Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYST 4000 SERIES

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss with Cisco expert Salman Zahid about Catalyst 4000, Catalyst OS and IOS switches. Salman joined Cisco Systems Inc. as an engineer in the Technical Assistance Center (TAC) LAN switching group in January 2003. His current responsibilities include escalations and troubleshooting complex issues related to the Cisco's Catalyst series switches. He also provides training to other TAC engineers and writes and reviews documents on Cisco.com.

Remember to use the rating system to let Salman know if you have received an adequate response.

Salman might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through October 7, 2005. Visit this forum often to view responses to your questions and the questions of other community members.

53 REPLIES
New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Hi,

With SSO configured, the Catalyst 4500 series IOS cannot create a pure L3 router port on any interface (GE or FE) but have to create a dump VLAN to bind with.

Is there any plan to change this behavior so as to match with the Catalyst 6500 series platform?

Regards,

Gary

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Gary-

This behaviour has already been changed in 12.2(25)EWA release. You can now create L3 ports with SSO in any release starting from 12.2(25)EWA. That includes the maintenance releases of 12.2(25)EWA and the new 12.2(25)SG release.

Thanks

Salman Zahid

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Salman,

I see there are 12.1E code and 12.2W codes available for 4k ? Which one should I run ?

Thank you,

Tom

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Hi Tom -

The most stable code on cat4k IOS is 12.2(18)EW5 as long as you are not running SSO ( Stateful Switch over ) . If you are running SSO , please run 12.2(25)EWA3.

12.1E train is only for bug fixes at this point. It is not as feature rich as 12.2W branches.

Hope this helps.

thanks

Salman Zahid

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

We have a number of Cat4006, still running CatOS (either 6.3(7) or 7.4(2)), and with the old Supervisor2s..

In looking at our options moving forward on these (The Sup2s will be hitting EOL soon, and are memory bound in regards to upgrades without buying new memory for them, which is expensive).

We are currently each fully populated with 5 WS-X4148 cards (10/100, 48 ports) and are using the 2 GBIC ports on the supervisor to uplink to our core 6513 switches.

My question is this: what's the most 'cost effective' solution to make these switches viable for the next 3-4 years - upgrade the supervisor to a supervisor 4 or 5 while maintaining the Cat4006 chassis? or total replacement with a Cat4500 chassis? Or should I just replace the whole thing with a stackable solution such as the 3560/2960 or better (assuming these are the next models up from the 3550/2950)..

On some floors, we also have either 3550 or 2950 switches that are have FEC links to the Cat4ks. If I replace them with a 4510, add the primary and redundant supervisor (SupV-10GE), and merge these ports into the Cat4500, then I'm spending 50k+ and only have maybe 1 more slot available by the time I add those ports back into the chassis-based solution, so it's hard to justify the gain from a cost perspective.

I realize that this may well be a "6 of one, half dozen of another" type issue, where either are viable, but another opinion as far as advantages/disadvantages would be appreciated -

Thanks.

...Nick

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Hi Nick -

Please see inline marked [ salman ]

We have a number of Cat4006, still running CatOS (either 6.3(7) or 7.4(2)), and with the old Supervisor2s.In looking at our options moving forward on these (The Sup2s will be hitting EOL soon, and are memory bound in regards to upgrades without buying new memory for them, which is expensive).

[ Salman ]

These are already EOL . Please refer to this link.

http://www.cisco.com/en/US/products/hw/switches/ps606/prod_eol_notice09186a0080225602.html

We are currently each fully populated with 5 WS-X4148 cards (10/100, 48 ports) and are using the 2 GBIC ports on the supervisor to uplink to our core 6513 switches. My question is this: what's the most 'cost effective' solution to make these switches viable for the next 3-4 years - upgrade the supervisor to a supervisor 4 or 5 while maintaining the Cat4006 chassis? or total replacement with a Cat4500 chassis? Or should I just replace the whole thing with a stackable solution such as the 3560/2960 or better (assuming these are the next models up from the 3550/2950)..

[ Salman ]

Nick , the whole idea of Cat4000 is since it is a central intelligence architecture , which means all the features are dependent on the sup.When you replace the sup , you get the new features and more bandwidth w/o replacing the line card and the chassis and that protects your investment.

So just by upgrading from sup2 to sup2+ ( WS-X4013+ ) , you get the enhanced qos and advanced access layer security features and more switching capacity. Now there are many variants of supervisors in Cat4000. Sup2+ , Sup3 ( EOL ) , Sup4 , Sup5 and Sup5-10GE . Now from what I understand , since most of these switches are in the access layer , sup2+ or sup4 should be good enough. That will give you all the new advanced features and give you a good ROI. Now you have to remember , if going forward you need IP telephony support ( Power over ethernet ) , the 4006 chassis does not have any power supplies that can do that and you need external power shelf for that. Another limitation of 4006 chassis is there can be only upto 400W power / slot. This limitation does not exist in 45xx chassis and 45xx chassis support Power supplies that can do inline power w/o the need for external power shelf. So just keep these things in mind when planning an upgarde.

On some floors, we also have either 3550 or 2950 switches that are have FEC links to the Cat4ks. If I replace them with a 4510, add the primary and redundant supervisor (SupV-10GE), and merge these ports into the Cat4500, then I'm spending 50k+ and only have maybe 1 more slot available by the time I add those ports back into the chassis-based solution, so it's hard to justify the gain from a cost perspective.

One advantage of the chassis based solution is the hardware modularity of the whole architecture and you can get new features w/o replacing the entire chassis.

Hope this helps.

thanks

Salman Zahid

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

hi salman,

i'm worrying about Xmit-Err and Rcv-Err port counters on my Catalyst 4006 w/Sup II. the ratio of Xmit-Err (or Rcv-Err) to total packets-transmitted-on-a-port ranges from .7% at the high end to .01% or less at the low-end. in my experience, once packet loss reaches 1%, the performance of typical TCP streams becomes so poor that the average user notices a problem. so i'm worried.

as i understand it, Xmit-Errs occur when the (shared) transmit buffer on the Sup card fills up (8Mb?) and the Sup card must discard a packet which it had received and which it wanted to transmit ... but couldn't on account of this full buffer.

http://www.cisco.com/en/US/customer/products/hw/switches/ps700/products_tech_note09186a008015bfd6.shtml#Xmit-Err

-would you agree with this description of Xmit-Err?

and then, as i understand it, Rcv-Err counts the sum of all dropped packets on the receive side ... since the physical layer error counters on my ports (Single-Col, Multi-Coll, Late-Coll, Excess-Col, Carri-Sen, Runts, Giants) are trivial (except for one half-duplex port) ... i'm guessing that an overrun shared buffer is the cause of the bulk of the Rcv-Err i am seeing, also.

http://www.cisco.com/en/US/customer/products/hw/switches/ps700/products_tech_note09186a008015bfd6.shtml#Xmit-Err

-would you agree with this characterization of Rcv-Err? [how big is that shared receive buffer? 8Mb also? are they separate? or is the transmit buffer and the receive buffer the same?]

interestingly enough, i notice that many of the ports on the box report either the same number, or nearly the same number, of Xmit-Errs. the Rcv-Err counters tend to be much smaller than their Xmit-Err counterparts and do not display this similarity. i'm not quite sure how to interpret this.

-would you have an interpretation to offer for why this similarity might be occurring?

insights appreciated,

--sk

stuart kendrick

fhcrc

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Hi Stuart :

Please see inline marked [ salman]

As i understand it, Xmit-Errs occur when the (shared) transmit buffer on the Sup card fills up (8Mb?) and the Sup card must discard a packet which it had received and which it wanted to transmit ... but couldn't on account of this full buffer.

[ Salman ]

The packet buffer ( SRAM ) or otherwise referred to as packet memory is an 8 Megs shared memory out of which 6 Megs is used for packet storage.

http://www.cisco.com/en/US/customer/products/hw/switches/ps700/products_tech_note09186a008015bfd6.shtml#Xmit-Err

-would you agree with this description of Xmit-Err?

[ Salman ]

the definition above is accurate.

and then, as i understand it, Rcv-Err counts the sum of all dropped packets on the receive side ... since the physical layer error counters on my ports (Single-Col, Multi-Coll, Late-Coll, Excess-Col, Carri-Sen, Runts, Giants) are trivial (except for one half-duplex port) ... i'm guessing that an overrun shared buffer is the cause of the bulk of the Rcv-Err i am seeing, also.

http://www.cisco.com/en/US/customer/products/hw/switches/ps700/products_tech_note09186a008015bfd6.shtml#Xmit-Err

-would you agree with this characterization of Rcv-Err? [how big is that shared receive buffer? 8Mb also? are they separate? or is the transmit buffer and the receive buffer the same?]

[ Salman ]

There is no separate packet memory for Rx and Tx . Cat4000 is a store and forward switch. Pakcte comes in the switch . we store in packet buffer . A header is passed to the forwarding asics and then the same packet ( sitting in the packet memory ) is sent out.

-would you agree with this characterization of Rcv-Err? [how big is that shared receive buffer? 8Mb also? are they separate? or is the transmit buffer and the receive buffer the same?]

[ Salman ]

Yes.

interestingly enough, i notice that many of the ports on the box report either the same number, or nearly the same number, of Xmit-Errs. the Rcv-Err counters tend to be much smaller than their Xmit-Err counterparts and do not display this similarity. i'm not quite sure how to interpret this.

[ Salman ]

Typically , the same number of Tx erors on several ports are a direct result of what is called Unicast flooding. If you have assymetric routing ( lot of times it happens because of HSRP ) , what can happen is switches may age out the mac addresses when the arp entry is still there and whenever you do not have mac entry , the switch basically floods the traffic in the entire vlan resulting in same number of Tx drops on several ports.The same can happen because of excessive broadcast in the vlan as well. When unicast flooding is happeneing , not necessarily all the ports are receiving traffic or atleast at the same rate , so that is why you see difference in rx and tx counters.

Hope this helps.

thanks

Salman Zahid

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

hi salman,

this is a follow-on to my previous post ...

-do you have any experience to report, seeing these counters incrementing on ports and correlating them with perceived performance of end-user applications?

-i'm looking for a way to track this problem across time ... so i'm poking through the output of an 'snmpwalk' on a C4K. i suspect that dot3StatsInternalMacTransmitErrors and dot3StatsInternalMacReceiveErrors track Xmit-Err and Rcv-Err, respectively ... these are per-port counters. i could do something like poll these variables for every single port, sum them, and then graph the result across time, to get a feel for how rapidly these counters are incrementing.

-can you see a more efficient way to do this? do you know of a single "number of dropped packets due to buffer overflow" variable?

i use the Catalyst 4006 w/Sup II almost exclusively at my access layer, feeding both vanilla end-stations and also the dozen or so server rooms scattered around my company. by this time next year, i expect to be well on my way to replacing this chassis with the 450x chassis and this Sup card with Sup V.

-however, in the meantime, if i worry enough ... and if i want to do something about this ;), what might my options be? if i replace the Sup II with a Sup V, what will change? does the Sup V implement larger transmit and receive buffers? does it still implement a shared buffer approach or does it allocate buffers to each port, and if so, how big? do different line cards behave differently? [do any line card contain per-port buffers?]

insights appreciated,

--sk

stuart kendrick

fhcrc

here is sample 'sh' output:

here's output from 'sh mod':

Mod Port Model Ser Versions

--- ---- ------------------ ---- -------------

1 2 WS-X4013 xxx Hw : 3.2

Gsp: 8.4(3.0)

Nmp: 8.4(3)GLX

2 48 WS-X4148-RJ45V xxx Hw : 2.7

3 48 WS-X4148-RJ45V xxx Hw : 1.6

4 48 WS-X4148-RJ45V xxx Hw : 2.6

6 48 WS-X4448-GB-RJ45 xxx Hw : 1.0

sample-esx> (enable) sh port

Port Align-Err FCS-Err Xmit-Err Rcv-Err

----- ---------- ---------- ---------- ----------

1/1 - 0 0 0

1/2 - 0 0 0

[...]

3/1 - 0 7913 0

3/2 - 0 1396 4

3/3 - 0 1396 0

3/4 - 0 1399 12

3/5 - 0 2 25

3/6 - 4 2 75

[...]

4/26 - 0 0 0

4/27 - 0 1397 0

4/28 - 0 1399 0

4/29 - 0 1400 0

4/30 - 0 1400 0

4/31 - 0 1400 0

4/32 - 0 1406 0

4/33 - 0 1397 0

4/34 - 0 1398 0

4/35 - 0 1399 0

4/36 - 0 1400 0

4/37 - 0 1403 0

4/38 - 0 1402 0

4/39 - 0 0 0

[...]

6/16 - 0 0 104

6/17 - 0 0 0

6/18 - 0 0 36881

6/19 - 0 0 0

6/20 - 0 0 422

[...]

6/47 - 0 1844 0

6/48 - 0 9534 0

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Stuart -

I would answer your query partly because I am not familiar with the SNMP as much. I doubt thought that there is a MIB that could give you a total packet drop counter. You will have to monitor the receive and transmit counters separately.

As far as the effects of these transmit counters is concerned , end users may experience slowness and application time out can occur for applications that are dependent on maintaining keepalives with the server.Ofcourse there are always security conbcerns of flooding unicast traffic. Unicast flooding can also occur because of Spanning tree topology change notifications.

Please take a look at the following link to see how unicast flooding can be prevented in a campus network.

http://www.cisco.com/warp/customer/473/143.html

If your servers are connected to WS-X448-GB-RJ45 , make sure you connect them in such a way so that they dont share the same asic. Spread them out over different asics . that way , they can sustain bursty traffic a little bit better.

SUPIV and SUPV have a much better architecture . SUP4 has 64 Gbps bandwidth capacity and SUP5 has 96 Gbps bandwidth. Both of these sups also have similar shared memory architecture , but packet memory is 32 megs.

Non blaocking gig ports have a tx buffer depth of 1920 packtes whereas blocking gig ports haqve a buffer depth of 240 packtes in these supervisors.

Hope this helps.

Salman Zahid

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

hi salman,

ok, i can sum the Xmit-Err/Rcv-Err counters for all ports and graph them ... just a little bit more code ...

i think i have a handle on unicast flooding in our environment ... this is an assymetric routing design, complete with HSRP ... we've mitigated the issue by increasing the CAM timeout from five minutes to four hours, makes it the same as the ARP timeout in the routers ... i'd like to think that this approach reduces the incidence of unicast flooding significantly. spanning-tree doesn't play a role here. broadcast traffic does ... the servers are equipped with various NIC redundancy schems ... 'TEAMing', in intel-speak ... and they send each other Hellos every second or so ... ~150 servers ... that's somewhere between 150 and 300 Hellos per second (in some schemes, both NICs are emitting Hellos, in others; only the primary is doing this).

regrettably, i can't spread those servers across ASICs ... this switch (and its redundant mate) are dedicated to a single server room ... more servers arriving as i type ...

but i have more questions: you say that the non-blocking gig ports have a tx buffer depth of 1920 packets while the blocking gig ports have a tx buffer depth of 240 packets.

-how about the rx queues? same?

-and, correct me if i'm mistaken, all these packets sit in the same 8MB (really 6MB) shared pool, right?

ok, so with the SupV, the shared pool increases from 8MB to 32MB. and the backplane is bigger, allowing for a lower ratio of blocking on the line cards. so, if i swapped out my SupII for a SupV, i would give myself more wiggle room.

-how does this compare to the C6K? i.e. what benefit, if any, would i gain by replacing my C4K with C6K?

--sk

stuart kendrick

fhcrc

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

but i have more questions: you say that the non-blocking gig ports have a tx buffer depth of 1920 packets while the blocking gig ports have a tx buffer depth of 240 packets.

[ Salman ]

the 1920 and 240 limit applies for IOS based Supervisors not CatOS based supervisors. They have a different limit 1024 and 128 respectively. CatOS has 2 queues / port and IOS has 4 queues / port.

-how about the rx queues? same?

[ Salman ]

We need to first clear one confusion .

1. There is a 8 Meg shared packet memory.

2. There are 2 tx-queues / port - Blocking ( 128 * 2 ) and non-blocking ( 1024 * 2 )

3. There are separate tx and rx queus on port level for flow control separate from the above memory.

-and, correct me if i'm mistaken, all these packets sit in the same 8MB (really 6MB) shared pool, right?

[ salman ]

No . Packet memory is different from tx-queues on the supervisor which is different from tx/ rx queues on the port level. The tx/ rx queues on the port level are responsible for flow control.

ok, so with the SupV, the shared pool increases from 8MB to 32MB. and the backplane is bigger, allowing for a lower ratio of blocking on the line cards. so, if i swapped out my SupII for a SupV, i would give myself more wiggle room.

[ Salman ]

The blocking ratio depends on the connection speed to the backplane. If a 48 Gig line card connects to a sup4 via 6 Gig connection , the blocking ratio would still be 8:1. Only once the packet makes it to the Switching asic you really see the advantage of having a newer sup as the forwarding rate within the asic is much higher. Besides you get features like routing and qos and multicast etc.

-how does this compare to the C6K? i.e. what benefit, if any, would i gain by replacing my C4K with C6K?

[ salman ]

There are several comparisons that can be made. But the main idea is Cat4k is typically used in access layer or in medium sized networks , it can be used in distribution layer. Cat6k can be used in access , distribution or core layers . Cat6k has much faster backplane and switching asics compared to 4k.

thanks

Salman Zahid

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

hi salman,

i'm trying to understand the consequences of various choices around gigabit flow control, aka Pause frames (aka Send and Receive Flow Control, aka Generate and Respond Flow Control). i understand how a Catalyst port, or an end-station, can be configured in one of three states for each of Send and Recive: on, off, and desired ... meaning, i believe:

on: i will send Pause frames whether my partner is willing to accept them or not

off: i will not send Pause frames whether my partner is willing to accept them or not

desired: if my partner is configured to 'on' or 'desired', i will send Pause frames; otherwise, i will not

-do you agree with this description of how auto-negotiation and gigabit flow control works?

ok, so i'm trying to understand what i would like my default port configuration to be. and i think the answer is 'desired' in both directions. unless i run into some interoperability issue (in which, say, an end-station doesn't understand the 'desired' mode), then i believe that 'desired' gives the optimal behavior, i.e. flow control turned on wherever possible.

-do you see any gotchas with this approach? i.e. to configuring every gigabit port i own to 'desired' in both directions?

i notice that the ports on my Catalyst 4006 w/Sup II ship with Send flow control configured as 'desired' and Receive flow control configured as 'off'.

-do you know of a reason why this default might ameliorate some types of problems, under some circumstances? i.e, why does the C4K ship with Receive flow control turned off, by default?

here is some sample output from one of my C4K:

Port Send FlowControl Receive FlowControl

admin oper admin oper

----- -------- -------- --------- ---------

1/1 desired off off off

1/2 desired off off off

6/1 on disagree desired off

6/2 on on desired on

[...]

on some of my gig ports, where the operational flow control is 'on' in both directions, i'm seeing substantial (hundreds of thousands after ~12 hours of operation) of TxPause ... and very few RxPause. this suggests to me that the C4K is feeling overwhelmed with some regularity and is transmitting Pause frames to the end-stations, asking them to be quiet for a while (perhaps to allow its shared Rcv buffer to empty?).

-would you agree with this interpretation?

insights appreciated,

--sk

stuart kendrick

fhcrc

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Hi Stuart -

Please see inline marked [ salman ]

-do you know of a reason why this default might ameliorate some types of problems, under some circumstances? i.e, why does the C4K ship with Receive flow control turned off, by default?

[ salman ]

First , we need to undertsand the purpose of flowcontrol in relation to blocking and non-blocking line cards and then in the light of that see if the above "default" makes sense. Blocking line card are basically you get Gig worth of bandwidth on front panel ( a port can burst upto 1 Gig ) but multiple gig ports are sharing the available bandwidth on the back end. Example would be WS-X4548-GBRJ45. this line card has 8 Gig ports on front panel connected via 1 Gig to the backplane which makes it 8:1 blocking. Similarly , there are ports that are non-blocking . Example would be supervisor uplink ports . Non-blocking means its a 1:1 mapping . 1 Gig port connected via 1 Gig connection to the backplane.

Now after this , take a look at your ports again. Port 1/1 and 1/2 are supervisor uplink ports .

For non-blocking ports , the configuration should be

Send : OFF

Rcv : Desired

Why ? Send should be off because the fact that port is non-blocking , it should always be able to recive upto a Gig worth of traffic and not have to send pause frames.

Rcv : Should be desired because what if this non-blocking port connects to a blocking gig port at which point it should react to the pause frame coming from the far side.

Having said that , the default setting of Send Desiree and Receive off look wrong to me. It should be otherway around. You can change the setting through command line

fcores1> (enable) set port flowcontrol 1/1 send off

Port 1/1 flow control send administration status set to off

(port will not send flowcontrol to far end)

fcores1> (enable) set port flowcontrol 1/1 receive desired

Port 1/1 flow control receive administration status set to desired

(port will allow far end to send flowcontrol if far end supports it)

fcores1> (enable)

For blocking ports , the setting should be Send ON and Receive as Desired which is what the default is.

The reason you are seeing so many Tx frames being sent out is most likely you have a blocking Gig line card in slot 6 that connects to non-blocking gig ports.

Hope this helps.

thanks

Salman Zahid

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

hi salman,

thank you for the detail ... i am understanding flow control more deeply now than in the past

and now my curiousity is kicking into high gear ... :) ... i'm wanting to understand a little more about how a C4K might work ...

let's focus for the moment on the two Sup card ports (these are in fact the uplink ports ... they go to a redundant pair of layer 3 boxes, C6K w/MSFC). i understand now that these ports are non-blocking, i.e. that they each have a 1Gb pipe to the C4K's backplane.

let's say that one of these ports ... port 1/1, to be specific ... is receiving traffic ... and the C4K's packet buffer becomes full. the next packet which arrives on port 1/1 (or, on any port, for that matter) will be discarded, because the packet buffer is full.

-in this situation, will port 1/1 emit a Pause frame? and if it does, won't all the ports emit Pause frames? (assuming that they are configured to do so)

ok, now let's focus on a blocking port. (i'm guessing that my line card in slot 6 is a blocking line card.) the card has 48 gig ports on it ... but only a 2Gb pipe to the backplane (yes? am i correct here?) at some point, let's assume that that 2Gb pipe becomes saturated.

-by what mechanism does the Sup card instruct ports on the line cards to send Pause frames?

-can a port send Pause frames across the backplane of the C4K, to the uplink ports (or, more generically, to other ports on the C4K)?

-does the Sup card instruct *all* ports in slot 6 to send Pause frames (once it believes that this module's 2Gb pipe to the backplane is saturated)? or just some? and if some, how does it make that choice?

[where am i headed with all this? i'm still wondering whether or not there might be value in configuring all ports as 'desired' for flowcontrol in both diretions ... i don't see a cost to this ... though, depending your answers to the above questions, perhaps there is no benefit, at least in some cases]

--sk

stuart kendrick

fhcrc

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Please see inline marked [ salman ]

thank you for the detail ... i am understanding flow control more deeply now than in the past

and now my curiousity is kicking into high gear ... :) ... i'm wanting to understand a little more about how a C4K might work ...

let's focus for the moment on the two Sup card ports (these are in fact the uplink ports ... they go to a redundant pair of layer 3 boxes, C6K w/MSFC). i understand now that these ports are non-blocking, i.e. that they each have a 1Gb pipe to the C4K's backplane.

let's say that one of these ports ... port 1/1, to be specific ... is receiving traffic ... and the C4K's packet buffer becomes full. the next packet which arrives on port 1/1 (or, on any port, for that matter) will be discarded, because the packet buffer is full.

-in this situation, will port 1/1 emit a Pause frame? and if it does, won't all the ports emit Pause frames? (assuming that they are configured to do so)

[ Salman ]

There are some port buffers besides the shared memory that is available per port and the port buffers for non-blocking Gig E ports are deep enough to sustain Gig bursts , that is why there is no need to ever send pause frames by a non-blocking Gig port.

ok, now let's focus on a blocking port. (i'm guessing that my line card in slot 6 is a blocking line card.) the card has 48 gig ports on it ... but only a 2Gb pipe to the backplane (yes? am i correct here?) at some point, let's assume that that 2Gb pipe becomes saturated.

[ Salman ]

It is connected by a 6 Gig backplane connection making it an 8:1 blocking line card.

-by what mechanism does the Sup card instruct ports on the line cards to send Pause frames?

[ Salman ]

Depletion of port buffers.

-can a port send Pause frames across the backplane of the C4K, to the uplink ports (or, more generically, to other ports on the C4K)?

[ Salman ]

No. Only to directly connected neighbor. Flowcontrol is a link local mechanism.

-does the Sup card instruct *all* ports in slot 6 to send Pause frames (once it believes that this module's 2Gb pipe to the backplane is saturated)? or just some? and if some, how does it make that choice?

[ Salman ]

No . It is per port basis and dependent on port buffers not Shared memory. Shared memory is separate from port buffers.

[where am i headed with all this? i'm still wondering whether or not there might be value in configuring all ports as 'desired' for flowcontrol in both diretions ... i don't see a cost to this ... though, depending your answers to the above questions, perhaps there is no benefit, at least in some cases]

[ Salman ]

For non-blocking ports , the setting should be .

SEND - ON

RCV - DESIRED

hope this helps.

thanks

Salman Zahid

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

hi salman,

i'm trying to understand 'Jumbo Frames' in gigabit ethernet.

specifically, is there any autonegotiation mechanism built into 802.3ab which defends me against contradictory settings?

-if i configure an end-station to emit Jumbo Frames ... and i plug it into a Catalyst 4006 w/Sup II port (whose line cards do *not* support Jumbo Frames, according to my understanding) ... do bad things happen? or is there some auto-negotiation mechanism which will allow the end-station to realize that its partner does not support Jumbo Frames and to quit sending them?

[i have tried this once ... inadvertently ... the Catalyst port started recording physical layer errors ... and the end-user application ... which was MS Exchange ... broke entirely. ping worked fine ... though i forgot to try sending 'large' pings ...]

i'm wanting to understand this issue; in particular, to discover if there is a way for me to configure my gear such that no matter what choice the end-station makes, things work.

--sk

stuart kendrick

fhcrc

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Stuart -

Unfortunately , dynamically negotiating the ethernet packet size does not exist in any of the standards that are in use right now. Specially for Cat4k with sup1/sup2 and all other variants of these sups like WS-C2948G , WS-C4912G etc , there is an asic limitation that prevents it from receiving / forwarding jumbo frames . So if you send a jumbo frame on a Cat4k with up1/sup2 , you will see the following counter increment and the packet will be dropped.

Cat4004> (enable) sh counters

--------------- SNIP ----------------

11 pkts256to511 = 0

12 pkts512to1023 = 0

13 pkts1024to1522 = 0

14 rxNoPacketBufferCount = 0

15 rxCRCAlignErrorPacketCount = 0

16 rxUndersizedPacketCount = 0

17 rxOversizedPacketCount = 0 <---- this counter

18 rxFragmentPacketCount = 0

19 rxJabberPacketCount = 0

In other switches like cat4500 ( w SUP2+ , SUP4 etc ) , you can configure jumbo framing such that switch will forward the packets upto the jumbo frame size. Now if the end host sends a normal size frame or a jumbo frame , it does not matter . To that extend , it becomes dynamic once the jumbo framing is configured on the switches , but there is no facility for negotiation.

thanks

Salman Zahid

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Salman,

Does the 4500 have an equivalent command as 'show mls entry ip' (6500 CATOS command) to take a peak at what is in the flow tables?

Thanks

JJ

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Hi JJ -

the CATOS based supervisors SUPI and SUPII ( WS-X4012 and WS-X4013 ) are purely layer 2 switches and there are no layer 3 asics that do multi layer switching or CEF switching like Cat6k. So the answer to your question would be no . There is no equivalent command to sh mls entry ip as cat4k ( CatOS ) based switches are just layer 2 switches . IOS based Cat4k switches do CEF based switching and the commands exist to check the CEF table.

thanks

Salman Zahid

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Salmon,

Thanks... it is the IOS based 4500 with the WS-X4515 sup that I would like to see the equivalent command work on.

The CEF table doesn't exist unless I enable routing and turn on CEF. The CEF commands don't seem to provide detailed flow information down to the port level statistics as the 'show mls entry ip' command does.

How can I get this level of detail?

Thanks again!

JJ

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

JJ -

I beleive you are looking for something like the following information to show up.

Switch# show ip cache flow

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 28 0.0 167 40 0.0 20.9 11.9

TCP-other 185 0.0 2 48 0.0 6.2 15.4

UDP-DNS 4 0.0 1 61 0.0 0.0 15.5

UDP-other 13466 0.0 3396586 46 91831.3 139.3 15.9

ICMP 97 0.0 2 95 0.0 2.3 15.4

IGMP 1 0.0 2 40 0.0 0.9 15.1

IP-other 1120 0.0 38890838 46 87453.0 1354.5 24.0

Total: 14901 0.0 5992629 46 179284.3 227.8 16.5

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts

Gi6/2 30.20.1.18 Gi6/1 30.10.1.18 11 4001 4001 537K

This can be done by using Netflow. But for netflow on Cat4k , you will need a netflow daughter card. Part # is WS-F4531 .

More details here.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_2_25a/conf/nfswitch.htm

thanks

Salman Zahid

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Salman

I have Cisco Catalyst 4006 switch which is CLI based. Can i upgrade it to IOS based so that it will be easy to configure?

Thanks

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

When you say you have a CLI based switch , do you mean CATOS ? Because even when you upgarde it to IOS , IOS is also CLI based.

I am going to break your questions into 3 questions .

1. I have a CatOS CLI based switch . Can I do configuration via Graphical user interface .

[ Salman ]

Yes , you can . If you have a CatOS image that look like cat4000-k8.7-6-1.bin ( I am using this image as an example to illustrate the point ) , you need an additional image with a CV ( Cisco View ) on it enable GUI. Example would be cat4000-cv.7-6-1.bin.

2. I have an IOS CLI based switch . Can I do configuration via Graphical user interface.

[ Salman ]

Yes you can. Use a free software called CNA ( Cisco Network Assistant ) to manage Cat4000 IOS based switches via GUI.

http://www.cisco.com/en/US/products/ps5931/index.html

3. I have a CatOS based Cat4000 switch. Can I upgarde the software on it to run IOS.

[ Salman ]

No. It is dependent on the type of supervisor. Some supervisor only run CatOS while others only run IOS . Unlike 6k , where you can go between CatOS and IOS , in Cat4000 you do not have that option.

The supervisors that run CatOS

WS-X4012

WS-X4013

The supervisors that run IOS.

WS-X4014

WS-X4515

WS-X4516

WS-X4013+

WS-X4516-10GE

WS-X4013+TS

Hope this helps.

thanks

Salman Z.

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Salman

Switch information is attached.It is WS-X4013.How can i find its supervisor engine information?

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

WS-X4013 is a supervisor that runs CatOS. It is purely layer 2 sup. It is also called as sup2. Specifically , what other information are you looking for ? It cannot be upgarded to run IOS. However , if you install an additional CV ( Cisco View ) file on it , you can enable GUI based administration.

The following link describes how to enable web interface and installing CV file.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/78_10697.htm

Important thing to note is for the Catalyst 4500 series switches, the CWI is not bundled with an online software image on Cisco.com. You can download the CWI as a totally separate image from the supervisor engine software at the following URL: http://www.cisco.com/cgi-bin/tablebuild.pl/cat4000.

So basically you have to have a regular non CV image as well as a CV image to enable web interface.

Hope this helps.

thanks

Salman Z.

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Hi,

Can you please point me to the doc that specifies the meaning of GLX in CAT4000-k8.8-4-8-GLX.bin? I looked for the software naming conventions, and could not find this.

I am trying to upgrade a 4006 switch with WS-X4013 SUP.

Thanks,

Naveen

Silver

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Hi Naveen -

Since this is something that has to do with internal code names , we do not have a document for this. For what its worth , GLX is a short form for Galaxy. It does not have any specific meaning as far as Cat4k CatOS code is concerned.

I understand the confusion stems from the fact that for 5.x , 6.x and 7.x code trains do not have GLX in the code name while all 8.x codes for Cat4k do. This is only for internal tracking purposes and customer should not be worried about it.

Hope this helps.

Salman Z.

New Member

Re: ASK THE EXPERT–CONFIGURATION AND TROUBLESHOOTING OF CATALYS

Hi Salman,

I've configured port security with 8 of maximum mac on 4506, but port was disabled often by connecting only 2 or 3 macs, following is the info :

version 8.4(8)GLX

set port security 4/16 enable age 1 maximum 8 shutdown 0 unicast-flood enable violation restrict

log :

2005 Sep 28 16:09:54 GMT +0x:00 %SECURITY-1-PORTSHUTDOWN:Port 4/16 shutdown due to security violation 00-09-6b-93-01-xx

Thanks in advance !

113
Views
34
Helpful
53
Replies