Guest

Cisco Catalyst 5000 Series Switches

Cisco Catalyst 5000 Series Release 2.3 Supervisor No. 648

Table Of Contents

Product Bulletin - No. 648

Overview

Features at a Glance

New Software Features

Release 2.3 Feature Descriptions

Fast EtherChannel Overview

Dynamic VLANs

Virtual Membership Policy Server

VTP Pruning

CGMP Overview

CGMP Fast Leave Processing

IP Permit List

System Requirements for 2.3

Ordering Information


Product Bulletin - No. 648


Cisco Catalyst 5000 Series Release 2.3 Supervisor Software

Overview

Release 2.3 of the Catalyst® 5000 series supervisor software adds support for several new hardware modules and offers many important new software features to help network administrators and users get the most from their Catalyst 2900, 5000, 5002, and 5500 switches. Release 2.3 runs on all Catalyst 5000 series Supervisor 1 and Supervisor 2 modules that have at least 8 MB of DRAM.

This product bulletin describes the new features and modules supported in the Catalyst 5000 supervisor software Release 2.3.

Features at a Glance

New Hardware Support

High-performance Route Switch module

12-port 10/100BaseTX line card, supports Fast EtherChannel®

12-port 100BaseFX line card, supports Fast EtherChannel

48-port 10BaseTX high-density line card module

New Software Features

Standard Feature Set

Fast EtherChannel—phase I

Dynamic VLAN assignment

VLAN Trunk Protocol (VTP) pruning

Cisco Group Management Protocol (CGMP) Fast Leave Processing

Enhanced Feature Set

Virtual Management Policy Server (VMPS)

IP permit list

Remote Monitoring (RMON) agent enhancements


Note: Use of RMON agent requires separate license purchase.


Table 1  Release 2.3 Features, Functions, and Benefits 

Feature Category
Feature
Functions
Benefits
New Hardware Support

Cisco IOS'— Multilayer Switching Services

Route Switch Module (WS-X5302)

Route switch module for the Catalyst 5000 and 5500.

Runs Cisco IOS V.11.2(7) industry-standard software

Dual R4700 RISC CPUs for maximum performance

Provides high-performance routing and NetFlow switching in the switch chassis

Tightly integrates the market's leading Catalyst Layer 2 switch capabilities with full Cisco IOS Layer 3 network services

Catalyst 5000 Family Line Card

12-port 10/100BaseTX line card module (WS-X5203)

Supports Fast EtherChannel bundling

Increased port buffer memory

Fast EtherChannel bundling for scalable bandwidth

More port buffer space for meeting peak demands on trunk and server links

Proactive monitoring with an RMON agent per port

Catalyst 5000 Family Line Card

12-port 100BaseFX line card module (WS-X5201)

Supports Fast EtherChannel bundling

Increased port buffer memory

Fast EtherChannel bundling for scalable bandwidth

More port buffer space for meeting peak demands on trunk and server links

Proactive monitoring with an RMON agent per port

Catalyst 5000 Family Line Card

48-port 10BaseTX line card module (WS-X5012) (FCS planned late Q3 or Q4 CY '97)

This module offers 48 switched 10BaseTX Ethernet ports

Uses four telco connectors

New high-density Ethernet module

Proactive monitoring with an RMON agent per port

Standard Features

Cisco IOS Technologies— Bandwidth Management

Fast EtherChannel —phase I

Enables two to four full-duplex Fast Ethernet links to be grouped together

Forms a single logical link or channel between devices that support EtherChannel

Improves network performance by enabling higher-bandwidth channels

Provides bandwidth scalability within the campus by providing increments from 200 to 800 Mbps

Cisco IOS Technologies— Automated Configuration and User Mobility Services

Dynamic VLAN assignment

Allows the switch to dynamically assign ports to a VLAN based on the source MAC address of the hosts connected to that port

Utilizes a new protocol, Virtual Query Protocol (VQP), which communicates with the VMPS to determine which VLAN a user's switch port should be configured onto

Allows switch fabric to automatically configure user ports to the correct VLAN with no intervention from the network administrator

After a policy has been set up for a given user's MAC address, that user may plug into any Catalyst 5000 switch running the V.2.3 supervisor software and be assigned to their VLAN

Provides user mobility for any port on a network

Cisco IOS Technologies— Bandwidth Management

VTP pruning

A method of traffic management that optimizes network bandwidth utilization by reducing unnecessary flooded traffic, which includes broadcast, multicast, and flooded unicast packets

Allows the switch fabric to automatically prune the forwarding tree for VLANs in order to contain traffic from each defined VLAN to only those trunks that require this traffic

Maximizes efficiency of interswitch VLAN trunk bandwidth

Allows switched internetworks to scale more effectively by intelligently managing VLAN traffic on trunks and backbones

Cisco IOS Technologies—

Bandwidth Management

CGMP fast leave processing

The Catalyst 5000 can now detect IGMP V.2 host leave messages and immediately prune ports from the specified multicast forwarding tree after a quick check to make sure that no other host(s) on the interface need multicast traffic from that multicast group

Reduces processing latency for nodes leaving a multicast group

Ensures maximum performance for every switch port by quickly pruning multicast tree from ports that no longer want multicast traffic

CGMP provides scalable, multicast distribution for all IGMP-capable workstations

Enhanced Features

Cisco IOS Technologies—

Automated Configuration and User Mobility Services

VMPS

Empowers network administrators with the ability to define in a central database the VLAN membership policies for their network

A server process that manages a database of host source MAC address-to-VLAN mappings that enables your workstation to be placed into the correct VLAN

Allows switch fabric to automatically configure user ports to the correct VLAN with no intervention from the network administrator

Provides user mobility for any port within a switched internetwork

Cisco IOS Technologies—

Security Services

IP permit list

Allows an administrator to create a list of permitted IP addresses or subnets to access the system console via Telnet and SNMP agent services

The permit list may contain up to ten entries including an IP address and a 32-bit mask to indicate which bits must match

Can send an SNMP trap and log the event to the syslog table when an access attempt is denied

Permit list is saved in NVRAM

Adds security to inbound Telnet supervisor console logins and SNMP agent access

Provides a console security mechanism that may be used with or without TACACS+ security

Cisco IOS Technologies—

Monitoring Services

RMON agent enhancements

First enhancement automatically restores from NVRAM the last configuration of the embedded RMON agent for each port after a system reset

Second enhancement sends traps to all trap hosts configured in the Catalyst 5000 console trap receiver table (previously, traps would be sent only to TrafficDirector™ console, the managing RMON console)

Embedded mini-RMON agent on all Ethernet and Fast Ethernet ports provides proactive monitoring

Provides standards-based RFC 1757 RMON:

Statistics group

History group

Alarms group

Events group

Consistent management of SNMP trap receivers


Release 2.3 Feature Descriptions

Fast EtherChannel Overview

Cisco's Fast EtherChannel technology builds upon standards-based 802.3 full-duplex Fast Ethernet to provide network managers a reliable, high-speed solution for the campus network backbone. Fast EtherChannel technology provides bandwidth scalability within the campus by providing increments from 200 to 800 Mbps with multigigabit capacity in the future. Fast EtherChannel technology not only solves the immediate problem of scaling bandwidth within the network backbone today, but also paves the path for an evolution to standards-based Gigabit Ethernet and beyond, because Fast EtherChannel technology can be applied to support gigabit EtherChannel technology.

Figure 1 Fast EtherChannel in a typical Switched Campus Internetwork

Fast EtherChannel technology provides a solution for network managers who require higher bandwidth between servers, routers, and switches than Fast Ethernet technology can currently provide. Cisco is committed to providing its customers with smooth evolution to Gigabit Ethernet bandwidth and beyond, and, with Gigabit Ethernet technology, Cisco will extend Fast EtherChannel technology to scale to provide multigigabit backbones in the future.

Fast EtherChannel technology provides scalable bandwidth in increments without having to deploy prestandard Gigabit Ethernet approaches today and replace them tomorrow. Fast EtherChannel technology provides the following benefits:

Standards based—Fast EtherChannel technology builds upon IEEE 802.3-compliant Fast Ethernet by grouping multiple full-duplex point-to-point links together. Fast EtherChannel uses the industry-standard 802.3 mechanisms for full-duplex autonegotiation and autosensing.

Flexible incremental bandwidth—Fast EtherChannel technology provides bandwidth aggregation in multiples of 200 Mbps, with multiples of Gigabit Ethernet in the future. For example, as Figure 1 shows, network managers can deploy Fast EtherChannel technology consisting of pairs of full-duplex Fast Ethernet to provide 400+ Mbps between the wiring closet and the data center, while in the data center bandwidths of up to 800 Mbps can be provided between servers and the network backbone to provide large amounts of scalable, incremental bandwidth.

Load balancing—Fast EtherChannel technology is composed of multiple Fast Ethernet links and is capable of load balancing traffic across those links. Unicast, broadcast, and multicast traffic is evenly distributed across the links, providing higher performance and redundant, parallel paths. In the event of a link failure, traffic is redirected to remaining links within the channel without user intervention.

Multiple platforms—Fast EtherChannel technology is flexible and can be used anywhere in the network that bottlenecks are likely to occur. Fast EtherChannel technology can be leveraged in network designs to increase bandwidth both between switches and between routers and switches, as well as providing scalable bandwidth into network servers, such as large UNIX servers or PC-based Web servers.

Resiliency and fast convergence—Fast EtherChannel technology provides automatic recovery for loss of a link by redistributing loads across remaining links. If a link does fail, this technology redirects traffic from the failed link to the remaining links in less than a second. This convergence is transparent to the end user—no host protocol timers expire, so no sessions are dropped.

The 2.3 Release provides Fast EtherChannel bundling phase I, which allows users to group and ungroup ports into a channel via command-line interface (CLI) and Simple Network Management Protocol (SNMP). In phase I, no changes have been made to the spanning-tree or Dynamic Inter-Switch Link (DISL) Protocols, so users must disable the Spanning-Tree Protocol for all VLANs that cross an EtherChannel bundle, lock the trunking state for all ports in a bundle in on or off state, set all the ports in a bundle to the same speed and duplex, and ensure that port security is disabled. In addition, phase I does not verify that all bundled ports connect to the same switch or host on the other side. Fast EtherChannel phase II will include Cisco's new Port Aggregation Protocol (PAgP) to provide autoconfiguration and consistency checking of Fast EtherChannel links.


Note: Without PAgP and modifications to the Spanning-Tree Protocol, Fast EtherChannel phase I bundling must be used carefully to avoid network loops that might occur if misconfigured or misconnected.


In phase I, if an individual port in a bundle is selected as a Switched Port Analyzer (SPAN) destination, the SPAN packets are distributed across the bundle correctly. If an individual port in a bundle is selected as a SPAN source, only a portion of the bundle packets are sent to the SPAN destination, including those packets received on that port (which depends on the other bundling algorithm or the other node) and those packets that would normally be transmitted on that port without bundling enabled.

Fast EtherChannel bundling is supported on the following Catalyst 5000 series modules:

WS-X5505 Two-port 100BaseFX SM Supervisor Engine II module

WS-X5506 Two-port 100BaseFX MM Supervisor Engine II module

WS-X5509 Two-port 100BaseTX Supervisor Engine II module

WS-X5201 12-port 100BaseFX line card module (FCS planned late Q3 or Q4 CY '97)

WS-X5203 12-port 10/100Base-TX line card module (FCS planned late Q3 or Q4 CY '97)

Dynamic VLANs

The first phase of Cisco's implementation of dynamic VLANs uses a straightforward VLAN assignment scheme. When a port that has been configured for dynamic VLANs is first enabled (link up state) it is isolated from VLANs 1 through 1000. Then, when a new host sends a packet on this dynamic port, it is detected by the supervisor. The supervisor uses information from the host packet and the current status of the port (port-VLAN assignment if any, current other active hosts on port or not) and sends a VQP query to the VMPS. The VMPS can respond with options such as place port in VLAN X, keep this host out, or shut down the port. For a valid VLAN X response from the VMPS, the port is placed in VLAN X (if the port is currently in a different VLAN it is moved to VLAN X) and, at this point, the host is automatically connected to VLAN X via the switch fabric. Multiple hosts (MAC addresses) are allowed to be active on a dynamic port provided that they are all in the same VLAN as per VMPS.

On link down, a dynamic port is moved back to a state where it is isolated from other VLANs (1 through 1000) and the port ends in its initial state (basically any hosts that come on line via this port are detected by the supervisor and then checked with VMPS before these hosts are allowed/disallowed network VLAN connectivity).

Figure 2 User Mobility from Second to First Floor with Dynamic VLANs

Virtual Membership Policy Server

The VMPS is a server that has a database of MAC address-to-VLAN mappings that enables your workstation to be placed into the correct VLAN. The MAC-to-VLAN mapping file is created by the network administrator. It is then simply downloaded via Trivial File Transfer Protocol (TFTP) to the VMPS, which runs in a Catalyst 5000 chassis. A future release of VMPS will allow VLAN membership determination based on user login names.

Figure 3 MAC Address-to-VLAN Membership Policies Managed in VMPS

VTP Pruning

To optimize the usage of interswitch VLAN trunk bandwidth, the VTP Pruning Protocol (an extension to VTP) restricts flooded traffic to only those trunk links necessary for it to reach the appropriate network devices. When this protocol is in use, VLAN traffic is not sent down a normally forwarding trunk unless an appropriate join message has been received on the trunk link.

In order to support pruning, a new state variable has been defined per VLAN per forwarding trunk port. This state variable indicates either the "pruned" state or the "joined" state of that VLAN on that port. This state affects only the sending of messages on that port; it has no effect on the receiving of messages. In the joined state, the port sends frames exactly as it currently does. In the pruned state, no frames are sent on that VLAN on that port, except possibly for Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), and VTP packets.

A nontrunk port is in the joined state for each VLAN for which traffic is allowed to be sent on that port, and pruned for each other VLAN. For a trunk port, a subset of VLANs is always in the joined state. This subset always includes the factory-default VLANs. Other VLANs can be in this subset through configuration of the port by local/network management. Each VLAN not in this subset is termed "pruning-eligible" on that port, and its state is set to joined or pruned according to the contents of the join messages received on the port.

CGMP Overview

CGMP allows Catalyst switches to provide wire-speed multicast delivery while preventing excessive flooding across switched ports within a VLAN. Using CGMP Cisco IOS routers download the identity of multicast clients as they join a multicast group. Using this information, multicast streams are switched to only those ports interested in the specific multicast traffic.

Figure 4 Multicast Optimized Switched Networking with CGMP

CGMP provides scalable, multicast distribution for all IGMP-capable workstations and does not require any host software changes, and Cisco IOS software allows CGMP to interoperate with non-Cisco routers by providing CGMP proxy services.

Figure 5 CGMP Multicast Pruning

CGMP Fast Leave Processing

The CGMP fast leave processing feature allows the Catalyst 5000 supervisor to detect IGMP V.2 Leave messages from hosts on any of its ports. Upon receipt of a leave message, the supervisor sends an IGMP group specific query (GS query) on the port that the leave message was received on. After the query is sent, the switch starts a query response timer. If this timer expires before a join message (that is, an IGMP membership report) is received, then the port is pruned from the multicast tree for the multicast group specified in the original leave message. Fast leave processing ensures optimal bandwidth management for all hosts on a switched network, even when multiple multicast groups are simultaneously in use.

IP Permit List

The IP permit list is a security mechanism for the Catalyst 5000's system console and SNMP Agent. The IP permit list may be used whether or not TACACS+ is enabled on a network. When TACACS+ is enabled on a network, the IP permit list provides a first level of checking based on a source IP address. It also logs disallowed access attempts using the syslog facility and SNMP traps. The IP permit list applies only to inbound Telnet and SNMP services. Up to ten entries can be created including an IP address and a 32-bit mask to indicate which bits must match.

System Requirements for 2.3

Release 2.3 runs on Catalyst 2900, 5000, 5002, and 5500 Supervisor 1 and Supervisor 2 modules with at least 8 MB of DRAM. See the following URL for more information regarding memory upgrades: http://www.cisco.com/en/US/products/hw/switches/ps679/prod_bulletin09186a00800925f9.html.

Ordering Information

The standard and enhanced feature sets are combined in a single image for the Catalyst 5000 software Release 2.3. All features of this release are currently available free of charge except for the optional RMON functionality. Use of the embedded RMON agent requires purchase of one of the following licenses:

WS-C2900-EMS-LIC Catalyst 2900 Embedded RMON Agent License

WS-C5K-EMS-LIC Catalyst 5000 Embedded RMON Agent License

WS-C5002-EMS-LIC Catalyst 5002 Embedded RMON Agent License

WS-C5500-EMS-LIC Catalyst 5500 Embedded RMON Agent License

Refer to WBU Product Bulletin # 451 for more information regarding the optional RMON license.

Customers can download the Release 2.3 supervisor software from Cisco Connection Online (CCO) in the Software Image Library. Customers who are unable to download the files electronically can order an upgrade package by contacting Cisco at 408 526-4000 or, in North America, 800 553-NETS (6387).

If you have specific questions regarding this product bulletin or ideas for Catalyst 5000 series supervisor software feature enhancements, e-mail bdebolle@cisco.com.