Cisco Software Activation and Compatibility Document

Cisco Software Activation and Compatibility
Document
August 10, 2007
This document describes the Cisco software activation process and the feature compatibility of Catalyst
switches. Use this document with the Catalyst 3750-E, 3750, 3560-E, and 3560 switches.
For more information, see these documents on Cisco.com:
•
Getting Started with Cisco License Manager 1.0 on Windows XP
•
Cisco License Manager online help
•
API Reference Guide for Cisco License Manager on Windows XP
•
Catalyst 3750-E and 3560-E switch software documents (software configuration guide, command
reference, and system message guide)
•
Catalyst 3750 switch software documents
•
Catalyst 3560 switch software documents
For a complete list of documents, see the “Related Publications” section on page 20.
The document has this information:
•
Software Activation, page 2
•
Feature Compatibility, page 12
•
Configuration Guidelines in Mixed Hardware Switch Stacks, page 19
•
Related Publications, page 20
•
Obtaining Documentation, Obtaining Support, and Security Guidelines, page 22
Americas Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2007 Cisco Systems, Inc. All rights reserved.
Software Activation
Software Activation
Catalyst 3750-E and 3560-E switches run the universal software image that has the Cisco IOS code for
multiple feature sets. To enable a specific feature set, you must use the software activation feature to
install the software license for that feature set. With software activation, you can
Note
•
Get a product activation key (PAK).
•
Generate a software license.
•
Install the license on your switch.
•
Enable a feature set.
•
Upgrade a feature set.
Catalyst 3750 and 3560 switches run feature-specific software releases and do not support software
activation.
Catalyst 3750-E and 3560-E switches support either the noncryptographic or the cryptographic universal
software image.
This section has this information:
Note
•
Feature Sets, page 2
•
Understanding Software Licenses, page 3
•
Displaying Software License Information, page 4
•
Getting Software Licenses, page 6
•
Installing and Managing Software Licenses, page 7
•
Software Activation in Mixed Hardware Stacks, page 12
To connect your management station or PC to the Cisco Product License Registration Portal, use a file
transfer protocol such as the Xmodem Protocol or TFTP.
If you are connecting your PC to the Cisco License Manager server, you do not need to use one of these
protocols.
Feature Sets
Catalyst 3750-E and 3560-E switches support these feature sets:
•
IP base
•
IP services
•
Advanced IP service
The software licenses are not affected by Cisco IOS software upgrades.
Catalyst 3750-E and 3560-E switches are backward-compatible with Catalyst 3750 and 3560 switches.
For detailed information about the feature compatibility between the switches, see the “Feature
Compatibility” section on page 12.
Cisco Software Activation and Compatibility Document
2
OL-11445-02
Software Activation
Table 1 has this information:
•
Features sets supported on Catalyst 3750-E and 3560-E switches
•
Software images supported on Catalyst 3750 and 3560 switches
The feature sets and the software images have the same name for a specific feature combination.
Table 1
Supported Feature Combinations
Feature Combination
Feature Set on the Catalyst 3750-E
and 3560-E Switches
Software Image on the Catalyst 3750
and 3560 Switches
Layer 2+, basic Layer 3 routing
IP base, noncryptographic
IP base, noncryptographic
Layer 2+ and basic Layer 3 routing,
Kerberos, SSH1, and SSL2
IP base, cryptographic
IP base, cryptographic
Layer 2+ and full Layer 3 routing
IP services, noncryptographic
IP services, noncryptographic
Layer 2+ and full Layer 3 routing,
Kerberos, SSH, and SSL
IP services, cryptographic
IP services, cryptographic
Layer 2+, Layer 3 routing, and unicast Advanced IP services, noncryptographic
routing of IPv63 packets
Advanced IP services, noncryptographic
Layer 2+, Layer 3 routing, unicast
routing of IPv6 packets, Kerberos,
SSH, and SSL
Advanced IP services, cryptographic
Advanced IP services, cryptographic
1. SSH = Secure Shell
2. SSL = Secure Socket Layer
3. IPv6 = IP Version 6
Understanding Software Licenses
A software license applies only to a specific feature set. A Catalyst 3750-E or 3560-E switch can have
more than one software license, but you can enable only one license at a time.
The software license is node-locked because the software license is bound to the unique device identifier
(UDI) of the switch and can only be used on that switch.
If more than one software license is installed on the switch, it uses this hierarchy to determine the first
software license to locate in the flash memory and install:
1.
Advanced IP services
2.
IP services
3.
IP base
If all three licenses are installed on the switch, the switch uses the highest license level, the advanced IP
services feature set. If you want to run the IP base feature set, remove the IP services and advanced IP
services licenses from the switch.
To display software license information, see the “Displaying Software License Information” section on
page 4.
To get a software license, use Cisco License Manager or the Cisco Product License Registration Portal.
For more information, see the “Getting Software Licenses” section on page 6.
Cisco Software Activation and Compatibility Document
OL-11445-02
3
Software Activation
To install and manage software licenses, you can use Cisco License Manager or the command-line
interface (CLI). For more information, see “Installing and Managing Software Licenses” section on
page 7
Displaying Software License Information
To display information about the software licenses on your switch, use one of these methods:
•
Use Cisco License Manager to view license and device information. In the GUI, the discovery and
polling features collect all the license and device information that appears in the Properties window.
For detailed instructions, see the Cisco License Manager online help.
•
Use the Cisco IOS privileged EXEC commands in Table 2.
Table 2
Commands for Displaying Software License Information
Command
Description
show boot
Displays the settings of the boot environment variables.
For information about this command, including examples of
command output, see the Catalyst 3750-E and 3560-E Switch
Command Reference on Cisco.com.
show license {all [switch switch-num]
| detail [feature-name | switch switchnum] | feature [switch switch-num] |
file [switch switch-num] | handle
[switch switch-num] | parser-schema
| status [switch switch-num] | udi
[switch switch-num]}
Displays information about the software license.
show running-config
Displays the running configuration of the switch, including
the enabled license level.
For information about the show license privileged EXEC
command, see the Cisco IOS Software Licensing feature
module at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/prod
ucts_feature_guide09186a00807afa10.html
For more information about this command, see the Cisco IOS
Configuration Fundamentals Command Reference,
Release 12.2 on Cisco.com.
show version
Displays the software licenses installed on the switch.
For information about this command, including examples of
command output, see the Catalyst 3750-E and 3560-E Switch
Command Reference on Cisco.com.
This is an example of output from the show license feature command:
Switch# show license feature
Feature name
ipbase
ipservices
advipservices
Enforcement
yes
yes
yes
Evaluation
no
no
no
Clear Allowed
yes
yes
yes
This is an example of output from the show license file command:
Switch# show license file
License Store: lic0:/lservrc.pri
Store Index: 0
License: 11 ipservices 1.0 LONG NORMAL STANDALONE EXCL INFINITE_KEYS INFIN
ITE_KEYS NEVER NEVER NiL SLM_CODE CL_ND_LCK NiL *1R7FY2PFGBEL9M74
Cisco Software Activation and Compatibility Document
4
OL-11445-02
Software Activation
00 NiL NiL NiL 5_MINS <UDI><PID>BULLSEYE48POE</PID><SN>CAT1008R02
A</SN></UDI> tnSWnPZxwYPkEqJ01TcfVofG1GfPB7Y3rMXneLTtuzfrfLXoDgOu
e0f8S3WFyhj2L8Oh8n:DBajOjZJJUg012hLfDp,Q3cdh9EGolKiss:NK380QKiAt0
BpyuCvcsq,598fP$<WLC>AQEBIUAB//+nU1Xfo9tsJpLBUKsG8bLvjsEmFtDBmuMZ
8ukHbX394cW2VQj17abm7F/Fbtd4ccocqvPiAmWSaEmUT56rstk6gvmj+EQKRfD9A
0ime1czrdKxfILT0LaXT416nwmfp92Tya6vIQ4FnlBdqJ1sMzXeSq8PmVcTU9A4o9
hil9vKur8N9F885D9GVF0bJHciT5M=</WLC>
Comment:
Hash: 1EKMNYlLbonNpEXlXMC2SXigF9Q=
This is an example of output from the show license status command:
Switch# show license status
Administrative status
Install success count: 0
Install failure count: 0
Install duplicate count: 0
Comment add count: 0
Comment delete count: 0
Clear count: 0
Save count: 0
Save cred count: 0
Client status
Request success count 1
Request failure count 2
Release count 0
Global Notify count 2
This is an example of output from the show license udi command for a Catalyst 3750-E-only switch
stack:
Switch# show license udi
Device#
PID
SN
UDI
----------------------------------------------------------------------------*2
WS-C3750E-48PD-S
CAT1033R1XU
WS-C3750E-48PD-S:CAT1033R1XU
5
WS-C3750E-48PD-S
CAT1033R1KF
WS-C3750E-48PD-S:CAT1033R1KF
In a mixed hardware stack, the show license udi command output shows only the Catalyst 3750-E UDIs
because only the Catalyst 3750-E members support the software activation process. For example, in a
mixed hardware stack with a Catalyst 3750 switch as the stack master and a Catalyst 3750-E switch as
the stack member, this output appears when you enter the show switch privileged EXEC command on
the Catalyst 3750 stack master:
Switch# show switch
Switch/Stack Mac Address : 0012.7f43.b680
H/W
Current
Switch# Role
Mac Address
Priority Version State
---------------------------------------------------------1
Member 0012.8092.2900
9
1
Ready
*3
Master 0012.7f43.b680
1
0
Ready
When you enter the show license udi command on the Catalyst 3750 stack master, this output appears
for all the stack members that support software activation:
Switch# show license udi
Device#
PID
SN
UDI
----------------------------------------------------------------------------1
WS-C3750E-24TD-EF
CAT1007R02W
WS-C3750E-24TD-EF:CAT1007R02W
Cisco Software Activation and Compatibility Document
OL-11445-02
5
Software Activation
This is an example of output from the show license udi switch 1 command on the stack master, which
shows that the UDI is for the local switch, switch 1:
Switch# show license udi switch 1
Device#
PID
SN
UDI
----------------------------------------------------------------------------*1
WS-C3750E-24TD-EF
CAT1007R02W
WS-C3750E-24TD-EF:CAT1007R02W
If you enter the show license udi switch 3 command on the stack master, this output appears for all of
the stack members that support software activation. It is the same as the show license udi command
output:
Switch# show license udi switch 3
Device#
PID
SN
UDI
----------------------------------------------------------------------------1
WS-C3750E-24TD-EF
CAT1007R02W
WS-C3750E-24TD-EF:CAT1007R02W
If a mixed hardware stack has a Catalyst 3750 member switch, this is an example of output when you
enter the show license udi command on a Catalyst 3750 member:
Switch# show license udi switch 5
% Slot 5 does not exist or is not licensable
Getting Software Licenses
When you order a new switch, you specify the software image and feature set that you want. They are
already installed on your switch, so you do not need to purchase a software license.
However, if you want an existing switch to run a different feature set, you need to purchase the software
license for that feature set by getting a PAK and using one of these methods:
•
Cisco License Manager, page 6
•
Cisco Product License Registration Portal, page 7
The switch stores the software license file on the flash memory.
Cisco License Manager
With Cisco License Manager, you can perform these tasks from one application:
•
Automatically discover your network switches that use software licenses.
•
Purchase and register software licenses through Cisco.com.
•
Install the licenses.
•
Track the software license status in your network.
Use the Cisco License Manager GUI to perform all of these licensing tasks. You can also use the Cisco
License Manager application programming interface (API) to write programs for your specific licensing
tasks.
Cisco License Manager runs on Windows XP and uses Java to connect to Cisco.com and to Cisco
devices. For information about downloading the free Cisco License Manager Client and Server
applications or about ordering the optional Cisco License Manager software development kit (SDK), go
to this URL:
http://www.cisco.com/go/clm
Cisco Software Activation and Compatibility Document
6
OL-11445-02
Software Activation
Cisco License Manager supports devices running either the cryptographic or noncryptographic universal
software images. If your switch runs the cryptographic software image, your switch needs a device
certificate to communicate with the Cisco License Manager server. For more information, see these
documents on Cisco.com:
•
Getting Started with Cisco License Manager for Windows XP guide
•
“HTTPS - HTTP Server and Client with SSL 3.0” feature description for Cisco IOS
Release 12.2(15)T at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a008015a
4c6.html
Cisco Product License Registration Portal
Use the Cisco Product License Registration Portal to purchase a software license.
Follow these steps to get a PAK and to get a software license for a specific feature set:
1.
After deciding the feature set that you want, get the appropriate PAK.
2.
Go to the Cisco Product License Registration Portal at this URL:
https://tools.cisco.com/SWIFT/Licensing/PrivateRegistrationServlet
3.
Use the PAK and the switch UDI to create a software license.
4.
The software license is e-mailed to you.
5.
Repeat Step 1 to Step 3 get more licenses.
Installing and Managing Software Licenses
Depending on how you get the software licenses, use one of methods to install and manage the licenses
on your switch:
•
Using Cisco License Manager, page 7
•
Using Cisco Product License Registration Portal and Cisco IOS CLI, page 8
Using Cisco License Manager
Use Cisco License Manager to install and manage software licenses on the switch, regardless of the
method from which you obtain them (Cisco License Manager or the Cisco Product License Registration
Portal). After the software license is installed and the switch restarts, the switch enables the feature set.
Note
The Cisco License Manager documentation refers to SSL-enabled devices that are the same as switches
running the cryptographic software image in the Catalyst switch documentation.
Follow these guidelines when using Cisco License Manager:
•
Cisco License Manager only runs on a server with Windows XP.
•
Firewalls are not allowed between the Cisco License Manager server and a GUI client.
•
For device notification to be successful, ensure that the Cisco License Manager hostname exists in
the Domain Name Service (DNS) or that the device has the Cisco License Manager hostname and
IP address configured to receive messages.
Cisco Software Activation and Compatibility Document
OL-11445-02
7
Software Activation
•
Configure your switch to allow Cisco License Manager to manage software licenses by using the ip
http server, license agent listener, and ip http authentication privileged EXEC commands. For a
summary of these commands, see the Getting Started with Cisco License Manager on Windows XP
guide. For detailed instructions about enabling Cisco License Agent on your device, see the Cisco
License Agent documentation.
•
Make sure that there is a valid connection from the Cisco License Manager server to Cisco.com.
For additional requirements and guidelines, see the Getting Started with Cisco License Manager for
Windows XP guide on Cisco.com.
Using Cisco Product License Registration Portal and Cisco IOS CLI
If you get a software license from the Cisco Product License Registration Portal, you can use the
command-line interface (CLI) commands to perform these tasks:
Note
1.
Install a software license and restart the switch. The switch then enables the feature set.
2.
Manage the software licenses on the switch.
For information about the license and show license privileged EXEC commands, see the Cisco IOS
Software Licensing feature module at this URL:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products_feature_guide09186a00807afa10.
html
Installing a Software License
Beginning in privileged EXEC mode, follow these steps to install a software license and to restart the
switch.
Command
Purpose
Step 1
Get the software license as described in the “Using Cisco
Product License Registration Portal and Cisco IOS CLI”
section on page 8.
Step 2
Log in to the switch through the console port, the Ethernet
management port, or a Telnet session.
Cisco Software Activation and Compatibility Document
8
OL-11445-02
Software Activation
Step 3
Command
Purpose
license install file-sys:file-sys//lic-location
Install a software license file on the switch.
Use the file-sys:file-sys//lic-location parameter to specify the
location of the software license file on the switch. The
filename is license-file.xml. These options are supported:
•
Local flash file system syntax on a standalone
Catalyst 3560-E switch:
flash:
Local flash file system syntax on a Catalyst 3750-E
standalone switch or stack member:
flash member-number:
The member-number can be from 1 to 9.
•
FTP syntax:
ftp:[[//username[:password]@location]/directory]/
license-file.xml
•
HTTP server syntax:
http://[[username:password]@]{hostname |
host-ip}[/directory]/license-file.xml
•
Secure HTTP server syntax:
https://[[username:password]@]{hostname |
host-ip}[/directory]/license-file.xml
•
Null destination for copies syntax:
null:
•
NVRAM file system syntax:
nvram:
•
Remote Copy Protocol (RCP) syntax:
rcp:[[//username@location]/directory]/license-file.xml
•
System memory syntax:
system:
•
TFTP syntax:
tftp:[[//location]/directory]/license-file.xml
Repeat this step when installing more than one software
license.
Cisco Software Activation and Compatibility Document
OL-11445-02
9
Software Activation
Step 4
Command
Purpose
show license {all [switch switch-num] | detail
[feature-name | switch switch- num] | feature
[switch switch-num] | file [switch switch-num] |
handle [switch switch-num] | parser-schema |
status [switch switch-num] | udi [switch
switch-num]}
Verify the information about the software licenses on the
switch.
You can enter one of these options:
•
all—All of the software license information.
•
detail—Detailed software license information.
•
file—Information about the software image files.
•
status—Status of the software license.
•
udi—Switch UDI information.
(Optional) These parameters are optional:
•
feature-name—Name of the feature.
•
switch switch-num—Stack member number. This
parameter is supported only on Catalyst 3750-E
switches.
The command output shows the software licenses that
are installed on the switch but does not show any
feature set that has not yet been enabled.
Note
Step 5
show license agent {counters | schema | session}
(Optional) Display the information about the software license
agent.
You can enter one of these options:
Step 6
•
counters—License-agent statistic counters.
•
schema—XML schema information related to the
license agent.
•
session—Session information related to the license
agent.
Restart the switch.
The switch enables the feature set.
Step 7
show running-config
Verify that the feature set is enabled on the switch.
or
Step 8
show version
Display the software licenses installed on the switch.
copy running-config
(Optional) Save your entries in the configuration file.
Managing the Software Licenses on the Switch
You can perform any of these tasks:
•
Backing up and saving software license information— Enter the license save {credential url | url}
privileged EXEC command.
– Use the credential url parameter to save the device credential information and to specify the
URL to which the information is saved.
– Use the url parameter to specify the URL of the software image.
Cisco Software Activation and Compatibility Document
10
OL-11445-02
Software Activation
•
Removing the software license information from the switch—Enter the license clear feature-name
switch switch-num privileged EXEC command.
– Use the feature-name parameter to specify the feature set to be removed.
– Use the switch-num parameter to specify the stack member. The switch switch-num option is
supported only on Catalyst 3750-E switches.
•
Recovering from a corrupt license
– If you use Cisco License Manager, reinstall the license.
– If you use an application other than Cisco License Manager, re-install an uncorrupted version
of the license on the switch.
•
Displaying software license information—See the “Displaying Software License Information”
section on page 4.
Example
After you get a software license from the Cisco Product License Registration Portal, this example shows
how to use TFTP to install the license on a switch:
Switch# copy tftp flash:
Address or name of remote host [ ]? 10.0.0.1
Source filename [ ]? license_name-ips
Destination filename [license_name-ips]?
Accessing tftp://172.20.244.138/r1fs-ips...
Loading license_name-ips from 172.20.244.138 (via GigabitEthernet1/0/1): !
[OK - 1161 bytes]
1161 bytes copied in 0.059 secs (19678 bytes/sec)
If you enter the show flash: privileged EXEC command, the command output shows that the software
license file is in the flash memory but that the feature set is not enabled.
Switch# license install flash: license_name-ips
Installing licenses from "flash: license_name-ips "
Installing...Feature:ipservices...Successful:Supported
1/1 licenses were successfully installed
0/1 licenses were existing licenses
0/1 licenses were failed to install
Switch#
19:46:56: %IOS_LICENSE_IMAGE_APPLICATION-6-LICENSE_LEVEL: Next reboot level = ipservices
and License = ipservices
Restart the switch to enable the feature set.
Cisco Software Activation and Compatibility Document
OL-11445-02
11
Feature Compatibility
Software Activation in Mixed Hardware Stacks
Even though the Catalyst 3750 switch does not support software activation, the Catalyst 3750 master in
a mixed hardware stack supports the software license administration and management functions.
We recommend that all stack members run Cisco IOS Release 12.2(35)SE or later. The stack members
are then fully compatible, and the interface-specific settings of the stack master are saved if the stack
master is replaced without saving the running configuration to the startup configuration.
When you upgrade the Catalyst 3750-E universal software image in the stack, all stack members
automatically get the copies of the Catalyst 3750-E software image and the Catalyst 3750
feature-specific image. During the upgrade, these actions occur automatically:
•
On a Catalyst 3750-E member, the software images are copied to the switch, and the switch enables
the appropriate feature set.
•
On a Catalyst 3750 member, the software images are copied to the switch, and the switch uses the
feature-specific image that corresponds with the enabled feature set on the Catalyst 3750-E member.
Make sure that the Catalyst 3750 members have enough flash memory to store both images. For instance,
only Catalyst 3750 switches with 32 MB of flash memory (such as the Catalyst 3750G-48TS switch)
have enough. If a member switch does not have enough flash memory, the upgrade process stops, and an
error message appears.
When archiving (uploading and downloading) software images in a mixed hardware stack, you can
specify multiple software images. For example, to download the two image files from the TFTP server
to the switch, enter the archive download-sw /directory tftp://10.1.1.10/
c3750-ipservices-tar.122-35.SE1.tar c3750e-universal-tar.122-35.SE2.tar privileged EXEC
command.
For more information about working with software images, see the “Working with Software Images”
section in the Catalyst 3750-E and 3750 switch software configuration guides and the archive
commands in the Catalyst 3750-E and 3750 switch command references.
Feature Compatibility
Unless otherwise noted, the features on Catalyst 3750-E, 3750, 3560-E, and 3560 switches are the same
except for the information in this section. Table 3 on page 13 describes the feature behavior differences
between these switches.
Only the Catalyst 3750-E and 3560-E switches support these features:
•
Power monitoring and power policing on Power over Ethernet (PoE) ports
For more information, see the “Power Monitoring and Power Policing” section in the “Configuring
Interface Characteristics” chapter of the Catalyst 3750-E and 3560-E Switch Software Configuration
Guide.
•
On-board failure logging (OBFL)
For more information, see the “Using On-Board Failure Logging” section in the “Troubleshooting”
chapter of the Catalyst 3750-E and 3560-E Switch Software Configuration Guide.
Cisco Software Activation and Compatibility Document
12
OL-11445-02
Feature Compatibility
•
Ethernet management ports
For more information, see the “Ethernet Management Port” section in the “Configuring Interface
Characteristics” chapter of the Catalyst 3750-E and 3560-E Switch Software Configuration Guide.
•
Support for universal software images and the software activation feature.
For more information, see the “Software Activation” section on page 2.
Table 3
Feature Behavior Differences
Feature
Fallback bridging
Catalyst 3750-E and 3560-E
Switches
Catalyst 3750 and 3560 Switches
The switch stores the MAC
addresses of the bridge group
and of the VLAN associated with
the SVI as two separate entries
in the bridge-group MAC
address table.
A Catalyst 3750-E member
The switch stores the MAC
address of the bridge group and behaves like a Catalyst 3750
of the VLAN associated with the member.
SVI as one entry in the
bridge-group MAC address
table.
When fallback bridging is
enabled, the switch uses only
half of the feature resources
allowed by the configured SDM1
template to store MAC
addresses.
When fallback bridging is
enabled, the switch can use all of
the feature resources allowed by
the configured SDM template.
Mixed Hardware Stacks
Because of collisions, the switch
might not be able to store a few
MAC address table entries even
if it has free hardware memory.
HSRP
The switch supports up to
32 unique HSRP groups.
When you specify the same
group number for multiple
VLANs or router interfaces, the
switch creates one hardware
entry per HSRP group number.
IGMP
A multicast packet is unmatched
when the destination IPv4
address does not match the
destination MAC address. The
unmatched multicast packet is
forwarded in hardware.
The switch supports up to
32 HSRP groups regardless of
the group number.
When you specify the same
group number for multiple
VLANs or router interfaces, the
switch creates a hardware entry
for each VLAN or interface.
Some HSRP groups might have
the same group number
associated with different VLANs
or router interfaces.
The unmatched multicast packet
is forwarded in software, which
might cause high CPU
utilization.
A Catalyst 3750-E member
behaves like a Catalyst 3750
member. If the Catalyst 3750-E
member has an HSRP
configuration that the
Catalyst 3750 member does not
support, the stack discards the
HSRP configuration.
If you add a Catalyst 3750 switch
as a member in a
Catalyst 3750-E-only stack, the
switch enters mismatch mode.
If a Catalyst 3750 member
receives an unmatched multicast
packet, the switch forwards the
packet in software.
If a Catalyst 3750-E member
receives an unmatched multicast
packet, the switch forwards the
packet in hardware.
Cisco Software Activation and Compatibility Document
OL-11445-02
13
Feature Compatibility
Table 3
Feature Behavior Differences (continued)
Catalyst 3750-E and 3560-E
Switches
Feature
IP multicast routing
Catalyst 3750 and 3560 Switches
Mixed Hardware Stacks
A multicast packet is unmatched
when the destination IPv4
address does not match the
destination MAC address. The
unmatched multicast packet is
forwarded in hardware.
The unmatched multicast packet
is forwarded in software, which
might cause high CPU
utilization.
If a Catalyst 3750 member
receives an unmatched multicast
packet, the switch forwards the
packet in software.
You can configure the PIM 2
version and enable the PIM
mode on the Layer 3 interface on
which multicast routing is
enabled.
For all SDM templates, the
switch supports up to 128
PIM-enabled interfaces in
hardware based on the TCAM3.
If a Catalyst 3750-E member
receives an unmatched multicast
packet, the switch forwards the
packet in hardware.
—
When an IPv4 SDM template is
enabled, the switch supports up
to 64 PIM-enabled interfaces in
hardware. When a dual IPv4 and
IPv6 template is enabled, the
switch supports up to
32 PIM-enabled interfaces in
hardware.
Cisco Software Activation and Compatibility Document
14
OL-11445-02
Feature Compatibility
Table 3
Feature Behavior Differences (continued)
Feature
IP unicast routing
Catalyst 3750-E and 3560-E
Switches
On the switch or in a
Catalyst-3750-E-only stack, you
can configure 20 private VLANs
and 104 PBR4 policies
regardless of the number of
configured VRFs5 (up to
26 VRFs).
Catalyst 3750 and 3560 Switches
Mixed Hardware Stacks
On the switch or in a
Catalyst 3750-only stack, these
are the maximum numbers of
VRFs, private VLANs, and PBR
policies that can be configured:
The maximum numbers of
VRFs, private VLANs, and PBR
policies that can be configured
on a mixed hardware stack is the
same as those for a
Catalyst 3750-only stack.
•
When no VRFs are
A Catalyst 3750-E member
configured, you can
configure 20 private VLANs behaves like a Catalyst 3750
member. After the stack reboots:
and 104 PBR policies.
•
When up to 26 VRFs are
configured, you can
configure 20 private VLANs
and 41 PBR policies.
•
If more than 41 PBR
policies are configured, you
cannot configure VRF.
You can enable VRF on a private
VLAN and the reverse.
You cannot enable VRF on a
private VLAN and the reverse.
•
The member rejects the VRF
configuration when VRF is
enabled on a private VLAN.
•
If at least one VRF is
configured, the member
rejects the PBR policy
configuration after 41 PBR
policies is reached.
The Catalyst 3750 switch goes
into feature-mismatch mode
when the switch tries to join a
Catalyst 3750-E-only stack with
one of these configurations:
•
Both VRF and private
VLANs are enabled.
•
The VRF configuration has
more than 41 configured
policies.
You must remove the stack VRF
configuration so that the
Catalyst 3750 switch can join the
stack. The unsupported VRF
configuration cannot be part of
the provisioned configuration for
the Catalyst 3750 switch.
The switch has no limitations for The switch supports ICMPv4
—
ICMPv46 redirect.
redirect for routes with mask
lengths less than 32 bits. ICMP
redirect is not supported for host
routes or for summarized routes
with mask lengths greater
than 32 bits.
The switch has no limitations for The switch does not support
unicast reverse path forwarding unicast RPF.
(unicast RPF).
You cannot configure unicast
RPF on switches in a mixed
hardware stack.
Cisco Software Activation and Compatibility Document
OL-11445-02
15
Feature Compatibility
Table 3
Feature
IPv6 ACLs
Feature Behavior Differences (continued)
Catalyst 3750-E and 3560-E
Switches
The switch supports the ahp and
routing keywords in the deny
(IPv6 access-list configuration)
and the permit (IPv6 access-list
configuration) commands.
If a port or router ACL has
ACEs7 with the ahp keyword,
the routing keyword, or both,
you can perform these tasks:
•
On a standalone switch or a
Catalyst 3750-E-only stack
– Apply the port ACL to a
switch port.
– Apply a router ACL to
an SVI.
– Modify the port or
router ACL by adding
the ahp keyword, the
routing keyword, or
both.
•
On a Catalyst 3750-E-only
stack
– When a port ACL is
Catalyst 3750 and 3560 Switches
Mixed Hardware Stacks
The switch does not support the
ahp and routing keywords in the
deny (IPv6 access-list
configuration) and the permit
(IPv6 access-list configuration)
command.
If a port or router ACL has ACEs
with the ahp keyword, the
routing keyword, or both, these
actions occur:
If an ACL has ACEs with the
ahp keyword, the routing
keyword, or both, these actions
occur on a standalone switch or
on Catalyst 3750-only stack:
•
The port ACL can be applied
only to a Catalyst 3750-E
member switch port.
•
The port ACL cannot be
applied to any Catalyst 3750
member switch port.
• A router ACL cannot be
When you apply a port ACL
applied to an SVI on any
to a switch port or a router
member switch.
ACL to an SVI, the switch
If a router ACL is applied to an
rejects the ACL.
SVI and you modify the ACL by
• When you modify the port or
adding the ahp keyword, the
router ACL by adding the
routing keyword, or both to the
ahp keyword, the routing
ACE, the switch rejects the ACE.
keyword, or both to the
ACE, the switch rejects the If a port ACL is applied to a
Catalyst 3750 member switch
ACE.
port and you modify the ACL by
adding the ahp keyword, the
routing keyword, or both to the
ACE, the switch rejects the ACE.
•
attached to the
Catalyst 3750-E
member switch port,
add a Catalyst 3750
switch as a member if
the stack does not have
router ACLs configured
with the ahp keyword,
the routing keyword, or
both.
If a port ACL is applied to a
Catalyst 3750-E member switch
port and you modify the ACL by
adding the ahp keyword, the
routing keyword, or both to the
ACE, the switch accepts the
ACE.
– When the router ACL is
attached to an SVI on a
member, add a
Catalyst 3750-E switch
as a member but not a
Catalyst 3750 switch as
a member.
The switch supports IPv6
—
address-matching for a full range
of prefix lengths.
—
Cisco Software Activation and Compatibility Document
16
OL-11445-02
Feature Compatibility
Table 3
Feature
Feature Behavior Differences (continued)
Catalyst 3750-E and 3560-E
Switches
Catalyst 3750 and 3560 Switches
Mixed Hardware Stacks
IPv6 unicast routing The switch has no limitations for The switch supports ICMPv6
ICMPv68 redirect.
redirect for routes with mask
lengths less than 64 bits. ICMP
redirect is not supported for host
routes or for summarized routes
with mask lengths greater
than 64 bits.
When configuring equal-cost
routes, the router might choose
different paths, depending on the
ingress switch.
A multicast packet is unmatched
when the destination IPv6
address does not match the
destination MAC address. The
unmatched multicast packet is
forwarded in hardware.
The unmatched multicast packet
is forwarded in software, which
might cause the high CPU
utilization.
If a Catalyst 3750 member
receives an unmatched multicast
packet, the switch forwards the
packet in software.
MVR9
When the switch forwards a
packet from a source VLAN to a
receiver port, the switch does not
modify the packet.
When the switch forwards a
—
packet from an source VLAN to
a receiver port, the switch
modifies the source MAC
address and decrements the
TTL10 of the packet.
SDM templates
—
—
All stack members must use the
same SDM template as the stack
master.
show platform
commands
The switch supports the show
platform sf-asic privileged
EXEC command to enable
debugging of the ASIC data
structures.
—
—
—
All stack members must run the
same version of STP.
MLD snooping
If a Catalyst 3750-E member
receives an unmatched multicast
packet, the switch forwards the
packet in hardware.
The switch supports the show
platform dl [detail] privileged
EXEC command to display
dynamically loaded module
information.
STP11
—
Cisco Software Activation and Compatibility Document
OL-11445-02
17
Feature Compatibility
Table 3
Feature Behavior Differences (continued)
Feature
Switch-based
authentication
Catalyst 3750-E and 3560-E
Switches
Catalyst 3750 and 3560 Switches
Mixed Hardware Stacks
—
—
The SSH12 connection to the
switch stack can be lost if the
Catalyst 3750-E master running
the cryptographic software
image and the IP base or IP
services feature set fails and one
of these actions occur:
•
The stack master is replaced
by a Catalyst 3750-E
member running the
noncryptographic image and
the IP base or IP services
feature set.
•
The master is replaced by a
Catalyst 3750 switch
running the
noncryptographic image and
the IP base or IP services
image.
We recommend that a stack
master run the cryptographic
image and the IP base or IP
services feature set.
Switch memory
usage
The switch uses hardware
memory to store unicast routes,
MAC addresses, ACLs, and
other feature information and to
provide the SDM templates that
allocate memory resources,
depending on how the switch is
used.
The switch uses TCAM to store —
unicast routes, MAC addresses,
ACLs, and other feature
information and to provide the
SDM templates that allocate
memory resources, depending on
how the switch is used.
Because of collisions, in some
cases, the switch cannot store a
few MAC address table entries
even if it has free hardware
memory.
System MTU
You can configure the system
jumbo MTU and the system
routing MTU values on the
switch ports.
The switch allows multicast
routing of jumbo frames.
You can configure the system
MTU, the system jumbo MTU,
and the system routing MTU
values on the switch ports.
For information about
configuring the system MTU
values on stack members, see the
“Configuring the System MTU”
section in the Catalyst 3750-E
and 3560-E Switch Software
Configuration Guide.
1. SDM = switch database management
2. PIM = Protocol-Independent Multicast
3. TCAM = ternary content addressable memory
Cisco Software Activation and Compatibility Document
18
OL-11445-02
Configuration Guidelines in Mixed Hardware Switch Stacks
4. PBR = policy-based routing
5. VRF = Virtual Private Network (VPN) routing/forwarding
6. ICMPv4 = IP Control Message Protocol Version 4
7. ACEs = access control entries
8. ICMPv6 = IP Control Message Protocol Version 6
9. MVR = Multicast VLAN Registration
10. TTL = time-to-live
11. STP = Spanning Tree Protocol
12. SSH = Secure Shell
Configuration Guidelines in Mixed Hardware Switch Stacks
This document describes the interactions of Catalyst 3750-E and 3750 members in a mixed hardware
switch stack. For more information about switch stacks, see the Catalyst 3750-E and 3560-E Switch
Software Configuration Guide and the Catalyst 3750 Switch Software Configuration Guide on
Cisco.com.
Follow these guidelines when configuring mixed hardware stacks:
•
We recommend that a Catalyst 3750-E switch be the stack master.
•
We recommend that all stack members run Cisco IOS Release 12.2(35)SE or later to ensure
compatibility between the stack members. For more information, see these sections in the
“Managing Switch Stacks” chapter in the Catalyst 3750-E and 3750 software configuration guides:
– “Switch Stack Software Compatibility Requirements” section
– “Stack Protocol Version Compatibility” section
– “Major Version Number Compatibility Among Switches” section
– “Minor Version Number Compatibility Among Switches” section
The stack members in a mixed software stack use the automatic upgrade (auto-upgrade) and the
automatic advise (auto-advise) processes to detect mismatched software and to try to upgrade a
member in version-mismatch (VM) mode.
•
We recommend assigning the highest priority value to the switch that you prefer to be the stack
master. This ensures that the switch is re-elected as stack master if a re-election occurs. In a mixed
hardware stack, assign the highest priority value to a Catalyst 3750-E switch.
•
When configuring system-wide features, see the “Feature Compatibility” section on page 12 and the
“Additional Considerations for System-Wide Configuration on Switch Stacks” section in the
“Managing Switch Stacks” chapter in the Catalyst 3750-E and Catalyst 3750 switch software
configuration guides.
•
Hardware compatibility and SDM mismatch mode
– The Catalyst 3750-E switch supports only the desktop Switch Database Management (SDM)
templates. The Catalyst 3750 switch supports either the desktop or aggregator SDM templates.
– All stack members use the SDM template configured on the stack master. In a mixed hardware
stack:
Only the switches using the same desktop SDM template as the stack master can be stack
members. All other switches trying to join this switch stack enter SDM-mismatch mode.
If a Catalyst 3750 stack master is using an aggregator template, Catalyst 3750-E switches
cannot be stack members. Only Catalyst 3750 aggregator switches can be stack members.
Cisco Software Activation and Compatibility Document
OL-11445-02
19
Related Publications
•
You can connect to the stack master by using one of these methods:
– You can connect a terminal or PC to the stack master through the console ports of one or more
stack members.
– You can connect a PC to the stack master through the Ethernet management ports of one or more
Catalyst 3750-E stack members. If the stack master is a Catalyst 3750 switch and at least one
stack member is a Catalyst 3750-E switch, you can manage the stack through the PC.
Related Publications
These documents provide complete information about the switches and are available from these
Cisco.com sites:
http://www.cisco.com/en/US/products/ps7077/tsd_products_support_series_home.html
Note
Before installing, configuring, or upgrading a switch, see these documents:
•
For initial configuration information, see the “Using Express Setup” section in the getting started
guide or the “Configuring the Switch with the CLI-Based Setup Program” appendix in the hardware
installation guide.
•
For device manager requirements, see the “System Requirements” section in the release notes (not
orderable but available on Cisco.com).
•
For Network Assistant requirements, see the Getting Started with Cisco Network Assistant (not
orderable but available on Cisco.com).
•
For cluster requirements, see the Release Notes for Cisco Network Assistant (not orderable but
available on Cisco.com).
•
For upgrading information, see the “Downloading Software” section in the release notes.
You can order printed copies of documents with a DOC-xxxxxx= number from the Cisco.com sites and
from the telephone numbers listed in the URL referenced in the “Obtaining Documentation, Obtaining
Support, and Security Guidelines” section on page 22.
•
Cisco License Manager
– Getting Started with Cisco License Manager 1.0 on Windows XP
– Cisco License Manager online help
– API Reference Guide for Cisco License Manager on Windows XP
•
Catalyst 3750-E and 3560-E switches
– Release Notes for the Catalyst 3750-E and 3560-E Switches (not orderable but available on
Cisco.com)
– Catalyst 3750-E and 3560-E Switch Software Configuration Guide (not orderable but available
on Cisco.com)
– Catalyst 3750-E and 3560-E Switch Command Reference (not orderable but available on
Cisco.com)
– Catalyst 3750-E and 3560-E Switch System Message Guide (not orderable but available on
Cisco.com)
– Device manager online help (available on the switch)
Cisco Software Activation and Compatibility Document
20
OL-11445-02
Related Publications
– Catalyst 3750-E and 3560-E Switch Hardware Installation Guide (not orderable but available
on Cisco.com)
– Getting Started Guide for the Catalyst 3750-E Switch (order number DOC-7817568=)
– Getting Started Guide for the Catalyst 3560-E Switch (order number DOC-7817617=)
– Regulatory Compliance and Safety Information for the Catalyst 3750-E and 3560-E Switches
(order number DOC-7817569=)
•
Catalyst 3750 and 3560 switches
– Release Notes for the Catalyst 3750, 3560, 2970, and 2960 Switches (not orderable but available
on Cisco.com)
– Catalyst 3750 Switch Software Configuration Guide (not orderable but available on Cisco.com)
– Catalyst 3750 Switch Command Reference (not orderable but available on Cisco.com)
– Catalyst 3750 Switch Hardware Installation Guide (not orderable but available on Cisco.com)
– Catalyst 3560 Switch Software Configuration Guide (not orderable but available on Cisco.com)
– Catalyst 3560 Switch Command Reference (not orderable but available on Cisco.com)
– Catalyst 3560 Switch Hardware Installation Guide (not orderable but available on Cisco.com)
– Catalyst 3750, 3560, 3550, 2970, and 2960 Switch System Message Guide (not orderable but
available on Cisco.com)
•
Switch documentation
– Getting Started with Cisco Network Assistant (not orderable but available on Cisco.com)
– Release Notes for Cisco Network Assistant (not orderable but available on Cisco.com)
– Cisco Small Form-Factor Pluggable Modules Installation Notes (order number
DOC-7815160=)
– Cisco CWDM GBIC and CWDM SFP Installation Note (not orderable but available on
Cisco.com)
– These compatibility matrix documents are available from this Cisco.com site:
http://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_li
st.html
Cisco Gigabit Ethernet Transceiver Modules Compatibility Matrix (not orderable but available
on Cisco.com)
Cisco 100-Megabit Ethernet SFP Modules Compatibility Matrix (not orderable but available on
Cisco.com)
Cisco Small Form-Factor Pluggable Modules Compatibility Matrix (not orderable but available
on Cisco.com)
Compatibility Matrix for 1000BASE-T Small Form-Factor Pluggable Modules (not orderable
but available on Cisco.com)
– For information about the Network Admission Control (NAC) features, see the Network
Admission Control Software Configuration Guide (Not orderable but available on Cisco.com)
Cisco Software Activation and Compatibility Document
OL-11445-02
21
Obtaining Documentation, Obtaining Support, and Security Guidelines
Obtaining Documentation, Obtaining Support, and Security
Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback,
security guidelines, and also recommended aliases and general Cisco documents, see the monthly
What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical
documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
CCVP, the Cisco logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn
is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco,
the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient,
IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking
Academy, Network Registrar, Packet, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient,
and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (0705R)
Cisco Software Activation and Compatibility Document
22
OL-11445-02
Obtaining Documentation, Obtaining Support, and Security Guidelines
Cisco Software Activation and Compatibility Document
OL-11445-02
23
Obtaining Documentation, Obtaining Support, and Security Guidelines
Cisco Software Activation and Compatibility Document
24
OL-11445-02
Download PDF