Table Of Contents
Product Bulletin - No. 648
Cisco Catalyst 5000 Series Release 2.3 Supervisor Software
OverviewRelease 2.3 of the Catalyst® 5000 series supervisor software adds support for several new hardware modules and offers many important new software features to help network administrators and users get the most from their Catalyst 2900, 5000, 5002, and 5500 switches. Release 2.3 runs on all Catalyst 5000 series Supervisor 1 and Supervisor 2 modules that have at least 8 MB of DRAM.
This product bulletin describes the new features and modules supported in the Catalyst 5000 supervisor software Release 2.3.
Features at a Glance
•New Hardware Support
•High-performance Route Switch module
•12-port 10/100BaseTX line card, supports Fast EtherChannel®
•12-port 100BaseFX line card, supports Fast EtherChannel
•48-port 10BaseTX high-density line card module
New Software Features
•Standard Feature Set
•Fast EtherChannel—phase I
•Dynamic VLAN assignment
•VLAN Trunk Protocol (VTP) pruning
•Cisco Group Management Protocol (CGMP) Fast Leave Processing
•Enhanced Feature Set
•Virtual Management Policy Server (VMPS)
•IP permit list
•Remote Monitoring (RMON) agent enhancements
Note: Use of RMON agent requires separate license purchase.
Release 2.3 Feature Descriptions
Fast EtherChannel OverviewCisco's Fast EtherChannel technology builds upon standards-based 802.3 full-duplex Fast Ethernet to provide network managers a reliable, high-speed solution for the campus network backbone. Fast EtherChannel technology provides bandwidth scalability within the campus by providing increments from 200 to 800 Mbps with multigigabit capacity in the future. Fast EtherChannel technology not only solves the immediate problem of scaling bandwidth within the network backbone today, but also paves the path for an evolution to standards-based Gigabit Ethernet and beyond, because Fast EtherChannel technology can be applied to support gigabit EtherChannel technology.
Figure 1 Fast EtherChannel in a typical Switched Campus Internetwork
Fast EtherChannel technology provides a solution for network managers who require higher bandwidth between servers, routers, and switches than Fast Ethernet technology can currently provide. Cisco is committed to providing its customers with smooth evolution to Gigabit Ethernet bandwidth and beyond, and, with Gigabit Ethernet technology, Cisco will extend Fast EtherChannel technology to scale to provide multigigabit backbones in the future.
Fast EtherChannel technology provides scalable bandwidth in increments without having to deploy prestandard Gigabit Ethernet approaches today and replace them tomorrow. Fast EtherChannel technology provides the following benefits:
•Standards based—Fast EtherChannel technology builds upon IEEE 802.3-compliant Fast Ethernet by grouping multiple full-duplex point-to-point links together. Fast EtherChannel uses the industry-standard 802.3 mechanisms for full-duplex autonegotiation and autosensing.
•Flexible incremental bandwidth—Fast EtherChannel technology provides bandwidth aggregation in multiples of 200 Mbps, with multiples of Gigabit Ethernet in the future. For example, as Figure 1 shows, network managers can deploy Fast EtherChannel technology consisting of pairs of full-duplex Fast Ethernet to provide 400+ Mbps between the wiring closet and the data center, while in the data center bandwidths of up to 800 Mbps can be provided between servers and the network backbone to provide large amounts of scalable, incremental bandwidth.
•Load balancing—Fast EtherChannel technology is composed of multiple Fast Ethernet links and is capable of load balancing traffic across those links. Unicast, broadcast, and multicast traffic is evenly distributed across the links, providing higher performance and redundant, parallel paths. In the event of a link failure, traffic is redirected to remaining links within the channel without user intervention.
•Multiple platforms—Fast EtherChannel technology is flexible and can be used anywhere in the network that bottlenecks are likely to occur. Fast EtherChannel technology can be leveraged in network designs to increase bandwidth both between switches and between routers and switches, as well as providing scalable bandwidth into network servers, such as large UNIX servers or PC-based Web servers.
•Resiliency and fast convergence—Fast EtherChannel technology provides automatic recovery for loss of a link by redistributing loads across remaining links. If a link does fail, this technology redirects traffic from the failed link to the remaining links in less than a second. This convergence is transparent to the end user—no host protocol timers expire, so no sessions are dropped.
The 2.3 Release provides Fast EtherChannel bundling phase I, which allows users to group and ungroup ports into a channel via command-line interface (CLI) and Simple Network Management Protocol (SNMP). In phase I, no changes have been made to the spanning-tree or Dynamic Inter-Switch Link (DISL) Protocols, so users must disable the Spanning-Tree Protocol for all VLANs that cross an EtherChannel bundle, lock the trunking state for all ports in a bundle in on or off state, set all the ports in a bundle to the same speed and duplex, and ensure that port security is disabled. In addition, phase I does not verify that all bundled ports connect to the same switch or host on the other side. Fast EtherChannel phase II will include Cisco's new Port Aggregation Protocol (PAgP) to provide autoconfiguration and consistency checking of Fast EtherChannel links.
Note: Without PAgP and modifications to the Spanning-Tree Protocol, Fast EtherChannel phase I bundling must be used carefully to avoid network loops that might occur if misconfigured or misconnected.
In phase I, if an individual port in a bundle is selected as a Switched Port Analyzer (SPAN) destination, the SPAN packets are distributed across the bundle correctly. If an individual port in a bundle is selected as a SPAN source, only a portion of the bundle packets are sent to the SPAN destination, including those packets received on that port (which depends on the other bundling algorithm or the other node) and those packets that would normally be transmitted on that port without bundling enabled.
Fast EtherChannel bundling is supported on the following Catalyst 5000 series modules:
•WS-X5505 Two-port 100BaseFX SM Supervisor Engine II module
•WS-X5506 Two-port 100BaseFX MM Supervisor Engine II module
•WS-X5509 Two-port 100BaseTX Supervisor Engine II module
•WS-X5201 12-port 100BaseFX line card module (FCS planned late Q3 or Q4 CY '97)
•WS-X5203 12-port 10/100Base-TX line card module (FCS planned late Q3 or Q4 CY '97)
Dynamic VLANsThe first phase of Cisco's implementation of dynamic VLANs uses a straightforward VLAN assignment scheme. When a port that has been configured for dynamic VLANs is first enabled (link up state) it is isolated from VLANs 1 through 1000. Then, when a new host sends a packet on this dynamic port, it is detected by the supervisor. The supervisor uses information from the host packet and the current status of the port (port-VLAN assignment if any, current other active hosts on port or not) and sends a VQP query to the VMPS. The VMPS can respond with options such as place port in VLAN X, keep this host out, or shut down the port. For a valid VLAN X response from the VMPS, the port is placed in VLAN X (if the port is currently in a different VLAN it is moved to VLAN X) and, at this point, the host is automatically connected to VLAN X via the switch fabric. Multiple hosts (MAC addresses) are allowed to be active on a dynamic port provided that they are all in the same VLAN as per VMPS.
On link down, a dynamic port is moved back to a state where it is isolated from other VLANs (1 through 1000) and the port ends in its initial state (basically any hosts that come on line via this port are detected by the supervisor and then checked with VMPS before these hosts are allowed/disallowed network VLAN connectivity).
Figure 2 User Mobility from Second to First Floor with Dynamic VLANs
Virtual Membership Policy ServerThe VMPS is a server that has a database of MAC address-to-VLAN mappings that enables your workstation to be placed into the correct VLAN. The MAC-to-VLAN mapping file is created by the network administrator. It is then simply downloaded via Trivial File Transfer Protocol (TFTP) to the VMPS, which runs in a Catalyst 5000 chassis. A future release of VMPS will allow VLAN membership determination based on user login names.
Figure 3 MAC Address-to-VLAN Membership Policies Managed in VMPS
VTP PruningTo optimize the usage of interswitch VLAN trunk bandwidth, the VTP Pruning Protocol (an extension to VTP) restricts flooded traffic to only those trunk links necessary for it to reach the appropriate network devices. When this protocol is in use, VLAN traffic is not sent down a normally forwarding trunk unless an appropriate join message has been received on the trunk link.
In order to support pruning, a new state variable has been defined per VLAN per forwarding trunk port. This state variable indicates either the "pruned" state or the "joined" state of that VLAN on that port. This state affects only the sending of messages on that port; it has no effect on the receiving of messages. In the joined state, the port sends frames exactly as it currently does. In the pruned state, no frames are sent on that VLAN on that port, except possibly for Spanning Tree Protocol (STP), Cisco Discovery Protocol (CDP), and VTP packets.
A nontrunk port is in the joined state for each VLAN for which traffic is allowed to be sent on that port, and pruned for each other VLAN. For a trunk port, a subset of VLANs is always in the joined state. This subset always includes the factory-default VLANs. Other VLANs can be in this subset through configuration of the port by local/network management. Each VLAN not in this subset is termed "pruning-eligible" on that port, and its state is set to joined or pruned according to the contents of the join messages received on the port.
CGMP OverviewCGMP allows Catalyst switches to provide wire-speed multicast delivery while preventing excessive flooding across switched ports within a VLAN. Using CGMP Cisco IOS routers download the identity of multicast clients as they join a multicast group. Using this information, multicast streams are switched to only those ports interested in the specific multicast traffic.
Figure 4 Multicast Optimized Switched Networking with CGMP
CGMP provides scalable, multicast distribution for all IGMP-capable workstations and does not require any host software changes, and Cisco IOS software allows CGMP to interoperate with non-Cisco routers by providing CGMP proxy services.
Figure 5 CGMP Multicast Pruning
CGMP Fast Leave ProcessingThe CGMP fast leave processing feature allows the Catalyst 5000 supervisor to detect IGMP V.2 Leave messages from hosts on any of its ports. Upon receipt of a leave message, the supervisor sends an IGMP group specific query (GS query) on the port that the leave message was received on. After the query is sent, the switch starts a query response timer. If this timer expires before a join message (that is, an IGMP membership report) is received, then the port is pruned from the multicast tree for the multicast group specified in the original leave message. Fast leave processing ensures optimal bandwidth management for all hosts on a switched network, even when multiple multicast groups are simultaneously in use.
IP Permit ListThe IP permit list is a security mechanism for the Catalyst 5000's system console and SNMP Agent. The IP permit list may be used whether or not TACACS+ is enabled on a network. When TACACS+ is enabled on a network, the IP permit list provides a first level of checking based on a source IP address. It also logs disallowed access attempts using the syslog facility and SNMP traps. The IP permit list applies only to inbound Telnet and SNMP services. Up to ten entries can be created including an IP address and a 32-bit mask to indicate which bits must match.
System Requirements for 2.3Release 2.3 runs on Catalyst 2900, 5000, 5002, and 5500 Supervisor 1 and Supervisor 2 modules with at least 8 MB of DRAM. See the following URL for more information regarding memory upgrades: http://www.cisco.com/en/US/products/hw/switches/ps679/prod_bulletin09186a00800925f9.html.
Ordering InformationThe standard and enhanced feature sets are combined in a single image for the Catalyst 5000 software Release 2.3. All features of this release are currently available free of charge except for the optional RMON functionality. Use of the embedded RMON agent requires purchase of one of the following licenses:
•WS-C2900-EMS-LIC Catalyst 2900 Embedded RMON Agent License
•WS-C5K-EMS-LIC Catalyst 5000 Embedded RMON Agent License
•WS-C5002-EMS-LIC Catalyst 5002 Embedded RMON Agent License
•WS-C5500-EMS-LIC Catalyst 5500 Embedded RMON Agent License
Refer to WBU Product Bulletin # 451 for more information regarding the optional RMON license.
Customers can download the Release 2.3 supervisor software from Cisco Connection Online (CCO) in the Software Image Library. Customers who are unable to download the files electronically can order an upgrade package by contacting Cisco at 408 526-4000 or, in North America, 800 553-NETS (6387).
If you have specific questions regarding this product bulletin or ideas for Catalyst 5000 series supervisor software feature enhancements, e-mail firstname.lastname@example.org.