Readme updated 11 January 2008 **************************************************************** | | | Cisco IOS Release 12.1(22)EA11 | | Build ID: cigesm-i6q4l2-tar.121-22.EA11.tar normal | | cigesm-i6k2l2q4-tar.121-22.EA11.tar crypto | | Revision: EA11 | | | | (C) Copyright International Business Machines Corporation | | May, 2004. All rights reserved. | | | | US Government Users Restricted Rights -- Use, duplication | | or disclosure restricted by GSA ADP Schedule Contract with | | IBM Corp. | | | | Note: Before using this information and the product it | | supports, read the general information under "NOTICES AND | | TRADEMARKS" in this document. | | | | Updated 11 January 2008 | **************************************************************** CONTENTS 1.0 About this readme file 2.0 Change history 3.0 Installation and Setup Instructions 4.0 Configuration Information 5.0 Unattended Mode 6.0 Web sites and phone support 6.1 Web sites 6.2 Software service and support 6.3 Hardware service and support 7.0 Notices and trademarks 8.0 Disclaimer 1.0 ABOUT THIS README FILE -------------------------- This release contains software for both the Cisco Intelligent Gigabit Ethernet Switch Module (CIGESM) and the Cisco Intelligent Fiber Gigabit Ethernet Switch Module. Both normal and cryptographic versions are included in this release. Also included in this release are the Maintenance Information Base (MIB) files for the CIGESM. There have been no changes to the MIBs since the release of Cisco software Version 12.1(14)AY4. They are included on this web site for completeness. 2.0 CHANGE HISTORY ------------------ 11 January 2008 Version 12.1(22)EA11 - cigesm-i6q4l2-tar.121-22.EA11.tar and cigesm-i6k2l2q4-tar.121-22.EA11.tar This release resolves the following issues: CSCsi53397 You can now read from and write to the BRIDGE-MIB by using the mst-n suffix. CSCsk12508 The output from the show interface interface-id command for input broadcast packets includes information for both broadcast and multicast packets. CSCsk27547 A switch with a two-port EtherChannel no longer drops packets when one of the channels is shut down. (In previous releases, this occurred when one of the channels was configured as access mode in VLAN 1.) CSCsi19656 When the MIB object c2900PortAdminSpeed is set to a value of 1 (auto), these two commands are no longer automatically configured on that interface:switchport port-security aging type inactivityswitchport port-security aging static 07 August 2007 Version 12.1(22)EA10a - cigesm-i6q4l2-tar.121-22.EA10a.tar and cigesm-i6k2l2q4-tar.121-22.EA10a.tar This release resolves the following issues: CSCsi92350 The switch no longer might reload with a signal 10 exception. CSCsj15899 When an IEEE (Institute of Electrical and Electronics Engineers) 802.1x-enabled interface has MAC (Media Access Control)authentication bypass (MAB) and guest VLAN enabled and the multiple-host mode configured, the switch no longer reloads if it receives traffic that is not an Extensible Authentication Protocol (EAP) frame and has a MAC address that is not in the MAB profile. CSCsb12598 Cisco IOS (Internetwork Operating System) device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. Cisco IOS is affected by the following vulnerabilities: – Processing ClientHello messages, documented as Cisco bug ID CSCsb12598 CSCsb40304 Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. Cisco IOS is affected by the following vulnerabilities: – Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304 CSCsd92405 Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. Cisco IOS is affected by the following vulnerabilities: – Processing Finished messages, documented as Cisco bug ID CSCsd92405 15 May 2007 Version 12.1(22)EA10 - cigesm-i6q4l2-tar.121-22.EA10.tar and cigesm-i6k2l2q4-tar.121-22.EA10.tar This release resolves the following issues: CSCei83729 Strict priority queuing now works correctly. CSCsh77929 A host with an Intel network interface card (NIC) connected to an external copper switch port no longer loses connectivity when the host reboots. 07 December 2006 Version 12.1(22)EA9 - cigesm-i6q4l2-tar.121-22.EA9.tar and cigesm-i6k2l2q4-tar.121-22.EA9.tar This release supports the following new software features: Protected Mode In Cisco IOS Release 12.1(22)EA9 and later, you can enable protected mode to prevent the management module from controlling the blade switch. By locking out the management module from control of the switch, server administrators cannot manage the switch from the management module. When protected mode is enabled, the chassis management module cannot control or configure these features and functions of the CIGESM blade switch: IP addresses Administration of external ports Whether the blade switch can be managed with traffic received over external ports That the CIGESM will not revert to the manufacturing default configuration Management Module code version 1.27 or later is required This release resolves the following issues: CSCeg09032 Open Shortest Path First (OSPF) routes now appear in the routing table after a topology change when Incremental SPF (Small Form-Factor Pluggable) is enabled. CSCeg71620 Downstream interfaces in a link-state group that are added to an EtherChannel group recover their link state when the link-state group is disabled. CSCeg72946 Downstream interfaces that are members of a link-state group are no longer incorrectly placed in an up state when only one upstream interface is active and this upstream interface is made the destination interface for a local SPAN (Switches Port Analyzer) session. CSCeh45771 When the multicast traffic for a group enters the switch it is directed to both the interface that joined the group entering the ip IGMP (Internet Group Management Protocol) join interface configuration command and to the interface with the static multicast MAC (Media Access Control) address. 09 August 2006 Version 12.1(22)EA8a - cigesm-i6q4l2-tar.121-22.EA8a.tar This release resolves the following issues: CSCsd74990 When a switch has multiple management VLAN (Virtual Local Area Network) interfaces, the IP (Internet Protocol) addresses for all active interfaces are now reachable from a host or network device. CSCse11516 Configuring the switch for a port monitor session on a remote VLAN no longer causes packet flooding on other interfaces that are not configured for the monitor session. CSCse25863 When you are using a web browser to manage the CIGESM (Cisco Intellegent Gigabit Ethernet Switch Module), Device Manager now correctly requires you to enter username and password, even when the switch is booted without a configuration file or when the configuration file was removed after returning to the manufacturing default configuration. 18 May 2006 Version 12.1(22)EA8 - cigesm-i6q4l2-tar.121-22.EA8.tar This release resolves the following issues: CSCsb82422 The switch does now forwards an IEEE (Institute of Electrical and Electronics Engineers) 802.1x request that has null credentials. CSCsd03880 When the ciscoEnvMonMib is polled, it no longer returns envmom characteristics for the Cisco Intelligent Gigabit Ethernet Switching Module (CIGESM). The module has no envmon characteristics. In previous releases, the MIB displayed envmom information for the CIGESM. CSCsd23228 The output of the show platform summary privileged EXEC command now appears in the output of the show tech privileged EXEC command. CSCsd24154 When forwarding an IGMP (Internet Group Management Protocol) query, the default CoS (Class of Service) value from the incoming packets no longer changes automatically. CSCsd51738 When the switch is reset to the factory default settings, the CIGESM now responds to ping or Telnet requests from external devices. CSCsd6866 When the management module resets the CIGESM to the factory default settings and the preserve IP (Internet Protocol) address for the module is disabled, the CIGESM can now use the default IP address. CSCsb79318 If the re-authentication timer and re-authentication action is downloaded from the RADIUS (Remote authentication dial-in user service) server using the session-Timeout and Termination-Action RADIUS attributes, the switch no longer performs the termination action when the port is not configured with the dot1x timeout reauthenticate server interface configuration command. •CSCsb82422 The switch now forwards an IEEE 802.1x request that has null credentials. •CSCsb99249 A host attached to an authenticated 802.1X port might no longer loses network access after a 802.1X-enabled port mode or host mode is modified. In previous releases, this occurred when the 802.1X control direction was set to In when the configuration was changed. •CSCsc84627 A MAC (Medium Access Control) entry no longer changes from static to dynamic on a switch configured with private VLANs (Virtual Local Area Network). •CSCsc93698 Connectivity failures to the management interface no longer occur if the VLAN used is other than VLAN 1. •CSCsc96385 The switch now sends the NAS-Identifier (Network Attached Storage), attribute 32, to the RADIUS server when you configure the attribute in the running configuration by using these Cisco IOS (Internetwork Operating System) global configuration commands: radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req •CSCsd19470 This error log message no longer randomly appears: %TCAMMGR-3-HANDLE_ERROR: cam handle [hex] is invalid •CSCsd39489 When port-security aging on the switch is set to inactive, CAM (Content-Addressable Memory ) entries no longer time out when there is continuous traffic. CSCsb63404 A switch is accessible by SSH (Secure Shell) or Telnet after it has been running for 4 to 5 days. 3.0 Installation and Setup Instructions ----------------------------------------- Ensure that the firmware is on a server that is accessible by the Cisco Switch Module Start a tftp server on the server that contains the firmware. When the tftp application starts, it displays an IP address in the form . Note this IP address for use later. change the tftp server directory to the directory that contains the firmware. On your server get to a DOS prompt. (In a Windows operating system, hit the start button, type "cmd", and then press .) Type: Telnet bbb.ccc.ddd.eee where bbb.ccc.ddd.eee is the IP address of the Cisco Switch Module. You should see the following prompt when the telnet session starts: Switch> Type in "en" and press enter. If the system asks for a UserID and Password, provide those. These can be obtained from your system administrator. After this, you should see the prompt below: Switch# Type archive download tftp:/// ( is the IP address of the server containing the firmware image as previously noted. is the firmware image you just downloaded from the web site.) cigesm-i6q4l2-tar.121-22.EA11.tar is the standard image. cigesm-i6k2l2q4-tar.121-22.EA11.tar is the cryptographic image. Hit Note that the old image will be erased before the software image is downloaded. This process is automatic. During this time of approximately 30 seconds, there are no updates to the view on the monitor. When the firmware load is complete type: write memory reload This now has the new OS image. You can verify the level from the Management Module or by typing: Show ver 4.0 Configuration Information ------------------------------- No special configuration is required. 5.0 Unattended Mode ------------------------------- Unattended Mode is not supported for updating the Cisco Switch Module firmware. 6.0 WEB SITES AND PHONE SUPPORT --------------------------- Information and assistance is available through the IBM Web site and by phone. 6.1 Web sites IBM Support Web Site: http://www.ibm.com/servers/eserver/support/bladecenter/index.html 6.2 Software service and support -------------------------------- Through IBM Support Line, you can get telephone assistance, for a fee, with usage, configuration, and software problems with xSeries servers, IntelliStation workstations, and appliances. For information about which products are supported by Support Line in your country or region, go to http://www.ibm.com/services/sl/products/. For more information about Support Line and other IBM services, go to http://www.ibm.com/services/, or go to http://www.ibm.com/planetwide/ for support telephone numbers. In the U.S. and Canada, call 1-800-IBM-SERV (1-800-426-7378). 6.3 Hardware service and support -------------------------------- You can receive hardware service through IBM Services or through your IBM reseller, if your reseller is authorized by IBM to provide warranty service. Go to http://www.ibm.com/planetwide/ for support telephone numbers, or in the U.S. and Canada, call 1-800-IBM-SERV (1-800-426-7378). In the U.S. and Canada, hardware service and support is available 24 hours a day, 7 days a week. In the U.K., these services are available Monday through Friday, from 9 a.m. to 6 p.m. 7.0 NOTICES AND TRADEMARKS -------------------------- INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. IBM, the e-business logo, eServer, IntelliStation, xxx, and xxx are trademarks of the IBM Corporation in the United States, other countries, or both. ****************************************************************** The following terms are trademarks of International Business Machines Corporation in the United States, other countries, or both: e-business logo eServer IBM The following terms are trademarks of Cisco Systems in the United States, other countries, or both: Cisco Cisco Systems ****************************************************************** Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. 8.0 Disclaimer (Required) ---------------------------- 8.1 THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IBM DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY WITH RESPECT TO THE INFORMATION IN THIS DOCUMENT. BY FURNISHING THIS DOCUMENT, IBM GRANTS NO LICENSES TO ANY PATENTS OR COPYRIGHTS. 8.2 Note to Government Users Include the following note after the disclaimer paragraph. Note to U.S. Government Users -- Documentation related to restricted rights -- Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corporation.