Release Notes for the Catalyst 3550 Multilayer Switch, 12.1(13)EA1a-Cisco Catalyst 3550 Series Switches

These release notes include important information about this IOS release and any limitations, restrictions, and caveats that apply to it. Verify that these are the correct release notes for your switch:

If you are installing a new switch, refer to the IOS release label on the rear panel of your switch.
If your switch is on, use the show version privileged EXEC command. See the "Determining the Software Version and Feature Set" section.
If you are upgrading to a new release, refer to the software upgrade filename for the IOS version.

For the complete list of Catalyst 3550 switch documentation, see the "Related Documentation" section.

You can download the switch software from these sites:

http://www.cisco.com/public/sw-center/sw-lan.shtml

(for registered Cisco.com users with a login password)

http://www.cisco.com/public/sw-center/sw-lan.shtml

(for nonregistered Cisco.com users)

This IOS release is part of a special release of Cisco IOS software that is not released on the same 8-week maintenance cycle that is used for other platforms. As maintenance releases and future IOS releases become available, they will be posted to Cisco.com (previously Cisco Connection Online [CCO]) in the Cisco IOS software area.

This information is in the release notes:

System Requirements

These are the system requirements for this IOS release:

"Hardware Supported" section
"Software Compatibility" section

Hardware Supported

Table 1 lists the hardware supported by this IOS release.

Table 1 Supported Hardware

Switch	Description
Catalyst 3550-12T	10 Gigabit Ethernet 10/100/1000BASE-T ports and 2 GBIC¹-based Gigabit Ethernet slots
Catalyst 3550-12G	10 GBIC-based Gigabit Ethernet slots and 2 Gigabit Ethernet 10/100/1000BASE-T ports
Catalyst 3550-24	24 autosensing 10/100 Ethernet ports and 2 GBIC-based Gigabit Ethernet slots
Catalyst 3550-48	48 autosensing 10/100 Ethernet ports and 2 GBIC-based Gigabit Ethernet slots
Catalyst 3550-24-FX	24 100BASE-FX ports and 2 GBIC-based Gigabit Ethernet slots
Catalyst 3550-24-DC	24 autosensing 10/100 Ethernet ports, 2 GBIC-based Gigabit Ethernet slots, and an on-board DC² power converter
Catalyst 3550-24PWR	24 autosensing 10/100 Ethernet ports, 2 GBIC-based Gigabit Ethernet slots, ability to provide power for Cisco IP Phones and Cisco Aironet Access Points from all 10/100 Ethernet ports, auto-detection and control of inline power on a per-port basis on all 10/100 ports
GBIC modules	1000BASE-SX GBIC 1000BASE-LX/LH GBIC 1000BASE-ZX GBIC 1000BASE-T GBIC GigaStack GBIC CWDM³ fiber-optic GBIC
Redundant power system	Cisco RPS 300 Redundant Power System Cisco RPS 675 Redundant Power System⁴

1GBIC = Gigabit Interface Converter

2DC = direct current

3CWDM = Course Wave Division Multiplexer

4The Cisco RPS 675 does not support the Catalyst 3550-24-DC switches.

Software Compatibility

These are the software compatibility requirements for this IOS release:

"Minimum Platform Configuration for Web-Based Management" section
"Operating System and Browser Support" section
"Installing the Required Plug-In" section
"Creating Clusters with Different Releases of IOS Software" section

Minimum Platform Configuration for Web-Based Management

Table 2 lists the recommended platforms for web-based management.

Table 2 Recommended Platform Configuration for Web-Based Management

OS	Processor Speed	DRAM	Number of Colors	Resolution	Font Size
Windows NT 4.0¹	Pentium 300 MHz	128 MB	65,536	1024 x 768	Small
Solaris 2.5.1 or higher	SPARC 333 MHz	128 MB	Most colors for applications	—	Small (3)

1Service Pack 3 or higher is required.

The minimum PC requirement is a Pentium processor running at 233 MHz with 64 MB of DRAM. The minimum UNIX workstation requirement is a Sun Ultra 1 running at 143 MHz with 64 MB of DRAM.

For information about supported operating systems, see the next section.

Operating System and Browser Support

You can access the web-based interfaces by using the operating systems and browsers listed in Table 3. The switch checks the browser version when starting a session to ensure that the browser is supported. If the browser is not supported, the switch displays an error message, and the session does not start.

Table 3 Supported Operating Systems and Browsers

Operating System	Minimum Service Pack or Patch	Netscape Communicator¹	Microsoft Internet Explorer²
Windows 95	Service Pack 1	4.75 or 6.2	5.5 or 6.0
Windows 98	Second Edition	4.75 or 6.2	5.5 or 6.0
Windows NT 4.0	Service Pack 3 or later	4.75 or 6.2	5.5 or 6.0
Windows 2000	None	4.75 or 6.2	5.5 or 6.0
Windows XP	None	4.75 or 6.2	5.5 or 6.0
Solaris 2.5.1 or later	Sun-recommended patch cluster for the OS and Motif library patch 103461-24	4.75 or 6.2	Not supported

1Netscape Communicator version 6.0 is not supported.

2Service Pack 1 or higher is required for Internet Explorer 5.5.

Note If your browser is Internet Explorer and you receive an error message stating that the page might not display correctly because your security settings prohibit running activeX controls, this might mean that your security settings are set too high. To lower security settings, go to Tools > Internet Options, and select the Security tab. Select the indicated Zone, and move the Security Level for this Zone slider from High to Medium (the default).

Note In Cluster Management displays, Internet Explorer versions 4.01 and 5.0 might not display edge devices that are not connected to the command switch. Other functionality is similar to that of Netscape Communicator.

Guidelines for Installing and Enabling the Java Plug-In

If CMS does not launch automatically, you might not have a supported Java plug-in installed, or the Java plug-in might not be enabled. CMS does not automatically detect if a supported Java plug-in is installed. If you start CMS without the required Java plug-in installed, the CMS splash screen remains open, and CMS does not launch.

To make sure that a supported Java plug-in is correctly installed and enabled, follow these guidelines:

If you are using a supported browser and are connected to the Internet, click the Java plug-in link to download and install a supported Java plug-in.
If you have installed the Java plug-in but CMS still does not launch, make sure that the plug-in is enabled by clicking Start > Settings > Control Panel > Java Plug-in. Click the Basic tab, select Enable Java Plug-in, and click Apply.
To verify that a supported version of the Java plug-in is installed, click Start > Settings > Control Panel. The Java plug-in is listed with the version number in the Control Panel menu.

Installing the Required Plug-In

A Java plug-in is required for the browser to access and run the Java-based Cluster Management Suite (CMS). Download and install the plug-in before you start CMS. Each platform, Windows and Solaris, supports three plug-in versions. For information on the supported plug-ins, see the "Windows XP, Windows 2000, Windows 95, Windows 98, and Windows NT 4.0 Plug-Ins" section and the "Solaris Platforms" section.

You can download the recommended plug-ins from this URL: http://www.cisco.com/pcgi-bin/tablebuild.pl/java

Note Uninstall older versions of the Java plug-ins before installing the Java plug-in.

If the Java applet does not initialize after you have installed the plug-in, open the Java Plug-in Control Panel (Start > Programs > Java Plug-in Control Panel), and verify these settings:

In the Proxies tab, verify that Use browser settings is checked and that no proxies are enabled.

Note If you are running an Internet virus checker on Windows 2000 and the plug-in takes a long time to load, you can speed up CMS operation by disabling the virus checker filter option or download option or both.

On McAfee VirusScan, from the Start menu, to disable the VirusScan Internet Filter option, the Download Scan option, or both, select Start > Programs > Network Associates > Virus Scan Console > Configure.

or

From the taskbar, right-click the Virus Shield icon and in the Quick Enable menu, disable the options by deselecting Internet Filter or Download Scan.

Windows XP, Windows 2000, Windows 95, Windows 98, and Windows NT 4.0 Plug-Ins

These Java plug-ins are supported in Windows environments:

Java plug-in 1.4
Java plug-in 1.3.1
Java plug-in 1.3.0

You can download these plug-ins from this URL:

http://www.cisco.com/pcgi-bin/tablebuild.pl/java

Solaris Platforms

These Java plug-ins are supported on the Solaris platform:

Java plug-in 1.4
Java plug-in 1.3.1
Java plug-in 1.3.0

You can download these plug-ins and instructions from this URL:

http://www.cisco.com/pcgi-bin/tablebuild.pl/java

To install the Java plug-in, follow the instructions in the README_FIRST.txt file.

Creating Clusters with Different Releases of IOS Software

When a cluster consists of a mixture of other Catalyst switches, we strongly recommend using only the Catalyst 3550 switches as the command and standby command switches. When the command switch is a Catalyst 3550 switch, all standby command switches must also be Catalyst 3550 switches. The Catalyst 3550 switch that has the latest software should be the command switch. If the command switch is a Catalyst 3550 Gigabit Ethernet switch and the standby command switch is a Catalyst 3550 Fast Ethernet switch, command switch port speeds are reduced if the standby command switch takes over.

If your cluster has Catalyst 2950, Catalyst 2900 XL, and Catalyst 3500 XL switches, the Catalyst 2950 switch (with the latest software release) should be the command switch. The Catalyst 2950 switch that has the latest software should be the command switch.

If your switch cluster has Catalyst 1900, Catalyst 2820, Catalyst 2900 XL, and Catalyst 3500 XL switches, either the Catalyst 2900 XL or Catalyst 3500 XL (whichever has the latest software release) should be the command switch.

Table 4 lists the cluster capabilities and software versions for the switches.

Table 4 Switch Software and Cluster Capability

Switch	IOS Release	Cluster Capability
Catalyst 3550	Release 12.1(4)EA1 or later	Member or command switch
Catalyst 3500 XL	Release 12.0(5.1)XU or later	Member or command switch
Catalyst 2950	Release 12.0(5.2)WC(1) or later	Member or command switch
Catalyst 2900 XL (8-MB switches)	Release 12.0(5.1)XU or later	Member or command switch
Catalyst 2900 XL (4-MB switches)	Release 11.2(8.5)SA6 (recommended)	Member switch only¹
Catalyst 1900 and 2820	Release 9.00(-A or -EN) or later	Member switch only

1Catalyst 2900 XL (4-MB) switches appear in the front-panel and topology views of CMS. However, CMS does not support configuration or monitoring of these switches.

Some versions of the Catalyst 2900 XL software do not support clustering and if you have a cluster with switches that are running different versions of IOS software, software features added on the latest release might not be reflected on switches running the older versions. For example, if you start Visual Switch Manager (VSM) on a Catalyst 2900 XL switch running Release 11.2(8)SA6, the windows and functionality can be different from a switch running Release 12.0(5)WC(1) or later.

Note The CMS is not forward-compatible, which means that if a member switch is running a software version that is newer than the release running on the command switch, the new features are not available on the member switch. If the member switch is a new device supported by a software release that is later than the software release on the command switch, the command switch cannot recognize the member switch and it is displayed as an unknown device in the Front Panel view. You cannot configure any parameters or generate a report through CMS for that member; instead, you must launch the Device Manager application to perform configuration and obtain reports for that member.

Downloading Software

These are the procedures for downloading software:

"Determining the Software Version and Feature Set" section
"Which Files to Use" section
"Upgrading a Switch by Using CMS" section
"Upgrading a Switch by Using the CLI" section

Note Before downloading software, read this section for important information.

Caution The crypto image includes a bootloader upgrade. Do not power cycle the switch while you are copying this image to the switch. If a power failure occurs when you are copying this image to the switch, call Cisco Systems immediately.

Determining the Software Version and Feature Set

The IOS image is stored as a .bin file in a directory that is named with the IOS release. A subdirectory contains the HTML files needed for web management. The image is stored on the system board Flash device (flash:).

You can use the show version privileged EXEC command to see the software version that is running on your switch. The second line displays C3550-I5Q3L2 for the enhanced multilayer software image (EMI) or C3550-I9Q3L2 for the standard multilayer software image (SMI).

Note Although the show version output always shows the software image running on the switch (Layer 2 only or Layer 2 and Layer 3), the model name shown at the end of this display is the factory configuration (SMI or EMI) and does not change if you upgrade the software image.

You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in Flash memory.

Which Files to Use

The upgrade procedures in these release notes describe how to perform the upgrade by using a combined .tar file. This file contains both the IOS image file and the HTML files (needed for the CMS). You must use the combined .tar file to upgrade the switch through the CMS.

The .tar file is an archive file from which you can extract files by using the tar command. You also use the .tar file to upgrade the system by using the archive download-sw privileged EXEC command.

Table 5 lists the software filenames for this IOS release.

Table 5 Cisco IOS Software Files for Catalyst 3550 Switches

Filename	Description
c3550-i9q3l2-tar.121-13.EA1a.tar	IOS SMI image file and CMS files. This image has Layer 2+ and basic Layer 3 routing features.
c3550-i5q3l2-tar.121-13.EA1a.tar	IOS EMI image file and CMS files. This image has both Layer 2+ and full Layer 3 features.
c3550-i9k2l2q3-tar.121-13.EA1a.tar	IOS SMI crypto image file and CMS files. This image has the Secure Shell (SSH) and Layer 2+ features.
c3550-i5k2l2q3-tar.121-13.EA1a.tar	IOS EMI crypto image file and CMS files. This image has the SSH, Layer 2, and Layer 3 features.

The Catalyst 3550 switch is supported by either the SMI, which provides Layer 2+ features and basic Layer 3 routing, or the EMI, which provides Layer 2+ features, full Layer 3 routing, and advanced services. All Catalyst 3550 Gigabit Ethernet switches are shipped with the EMI installed. Catalyst 3550 Fast Ethernet switches are shipped with either the SMI or the EMI installed. After initial deployment, you can order the Enhanced Multilayer Software Image Upgrade kit to upgrade the Catalyst 3550 Fast Ethernet switches from the SMI to the EMI.

Upgrading a Switch by Using CMS

You can upgrade switch software by using CMS. From the menu bar, select Administration > Software Upgrade. For detailed instructions, click Help.

Caution If you are copying the crypto image to the switch, the bootloader can take up to 30 seconds to upgrade. Do not power cycle the switch while you are copying the image to the switch. If a power failure occurs when you are copying the image, call Cisco Systems immediately.

Upgrading a Switch by Using the CLI

This procedure is for copying the combined .tar file to the Catalyst 3550 switch. You copy the file to the switch from a TFTP server and extract the files. You can download an image file and replace or keep the current image.

To download software, and if necessary, the TFTP server application, follow these steps:

Step 1 Use Table 5 to identify the file that you want to download.

Step 2 Download the software image file.

If you have a SmartNet support contract, go to this URL and log in to download the appropriate files:

http://www.cisco.com/public/sw-center/sw-lan.shtml

If you do not have a SmartNet contract, go to this URL and follow the instructions to register on Cisco.com and download the appropriate files:

http://www.cisco.com/public/sw-center/sw-lan.shtml

To download the SMI and EMI files, select Catalyst 3550 software.

To obtain authorization and to download the crypto software files, select Catalyst 3550 3DES Cryptographic Software.

Note For information about downloading a TFTP server, refer to the URLs in Step 2. The information on these pages describe how to download the TFTP server.

Step 3 Copy the image to the appropriate TFTP directory on the workstation, and make sure the TFTP server is properly configured.

For more information, refer to Appendix B in the Catalyst 3550 Multilayer Switch Software Configuration Guide.

Step 4 Log in to the switch through the console port or a Telnet session.

Step 5 Check your VLAN 1 configuration by using the show interfaces vlan 1 privileged EXEC command, and verify that VLAN 1 is part of the same network as the TFTP server. (Check the Internet address is line near the top of the display.)

Step 6 Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by using this privileged EXEC command:

 archive download-sw /overwrite /reload tftp:[[//location]/directory]/image-name.tar

The /overwrite option overwrites the software image in Flash memory with the downloaded one.

The /reload option reloads the system after downloading the image unless the configuration has been changed and not been saved.

For //location, specify the IP address of the TFTP server.

For /directory/image-name.tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive.

This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:

 Switch# archive download-sw /overwrite tftp://198.30.20.19/c3550-i5q3l2-tar.121-13.EA1.tar

You can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option.

Upgrading with a Nondefault System MTU Setting

If the switch was running Release 12.1(8)EA1c or earlier and you had used the system mtu global configuration command to configure a nondefault system maximum transmission unit (MTU) size on your switch, follow these steps to upgrade your switch to Release 12.1(11)EA1 or later:

Step 1 Upgrade the IOS software to Release 12.1(11)EA1 or later.

Step 2 If a system MTU size of greater than 2000 is configured on the Catalyst 3550-12T or Catalyst 3550-12G, use the system mtu global configuration command to set it to the maximum supported MTU size.

Note The maximum allowable system MTU for Catalyst 3550 Gigabit Ethernet switches
is 2000 bytes; the maximum system MTU for Fast Ethernet switches is 1546 bytes.

Step 3 Save the running configuration by entering the copy running-config startup-config privileged EXEC command.

Step 4 Reload the switch by using the new IOS software.

Step 5 When the switch comes back up with Release 12.1(11)EA1 or later, reload the switch a second time by using the reload privileged EXEC command so that the system mtu command takes effect.

Recovering from Software Failure

If the software fails, you can reload the software. For detailed recovery procedures, refer to the "Troubleshooting" chapter in the Catalyst 3550 Multilayer Switch Software Configuration Guide.

Installation Notes

You can assign IP information to your switch by using the setup program, the Dynamic Host Configuration Protocol (DHCP)-based autoconfiguration (refer to the Catalyst 3550 Multilayer Switch Software Configuration Guide), or by manually assigning an IP address (refer to the Catalyst 3550 Multilayer Switch Software Configuration Guide).

These are the installation procedures:

"Setting Up the Catalyst 3550 Initial Configuration" section
"Accessing CMS" section

Setting Up the Catalyst 3550 Initial Configuration

The first time that you access the switch, it runs a setup program that prompts you for an IP address and other configuration information necessary for the switch to communicate with the local routers and the Internet. This information is also required if you plan to use the CMS to configure and manage the switch.

Note If the switch will be a cluster member managed through the IP address of the command switch, it is not necessary to assign IP information or a password. If you are configuring the switch as a standalone switch or as a command switch, you must assign IP information.

Follow these steps to create an initial configuration for the switch:

Step 1 Enter Yes at the first two prompts.

 Would you like to enter the initial configuration dialog? [yes/no]: yes

 At any point you may enter a question mark '?' for help.

 Use ctrl-c to abort configuration dialog at any prompt.

 Default settings are in square brackets '[]'.

 Basic management setup configures only enough connectivity

 for management of the system, extended setup will ask you

 to configure each interface on the system.

 Would you like to enter basic management setup? [yes/no]: yes

Step 2 Enter a host name for the switch, and press Return.

On a command switch, the host name is limited to 28 characters; on a member switch to 31 characters. Do not use -n, where n is a number, as the last character in a host name for any switch.

 Enter host name [Switch]: host_name

Step 3 Enter a secret password, and press Return.

The password can be from 1 to 25 alphanumeric characters, can start with a number, is case sensitive, allows spaces, but ignores leading spaces.

 Enter enable secret: secret_password

Step 4 Enter an enable password, and press Return.

 Enter enable password: enable_password

Step 5 Enter a virtual terminal (Telnet) password, and press Return.

The password can be from 1 to 25 alphanumeric characters, is case sensitive, allows spaces, but ignores leading spaces.

 Enter virtual terminal password: terminal-password

Step 6 (Optional) Configure Simple Network Management Protocol (SNMP) by responding to the prompts.

Step 7 Enter the interface name (physical interface or VLAN name) of the interface that connects to the management network, and press Return. For this release, always use vlan 1 as that interface.

 Enter interface name used to connect to the

 management network from the above interface summary: vlan 1

Step 8 Configure the interface by entering the switch IP address and subnet mask and pressing Return:

 Configuring interface vlan 1:

 Configure IP on this interface? [yes]: yes

 IP address for this interface: 10.4.120.106

 Subnet mask for this interface [255.0.0.0]: 255.255.255.0

Step 9 Enter Y to configure the switch as the cluster command switch. Enter N to configure it as a member switch or as a standalone switch.

If you enter N, the switch appears as a candidate switch in the CMS. In this case, the message in Step 10 is not displayed.

 Would you like to enable as a cluster command switch? [yes/no]: yes

Step 10 Assign a name to the cluster, and press Return.

 Enter cluster name: cluster_name

The cluster name can be 1 to 31 alphanumeric characters, dashes, or underscores.

The initial configuration appears:

 The following configuration command script was created:

 hostname host-name

 enable secret 5 $1$LiBw$0Xc1wyT.PXPkuhFwqyhVi0

 enable password enable-password

 line vty 0 15

 password terminal-password

 snmp-server community public

!

 no ip routing

!

 interface vlan 1

 no shutdown

 ip address 10.4.120.106 255.255.255.0

 interface GigabitEthernet0/1

 no ip address

!

 interface GigabitEthernet0/2

 no ip address

!

 ...<output abbreviated>

!

 interface GigabitEthernet0/12

 no ip address

 cluster enable cluster-name

!

end

Step 11 These choices appear:

 [0] Go to the IOS command prompt without saving this config.

 [1] Return back to the setup without saving this config.

 [2] Save this configuration to nvram and exit.

 Enter your selection [2]:2

Make your selection, and press Return.

After you complete the setup program, the switch can run the created default configuration. If you want to change this configuration or want to perform other management tasks, use one of these tools:

Command-line interface (CLI)
Cluster Management Suite (CMS) from your browser

Accessing CMS

Before using the web-based CMS tools, see the "Software Compatibility" section and the "Installing the Required Plug-In" section to set up the appropriate browser options. After you have assigned an IP address to the switch and installed the plug-in, you can access the switch from your browser and use the CMS to configure other switches.

Note If you have downloaded a new version of the CMS, you must clear your browser cache before launching the new CMS version.

The browser prompts for a username and password when you access CMS:

If no username is configured on your switch (the default), you only need to enter the enable password in the appropriate field. For more information, see the "Displaying CMS" section.
If you are not using the default method of authentication (the enable password), you need to configure the HTTP server interface with the method of authentication used on the switch. For more information, see the "Configuring the HTTP Server" section.

Configuring the HTTP Server

Beginning in privileged EXEC mode, follow these steps to configure the HTTP server interface:

	Command	Purpose
Step 1	configure terminal	Enter global configuration mode.
Step 2	ip http authentication {aaa \| enable \| local \| tacacs}	Configure the HTTP server interface for the type of authentication you want to use. aaa—AAA facility is used for authentication. enable—Enable password, which is the default method of HTTP server user authentication, is being used. local—Local user database as defined on the Cisco router or access server is used for authentication. tacacs—TACACS server is used for authentication.
Step 3	end	Return to privileged EXEC mode.
Step 4	show running-config	Verify your entries.

After you have configured the HTTP server interface, display the CMS access page as described in the "Displaying CMS" section.

Displaying CMS

To display the CMS access page, follow these steps:

Step 1 Enter the switch IP address in the browser Location field (Netscape Communicator) or Address field (Internet Explorer), and press Return.

Step 2 Enter your username and password when prompted.

The Cisco Systems Access page appears. For more information on setting passwords and privilege levels, refer to the Catalyst 3550 Multilayer Switch Software Configuration Guide.

Step 3 Click Web Console to launch the CMS applet.

When you access CMS from a standalone or a cluster-member switch, Device Manager appears.

New Features

These are the new supported hardware and the new software features provided in Release 12.1(13)EA1:

"New Hardware Features" section
"New Software Features" section

New Hardware Features

Other than the Catalyst 3550-24-DC switches, the Catalyst 3550 switches running Release 12.1(13)EA1 support the Cisco RPS 675.

For a list of all supported hardware, see the "Hardware Supported" section.

New Software Features

Cisco IOS Release 12.1(13)EA1 contains these new features or enhancements:

Per-VLAN Rapid Spanning Tree Plus (PVRST+) for balancing load across VLANs by providing rapid convergence of spanning-tree instances

Note PVRST+ is referred to as PVRST in the software documentation.

Policy-based routing (PBR) for configuring defined policies for traffic flows
Limited support for the CISCO-PORT-SECURITY-MIB, with these limitations (CSCea06807):
- The cpsGlobalPortSecurityEnable object can only be implemented as a read object. By default this object is set to TRUE.
- The cpsIfPortSecurityStatus object has three values (secureup, securedown, and shutdown). Only the secureup and securedown values are supported in this release.
- The cpsIfClearSecureAddresses object is not supported.
CMS support for these features:
- Inter-VLAN Routing Wizard—Enable a Catalyst 3550 switch to become a router of IP traffic between different VLANs.
- Cisco RPS 675 Redundant Power System.

Limitations and Restrictions

You should review this section before you begin working with the switches. These are known limitations that will not be fixed, and there is not always a workaround. Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software.

These are the limitations and restrictions:

"IOS Limitations and Restrictions" section
"Cluster Limitations and Restrictions" section
"CMS Limitations and Restrictions" section

IOS Limitations and Restrictions

These limitations apply to IOS configuration:

Modifying a multicast boundary access list does not prevent packets from being forwarded by any multicast routes that were in existence before the access list was modified if the packets arriving on the input interface do not violate the boundary. However, no new multicast routes that violate the updated version of the multicast boundary access list are learned, and any multicast routes that are in violation of the updated access list are not relearned if they age out.

After updating a multicast boundary, the workaround is to use the clear ip mroute privileged EXEC command to delete any existing multicast routes that violate the updated boundary. (CSCdr79083)

When an IP packet with a cyclic redundancy check (CRC) error is received, the per-packet per-Differentiated Service Code Point (DSCP) counter (for DSCP 0) is incremented. Normal networks should not have packets with CRC errors. (CSCdr85898)
The mac-address interface configuration command does not properly assign a MAC address to an interface. This command is not supported on Catalyst 3550 switches. (CSCds11328)
If you configure the DHCP server to allocate addresses from a pool to the switch, two devices on the network might have the same IP address. Pooled addresses are temporarily allocated to a device and are returned to the pool when not in use. If you save the configuration file after the switch receives such an address, the pooled address is saved, and the switch does not attempt to access the DHCP server after a reboot to receive a new IP address. As a result, two devices might have the same IP address.

The workaround is to make sure that you configure the DHCP server with reserved leases that are bound to each switch by the switch hardware address. (CSCds55220)

The show ip mroute count privileged EXEC command might display incorrect packet counts. In certain transient states (for example, when a multicast stream is forwarded only to the CPU during the route-learning process and the CPU is programming this route into the hardware), a multicast stream packet count might be counted twice. Do not trust the counter during this transient state. (CSCds61396)
When changing the link speed of a Gigabit Ethernet port from 1000 Mbps to 100 Mbps, there is a slight chance that the port will stop transmitting packets. If this occurs, shut down the port, and re-enable it by using the shutdown and no shutdown interface configuration commands. (CSCds84279)
In IP multicast routing and fallback bridging, certain hardware features are used to replicate packets for the different VLANs of an outgoing trunk port. If the incoming speed is line rate, the outgoing interface cannot duplicate that speed (because of the replication of the packets). As a result, certain replicated packets are dropped. (CSCdt06418)
When you use the no interface port-channel global configuration command to remove an EtherChannel group, the ports in the port group change to the administratively down state.

When you remove an EtherChannel group, enter the no shutdown interface configuration command on the interfaces that belonged to the port group to bring them back on line. (CSCdt10825)

In the output displayed after a show interface interface-id privileged EXEC command, the output buffer failures field shows the number of packets lost before replication, whereas the packets output field shows the successful transmitted packets after replication. To determine actual discarded frames, multiply the output buffer failures by the number of VLANs on which the multicast data is replicated. (CSCdt26928)
Internet Group Management Protocol (IGMP) packets classified by QoS to map the DSCP value and the class of service (CoS) value in a QoS policy map might only modify the DSCP property and leave the CoS value at zero. (CSCdt27705)
If you assign both tail-drop threshold percentages to 100 percent by using the wrr-queue threshold interface configuration command and display QoS information for this interface by using the show mls qos interface statistics privileged command, the drop-count statistics are always zero even if the thresholds were exceeded. To display the total number of discarded packets, use the show controllers ethernet-controllers interface-id privileged EXEC command. In the display, the number of discarded frames includes the frames that were dropped when the tail-drop thresholds were exceeded. (CSCdt29703)
Open Shortest Path First (OSPF) path costs and Interior Gateway Routing Protocol (IGRP) metrics are incorrect for switch virtual interface (SVI) ports. You can manually configure the bandwidth of the SVI by using the bandwidth interface configuration command. Changing the bandwidth of the interface changes the routing metric for the routes when the SVI is used as an outgoing interface. (CSCdt29806)
On the Catalyst 3550 switch, coldStart and warmStart traps are not consistently sent. (CSCdt33779)
Remote Monitoring (RMON) collection functions on physical interfaces, but it is not supported on EtherChannels and SVIs. (CSCdt36101)
Multicast router information is displayed in the show ip igmp snooping mrouter privileged EXEC command when IGMP snooping is disabled. Multicast VLAN Registration (MVR) and IGMP snooping use the same commands to display multicast router information. In this case, MVR is enabled, and IGMP snooping is disabled. (CSCdt48002)
When a VLAN interface has been disabled and restarted multiple times by using the shutdown and no shutdown interface configuration commands, the interface might not restart following a no shutdown command. To restart the interface, re-enter a shutdown and no shutdown command sequence. (CSCdt54435)
When you configure the ip pim spt-threshold infinity interface configuration command, you want all sources for the specified group to use the shared tree and not use the source tree. However, the switch does not automatically start to use the shared tree. No connectivity problem occurs, but the switch continues to use the shortest path tree for multicast group entries already installed in the multicast routing table. You can enter the clear ip mroute * privileged EXEC command to force the change to the shared tree. (CSCdt60412)
If the number of multicast routes configured on the switch is greater than the switch can support, it might run out of available memory, which can cause it to reboot. This is a limitation in the platform-independent code.

The workaround is to not configure the switch to operate with more than the maximum number of supported multicast routes. You can use the show sdm prefer and show sdm prefer routing privileged EXEC commands to view approximate maximum configuration guidelines for the current SDM template and the routing template. (CSCdt63354)

Configuring too many multicast groups might result in an extremely low memory condition and cause the software control data structure to go out of sync, causing unpredictable forwarding behavior. The memory resources can only be recovered by entering the clear ip mroute privileged EXEC command. To prevent this situation, do not configure more than the recommended multicast routes on the switch. (CSCdt63480)
The dec keyword is not supported in the bridge bridge-group protocol global configuration command. If two Catalyst 3550 switches are connected to each other through an interface that is configured for IP routing and fallback bridging, and the bridge group is configured with the bridge bridge-group protocol dec command, both switches act as if they were the spanning tree root. Therefore, spanning-tree loops might be undetected. (CSCdt63589)
When you configure an EtherChannel between a Catalyst 3550 and a Catalyst 1900 switch, some of Catalyst 3550 links in the EtherChannel might go down, but one link in the channel remains up, and connectivity is maintained.

The workaround is to disable the Port Aggregation Protocol (PAgP) on both devices by using the channel-group channel-group-number mode on interface configuration command. PAgP negotiation between these two devices is not reliable. (CSCdt78727)

When the switch is operating with equal-cost routes and it is required to learn more unicast routes than it can support, the CPU might run out of memory, and the switch might fail.

The workaround is to remain within the documented recommended and supported limits. (CSCdt79172)

The behavior of a software access control list (ACL) with QoS is different from a hardware ACL with QoS. On the Catalyst 3550 switch, when the QoS hardware rewrites the DSCP of a packet, the rewriting of this field happens before software running on the CPU examines the packet, and the CPU sees only the new value and not the original DSCP value.

When the security hardware ACL matches a packet on input, the match uses the original DSCP value. For output security ACLs, the security ACL hardware should match against the final, possibly changed, DSCP value as set by the QoS hardware. Under some circumstances, a match to a security ACL in hardware prevents the QoS hardware from rewriting the DSCP and causes the CPU to use the original DSCP.

If a security ACL is applied in software (because the ACL did not fit into hardware, and packets were sent to the CPU for examination), the match probably uses the new DSCP value as determined by the QoS hardware, regardless of whether the ACL is applied at the input or at the output. When packets are logged by the ACL, this problem can also affect whether or not a match is logged by the CPU even if the ACL fits into hardware and the permit or deny filtering was completed in hardware.

To avoid these issues, whenever the switch rewrites the DSCP of any packet to a value different from the original DSCP, security ACLs should not test against DSCP values in any of their access control elements (ACEs), regardless of whether the ACL is being applied to an IP access group or to a VLAN map. This restriction does not apply to ACLs used in QoS class maps.

If the switch is not configured to rewrite the DSCP value of any packet, it is safe to match against DSCP in ACLs used for IP access groups or for VLAN maps because the DSCP does not change as the packet is processed by the switch.

The DSCP field of an IP packet encompasses the two fields that were originally designated precedence and type of service (TOS). Statements relating to DSCP apply equally to either IP precedence or IP TOS. (CSCdt94355)

On earlier versions of Catalyst 3550-24 switches, if a 10/100BASE-TX port on the switch is connected to a Catalyst 2820 or Catalyst 1900 switch through an ISL trunk at 100 Mbps, bidirectional communication cannot be established. The Catalyst 2820 or Catalyst 1900 switch identifies the Catalyst 3550-24 switch as a CDP neighbor, but the Catalyst 3550-24 switch does not recognize the Catalyst 2820 or Catalyst 1900 switch. On these switches, you should not use ISL trunks between the Catalyst 3550-24 and a Catalyst 2820 or Catalyst 1900 switch. Configure the link as an access link instead of a trunk link.

This problem has been fixed in hardware on Catalyst 3550-24 switches with motherboard assembly number 73-5700-08 or later. To determine the board level on your switch, enter the show version privileged EXEC. Motherboard information appears toward the end of the output display. (CSCdv68158)

When IGMP filtering is enabled and you use the ip igmp profile global configuration command to create an IGMP filter, reserved multicast addresses cannot be filtered. Because IGMP filtering uses only Layer 3 addresses to filter IGMP reports and due to mapping between Layer 3 multicast addresses and Ethernet multicast addresses, reserved groups (224.0.0.x) are always allowed through the switch. In addition, aliased groups can leak through the switch. For example, if a user is allowed to receive reports from group 225.1.2.3, but not from group 230.1.2.3, aliasing will cause the user to receive reports from 230.1.2.3. Aliasing of reserved addresses means that all groups of the form y.0.0.x are allowed through. (CSCdv73626)
If a switch stack contains both Catalyst 3550 switches and Catalyst 2900 XL or Catalyst 3500 XL switches, Cross-Stack UplinkFast (CSUF) is not enabled if the management VLAN on the Catalyst 2900 XL or 3500 XL switches is changed to a VLAN other than VLAN 1 (the default).

The workaround is to make sure that the management VLAN of all Catalyst 2900 XL or 3500 XL switches in the stack is set to VLAN 1. (CSCdv79737)

If you use the ip igmp max-groups interface configuration command to set the maximum number of IGMP groups for an interface to 0, the port still receives group reports from reserved multicast groups (224.0.0.x) and their Layer 2 aliases (y.0.0.x). (CSCdv79832)
The switch might reload when it is executing the no snmp-server host global configuration command. This is a rare condition that can happen if SNMP traps or informs are enabled and the SNMP agent attempts to send a trap to the host just as it is being removed from the configuration and if the IP address of the host (or the gateway to reach the host) has not been resolved by Address Resolution Protocol (ARP).

The workaround is to ensure that the target host or the next-hop gateway to that host is in the ARP cache (for example, by using a ping command) before removing it from the SNMP configuration. Alternatively, disable all SNMP traps and informs before removing any hosts from the SNMP configuration. (CSCdw44266)

When you access CISCO-STACK-MIB portTable, the mapping might be off by one from the mapping given by the switch. The objects in this table are indexed by two numbers: portModuleIndex and portIndex. The allowable values for portModuleIndex are 1 through 16. Because 0 is not an allowable value, the value 1 represents module 0.

The workaround is to use the value 1 to represent module 0. (CSCdw71848)

Multicast traffic can be temporarily lost when a link comes up in a redundant network and causes the reverse path forwarding (RPF) to change. This only occurs when there are multiple paths between the rendezvous point (RP) and the multicast source.

There is no workaround. (CSCdw27519)

If a port on the Catalyst 3550 switch that is running the Multiple Spanning Tree Protocol (MSTP) is connected to another switch that belongs to a different multiple spanning tree (MST) region, the Catalyst 3550 port is not recognized as a boundary port when you start the protocol migration process by using the clear spanning-tree detected-protocols interface interface-id privileged EXEC command. This problem occurs only on the root bridge, and when the root bridge is cleared, the boundary ports are not shown because the designated ports do not receive any bridge protocol data units (BPDUs) unless a topology change occurs. This is the intended behavior.

The workaround is to configure the Catalyst 3550 switch for PVST by using the spanning-tree mode pvst global configuration command bridge, and then change it to MSTP by using the spanning-tree mode mst global configuration command. (CSCdx10808)

When a large number of VLANs and a large number of trunk ports with allowed VLAN lists are configured on the switch, if you enter the no switchport trunk allowed vlan interface-range command to remove the allowed list for all the trunk ports, the SYS-3-CPUHOG system message might appear.

The workaround is to use the no switchport trunk allowed vlan interface configuration command on each trunk port to remove the allowed list for all the trunk ports. (CSCdx17189)

When 1000 VLANs and more than 40 trunk ports are configured, and the spanning-tree mode changes from MSTP to PVST or vice versa, this message appears on the console:

 %ETHCNTR-3-RA_ALLOC_ERROR: RAM Access write pool I/O memory allocation failure

There is no workaround. However, we recommend that you reload the switch by using the reload privileged EXEC command. To avoid this problem, configure the system with fewer VLANs and fewer trunk ports, or use the switchport trunk allowed vlan interface configuration command to reduce the number of active VLANs on each trunk port. (CSCdx20106)

Ternary content addressable memory (TCAM) generation might fail when there are multiple ACLs in a policy-map. If you add an entry that checks Transmission Control Protocol (TCP) flags to an access list that is used for QoS classification, the system might report that a hardware limitation has been reached for the policy map. This can occur when the policy map already contains several other access list entries that check different TCP flags, or that check TCP or User Datagram Protocol (UDP) port numbers using an operation different from equal (eq), such as not equal (ne), less than (lt), greater than (gt), or range. When the hardware limitation is reached, the service-policy input policy-map-name interface configuration command is removed from the running configuration of the interface.

Checking for TCP flags and TCP/UDP port numbers using operators other than eq share some of the same hardware resources. The switch supports no more than six checks within a single policy map. An identical check repeated in multiple entries in the same policy map counts as a single instance. If this limit is reached during a TCP or UDP port number check, the software can often work around the problem by allocating extra entries in the TCAM. There is no workaround if the limit is reached during a check against the TCP flags in the packet. Similar checks in a port ACL applied to the same physical interface as the policy map also count toward the limit.

Because these resources are allocated on a first-come, first-serve basis, rearranging the order of ACLs within a policy map or the order of entries within a single ACL, placing the TCP flags checks as early as possible, might enable the policy map to be loaded into the hardware.

Similar limits apply for any combination of input VLAN maps, input router ACLs, output VLAN maps, and output router ACLs that share the same VLAN label. The switch supports eight checks for all features on the same VLAN label. When the limit is reached, the system might forward packets by using the CPU rather than through hardware, greatly reducing system performance. To determine the VLAN label assigned to a VLAN or interface on input or output, use the show fm vlan or show fm interface privileged EXEC commands. Then use the show fm vlan-label privileged EXEC command to determine which set of features (input VLAN map, input router ACL, output VLAN map, or output router ACL) share this label.

These are the workarounds:

Re-arrange the order of classes within the policy map and the order of entries within the individual access lists in the policy map or within any IP port ACL applied to the interface so that checks for TCP flags are made as early as possible within the policy map. You can also re-arrange the order of the individual ACLs within a VLAN map and the order of the individual entries in a security ACL.
Add an extra entry to the front of an ACL that checks for the same TCP flags that are checked later on in the ACL. If the first entry of the ACL already matches only the TCP protocol, you can duplicate the entry and add a check for the appropriate TCP flags.
Reduce the number of different combinations of TCP flags being tested.

If the other workarounds fail, avoid combining any check against the TCP flags with gt, lt, ne, or range checks within the policy map and port ACL configured on the interface or within the VLAN maps and router ACLs that share the same VLAN label. (CSCdx24363)

If you apply an ACL to an interface that has a QoS policy map attached and the ACL is configured so that the packet should be forwarded by the CPU or if the configured ACL cannot fit into the ternary content addressable memory (TCAM), all packets received from this interface are forwarded to the CPU. Because traffic forwarded to the CPU cannot be policed by the policer configured on the interface, this traffic is not accurately rate-limited to the configured police rate.

The workaround, when QoS rate limiting is configured on an interface, is to configure applied ACLs so that packets are not forwarded by the CPU or reduce the number of ACEs in the ACL so that it can fit into the TCAM. (CSCdx30485)

When you reboot a Catalyst 3550-24-FX switch, it might loop back packets received on a 1000BASE-FX port to its link partner. This can occur before the IOS software takes control of the system and lasts for about 200 milliseconds.

As a result, the link partner might shut down the port when it detects loopback packets, or MAC addresses might be learned on the wrong ports on upstream switches. The network might be unable to deliver packets to a few devices for up to 5 minutes after rebooting the Catalyst 3550-24-FX switch when:

The Catalyst 3550-24-FX switch is connected to one or more switches in the network.
Spanning tree is disabled in the network or the Port Fast feature is enabled on the ports connected to the Catalyst 3550-24-FX switch.
The Catalyst 3550-24-FX switch is powered cycled or reloaded from CLI.
One or more devices in the network transmit a broadcast or multicast packet during the 200-millisecond timing window while the Catalyst 3550-24-FX switch is booting.

This problem corrects itself after five minutes or when these devices transmit a broadcast or multicast packet, whichever comes first.

The workaround is to enable spanning tree in the network and to make sure that the Port Fast feature is disabled on all ports connected to the Catalyst 3550-24-FX switch. (CSCdx45558)

Catalyst 3550 switches do not take into account the Preamble and Inter Frame Gap (IFG) when rate limiting traffic, which could result in a slightly inaccurate policing rate on a long burst of small-sized frames, where the ratio of the Preamble and IFG to frame size is more significant. This should not be an issue in an environment where the frames are a mix of different sizes.
If the switch fails for any reason while you are exiting VLAN configuration mode (accessed by entering the vlan database privileged EXEC command), there is a slight chance that the VLAN database might get corrupted. After resetting from the switch, you might see these messages on the console:

 %SW_VLAN-4-VTP_INVALID_DATABASE_DATA: VLAN manager received bad data of type device type: value 0 from vtp database

 $SW_VLAN-3-VTP_PROTOCOL_ERROR: VTP protocol code internal error

The workaround is to use the delete flash:vlan.dat privileged EXEC command to delete the corrupted VLAN database. Then reload the switch by using the reload privileged EXC command. (CSCdx19540)

When a Cisco RPS 300 Redundant Power System provides power to a switch, after the switch power supply is restored the RPS 300 continues to provide power until the RPS mode button is pressed. At this point, some switches restart, depending on how quickly the switch internal power supply resumes operation. (CSCdx81023)
Inserting GigaStack Gigabit Interface Converter (GBIC) modules in the switch cause an increase in the CPU usage. (CSCdx90515)
If you apply a large ACL and it fills the entire ternary content addressable memory (TCAM), the multicast VLAN registration (MVR) IP multicast data packets are sent to the switch CPU and are not forwarded to the MVR receiver ports.

There is no workaround. (CSCdx80751)

When you insert a GigaStack GBIC in a GBIC module slot, the CPU utilization increases by six percent. This increase occurs for each GigaStack GBIC added to the switch. Other types of GBICs do not cause additional CPU utilization.

There is no workaround. (CSCdx90515)

Hot Standby Routing Protocol (HSRP) does not support configuration of overlapping addresses in different VPN routing and forwarding (VRF) tables. (CSCdy14520)
An RSPAN source session does not forward monitored traffic to the RSPAN destination session if there is an egress SPAN source port in the session with port security or 802.1X enabled. (CSCdy21035)
Not all traffic is properly mirrored by RSPAN when a port is monitored for egress traffic and the RSPAN VLAN is carried through a Layer 2 Protocol Tunnel to the RSPAN destination switch.

This happens because the MAC addresses for the original packets as well as the mirrored RSPAN packets are all learned on the tunnel VLAN, so the RSPAN traffic is no longer properly segregated on the tunneling switches.

The workaround is to not include any RSPAN VLANs in any Layer 2 Protocol tunnels unless the tunnel is dedicated to a single RSPAN VLAN. (CSCdy37188)

Ingress forwarding on a SPAN destination port does not work if there is an egress SPAN source port in the session with port security or 802.1X enabled. (CSCdy44646)
When the switch receives multicast traffic and IGMP join for requests a multicast group at the same time and it begins to forward the multicast packets, some of the packets might be dropped. (CSCdy80326)
If a Catalyst 3550 switch is connected to two routers (Router 1 and Router 2) in this topology:
- The link between Router 1 and the switch is a BVI (bridge virtual interface) that belongs to two VLANs (VLAN 100 and VLAN 110) and uses one IP address. The IP subnet for the BVI is the same for both VLANs. The ports in both VLANs operate as Layer 2 interfaces. An SVI with an IP address is configured only on VLAN 100.
- The link between Router 2 and the switch is an IP interface that only belongs to VLAN 110.

IP connectivity then exists between Router 1 and the switch. There is no IP connectivity between Router 2 and the switch.

The workaround is to configure another SVI with an IP address on the Catalyst 3550 switch that would be reachable from Router 2. (CSCdy82042)

The 5 minute input rate and 5 minutes output rate fields in the output of the show interfaces privileged EXEC command show both rates as 0 bits/sec. If you enter the show interfaces command more than once, these fields might show values greater than 0 bits/sec.

There is no workaround. (CSCdz06305)

When you perform a ping from a VLAN to another VLAN on the same switch, the VLAN counter does not change. (CSCdz17863)
The Catalyst 3550 switch does not adjust the power allocation based on IEEE class of the power device (PD) When an IEEE PD-compliant device is connected to a switch, it allocates 15 W (the default) to the port. (CSCdz37516)
When an 802.1X-authenticated client is disconnected from an IP phone, hub, or switch and does not send an EAPOL-Logoff message, the switch interface does not transition to the unauthorized state. If this happens, it can take up to 60 minutes for the interface to transition to the unauthorized state when the re-authentication time is the default value (3600 seconds).

The workaround is to change the number of seconds between re-authentication attempts by using the dot1x timeout re-authperiod seconds global configuration command. (CSCdz38483)

When the link between two switches is a Ethernet cable to an E3 converter, if Multiple Spanning Tree (MST) is enabled on an 802.1Q trunk, traffic is not forwarded or sent for 60 seconds after the shutdown and no shutdown interface configuration commands are entered. (CSCdz45037)
If a switch configuration contains a large ACL and a per-port per-VLAN policy map that both are attached to two interfaces, when you are copying it to the running configuration, this process might fail because the switch runs out of memory. (CSCdz54115)

These are the workarounds:

- Copy the new configuration file to the config.txt file, and reboot the switch.
- Save the configuration file as two files: one containing only the ACL configuration and one containing the rest of the configuration (including the QoS and interface configuration). Add the first configuration file to the running-configuration file, and then add the second file to the running-configuration file.
After the no interface tunnel0 global configuration command is entered to remove the tunnel interface, the output from the show running-config privileged EXEC command still shows the tunnel interface that was removed. (CSCdz66450)

This can occur if HSRP interface tracking is configured on another interface to track a tunnel interface, if the no interface command was entered before the HSRP tracking configuration was removed, or if the no standby tunnel0 global configuration command was entered on the other interface to disable tracking.

These are the workarounds:

- Before removing the tunnel interface from the configuration, remove the HSRP interface tracking commands in the configuration that specify the tunnel interface.
- Use the no standby track global configuration command without specifying an interface to disable HSRP tracking.
The Catalyst 3550 switch only supports the read operation in the sysClearPortTime MIB object (.1.3.6.1.4.1.9.5.1.1.13) in the CISCO-STACK-MIB. Use the clear counters privileged EXEC command to clear the counters.

There is no workaround. (CSCdz87897)

When you are performing an extended ping from one interface to another interface on the same switch, this can cause high CPU utilization. This can occur when a large number of ping packets are sent and received and is the expected behavior.

The workaround is to not perform a ping from one interface to another on the same switch. (CSCea19301)

Storm control or traffic suppression (configured by using the storm-control {broadcast | multicast | unicast} level level [.level] interface configuration command) is supported only on physical interfaces; it is not supported on EtherChannel port channels even though you can enter these commands through the CLI.
The Cisco RPS 300 Redundant Power System supports the Catalyst 3550 multilayer switch and provides redundancy for up to six connected devices until one of these devices requires backup power. If a connected device has a power failure, the RPS immediately begins supplying power to that device and sends status information to other connected devices that it is no longer available as a backup power source. As described in the device documentation, when the RPS LED is amber, the RPS is connected but down. However, this might merely mean that the RPS is in standby mode. Press the Standby/Active button on the RPS to put it into active mode. You can view RPS status through the CLI by using the show rps privileged EXEC command. For more information, refer to the RPS 300 Hardware Installation Guide.

Note The Cisco RPS 300 does not support the Catalyst 3550-24PWR switch.

You can connect the switch to a PC by using the switch console port and the supplied rollover cable and the DB-9 adapter. You need to provide a RJ-45-to-DB-25 female DTE adapter if you want to connect the switch console port to a terminal. You can order a kit (part number ACS-DSBUASYN=) with this RJ-45-to-DB-25 female DTE adapter from Cisco.

Cluster Limitations and Restrictions

These limitations apply to cluster configuration:

When there is a transition from the cluster active command switch to the standby command switch, Catalyst 1900, Catalyst 2820, and Catalyst 2900 4-MB switches that are cluster members might lose their cluster configuration. You must manually add these switches back to the cluster.
(CSCds32517, CSCds44529, CSCds55711, CSCds55787, CSCdt70872)
When a Catalyst 2900 XL or Catalyst 3500 XL cluster command switch is connected to a Catalyst 3550 switch, the command switch does not find any cluster candidates beyond the Catalyst 3550 switch if it is not a member of the cluster. You must add the Catalyst 3550 switch to the cluster. You can then see any cluster candidates connected to it. (CSCdt09918)
If both the active command-switch and the standby command switch fail at the same time, the cluster is not automatically recreated. Even if there is a third passive command switch, it might not recreate all cluster members because it might not have all the latest cluster configuration information. You must manually recreate the cluster if both the active and standby command switches simultaneously fail. (CSCdt43501)

CMS Limitations and Restrictions

These limitations apply to CMS configuration:

Host names and Domain Name System (DNS) server names that contain commas on a cluster command switch, member switch, or candidate switch can cause CMS to behave unexpectedly. You can avoid this instability in the interface by not using commas in host names or DNS names. Do not enter commas when also entering multiple DNS names in the IP Configuration tab of the IP Management window in CMS.
ACEs that contain the host keyword precede all other access control entries (ACEs) in standard ACLs. You can reposition the ACEs in a standard ACL with one restriction: No ACE with the any keyword or a wildcard mask can precede an ACE with the host keyword.
CMS performance degrades if the Topology View is open for several hours on a Solaris machine. The cause might be a memory leak.

The workaround is to close the browser, reopen it, and launch CMS again. (CSCds29230)

If you are printing a Topology View or Front Panel View that contains many devices and are running Solaris 2.6 with JDK1.2.2, you might get an Out of Memory error message.

The workaround is to close the browser, re-open it, and launch CMS again. Before you perform any other task, bring up the view that you want to print, and click Print in the CMS menu.(CSCds80920)

If a PC running CMS has low memory and CMS is running continuously for two to three days, the PC runs out of memory.

The workaround is to relaunch CMS. (CSCdv88724)

When a VLAN or a range of VLANs is already configured and you specify VLAN filter for a SPAN session, the current configuration for that session is overwritten with the new entry. Although the CLI appends new entries after the existing ones, CMS recreates the whole session, overwrites the current entry, and provides only a single VLAN filter per entry.

The workaround is to use the CLI. It is the only method for specifying multiple VLANs for filtering in a SPAN session. (CSCdw93904)

When first determining network information, CMS temporarily halts under these conditions in Windows 98:
- Netscape version 4.75 is running with Java Runtime Environment (JRE) 1.3.1 or 1.4.0
- Netscape version 6.2 is running with JRE 1.3.1.

The workaround is to click once outside of the CMS window when CMS halts. (CSCdz72175)

On Windows 98, if you launch CMS by using the Netscape 4.7 browser, CMS might stop running after you click the Apply button.

The workaround is to use Netscape 6.0 or later or use Internet Explorer to launch CMS on Windows 98. (CSCea27408)

Important Notes

These are the important notes related to this IOS release:

"IOS Notes" section
"Cluster Notes" section
"CMS Notes" section
"Read-Only Mode in CMS" section

IOS Notes

These notes apply to IOS configuration:

If you configure a port ACL on a physical interface on a switch that has VLAN maps or input router ACLs configured, or if you configure a VLAN map or input router ACL on a switch that has port ACLs configured, a CONFLICT message is generated but the configuration is accepted. The port ACL action has priority on that port over actions in a router ACL or VLAN map applied to the VLAN to which the port belongs.

The result is that packets received on that physical port will be permitted or denied based on the port ACL action without regard to any permit or deny statements in any router ACL or VLAN map, while packets received on other physical ports in the VLAN will still be permitted or denied based on any router ACLs or VLAN maps applied to the VLAN. If the port ACL is applied to a trunk port, it overrides any other input ACLs applied to all VLANs on the trunk port.

The default system MTU for traffic on the Catalyst 3550 switch is 1500 bytes. The 802.1Q tunneling feature increases the frame size by 4 bytes. Therefore, when you configure 802.1Q tunneling, you must configure all switches in the 802.1Q network to be able to process maximum frames by increasing the switch system MTU size to at least 1504 bytes. You configure the system MTU size by using the system mtu global configuration command.
Beginning with Release 12.1(8)EA1, to configure traffic suppression (previously configured by using the switchport broadcast, switchport multicast, and switchport unicast interface configuration commands), you use the storm-control {broadcast | multicast | unicast} level level [.level] interface configuration commands. For more information about these commands, refer to the Catalyst 3550 Multilayer Switch Command Reference.
When you are configuring a cascaded stack of Catalyst 3550 switches by using the GigaStack GBIC module and want to include more than one VLAN in the stack, be sure to configure all the GigaStack GBIC interfaces as trunk ports by using the switchport mode trunk interface configuration command and to use the same encapsulation method by using the switchport encapsulation {isl | dot1q} interface configuration command. For more information about these commands, refer to the Catalyst 3550 Multilayer Switch Command Reference.
If the 1000BASE-T GBIC (WS-G5482) module is not securely inserted, the switch might fail to recognize it or might display an incorrect media type following a show interface privileged EXEC command entry. If this happens, remove and reinsert the GBIC module.
Beginning with Release 12.1(11)EA1, the mac address-table aging-time command replaces the mac-address-table aging-time command (with the hyphen). The mac-address-table aging-time command (with the hyphen) will become obsolete in a future release.
Beginning with Release 12.1(11)EA1, the vtp privileged EXEC command keywords are available in the vtp global configuration command. The vtp privileged EXEC command will become obsolete in a future release.
Beginning with Release 12.1(12c)EA1, the ip igmp query-interval seconds interface configuration command range is 1 to 18000 seconds. If your existing configuration includes a value larger than 18000, the command has no effect, and the switch returns a warning message the first time you restart the switch with the upgraded software. Enter a new value by using the ip igmp query-interval seconds interface configuration command, and then save your configuration.
Beginning with Release 12.1(12c)EA1, you can set the class of service (CoS) value of incoming traffic in a policy map that includes the trust dscp policy-map class configuration command. To do this, follow the steps described in the "Classifying, Policing, and Marking Traffic by Using Policy Maps" section in the "Configuring QoS" chapter of the software configuration guide for this release. (CSCdy45670)
802.1X security with EAP-TLS authentication is now supported. (CSCdy64148)
When the link between a device with an AC power supply and a Catalyst 3550-24PWR switch is 10 Mbps and half duplex, if the AC power supply is turned off, the switch is in the error-disable state.

The workaround is remove the AC power supply, disconnect the Ethernet cable, and then reconnect the Ethernet cable. This ensures that the switch uses inline power. (CSCdz16265)

If VLAN 1 or VLANs 1002 to 1005 are removed from a trunk port, the switch no longer receives CDP or VTP frames. VLAN 1 minimization is not supported on the Catalyst 3550 switch. You cannot remove VLAN 1 or VLANs 1002 to 1005 from the allowed VLAN list. (CSCdz22629)
In releases prior to 12.1(12c)EA1, the HTTP server used an AAA (authentication, authorization, and accounting) server for authentication by default, even when not explicitly configured with ip http authentication aaa, if aaa new-model was present in the configuration. Beginning with Release 12.1(12c)EA1, you must explicitly configure ip http authentication aaa to have the HTTP server use an AAA server for authentication. (CSCdz28658, CSCdv00656)
When you configure a dynamic switchport by using the switchport access vlan dynamic interface configuration command, the port might allow unauthorized users to access network resources if the interface changes from access mode to trunk mode through Dynamic Trunking Protocol (DTP) negotiation.

The workaround is to configure the port as a static access port. (CSCdz32330)

If a spanning-tree loop occurs, this message might appear:

 MALLOCFAIL, alignment 0. -Process=Syslog Traps -Traceback= 1A3740

This message appears because the switch has run out of I/O memory and is unable to allocate a packet buffer to report the error. You can also verify if the switch runs out of I/O memory by using the show memory privileged EXEC command.

The workaround is to reconfigure the spanning tree to remove the loop. (CSCdz51522)

Beginning in Release 12.1(13)EA1, these are the default settings for a IP Phone connected to a switch (CSCdz76948):
- The port trust state is to not trust the priority of frames arriving on the IP Phone port from connected devices.
- The CoS value of incoming traffic is overwritten and set to zero.
Catalyst 3550-24-FX switches now support both full- and half-duplex mode, and the default duplex mode is now half duplex. Autonegotiation of the duplex mode is not supported.

On a Catalyst 3550-24-FX switch, when you upgrade to Release 12.1(13)EA1 or later, all ports are reset to half-duplex mode. This will cause a duplex setting mismatch if the switch is connected to another device operating in full-duplex mode. After upgrading to Release 12.1(13)EA1 or later, you should configure the Catalyst 3550-24-FX switch to operate in full-duplex mode, if necessary. (CSCdz78059)

Cluster Notes

This note applies to cluster configuration:

The cluster setup privileged EXEC command and the standby mac-address interface configuration command have been removed from the CLI and the documentation because they did not function correctly.

CMS Notes

These notes apply to CMS configuration:

If you use CMS on Windows 2000, it might not apply configuration changes if the enable password is changed from the CLI during your CMS session. You have to restart CMS and enter the new password when prompted. Platforms other than Windows 2000 prompt you for the new enable password when it is changed.
CMS does not display QoS classes that are created through the CLI if these classes have multiple match statements. When using CMS, you cannot create classes that match more than one match statement. CMS does not display policies that have such classes.
If you use Internet Explorer Version 5.5 and select a URL with a nonstandard port at the end of the address (for example, www.add.com:84), you must enter http:// as the URL prefix. Otherwise, you cannot launch CMS.
Within an ACL, you can change the sequence of ACEs that have the host keyword. However, because such ACEs are independent of each other, the change has no effect on the way the ACL filters traffic.
If you have a proxy server configured on your web browser, CMS can run slowly and take 2 to 3 minutes to process each command that is entered.

Read-Only Mode in CMS

CMS provides two levels of access to the configuration options. If your privilege level is 15, you have read-write access to CMS. If your privilege level is from 1 to 14, you have read-only access to CMS. In the read-only mode, some data is not displayed, and an error message appears when these switches are running these software releases:

Catalyst 2900 XL or Catalyst 3500 XL member switches running Release 12.0(5)WC2 or earlier
Catalyst 2950 member switches running Release 12.0(5)WC2 or earlier
Catalyst 3550 member switches running Release 12.1(6)EA1 or earlier

In the Front Panel view or Topology view, CMS does not display error messages. In the Front Panel view, if the switch is running one of the software releases listed previously, the device LEDs do not appear. In Topology view, if the member is a Long-Reach Ethernet (LRE) switch, the customer premises equipment (CPEs) connected to the switch do not appear. The Bandwidth and Link graphs also do not appear in these views.

To view switch information, you need to upgrade the member switch software. For information about upgrading switch software, see the "Downloading Software" section.

Open Caveats

These are the open caveats with possible unexpected activity in this IOS release:

"Open IOS Caveats" section
"Open CMS Caveats" section

Open IOS Caveats

These are the severity 3 IOS configuration caveats:

CSCdw76340

When a Catalyst 6000 SSH client connects to a Catalyst 3550 SSH server, the Catalyst 6000 switch halts at the enable-password prompt from which to enter privileged EXEC mode. This problem occurs when the Catalyst 6000 switch is running the c6sup1_rp-JK2SV-M crypto-image as a client and the Catalyst 3550 switch is running the crypto-image as the SSH server.

There is no workaround.

CSCdx68750

On an interface with excessive traffic, if one of the queue sizes is set to 0 or if the queue sizes are set to high values such as 1, 100, 100, and 100 by using the wrr-queue queue-limit 1 100 100 100 interface configuration command, the switch might reset.

The workaround is to change the queue size from 0 to a nonzero value or to follow these steps:

a. Enter the shutdown interface configuration command to shut down the interface.

b. Enter the wrr-queue queue-limit weight1 weight2 weight3 weight4 interface configuration command.

CSCdx74914

On a Catalyst 3550-24 switch, the switch drops frames received on the 10/100 ports with a destination MAC address of 5xxx.xxxx.xxxx because of frame-check-sequence (FCS) errors.

There is no workaround.

CSCdx81650

If you create a policy map by using the policy-map policy-map-name global configuration command, enter the class class-map-name policy-map configuration command and then you immediately exit from the policy-map class configuration mode, the policy map does not show its class-map association.

The workaround is to configure another command (such as the police, trust, or set policy-map class configuration command) after entering the class class-map-name policy-map configuration command.

CSCdx86800

When the switch runs out Layer 4 operation (L4op) resources, the ACL that you are configuring or modified is not applied.

There is no workaround.

CSCdy06998

If you try to attach a large per-port per-VLAN quality-of-service (QoS) policy map with many classes to an interface, a switch might generate this syslog message:

 %SYS-3-CPUHOG: Task ran for xxxx msec (4/4), process = Exec, PC = yyyy. -Traceback=...

This can occur when the policy map has more than 128 classes and the VLANs in the classes overlap.

The workaround is to modify the policy map so that the policy map has fewer classes or that fewer classes have overlapping VLANs.

CSCdy12414

When a community string is assigned by the cluster command switch, you cannot get any dot1dBridge MIB objects using a community string with a VLAN entity from a cluster member switch.

The workaround is to manually add the cluster community string with the VLAN entity on the member switches for all active VLANs shown in the show spanning-tree summary display. This is an example of such a change, where cluster member 3 has spanning-tree on vlan 1-3 and the cluster commander community string is public@es3.

 Mbr3(config)#snmp community public@es3@1 RO

 Mbr3(config)#snmp community public@es3@2 RO

 Mbr3(config)#snmp community public@es3@3 RO

CSCdy40027

If a Gigabit Ethernet interface on a switch is connected to a Gigabit Ethernet interface on a unspecified-bit-rate (UBR) cable router, the switch interface is down after the switch reloads.

The workaround is to shut down and re-enable the switch interface by entering the shutdown and no shutdown interface configuration commands on the switch or router interface.

CSCdy45583

If you enable 802.1X on a secure port that is not in multiple-host mode, this error message appears:

 Command rejected: Not eligible for secure port.

The workaround is to configure multiple-host mode on the port by using the dot1x multiple-hosts interface configuration command.

CSCdy46825

The switch LEDs on a Catalyst 3550-24PWR switch do not function correctly during the power-on self-test (POST).

The workaround is to view the POST results from the console.

CSCdy51653

If UniDirectional Link Detection (UDLD) is enabled on a fiber-optic Gigabit Interface Converter (GBIC) port that is a trunk port carrying more than 250 VLANs, UDLD might place the port in the error-disable state after the port is shut down or disconnected.

These are the workarounds:

- Use the errdisable recovery cause udld global configuration command to enable the time to recover from the UDLD error-disable state.
- Reduce the number of VLANs on the trunk port.
- Disable UDLD on the ports in the error-disable state.
- Enter the shutdown and no shutdown interface configuration commands on the interface.
CSCdy61530

The IEEE8023-LAG-MIB is not supported by Release 12.1(12c)EA1.

There is no workaround.

CSCdz06914

When you enter an snmp-server host global configuration command with a nonexistent community-string value, the Community Strings tag shows a nonexistent community string. This creates a community with only notification-view access.

Note When you remove the command, the configuration needs to be checked for any other instances of snmp-server host for a given community. If there are none, the community (view) should be deleted.

The workaround is to:

a. Remove the command.

b. Configure the community as read-write.

c. Remove the community as read-write.

d. Configure the community as read-only.

e. Remove the community as read-only.

CSCdz13122

The process assigned to PID52 might be terminated by the HTTP server process.

The workaround is to disable the HTTP server process by entering the no ip http server global configuration command.

CSCdz25283

When you are stacking Catalyst 3550 switches by using GigaStack GBICs, the links between the switches might not be up.

There is no workaround.

CSCdz26994

A switch configured for Distance Vector Multicast Routing Protocol (DVMRP) interoperbility might not respond to a DVMRP prune on a multi-access interface.

There is no workaround.

CSCdz28469

When Cross-Stack UplinkFast (CSUF) is configured on a stack of switches, if a link between two uplink ports is down and if at least two switches have uplink ports that are connected to the secondary root switch, the switch might detect a loop and place the interface in an error-disable state.

The workaround is to enter the shutdown and no shutdown interface configuration commands on the GigaStack uplink ports to the secondary root.

CSCdz32191

If a loopback plug or open type I/II converter cable is connected to a port, the port shuts down, and this message appears:

 %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected

These are the workarounds:

- Remove the loopback cable, and enter the shutdown and no shutdown interface configuration commands on the interface.
- Enable UDLD on the interface, and configure it to recover from the UDLD error-disable state.
CSCdz54043

When a switch receives a bridge Spanning Tree Protocol (STP) bridge protocol data unit (BPDU) from an access port and the egress port is a trunk port, the switch assigns the BPDU a class of service (CoS) value of 0 instead of 7.

There is no workaround.

CSCdz55084

On switches running Release 12.1(11)EA1 or Release 12.1(12c)EA1, if you delete a BGP neighbor and display the output from the show ip bgp neighbor privileged EXEC command at the same time, the switch fails.

The workaround is to not modify the list of BGP neighbors when you are displaying the output from the show ip bgp neighbor command.

CSCdz55538

When you configure the port priority for frames received on the access port of an IP Phone by using the switchport priority extend interface configuration command, the port priority is incorrectly set.

There is no workaround.

CSCdz61363

When a host leaves a multicast group by sending an Internet Group Management Protocol (IGMP) leave message or it does not send an IGMP report in response to a General Query within the maximum IGMP response-time window (the default is 10 seconds), the switch removes the port. If this is the last receiver port in the group, the switch sends a leave message to the router to prune the multicast router.

There is no workaround.

CSCdz62434

On an interface, if you are configuring 802.1Q or Layer 2 protocol tunneling and BPDU filtering is disabled, BPDU filtering is enabled when the interface is reset.

There is no workaround.

CSCdz63020

On a Gigabit Ethernet port that was manually configured to operate at 100 Mbps and full duplex, if flow control is set to desired mode, the port might send pause frames. Output from the show interfaces privileged EXEC command shows that the output flow-control field is off and the PAUSE output counter is increasing.

The workaround is to disable flow control if you do not want to the switch to send pause frames when the attached device supports flow control.

CSCdz69315

When the switch is in Multiple Spanning Tree (MST) mode, it does not interoperate correctly with switches running in Rapid-PVST mode.

These are the workarounds:

- Configure the CST root switch to be in the Rapid-PVST region, or configure the switch to be in PVST mode.
- Upgrade your software to Release 12.1(13)EA1 or later.
CSCdz74678

If the port security is not enabled, you might be able to configure the same static secure MAC address on multiple interfaces.

These are the workarounds:

- Do not add the same static secure MAC addresses on multiple interfaces when port security is not enabled.
- Enable port security before you add static secure MAC addresses.
CSCdz75098

When a host leaves an IP multicast group, it might send an IGMP leave message to the group. The switch sends a MAC-based general query, instead of a group-specific query.

There is no workaround.

CSCdz75459

After a MAC address is relearned on a new interface, traffic might not be immediately forwarded to the MAC addresses.

There is no workaround.

CSCdz85712

The output from the show controllers privileged EXEC command does not show routed-interface information. This occurs when the no switchport interface configuration command is entered on an interface.

The workaround is to use the show controllers ethernet-controller privileged EXEC command.

CSCdz86219

A Catalyst 3550 switch does not generate warmStart and coldStart traps.

There is no workaround.

CSCea01950

After the voice VLAN feature is enabled, the output from the show interfaces interface-id switchport privileged EXEC command shows that the voice VLAN is inactive.

There is no workaround.

CSCea04746

When a Catalyst 3550 switch is connected to two Catalyst 12000 Gigabit Switch Routers (GSRs) and frames from one GSR are sent to the other GSR through the switch, if the GSRs are configured for Ethernet-over-Multiprotocol Label Switching (EoMPLS), the switch does not reliably send the frames from one GSR to the other.

There is no workaround.

CSCea05682

On a switch running Release 12.1(12c)EA1 or later, if the switch maximum-transmission-unit (MTU) value is set to a value greater than 1500 and the authentication server and the intermediate devices are not configured with a compatible MTU value, 802.1X authentication with EAP-TLS might fail.

The workaround is to reset the switch MTU value to the default value or to configure the same MTU value on the switch, the authentication server, and the intermediate devices.

CSCea09518

After you add a static MAC address on an interface, you cannot remove it.

The workaround is to configure the static MAC address on the interface and then remove it.

CSCea09786

If a cable on ingress interface is disconnected, an Alteon A184 cannot detect when a 1000BASE-X link between two Catalyst 3550 switches is down.

There is no workaround.

CSCea10173

Classification of IP traffic based on the IP precedence value might fail if the last five bits of the type of service (TOS) field are not zero.

There is no workaround.

CSCea10998

If you enter the shutdown and no shutdown interface configuration commands on a Remote Switched Port Analyzer (RSPAN) reflector port, the reflector port configuration is not correctly restored.

The workaround is to return the reflector port to the default settings and then reconfigure it.

CSCea11785

When a Catalyst 3550 switch is a DHCP client and renews its IP address from a DHCP server, the switch puts its IP address in the giaddr field of the request. Some DHCP servers might reject this address and might not renew the switch IP address. This causes the switch interface to reset. The IP address in the giaddr field should be 0.0.0.0.

There is no workaround.

CSCea11467

When a 1000BASE-LX Gigabit Interface Converter (GBIC) in a Catalyst 3550 switch is connected to a third-party media converter, the switch and the media converter do not reliably send packets to each other.

There is no workaround.

CSCea21674

The switch does not create an adjacency table entry when the ARP timeout value is 15 seconds and the ARP request times out.

The workaround is to use the default ARP timeout value.

CSCea22343

If you remove a large number of class maps by using a script or remove a policy map that contains a large number of class maps from an interface, the switch might reboot.

There is no workaround.

CSCea25658

If the output from the show tcam inacl 1 statistics privileged EXEC command shows that the ternary content addressable memory (TCAM) is not full and you are applying an access control list (ACL), this system message might appear:

 %FM-3-UNLOADING: Unloading input vlan label 1 feature from all TCAMs

There is no workaround.

CSCea27079

If a cluster command switch or a statically-configured member switch connected to the command switch restarts, the member switch is down.

The workaround is to remove the member switch from the cluster and re-add it to the cluster by using no cluster member n mac-address H.H.H vlan vlan-id and the cluster member n mac-address H.H.H vlan vlan-id global configuration commands.

CSCea27662

On a voice VLAN, if you configure the IP Phone to use priority tagging and VLAN 0 (the native VLAN) by using the switchport voice clan dot1p interface configuration command and if 802.1X is enabled on the interface, a switch running Release 12.1(12c)EA1 or later does not forward voice traffic correctly.

The workaround is to disable 802.1X on the interface, or change the ID of the voice VLAN to a VLAN ID other than the port VLAN ID (PVID).

CSCea28001

When a QoS policy map is attached to an interface and the class map used by the policy map is modified, the previous class map information is not completely removed from the interface. This causes the interface to incorrectly classify packets.

There is no workaround.

CSCea29670

For traffic sent by the switch, such as an Open Shortest Path First (OSPF) database description packet (not including the OSPF hello packet) and extended ping packets that have a type of service (TOS) value of 6, the switch overrides the CoS value and sets it to 0.

There is no workaround.

CSCea30235

When Layer 2 protocol tunneling is enabled on an interface, the switch forwards Link Aggregation Control Protocol (LACP) packets with STP packets.

The workaround is to disable LACP on interfaces on which protocol tunneling is enabled for STP.

CSCea34287

On switches running Release 12.1(12c)EA1 or later, if you change the access VLAN ID of port channel by using the switchport access vlan interface configuration command, the changes are propagated to the port-channel members but are not added to the running configuration of the members. After the switch reloads, the VLAN IDs of the port channel and its candidate member ports then do not match, and the candidate ports cannot join the port channel.

The workaround is to change the access VLAN ID on each of the port-channel members when you change the access VLAN ID of the port channel.

CSCea34543

If a Layer 2 interface is shut down, the aging time for the MAC address table might be removed from the switch configuration. If this happens, when you enter the no shutdown interface configuration command, the interface is up, and the aging time for the MAC address table is the default value.

There is no workaround.

CSCea36322

If the port duplex setting of a 10/100 port on a Catalyst 3550-24PWR switch is not set to auto, when the port is connected to some Gigabit Ethernet NICs and you change the port speed from 100 Mbps to 10 Mbps or the reverse, the link between the port and the NIC might not be up.

These are the workarounds:

- Configure the port duplex setting to auto.
- Remove and reconnect the cable in the port.
CSCea37229

When you configure VLANs by using the vlan global configuration command and more than 1005 VLANs are configured, the switch might reload, and this message appears:

 -Traceback= 349E44 34A268 3D1A90 3D1838 3D117C 3D0E78 3C8A40 3D3070 3C8FD0 3CDC60

 3CCCB4 3CCC20 3C9B60 3D31C0 13178C 132A10

 00:15:32:%ETHCNTR-3-INTERNAL_ERROR:Internal Error Vlan index allocation failed.

The workaround is to not configure more than the allowed number of VLANs (1005). Refer to the Catalyst 3550 Multilayer Switch Software Configuration Guide for more information.

Open CMS Caveats

These are the severity 3 CMS configuration caveats:

CSCdy30413

In the Community Strings tab of the SNMP Manager window, CMS shows all the community strings, including those that are created when you configure trap managers on the switch. You cannot remove the community strings that are created for trap managers.

There is no workaround.

CSCdy36769

A red border appears around the text-entering area of some CMS dialogs. The color of the border changes to green when text is entered. This is only a cosmetic error. The colored border does not prevent you from entering text.

There is no workaround.

Note This error only occurs with Java plug-in 1.4.0.

CSCdy44189

If you open a window in which you can enter text, open another window, and return to the first window, right-clicking in the text field might make the cursor in this field disappear. You can still enter text in the field.

There is no workaround.

CSCdz07515

CMS does not work when a switch is running the crypto software image and the vty lines are configured to use only SSH by using the transport input ssh line vty 0 15 interface configuration command.

The workaround is to allow SSH and Telnet access through the vty lines by using the transport input ssh telnet interface configuration command.

CSCdz29617

When one of two switches in a link is down, the link might appear green. This could happen when you are using any of the supported operating systems, browsers, or Java plug-ins.

There is no workaround.

CSCdz49136

When a Catalyst switch is used as a Layer 2 switch with IGMP snooping enabled, the switch sends IGMP leave packets with a source IP address of 0.0.0.0. Some third-party switches incorrectly reject a IGMP leave message with the source address of 0.0.0.0.

The workaround is to only use devices that accept IGMPv2 messages with a source address of 0.0.0.0.

CSCdz66815

If CMS is in read-only mode and a Catalyst 3550 switch is connected to a Catalyst 3500 XL switch, when you try to access the link report for the link between the switches, a Java Exception error occurs.

The workaround is to access the report when CMS is in read-write mode.

CSCdz70788

In the Trap Manager tab of the SNMP window, CMS does not show the VLAN Create/Delete traps option as enabled. This occurs after you create a trap manager, select the Create VLAN and Delete VLAN traps with other trap types, apply all the traps, and then select a new trap manager entry in the Current Managers list.

There is no workaround.

CSCdz84255

After you click Apply or Refresh in the SNMP window, the window size changes.

There is no workaround.

CSCea21919

In read-only mode, time ranges are not displayed unless you are logged in with read-write access (privilege level 15). See the "Read-Only Mode in CMS" section for more information about CMS modes.

There is no workaround.

CSCea24830

In the Trust Settings window of the QoS window, if you select Modify and try to change the trust settings, an error message appears, and you cannot change the trust settings.

The workaround is to change the trust values in the table in the Trust Settings window.

CSCea25929

You might not be able to create or modify an EtherChannel if the ports in the EtherChannel do not meet these requirements:

Port group members must belong to the same set of VLANs and must be all static-access or all trunk ports. The native VLAN ID, trunk VLANs, and pruning VLANs must be the same for trunk ports.
Port monitoring (also known as Switched Port Analyzer [SPAN]), port security, and 802.1X should not be enabled on the port.

The workaround is to make sure that the channel-group members belong to the same allowed range of VLANs and that members are either all static-access or all trunk ports. For all trunk ports, the native VLAN, allowed VLANs on the trunk, and the VLANs in the pruning-eligible list must be the same. Do not assign a port to an EtherChannel when SPAN, port security, or 802.1X is configured on the port. Dynamic-access ports cannot belong to a channel group.

CSCea26211

The CMS files that are downloaded from the switch to your PC, terminal, or workstation are not cached on the PC, terminal, or workstation. The files are then downloaded again when CMS is relaunched.

There is no workaround.

Resolved Caveats

These are the caveats that have been resolved in this release.

"IOS Caveats Resolved in Release 12.1(13)EA1a" section
"IOS Caveats Resolved in Release 12.1(13)EA1" section
"CMS Caveats Resolved in Release 12.1(13)EA1" section

IOS Caveats Resolved in Release 12.1(13)EA1a

These IOS caveats were resolved in Release 12.1(13)EA1a:

CSCdz90704

The switch now updates the hardware entry for the MAC address of the next-hop device.

CSCea44016

When a Catalyst 3550-24 or 3550-48 switch is running the EMI, is configured to use the access template in Switch Database Management (SDM) resource allocation, and restarts, the interfaces are no longer down and can now be brought up .

When the switch is running the SMI, is configured to use the routing or default SDM template, and restarts, it can now also support the maximum number of allowed hardware routing entries.

IOS Caveats Resolved in Release 12.1(13)EA1

These IOS caveats were resolved in Release 12.1(13)EA1:

CSCdv46715

If you configure a trunk port for Dynamic Trunking Protocol (DTP) nonegotiate mode and change the encapsulation type from ISL to 802.1Q by using the switchport trunk encapsulation interface configuration command, the port becomes an access port and is no longer trunking.

CSCdx06694

The VLAN Query Protocol (VQP) now works correctly when the switch has multiple switch virtual interfaces (SVIs) configured with IP addresses. If the VLAN Membership Policy Server (VMPS) does not have routes configured to reach all subnets on the Catalyst 3550 switch, it now assigns dynamic access ports on the switch to a VLAN.

CSCdy05512

Per-port per-VLAN policy maps no longer fail after the hardware resource limit has been reached.

CSCdy21457

On an interface, if the speed and duplex values are set to the default values (auto-negotiation), the portAdminSpeed and portDuplex MIBs now correctly define the negotiated values instead of default values.

CSCdy24332

If ports are configured for a dynamic EtherChannel or if Layer 2 protocol tunneling is enabled on an 802.1Q-tunnel EtherChannel, the switch no longer generates these traceback messages:

 1d00h: %SM-4-BADEVENT: Event 'link_down' is invalid for the current state 'link_down': pm_port 0/11

 Traceback= 31A324 30226C 2D32B0 315DEC 316378 1B2D7C

 1d00h: %SM-4-BADEVENT: Event 'link_down' is invalid for the current state 'link_down': pm_port 0/14

CSCdy40861

An assertion error message appears when you apply a VLAN map to a list of VLANs after you enter the service-policy interface configuration command for a per-port per-VLAN quality of service (QoS) policy. This error message no longer appears when the list of VLANs in the QoS policy overlaps with list in the VLAN map.

CSCdy50232

HSRP packets are now configured for the correct egress queue.

CSCdy72174

When SNMP traps are enabled and a switch runs out of I/O memory, a software-forced reload no longer occurs on a switch, and this message no longer appears:

 -Process= "Pool Manager", ipl= 0, pid= 6

 -Traceback= 19727C 198774 156364 1566A0 156C80 5E5FBC 9189C 10311C 19727C 198774 156364 1A44D0 1B7470

 %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = Pool Manager.

 -Traceback= 1B6B8C 1BA184 1B452C

CSCdy81168

When a software error occurs and the switch reloads, the switch no longer reports this as the cause of the software-forced reload:

 Program Exception (0x0700)!

It now reports the cause as this:

 Software Forced Crash Exception (0x0700)!

CSCdz03887

If two switch ports in two different VLANs are connected to each other, both switch ports continue forwarding. This is the expected behavior. However, if two additional ports in the two different VLANs are connected, a loop is no longer formed.

CSCdz04323

When a port channel becomes active between two Catalyst 3550 switches, these messages no longer appear:

 01:36:56: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up

 01:37:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up

 01:37:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

 01:37:01: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up

 01:37:01: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on Port-channel1 VLAN71.

 01:37:01: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Port-channel1 on VLAN0001. Inconsistent peer vlan.

 01:37:01: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel1 on VLAN0071. Inconsistent local vlan.

 01:37:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel1, changed state to up

 01:37:16: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel1 on VLAN0001. Port consistency restored.

 01:37:16: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel1 on VLAN0071. Port consistency restored.

These messages no longer cause traffic-forwarding delays when the port-channel link becomes active or inactive.

CSCdz05378

When you are using the do global configuration command in interface-range configuration mode to enter privileged EXEC commands, these commands are no longer applied to each interface in the range.

CSCdz08506

You can no longer modify internal VLANs reserved for the switch.

CSCdz15247

When you use the VLAN database configuration mode, pressing Ctrl-Z now returns you to privileged EXEC mode.

CSCdz15935

If an 802.1X-authenticated client is disconnected and an EAPOL-logoff message is not sent from the client to the switch, the switch now re-authenticates the client when the client re-initiates authentication. Output from the show dot1x interface interface-id privileged EXEC command no longer shows that the state of the Status Authenticator Machine is Held and the 802.1X status of the interface is Authorized.

CSCdz20419

When you are attaching multiple per-port per-VLAN policy maps to interfaces, if the VLANs in the policy maps overlap and some of the VLAN ranges on the policy maps that are attached last are large (for example, from 1 to 4094), it no longer takes more than 1 minute to attach the policy maps. CPUHOG messages no longer appear.

CSCdz23036

If the VLAN list in switchport trunk allowed vlan vlan-list interface configuration command is longer than 38 characters, the VLAN range from 1002 to 1005 is no longer automatically added to the list when the configuration is saved.

CSCdz26822

On an interface, after configuring fallback bridging and then removing the bridge group from the interface, the access port now floods unknown unicast frames to ports on the same VLAN.

CSCdz28385

A Catalyst 3550-24-FX switch no longer fails the loopback POST when its link partner is in the boot process.

CSCdz31076

When configuring 802.1X with dynamic VLAN assignment on a switch, the Tunnel-Private-Group-ID field in the RADIUS server can now be configured with a VLAN number or a VLAN name.

CSCdz32177

When you remove a port access control list (ACL) from an interface to which a per-port per-VLAN policy map is attached, if that policy map is already attached to other interfaces, the switch no longer fails.

CSCdz32213

When RSPAN is configured to use a Fast Ethernet port as the reflector port, traffic from the SPAN session is now forwarded to the RSPAN VLAN.

CSCdz32789

When some Network Interface Cards (NICs) are set to autonegotiate and the switch interface is manually configured to operate at 100 Mbps in half- or full-duplex mode, the link between the NIC and the switch interface is no longer down.

CSCdz37719

When a neighboring switch directly connected to a Fast Ethernet port of a Catalyst 3550-24-FX switch reboots, that port is no longer placed in an administratively down state, and this error message no longer appears:

 NETWORK_PORT_SATELLITE-3-PHY_LOCKUP: Repeated phy lockup seen on FastEthernet0/24. Interface will be shut down. %LINK-5-CHANGED: Interface FastEthernet0/24, changed state to administratively down

CSCdz38216

When certain configurations prevent an interface from joining an EtherChannel, the output of the show etherchannel port privileged EXEC command now shows a complete description of the problem.

CSCdz38423

When you change a dynamic-access port to a static-access port, the switch port no longer operates as a dynamic-access port.

CSCdz38540

If you use the switch broadcast address to access a Catalyst 3550 switch through a Telnet session or to perform a ping, the switch responds to the request. If you use the broadcast address of an ingress interface, the switch now responds to the request.

CSCdz39900

During a Telnet session, if the port is shut down and you use the switchport interface configuration command on the lowest-numbered routed port, IP connectivity is no longer lost.

CSCdz48060

When a VLAN interface is in Hot Standby Routing Protocol (HSRP) active mode, the switch no longer partially populates the dot1dTpFdbTable object.

CSCdz44286

If the switch configuration contains per-port per-VLAN policy maps attached to specific interfaces, per-port ACLs also attached to these interfaces, and the switch has active VLAN filters, the switch no longer reloads more than once when you are upgrading software. Assertion error messages also no longer appear.

CSCdz44520

When a Catalyst 3550-24PWR switch is connected to a 10/100/1000 port on another switch that has the speed and duplex modes set to auto, the link between the switches is now up.

CSCdz47917

If a Catalyst 3550 switch and its link partner are both up, the switch now sends packets to the link partner.

CSCdz51326

When voice traffic is sent, if voice VLAN and sticky secure addresses are configured on an interface and the switch reloads, the interface no longer shuts down. If voice VLAN and static secure addresses are configured and the switch reloads, the interface no longer shuts down.

CSCdz64844

On a Catalyst 3550-24-FX switch, When a port is a switch port, the speed and duplex interface configuration commands are not available. When this port is configured as a routed port, these commands are available. If you reconfigure this routed port as a switch port, these commands are no longer available.

CSCdz68600

If multiple RADIUS servers are configured on the switch and the first server is unavailable, the switch no longer sends invalid requests to the remaining servers.

CSCea08584

The switch no longer fails during 802.1X authentication.

CSCin21484

An SNMP query on the ciscoFLASHPartitionTable object now shows all the attributes defined by the MIB. For example, Size, FreeSpace and FileCount are defined by the MIB and are shown in the query output.

CMS Caveats Resolved in Release 12.1(13)EA1

These CMS caveats were resolved in Release 12.1(13)EA1:

CSCdu79932

If you try to enable Port Fast on an interface that does not accept it—a trunk port, for example—a message now warns you that Port Fast was not enabled.

CSCdz00591

If you remove a policer that is applied to both the ingress and egress directions on an interface, an error message no longer appears.

CSCdz04884

When you remove a policy that is applied to both the ingress and egress directions on multiple interfaces, the policy is now removed from all the interfaces, and an error message no longer appears.

CSCdz05775

If you open the QoS Policies window and specify a policy name that is already configured, the Add Class to QoS Policy window that defines a traffic classification no longer opens.

CSCdz11346

In the QoS Trust Settings window, when selecting multiple interfaces in a child window, you can now disable the interface to override the CoS value of the incoming packets.

CSCdz12848

The switch now shows link reports between Catalyst 2900 XL switches and Catalyst 2820 switches.

CSCdz12893

When you select an ATM interface on a Catalyst 2924-LRE-XL switch and open the Link Reports window, a read-only error message no longer appears. The MAC address field is no longer red because the Catalyst 2924-LRE-XL switch now shows the MAC addresses on ATM links.

CSCdz14712

When you create a policy by configuring a policer, if unsupported values for the average traffic rate and normal size burst are entered, an error message no longer appears.

CSCdz15092

In the QoS Maps window, in read-only mode, details of the DSCP mutation table are now available.

CSCdz16877

In the Ping and Trace window, when you ping another device or use traceroute to identify a Layer 2 or Layer 3 path that packets take through a network, these actions occur:

- After you select Layer 3 Trace or Layer 2 Trace, a green border no longer appears.
- CMS now displays the intermediate results.
CSCdz17101

You can now create bridge groups on switches that are running the SMI.

Note In Releases 12.1(12c)EA1 and earlier, the CMS Fallback Bridging window lists all Layer 3 devices that are running both the SMI and EMI, even though Fallback Bridging is not supported on the SMI.

CSCdz17260

When an ACL is defined in a class map, if the ACL is deleted and then you open QoS Class Modify window, it no longer shows an ACL that is not defined in the class map.

CSCdz21175

If you create a time-range entry that is active only on specific days, it now works if you modify it later.

CSCdz21296

When you assign routed ports to a fallback bridge group, CMS now adds the routed ports to the bridge group.

CSCdz21476

When you select and delete multiple time ranges from the ACL window, all of the time ranges are now deleted.

CSCdz22666

If you open the Standby Command Switches window when other windows, such as the SNMP Management window and the Cisco Group Management Protocol (CGMP) window are open, a NullPointerException message no longer appears.

CSCdz23637

In Runtime Status tab of the Port Settings window, if you configure an interface description by using one of these words:

connected
disabled
down
err-disabled
monitoring
notconnect

CMS now displays the correct port settings in the Configuration Settings and the Runtime Status tabs of the Port Settings window. The duplex and speed settings no longer appear as NA.

CSCdz26492

You can now use CMS to disable port security on cluster members.

CSCdz26592

In the Front Panel View, when you select a connected port other than the port that was first connected and open the Link Graph window, the graph for another port no longer appears.

CSCdz26631

When you run a link graph report on a connected port selected from the Front Panel view, the graph no longer displays data for the first connected port, regardless of which port you select.

CSCdz26865

When you enable UplinkFast, the maximum-update-rate field now contains the default value.

CSCdz26881

In the UplinkFast tab of the STP window, CMS correctly shows the maximum update range.

CSCdz29469

After you create a class and apply an ACL to that class, if you delete this ACL and attempt to modify the class by applying another ACL to it, the ACL is now applied to the class.

CSCdz29950

If an internal power supply of a cluster member switch fails and the switch is using a redundant power system, such as the RPS 300, CMS no longer fails.

CSCea00474

If port security with a maximum of one secure MAC address and sticky learning is configured on a switch interface, you can now re-enable the interface by using CMS when a security violation occurs, the port shuts down, and it remains in the error-disabled state.

Documentation Updates

You can access all Catalyst 3550 documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/index.htm

This section provides these updates to the product documentation:

"References to the Cisco Documentation CD-ROM" section
"Corrections to the Hardware Installation Guide" section

These changes will be included in the next version of the documentation.

References to the Cisco Documentation CD-ROM

The documentation for the Catalyst 3550 switches incorrectly refers to the Cisco Documentation CD-ROM. The Catalyst 3550 switches no longer ship with this CD-ROM.

Corrections to the Hardware Installation Guide

These are corrections for the Catalyst 3550 Multilayer Switch Hardware Installation Guide:

In the "100BASE-FX Ports" section on page 1-10, the "Site Requirements" section on page 2-6, and the "Connecting to 100BASE-FX Ports" section on page 2-30, the information about duplex mode is incorrect. This is the correct information:

The 100BASE-FX ports operate only at 100 Mbps and support both full- and half-duplex mode. The half-duplex mode is the default setting. Autonegotiation is not supported.

In the "GBIC Module Slots" section on page 1-12, the information about Cisco-approved GBICs is incorrect. This is the correct information:

Cisco-approved CWDM GBIC modules have a serial EEPROM that contains the module serial number, the vendor name and ID, a unique security code, and cyclic redundancy check (CRC). When a CWDM GBIC module is inserted in the switch, the switch software reads the EEPROM to check the serial number, vendor name and vendor ID, and recompute the security code and CRC. If the serial number, the vendor name or vendor ID, the security code, or CRC is invalid, the switch places the interface in an error-disabled state.

Note If you are using a non-Cisco approved CWDM GBIC module, remove the GBIC from the switch, and replace it with a Cisco-approved module.

In the "Powering On the Switch and Running POST" section on page 2-11 and in the "Understanding POST Results" section on page 3-1, the information about POST is incorrect. This is the correct information:

POST tests run automatically each time the switch is powered on. When the switch begins POST, the port LEDs from number 1 to number 2 turn off. The System LED flashes green, and the RPS LED turns off.

In the "Technical Specifications" appendix, these values in Table A-5, "Fiber-Port Specifications for Catalyst 3550-24-FX Switches" are incorrect:
- Optical transmitter power for 50/125-micron cabling
- Optical transmitter power for 62.5/125-micron cabling

The correct transmitter power for both the 50/125-micron and 62.5/125-micron cabling is -23.5
to -14 decibel milliwatt (dBm).

In the "Translated Safety Warnings" chapter, these are the correct translations for the Lightning Activity Warning:

Lightning Activity Warning

Warning

Do not work on the system or connect or disconnect cables during periods of lightning activity.

Waarschuwing

Tijdens onweer dat gepaard gaat met bliksem, dient u niet aan het systeem te werken of kabels aan te sluiten of te ontkoppelen.

Varoitus

Älä työskentele järjestelmän parissa äläkä yhdistä tai irrota kaapeleita ukkosilmalla.

Attention

Ne pas travailler sur le système ni brancher ou débrancher les câbles pendant un orage.

Warnung

Arbeiten Sie nicht am System und schließen Sie keine Kabel an bzw. trennen Sie keine ab, wenn es gewittert.

Figyelem!

Villámlás közben ne dolgozzon a rendszeren, valamint ne csatlakoztasson és ne húzzon ki kábeleket!

Avvertenza

Non lavorare sul sistema o collegare oppure scollegare i cavi durante un temporale con fulmini.

Advarsel

Utfør aldri arbeid på systemet, eller koble kabler til eller fra systemet når det tordner eller lyner.

Aviso

Não trabalhe no sistema ou ligue e desligue cabos durante períodos de mau tempo (trovoada).

¡Advertencia!

No operar el sistema ni conectar o desconectar cables durante el transcurso de descargas eléctricas en la atmósfera.

Varning!

Vid åska skall du aldrig utföra arbete på systemet eller ansluta eller koppla loss kablar.

Obtaining Documentation

Cisco provides several ways to obtain documentation, technical assistance, and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites from this URL:

http://www.cisco.com/public/countries_languages.shtml

Documentation CD-ROM

Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which may have shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.

Registered Cisco.com users can order the Documentation CD-ROM (product number DOC-CONDOCCD=) through the online Subscription Store:

http://www.cisco.com/go/subscription

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

Registered Cisco.com users (Cisco direct customers) can order Cisco product documentation from the Networking Products MarketPlace:

http://www.cisco.com/en/US/partner/ordering/index.shtml

Registered Cisco.com users can order the Documentation CD-ROM (Customer Order Number DOC-CONDOCCD=) through the online Subscription Store:

http://www.cisco.com/go/subscription

Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco Systems Corporate Headquarters (California, U.S.A.) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).

Documentation Feedback

You can submit comments electronically on Cisco.com. On the Cisco Documentation home page, click Feedback at the top of the page.

You can e-mail your comments to bug-doc@cisco.com.

You can submit your comments by mail by using the response card behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

Cisco provides Cisco.com, which includes the Cisco Technical Assistance Center (TAC) Website, as a starting point for all technical assistance. Customers and partners can obtain online documentation, troubleshooting tips, and sample configurations from the Cisco TAC website. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC website, including TAC tools and utilities.

Cisco.com

Cisco.com offers a suite of interactive, networked services that let you access Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.

Cisco.com provides a broad range of features and services to help you with these tasks:

Streamline business processes and improve productivity
Resolve technical issues with online support
Download and test software packages
Order Cisco learning materials and merchandise
Register for online skill assessment, training, and certification programs

To obtain customized information and service, you can self-register on Cisco.com at this URL:

http://www.cisco.com

Technical Assistance Center

The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two levels of support are available: the Cisco TAC website and the Cisco TAC Escalation Center. The avenue of support that you choose depends on the priority of the problem and the conditions stated in service contracts, when applicable.

We categorize Cisco TAC inquiries according to urgency:

Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.
Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.
Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.

Cisco TAC Website

You can use the Cisco TAC website to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC website, go to this URL:

http://www.cisco.com/tac

All customers, partners, and resellers who have a valid Cisco service contract have complete access to the technical support resources on the Cisco TAC website. Some services on the Cisco TAC website require a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to this URL to register:

http://tools.cisco.com/RPF/register/register.do

If you are a Cisco.com registered user, and you cannot resolve your technical issues by using the Cisco TAC website, you can open a case online at this URL:

http://www.cisco.com/en/US/support/index.html

If you have Internet access, we recommend that you open P3 and P4 cases through the Cisco TAC website so that you can describe the situation in your own words and attach any necessary files.

Cisco TAC Escalation Center

The Cisco TAC Escalation Center addresses priority level 1 or priority level 2 issues. These classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer automatically opens a case.

To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled: for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). When you call the center, please have available your service agreement number and your product serial number.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Product Catalog describes the networking products offered by Cisco Systems as well as ordering and customer support services. Access the Cisco Product Catalog at this URL:

http://www.cisco.com/en/US/products/products_catalog_links_launch.html

Cisco Press publishes a wide range of networking publications. Cisco suggests these titles for new and experienced users: Internetworking Terms and Acronyms Dictionary, Internetworking Technology Handbook, Internetworking Troubleshooting Guide, and the Internetworking Design Guide. For current Cisco Press titles and other information, go to Cisco Press online at this URL:

http://www.ciscopress.com

Packet magazine is the Cisco monthly periodical that provides industry professionals with the latest information about the field of networking. You can access Packet magazine at this URL:

http://www.cisco.com/en/US/about/ac123/ac114/about_cisco_packet_magazine.html

iQ Magazine is the Cisco monthly periodical that provides business leaders and decision makers with the latest information about the networking industry. You can access iQ Magazine at this URL:

http://business.cisco.com/prod/tree.taf%3fasset_id=44699&public_view=true&kbns=1.html

Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in the design, development, and operation of public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/en/US/about/ac123/ac147/about_cisco_the_internet_protocol_journal.html

This document is to be used in conjunction with the documents listed in the "Related Documentation" section section.


		BUSINESS INDUSTRIES & SOLUTIONS \| NETWORKING SOLUTIONS \| PRODUCTS & SERVICES \| TECHNOLOGIES \| ORDERING \| TECHNICAL SUPPORT \| LEARNING & EVENTS \| PARTNERS & RESELLERS \| ABOUT CISCO Home \| Log In \| Register \| Contacts & Feedback \| Help \| Site Map © 1992-2004 Cisco Systems, Inc. All rights reserved. Terms and Conditions, Privacy Statement, Cookie Policy and Trademarks of Cisco Systems, Inc.

Table of Contents

Release Notes for the Catalyst 3550 Multilayer Switch Cisco IOS Release 12.1(13)EA1a

Contents

System Requirements

Hardware Supported

Software Compatibility

Minimum Platform Configuration for Web-Based Management

Operating System and Browser Support

Guidelines for Installing and Enabling the Java Plug-In

Installing the Required Plug-In

Windows XP, Windows 2000, Windows 95, Windows 98, and Windows NT 4.0 Plug-Ins

Solaris Platforms

Creating Clusters with Different Releases of IOS Software

Downloading Software

Determining the Software Version and Feature Set

Which Files to Use

Upgrading a Switch by Using CMS

Upgrading a Switch by Using the CLI

Upgrading with a Nondefault System MTU Setting

Recovering from Software Failure

Installation Notes

Setting Up the Catalyst 3550 Initial Configuration

Accessing CMS

Configuring the HTTP Server

Displaying CMS

New Features

New Hardware Features

New Software Features

Limitations and Restrictions

IOS Limitations and Restrictions

Cluster Limitations and Restrictions

CMS Limitations and Restrictions

Important Notes

IOS Notes

Cluster Notes

CMS Notes

Read-Only Mode in CMS

Open Caveats

Open IOS Caveats

Open CMS Caveats

Resolved Caveats

IOS Caveats Resolved in Release 12.1(13)EA1a

IOS Caveats Resolved in Release 12.1(13)EA1

CMS Caveats Resolved in Release 12.1(13)EA1

Documentation Updates

References to the Cisco Documentation CD-ROM

Corrections to the Hardware Installation Guide

Lightning Activity Warning

Related Documentation

Obtaining Documentation

Cisco.com

Documentation CD-ROM

Ordering Documentation

Documentation Feedback

Obtaining Technical Assistance

Cisco.com

Technical Assistance Center

Cisco TAC Website

Cisco TAC Escalation Center

Obtaining Additional Publications and Information

Release Notes for the
Catalyst 3550 Multilayer Switch
Cisco IOS Release 12.1(13)EA1a