Feedback
Table Of Contents
Configuring Virtual Switching Systems
Understanding Virtual Switching Systems
Virtual Switching System Overview
Virtual Switching System Redundancy
Dual-Active Detection Using Enhanced PAgP
Dual-Active Detection Using IP BFD
Virtual Switching System Initialization
VSS Configuration Guidelines and Restrictions
Configuring Virtual Switching Systems
Converting to a Virtual Switching System
Backing Up the Standalone Configuration
Assigning Virtual Switch Domain and Switch Numbers
Configuring VSL Port Channel and Ports
Converting the Chassis to Virtual Switch Mode
Auto-Configuring the Standby VSL Information
(Optional) Configuring Standby Chassis Modules
Displaying Virtual Switching System Information
Converting a Virtual Switching System to Standalone Chassis
Copying the VSS Configuration to a Backup File
Converting the Active Chassis to Standalone
Converting the Peer Chassis to Standalone
Configuring Virtual Switching System Parameters
Configuring VSL Switch Priority
Configuring Virtual Switch Links
Subcommands for VSL Port Channels
Configuring Multichannel EtherChannels
Configuring EtherChannel Hash-Distribution Algorithm
Configuring LACP 1:1 Redundancy
Configuring Dual-Active Detection
Configuring Enhanced PAgP Dual-Active Detection
Configuring BFD Dual-Active Detection
Configuring the Exclusion List
Displaying Dual-Active Detection
Configuring Virtual Switching Systems
This chapter describes how to configure a virtual switching system (VSS) for the Catalyst 6500 series switch.
Note
For complete syntax and usage information for the commands used in this chapter, see these publications:
•
http://www.cisco.com/en/US/docs/ios/vswitch/command/reference/vs_book.html
•
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/index.htm
This chapter consists of these sections:
•
•
•
Understanding Virtual Switching Systems
These sections describe virtual switching systems:
•
•
•
Virtual Switching System Overview
Network operators increase network reliability by configuring switches in redundant pairs and by provisioning links to both switches in the redundant pair. Figure 4-1 shows a typical network configuration. Redundant network elements and redundant links can add complexity to network design and operation. Virtual switching simplifies the network by reducing the number of network elements and hiding the complexity of managing redundant switches and links.
A virtual switching system (VSS) combines a pair of Catalyst 6500 series switches into a single network element. The virtual switching system manages the redundant links, which externally act as a single port channel.
The virtual switching system simplifies network configuration and operation, by reducing the number of Layer 3 routing neighbors and by providing a loop-free Layer 2 topology.
Figure 4-1 Typical Network Design
The following sections present an overview of the VSS. These topics are covered in detail in subsequent chapters:
Key Concepts
The virtual switching system incorporates the following key concepts:
Virtual Switching System
A virtual switching system (VSS) combines a pair of switches into a single network element. For example, a VSS in the distribution layer of the network interacts with the access and core networks as if it were a single switch. See Figure 4-2.
An access switch connects to both chassis of the VSS using one logical port channel. The VSS manages redundancy and load balancing on the port channel. This capability enables a loop-free Layer 2 network topology. The virtual switching system also simplifies the Layer 3 network topology, because the VSS reduces the number of routing peers in the network.
Figure 4-2 Virtual Switching System in the Distribution Network
Active and Standby Chassis
When you create or restart a VSS, the peer chassis negotiate their roles. One chassis becomes the active chassis, and the other chassis becomes the standby.
The active chassis controls the VSS. It runs the Layer 2 and Layer 3 control protocols for the switching modules on both chassis. The active chassis also provides management functions for the VSS, such as line card online insertion and removal (OIR) and the console interface.
The active and standby chassis perform packet forwarding for ingress data traffic on their locally hosted interfaces. However, the standby chassis sends all control traffic to the active chassis for processing.
Virtual Switch Link
For the two chassis of the VSS to act as one network element, they need to share control information and data traffic.
The virtual switch link (VSL) is a special link that carries control and data traffic between the two chassis of a virtual switching system, as shown in Figure 4-3. VSL is implemented as an EtherChannel with up to eight links. VSL gives control traffic higher priority than data traffic so that control messages are never discarded. Data traffic is load balanced among the VSL links by the EtherChannel load-balancing algorithm.
Figure 4-3 Virtual Switch Link
Multichassis EtherChannel
An EtherChannel (also known as a port channel) is a collection of two or more physical links that combine to form one logical link. Layer 2 protocols operate on the EtherChannel as a single logical entity.
A multichassis EtherChannel (MEC) is a port channel that spans the two chassis of a virtual switching system. The access switch views the MEC as a standard port channel. See Figure 4-4.
The virtual switching system supports a maximum of 128 EtherChannels on one VSS. This limit applies to the combined total of regular EtherChannels and MECs. Because VSL requires two EtherChannel numbers (one for each chassis), there are 126 user-configurable EtherChannels.
Figure 4-4 Virtual Switching System with MEC
VSS Functionality
The following sections describe the main functionality of virtual switching systems:
•
Redundancy and High Availability
In a VSS, supervisor engine redundancy operates between the active and standby chassis. The peer chassis exchange configuration and state information across the VSL and the standby supervisor engine runs in hot standby mode.
The standby chassis monitors the active chassis using the VSL. If it detects failure, the standby chassis initiates a switchover and takes on the active role. When the failed chassis recovers, it takes on the standby role.
If the VSL fails completely, the standby chassis assumes that the active chassis has failed, and initiates a switchover. After the switchover, if both chassis are active, the dual-active detection feature detects this condition and initiates recovery action. For additional information about dual-active detection, see the "Dual-Active Detection" section.
Packet Handling
The active supervisor engine runs the Layer 2 and Layer 3 protocols and features for the virtual switching system (VSS) and manages the DFC line cards for both chassis.
The VSS uses VSL to communicate protocol and system information between the peer chassis and to carry data traffic between the chassis when required.
Both chassis perform packet forwarding for ingress traffic on their interfaces. If possible, ingress traffic is forwarded to an outgoing interface on the same chassis to minimize data traffic that must traverse the VSL.
Because the standby chassis is actively forwarding traffic, the active supervisor engine distributes updates to the standby supervisor engine PFC and all standby chassis DFCs.
System Management
The active supervisor engine acts as a single point of control for the virtual switching system. For example, the active supervisor engine handles OIR of switching modules on both chassis. The active supervisor engine uses VSL to send messages to and from local ports on the standby chassis.
The command console on the active supervisor engine is used to control both chassis. In virtual switch mode, the command console on the standby supervisor engine blocks attempts to enter configuration mode.
The standby chassis runs a subset of system management tasks. For example, the standby chassis handles its own power management.
Interface Naming Convention
In VSS mode, interfaces are specified using switch number (in addition to slot and port), because the same slot numbers are used on both chassis. For example, command interface 1/5/4 specifies port 4 of the switching module in slot 5 of switch 1. The command interface 2/5/4 specifies port 4 on the switching module in slot 5 of switch 2.
Software Features
With some exceptions, the virtual switching system has feature parity with standalone Catalyst 6500 series switch (12.2(33)SXH release). Major exceptions include:
•
•
Hardware Requirements
The following sections describe the hardware requirements of a virtual switching system:
Chassis and Modules
Table 4-1 describes the hardware requirements for the VSS chassis and modules.
VSL Hardware Requirements
The VSL EtherChannel supports only 10-Gigabit Ethernet ports. The 10-Gigabit Ethernet port can be located on the supervisor engine module or on a WS-X6708-10GE-3C or WS-X6708-10GE-3CXL switching module.
We recommend that you use both of the 10-Gigabit Ethernet ports on the supervisor engines to create the VSL between the two chassis.
You can add additional physical links to the VSL EtherChannel by using the 10-Gigabit Ethernet ports on WS-X6708-10GE switching modules.
PFC and DFC Requirements
The virtual switching system supports DFC3C or DFC3CXL hardware and does not support DFC3A/3B/3BXL hardware.
If any switching module in the VSS is provisioned with DFC3C, the whole VSS must operate in PFC3C mode. If a 67xx series switching module with a DFC3A/3B/3BXL is inserted in the chassis of a VSS, the module will remain unpowered, because VSS supports only DFC3C and DFC3CXL.
If the supervisor engines are provisioned with PFC3C, the VSS will automatically operate in 3C mode, even if some of the line cards are 3CXL. However, if the supervisor engines are provisioned with PFC3CXL, but some of the line cards are 3C, you need to configure the virtual switching system to operate in 3C mode. The platform hardware vsl pfc mode pfc3c configuration command sets the system to operate in 3C mode after the next restart. See the "SSO Dependencies" section for further details about this command.
Other Modules
Only the NAM service modules are supported (WS-SVC-NAM-1 and WS-SVC-NAM-2).
No WAN modules are currently supported in virtual switch mode.
Understanding VSS Topology
A virtual switching system (VSS) contains two chassis that communicate using the virtual switch link (VSL). VSL is a special port group.
We recommend that you configure both of the 10-Gigabit Ethernet ports on the supervisor engines as VSL ports. Optionally, you can also configure the VSL port group to contain switching module 10-Gigabit Ethernet ports. This configuration provides additional VSL capacity. See Figure 4-5 for an example topology.
Figure 4-5 VSL Topology Example
Virtual Switching System Redundancy
The following sections describe how redundancy in a virtual switching system supports network high availability:
Overview
A virtual switching system (VSS) operates stateful switchover (SSO) between the active and standby supervisor engines. Compared to standalone mode, a virtual switching system has the following important differences in its redundancy model:
•
•
•
If the active supervisor engine fails, the standby supervisor engine initiates a switchover and assumes the active role.
RPR and SSO Redundancy
A virtual switching system operates with stateful switchover (SSO) redundancy if it meets the following requirements:
•
•
•
See the "SSO Dependencies" section for additional details about the requirements for SSO redundancy on a virtual switching system.
With SSO redundancy, the standby supervisor engine is always ready to assume control following a fault on the active supervisor engine. Configuration, forwarding, and state information is synchronized from the active supervisor engine to the redundant supervisor engine at startup and whenever changes to the active supervisor engine configuration occur. If a switchover occurs, traffic disruption is minimized.
If a virtual switching system does not meet the requirements for SSO redundancy, the VSS will use route processor redundancy (RPR). With RPR redundancy, the active supervisor engine does not synchronize configuration changes or state information with the standby. The standby supervisor engine is only partially initialized and the switching modules on the standby supervisor are not powered up. If a switchover occurs, the standby supervisor engine completes its initialization and powers up the switching modules. Traffic is disrupted for approximately 2 minutes.
The VSS normally runs stateful switchover (SSO) between the active and standby supervisor engines (see Figure 4-6). The VSS determines the role of each supervisor engine during initialization.
The supervisor engine in the standby chassis runs in hot standby state. The virtual switching system uses the VSL link to synchronize configuration data from the active to the standby supervisor engine. Also, protocols and features that support high availability synchronize their events and state information to the standby supervisor engine.
Figure 4-6 Chassis Roles in a VSS
Failed Chassis Recovery
If the active chassis or supervisor engine fails, the VSS initiates a stateful switchover (SSO) and the former standby supervisor engine assumes the active role. The failed chassis performs recovery action by reloading the supervisor engine.
If the standby chassis or supervisor engine fails, no switchover is required. The failed chassis performs recovery action by reloading the supervisor engine.
The VSL links are unavailable while the failed chassis recovers. After the chassis reloads, it becomes the new standby chassis and the virtual switching system reinitializes the VSL links between the two chassis.
Note
The switching modules on the failed chassis are unavailable during recovery, so the VSS operates only with the MEC links that terminate on the active chassis. The bandwidth of the VSS is reduced until the failed chassis has completed its recovery and become operational again. Any devices that are connected only to the failed chassis experience an outage.
Note
VSL Failure
In virtual switch mode, fast link notification is enabled on all port channel members (including VSL ports) to ensure fast recovery from VSL failures.
Note
If a single VSL physical link goes down, the VSS adjusts the port group so that the failed link is not selected.
If the standby chassis detects complete VSL link failure, it initiates a stateful switchover (SSO). If the active chassis has failed (causing the VSL links to go down), the scenario is chassis failure, as described in the previous section.
If only the VSL has failed and the active chassis is still operational, this is a dual-active scenario. The VSS detects that both chassis are operating in active mode and performs recovery action. See the "Dual-Active Detection" section for additional details about dual-active scenario.
User Actions
From the active chassis command console, users can initiate a VSS switchover or a reload.
If you enter the reload command from the command console, the entire virtual switching system performs a reload.
To reload only the standby chassis, use redundancy reload peer command.
To force a switchover from the active to the standby supervisor engine, use the redundancy force-switchover command.
Multichassis EtherChannels
Multichassis EtherChannel (MEC) is an EtherChannel with ports that terminate on both chassis of the VSS. These sections describe multichassis EtherChannels:
Overview
Multichassis EtherChannel (MEC) is an EtherChannel with ports that terminate on both chassis of the VSS (see Figure 4-7). A VSS MEC can connect to any network element that supports EtherChannel (such as a host, server, router, or switch).
At the VSS, a MEC is an EtherChannel with additional capability: the VSS balances the load across ports in each chassis independently. For example, if traffic enters the active chassis, the VSS will select a MEC link from the active chassis. This MEC capability ensures that data traffic does not unnecessarily traverse the VSL.
Each MEC can optionally be configured to support either PAgP or LACP. These protocols run only on the active chassis. PAgP or LACP control packets destined for a MEC link on the standby chassis are sent across VSL.
Figure 4-7 MEC Topology Example
A MEC can support up to eight active physical links, which can be distributed in any way between the active and standby chassis.
Failure Scenarios
We recommend that you configure the MEC with at least one link to each chassis. This configuration conserves VSL bandwidth (traffic egress link is on the same chassis as the ingress link), and increases network reliability (if one VSS supervisor engine fails, the MEC is still operational).
The following sections describe possible failures and the resulting impacts:
•
•
Single MEC Link Failure
If a link within the MEC fails (and other links in the MEC are still operational), the MEC redistributes the load among the operational links, as in a regular port.
All Links to the Active Chassis Fail
If all links to the active chassis fail, the MEC becomes a regular EtherChannel with operational links to the standby chassis.
Data traffic terminating on the active chassis reaches the MEC by crossing the VSL to the standby chassis. Control protocols continue to run in the active chassis. Protocol messages reach the MEC by crossing the VSL.
All Links to the Standby Chassis Fail
If all links fail to the standby chassis, the MEC becomes a regular EtherChannel with operational links to active chassis.
Control protocols continue to run in the active chassis. All control and data path traffic from the standby chassis reaches the MEC by crossing the VSL to the active chassis.
All Links Fail
If all links in a MEC fail, the logical interface for the EtherChannel is set to unavailable. Layer 2 control protocols perform the same corrective action as for a a link-down event on a regular EtherChannel.
On adjacent switches, routing protocols and Spanning Tree Protocol (STP) perform the same corrective action as for a regular EtherChannel.
Standby Chassis Failure
If the standby chassis fails, the MEC becomes a regular EtherChannel with operational links on the active chassis.
The connected switches detect the link failures, and adjust their load-balancing algorithms to use only the links to the active chassis.
Active Chassis Failure
Active chassis failure results in a stateful switchover (SSO). See the "Virtual Switching System Redundancy" section for details about SSO on a virtual switching system. After the switchover, the MEC is operational on the new active chassis. Connected switches detect the link failures (to the failed chassis), and adjust their load-balancing algorithms to use only the links to the new active chassis.
Figure 4-8 MEC Configuration Example
Packet Handling
In a virtual switching system (VSS), the active supervisor engine runs the Layer 2 and Layer 3 protocols and features for the VSS and manages the DFC line cards for both chassis.
The virtual switching system uses VSL to communicate system and protocol information between the peer chassis and to carry data traffic between the two chassis.
Both chassis perform packet forwarding for ingress traffic on their local interfaces. The virtual switching system minimizes the amount of data traffic that must traverse the VSL.
The following sections describe packet handling in a virtual switching system:
•
Traffic on VSL
The VSL carries data traffic and in-band control traffic between the two chassis. All frames forwarded over the VSL link are encapsulated with a special 32-byte header, which provides information for the VSS to forward the packet on the peer chassis.
VSL transports control messages between the two chassis. Messages include protocol messages that are processed by the active supervisor engine, but received or transmitted by interfaces on the standby chassis. Control traffic also includes line card programming between the active supervisor engine and line cards on the standby chassis.
The VSS needs to transmit data traffic over VSL under the following circumstances:
•
•
•
–
–
–
–
VSL also transports system data, such as NetFlow export data and SNMP data, from the standby chassis to the active supervisor engine.
To preserve the VSL bandwidth for critical functions, the VSS uses strategies to minimize user data traffic that must traverse the VSL. For example, if an access switch is dual-homed (attached with a MEC terminating on both VSS chassis), the VSS transmits packets to the access switch using a link on the same chassis as the ingress link.
Traffic on the VSL is load-balanced with the same global hashing algorithms available for EtherChannels (the default algorithm is source-destination IP).
Layer 2 Protocols
The active supervisor engine runs the Layer 2 protocols (such as STP and VTP) for the line cards on both chassis. Protocol messages that are transmitted and received on the standby chassis line cards must traverse VSL to reach the active supervisor engine.
The following sections describe Layer 2 protocols for a virtual switching system:
•
Spanning Tree Protocol
The active chassis runs Spanning Tree Protocol (STP). The standby chassis redirects STP BPDUs across the VSL to the active chassis.
The STP bridge ID is commonly derived from the chassis MAC address. To ensure that the bridge ID does not change after a switchover, the virtual switching system continues to use the original chassis MAC address for the STP Bridge ID.
Virtual Trunk Protocol
Virtual Trunk Protocol (VTP) uses the IP address of the switch and local current time for version control in advertisements. After a switchover, VTP uses the IP address of the newly active chassis.
EtherChannel Control Protocols
Link Aggregation Control Protocol (LACP) and Port Aggregation Protocol (PAgP) packets contain a device identifier. The virtual switching system defines a common device identifier for both chassis to use.
A new PAgP enhancement has been defined for assisting with dual-active scenario detection. For additional information, see the "Dual-Active Detection" section.
Layer 3 Protocols
The MSFC on the active supervisor engine runs the Layer 3 protocols and features for the VSS. Both chassis perform packet forwarding for ingress traffic on their interfaces. If possible, ingress traffic is forwarded to an outgoing interface on the same chassis, to minimize data traffic that must traverse the VSL.
Because the standby chassis is actively forwarding traffic, the active supervisor engine distributes updates to the standby supervisor engine PFC and all standby chassis DFCs.
The following sections describe Layer 3 protocols for a virtual switching system:
•
IPv4
The supervisor engine on the active chassis runs the IPv4 routing protocols and performs any required software forwarding.
Routing updates received on the standby chassis are redirected to the active chassis across VSL.
Hardware forwarding is distributed across all DFCs on the VSS. The supervisor engine on the active chassis sends FIB updates to all local DFCs, remote DFCs, and the standby supervisor engine PFC.
All hardware routing uses the router MAC address assigned by the active supervisor engine. After a switchover, the original MAC address is still used.
The supervisor engine on the active chassis performs all software forwarding (for protocols such as IPX) and feature processing (such as fragmentation and TTL exceed). If a switchover occurs, software forwarding is disrupted until the new active supervisor engine obtains the latest CEF and other forwarding information.
In virtual switch mode, the requirements to support non-stop forwarding (NSF) are the same as in standalone mode. For additional information about NSF requirements, refer to the Catalyst 6500 Series Switch Cisco IOS Configuration Guide, Release 12.2SX.
From a routing peer perspective, EtherChannels remain operational during a switchover (only the links to the failed chassis are down, so the routing adjacencies remains valid).
The virtual switching system implements path filtering by storing only local paths (paths that do not traverse the VSL) in the FIB entries. Therefore, IP forwarding performs load sharing among the local paths. If no local paths to a given destination are available, the VSS updates the FIB entry to include remote paths (reachable by traversing the VSL).
IPv6 and MPLS
The virtual switching system does not support IPv6 or MPLS.
IPv4 Multicast
The IPv4 multicast protocols run on the active supervisor engine. Internet Group Management Protocol (IGMP) and Protocol Independent Multicast (PIM) protocol packets received on the standby supervisor engine are transmitted across VSL to the active chassis.
The active supervisor engine sends IGMP and PIM protocol packets to the standby supervisor engine in order to maintain Layer 2 information for stateful switchover (SSO).
The active supervisor engine distributes multicast FIB and adjacency table updates to the standby supervisor and line card DFCs.
The virtual switching system does not support SSO for Layer 3 multicast. Multicast routes are programmed in the hardware in the standby supervisor engine, using nodal NSF updates.
In virtual switch mode, the active chassis does not program the multicast expansion table (MET) on the standby chassis. The standby supervisor engine programs the outgoing interface hardware entries for all local multicast receivers
If all line cards on the active chassis and standby chassis are egress capable, the multicast replication mode is set to egress mode; otherwise, the mode is set to ingress mode.
In egress mode, replication is distributed to DFCs that have ports in outgoing VLAN for a particular flow. In ingress mode, replication for all outgoing VLANs is done on the ingress DFC.
For packets traversing VSL, all Layer 3 multicast replication occurs on the ingress chassis. If there are multiple receivers on the egress chassis, replicated packets are forwarded over the VSL.
Software Features
Software features run only on the active supervisor engine. Incoming packets to the standby chassis that require software processing are sent across the VSL.
For features supported in hardware, the ACL configuration is sent to the TCAM manager on the active supervisor engine, the standby supervisor engine, and all DFCs.
SPAN
The virtual switching system supports all SPAN features for non-VSL interfaces. The virtual switching system supports SPAN features on VSL interfaces with the following limitations:
•
•
•
The number of SPAN sessions available to a VSS is the same as for a single chassis running in standalone mode.
System Monitoring
The following sections describe system monitoring and system management for a virtual switching system:
Power Management
From the active chassis, you can control power-related functions for the standby chassis. For example, use the (no) power enable switch command to control power to the modules and slots on the standby chassis. Use the show power switch command to see the current power settings and status.
Environmental Monitoring
Environmental monitoring runs on both supervisor engines. The standby chassis reports notifications to the active supervisor engine. The active chassis gathers log messages for both chassis. The active chassis synchronizes the calendar and system clock to the standby chassis.
File System Access
You can access file systems of both chassis from the active chassis. Prefix the device name with the switch number and slot number to access directories on the standby chassis. For example, the command dir sw2_slot5disk0 lists the contents of disk0 on the standby chassis (assuming switch 2 is the standby chassis). You can access the standby chassis file system only when VSL is operational.
Diagnostics
You can use the diagnostic schedule and diagnostic start commands on a VSS. In virtual switch mode, these commands require an additional parameter, which specifies the chassis to apply the command.
When you configure a VSL port on a switching module or a supervisor engine module, the diagnostics suite incorporates additional tests for the VSL ports.
Use the show diagnostic content command to display the diagnostics test suite for a module.
VSL Diagnostics
The following VSL-specific diagnostics tests are available on WS-X6708-10GE switching modules with VSL ports. These tests are disruptive:
•
•
The following VSL-specific diagnostics tests are available on a Supervisor Engine 720-10GE with VSL ports. These tests are disruptive:
•
•
•
The following VSL-specific diagnostics test is available for VSL ports on the switching module or the supervisor engine. This test is not disruptive:
•
Service Modules
The only service module supported by the virtual switching system is the network analysis module (WS-SVC-NAM-1 and WS-SVC-NAM-2).
The supervisor engine in the same chassis as the NAM controls the powering up of the NAM. After the NAM is online, you initiate a session from the active supervisor engine to configure and maintain the NAM.
The active chassis performs the graceful shutdown of the NAM module, even if the NAM module is in the standby chassis.
Use the Session command to connect to the NAM. If NAM is on the standby chassis, the session runs over the VSL.
Network Management
The following sections describe network management for a virtual switching system:
•
•
Telnet over SSH Sessions and the Web Browser User Interface
A virtual switching system supports remote access using Telnet over SSH sessions and the Cisco web browser user interface.
All remote access is directed to the active supervisor engine, which manages the whole VSS.
If the virtual switching system performs a switchover, Telnet over SSH sessions and web browser sessions are disconnected.
SNMP
The SNMP agent runs on the active supervisor engine.
CISCO-VIRTUAL-SWITCH-MIB is a new MIB for virtual switch mode and contains the following main components:
•
•
•
•
•
•
Command Console
You need to cable physical console connections to both supervisor engine console ports. You can only use configuration mode in the console for the active supervisor engine.
The console on the standby chassis will indicate that chassis is operating in standby mode by adding the characters "-stdby" to the command line prompt. You cannot enter configuration mode on the standby chassis console.
The following example shows the prompt on the standby console:
Router-stdby> show switch virtual
Switch mode : Virtual SwitchVirtual switch domain number : 100Local switch number : 1Local switch operational role: Virtual Switch StandbyPeer switch number : 2Peer switch operational role : Virtual Switch ActiveDual-Active Detection
If the VSL fails, the standby chassis cannot determine the state of the active chassis. To ensure that switchover occurs without delay, the standby chassis assumes the active chassis has failed and initiates switchover to take over the active role.
If the original active chassis is still operational, both chassis are now active. This situation is called dual-active scenario. Dual-active scenario can have adverse affects on network stability, because both chassis use the same IP addresses, SSH keys, and STP bridge ID. The virtual switching system (VSS) must detect dual-active scenario and take recovery action.
The virtual switching system supports two methods for detecting dual-active scenario. One method uses enhanced PAgP messaging over the MEC links to communicate between the two chassis. The other method uses IP BFD messaging over a backup Ethernet connection.
You can configure both detection methods to be active at the same time. The PAgP method takes priority, because it detects dual-active scenario much more quickly than the IP BFD method.
The two methods are described in the following sections:
•
•
Dual-Active Detection Using Enhanced PAgP
Port aggregation protocol (PAgP) is a Cisco-proprietary protocol for managing EtherChannels. If a VSS MEC terminates to a Cisco switch, you can run PAgP protocol on the MEC.
If PAgP is running on the MECs between the VSS and an upstream or downstream switch, the VSS can use PAgP to detect dual-active scenario. The MEC must have at least one port on each chassis of the VSS.
In virtual switch mode, PAgP messages include a new TLV which contains the ID of the active switch. Only switches in virtual switch mode send the new TLV.
For dual-active detection to operate successfully, one or more of the connected switches needs to be able to process the new TLV. Catalyst 6500 series switches with Supervisor Engine 32 and Supervisor Engine 720 have this capability, if they are running Cisco IOS software release12.2(33)SXH or later. For a list of other Cisco products that support enhanced PAgP, refer to Release Notes for Cisco IOS Release 12.2(33)SXH and Later Releases.
When the standby chassis detects VSL failure, it initiates SSO and becomes active. Subsequent PAgP messages to the connected switch from the newly active chassis contain the new active ID. The connected switch send PAgP messages with the new active ID to both of the VSS chassis.
If the formerly active chassis is still operational, it detects the dual-active scenario because the active ID in the PAgP messages changes. This chassis initiates recovery actions as described in the "Recovery Actions" section.
Dual-Active Detection Using IP BFD
To use the IP BFD detection method, you must provision a direct Ethernet connection between the two switches. Regular Layer 3 ping will not function correctly on this connection, as both chassis have the same IP address. The virtual switching system instead uses the Bidirectional Forwarding Detection (BFD) protocol.
If the VSL goes down, both chassis create BFD neighbors, and try to establish adjacency. If the original active chassis receives an adjacency message, it realizes that this is dual-active scenario, and initiates recovery.
Note
Recovery Actions
The chassis shuts down all of its non-VSL interfaces (except interfaces configured to be excluded from shutdown) to remove itself from the network, and waits in recovery mode until the VSL links have recovered. User intervention may be required to fix the VSL failure. When both chassis detect that VSL is operational again, the previously active chassis reloads and comes into service as the standby chassis.
Virtual Switching System Initialization
A virtual switching system (VSS) is formed when the two chassis and the VSL link between them become operational. The peer chassis communicate over the VSL to negotiate the chassis roles.
If only one chassis becomes operational, it assumes the active role. The VSS forms when the second chassis becomes operational and both chassis bring up their VSL interfaces.
Virtual switching system initialization is described in the following sections:
Virtual Switch Link Protocol
The Virtual Switch Link Protocol (VSLP) consists of several protocols that contribute to virtual switch initialization. The VSLP includes the following protocols:
•
The peer chassis use Role Resolution Protocol (RRP) to negotiate the role (active or standby) for each chassis.
•
The Link Management Protocol (LMP) runs on all VSL links, and exchanges information required to establish communication between the two chassis.
LMP identifies and rejects any unidirectional links. If LMP flags a unidirectional link, the chassis that detects the condition brings the link down and up to restart the VSLP negotiation. VSL moves the control traffic to another port if necessary.
SSO Dependencies
For the VSS to operate with SSO redundancy, the VSS must meet the following conditions:
•
Both supervisor engine modules on the VSS must be running the identical software version.
•
During the startup sequence, the standby chassis sends virtual switch information from the startup-config file to the active chassis.
The active chassis ensures that the following information matches correctly on both chassis:
–
–
–
–
–
–
–
–
If the VSS detects a mismatch, it prints out an error message on the active chassis console and the standby chassis comes up in RPR mode.
After you correct the configuration file, save the file by entering the copy running-config startup-config command on the active chassis, and then restart the standby chassis.
•
If both supervisor engines are provisioned with PFC3C, the VSS will automatically operate in PFC3C mode, even if some of the switching modules are equipped with 3CXL daughter feature cards (DFCs).
However, if the supervisor engines are provisioned with PFC3CXL and there is a mixture of DFC3C and DFC3CXL switching modules, the system PFC mode will depend on how the 3C and 3CXL switching modules are distributed between the two chassis.
Each chassis in the VSS determines its system PFC mode. If the supervisor engine of a given chassis is provisioned with PFC3CXL and all the switching modules in the chassis are provisioned with DFC3CXL, the PFC mode for the chassis is PFC3CXL. However, if any of the switching modules is provisioned with DFC3C, the chassis PFC mode will be set to PFC3C. If there is a mismatch between the PFC modes of two chassis, the VSS will come up in RPR mode instead of SSO mode. You can prevent this situation by using the platform hardware vsl pfc mode pfc3c command to force the VSS to operate in PFC3C mode after the next reload.
If these conditions are not met, the VSS operates in RPR redundancy mode. For a description of SSO and RPR, see the "Virtual Switching System Redundancy" section.
Initialization Procedure
The following sections describe the VSS initialization procedure:
VSL Initialization
A VSS is formed when the two chassis and the VSL link between them become operational. Because both chassis need to be assigned their role (active or standby) before completing initialization, VSL is brought online before the rest of the system is initialized. The initialization sequence is as follows:
1.
2.
3.
4.
5.
System Initialization
If you boot both chassis simultaneously, the VSL ports become active, and the chassis will come up as active and standby. If priory is configured, the higher priority switch becomes active.
If you boot up only one chassis, the VSL ports remain inactive, and the chassis comes up as active. When you subsequently boot up the other chassis, the VSL links become active, and the new chassis comes up as standby. If you have configured preemption and the new chassis has the higher priority, it will initiate a switchover to become the active switch. The formerly active chassis reloads and comes up as standby.
VSL Down
If the virtual switch link (VSL) is down when both chassis try to boot up, the situation is similar to a dual-active scenario.
One of the chassis becomes active and the other chassis initiates recovery from dual-active scenario. For further information, see the "Configuring Dual-Active Detection" section.
VSS Configuration Guidelines and Restrictions
When configuring the VSS, note the following guidelines and restrictions:
•
•
When configuring MECs, note the following guidelines and restrictions:
•
•
•
•
•
When configuring dual-active detection, note the following guidelines and restrictions:
•
Configuring Virtual Switching Systems
These sections describe how to configure virtual switching systems:
•
•
•
•
•
•
Converting to a Virtual Switching System
By default, the Catalyst 6500 series switch is configured to operate in standalone mode (the switch is a single chassis). The virtual switching system combines two standalone switches into one virtual switching system (VSS), operating in virtual switch mode.
To convert two standalone chassis into a VSS, you perform the following major activities:
•
•
•
•
In virtual switch mode, both chassis use the same configuration file. When you make configuration changes on the active chassis, these changes are automatically propagated to the standby chassis.
The tasks required to convert the standalone chassis to a VSS are detailed in the following sections:
•
•
•
•
•
•
In the procedures that follow, the example commands assume the configuration shown in Figure 4-9.
Figure 4-9 Example VSS
Two chassis, A and B, are converted into a VSS with virtual switch domain 100. Interface 10-Gigabit Ethernet 5/1 on Switch 1 is connected to interface10-Gigabit Ethernet 5/2 on Switch 2 to form the VSL.
Backing Up the Standalone Configuration
Save the configuration files for both chassis operating in standalone mode. You need these files to revert to standalone mode from virtual switch mode. On Switch 1, perform this task:
Perform the following task on Switch 2:
Assigning Virtual Switch Domain and Switch Numbers
You must configure the same virtual switch domain number on both chassis of the VSS. The virtual switch domain is a number between 1 and 255, and must be unique for each VSS in your network (the domain number is incorporated into various identifiers to ensure that these identifiers are unique across the network).
Within the VSS, you must configure a unique switch number for each chassis.
To configure the virtual switch domain and switch number on both chassis, perform this task on Switch 1:
Perform the following task on Switch 2:
Note
Configuring VSL Port Channel and Ports
The VSL is configured with a unique port channel on each chassis. During the conversion, the VSS configures both port channels on the active chassis. If the standby chassis VSL port channel number has been configured for another use, the VSS comes up in RPR mode. To avoid this situation, check that both port channel numbers are available on both of the chassis.
Check the port channel number by using the show running-config interface port-channel command. The command displays an error message if the port channel is available for VSL. For example, the following command shows that port channel 20 is available on Switch 1:
Switch-1 # show running-config interface port-channel 20% Invalid input detected at '^' marker.To configure the VSL port channels, perform this task on Switch 1:
Perform the following task on Switch 2:
You must add the VSL physical ports to the port channel. In the following example, interface 10-Gigabit Ethernet 3/1 on Switch 1 is connected to interface 10-Gigabit Ethernet 5/2 on Switch 2.
To configure the VSL ports, perform this task on Switch 1:
Perform the following task on Switch 2:
Converting the Chassis to Virtual Switch Mode
Conversion to virtual switch mode requires a restart for both chassis. After the reboot, commands that specify interfaces with module/port now include the switch number. For example, a port on a switching module is specified by switch/module/port.
Prior to the restart, the VSS converts the startup configuration to use the switch/module/port convention. A backup copy of the startup configuration file is saved on the RP. This file is assigned a default name, but you are also prompted to override the default name if you want to change it.
Prior to the conversion, ensure that the PFC operating mode matches on both chassis. If they do not match, VSS comes up in RPR redundancy mode. Enter the show platform hardware pfc mode command on each chassis to display the current PFC mode. If only one of the chassis is in PFC3CXL mode, you can configure it to use PFC3C mode with the platform hardware vsl pfc mode pfc3c command.
To verify the PFC operating mode, perform this task:
To convert Chassis 1 to virtual switch mode, perform this task:
To convert Chassis 2 to virtual switch mode, perform this task on Switch 2:
Note
Auto-Configuring the Standby VSL Information
The two chassis now form a virtual switching system (VSS). In virtual switch mode, you enter all configuration commands on the active chassis. The startup configuration file is automatically synchronized to the standby chassis.
For the VSS to operate correctly, the active chassis needs the configuration information for the other end of the VSL link (on the standby chassis). Enter the switch accept mode virtual command to automatically copy the VSL link configuration from the standby chassis onto the active chassis. The updated configuration is automatically saved to the startup configuration file on the active and standby chassis.
The switch accept mode virtual command performs this action only the first time that the chassis come up as a VSS.
To auto-configure the standby chassis VSL link information to the active chassis, perform this task on the active chassis:
(Optional) Configuring Standby Chassis Modules
After the reboot, each chassis contains the module provisioning for its own slots. In addition, the modules from the standby chassis have been automatically provisioned on the active chassis with default configuration.
Configurations for the standby chassis modules are restored to their default settings (for example, no IP addresses).
You can view the module provisioning information in the configuration file, by entering the show startup-config command (after you have saved the configuration).
Note
The following example shows the module provisioning information from a configuration file:
module provision switch 1slot 1 slot-type 148 port-type 60 number 4 virtual-slot 17slot 2 slot-type 137 port-type 31 number 16 virtual-slot 18slot 3 slot-type 227 port-type 60 number 8 virtual-slot 19slot 4 slot-type 225 port-type 61 number 48 virtual-slot 20slot 5 slot-type 82 port-type 31 number 2 virtual-slot 21module provision switch 2slot 1 slot-type 148 port-type 60 number 4 virtual-slot 33slot 2 slot-type 227 port-type 60 number 8 virtual-slot 34slot 3 slot-type 137 port-type 31 number 16 virtual-slot 35slot 4 slot-type 225 port-type 61 number 48 virtual-slot 36slot 5 slot-type 82 port-type 31 number 2 virtual-slot 37Displaying Virtual Switching System Information
To display basic information about the VSS, perform one of these tasks:
The following example shows the information output from these commands:
Router# show switch virtualSwitch mode : Virtual SwitchVirtual switch domain number : 100Local switch number : 1Local switch operational role: Virtual Switch ActivePeer switch number : 2Peer switch operational role : Virtual Switch StandbyRouter# show switch virtual roleSwitch Switch Status Preempt Priority Role Session IDNumber Oper(Conf) Oper(Conf) Local Remote------------------------------------------------------------------LOCAL 1 UP FALSE(N) 100(100) ACTIVE 0 0REMOTE 2 UP FALSE(N) 100(100) STANDBY 8158 1991In dual-active recovery mode: NoRouter# show switch virtual linkVSL Status: UPVSL Uptime: 4 hours, 26 minutesVSL SCP Ping: Pass OKVSL ICC (Ping): PassVSL Control Link: Te 1/5/1Converting a Virtual Switching System to Standalone Chassis
To convert a VSS into two standalone chassis, you perform the following major steps:
•
•
•
Copying the VSS Configuration to a Backup File
Save the configuration file from the active chassis. You may need this file if you convert to virtual switch mode again. You only need to save the file from the active chassis, because the configuration file on the standby chassis is identical to the file on the active chassis.
Converting the Active Chassis to Standalone
When you convert the active chassis to standalone mode, the active chassis removes the provisioning and configuration information related to VSL links and the peer chassis modules, saves the configuration file, and performs a reload. The chassis comes up in standalone mode with only the provisioning and configuration data relevant to the standalone system.
The standby chassis of the VSS becomes active. VSL links on this chassis are down because the peer is no longer available.
To convert the active chassis to standalone mode, perform this task on the active chassis:
Switch-1# switch convert mode standalone
Converts Switch 1 to standalone mode.
After you enter the command, you are prompted to confirm the action. Enter yes.
Converting the Peer Chassis to Standalone
When you convert the new active chassis to standalone mode, the chassis removes the provisioning and configuration information related to VSL links and the peer chassis modules, saves the configuration file and performs a reload. The chassis comes up in standalone mode with only its own provisioning and configuration data.
To convert the peer chassis to standalone, perform this task on the standby chassis:
Switch-2# switch convert mode standalone
Converts Switch 2 to standalone mode.
After you enter the command, you are prompted to confirm the action. Enter yes.
Configuring Virtual Switching System Parameters
These sections describe how to configure virtual switching system parameters:
•
•
•
Configuring VSL Switch Priority
To configure the switch priority, perform this task:
Note
This example shows how to configure virtual switch priority:
Router(config)# switch virtual domain 100Router(config-vs-domain)# switch 1 priority 200Router(config-vs-domain)# switch 1 preemptRouter(config-vs-domain)# exitThis example shows how to display priority and preemption information for the virtual switching system:
Router# show switch virtual roleSwitch Switch Status Preempt Priority Role Session IDNumber Oper(Conf) Oper(Conf) Local Remote------------------------------------------------------------------LOCAL 1 UP FALSE(N) 100(200) ACTIVE 0 0REMOTE 2 UP FALSE(N) 100(100) STANDBY 8158 1991In dual-active recovery mode: NoConfiguring VSLP Timer
Each end of the VSL link transmits Hello messages to the other end of the link. You can configure the transmission interval between hello messages. You can also configure the minimum reception interval (if no Hello message is received during this interval, the link is assumed to be down).
Note
Configure the VSLP intervals on the VSL port channel interface. The intervals are applied to each physical link in the VSL.
To configure the VSLP hello packet interval, perform this task:
Note
This example shows how to set the VSLP hello packet interval to 50 seconds on port channel 10 and port channel 25:
Router(config)# interface port-channel 10Router(config-if)# vslp interval 5000 min_rx 5000 multi 10Router(config-if)# interface port-channel 25Router(config-if)# vslp interval 5000 min_rx 5000 multi 10Configuring PFC Mode
If you have a mixture of DFC3C and DFC3CXL switching modules in the VSS, set the PFC mode by performing this task:
This example shows how to set the PFC configuration mode for the VSS to PFC3C. You can wait until the next maintenance window to perform the reload command.
Router(config)# platform hardware vsl pfc mode pfc3cRouter(config)# endRouter# reloadIf all the supervisor engines and switching modules in the VSS are 3CXL, the following warning is displayed if you set the PFC mode to PFC3C:
Router(config)# platform hardware vsl pfc mode pfc3cPFC Preferred Mode: PFC3CXL. The discrepancy between Operating Mode andPreferred Mode could be due to PFC mode config. Your System has all PFC3XL modules.Remove ' platform hardware vsl pfc mode pfc3c ' from global config.This example shows how to display the operating and configured PFC modes:
Router# show platform hardware pfc modePFC operating mode : PFC3CConfigured PFC operating mode : PFC3CConfiguring Virtual Switch Links
To configure a port channel to be a virtual switch link, perform this task:
Note
This example shows how to configure the virtual switch link:
Switch-1(config)# interface port-channel 10Switch-1(config-if)# switch virtual link 1Switch-1(config-if)# no shutdownSwitch-1(config)# interface tenGigabitEthernet 5/1Switch-1(config-if)# channel-group 10 mode onSwitch-1(config-if)# no shutdownSwitch-2(config)# interface port-channel 25Switch-2(config-if)# switch virtual link 2Switch-1(config-if)# no shutdownSwitch-2(config-if)# interface tenGigabitEthernet 5/2Switch-2(config-if)# channel-group 25 mode onSwitch-2(config-if)# no shutdownDisplaying VSL Information
To display information about virtual switch link, perform one of these tasks:
This example shows how to display VSL information:
Router# show switch virtual linkVSL Status : UPVSL Uptime : 1 day, 3 hours, 39 minutesVSL SCP Ping : PassVSL ICC Ping : PassVSL Control Link : Gi1/4/2Router# show switch virtual link port-channelVSL Port Channel InformationFlags: D - down P - bundled in port-channelI - stand-alone s - suspendedH - Hot-standby (LACP only)R - Layer3 S - Layer2U - in use N - not in use, no aggregationf - failed to allocate aggregatorM - not in use, no aggregation due to minimum links not metm - not in use, port not aggregated due to minimum links not metu - unsuitable for bundlingw - waiting to be aggregatedGroup Port-channel Protocol Ports------+-------------+-----------+---------------------------------------------10 Po10(RU) - Te1/5/4(P) Te1/5/5(P)20 Po20(RU) - Te2/5/4(P) Te2/5/5(P)Router# show switch virtual link portVSL Link Info : Configured: 2 Operational: 1Peer Peer PeerInterface State MAC Switch Interface-----------------------------------------------------------------------Te1/5/4 operational 0013.5fcb.1480 2 Te2/5/4Te1/5/5 link_down - - -Last operational Current packet Last Diag Time sinceInterface Failure state State Result Last Diag-------------------------------------------------------------------------------Te1/5/4 No failure Hello bidir Never ran 7M:51STe1/5/5 No failure No failure Never ran 7M:51SHello Tx (T4) ms Hello Rx (T5*) msInterface State Cfg Cur Rem Cfg Cur Rem----------------------------------------------------------------------Te1/5/4 operational 500 500 404 5000 5000 4916Te1/5/5 link_down 500 - - 500000 - -Te2/5/4 operational 500 500 404 500000 500000 499916Te2/5/5 link_down 500 - - 500000 - -*T5 = min_rx * multiplierConfiguring VSL QoS
The virtual switching system automatically configures VSL ports for trust CoS, using default CoS mappings (you cannot change the mappings on VSL ports).
For line cards that support per-ASIC configuration, the VSL configuration applies to all ports on the same ASIC (including any non-VSL ports).
The virtual switching system disables the QoS commands on VSL ports (and any non-VSL ports on the same ASIC). For example, you cannot use QoS queuing or map commands on VSL ports.
If your VSS includes WS-X6708-10GE switching modules, enter the mls qos 10g-only global configuration command, to ensure that all eight QoS queues are enabled for the 10-Gigabit Ethernet ports.
If you connect a Supervisor Engine 10-Gigabit Ethernet port to a switching module 1-Gigabit Ethernet port, you need to enter the no mls qos channel-consistency command on the VSL port channel interface for the EtherChannel to support ports with and without strict-priority queues.
Subcommands for VSL Port Channels
On a VSL port channel, only a subset of interface subcommands are available in the command console. Table 4-2 describes the available interface subcommands.
Subcommands for VSL Ports
If a port is included in a VSL port channel, only a subset of interface subcommands are available in the command console. Table 4-3 describes the available interface subcommands.
Configuring Multichannel EtherChannels
Configure multichassis EtherChannels (MECs) as you would for a regular EtherChannel. The virtual switching system will recognize that the EtherChannel is a MEC when ports from both chassis are added to the EtherChannel. You can verify the MEC configuration by entering the show etherchannel command.
One VSS supports a maximum of 128 port channels.
The following sections provide additional details about MECs:
•
•
Configuring EtherChannel Hash-Distribution Algorithm
Releases earlier than 12.2(33)SXH support a load-distribution algorithm called the fixed algorithm. When you add a port to the EtherChannel or delete a port from the EtherChannel, the switch updates the Port ASIC for each port in the EtherChannel, which causes a short outage on each port.
Release 12.2(33)SXH and later releases support an additional algorithm called the adaptive algorithm. The adaptive algorithm does not need to update the port ASIC for existing member ports.
The default algorithm for VSS is the adaptive algorithm. You can configure the choice of algorithm globally, or for specific interfaces.
When you change the algorithm, the change is applied at the next member link event. Example events include link down, up, addition, deletion, no shutdown, and shutdown. When you enter the command to change the algorithm, the command console issues a warning that the command does not take effect until the next member link event.
Note
Configuring the Hash-Distribution Algorithm Globally
To configure the load-sharing algorithm globally, perform this task:
This example shows how to globally set the hash distribution to adaptive:
Router(config)# port-channel hash-distribution adaptiveConfiguring the Hash-Distribution Algorithm for a Port Channel
To configure the hash distribution algorithm for a specific port channel, perform this task:
This example shows how to set the hash distribution algorithm to adaptive on port channel 10:
Router (config)# interface port-channel 10Router (config-if)# port-channel port hash-distribution adaptiveConfiguring LACP 1:1 Redundancy
The LACP 1:1 redundancy feature provides an EtherChannel configuration with one active link and fast switchover to a hot standby link.
Understanding LACP 1:1 redundancy
To use LACP 1:1 redundancy, you configure a LACP EtherChannel with two ports (one active and one standby). If the active link goes down, the EtherChannel stays up and the system performs fast switchover to the hot standby link. When the failed link becomes operational again, the EtherChannel performs another fast switchover to revert to the original active link.
For the LACP 1:1 redundancy feature to work correctly, especially the fast switchover capability, the feature needs to be enabled at both ends of the link.
Configuring LACP 1:1 Redundancy
For the LACP 1:1 redundancy feature, the LACP EtherChannel must contain exactly two links, of which only one is active.
Link 1 must have a higher port priority than link 2 and the LACP max-bundle must be set to 1. This configuration results in link 1 being active and link 2 being in hot standby state. LACP min-links is set to 1, so that the LACP EtherChannel transitions to the link-up state with one active link.
To configure the LACP 1:1 redundancy feature, perform this task:
Step 1
Router(config)# interface port-channel number
Selects an LACP port channel interface.
Step 1
Router(config-if)# port-channel lacp fast-switchover
Enables the fast switchover feature for this EtherChannel
Step 2
Router(config-if)# port-channel max-bundle 1
Sets the maximum number of active member ports to be one.
Step 3
Router(config-if)# port-channel min-links 1
Sets the minimum number of active member ports to be one.
Step 4
Router(config-if)# end
Exits configuration mode.
Step 5
Router# show running-config interface type1 switch/slot/port
Router# show interfaces type2 switch/slot/port etherchannel
Verifies the configuration.
1 type = fastethernet, gigabitethernet, or tengigabitethernet
2 type = fastethernet, gigabitethernet, or tengigabitethernet
Note
This example shows how to configure a LACP EtherChannel with 1:1 redundancy. Gigabitethernet 1/3/6 is the active link, as it is configured with a higher port priority:
Router# configure terminalRouter# lacp system-priority 33000Router(config)# interface gigabitethernet 1/3/6Router(config-if)# channel-protocol lacpRouter(config-if)# channel-group 1 mode activeRouter(config-if)# lacp port-priority 33000Router(config-if)# endRouter(config)# interface gigabitethernet 2/3/6Router(config-if)# channel-protocol lacpRouter(config-if)# channel-group 1 mode activeRouter(config-if)# endRouter(config)# interface port-channel 1Router(config-if)# port-channel lacp fast-switchoverRouter(config-if)# port-channel max-bundle 1Router(config-if)# port-channel min-links 1Router(config-if)# endConfiguring Dual-Active Detection
The following sections describe how to configure dual-active detection:
•
•
•
•
Configuring Enhanced PAgP Dual-Active Detection
If enhanced PAgP is running on the MECs between the VSS and its access switches, the VSS can use enhanced PAgP messaging to detect dual-active scenario.
By default, PAgP dual-active detection is enabled. However, the enhanced messages are only sent on port channels with trust mode enabled (see the trust mode description below).
Note
To enable or disable PAgP dual-active detection, perform this task:
You must configure trust mode on the port channels that will detect PAgP dual-active detection. By default, trust mode is disabled.
Note
To configure trust mode on a port channel, perform this task:
This example shows how to enable PAgP dual-active detection:
Router(config)# interface port-channel 20Router(config-if)# shutdownRouter(config-if)# exitRouter(config)# switch virtual domain 100Router(config-vs-domain)# dual-active detection pagpRouter(config-vs-domain)# dual-active detection pagp trust channel-group 20Router(config-vs-domain)# exitRouter(config)# interface port-channel 20Router(config-if)# no shutdownRouter(config-if)# exitThis example shows the error message if you try to enable PAgP dual-active detection when a trusted port channel is not shut down first:
Router(config)# switch virtual domain 100Router(config-vs-domain)# dual-active detection pagpTrusted port-channel 20 is not administratively down.To change the pagp dual-active configuration, "shutdown" these port-channels first. Remember to "no shutdown" these port-channels afterwards.This example shows the error message if you try to configure trust mode for a port channel that is not shut down first:
Router(config)# switch virtual domain 100Router(config-vs-domain)# dual-active detection pagp trust channel-group 20Trusted port-channel 20 is not administratively down. To change the pagp dual-active trust configuration, "shutdown" the port-channel first. Remember to "no shutdown" the port-channel afterwards.Configuring BFD Dual-Active Detection
For the BFD dual-active detection, you must configure dual-active interface pairs that will act as BFD messaging links, and enable the BFD dual-active detection mechanism.
To configure BFD dual-active detection, perform this task:
When you configure the dual-active interface pairs, note the following information:
•
•
•
•
Note
This example shows how to configure interfaces for BFD dual-active detection:
Router (config)# interface gigabitethernet 1/9/48Router (config-if)# no switchportRouter (config-if)# ip address 200.230.230.231 255.255.255.0Router (config-if)# bfd interval 100 min_rx 100 multiplier 50Router (config-if)# no shutdownRouter (config-if)# interface gigabitethernet 2/1/48Router (config-if)# no switchportRouter (config-if)# ip address 201.230.230.231 255.255.255.0Router (config-if)# bfd interval 100 min_rx 100 multiplier 50Router (config-if)# no shutdownRouter (config-if)# exitRouter (config)# switch virtual domain 100Router (config-vs-domain)# dual-active detection bfdRouter (config-vs-domain)# dual-active pair interface g 1/9/48 interface g 2/1/48 bfdadding a static route 200.230.230.0 255.255.255.0 Gi2/1/48 for this dual-active pairadding a static route 201.230.230.0 255.255.255.0 Gi1/9/48 for this dual-active pairRouter(config-vs-domain)# exitRouter(config)# exitRouter# show switch virtual dual-active bfdBfd dual-active detection enabled: YesBfd dual-active interface pairs configured:interface1 Gi1/9/48 interface2 Gi2/1/48Configuring the Exclusion List
When dual-active scenario is detected, part of the recovery action is for the chassis to shut down all of its non-VSL interfaces. You can specify one or more interfaces to be excluded from this action (for example, to exclude the interface you use for remote access to the chassis).
To specify interfaces that are not to be shut down by dual-active recovery, perform this task:
When you configure the exclusion list, note the following information:
•
•
•
This example shows how to configure an interface as an exclusion:
Router(config)# switch virtual domain 100Router (config-vs-domain)# dual-active exclude interface gigabitethernet 1/5/5Displaying Dual-Active Detection
To display information about dual-active detection, perform this task:
Router# show switch virtual dual-active [bfd | pagp | summary]
Displays information about dual-active detection configuration and status.
This example shows how to display information for BFD dual-active detection:
Router# show switch virtual dual-active bfdBfd dual-active detection enabled: YesNo bfd dual-active interface pairs configuredThis example shows how to display the summary status for dual-active detection:
Router# show switch virtual dual-active summaryPagp dual-active detection enabled: YesBfd dual-active detection enabled: YesNo interfaces excluded from shutdown in recovery modeIn dual-active recovery mode: No
This example shows how to display PAgP status and the channel groups with trust mode enabled:
Router# show pagp dual-activePAgP dual-active detection enabled: YesPAgP dual-active version: 1.1Channel group 3 dual-active detect capability w/nbrs Dual-Active trusted group: NoDual-Active Partner Partner PartnerPort Detect Capable Name Port VersionFa1/2/33 No None None N/AChannel group 4Dual-Active trusted group: YesNo interfaces configured in the channel groupChannel group 5Dual-Active trusted group: YesChannel group 5 is not participating in PAGPChannel group 10 dual-active detect capability w/nbrs Dual-Active trusted group: YesDual-Active Partner Partner PartnerPort Detect Capable Name Port VersionGi1/6/1 Yes eden-nbr- Gi1/5/1 1.1Gi2/5/1 Yes eden-nbr- Gi1/5/2 1.1Channel group 11 dual-active detect capability w/nbrs Dual-Active trusted group: NoDual-Active Partner Partner PartnerPort Detect Capable Name Port VersionGi1/6/2 Yes eden-nbr- Gi1/3/1 1.1Gi2/5/2 Yes eden-nbr- Gi1/3/2 1.1Channel group 12 dual-active detect capability w/nbrs Dual-Active trusted group: YesDual-Active Partner Partner PartnerPort Detect Capable Name Port VersionFa1/2/13 Yes eden-nbr- Fa1/2/13 1.1Fa1/2/14 Yes eden-nbr- Fa1/2/14 1.1Gi2/1/15 Yes eden-nbr- Fa1/2/15 1.1Gi2/1/16 Yes eden-nbr- Fa1/2/16 1.1
Note
