Cisco 6500 VSS Configuration

The Virtual Switching System (VSS) allows two Cisco Catalyst 6500 or 4500 chassis to bond together so that is seen as a single virtual swich to the rest of the network. Other devices will see the VSS configured 6500 as a single device which means it’s possible to use multi chassis etherchannel and protocols like spanning-tree will only see a single switch.

Some other features are NSF (Non Stop Forwarding) / SSO (Stateful Switchover) which means that when a single chassis fails the other one will take over without any downtime since the routing table / CEF table etc. are stored in both chassis’ supervisors.

Another cool feature is EFSU (Enhanced Fast Software Upgrade) which allows you to upgrade the IOS version without any downtime.

In this tutorial I will be using two Cisco Catalyst 6504 switches with 720-10G VSS supervisors to show you how to configure VSS and verify that it’s working.

Right now I have two 6500s that are running in “standalone”. In order to bond these two using VSS we will have to do the following:

• Configure a virtual switch domain on both switches and configure one switch as “switch 1” and the other one as “switch 2”.
• Configure the virtual switch links.
• Execute the conversion command which will reboot the switches.

Before we configure anything let’s verify what modules my 6500s have and see if they are running the same IOS or not!

Verification

We should start by taking a look at the modules in our 6500s and the IOS versions that we are using, just to be sure that we use supported hardware and software.

SW1-VSS#show module 
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    5  Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G       SAL11111111
  2    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL11111111
  3   48  CEF720 48 port 10/100/1000mb Ethernet  WS-X6748-GE-TX     SAL11111111

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  1  588d.09e6.d0b9 to 588d.09e6.d0c0   1.3   12.2(50r)SYS 15.0(1)SY2   Ok
  2  001a.a10e.833c to 001a.a10e.833f   2.5   12.2(14r)S5  15.0(1)SY2   Ok
  3  0002.fcc1.1bd0 to 0002.fcc1.1bff   1.2   12.2(14r)S5  15.0(1)SY2   Ok

Mod  Sub-Module                  Model              Serial       Hw     Status 
---- --------------------------- ------------------ ----------- ------- -------
  1  Policy Feature Card 4       VS-F6K-PFC4        SAL11111111  1.2    Ok
  1  CPU Daughterboard           VS-F6K-MSFC5       SAL11111111  1.4    Ok
  2  Centralized Forwarding Card WS-F6700-CFC       SAD11111111  3.1    Ok
  3  Centralized Forwarding Card WS-F6700-CFC       SAD11111111  1.1    Ok

Mod  Online Diag Status 
---- -------------------
  1  Pass
  2  Pass 
  3  Pass

And this is what switch 2 looks like:

SW2-VSS#show module 
*Aug 13 18:37:25.727: %SYS-5-CONFIG_I: Configured from console by console
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1    5  Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G       SAL22222222
  2    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL22222222
  3   48  CEF720 48 port 10/100/1000mb Ethernet  WS-X6748-GE-TX     SAD22222222

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  1  588d.09e6.cc7d to 588d.09e6.cc84   1.3   12.2(50r)SYS 15.0(1)SY1   Ok
  2  001a.6c68.73e0 to 001a.6c68.73e3   2.5   12.2(14r)S5  15.0(1)SY1   Ok
  3  000d.6551.041a to 000d.6551.0449   1.2   12.2(14r)S5  15.0(1)SY1   Ok

Mod  Sub-Module                  Model              Serial       Hw     Status 
---- --------------------------- ------------------ ----------- ------- -------
  1  Policy Feature Card 4       VS-F6K-PFC4        SAL22222222  1.2    Ok
  1  CPU Daughterboard           VS-F6K-MSFC5       SAL22222222  1.4    Ok
  2  Centralized Forwarding Card WS-F6700-CFC       SAL22222222  3.1    Ok
  3  Centralized Forwarding Card WS-F6700-CFC       SAD22222222  1.1    Ok

Mod  Online Diag Status 
---- -------------------
  1  Pass
  2  Pass 
  3  Pass

Both switches have the VS-SUP2T-10G supervisor that we will use for VSS. Let’s also check the IOS version:

SW1-VSS#show version 
Cisco IOS Software, s2t54 Software (s2t54-ADVENTERPRISEK9-M), Version 15.0(1)SY2, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport

sw2:

SW2-VSS#show version 
Cisco IOS Software, s2t54 Software (s2t54-ADVENTERPRISEK9-M), Version 15.0(1)SY2, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport

Both switches are running IOS 15.0(1)SY2 so it’s looking good. Now we can move on to the configuration.

Configure Virtual Switch Domain

Configuring the virtual switch domain is nothing more but grouping the two switches using an ID. This ID can be a value between 1 and 255 and has to be the same on both switches.  Here’s what it looks like:

I have two 6500s, one called “SW1-VSS” and the other one is called “SW2-VSS”. I will configure them both to use virtual switch domain 1.

Let’s configure the virtual switch domain ID and switch numbers:

SW1-VSS(config)#switch virtual domain 1
Domain ID 1 config will take effect only
after the exec command 'switch convert mode virtual' is issued

SW1-VSS(config-vs-domain)#switch 1

SW2-VSS(config)#switch virtual domain 1
Domain ID 1 config will take effect only
after the exec command 'switch convert mode virtual' is issued

SW2-VSS(config-vs-domain)#switch 2

Both switches are configured to use virtual domain 1, SW1-VSS has been configured as “switch 1” and SW2-VSS as “switch 2”. The next step is to assign a priority to determine what switch will become active or standby.

SW1-VSS(config-vs-domain)#switch 1 priority 110
SW1-VSS(config-vs-domain)#switch 2 priority 100

SW2-VSS(config-vs-domain)#switch 1 priority 110
SW2-VSS(config-vs-domain)#switch 2 priority 100

The higher the priority the more likely you will become the active switch. Switch 1 will have a priority of 110 and switch 2 a priority of 100. This means SW1-VSS will become the active switch.

Configure Virtual Switch Link

The virtual switch link is used to exchange configuration and stateful information between the two physical switches. You can use a single physical interface for VSL or create an etherchannel for redundancy. VSL will add a “virtual switch header” on each frame when it is sent on this link, basically it looks like this:

Not all interfaces are supported for VSL. In my example I’m using the Ten Gigabit interfaces on the Supervisors. To make sure we have redundancy I’ll create an etherchannel using the Ten 1/4 and Ten 1/5 interfaces on the 6500s:

SW1-VSS(config)#interface port-channel 1
SW1-VSS(config-if)#no shutdown
SW1-VSS(config-if)#switch virtual link 1
SW1-VSS(config-if)#exit
SW1-VSS(config)#int range ten 1/4 - 5
SW1-VSS(config-if-range)#channel-group 1 mode on
SW1-VSS(config-if-range)#no shut

SW2-VSS(config)#interface port-channel 2
SW2-VSS(config-if)#no shutdown
SW2-VSS(config-if)#switch virtual link 2
SW2-VSS(config-if)#exit
SW2-VSS(config)#int range ten 1/4 - 5
SW2-VSS(config-if-range)#channel-group 2 mode on
SW2-VSS(config-if-range)#no shutdown

As you can see above we have a basic etherchannel configuration but I used the switch vrtual link command to tell the switch that the etherchannel is a VSL interface. Let’s verify that our etherchannel is working between the two switches:

SW1-VSS#show etherchannel summary | incl Po1
1      Po1(RU)          -        Te1/4(P)       Te1/5(P)

SW2-VSS#show etherchannel summary | incl Po2
2      Po2(RU)          -        Te1/4(P)       Te1/5(P)

We are now ready to convert the 6500s to VSS.

Execute Conversion

The final step in configuring VSS is to execute the conversion. Once we do this the switches will reload and 3 things will happen:

• The configurations of both switches will be merged into a single configuration.
• The interface numbers will be renumbered from slot/port to switch-number/slot/port.
• Negotiation to determine which switch is active or standby.

This is how we execute the conversion:

SW1-VSS#switch convert mode virtual 

This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and 
reload the switch.

NOTE: Make sure to configure one or more dual-active detection methods
once the conversion is complete and the switches have come up in VSS mode.

Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...

SW2-VSS#switch convert mode virtual 

This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and 
reload the switch.

NOTE: Make sure to configure one or more dual-active detection methods
once the conversion is complete and the switches have come up in VSS mode.

Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...

The switches will now reboot and you will see this on the console:

SW1-VSS#
System detected Virtual Switch configuration...
 Interface TenGigabitEthernet 1/1/4 is member of PortChannel 1 
 Interface TenGigabitEthernet 1/1/5 is member of PortChannel 1

SW2-VSS#
System detected Virtual Switch configuration...
 Interface TenGigabitEthernet 2/1/4 is member of PortChannel 2 
 Interface TenGigabitEthernet 2/1/5 is member of PortChannel 2

And you will see the negotiation between active and standby:

SW1-VSS#
%PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch

%VSL_BRINGUP-6-MODULE_UP: VSL module in slot 1 switch 1 brought up
%VSLP-5-RRP_ROLE_RESOLVED: Role resolved as ACTIVE  by VSLP
%VSL-5-VSL_CNTRL_LINK:  New VSL Control Link  1/1/4

SW2-VSS#
%PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch

%VSL_BRINGUP-6-MODULE_UP: VSL module in slot 1 switch 2 brought up
%VSLP-5-RRP_ROLE_RESOLVED: Role resolved as STANDBY by VSLP
%VSL-5-VSL_CNTRL_LINK:  New VSL Control Link  2/1/4 

The two switches rebooted and during the boot process the switches will detect which interfaces are used for the virtual switch link. The switches will then negotiate on the VSL to see which one becomes active or standby. As expected SW1-VSS is the active switch.

After booting you’ll see that the console of SW2-VSS is no longer responding, we can’t use it anymore for configuration. All configurations have to be done from the active switch now.

VSS is now up and running! Since the two switches have bonded to become one logical switch, it’s best to create a new hostname:

                                                                                                              (https://networklessons.com)

how it works: auxiliary power unit (APU)

Ever wondered about those little exhaust pipes protruding from the tails of many jets and turboprops? Well, your eyes aren’t deceiving you— in many cases those are indeed jet engine exhausts, from small “extra” jet engines known as “APUs.”
An “APU” (Auxiliary Power Unit) is a small turbine engine installed to provide supplementary power. Often found in the tails of larger jets and turboprops, APUs serve several useful purposes.

APU generators provide auxiliary electrical power for running aircraft systems on the ground when the main engines aren’t running and no ground electrical power is available. Applications include powering environmental systems for pre-cooling or preheating the cabin, and providing power for crew functions such as preflight, cabin cleanup, and galley (kitchen) operation. Many aircraft APUs can also be operated in flight, providing backup power for the main engine generators.
On larger aircraft, APUs also generate auxiliary “bleed air”, referring to pneumatic pressure drawn from the engine’s compressor section. That’s because large jet engines like those on airliners must be started using pneumatic power. Unless a ground pneumatic source is available, the only way to start large turbine engines is from an operating APU (unless another engine is already running, of course). To accomplish this, the small APU engine is first started using an electric motor (often doing double duty as the generator). Once up and running, APU bleed air is routed to pneumatic starters on the plane’s main engines. Those, in turn, spin up the engine compressors for starting.
This schematic shows a typical APU installation. Along with providing ground power, APUs often provide backup pneumatic power for pressurization in flight, and back up environmental systems on the ground and in the air.

©2013 Gregory N. Brown

Network Address Translation - NAT

Introduction

Network Address Translation, defined by RFC 1631, is becoming very popular in today's networks as it's supported by almost every operating system, firewall appliance and application. NAT was born thanks to the fast depletion of public IP Addresses, in other words real IP Addresses that can only exist on the Internet.

As IP Addresses are 32 Bit, in theory we could have upto 4,294,967,296 IP Addresses (that's 2^32) ! In practice though the number is a lot smaller, somewhere around 3.2 billion, because of the way the IP Addresses are separated into Classes (Class A, B , C e.t.c) and the need to set aside special addresses for multicasting (also known as Class D), broadcasting and other functions.

This exciting section will show, and explain in detail, what NAT is, its different modes and how they work. We will also see how NAT helps protect your network and minimise network security threats.

 

So What's Covered ?

As with most cool networking topics, it's impossible to cover NAT on one page and if you happen to find another site that covers NAT in one page, I assure you you're missing out on a lot of important information, so stick to Firewall.cx :)

With all this in mind, I've split NAT into 6 sections. Each section deals with a particular NAT mode or NAT topic, giving you an in-depth look on how each NAT mode works using a few examples, and its advantages over the rest available NAT modes. The information provided has been carefully selected and written to make sure it covers all ranges of user levels, meaning from intermediate to advanced.

Section 1: NAT Concepts. A good introduction to NAT followed by its basic functions, how it works and which devices in a network usually implement NAT. Simple, clear and colourful diagrams will ensure you grasp this concept without any trouble.

Section 2: NAT Table. This section will introduce the NAT Table, which is the heart of NAT. Here you will learn the purpose of the NAT table, where it's stored along with a lot of other interesting information.

Section 3: Static NAT Mode. Learn what Static NAT is and how it functions. Two pages of detailed diagrams, well thought examples and their analysis along with other rich information ensures you will learn everything there is about Static NAT.

Section 4: Dynamic NAT Mode. Learn what Dynamic NAT is and how it functions. Simple diagrams are available to help you understand how Dynamic NAT works and what its advantages are over Static NAT. Dynamic NAT is analysed over two pages using examples and step by step analysis, ensuring to capture all the required information and answer every question you might have.

Section 5: NAT Overload Mode. Also known as IP Masquerading (in the Linux world), Port Address Translation (PAT) or Dynamic NAT with PAT. Discover the most common NAT mode for small networks. This NAT mode is used by most Internet sharing software. This section will help you understand how NAT Overload works and what its benefits are over the rest. Again, simple diagrams have been designed to make sure you grasp all this cool stuff :)

The type of NAT mode you choose to use, depends on your network resources, capabilities of your NAT-enabled device and, lastly, your needs. Together we will discover the power of NAT and understand why its become so popular.

                                                                                                                                        (Copy & Paste)

Hello!