Issues with IOS XE 3.3.x

[alkemyst]

Just an FYI on two bugs I have encountered that were not documented on Cisco's website.

Both these issues at least apply to the 4510R+E and 3850 switches.

The first is when using TACACS+ and the 'single-connect' keyword in 3.3.1. Timeout values are ignored and a 6000 second timeout is set for it to fail over to the local login. This was resolved in 3.3.2 (it was not reported at all).

The next is when using 3502e AP's (possibly others as well) and doing a SHOW CDP NEIGHBOR DETAILS. Most of the time the IP addresses will be blank and despite 15.4W being used only 14.5W are reported. This was not fixed in 3.3.2 and was not on their list of fixes. They are not sure how CDP NEIGHBORS got broke between 3.2.x and 3.3.x

3.2.x has it's own share of issues.

UPDATE:
the IP's for the AP devices do come up if you wait long enough.

The workaround is to clear the CDP NEIGHBOR information.

Cisco can't explain this yet, but I tested this and it's a solution.

The other issue is definitely a bug...they are hoping the next release will fix it. If not, that bug fix will be in the one after.

 

[RadiclDreamer]

I've not used XE, but all ive heard has been negative, what is your overall impression?

 

[Cooky]

IOS-XE has been rock solid on our ASR 1002 & 1006's.
It was only recent did Cisco start putting it on the client facing Cat 3K & 4K's.
We didn't receive any issues w/ the 4K's, but will see how power is reported in CDP.

We had an issue w/ multicast & wccp on demo 3850's, so decided to stick w/ 12.2.x on 3560X/3750X.
We'll do another round of testing on 3650's soon to see if IOS-XE has improved on the 3K platform.

 

[alkemyst]

IOS-XE has been rock solid on our ASR 1002 & 1006's.
It was only recent did Cisco start putting it on the client facing Cat 3K & 4K's.
We didn't receive any issues w/ the 4K's, but will see how power is reported in CDP.

We had an issue w/ multicast & wccp on demo 3850's, so decided to stick w/ 12.2.x on 3560X/3750X.
We'll do another round of testing on 3650's soon to see if IOS-XE has improved on the 3K platform.

I was not saying IOS-XE is not the way to go. IOS runs on multi-core platforms and is single-threaded. IOS-XE can access all the cores.

I like IOS-XE, hence why I am using it. However; many are still sticking with IOS and even ordering mass deployments with 3750X's instead of 3850's.

That said Cisco did a bad job marketing the 3850. So many still believe it's only capable of stacking 4 deep.

+That said Cisco's Customer Service team got in a pissing match with me the last few days that when I reported I was missing the hardware kit from one 3850 in a $1.1 million dollar order, that those parts are never included and I'd have to order them separately.

Apparently they don't know that the 4 little footpads, a grounding lug and screw, a set of 4 fine threaded rack screws and a set of 4 course threaded rack screws, a plastic cable manager and screw, and the rack ears and screws are always included in the box.

I let them know thank you for no longer including a console cable as well. Even the 4510R+E only comes with a serial adapter and a rollover cable

The ASA's have the best cable if you are still on non-USB. They are the yellow ones with a boot on the end of the connector.

Cisco finally told me they are sending me my parts. The sad thing is I need them tomorrow so I had to overnight another switch to cover it.

 

[Railgun]

I let them know thank you for no longer including a console cable as well. Even the 4510R+E only comes with a serial adapter and a rollover cable

If people with experience with Cisco don't have 10000 of those things hanging around by now.

We can't get rid of those fast enough. They're everywhere.

 

[alkemyst]

If people with experience with Cisco don't have 10000 of those things hanging around by now.

We can't get rid of those fast enough. They're everywhere.

If you use them everyday, they tend to break quickly. I am a consulting deployment engineer so nearly everyday I am consoling into at least one device and usually 6 or more.

 

[alkemyst]

Update: the IP's for the AP devices do come up if you wait long enough.

The workaround is to clear the CDP NEIGHBOR information.

Cisco can't explain this yet, but I tested this and it's a solution.

The other issue is definitely a bug...they are hoping the next release will fix it. If not, that bug fix will be in the one after.

 

[alkemyst]

Also IOS-XE is very fast. Generating a 2048 crypto key is like 2-3 seconds max. On IOS this took a bit of time.

It does have it's issues, but so does IOS.

Soon Cisco will be making the versions more common in numbering scheme so it's easier to compare apples to oranges in a mixed environment of IOS and IOS-XE.

 

[benloveday]

Hey all,

We are having issues with some 3850s not autonegotiating flow control with our iSCSI SANs and ESX hosts when configuring Flow Control On or Desired.

Our ESX hosts and SANs show autoneg enabled but tx and rx off...

Anyone seen similar issues with flow control?

We see this issue with IOS-XE 3.3.2, 3.3.3 and 3.6.0

Cheers!
Ben

 

[alkemyst]

Hey all,

We are having issues with some 3850s not autonegotiating flow control with our iSCSI SANs and ESX hosts when configuring Flow Control On or Desired.

Our ESX hosts and SANs show autoneg enabled but tx and rx off...

Anyone seen similar issues with flow control?

We see this issue with IOS-XE 3.3.2, 3.3.3 and 3.6.0

Cheers!
Ben

I haven't seen this, but I don't use flow control much in my jobs.

I'd stay with 3.3.3SE(ED) though. There are still bugs especially with the newer TACACS commands and timeouts.

I have not tried to go to 3.6.0.

Have you called TAC?

 

[RadiclDreamer]

I was not saying IOS-XE is not the way to go. IOS runs on multi-core platforms and is single-threaded. IOS-XE can access all the cores.

I like IOS-XE, hence why I am using it. However; many are still sticking with IOS and even ordering mass deployments with 3750X's instead of 3850's.

That said Cisco did a bad job marketing the 3850. So many still believe it's only capable of stacking 4 deep.

+That said Cisco's Customer Service team got in a pissing match with me the last few days that when I reported I was missing the hardware kit from one 3850 in a $1.1 million dollar order, that those parts are never included and I'd have to order them separately.

Apparently they don't know that the 4 little footpads, a grounding lug and screw, a set of 4 fine threaded rack screws and a set of 4 course threaded rack screws, a plastic cable manager and screw, and the rack ears and screws are always included in the box.

I let them know thank you for no longer including a console cable as well. Even the 4510R+E only comes with a serial adapter and a rollover cable

The ASA's have the best cable if you are still on non-USB. They are the yellow ones with a boot on the end of the connector.

Cisco finally told me they are sending me my parts. The sad thing is I need them tomorrow so I had to overnight another switch to cover it.

People think it can only stack 4 deep because for good while it WAS only able to stack 4 deep.

 

[alkemyst]

People think it can only stack 4 deep because for good while it WAS only able to stack 4 deep.

That was actually short-lived, however; all the original documents had 4 as a max.

 

[drebo]

I just did a big deployment of 35 3850s and a 4500X, all running 3.6.0. I was pretty impressed. At least physically, the 3850 stacking is head and shoulders above the 3750, and I didn't have any problems with it coming up either.

My only complaint is that the 1100W power supplies are HUGE...combined with the already deep switches, and they don't fit in a 24" depth wall cabinet. That's been a bit of an issue.

 

[alkemyst]

I just did a big deployment of 35 3850s and a 4500X, all running 3.6.0. I was pretty impressed. At least physically, the 3850 stacking is head and shoulders above the 3750, and I didn't have any problems with it coming up either.

My only complaint is that the 1100W power supplies are HUGE...combined with the already deep switches, and they don't fit in a 24" depth wall cabinet. That's been a bit of an issue.

Yeah, the power supply issue I encountered. Like 20 IDFs had to be retrofitted.

We sent the dimensions, they didn't believe them.

 

[RadiclDreamer]

So how do these compare against the 3750E/X? Ive had issues with getting the stacks to join up properly at the start, had some issues with the cables seating properly. And the boot times were insane. Other than that they are pretty nice. Do the 1100w stick out as far as they do on the 3750 series? They were a good 6-8 inches

 

[alkemyst]

So how do these compare against the 3750E/X? Ive had issues with getting the stacks to join up properly at the start, had some issues with the cables seating properly. And the boot times were insane. Other than that they are pretty nice. Do the 1100w stick out as far as they do on the 3750 series? They were a good 6-8 inches

IMHO the 3850 is an improvement over the 3750, however; IOS XE could use more maturing.

The Stackwise cables are much better on the 3850 and have a bandwidth 3x that of the 3850 (480 vs 160). Boot times are a bit long due to stack election which doesn't go any faster whether you hard set the priority or not (however; I recommend setting priority on each switch).

The Power Stack cables are identical between the two.

The 1100W PSU's stick out a lot, they are not compatible with 24" deep wall racks. I am not sure if they are deeper than the 3750 as I have not compared the two directly. AFAIK, I have put 3750's in 24" racks with 1100W PSUs, but I may have been mistaken.

 

[drebo]

So how do these compare against the 3750E/X? Ive had issues with getting the stacks to join up properly at the start, had some issues with the cables seating properly. And the boot times were insane. Other than that they are pretty nice. Do the 1100w stick out as far as they do on the 3750 series? They were a good 6-8 inches

I didn't have any issued with stacking on the 3850. Largest stack I did was 5. Definitely worked fine and elected properly. Upgrading software over the whole stack at once also worked flawlessly (the first stack I upgraded individually.) Performance was very good with the stacking.

On a 3750, creating a new VLAN would freeze the CLI for like 20 seconds. I never observed that on the 3850s.

The stacking cables were way better.

Overall, I like the switches. I'd still do 2960Xs in most cases for access switches, unless I really needed StackPower or something, but the 3850s work well in my experience.

Oh yeah, boot times are about double that of the 3750.

 

[alkemyst]

The 2960X is a huge improvement over the 2960S (just the dual fans for one).

Most of our customers are going 3850 instead of the 2960X though. It a major cost bump, but they trust the 3x50's.

 

[drebo]

I've been using the 3650s in a couple cases, too, and they've worked pretty well. I haven't tried to stack them yet, though.

 

[Cooky]

Do you or your customers run multicast & WCCP on these 3650/3850's?
We had an issue w/ them in our lab testing.

How do they perform in your failure testing?
How long does it take for new master to be elected when the old master fails?
Any disruption to traffic, or is it seemless?

 

[drebo]

For the 3850s, anyway, they run their stacking master/slaves in an SSO manner, similar to multiple supervisors in a 4500 or 6500. When the stack comes up, a secondary is elected for HA. In theory, failover should be nearly instantaneous.

I didn't test whether routing protocols persisted and couldn't find any details about that, but even if they didn't, convergence should be pretty quick.

 

[Cooky]

Thanks.

So you don't run multicast or WCCP on these 3K's?

 

[NicoD]

Hey all,

We are having issues with some 3850s not autonegotiating flow control with our iSCSI SANs and ESX hosts when configuring Flow Control On or Desired.

Our ESX hosts and SANs show autoneg enabled but tx and rx off...

Anyone seen similar issues with flow control?

We see this issue with IOS-XE 3.3.2, 3.3.3 and 3.6.0

Cheers!
Ben

Hi Ben,

I'm seeing the exact same issue with a brand new 3850 running 3.3.3 and 3.3.5 (now testing 3.6.1). flowcontrol is turned on but the switch doesn't seem to be advertising it. Did you manage to find a solution?

Nico

 

[benloveday]

Hi Nico,

No mate, not yet. We moved the iSCSI traffic back to the older 2960Gs temporarily as they were negotiating flow control correctly.

We raised a TAC case and didn't really get a fix out of it, the assumption being that the switches were more capable of pushing the data through compared with the 2960s.

I'm still not sold on the fact that the switch doesn't operate as expected with flow control though...

How about you, did you get any further?

Cheers,
Ben