Cisco IOS Software Release 12.2(35)SE [Cisco IOS Software Releases 12.2 Special and Early Deployments]

PB380237

Cisco® announces Cisco IOS® Software updates for Cisco Catalyst® 3750, 3560, 3550, 2960, 2970 Series Switches and CBS30x0 Series Blade Switches. This new release furthers Cisco leadership in providing secure, reliable, integrated data and voice LAN switching solutions.

This product bulletin contains content and delivery information for Cisco IOS Software
Release 12.2(35)SE.

The following new features are available with Cisco IOS Software Release 12.2(35)SE for enterprise Ethernet switches:

• Multi Domain Authentication (MDA)-MDA provides enhanced security for IP phone deployments. This allows an IP phone (Cisco or third-party) and a single host behind the IP phone to independently authenticate using 802.1x. Using this method, a switch can place the host in the data VLAN and IP phone in the voice VLAN, though they appear on the same switch port. Data VLAN can be downloaded from the authentication, authorization, and accounting (AAA) server. For non-802.1x devices, MAC Authentication Bypass (MAB) can be used as the fallback to authenticate using the MAC address of the device. For
non-802.1x deployments, MAB can be used to authenticate both IP phones and hosts.

• Local Web Authentication-Allows non-802.1x users to authenticate using a login page. The switch intercepts an HTTP packet from the host and sends an HTML login page. The user keys in the credentials (such as username and password) and gets authenticated by an AAA server.

• MAC Authentication Bypass (MAB) for Voice VLAN-This feature allows non-802.1x IP phones (with no 802.1x supplicant) to authenticate to the network, utilizing the MAC address of the IP phone. The switch will initiate an Extensible Authentication Protocol (EAP) conversation with an AAA server on behalf of the IP phone to authenticate the MAC address itself. This process is transparent to the end user and utilizes a prepopulated database on the AAA server.

• MAB aging timer-Provides a mechanism to detect inactive hosts after they have authenticated using MAB. The switch flushes the entries for hosts that remain inactive
for this duration, thus allowing new hosts to get authenticated on the same port.

• Fast Stack Image Update-Updates the software images for all the stack members
in parallel, improving the speed and performance of image updates.

• Generic Online Diagnostics Framework (GOLD) for Cisco Catalyst 3560-GOLD is a fault detection framework that provides troubleshooting tools for customers and the Cisco Technical Assistance Center (TAC) and can be either run on demand or scheduled.

– Supports the same level of GOLD functionality available on the Cisco Catalyst 3750.

• Power over Ethernet (PoE) MIB-A new CISCO-POWER-ETHETNET-EXE-MIB provides PoE visibility and allows administrators to proactively monitor power usage. Table 1 describes managed objects related to PoE.

Table 1. Overview of New PoE MIB Object Types

MIB Object Type	Object Description
SET	• Enable PoE mode (auto/static and so on) • Max power allowed on this port (optional) • Threshold for allocated power
TRAP	• When allocated power exceeds specified threshold
GET	• PoE mode (auto/static and so on) • Operational status (power deny/on/off scenarios) • Power allocated (through Cisco Discovery Protocol negotiation or power class) on the interface • Type of the device plugged into the port • IEEE power classification class

• Enhanced Object Tracking (EoT)-Provides ability for Hot Standby Router Protocol (HSRP)-like protocols to monitor the link and route state objects and dynamically adjust to state changes. This provides increased network availability during failover.

• STACK MAC Persistent Timer-Currently, when a stack master is removed and a new master takes over, by default, the MAC address of the new stack master becomes the new stack MAC router address. This feature enables users to configure a timer to allow a time delay before stack MAC address changes to the new master MAC address. A value of "0" helps ensure the original master MAC address remains the stack MAC router address, thus making it transparent to the endpoints.

• Cisco Catalyst Blade Switch 30x0 Series carry no new features in this release. However, the common bug fixes to the 12.2(35)SE release are included

Table 2 describes product support for new features of Cisco IOS Software Release 12.2(35)SE for enterprise switches.

Table 2. Cisco IOS Software Release 12.2(35)SE New Features for Enterprise Switches

IPB = IP Base Feature Set

IPS = IP Services Feature Set

AIS = Advanced IP Services Feature Set

X = supported; N = not supported

3750 = Cisco Catalyst 3750 Series Switches

3560= Cisco Catalyst 3560 Series Switches

3550 = Cisco Catalyst 3550 Series Switches

2970 = Cisco Catalyst 2970 Series Switches

2960 = Cisco Catalyst 2960 Series Switches

CBS30X0 = Cisco Catalyst Blade Switch 30X0 Series

Feature	3750-IPB	3750-IPS	3750-AIS	3560-IPB	3560-IPS	3560-AIS	3550-IPB	3550-IPS	2970	2960	CBS30x0
Multiple Domain Auth	X	X	X	X	X	X	N	N	N	N	N
Web Auth for Non-802.1x Clients	X	X	X	X	X	X	X	X	N	X	N
MAC Auth Bypass for Voice VLAN	X	X	X	X	X	X	N	N	N	N	N
MAB aging timer	X	X	X	X	X	X	N	N	N	N	N
Fast Stack Image Update	X	X	X	-	-	-	-	-	-	-	-
PoE MIB	X	X	X	X	X	X	N	N	N	N	N
Enhanced Object Tracking (No SAA Objects)	X	X	X	X	X	X	N	N	N	N	N
STACK MAC Persistent Timer	X	X	X	-	-	-	-	-	-	-	-

Table 3 lists switches supported.

Table 3. Cisco Catalyst Switches Supported with Cisco IOS Software Release 12.2(35)SE

Cisco Catalyst 3750 and 3560 Series License CD Part Numbers

Cisco Catalyst 3750 Series IP Services Part Numbers

Cisco Catalyst 3750 Series IP Base Part Numbers

Cisco Catalyst 3560 Series IP Services Part Numbers

Cisco Catalyst 3560 Series IP Base Part Numbers

Cisco Catalyst 2970 Series Part Numbers

CD-3750-EMI=

CD-3750G-EMI=

CD-3750G-48EMI=

3750-AISK9-LIC-B

3750-AISK9-LIC-S

3750G-AISK9-LIC-B

3750G-AISK9-LIC-S

3750G48-AISK9LIC-B

3750G48-AISK9LIC-S

CD-3560-EMI=

CD-3560G-EMI=

3560-AISK9-LIC-B

3560-AISK9-LIC-S

3560G-AISK9-LIC-B

3560G-AISK9-LIC-S

3750-48TS-E

3750-24TS-E

3750G-24T-E

3750G-48TS-E

3750G-24TS-E

3750G-12S-E

3750G-16TD

3750-48PS-E

3750-24PS-E

3750G-24TS-1U-E

3750G-24PS-E

3750G-48PS-E

3750-48TS-S

3750-24TS-S

3750G-24T-S

3750G-48TS-S

3750G-24TS-S

3750G-12S-S

3750G-16TD

3750-48PS-S

3750-24PS-S

3750G-24TS-1U-S

3750G-24PS-S

3750G-48PS-S

3560-24TS-E

3560-48TS-E

3560-48PS-E

3560-24PS-E

3560G-48PS-E

3560G-24PS-E

3560G-48TS-E

3560G-24TS-E

3560-24TS-S

3560-48TS-S

3560-48PS-S

3560-24PS-S

3560G-48PS-S

3560G-24PS-S

3560G-48TS-S

3560G-24TS-S

2970G-24T-E

2970G-24TS-E

Cisco Catalyst 3550 Series EMI Part Numbers

Cisco Catalyst 3550 Series SMI Part Numbers

3550-12G Switch

3550-12T Switch

3550-24-EMI Switch

3550-24 PWR Switch EMI

3550-48-EMI Switch

3550-24-FX-SMI Switch with EMI upgrade

3550-24-DC-SMI Switch with EMI upgrade

CD-3550-EMI

3550-24-SMI Switch

3550-24PWR-SMI

3550-48-SMI Switch

3550-24-FX-SMI Switch

3550-24-DC-SMI Switch

Cisco Catalyst 2960 Series Part Numbers	Cisco EtherSwitch® Service Modules for Cisco 2600, 2800, 3700, and 3800 Series Part Numbers
Cisco Catalyst 2960-24TC Cisco Catalyst 2960-24TT Cisco Catalyst 2960-48TC Cisco Catalyst 2960-48TT Cisco Catalyst 2960G-24TC Cisco Catalyst 2960G-48TC	NME-16ES-1G NME-16ES-1G-P NME-X-23ES-1G NME-X-23ES-1G-P NME-XD-24ES-1S-P NME-XD-48ES-2S-P

Additional Resources

Software Download

Software is available for download from the following links:

• Cisco IOS Software Upgrade Planner:
http://www.cisco.com/cgi-bin/Software/Iosplanner/Planner-tool/iosplanner.cgi?majorRel=

• Guest Level Access Planner: http://www.cisco.com/kobayashi/sw-center/index.shtml

You must purchase the EMI/IP Services or Advanced IP Services software upgrade kit when upgrading a switch from SMI/IP Base to EMI/IP Services or Advanced IP Services software. Downloads of SMI/IP Base, EMI/IP Services, and Advanced IP Services files are monitored for adherence to this requirement.

Because of export restrictions on strong cryptography software, a separate image is required for the cryptographic features (Secure Shell [SSH] Protocol, Simple Network Management Protocol Version 3 [SNMPv3], and Kerberos Protocol). These software images can be downloaded from the corresponding Triple Data Encryption Standard (3DES) area of the links provided in this section. Note that the Cisco Advanced IP Services license is available only in cryptographic format.

Product Information

Additional product information is available at the following URLs:

• Cisco Catalyst 3750 Series Switches: http://www.cisco.com/go/catalyst3750

• Cisco Catalyst 3560 Series Switches: http://www.cisco.com/go/catalyst3560

• Cisco Catalyst 3550 Series Switches: http://www.cisco.com/go/catalyst3550

• Cisco Catalyst 2970 Series Switches: http://www.cisco.com/go/catalyst2970

• Cisco Catalyst 2960 Series Switches: http://www.cisco.com/go/catalyst2960

• Cisco Catalyst 3750, 3560, 3550, 2970, and 2960 Series release notes:

– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/index.htm

– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/index.htm

– http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/index.htm

– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2970/index.htm

– http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2960/index.htm

• Cisco EtherSwitch Service Modules for Cisco, 2800, 3700, and 3800 Series Routers:
http://www.cisco.com/en/US/products/ps5854/products_data_sheet0900aecd8028d15f.html

• Cisco Catalyst Blade Switches 30x0 Series:
http://www.cisco.com/en/US/products/ps6748/index.html

Support

Cisco IOS Software Release 12.2(35)SE follows the standard Cisco support policy indicated at http://www.cisco.com/en/US/products/products_end-of-life_policy.html.

Software Image Migration Guide

Figure 1 displays Cisco IOS Software Release 12.2(35)SE functions relative to the 12.2S and 12.2SE releases and identifies the recommended migration path.

Figure 1. Cisco IOS Software Release 12.2 Release Train

Cisco IOS Software Releases 12.2 Special and Early Deployments

Cisco IOS Software Release 12.2(35)SE

Hierarchical Navigation

Downloads

Programs

Programs

Programs

Programs