Below is a configuration that was used in VSS migration project. During this Project we had two SUPs installed in each chassis for RPR and SSO redundancy.
Initial SW Hardware and Software configuration:
Hardware Connectivity between two Switches : If two Sups are being used in one chassis you must check the IOS version to support RPR for dual SUP in VSS mode.
NOTE :- The supervisors must completely match, down to the PFCs. If the Sups are 3C and the line cards are 3CXL, the line cards will operate as 3C.
Step 1. SW basic IOS configuration , Hostname, Passwords, NTP, Login....
Step 2. Configure VTP and Spanning Tree
Commands
§ udld enable
§ vtp domain campus-test
§ vtp mode SERVER ( In this mode SW will learn and create VLAN information it will not alter other switch VTP information)
§ spanning-tree mode rapid-pvst or match it with your production switch.
§ no spanning-tree optimize bpdu transmission
§ spanning-tree extend system-id
§ port-channel load-balance src-dst-mixed-ip-port
§ Root of STP should always be VSS, Hard code the value.
· Sh catalyst6000 chassis-mac-address
· Sh spanning-tree vlan 100
. Note the Priority and Mac address to make sure VSS is a root.
Step 3. Configure Routing Protocol : example for two IGP’s
o For OSPF
Router ospf 1 Nsf
o For EIGRP ·
Router eigrp 1 . nsf
VSS Switch Configurations
Step 1. SW basic IOS configuration , Hostname, Passwords, NTP, Login....
Step 2. Configure VTP and Spanning Tree
Commands
§ udld enable
§ vtp domain campus-test
§ vtp mode SERVER ( In this mode SW will learn and create VLAN information it will not alter other switch VTP information)
§ spanning-tree mode rapid-pvst or match it with your production switch.
§ no spanning-tree optimize bpdu transmission
§ spanning-tree extend system-id
§ port-channel load-balance src-dst-mixed-ip-port
§ Root of STP should always be VSS, Hard code the value.
· Sh catalyst6000 chassis-mac-address
· Sh spanning-tree vlan 100
. Note the Priority and Mac address to make sure VSS is a root.
Step 3. Configure Routing Protocol : example for two IGP’s
o For OSPF
Router ospf 1 Nsf
o For EIGRP ·
Router eigrp 1 . nsf
Global Configuration
switch virtual domain 9
switch 1 switch 1 priority 110 switch 2 priority 100 mac-address use-virtual
Dual-active detection pagp trust channel 200 (PC for upstream Switch)
redundancy (Default SSO Enabled )
main-cpu
auto-sync running-config
mode sso
Switch 1
switch virtual domain 9
switch 1 switch 1 priority 110 switch 2 priority 100 mac-address use-virtual
Dual-active detection pagp trust channel 200 (PC for upstream Switch)
Exit
Check for each upstream switch for 2nd switch
! Set Up the VSL link port-channel IDs must be unique on each chassis to form the VSL
interface port-channel 21
no shut desc VSL to switch 2 switch virtual link 1
no mls qos trust cos
no mls qos channel-consistency
! The etherchannel mode must be set to on. Best practice for etherchannel is normally desirable (PAgP) or active (LACP). But this is not a normal etherchannel. This is a special type of etherchannel and requires mode on.
Use the 10G ports on the supervisor.
interface range T5/4 -5
no shutdown
no switchport
interface range T5/4 -5
no shutdown channel-group 21 mode on
interface range T6/4 -5
no shutdown
no switchport
interface range T6/4 -5 no shutdown channel-group 21 mode on
! NOTE: After VSS is enabled on both switches, the switches will need to be converted to virtual switch mode
switch convert mode virtual
! You’ll be asked if it is OK to save the running config and reboot the switch. Answer yes and then be patient. It takes a while for the switch to reboot.
On the Active Switch Only. This command gets executed only once.
switch accept mode virtual
Verify Dual active SUP : Sh SW Virtual Dual-act pagp
On Neighbor SW : sh pagp dual-active
To reference the modules on switch 1 or switch 2, the command is now show modules switch 1 or show modules switch 2.
show run will show the entire running config.
show run switch 1 will show the part of the config that is specific to switch 1. show run switch 2 will show the part of the config that is specific to switch 2.
! The following commands can be used to verify the status of the VSS. Notice the reference to the switch number – 1 or 2.
show switch virtual show switch virtual link show switch virtual role
The following command is used to synchronize mac-address tables across forwarding engines on the 2 switches. If a WS-670x-10G line card is present in the VSS system, mac-syncronization is turned on automatically. Otherwise, it has to be enabled manually. It certainly doesn’t hurt to always include this command.
mac-address-table synchronize
The following command sets the redundancy mode to SSO. However, it should be SSO by default.
redundancy
mode sso exit
Do show redundancy to see that it is SSO. If it comes up RPR, ! chances are Sups are 3CXL and the line cards are 3C. ! If that is the case, you’ll need to execute
platform hardware vsl pfc mode pfc3c
|
Switch 2
switch virtual domain 9 switch 2 switch 1 priority 110 switch 2 priority 100
mac-address use-virtual
Dual-active detection pagp trust channel 200 (PC for upstream Switch)
Exit
Check for each upstream switch 2nd switch
! Set Up the VSL link port-channel IDs must be unique on each chassis to form the VSL
interface port-channel 22
no shut desc VSL to switch 1 switch virtual link 2
no mls qos trust cos
no mls qos channel-consistency
! The etherchannel mode must be set to on. Best practice for etherchannel is normally desirable (PAgP) or active (LACP). But this is not a normal etherchannel. This is a special type of etherchannel and requires mode on.
Use the 10G ports on the supervisor.
interface range T5/4 -5
no shutdown
no switchport
interface range T5/4 -5
no shutdown channel-group 22 mode on
interface range T6/4 -5
no shutdown
no switchport
interface range T6/4 -5 no shutdown channel-group 22 mode on
NOTE: After VSS is enabled on both ! switches, the switches will need to be converted to virtual switch mode
switch convert mode virtual
! You’ll be asked if it is OK to save the running config and reboot the switch. Answer yes and then be patient. It takes a while for the switch to reboot.
You now have a single switch with a single configuration file.
! A console connection to switch 1 will show the active switch. A connection to switch 2 will show it to be the standby switch.
! The two switch configs have been merged into 1. The config on switch 1 is maintained while anything (other than VSS) from switch 2 is lost.
! For example, had you given both switches a hostname, the hostname of the merged switch would be that of switch 1.
Interfaces are now referenced by switch/module/port. So T1/1 on switch 1 is now T1/1/1. T1/1 on switch 2 is now T2/1/1.
|
Upstream Switch Configuration
VSS Switch configuration:
Note: - Create one port channel for each upstream switch. Do not use the port numbers used for VSS configuration.
Example: Port G1/1/1 and G2/1/1 will be use for upstream switch. ( make sure to match the speed and duplex setting of the ports connected to upstream ports)
Layer 2 Port-Channel
interface port-channel 100
switchport
switchport
Switchport trunk encapsulation dot1q
Switchport mode trunk
no shut
interface range GigabitEthernet 1/1/1, GigabitEthernet 2/1/1
switchport
switchport
channel-group 100 mode on
no shut
exit
exit
Layer 3 Port-Channel
interface port-channel 100
no switchport
no switchport
ip address 172.16.0.1 255.255.255.252
no shut
no shut
interface range GigabitEthernet 1/1/1, GigabitEthernet 2/1/1
no switchport
no switchport
channel-group 100 mode desirable
no shut
exit
exit
Upstream Switch Configuration
Layer 2 Port-Channel
interface port-channel 100
switchport
switchport
Switchport trunk encapsulation dot1q
Switchport mode trunk
no shut
interface range GigabitEthernet 1/1/1, GigabitEthernet 2/1/1
switchport
switchport
channel-group 100 mode on
no shut
exit
exit
Layer 3 Port-Channel
interface port-channel 10
no switchport ip address 172.16.0.2 255.255.255.252
no shut
no switchport ip address 172.16.0.2 255.255.255.252
no shut
!Note: The etherchannel on the upstream switch is not a MEC. ! The MEC resides on the VSS pair.
interface range TenGigabitEthernet 5/4 -5
no switchport channel-group 10 mode desirable no shut
exit
no switchport channel-group 10 mode desirable no shut
exit
From here you’ll want to confirm the etherchannel is up and you can ping across it.
show etherchannel summary
ping 172.16.0.1
ping 172.16.0.1
Example Configuration: Connecting VSS Switch to two CORE Cisco 6509 Catalyst Switches.
Port Channel Configuration
· Catalyst 6509-E VSS switch
o Trunk Port Configuration
§ Trunk port configuration to 192.168.50.254
interface Port-channel13
interface Port-channel13
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface G1/2/1 , G2/2/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 13 mode desirable
§ Trunk port configuration to 192.168.50.1
interface Port-channel12
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface G1/2/2 , G2/2/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 12 mode desirable
· Catalyst 6509 Switch
o RCK-6509-3 Trunk Port Configuration
§ Trunk port configuration to 6509-VSL9
interface Port-channel13
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface G2/1 , G3/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 13 mode desirable
o RCK-6509-3 Trunk Port Configuration
o Trunk port configuration to RCK-6509-VSL9
interface Port-channel12
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface G2/1 , G3/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 12 mode desirable
