- Release 15.4SY Supervisor Engine 2T Software Configuration Guide
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Upgrade (eFSU)
- Fast Software Upgrades
- Stateful Switchover (SSO)
- Non-Stop Forwarding (NSF)
- RPR Supervisor Engine Redundancy
- Interface Configuration
- UniDirectional Link Detection (UDLD)
- Instant Access
- EnergyWise
- Power Management
- Environmental Monitoring
- Online Diagnostics
- Onboard Failure Logging (OBFL)
- Switch Fabric Functionality
- Cisco IP Phone Support
- Power over Ethernet
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Policy Based Routing (PBR)
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- Virtual Private LAN Services (VPLS)
- L2VPN Advanced VPLS (A-VPLS)
- Ethernet Virtual Connections (EVC)
- Layer 2 over Multipoint GRE (L2omGRE)
- Campus Fabric
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- NetFlow Hardware Support
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS Guidelines and Restrictions
- PFC QoS Overview
- PFC QoS Classification, Marking, and Policing
- PFC QoS Policy Based Queueing
- PFC QoS Global and Interface Options
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Configuring IGMP Proxy
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Prerequisites for Instant Access
- Restrictions for Instant Access
- Information About Instant Access
- Default Settings for Instant Access
- How to Configure Instant Access
- Configure Instant Access Staggered Initialization Mode
- Enable FEX Auto-Config
- Enable IA Client Preprovisioning
- Configure Instant Access Port-Channel Interfaces
- Configure Instant Access Channel Groups
- Identify Connected IA Client Stack Modules
- Renumbering FEX Switch-ID
- Configure IA Clients
- Display or Clear SDP and SRP Traffic
- Upgrade FEX using In-Service Software Upgrade (ISSU) Process
- Configure Optional Parameters for an IA Client
Instant Access (IA)
- Prerequisites for Instant Access
- Restrictions for Instant Access
- Information About Instant Access
- Default Settings for Instant Access
- How to Configure Instant Access
Note ● For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
- Cisco IOS Release 15.4SY supports only Ethernet interfaces. Cisco IOS Release 15.4SY does not support any WAN features or commands.
Prerequisites for Instant Access
- An IA parent—A VSS-mode Catalyst 6800 switch or a VSS-mode Cisco Catalyst 6880-X switch or a VSS-mode Catalyst 6500 switch equipped with a Supervisor Engine 2T and one or more WS-X6904-40G-2T, C6800-32P10G/XL, C6800-16P10G/XL, and C6800-8P10G/XL switching modules, configured to support 1/10GE links.
- IA clients— Catalyst 6800ia access switches
See this publication for more information:
http://www.cisco.com/en/US/prod/collateral/switches/ps10902/ps715/ps13198/data_sheet_c78-728230.html
http://www.cisco.com/en/US/prod/collateral/switches/ps10902/ps715/ps13198/white_paper_c11-728265.html
Restrictions for Instant Access
Note • You can enable VSS mode on a single chassis to support IA clients.
• The VSS Quad-Sup SSO (VS4O) feature is supported with IA clients from Release 15.1(2)SY2.
- The IA parent-client connection is supported on links between WS-X6904-40G-2T, C6800-32P10G/XL, C6800-16P10G/XL, and C6800-8P10G/XL switching modules 1/10GE ports and Catalyst 6800ia access switches 10GE ports.
– You can use up to 8 IA client 10GE ports in the IA parent-client link. See this document for information about the port configuration for WS-X6904-40G-2T, C6800-32P10G/XL, C6800-16P10G/XL, and C6800-8P10G/XL switching modules:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-696669.html
– IA client 10-Gigabit Ethernet ports require no configuration.
– UDLD, LLDP, and CDP are not supported on the IA parent-client link.
– IA does not use STP on the IA parent-client connection.
– Use only XL based modules for scale FEX QoS configuration to prevent issues with TCAM (ternary content-addressable memory) utilization. When QoS policy is configured on 1500 FEX host ports, the first 511 interfaces share the TCAM utilization. But, remaining ports will start using new TCAM entries for each interface and will exhaust non-XL TCAM utilization.
- IA client maximum values:
- IA client ports do not support these features:
– Configuring EtherChannels with a combination of FEX Ports using different FEX-IDs or a combination of FEX host port and an IA parent linecard port is not supported. However, FEX host port channel from the same FEX is supported.
– FEX host port EtherChannel load balancing is not supported.
– UDLR tunnel ARP and IGMP proxy
– Uni-Directional Link Routing (UDLR)
– IEEE 802.1Q custom ethertypes
– L2PT - Layer 2 protocol tunneling
– L2PT - Layer 2 protocol tunneling on trunk ports
– Port security on 802.1Q tunnel ports
– Per-VLAN load balancing for Advanced QinQ service mapping
– Cisco TrustSec NDAC (Network Device Admission Control)
– Cisco TrustSec confidentiality and integrity with MACsec (IEEE 802.1AE)
– Cisco TrustSec identity port mapping
– Network edge authentication topology (NEAT)
– QoS aggregated DSCP values for WRED
– QoS aggregated precedence values for WRED
– Class based weighted fair queuing (CBWFQ)
– Selective packet discard (SPD)
– Weighted fair queueing (WFQ)
– QoS policer rate increase to 256G
– Ethernet over MPLS (EoMPLS) - IEEE 802.1q Tag Stacking
– H-VPLS N-PE redundancy for QinQ access
– Connectivity fault management (CFM)
– Ethernet connectivity fault management (E-CFM)
– Ethernet local management interface (LMI) at provider edge (PE)
– Ethernet operations, administration, and Maintenance (OAM)
– Ethernet-OAM 3.0: CFM over BD, Untagged
– IEEE 802.1ag - D8.1 standard Compliant CFM, Y.1731 multicast LBM / AIS / RDI / LCK, IP SLA for Ethernet
– IEEE 802.1ag Compliant CFM (D8.1)
- To use an IA client port as a SPAN destination, add the IA client port VLAN to the SPAN allowed VLAN list with the switchport trunk allowed vlan command.
- When FEX IA parent-client link portchannel is configured as SPAN source in Tx direction or both directions, the SPAN destination should not be on the same FEX. This is applicable for both stacked and standalone FEX.
- When a queuing policy is attached to a FEX interface or removed from a FEX interface, the policy will be propagated to all the interfaces in the same FEX stack. In the case of a module deletion (using module provision command) from a FEX stack the policy will be removed from the remaining modules in the same stack. This is because the module deletion will trigger a removal policy event for the interfaces and any delete policy event will propagate to all the interfaces in the stack. This is expected behavior from the current design point of view.
- IA client port QoS:
– Configure ingress QoS on the IA parent port-channel interface.
– The egress QoS configuration on IA client ports is not configurable.
– Port architecture (Rx/Tx): 1p3q3t
|
|||
(high priority) |
|||
(medium priority) |
|||
(lowest priority) |
|||
Information About Instant Access
The Instant Access (IA) feature supports multiple Catalyst 6800ia access switches that function as clients of the IA parent switch. The IA parent and client switches form a single extended switch with a single management domain, managed by the IA parent.
The IA parent uses the Satellite Discovery Protocol (SDP) and the Satellite Registration Protocol (SRP) to automatically discover IA clients when they connect and monitor the IA client-parent link. The IA parent upgrades the IA client software image if it is not the same as the parent FEX Image Bundle.
The IA parent features are applied to IA client FEX ports. The IA clients do not perform any local packet forwarding. All traffic originating from IA client ports are sent to the IA parent, which makes all the switching and forwarding decisions.
The IA client switches support the following online diagnostic tests:
Default Settings for Instant Access
How to Configure Instant Access
- Configure Instant Access Staggered Initialization Mode
- Enable FEX Auto-Config
- Enable IA Client Preprovisioning
- Configure Instant Access Port-Channel Interfaces
- Configure Instant Access Channel Groups
- Identify Connected IA Client Stack Modules
- Renumbering FEX Switch-ID
- Configure IA Clients
- Display or Clear SDP and SRP Traffic
- Upgrade FEX using In-Service Software Upgrade (ISSU) Process
- Configure Optional Parameters for an IA Client
Configure Instant Access Staggered Initialization Mode
Instant Access staggered initialization mode avoids any excessively high CPU utilization that might occur if multiple IA clients attempt to initialize simultaneously. To configure Instant Access staggered initialization mode, perform this task:
|
|
---|---|
Configures Instant Access staggered initialization mode. The delay_value can be 0 through 500. |
This example shows how to configure Instant Access staggered mode:
Enable FEX Auto-Config
FEX Auto-config mode allows increased scalability with reduced configuration. Configuration using Auto-config includes FEX ID selection, Port-channel ID selection, converting RSL port to FEX-fabric mode, and RSL port bundling.
To enable FEX auto-config, perform this task:
|
|
---|---|
This example shows how to configure FEX auto-config mode:
Enable IA Client Preprovisioning
To allow IA client port configuration before the IA client is connected, perform this task:
WS-C3560CX-8XPD-S and WS-C3560CX-12PD-S will undergo a number of reloads as FEX client before coming online based on the following conditions:
- Reload1: To convert itself from switch mode to FEX mode on receiving the SDP packet from controller
- Reload2: If a mismatch of IOS version occurs between FEX controller and FEX client, the FEX client downloads the image from controller and boots up.
- Reload3: If a mismatch of MTU occurs between FEX controller and FEX client, the FEX client reloads again to change the MTU of FEX host ports.
Configure Instant Access Port-Channel Interfaces
To create a port channel interface to support IA clients, perform this task:
This example shows how to create port channel interface 1 and configure it to support IA FEX number 118:
Configure Instant Access Channel Groups
To configure channel groups to support IA clients, perform this task for the 10 Gigabit Ethernet LAN ports that connect to IA clients:
Note More links can be added to the channel group at any time.
This example shows how to configure 10 Gigabit Ethernet ports 1/2/5 and 2/2/5 into port channel 118 with mode on :
Router(config-if)# switchport mode fex-fabric
This example shows how to verify the IA configuration when the IA client is connected:
Identify Connected IA Client Stack Modules
Identify IA Client Stack Modules by Serial Number
This example shows how to identify IA client stack modules by serial number:
Identify IA Client Modules by Beacon LED
Router(config)# hw-module fex <> slot <> led beacon
This example shows how to activate the beacon LED on IA client 118, slot 1:
This example shows how to verify the beacon LED on IA client 118, slot 1:
Easy FEX
Easy FEX allows interface naming of FEX host port interfaces. To create interface naming, perform this task:
|
|
---|---|
Configures a common alias name for all the FEX interfaces under a particular FEX-id. |
|
This example shows all aliases using ‘all’ keyword:
Renumbering FEX Switch-ID
The renumbering of IA clients can be managed using switch-id allocation from controller, after stack boot up. Also, a priority can be assigned to the FEX members to take over as the master switch.
The following conditions must exist for successful execution of FEX switch-id allocation:
– For renumbering, the source slot should be online and the target slot should be offline.
– If the source slot FEX type is different than target slot FEX type, the interface configurations will be lost if you proceed with renumbering.
– Same target slot cannot be used for renumbering multiple source slots.
– Same source slot cannot be renumbered to multiple target slot.
– You can enter multiple renumbering entries along with different swapping scenarios.
– When priority is modified for a member IA, the whole stack will reload.
– During In Service Software Upgrade (ISSU) process, switch-id renumbering or priority changes are not allowed.
To renumber FEX switch-id and assign priority, perform this task:
|
|
|
---|---|---|
Switch(exec-fex-update)# renumber source_slot to target_slot |
||
Note After the commit operation, you will be prompted whether you want to release the old source-vslot or not. This confirmation will not be asked only in a switch-id swap scenario (for example, renumber 1 to 2 and renumber 2 to 1) because both renumbering are done in a single commit operation.
To renumber FEX switch-id when scale is set to maximum FEX slots, perform this task:
Note After the commit operation, you will be prompted whether you want to release the old source-vslot or not. This confirmation will not be asked only in a switch-id swap scenario (for example, renumber 1 to 2 and renumber 2 to 1) because both renumbering are done in a single commit operation.
Example: Renumbering FEX switch-id and setting priority
Switch# module provision update fex 101
Switch(exec-fex-update) renumber 3 to 4
Switch(exec-fex-update) priority 2 value 1
%FEX 101 will reload upon commit.
Are you sure you want to proceed? [no]: yes
Switch(exec-fex-update)#commit
%Do you want to release FEX 101 module 3 source interface configs(vslot) after module offline? [no]: yes
%FEX 101 All modules will reload.
Are you sure you want to proceed? [no]: yes
Example: Identifying if temporary vslot is online
This example shows how to identify when a particular temporary FEX vslot is online:
Example: Identifying FEX IDs where temp-vslot-allow command is enabled
This example verifies the active entries under sub-mode and also the FEX IDs on which "temp-vslot-allow" is enabled.
Configure IA Clients
The configuration for IA clients can be entered on the IA parent before or after the IA clients are connected. IA client 10-Gigabit Ethernet ports require no configuration. IA client Gigabit Ethernet ports use this format:
gigabitethernet / fex_number / access_switch_number /0/ port_number
– fex_number —The IA client FEX number:
—Maximum of 42 IA FEX number s.
—The valid value range is 101–199.
– access_switch_number —The access switch number:
—The valid value range is 1-5.
—Multiple-switch stacks assign incrementing switch numbers to themselves.
—See the “Identify Connected IA Client Stack Modules” section.
– The third interface parameter is always zero.
– The port_number valid value range is 1–48.
Note ● IA client configuration does not persist if the access switch number changes.
- The interface-range configuration mode supports IA clients ports (see “How to Configure a Range of Interfaces” section)
Display or Clear SDP and SRP Traffic
To display the counters that record the SDP packet traffic on IA client 118, enter the following command:
130 SDP pkts sent
Note The command displays a sent and received value for each link in the IA channel group.
To clear the protocol counters, enter the clear fex fex_number { sdp | srp } command.
Upgrade FEX using In-Service Software Upgrade (ISSU) Process
To upgrade the software image of the FEX hosts using ISSU process, perform the following steps:
Configure Optional Parameters for an IA Client
Enter the IA Client Configuration Mode
To enter the IA client configuration mode, perform this task:
|
|
---|---|
Configure a Description
To configure a description for the IA client or for each module in the IA client stack, perform this task:
|
|
---|---|
Router(config-fex)# [ module module_number ] description description_string |
Configures a description for the IA FEX number or for a module in the IA client stack. |
Configure the Custom Location Type Feature
You can configure the custom location type feature for the IA client in IA client configuration mode. See these publications for information about the location command:
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.html
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-e1.html
Note The location commands support the optional fex-location keyword for IA clients.
Configure MTU
You can configure MTU on the IA FEX using the mtu command in fex config mode. In an IA client stack, the configured MTU value is applied to all the host members in the stack.
To configure MTU for an IA client, perform this task:
If you want to avoid reloading the FEX, you can configure an explicit connectionless network service (CLNS) MTU size on the IA client and peer ports as shown in the following example:
Router# configure terminal
Router(config)# interface interface Gig118/1/0/1
Router(config-if)# ip router isis
Router(config-if)# clns mtu 1497