firmware believes that the port is up and there is a link on the port. This problem is resolved in software release 5.3(3)CSX. (CSCdm84809)
- When you configure DNS on the switch and specify a host name for the COPS server, the switch on reset prints the following to the console every time the COPS/RSVP connection manager tries to initiate a connection to the COPS server (workgroup-pc is the COPS server in this example):
Translating "workgroup-pc.cisco.com"...domain server (171.69.2.132) (198.92.30.32)
(171.69.2.81) Host name lookup failure
Translating "workgroup-pc.cisco.com"...domain server (171.69.2.132) (198.92.30.32)
(171.69.2.81) Host name lookup failure
Translating "workgroup-pc.cisco.com"...domain server (171.69.2.132) (198.92.30.32) [OK]
- This happens until the switch successfully connects to the COPS server. This problem is resolved in software release 5.3(3)CSX. (CSCdm87215)
- An eight-port channel might stop forwarding traffic after a port in the channel is disabled. This problem is resolved in software release 5.3(3)CSX. (CSCdm89990)
- Occasionally, after being turned off and back on several times, switches configured as VTP clients stop accepting VTP updates. This problem is resolved in software release 5.3(3)CSX. (CSCdm90300)
- After a switch reset, nontrunking ports are put to errdisabled on a VTP client when the VLAN is activated. For example, the switch is a VTP client with an ISL trunk to a neighboring VTP server. There is a nontrunk port, port 6/6, assigned to VLAN 13. It is configured for auto, negotiate. The link connects to a port on another switch, which is also auto, negotiate. When the VTP client switch is reset, the module (port 6/6) comes online and a link up is received. The port state shows inactive because the native VLAN is not active. When the ISL trunk is up and the VLANs are learned, port 6/6 joins the bridge but approximately 20 seconds later, a DTP link down message is written to the console. This problem is resolved in software release 5.3(3)CSX. (CSCdm82642)
- The system might run out of memory if SNMP cseFlowMcastQueryEntry is repeatedly created and deleted. This problem is resolved in software release 5.3(3)CSX. (CSCdp00531)
- Using Ctrl-R (command recall) at the initial password prompt displays any part of the password already entered. For example, if the password is "worker" and you have typed the first three characters of the password, a Ctrl-R will display a line reading: "Enter Password: wor." If you have entered the entire password and walked away, anyone can type Ctrl-R and reveal the password. This affects both the physical console port and the Telnet virtual console. Also, this is with no TACACS server (local passwords only) using the default configuration. It also only happens at the initial login password prompt - the enable command's password prompt does not exhibit the problem. This problem is resolved in software release 5.3(3)CSX. (CSCdm92441)
- When using TACACS+, if you open a Telnet session to the switch and enter a username and close the Telnet session without entering a password, the TACACS+ session from the switch to the TACACS+ server remains open. This problem is resolved in software release 5.3(3)CSX. (CSCdp02341)
- Avoid using Ctrl-C after entering the configure network command. Using Ctrl-C results in a command half completed which leaves the switch in an unknown state for that feature. This problem is resolved in software release 5.3(3)CSX. (CSCdm27473)
- The switch has been booted with a configuration that includes a QoS IP ACL. You then disable QoS, but when you issue a set qos bridged-microflow-policing command, the command completes without warning that QoS is disabled. This problem seems to only occur if the bridged packet microflow feature is already enabled.
- A second problem is when you issue a show qos acl info command; the ACL is displayed without a warning that QoS is disabled. This problem is resolved in software release 5.3(3)CSX. (CSCdm85903)
- SNMP traps might not be properly generated. This problem is resolved in software release 5.3(3)CSX. (CSCdm76987)
- A system reset might occur when traces are enabled and you attempt to do a TFTP activity such as downloading a configuration. This problem is resolved in software release 5.3(3)CSX. (CSCdm83928)
- A system reset might occur upon receiving invalid PVSTs and BPDUs on an EtherChannel. This problem is resolved in software release 5.3(3)CSX. (CSCdp07549)
- Packets are still classified with old DSCP value after the ACL has been updated. This problem is resolved in software release 5.3(3)CSX. (CSCdp10614)
- The system might reset when you try to set objects in ciscoFlashPartitioningTable. This problem has been fixed by not supporting this Table. This problem is resolved in software release 5.3(3)CSX. (CSCdp11615)
- SNMP: After you set rowStatus of an eventEntry to under_creation, any set/get the eventEntry might reset the system. This problem is resolved in software release 5.3(3)CSX. (CSCdp13317)
- Occasionally after system power up, display shows minor hardware problem for modules. This problem is resolved in software release 5.3(3)CSX. (CSCdp11646)
- After entering a set boot config-register ignore-config and resetting the switch, the switch comes back up and attempts to use BOOTP to obtain an IP address. When the BOOTP sending messages are printed to the console, they are followed by a message: bootp_send: sendto 51. This message indicates that the BOOTP send is failing. This problem is resolved in software release 5.3(3)CSX. (CSCdp19611)
- If you change the port speed from 100 Mbps to 10 Mbps and then back to 100 Mbps, port traffic might stop until you reset the module. This problem is resolved in software release 5.3(3)CSX. (CSCdp11730)
- A VTP client and a VTP server in the same VTP domain are separated by a VTP transparent mode switch that is not a member of any VTP domain. When the VTP client is reset, the client does not update its configuration after receiving a VTP update from the VTP server. This problem is resolved in software release 5.3(3)CSX. (CSCdp05027)
- VTP notifications are sent on the wrong SCP SAP address for the ATM module. This problem is resolved in software release 5.3(3)CSX. (CSCdp24165)
- Occasionally after system power up, console display shows a minor hardware problem for some modules. Additionally, after a switchover to the redundant supervisor engine, "Change Status" messages are displayed. This problem is resolved in software release 5.3(3)CSX. (CSCdp24868)
This section describes open and resolved caveats in supervisor engine software release 5.3(2)CSX.
This section describes open caveats in supervisor engine software release 5.3(2)CSX.
- Online diagnostic failures are experienced on modules during bringup, online insertion, or module reset if the QoS default-action MAC ACL is reconfigured to include an aggregate policer with an action of drop. The system default does not include an aggregate policer in the default-action MAC ACL. The likelihood of the diagnostics failures increases as the amount of traffic being policed (dropped) by that aggregate policer increases. In general, that is as the rate value specified in the policer decreases and/or the amount of traffic matching all ACLs specifying that aggregate policer increases. (CSCdp15471)
- Under extreme traffic conditions and with certain hardware configurations, the supervisor engine might reset. (CSCdr50405)
- In systems with redundant supervisor engines, occasionally during bootup or after a switchover to the redundant supervisor engine, a bus ASIC sequence error syslog message is reported to the console as follows:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 8
- Additionally, "CentauriInterrupt" and "perseus_intr_hdlr" syslog messages might be generated. These messages might be generated for some or all installed modules. Ignore these messages. (CSCdm01334)
Warning: ACL trust-cos should only be used with ports that are also configured with
port trust=trust-cos.
- (CSCdm88257)
- A QoS IP ACL can contain nine ACEs that use port operator parameters. If you attempt to add a tenth QoS IP ACE that uses a port operator parameter to an ACL, the following incorrect message is displayed:
Cannot configure more than 10 logical operators (gt, lt, eq, neq, range) in an IP ACL.
- The message errors are that it should state 9 instead of 10 operators and should not include "eq" in the logical operator's list. (CSCdm88490)
Usage: clear qos acl map <acl_name> <mod_num/port_num|vlan>
clear qos acl map <acl_name|mod_num/port_num|vlan|all>
- The second syntax form fails when entered with multiple port numbers or multiple VLAN numbers. (CSCdm89542)
This section describes resolved caveats in supervisor engine software release 5.3(2)CSX.
- ATM-related bug: Invalid CAM entries are created when MPOA is configured. This problem is resolved in software release 5.3(2)CSX. (CSCdm79162)
- ATM-related bug: The ATM module port cannot be set to VLAN-based QoS (set port qos mod/port vlan-based command fails), as a result QoS ACLs mapped to VLANs do not work on the ATM module. This problem is resolved in software release 5.3(2)CSX. (CSCdm79972)
- ATM-related bug: When the ATM module has PVC configured, after removing and reinserting the fiber-optic cable, the ATM port is not added back to the spanning tree of the VLAN corresponding to PVC. This problem is resolved in software release 5.3(2)CSX. (CSCdp03272)
- ATM-related bug: Dynamic entries for the ATM module are not handled properly by the supervisor engine. This problem is resolved in software release 5.3(2)CSX. (CSCdp04871)
- ATM-related bug: In a configuration of about 150 VLANs and with a lot of unresolved ARPs on the ATM module, the supervisor engine complains about the SCP queue being full. This problem is resolved in software release 5.3(2)CSX. (CSCdp05776)
- ATM-related bug: The ports of the ATM single mode fiber-optic module are not added to the spanning tree. This problem is resolved in software release 5.3(2)CSX. (CSCdp06550)
- Bus-error exception when a Layer 2 multicast entry is both a multicast protocol configured entry and also a user configured entry. This exception might occur when the multicast protocol is trying to delete the entry. This problem is resolved in software release 5.3(2)CSX. (CSCdp06796)
- Memory leak might occur if entries were created in alarmTable. This problem is resolved in software release 5.3(2)CSX. (CSCdp03309)
- Addresses are not learned in some VLANs due to vlan-don't-learn bit being unintentionally enabled. This problem is resolved in software release 5.3(2)CSX. (CSCdp00634)
This section describes open and resolved caveats in supervisor engine software release 5.3(1a)CSX.
This section describes open caveats in supervisor engine software release 5.3(1a)CSX.
- In systems with redundant supervisor engines, occasionally during bootup or after a switchover to the redundant supervisor engine, a bus ASIC sequence error syslog message is reported to the console as follows:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 8
- Additionally, "CentauriInterrupt" and "perseus_intr_hdlr" syslog messages might be generated. These messages might be generated for some or all installed modules. Ignore these messages. (CSCdm01334)
- Occasionally, removal or insertion of a module does not generate any syslog messages. (CSCdm63338)
Note CSCdm63338 has not been seen in later releases.
Warning: ACL trust-cos should only be used with ports that are also configured with
port trust=trust-cos.
- (CSCdm88257)
- A QoS IP ACL can contain nine ACEs that use port operator parameters. If you attempt to add a tenth QoS IP ACE that uses a port operator parameter to an ACL, the following incorrect message is displayed:
Cannot configure more than 10 logical operators (gt, lt, eq, neq, range) in an IP ACL.
- The message errors are that it should state 9 instead of 10 operators and should not include "eq" in the logical operator's list. (CSCdm88490)
Usage: clear qos acl map <acl_name> <mod_num/port_num|vlan>
clear qos acl map <acl_name|mod_num/port_num|vlan|all>
- The second syntax form fails when entered with multiple port numbers or multiple VLAN numbers. (CSCdm89542)
This section describes resolved caveats in supervisor engine software release 5.3(1a)CSX.
- In some cases, you cannot remove a UGHD (up, gateway, host, dynamic) route from the switch IP routing table. This problem is resolved in software release 5.3(1a)CSX. (CSCdk14130)
- Configuring an ISL trunk on a root bridge switch with spanning tree on many VLANs can cause delays in BPDU transmission from that switch, which can cause all the non-root bridges in the network to expire their message age timers, which may cause brief periods of network instability. This problem is fixed in software release 5.3(1a)CSX. (CSCdk69087)
- If traffic is received through a port that has port security enabled before the port is in the forwarding state, the port is shutdown. This problem is fixed in software release 5.3(1a)CSX. (CSCdk73206)
- If the switch is in VTP client mode, entry of a copy device:filename config command may generate messages about nonexistent VLANs. Wait until the show vlan command displays the VLANs and then enter the copy command again. This problem is fixed in software release 5.3(1a)CSX. (CSCdm07337)
- In some cases, on a switch with both BackboneFast and UplinkFast enabled, the show spantree mod_num/port_num output shows that a port is in forwarding mode, but in reality the port is in listening mode. As a result, all data traffic received on the port is discarded. The workaround is to disable and reenable the affected port. This problem is resolved in software release 5.3(1a)CSX. (CSCdm08504)
- Password authentication (without TACACS) can be slow when DNS is enabled and DNS server IP address is configured, but the DNS server is not reachable. The workaround is to disable DNS. This problem is resolved in software release 5.3(1a)CSX. (CSCdm14239)
- A module may report "Unknown GBIC" in the type field when HP GBIC(1000BASE-SX 30-0759-01) is installed. This problem is resolved in software release 5.3(1a)CSX. (CSCdm14762)
- Do not configure any module so that the number of GVRP-enabled ports, including the individual physical ports in GVRP-enabled EtherChannels, times the number of VLANs on the module, exceeds 720. This problem is fixed in software release 5.3(1a)CSX. (CSCdm18614; CSCdm18380)
- The MSM is not supported as a SPAN source port. Configuring the MSM as a SPAN source port generates a "Failed to configure source port" message. If you configure the MSM as a SPAN source port, all subsequent SPAN source port configuration commands for that SPAN session generate the same message until you remove the MSM from the source port list with a set span disable mod_num/port_num command. This problem is fixed in software release 5.3(1a)CSX. (CSCdm20365)
- When you turn off the power on any module, you cannot turn the power back on through SNMP. The workaround is to use the CLI command set module power up mod_num. This problem is fixed in software release 5.3(1a)CSX. (CSCdm23288)
- In some cases, when the active link of an UplinkFast link pair is disconnected, the switch does not transmit broadcast frames on the secondary link. This problem is resolved in software release 5.3(1a)CSX. (CSCdm23587)
- Occasionally, the switch shuts down in response to an erroneous over-temperature reading. This problem is resolved in software release 5.3(1a)CSX. (CSCdm24976)
- In some cases, if the primary UplinkFast link goes down, when it comes back up it can take 20 to 25 seconds to begin forwarding traffic instead of the usual one to five seconds, depending on the remote hardware. The workaround is to connect to a different port on the remote device if the problem occurs. This problem is resolved in software release 5.3(1a)CSX. (CSCdm26273)
- In some cases, UplinkFast might not function correctly between a Catalyst 6000 family switch and a Catalyst 4000 family switch, a Catalyst 2948G switch, or a Catalyst 5000 family Gigabit EtherChannel module (WS-X5410). This problem is resolved in software release 5.3(1a)CSX. (CSCdm34341)
- This bug does not affect system operation. The 48-port 10/100TX switching modules (WS-X6248-TEL and WS-X6248-RJ-45) "Send admin" flow control field (show port flowcontrol mod_num/port_num) might show "desired" when the port is connected as well as when it is not connected or disabled. This problem is fixed in software release 5.3(1a)CSX. (CSCdm37747)
- If Gigabit channel ports and 10/100BASE-TX channel ports are used as SPAN source ports, the Gigabit channel ports might not show up in the Oper Source ports field. This problem is fixed in software release 5.3(1a)CSX. (CSCdm39024)
- This bug does not affect system operation. On disabling the Multilayer Switch Module (MSM), the show module command shows "faulty" instead of "disabled." This problem is fixed in software release 5.3(1a)CSX. (CSCdm42419)
- Occasionally, disabling GVRP causes an exception. This problem is fixed in software release 5.3(1a)CSX. (CSCdm44130)
- If all ports of a channel are disturbed by either resetting the module(s) on the remote end, or due to a broadcast storm, the switch might not transmit or receive any GMRP control packets. The workaround is to disable and then enable the GMRP feature on the switch that experiences this problem. This problem is fixed in software release 5.3(1a)CSX. (CSCdm45744)
- If you delete the RMON alarmEntry or if you modify the alarmVariable of the RMON alarmEntry while that alarmVariable is being sampled, the switch might reset. This problem is resolved in software release 5.3(1a)CSX. (CSCdm49575)
- TACACS cannot control access to the switch based on the host's IP address. This problem is resolved in software release 5.3(1a)CSX. (CSCdm60984)
- A syslog message for a given facility is not sent to the syslog server if the syslog server severity level is set to a value equal to or greater than the message severity but the default severity level for that facility is set to a value less than the message severity. The workaround is to set the default facility severity level to a value equal to or greater than the configured syslog severity level. In release 5.3(1a)CSX, syslog messages are sent to the syslog server if the syslog server severity level is equal to or greater than the message severity and the default facility severity level is equal to or greater than the message severity. (CSCdm71889)
This section describes open and resolved caveats in supervisor engine software release 5.2(3)CSX.
This section describes open caveats in supervisor engine software release 5.2(3)CSX.
- In systems with redundant supervisor engines, occasionally during bootup or after a switchover to the redundant supervisor engine, a bus ASIC sequence error syslog message is reported to the console as follows:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 8
- This message might be generated for some or all installed modules. Ignore this message. (CSCdm01334)
%SYS-1-MOD_INVALIDSEQ:Bus asic invalid sequence occurred on module 3 (asic=1,
srcidx=0x0, seq=28)
- This message might be generated for any module. Ignore this message. This problem is fixed in software release 5.3(1)CSX. (CSCdm32301)
This section describes resolved caveats in supervisor engine software release 5.2(3)CSX.
- Occasionally during bootup, a bus ASIC sequence error syslog message is reported to the console as follows:
%SYS-1-MOD_INVALIDSEQ:Bus asic invalid sequence occurred on module 3 (asic=1,
srcidx=0x0, seq=28)
- This message might be generated for any module. Ignore this message. This problem is fixed in software release 5.3(1)CSX. (CSCdm32301)
This section describes open and resolved caveats in supervisor engine software release 5.2(2)CSX.
This section describes open caveats in supervisor engine software release 5.2(2)CSX.
- In systems with redundant supervisor engines, occasionally during bootup or after a switchover to the redundant supervisor engine, a bus ASIC sequence error syslog message is reported to the console as follows:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 8
- This message might be generated for some or all installed modules. Ignore this message. (CSCdm01334)
%SYS-1-MOD_INVALIDSEQ:Bus asic invalid sequence occured on module 3 (asic=1,
srcidx=0x0, seq=28)
- This message might be generated for any module. Ignore this message. This problem is fixed in software release 5.3(1)CSX. (CSCdm32301)
This section describes resolved caveats in supervisor engine software release 5.2(2)CSX.
- If the software image on the MSM is not bootable, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. This problem is fixed in software release 5.2(2)CSX. (CSCdm03564)
- There was a restriction that did not allow changing the native VLAN for ISL trunk ports. This restriction has been removed for non-dot1q trunking. This problem is fixed in software release 5.2(2)CSX. (CSCdm08306)
- When the last port in a VLAN that is actively participating in GMRP gets removed, the switch might experience a reset. This problem is fixed in software release 5.2(2)CSX. (CSCdm11116)
- If the software configuration register in the MSM is set to 0x2000 and the image specified using the boot system flash sup-slot0: [filename] command is not found, the MSM will sleep for more than 256 seconds before giving up the netboot and attempting to boot the image in the local bootflash instead. However, the supervisor engine resets the MSM before the 256 seconds is up. This problem is fixed in software release 5.2(2)CSX. (CSCdm15737)
- If protocol filtering is configured for an EtherChannel before the channel forms, it works correctly. If you configure protocol filtering after the channel has formed, it may not work correctly for transmitted traffic. This problem is fixed in software release 5.2(2)CSX. (CSCdm16439)
- On switches with more than 100 VLANs, after removing a module or entering a set module power down command, wait at least 60 seconds before putting the module back into service, either by reinserting it or by entering a set module power up command. This problem is fixed in software release 5.2(2)CSX. (CSCdm19125)
- The supervisor engine software incorrectly allows configuration of the MSM as a SPAN destination port. When configured as a SPAN destination port, the MSM ignores the SPAN traffic. If you configure an MSM as a SPAN destination port, remove it from the destination port list with the set span disable mod_num/port_num command. This problem is fixed in software release 5.2(2)CSX. (CSCdm20714)
- When the SPAN destination port is a trunk port, the encapsulation matches the trunk type: ISL or 802.1Q. When the SPAN destination port is an access port, the default encapsulation is 802.1Q. The default encapsulation cannot be changed on Gigabit Ethernet access ports used as a SPAN destination. To disable 802.1Q encapsulation on other ports, enter a set trunk mod_num/port_num off command before entering a set span command. This problem is fixed in software release 5.2(2)CSX. (CSCdm20968)
- When VTP pruning is enabled, some VLANs that show as pruned by VTP pruning might be treated as joined by GVRP so that GVRP declares those VLANs on all of the GVRP-enabled trunks. This problem is fixed in software release 5.2(2)CSX. (CSCdm21455)
- The WS-X6248-TEL module spanning tree state shows forwarding but is not able to switch any traffic. This problem is fixed in software release 5.2(2)CSX. (CSCdm21520)
- On EtherChannels between 10/100 Ethernet switching modules, occasionally after changing the speed of the EtherChannel ports from 10 Mbps to 100 Mbps or 100 Mbps to 10 Mbps, the channel may form with fewer ports or multiple channels may form. To restore the original EtherChannel configuration, disable all the ports in the EtherChannel and then enable them. This problem is fixed in software release 5.2(2)CSX. (CSCdm22352)
- With redundant supervisor engines, after a switchover to the standby supervisor engine, SNMP applications on network management systems fail when accessing cdpCacheTable (1.3.6.1.4.1.9.9.23.1.2.1). This problem is fixed in software release 5.2(2)CSX. (CSCdm22434)
- The show config command does not have the SPAN create option if multiple SPAN sessions have been created. If a configuration file is sourced via the configure command, only the last SPAN session ends up being created. This problem is fixed in software release 5.2(2)CSX. (CSCdm23199)
- On 10/100 and 100 Mbps Ethernet switching modules with one or more EtherChannel trunks, after entering set module power down and set module power up commands, occasionally the spanning tree state is "not connected" for all but VLAN 1. To restore connectivity, reset the module. This problem is fixed in software release 5.2(2)CSX. (CSCdm23329)
- When using the set port speed command to change from 100 to auto, channels on the port might split. This problem is fixed in software release 5.2(2)CSX. (CSCdm23529)
- If IGMP is enabled, when a port in an EtherChannel to the MSM gets disabled, the switch stops forwarding IP multicast traffic in groups learned on the switch to the MSM. To restore transmission of IP multicast traffic to the MSM, disable and then enable the channel. This problem is fixed in software release 5.2(2)CSX. (CSCdm24673)
- When you enter the show sprom chassis command, incorrect snmpOID and stackmib_oid values might be displayed. This problem is fixed in software release 5.2(2)CSX. (CSCdm26092)
- Because of a race condition when 10/100 ports are trunking and channeling, all VLANs are not added to the spanning tree except the native VLAN. This problem is fixed in software release 5.2(2)CSX. (CSCdm26399)
- When accessing the MSM through the session command, a timeout occurs when uploading an image from MSM bootflash to supervisor engine slot 0 (sup-slot0). This problem does not occur when connected to the MSM console port. This problem is fixed in software release 5.2(2)CSX. (CSCdm26984)
- When GMRP is learning a lot of groups, the system might experience a reset while transmitting GMRP packets. This problem is fixed in software release 5.2(2)CSX. (CSCdm27226)
- It takes a long time to process the set module power down command for an MSM with a large number of VLANs (approximately 100 or more). This problem is fixed in software release 5.2(2)CSX. (CSCdm27592)
- Improved supervisor engine switchover for redundant supervisors: The time during supervisor failover in which packet forwarding has stopped has been greatly reduced with maintenance release 5.2(2)CSX. Previous version 5.2(1)CSX failover times were 30 to 60 seconds. With this maintenance release 5.2(2)CSX, supervisor failover is reduced to 3 to 10 seconds to resume packet forwarding. Both times are with spanning tree portfast enabled. See configuration information on spanning tree portfast. This problem is fixed in software release 5.2(2)CSX. (CSCdm27781)
- When QoS is enabled, a channel is not formed for ports configured with desirable or on mode and with different QoS values. But when QoS is disabled, the different QoS-value ports form a channel in on mode, but do not form a channel in desirable mode.This problem is fixed in software release 5.2(2)CSX. (CSCdm30231)
- Problem channeling with GVRP: A six-port channel with ISL trunking was formed and GVRP was enabled on the channel. An attempt was made to add one additional port with ISL trunking and GVRP enabled to the same admin group of the channel. This failed, as the port failed to become GVRP enabled at the protocol level. NVRAM saved the GVRP status of the port as enabled causing an inconsistency between PAgP and the NVRAM configuration. Although the port channeling parameters look the same between the seventh port and the existing channel, the seventh port cannot join the channel. Disabling GVRP on the existing channel and the new port cleans up the inconsistencies between PAgP and NVRAM, and the new port can be added to the channel. This problem is fixed in software release 5.2(2)CSX. (CSCdm32448)
- The supervisor engine might reset after configuring a port channel on the MSM. This problem might occur if the previous MSM configuration was cleared a few seconds earlier using the clear config mod_num command. This problem is fixed in software release 5.2(2)CSX. (CSCdm33830)
- The spanning tree UplinkFast feature might not converge fast enough or is not converging at all. This problem is fixed in software release 5.2(2)CSX. (CSCdm26273)
- On some GBICs shipped with the switch, when a port is disabled and then enabled, the link might be lost. Some GBICs also might lose the link after a power-cycle. This problem is fixed in software release 5.2(2)CSX. (CSCdm33296)
- When ports on the 48-port 10/100TX switching modules (WS-X6248-RJ-45 and WS-X6248-TEL) are disabled, the show port flowcontrol command shows that the port's flow controls are operationally on. This problem is fixed in software release 5.2(2)CSX. (CSCdm29087)
This section describes open and resolved caveats in supervisor engine software release 5.2(1)CSX.
This section describes open caveats in supervisor engine software release 5.2(1)CSX.
- In systems with redundant supervisor engines, occasionally during bootup or after a switchover to the redundant supervisor engine, a bus ASIC sequence error syslog message is reported to the console as follows:
%SYS-1-MOD_SEQMISMATCH:Bus asic sequence mismatch occurred on module 8
- This message might be generated for some or all installed modules. Ignore this message. (CSCdm01334)
- If the software image on the MSM is not bootable, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. This problem is fixed in software release 5.2(2)CSX. (CSCdm03564)
- If the switch is in VTP client mode, entry of a copy device:filename config command may generate messages about nonexistent VLANs. Wait until the show vlan command displays the VLANs and then enter the copy command again. This problem is fixed in software release 5.3(1)CSX. (CSCdm07337)
- When the last port in a VLAN that is actively participating in GMRP gets removed, the switch might experience a watchdog exception or a TLB exception. This problem is fixed in software release 5.2(2)CSX. (CSCdm11116)
- If protocol filtering is configured for an EtherChannel before the channel forms, it works correctly. If you configure protocol filtering after the channel has formed, it may not work correctly for transmitted traffic. This problem is fixed in software release 5.2(2)CSX. (CSCdm16439)
- Do not configure any module so that the number of GVRP-enabled ports, including the individual physical ports in GVRP-enabled EtherChannels, times the number of VLANs on the module, exceeds 720. This problem is fixed in software release 5.3(1)CSX. (CSCdm18614)
- On switches with more than 100 VLANs, after removing a module or entering a set module power down command, wait at least 60 seconds before putting the module back into service, either by reinserting it or by entering a set module power up command. This problem is fixed in software release 5.2(2)CSX. (CSCdm19125)
- The Multilayer Switch Module (MSM) is not supported as a SPAN source port. Configuring the MSM as a SPAN source port generates a "Failed to configure source port" message. If you configure the MSM as a SPAN source port, all subsequent SPAN source port configuration commands for that SPAN session generate the same message until you remove the MSM from the source port list with a set span disable mod_num/port_num command. This problem is fixed in software release 5.3(1)CSX. (CSCdm20365)
- The supervisor engine software incorrectly allows configuration of an MSM as a SPAN destination port. When configured as a SPAN destination port, the MSM ignores the SPAN traffic. If you configure an MSM as a SPAN destination port, remove it from the destination port list with a set span disable mod_num/port_num command. This problem is fixed in software release 5.2(2)CSX. (CSCdm20714)
- When the SPAN destination port is a trunk port, the encapsulation matches the trunk type: ISL or 802.1Q. When the SPAN destination port is an access port, the default encapsulation is 802.1Q. The default encapsulation cannot be changed on Gigabit Ethernet access ports used as a SPAN destination. To disable 802.1Q encapsulation on other ports, enter a set trunk mod_num/port_num off command before entering a set span command. This problem is fixed in software release 5.2(2)CSX. (CSCdm20968)
- On EtherChannels between 10/100 Ethernet switching modules, occasionally after changing the speed of the EtherChannel ports from 10 Mbps to 100 Mbps or 100 Mbps to 10 Mbps, the channel may form with fewer ports or multiple channels may form. To restore the original EtherChannel configuration, disable all the ports in the EtherChannel and then enable them. This problem is fixed in software release 5.2(2)CSX. (CSCdm22352)
- With redundant supervisor engines, after a switchover to the standby supervisor engine, SNMP applications on network management systems fail when accessing cdpCacheTable (1.3.6.1.4.1.9.9.23.1.2.1). This problem is fixed in software release 5.2(2)CSX. (CSCdm22434)
- When you turn off the power on any module, you cannot turn the power back on through SNMP. The workaround is to use the CLI command set module power up mod_num. This problem is fixed in software release 5.3(1)CSX. (CSCdm23288)
- On 10/100 and 100 Mbps Ethernet switching modules with one or more EtherChannel trunks, after entering set module power down and set module power up commands, occasionally the spanning tree state is "not connected" for all but VLAN 1. To restore connectivity, reset the module. This problem is fixed in software release 5.2(2)CSX. (CSCdm23329)
- If IGMP is enabled, when a port in an EtherChannel to the MSM gets disabled, the switch stops forwarding IP multicast traffic in groups learned on the switch to the MSM. To restore transmission of IP multicast traffic to the MSM, disable and then enable the channel. This problem is fixed in software release 5.2(2)CSX. (CSCdm24673)
This section describes resolved caveats in supervisor engine software release 5.2(1)CSX.
%SYS-1-MOD_SEQERROR:Switching bus sequence error occurred on module 8
- This message might be generated for some or all installed modules. Ignore this message. This problem is fixed in software release 5.2(1)CSX. (CSCdk81972)
Vlan configuration failed (41)
- The workaround is to reset the switch. This problem is fixed in software release 5.2(1)CSX. (CSCdk88280)
- When a switching module temperature sensor exceeds its minor threshold, the module's Status LED stays green; the Status LED should go to orange. When a switching module temperature sensor exceeds its major threshold, the module's Status LED shows green, red, and then stays green; the Status LED should go to red. This problem is fixed in software release 5.2(1)CSX. (CSCdk92667)
- If you configure an EtherChannel between a Catalyst 6000 family switch and a Catalyst 5000 family switch, if the EtherChannel formed from ports in desirable mode, a memory leak occurs on the Catalyst 6000 family switch. To avoid the problem, use the on mode. This problem is fixed in software release 5.2(1)CSX. (CSCdk93430)
- If the system message logging level is set to 7 for all facilities, entering the show logging buffer command can cause an exception error, causing the switch to reset. This problem is fixed in software release 5.2(1)CSX. (CSCdk93930)
- On 10/100 or 100 Mbps Ethernet switching modules with multiple ISL trunks, if one or more trunks go down, other ISL trunk ports on the module might not be able to switch ISL frames longer than 1,443 bytes until all trunks are operational. This problem is fixed in software release 5.2(1)CSX. (CSCdm10189)
- After a module is reset, the MIB objects under etherStatsEntry (1.3.6.1.2.1.16.1.1) for the module are removed from etherStatsTable (1.3.6.1.2.1.16.1). To restore the entries, enter the set snmp rmon disable and set snmp rmon enable commands. This problem is fixed in software release 5.2(1)CSX. (CSCdm10685)
- Occasionally, an exception may occur if an entry in usrHistoryControlTable (1.3.6.1.2.1.16.18.1) is usrHistoryControlBucketsRequested (1.3.6.1.2.1.16.18.1.1.3) multiplied by usrHistoryControlObjects (1.3.6.1.2.1.16.18.1.1.2) with a result greater than or equal to 429385320. This problem is fixed in software release 5.2(1)CSX. (CSCdm11328)
- An SNMP query that accesses portTopNControlTable (1.3.6.1.4.1.9.5.1.20.1) or portTopNTable (1.3.6.1.4.1.9.5.1.20.2) where portTopNControlIndex (1.3.6.1.4.1.9.5.1.20.1.1.1) has an out-of-range value (the valid range is 1 through 5) occasionally causes a TLB exception. This problem is fixed in software release 5.2(1)CSX. (CSCdm13058)
- The trapDestOwner MIB object (1.3.6.1.2.1.16.19.13.1.5) is limited to 20 characters. This problem is fixed in software release 5.2(1)CSX (the new limit is 128 characters). (CSCdm17939)
This section describes caveats for Catalyst 6000 family software release 5.1(1)CSX.
- In systems with redundant supervisor engines, occasionally, during bootup or after a switchover to the redundant supervisor engine, a switching bus sequence error syslog message is reported to the console as follows:
%SYS-1-MOD_SEQERROR:Switching bus sequence error occurred on module 8
- This message might be generated for some or all installed modules. Ignore this message. This problem is fixed in software release 5.2(1)CSX. (CSCdk81972)
This section describes troubleshooting guidelines for the Catalyst 6000 family switch configuration and is divided into the following subsections:
Note Refer to the Release Notes for Catalyst 6000 Family Multilayer Switch Feature CardCisco IOS Release 12.0(3)XE publication for information about how caveat CSCdm83559 affects the MLS feature. Note that CSCdm83559 has been resolved in software release 12.1(2)E.
This section contains troubleshooting guidelines for system-level problems:
- When the system is booting and running power-on diagnostics, do not reset the switch.
- After you initiate a switchover from the active supervisor engine to the standby supervisor engine, or when you insert a redundant supervisor engine in an operating switch, always wait until the supervisor engines have synchronized and all modules are online before you remove or insert modules or supervisor engines or perform another switchover.
- After you download a new Flash image, the next reboot might take longer than normal if Erasable Programmable Logic Devices (EPLDs) on the supervisor engine need to be reprogrammed. Whether this happens depends on which software version was running on the supervisor engine before the download and which software version is downloaded. This can add up to 15 minutes to the normal reboot time.
- If you have a port whose port speed is set to auto connected to another port whose speed is set to a fixed value, configure the port whose speed is set to a fixed value for half duplex. Alternately, you can configure both ports to a fixed-value port speed and full duplex.
This section contains troubleshooting guidelines for module problems:
- If the Catalyst 6000 family switch detects a port-duplex misconfiguration, the misconfigured switch port is disabled and placed in the "errdisable" state. The following syslog message is reported to the console indicating the misconfigured port has been disabled due to a late collision error.
SYS-3-PORT_COLL:Port 8/24 late collision (0) detected
%SYS-3-PORT_COLLDIS:Port 8/24 disabled due to collision
%PAGP-5-PORTFROMSTP:Port 8/24 left bridge port 8/24
- Reconfigure the port-duplex setting and use the set port enable command to reenable the port.
- When you hot insert a module into a Catalyst 6000 family chassis, be sure to use the ejector levers on the front of the module to seat the backplane pins properly. Inserting a module without using the ejector levers might cause the supervisor engine to display incorrect messages about the module.
- If you see minor hardware failures or Pinnacle sync errors on bootup, reconfirm that the supervisor engine and all the switching modules are fully seated, the ejector levers are fully depressed, and the thumbscrews are fully tightened.
- For module installation instructions, refer to the Catalyst 6000 Family Module Installation Guide.
- Whenever you connect a Catalyst 6000 family port that is set to autonegotiate to an end station or another networking device, make sure that the other device is configured for autonegotiation as well. If the other device is not set to autonegotiate, the Catalyst 6000 family switch autonegotiating port will remain in half-duplex mode, which can cause a duplex mismatch resulting in packet loss, late collisions, and line errors on the link.
This section contains troubleshooting guidelines for VLAN problems:
Note Catalyst 6000 family switches do not support ISL-encapsulated Token Ring frames. To support trunked Token Ring traffic in your network, make trunk connections directly between switches that support ISL-encapsulated Token Ring frames. When a Catalyst 6000 family switch is configured as a VTP server, you can configure Token Ring VLANs from the switch.
Catalyst 6000 family switches ship with trunking-capable ports in a nontrunking state and the Dynamic Trunking Protocol (DTP) feature in the auto mode. In this mode, if a port sees a DTP on or DTP desired frame, it transitions into trunking state. Although DTP is a point-to-point protocol, some internetworking devices might forward DTP frames. To avoid connectivity problems that might be caused by a Catalyst 6000 family switch acting on these forwarded DTP frames, do the following:
- For ports connected to non-Catalyst 6000 family devices in which trunking is not currently being used, configure trunk-capable Catalyst 6000 ports to off by entering the set trunk mod_num/port_num off command.
- When manually enabling trunking on a link to a Cisco router, use the set trunk mod_num/port_num nonegotiate command. The nonegotiate keyword is available in Catalyst 6000 supervisor engine software release 5.1(1)CSX and later that transitions a link into trunking mode without sending DTP frames.
This section contains troubleshooting guidelines for spanning tree problems:
The Spanning Tree Protocol (STP) blocks certain ports to prevent physical loops in a redundant topology. On a blocked port, the Catalyst 6000 family switch receives spanning tree bridge protocol data units (BPDUs) periodically from its neighboring Catalyst 6000 family switch. You can configure the frequency with which BPDUs are received by entering the set spantree hello command (the default frequency is set to 2 seconds). If a Catalyst 6000 family switch does not receive a BPDU in the time period defined by the set spantree maxage command (20 seconds by default), the blocked port transitions to the listening state, the learning state, and to the forwarding state. As it transitions, the Catalyst 6000 family switch waits for the time period specified by the set spantree fwddelay command (15 seconds by default) in each of these intermediate states. Therefore, a blocked spanning tree port moves into the forwarding state if it does not receive BPDUs from its neighbor within approximately 50 seconds.
Note We do not recommend using the UplinkFast feature (also known as spanning tree Uplink FastSwitchover) on switches with more than 20 active VLANs. The convergence time might be unacceptably long for a switch with more than 20 active VLANs.
Use the following guidelines to debug STP problems:
- After a switchover from the active to the standby supervisor engine, the uplink ports on the standby supervisor engine take longer to come up than other switch ports.
- Keep track of all blocked spanning tree ports in each Catalyst 6000 family switch in your network. For each of the blocked spanning tree ports, keep track of the output of the following commands:
- show portCheck to see if the port has registered a lot of alignment, FCS, or any other type of line errors. If these errors are incrementing continuously, the port might drop input BPDUs.
- show macIf the Inlost counter is incrementing continuously, the port is losing input packets because of a lack of receive buffers. This problem can also cause the port to drop incoming BPDUs.
- On a blocked spanning tree port, check the duplex configuration to ensure that the port duplex is set to the same type as the port of its neighboring Catalyst 6000 family switch.
- On trunk ports, make sure that the trunk configuration is set properly on both sides of the link.
- On trunk ports, make sure that the duplex is set to full on both sides of the link to prevent any collisions under heavy traffic conditions.
- On your Catalyst 6000 family switch, ensure that the sum of the logical ports across all instances of spanning tree for different VLANs does not exceed 4000. The sum of all logical ports equals the number of trunks or channels on the switch times the number of active VLANs on that trunk, plus the number of nontrunking ports on the switch.
 | Caution
When numerous protocol features (such as VTP pruning, Fast EtherChannel, and RMON) are enabled concurrently, the number of supported logical spanning tree ports are reduced. Also, to achieve these numbers, we recommend that you keep switched traffic off the management VLAN. |
This section describes caveats for the Catalyst 6000 family software release 5.4 documentation. These changes will be included in the next update to the documentation.
- The Catalyst 6000 Family Software Configuration Guide incorrectly omits the restriction that the set port negotiation command is supported on Gigabit Ethernet ports only. Refer to the online documentation for the updated information.
- The Catalyst 6000 Family Command Reference incorrectly omits the restriction that the set port negotiation command is supported on Gigabit Ethernet ports only. Refer to the online documentation for the updated information.
- The following commands were incorrectly included in the Catalyst 6000 Family Command Reference:
- set ip http server
- set ip http port
- set trace
- show ip http
Refer to the online documentation for the updated information.
- Updates to existing commands and new commands were added to the Catalyst 6000 Family Command Reference, software release 5.4(1), after the document went to print:
- set arp static (revised)
- set authentication (revised)
- set default portstatus (revised)
- set ip permit (revised)
- set port security (revised)
- set qos acl ipx (revised)
- set qos acl map (revised)
- set security acl capture-ports (revised)
- set security acl map (revised)
- set trace (revised)
- show authentication (revised)
- show config (revised)
- show trunk (revised)
- show environment power (revised)
- show trace (revised)
- show version (revised)
- switch console (revised)
- New commands to support PVLANs
- Refer to the online documentation for the updated information.
- These syslog messages were added to the Catalyst 6000 Family System Message Guide, software release 5.4(1), after the document went to print:
- msgdef(SYS_DISABLEPS,SYS,LOG_ALERT,0, " Rating of power supplies in redundancy not equal. power supply %d disabled");
- msgdef(SYS_ENABLEPS,SYS, LOG_ALERT,0, " Power supply %d enabled");
- Refer to the online documentation for the updated information.
This section describes caveats for the Catalyst 6000 family software release 5.3 documentation. These changes will be included in the next update to the documentation.
- The following messages are documented in the online version of the Catalyst 6000 Family System Message Guide:
SYS-5-SUP_SBYLOWPWR:Standby drawing less power. Potential power budget violation at
switchover
SYS-5-SUP_SBYHIGHPWR:Standby drawing more power. System may run over power budget
SYS-1-SYS_OVERPWRRTNG:System drawing more power than the power supply rating
SYS-1-SYS_NORMPWRMGMT:System in normal power management operation
SYS-1-MOD_PWRSPROMFAIL:Power mgmt sprom failure for module [dec]
Transmit queue drop threshold percentages
| - Low-priority queue threshold 1: 80%
- Low-priority queue threshold 2: 100%
- High-priority queue threshold 1: 80%
- High-priority queue threshold 2: 100%
|
- In the QoS chapter of the Catalyst 6000 Family Software Configuration Guide, Software Release 5.3, the section "Classification, Marking, and Policing with an L3 Switching Engine" has a note that should be:
Note With an L3 Switching Engine, the Catalyst 6000 family switches provide QoS only for the Ethertype field values shown in Table 35-2 in Ethernet_II and Ethernet_SNAP frames.
- In the QoS chapter of the Catalyst 6000 Family Software Configuration Guide, Software Release 5.3, the last paragraph in the section "Internal DSCP Values" should be:
- For trust-dscp and trust-ipprec IP traffic, QoS creates a ToS byte from the 6-bit DSCP value (which may equal an IP precedence value) and, for trust-cos and trust-ipprec traffic, the original two-least-significant bits from the received ToS byte, and sends the byte to the egress port to be written into IP packets. The original two-least-significant bits from the received ToS byte are not preserved except in trust-dscp or untrusted traffic.
- QoS supports IGMP classification using version 1 four-bit Type fields.
- QoS MAC ACLs that do not include an Ethertype parameter match traffic with any value in the Ethertype field, which allows MAC-level QoS to be applied to any traffic.
- In the QoS chapter of the Catalyst 6000 Family Software Configuration Guide, Software Release 5.3, the last note ("To avoid inconsistent results") in the section "Policing Rules" should be:
Note You must configure all ACEs that include the same aggregate policing rule to use the same ACE keyword: trust-dscp, trust-ipprec, trust-cos, or dscp. If the ACEs use the dscp keyword, the DSCP value specified must be the same.
- The QoS chapter of the Catalyst 6000 Family Software Configuration Guide, Software Release 5.3, incorrectly documents a set qos bridged-packet-microflow-policing command. In all cases, it should be set qos bridged-microflow-policing. In the "Enabling Microflow Policing of Nonrouted Traffic" and "Disabling Microflow Policing of Nonrouted Traffic" sections, the vlan parameter is shown as being optional, but it is not. The vlan parameter must always be supplied.
- For the set qos bridged-microflow-policing command, "routed traffic" only refers to traffic being routed by the MSFC when MLS is enabled. To do microflow policing of traffic to and from other routers, enable bridged microflow policing.
- For wildcards in masks, the QoS chapter of the Catalyst 6000 Family Software Configuration Guide, Software Release 5.3, incorrectly states "Use zero bits, which need not be contiguous, where you want wildcards." The reverse is true. Use one bits, which need not be contiguous, where you want wildcards.
- In the QoS chapter of the Catalyst 6000 Family Software Configuration Guide, Software Release 5.3, in the "Deleting Named ACLs" section:
- The example command should be clear qos acl icmp_acl (there should not be a "1" at the end).
- Ignore the "Note." You can use the commit command on a deleted ACL while the ACL is attached to ports and VLANs, in which case the commit command clears the attachments and deletes the ACL.
- The show qos acl map command syntax is documented incorrectly in the QoS chapter of the Catalyst 6000 Family Software Configuration Guide, Software Release 5.3. It is:
- show qos acl map {config | runtime} {acl_name | mod_num/port_num | vlan | all}
- See the online version of the Catalyst 6000 Family Command Reference, Software Release 5.3 publication for complete information about the syntax.
- The show qos maps command syntax is documented incorrectly in the QoS chapter of the Catalyst 6000 Family Software Configuration Guide, Software Release 5.3. It is:
- show qos maps {config | runtime} [cos-dscp-map | ipprec-dscp-map | dscp-cos-map | policed-dscp-map]
- See the online version of the Catalyst 6000 Family Command Reference, Software Release 5.3 publication for complete information about the syntax.
- In the QoS chapter of the Catalyst 6000 Family Software Configuration Guide, Software Release 5.3, in the "Displaying QoS Information" section, the example command is with the config keyword, not the runtime keyword.
- The QoS chapter of the Catalyst 6000 Family Software Configuration Guide, Software Release 5.3, does not include the WRED thresholds defaults, which are: queue type is tx, threshold 1 is 80 percent, threshold 2 is 100 percent, and the low threshold is picked automatically by the system.
This section describes caveats for the Catalyst 6000 family software release 5.2 documentation. These changes will be included in the next update to the documentation.
- Some publications incorrectly document the model number of the 48-Port 10/100TX RJ-21 Ethernet switching module. The model number is WS-X6248-TEL.
- The Catalyst 6000 family Module Installation Guide incorrectly states that the 48-Port 10/100TX RJ-21 Ethernet switching module (WS-X6248-TEL) interfaces can use either Category 3 or Category 5 UTP cable. The WS-X6248-TEL module RJ-21 connectors do not support
Category 3 RJ-21 Telco connectors and cabling. Using Category 3 connectors and cabling causes carrier sense errors. You must use Category 5 RJ-21 telco connectors and cables with the WS-X6248-TEL module.
- The Catalyst 6000 and 6500 Family Quick Software Configuration, Software Release 5.2 publication incorrectly documents the set port channel command syntax. The command syntax is:
set port channel mod_num/port_num mode {on | off | desirable | auto} [silent | non-silent]
- Refer to the Catalyst 6000 and 6500 Family Software Configuration Guide, Software Release 5.2, for information about the set gvrp applicant command. This command is not in the Catalyst 6000 and 6500 Family Command Reference, Software Release 5.2.
- The Catalyst 6000 and 6500 Family Command Reference, Software Release 5.2 publication contains a Usage Guideline that incorrectly limits the set port negotiation command to Gigabit Ethernet ports. The command is usable on all ports.
- The "Egress Port Scheduling" section on page 9-5 of the Catalyst 6000 and 6500 Family Software Configuration Guide, Software Release 5.2, incorrectly describes allocation of bandwidth between the transmit queues. QoS allocates buffers, not bandwidth.
- The Catalyst 6000 and 6500 Family Software Configuration Guide, Software Release 5.2, does not contain documentation for the set port negotiation command. Refer to the Catalyst 6000 and 6500 Series Software Configuration Guide, Software Release 5.3 and later for information about port negotiation.
- The Catalyst 6000 and 6500 Family, Software Release 5.2, publications do not include the procedure for uploading a software image through the console port using the xmodem or ymodem procedure. Refer to the Catalyst 6000 and 6500 Series Software Configuration Guide, Software Release 5.3 and later for procedure information.
- The Catalyst 6000 family Supervisor Engine Installation Guide incorrectly states that 1300W and 1000W power supplies can be used in the same chassis. The guide also does not mention configuration restrictions when using the 1300W supply with two Multilayer Switch Modules (MSMs) in a nine-slot chassis. The restrictions are as follows:
Note The 1000W power supply is used in the six-slot chassis; the 1300W supply is used in the nine-slot chassis. Do not use the 1000W supply in the nine-slot chassis.
- Nine-Slot Chassis
Because the Catalyst 6000 family modules have different power requirements, certain switch configurations require more power than a single power supply can provide. Although the power management feature allows you to power all installed modules with two power supplies, redundancy is not supported in this configuration. Loss of power redundancy (and the need for more than one supply) is only an issue when you are using two MSMs.
- When operating a nine-slot chassis with power redundancy (or a single supply), the only limitations with two MSMs are that you are limited to five 10/100 modules and cannot have a 1000BaseX GBIC module in the remaining slot, as shown in Table 3.
- Six-Slot Chassis
When operating a six-slot chassis with power redundancy (or a single supply), there are no limitations with two MSMs; the chassis supports two MSMs and any combination of additional modules.
Table 3: Possible Switch Configurations with Two MSMs
| Switch Slots
| Switch Configuration
|
|
1
| Supervisor
| Supervisor
| Supervisor
| Supervisor
| Supervisor
| Supervisor
|
2
| MSM
| MSM
| MSM
| MSM
| MSM
| MSM
|
3
| MSM
| MSM
| MSM
| MSM
| MSM
| MSM
|
4
| 10/1001
| 10/100
| 10/100
| 10/100
| 10/100
| Any module
|
5
| 10/100
| 10/100
| 10/100
| 10/100
| Any module
| Any module
|
6
| 10/100
| 10/100
| 10/100
| Any module
| Any module
| Any module
|
7
| 10/100
| 10/100
| Any module
| Any module
| Any module
| Any module
|
8
| 10/100
| Any module2
| Any module
| Any module
| Any module
| Any module
|
9
| 100FX3 (1000BaseX not allowed)
| Any module3
| Any module3
| Any module3
| Any module3
| Any module3
|
1The WS-X6248-TEL (10/100) has the same power consumption as WS-X6248-RJ-45 (10/100).
2Any module = WS-X6224-100FX-MT (100FX) or WS-X6408-GBIC (1000BaseX).
3Or a redundant supervisor engine in slot 2 (that is, two supervisor engines and two MSMs).
|
This section describes caveats for the Catalyst 6000 family software release 5.1 documentation. These changes will be included in the next update to the documentation.
- The Catalyst 6000 and 6500 Family Software Configuration Guide, Software Release 5.1, page 4-4 incorrectly includes a description of how to configure the priority level of each port on Ethernet, Fast Ethernet, and Gigabit Ethernet modules using the set port level command. This feature has not been implemented on Catalyst 6000 family switches and the set port level command is not supported.
- The Catalyst 6000 and 6500 Family Software Configuration Guide, Software Release 5.1, page 6-3 incorrectly lists ISL as the default trunk encapsulation. The default is negotiate mode. If both ports are set to negotiate mode, the trunk uses ISL encapsulation.
- The Catalyst 6000 and 6500 Family Software Configuration Guide, Software Release 5.1, Table 9-1. Receive queue drop threshold default percentages have changed as follows:
- Threshold 1: 50 percent
- Threshold 2: 60 percent
- Threshold 3: 80 percent
- Threshold 4: 100 percent
- The Catalyst 6000 and 6500 Family Command Reference, Software Release 5.1, Table 2-1. Receive queue drop threshold default percentages have changed as indicated above.
- The Catalyst 6000 family software publications incorrectly describe support for IEEE 802.3Z flow control as being only for Gigabit Ethernet ports. 100 Mbps and 10/100 Mbps ports on Catalyst 6000 family switches support IEEE 802.3Z flow control with the set port flowcontrol receive mod_num/port_num {off | on | desired} command; the ports do not support the send mode.
- The Catalyst 6000 and 6500 Family Supervisor Engine Installation Guide and the Quick Installation Guide - Catalyst 6009 and Catalyst 6509 include incorrect settings for the supervisor engine console port mode switch. The correct settings are as follows.
- Mode 1Switch in the in position. Use this mode to connect a terminal to the console port using the console cable and data terminal equipment (DTE) adapter (labeled "Terminal") that shipped with the switch.
- You can also use this mode to connect a modem to the console port using the console cable and data communications equipment (DCE) adapter (labeled "Modem") that shipped with the switch.
- Mode 2Switch in the out position. Use this mode to connect a terminal to the console port using the Catalyst 5000 family Supervisor Engine III console cable (not provided).
- The Catalyst 6000 and 6500 Family Supervisor Engine Installation Guide incorrectly states that the system ships with a 16-MB Flash PC card (PCMCIA). The 16- and 20-MB Flash PC cards are available as separately orderable items.
- The Catalyst 6000 and 6500 Family Supervisor Engine Installation Guide, Installation Guide, and Module Installation Guide include incorrect switching bandwidths. The correct specifications are:
- Catalyst 6000 family: 32 Gbps
- Catalyst 6500 family: 32 to 256 Gbps
The following documents are available for the Catalyst 6000 family switches:
- Catalyst 6000 Family Quick Software Configuration
- Catalyst 6000 Family Installation Guide
- Catalyst 6000 Family Module Installation Guide
- Catalyst 6000 Family Software Configuration Guide
- Catalyst 6000 Family Command Reference
- System Message Guide---Catalyst 6000 Family, 5000 Family, 4000 Family, 2926G Series, 2948G, and 2980G Switches
- ATM Configuration Guide and Command Reference
- Catalyst 6000 Family Multilayer Switch Feature Card and Policy Feature Card Configuration Guide
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or tac@cisco.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or cs-rep@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.








Posted: Mon Oct 2 10:02:26 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.