Ucs uplinks 4500X VSS
New deployment of a pair of 4500X in VSS mode and Cisco UCS.
FI-A has 1 10G link to each 4500X
FI-B has 1 10G link to each 4500X
How should the ports and port channels on the 4500X be configured for UCS uplinks?
Hi Reed,
In the end you will just create two port channels, one to each FI.
This is the documentation to create etherchannel on 4500X.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/15.02SG/configuration/guide/channel.html#wp1020670
The interfaces "Ten 1/1" of each 4500X will be part of the first etherchannel andin the second the interfaces "Ten 1/2". (This is just a representation not the real interface number).
Remeber to use the mode active (LACP) of the etherchannel, because this is enabled by default in the Fabric Interconnects.
Richard
Similar Messages
-
Cisco 4500X VSS & MEC Cisco 2960X
Hi
I have Cisco 4500x VSS connect to MEC Cisco 2960X using LACP.
I encountered a problem about C2960X
Integration reason
1.C2960X Ten 1/0/2 link flapping interface error-disable . I am disable interface then enable interface , switch show SFP not Present .
Te1/0/2 notconnect 1 full 10G Not Present. (SPF plug-in Correct)
2.use CLI reload C2960X , Ten 1/0/1 ,Ten 1/0/2 notconnect SPF Not Present. (SPF plug-in Correct)
error message :
Dec 18 12:40:25.250: %SYS-5-CONFIG_I: Configured from console by console
Dec 18 12:41:48.888: % ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization. This product may contain software that was copied in violation of Cisco's license terms. If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet. Please contact Cisco's Technical Assistance Center for more information.
26F_guest_switch#show license
Index 1 Feature: lanlite
Period left: 0 minute 0 second
Index 2 Feature: lanbase
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
3.C2960X power Cycle ,C2960X operation normal, ,but recurring problems every day.
I do not know where the problem , I have upgrade C2960X IOS but it had same problem.
Cisco 2960X IOS version: 15.2(3)E C2960X-UNIVERSALK9-M
Cisco 4500X IOS version: cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
Thanks for your help,Hi Reza,
Thanks for your help
I can not confirm that because I have a few switch have the same problem.
C2960X 10G port 1 is connected to C4500X slot 1, Port 2 is connected to C4500X Slot2.
link flapping, On the switch port 2.
I need to do a more precise test to confirm the problem is C2960X or 4500VSS -
Prime 2.1 and 4500X-VSS support?
Anyone with a Prime 2.1.2 that successfully archives configurations from a WS-C4500X-16 running VSS?
Error message after Configuration Archive:
No device package found for the specified device.
The software on the 4500X is 03.04.03SG.
Support for 4500X in PI 2.1.2:
Device Type
SYSOIDS
S/W Version
Software
Cisco Catalyst 4500X-16 SFP+ Switch
OID:1.3.6.1.4.1.9.1.1605
IOS
Cisco Catalyst 4500X-32 SFP+ Switch
OID:1.3.6.1.4.1.9.1.1606
IOS
TanksYes, all device packages are installed (including 7.0) and the Pi 2.1.2 patch.
Info from "ifm_config_archive.log" when trying Archive the Configuration:
[2014-12-09 19:58:11,300] [pool-37-thread-5] [service] [ERROR] - Thread Id : [9,460] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching VLAN file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]'
Maybe the Prime don't know where to find the vlan.dat on the 4500X-VSS ?
#dir cat4000_flash:
Directory of cat4000_flash:/
1 -rw- 2236 <no date> vlan.dat
sysObjectID (1.3.6.1.2.1.1.2) is
.iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.cat4xxxVirtualSwitch
That is not the expected and supported value "4500X-16" above
Update: Error on fetching running and startup config as well:
[2014-12-09 20:24:21,818] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching RUNNINGCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]
[2014-12-09 20:25:31,882] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching STARTUPCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.] -
Hello
I have (2) Cisco 4500x with a VSS config. I als have a couple cables "SFP-H10GB-CU1M".
I want to make sure I have this physically setup correctly. I have searched but not found anything specific enough.
Please review and advise.Yes, all device packages are installed (including 7.0) and the Pi 2.1.2 patch.
Info from "ifm_config_archive.log" when trying Archive the Configuration:
[2014-12-09 19:58:11,300] [pool-37-thread-5] [service] [ERROR] - Thread Id : [9,460] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching VLAN file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]'
Maybe the Prime don't know where to find the vlan.dat on the 4500X-VSS ?
#dir cat4000_flash:
Directory of cat4000_flash:/
1 -rw- 2236 <no date> vlan.dat
sysObjectID (1.3.6.1.2.1.1.2) is
.iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.cat4xxxVirtualSwitch
That is not the expected and supported value "4500X-16" above
Update: Error on fetching running and startup config as well:
[2014-12-09 20:24:21,818] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching RUNNINGCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]
[2014-12-09 20:25:31,882] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching STARTUPCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.] -
Core (4500x vss) with Access HP switch spanning tree
Hello Friends,
i need your support to guide me for this type of topology network in-order to avoid loops...
like
2 4500X series switch configure as a VSS working as core switch
in access layer i have HP switches which are connected with 1G fiber uplinks to each other (cascaded) and back to these Core switch for Vlan forwarding.
i need help to configure spanning tree for such topology and avoid loops.
Topology is in attached..Hi,
you mean to say, connect each HP switch back to core (VSS) with 2 uplinks and configure as a ether-channel?
Yes, exactly.
actually that is not possible because the lack of fiber cable between the cabinets (core to access) are not much cores.
How could it not be possible? According to your drawing in your current design ASW-HP1 and ASW-HP3 both connect to the core VSS, core anyway. So it is just a matter of connecting ASW-HP2 to the core.
Of course you want 2 uplinks from each HP.
HTH -
Question about 4500X VSS management port
I have two standalone 4500X switches that I'm planning to convert to VSS. If I cable the management port on both switches to a management cloud, which management port should I put the management IP address? Is it the port on the active switch? if the active switch failed, would the management port on the standby switch take over the management IP?
The management port is in VRF mgmtVrf. Should I create a default route for the VRF such as "ip route vrf mgmtvrf 0.0.0.0 0.0.0.0 ....." to point to its default gateway IP?
ThanksWhen you convert the chassis to VSS, only the management interfaces (FastEthernet1) for switch-1 (active) will be visible in the config. So you want to cable both management interfaces to your management cloud, but you only apply the IP to the active switch.
The management port is in VRF mgmtVrf. Should I create a default route for the VRF such as "ip route vrf mgmtvrf 0.0.0.0 0.0.0.0 ....." to point to its default gateway IP?
Correct, you need a default route in that mgmt vrf pointing to the gateway.
HTH -
4500X VSS Password Recovery issue
Hello -
I am trying to recover the password for 4500X in VSS following the guide below:
http://www.cisco.com/en/US/products/hw/switches/ps4324/products_tech_note09186a0080c17598.shtml
However the config-register is setting to 0x2141 and the configuration file is not being ignored. I am unable to directly set the config-register (the command errors and says to use confreg command) - when I check the SET variables it is 0x2141 and not 0x2142.
The confreg wizard indicates the configuration file will be ignored; and I have cleared the swnum (had to use clear swnum; it would not let me use the VSS_SWITCH_NUMBER=0 command); however the configuration file is still being loaded and I am unable to reset the password.
Does anyone have any insight or suggestions?
Thanks
JohnIn order to set 0x2142 you need to answer Y to:
change the boot characteristics? y/n
Then select 2 - this changes the config-register to 0x2142
Also, another difference from the guide, as mentioned above, you need to use the clear swnum command as it does not accept the VSS_SWITCH_NUMBER=0 command
Booting into password recover (no configuration) mode now.
Thanks - solved my own question -
HELP - Licence Error on 4500x VSS
HI there,
have 2 4500x in vss mode. both are running 3.4.2 ipbase and are running on the correct licences etc.
after putting them in VSS mode the following error shows in the logs.
%SW_LEVEL-6-RESULT: Operational redundancy mode is UNKNOWN, due to software license-level mismatch at ACTIVE and STANDBY. Software Level on Active: ipbase; on Standby: ipbase
Any suggestions would be appreciated.
I thought it maybe related to bug CSCui54147 but cant see any details of it and it only seems to relate to 3.5.x
Thanks in advance.
RossHi Apologies for not getting back.
To fix this I had to manually accept the EULA for ipbase licence on the 4500x.
After the reload everything worked correctly and I stopped getting this error. -
Cisco 4500X + VSS + Trust Sec Switch to Switch Encryption
Hi,
actually im testing and evaluationg the Cisco 4500X switch as new distribution switch for our Company.... Now i have some issues with one of our requirements.
For security reasons i need to encrypt the links between the 4500X and the access switches in other buildings (no issue with Trust Sec)
But ... now i also need to encrypt the link between the two 4500X if i run VSS ... my question is .. is it possible to encrypt the VSL link with TrustSec Switch to Switch encryption?
BR,
FlorianHi Frloian,
If you have 2 switches in different data centers than you do not need VSS. In fact this is very bad design as the whole concept of VSS is grasped on dual home design. In the essence the proper design of VSS system is to have every downsteram switch connected with one link to one VSS switch and other link to second VSS switch, so that when one VSS switch would fail other can take over. Please look at the VSS best practises:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-virtual-switching-system-1440/109547-vss-best-practices.html#vss_best
Update:
There is possibility to encrypt VSL link, but only in 6500 sup2t environment:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/virtual_switching_systems.html#wp1341144 -
i configure vss on 4500x ,with one switch is active and the other switch go into recovery mode,with all port except the vsl links in the amber orange,shutdown,
i want to make two switch into active state,some one could help in this.
the configuration which i used is below
itch virtual domain 100
switch 1
exit
switch virtual domain 100
switch 2
exit
interface port-channel 10
switchport
switch virtual link 1
no shut
exit
interface port-channel 20
switchport
switch virtual link 2
no shut
exit
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 10 mode on
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 20 mode on
switch convert mode virtual
switch convert mode virtuali can share two core switch configuration which is there
please suggest if something which i misconfigured and need to be corrected.
TAKAFUL-CORE-01#show run
Building configuration...
Current configuration : 7510 bytes
! Last configuration change at 01:57:12 UTC Sun Aug 10 2014
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
hostname TAKAFUL-CORE-01
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
vrf definition mgmtVrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
username admin privilege 15 password 7 104F0D140C19
no aaa new-model
switch virtual domain 100
switch mode virtual
mac-address use-virtual
no dual-active detection pagp
no ip source-route
ip vrf Liin-vrf
no ip domain-lookup
ip dhcp pool management
network 10.2.20.0 255.255.255.0
default-router 10.2.20.2
option 43 ascii "10.2.20.1"
ip dhcp pool Data
network 10.3.30.0 255.255.255.0
default-router 10.3.30.2
dns-server 4.2.2.2 8.8.8.8
ip dhcp pool Voice
network 10.1.10.0 255.255.255.0
default-router 10.1.10.2
ip dhcp pool wireless
network 10.4.40.0 255.255.255.0
default-router 10.4.40.2
dns-server 4.2.2.2 8.8.8.8
no ip bootp server
ip device tracking
power redundancy-mode redundant
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
redundancy
mode sso
vlan internal allocation policy ascending
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
interface Port-channel10
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 1
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
interface TenGigabitEthernet1/1/1
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/2
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/3
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/4
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/5
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/6
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/7
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/8
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/9
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/10
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/11
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/12
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/13
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/14
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet1/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
interface Vlan1
no ip address
shutdown
interface Vlan10
description IP Telephony VLAN
ip address 10.1.10.2 255.255.255.0
no ip redirects
interface Vlan20
description Automation & Management VLAN
ip address 10.2.20.2 255.255.255.0
no ip redirects
interface Vlan30
description Data VLAN
ip address 10.3.30.2 255.255.255.0
no ip redirects
interface Vlan40
description Wireless Users VLAN
ip address 10.4.40.2 255.255.255.0
no ip redirects
ip forward-protocol nd
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip http server
no ip http secure-server
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
snmp-server community ro RO
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
banner login ^CC
#### Login for authorized Takaful IT Personnel ONLY ####
TAKAFUL
#### Login for authorized Takaful IT Personnel ONLY ####
^C
banner motd ^CC
WARNING, unauthorised access to this network is prohibited.
Authorized access only
This system is the property of Takaful Company.^C
line con 0
privilege level 15
login local
stopbits 1
line vty 0 4
privilege level 15
login local
line vty 5 15
privilege level 15
login local
module provision switch 1
chassis-type 70 base-mac F40F.1B56.31D8
slot 1 slot-type 401 base-mac F40F.1B56.31D8
module provision switch 2
end
TAKAFUL-CORE-01#
TAKAFUL-CORE-02(recovery-mode)#show run
Building configuration...
Current configuration : 5641 bytes
! Last configuration change at 02:05:27 UTC Sun Aug 10 2014
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
hostname TAKAFUL-CORE-02
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
vrf definition mgmtVrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
no aaa new-model
switch virtual domain 100
switch mode virtual
mac-address use-virtual
no dual-active detection pagp
no ip source-route
ip vrf Liin-vrf
no ip domain-lookup
no ip bootp server
ip device tracking
vtp mode transparent
power redundancy-mode redundant
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
spanning-tree mode pvst
spanning-tree extend system-id
redundancy
mode sso
vlan internal allocation policy ascending
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
interface Port-channel20
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 2
interface FastEthernet1
vrf forwarding mgmtVrf
speed auto
duplex auto
interface TenGigabitEthernet2/1/1
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/2
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/3
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/4
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/5
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/6
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/7
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/8
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/9
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/10
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/11
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/12
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/13
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/14
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet2/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
line con 0
stopbits 1
line vty 0 4
login
length 0
module provision switch 1
module provision switch 2
chassis-type 70 base-mac 88F0.3104.0058
slot 1 slot-type 401 base-mac 88F0.3104.0058
end -
4500X VSS - Dual Active Detection with ePAgP
Hello,
I am interesting if 3560x supports ePAgP. I have VSS which is formed by two 4500x switches. Can I use 3560x, which is connected two both VSS members via 10Gb optics for Dual Active detection ?Hi,
As PagP is not supported accross differents 3750(-X) units of a stack (but LACP yes), ePagp is not supported also. The MEC has to be formed from the same 3750(-X) unit / Standalone 35xx and 37xx do support PAgPand thus ePAgP.
Page 17 and 20 of http://www.cisco.com/web/DK/assets/docs/presentations/VSS_0109.pdf =>
"Since cross-stack EtherChannel does not support PAgP, it can not use enhanced PAgP for dual ACTIVE detection.
Hence the only alternative for cross-stack EtherChannel configuration is to use BFD as a dual ACTIVE detection method"
Hope it helps.
Regards;
Inayath -
We are deploying a new set of VMware server farms and would like to use the Nexus line for these 40 servers. Does is make sense to connect these via layer 2 to our VSS on a WS-X6708-10G-3C? Or should we wait a few years until we have a budget for a pair of Nexus 7k's and run everything to the VSS? thanks
hi Jim,
Nexus 5000 is a L2 switch, so pretty much whatever you do, its going to be a L2 Portchannel 'northbound' from N5K up to the C6K VSS pair.
Your VSS pair would be the L2/L3 boundary, so you'd have a SVI configured on it that is the L3 default gateway (from your servers).
Best practice would be that you distribute the portchannel members across the pair of physical switches in the VSS pair.
I'm involved in the development of the Nexus range within Cisco, so I'd be all for recommending you deploy Nexus 7000 too. :) But the reality is that you can probably achieve what you want today with C6K VSS, and in future if you did deploy Nexus 7000 too, you could make use of virtual Port Channel (vPC) to allow for full bisectional bandwidth from 'access' to 'agg/core' without any blocked links in STP.
vPC is available today on N7K and provides roughly similar L2 multichassis etherchannel as what VSS enables today in C6K VSS.
hope that helps.
cheers,
lincoln. -
Hi,
I am having an issue that the VSS is different for each switch and the trunking is not working, is there anyway to configure the trunking on the VSL port without breaking the VSS? I have set the trunking on both switches but somehow after the VSS connection is up the trunking is removed on the switch 2. The following are the snippet of the VSS configuration:
Switch 1:
interface Port-channel1
description *** VSS Port-Channel 1 ***
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 1
interface TenGigabitEthernet1/2/8
description *** VSS Links ***
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 1 mode on
service-policy output VSL-Queuing-Policy
Switch 2:
interface Port-channel2
switchport
switch virtual link 2
interface TenGigabitEthernet2/2/8
no lldp transmit
no lldp receive
no cdp enable
channel-group 2 mode on
service-policy output VSL-Queuing-Policy
Now I only have limited command on the Port-Channel 2:
SWITCH01(config)#int po2
SWITCH01(config-if)#?
virtual link interface commands (restricted):
default Set a command to its defaults
description Interface specific description
exit Exit from virtual link interface configuration mode
load-interval Specify interval for load calculation for an interface
logging Configure logging for interface
no Negate a command or set its defaults
service-policy Configure CPL Service Policy
shutdown Shutdown the selected interface
switch Configure switch link
Thanks in advance for any helpful comment.Hi,
You don't need to configure the VSL link as trunk:
just follow this config example:
Switch-1(config)# interface port-channel 10
Switch-1(config-if)# switch virtual link 1
Switch-1(config-if)# no shutdown (If the port is admin shutdown)
Switch-1(config)# interface tenGigabitEthernet 5/1
Switch-1(config-if)# channel-group 10 mode on
Switch-1(config-if)# no shutdown (If the port is admin shutdown)
Switch-2(config)# interface port-channel 25
Switch-2(config-if)# switch virtual link 2
Switch-2(config-if)# no shutdown (If the port is admin shutdown)
Switch-2(config-if)# interface tenGigabitEthernet 5/2
Switch-2(config-if)# channel-group 25 mode on
Switch-2(config-if)# no shutdown (If the port is admin shutdown)
link:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/vss.html#wp1060298
HTH -
Hello,
I try to build virtual Portchannels on 2 Nexus 5548UP and 2 UCS 6248FI. With standalone links (without vPC) the communication between some ESX-Server and my Network is working. When I build vPCs on the N5k the vPC all portchannels (on N5K and FIs) are up.
The Portchannels are pinned to the vNICs and all looks fine. But there is no communication between my ESXs and my network. My configuration is like this:Hi Roberts,
Are the VLANs allowed on the peer link? because if they work in standalone then that means trunk is fine but if they don't have them allowed on the peer link then it will stay up but wont talk -
4500X as collapsed core design
We have 2 4500x switches with Ent Services licences. The plan is to replace the current core routers with a L3 switched core using the 4500x with VSS. The core will connect 3 building data closets, a local data center and 18 remote WAN sites. Engineering the remote sites is where I need some advise.
The in place design has fiber from each remote site connected to a 1 gigabit interface on a Ciena L2 distribution switch. The Ciena switch is connected to the core router via a gigabit Ethernet interface. The interface on the router is divided into 18 sub interfaces one for each branch. Each sub interface has a service policy that shapes the traffic to varying bandwidths in increments of 10mbps up to 50mbps.
The proposed design involves connecting the the Ciena switch to the 4500x VSS pair using 2 10 gigabit Ethernet interfaces. The connections to the Ciena would be L2 and the 4500x would have SVIs for each branch connection. The problem is that the 4500x does not allow traffic shaping on an SVI. Also you can not configure sub interfaces on a routed interface on the 4500x.
Since the Ciena will be connected to the core via 20Gbps would it be necessary to shape traffic to the core from the remote sites? The only concern I have regarding not shaping traffic is that there is a potential to oversubscribe other segments of the network like the data center and the internet link.
Is there another way that we can shape traffic to remote sites? I was thinking if we put a router between the 4500x and the Ciena this would work but I would have to get a pretty beefy router to support 20Gbps.
ThanksI've installed several in use cases like the one you describe. Functionally they pretty much suffice.
If you're a small shop and don't otherwise use Nexus gear, there is the learning curve of NX-OS and the associated technologies like VPCs and FEXes. It's not super hard, but different from IOS with different design considerations.
There are some features on the Nexus (like unified ports) not available on a Catalyst switch and vice versa (e.g. VSS).
Maybe you are looking for
-
How to only allow certain users to use internet?
Hello, I've recently taken over the job of overseeing the internet connection here in my building. We have a shared internet connection and I was told to just give out the same WEP key to everyone. The problem now is that many people have canceled, b
-
Non-Database Item Sort Using Multiple Block Values
I need to sort the result set of a block based on a calculated item. I found several messages addressing this, however they all speak to using the columns from within the same block as input variables to the function used to calculate the non-databas
-
Hi Sap Gurus, its reg to cin condition types JEXT ,JCET weather i have to maintian condition records for the above conditions to get total Basic excise duties , cess in the pricing please give the sugestions Thanks n Regards..... Murali
-
Change vendor evaluation with new scores for automatic criteria
Hi, I would like to delete actual vendor evaluations and revaluate my vendors with new scores for the automatic criteria on time delivery. Using the program RMEVALDL doesn't work. Does somebody have a suggestion please ?? Thanks in advance, Kind rega
-
NWDI in E.P 7.0 Configuration Problem
Hello Everyone, I have Selected 'DI' While Installing SAP and for Configuring NWDI I have run the DI Template in SAP Netweaver Adminstration. Imported the Configuration in NWDS in DevelopmentConfiguration Perspective. 1.While creating the Development