cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco announces new innovations in SD-WAN, ISRs, SD-WAN Services, and Catalyst 9000 Series switches


Virtual switching system (VSS) Configuration For Cisco 4500 series switches

336644
Views
73
Helpful
75
Comments

 

Introduction

The Cisco Virtual Switching System is a clustering technology that pools two Cisco Catalyst 4500-E Series Switches with Cisco Catalyst Supervisor Engine 7-E or 7-LE or two Catalyst 4500-X Series Switches into a single virtual switch. In a VSS, the data plane of both clustered switches is active at the same time in both chassis. VSS members are connected by virtual switch links (VSLs) using standard Gigabit or 10 Gigabit Ethernet connections between the VSS members. VSLs can carry regular user traffic in addition to the control plane communication between the VSS members.

Physical vs Logical Topology in a VSS Configuration

 

vss.jpg

 

This document describes how to configure a virtual switching system (VSS) for the Catalyst 4500 series switch (Supervisor Engine 7-E, Supervisor Engine 7L-E).

Some key point to be remembered for Cisco 4500 VSS

1) Configuration/Capability Supported supervisors on Catalyst 4500-E: VSS support Supervisor Engine 7-E or 7-LE (identical pairs).For more information about hardware to support please refer 4500 VSS Hardware requirement

2) Software requirement: Cisco IOS XE 3.4.0SG and ROMMON IOS Version 15.0(1r) SG7 later released support VSS.(Also refer How to Upgrade Cisco 4500 SUP7-E & Sup7L-E ROMMON To support VSS).

3)license requirement : 

To know more on license requirement refer "Release Notes for the Catalyst 4500E Series Switch"

Feature

LAN Base

IP Base

Enterprise Service

  • Virtual Switching System (VSS

 

No

Yes
(SUP7E only)

Yes

  • Support for Layer 3 MEC—VSS with Layer 3 Multichassis EtherChannel (MEC) at the aggregation layer

  • Support for VSLP Fast Hello—With VSLP Fast Hello, the Catalyst 4500-X configured for VSS can now connect Access Switches that do not support the ePAgP protocol.

  • Support for VSL Encryption

  • Support for Asymmetrix chassis

No

Yes (SUP7E)

No (SUP7LE)

Yes (SUP7E)

Yes (SUP7LE)

 

For information about Software Activation Licensing please refer Cisco Catalyst 4500E Supervisor 7-E and 7L-E and Cisco Catalyst 4500-X Series Software Activation Licensing Deployment Guide.

4) Single-sup cross-chassis VSS support: Yes.

5) Quad-sup VSS configuration with in-chassis redundant sups: In-chassis redundant sups in rommon mode with active uplinks.

6) It also supports 10 Gigabit Ethernet Virtual Switch Link (VSL) and 1 Gigabit Ethernet VSL.

7) SSO and nonstop forwarding (NSF) must be configured on each switch. If a VSS does not meet the requirements for SSO redundancy; it will be incapable of establishing a relationship with the peer switch. Catalyst 4500/4500-X series switches' VSS does not support route processor redundancy (RPR) mode.

Prerequisite

Before configuring VSS on Cisco 4500 please verify hardware and software requirement.

SW1#sh ver | in IOS
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
Cisco IOS-XE software, Copyright (c) 2005-2010, 2012 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE

SW1#sh ver | in ROM
ROM: 15.0(1r)SG7
System returned to ROM by power-on 

SW1#sh license image levels 
Module name       Image level Priority Configured Valid license
--------------------------------------------------------------------
WS-X45-SUP7-E     entservices  1         YES        entservices            
                  ipbase       2         NO         ipbase                
                  lanbase      3         NO         lanbase  
 
Module Name     Role           Current Level     Reboot Level
--------------------------------------------------------------------
WS-X45-SUP7-E  Active         entservices       entservices

 

SW2#sh ver | in IOS
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
Cisco IOS-XE software, Copyright (c) 2005-2010, 2012 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE

SW2#sh ver | in ROM
ROM: 15.0(1r)SG7
System returned to ROM by power-on

SW2#sh license image levels
Module name       Image level Priority Configured Valid license
--------------------------------------------------------------------
WS-X45-SUP7-E     entservices  1         YES        entservices            
                  ipbase       2         NO         ipbase                
                  lanbase      3         NO         lanbase 

Module Name     Role           Current Level     Reboot Level
--------------------------------------------------------------------
WS-X45-SUP7-E   Active        entservices       entservices

 

Configuration Steps

STEP1: Assigning Virtual Switch Domain and Switch Numbers

First you have to configure the same virtual switch domain number on both switches of the VSS. The virtual switch domain is a number between 1 and 255.After domain number you must configure one switch to be switch number 1 and the other switch to be switch number 2.

SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#switch virtual domain 10
Domain ID 10 config will take effect only
after the exec command 'switch convert mode virtual' is issued
SW1(config-vs-domain)#switch 1
SW1(config-vs-domain)#exit
SW1(config)#

 

SW2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW2(config)#switch virtual domain 10
Domain ID 10 config will take effect only
after the exec command 'switch convert mode virtual' is issued
SW2(config-vs-domain)#switch 2
SW2(config-vs-domain)#exit
SW2(config)#

 

STEP2: Configuring VSL Port Channel

Then you need to configure VSL with a unique port channel on each switch. During the conversion, the VSS configures both port channels on the VSS Active switch. If the VSS Standby switch VSL port channel number has been configured for another use, the VSS comes up in RPR mode. To avoid this situation, check that both port channel numbers are available on both of the switches.

SW1(config)#int port-channel 5
SW1(config-if)#switchport
SW1(config-if)#switch virtual link 1
SW1(config-if)#no shut
SW1(config-if)#exit
*Jan 24 05:19:57.092: %SPANTREE-6-PORTDEL_ALL_VLANS: Port-channel5 deleted from all Vlans

 

SW2(config)#int port-channel 10
SW2(config-if)#switchport
SW2(config-if)#switch virtual link 2
SW2(config-if)#no shut
SW2(config-if)#exit
SW2(config)#
*Jan 24 05:14:17.273: %SPANTREE-6-PORTDEL_ALL_VLANS: Port-channel10 deleted from all Vlans

 

STEP3: configure the VSL ports

You need to add the VSL physical ports to the port channel. In the following example, interfaces Gigabit Ethernet 7/3 and 7/4 on Switch 1 are connected to interfaces Gigabit Ethernet 4/45 and 4/46 on Switch 2.

SW1(config)#int range gig7/3 - 4
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#channel-group 5 mode on
WARNING: Interface GigabitEthernet7/3 placed in restricted config mode. All extraneous configs removed!
WARNING: Interface GigabitEthernet7/4 placed in restricted config mode. All extraneous configs removed!
SW1(config-if-range)#exit

 

SW2(config)#int range gig4/45 - 46
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#channel-group 10 mode on
WARNING: Interface GigabitEthernet4/45 placed in restricted config mode. All extraneous configs removed!
WARNING: Interface GigabitEthernet4/46 placed in restricted config mode. All extraneous configs removed!
SW2(config-if-range)#exit

 

Note: Once the interfaces are put into VSL port-channel with “channel-group" command, then the interfaces goes into “notconnect” status. Interface status will show UP, but the line protocol will be down. The interface will be in UP/down (not connect) status, till the switch is rebooted in step 4.

STEP4: Converting the Switch to Virtual Switch Mode:

You need to enter the “switch convert mode virtual” command on Switch 1 for Converting to Virtual Switch Mode .After you enter this command it will prompted to confirm the action. Enter yes. The system creates a converted configuration file, and saves the file to the bootflash:

SW1#switch convert mode virtual 

This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and
reload the switch.
Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...
Compressed configuration from 6551 bytes to 2893 bytes[OK]
Saving converted configuration to bootflash: ...
Destination filename [startup-config.converted_vs-20130124-062921]?
Please stand by while rebooting the system...
Restarting system. 

Rommon (G) Signature verification PASSED  
Rommon (P) Signature verification PASSED  
FPGA   (P) Signature verification PASSED

Similarly you need to enter the “switch convert mode virtual” command on Switch 2 for converting to Virtual Switch Mode.

 

SW2#switch convert mode virtual​ 

This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and
reload the switch.
Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...
Compressed configuration from 6027 bytes to 2774 bytes[OK]
Saving converted configuration to bootflash: ...
Destination filename [startup-config.converted_vs-20130124-052526]?
Please stand by while rebooting the system...
Restarting system. 

Rommon (G) Signature verification PASSED  

Rommon (P) Signature verification PASSED  

FPGA   (P) Signature verification PASSED 

************************************************************
*                                                          *
* Welcome to Rom Monitor for   WS-X45-SUP7-E System.       *
* Copyright (c) 2008-2012 by Cisco Systems, Inc.           *
* All rights reserved.                                     *
*                                                          *
************************************************************

 

After you confirm the above commands on both switches, the running configuration is automatically saved as the startup configuration and the switch reboots. After the reboot, the switch is in virtual switch mode, so you must specify interfaces with three identifiers (switch/module/port).

When switches are being converted to VSS, you should not set them to ignore startup-config. If done, the switch can be enabled to parse the startup-config at the rommon prompt. Ignoring startup-config in VSS mode causes a switch to boot in a semi-VSS mode, which can only be corrected by a reboot and by enabling the parsing of startup-config.

Verification

1) To displays the virtual switch domain number, and the switch number and role for each of the switches you can use “show switch virtual” command.

SW1#sh switch virtual 

Executing the command on VSS member switch role = VSS Active, id = 1 

Switch mode                  : Virtual Switch
Virtual switch domain number : 10
Local switch number          : 1
Local switch operational role: Virtual Switch Active
Peer switch number           : 2
Peer switch operational role : Virtual Switch Standby 

Executing the command on VSS member switch role = VSS Standby, id = 2  

Switch mode                  : Virtual Switch
Virtual switch domain number : 10
Local switch number          : 2
Local switch operational role: Virtual Switch Standby
Peer switch number           : 1
Peer switch operational role : Virtual Switch Active

 

2) Once both switches cluster in single virtual switch, you will only have Active switch console and your Standby switch console appears as follow:

SW2-standby> 
Standby console disabled

3) To displays the role, switch number, and priority for each of the switch in the VSS use “show switch virtual role” command.

SW1#sh switch virtual role 

Executing the command on VSS member switch role = VSS Active, id = 1 

RRP information for Instance 1 

--------------------------------------------------------------------
Valid Flags   Peer     Preferred Reserved
               Count     Peer       Peer  

--------------------------------------------------------------------
TRUE   V       1           1         1  

Switch Switch Status Preempt       Priority Role     Local   Remote
       Number         Oper(Conf)   Oper(Conf)         SID     SID
--------------------------------------------------------------------
LOCAL   1     UP     FALSE(N )     100(100) ACTIVE   0       0
REMOTE  2     UP     FALSE(N )     100(100) STANDBY 6834   6152  

Peer 0 represents the local switch  

Flags : V - Valid
In dual-active recovery mode: No  

Executing the command on VSS member switch role = VSS Standby, id = 2 

RRP information for Instance 2  

--------------------------------------------------------------------
Valid Flags   Peer     Preferred Reserved
               Count     Peer       Peer  

--------------------------------------------------------------------
TRUE    V       1           1         1  

Switch Switch Status Preempt       Priority Role     Local   Remote
       Number         Oper(Conf)   Oper(Conf)         SID     SID
--------------------------------------------------------------------
LOCAL   2     UP     FALSE(N )     100(100) STANDBY  0       0
REMOTE  1     UP     FALSE(N )     100(100) ACTIVE   6152   6834 

Peer 0 represents the local switch

Flags : V - Valid
In dual-active recovery mode: No

 

4) To Displays information about the VSL use “show switch virtual link” command.

SW1#sh switch virtual link  

Executing the command on VSS member switch role = VSS Active, id = 1 

VSL Status : UP
VSL Uptime : 3 minutes
VSL Control Link : Gi1/7/4  

Executing the command on VSS member switch role = VSS Standby, id = 2 

VSL Status : UP
VSL Uptime : 3 minutes
VSL Control Link : Gi2/4/45

 

5) You can also verify information about the VSL port channel using “show switch virtual link port-channel”command.

SW1#sh switch virtual link port-channel 

Executing the command on VSS member switch role = VSS Active, id = 1 

Flags: D - down       P - bundled in port-channel
       I - stand-alone s - suspended
       H - Hot-standby (LACP only)
       R - Layer3     S - Layer2
       U - in use     N - not in use, no aggregation
       f - failed to allocate aggregator         

       M - not in use, no aggregation due to minimum links not met
       m - not in use, port not aggregated due to minimum links not met
       u - unsuitable for bundling
       d - default port  
       
       w - waiting to be aggregated  

Group Port-channel Protocol   Ports
------+-------------+-----------+-------------------
5     Po5(SU)          -       Gi1/7/3(P) Gi1/7/4(P)
10    Po10(SU)         -       Gi2/4/45(P) Gi2/4/46(P)  

Executing the command on VSS member switch role = VSS Standby, id = 2  

Flags: D - down       P - bundled in port-channel
       I - stand-alone s - suspended
       H - Hot-standby (LACP only)
       R - Layer3     S - Layer2
       U - in use     N - not in use, no aggregation
       f - failed to allocate aggregator         
       
       M - not in use, no aggregation due to minimum links not met
       m - not in use, port not aggregated due to minimum links not met
       u - unsuitable for bundling
       d - default port  
       
       w - waiting to be aggregated 

Group Port-channel Protocol   Ports
------+-------------+-----------+-------------------
5     Po5(SU)          -       Gi1/7/3(P) Gi1/7/4(P)
10    Po10(SU)         -       Gi2/4/45(P) Gi2/4/46(P) 

SW1#

Reference

Comments
Beginner

Hi,

 

I resolved my problem by upgrade the rommon from 15.1(1r)-SG1 to 15.1(1r)-SG4

My switches now can boot to the new OS 03.06.00 and can cofigure the VSS.

Thanks

Beginner

Hi All,

i have an issue for 4500x VSS when o perform this command gave me authorization faild:

 

show switch virtual                      

Executing the command on VSS member switch role = VSS Active, id = 1


Switch mode                  : Virtual Switch
Virtual switch domain number : 1
Local switch number          : 1
Local switch operational role: Virtual Switch Active
Peer switch number           : 2
Peer switch operational role : Virtual Switch Standby% Authorization failed.

 

only this happened on 4500x VSS and the same configuration on 6500VSS i didn't see it?

Thanks

Beginner

I have the same "Authorization" issues with 4500-X. Is there a bug opened for this?

When I remove my authorization configuration then it is working fine - but this should not be the solution...

Any ideas?

 

Marek

Beginner

Hi Ashirkar, i have 2 catalyst WS-C4503E with supervisor WS-X45-SUP7L-E  and Versión 03.04.04.SG Enterprise services

I read you post, and the configuration guide for VSS on 4500 switches.and all configuration about VSS is working fine. But when I try to actívate dual-active detection with the fast-hello mode, the VSS domain do not support the commands for it.

 

The question is. Do you know if fast-hello is or not supported on those switches.

 

Thanks in advance.

 

Best regards.

Beginner

you need to run 3.5.x to support fast hello.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_29985-01.html#pgfId-2657932

 

 

Beginner

Hi Stefan, many thanks by your support.

I´m going to do the software upgrade for the switches a try again.

 

Best regards

Beginner

On 2 4500x with VSS will both the switches communicate or will one remain in a permanent stand-by mode ?

 

 

Beginner

For the Cisco IOS XE 3.5.0E, I've found out that they support older generation line cards, namely:

– WS-X4148-RJ
– WS-X4148-RJ
– WS-X4148-FX-MT
– WS-X4306-GB
– WS-X4548-RJ45V+
– WS-X4448-GB-SFP
– WS-X4248-FE-SFP
– WS-X4248-RJ45V

Could you please confirm that they are and there are no special requirements besides the need for that 3.5.0 IOS to support them?

 

Community Member

Hi all,

I have 2 WS-C4507R+E switches in VSS virtual domain 30  and 2 WS-C4503-E switches in VSS virtuel domain 40  , Catalyst 4500 L3 Switch  with Software (cat4500e-UNIVERSALK9-M), Version 03.04.02.SG RELEASE SOFTWARE (fc1)

I have issues in dot1q trunk between the two VSS even with an point to point L3 ping on management adress wich is is the native vlan doesn't work

Thanks

Djibril

 

Beginner

Hi all,

I have two switch: WS-C4500X-16SFP+ and WS-C4500X-32SFP+ , with IP base license on both.

Can I configure VSS with two switch above and What license or hardware that I need for VSS ?

 

Thanks you very much,

Hi,

 

I have a question, when my both cores on VSS below is the one I saw on my console.

Console on Core1 (Core1#)

Console on Core2 (Core1-standby#)

 

Can someone explain why it was different on the sample above w/c should be Core2-standby#

 

 

Beginner

No you can not. From what I know in the VSS pair you must have 4500-X with the same hardware configuration.

 

Marek

Beginner

Hi marek,

But Cisco 4500-x can support Asymmetric chassis "The chassis must contain the same number of slots, even if their linecards differ or their slots are empty"

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/vss.html#wp1062785

Maybe I misunderstood, can you please check for me again..

 

Thank you very much,

Beginner

Hi,

the information that i provided is from the Cisco Live presentation (BRKCRS-2468). Maybe this information is old already?

Marek

Beginner

Hi marek,

Thanks for your replying, you can read following content:

Asymmetric chassis support

Catalyst 4500 and Catalyst 4500-X VSS require the same supervisor engine type in both chassis. The chassis must contain the same number of slots, even if their linecards differ or their slots are empty. Provided the number of slots in the two chassis match, the chassis can differ in type (that is, +E and -E chassis can be in a single VSS)"

We understood that 4500-X can mix (model 16 with 32 port) or no...

Thanks & best regards,

 

CreatePlease to create content
Content for Community-Ad

Blog-Cisco Community Designated VIP Class of 2019