I have a question regarding the VSL link configurations on both Catalyst 4500X switches:
switchport mode trunk ---> is it necessary? what would it be for to form a trunk in a VSL link? What is the contribution?
switchport nonegotiate -> what is the contribution?
virtual switch link 1
TenGigabitEthernet interface 1/1/5
switchport mode trunk ---> is it necessary? what would it be for to form a trunk in a VSL link?
switchport nonegotiate ---> what is the contribution?
no lldp transmit ---> what is the contribution?
no lldp receive -> what is the contribution?
channel-group 1 mode on
service-policy output VSL-Queuing-Policy ---> why would the VSL link need a policy? What is the contribution?
the recommended configuration for VSL is to build an etherchannel un-conditionally (mode on) and to make the member ports and the bundle a trunk port again without negotiation protocols involved DTP or LACP or PAGP.
There are two main reasons to do this:
a) to make the links to come up and operational as soon as possible at system startup.
b) after the VSS is up and running a single supervisor is responsible for all the system and all signaling protocols are generated by the primary supervisor. If attempting to rely on LACP or DTP, the risk is that after the VSS boot is completed the standby processor will not be able/allowed to generate its own LACP or DTP messages on the VSL links.
These protocols are thought to connect different entities with different system-id for example for LACP, they should not be able to support links between ports with the same LACP system-id or if one side stops to talk.
So avoiding to use LACP or PAGP or to use DTP (switchport nonegotiate) is a necessary measure to make the VSL bundle stable over time and to make the VSS whole system stable.
Notice that you interconnect two port-channels with different numbers to create a VSS, because after the merge and the creation of a single configuration for the two member switches the port-channel numbers are mantained.
A VSS must be a trunk allowing all Vlans because you need to be able to move frames in the same user defined Vlan between two ports in the two different chassis.
In addition to user defined Vlans a system defined Vlan is used to carry VSLP frames. The VSLP protocol provides the way to create a single control plane on both chassis and to have a single supervisor to control and monitor all linecards.
It is a form of L2 tunneling that allows for example to carry all the management related protocols like heartbeats to check health of every linecard and also for example to send to all linecards new CEF updates for linecards that have a local copy of the CEF table (DFC daugther cards).
Also STP messages , other L2 protocols packets or L3 routing protocol messages have to be sent to the CPU of the active supervisor and active supervisor generated messages are sent to the other chassis as needed via VSLP.
On the VSL link the most important and precious traffic is the VLSP protocol messages.
This is why a policy-map is applied to member links outbound I would expect VSLP frames to be put in a priority queue.
Finally LLDP is disabled for the same reasons explained above for DTP and LACP.
To be noted VSS requires the use of separate links not part of VSL, to detect Dual Active using proprietary fast hellos or BFD.
The use of PAGP+ for dual active detection is not recommended because it involves external devices in the middle.
So LLDP is replaced by Dual Active detection on a separate link that can be a simple GE link.
Dual Active detection is useful if the VSL bundle is broken and each chassis has to decide what to do: if the VSL is broken and the standby supervisor sees messages from the active supervisor it will isolate the standby chassis from the network. This link is needed to avoid that both chassis think they are the active supervisor that is the worst scenario in VSS.
Hope to help