Cisco ios 15.0.2-se11 download
Comments powered by CComment. Toggle Navigation. Run this command on the switch and take note of the current image that it has show version Run also the command " dir flash: " to see if there is any other image on the switch from previous upgrades that you need to delete 4. Popular Tags Most read articles.
Articles - Category Cisco. Customizable web authentication enhancement to allow the creation of user-defined pages. MAC move to allow hosts to move across ports on the same switch. DHCP Snooping enhancement for the circuit-id sub-option. Cisco Medianet to enable intelligent services in the network infrastructure for video applications. EEM 3. Auto Smartports Cisco-default and user-defined macros.
Voice aware IEEE Monitoring real-time power consumption on a per-PoE port basis. IEEE Multicast virtual routing and forwarding VRF lite. Stack MAC persistent timer and archive download enhancements. Generic online diagnostics to test the hardware functionality of the supervisor engine. Budgeting power for devices connected to PoE ports. Layer 2 point-to-point tunneling and Layer 2 point-to-point tunneling bypass.
SSL version 3. Software upgrade device manager or Network Assistant only. You should review this section before you begin working with the switch. These are known limitations that will not be fixed, and there is not always a workaround.
Some features might not work as documented, and some features could be affected by recent changes to the switch hardware or software. Unless otherwise noted, these limitations apply to the Catalyst , and , and switches and the Cisco EtherSwitch service modules:. This problem occurs under these conditions:.
The workaround is to reconfigure the static IP address. Change the routed port to a nonrouted port or the reverse. Re-enable auto-QoS on the interface. If the file is manually removed from the file system, the DHCP snooping database does not create another database file.
You need to disable the DHCP snooping database and enable it again to create the database file. No workaround is necessary; these are the designed behaviors. When you enter the show ip arp inspection log privileged EXEC command, the log entries from all switches in the stack are moved to the switch on which you entered the command.
The workaround is to enter the no switchport block unicast interface configuration command on that specific interface. There is no workaround. This is a cosmetic error and does not affect the functionality of the switch. To change the baud rate, reload the Cisco EtherSwitch service module with the bootloader prompt. You can then change the baud rate and change the speed on the TTY line of the router connected to the Cisco EtherSwitch Service module console. The workaround is to configure aggressive UDLD.
The workaround is to always enter a non zero value for the timeout value when you enter the boot host retry timeout timeout-value command. Would you like to enter the initial configuration dialog? This is the correct state. The workaround is to wait for approximately 1 minute after rebooting and until the VLAN 1 interface line status appears on the console before you respond to the query.
CSCsl Catalyst and switches. The workaround is to connect the two ports with a straight-through cable. The workaround is to use the session stack-member-number privileged EXEC command.
The workaround is to disable authorization and accounting or to enter the configuration change for one interface at a time. If the Cisco EtherSwitch service module is in access mode, the workaround is to enter the spanning-tree portfast interface configuration command on the internal Gigabit Ethernet interface.
If the service module is in trunk mode, there is no workaround. If this happens, uneven traffic distribution will happen on EtherChannel ports. Changing the load balance distribution method or changing the number of ports in the EtherChannel can resolve this problem. Use any of these workarounds to improve EtherChannel load balancing:. For example, with load balance configured as dst-ip with distinct incrementing destination IP addresses, and the number of ports in the EtherChannel set to either 2, 4, or 8, load distribution is optimal.
The workaround is to disable fallback bridging or to disable port security on all ports in all VLANs participating in fallback bridging. To remove an interface from a bridge group and to remove the bridge group, use the no bridge-group bridge-group interface configuration command. To disable port security on all ports in all VLANs participating in fallback bridging, use the no switchport port-security interface configuration command.
The workaround is to ensure that the ports on the standby cluster members are not in the spanning-tree blocking state. The workaround is to not set an ARP timeout value lower than seconds. The workaround is to use rate limiting on DHCP traffic to prevent a denial of service attack from occurring. The workaround for networks with pre-standard powered devices is to leave the maximum wattage set at the default value You can also configure the maximum wattage for the port for no less than the value the powered device reports as the power consumption through CDP messages.
For networks with IEEE Class 0, 3, or 4 devices, do not configure the maximum wattage for the port at less than the default The workaround is to enter the power inline never interface configuration command on all the Fast Ethernet ports that are not powered by but are connected to IP phones if the problem persists.
The workaround is to power the access point by using an AC wall adaptor. The workaround is to enable PoE and to configure the switch to recover from the PoE error-disabled state. CiscoWorks is not supported on the Catalyst FS switch. There is no workaround for this problem because non-RPF traffic is continuous in certain topologies.
The workaround is to reduce the number of multicast routes and IGMP snooping groups to less than the maximum supported value. The switchport block multicast interface configuration command is only applicable to non-IP multicast traffic. The workaround is to enter the clear ip mroute privileged EXEC command on the interface. After you configure a switch to join a multicast group by entering the ip igmp join-group group-address interface configuration command, the switch does not receive join packets from the client, and the switch port connected to the client is removed from the IGMP snooping forwarding table.
You should use the power inline never interface configuration command on Cisco EtherSwitch service module ports that are not connected to PoE devices.
To display the total power used by a specific EtherSwitch service module, enter the show power inline command on the router. This output appears:. This is not a problem because the display correctly shows the total used power and the remaining power available on the system.
The workaround is to enter the shutdown and the no shutdown interface configuration commands on the Fast Ethernet interface of a new IP phone that is attached to the service module port after the internal link is brought up. The workaround is to choose compatible buffer sizes and threshold levels. This error message means there is a temporary memory shortage that normally recovers by itself. You can verify that the switch stack has recovered by entering the show cef line user EXEC command and verifying that the line card states are up and sync.
No workaround is required because the problem is self-correcting. The workaround is to change any one of the listed conditions. The workaround is to use an on-demand upgrade to upgrade switches in a stack by entering the vstack download config and vstack download image commands. You should also configure the tar image name instead of the image-list file name in the stored images. The workaround is to use the TFTP utility of another server instead of a Windows server or to manually delete the existing backup file before backing up again.
For clients to upgrade using Smart Install, you should configure product-id specific image and configuration files in the director. The workaround, if you need to configure a switch in a stack with the backup configuration, is to use the vstack download config privileged EXEC command so that the director performs an on-demand upgrade on the client. This is a hardware limitation.
If possible, disable fallback bridging and multicast routing. If possible, use ingress SPAN to observe the same traffic. The workaround is to save the stack configuration before removing or replacing any switch in the stack. Private VLAN is enabled or disabled on a switch stack, depending on whether or not the stack master is running the IP services image or the IP base image:. This occurs after a stack master re-election when the previous stack master was running the IP services image and the new stack master is running the IP base image.
These are the workarounds. Only one of these is necessary:. This is the expected behavior of the offline configuration provisioning feature. The workaround is to copy the bootable image to the parent directory or first directory. The workaround is to assign a lower path cost to the forwarding port.
This can but does not always occur during link flaps and does not last for more than a few milliseconds. No manual intervention is needed. The problem corrects itself within a short interval after the link flap as all the switches in the stack synchronize with the new load-balance configuration. The workaround is to reboot the new member switch. Use the remote command all show run privileged EXEC command to compare the running configurations of the stack members.
The workaround is to check the flash. If it contains many files, remove the unnecessary ones. Check the lost and found directory in flash and if there are many files, delete them.
To check the number of files use the fsck flash: command. You configure a Layer 2 protocol tunnel port on the master switch. You configure a Layer 2 protocol tunnel port on the member switch. You add the port channel to the Layer 2 protocol tunnel port on the master switch.
You add the port channel to the Layer 2 protocol tunnel port on the member switch. After this sequence of steps, the member port might stay suspended. The workaround is to configure the port on the member switch as a Layer 2 protocol tunnel and at the same time also as a port channel. For example:. The workaround is to enter a shutdown interface configuration command followed by a no shutdown command on the port in the blocked state. The workaround it to enter a shutdown and then a no shutdown interface configuration command on the interface.
CSCsx Catalyst switch. CSCth Catalyst and S switches. The workaround is to reduce the number of VLANs or trunks. The workaround is to define another policy-map name for the second-level policy-map with the same configuration to be used for another policy-map. The workaround is to configure the burst interval to more than 1 second. CSCse, Catalyst switches only. The workaround is to enter the switchport access vlan dynamic interface configuration command separately on each port.
The workaround is to click Yes when you are prompted to accept the certificate. Catalyst S switches internally support up to 16 different control plane queues. Each queue is dedicated to handling specific protocol packets and is assigned a priority level. For example, STP, routed, and logged packets are sent to three different control plane queues, which are prioritized in corresponding order, with STP having the highest priority.
Each queue is allocated a certain amount of processing time based on its priority. The processing-time ratio between low-level functions and high-level functions is allocated as 1-to Therefore, the control plane logic dynamically adjusts the CPU utilization to handle high-level management functions as well as punted traffic up to the maximum CPU processing capacity.
Basic control plane functions, such as the CLI, are not overwhelmed by functions such logging or forwarding of packets. If this message appears, check that there is network connectivity between the switch and the ACS. If this happens, enter the no auto qos voip cisco-phone interface command on all interface with this configuration to delete it. Then enter the auto qos voip cisco-phone command on each of these interfaces to reapply the configuration.
From the Settings window, choose Automatically. Click OK to exit the Internet Options window. If you are not using the default method of authentication the enable password , you need to configure the HTTP server interface with the method of authentication used on the switch. Configure the HTTP server interface for the type of authentication that you want to use. The device manager uses the HTTP protocol the default is port 80 and the default method of authentication the enable password to communicate with the switch through any of its Ethernet ports and to allow switch management from a standard web browser.
You should write down the port number through which you are connected. Use care when changing the switch IP information. The Bug Search Tool BST , which is the online successor to Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version.
The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input. To view the details of a caveat listed in this document:.
Enter the bug ID in the Search For: field. Unless otherwise noted, these caveats apply to the Catalyst , , S, and switches and to Cisco EtherSwitch service modules:. Mediatrace does not report statistics on the initiator under these conditions:. The workaround is to ensure that the mediatrace ingress and egress connections are on the stack master or to configure a Catalyst E or X as the stack master and then reload the switch stack.
On a switch stack, when an IP phone connected to a member switch has its MAC address authorized using the critical voice VLAN feature, if a master changeover occurs, the voice traffic is dropped. This occurs because the switch initially drops the voice traffic before reauthenticating critical voice VLAN traffic. The dropped entries are removed when critical voice VLAN authentication occurs. The dropped entries are removed when the IP phone is reauthenticated.
ASP now uses a device classifier, which determines the type of device that is connected to the switch. As a result, ASP has no control over the protocol type that is used to detect the device.
Therefore, the protocol detection controls are deprecated. When you enter the macro auto global control detection command, the protocol does not show up in the running configuration; however, the filter-spec command is shown in the output. To see the deprecated commands, enter the show running config deprecated global and interface configuration command. The workaround is to use the power inline consumption command in interface configuration mode.
In a switch stack, multicast traffic can be lost for up to 60 seconds when the master switch is reloaded. Because the platform does not support multicast non-stop-forwarding NSF , the time before traffic re-convergence after a switchover can vary.
When sampled NetFlow is configured with the command ip flow monitor fm-3 in , the sampler tables are not exported to the collector. The workaround is to use the configuration command ip flow monitor fm-3 sampler s-1 in. While configuring VLAN load balancing using Resilient Ethernet Protocol REP on ether channel interface where bundled interfaces are spread across member stack switches, the MAC address flaps when the ether channel state changes from open to alternate.
A switch stack of Catalyst v2 switches with more than five members may exhaust system memory and become inoperable. The workaround is to limit stacks to five members or fewer.
After you upgrade the switch to The workaround is to limit the memory that is used by different features on the switch, if this release is required. You can reduce memory usage by minimizing the number of trunk ports and VLANs in use on the switch. When a configured macro runs twice in quick succession by the ASP, the following traceback may be seen. In such cases, macros need to run at least twice in quick succession. The above traceback is not harmful but is expected.
The switch experiences continuous traceback and CPU hog when you configure the scheduler max-task-time command. The workaround is to disable the scheduler configuration. Use the Bug Search Toolkit to view the details of a caveat listed in this section. Switch crashes after getnext on the last cafServerAliveAction index. When enable ip source guard, a part of the clients cannot communicate. IPv6 neighbor discovery packet processing behavior. Switch fails while copying a configuration file to running-config using RCP.
No warning message when switch configures "ip tcp adjust-mss". Shutdown is displayed with linkup channel member port on show run. Broadcast packet does not send when port channel changes to normal port. Cannot apply REP config under portchannel after initial boot up. No simulated EAP success message to the client for credential failure.
CX responds to ARP request from management port. Members in a cluster unable to save configuration in IOS EEM Tcl policies fail due to false out of memory error. Unicast EAP frames with EtherType e are not getting forwarded in switches installed with new releases. Inconsistency in config privilege commands as seen in running-config.
Abnormal dot1x authentication failure msg from some specific mac address. Switch sent Failure packet after reboot and caused PC to fail authenticate.
Any group specific query with a router alert option drops. IPv6 mld traffic causes high CPU utilization on the switch. A phone connected to a port with EnergyWise activitycheck configured, switches off even though there is an active call.
Telnet sessions that are incompletely established may not time out after a period of inactivity, leading to eventual exhaustion of available VTY lines. It needs to be manually cleared via clear tcp only clear line does not work. The workaround is that it needs to be manually cleared via clear tcp tcb 0xXXXX only clear line does not work. The process Kron CLI Process show tech-support password redirect tftp crashes because of memory corruption.
The configuration is as show below:. When rsh command constructs are used within Tclscript, Tcl fails to send the router hostname which causes the rsh command constructs to fail authorization to a remote router. An EEM script that executes on a syslog event causes the Cisco router to fail with the following error message. Exception to IOS Thread:. It seems that the switch has picked up interface Fa1 macaddress as its engineID. FastEthernet1 is down, line protocol is down. Hardware is RP management port, address is The workaround is to manually configure snmp engineID from cli.
When a 1 gig sfp is inserted in a fuller stack with sierra as master, running the sh inventory command does not display the inserted sfp details of the member switch. Topology used is stack with sierra as master and fuller as member both are 48 ports. The Privilege commands are not appearing in the configuration of a Catalyst switch.
When you enter the privilege interface level 3 switchport port-security mac-address sticky command and save the configuration, the command is not visible in neither the startup configuration nor the running configuration. However, privilege level 3 users can view the command and can use it. If you reload the switch, the command is still is not visible in the configuration and also becomes unavailable to the privilege level 3 users.
The workaround is to use the aaa authorization global configuration command to access the commands available for a particular user from the AAA server. The workaround is to disable https secure communication and use http for HTTP requests.
On the Cisco enhanced EtherSwitch service module SM-ESP , running the logging source-interface command, does not set the source interface for syslog messages sent to a syslog server. In a Catalyst X switch stack, the switches experience a slow performance with the following message. Sometimes the switch stops responding and is not recovered until power cycling. You may also observe the following messages when the problem occurs.
Disabling linecard. Expected during linecard OIR. The issue is observed in switches running It also includes The workaround is to configure a longer logging interval. For example,. If the issue persists after setting a longer logging interval, you must power cycle the switch. In a switch stack consisting of Catalyst S switches running This issue is observed when the number of member ports is higher than 4. The workaround is to configure the missing MAC addresses manually.
A change in the behaviour of DHCP client is observed between The output is as shown:. When trying to remove the macros by running the command " no macro auto global processing ", the CPU comes back to normal but the master switch crashes. The workaround is to reload the stack. The CPU remains low for a while. Removing the macros at this time does not cause the master switch to crash. After system reload, ip ssh source-interface shows in startup-config but disappears from.
This is seen in both the scenarios as mentioned below. When around Vlans are configured on a switch running IOS The issue is not seen on switches running IOS The workaround is to disable the device sensor as no macro auto monitor. Designated port on the Root Bridge experiences a block forward for 30 seconds. This issue occurs because the message-time the period of time a packet is alive in the network is almost equal to max-age the period of time a packet is allowed to stay in the network.
The CDP neighbor devices are discovered initially on the Gi0 interface of the AP and then after a few seconds, the neighbour devices are discovered on the main interface and the sub-interface Gi0 and Gi0. The workaround is to disable LLDP on the switch interface.
When port-security is configured on all ports and when the end host is moved, the mac address table is out of sync. When a PC with The Switch deletes running It makes authentication process fail on the machines which can only complete it in first run. Click OK to exit the Internet Options window.
Configure the HTTP server interface for the type of authentication that you want to use. You should write down the port number through which you are connected. Use care when changing the switch IP information. If you are not using the default method of authentication the enable password , you need to configure the HTTP server interface with the method of authentication used on the switch.
If you use Internet Explorer Version 5. Otherwise, you cannot launch the device manager. The Bug Search Tool BST , which is the online successor to Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat listed in this document:. Enter the bug ID in the Search For: field. When you make port security changes on an interface, such as configuring aging time, violations, or aging type, error messages and tracebacks might appear. Use the Bug Search Toolkit to view the details of a caveat listed in this section.
Switch crashes after getnext on the last cafServerAliveAction index. When enable ip source guard, a part of the clients cannot communicate. Switch fails while copying a configuration file to running-config using RCP.
No warning message when switch configures "ip tcp adjust-mss". Broadcast packet does not send when port channel changes to normal port. Cannot apply REP config under portchannel after initial boot up. No simulated EAP success message to the client for credential failure. CX responds to ARP request from management port. Members in a cluster unable to save configuration in IOS Switch sent Failure packet after reboot and caused PC to fail authenticate.
Inconsistency on config "privilege" commands as seen in running-config. EEM Tcl policies fail due to false out of memory error. Designated port on the Root Bridge experiences a block forward for 30 seconds. This issue occurs because the message-time the period of time a packet is alive in the network is almost equal to max-age the period of time a packet is allowed to stay in the network.
The LST downstream interfaces flap continually while the upstream interfaces remain stable. The workaround is to disable Link State Tracking on the switch. Due to a timing issue, the port channel member port on the slave switch of the stack loops during boot up. The issue occurs only on the member port that is configured as the first port in a cross-stack EtherChannel configuration and when Nexus devices are connected to Cisco devices.
Due to Link Aggregation Control Protocol LACP graceful convergence, when both the devices are up and in sync S state, Cisco devices start transmitting even before the devices get onto collecting C state.
This causes the port to be pulled down by the Nexus devices. When this happens during boot up, the EtherChannel hardware programming for the port is cleared even when the port is bundled in the port-channel. An interface configured with no logging event link-status command, fails to change its state from disabled to enabled when you run the logging event link-status command along with the switchport command.
The workaround is to configure the enable secret command on an IOS device without Type 4 support, copy the resulting Type 5 password, and paste it into the appropriate command on the upgraded IOS device. When VTp mode is set to transparent and vlan. The workaround is to set the vtp mode to server or client. A switch configured with login quiet-mode resets when you enter the login block-for or no login block-for commands. To avoid a reset, do not enter the login block or no login block-for command.
A memory leak is observed when configuring VLANs using tclsh mode. The workaround is to make the tclsh mode interactive to avoid any memory leak. After rebooting the switch, the Ethernet management port Fa0 goes to half-duplex mode and might display the following CDP warning message. The show interface command output indicates that the interface goes to half-duplex mode but there is no late collision counter or packet impact observed.
The workaround is to use the no cdp run command on the switch. When the privilege exec level 5 show mac address-table interface gigabitethernet privileged EXEC command is entered, all interfaces in the switch have the command applied to the running configuration. The workaround is to either disable multicast fast convergence or configure IGMP version 3 on switch virtual interface.
Topology Change Notification TCN occurs over the network when a new stack member is added to the switch stack. The workaround is to check if the displayed VLANs are internal and then to hide them. The workaround is to implement SNMP view using the following commands:. As a result, egress traffic to another router on an SSH connection is blocked. The workaround is to apply protocol filters to the device sensor output by entering the following global configuration commands:.
STP loop occurs on Flexstack connected by parallel links when a link state is changed on Flexlink port. The workaround is to change the switch to root bridge. The configuration recovers automatically. When native VLAN is configured on the trunk or when switchport trunk native vlan 99 is configured on the interface, spanning-tree instance is not created for native VLAN.
The workaround is to keep VLAN1 as a native on the trunk. To disable dot1x internally, run the no macro auto monitor command. The stp instance is created for native vlan 99 after running the show and no show command on the interface.
When the secret password is configured, the password is not saved. The default password is used as the secret password.
The workaround is to use the default password to login and then change the password. When two traps are generated by two separate processes, the switch fails if one process is suspended while the other process updates variables used by the first process. If a redundant power supply RSP switchover occurs during a bulk configuration synchronization, some of the line configurations might disappear. The workaround is to reapply the line configurations.
The show ip dhcp pool command displays a large number of leased addresses. The workaround is to turn off ip dhcp remember and reload the switch. The secure copy feature copy: source-filename scp: destination-filename command does not work. The show switch chassis management command incorrectly displays all slot numbers as 0. When the master switch Switch A is reloaded or loses power and rejoins the stack as a member switch, any traffic stream that exits Switch A is dropped because the newly joined member is not able to establish an Address Resolution Protocol ARP entry for the next hop router or switch.
The workaround is to add a static ARP. Local web authorization and HTTP services on the switch do not respond because of a web authorization resource limitation in the system. These are possible workarounds and are not guaranteed to solve the problem:. Heavy traffic load conditions may cause the loop guard protection function to be automatically activated and almost immediately deactivated. These conditions can be caused by entering the shutdown and no shutdown interface configuration commands or by interface link flaps on more than forty ports.
These log messages appear:. This leads to a convergence time of more than 5 seconds. The problem appears under these conditions:. This problem has been fixed now. No action is required. When you configure and save the monitor session source interface, the configuration is not saved after reboot. If an interface is configured with the switchport port-security maximum 1 vlan command, the following error message is displayed:. The flash memory is corrupted when you format the flash manually.
The workaround is to reload the switch. If the Performance Monitor cache is displayed using the show performance monitor cache command and you attempt to stop the command output display by entering the q keyword, there is an unusually long delay before the output is stopped.
The workaround is to enter the term len 0 privileged EXEC command so that all command outputs are displayed without any breaks.
In a switch stack, you cannot establish a console session with a member switch when an ACL is applied to the VTY lines.
The workaround is to use the following procedure when you apply an ACL to line vty 0 4 and line vty 5 Create the vty ACL and permit the network. Append the vrf-also keyword to the configured access-class inbound.
When a device is moved from one port to another in a switch stack, the SNMP data generated for the move event is incorrect. Users connecting to the network through a device configured for web proxy authentication may experience a web authentication failure. Using the dot1x default command on a port disables access control on the port and resets the values of the authentication host-mode and authentication timer reauthenticate commands to the default values.
The workaround is to avoid using the dot1x default command and set various dot1x parameters individually. You can also reconfigure the parameters that were changed after you entered the dot1x default command.
When using the switchport port-security maximum 1 vlan access command, if an IP-phone with a personal computer connected to it is connected to an access port with port security, a security violation will occur on the interface.
This type of message is displayed on the console:. The workaround is to remove the line switchport port-security maximum 1 vlan access. The switch does not correctly detect a loopback when the switch port on an authenticated IP phone is looped to a port configured and authenticated with dot1x security, even when bpduguard is configured on the interface.
This situation can result in percent CPU utilization and degraded switch performance. The workaround is to configure the interface with the authentication open command or to configure authentication mac-move permit on the switch.
The workaround is to save the configuration and reload the switch.