This product bulletin describes the hardware and software features supported by Cisco IOS® Software Release 12.2(25)SG for the Cisco® Catalyst® 4900 Series Switches.
NEW SOFTWARE FEATURES
NAC L2 IP
NAC L2 IP is an integral part of Cisco Network Admission Control. It offers the first line of defense for infected hosts (PCs and other devices attached to a LAN port) attempting to connect to the corporate network. NAC L2 IP on the Cisco Catalyst 4500 Series performs posture validation at the Layer 2 edge of the network for non-802.1x-enabled host devices. Host device posture validation includes anti-virus state and OS patch levels. Depending on the corporate access policy and host device posture, a host may be unconditionally admitted, admitted with restricted access, or quarantined to prevent the spread of viruses across the network.
NAC L2 802.1x
The Cisco Catalyst 4500 Series extends NAC support to 802.1x-enabled devices. Like NAC L2 IP, the NAC L2 802.1x feature determines the level of network access based on endpoint information.
Time Domain Reflectometry
Time Domain Reflectometry (TDR) is a technology used for diagnosing copper cable state. TDR detects impedance changes along an attached cable (for example, Category V) to determine opens, shorts, and terminated states. The fault distance from the switch is also supported. The Cisco Catalyst 4948 and Catalyst 4948-10GE switches support TDR .
802.1x Authentication Failure
The 802.1x Authentication Failure feature offers certain limited network access to guests with 802.1x supplicants enabled. This differs from the 802.1x guest VLAN feature for those guests without 802.1x supplicants. 802.1x Authentication Failure VLAN is a user-configurable VLAN, aside from the guest VLAN. Guests (contractors, visitors) with 802.1x supplicants enabled will fail 802.1x authentication. These guest users will be put into this special failure VLAN, typically with Internet access only. The 802.1x Authentication Failure VLAN can be configured to provide any type of limited access to network resources, including Internet access.
OSPF Fast Convergence
OSPF Fast Convergence minimizes system down time when an unexpected event, such as link failure, occurs. OSPF Fast Convergence consists of the following components:
• Fast Hellos-Support for user-configurable, subsecond, Open Shortest Path First (OSPF) hello intervals results in faster convergence in an OSPF network, especially in LAN segments.
• Incremental Shortest Path First (iSPF)-Enhances routing to intelligently determine the change in the Shortest Path Tree (SPT) and re-compute only the effected nodes upon SPT update. This increases efficiency and allows faster OSPF convergence on new routing topologies in reaction to network events.
• LSA Throttling-OSPF Link-State Advertisement (LSA) throttling provides a dynamic mechanism to slow down LSA updates in OSPF during times of network instability. LSA rate limiting in milliseconds allows faster OSPF convergence.
HTTPS
HTTPS is the secure version of HTTP. It uses Secure Sockets Layer (SSL) to provide device authentication and data encryption. HTTPS is required for secure communications with Cisco Network Assistant.
IS-IS MIB
Intermediate System-to-Intermediate System (IS-IS) is a link-state routing protocol designed for use within a single autonomous system and widely deployed as the Interior Gateway Protocol (IGP) of choice by many service providers. The IS-IS MIB enhances monitoring capabilities of network events for the overall state of the network.
NEW CISCO IOS SOFTWARE PACKAGING FOR THE CISCO CATALYST 4900 SERIES
Cisco Systems® announces a new Cisco IOS Software package for the Cisco Catalyst 4900 Series, creating a new foundation for features and functionality, and offering consistency across all Catalyst switches. The new Cisco IOS Software release train is designated as 12.2SG.
Prior Cisco IOS Software images for the Catalyst 4900 Series, formally known as "SMI" and "EMI" images, now map to "IP Base" and "Enterprise Services," respectively. Unless otherwise specified, all currently shipping Catalyst 4900 software features based on Cisco IOS Software are supported in the 12.2(25)SG, IP Base image with a few points to note:
• The IP Base image will not support the following routing related features: BGP, EIGRP, OSPF, IS-IS, IPX, Apple Talk, Virtual Route Forwarding (VRF)-lite, and Policy-Based Routing (PBR)
The Enterprise Services image supports all Catalyst 4900 Series software features based on Cisco IOS Software, including enhanced routing. Table 1 shows a more detailed description of the feature differences between the IP Base and Enterprise Services (ES) images.
Table 1. Feature Comparison for Cisco IOS Software Release 12.2(25)SG IP Base and Enterprise Services
Feature
IP Base Image
Enterprise Services Image
NACv2.0
Yes
Yes
RIP and Static Route
Yes
Yes
EIGRP
No
Yes
EIGRP-Stub
Yes
Yes
OSPF and IS-IS
No
Yes
BGP
No
Yes
VRF-Lite
No
Yes
Apple Talk
No
Yes
IPX
No
Yes
PBR
No
Yes
CISCO IOS SOFTWARE MIGRATION GUIDE
Figure 1 displays the Cisco IOS Software Release 12.2(25)SG plan relative to the 12.2S and 12.1 releases, and identifies the recommended migration path.
Figure 1. Cisco IOS Software Release Plan for the Cisco 4900 Series
Summary of Migration Plan
• Customers requiring the latest Cisco Catalyst 4900 Series hardware and software features should migrate to Cisco IOS Software Release 12.2(25)SG. In the new Cisco IOS Software package, the 12.2EW designation is replaced by 12.2SG. Both software release trains are based on 12.2S release 5.
• Releases 12.2(18)EW and 12.2(25)EWA will continue offering maintenance releases.
• The 12.1 EW train will reach end of sale on October 4, 2005.
• The Cisco IOS Software 12.1E releases will stop at 12.1(26)E2 because of limited hardware and software support.
