08-10-2014 02:11 PM - edited 03-07-2019 08:20 PM
i configure vss on 4500x ,with one switch is active and the other switch go into recovery mode,with all port except the vsl links in the amber orange,shutdown,
i want to make two switch into active state,some one could help in this.
the configuration which i used is below
itch virtual domain 100
switch 1
exit
switch virtual domain 100
switch 2
exit
interface port-channel 10
switchport
switch virtual link 1
no shut
exit
interface port-channel 20
switchport
switch virtual link 2
no shut
exit
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 10 mode on
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 20 mode on
switch convert mode virtual
switch convert mode virtual
08-10-2014 02:46 PM
Post the output to the command "sh version" of both chassis.
08-10-2014 02:56 PM
cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
Supervisor Engine 7-E
Cisco IOS XE 3.4.0SG and ROMMON IOS Version 15.0(1r)
this is the model no and its a ip base image,
on both switches
i could not see configuration synchronised between two core switches.
08-10-2014 03:02 PM
Let me repeat again: Post the output to the command "sh version".
08-10-2014 03:15 PM
All rights reserved. Certain components of Cisco IOS-XE software are
documentation or "License Notice" file accompanying the IOS-XE software
ipbase 2 NO ipbase
lanbase 3 NO lanbase Module Nam e----------------------------------------------------------
WS-X45-SUP7-E Active
All rights reserved. Certain components of Cisco IOS-XE software are
documentation or "License Notice" file accompanying the IOS-XE softw
ipbase 2 NO ipbase
lanbase 3 NO lanbase Module Name ---------------------------------------------------------
WS-X45-SUP7-E Active
08-10-2014 04:47 PM
Your IOS looks good. Your configuration looks good.
So if the pair doesn't want to go into a VSS mode, can you post the output to the command "sh etherchannel 10 summary" from switch 1?
Similarly, can you post the output to the command "sh etherchannel 20 summary" from switch 2?
08-10-2014 08:42 PM
SW2#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
20 Po20(SD) - Te2/1/15(w) Te2/1/16(w)
SW1#show etherchannel summary
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
Number of channel-groups in use: 1
Number of aggregators: 1
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
10 Po10(SD) - Te1/1/15(w) Te1/1/16(w)
08-10-2014 10:44 PM
There's the root of your VSS issues.
Are there any config found in the 2nd chassis (other than the VSS configs you're suppose to use)?
08-11-2014 12:32 AM
i can share two core switch configuration which is there
please suggest if something which i misconfigured and need to be corrected.
TAKAFUL-CORE-01#show run
Building configuration...
Current configuration : 7510 bytes
!
! Last configuration change at 01:57:12 UTC Sun Aug 10 2014
!
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
!
hostname TAKAFUL-CORE-01
!
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
!
!
vrf definition mgmtVrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
username admin privilege 15 password 7 104F0D140C19
no aaa new-model
!
switch virtual domain 100
switch mode virtual
mac-address use-virtual
!
no dual-active detection pagp
no ip source-route
!
ip vrf Liin-vrf
!
no ip domain-lookup
!
ip dhcp pool management
network 10.2.20.0 255.255.255.0
default-router 10.2.20.2
option 43 ascii "10.2.20.1"
!
ip dhcp pool Data
network 10.3.30.0 255.255.255.0
default-router 10.3.30.2
dns-server 4.2.2.2 8.8.8.8
!
ip dhcp pool Voice
network 10.1.10.0 255.255.255.0
default-router 10.1.10.2
!
ip dhcp pool wireless
network 10.4.40.0 255.255.255.0
default-router 10.4.40.2
dns-server 4.2.2.2 8.8.8.8
!
!
no ip bootp server
ip device tracking
!
!
!
power redundancy-mode redundant
!
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
!
redundancy
mode sso
!
vlan internal allocation policy ascending
!
!
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
!
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel10
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 1
!
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!
interface TenGigabitEthernet1/1/1
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/2
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/3
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/4
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/5
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/6
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/7
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/8
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/9
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/10
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/11
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/12
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/13
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/14
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet1/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description IP Telephony VLAN
ip address 10.1.10.2 255.255.255.0
no ip redirects
!
interface Vlan20
description Automation & Management VLAN
ip address 10.2.20.2 255.255.255.0
no ip redirects
!
interface Vlan30
description Data VLAN
ip address 10.3.30.2 255.255.255.0
no ip redirects
!
interface Vlan40
description Wireless Users VLAN
ip address 10.4.40.2 255.255.255.0
no ip redirects
!
ip forward-protocol nd
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip http server
no ip http secure-server
!
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
!
!
snmp-server community ro RO
!
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
!
banner login ^CC
-----------------------------------------------------------------------
#### ####
#### Login for authorized Takaful IT Personnel ONLY ####
#### ####
TAKAFUL
#### ####
#### Login for authorized Takaful IT Personnel ONLY ####
#### ####
-----------------------------------------------------------------------
^C
banner motd ^CC
WARNING, unauthorised access to this network is prohibited.
Authorized access only
This system is the property of Takaful Company.^C
!
line con 0
privilege level 15
login local
stopbits 1
line vty 0 4
privilege level 15
login local
line vty 5 15
privilege level 15
login local
!
!
module provision switch 1
chassis-type 70 base-mac F40F.1B56.31D8
slot 1 slot-type 401 base-mac F40F.1B56.31D8
!
module provision switch 2
!
end
TAKAFUL-CORE-01#
TAKAFUL-CORE-02(recovery-mode)#show run
Building configuration...
Current configuration : 5641 bytes
!
! Last configuration change at 02:05:27 UTC Sun Aug 10 2014
!
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
!
hostname TAKAFUL-CORE-02
!
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
!
!
vrf definition mgmtVrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
!
switch virtual domain 100
switch mode virtual
mac-address use-virtual
!
no dual-active detection pagp
no ip source-route
!
ip vrf Liin-vrf
!
no ip domain-lookup
!
!
no ip bootp server
ip device tracking
vtp mode transparent
!
!
!
power redundancy-mode redundant
!
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
vlan internal allocation policy ascending
!
!
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
!
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel20
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 2
!
interface FastEthernet1
vrf forwarding mgmtVrf
speed auto
duplex auto
!
interface TenGigabitEthernet2/1/1
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/2
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/3
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/4
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/5
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/6
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/7
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/8
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/9
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/10
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/11
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/12
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/13
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/14
switchport trunk native vlan 20
switchport mode trunk
!
interface TenGigabitEthernet2/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet2/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
!
interface Vlan1
no ip address
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
!
!
!
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
!
!
line con 0
stopbits 1
line vty 0 4
login
length 0
!
!
module provision switch 1
!
module provision switch 2
chassis-type 70 base-mac 88F0.3104.0058
slot 1 slot-type 401 base-mac 88F0.3104.0058
!
end
08-11-2014 01:17 AM
As far as I can remember with VSS, your second switch should have NO CONFIG. This is to facilitate the synchronization of the configuration faster.
The only config your second switch is allowed to have are the VSS-related ones: Etherchannel and VSS switch number.
Can you give that a try?
08-11-2014 01:30 AM
do i need to some additional configuration for the switches for VSS which i configure above like
redundancy
mode sso
switch priority in the VSS domain on both switches,
please let me know the configuration which i done for the VSS above is the correct for 4500-x series switch
08-11-2014 01:40 AM
No you don't. Make sure you backup the config of the card before you kill the config.
By the way, did the "sh logs" ever tell you why the etherchannels are not coming up?
08-11-2014 04:26 AM
i try restore cisco 4500x to factory default but i could not,
how can i restore the cisco 4500x to factory default,in order configure vss once again and along with whole configuration .
08-11-2014 03:52 PM
Post "show interface te1/15 and te1/16" from both devices. Are those ports up/up or up/down?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide