cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2982
Views
0
Helpful
13
Replies

cisco 4500x vss issue

i configure vss on 4500x ,with one switch is active and the other switch go into recovery mode,with all port except the vsl links in the amber orange,shutdown,

i want to make two switch into active state,some one could help in this.

the configuration which i used is below

 

itch virtual domain 100 
switch 1
exit

switch virtual domain 100
switch 2
exit

interface port-channel 10
switchport
switch virtual link 1
no shut
exit


interface port-channel 20
switchport
switch virtual link 2
no shut
exit


int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 10 mode on

 

int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 20 mode on


switch convert mode virtual 

switch convert mode virtual 

13 Replies 13

Leo Laohoo
Hall of Fame
Hall of Fame

Post the output to the command "sh version" of both chassis.

cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin

Supervisor Engine 7-E

Cisco IOS XE 3.4.0SG and ROMMON IOS Version 15.0(1r) 

this is the model no and its a ip base image, 

on both switches 

 

 

i could not see configuration synchronised between two core switches.

Let me repeat again:  Post the output to the command "sh version".  


 
SW1#sh ver | in IOS
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
Cisco IOS-XE software, Copyright (c) 2005-2010, 2012 by cisco Systems, Inc.

All rights reserved. Certain components of Cisco IOS-XE software are

or the applicable URL provided on the flyer accompanying the IOS-XE

documentation or "License Notice" file accompanying the IOS-XE software

SW1#sh ver | in ROM
ROM: 15.0(1r)SG7
System returned to ROM by power-on
SW1#sh license image levels
Module name       Image level Priority Configured Valid license
--------------------------------------------------------------------
WS-X45-SUP7-E     entservices  1         YES        entservices            

                  ipbase       2         NO         ipbase                

    Role           Current Level     Reboot Level ----------

                  lanbase      3         NO         lanbase     Module Nam e----------------------------------------------------------

entservices       entservices

WS-X45-SUP7-E  Active        


 
SW2#sh ver | in IOS
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.04.00.SG RELEASE SOFTWARE (fc3)
Cisco IOS-XE software, Copyright (c) 2005-2010, 2012 by cisco Systems, Inc.

All rights reserved. Certain components of Cisco IOS-XE software are

or the applicable URL provided on the flyer accompanying the IOS-XE

documentation or "License Notice" file accompanying the IOS-XE softw

SW2#sh ver | in ROM
ROM: 15.0(1r)SG7
System returned to ROM by power-on
SW2#sh license image levels
Module name       Image level Priority Configured Valid license
--------------------------------------------------------------------
WS-X45-SUP7-E     entservices  1         YES        entservices            

                  ipbase       2         NO         ipbase                

  Role           Current Level     Reboot Level -----------

                  lanbase      3         NO         lanbase Module Name  ---------------------------------------------------------

 entservices       entservices

WS-X45-SUP7-E   Active      

Your IOS looks good.  Your configuration looks good.  

 

So if the pair doesn't want to go into a VSS mode, can you post the output to the command "sh etherchannel 10 summary" from switch 1?

 

Similarly, can you post the output to the command "sh etherchannel 20 summary" from switch 2?


SW2#show etherchannel summary
   
Flags:  D - down        P - bundled in port-channel
     I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
20     Po20(SD)         -        Te2/1/15(w) Te2/1/16(w)

 


SW1#show etherchannel summary

Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
10     Po10(SD)         -        Te1/1/15(w) Te1/1/16(w)

There's the root of your VSS issues.  

 

Are there any config found in the 2nd chassis (other than the VSS configs you're suppose to use)?

i can share two core switch configuration which is there 

please suggest if something which i misconfigured and need to be corrected.

 

TAKAFUL-CORE-01#show run
Building configuration...

Current configuration : 7510 bytes
!
! Last configuration change at 01:57:12 UTC Sun Aug 10 2014
!
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
!
hostname TAKAFUL-CORE-01
!
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
!
!
vrf definition mgmtVrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
username admin privilege 15 password 7 104F0D140C19
no aaa new-model
!
switch virtual domain 100
 switch mode virtual
 mac-address use-virtual
!
no dual-active detection pagp
no ip source-route
!
ip vrf Liin-vrf
!
no ip domain-lookup
!
ip dhcp pool management
 network 10.2.20.0 255.255.255.0
 default-router 10.2.20.2
 option 43 ascii "10.2.20.1"
!
ip dhcp pool Data
 network 10.3.30.0 255.255.255.0
 default-router 10.3.30.2
 dns-server 4.2.2.2 8.8.8.8
!
ip dhcp pool Voice
 network 10.1.10.0 255.255.255.0
 default-router 10.1.10.2
!
ip dhcp pool wireless
 network 10.4.40.0 255.255.255.0
 default-router 10.4.40.2
 dns-server 4.2.2.2 8.8.8.8
!
!
no ip bootp server
ip device tracking
!
!
!
power redundancy-mode redundant
!
mac access-list extended VSL-BPDU
 permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
 permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
 permit any any 0x888E
mac access-list extended VSL-GARP
 permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
 permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
 permit any host 0100.0ccc.cccd
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
!
redundancy
 mode sso
!
vlan internal allocation policy ascending
!
!
class-map match-any VSL-MGMT-PACKETS
 match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
 match any
class-map match-any VSL-L2-CONTROL-PACKETS
 match access-group name VSL-DOT1x
 match access-group name VSL-BPDU
 match access-group name VSL-CDP
 match access-group name VSL-LLDP
 match access-group name VSL-SSTP
 match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
 match access-group name VSL-IPV4-ROUTING
 match access-group name VSL-BFD
 match access-group name VSL-DHCP-CLIENT-TO-SERVER
 match access-group name VSL-DHCP-SERVER-TO-CLIENT
 match access-group name VSL-DHCP-SERVER-TO-SERVER
 match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
 match dscp af41
 match dscp af42
 match dscp af43
 match dscp af31
 match dscp af32
 match dscp af33
 match dscp af21
 match dscp af22
 match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
 match dscp ef
 match dscp cs4
 match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
 match dscp cs2
 match dscp cs3
 match dscp cs6
 match dscp cs7
!
policy-map VSL-Queuing-Policy
 class VSL-MGMT-PACKETS
  bandwidth percent 5
 class VSL-L2-CONTROL-PACKETS
  bandwidth percent 5
 class VSL-L3-CONTROL-PACKETS
  bandwidth percent 5
 class VSL-VOICE-VIDEO-TRAFFIC
  bandwidth percent 30
 class VSL-SIGNALING-NETWORK-MGMT
  bandwidth percent 10
 class VSL-MULTIMEDIA-TRAFFIC
  bandwidth percent 20
 class VSL-DATA-PACKETS
  bandwidth percent 20
 class class-default
  bandwidth percent 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel10
 switchport
 switchport mode trunk
 switchport nonegotiate
 switch virtual link 1
!
interface FastEthernet1
 vrf forwarding mgmtVrf
 no ip address
 speed auto
 duplex auto
!
interface TenGigabitEthernet1/1/1
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/2
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/3
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/4
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/5
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/6
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/7
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/8
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/9
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/10
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/11
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/12
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/13
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/14
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet1/1/15
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 10 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/1/16
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 10 mode on
 service-policy output VSL-Queuing-Policy
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description IP Telephony VLAN
 ip address 10.1.10.2 255.255.255.0
 no ip redirects
!
interface Vlan20
 description Automation & Management VLAN
 ip address 10.2.20.2 255.255.255.0
 no ip redirects
!
interface Vlan30
 description Data VLAN
 ip address 10.3.30.2 255.255.255.0
 no ip redirects
!
interface Vlan40
 description Wireless Users VLAN
 ip address 10.4.40.2 255.255.255.0
 no ip redirects
!
ip forward-protocol nd
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip http server
no ip http secure-server
!
ip access-list extended VSL-BFD
 permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
 permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
 permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
 permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
 permit ip any 224.0.0.0 0.0.0.255
!
!
snmp-server community ro RO
!
ipv6 access-list VSL-IPV6-ROUTING
 permit ipv6 any FF02::/124
!
banner login ^CC

-----------------------------------------------------------------------
####                                                ####
#### Login for authorized Takaful IT Personnel ONLY ####
####                                                ####

                      TAKAFUL

####                                                ####
#### Login for authorized Takaful IT Personnel ONLY ####
####                                                ####
-----------------------------------------------------------------------

^C
banner motd ^CC
WARNING, unauthorised access to this network is prohibited.
Authorized access only
This system is the property of Takaful Company.^C
!
line con 0
 privilege level 15
 login local
 stopbits 1
line vty 0 4
 privilege level 15
 login local
line vty 5 15
 privilege level 15
 login local
!
!
module provision switch 1
 chassis-type 70 base-mac F40F.1B56.31D8
 slot 1 slot-type 401 base-mac F40F.1B56.31D8
 !
module provision switch 2

!

end

TAKAFUL-CORE-01#

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TAKAFUL-CORE-02(recovery-mode)#show run
Building configuration...

Current configuration : 5641 bytes
!
! Last configuration change at 02:05:27 UTC Sun Aug 10 2014
!
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
!
hostname TAKAFUL-CORE-02
!
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
!
!
vrf definition mgmtVrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
!
no aaa new-model
!
switch virtual domain 100
 switch mode virtual
 mac-address use-virtual
!
no dual-active detection pagp
no ip source-route
!
ip vrf Liin-vrf
!
no ip domain-lookup
!
!
no ip bootp server
ip device tracking
vtp mode transparent
!
!
!
power redundancy-mode redundant
!
mac access-list extended VSL-BPDU
 permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
 permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
 permit any any 0x888E
mac access-list extended VSL-GARP
 permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
 permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
 permit any host 0100.0ccc.cccd
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
 mode sso
!
vlan internal allocation policy ascending
!
!
class-map match-any VSL-MGMT-PACKETS
 match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
 match any
class-map match-any VSL-L2-CONTROL-PACKETS
 match access-group name VSL-DOT1x
 match access-group name VSL-BPDU
 match access-group name VSL-CDP
 match access-group name VSL-LLDP
 match access-group name VSL-SSTP
 match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
 match access-group name VSL-IPV4-ROUTING
 match access-group name VSL-BFD
 match access-group name VSL-DHCP-CLIENT-TO-SERVER
 match access-group name VSL-DHCP-SERVER-TO-CLIENT
 match access-group name VSL-DHCP-SERVER-TO-SERVER
 match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
 match dscp af41
 match dscp af42
 match dscp af43
 match dscp af31
 match dscp af32
 match dscp af33
 match dscp af21
 match dscp af22
 match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
 match dscp ef
 match dscp cs4
 match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
 match dscp cs2
 match dscp cs3
 match dscp cs6
 match dscp cs7
!
policy-map VSL-Queuing-Policy
 class VSL-MGMT-PACKETS
  bandwidth percent 5
 class VSL-L2-CONTROL-PACKETS
  bandwidth percent 5
 class VSL-L3-CONTROL-PACKETS
  bandwidth percent 5
 class VSL-VOICE-VIDEO-TRAFFIC
  bandwidth percent 30
 class VSL-SIGNALING-NETWORK-MGMT
  bandwidth percent 10
 class VSL-MULTIMEDIA-TRAFFIC
  bandwidth percent 20
 class VSL-DATA-PACKETS
  bandwidth percent 20
 class class-default
  bandwidth percent 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel20
 switchport
 switchport mode trunk
 switchport nonegotiate
 switch virtual link 2
!
interface FastEthernet1
 vrf forwarding mgmtVrf

 speed auto
 duplex auto
!
interface TenGigabitEthernet2/1/1
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/2
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/3
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/4
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/5
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/6
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/7
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/8
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/9
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/10
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/11
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/12
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/13
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/14
 switchport trunk native vlan 20
 switchport mode trunk
!
interface TenGigabitEthernet2/1/15
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 20 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet2/1/16
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 20 mode on
 service-policy output VSL-Queuing-Policy
!
interface Vlan1
 no ip address
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip access-list extended VSL-BFD
 permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
 permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
 permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
 permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
 permit ip any 224.0.0.0 0.0.0.255
!
!
!
ipv6 access-list VSL-IPV6-ROUTING
 permit ipv6 any FF02::/124
!
!
line con 0
 stopbits 1
line vty 0 4
 login
 length 0
!
!
module provision switch 1
 !
module provision switch 2
 chassis-type 70 base-mac 88F0.3104.0058
 slot 1 slot-type 401 base-mac 88F0.3104.0058

!

end

 

 

 

 

 

As far as I can remember with VSS, your second switch should have NO CONFIG.  This is to facilitate the synchronization of the configuration faster.  

 

The only config your second switch is allowed to have are the VSS-related ones:  Etherchannel and VSS switch number.


Can you give that a try?

do i need to some additional configuration for the switches for VSS which i configure  above like 

redundancy 
mode sso

switch priority in the VSS domain on both switches, 

 

please let me know the configuration which i done for the VSS above is the correct for 4500-x series switch 

 

 

No you don't.   Make sure you backup the config of the card before you kill the config.

 

By the way, did the "sh logs" ever tell you why the etherchannels are not coming up?  

i try restore cisco 4500x to factory default but i could not,

how can i restore the cisco 4500x to factory default,in order configure vss once again and along with whole configuration .

Yandy Ramirez
Level 1
Level 1

Post "show interface te1/15 and te1/16" from both devices. Are those ports up/up or up/down?

Review Cisco Networking for a $25 gift card