 Feedback
|
Table Of Contents
Release Notes for Catalyst 3850 Series Switch, Cisco IOS XE Release 3.3.xSE
What's New in Cisco IOS XE Release 3.3.1SE
What's New in Cisco IOS XE Release 3.3.0SE
Device Manager System Requirements
Finding the Software Version and Feature Set
Interoperability with Other Client Devices
Resolved Caveats in Cisco IOS XE Release 3.3.0SE
Resolved Caveats in Cisco IOS XE Release 3.3.1SE
Catalyst 3850 Switch Hardware Installation Guide
Catalyst 3850 Switch Getting Started Guide
System Management Configuration Guide, Cisco IOS XE Release 3SE
Obtaining Documentation and Submitting a Service Request
Release Notes for Catalyst 3850 Series Switch, Cisco IOS XE Release 3.3.xSE
First Published: October 7, 2013Last Updated: January 15, 2014OL-30562-02This release note describes the features and caveats for the Cisco IOS XE 3.3.xSE software on the Catalyst 3850 series switch.
Unless otherwise noted, the terms switch and device refer to a standalone switch and to a switch stack.
Contents
•
What's New in Cisco IOS XE Release 3.3.1SE
•
•
•
•
•
•
Introduction
The Catalyst 3850 switches are the next generation of enterprise class stackable access layer switches that provide full convergence between wired and wireless networks on a single platform. This convergence is built on the resilience of new and improved 480-Gbps StackWise-480 and Cisco StackPower. Wired and wireless security and application visibility and control are natively built into the switch.
The Catalyst 3850 switches also support full IEEE 802.3 at Power over Ethernet Plus (PoE+), modular and field replaceable network modules, redundant fans, and power supplies. The Catalyst 3850 switches enhance productivity by enabling applications such as IP telephony, wireless, and video for a true borderless network experience.
The Cisco IOS XE software represents the continuing evolution of the preeminent Cisco IOS operating system. The Cisco IOS XE architecture and well-defined set of APIs extend the Cisco IOS software to improve portability across platforms and extensibility outside the Cisco IOS environment. The Cisco IOS XE software retains the same look and feel of the Cisco IOS software, while providing enhanced future-proofing and improved functionality.
For more information about the Cisco IOS XE software, see http://www.cisco.com/en/US/prod/collateral/iosswrel/ps9442/ps11192/ps11194/QA_C67-622903.html
What's New in Cisco IOS XE Release 3.3.1SE
•
•
What's New in Cisco IOS XE Release 3.3.0SE
•
•
•
•
•
–
–
•
•
•
•
•
•
•
•
•
•
•
•
The 802.11ac module provides enterprise-class reliability and wired-network-like performance. The 802.11ac module supports three spatial streams and 80 MHz-wide channels for a maximum data rate of 1.3 Gbps. The 802.11ac standard is a 5-GHz-only technology, which is faster and a more scalable version of the 802.11n standard.
•
Note
•
–
–
–
–
•
–
–
–
•
•
•
•
•
•
•
Supported Hardware
Switch Models
Network Modules
Table 2 lists the three optional uplink network modules with 1-Gigabit and 10-Gigabit slots. You should only operate the switch with either a network module or a blank module installed.
Optics Modules
Catalyst switches support a wide range of optics. Because the list of supported optics is updated on a regular basis, consult the tables at this URL for the latest (SFP) compatibility information:
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
Other Supported Products
Table 3 lists the supported products of the Catalyst 3850 switch.
Table 3 Catalyst 3850 Switch Supported Products
Access Point
Cisco Aironet 1040, 1140, 1260, 1600, 2600, 3500, 3600, 3700
Mobility Services Engine
3355, Virtual Appliance
Table 4 lists the specific supported Cisco access points.
Compatibility Matrix
Table 5 lists the software compatibility matrix.
Table 5 Software Compatibility Matrix
03.03.01SE
03.03.00SE
7.51
7.5
1.2
5.2, 5.3
2.0
03.03.00SE
03.03.01SE
7.5
7.5
1.2
5.2, 5.3
2.0
1 Prime Infrastructure 2.0 enables you to manage Cisco WLC 7.5.102.0 with the features of Cisco WLC 7.4.110.0 and earlier releases. Prime Infrastructure 2.0 does not support any features of Cisco WLC 7.5.102.0 including the new AP platforms.
Device Manager System Requirements
Hardware Requirements
Table 6 Minimum Hardware Requirements
233 MHz minimum1
512 MB2
256
1024 x 768
Small
1 We recommend 1 GHz.
2 We recommend 1 GB DRAM.
Software Requirements
•
•
Web UI Software Requirements
•
–
–
–
•
–
–
–
Finding the Software Version and Feature Set
Table 7 shows the mapping of the Cisco IOS XE version number and the Cisco IOS version number.
The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).
You can use the show version privileged EXEC command to see the software version that is running on your switch.
Note
You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.
Upgrading the Switch Software
For information about how to upgrade the switch software, see the System Management Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) at the following URL:
Features
The Catalyst 3850 switch supports three different feature sets:
•
•
•
Note
For more information about the features, see the product data sheet at this URL:
http://www.cisco.com/en/US/products/ps12686/products_data_sheets_list.html
Interoperability with Other Client Devices
This section describes the interoperability of this version of the switch software release with other client devices.
Table 8 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, phones, and printers.
Important Notes
•
–
–
•
•
–
–
–
–
–
•
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Limitations and Restrictions
•
•
•
•
Caveats
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
https://tools.cisco.com/bugsearch/search
(If you request a defect that cannot be displayed, the defect number might not exist, the defect might not yet have a customer-visible description, or the defect might be marked Cisco Confidential.)
•
•
Open Caveats
•
Layer 3 multicast traffic is not transmitted on a statically joined port after using the shutdown and no shutdown commands on a switched virtual interface (SVI).
The workaround is to unconfigure the static join and configure it again.
•
When the standby switch in a switch stack is reloaded and added back to the stack as a member, sometimes the Feature Forwarding Manager (FFM) process fails, causing a reload. This problem occurs in configurations with a combination of Layer-3 routing, PBR and ACL features.
There is no workaround.
•
After FlexLink load balancing is removed from an active interface, all packets are dropped.
The workaround is to remove the FlexLink configuration from the interface and then reconfigure FlexLinks on the interface.
•
When an IPv6 Multicast Listener Discovery (MLD) group entry is programmed in the overflow ternary content-addressable memory (TCAM), multicast traffic to this group is flooded across all ports in the same VLAN instead of sending the multicast traffic to the interested multicast client.
There is no workaround.
•
When you boot the switch with the factory default configuration, the system configuration dialog prompts are interrupted by the following message:
% Generating 1024 bit RSA keys, keys will be non-exportable...The workaround is to ignore the message and type yes or no to the dialog prompts.
•
ARP traffic is occasionally dropped. The ARP loss corresponds with buffer counter under "failures" incrementing in the output of show platform punt client.
If IP device tracking is not required and neither dot1x or DAI is used, then the workaround is to add the nmsp attachment suppress command at the interface level of all switch ports. This stops ARP snooping from being enabled on the ports.
•
When a power supply is inserted into the chassis without a power cord, the show environment power command displays the status of Sys Pwr and PoE Pwr as Good. This is a reporting issue and has no functional impact.
There is no workaround.
•
The clear counters d2 command does not clear the 802.11ac (d2) counters on AP. This could result in an issue when a debug operation is being performed and the fresh counters for the 802.11ac radio are needed to be checked.
The workaround is to reboot the AP.
•
During an SSO and shutdown of interfaces on which APs are connected, the following error message is displayed:
FED_QOS_ERRMSG-3-TABLEMAP_INGRESS_HW_ERRORThere is no workaround. There is no functional impact.
•
The Wireless Guest Access feature does not support wireless clients configured with a static IP address that are trying to join the foreign controller.
The workaround is to ensure that all clients joining the wireless guest access WLAN on the foreign controller are configured to acquire their IP address from the DHCP server.
•
Some VLANs may not be able to learn the multicast router or querier by IGMP snooping.
The workaround is to use the static IGMP querier and static mrouter.
•
In a cross-stack EtherChannel with trunk configured, port flapping occurs when a VLAN is added or removed from the list of allowed VLANs. This problem occurs with both static and dynamic trunk port configurations.
There is no workaround.
•
You cannot modify the type set table-map action in a policy-map when the policy-map is attached to an interface.
The workaround is to remove the policy from the interface, remove the action, and add the new action.
•
When the startup configuration in a switch stack includes IPv6 first-hop security (FHS) configuration information (that is, default IPv6 snooping policy and default IPv6 nd suppress policy have been applied to one or more VLANs), some switched virtual interfaces (SVIs) are in the stalled state after the switch stack is rebooted and the stalled SVIs have no FHS configuration.
The workaround is to used the shutdown and no shutdown commands on the affected SVIs.
•
In PIM Sparse Dense mode, when the scaled number of Mcast Groups/Clients present (500 Groups), IGMP traffic is not received on a few groups.
The workaround is to reboot the switch.
•
After a TACACS authentication, the wireless GUI is not available on the switch.
The workaround is to use CLI interface (Telnet, Console, SSH) and configure the device.
•
When configuring the shaper policy, the uplink 1G port follows the uplink 10G port, which causes the uplink 1G port shaper accuracy issue.
The workaround is to use the downlink 1G port instead of the uplink 1G port when you need accurate shaper policy.
•
When Flexible NetFlow is configured on wireless SSID, multicast traffic received or sent by wireless clients is not reported.
There is no workaround.
•
When a fiber interface is configured with the default configuration, the following error message is displayed:
ETHCNTR-3-LOOP_BACK_DETECTEDand the interface is placed in the error-disabled state.
The workaround is to configure the interface with the no keepalive command.
•
On a switch stack, 2000 802.1X/MAC Authentication Bypass sessions are authorized with security group tags (SGT) downloaded from the ISE and authentication timer enabled. After some period of time, the active IOSd process stops running for some time.
There is no workaround.
•
When the standby switch reboots with a line-by-line configuration, synchronization failure.
The workaround is to manually remove the LACP configuration from under the interface.
•
On booting a switch with a QoS policy attached to one or more Etherchannel members, a warning message is displayed for each member in the channel starting from the second member.
There is no workaround.
•
Traffic drops in the process when HSRP on the interface of a switch comes up and preempts the HSRP switch that is active.
This occurs when HSRP preemption is enabled on the switches that are part of the same HSRP group. When the HSRP active switch with higher priority becomes nonoperational, the HSRP standby switch becomes active and starts to forward traffic. If the old active switch, which is nonoperational, becomes operational again and preempts the new active switch, traffic is dropped. This issue is observed when a user with administrative privileges does a shut down/no shut down on the HSRP active switch interface.
There is no workaround.
•
When an EtherChannel port on a member switch is configured with ip device tracking maximum 0, and an SSO occurs the standby switch fails to boot up.
The workaround is to remove the ip device tracking maximum 0 configuration from member ports before bringing up the switch in order to complete SSO.
•
Policing does not work as expected when a class map contains multiple match VLAN statements.
The workaround is to create a class map with multiple VLANs in a single match; for example:
class-map VLANmatch vlan3, 4•
The output of the show int transceiver supported-list command does not show the complete list of supported 10G optics modules.
The workaround is to view the compatibility tables at this URL:
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
•
After rebooting the switch stack, ingress traffic matching a policy with multiple class maps of different ACLs might match the wrong class map.
The workaround is to remove the policy and reapply the policy on the affected interface.
•
On an input policer policy, the classification counter does not accurately reflect matches on a class map with a ACL or DSCP clauses.
The workaround is to monitor the police counter instead of the classification counter.
•
During an SSO, when traffic from an egress port on the active switch is forwarded to an egress port on a member switch using alternate path, traffic is dropped.
There is no workaround.
•
When a 10G interface is configured with the unidirectional link detection (UDLD) message time equal to 7 and the switch on the other end of the 10G link is rebooted, the 10G interface goes into a UDLD error-disabled state.
The workaround is to configure the UDLD message time as 15 or more.
•
QoS policies created through Web UI are not listed on the Web UI page.
There is no workaround.
•
After an SSO on the 5760 controller with HA, some clients fail to rejoin.
The workaround is to decrease the number of clients connecting to the controller.
•
When a policy contains multiple match statements in a class, the classification counter displays incorrect results.
There is no workaround.
•
Removing and reinserting SFP modules causes the port to go into an error-disabled state.
The workaround is to use the shutdown/no shutdown commands on the port.
•
When the snmp-server enable traps stackwise command is used to set SNMP traps for the CISCO-STACKWISE MIB, the only trap set is for port status; traps are not set for the other MIB objects.
There is no workaround.
•
Bcast queue is full when IGMP is disabled.
There is no workaround.
Resolved Caveats in Cisco IOS XE Release 3.3.0SE
•
The following tracebacks are noticed on normal setup:
DATACORRUPTION-1-DATAINCONSISTENCY: strstr_s: dmax exceeds max, -PC= 0x240BE60Cz-Traceback= 190BA74z 182D4C8z 5E68CD5z 5E68B63z 55817EBz 55815D7z 558154Dz 5580E60z 5580444z 55802CAzThere is no workaround. There is no functional impact.
•
When a VLAN filter is configured on an RSPAN monitor session, duplicate packets are captured on the RSPAN destination port.
There is no workaround.
•
Following a switchover in a four-member stack, full reconciliation of high availability (HA) services may be delayed by up to 15 seconds. The re-association of wireless clients is similarly delayed.
There is no workaround.
•
When the Ethernet management port receives a frame whose destination MAC address is not FA1, it does not drop the traffic. Instead, the port uses the vrf mgmtVrf routing table to route the traffic back.
There is no workaround.
•
When the NetFlow collector address for the Flow Exporter is configured in the VRF route table, flow records are exported to the same IP address in the global route table.
The workaround is to connect the NetFlow collector in the global route table instead of the VRF route table.
•
IPV6 first-hop security does not work with EtherChannel.
•
When policy maps are PRE chained in conjunction with concurrent or sequential authentication sessions, events associated with each authentication method's chained policy are evaluated and executed instead of only those events associated with the method for which the session was authorized. For example, a policy specifies that sessions be authenticated using dot1x or mab, and upon success of either method, chain (attach) a child policy map. If both authentication methods succeed, the session, based on priority, is authorized with dot1x. Subsequent events are matched against both the MAB and dot1x chained policy maps instead of the dot1x chained policy map.
The workaround is to avoid using PRE chaining with concurrently authenticated sessions.
•
In very rare cases, all traffic to and from the switch ceases; all access points and LAG links disconnect as the switch fails to transmit the LACP PDUs; however, the management interfaces function.
•
The following message may appear in the switch logs:
process kernel: i2c-octeon i2c-octeon.1: broken irq connection detected, switching to polling modeThere is no workaround. There is no functional impact.
•
When the same PV HQOS policies are applied to both directions of an interface, the output policy stops working when the input policy is removed.
The workaround is to detach the output policy and reapply it to the interface.
•
After a HQOS policy is attached to interface and the interface speed or bandwidth is changed while the policy is attached, the HQOS policy gets detached from the interface.
The workaround is to detach the policy, change the bandwidth or speed of the interface, and reattach the policy.
•
When Layer 3 interfaces on the active switch in a switch stack are deleted and reapplied, the new member switch that joins the stack may reload.
The workaround is to reload the stack.
•
After a switchover, and a default to a Layer 3 interface, the CLI may not respond for several minutes.
There is no workaround.
•
After a switchover on a switch stack, the show interface status command displays the status of the Uplink SFP as unknown.
The workaround is to use the show inventory command on the interface.
•
When you update the power or channel on a four-member stack using the snmp set command, the operation fails on the standby switch, and the following error message is displayed:
%SNMP-3-SYNCFAIL: SNMP MIB Sync Failure: Failure on standbyThere is no workaround.
•
When the switch stack is running in install mode and set to boot with the boot system switch all flash:packages.conf command, the show boot system command does not properly display the BOOT variable for the standby and member switches. The effect is only on the show commands; there is no effect on operations.
There is no workaround.
•
The mac-address table is updated with BPDU SA from neighbor switch. This is a default behavior. The workaround is to use the test matm ctrl_pkt_lrn command in the enable mode to disable this feature.
•
The class video counters for the AP port policy appear as zero when you use the show policy-map interface wireless ap command.
There is no workaround.
•
When a class is removed from a queuing policy map that is attached to a wired port, the queue programming in the hardware is removed.
The workaround is to remove the policy from the port before making modifications.
•
When the incoming rate is far beyond the rate configured in a policy map through policing, the traffic is not properly shaped.
The workaround is to configure the policy map with priority level 1 percent and priority level 2 percent instead of configuring the policy with priority level x and policing.
•
When you modify the webauth virtual IP while there are active webauth sessions, the session stays in the pending-delete state and you cannot create a new session.
The workaround is to not make CLI changes when authorized webauth sessions are in use.
•
When a policy with priority and a policer is attached to a range of interfaces on an uplink, in some scenarios, any change made to the policer rate causes the policy to be unprogrammed on one or more ports.
The workaround is to remove the policy from the affected ports and reattach it.
•
When configuring policy maps using absolute values, the maximum rate is limited to 2G/second.
The workaround is to configure policy maps using the priority level 1 percent x command instead of configuring absolute values with the priority level 1 x command.
•
When policers are attached to uplink interfaces using the range command, the policers do not always work.
The workaround is to attach the policy to each port, one by one.
•
In a hierarchical queueing policy, a table map under the child policy continues to mark traffic after the policy is detached from an interface.
The workaround is to attach a default policy, for example:
policy-map trust-cosclass class-defaultset cos cos table defaultYou then detach it.
•
After a queuing policy is deleted from one uplink port (10 G), the queueing policy on the other 1-G uplink stops working.
The workaround is to detach the policy and reattach it.
•
When using hierarchical policies, the child classification does not work properly when its matching value is a subset of the parent class's matching values for COS, DSCP, UP, and PREC classes.
The workaround is to configure hierarchical policies to achieve one of these results:
–
–
–
•
The snmp get command on cLMobilityExtMoMcLinkStatus for a given mobility controller (MC) and on cLMobilityExtMcAssocTime for a given mobility controller's client returns incorrect values.
The workaround is to use the following commands:
–
–
•
After a per-VLAN policy is removed from a port, the policer stays active. The VLAN has an SVI with a policy attached that is performing a set.
The workaround is to remove the policy from the SVI before removing it from the port.
•
You cannot apply both IPv6 and IPv4 ACLs to an snmp-server group.
The workaround is to use the snmp-server user command instead.
•
During a configuration synchronization, the passwd key zeroize command can cause the standby switch in the stack to stop functioning.
The workaround is to remove the passwd key zeroize command from the configuration and use the
crypto key zeroize rsa command instead.•
The DHCP snooping database agent fails to start while changing the DNS entry that the URL pointed to or when restarting the DHCP server. To avoid this issue, use another file transport mechanism like SCP or TFTP.
The workaround is to reload the switch.
•
When a 1-G port on a Catalyst 3850 switch is connected to a 10-G port on a 5760 controller with a 1-G SFP module, the 10-G controller port stays up even when the switch port is shut down.
There is no workaround.
•
In WebUI, it takes up to 10 to 15 seconds for the home page to load.
There is no workaround.
•
If you copy and paste several wireless configuration lines into the configuration, the system drops the first few characters from every other line. The number of characters dropped appears to be related to how long the command takes to execute. The issue does not occur on non-wireless configuration lines.
The workaround is to copy and paste line by line.
•
Multicast traffic travels on the WLAN-mapped VLAN rather than on the AP-group mapped VLAN when an AP is placed in an AP group where VLAN is overridden for the SSID and a client associates with the AP that is broadcasting this SSID.
There is no workaround.
•
In a switch stack, the Wireless Control Module (WCM) on the active switch stops working due to high CPU usage.
There is no workaround.
•
The console displays %IPC-5-WATERMARK log messages repeatedly.
There is no workaround. There is no functional impact.
•
When voice and data clients are authorized in multi authentication mode and the host-mode is subsequently changed to multi-domain authentication (MDA) mode, the switch unexpectedly reboots.
There is no workaround.
•
In a switch stack, a member switch stops working due to a loop with the NGWC Learning Process. This loop can occur when multiple MAC addresses flap between ports, for example, after a wired to wireless MAC move.
There is no workaround.
•
Stack port change messages are not properly trapped and displayed with the SNMP trap snmp-server enable traps stackwise.
The workaround is to configure an EEM script to pull the correct OID. For example:
event manager applet snmpevent snmp oid 1.3.6.1.4.1.9.9.500.1.2.2.1.1 get-type next entry-op eq entry-val "2" entry-type value poll-interval 5action 1.1 syslog msg "Success."action snmptrap snmp-trap strdata ""•
When a fiber interface is configured with the default configuration, the following error message is displayed:
ETHCNTR-3-LOOP_BACK_DETECTEDand the interface is placed in the error-disabled state.
The workaround is to configure the interface with the no keepalive command.
•
When the Network Time Protocol (NTP) configuration is removed from the switch, the Cisco IOS software unexpectedly halts.
There is no workaround.
Resolved Caveats in Cisco IOS XE Release 3.3.1SE
•
The TACACS+ per VRF feature is not working and authentication fails.
The workaround is to use the TACACS+ source interface from the global routing table, not VRF.
•
Port-channel interface flap when changing vlan allowed list.
•
WCM unresponsive on 2M at pthread_mutex_lock.
•
Controller should use a new session ID for every fresh authentication.
There is no workaround.
•
The router crashes when polling ipMRouteEntry while executing the clear ip mroute command.
The workaround is to not query ipMRouteEntry and use the clear ip mroute command at the same time.
•
Apple devices are unable to login to WEB authentication.
The workaround is to connect to the WEB authentication SSID, open a WEB browser, close the browser, change the device's SSID settings to disable Auto-login, and then re-open the browser. The client should then WEB authenticate successfully.
•
The show power inline command does not accurately reflect changes to the amount of available power.
There is no workaround. Reloading will resolve the issue, but the issue may return.
•
%PLATFORM_THERMAL-1-FRU_FAN_FAILURE
When the ambient temperature of the switch changes and the fan has to adjust accordingly, the RMP fan values programmed in the MCU may be different than those read from the fan. As a result, this intermittent error message occurs.
There is no workaround.
•
Switches with different images in the same stack are not supported.
The workaround is to ensure that all switches in the same stack are running the same image.
•
NGWC: AP's BVI MTU 1728 Bytes Triggering Input Errors on Neighbor Switch
Issue the following via Telnet/SSH/Console to AP to change the MTU to 1500 Bytes:
debug capwap con cliconfig tint gi0mtu 1500int bvi1mtu 1500
Note
•
AID leak causing stale client entries on WLC
The workaround is to disconnect and reconnect AP to clear stale clients.
•
AUP PDF page does not display in PDF format.
•
The switch is stuck in a broadcast queue that prevents packets to enter the queue.
The workaround for ARP is to re-enable NMSP (no nmsp attachment suppress). This action will allow ARP traffic to be processed. A reload will also clear this state.
•
In rare cases, Mac Learning does not occur for either ports 1-24 or ports 25-48 on one stack member in a switch stack. The other stack members are not affected.
The workaround is to reload the affected stack member.
•
DHCPACK with no DHCPOPT_LEASE_TIME option field should trigger IPDT.
The workaround is to release and then renew the IP address on the Lenovo W520.
•
When trying to poll VLAN assignment from the switch (VLANs were assigned via Radius), it provides wrong data.
There is no workaround.
•
High cpu issue at TUD on 03.12.19.EZP for process Auth-proxy HTTP dae.
There is no workaround.
•
Hotspot error occurs intermittently on iPad.
•
There is no SNMP MIB object available to add a local netuser or guest user.
The workaround is to use the CLI to add the user.
•
Stale IPDT entries causing client to be stuck in DHCP reqd state.
•
Web authentication logout pop-up window is not disabled.
There is no workaround.
•
The controller always uses Layer 2 MGID when it sends multicast data to the access point. Every interface created is assigned one Layer 2 MGID.
L2 MGID is not sent to AP for Guest WLANs. So if DHCP NAK (which is broadcast as per current code) is received by AP it gets dropped and never reaches end client.
•
Cisco APs are disassociated in a large scale setup (500 or more APs) when the debug capwap or debug dtls command is enabled (even with a MAC filter in place).
The workaround is to disable these debug commands.
•
Clients fail authentication (psk/dot1x) due to uncreated dot1x interface for the AP.
The workaround is to reboot the AP on the client that cannot authenticate.
Documentation Updates
Catalyst 3850 Switch Hardware Installation Guide
•
http://www.cisco.com/go/cat3850_hw
Power Supply Installation
•
Network Modules
•
Catalyst 3850 Switch Getting Started Guide
•
System Management Configuration Guide, Cisco IOS XE Release 3SE
•
–
–
–
–
–
–
–
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:
http://www.cisco.com/en/US/support/index.html
Choose Product Support > Switches. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.
Related Documentation
•
http://www.cisco.com/go/cat3850_docs
•
http://www.cisco.com/en/US/products/hw/modules/ps5455/tsd_products_support_series_home.html
•
http://www.cisco.com/go/designzone
•
https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation, which lists all new and revised Cisco Technical documentation, as an RSS feed and deliver content directly to your desktop using a read application. The RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2013-2014 Cisco Systems, Inc. All rights reserved.
