Guest

Cisco Network Modules

EtherSwitch Service Module (ES) Configuration Example

Cisco - EtherSwitch Service Module (ES) Configuration Example

Document ID: 82288

Updated: Jun 24, 2008

   Print

Introduction

This document provides a sample configuration for the EtherSwitch Service module installed in the Integrated Service Router (ISR). This document does not discuss the configuration example for the EtherSwitch Network module.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco 2800 Series Router on Cisco IOS® Software Release 12.4(10)

  • NME-16ES-1G-P - 16-port 10/100 Cisco EtherSwitch Service Module

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Related Products

This configuration can also be used with Cisco 2600/3600/3700/3800 Series Routers.

Refer to Table 6 in Cisco EtherSwitch Service Modules - Data Sheet for more information.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

EtherSwitch Modules - Concepts

These are the two types of EtherSwitch modules available for Cisco ISRs:

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.

Network Diagram

This document uses this network setup:

es-mod-config1.gif

Configurations

This document uses these configurations:

EtherSwitch Module Initial Configuration

After the ES module is installed on the router, you see a new GigabitEthernet interface x/0 (where x is the slot number) recognized by the IOS. This output is taken after the ES module is installed on the router:

Router1#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol

GigabitEthernet0/0         1.1.1.3         YES NVRAM  up                    down

GigabitEthernet0/1         unassigned      YES NVRAM  administratively down down

GigabitEthernet1/0         unassigned      YES unset  administratively down down

Vlan1                      unassigned      YES NVRAM  up                    up

The service-module gigabitEthernet x/0 session command is the privileged EXEC mode command used to console into the ES module from the host router. You need to console into the ES module in order to configure it. In order to console into the ES module, it is required to configure the IP address for the GigabitEthernet interface x/0. If you try to console into the module without assigning an IP address, you receive this error message:

Router1#service-module gigabitEthernet 1/0 session
IP address needs to be configured on interface GigabitEthernet1/0
Router1

Find out the router interface connected to the ES module.

Router1#show cdp neighbors 
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID    Local Intrfce   Holdtme    Capability   Platform    Port ID
Lab-2811     Gi 1/0          157               R     NME-16ES-1G Gi 1/0/2


!--- The Local interface shows the interface 
!--- on the router connected internally to the switch.



Configure the host router to manage the ES module.


Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#interface gigabitethernet 1/0

Router1(config-if)#ip address 172.16.1.1 255.255.255.0
Router1(config-if)#no shutdown
Router1(config-if)#exit
Router1(config)#exit


Console into the ES Module


Router1#service-module gigabitEthernet 1/0 session
Trying 172.16.1.1, 2066 ... Open

         --- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: no

Would you like to terminate autoinstall? [yes]:
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#hostname Switch-ES
Switch-ES(config)#interface gigabitethernet 1/0/2

Switch-ES(config-if)#no switchport
Switch-ES(config-if)#ip address 172.16.1.2 255.255.255.0
Switch-ES(config-if)#exit

!--- GigabitEthernet 1/0/2 connects the ES module to the router.


Switch-ES(config)#line console 0
Switch-ES(config-line)#password a99l3
Switch-ES(config-line)#exec-timeout 30
Switch-ES(config-line)#exit
Switch-ES(config)#line vty 0 4
Switch-ES(config-line)#password a99l3
Switch-ES(config-line)#login
Switch-ES(config-line)#exec-timeout 30
Switch-ES(config-line)#exit

This output shows the show ip interface brief command from the ES module. The GigabitEthernet1/0/2 interface connects the ES module to the GigabitEthernet1/0 interface of the host router.

Switch-ES#show ip int brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES unset  administratively down down
FastEthernet1/0/1      unassigned      YES unset  down                  down
FastEthernet1/0/2      unassigned      YES unset  down                  down
FastEthernet1/0/3      unassigned      YES unset  down                  down
FastEthernet1/0/4      unassigned      YES unset  down                  down
FastEthernet1/0/5      unassigned      YES unset  down                  down
FastEthernet1/0/6      unassigned      YES unset  down                  down
FastEthernet1/0/7      unassigned      YES unset  down                  down
FastEthernet1/0/8      unassigned      YES unset  down                  down
FastEthernet1/0/9      unassigned      YES unset  down                  down
FastEthernet1/0/10     unassigned      YES unset  down                  down
FastEthernet1/0/11     unassigned      YES unset  down                  down
FastEthernet1/0/12     unassigned      YES unset  down                  down
FastEthernet1/0/13     unassigned      YES unset  down                  down
FastEthernet1/0/14     unassigned      YES unset  down                  down
FastEthernet1/0/15     unassigned      YES unset  down                  down
FastEthernet1/0/16     unassigned      YES unset  down                  down
GigabitEthernet1/0/1   unassigned      YES unset  down                  down
GigabitEthernet1/0/2   172.16.1.2      YES manual  up                    up

If the ES module or the devices connected to this ES module need to communicate to the external network via the host router, this port (GigabitEthernet1/0/2) needs to be a Layer 3 port or it needs to be a member of Layer 3 VLAN. See the Configure Routing section of this document to understand how to configure the routing on the ES module.

This diagram explains the host router and the ES module logical connectivity:

es-mod-config2.gif

You need to press Ctrl+Shift+6, then X in order to go back to the host router.

If you need to clear the session from the router, issue the service-module gigabitEthernet x/0 session clear command from the router privileged EXEC mode.

Configure VTP and VLAN

By default, the VTP mode is server and the VTP domain name is null in ES module. By default, all the ports belong to vlan1. In this example, a DHCP server (172.16.10.20) is located in vlan 10. The ip helper-address 172.16.10.20 command is configured on all the VLANs except vlan 10 in order to obtain the IP addresses from the DHCP server for the devices located in these VLANs.

Switch-ES

VTP Configuration

Switch-ES(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.
Switch-ES(config)#vtp domain LAB
Changing VTP domain name from NULL to LAB
Switch-ES(config)#


Create VLANs


Switch-ES(config)#vlan 10,50,51,100,200
Switch-ES(config-vlan)#exit
Switch-ES(config)#



Configure VLANs


Switch-ES(config)#interface vlan 10
Switch-ES(config-if)#ip address 172.16.10.1 255.255.255.0
Switch-ES(config-if)#no shutdown

Switch-ES(config-if)#interface vlan 50
Switch-ES(config-if)#ip address 172.16.50.1 255.255.255.0
Switch-ES(config-if)#ip helper-address 172.16.10.20
Switch-ES(config-if)#no shutdown

Switch-ES(config-if)#interface vlan 51
Switch-ES(config-if)#ip address 172.16.51.1 255.255.255.0
Switch-ES(config-if)#ip helper-address 172.16.10.20
Switch-ES(config-if)#no shutdown

Switch-ES(config-if)#interface vlan 100
Switch-ES(config-if)#ip address 172.16.100.1 255.255.255.0
Switch-ES(config-if)#ip helper-address 172.16.10.20
Switch-ES(config-if)#no shutdown

Switch-ES(config-if)#interface vlan 200
Switch-ES(config-if)#ip address 172.16.200.1 255.255.255.0
Switch-ES(config-if)#ip helper-address 172.16.10.20
Switch-ES(config-if)#no shutdown

Switch-ES#show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1/0/1, Fa1/0/2, Fa1/0/3
                                                Fa1/0/4, Fa1/0/7, Fa1/0/8
                                                Fa1/0/9, Fa1/0/10, Fa1/0/11
                                                Fa1/0/12, Fa1/0/13, Fa1/0/14
                                                Fa1/0/15, Fa1/0/16, Gi1/0/1
                                                Gi1/0/2
10   VLAN0010                         active
50   VLAN0050                         active
51   VLAN0051                         active
100  VLAN0100                         active

200  VLAN0200                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
10   enet  100010     1500  -      -      -        -    -        0      0
50   enet  100050     1500  -      -      -        -    -        0      0
51   enet  100051     1500  -      -      -        -    -        0      0
100  enet  100100     1500  -      -      -        -    -        0      0

200  enet  100200     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
Switch-ES#show vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 10
VTP Operating Mode              : Transparent
VTP Domain Name                 : LAB
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x21 0x51 0xD5 0x4E 0x30 0xA5 0x46 0x3C
Configuration last modified by 0.0.0.0 at 10-27-06 18:28:10

Configure Spanning Tree, Trunk and Port Channel

This section shows the spanning-tree configuration on the ES module and the Access1 switch. This section also shows the port channel and the trunk configuration between the ES module and the Access1 switch. This example configures the rapid spanning tree on all the switches. The ES module is configured as the spanning-tree root for all the VLANs.

Switch-ES

Spanning-Tree Configuration

Switch-ES(config)#spanning-tree mode rapid-pvst
Switch-ES(config)#spanning-tree vlan 10,50,51,100,200 root primary


Trunk & Port Channel Configuration

Switch-ES(config)#interface port-channel 1
Switch-ES(config-if)#switchport trunk encapsulation dot1q
Switch-ES(config-if)#switchport mode trunk
Switch-ES(config-if)#switchport trunk allowed vlan 100,200
Switch-ES(config-if)#exit

Switch-ES(config)#interface range fastethernet 1/0/5-6
Switch-ES(config-if-range)#switchport trunk encapsulation dot1q
Switch-ES(config-if-range)#switchport mode trunk
Switch-ES(config-if-range)#switchport trunk allowed vlan 100,200
Switch-ES(config-if-range)#channel-group 1 mode on
Switch-ES(config-if-range)#exit

Access1

Access1 switch configuration



Access1(config)#vtp mode transparent
Setting device to VTP TRANSPARENT mode.

Access1(config)#vtp domain LAB
Changing VTP domain name from NULL to LAB

Access1(config)#vlan 100,200
Access1(config-vlan)#exit

Access1(config)#spanning-tree mode rapid-pvst

Access1(config)#interface port-channel 1
Access1(config-if)#switchport trunk encapsulation dot1q
Access1(config-if)#switchport mode trunk
Access1(config-if)#switchport trunk allowed vlan 100,200
Access1(config-if)#exit

Access1(config)#interface range FastEthernet 0/1 - 2
Access1(config-if-range)#switchport trunk encapsulation dot1q
Access1(config-if-range)#switchport mode trunk
Access1(config-if-range)#switchport trunk allowed vlan 100,200
Access1(config-if-range)#channel-group 1 mode on
Access1(config-if-range)#exit

Switch-ES#show spanning-tree summary
Switch is in rapid-pvst mode
Root bridge for: VLAN0001, VLAN0100, VLAN0200
Extended system ID           is enabled
Portfast Default             is disabled
PortFast BPDU Guard Default  is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default            is disabled
EtherChannel misconfig guard is enabled
UplinkFast                   is disabled
BackboneFast                 is disabled
Configured Pathcost method used is short

Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001                     0         0        0          1          1
VLAN0100                     0         0        0          1          1
VLAN0200                     0         0        0          1          1
---------------------- -------- --------- -------- ---------- ----------
3 vlans                      0         0        0          3          3
Switch-ES#show interface port-channel 1 trunk

Port        Mode         Encapsulation  Status        Native vlan
Po1         on           802.1q         trunking      1

Port      Vlans allowed on trunk
Po1         100,200

Port        Vlans allowed and active in management domain
Po1         100,200

Port        Vlans in spanning tree forwarding state and not pruned
Po1         100,200

Configure Access Port

The access port configuration is similar to the standard LAN switch configuration.

Switch-ES

Configure the port for server

Switch-ES(config)#interface fastEthernet 1/0/7
Switch-ES(config-if)#switchport mode access
Switch-ES(config-if)#switchport access vlan 10
Switch-ES(config-if)#spanning-tree portfast
Switch-ES(config-if)#speed 100
Switch-ES(config-if)#duplex full
Switch-ES(config-if)#exit


Configure Port for Printer

Switch-ES(config)#interface fastethernet 1/0/8
Switch-ES(config-if)#switchport mode access
Switch-ES(config-if)#switchport access vlan 51
Switch-ES(config-if)#spanning-tree portfast
Switch-ES(config-if)#exit

Configure Voice Port

The voice port configuration is similar to the standard LAN switch configuration.

Switch-ES

Configure the port for Voice

Switch-ES(config)#interface fastethernet 1/0/9
Switch-ES(config-if)#switchport mode access
Switch-ES(config-if)#switchport access vlan 51
Switch-ES(config-if)#switchport voice vlan 50
Switch-ES(config-if)#spanning-tree portfast

Configure Routing

This example uses static routes to configure the routing.

Switch-ES

Configure the default route

Switch-ES(config)#ip routing
Switch-ES(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1

Router1

Configure the route to LAN

Router1(config)#ip route 172.16.0.0 255.255.0.0 172.16.1.2

Configure QoS

This section uses auto QoS to configure QoS. Refer to Cisco AutoQoS White Paper for more information on auto QoS.

Switch-ES

Configure QoS on the port where IP phone is connected

Switch-ES(config)#interface fastethernet 1/0/9
Switch-ES(config-if)#auto qos voip cisco-phone
Switch-ES(config-if)#exit


Configure QoS on the uplink port to the host router.

Switch-ES(config)#interface gigabitEthernet 1/0/2
Switch-ES(config-if)#auto qos voip trust

Router1

Create Class map

Router1(config)#class-map match-any VoIP-Control
Router1(config-cmap)#match ip dscp AF31
Router1(config-cmap)#exit

Router1(config)#class-map match-any VoIP-RTP
Router1(config-cmap)#match ip dscp EF
Router1(config-cmap)#exit


Create Policy map

Router1(config)#policy-map Policy-VoIP
Router1(config-pmap)#class VoIP-RTP
Router1(config-pmap-c)#priority percent 70
Router1(config-pmap-c)#class VoIP-Control
Router1(config-pmap-c)#bandwidth percent 5
Router1(config-pmap-c)#class class-default
Router1(config-pmap-c)#fair-queue
Router1(config-pmap-c)#exit
Router1(config-pmap)#exit


Apply the policy on the interface connects to the ES Module

Router1(config)#interface gigabitEthernet 1/0
Router1(config-if)#service-policy output Policy-VoIP
Router1(config-if)#exit

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: Jun 24, 2008
Document ID: 82288