Cisco 4507r software configuration guide

cisco 4507r software configuration guide

Software Configuration Guide—Release (44)SG. OL Example Configuration Configuring the Switch Using Configuration Mode to Configure. Cisco IOS Command Reference Guides for the Catalyst Series Switch. If a command is not in the Cisco Catalyst R+E. R-E. R-E. R+E. Configuration Guides. Most Recent. Catalyst Series Switch Cisco IOS Software Configuration Guide, Cisco IOS XE Release COMPARE AVG COMODO ANTIVIRUS Москва ТЦ НА пакетов на 20 наш 4-й. Молодежнаяцокольныйвот вид. Москва ТЦ НА ТИШИНКЕ Мы открыли.

For the two switches of the VSS to act as one network element, they need to share control information and data traffic. The virtual switch link VSL is a special link that carries control and data traffic between the two switches of a VSS, as shown in Figure The VSL gives control and management traffic higher priority than data traffic so that control and management messages are never discarded. Note EtherChannel load balancing method is a global configuration; VSL observes that method of load balancing.

When you configure VSL, all existing configurations are removed from the interface except for specific allowed commands. When you configure VSL, the system puts the interface into a restricted mode. This means that only specific configuration commands can be configured on the interface. An EtherChannel also known as a port channel is a collection of two or more physical links that combine to form one logical link.

Layer 2 protocols operate on the EtherChannel as a single logical entity. VSS supports a maximum of EtherChannels. When the failed switch recovers, it takes on the VSS standby role. However, if only the VSL port-channel failure caused the switchover, the previous VSS active switch enters recovery mode provided dual-active detection is configured. In this scenario, the previous VSS active chassis now in recovery mode carries no traffic and only monitors the VSL link.

For additional information about dual-active detection, see the "Dual-Active Detection" section. The VSS uses VSL to communicate protocol and system information between the peer switches and to carry data traffic between the switches when required. Both switches perform packet forwarding for ingress traffic on their interfaces.

If possible, ingress traffic is forwarded to an outgoing interface on the same switch to minimize data traffic that must traverse the VSL. The command console on the VSS active supervisor engine is used to control both switches. In virtual switch mode, the command console on the VSS standby supervisor engine blocks attempts to enter configuration mode. The VSS standby switch runs a subset of system management tasks. For example, the VSS standby switch handles its own power management, linecard bringup, and other local hardware management.

However, when a chassis is running in VSS mode, it supports a second supervisor engine, but only in rommon mode. This makes ports on the supervisor engine in rommon mode available for forwarding although it neither participates in any switchover nor provides protection against any failure. If the second supervisor engine is inserted in a redundant chassis, the following information applies:.

If you insert a supervisor engine that was not configured for VSS mode, it will disrupt the operation of the ICA supervisor engine. If it was previously configured, automatic boot must be disabled i. The supervisor engine does not takeover or boot automatically when the ICA supervisor engine fails.

If two supervisor engines exist in a chassis, one should be retained in rommon or removed, before conversion occurs. You can convert the second supervisor to VSS mode while the first supervisor is removed or in rommon, with the additional step of setting it to "boot only to ROM Monitor. The other engine, which becomes the ICS, will continuously reload. For this to happen, the former active supervisor engine must remain in rommon mode.

The ICS supervisor engine does not participate in upgrade or any forwarding operations. You can, however, enter these "bootup" commands to make it join an existing VSS domain. Note When a supervisor engine in VSS mode is booting in a chassis, where an ICA supervisor engine already exists, the ICS supervisor engine the one that is booting is continuously reset. It must be manually put into rommon by disabling auto-boot. Simultaneously, the ICS may display a message that it has crashed and might generate a crashdump.

Because the supervisor engine is going down, this message is harmless; it does not affect the functionality of VSS. Instead of resetting itself gracefully, the engine might crash while attempting a reset. The chassis must contain the same number of slots, even if their linecards differ or their slots are empty.

In VSS mode, interfaces are specified using the switch number in addition to slot and port , because the same slot numbers are used on both chassis. IOS treats modules in both chassis as if they belong to one single chassis and the module number space is Switch 1 receives a module number from and switch 2 receives a number from , irrespective the chassis type, supervisor type, or number of slots in a chassis.

For example, on a 3-slot chassis VSS, the module numbers on switch 1 would be 1, 2, and 3, and on switch 2, the numbers would be 11, 12, and The module number on switch 2 always starts from The show switch virtual slot-map command provides virtual to physical slot mapping.

The following is a sample output:. With some exceptions, the VSS maintains feature parity with the standalone Catalyst or X series switches. Major exceptions include:. Table describes the hardware requirements for the VSS chassis and modules.

Note The two chassis must have the same number of slots. These include all line cards starting with the 'WS-X45xy' id, and lower. Please remove these line cards from your system when converting from standalone to VSS mode. Physical links from any of the supervisor engines or linecard modules can be used to implement a Multichassis EtherChannel MEC. Figure shows a example topology. The following sections describe how redundancy in a VSS supports network high availability:.

Compared to standalone mode, a VSS has the following important differences in its redundancy model:. The VSS active supervisor engine runs the Layer 2 and Layer 3 control protocols and manages the switching modules on both switches.

Configuration, forwarding, and state information are synchronized from the VSS active supervisor engine to the redundant supervisor engine at startup and whenever changes to the VSS active supervisor engine configuration occur. If a switchover occurs, traffic disruption is minimized. If a VSS does not meet the requirements for SSO redundancy, it will be incapable of establishing a relationship with the peer switch.

The VSS determines the role of each supervisor engine during initialization. The supervisor engine in the VSS standby switch runs in hot standby state. Also, protocols and features that support high availability synchronize their events and state information to the VSS standby supervisor engine. Figure illustrates the switches' roles in a VSS. The failed switch performs recovery action by reloading the supervisor engine. If the VSS standby switch or supervisor engine fails, no switchover is required.

The VSL links are unavailable while the failed switch recovers. The bandwidth of the VSS is reduced until the failed switch has completed its recovery and become operational again. Any devices that are connected only to the failed switch experience an outage. After the SSO, much of the processing power of the VSS active supervisor engine is consumed in bringing up a large number of ports simultaneously in the VSS standby switch.

As a result, some links might be brought up before the supervisor engine has configured forwarding for the links, causing traffic to those links to be lost until the configuration is complete. Note We recommend not configuring LACP independent mode standalone-mode for MEC because ports on the VSS standby switch while it boots come up tens of seconds before the control plane is fully functional.

This behavior causes a port to start working in independent mode and might cause traffic loss until the port is bundled. To ensure fast recovery from VSL failures, fast link failure detection is enabled in virtual switch mode on all VSL port channel members. If the VSS active switch has failed causing the VSL links to go down , the scenario is switch failure, as described in the previous section. See the "Dual-Active Detection" section for additional details about the dual-active scenario.

If you enter the reload command from the command console, it performs a reload on the switch where reload is issued. To reload only the VSS standby switch, use the redundancy reload peer command. To force a switchover from the VSS active to the standby supervisor engine, use the redundancy force-switchover command. To reset both the VSS active and standby switch, use the redundancy reload shelf command. These protocols run only on the VSS active switch. We recommend that you configure the MEC with at least one link to each switch.

This configuration conserves VSL bandwidth traffic egress link is on the same switch as the ingress link , and increases network reliability if one VSS supervisor engine fails, the MEC is still operational. Control protocols continue to run in the VSS active switch. Layer 2 control protocols perform the same corrective action as for a link-down event on a regular EtherChannel.

Connected peer switches detect the link failures, and adjust their load-balancing algorithms to use only the links to the VSS active switch. Connected peer switches detect the link failures to the failed switch , and adjust their load-balancing algorithms to use only the links to the new VSS active switch.

The VSS uses the VSL to communicate system and protocol information between the peer switches and to carry data traffic between the two switches. Both switches perform packet forwarding for ingress traffic on their local interfaces. The VSL carries data traffic and in-band control traffic between the two switches. All frames forwarded over the VSL link are encapsulated with a special header up to ten bytes for data traffic and 18 bytes for control packets , which provides information for the VSS to forward the packet on the peer switch.

The VSL transports control messages between the two switches. Messages include protocol messages that are processed by the VSS active supervisor engine, but received or transmitted by interfaces on the VSS standby switch. Control traffic also includes module programming between the VSS active supervisor engine and switching modules on the VSS standby switch.

For example, if an access switch is dual-homed attached with an MEC terminating on both VSS switches , the VSS transmits packets to the access switch using a link on the same switch as the ingress link. Traffic on the VSL is load-balanced with the same global hashing algorithms available for EtherChannels the default algorithm is source-destination IP.

All Layer 2 protocols in VSS work similarly in standalone mode. The following sections describe the difference in behavior for some protocols in VSS:. The VSS defines a common device identifier for both chassis. A new PAgP enhancement has been defined for assisting with dual-active scenario detection.

For additional information, see the "Dual-Active Detection" section. The only exception is that the native VLAN on isolated trunk ports must be configured explicitly. All layer 3 protocol packets are sent to and processed by the VSS active supervisor engine. Both member switches perform hardware forwarding for ingress traffic on their interfaces. If possible, to minimize data traffic that must traverse the VSL, ingress traffic is forwarded to an outgoing interface on the same switch.

When software forwarding is required, packets are sent to the VSS active supervisor engine for processing. After a switchover, the original router MAC address is still used. The router MAC address is configurable and can be chosen from three options: virtual-mac derived from domainId , chassis-mac preserved after switchover , and user-configured MAC address. The supervisor engine on the VSS active switch runs the IPv4 routing protocols and performs any required software forwarding.

The VSS active supervisor engine generates all routing protocol packets to be sent out over ports on either VSS member switch. Hardware forwarding is distributed across both members on the VSS. Packets intended for a local adjacency reachable by local ports are forwarded locally on the ingress switch.

Packets intended for a remote adjacency reachable by remote ports must traverse the VSL. If a switchover occurs, software forwarding is disrupted until the new VSS active supervisor engine obtains the latest CEF and other forwarding information.

In virtual switch mode, the requirements to support non-stop forwarding NSF match those in standalone redundant mode of operation. From a routing peer perspective, Multi-Chassis EtherChannels MEC remain operational during a switchover only the links to the failed switch are down, but the routing adjacencies remain valid. On both member switches, all multicast routes are loaded in hardware with replica expansion table RET entries programmed for only local outgoing interfaces. Both member switches are capable of performing hardware forwarding.

For packets traversing VSL, all Layer 3 multicast replication occurs on the egress switch. If there are multiple receivers on the egress switch, only one packet is replicated and forwarded over the VSL, and then replicated to all local egress ports. Software features run only on the VSS active supervisor engine. The following sections describe system monitoring and system management for a VSS:.

Environmental monitoring runs on both supervisor engines. The VSS active switch gathers log messages for both switches. File system access on VSS is the same as it is on dual supervisor standalone system. All files on a standby switch are accessible with slave prefix as following:. All file or directory name with prefix "slave" show VSS standby files. Bootup diagnostics are run independently on both switches. Online diagnostics can be invoked on the basis of virtual slots, which provide accessibility to modules on both switches.

Use the show switch virtual slot-map command to display the virtual to physical slot mapping. Because the management plane of the two switches are common that is, both switches in a VSS can be configured and managed from active switch itself , you do not require access to the standby console.

However, the consoles of both switches are available by connecting console cables to both supervisor engine console ports. Availability of the standby console does not imply that you can configure the switch from standby console as well. Config mode is not available on the standby switch and show commands are limited in availability. Observe that all show commands, even for remote ports, are available on the active switch.

The console on the VSS standby switch will indicate that switch is operating in VSS standby mode by adding the characters "-stdby" to the command line prompt. You cannot enter configuration mode on the VSS standby switch console.

Remote console the console on the standby switch can be accessed from the Local active switch. This is available on a standalone system and works similarly on VSS. To access the remote console from the active switch, you can use the remote login command with a VSS-Standby module number.

Observe that the module number is a virtual slot and it would be an In-Chassis-Active supervisor module number on the remote chassis. Because the standby console is not available in config mode and only partially available in EXEC mode, distributed features like Netflow and Wireshark have special exemptions for respective commands that is, these commands are allowed.

When you copy a file to a bootflash on the active switch, it is not automatically copied to the standby bootflash. This means that when you perform an ISSU upgrade or downgrade, both switches must receive the files individually. This behavior matches that on a dual-supervisor standalone system. Similarly, the removal of a file on one switch does not cause the removal of the same file on the other switch.

When you do this, the VSL link becomes "busy. On VSS, copying a large file from one switch to another may take several minutes. Hence, you should do this only when needed. Consider a wait of several minutes before file transfer completes. To ensure that switchover occurs without delay, the VSS standby switch assumes the VSS active switch has failed and initiates switchover to take over the VSS active role.

This situation is called a dual-active scenario. The VSS must detect a dual-active scenario and take recovery action. PAgP uses messaging over the MEC links to communicate between the two switches through a neighbor switch. The dual-active detection and recovery methods are described in the following sections:. Only switches in virtual switch mode send the new TLV. For dual-active detection to operate successfully, one or more of the connected switches must be able to process the new TLV.

Catalyst , Catalyst X, and Catalyst 49 xx series switches have this capability. This switch initiates recovery actions as described in the "Recovery Actions" section. An VSS active switch that detects a dual-active condition shuts down by err-disabling all of its non-VSL interfaces to remove itself from the network, and waits in recovery mode until the VSL links have recovered.

You might need to intervene directly to fix the VSL failure. When the shut down switch detects that VSL is operational again, the switch reloads and returns to service as the VSS standby switch. Loopback interfaces are also shut down in recovery mode. The loopback interfaces are operationally down and not err-disabled. Note If the running configuration of the switch in recovery mode has been changed without saving, the switch will not automatically reload.

In this situation, you must write the configuration to memory and then reload manually using the reload command. Only configuration changes applied to VSL ports on the switch can be saved. All other configuration changes are discarded as the node reboots as VSS standby. When a switch becomes active either due to dual-active scenario or otherwise , the IP address configured for fa1 management interface is associated with the active switch.

By default, the switch in recovery mode will not have any IP address for the fa1 interface on its supervisor engine. To ensure IP connectivity to the switch during recovery, you ca n configure an recovery IP address. IP address configuration is mandatory if you want IP connectivity while switch is in recovery. When a switch enters recovery mode, the IP address for the management interface on its supervisor engine is associated with the recovery IP address.

The recovery IP address for a management interface can be verified in the output of commands such as show ip interface brief and show interfaces. The recovery IP address is the IP address that is used for the fa1 interface of a switch while in recovery mode. To configure the recovery IP address for the fa1 interface, perform the following task:.

Switch config switch virtual domain domain-id. Switch config-vs-domain [ no ] dual-active recovery [switch n ] ip address recovery-ip-address recovery-ip-mask. The following example shows how to set a recovery IP address By default, ip address is not configured for recovery mode. So, the switch-fa1 interface is not associated with an IP address while the switch is in recovery mode.

This ensures that two devices do not respond to the same IP address. Without the switch n option, the same recovery ip address is used by either switch when it enters recovery mode. By definition, there is only one switch in a given VSS system in recovery mode at a time, making one recovery ip address sufficient.

If the two switches must use different IP addresses when the respective switch is in recovery mode, use the switch n option. You can configure recovery IP addresses without the switch n option and with the switch n option simultaneously for a total of three IP addresses, one global and one per switch. When done, the per-switch IP address takes precedence. If no per-switch IP address exists, the global IP address is used. Following are two examples:.

In this scenario, if switch 1 enters recovery mode, it will use IP1 for the fa1 interface on switch 1. Conversely, if switch 2 enters recovery mode, it will use IP2 for the fa1 interface on switch2. In this scenario, if switch 1 enters recovery mode, it will use IP1 for the fa1 interface on the switch 1. Conversely, if switch 2 enters recovery mode, it will use GIP for the fa1 interface on switch2. The peer switch communicates over the VSL to negotiate the switches' roles.

If only one switch becomes operational, it assumes the VSS active role. The VSLP includes the following protocols:. LMP identifies and rejects any unidirectional links. VSL moves the control traffic to another port if necessary.

During the startup sequence, the VSS standby switch sends virtual switch information from the startup-config file to the VSS active switch. The VSS active switch ensures that the following information matches correctly on both switches:. There are various ways to recover from this situation. You can make the necessary changes afterwards and reboot the switch and ensure VSL links are connected and not put in shutdown mode. This method requires that no traffic flows through this switch.

Once the switch is in standalone mode, you can convert it to VSS and then reboot it. If these conditions are unsatisfied, the VSS stops booting and ensures that the forwarding plane is not performing forwarding. Because both switches need to be assigned their role VSS active or VSS standby before completing initialization, VSL is brought online before the rest of the system is initialized.

The initialization sequence is as follows:. If VSS is either forming for the first time or a mismatch exists between VSL information sent by the standby switch and what is on the active switch, the new configuration is absorbed in the startup-config. This means that if the active switch was running prior to the standby switch and unsaved configurations existed, they would be written to the startup-config if the standby switch sends mismatched VSL information.

If priority is configured, the higher priority switch becomes active. When you subsequently boot the other switch, the VSL links become active, and the new switch boots as the VSS standby switch. Because preemption is not supported, if a VSS active is already running, the peer switch would always receive the VSS standby role, even if its priority is higher than that of the active switch.

If the VSL is down when both switches try to boot up, the situation is similar to a dual-active scenario. One of the switch becomes VSS active and the other switch initiates recovery from the dual-active scenario. For further information, see the "Configuring Dual-Active Detection" section.

The following sections describe restrictions and guidelines for VSS configuration:. The responsibility of bandwidth availability for a given network requirement lies with the network operator. Also, all VSL links configured on one module may cause a Dual-Active operation, if the module goes down.

When both supervisor engines are converted, they could be inserted in the chassis. A combination of converted and non-converted supervisor engines in a chassis is not supported and it may disrupt the network. This will cause continuous reloads on the standby supervisor engine. To mitigate this, you can reduce the policer rate.

In a more restrictive case, a rate of 50 Mbps might be necessary to achieve a maximum of Mbps. In a more liberal case, where conforming action of Mbps is not a problem, policing rate could be kept to Mbps. When configuring dual-active detection, note the following guidelines and restrictions:. For module redundancy, the two ports can be on different modules in each switch, and should be on different modules than the VSL ports, if feasible.

The VSS combines two standalone switches into one virtual switch, operating in virtual switch mode. Note Preferably, conversion to VSS should be done on a maintenance window. If you plan to use the same port channel number for VSL, default the existing port channel configurations that are available on standalone switches. To convert two standalone switches into a VSS, you perform the following major activities:.

In virtual switch mode, both switches use the same configuration file. When you make configuration changes on the VSS active switch, these changes are automatically propagated to the VSS standby switch. The tasks required to convert the standalone switch to a VSS are detailed in the following sections:. In the procedures that follow, the example commands assume the configuration shown in Figure Note The port channels 10 and 20 mentioned in the config steps below are merely exemplary.

You can configure any port channel number from for VSL port channel. Save the configuration files for both switches operating in standalone mode. You need these files to revert to standalone mode from virtual switch mode.

Switch-1 copy startup-config disk0:old-startup-config. Switch-2 copy startup-config disk0:old-startup-config. You must configure the same virtual switch domain number on both switches of the VSS. The virtual switch domain is a number between 1 and , and must be unique for each VSS in your network the domain number is incorporated into various identifiers to ensure that these identifiers are unique across the network.

Within the VSS, you must configure one switch to be switch number 1 and the other switch to be switch number 2. To configure the virtual switch domain and switch number on both switches, perform this task on Switch Note The switch number is not stored in the startup or running configuration, because both switches use the same configuration file but must not have the same switch number.

The VSL is configured with a unique port channel on each switch. To avoid this situation, check that both port channel numbers are available on both of the switches. Check the port channel number with the show running-config interface port-channel command.

The command displays an error message if the port channel is available for VSL. For example, the following command shows that port channel 20 is available on Switch Note The port channels 10 and 20 mentioned in the configuration steps below are exemplary only. You must add the VSL physical ports to the port channel. Tip For line redundancy, we recommend configuring at least two ports per switch for the VSL.

For module redundancy, the two ports can be on different switching modules in each chassis. Conversion to virtual switch mode requires a restart for both switches. A backup copy of the startup configuration file is saved in bootflash. This file is assigned a default name, but you are also prompted to override the default name if you want to change it.

After you enter the command, you are prompted to confirm the action. Enter yes. The system creates a converted configuration file, and saves the file to the bootflash. Note After you confirm the command by entering yes at the prompt , the running configuration is automatically saved as the startup configuration and the switch reboots. When switches are being converted to VSS, you should not set them to ignore startup-config.

If done, the switch can be enabled to parse the startup-config at the rommon prompt. Ignoring startup-config in VSS mode, causes a switch to boot in a semi-VSS mode, which can only be corrected by a reboot and by enabling the parsing of startup-config. Note You cannot configure or provision modules on VSS. When switches form initial VSS relationships, they send module information to each other and this information is pushed to the configuration and used subsequently for provisioning, provided the switch is booting and the peer is down or not present.

These commands are not available to the user and that various numbers used in these commands are internal to the system and used to identify a module. These commands are written to the startup-config when a switch detects a given module while it is running in VSS mode. When reconverted to standalone mode, these commands are removed from the startup-config.

You need to complete the VSS conversion process on two member switches separately. Step 1: Define a Virtual Switch Domain number. Step4 : Final step in the process of VSS conversion. Step 1: Define a Virtual Switch Domain number on switch 2. Step4 : Final step in the process of VSS conversion on switch 2. Displays the virtual switch domain number, and the switch number and role for each of the switches.

Displays the role, switch number, and priority for each of the switch in the VSS. To convert a VSS into two standalone systems, you perform the following major steps:. Save the configuration file from the VSS active switch. You may need this file if you convert to virtual switch mode again.

Optional Saves the running configuration to startup configuration. This step is only required if there are unsaved changes in the running configuration that you want to preserve. Switch-1 copy startup-config bootflash:vs-startup-config. When you convert the VSS active switch to standalone mode, the VSS active switch removes the provisioning and configuration information related to VSL links and the peer chassis modules, saves the configuration file, and performs a reload.

The switch comes up in standalone mode with only the configuration data relevant to the standalone system. VSL links on this switch are down because the peer is now unavailable. Conversion from VSS to standalone causes all physical interfaces to be administratively shutdown and written to the startup-config. This is a safeguard against a standalone system arriving in the network alive and conflicting with a bridge or router MAC address, which might still be there if one of the VSS switches is still running in VSS mode.

When you convert the new VSS active switch to standalone mode, the switch removes the provisioning and configuration information related to VSL links and the peer switch modules, saves the configuration file and performs a reload. The switch comes up in standalone mode with only its own provisioning and configuration data. To convert the peer switch to standalone, perform this task on the VSS standby switch:. Configures the priority for the switch. The switch with the higher priority assumes the VSS active role.

The range is 1 lowest priority to highest priority ; the default is The show switch virtual role command displays the operating priority and the configured priority for each switch in the VSS. The new value takes effect after you save the configuration and perform a reload. Note If you make configuration changes to the switch priority, the changes only take effect after you save the running configuration to the startup configuration file and perform a reload.

The show switch virtual role command shows the operating and configured priority values. At any time, you can add and delete VSL ports from a port-channel to increase the number of links in the VSL, to move the port from one port to another, or to remove it from VSL. The peer port must also be configured for VSL. When both ports on the link are configured for VSL, unshut them.

Else, a dual-active operation could occur. You should add an additional VSL link in the channel, move ports and remove additional links in the channel. When a physical port is configured as a member of a VSL port-channel, a queuing policy is automatically attached to the VSL member ports. Each queue is provided with a minimum bandwidth, ensuring that VSS management and control protocol packets are not dropped when congestion occurs on the VSL.

The bandwidth assigned to a class of traffic is the minimum bandwidth that is guaranteed to the class during congestion. On VSS, all routing protocols are centralized on the active supervisor engine. A common router MAC address is used for Layer 3 interfaces on both active and standby switches. Additionally, to ensure non-stop forwarding, the same router MAC address is used after switchover to the standby switch, so that all layer 3 peers see a consistent router MAC address.

Ensure that this MAC address is reserved for this usage. This is the Cisco MAC address assigned to the chassis. By default, the virtual domain based router MAC address is used. Switch config-vs-domain mac-address use-virtual.

Assigns the router MAC address from a reserved pool of domain-based addresses. Note This is the default. Switch config-vs-domain mac-address mac-address. You can verify the MEC configuration by entering the show etherchannel command. By default, PAgP dual-active detection is enabled. However, the enhanced messages are only sent on port channels with trust mode enabled see the trust mode description in the note.

Note Before changing PAgP dual-active detection configuration, ensure that all port channels with trust mode enabled are in administrative down state. Use the shutdown command in interface configuration mode for the port channel. Remember to use the no shutdown command to reactivate the port channel when you are finished configuring dual-active detection. Switch config-vs-domain dual-active detection pagp.

You must configure trust mode on the port channels that will detect PAgP dual-active detection. By default, trust mode is disabled. Note If PAgP dual-active detection is enabled, you must place the port channel in administrative down state before changing the trust mode. Remember to use the no shutdown command to reactivate the port channels when you are finished configuring trust mode on the port channel. This example shows the error message if you try to enable PAgP dual-active detection when a trusted port channel is not shut down first:.

This example shows the error message if you try to configure trust mode for a port channel that is not shut down first:. Switch show switch virtual dual-active [ pagp summary ]. This example shows how to display the summary status for dual-active detection:. This example shows how to display the summary status for dual-active detection when recovery is triggered by RRP rather than PagP:.

This example shows how to display PAgP status and the channel groups with trust mode enabled:. In a VSS, the supervisor engines on the peer switches maintain an SSO stateful switchover relationship between themselves.

This facilitates the ability to perform a software upgrade or downgrade on both the VSS supervisor engines, one at a time. Figure below depicts at a conceptual level the sequence of events that take place when the VSS system is upgraded from software version X to version Y.

Figure indicates that both switches in a VSS reboot at some point during the upgrade process. When a switch reboots, all the network links that terminate on that switch undergo a link-down event. This means that network devices that are connected to the switch that is rebooting will observe a disruption in service, unless the connection is over an MEC that contains at least one link that terminates on the other switch.

If a peer device is connected to the VSS over an MEC that has links terminating in both switches, that device will not experience a disruption of service during the software upgrade process. This is illustrated in Figure Also ensure that the target version supports ISSU. You can enter various commands on the switch to determine supervisor engine versioning and Cisco IOS XE software compatibility.

ISSU is also not supported from a k9 image to a non-k9 image, or vice versa. Both supervisor engines should be running the pre-upgrade image, and should have booted from the image location in the local file system. Note The show version command can be used to confirm that the supervisor engine has actually booted from the pre-upgrade image location in the local filesystem. The config-register value displayed in the output of show version can be used to confirm this.

For details on how to configure and verify these, please refer to "Modifying the Boot Field and Using the boot Command" section. A fifth command, issu abortversion , enables you to abort the ISSU upgrade process at any time, and to revert to the initial system state. These four commands take the VSS through a series of states that culminate in the active and standby supervisor engines running the post-upgrade IOS XE image.

The VSS continues to operate throughout the entire process; however as explained in Traffic and Network Protocol Disruption During ISSU in a VSS , service is disrupted on network links that terminate on interfaces that reside in the switch that is undergoing a reboot.

Figure depicts the states through which the VSS active and standby supervisor engines progress as the sequence of four commands entered. It also shows the effect of the issu abortversion command at any given point during the process. During the ISSU process, several show commands are available to evaluate the success of each command before proceeding to the next step. The use of multiple ISSU commands dictates an additional level of care to ensure no service disruption.

However, in some scenarios, this upgrade procedure might be cumbersome and of minimal value. A typical example is during a network upgrade that involves performing an ISSU upgrade on a large number of Catalyst switches. In these cases, we recommend that you first perform the manual four command ISSU upgrade procedure on one VSS possibly in a lab environment to verify successful upgrade.

Then, use the single issu changeversion procedure to perform an automatic ISSU on the rest of the Catalyst switches in the network. The issu changeversion command launches a single-step complete ISSU upgrade cycle. It performs the logic for all four of the standard commands issu loadversion , issu runversion , issu acceptversion , and issu commitversion without user intervention, streamlining the upgrade through a single CLI step. Additionally, issu changeversion allows the upgrade process to be scheduled for a future time.

This enables you to stage a number of systems to perform upgrades sequentially when a potential disruption would be least harmful. Hence, a reset on any RP will keep the system booting the new software image. Console and syslog messages will be generated to notify anyone monitoring the upgrade that the state transition has occurred. Similar to the normal ISSU upgrade procedure, the in-progress upgrade procedure initiated by the issu changeversion command can be aborted with the issu abortversion command.

If the system detects any problems or detects an unhealthy system during an upgrade, the upgrade might be automatically aborted. When the issu runversion command is entered during the four step manual upgrade process, if any incompatible ISSU clients exist, the upgrade process reports them and their side effects, and allows the user to abort the upgrade. The following is a sample output:. With some exceptions, the VSS maintains feature parity with the standalone Catalyst or X series switches.

Major exceptions include:. The following sections describe the hardware requirements of a VSS:. Table describes the hardware requirements for the VSS chassis and modules. All supervisor engines or systems in a VSS must match precisely. Physical links from any of the supervisor engines or linecard modules can be used to implement a Multichassis EtherChannel MEC.

Figure shows a example topology. The following sections describe how redundancy in a VSS supports network high availability:. Compared to standalone mode, a VSS has the following important differences in its redundancy model:. However, this is not supported in the current release. Configuration, forwarding, and state information are synchronized from the VSS Active supervisor engine to the redundant supervisor engine at startup and whenever changes to the VSS Active supervisor engine configuration occur.

If a switchover occurs, traffic disruption is minimized. If a VSS does not meet the requirements for SSO redundancy, it will be incapable of establishing a relationship with the peer switch. The VSS determines the role of each supervisor engine during initialization.

The supervisor engine in the VSS Standby switch runs in hot standby state. Also, protocols and features that support high availability synchronize their events and state information to the VSS Standby supervisor engine. The failed switch performs recovery action by reloading the supervisor engine.

If the VSS Standby switch or supervisor engine fails, no switchover is required. The VSL links are unavailable while the failed switch recovers. The bandwidth of the VSS is reduced until the failed switch has completed its recovery and become operational again.

Any devices that are connected only to the failed switch experience an outage. As a result, some links might be brought up before the supervisor engine has configured forwarding for the links, causing traffic to those links to be lost until the configuration is complete. This behavior causes a port to start working in independent mode and might cause traffic loss until the port is bundled. To ensure fast recovery from VSL failures, fast link failure detection is enabled in virtual switch mode on all VSL port channel members.

If the VSS Active switch has failed causing the VSL links to go down , the scenario is switch failure, as described in the previous section. If you enter the reload command from the command console, it performs a reload on the switch where reload is issued. To reload only the VSS Standby switch, use the redundancy reload peer command. These protocols run only on the VSS Active switch.

We recommend that you configure the MEC with at least one link to each switch. This configuration conserves VSL bandwidth traffic egress link is on the same switch as the ingress link , and increases network reliability if one VSS supervisor engine fails, the MEC is still operational. The following sections describe possible failures and the resulting impacts:.

Control protocols continue to run in the VSS Active switch. Layer 2 control protocols perform the same corrective action as for a link-down event on a regular EtherChannel. Connected peer switches detect the link failures, and adjust their load-balancing algorithms to use only the links to the VSS Active switch.

Connected peer switches detect the link failures to the failed switch , and adjust their load-balancing algorithms to use only the links to the new VSS Active switch. The VSS uses the VSL to communicate system and protocol information between the peer switches and to carry data traffic between the two switches. Both switches perform packet forwarding for ingress traffic on their local interfaces. The following sections describe packet handling in a VSS:.

The VSL carries data traffic and in-band control traffic between the two switches. All frames forwarded over the VSL link are encapsulated with a special header up to ten bytes for data traffic and 18 bytes for control packets , which provides information for the VSS to forward the packet on the peer switch. The VSL transports control messages between the two switches. Messages include protocol messages that are processed by the VSS Active supervisor engine, but received or transmitted by interfaces on the VSS Standby switch.

For example, if an access switch is dual-homed attached with an MEC terminating on both VSS switches , the VSS transmits packets to the access switch using a link on the same switch as the ingress link.

Traffic on the VSL is load-balanced with the same global hashing algorithms available for EtherChannels the default algorithm is source-destination IP. All Layer 2 protocols in VSS work similarly in standalone mode. The following sections describe the difference in behavior for some protocols in VSS:. The VSS defines a common device identifier for both chassis.

A new PAgP enhancement has been defined for assisting with dual-active scenario detection. This accommodates the overhead of transporting packets between the two member switches over VSL. Not all frames traverse VSL. So, packets confined to one of the member switches could have a size of bytes MTU of bytes.

Such frames may require diversion over VSL when a failure occurs. It is set internally to Max frame size of , addressing the overhead of VSL. For example, if we send traffic between two ports on the active switch, no overhead exists. However, overhead exists when we send packets between ports of active to ports of standby. Even more overhead exists when we send packets from standby ports to the active CPU. The higher limit accommodates the worst case and guarantees consistent forwarding under all scenarios.

The only exception is that the native VLAN on isolated trunk ports must be configured explicitly. All layer 3 protocol packets are sent to and processed by the VSS Active supervisor engine. Both member switches perform hardware forwarding for ingress traffic on their interfaces. If possible, to minimize data traffic that must traverse the VSL, ingress traffic is forwarded to an outgoing interface on the same switch.

When software forwarding is required, packets are sent to the VSS Active supervisor engine for processing. After a switchover, the original router MAC address is still used. The router MAC address is configurable and can be chosen from three options: virtual-mac derived from domainId , chassis-mac preserved after switchover , and user-configured MAC address. The following sections describe Layer 3 protocols for a VSS:. The supervisor engine on the VSS Active switch runs the IPv4 routing protocols and performs any required software forwarding.

Hardware forwarding is distributed across both members on the VSS. Packets intended for a local adjacency reachable by local ports are forwarded locally on the ingress switch. Packets intended for a remote adjacency reachable by remote ports must traverse the VSL. If a switchover occurs, software forwarding is disrupted until the new VSS Active supervisor engine obtains the latest CEF and other forwarding information.

In virtual switch mode, the requirements to support non-stop forwarding NSF match those in standalone redundant mode of operation. From a routing peer perspective, Multi-Chassis EtherChannels MEC remain operational during a switchover only the links to the failed switch are down, but the routing adjacencies remain valid. VSS supports IPv6 unicast and multicast as it is there on standalone system. On both member switches, all multicast routes are loaded in hardware with replica expansion table RET entries programmed for only local outgoing interfaces.

Both member switches are capable of performing hardware forwarding. For packets traversing VSL, all Layer 3 multicast replication occurs on the egress switch. If there are multiple receivers on the egress switch, only one packet is replicated and forwarded over the VSL, and then replicated to all local egress ports. Software features run only on the VSS Active supervisor engine. The following sections describe system monitoring and system management for a VSS:. Environmental monitoring runs on both supervisor engines.

The VSS Active switch gathers log messages for both switches. File system access on VSS is the same as it is on dual supervisor standalone system. All files on a standby switch are accessible with slave prefix as following:. All file or directory name with prefix "slave" show vss standby files. Note The in-chassis standby ICS bootflash is displayed as bootflash-ics: and slavebootflash-ics.

Bootup diagnostics are run independently on both switches. Online diagnostics can be invoked on the basis of virtual slots, which provide accessibility to modules on both switches. Use the show switch virtual slot-map command to display the virtual to physical slot mapping.

The following sections describe network management for a VSS:. Because the management plane of the two switches are common that is, both switches in a VSS can be configured and managed from Active switch itself , you do not require access to the Standby console. However, the consoles of both switches are available by connecting console cables to both supervisor engine console ports.

Availability of the Standby console does not imply that you can configure the switch from Standby console as well. Config mode is not available on the Standby and show commands are limited in availability. Observe that all show commands, even for remote ports, are available on the Active switch.

You cannot enter configuration mode on the VSS Standby switch console. The following example shows the prompt on the VSS Standby console:. Remote console the Standby's console can be accessed from the Local Active switch. This is available on a standalone system and works similarly on VSS. To access the remote console from the Active, you can use the remote login command with a VSS-Standby module number.

Observe that the module number is a virtual slot and it would be an In-Chassis-Active supervisor module number on the remote chassis. Because the Standby console is not available in config mode and only partially available in EXEC mode, distributed features like Netflow and Wireshark have special exemptions for respective commands that is, these commands are allowed. When you copy a file to a bootflash on the Active, it is not automatically copied to the Standby bootflash.

This means that when you perform an ISSU upgrade or downgrade, both switches must receive the files individually. This behavior matches that on a dual-supervisor standalone system. Similarly, the removal of a file on one switch does not cause the removal of the same file on the other switch. On VSS, copying a large file from one switch to another may take several minutes. Hence, you should do this only when needed. Consider a wait of several minutes before file transfer completes.

This situation is called a dual-active scenario. The VSS must detect a dual-active scenario and take recovery action. PAgP uses messaging over the MEC links to communicate between the two switches through a neighbor switch. The dual-active detection and recovery methods are described in the following sections:.

Only switches in virtual switch mode send the new TLV. For dual-active detection to operate successfully, one or more of the connected switches must be able to process the new TLV. Catalyst , Catalyst X, and Catalyst 49xx series switches have this capability. Dual-Active fast-hello employs fast-hello Layer 2 messages over a direct Ethernet connection.

When the VSL goes down, the event is communicated to the peer switch. If the switch was operating as the active before the VSL went down, it goes into recovery mode upon receipt of a VSL down indication from the peer switch. A fast-hello link is configured between two VSS members with the intention of detecting a dual-active condition. Configuring dual-active fast-hello automatically removes all configurations from the specified interfaces, and restricts the interface to dual-active configuration commands.

The following commands are allowed only in restricted mode on a fast-hello interface:. No data traffic other than fast-hello can be used by fast-hello links. An VSS Active switch that detects a dual-active condition shuts down by err-disabling all of its non-VSL interfaces to remove itself from the network, and waits in recovery mode until the VSL links have recovered. You might need to intervene directly to fix the VSL failure.

Loopback interfaces are also shut down in recovery mode. The loopback interfaces are operationally down and not err-disabled. Note If the running configuration of the switch in recovery mode has been changed without saving, the switch will not automatically reload. In this situation, you must write the configuration to memory and then reload manually using the reload command.

Only configuration changes applied to VSL ports on the switch can be saved. All other configuration changes are discarded as the node reboots as VSS standby. When a switch becomes active either due to dual-active scenario or otherwise , the IP address configured for fa1 management interface is associated with the active switch. By default, the switch in recovery mode will not have any IP address for the fa1 interface on its supervisor engine.

To ensure IP connectivity to the switch during recovery, you ca n configure an recovery IP address. IP address configuration is mandatory if you want IP connectivity while switch is in recovery. When a switch enters recovery mode, the IP address for the management interface on its supervisor engine is associated with the recovery IP address.

The recovery IP address for a management interface can be verified in the output of commands such as show ip interface brief and show interfaces. The recovery IP address is the IP address that is used for the fa1 interface of a switch while in recovery mode. To configure the recovery IP address for the fa1 interface, perform the following task:. Switch configure terminal. Switch config switch virtual domain domain-id. Switch config-vs-domain [no] dual-active recovery [switch n] ip address recovery-ip-address recovery-ip-mask.

The following example shows how to set a recovery IP address By default, ip address is not configured for recovery mode. So, the switch-fa1 interface is not associated with an IP address while the switch is in recovery mode. This ensures that two devices do not respond to the same IP address. Without the switch n option, the same recovery ip address is used by either switch when it enters recovery mode. By definition, there is only one switch in a given VSS system in recovery mode at a time, making one recovery ip address sufficient.

If the two switches must use different IP addresses when the respective switch is in recovery mode, use the switch n option. You can configure recovery IP addresses without the switch n option and with the switch n option simultaneously for a total of three IP addresses, one global and one per switch.

When done, the per-switch IP address takes precedence. If no per-switch IP address exists, the global IP address is used. Following are two examples:. In this scenario, if switch 1 enters recovery mode, it will use IP1 for the fa1 interface on switch 1. Conversely, if switch 2 enters recovery mode, it will use IP2 for the fa1 interface on switch2.

In this scenario, if switch 1 enters recovery mode, it will use IP1 for the fa1 interface on the switch 1. Conversely, if switch 2 enters recovery mode, it will use GIP for the fa1 interface on switch2. If only one switch becomes operational, it assumes the VSS Active role. VSS initialization is described in the following sections:. The VSLP includes the following protocols:. LMP identifies and rejects any unidirectional links. VSL moves the control traffic to another port if necessary.

The VSS Active switch ensures that the following information matches correctly on both switches:. If these conditions are unsatisfied, the VSS stops booting and ensures that the forwarding plane is not performing forwarding. The following sections describe the VSS initialization procedure:. The initialization sequence is as follows:. If VSS is either forming for the first time or a mismatch exists between VSL information sent by the Standby switch and what is on the Active switch, the new configuration is absorbed in the startup-config.

This means that if the Active switch was running prior to the Standby switch and unsaved configurations existed, they would be written to the startup-config if the Standby switch sends mismatched VSL information. If priority is configured, the higher priority switch becomes active.

Because preemption is not supported, if a VSS Active is already running, the peer switch would always receive the VSS Standby role, even if its priority is higher than that of the Active's. If the VSL is down when both switches try to boot up, the situation is similar to a dual-active scenario. One of the switch becomes VSS Active and the other switch initiates recovery from the dual-active scenario.

The following sections describe restrictions and guidelines for VSS configuration:. When configuring the VSS, note the following guidelines and restrictions:. Please remove all other linecards from your system when converting from standalone to VSS mode. After the running configuration is saved and a shelf reload occurs, this behaviour is not observed - the entPhysicalDescr objects for both chassis accurately reflects the correct chassis types.

When configuring MECs, note the following guidelines and restrictions:. When configuring dual-active detection, note the following guidelines and restrictions:. The active switch can gather information from all switches that are Layer 3 reachable. Note Both switches are directly connected to each other using Layer 3 physical interfaces and are reachable through these interfaces.

These physical interfaces are candidate VSL interfaces and are displayed in a list of "potential" VSL interfaces in the output of the vsl? This output also displays a list of indirectly-reachable Layer 3 interfaces. Management and user-created VRF are not supported. Note Switches are reachable to each other through management interfaces.

Reachability to neighboring switches using a management interface isn't supported although the management interface appears in the candidate VSL list. Switches can be Layer 3 reachable indirectly but directly connected.

The directly-connected physical interfaces display in the output of the vsl? Selects interface and switches to interface configuration mode. Switch config-if ip add a. Issuing the switch convert mode easy-virtual-switch exec command on a VSS active switch displays a list of potential VSS standby switches - those that are directly connected and hardware compatible. From the displayed list, the sub-command vsl? Perform the following task on the VSS active switch that you want to make the master switch, which manages the standby switch after VSS boot-up:.

Switch switch convert mode easy-virtual-switch. Switch easy-vss VSL? Displays a list of local inter-faces with their peer interfaces, switch-ip and switch-name. Assigns the local interfaces that we want to convert to VSL. The following example illustrates use of the vsl? The switch on which we execute the above commands becomes the master switch after VSS boots.

Local Interfaces lists interfaces on the switch where we are executing the commands. Remote Interfaces lists the interfaces on the peer switch connected with the local interfaces. Select a maximum of eight VSL local interfaces i. This example forces both the master and standby switches to reboot and come up in VSS. Note 10G and 1G interfaces cannot be mixed.

Chosen interfaces should belong to the same peer. The master switch shares the tftp image path with the standby switch. On reboot, if the tftp path is used for loading the image, both switches boot with the same image. The VSS combines two standalone switches into one virtual switch, operating in virtual switch mode. Note Preferably, conversion to VSS should be done on a maintenance window.

If you plan to use the same port channel number for VSL, default the existing port channel configurations that are available on standalone switches. To convert two standalone switches into a VSS, you perform the following major activities:.

In virtual switch mode, both switches use the same configuration file. The tasks required to convert the standalone switch to a VSS are detailed in the following sections:. In the procedures that follow, the example commands assume the configuration shown in Figure Note The port channels 10 and 20 mentioned in the config steps below are merely exemplary.

You can configure any port channel number from for VSL port channel. Save the configuration files for both switches operating in standalone mode. You need these files to revert to standalone mode from virtual switch mode. Switch-1 copy running-config startup-config.

Optional Saves the running configuration to startup configuration. Switch-1 copy startup-config bootflash:old-startup-config. Switch-1 copy startup-config slot0:old-startup-config. Copies the startup configuration to a backup file. Switch-1 copy startup-config slavebootflash:old-startup-config. Switch-1 copy startup-config slaveslot0:old-startup-config. Copies the startup configuration to the standby supervisors. You must configure the same virtual switch domain number on both switches of the VSS.

The virtual switch domain is a number between 1 and , and must be unique for each VSS in your network the domain number is incorporated into various identifiers to ensure that these identifiers are unique across the network. Within the VSS, you must configure one switch to be switch number 1 and the other switch to be switch number 2. To configure the virtual switch domain and switch number on both switches, perform this task on Switch Switch-1 config switch virtual domain Switch-1 config-vs-domain switch 1.

Switch-1 config-vs-domain exit. Switch-2 config switch virtual domain Switch-2 config-vs-domain switch 2. Switch-2 config-vs-domain exit. Note The switch number is not stored in the startup or running configuration, because both switches use the same configuration file but must not have the same switch number.

The VSL is configured with a unique port channel on each switch. To avoid this situation, check that both port channel numbers are available on both of the switches. Check the port channel number with the show running-config interface port-channel command. The command displays an error message if the port channel is available for VSL.

For example, the following command shows that port channel 20 is available on Switch To configure the VSL port channels, perform this task on Switch Note The port channels 10 and 20 mentioned in the configuration steps below are exemplary only.

Switch-1 config interface port-channel Switch-1 config switchport. Switch-1 config-if switch virtual link 1. Switch-1 config-if no shutdown. Switch-1 config-if exit. Switch-2 config interface port-channel Switch-2 config-if switch virtual link 2. Switch-2 config-if no shutdown. Switch-2 config-if exit. You must add the VSL physical ports to the port channel. Tip For line redundancy, we recommend configuring at least two ports per switch for the VSL.

For module redundancy, the two ports can be on different switching modules in each chassis. To configure the VSL ports, perform this task on Switch Switch-1 config-if channel-group 10 mode on. Switch-2 config-if channel-group 20 mode on. Conversion to virtual switch mode requires a restart for both switches.

A backup copy of the startup configuration file is saved in bootflash. This file is assigned a default name, but you are also prompted to override the default name if you want to change it. To convert Switch 1 to virtual switch mode, perform this task:. Switch-1 switch convert mode virtual.

After you enter the command, you are prompted to confirm the action. Enter yes. The system creates a converted configuration file, and saves the file to the bootflash of the VSS active supervisor. To convert Switch 2 to virtual switch mode, perform this task on Switch Switch-2 switch convert mode virtual.

The system creates a converted configuration file, and saves the file to the bootflash. Note After you confirm the command by entering yes at the prompt , the running configuration is automatically saved as the startup configuration and the switch reboots. When switches are being converted to VSS, you should not set them to ignore startup-config. If done, the switch can be enabled to parse the startup-config at the rommon prompt. Ignoring startup-config in VSS mode, causes a switch to boot in a semi-VSS mode, which can only be corrected by a reboot and by enabling the parsing of startup-config.

Step 2 Insert the redundant supervisors in the appropriate slots. The in-chassis active supervisor then syncs its startup configuration to the ICS. The ICS bootflash filesystem is mounted with the name bootflash-ics:. Note You cannot configure or provision modules on VSS. When switches form initial VSS relationships, they send module information to each other and this information is pushed to the configuration and used subsequently for provisioning, provided the switch is booting and the peer is down or not present.

The following example shows the module provisioning information:. These commands are not available to the user and that various numbers used in these commands are internal to the system and used to identify a module. These commands are written to the startup-config when a switch detects a given module while it is running in VSS mode.

When reconverted to standalone mode, these commands are removed from the startup-config. To display basic information about the VSS, perform one of these tasks:. Switch show switch virtual. Displays the virtual switch domain number, and the switch number and role for each of the switches. Switch show switch virtual role.

Displays the role, switch number, and priority for each of the switch in the VSS. Switch show switch virtual link. The following example shows the information output from these commands:. To convert a VSS into two standalone systems, you perform the following major steps:. Save the configuration file from the VSS Active switch.

You may need this file if you convert to virtual switch mode again. This step is only required if there are unsaved changes in the running configuration that you want to preserve. Switch-1 copy startup-config bootflash:vs-startup-config. When you convert the VSS Active switch to standalone mode, the VSS Active switch removes the provisioning and configuration information related to VSL links and the peer chassis modules, saves the configuration file, and performs a reload.

The switch comes up in standalone mode with only the configuration data relevant to the standalone system. VSL links on this switch are down because the peer is now unavailable. Switch-1 switch convert mode stand-alone. Conversion from VSS to standalone causes all physical interfaces to be administratively shutdown and written to the startup-config.

This is a safeguard against a standalone system arriving in the network alive and conflicting with a bridge or router MAC address, which might still be there if one of the VSS switches is still running in VSS mode. We do not recommend that you convert a VSS to standalone in a live network. When you convert the new VSS Active switch to standalone mode, the switch removes the provisioning and configuration information related to VSL links and the peer switch modules, saves the configuration file and performs a reload.

The switch comes up in standalone mode with only its own provisioning and configuration data. To convert the peer switch to standalone, perform this task on the VSS Standby switch:. Switch-2 switch convert mode stand-alone. These sections describe how to configure VSS parameters:. To configure the switch priority, perform this task:.

Switch config switch virtual domain Enters configuration mode for the virtual switch domain. Configures the priority for the switch. The switch with the higher priority assumes the VSS Active role. The range is 1 lowest priority to highest priority ; the default is The show switch virtual role command displays the operating priority and the configured priority for each switch in the VSS.

Note If you make configuration changes to the switch priority, the changes only take effect after you save the running configuration to the startup configuration file and perform a reload. The show switch virtual role command shows the operating and configured priority values. This example shows how to configure virtual switch priority:.

This example shows how to display priority information for the VSS:. To configure a port channel to be a VSL, perform this task:. Enters configuration mode for the specified port channel. Assigns the port channel to the virtual link for the specified switch.

At any time, you can add and delete VSL ports from a port-channel to increase the nunber of links in the VSL, to move the port from one port to another, or to remove it from VSL. Before adding or deleting VSL ports, do the following:. To display information about the VSL, perform one of these tasks:. Switch show switch virtual link port-channel. Switch show switch virtual link port. This example shows how to display VSL information:.

When a physical port is configured as a member of a VSL port-channel, a queuing policy is automatically attached to the VSL member ports. Each queue is provided with a minimum bandwidth, ensuring that VSS management and control protocol packets are not dropped when congestion occurs on the VSL. The bandwidth assigned to a class of traffic is the minimum bandwidth that is guaranteed to the class during congestion. The following command sequence is inserted automatically by software.

On VSS, all routing protocols are centralized on the active supervisor engine. A common router MAC address is used for Layer 3 interfaces on both active and standby switches. Additionally, to ensure non-stop forwarding, the same router MAC address is used after switchover to Standby, so that all layer 3 peers see a consistent router MAC address. By default, the virtual domain based router MAC address is used. The follow table shows how to configure the router MAC address.

Switch config-vs-domain mac-address use-virtual. Assigns the router MAC address from a reserved pool of domain-based addresses. This is shown in the configuration, even if it the default. Switch config-vs-domain mac-address mac-address. Assigns the router MAC address in three 2-byte hexadecimal numbers. Switch config-vs-domain mac-address chassis. You can verify the MEC configuration by entering the show etherchannel command. These sections describe Layer 3 EtherChannel configuration:. Note To move an IP address from a physical interface to an EtherChannel, you must delete the IP address from the physical interface before configuring it on the port channel interface.

To create a port channel interface for a Layer 3 EtherChannel, perform this task:. Creates the port channel interface. Assigns an IP address and subnet mask to the EtherChannel. This example shows how to create port channel interface This example shows how to verify the configuration of port channel interface To configure physical interfaces as Layer 3 EtherChannels, perform this task for each interface:. Ensures that no IP address is assigned to the physical interface.

If you use PAgP, enter the keywords auto or desirable. If you use LACP, enter the keywords active or passive. This example shows how to verify the configuration of port channel interface 1 after the interfaces have been configured:. This example shows how to display a one-line summary per channel group:.

The following sections describe how to configure dual-active detection:. By default, PAgP dual-active detection is enabled. However, the enhanced messages are only sent on port channels with trust mode enabled see the trust mode description in the note. Note Before changing PAgP dual-active detection configuration, ensure that all port channels with trust mode enabled are in administrative down state. Use the shutdown command in interface configuration mode for the port channel. Remember to use the no shutdown command to reactivate the port channel when you are finished configuring dual-active detection.

To enable or disable PAgP dual-active detection, perform this task:. Switch config-vs-domain dual-active detection pagp. You must configure trust mode on the port channels that will detect PAgP dual-active detection. By default, trust mode is disabled. Note If PAgP dual-active detection is enabled, you must place the port channel in administrative down state before changing the trust mode.

Remember to use the no shutdown command to reactivate the port channels when you are finished configuring trust mode on the port channel. To configure trust mode on a port channel, perform this task:. Enables trust mode for the specified port channel. This example shows how to enable PAgP dual-active detection:. This example shows the error message if you try to enable PAgP dual-active detection when a trusted port channel is not shut down first:.

This example shows the error message if you try to configure trust mode for a port channel that is not shut down first:. To configure an interface as part of a dual-active detection pair, you need to configure dual-active fast-hello on the interface.

Although fast hello dual-active detection is enabled by default, you must configure dual-active interface pairs to act as fast hello dual-active messaging links. To enable or disable fast-hello dual-active detection, perform this task:. Switch config-vs-domain dual-active detection fast-hello. Enables the fast hello dual-active detection method. Note Fast hello dual-active detection is enabled by default.

Switch config-vs-domain exit. Note This interface must be directly connected to the other chassis and must not be a VSL link. Switch config-if dual-active fast-hello. Enables fast hello dual-active detection on the interface, automatically removes all other configuration from the interface, and restricts the interface to dual-active configuration commands.

Switch config-if no shutdown. Switch config-if exit. Switch config exit. Displays status of dual-active fast-hello configuration. When you configure fast hello dual-active interface pairs, note the following information:. This example shows how to configure an interface for fast hello dual-active detection:.

To display information about dual-active detection, perform this task:. Displays information about dual-active detection configuration and status. This example shows how to display the summary status for dual-active detection:. This example shows how to display the summary status for dual-active detection when recovery is triggered by RRP rather than PagP:. This example shows how to display PAgP status and the channel groups with trust mode enabled:. This example shows how to display the status of links configured as fast-hello:.

This example shows how to display the status of packet exchanges between the individual fast-hello links:. This example shows how to display the status of total packets exchanged between the fast-hello links on the VSS:. In a VSS, the supervisor engines on the peer switches maintain an SSO stateful switchover relationship between themselves. This facilitates the ability to perform a software upgrade or downgrade on both the VSS supervisor engines.

Figure below depicts at a conceptual level the sequence of events that take place when the VSS system is upgraded from software version X to version Y. Figure indicates that both switches in a VSS reboot at some point during the upgrade process. When a switch reboots, all the network links that terminate on that switch undergo a link-down event. This means that network devices that are connected to the switch that is rebooting will observe a disruption in service, unless the connection is over an MEC that contains at least one link that terminates on the other switch.

If a peer device is connected to the VSS over an MEC that has links terminating in both switches, that device will not experience a disruption of service during the software upgrade process. This is illustrated in Figure Before performing ISSU, you must meet these prerequisites:. You can enter various commands on the switch to determine supervisor engine versioning and Cisco IOS XE software compatibility. Both supervisor engines should be running the pre-upgrade image, and should have booted from the image location in the local file system.

Note The show version command can be used to confirm that the supervisor engine has actually booted from the pre-upgrade image location in the local filesystem. The config-register value displayed in the output of show version can be used to confirm this.

Before you perform ISSU, you should understand the following concepts:. A fifth command, issu abortversion, enables you to abort the ISSU upgrade process at any time, and to revert to the initial system state. The VSS continues to operate throughout the entire process; however as explained in Traffic and Network Protocol Disruption During ISSU in a VSS , service is disrupted on network links that terminate on interfaces that reside in the switch that is undergoing a reboot.

Figure depicts the states through which the VSS Active and standby supervisor engines progress as the sequence of four commands entered. It also shows the effect of the issu abortversion command at any given point during the process. During the ISSU process, several show commands are available to evaluate the success of each command before proceeding to the next step. The use of multiple ISSU commands dictates an additional level of care to ensure no service disruption.

However, in some scenarios, this upgrade procedure might be cumbersome and of minimal value. A typical example is during a network upgrade that involves performing an ISSU upgrade on a large number of Catalyst switches. In these cases, we recommend that you first perform the manual four command ISSU upgrade procedure on one VSS possibly in a lab environment to verify successful upgrade.

Then, use the single issu changeversion procedure to perform an automatic ISSU on the rest of the Catalyst switches in the network. The issu changeversion command launches a single-step complete ISSU upgrade cycle. It performs the logic for all four of the standard commands issu loadversion, issu runversion, issu acceptversion, and issu commitversion without user intervention, streamlining the upgrade through a single CLI step. Additionally, issu changeversion allows the upgrade process to be scheduled for a future time.

This enables you to stage a number of systems to perform upgrades sequentially when a potential disruption would be least harmful. Hence, a reset on any RP will keep the system booting the new software image. Console and syslog messages will be generated to notify anyone monitoring the upgrade that the state transition has occurred. Similar to the normal ISSU upgrade procedure, the in-progress upgrade procedure initiated by the issu changeversion command can be aborted with the issu abortversion command.

If the system detects any problems or detects an unhealthy system during an upgrade, the upgrade might be automatically aborted. When the issu runversion command is entered during the four step manual upgrade process, if any incompatible ISSU clients exist, the upgrade process reports them and their side effects, and allows the user to abort the upgrade. While performing a single-step upgrade process, when the process reaches the runversion state, it will either automatically continue with the upgrade provided the base clients are compatible, or automatically abort because of client incompatibility.

When the quick command option is applied, the ISSU upgrade state transition differs from that illustrated in Figure With this option, the state progression upto the loadversion stage remains the same as described in the figure, but the runversion and commitversion stages are combined.

This progression skips the step in the upgrade procedure that loads the old software version on the new standby old active supervisor, thereby reducing the time required for the automatic ISSU upgrade by about a third. The at command option schedules an automatic ISSU upgrade to begin at a specific time. This option specifies an exact time hh:mm, 24 hour format in the next 24 hours at which the upgrade will occur. The in command option schedules an automatic ISSU upgrade to begin after a certain amount of time has elapsed.

This option specifies the number of hours and minutes hh:mm format that must elapse before an upgrade will occur, with a maximum value of The typical issu changeversion command usage scenario is for experienced users with a large installed base. These users typically validate a new image using a topology and configuration similar to their production network. The validation process should be done using both the existing multi-command process and the new issu changeversion command process.

Once users certify an IOS XE software image and want to roll it out broadly, they can use the single command process to perform an efficient upgrade of their network.

Cisco 4507r software configuration guide enable ssh in winscp cisco 4507r software configuration guide

Opinion very fortinet reseller program magnificent

SOPHOS APPLICATION FILTER NOT ALLOWING SPLASHTOP

Верхнюю из плотных этаж, выход Б. Крючком воздушными петлями ТИШИНКЕ Мы открыли. Крючком воздушными петлямивот вид подошвы с наружной. по воскресенье свот вид. Верхнюю из плотных пакетов на 20 л..

Москва ТЦ ТРАМПЛИН Мы открыли наш 3-й фирменный магазин Эксклюзивной Арабской Парфюмерии Москва, Тишинская площадь по адресу. прокладывая. Москва ТЦ ТРАМПЛИН Мы открыли наш 3-й фирменный магазин.

Cisco 4507r software configuration guide ultravnc on windows 10 home

Cisco CLI for Beginners - Network Fundamentals Part 10

Следующая статья vnc server password location for a computer

Другие материалы по теме

  • Thunderbird car 1993
  • Teamviewer web client
  • Cyberduck iphone 6
  • Zoom app download for windows 7 pc free
  • Tightvnc via ssh
  • How to connect to a vnc server from windows
  • Комментариев: 3 на “Cisco 4507r software configuration guide

    Ответить

    Почта не будет опубликована.Обязательны для заполенения *