Cisco 4500x vss issue

Similar Messages

• Cisco 4500X VSS & MEC Cisco 2960X

  Hi
  I have Cisco 4500x VSS  connect to  MEC Cisco 2960X using LACP.
  I encountered a problem about C2960X
  Integration reason
  1.C2960X Ten 1/0/2 link flapping interface error-disable .  I am  disable interface then  enable interface , switch show SFP not Present .
     Te1/0/2                      notconnect   1            full    10G Not Present. (SPF plug-in  Correct)
  2.use CLI reload C2960X , Ten 1/0/1 ,Ten 1/0/2   notconnect  SPF Not Present.  (SPF plug-in  Correct)
    error message :
  Dec 18 12:40:25.250: %SYS-5-CONFIG_I: Configured from console by console
  Dec 18 12:41:48.888: % ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization.  This product may contain software that was copied in violation of Cisco's license terms.  If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet.  Please contact Cisco's Technical Assistance Center for more information.
  26F_guest_switch#show license
  Index 1 Feature: lanlite       
          Period left: 0  minute  0  second 
  Index 2 Feature: lanbase       
          Period left: Life time
          License Type: Permanent
          License State: Active, In Use
          License Priority: Medium
          License Count: Non-Counted
  3.C2960X power Cycle ,C2960X  operation normal, ,but recurring problems  every day.
  I do not know where the problem , I have  upgrade C2960X IOS but it had same problem.
  Cisco 2960X IOS version:  15.2(3)E    C2960X-UNIVERSALK9-M 
  Cisco 4500X IOS version: cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
  Thanks for your help,

  Hi Reza,
  Thanks for your help
  I can not confirm that because I have a few switch have the same problem.
  C2960X 10G port 1 is connected to C4500X slot 1, Port 2 is connected to C4500X Slot2.
   link flapping, On the switch  port 2.
  I need to do a more precise test to confirm the problem is C2960X or 4500VSS

• Cisco 4500X + VSS + Trust Sec Switch to Switch Encryption

  Hi,
  actually im testing and evaluationg the Cisco 4500X switch as new distribution switch for our Company.... Now i have some issues with one of our requirements.
  For security reasons i need to encrypt the links between the 4500X and the access switches in other buildings (no issue with Trust Sec)
  But ... now i also need to encrypt the link between the two 4500X if i run VSS ... my question is .. is it possible to encrypt the VSL link with TrustSec Switch to Switch encryption?
  BR,
  Florian

  Hi Frloian,
  If you have 2 switches in different data centers than you do not need VSS. In fact this is very bad design as the whole concept of VSS is grasped on dual home design. In the essence the proper design of VSS system is to have every downsteram switch connected with one link to one VSS switch and other link to second VSS switch, so that when one VSS switch would fail other can take over. Please look at the VSS best practises:
  http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-virtual-switching-system-1440/109547-vss-best-practices.html#vss_best
  Update:
  There is possibility to encrypt VSL link, but only in 6500 sup2t environment:
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/virtual_switching_systems.html#wp1341144

• Cisco 4500X IOS upgrade through ISSU

  Hi,
  I am having 2 number of cisco 4500x switch and configured with VSS
  so one switch is active and another switch is standby.
  I am panning to upgrade IOS through ISSU
  i read in document that it required auto boot enable in switch.
  My switch current Configuration register = 0x2101
  do i need to change config register or this will ok. If need to change then what will be auto boot and after IOS upgrade do i need to change it again.
  Please help....

  Hello Tarun,
  Please find below the steps to perform the ISSU:
  ISSU Prerequisites
  Before one can perform an ISSU, there are a few prerequisites one must verify for a successful ISSU. The following list explains what is initially required.
  • Must be using a redundant Cisco Catalyst 4500 switch with symmetric hardware (that is, supervisors, memory, rommon, NFL daughter card, and so on).
  • Both new and old Cisco IOS Software images must be preloaded to the file system on both supervisors.
  • SSO must be configured and working properly.
  • Config register must be configured to autoboot (that is, the value should have a "2" in the lowest byte).
  45010R-203# sh bootvar | i register
  Configuration register is 0x2102
  Standby Configuration register is 0x2102
  Several commands are available to verify if SSO is enabled:
  4510R-203# sh module | b Redundancy
  Mod  Redundancy role     Operating mode      Redundancy status
  ----+-------------------+-------------------+-------------------
   1   Standby Supervisor   SSO                  Standby hot        
   2   Active Supervisor    SSO                 Active
  45010R-203# sh redundancy states 
         my state = 13 -ACTIVE 
       peer state = 8   -STANDBY HOT 
             Mode = Duplex
             Unit = Secondary
          Unit ID = 2
  Redundancy Mode (Operational) =  Stateful Switchover
  Redundancy Mode (Configured)  =  Stateful Switchover
  Redundancy State              =  Stateful Switchover
               <snip>
  4507R-ISSU# sh run | b redundancy
  redundancy
   mode  sso
  As a step prior to the beginning of the ISSU process, the new version of the Cisco IOS Software image needs to be loaded into both the active and standby supervisors' file systems. Both active and standby supervisor need to contain both the new and old images in the file system. In order to store both new and old images, the supervisors should be upgraded to contain sufficient amounts of flash memory prior to the ISSU process.
  The new images can be downloaded into both supervisors using commands such as:
  copy tftp: bootflash:
  copy tftp: slavebootflash: 
  The example below illustrates this verification:
  4510R-203#dir
  Directory of bootflash:/
  1  -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
  2  -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1
  4510R-203#dir slavebootflash:
  Directory of slavebootflash:/
  1  -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
  2  -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1 
  Once this check is verified, one can now proceed with the ISSU process.
  The ISSU process is started by typing the "issu loadversion" command on the active supervisor. This command directs the active supervisor to begin the ISSU process. The active supervisor, through intersupervisor communications, checks that the requested image has been downloaded into both the active and standby supervisors' file systems. If the required images are not present, the command is rejected, and an appropriate warning is generated.
  If the "issu loadversion" command is successful, the switch transitions into the "Load Version" ISSU state. The standby supervisor will reset and boot with the new version of the Cisco IOS Software image loaded into the file system.
  The following actions take place when the command is implemented:
  1. The standby supervisor (B) is reset.
  2. The standby supervisor (B) is booted with the new Cisco IOS Software image: Release 12.2(31)SGA1.
  3. If both Cisco IOS Software images are declared as compatible, the standby supervisor moves into SSO mode and is fully stateful for all compatible clients and applications. Compatibility allows for in-service software upgrade or downgrade between two versions to succeed with minimal service effect.
  4. If both Cisco IOS Software images are incompatible, the system moves into RPR mode, and the ISSU process is terminated with an appropriate message to the user. Images are declared incompatible when "required" clients or applications are not interoperable between two Cisco IOS Software releases.
  5. Standby "B" reaches the standby HOT state.
  6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
  7. The "issu loadversion" command also supports a "forced" option that allows the operator to force the system into entering RPR mode when incompatibility is detected.
  Note: When performing an ISSU, disable manual switchovers. Performing manual switchovers during the issu process is strongly discouraged. The current implementation does not prevent it, but it does display a warning to the user.
  An example of the CLI for implementing the issu loadversion command is displayed below.
  On the active supervisor, one would issue the following command:
  4510R-203#issu loadversion 1 bootflash:cat4500-entservices-mz.122-31.SGA1 2 slavebootflash: cat4500-entservices-mz.122-31.SGA1
  Syntax - issu loadversion active-slot active-image-new standby-slot standby-image-new
  The second step of the ISSU process is to perform the issu runversion CLI.
  The user can issue the " issu runversion" command when:
  1. The ISSU state is "Load Version"; this can be verified with the "show issu state detail" CLI.
  2. The standby supervisor is running the new version of the software.
  3. The standby supervisor has moved into the "Standby Hot " state.
  The following actions take place when the " issu runversion" command is executed:
  1. A switchover occurs; that is, the standby (B) becomes the new active, and the old active (A) is rebooted and comes up as a standby.
  2. A timer called "Rollback Timer" is started with a previously configured value.
  3. Move both supervisors to "Run Version" state.
  4. If the command "issu acceptversion" is not issued before the "Rollback timer" fires, then the entire ISSU process is aborted via the automatic rollback.
  5. If the active supervisor console connectivity is established and the "issu acceptversion" command is issued, then the rollback timer is stopped.
  6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
  An example of the CLI for implementing the issu runversion command is displayed below:
  On the active supervisor, one would issue the following command:
  4510R-203#issu runversion 2 slavebootflash:cat4500-entservices-mz.122-31.SGA1
  Syntax - issu runversion standby-slot [standby-image-new]
  Prior to issuing the `issu acceptversion' command the system will be counting down the rollback timer. If `issu acceptversion' is not completed before rollback timer expires an automatic abort will occur. This command stops the "Rollback Timer." This command serves as a feedback mechanism. This is an optional command and can be skipped in the ISSU process with the "issu commitversion" CLI.
  If this command is not issued within 45 minutes (default) from the time the standby supervisor moves into the "Standby Hot" state, it is assumed that the new active supervisor is not reachable and the entire ISSU process is rolled back to the previous version of the software. The acceptversion is not intended for long-term network operation. It is also important to note that none of the features available on the new version will work yet.
  The following actions take place when the command is implemented:
  1. The "Rollback Timer" is terminated. This means that the rollback timer is not looked at anymore. Therefore, the system can run in this state for an extended period.
  2. The user has an option to abort the ISSU process by issuing the command "issu abortversion."
  Aborting the ISSU process now causes the newly active supervisor (B) to fail over to the standby supervisor (A) running the old image and will also cause the rebooting supervisor (B) to load the original image. The issu acceptversion halts the rollback timer and helps ensure the ISSU process is not automatically aborted during the process.
  An example of the CLI for implementing the issu acceptversion command is displayed below:
  On the "New" active supervisor, one would issue the following command:
  4510R-203#issu acceptversion 2
  % Rollback timer stopped. Please issue the commitversion command.
  Syntax - issu acceptversion active-slot-number
  This is the last stage of the ISSU procedure. Once the user is satisfied with the new version of software, this must be committed by issuing the "issu commitversion" command. This command resets the standby supervisor and boots it with a new version of the software (same as the active supervisor). This concludes the ISSU process, and the new version of software is permanently committed on both supervisors. Since this is the conclusion of the ISSU process, the system can not be reverted back to the previous version of the software from this point onward as a part of this upgrade cycle. However, if for any reason users wish to go back to the previous version of the software, they can do so by starting a new upgrade/downgrade process.
  The following actions take place if the command is implemented:
  1. The standby supervisor (A) is reset and booted with the new version of Cisco IOS Software image.
  2. The standby supervisor (A) moves into the "Standby Hot" state in SSO mode and is fully stateful for all clients/applications that are compatible.
  3. Both supervisors are moved into "Final State," which is the same as "Initial State."
  4. Users can initiate switchovers from this point onward.
  An example of the CLI for implementing the issu commitversion command is displayed below:
  4510R-203#issu commitversion 1
  Syntax - issu commitversion standby-slot-number
  ISSU Process: issu abortversion
  One can abort the ISSU process at any stage manually (prior to issuing the issu commitversion command) by issuing the exec-level issu abortversion command. The ISSU process also aborts on its own if the software detects a failure.
  If a user aborts the process after issuing the issu loadversion command, then the standby supervisor engine is reset and reloaded with the original software.
  If the process is aborted after a user enters either the issu runversion or issu acceptversion command, then a second switchover is performed to the new standby supervisor engine that is still running the original software version.
  The supervisor engine that had been running the new software is reset and reloaded with the original software version. The command is accepted only in "Load Version" or "Run Version" states. In "Load Version" state, the active supervisor is running an old image and the standby supervisor is running new image.
  Syntax - issu abortversion active-slot [active-image-new]
  Let me know if you have any questions.

• Prime 2.1 and 4500X-VSS support?

  Anyone with a Prime 2.1.2 that successfully archives configurations from a WS-C4500X-16 running VSS?
  Error message after Configuration Archive:
  No device package found for the specified device.
  The software on the 4500X is 03.04.03SG.
  Support for 4500X in PI 2.1.2:
  Device Type
  SYSOIDS
  S/W Version
  Software
  Cisco Catalyst 4500X-16 SFP+ Switch
  OID:1.3.6.1.4.1.9.1.1605
  IOS
  Cisco Catalyst 4500X-32 SFP+ Switch
  OID:1.3.6.1.4.1.9.1.1606
  IOS
  Tanks

  Yes, all device packages are installed (including 7.0) and the Pi 2.1.2 patch.
  Info from "ifm_config_archive.log" when trying Archive the Configuration:
  [2014-12-09 19:58:11,300] [pool-37-thread-5] [service] [ERROR] - Thread Id : [9,460] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching VLAN file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]'
  Maybe the Prime don't know where to find the vlan.dat on the 4500X-VSS ?
  #dir cat4000_flash:
  Directory of cat4000_flash:/
      1  -rw-        2236                    <no date>  vlan.dat
  sysObjectID (1.3.6.1.2.1.1.2)  is
  .iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.cat4xxxVirtualSwitch 
  That is not the expected and supported value  "4500X-16"  above
  Update: Error on fetching running and startup config as well:
  [2014-12-09 20:24:21,818] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching RUNNINGCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]
  [2014-12-09 20:25:31,882] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching STARTUPCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]

• 4500x VSS and SFP-H10GB-CU1M

  Hello
  I have (2) Cisco 4500x with a VSS config. I als have a couple cables "SFP-H10GB-CU1M".
  I want to make sure I have this physically setup correctly. I have searched but not found anything specific enough.
  Please review and advise.

  Yes, all device packages are installed (including 7.0) and the Pi 2.1.2 patch.
  Info from "ifm_config_archive.log" when trying Archive the Configuration:
  [2014-12-09 19:58:11,300] [pool-37-thread-5] [service] [ERROR] - Thread Id : [9,460] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching VLAN file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]'
  Maybe the Prime don't know where to find the vlan.dat on the 4500X-VSS ?
  #dir cat4000_flash:
  Directory of cat4000_flash:/
      1  -rw-        2236                    <no date>  vlan.dat
  sysObjectID (1.3.6.1.2.1.1.2)  is
  .iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.cat4xxxVirtualSwitch 
  That is not the expected and supported value  "4500X-16"  above
  Update: Error on fetching running and startup config as well:
  [2014-12-09 20:24:21,818] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching RUNNINGCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]
  [2014-12-09 20:25:31,882] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching STARTUPCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]

• Cisco 4500X Wireshark capture to usb not working

  Hi, I am Ashley and  i am testing  the Cisco 4500X using wireshark capture. advanced ip services IOS.
  The capture runs fine when storing the wireshark file on the bootflash. No worries.
  But when i configure the destination as USB0 my pendrive, it fails.
  The usb device is fine and is writable. I tested it by copying from bootflash to usb0:
  Followed the instructions in the config guide.
  It still fails.
  Can someone please help.
  Thanks,

  But when i configure the destination as USB0 my pendrive, it fails.
  Could be a bug but I wouldn't recommend configuring the destination as your USB drive because no one has the same luxury as you to have the USB sit there all the time.
  Store to the flash and transfer to USB is probably the best solution.

• Ciscoview Cisco 6509 VSS power supply LED indicators incorrect

  Hello all
  i am experiencing the following problem.
  In the Ciscoview, the LED indicators of the power supply of Cisco 6509 VSS are represented incorrectly. All power inputs and fans are okay actually. however, in the ciscoview, there is only 1 green "INPUT OKAY" for each power supply. And "FAN OKAY" LEDS are off on Active chassis.
  Any assistance would be greatly appreciated.
  LMS 4.1
  IOS Version 12.2(50)SY1
  Device Package:
  38.
  Cat6000
  12.0
  Cat6000 Package
  39.
  Cat6000IOS
  37.0
  Cat6000IOS Device Package

  Check the PS at the back, is there a light?  If there's no light, then you need to RMA the PS as it could be faulty.
  If there's a light on the PS, then you need to RMA the switch. 

• Cisco Prime Infrastructure 1.2 and Aironet 1250 + VSS issues

  Hi,
  I  am new to the NCS implementations and configurations. I have one very  specific case with Cisco Prime Infrastructure 1.2 and autonomnous APs  and several issues with Cisco VSS on 6500 switches.
  So here is the version from Prime:
  NCS/admin# show version
  Cisco Application Deployment Engine OS Release: 2.0
  ADE-OS Build Version: 2.0.1.038
  ADE-OS System Architecture: x86_64
  Copyright (c) 2005-2010 by Cisco Systems, Inc.
  All rights reserved.
  Hostname: NCS
  Version information of installed applications
  Cisco Prime Network Control System
  Version : 1.2.1.012
  IOS version on our APs (which are autonomnous) is:
  AP-N-1>show ver
  Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(25d)JA1, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
  Compiled Thu 11-Aug-11 03:23 by prod_rel_team
  Well  the issue what we have now is that access point has been added but its  not recognized by the NCS prime. I have tried all three versions of SNMP  but I get the same result. The SNMP configuration is valid since I use  the same for my switching infrastructure. When I enter "debug snmp packets" and "terminal monitor" I can see the SNMP communication between Prime and Aironet 1250 which is standalone.
  When  I switch to Lifecycle theme and go to Operate > Device Monitor  Center I see all devices I have added. The Aironet 1250 is reachable but  under collection status I get Managed with Warnings. When I hover over  with my mouse I get "None available".
  I  have successfully added my switching infrastructure in total, which is  operating perfectly for Catalyst 2960/3650/3750/4500 series but for 6500  under VSS I have some warnings. The device is recognized by the system  which is excellent and all is operational. I get the following errors  under Collection Status:
  feature_sensor
  SNMP request timed out
  feature_powerSupplyFanStatus-6k
  SNMP request timed out
  IdentityCapability
  The device is unreachable.
  feature_flashdevice
  SNMP request timed out
  sam_ipsla_feature
  The device is unreachable.
  What can be done to resolve these issues ? I have attached a screenshot of this particular issue. The affected access point is 172.16.165.241.
  Predrag Petrovic       

  Hi rajeeshp,
  Currently I am not allowed to upgrade it because of internal procedures involved in upgrading a specific piece of software (obtaining permissions from various departments). Is it free to upgrade from 1.2 to 1.3 or there is a specific charge for that.
  Predrag Petrovic

• 4500X VSS Password Recovery issue

  Hello -
  I am trying to recover the password for 4500X in VSS following the guide below:
                     http://www.cisco.com/en/US/products/hw/switches/ps4324/products_tech_note09186a0080c17598.shtml
  However the config-register is setting to 0x2141 and the configuration file is not being ignored. I am unable to directly set the config-register (the command errors and says to use confreg command) - when I check the SET variables it is 0x2141 and not 0x2142.
  The confreg wizard indicates the configuration file will be ignored; and I have cleared the swnum (had to use clear swnum; it would not let me use the VSS_SWITCH_NUMBER=0 command); however the configuration file is still being loaded and I am unable to reset the password.
  Does anyone have any insight or suggestions?
  Thanks
  John

  In order to set 0x2142 you need to answer Y to:
  change the boot characteristics? y/n
  Then select 2 - this changes the config-register to 0x2142
  Also, another difference from the guide, as mentioned above, you need to use the clear swnum command as it does not accept the VSS_SWITCH_NUMBER=0 command
  Booting into password recover (no configuration) mode now.
  Thanks - solved my own question

• 4500X VSS Trunking issue

  Hi,
  I am having an issue that the VSS is different for each switch and the trunking is not working, is there anyway to configure the trunking on the VSL port without breaking the VSS? I have set the trunking on both switches but somehow after the VSS connection is up the trunking is removed on the switch 2. The following are the snippet of the VSS configuration:
  Switch 1:
  interface Port-channel1
   description *** VSS Port-Channel 1 ***
   switchport
   switchport mode trunk
   switchport nonegotiate
   switch virtual link 1
  interface TenGigabitEthernet1/2/8
   description *** VSS Links ***
   switchport mode trunk
   switchport nonegotiate
   no lldp transmit
   no lldp receive
   no cdp enable
   channel-group 1 mode on
   service-policy output VSL-Queuing-Policy
  Switch 2:
  interface Port-channel2
   switchport
   switch virtual link 2
  interface TenGigabitEthernet2/2/8
   no lldp transmit
   no lldp receive
   no cdp enable
   channel-group 2 mode on
   service-policy output VSL-Queuing-Policy
  Now I only have limited command on the Port-Channel 2:
  SWITCH01(config)#int po2
  SWITCH01(config-if)#?
  virtual link interface commands (restricted):
    default         Set a command to its defaults
    description     Interface specific description
    exit            Exit from virtual link interface configuration mode
    load-interval   Specify interval for load calculation for an interface
    logging         Configure logging for interface
    no              Negate a command or set its defaults
    service-policy  Configure CPL Service Policy
    shutdown        Shutdown the selected interface
    switch          Configure switch link
  Thanks in advance for any helpful comment.

  Hi,
  You don't need to configure the VSL link as trunk:
  just follow this config example:
  Switch-1(config)# interface port-channel 10
  Switch-1(config-if)# switch virtual link 1
  Switch-1(config-if)# no shutdown (If the port is admin shutdown)
  Switch-1(config)# interface tenGigabitEthernet 5/1
  Switch-1(config-if)# channel-group 10 mode on
  Switch-1(config-if)# no shutdown (If the port is admin shutdown)
  Switch-2(config)# interface port-channel 25
  Switch-2(config-if)# switch virtual link 2
  Switch-2(config-if)# no shutdown (If the port is admin shutdown)
  Switch-2(config-if)# interface tenGigabitEthernet 5/2
  Switch-2(config-if)# channel-group 25 mode on
  Switch-2(config-if)# no shutdown (If the port is admin shutdown)
  link:
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/vss.html#wp1060298
  HTH

• Cisco 4500 VSS link issue

  Hi,
  We are having Cisco 4500 switches running in VSS mode. Currently VSS links are connected on ports with capacity of 1 GB & we wanted to replace those ports with new 10 GB DAC cable.
  We manage this switch remotely via SSH. If we disable VSS link or broke the VSS between 2 switches , is it still possible to access  switches over SSH ?
  or we need someone near to device for Console session ?
  Thanks in advance.

  It depends on how the setup is.
  If you have the devices access through the  console server then you should be able to access the box.
  Reason: When you bring down the VSL link the dua active condition triggered. 
  Switch 1 detects that switch 2 is now also active triggering dual active 
  condition thus switch 1 brings down all the local interfaces to avoid network 
  instability. Until VSL link restoration occurs, switch 1 is isolated from the 
  network; 
   Once the VSL link comes up, the role negotiation determines that switch 1 
  needs to come up in STAND_BY mode hence it reboots itself; finally, all 
  interface on switch 1 are brought on line and switch 1 assumes STAND_BY role.
  HTH

• Cisco 6500 VSS , VSL Link Connection Issue

  Hello Everyone
  actually i have two Cisco 6509E with two VS-S720-10G and want to run VSS on them
  i do all the config same as cisco recommend, but i get somethings wrong on them, 1st. on switch2 , under "switch virtual domain" when i enter switch2, its not accepot and 2nd. non of 10G link goes up & so VSL link always down
  here is my config and show commands
  SWITCH#1
  ==================================
  switch virtual domain 10
   switch mode virtual
   switch 1 priority 110
   mac-address use-virtual
  redundancy
   main-cpu
    auto-sync running-config
   mode sso
  interface Port-channel1
   no switchport
   no ip address
   switch virtual link 1
   mls qos trust cos
   no mls qos channel-consistency
  interface TenGigabitEthernet1/5/4
   no switchport
   no ip address
   mls qos trust cos
   no cdp enable
   channel-group 1 mode on
  interface TenGigabitEthernet1/5/5
   no switchport
   no ip address
   mls qos trust cos
   no cdp enable
   channel-group 1 mode on
  ======
  SWITCH#2
  switch virtual domain 10
   switch mode virtual
   switch 1 priority 110
  redundancy
   main-cpu
    auto-sync running-config
   mode sso
  interface Port-channel2
   no switchport
   no ip address
   switch virtual link 2
   mls qos trust cos
   no mls qos channel-consistency
  interface TenGigabitEthernet2/5/4
   no switchport
   no ip address
   mls qos trust cos
   no cdp enable
   channel-group 2 mode on
  interface TenGigabitEthernet2/5/5
   no switchport
   no ip address
   mls qos trust cos
   no cdp enable
   channel-group 2 mode on
  Thank you all in advance

  Hello Dear Reza
  at first, thanks for your replay
  below you can find the Show Version of the SWITCH#1
   6500-1#sh version 
  Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(1)SY1, RELEASE SOFTWARE (fc5)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2013 by Cisco Systems, Inc.
  Compiled Wed 01-May-13 13:16 by prod_rel_team
  ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)
  BOOTLDR: Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(1)SY1, RELEASE SOFTWARE (fc5)
   6500-1 uptime is 6 minutes
  Uptime for this control processor is 6 minutes
  System returned to ROM by  power cycle at 11:49:28 UTC Mon Nov 17 2014 (SP by power on)
  System image file is "sup-bootdisk:s72033-adventerprisek9-mz.151-1.SY1.bin"
  Last reload reason: reload
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco WS-C6509-E (R7000) processor (revision 1.6) with 983008K/65536K bytes of memory.
  Processor board ID SMC18080014
  SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
  Last reset from s/w reset
  1 Virtual Ethernet interface
  99 Gigabit Ethernet interfaces
  5 Ten Gigabit Ethernet interfaces
  1917K bytes of non-volatile configuration memory.
  65536K bytes of Flash internal SIMM (Sector size 512K).
  Configuration register is 0x2102
  as you see i use "adventerprisek9-mz.151-1.SY1" but now downgrade it to "s72033-adventerprisek9_wan-mz.122-33.SXJ2" , so nothing change and EtherChannel still not up
  below are the show commands:
  VSS-Sw2#show  etherchannel 2 summary
  Flags:  D - down        P - bundled in port-channel
          I - stand-alone s - suspended
          H - Hot-standby (LACP only)
          R - Layer3      S - Layer2
          U - in use      N - not in use, no aggregation
          f - failed to allocate aggregator
          M - not in use, no aggregation due to minimum links not met
          m - not in use, port not aggregated due to minimum links not met
          u - unsuitable for bundling
          d - default port
          w - waiting to be aggregated
  Number of channel-groups in use: 1
  Number of aggregators:           1
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  2      Po2(RD)          -        Te2/5/4(D)     Te2/5/5(D)
  Last applied Hash Distribution Algorithm:   -
  ===========================
  VSS-Sw2#sh etherchannel 2 port
                  Ports in the group:
  Port: Te2/5/4
  Port state    = Down Not-in-Bndl
  Channel group = 2           Mode = On      Gcchange = -
  Port-channel  = null        GC   =   -         Pseudo port-channel = Po2
  Port index    = 0           Load = 0x00        Protocol =    -
  Age of the port in the current state: 0d:00h:00m:00s
  Port: Te2/5/5
  Port state    = Down Not-in-Bndl
  Channel group = 2           Mode = On      Gcchange = -
  Port-channel  = null        GC   =   -         Pseudo port-channel = Po2
  Port index    = 0           Load = 0x00        Protocol =    -
  Age of the port in the current state: 0d:00h:00m:00s
  Last applied Hash Distribution Algorithm:   -

• Can not access FWSM via session command in cisco 6513 (VSS enabled)

  Dear All,
                Today i received FWSM from cisco (RMA), I need to configure it as standby unit for existing FWSM active/standby setup.
  IOS on RMAed FWSM is 2.3.4 and  cisco VSS supports FWSM IOS 4.0.4 and later.
  My issue is, I cannot access FWSM (IOS 2.3.4) via session command from cisco 6513 but could successfully consoled it without any problem. I have reloaded it twice and also tried to disable and enable power on it.
  VSS#sh module switch 2
  Switch Number:     2   Role:  Virtual Switch Standby
  Mod Ports Card Type                              Model              Serial No.
     2    6  Firewall Module                        WS-SVC-FWM-1  -----------
  Mod MAC addresses                       Hw    Fw           Sw           Status
    2  0034.2fd7.3b04 to 0019.2fa7.3b0b   4.2   7.2(1)       2.3(4)       Ok
  Mod  Online Diag Status
    2  Pass
  VSS#session switch 2 slot 2 pro 1
  The default escape character is Ctrl-^, then x.
  You can also type 'exit' at the remote prompt to end the session
  Trying 127.0.1.21 ...
  % Connection timed out; remote host not responding
  Can someone please let me know why I cannot access FWSM through session command ?
  Whether this is because of older IOS ? If yes then how to upgrade its IOS ?
  Is it possible to upgrade IOS via FWSM console ? if yes, please let me know.
  Do i need to test on different slot ?
  Look forward to hearing from someone.
  Thanks & Regards
  Ahmed...

  There is a limitation that FWSM running version older than 4.0.4 will not accept session from the switch if the FWSM is not seated into switch 1 AND if switch 1 is not active.
  So to upgrade the FWSM you either need to use the console or put the FWSM physically in switch 1.
  Thanks,
  Jeroen

• Ucs uplinks 4500X VSS

  New deployment of a pair of 4500X in VSS mode and Cisco UCS.
  FI-A has 1 10G link to each 4500X
  FI-B has 1 10G link to each 4500X
  How should the ports and port channels on the 4500X be configured for UCS uplinks?

  Hi Reed,
  In the end you will just create two port channels, one to each FI.
  This is the documentation to create etherchannel on 4500X.
  http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/15.02SG/configuration/guide/channel.html#wp1020670
  The interfaces "Ten 1/1" of each 4500X will be part of the first etherchannel andin the second the interfaces "Ten 1/2". (This is just a representation not the real interface number).
  Remeber to use the mode active (LACP) of the etherchannel, because this is enabled by default in the Fabric Interconnects.
  Richard