Introduction
This document describes the procedure and requirements to perform automatic health and configuration checks for Catalyst 9000 platforms.
Prerequisites
Requirements
Automated Health and Configuration Check is supported only for the Catalyst 9000 platforms that run standalone Cisco IOS® XE software, and not switches that run Meraki software.
Cisco RADKit is used to access the devices that the health check is being performed on. A connected RADKit instance is required jhwatson@cisco.com must be an allowed user. Review RADKit documentation and installation instructions here.
If Cisco RADKit is not available there is also a manual file upload option.
These hardware platforms and software versions are supported:
- Catalyst 9200
- Catalyst 9300
- Catalyst 9400
- Catalyst 9500
- Catalyst 9600
- Cisco IOS®XE 17.3.1 and later versions
Note: Catalyst 9500X and 9600X switches are not currently supported.
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Health and Configuration Check Procedure
To get started with Catalyst 9000 Automated Health Check all you need to do is open a regular TAC Service Request (SR) at Cisco Support Case Manager with this set of keywords (Technology/Sub-Technology/Problem Code):
Tech: LAN Switching
Sub-Tech: Catalyst 9000 - Health Check (Automated)
Problem Code: Health and Config Check
Once the SR is opened, a Cisco Guided Workflow walks you through the steps to upload the required logs.
After the required logs are uploaded, Cisco analyzes the logs and provides a health check report (in PDF format), which is attached to an email sent to the user. The report contains a list of issues detected, relevant steps to troubleshoot the problems, and recommended actions plan.
If you have any questions regarding the health check failures reported, it is advised to open a separate SR with appropriate keywords to get further expert assistance. It is strongly recommended to refer the original SR number opened for the Automated Health and Configuration Check along with the report generated to expedite the investigation.
Health and Configuration Check Modules
Automated Catalyst Health and Configuration Check Version 1 performs the checks listed in the Table 1.
Table 1: Health Check Modules and Associated CLI commands used by the Modules.
Index
|
Health Check Module
|
Brief Description of the Module
|
CLI command(s) Used to Perform Health Check
|
1 |
CPU and Memory Check |
Checks if CPU and memory utilizations are over the system thresholds |
show platform resources |
2 |
TCAM Health Check |
Checks if TCAM has any TCAM banks that are close to fully utilized or are currently over-utilized |
show platform hardware fed switch active fwd-asic resource tcam utilization* |
3 |
Object Manager Health Check |
Checks if object manager has any stuck or pending objects |
show platform software object-manager switch active f0 statistics* |
4 |
ASIC Health Check |
Checks if any ASIC resource is close to fully utilized or is currently fully utilized |
show platform hardware fed switch active fwd-asic resource utilization* |
5 |
Control Plane Policer Check |
Checks if any control plane policing queue has excessive drop values |
show platform hardware fed switch active qos queue stats internal cpu policer* |
6 |
PSU, PoE, and Fan Check |
Checks environmental status of power supplies, fans, and PoE capability |
show environment all |
7 |
Generic Online Diagnostic (GOLD) Check |
Checks diagnostic results to detect any failures |
show diagnostic result module all detail* |
8 |
Power-On Self Test Check |
Checks if any POST failure is observed on the system |
show post |
9 |
Interface Health Check |
Checks interface counters for errors (CRC, giants, output drops) |
show interfaces |
10 |
Error Disable Check |
Checks if any interfaces are currently error disabled |
show interfaces status err-disabled |
11 |
SFP Health Check |
Checks for presence of 3rd party optics |
show inventory |
12 |
Suggested Release Check |
Checks if the system is running the current recommended software |
show version |
13 |
Stackwise Virtual Health Check |
Checks if SVL best practices are implemented if the system is running in HA mode |
show stackwise-virtual
show stackwise-virtual link
show stackwise-virtual dual-active-detection
|
14 |
Spanning Tree Configuration Check |
Checks if STP best practices are implemented |
show spanning-tree
show spanning-tree instances
show spanning-tree summary
show spanning-tree detail
show spanning-tree inconsistentports
show running-config
|
15 |
Security Advisory Check |
Checks configurations against known Security Advisories |
show ap status
show app-hosting list
show avc sd-service info detailed
show inventory
show iox-service
show ip nat statistics
show ip sockets
show ip ssh
show mdns-sd summary
show module
show redundancy
show subsys
show udld
show udp
show wireless mobility summary
show ip interface brief
show run all
show snmp user
|
*Commands vary slightly depending on the model of switch and if it is part of a Stackwise or Stackwise-Virtual setup
Manual File Upload
To optimize ease of use of the manual file upload the commands needed are listed based on the hardware configuration type. Copy and paste the command list into a file and upload it when prompted.
Catalyst 9200 Standalone or Catalyst 9200 Stackwise
Catalyst 9300 Standalone or Catalyst 9200 Stackwise
Catalyst 9500 in Stackwise-Virtual
term exec prompt expand
show version
show running-config
show redundancy
show platform resources
show wireless mobility summary
show run all
show ap status
show snmp user
show ip ssh
show spanning-tree inconsistentports
show platform hardware fed switch active qos queue stats internal cpu policer
show app-hosting list
show ip sockets
show udld
show environment all
show avc sd-service info detailed
show iox-service
show spanning-tree detail
show spanning-tree instances
show platform hardware fed switch active fwd-asic resource utilization
show spanning-tree
show interfaces
show platform hardware fed switch active fwd-asic resource tcam utilization
show udp
show mdns-sd summary
show post
show process cpu sorted | exclude 0.00
show module
show ip interface brief
show process cpu platform sorted | exclude 0% 0% 0%
show inventory
show interfaces status err-disabled
show platform hardware fed switch active fwd-asic resource rewrite utilzation
show logging
show diagnostic result module all detail
show platform software object-manager switch active f0 statistics
show spanning-tree summary
show subsys
show ip nat statistics
Catalyst 9500 Standalone
term exec prompt expand
show version
show running-config
show module
show inventory
show iox-service
show spanning-tree instances
show run all
show platform resources
show subsys
show ip nat statistics
show udld
show interfaces
show platform hardware fed active fwd-asic resource rewrite utilzation
show spanning-tree detail
show wireless mobility summary
show platform hardware fed active fwd-asic resource tcam utilization
show snmp user
show platform hardware fed active qos queue stats internal cpu policer
show spanning-tree inconsistentports
show diagnostic result module all detail
show ip sockets
show mdns-sd summary
show ap status
show process cpu sorted | exclude 0.00
show avc sd-service info detailed
show udp
show ip ssh
show spanning-tree
show redundancy
show post
show logging
show process cpu platform sorted | exclude 0% 0% 0%
show app-hosting list
show platform software object-manager f0 statistics
show ip interface brief
show platform hardware fed active fwd-asic resource utilization
show interfaces status err-disabled
show spanning-tree summary
show environment all
Catalyst 9400 Standalone and Catalyst 9600 Standalone
term exec prompt expand
show version
show running-config
show ip sockets
show ip interface brief
show ap status
show ip nat statistics
show diagnostic result module all detail
show ip ssh
show iox-service
show snmp user
show interfaces status err-disabled
show run all
show wireless mobility summary
show logging
show redundancy
show spanning-tree detail
show module
show mdns-sd summary
show spanning-tree
show app-hosting list
show udld
show process cpu sorted | exclude 0.00
show udp
show platform hardware fed active qos queue stats internal cpu policer
show spanning-tree instances
show platform resources
show inventory
show avc sd-service info detailed
show process cpu platform sorted | exclude 0% 0% 0%
show platform hardware fed active fwd-asic resource utilization
show post
show interfaces
show platform software object-manager f0 statistics
show platform hardware fed active fwd-asic resource rewrite utilzation
show platform hardware fed active fwd-asic resource tcam utilization
show environment all
show spanning-tree summary
show spanning-tree inconsistentports
show subsys
Catalyst 9400 in Stackwise-Virtual and Catalyst 9600 in Stackwise-Virtual
term exec prompt expand
show version
show running-config
show stackwise-virtual
show spanning-tree summary
show spanning-tree
show platform software object-manager switch active f0 statistics
show platform hardware fed switch active fwd-asic resource rewrite utilization
show inventory
show ap status
show platform hardware fed switch active fwd-asic resource tcam utilization
show avc sd-service info detailed
show run all
show udp
show interfaces status err-disabled
show subsys
show stackwise-virtual dual-active-detection
show environment all
show platform resources
show logging
show ip sockets
show stackwise-virtual link
show platform hardware fed switch active qos queue stats internal cpu policer
show platform hardware fed switch active fwd-asic resource utilization
show app-hosting list
show ip interface brief
show post
show diagnostic result switch all all detail
show process cpu sorted | exclude 0.00
show spanning-tree instances
show udld
show snmp user
show iox-service
show process cpu platform sorted | exclude 0% 0% 0%
show spanning-tree detail
show ip nat statistics
show mdns-sd summary
show wireless mobility summary
show redundancy
show module
show interfaces
show spanning-tree inconsistentports
show ip ssh
Reports and Caveats
- The Health and Config Check SR is automated and handled by the Virtual TAC Engineer.
- The report (in PDF format) is usually generated within 24 business hours after all necessary logs are attached to the SR.
- The report is automatically shared over email (sourced from jhwatson@cisco.com) with all contacts (primary as well as secondary) associated with the SR.
- The report is also attached to the SR to allow its availability at any later point in time.
- Be advised that the issues listed in the report are based on the logs provided and within the scope of the health check modules listed previously in Table 1.
- The list of health and configuration checks performed is not exhaustive and users are advised to perform further health checks as needed.
FAQs
Q1: Can I upload the command output manually instead of using Cisco RADKit?
A1: Yes -- if Cisco RADKit is not installed there is a manual file upload option available.
Q2: What can I do if I have questions about one of the health check failures reported?
A2: Please open a separate TAC service request to get further assistance on the specific health check result. It is highly recommended to attach the health check report and refer the Service Request (SR) Case number opened for the automated health and config check.
Q3: Can I use the same SR opened for the Automated Health and Config Check to troubleshoot the issues found?
A3 No. As the proactive health check is automated, please open a new service request to troubleshoot and resolve the issues reported. Please be advised that the SR opened for health check is closed with in 24 hours after the health report published.
Q4: How do I close the SR opened for the automated health check?
A4: The SR is closed within 24 hours after the first health check report is sent. No action is needed from the user around SR closure.
Feedback
Any feedback on the operations of these tool is highly appreciated. If you have any observations or suggestions (for example, about the ease of use, scope, quality of the reports generated) please share them atCatalyst-HealthCheck-Feedback@cisco.com.