Cisco 4500X VSS & MEC Cisco 2960X
Hi
I have Cisco 4500x VSS connect to MEC Cisco 2960X using LACP.
I encountered a problem about C2960X
Integration reason
1.C2960X Ten 1/0/2 link flapping interface error-disable . I am disable interface then enable interface , switch show SFP not Present .
Te1/0/2 notconnect 1 full 10G Not Present. (SPF plug-in Correct)
2.use CLI reload C2960X , Ten 1/0/1 ,Ten 1/0/2 notconnect SPF Not Present. (SPF plug-in Correct)
error message :
Dec 18 12:40:25.250: %SYS-5-CONFIG_I: Configured from console by console
Dec 18 12:41:48.888: % ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization. This product may contain software that was copied in violation of Cisco's license terms. If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet. Please contact Cisco's Technical Assistance Center for more information.
26F_guest_switch#show license
Index 1 Feature: lanlite
Period left: 0 minute 0 second
Index 2 Feature: lanbase
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
3.C2960X power Cycle ,C2960X operation normal, ,but recurring problems every day.
I do not know where the problem , I have upgrade C2960X IOS but it had same problem.
Cisco 2960X IOS version: 15.2(3)E C2960X-UNIVERSALK9-M
Cisco 4500X IOS version: cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
Thanks for your help,
Hi Reza,
Thanks for your help
I can not confirm that because I have a few switch have the same problem.
C2960X 10G port 1 is connected to C4500X slot 1, Port 2 is connected to C4500X Slot2.
link flapping, On the switch port 2.
I need to do a more precise test to confirm the problem is C2960X or 4500VSS
Similar Messages
-
Cisco 4500X + VSS + Trust Sec Switch to Switch Encryption
Hi,
actually im testing and evaluationg the Cisco 4500X switch as new distribution switch for our Company.... Now i have some issues with one of our requirements.
For security reasons i need to encrypt the links between the 4500X and the access switches in other buildings (no issue with Trust Sec)
But ... now i also need to encrypt the link between the two 4500X if i run VSS ... my question is .. is it possible to encrypt the VSL link with TrustSec Switch to Switch encryption?
BR,
FlorianHi Frloian,
If you have 2 switches in different data centers than you do not need VSS. In fact this is very bad design as the whole concept of VSS is grasped on dual home design. In the essence the proper design of VSS system is to have every downsteram switch connected with one link to one VSS switch and other link to second VSS switch, so that when one VSS switch would fail other can take over. Please look at the VSS best practises:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-virtual-switching-system-1440/109547-vss-best-practices.html#vss_best
Update:
There is possibility to encrypt VSL link, but only in 6500 sup2t environment:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/virtual_switching_systems.html#wp1341144 -
i configure vss on 4500x ,with one switch is active and the other switch go into recovery mode,with all port except the vsl links in the amber orange,shutdown,
i want to make two switch into active state,some one could help in this.
the configuration which i used is below
itch virtual domain 100
switch 1
exit
switch virtual domain 100
switch 2
exit
interface port-channel 10
switchport
switch virtual link 1
no shut
exit
interface port-channel 20
switchport
switch virtual link 2
no shut
exit
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 10 mode on
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 20 mode on
switch convert mode virtual
switch convert mode virtuali can share two core switch configuration which is there
please suggest if something which i misconfigured and need to be corrected.
TAKAFUL-CORE-01#show run
Building configuration...
Current configuration : 7510 bytes
! Last configuration change at 01:57:12 UTC Sun Aug 10 2014
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
hostname TAKAFUL-CORE-01
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
vrf definition mgmtVrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
username admin privilege 15 password 7 104F0D140C19
no aaa new-model
switch virtual domain 100
switch mode virtual
mac-address use-virtual
no dual-active detection pagp
no ip source-route
ip vrf Liin-vrf
no ip domain-lookup
ip dhcp pool management
network 10.2.20.0 255.255.255.0
default-router 10.2.20.2
option 43 ascii "10.2.20.1"
ip dhcp pool Data
network 10.3.30.0 255.255.255.0
default-router 10.3.30.2
dns-server 4.2.2.2 8.8.8.8
ip dhcp pool Voice
network 10.1.10.0 255.255.255.0
default-router 10.1.10.2
ip dhcp pool wireless
network 10.4.40.0 255.255.255.0
default-router 10.4.40.2
dns-server 4.2.2.2 8.8.8.8
no ip bootp server
ip device tracking
power redundancy-mode redundant
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
redundancy
mode sso
vlan internal allocation policy ascending
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
interface Port-channel10
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 1
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
interface TenGigabitEthernet1/1/1
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/2
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/3
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/4
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/5
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/6
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/7
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/8
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/9
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/10
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/11
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/12
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/13
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/14
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet1/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
interface Vlan1
no ip address
shutdown
interface Vlan10
description IP Telephony VLAN
ip address 10.1.10.2 255.255.255.0
no ip redirects
interface Vlan20
description Automation & Management VLAN
ip address 10.2.20.2 255.255.255.0
no ip redirects
interface Vlan30
description Data VLAN
ip address 10.3.30.2 255.255.255.0
no ip redirects
interface Vlan40
description Wireless Users VLAN
ip address 10.4.40.2 255.255.255.0
no ip redirects
ip forward-protocol nd
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip http server
no ip http secure-server
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
snmp-server community ro RO
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
banner login ^CC
#### Login for authorized Takaful IT Personnel ONLY ####
TAKAFUL
#### Login for authorized Takaful IT Personnel ONLY ####
^C
banner motd ^CC
WARNING, unauthorised access to this network is prohibited.
Authorized access only
This system is the property of Takaful Company.^C
line con 0
privilege level 15
login local
stopbits 1
line vty 0 4
privilege level 15
login local
line vty 5 15
privilege level 15
login local
module provision switch 1
chassis-type 70 base-mac F40F.1B56.31D8
slot 1 slot-type 401 base-mac F40F.1B56.31D8
module provision switch 2
end
TAKAFUL-CORE-01#
TAKAFUL-CORE-02(recovery-mode)#show run
Building configuration...
Current configuration : 5641 bytes
! Last configuration change at 02:05:27 UTC Sun Aug 10 2014
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
hostname TAKAFUL-CORE-02
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
vrf definition mgmtVrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
no aaa new-model
switch virtual domain 100
switch mode virtual
mac-address use-virtual
no dual-active detection pagp
no ip source-route
ip vrf Liin-vrf
no ip domain-lookup
no ip bootp server
ip device tracking
vtp mode transparent
power redundancy-mode redundant
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
spanning-tree mode pvst
spanning-tree extend system-id
redundancy
mode sso
vlan internal allocation policy ascending
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
interface Port-channel20
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 2
interface FastEthernet1
vrf forwarding mgmtVrf
speed auto
duplex auto
interface TenGigabitEthernet2/1/1
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/2
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/3
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/4
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/5
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/6
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/7
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/8
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/9
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/10
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/11
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/12
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/13
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/14
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet2/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
line con 0
stopbits 1
line vty 0 4
login
length 0
module provision switch 1
module provision switch 2
chassis-type 70 base-mac 88F0.3104.0058
slot 1 slot-type 401 base-mac 88F0.3104.0058
end -
Cisco 4500X IOS upgrade through ISSU
Hi,
I am having 2 number of cisco 4500x switch and configured with VSS
so one switch is active and another switch is standby.
I am panning to upgrade IOS through ISSU
i read in document that it required auto boot enable in switch.
My switch current Configuration register = 0x2101
do i need to change config register or this will ok. If need to change then what will be auto boot and after IOS upgrade do i need to change it again.
Please help....Hello Tarun,
Please find below the steps to perform the ISSU:
ISSU Prerequisites
Before one can perform an ISSU, there are a few prerequisites one must verify for a successful ISSU. The following list explains what is initially required.
• Must be using a redundant Cisco Catalyst 4500 switch with symmetric hardware (that is, supervisors, memory, rommon, NFL daughter card, and so on).
• Both new and old Cisco IOS Software images must be preloaded to the file system on both supervisors.
• SSO must be configured and working properly.
• Config register must be configured to autoboot (that is, the value should have a "2" in the lowest byte).
45010R-203# sh bootvar | i register
Configuration register is 0x2102
Standby Configuration register is 0x2102
Several commands are available to verify if SSO is enabled:
4510R-203# sh module | b Redundancy
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+-------------------
1 Standby Supervisor SSO Standby hot
2 Active Supervisor SSO Active
45010R-203# sh redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Secondary
Unit ID = 2
Redundancy Mode (Operational) = Stateful Switchover
Redundancy Mode (Configured) = Stateful Switchover
Redundancy State = Stateful Switchover
<snip>
4507R-ISSU# sh run | b redundancy
redundancy
mode sso
As a step prior to the beginning of the ISSU process, the new version of the Cisco IOS Software image needs to be loaded into both the active and standby supervisors' file systems. Both active and standby supervisor need to contain both the new and old images in the file system. In order to store both new and old images, the supervisors should be upgraded to contain sufficient amounts of flash memory prior to the ISSU process.
The new images can be downloaded into both supervisors using commands such as:
copy tftp: bootflash:
copy tftp: slavebootflash:
The example below illustrates this verification:
4510R-203#dir
Directory of bootflash:/
1 -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
2 -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1
4510R-203#dir slavebootflash:
Directory of slavebootflash:/
1 -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
2 -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1
Once this check is verified, one can now proceed with the ISSU process.
The ISSU process is started by typing the "issu loadversion" command on the active supervisor. This command directs the active supervisor to begin the ISSU process. The active supervisor, through intersupervisor communications, checks that the requested image has been downloaded into both the active and standby supervisors' file systems. If the required images are not present, the command is rejected, and an appropriate warning is generated.
If the "issu loadversion" command is successful, the switch transitions into the "Load Version" ISSU state. The standby supervisor will reset and boot with the new version of the Cisco IOS Software image loaded into the file system.
The following actions take place when the command is implemented:
1. The standby supervisor (B) is reset.
2. The standby supervisor (B) is booted with the new Cisco IOS Software image: Release 12.2(31)SGA1.
3. If both Cisco IOS Software images are declared as compatible, the standby supervisor moves into SSO mode and is fully stateful for all compatible clients and applications. Compatibility allows for in-service software upgrade or downgrade between two versions to succeed with minimal service effect.
4. If both Cisco IOS Software images are incompatible, the system moves into RPR mode, and the ISSU process is terminated with an appropriate message to the user. Images are declared incompatible when "required" clients or applications are not interoperable between two Cisco IOS Software releases.
5. Standby "B" reaches the standby HOT state.
6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
7. The "issu loadversion" command also supports a "forced" option that allows the operator to force the system into entering RPR mode when incompatibility is detected.
Note: When performing an ISSU, disable manual switchovers. Performing manual switchovers during the issu process is strongly discouraged. The current implementation does not prevent it, but it does display a warning to the user.
An example of the CLI for implementing the issu loadversion command is displayed below.
On the active supervisor, one would issue the following command:
4510R-203#issu loadversion 1 bootflash:cat4500-entservices-mz.122-31.SGA1 2 slavebootflash: cat4500-entservices-mz.122-31.SGA1
Syntax - issu loadversion active-slot active-image-new standby-slot standby-image-new
The second step of the ISSU process is to perform the issu runversion CLI.
The user can issue the " issu runversion" command when:
1. The ISSU state is "Load Version"; this can be verified with the "show issu state detail" CLI.
2. The standby supervisor is running the new version of the software.
3. The standby supervisor has moved into the "Standby Hot " state.
The following actions take place when the " issu runversion" command is executed:
1. A switchover occurs; that is, the standby (B) becomes the new active, and the old active (A) is rebooted and comes up as a standby.
2. A timer called "Rollback Timer" is started with a previously configured value.
3. Move both supervisors to "Run Version" state.
4. If the command "issu acceptversion" is not issued before the "Rollback timer" fires, then the entire ISSU process is aborted via the automatic rollback.
5. If the active supervisor console connectivity is established and the "issu acceptversion" command is issued, then the rollback timer is stopped.
6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
An example of the CLI for implementing the issu runversion command is displayed below:
On the active supervisor, one would issue the following command:
4510R-203#issu runversion 2 slavebootflash:cat4500-entservices-mz.122-31.SGA1
Syntax - issu runversion standby-slot [standby-image-new]
Prior to issuing the `issu acceptversion' command the system will be counting down the rollback timer. If `issu acceptversion' is not completed before rollback timer expires an automatic abort will occur. This command stops the "Rollback Timer." This command serves as a feedback mechanism. This is an optional command and can be skipped in the ISSU process with the "issu commitversion" CLI.
If this command is not issued within 45 minutes (default) from the time the standby supervisor moves into the "Standby Hot" state, it is assumed that the new active supervisor is not reachable and the entire ISSU process is rolled back to the previous version of the software. The acceptversion is not intended for long-term network operation. It is also important to note that none of the features available on the new version will work yet.
The following actions take place when the command is implemented:
1. The "Rollback Timer" is terminated. This means that the rollback timer is not looked at anymore. Therefore, the system can run in this state for an extended period.
2. The user has an option to abort the ISSU process by issuing the command "issu abortversion."
Aborting the ISSU process now causes the newly active supervisor (B) to fail over to the standby supervisor (A) running the old image and will also cause the rebooting supervisor (B) to load the original image. The issu acceptversion halts the rollback timer and helps ensure the ISSU process is not automatically aborted during the process.
An example of the CLI for implementing the issu acceptversion command is displayed below:
On the "New" active supervisor, one would issue the following command:
4510R-203#issu acceptversion 2
% Rollback timer stopped. Please issue the commitversion command.
Syntax - issu acceptversion active-slot-number
This is the last stage of the ISSU procedure. Once the user is satisfied with the new version of software, this must be committed by issuing the "issu commitversion" command. This command resets the standby supervisor and boots it with a new version of the software (same as the active supervisor). This concludes the ISSU process, and the new version of software is permanently committed on both supervisors. Since this is the conclusion of the ISSU process, the system can not be reverted back to the previous version of the software from this point onward as a part of this upgrade cycle. However, if for any reason users wish to go back to the previous version of the software, they can do so by starting a new upgrade/downgrade process.
The following actions take place if the command is implemented:
1. The standby supervisor (A) is reset and booted with the new version of Cisco IOS Software image.
2. The standby supervisor (A) moves into the "Standby Hot" state in SSO mode and is fully stateful for all clients/applications that are compatible.
3. Both supervisors are moved into "Final State," which is the same as "Initial State."
4. Users can initiate switchovers from this point onward.
An example of the CLI for implementing the issu commitversion command is displayed below:
4510R-203#issu commitversion 1
Syntax - issu commitversion standby-slot-number
ISSU Process: issu abortversion
One can abort the ISSU process at any stage manually (prior to issuing the issu commitversion command) by issuing the exec-level issu abortversion command. The ISSU process also aborts on its own if the software detects a failure.
If a user aborts the process after issuing the issu loadversion command, then the standby supervisor engine is reset and reloaded with the original software.
If the process is aborted after a user enters either the issu runversion or issu acceptversion command, then a second switchover is performed to the new standby supervisor engine that is still running the original software version.
The supervisor engine that had been running the new software is reset and reloaded with the original software version. The command is accepted only in "Load Version" or "Run Version" states. In "Load Version" state, the active supervisor is running an old image and the standby supervisor is running new image.
Syntax - issu abortversion active-slot [active-image-new]
Let me know if you have any questions. -
VSS on cisco 4507R+E with sup8-E
Hi folks,
I need to configure VSS on cisco 4507R+E switch with SUP8-E,but the problem is that as per the latest relase notes VSS is not supported on sup8-E.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_32143-01.html
Can someone advise me how to proceed?Hi,
The links coming from cpe1 and cpe2 can be bundled and made layer3 port channel on VSS swirtch?
No, the link can't be in a Porchannel as cpe-1 cpe-2 are 2 different devices. If cpe-1 and 2 were for example Cisco 3750 stacked, then yes, you could put both links in a Portchannel on the 3750s and also on 4500 (VSS).
on VSS switch : 172.16.10.6/29 (port channel)
cpe1: 172.16.10.2/29
cpe2: 172.16.10.3/29
HSRP virtual IP: 172.16.10.4/29
All above statements are correct.
Can you eloborate how I can use dot1q encapsulation for this scenario?
Let assume cpe-1 and cpe-2 are Cisco 3845 routers. In this case, you can simply create a sub-interface an each device connecting to the VSS with dot1.q
for example on cpe-1
interface gi0/0
interface gi0/0.10
ip address 172.16.10.2/29
encapsulation dot1q 10
the same thing on cpe-2 except a different IP address.
Now you create vlan 10 with dot1q encapsulation on the 4500 and add it to what ever interfaces that are connecting to the cpes with an ip address on th svi.
or you can keep the 4500 (vss) as layer-2 with no IP and no svi.
it that more clear now?
Reza -
Cisco 4500X Wireshark capture to usb not working
Hi, I am Ashley and i am testing the Cisco 4500X using wireshark capture. advanced ip services IOS.
The capture runs fine when storing the wireshark file on the bootflash. No worries.
But when i configure the destination as USB0 my pendrive, it fails.
The usb device is fine and is writable. I tested it by copying from bootflash to usb0:
Followed the instructions in the config guide.
It still fails.
Can someone please help.
Thanks,But when i configure the destination as USB0 my pendrive, it fails.
Could be a bug but I wouldn't recommend configuring the destination as your USB drive because no one has the same luxury as you to have the USB sit there all the time.
Store to the flash and transfer to USB is probably the best solution. -
Ciscoview Cisco 6509 VSS power supply LED indicators incorrect
Hello all
i am experiencing the following problem.
In the Ciscoview, the LED indicators of the power supply of Cisco 6509 VSS are represented incorrectly. All power inputs and fans are okay actually. however, in the ciscoview, there is only 1 green "INPUT OKAY" for each power supply. And "FAN OKAY" LEDS are off on Active chassis.
Any assistance would be greatly appreciated.
LMS 4.1
IOS Version 12.2(50)SY1
Device Package:
38.
Cat6000
12.0
Cat6000 Package
39.
Cat6000IOS
37.0
Cat6000IOS Device PackageCheck the PS at the back, is there a light? If there's no light, then you need to RMA the PS as it could be faulty.
If there's a light on the PS, then you need to RMA the switch. -
Prime 2.1 and 4500X-VSS support?
Anyone with a Prime 2.1.2 that successfully archives configurations from a WS-C4500X-16 running VSS?
Error message after Configuration Archive:
No device package found for the specified device.
The software on the 4500X is 03.04.03SG.
Support for 4500X in PI 2.1.2:
Device Type
SYSOIDS
S/W Version
Software
Cisco Catalyst 4500X-16 SFP+ Switch
OID:1.3.6.1.4.1.9.1.1605
IOS
Cisco Catalyst 4500X-32 SFP+ Switch
OID:1.3.6.1.4.1.9.1.1606
IOS
TanksYes, all device packages are installed (including 7.0) and the Pi 2.1.2 patch.
Info from "ifm_config_archive.log" when trying Archive the Configuration:
[2014-12-09 19:58:11,300] [pool-37-thread-5] [service] [ERROR] - Thread Id : [9,460] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching VLAN file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]'
Maybe the Prime don't know where to find the vlan.dat on the 4500X-VSS ?
#dir cat4000_flash:
Directory of cat4000_flash:/
1 -rw- 2236 <no date> vlan.dat
sysObjectID (1.3.6.1.2.1.1.2) is
.iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.cat4xxxVirtualSwitch
That is not the expected and supported value "4500X-16" above
Update: Error on fetching running and startup config as well:
[2014-12-09 20:24:21,818] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching RUNNINGCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]
[2014-12-09 20:25:31,882] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching STARTUPCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.] -
Channel-group mode for VSS MEC link to WLC
Hello
I have a Cisco 5508 WLC with LAG enabled - this LAG connects to a single VSS chassis (VSS etherchannel mode is "on" as per the WLC documentation)
I'm looking to spread this LAG across both the VSS chassis - Cisco's VSS best practice document below states that for Multi Chassis Etherchannel "Do not use on and off options with PAgP or LACP or Trunk protocol negotiation"
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-virtual-switching-system-1440/109547-vss-best-practices.html
Is anyone else connecting a WLC LAG to a VSS MEC and if so what channel-group mode are they using?
Thanks
AndyHi,
I have never connected a WLC to VSS, but WLC should be threaded just as an access switch and use LACP or PAgP to connect to both VSS switches.
HTH -
New deployment of a pair of 4500X in VSS mode and Cisco UCS.
FI-A has 1 10G link to each 4500X
FI-B has 1 10G link to each 4500X
How should the ports and port channels on the 4500X be configured for UCS uplinks?Hi Reed,
In the end you will just create two port channels, one to each FI.
This is the documentation to create etherchannel on 4500X.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/15.02SG/configuration/guide/channel.html#wp1020670
The interfaces "Ten 1/1" of each 4500X will be part of the first etherchannel andin the second the interfaces "Ten 1/2". (This is just a representation not the real interface number).
Remeber to use the mode active (LACP) of the etherchannel, because this is enabled by default in the Fabric Interconnects.
Richard -
Hello
I have (2) Cisco 4500x with a VSS config. I als have a couple cables "SFP-H10GB-CU1M".
I want to make sure I have this physically setup correctly. I have searched but not found anything specific enough.
Please review and advise.Yes, all device packages are installed (including 7.0) and the Pi 2.1.2 patch.
Info from "ifm_config_archive.log" when trying Archive the Configuration:
[2014-12-09 19:58:11,300] [pool-37-thread-5] [service] [ERROR] - Thread Id : [9,460] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching VLAN file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]'
Maybe the Prime don't know where to find the vlan.dat on the 4500X-VSS ?
#dir cat4000_flash:
Directory of cat4000_flash:/
1 -rw- 2236 <no date> vlan.dat
sysObjectID (1.3.6.1.2.1.1.2) is
.iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.cat4xxxVirtualSwitch
That is not the expected and supported value "4500X-16" above
Update: Error on fetching running and startup config as well:
[2014-12-09 20:24:21,818] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching RUNNINGCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]
[2014-12-09 20:25:31,882] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching STARTUPCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.] -
Wireless Internet Access (Cisco IP NGN or Cisco Wireless Mesh Networkin)??
Dear Cisco Wireless Team
Please educate us on where to start, or the CISCO product we might need to purchase
We are trying to branch out a new Internet wireless access and wireless phone service business in our company, and presently looking for the right Cisco product solution to purchase to enable us offer this service in LAGOS, NIGERIA.
The service will be rendered in Africa, the country NIGERIA, and the city LAGOS.
We would like to mount or install the product in Lagos, Nigeria.
As we are new to this kind of service. We would appreciate if the Cisco wireless team can work with us in pointing or directing on the right product to purchase and what are required. We understand the Cisco Wireless Mesh Networking Solution, Cisco IP Generation Network, Cisco 12416 or 7600 Series Router might be the right products to purchase, but we are not sure on what needed or what are required to meet our service need.
Possibly we would like to offer Wireless Internet Access to unlimited subscribers, and also Wireless or Mobile Phone service to unlimited subscribers in Nigeria.
Anticipating your replyI suppose Cisco Wireless Mesh Networking would be a good choice.The Cisco mesh architecture makes it easy to scale coverage as capacity needs dictate, including increasing access point density; adding wired connections, controllers, and radios; and using dual high-powered, high-sensitive radios and a selection of high-gain antennas.Refer the document for IP NGN in the following URL http://www.cisco.com/en/US/netsol/ns537/networking_solutions_solution_category.html
-
Can I add my cisco UCS to my cisco prime 2.0?
Hi All
Question
Can I add my Cisco UCS to my Cisco prime 2.0?Out of the box, PI won't do much with a UCS server other than tell you it replies to a ping.
It's not really designed to manage UCS servers - DCNM and/or UCS Director are the tools for that.
You could load the UCS server SNMP MIBs and setup some custom queries using that but it'd be more trouble than it's worth in my opinion.
Here's a link to the page showing supported devices for PI. -
Cisco Prime network and cisco prime infrastructure
Hi,
What is the difference between Cisco Prime Network and Cisco Prime infrastructure.
Please advice.I assume you are asking about Cisco Prime LAN Management System (LMS) vs. Cisco Prime Infrastructure (PI).
LMS is currently the leading Cisco offering for wired infrastructure management. It is the evolution of the earlier CiscoWorks LMS, CiscoWorks RWAN CiscoWorks 2000, CWSI, VLAN Director, original CiscoWorks classic etc. products going back almost 20 years.
PI is the equivalent Cisco offering for wireless LANs and is the successor to NCS and WCS products.
The overlap and confusion comes from the fact the Cisco is positioning PI as the overall wireless and wired management platform and gradually introducing wired network management features to make it equal (and eventually exceed) LMS's capabilities.
There is a comparison table here that shows the current differences. A major new release of PI (2.0) is due out shortly which will close many (but not all) of the gaps on that table. -
Support Cisco Catalyst 6880 in Cisco Network Assistant
Hello, tell me, when will support cisco catalyst 6880 in Cisco Network Assistant?
No it doesnt support.
Ref:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_network_assistant/version6/relnotes/ol32368.html#73942
HTH
Inayath
*plz dont forget to rate if this info is helpfull.
Maybe you are looking for
-
Hi, I had a program that was working, and then made a copy of it to make some changes. The main change was to be able to put a BCG correction on the subtracted image. Now for some strange reason I get an Incompatible image size error. Can anyone h
-
Can't continue iphone upgrade due to forgotten icloud user id and password
can't continue phone upgrade due to unknown icloud user name and password
-
Script Logic using when Condition
Hi, Im working on BPC 7.5 SP04 MS and I cant figure out how to make this logic work: 1. Cuenta members (account) with the ivaacred property, are multiplied by a certain value and stored in the account 13010A *WHEN TIEMPO *IS 2009.Jan, etc etc.....
-
Making selection filed in infopackage mandatory
Hi all I have a requrement to make selection fields in an infopackage mandatory. Is there any way we can acheive this!!! Thanks in advance jP
-
Open a folder for a user to view
hello fellow java programmers! Im trying to figure out if its possible to do something... basically I want to open a new "window" on the users machine that is in fact their file browsing program. so for instance for windows, it would be windows explo