Solved: VSS on 4506's

sterdnotshaken · ‎04-17-2013

Howdy,

So I have configured VSS successfully on a pair of our 4500's and it seems to work great... Now I am at the point where I am configuring the

PAgP_Dual-Active part and had a few questions for the lot of you...

With the 4500's, currently fast-hello's aren't an option for Dual-Active Detection, so I am forced to use Enhanced PAgP... The configuration guide's show a config example like so:

Switch(config)# interface port-channel 20

Switch(config-if)# shutdown

Switch(config-if)# exit

Switch(config)# switch virtual domain 100

Switch(config-vs-domain)# dual-active detection pagp

Switch(config-vs-domain)# dual-active detection pagp trust channel-group 20

Switch(config-vs-domain)# exit

Switch(config)# interface port-channel 20

Switch(config-if)# no shutdown

Switch(config-if)# exit

Cisco states that for PAgP to be utilized for Dual-Active, the 2 VSS switches should be interconnected to each other (outside of the VSL link's) through an upstream switch (using MEC) that supports PAgP... Couldn't I just run a pair of cables directly from one VSS member switch to the other, make said ports members of aforementioned port-channel and call it good? If so, outside of assigning the interfaces to the appropriate Dual-Active trusted port-channel, I wouldn't need to worry about specifying access\trunk interface types on the interfaces or defining allowed vlans per PAgP being a layer 2 protocol right?

Reza Sharifi · ‎04-20-2013

As far as I know, if you want to use ePAGP, you need a third switch. Now, that switch could be upstream or downstream. Usually VSS is used for data centers, where you connect you servers, chassis, VMs to both switches using Etherchannles or as distribution switches where you connect you access switches to both switches by using Etherchannel If you connect the switches together, that is pretty much Fast Hello, which as you indicated is not supported on the 4500 yet. I have only configured 6500 with VSS and have used both downstream and upstream switches for ePAGP and in other situations have also used Fast Hello, but never deployed 4500.

HTH

View solution in original post

Reza Sharifi · ‎04-17-2013

I have never configured VSS on the 4500 series, but if the function is the same as the 6500 series, you need to configure ePAGP for dual active detection using an upstream or downstream switch. With ePAGP, there is no need for extra cabling.

from the 4500 config guide:

Dual-Active Detection Using Enhanced PAgP

Port aggregation protocol (PAgP) is a Cisco-proprietary protocol for managing EtherChannels. If a VSS MEC terminates to a Cisco switch, you can run PAgP protocol on the MEC. If PAgP is running on the MECs between the VSS and an upstream or downstream switch, the VSS can use PAgP to detect a dual-active scenario. The MEC must have at least one port on each switch of the VSS.

In virtual switch mode, PAgP messages include a new type length value (TLV) which contains the ID of the VSS active switch. Only switches in virtual switch mode send the new TLV.

For dual-active detection to operate successfully, one or more of the connected switches must be able to process the new TLV. Catalyst 4500, Catalyst 4500-X, and Catalyst 49xx series switches have this capability. For a list of other Cisco products that support enhanced PAgP, refer to Release Notes for Cisco IOS Release at this URL:

http://www.cisco.com/en/US/products/ps6350/tsd_products_support_series_home.html

When the VSS standby switch detects VSL failure, it initiates SSO and becomes VSS active. Subsequent PAgP messages to the connected switch from the newly VSS active switch contain the new VSS active ID. The connected switch sends PAgP messages with the new VSS active ID to both VSS switches.

If the formerly VSS active switch is still operational, it detects the dual-active scenario because the VSS active ID in the PAgP messages changes. This switch initiates recovery actions as described in the "Recovery Actions" section.

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/15.1.2/XE_340/configuration/guide/vss.html#wp1063735

HTH

InayathUlla Sharieff · ‎04-17-2013

HI,

Hope this might help:

https://supportforums.cisco.com/docs/DOC-29472

Regards

Inayath

sterdnotshaken · ‎04-18-2013

Thanks for your responses! I really appreciate it. Yea, your link InayathUlla was one that I used when writing the script for the initial configuration. Great document. I have also reviewed the links you included Reza... Thanks for those.

That said, non of the links sufficiently answer my question... In our scenario, the upstream switch isn't a Cisco, so ePAgP over the existing upstream links isn't an option, so I figured, in my situation we only have 2 options. 1, where I put another Cisco switch in the closet and allocate 2 additional port on the 4500's to be members of the secure port-channel and run the dual-active detection through that switch... but that's a waste of a switch, so option 2 was to run a link directly between the 4500's and configure those interfaces as members of the same secure port-channel? Does this make sense? Is this possible? Or am I, without a upstream Cisco switch simply not able to run Dual-Active Detection?

Thanks in advance!

sterdnotshaken · ‎04-20-2013

Anyone have any idea's?

Thanks.

Reza Sharifi · ‎04-20-2013

As far as I know, if you want to use ePAGP, you need a third switch. Now, that switch could be upstream or downstream. Usually VSS is used for data centers, where you connect you servers, chassis, VMs to both switches using Etherchannles or as distribution switches where you connect you access switches to both switches by using Etherchannel If you connect the switches together, that is pretty much Fast Hello, which as you indicated is not supported on the 4500 yet. I have only configured 6500 with VSS and have used both downstream and upstream switches for ePAGP and in other situations have also used Fast Hello, but never deployed 4500.

HTH