manualshive.com logo in svg

Cisco Catalyst 9200 Series, Configuration Manual

The Cisco Catalyst 9200 Series Configuration Manual is an essential resource for effectively optimizing and managing your Cisco Catalyst 9200 Series switches. Access this comprehensive manual for free download on our website, providing step-by-step instructions and valuable insights to maximize the performance of your network infrastructure.

Share
Download
background image

C H A P T E R

13

Configuring Secure Storage

Information About Secure Storage, on page 227

Enabling Secure Storage , on page 227

Disabling Secure Storage , on page 228

Verifying the Status of Encryption, on page 229

Feature Information for Secure Storage, on page 229

Information About Secure Storage

Secure Storage feature allows you to secure critical configuration information by encrypting it. It encrypts
asymmetric key-pairs, pre-shared secrets, the type 6 password encryption key and certain credentials. An
instance-unique encryption key is stored in the hardware trust anchor to prevent it from being compromised.

Enabling Secure Storage

Before you begin

By default, this feature is disabled.

SUMMARY STEPS

1.

configure terminal

2.

service private-config-encryption

3.

end

4.

write memory

DETAILED STEPS

Purpose

Command or Action

Enters the global configuration mode.

configure terminal

Example:

Step 1

Device#

configure terminal

System Management Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9200 Switches)

227

Summary of Contents for Catalyst 9200 Series

Page 1: ...Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches First Published 2018 12 10 Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 ...

Page 2: ... 2018 2020 Cisco Systems Inc All rights reserved ...

Page 3: ...6 System Name and Prompt 7 Stack System Name and Prompt 8 Default System Name and Prompt Configuration 8 DNS 8 Default DNS Settings 8 Login Banners 8 Default Banner Configuration 9 MAC Address Table 9 MAC Address Table Creation 9 MAC Addresses and VLANs 9 MAC Addresses and Device Stacks 9 Default MAC Address Table Settings 10 ARP Table Management 10 How to Administer the Device 10 Configuring the ...

Page 4: ...tification Traps 35 Adding and Removing Static Address Entries 37 Configuring Unicast MAC Address Filtering 38 Monitoring and Maintaining Administration of the Device 40 Configuration Examples for Device Administration 41 Example Setting the System Clock 41 Examples Configuring Summer Time 41 Example Configuring a MOTD Banner 41 Example Configuring a Login Banner 42 Example Configuring MAC Address...

Page 5: ...and Image Update 55 Restrictions for DHCP based Autoconfiguration 56 DHCP Autoconfiguration 56 DHCP Auto Image Update 56 DHCP Server Configuration Guidelines 56 Purpose of the TFTP Server 57 Purpose of the DNS Server 58 How to Obtain Configuration Files 58 How to Control Environment Variables 59 Common Environment Variables 60 Environment Variables for TFTP 61 Scheduled Reload of the Software Imag...

Page 6: ...erforming Device Setup Configuration 83 Configuring Smart Licensing 85 C H A P T E R 4 Prerequisites for Configuring Smart Licensing 85 Introduction to Smart Licensing 85 Overview of CSSM 86 Connecting to CSSM 86 Configuring a Connection to CSSM and Setting Up the License Level 88 Setting Up a Connection to CSSM 88 Configuring the Call Home Service for Direct Cloud Access 90 Configuring the Call H...

Page 7: ...mplates 115 Examples Configuring SDM Templates 116 Additional References for SDM Templates 117 Feature History for SDM Templates 117 Configuring System Message Logs 119 C H A P T E R 6 Finding Feature Information 119 Information About Configuring System Message Logs 119 System Messsage Logging 119 System Log Message Format 120 Default System Message Logging Settings 121 Syslog Message Limits 121 H...

Page 8: ...e Diagnostics 136 Scheduling Online Diagnostics 136 Configuring Health Monitoring Diagnostics 137 Monitoring and Maintaining Online Diagnostics 140 Configuration Examples for Online Diagnostic Tests 140 Examples Start Diagnostic Tests 140 Example Configure a Health Monitoring Test 140 Examples Schedule Diagnostic Test 140 Examples Displaying Online Diagnostics 140 Additional References for Online ...

Page 9: ...ver 153 What to Do Next 154 Copying a Configuration File from the Device to an RCP Server 154 Examples 155 What to Do Next 155 Copying a Configuration File from the Device to the FTP Server 155 Examples 157 What to Do Next 157 Copying a Configuration File from a TFTP Server to the Device 157 What to Do Next 158 Copying a Configuration File from the rcp Server to the Device 159 Examples 160 What to...

Page 10: ...ites for Configuration Replace and Configuration Rollback 181 Restrictions for Configuration Replace and Configuration Rollback 182 Information About Configuration Replace and Configuration Rollback 182 Configuration Archive 182 Configuration Replace 183 Configuration Rollback 184 Configuration Rollback Confirmed Change 184 Benefits of Configuration Replace and Configuration Rollback 184 How to Us...

Page 11: ... for Software Maintenance Upgrade 212 Working with the Flash File System 213 C H A P T E R 1 1 Finding Feature Information 213 Information About the Flash File System 213 Displaying Available File Systems 214 Setting the Default File System 215 Displaying Information About Files on a File System 215 Changing Directories and Displaying the Working Directory 216 Creating Directories 217 Removing Dir...

Page 12: ... Tracing 232 Conditional Debugging and Radioactive Tracing 232 Location of Tracefiles 232 Configuring Conditional Debugging 233 Radioactive Tracing for L2 Multicast 235 Recommended Workflow for Trace files 235 Copying tracefiles off the box 235 Monitoring Conditional Debugging 236 Configuration Examples for Conditional Debugging 236 Additional References for Conditional Debugging and Radioactive T...

Page 13: ...onitoring Temperature 255 Monitoring the Physical Path 255 Executing IP Traceroute 256 Redirecting Debug and Error Message Output 256 Using the show platform Command 256 Using the show debug command 256 Verifying Troubleshooting of the Software Configuration 257 Displaying OBFL Information 257 Example Verifying the Problem and Cause for High CPU Utilization 257 Scenarios for Troubleshooting the So...

Page 14: ...System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches xiv Contents ...

Page 15: ... configuration methods RTC and NTP or manual configuration methods For complete syntax and usage information for the commands used in this section see the Cisco IOS Configuration Fundamentals Command Referenceon Cisco com Note System Clock The basis of the time service is the system clock This clock runs from the moment the system starts up and keeps track of the date and time The system clock can...

Page 16: ...me might not be accurate by never synchronizing to a device that is not synchronized NTP also compares the time reported by several devices and does not synchronize to a device whose time is significantly different than the others even if its stratum is lower The communications between devices running NTP known as associations are usually statically configured each device is given the IP address o...

Page 17: ...NTP from a stratum 1 time server and so on A device running NTP automatically chooses as its time source the device with the lowest stratum number with which it communicates through NTP This strategy effectively builds a self organizing tree of NTP speakers NTP avoids synchronizing to a device whose time might not be accurate by never synchronizing to a device that is not synchronized NTP also com...

Page 18: ... hosts Because this is a peer to peer relationship the host will also retain time related information of the local networking device that it is communicating with This mode should be used when a number of mutually redundant servers are interconnected via diverse network paths Most stratum 1 and stratum 2 servers on the Internet adopt this form of network setup Use the ntp peer command to individua...

Page 19: ...nchronize itself to a system whose address passes the access list criteria 5 serve only Allows only time requests from a system whose address passes the access list criteria 6 query only Allows only NTP control queries from a system whose address passes the access list criteria If the source IP address matches the access lists for more than one access type the first type is granted access If no ac...

Page 20: ...ource IP Address for NTP Packets When the system sends an NTP packet the source IP address is normally set to the address of the interface through which the NTP packet is sent Use the ntp source interface command in global configuration mode to configure a specific interface from which the IP source address will be taken This interface will be used for the source address for all packets sent to al...

Page 21: ...atives is also available This software allows host systems to be time synchronized as well System Name and Prompt You configure the system name on the Device to identify it By default the system name and prompt are Switch If you have not configured a system prompt the first 20 characters of the system name are used as the system prompt A greater than symbol is appended The prompt is updated whenev...

Page 22: ...ain name is cisco com A specific device in this domain for example the File Transfer Protocol FTP system is identified as ftp cisco com To keep track of domain names IP has defined the concept of a domain name server which holds a cache or database of names mapped to IP addresses To map domain names to IP addresses you must first identify the hostnames specify the name server that is present on yo...

Page 23: ...ng out those that are not in use The aging interval is globally configured However the device maintains an address table for each VLAN and STP can accelerate the aging interval on a per VLAN basis The device sends packets between any combination of ports based on the destination address of the received packet Using the MAC address table the device forwards the packet only to the port associated wi...

Page 24: ...ssociation is stored in an ARP cache for rapid retrieval Then the IP datagram is encapsulated in a link layer frame and sent over the network Encapsulation of IP datagrams and ARP requests and replies on IEEE 802 networks other than Ethernet is specified by the Subnetwork Access Protocol SNAP By default standard Ethernet style ARP encapsulation represented by the arpa keyword is enabled on the IP ...

Page 25: ...e configured time zone clock set hh mm ss month day year Example day Specifies the day by date in the month Device clock set 13 32 00 23 March 2013 month Specifies the month by name year Specifies the year no abbreviation Configuring the Time Zone Follow these steps to manually configure the time zone SUMMARY STEPS 1 enable 2 configure terminal 3 clock timezone zone hours offset minutes offset 4 e...

Page 26: ... minutes offset from UTC This available where the local time zone is a percentage of an hour different from UTC Returns to privileged EXEC mode end Example Step 4 Device config end Verifies your entries show running config Example Step 5 Device show running config Optional Saves your entries in the configuration file copy running config startup config Example Step 6 Device copy running config star...

Page 27: ... days every year All times are relative to the local time zone The start time is relative to standard time clock summer time zone recurring week day month hh mm week day month hh mm offset Example Step 4 The end time is relative to summer time Summer time is disabled by default If you specify clock summer time Device config clock summer time PDT recurring 10 March 2013 2 00 3 November 2013 zone re...

Page 28: ...y running config startup config Follow these steps if summer time in your area does not follow a recurring pattern configure the exact date and time of the next summer time events SUMMARY STEPS 1 enable 2 configure terminal 3 clock summer time zone date month date year hh mm month date year hh mm offset orclock summer time zone date date month year hh mm date month year hh mm offset 4 end 5 show r...

Page 29: ...the week of the month 1 to 5 or last Optional For day specify the day of the week Sunday Monday Optional For month specify the month January February Optional For hh mm specify the time 24 hour format in hours and minutes Optional For offset specify the number of minutes to add during summer time The default is 60 Returns to privileged EXEC mode end Example Step 4 Device config end Verifies your e...

Page 30: ...ess control is specified NTP access restrictions The source address is set by the outgoing interface NTP packet source IP address NTP is enabled on all interfaces by default All interfaces receive NTP packets Configuring NTP Authentication To configure NTP authentication perform this procedure SUMMARY STEPS 1 enable 2 configure terminal 3 no ntp authenticate 4 no ntp authentication key number md5 ...

Page 31: ...hentication using Hash based Message Authentication Code HMAC using the SHA1 hash function The digest length is 128 bits and the key length is 1 to 32 bytes hmac sha2 256 Authentication using HMAC using the SHA2 hash function The digest length is 256 bits and the key length is 1 to 32 bytes Use the no form of this command to remove authentication key Defines the authentication keys no ntp authenti...

Page 32: ...ation using Hash based Message Authentication Code HMAC using the SHA1 hash function The digest length is 128 bits and the key length is 1 to 32 bytes hmac sha2 256 Authentication using HMAC using the SHA2 hash function The digest length is 256 bits and the key length is 1 to 32 bytes Use the no form of this command to remove authentication key Defines trusted authentication keys that a peer NTP d...

Page 33: ...TEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Configures the device system clock to synchronize a peer or to be synchronized by a peer peer association no ntp peer ip address version number key key id source interface prefer ...

Page 34: ...erver 172 16 22 44 version 2 number NTP version number The range is 1 to 3 By default version 3 is selected key id Authentication key defined with the ntp authentication key command interface The interface from which to pick the IP source address By default the source IP address is taken from the outgoing interface prefer Sets this peer as the preferred one that provides synchronization This keywo...

Page 35: ... key key id destination address Step 4 Example number NTP version number The range is 1 to 3 By default version 3 is used Device config if ntp broadcast version 2 key id Authentication key destination address IP address of the peer that is synchronizing its clock to this switch Use the no form of this command to disable the interface from sending NTP broadcast packets Enables the interface to rece...

Page 36: ...ribed in these sections Creating an Access Group and Assigning a Basic IP Access List To create an access group and assign a basic IP access list perform this procedure SUMMARY STEPS 1 enable 2 configure terminal 3 no ntp access group query only serve only serve peer access list number 4 access list access list number permit source source wildcard 5 end DETAILED STEPS Purpose Command or Action Ena...

Page 37: ...Step 4 access list number IP access list number The range is from 1 to 99 Example Device config access list 99 permit 172 20 130 5 permit Permits access if the conditions are matched source IP address of the device that is permitted access to the device source wildcard Wildcard bits to be applied to the source When creating an access list remember that by default the end of the access list contain...

Page 38: ...p 3 Device config interface gigabitethernet1 0 1 Disables NTP packets from being received on the interface no ntp disable Step 4 Example Use the no form of this command to re enable receipt of NTP packets on an interface Device config if ntp disable Returns to privileged EXEC mode end Example Step 5 Device config if end Configuring a System Name Follow these steps to manually configure a system na...

Page 39: ...ame The name must follow the rules for ARPANET hostnames They must start with a letter end with a letter or digit and remote users have as interior characters only letters digits and hyphens Names can be up to 63 characters Returns to priviliged EXEC mode end Example Step 4 remote users config end remote users Verifies your entries show running config Example Step 5 Device show running config Opti...

Page 40: ...nd or Action Enables privileged EXEC mode Enter your password if prompted enable Example Step 1 Device enable Enters the global configuration mode configure terminal Example Step 2 Device configure terminal Defines a default domain name that the software uses to complete unqualified hostnames names without a dotted decimal domain name ip domain name name Example Device config ip domain name Cisco ...

Page 41: ...ames that uniquely identify your devices by using the global Internet naming scheme DNS Returns to privileged EXEC mode end Example Step 6 Device config end Verifies your entries show running config Example Step 7 Device show running config Optional Saves your entries in the configuration file copy running config startup config Example Step 8 Device copy running config startup config Configuring a...

Page 42: ...wed For access contact technical support message Enters a banner message up to 255 characters You cannot use the delimiting character in the message Returns to privileged EXEC mode end Example Step 4 Device config end Verifies your entries show running config Example Step 5 Device show running config Optional Saves your entries in the configuration file copy running config startup config Example S...

Page 43: ... The Device config banner login delimiting character signifies the beginning and end of the Access for authorized users only banner text Characters after the ending delimiter are discarded Please enter your username and password message Enters a login message up to 255 characters You cannot use the delimiting character in the message Returns to privileged EXEC mode end Example Step 4 Device config...

Page 44: ...nfiguration mode configure terminal Example Step 2 Device configure terminal Sets the length of time that a dynamic entry remains in the MAC address table after the entry is used or updated mac address table aging time 0 10 1000000 routed mac vlan vlan id Step 3 Example The range is 10 to 1000000 seconds The default is 300 You can also enter 0 which disables aging Static address entries are never ...

Page 45: ... 1 2c 3 vrf vrf instance name 4 snmp server enable traps mac notification change 5 mac address table notification change 6 mac address table notification change interval value history size value 7 interface interface id 8 snmp trap mac notification change added removed 9 end 10 show running config 11 copy running config startup config DETAILED STEPS Purpose Command or Action Enables privileged EXE...

Page 46: ...vice to send MAC address change notification traps to the NMS snmp server enable traps mac notification change Example Step 4 Device config snmp server enable traps mac notification change Enables the MAC address change notification feature mac address table notification change Example Step 5 Device config mac address table notification change Enters the trap interval time and the history table si...

Page 47: ...ptional Saves your entries in the configuration file copy running config startup config Example Step 11 Device copy running config startup config Configuring MAC Address Move Notification Traps When you configure MAC move notification an SNMP notification is generated and sent to the network management system whenever a MAC address moves from one port to another within the same VLAN Follow these s...

Page 48: ... the default is not available with informs community string Specifies the string to send with the notification operation Though you can set this string by using the snmp server host command we recommend that you define this string by using the snmp server community command before using the snmp server host command notification type Uses the mac notification keyword Enables the device to send MAC a...

Page 49: ...vileged EXEC commands Configuring MAC Threshold Notification Traps When you configure MAC threshold notification an SNMP notification is generated and sent to the network management system when a MAC address table threshold limit is reached or exceeded Follow these steps to configure the switch to send MAC address table threshold notification traps to an NMS host SUMMARY STEPS 1 enable 2 configure...

Page 50: ...the notification operation You can set this string by using the snmp server host command but we recommend that you define this string by using the snmp server community command before using the snmp server host command notification type Uses the mac notification keyword Enables MAC threshold notification traps to the NMS snmp server enable traps mac notification threshold Example Step 4 Device con...

Page 51: ...onfig Example Step 8 Device show running config Optional Saves your entries in the configuration file copy running config startup config Example Step 9 Device copy running config startup config Adding and Removing Static Address Entries Follow these steps to add a static address SUMMARY STEPS 1 enable 2 configure terminal 3 mac address table static mac addr vlan vlan id interface interface id 4 sh...

Page 52: ...d Valid interfaces include physical ports or port channels For static multicast addresses you can enter multiple interface IDs For static unicast addresses you can enter only one interface at a time but you can enter the command multiple times with the same MAC address and VLAN ID Verifies your entries show running config Example Step 4 Device show running config Optional Saves your entries in the...

Page 53: ...ddr Specifies a source or destination unicast MAC address 48 bit Packets with this MAC address are dropped static c2f3 220a 12f4 vlan 4 drop vlan id Specifies the VLAN for which the packet with the specified MAC address is received Valid VLAN IDs are 1 to 4094 Returns to privileged EXEC mode end Example Step 4 Device config end Verifies your entries show running config Example Step 5 Device show r...

Page 54: ...ys the number of addresses present in all VLANs or the specified VLAN show mac address table count Displays only dynamic MAC address table entries show mac address table dynamic Displays the MAC address table information for the specified interface show mac address table interface interface name Displays the MAC address table move update information show mac address table move update Displays a li...

Page 55: ...0 March 2013 2 00 20 November 2013 2 00 Example Configuring a MOTD Banner This example shows how to configure a MOTD banner by using the pound sign symbol as the beginning and ending delimiter Device config banner motd This is a secure site Only authorized users are allowed For access contact technical support Device config This example shows the banner that appears from the previous configuration...

Page 56: ...ss table notification change history size 100 Device config interface gigabitethernet1 2 1 Device config if snmp trap mac notification change added Example Configuring MAC Threshold Notification Traps This example shows how to specify 172 20 10 10 as the NMS enable the MAC address threshold notification feature set the interval time to 123 seconds and set the limit to 78 per cent Device config snm...

Page 57: ...witches System management commands MIBs MIBs Link MIB To locate and download MIBs for selected platforms Cisco IOS releases and feature sets use Cisco MIB Locator found at the following URL http www cisco com go mibs All supported MIBs for this release Technical Assistance Link Description http www cisco com support The Cisco Support website provides extensive online resources including documentat...

Page 58: ... The device administration allows to configure the system time and date system name a login banner and set up the DNS Device Administration Cisco IOS XE Fuji 16 9 2 Use Cisco Feature Navigator to find information about platform and software image support To access Cisco Feature Navigator go to http www cisco com go cfn System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9...

Page 59: ...is record and compare it with a Cisco certified record to verify if your software image is genuine If the checksum values do not match you may be running a software image that is either not certified by Cisco or has been altered by an unauthorized party Verifying the Software Image and Hardware This task describes how to retrieve the checksum record that was created during a switch bootup Enter th...

Page 60: ...BAQUFADA1 MRYwFAYDVQQKEw1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENB IDIwNDgwHhcNMDQwNTE0MjAxNzEyWhcNMjkwNTE0MjAyNTQyWjA1MRYwFAYDVQQK Ew1DaXNjbyBTeXN0ZW1zMRswGQYDVQQDExJDaXNjbyBSb290IENBIDIwNDgwggEg MA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCwmrmrp68Kd6ficba0ZmKUeIhH xmJVhEAyv8CrLqUccda8bnuoqrpu0hWISEWdovyD0My5jOAmaHBKeN8hF570YQXJ FcjPFto1YYmUQ6iEqDGYeJu5Tm8sUxJszR2tKyS7McQr 4NEb7Y9JHcJ6r8qqB9q ...

Page 61: ...No aXBJRD1RRGx6T0FZUHQwRTJJRVFFQUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB PTANBgkqhkiG9w0BAQsFAAOCAQEAgLUxZfNmrXZ6ZMGX69dDPkmvp9cFqXR538LF PdypCRuSk20GF8OeDUOsuIi4mbB87JSOWvLomdBtXdnxzRu4kPZNFz 7pjAVRT3R gwMMyiEnDWQSvy7e4SZmyVgej55e3hTW LTeU8lCE0KRoYGDce5Phv2zdHtIsXrV XsY Fropfntt1FV9qqDskDWcKf0bos6VsyWUpSCEGqF7LfNnBTKYvXUUmkXHKf d W5HgrYt6bQ h 0EP MY2wpAiWMCfX6F xW20vZfK8NzNesieB38IvuTkgefhz2s yGCOavAx...

Page 62: ...1 1 cat9k_lite webui 16 10 01 SPA pkg C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F D B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1 4 F A 7 C C C A A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F B 0 3 E B 0 C 6 4 0 5 7 A D 6 A 9 6 7 3 E 2 1 1 4 F A 7 cat9k wlc 16 10 01 SPA pkg A A 7 E D 0 A E 9 3 5 C B 0 B D 8 4 E 0 D 0 D 1 5 5 C 1 D E F D B 0 3 E B 0 C 6 4...

Page 63: ...7 3 E 2 1 1 4 F A 7 C C C A PCR0 750E5D2EDAE6E3A68050638E0BFD8619BE4EA13066025D39DF79408719F5177E PCR8 EB6E739A63F53E703B6CDAF3F6188833CEF6D32E2F726006B9AA34E1E73048C4 Signature version 1 Signature 5 A A 4 1 E 6 C 7 2 2 D 8 4 1 D 0 2 F 5 A 7 B 6 D 0 9 6 3 9 5 E 7 8 6 D 6 9 4 9 C F C 9 E C 1 C 4 7 6 F 7 7 6 B C 1 C 5 9 9 C B E F 3 E 6 9 A 9 8 9 1 D C 1 0 0 E A 2 5 6 C E 1 9 B 7 C C A 2 7 7 7 4 A A ...

Page 64: ...latform identity and software integrity information to be visible and actionable Platform identity provides the platform s manufacturing installed identity Boot Integrity Visibility Cisco IOS XE Fuji 16 9 2 Use Cisco Feature Navigator to find information about platform and software image support To access Cisco Feature Navigator go to http www cisco com go cfn System Management Configuration Guide...

Page 65: ...s these activities Performs low level CPU initialization It initializes the CPU registers which control where physical memory is mapped its quantity its speed and so forth Performs power on self test POST for the CPU subsystem and tests the system DRAM Initializes the file systems on the system board Loads a default operating system software image into memory and boots up the device The boot loade...

Page 66: ...ile is used from a local or remote location to boot the device In the install boot mode the bootloader uses the packages conf file to boot up the device The following software install features are supported on your switch Software bundle installation on a standalone switch Software rollback to a previously installed package set Software Boot Modes Your device supports two modes to boot the softwar...

Page 67: ...o the device The location can be FTP HTTP HTTPs or TFTP The command extracts individual components of the bin file into sub packages and packages conf file It also validates the file to ensure that the image file is specific to the platform Devices Information Assignment You can assign IP information through the device setup program through a DHCP server or manually Use the device setup program if...

Page 68: ...ion file With DHCP based autoconfiguration no DHCP client side configuration is needed on your device However you need to configure the DHCP server for various lease options associated with IP addresses If you want to use DHCP to relay the configuration file location on the network you might also need to configure a Trivial File Transfer Protocol TFTP server and a Domain Name System DNS server We ...

Page 69: ...essage are invalid a configuration error exists the client returns a DHCPDECLINE broadcast message to the DHCP server The DHCP server sends the client a DHCPNAK denial broadcast message which means that the offered configuration parameters have not been assigned that an error has occurred during the negotiation of the parameters or that the client has been slow in responding to the DHCPOFFER messa...

Page 70: ...e device DHCP Auto Image Update You can use DHCP auto image upgrade with DHCP autoconfiguration to download both a configuration and a new image to one or more devices in your network The device or devices downloading the new configuration and the new image can be blank or only have a default factory configuration loaded If the new configuration is downloaded to a switch that already has a configu...

Page 71: ...ne or more configuration files from the TFTP server If you configured the DHCP server to respond to the device with all the options required for IP connectivity to the TFTP server and if you configured the DHCP server with a TFTP server name address and configuration filename the device attempts to download the specified configuration file from the specified TFTP server If you did not specify the ...

Page 72: ...eve the named configuration file from the base directory of the server and upon receipt it completes its boot up process The IP address and the configuration filename is reserved for the device but the TFTP server address is not provided in the DHCP reply one file read method The device receives its IP address subnet mask and the configuration filename from the DHCP server The device sends a broad...

Page 73: ...rol how the boot loader or any other software running on the system operates Boot loader environment variables are similar to environment variables that can be set on UNIX or DOS systems Environment variables that have values are stored in flash memory outside of the flash file system Each line in these files contains an environment variable name and an equal sign followed by the value of the vari...

Page 74: ...ed in the booted bundle is used to activate the packages included in the bundle For example boot flash image bin set BOOT filesystem file url A semicolon separated list of executable files to try to load and execute when automatically booting BOOT boot manual Enables manually booting the switch during the next boot cycle and changes the setting of the MANUAL_BOOT environment variable The next time...

Page 75: ...e baud rate set BAUD baud rate BAUD boot enable break switch yes no Enables a break to the auto boot cycle You have 5 seconds to enter the break command set ENABLE_BREAK yes no ENABLE_BREAK Environment Variables for TFTP When the switch is connected to a PC through the Ethernet management port you can download or upload a configuration file to the boot loader by using TFTP Make sure the environmen...

Page 76: ...ot set to manually boot up it reboots itself If your device is configured for manual booting do not reload it from a virtual terminal This restriction prevents the device from entering the boot loader mode and then taking it from the remote user s control If you modify your configuration file the device prompts you to save the configuration before reloading During the save operation the system req...

Page 77: ...iguration file that is used as a boot image boot filename Example Step 3 Device dhcp config boot config boot text Specifies the subnet network number and mask of the DHCP address pool network network number mask prefix length Example Step 4 The prefix length specifies the number of bits that comprise the address prefix The prefix is an alternative way of specifying the network mask of the client T...

Page 78: ...Step 9 Puts the interface into Layer 3 mode no switchport Example Step 10 Device config if no switchport Specifies the IP address and mask for the interface ip address address mask Example Step 11 Device config if ip address 10 10 10 1 255 255 255 0 Returns to privileged EXEC mode end Example Step 12 Device config if end Configuring DHCP Auto Image Update Configuration File and Image This task des...

Page 79: ...erver flash filename txt 14 interface interface id 15 no switchport 16 ip address address mask 17 end 18 copy running config startup config DETAILED STEPS Purpose Command or Action Enters global configuration mode configure terminal Example Step 1 Device configure terminal Creates a name for the DHCP server address pool and enter DHCP pool configuration mode ip dhcp pool poolname Example Step 2 De...

Page 80: ... option 150 10 10 10 1 Specifies the path to the text file that describes the path to the image file option 125 hex Example Step 7 Device dhcp config option 125 hex 0000 0009 0a05 08661 7574 6f69 6e73 7461 6c6c 5f64 686370 Uploads the text file to the device copy tftp flash filename txt Example Step 8 Device config copy tftp flash image bin Uploads the tar file for the new image to the device copy...

Page 81: ...Step 14 Device config interface gigabitEthernet1 0 4 Puts the interface into Layer 3 mode no switchport Example Step 15 Device config if no switchport Specifies the IP address and mask for the interface ip address address mask Example Step 16 Device config if ip address 10 10 10 1 255 255 255 0 Returns to privileged EXEC mode end Example Step 17 Device config if end Optional Saves your entries in ...

Page 82: ...mount of time the system tries to download a configuration file boot host retry timeout timeout value Example Step 3 If you do not set a timeout the system will try indefinitely to obtain an IP address from the DHCP server Note Device conf boot host retry timeout 300 Optional Creates warning messages to be displayed when you try to save the configuration file to NVRAM banner config save C warning ...

Page 83: ...directs DETAILED STEPS Purpose Command or Action Enters global configuration mode configure terminal Example Step 1 Device configure terminal Enters interface configuration mode and enters the VLAN to which the IP information is assigned The range is 1 to 4094 interface vlan vlan id Example Device config interface vlan 99 Step 2 Enters the IP address and subnet mask ip address ip address subnet ma...

Page 84: ...pwap relays on default gateway configuration to support routed access point join the device Note Returns to privileged EXEC mode end Example Step 6 Device config end Verifies the configured IP address show interfaces vlan vlan id Example Step 7 Device show interfaces vlan 99 Verifies the configured default gateway show ip redirects Example Step 8 Device show ip redirects Modifying the Device Start...

Page 85: ...enames and directory names are case sensitive Returns to privileged EXEC mode end Example Step 3 Switch config end Verifies your entries show boot Step 4 Example The boot global configuration command changes the setting of the CONFIG_FILE environment variable Switch show boot Optional Saves your entries in the configuration file copy running config startup config Example Step 5 Switch copy running...

Page 86: ...rifies your entries show boot Step 4 Example The boot manual global command changes the setting of the MANUAL_BOOT environment variable Device show boot The next time you reboot the system the switch is in boot loader mode shown by the switch prompt To boot up the system use the boot filesystem file url boot loader command filesystem Uses flash for the system board flash device Switch boot flash F...

Page 87: ...le Step 2 compatibility check for the platform and image versions Device install add file flash cat9k_lite_iosxe 16 09 01 SPA bin activate commit activates the software package and makes the package persistent across reloads This command extracts the individual components of the bin file into sub packages and packages conf file The device reloads after executing this command Exits privileged EXEC ...

Page 88: ...month text 5 reload cancel 6 show reload DETAILED STEPS Purpose Command or Action Enters global configuration mode configure terminal Example Step 1 Device configure terminal Saves your device configuration information to the startup configuration before you use the reload command copy running config startup config Example Step 2 Device copy running config startup config Schedules a reload of the ...

Page 89: ...l Displays information about a previously scheduled reload or identifies if a reload has been scheduled on the device show reload Example Step 6 show reload Monitoring Device Setup Configuration Examples Displaying Software Bootup in Install Mode This example displays software bootup in install mode switch boot flash packages conf Attempting to boot from flash packages conf Located packages conf v...

Page 90: ...c features and is subject to United States and local country laws governing import export transfer and use Delivery of Cisco cryptographic products does not imply third party authority to import export distribute or use encryption Importers exporters distributors and users are responsible for compliance with U S and local country laws By using this product you agree to comply with applicable laws ...

Page 91: ...nd Computer Software clause at DFARS sec 252 227 7013 cisco Systems Inc 170 West Tasman Drive San Jose California 95134 1706 Cisco IOS Software Fuji Catalyst L3 Switch Software CAT9K_IOSXE Version 16 9 1 RELEASE SOFTWARE fc2 Technical Support http www cisco com techsupport Copyright c 1986 2017 by Cisco Systems Inc Compiled Tue 30 May 17 00 36 by mcpre Cisco IOS XE software Copyright c 2005 2017 b...

Page 92: ...es 56 Gigabit Ethernet interfaces 2048K bytes of non volatile configuration memory 2015456K bytes of physical memory 819200K bytes of Crash Files at crashinfo 1941504K bytes of Flash at flash 0K bytes of WebUI ODM Files at webui 819200K bytes of Crash Files at crashinfo 7 1941504K bytes of Flash at flash 7 Base Ethernet MAC Address 68 2c 7b f7 49 00 Motherboard Assembly Number 73 18699 2 Motherboa...

Page 93: ...pkg flash cat9k_lite rpboot 16 09 01 SPA pkg flash cat9k_lite rpbase 16 09 01 SPA pkg This operation requires a reload of the system Do you want to proceed y n y Starting Activate Performing Activate on all members Aug 30 20 51 16 365 IST INSTALL 5 INSTALL_AUTO_ABORT_TIMER_PROGRESS Switch 7 R0 0 rollback_timer Install auto abort timer will expire in 7200 seconds 4 Activate package s on switch 4 4 ...

Page 94: ...m the show install summary command after adding a software package file to the device Device show install summary Switch 4 7 Installed Package s Information State St I Inactive U Activated Uncommitted C Activated Committed D Deactivated Uncommitted Type St Filename Version IMG C 16 9 1 0 70 Auto abort timer inactive Verifying Software Install SUMMARY STEPS 1 enable 2 show install log 3 show instal...

Page 95: ...e Step 4 show install package filesystem filename Example Device show install package flash cat9k_lite rpboot 16 09 01 SPA pkg Displays information about the specified software install package file Device show install package flash cat9k_lite rpboot 16 09 01 SPA pkg Package cat9k_lite rpboot 16 09 01 SPA pkg Size 34616705 Timestamp Thu Aug 30 20 28 25 2018 UTC Canonical path flash cat9k_lite rpboo...

Page 96: ...ash autoinstall_dhcp Device config interface gigabitethernet1 0 4 Device config if no switchport Device config if ip address 10 10 10 1 255 255 255 0 Device config if end Example Configuring a Device to Download Configurations from a DHCP Server This example uses a Layer 3 SVI interface on VLAN 99 to enable DHCP based autoconfiguration with a saved configuration Device configure terminal Device co...

Page 97: ...itle Related Topic Command Reference Catalyst 9200 Series Switches Device setup commands Boot loader commands Cisco Catalyst 9200 Series Switches Hardware Installation Guide Hardware installation Feature History for Performing Device Setup Configuration This table provides release and related information for features explained in this module These features are available on all releases subsequent ...

Page 98: ...are image support To access Cisco Feature Navigator go to http www cisco com go cfn System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches 84 Performing Device Setup Configuration Feature History for Performing Device Setup Configuration ...

Page 99: ... the Smart Software Licensing Agreement on CSSM to register devices Network reachability to https tools cisco com Introduction to Smart Licensing Cisco Smart Licensing is a flexible licensing model that provides you with an easier faster and more consistent way to purchase and manage software across the Cisco portfolio and across your organization And it s secure you control what users can access ...

Page 100: ...ss the CSSM on https software cisco com by clicking the Smart Software Licensing link under the License tab Use a Chrome 32 0 Firefox 25 0 or Safari 6 0 5 web browser to access CSSM Also ensure that Javascript 1 5 or a later version is enabled in your browser Note Use the CSSM to do the following tasks Create manage or view virtual accounts Create and manage Product Instance Registration Tokens Tr...

Page 101: ...remises collector In this method Cisco products send usage information to a locally connected collector which acts as a local license authority Periodically this information is exchanged to keep the databases synchronized 4 Mediated access through a disconnected on premises collector In this method Cisco products send usage information to a local disconnected collector which acts as a local licens...

Page 102: ...erver address 6 4 ip name server vrf Mgmt vrf server address 1 server address 2 server address 3 server address 4 server address 5 server address 6 5 ip domain lookup source interface interface type interface number 6 ip domain name example com 7 ip host tools cisco com ip address 8 interface vlan_id 9 ntp server ip address version number key key id prefer 10 switchport access vlan vlan_id 11 ip r...

Page 103: ... number Example Step 5 Device config ip domain lookup source interface Vlan100 Configures the domain name ip domain name example com Example Step 6 Device config ip domain name example com Optional Configures static hostname to address mappings in the DNS hostname cache if automatic DNS mapping is not available ip host tools cisco com ip address Example Device config ip host tools cisco com 209 16...

Page 104: ...e interface for the HTTP client ip http client source interface interface type interface number Step 13 The ip http client source interface interface type interface number command is mandatory Note Example Device config ip http client source interface Vlan100 Optional Exits global configuration mode and returns to privileged EXEC mode exit Example Step 14 Device config exit Optional Saves your ent...

Page 105: ...erver identity check when HTTP connection is established no http secure server identity check Example Step 4 Device config call home no http secure server identity check Assigns customer s email address You can enter up to 200 characters in email address format with no spaces contact email address email address Example Step 5 Device config call home contact email addr username example com By defau...

Page 106: ...e configuration mode and returns to global configuration mode exit Example Step 12 Device config call home exit Enables the Call Home feature service call home Example Step 13 Device config service call home Exits global configuration mode and returns to privileged EXEC mode exit Example Step 14 Device config exit Optional Saves your entries in the configuration file copy running config startup co...

Page 107: ... 17 ip http client proxy server proxy address proxy port port number 18 exit 19 copy running config startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Enters Call Home configuration mode call home Example ...

Page 108: ...estination profile configuration mode for the specified destination profile name If the specified destination profile does not exist it is created profile name Example Device config call home profile test1 Step 9 Enables data sharing with the Call Home service via HTTP reporting smart licensing data Example Step 10 Device config call home profile reporting smart licensing data Enables the HTTP mes...

Page 109: ... startup config Example Step 19 Device copy running config startup config ConfiguringtheCallHomeServiceforCiscoSmartSoftwareManagerOn Prem For information about Cisco Smart Software Manager On Prem formerly known as Cisco Smart Software Manager satellite see https www cisco com c en us buy smart accounts software manager satellite html To configure the Call Home service for the Cisco Smart Softwar...

Page 110: ...ty check Enters Call Home destination profile configuration mode for the specified destination profile name If the specified destination profile does not exist it is created profile name Example Device config call home profile test1 Step 5 Enables data sharing with the Call Home service via HTTP reporting smart licensing data Example Step 6 Device config call home profile reporting smart licensing...

Page 111: ... Call Home configuration mode exit Example Step 11 Device config call home profile exit Exits Call Home configuration mode and returns to global configuration mode exit Example Step 12 Device config call home exit Configures a source interface for the HTTP client ip http client source interface interface type interface number Step 13 The ip http client source interface interface type interface num...

Page 112: ...s Switches Base licenses Network Essentials Network Advantage includes Network Essentials Add on licenses These can be subscribed for a fixed term of three five or seven years Digital Networking Architecture DNA Essentials DNA Advantage includes DNA Essentials To configure the license levels follow this procedure SUMMARY STEPS 1 enable 2 configure terminal 3 license boot level license_level 4 exit...

Page 113: ...gy package Next reboot network essentials Smart License network essentials None Subscription Smart License None Reloads the device reload Example Step 7 Device reload Registering a Device on CSSM To register a device on CSSM you must do the following tasks 1 Generate a unique token from the CSSM 2 Register the device with the generated token On successful registration the device will receive an id...

Page 114: ...e generated to register new product instances to the virtual account Step 1 Log in to CSSM from https software cisco com You must log in to the portal using the username and password provided by Cisco Step 2 Click the Inventory tab Step 3 From the Virtual Account drop down list choose the required virtual account Step 4 Click the General tab Step 5 Click New Token The Create Registration Token win...

Page 115: ...m c en us about legal global export trade html Step 10 Click Create Token to create a token Step 11 After the token is created click Copy to copy the newly created token Registering a Device with the New Token To register a device with the new token perform this procedure SUMMARY STEPS 1 enable System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches 101 Configur...

Page 116: ...art Licensing is ENABLED Registration Status REGISTERED Smart Account Smart Account Name Virtual Account Virtual Account 1 Export Controlled Functionality Allowed Initial Registration First Attempt Pending Last Renewal Attempt SUCCEEDED on Jul 19 14 49 49 2018 IST Next Renewal Attempt Jan 15 14 49 48 2019 IST Registration Expires Jul 19 14 43 48 2019 IST License Authorization Status AUTHORIZED on ...

Page 117: ...a Device s Registration in CSSM When your device is taken off the inventory shipped elsewhere for redeployment or returned to Cisco for replacement using the return merchandise authorization RMA process you can use the deregister command to cancel the registration of your device To cancel device registration follow this procedure Before you begin Layer 3 connection to CSSM must be available to suc...

Page 118: ...y registers itself with the CSSM Registered Indicates that your device is able to communicate with the CSSM and is authorized to initiate requests for license entitlements Authorized Indicates that your device is in Compliance status and is authorized to use the requested type and count of licenses The Authorization status has a lifetime of 90 days At the end of 30 days the device will send a new ...

Page 119: ...enable Device show call home profile all Profile Name CiscoTAC 1 Profile status ACTIVE Profile mode Full Reporting Reporting Data Smart Call Home Smart Licensing Preferred Message Format xml Message Size Limit 3145728 Bytes Transport Method http HTTP address es https tools cisco com its service oddce services DDCEService Other address es default Periodic configuration info message is scheduled eve...

Page 120: ...ABLED Transport Type Callhome License Usage C9200L DNA Advantage 48 port Term license C9200L DNA A 48 Description C9200L DNA Advantage 48 port Term license Count 1 Version 1 0 Status EVAL MODE C9200L Network Advantage 48 port license C9200L NW A 48 Description C9200L Network Advantage 48 port license Count 1 Version 1 0 Status EVAL MODE Product Information UDI PID C9200L 48P 4X SN JPG221300KP Agen...

Page 121: ...display all the license summaries use the show license summary command Device enable Device show license summary Smart Licensing is ENABLED Registration Status UNREGISTERED Export Controlled Functionality Not Allowed License Authorization Status EVAL MODE Evaluation Period Remaining 68 days 0 hours 29 minutes 33 seconds License Usage License Entitlement tag Count Status C9200L DNA A 48 1 EVAL MODE...

Page 122: ...idtoken Tl4UytrNXBzbEs1ck8veUtWaG5abnZJOFdDa1FwbVRa 0AblRMbz0 3D 0A Device write memory Example Viewing the License Status After Registering Example To display the license entitlements use the show license all command Device enable Device show license all Smart Licensing Status Smart Licensing is ENABLED Registration Status REGISTERED Smart Account Smart Account Name Virtual Account Virtual Accoun...

Page 123: ...vantage 48 port license C9200L NW A 48 Description C9200L Network Advantage 48 port license Count 1 Version 1 0 Status AUTHORIZED Product Information UDI PID C9200L 48P 4X SN JPG221300KP Agent Version Smart Agent for Licensing 4 4 13_rel 116 Component Versions SA 1_3_dev 1 0 15 SI dev22 1 2 1 CH rel5 1 0 3 PK dev18 1 0 3 Reservation Info License reservation DISABLED Example To display license usag...

Page 124: ...s AUTHORIZED Last Communication Attempt SUCCEEDED Next Communication Attempt Aug 27 07 02 56 2018 IST License Usage License Entitlement tag Count Status C9200L DNA Advantage C9200L DNA A 48 1 AUTHORIZED C9200L Network Advan C9200L NW A 48 1 AUTHORIZED Example To display the license status information use the show license status command Device enable Device show license status Smart Licensing is EN...

Page 125: ...leshooting and resolving technical issues with Cisco products and technologies To receive security and technical information about your products you can subscribe to various services such as the Product Alert Tool accessed from Field Notices the Cisco Technical Services Newsletter and Really Simple Syndication RSS Feeds Access to most tools on the Cisco Support website requires a Cisco com user ID...

Page 126: ...license management solution that allows you to manage and track the status of your license and hardware and software usage trends Cisco IOS XE Fuji 16 9 2 Smart Licensing System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches 112 Configuring Smart Licensing Feature Information for Smart Licensing ...

Page 127: ...nded that you reload the system as soon as you make a change to the SDM template After you change the template and the system reboots you can use the show sdm prefer privileged EXEC command to verify the new template configuration If you enter the show sdm prefer command before you enter the reload privileged EXEC command the show sdm prefer command shows the template currently in use and the temp...

Page 128: ...an Step 3 Example advanced Sets the switch to the advanced template Device config sdm prefer vlan vlan Maximizes VLAN configuration on the switch with no routing supported in hardware Returns to privileged EXEC mode end Example Step 4 Device config end Reloads the operating system reload Step 5 Example After the system reboots you can use the show sdm prefer privileged EXEC command to verify the n...

Page 129: ...plate If the SDM template is removed then other such related commands are also removed and have to be reconfigured explicitly Note Configuration Examples for SDM Templates Examples Displaying SDM Templates This is an example output showing the advanced template information Device show sdm prefer advanced Showing SDM Template Info This is the Advanced template Number of VLANs 1024 Unicast MAC addre...

Page 130: ...ectly connected routes 4096 Indirect routes 2048 STP Instances 128 Security Access Control Entries 1408 QoS Access Control Entries 1024 Policy Based Routing ACEs 512 Netflow Input ACEs 128 Netflow Output ACEs 128 Ingress Netflow ACEs 128 Egress Netflow ACEs 128 Flow SPAN ACEs 256 Tunnels 128 LISP Instance Mapping Entries 128 Control Plane Entries 512 Input Netflow flows 8192 Output Netflow flows 8...

Page 131: ...releases subsequent to the one they were introduced in unless noted otherwise Feature Information Feature Release Standard SDM templates can be used to configure system resources to optimize support for specific features SDM Template Cisco IOS XE Fuji 16 9 2 Use Cisco Feature Navigator to find information about platform and software image support To access Cisco Feature Navigator go to http www ci...

Page 132: ...System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches 118 Configuring SDM Templates Feature History for SDM Templates ...

Page 133: ...An account on Cisco com is not required Information About Configuring System Message Logs System Messsage Logging By default a switch sends the output from system messages and debug privileged EXEC commands to a logging process The logging process controls the distribution of logging messages to various destinations such as the logging buffer terminal lines or a UNIX syslog server depending on you...

Page 134: ...lity severity MNEMONIC description The part of the message preceding the percent sign depends on the setting of these global configuration commands service sequence numbers service timestamps log datetime service timestamps log datetime localtime msec show timezone service timestamps log uptime Table 9 System Log Message Elements Description Element Stamps log messages with a sequence number only ...

Page 135: ...essages sent and stored in the switch history table You also can change the number of messages that are stored in the history table Messages are stored in the history table because SNMP traps are not guaranteed to reach their destination By default one message of the level warning and numerically lower levels are stored in the history table even if syslog traps are not enabled When the history tab...

Page 136: ...fault buffer size is 4096 bytes Device config logging buffered 8192 If a standalone switch or the active switch fails the log file is lost unless you previously saved it to flash memory See Step 4 Do not make the buffer size too large because the switch could run out of memory for other tasks Use the show memory privileged EXEC command to view the free processor memory on the switch However this v...

Page 137: ... session to see the debugging messages Synchronizing Log Messages You can synchronize unsolicited messages and debug privileged EXEC command output with solicited device output and prompts for a specific console port line or virtual terminal line You can identify the types of messages to be output asynchronously based on the level of severity You can also configure the maximum number of buffers fo...

Page 138: ... used for your current connection For example to change the setting for vty line 2 enter line vty 2 When you enter this command the mode changes to line configuration Enables synchronous logging of messages logging synchronous level severity level all limit number of buffers Step 3 Optional level severity level Specifies the message severity level Messages with a severity level equal to Example or...

Page 139: ...earing in the middle of command output The logging synchronous global configuration command also affects the display of messages to the console When this command is enabled messages appear only after you press Return To reenable message logging after it has been disabled use the logging on global configuration command This task is optional SUMMARY STEPS 1 configure terminal 2 no logging console 3 ...

Page 140: ...ltime show timezone log datetime Enables time stamps on log messages Depending on the options selected the time stamp can Example include the date time in milliseconds relative to the local time zone and the time zone name Device config service timestamps log uptime or Device config service timestamps log datetime Returns to privileged EXEC mode end Example Step 3 Device config end Enabling and Di...

Page 141: ...fig end Defining the Message Severity Level Limit messages displayed to the selected device by specifying the severity level of the message This task is optional SUMMARY STEPS 1 configure terminal 2 logging console level 3 logging monitor level 4 logging trap level 5 end DETAILED STEPS Purpose Command or Action Enters global configuration mode configure terminal Example Step 1 Device configure ter...

Page 142: ... messages and numerically lower levels Device config logging trap 3 Returns to privileged EXEC mode end Example Step 5 Device config end Limiting Syslog Messages Sent to the History Table and to SNMP This task explains how to limit syslog messages that are sent to the history table and to SNMP This task is optional SUMMARY STEPS 1 configure terminal 2 logging history level 3 logging history size n...

Page 143: ...aemons no longer accept by default syslog packets from the network If this is the case with your system use the UNIX man syslogd command to decide what options must be added to or removed from the syslog command line to enable logging of remote syslog messages Note Before you begin Log in as root Before you can send system log messages to a UNIX syslog server you must configure the syslog daemon o...

Page 144: ...isioning Configuration Examples for System Message Logs Example Stacking System Message This example shows a partial switch system message for active stack and a stack member hostname Switch 2 00 00 46 LINK 3 UPDOWN Interface Port channel1 changed state to up 00 00 47 LINK 3 UPDOWN Interface GigabitEthernet1 0 1 changed state to up 00 00 47 LINK 3 UPDOWN Interface GigabitEthernet1 0 2 changed stat...

Page 145: ...nged state to up 00 00 47 LINK 3 UPDOWN Interface GigabitEthernet0 2 changed state to up 00 00 48 LINEPROTO 5 UPDOWN Line protocol on Interface Vlan1 changed state to down 00 00 48 LINEPROTO 5 UPDOWN Line protocol on Interface GigabitEthernet0 1 changed state to down 2 Mar 1 18 46 11 SYS 5 CONFIG_I Configured from console by vty2 10 34 195 36 18 47 02 SYS 5 CONFIG_I Configured from console by vty2...

Page 146: ...System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches 132 Configuring System Message Logs Feature History and Information For System Message Logs ...

Page 147: ...e data path and the control signals The online diagnostics detect problems in these areas Hardware components Interfaces Ethernet ports and so forth Solder joints Online diagnostics are categorized as on demand scheduled or health monitoring diagnostics On demand diagnostics run from the CLI scheduled diagnostics run at user designated intervals or at specified times when the device is connected t...

Page 148: ... monitor threshold commands respectively The test leverages the Cisco Discovery Protocol CDP protocol that transmits packets The test runs every 75 seconds and the failure threshold is set to five by default Description Attribute Nondisruptive Disruptive or Nondisruptive Do not disable Recommendation On Default Cisco IOS XE Everest 16 9 1 Intitial Release Displays a syslog message indicating that ...

Page 149: ... EXEC command to begin diagnostic testing After starting the tests you cannot stop the testing process Use this privileged EXEC command to manually start online diagnostic testing SUMMARY STEPS 1 diagnostic start number test name test id test id range all basic complete minimal non disruptive per port DETAILED STEPS Purpose Command or Action Starts the diagnostic tests diagnostic start number test...

Page 150: ...nter port number port number list weekly day of week hh mm DETAILED STEPS Purpose Command or Action Enters the global configuration mode configure terminal Example Step 1 Device configure terminal Schedules on demand diagnostic tests for a specific day and time diagnostic schedule number test name test id test id range all basic complete minimal Step 2 non disruptive per port daily on mm dd yyyy h...

Page 151: ...ng test enable the Device to generate a syslog message because of a test failure and enable a specific test Use the no form of this command to disable testing By default health monitoring is disabled but the Device generates a syslog message when a test fails Follow these steps to configure and enable the health monitoring diagnostic tests SUMMARY STEPS 1 enable 2 configure terminal 3 diagnostic m...

Page 152: ...ar in the show diagnostic content command output all All of the diagnostic tests When specifying the interval set these parameters hh mm ss Monitoring interval in hours minutes and seconds The range for hh is 0 to 24 and the range for mm and ss is 0 to 60 milliseconds Monitoring interval in milliseconds ms The range is from 0 to 999 day Monitoring interval in the number of days The range is from 0...

Page 153: ...t appears in the show diagnostic content command output test id ID number of the test that appears in the show diagnostic content command output test id range ID numbers of the tests that appear in the show diagnostic content command output all All of the diagnostic tests Returns to privileged EXEC mode end Example Step 7 Device config end Display the online diagnostic test results and the support...

Page 154: ...stic Test This example shows how to schedule diagnostic testing for a specific day and time on a specific switch Device config diagnostic schedule test DiagThermalTest on June 3 2013 22 25 This example shows how to schedule diagnostic testing to occur weekly at a certain time on a specific switch Device config diagnostic schedule switch 1 test 1 2 4 6 weekly saturday 10 30 Examples Displaying Onli...

Page 155: ...opback functionality In this test a packet is sent which loops back at PHY level and is matched against the stored packet It is a disruptive test and cannot be run as a health monitoring test DiagScratchRegisterTest The Scratch Register test monitors the health of application specific integrated circuits ASICs by writing values into registers and reading back the values from these registers It is ...

Page 156: ...eld Notices the Cisco Technical Services Newsletter and Really Simple Syndication RSS Feeds Access to most tools on the Cisco Support website requires a Cisco com user ID and password Feature Information for Configuring Online Diagnostics This table provides release and related information for features explained in this module These features are available on all releases subsequent to the one they...

Page 157: ...s document are available and function only in certain configuration modes on the device Some of the Cisco IOS configuration commands are only available on certain device platforms and the command syntax may vary on different platforms Information About Managing Configuration Files Types of Configuration Files Configuration files contain the Cisco IOS software commands used to customize the functio...

Page 158: ...ecuting the Configuration Commands in the Startup Configuration File section for more information Configuring from the network allows you to load and execute configuration commands over the network See the Copying a Configuration File from a TFTP Server to the Device section for more information Configuration File Changes Using the CLI The Cisco IOS software accepts one configuration command per l...

Page 159: ...s erased For example if the copied configuration file contains a different IP address in a particular command than the existing configuration the IP address in the copied configuration is used However some commands in the existing configuration may not be replaced or negated In this case the resulting configuration file is a mixture of the existing configuration file and the copied configuration f...

Page 160: ...d from the device use the ip rcmd rcp enable global configuration command Restrictions The RCP protocol requires a client to send a remote username on each RCP request to a server When you copy a configuration file from the device to a server using RCP the Cisco IOS software sends the first valid username it encounters in the following sequence 1 The username specified in the copy EXEC command if ...

Page 161: ...onfiguration file or image is written to or copied from the directory associated with the remote username on the server For example if the system image resides in the home directory of a user on the server specify that user name as the remote username Refer to the documentation for your RCP server for more information Copying a Configuration File from the Device to an FTP Server You can copy a con...

Page 162: ...copy command Specifying the VRF in the copy command is easier and more efficient as you can directly change the source interface without using a change request for the configuration Example The following example shows how to copy files through a VRF using the copy command Device Address or name of remote host 10 1 2 3 Source username ScpUser Source filename auto tftp server ScpUser vrf_test txt De...

Page 163: ...em devicees you can store the startup configuration in flash memory by setting the CONFIG_FILE environment variable to a file in internal flash memory or flash memory in a PCMCIA slot See the Specifying the CONFIG_FILE Environment Variable on Class A Flash File Systems on page 174 section for more information Care must be taken when editing or changing a large configuration Flash memory space is u...

Page 164: ...isplaying Configuration File Information To display information about configuration files complete the tasks in this section SUMMARY STEPS 1 enable 2 show boot 3 more file url 4 show running config 5 show startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Lists the contents of the BOOT environment...

Page 165: ...nfiguration with the show running config or more system running config EXEC commands Comments do not display when you list the startup configuration with the show startup config or more nvram startup config EXEC mode commands Comments are stripped out of the configuration file when it is loaded onto the device However you can list the comments in configuration files stored on a File Transfer Proto...

Page 166: ...ion to the location specified by the CONFIG_FILE environment variable the default CONFIG_FILE variable specifies that the file should be saved to NVRAM Examples In the following example the device prompt name of the device is configured The comment line indicated by the exclamation mark does not execute any command The hostname command is used to change the device name from device to new_name By p...

Page 167: ...le Step 1 Example Enter your password if prompted Device enable Copies the running configuration file to a TFTP server copy system running config tftp location directory filename Step 2 Example Device copy system running config tftp server1 topdir file10 Copies the startup configuration file to a TFTP server copy nvram startup config tftp location directory filename Step 3 Example Device copy nvra...

Page 168: ...ocation directory filename copy nvram startup config rcp username location directory filename DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Optional Changes the default remote username ip rcmd remote username userna...

Page 169: ...how to store a startup configuration file on a server by using RCP to copy the file Device configure terminal Device config ip rcmd remote username netadmin2 Device config end Device copy nvram startup config rcp Remote host 172 16 101 101 Name of configuration file to write start confg Write file start confg on host 172 16 101 101 confirm OK What to Do Next After you have issued the copy EXEC com...

Page 170: ... config ip ftp username NetAdmin1 Optional Specifies the default password ip ftp password password Example Step 4 Device config ip ftp password adminpassword Optional Exits global configuration mode This step is required only if you override the default remote username or password see Steps 2 and 3 end Example Device config end Step 5 Copies the running configuration or startup configuration file ...

Page 171: ... Device copy nvram startup config ftp Remote host 172 16 101 101 Name of configuration file to write start confg Write file start confg on host 172 16 101 101 confirm OK What to Do Next After you have issued the copy EXEC command you may be prompted for additional information or for confirmation of the action The prompt displayed depends on how much information you provide in the copy command and ...

Page 172: ...irectory filename flash n directory startup config Example Step 4 Device copy tftp server1 dir10 datasource flash startup config Examples In the following example the software is configured from the file named tokyo confg at IP address 172 16 2 155 Device copy tftp 172 16 2 155 tokyo confg system running config Configure using tokyo confg from 172 16 2 155 confirm Y Booting tokyo confg from 172 16...

Page 173: ...de the default remote username see Step 3 configure terminal Example Device configure terminal Step 2 Optional Specifies the remote username ip rcmd remote username username Example Step 3 Device config ip rcmd remote username NetAdmin1 Optional Exits global configuration mode This step is required only if you override the default remote username see Step 2 end Example Device config end Step 4 Cop...

Page 174: ...e username netadmin1 Device config end Device copy rcp nvram startup config Address of remote host 255 255 255 255 172 16 101 101 Name of configuration file rtr2 confg host2 confg Configure using host2 confg from 172 16 101 101 confirm Connected to 172 16 101 101 Loading 1112 byte file host2 confg OK OK Device SYS 5 CONFIG_NV Non volatile store configured from host2 config by rcp from 172 16 101 1...

Page 175: ...vice config ip ftp username NetAdmin1 Optional Specifies the default password ip ftp password password Example Step 4 Device config ip ftp password adminpassword Optional Exits global configuration mode This step is required only if you override the default remote username or password see Steps 3 and 4 end Example Device config end Step 5 Using FTP copies the configuration file from a network serv...

Page 176: ...ram startup config Address of remote host 255 255 255 255 172 16 101 101 Name of configuration file host1 confg host2 confg Configure using host2 confg from 172 16 101 101 confirm Connected to 172 16 101 101 Loading 1112 byte file host2 confg OK OK Device SYS 5 CONFIG_NV Non volatile store configured from host2 config by ftp from 172 16 101 101 What to Do Next After you have issued the copy EXEC c...

Page 177: ...ers the new configuration Do one of the following Step 5 Use FTP RCP or TFTP to copy the new configuration If you try to load a configuration that is more than three times larger than the NVRAM size the following error message is displayed configure terminal Example buffer overflow file size buffer size bytes Device configure terminal When you have finished changing the running configuration save ...

Page 178: ...ilename 5 end 6 Do one of the following Use FTP RCP or TFTP to copy the new configuration If you try to load a configuration that is more than three times larger than the NVRAM size the following error message is displayed buffer overflow file size buffer size bytes configure terminal 7 copy system running config nvram startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC...

Page 179: ...ng error message is displayed buffer overflow file size buffer size bytes configure terminal Example Device configure terminal When you have finished changing the running configuration save the new configuration copy system running config nvram startup config Example Step 7 Device config copy system running config nvram startup config Examples The following example stores the configuration file in...

Page 180: ...stem running config ftp rcp tftp Example Step 2 Device copy system running config ftp Enters global configuration mode configure terminal Example Step 3 Device configure terminal Specifies that the startup configuration file be loaded from the network server at startup boot network ftp username password location directory filename rcp username location directory filename tftp location directory fi...

Page 181: ...urpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Do one of the following Step 2 Loads a configuration file directly into NVRAM or copy filesystem partition number filename nvram startup config Copies a configuration file to your running configuration copy filesystem partition number filename system running config Example Devi...

Page 182: ...s privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Displays the layout and contents of flash memory to verify the filename show source filesystem Example Step 2 Device show flash Copies a configuration file between flash memory devices copy source filesystem partition number filename dest filesystem partition number filename Step 3 The source device and the ...

Page 183: ...want to erase confirm Copy running config from flash device as running config into usbflash0 device WITH erase yes no yes Erasing device eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee erased OK 850 4194304 bytes Flash device copy took 00 00 30 hh mm ss Verifying checksum OK 0x16 Copying a Configuration File from an FTP Server to Flash Memory Devices To copy a configuration file f...

Page 184: ...directory bundle_name flash Example Step 6 Device copy f t p c a t 3 k _ c a a u n i v e r s a l k 9 S S A 0 3 1 2 0 2 E Z P 1 5 0 1 2 0 2 E Z P 1 5 0 1 2 0 2 E Z P b i n flash What to Do Next After you have issued the copy EXEC command you may be prompted for additional information or for confirmation of the action The prompt displayed depends on how much information you provide in the copy comma...

Page 185: ...ng RCP Respond to any device copy rcp username location directory bundle_name flash Step 5 prompts for additional information or confirmation Example Prompting depends on how much information you provide Device copy rcp netadmin 172 16 101 101 bundle1 flash in the copy command and the current setting of the file prompt command Copying a Configuration File from a TFTP Server to Flash Memory Devices...

Page 186: ...up Configuration File To re execute the commands located in the startup configuration file complete the task in this section SUMMARY STEPS 1 enable 2 configure memory DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Re executes the configuration commands located in the startup configuration file configure memo...

Page 187: ...e points to NVRAM the device erases NVRAM If the CONFIG_FILE environment variable specifies a flash memory device and configuration filename the device deletes the configuration file That is the device marks the file as deleted rather than erasing it This feature allows you to recover a deleted file Note Device erase nvram Deleting a Specified Configuration File To delete a specified configuration...

Page 188: ...igure the Cisco IOS software to load the startup configuration file specified by the CONFIG_FILE environment variable The CONFIG_FILE variable defaults to NVRAM To change the CONFIG_FILE environment variable complete the tasks in this section SUMMARY STEPS 1 enable 2 copy flash url ftp url rcp url tftp url system running config nvram startup config dest flash url 3 configure terminal 4 boot config...

Page 189: ...u to verify the contents of the CONFIG_FILE environment variable show boot Example Step 7 Device show boot Examples The following example copies the running configuration file to the device This configuration is then used as the startup configuration when the system is restarted Device copy system running config usbflash0 config2 Device configure terminal Device config boot config usbflash0 config...

Page 190: ... is saved to that device Eventually Flash memory fills up as the old configuration files still take up memory Use the squeeze EXEC command to permanently delete the old configuration files and reclaim the space Note Configuring the Device to Download Configuration Files You can specify an ordered list of network configuration and host configuration filenames The Cisco IOS XE software scans this li...

Page 191: ... Cisco IOS software uses the default filename Example network confg If you omit the address the device uses the broadcast address Device config boot network tftp hostfile1 You can specify more than one network configuration file The software tries them in order entered until it loads one This procedure can be useful for keeping files with different configuration information loaded on a network ser...

Page 192: ...location Step 3 directory filename tftp location directory filename If you do not specify a host configuration filename the device uses its own name to form a host Example configuration filename by converting the name to all lowercase letters removing all domain information Device config boot host tftp hostfile1 and appending confg If no host name information is available the software uses the def...

Page 193: ...ng Configuration Files This table provides release and related information for features explained in this module These features are available on all releases subsequent to the one they were introduced in unless noted otherwise Feature Information Feature Release Configuration files contain the Cisco IOS software commands used to customize the functionality of your Cisco device Commands are parsed ...

Page 194: ...System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches 180 Managing Configuration Files Feature History for Managing Configuration Files ...

Page 195: ...ration Rollback feature must comply with standard Cisco software configuration file indentation rules as follows Start all commands on a new line with no indentation unless the command is within a configuration submode Indent commands within a first level configuration submode one space Indent commands within a second level configuration submode two spaces Indent commands within subsequent submode...

Page 196: ... by the configure replace command Before this feature was introduced you could save copies of the running configuration using the copy running config destination url command storing the replacement file either locally or remotely However this method lacked any automated file management On the other hand the Configuration Replace and Configuration Rollback feature provides the capability to automat...

Page 197: ...command the following major differences should be noted The copy source url running config command is a merge operation and preserves all of the commands from both the source file and the current running configuration This command does not remove commands from the current running configuration that are not present in the source file In contrast the configure replace target url command removes comm...

Page 198: ... you can specify any saved Cisco IOS configuration file as the replacement configuration you are not limited to a fixed number of rollbacks as is the case in some rollback models Configuration Rollback Confirmed Change The Configuration Rollback Confirmed Change feature allows configuration changes to be performed with an optional requirement that they be confirmed If this confirmation is not rece...

Page 199: ...PS 1 enable 2 configure terminal 3 archive 4 path url 5 maximum number 6 time period minutes 7 end 8 archive config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Enters archive configuration mode archive Example Ste...

Page 200: ...sco IOS configuration archive Note Optional Sets the time increment for automatically saving an archive file of the current running configuration in the Cisco IOS configuration archive time period minutes Example Device config archive time period 1440 Step 6 The minutes argument specifies how often in minutes to automatically save an archive file of the current running configuration in the Cisco I...

Page 201: ...rror timer minutes time minutes Step 2 The target url argument is a URL accessible by the Cisco IOS file system of the saved Cisco IOS Example configuration file that is to replace the current running Device configure replace flash startup config time 120 configuration such as the configuration file created using the archive config command The list keyword displays a list of the command lines appl...

Page 202: ... parameters for the timed configure revert now timer minutes idle minutes Step 3 rollback use the configure revertcommand in privileged EXEC mode Example Device configure revert now now Triggers the rollback immediately timer Resets the configuration revert timer Use the minutes argument with the timer keyword to specify a new revert time in minutes Use the idle keyword along with a time in minute...

Page 203: ...ive There are currently 1 archive configurations saved The next archive file will be named flash myconfiguration 2 Archive Name 0 1 flash myconfiguration 1 Most Recent 2 3 4 5 6 7 8 9 10 11 12 13 14 The following is sample output from the show archive command after several archive files of the running configuration have been saved In this example the maximum number of archive files to be saved is ...

Page 204: ...eplace flash myconfiguration force Timing Debug Statistics for IOS Config Replace operation Time to read file usbflash0 sample_2 cfg 0 msec 0 sec Number of lines read 55 Size of file 1054 Starting Pass 1 Time to read file system running config 0 msec 0 sec Number of lines read 93 Size of file 2539 Time taken for positive rollback pass 320 msec 0 sec Time taken for negative rollback pass 0 msec 0 s...

Page 205: ...tion Device configure replace flash myconfiguration This will apply all necessary additions and deletions to replace the current running configuration with the contents of the specified configuration file which is assumed to be a complete configuration not a partial configuration Enter Y if you are sure you want to proceed no Y Total number of passes 1 Rollback Done In the following example the li...

Page 206: ...sh startup config time 120 This will apply all necessary additions and deletions to replace the current running configuration with the contents of the specified configuration file which is assumed to be a complete configuration not a partial configuration Enter Y if you are sure you want to proceed no Y Total number of passes 1 Rollback Done Device configure confirm The following example shows the...

Page 207: ...ment file The configure replace command is then used to revert to the replacement configuration file as shown in the following example Device show archive There are currently 1 archive configurations saved The next archive file will be named flash myconfiguration 2 Archive Name 0 1 flash myconfiguration 1 Most Recent 2 3 4 5 6 7 8 9 10 Device configure replace flash myconfiguration 1 Total number ...

Page 208: ...eplace command Configuration Replace and Configuration Rollback Cisco IOS XE Fuji 16 9 2 Use Cisco Feature Navigator to find information about platform and software image support To access Cisco Feature Navigator go to http www cisco com go cfn System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches 194 Configuration Replace and Configuration Rollback Feature Hi...

Page 209: ... a package that can be installed on a system to provide a fix or a security resolution to a released image An SMU package is provided on a per release and per component basis An SMU provides a significant benefit over classic Cisco IOS software because it allows you to address network issues quickly while reducing the time and scope of the testing required The Cisco IOS XE platform internally vali...

Page 210: ...ad ensures that all processes are started with the correct libraries and files that are installed as part of the SMU How to Manage Software Maintenance Updates You can install activate and commit an SMU package using a single command 1 step process or using separate commands 3 step process Use the 1 step process when you have to install just one SMU package file and use the 3 step process when you...

Page 211: ...om a remote location through FTP HTTP HTTPS or TFTP If the SMU file is copied using TFTP use bootflash to activate the SMU Note Exits privileged EXEC mode and returns to user EXEC mode exit Example Step 3 Device exit Installing an SMU Package 3 Step Process This task shows you the 3 step process for installing an SMU package Use this method to install multiple SMUs and avoid multiple reloads Befor...

Page 212: ...le location filename Example Device install activate file flash cat9k_lite_iosxe 16 12 03 CSCvt22238 SPA smu bin cat9k_lite_iosxe 16 12 03 CSCvt72427 SPA smu bin Step 3 When entering multiple SMUs use a comma without a space before or after to separate file names Also ensure that total number of characters does not exceed 128 This step involves a reload Commits the activation changes to be persist...

Page 213: ...rsion on the device show version Example Step 5 Device show version Displays information about the active package show install summary Step 6 Example The output of this command varies according to the install commands that are configured Device show install summary Configuration Examples for Software Maintenance Upgrade The following is a list of SMU configuration examples Example Installing an SM...

Page 214: ...e is I because it has not been activated and committed yet Device show install summary Switch 1 Installed Package s Information State St I Inactive U Activated Uncommitted C Activated Committed D Deactivated Uncommitted Type St Filename Version SMU I flash cat9k_lite_iosxe 16 09 04 CSCvk70181 SPA smu bin IMG C 16 9 4 0 3431 Auto abort timer inactive 2 Activating the SMU package file Device install...

Page 215: ...tware CAT9K_LITE_IOSXE Version 16 9 4 RELEASE SOFTWARE fc2 Technical Support http www cisco com techsupport Copyright c 1986 2019 by Cisco Systems Inc Compiled Thu 22 Aug 19 17 30 by mcpre output truncated Verifying activation of the SMU package file by using the show install summary command The status of the SMU package file is U because it has not been committed yet Switch 1 Installed Package s ...

Page 216: ...Uncommitted Type St Filename Version SMU C flash cat9k_lite_iosxe 16 09 04 CSCvk70181 SPA smu bin IMG C 16 9 4 0 3431 Checking the version by using the show version command Device show version Cisco IOS XE Software Version 16 09 04 Cisco IOS Software Fuji Catalyst L3 Switch Software CAT9K_LITE_IOSXE Version 16 9 4 RELEASE SOFTWARE fc2 Technical Support http www cisco com techsupport Copyright c 19...

Page 217: ...d install add flash cat9k_lite_iosxe 16 12 03 CSCvt22238 SPA smu bin 1 Copying flash cat9k_lite_iosxe 16 12 03 CSCvt22238 SPA smu bin from switch 1 to switch 2 3 4 5 2 3 4 5 Finished copying to switch 2 switch 3 switch 4 switch 5 Info Finished copying flash cat9k_lite_iosxe 16 12 03 CSCvt22238 SPA smu bin to the selected switch es Finished initial file syncing Starting SMU Add operation Performing...

Page 218: ... flash cat9k_lite_iosxe 16 12 03 CSCvt72427 SPA smu bin to the selected switch es Finished initial file syncing Starting SMU Add operation Performing SMU_ADD on all members 1 SMU_ADD package s on switch 1 1 Finished SMU_ADD on switch 1 2 SMU_ADD package s on switch 2 2 Finished SMU_ADD on switch 2 3 SMU_ADD package s on switch 3 3 Finished SMU_ADD on switch 3 4 SMU_ADD package s on switch 4 4 Fini...

Page 219: ... proceed y n y Executing pre scripts Executing pre sripts done Starting SMU Activate operation Performing SMU_ACTIVATE on all members Oct 28 13 24 41 563 INSTALL 5 INSTALL_AUTO_ABORT_TIMER_PROGRESS Switch 1 R0 0 rollback_timer Install auto abort timer will expire in 7200 secondsOct 28 13 24 43 259 INSTALL 5 INSTALL_AUTO_ABORT_TIMER_PROGRESS R0 0 rollback_timer Install auto abort timer will expire ...

Page 220: ... commit is pending Oct 28 13 26 55 912 BOOT 5 BOOTTIME_SMU_TEMP_ACTIVE_DETECTED R0 0 install_engine SMU file flash cat9k_lite_iosxe 16 12 03 CSCvt22238 SPA smu bin active temporary SMU commit is pending Waiting for 120 seconds for other switches to boot Switch number is 4 All switches in the stack have been discovered Accelerating discovery Verifying activation of the SMU package files by using th...

Page 221: ...MIT package s on switch 5 5 Finished SMU_COMMIT on switch 5 Checking status of SMU_COMMIT on 1 2 3 4 5 SMU_COMMIT Passed on 1 2 3 4 5 Finished SMU Commit operation SUCCESS install_commit flash cat9k_lite_iosxe 16 12 03 CSCvt72427 SPA smu bin flash cat9k_lite_iosxe 16 12 03 CSCvt22238 SPA smu bin Sun Oct 28 13 35 52 UTC 2035 Oct 28 13 35 53 789 INSTALL 5 INSTALL_COMPLETED_INFO R0 0 install_engine C...

Page 222: ...lite_iosxe 16 09 04 CSCvk70181 SPA smu bin from switch 1 to switch 2 2 Finished copying to switch 2 Info Finished copying flash cat9k_lite_iosxe 16 09 04 CSCvk70181 SPA smu bin to the selected switch es Finished initial file syncing Starting SMU Add operation Performing SMU_ADD on all members 1 SMU_ADD package s on switch 1 1 Finished SMU_ADD on switch 1 2 SMU_ADD package s on switch 2 2 Finished ...

Page 223: ... operation may require a reload of the system Do you want to proceed y n n Checking the version by using the show version command Device show version Cisco IOS XE Software Version 16 09 04 Cisco IOS Software Fuji Catalyst L3 Switch Software CAT9K_LITE_IOSXE Version 16 9 4 RELEASE SOFTWARE fc2 Technical Support http www cisco com techsupport Copyright c 1986 2019 by Cisco Systems Inc Compiled Thu 2...

Page 224: ... 1 CSCxxx SSA dmp bin The following example shows how to rollback an update package to the committed package Device install rollback to base install_rollback START Wed Jun 10 11 27 41 IST 2020 This rollback would require a reload Do you want to proceed y n y 2 install_rollback Reloading the box to take effect Initializing Hardware after reload Device The following is sample output from the show in...

Page 225: ... Packages tftp cat9k_lite_iosxe 16 09 04 CSCvk70181 SPA smu bin Committed Packages No packages Uncommitted Packages No packages Device The following example shows how to remove an SMU from the device Device install remove file tftp cat9k_lite_iosxe 16 09 04 CSCvk70181 SPA smu bin install_remove START Wed Jun 10 12 09 43 IST 2020 SUCCESS install_remove tftp cat9k_lite_iosxe 16 09 04 CSCvk70181 SPA ...

Page 226: ...a package that can be installed on a system to provide a fix or a security resolution to a released image On this platform SMUs require a cold complete reload of the operating system hot patching is not supported Software Maintenance Upgrade SMU Cisco IOS XE Fuji 16 9 4 The SMU package supports patching of the PKI component Public Key Infrastructure PKI Patching Cisco IOS XE Gibraltar 16 10 1 Use ...

Page 227: ...e end of this module Use Cisco Feature Navigator to find information about platform support and Cisco software image support To access Cisco Feature Navigator go to http www cisco com go cfn An account on Cisco com is not required Information About the Flash File System The flash file system is a single flash device on which you can store files It also provides several commands to help you manage ...

Page 228: ...e b Type of file system disk The file system is for a flash memory device USB flash and crashinfo file network The file system for network devices for example an FTP server or and HTTP server nvram The file system is for a NVRAM device opaque The file system is a locally generated pseudo file system for example the system or a download interface such as brimux unknown The file system is an unknown...

Page 229: ...XEC commands that have the optional filesystem argument the system uses the file system specified by the cd command By default the default file system is flash You can display the current default file system as specified by the cd command by using the pwd privileged EXEC command Displaying Information About Files on a File System You can view a list of the contents of a file system before manipula...

Page 230: ...25 2015 20 17 42 00 00 pnp tech time 608439 rw 214054 Sep 25 2015 20 17 48 00 00 pnp tech discovery summary 608419 drwx 4096 Jul 23 2015 07 50 25 00 00 util 616514 drwx 4096 Mar 18 2015 11 09 04 00 00 onep 608442 rw 556 Mar 18 2015 11 19 34 00 00 vlan dat 608448 rw 1131779 Mar 28 2015 13 13 48 00 00 log txt 616516 drwx 4096 Apr 1 2015 09 34 56 00 00 gs_script 616517 drwx 4096 Apr 6 2015 09 42 38 0...

Page 231: ...cified directory cd directory_name Step 3 Example The command example shows how to navigate to the directory named new_configs Device cd new_configs Displays the working directory pwd Example Step 4 Device pwd Navigates to the default directory cd Example Step 5 Device cd Creating Directories Beginning in privileged EXEC mode follow these steps to create a directory SUMMARY STEPS 1 dir filesystem ...

Page 232: ...r filesystem use flash for the system board flash device For file url enter the name of the directory to be deleted All of the files in the directory and the directory are removed When directories are deleted their contents cannot be recovered Caution Copying Files To copy a file from a source to a destination use the copy source url destination url privileged EXEC command For the source and desti...

Page 233: ...press the prompting that confirms a deletion of each file in the directory You are prompted only once at the beginning of this deletion process Use the force and recursive keywords for deleting old software images that were installed by using the archive download sw command but are no longer needed If you omit the filesystem option the device uses the default device specified by the cd command For...

Page 234: ...e url specify the location on the local flash file system in which the new file is created You can also specify an optional list of files or directories within the source directory to add to the new file If none are specified all files and directories at this level are written to the newly created file Displays the contents of a file archive tar table source url Step 2 Example For source url speci...

Page 235: ...lash file url dir file specify the location on the local flash file system from which the file is extracted Use the dir file option to specify a list of files or directories within the file to be extracted If none are specified all files and directories are extracted Displays the contents of any readable file including a file on a remote file system more ascii binary ebcdic file url Example Step 4...

Page 236: ...oduct Alert Tool accessed from Field Notices the Cisco Technical Services Newsletter and Really Simple Syndication RSS Feeds Access to most tools on the Cisco Support website requires a Cisco com user ID and password Feature History for Flash File System This table provides release and related information for features explained in this module These features are available on all releases subsequent...

Page 237: ...n the process is in progress Ensure that you take a backup of the current image before you begin the Factory Reset process Ensure that neither In Service Software Upgrade ISSU nor In Service Software Downgrade ISSD is in progress before starting the Factory Reset process Limitations for Performing Factory Reset Software patches if any that are installed on the switch will not be restored after the...

Page 238: ...te for the device Recovering the compromised device If the key material or credentials stored on a device is compromised reset the device to factory configuration and then reconfigure the device The device reloads to perform the Factory Reset task Note that this reload results in a ROMMON mode After the Factory Reset operation is complete you can load the Cisco IOS image either through a USB or TF...

Page 239: ...ocess is successfully completed the device reboots and stops at ROMMON mode Feature History and Information for Factory Reset Feature Information Release This feature was introduced Cisco IOS XE Fuji 16 9 2 System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches 225 Performing Factory Reset Feature History and Information for Factory Reset ...

Page 240: ...System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches 226 Performing Factory Reset Feature History and Information for Factory Reset ...

Page 241: ...metric key pairs pre shared secrets the type 6 password encryption key and certain credentials An instance unique encryption key is stored in the hardware trust anchor to prevent it from being compromised Enabling Secure Storage Before you begin By default this feature is disabled SUMMARY STEPS 1 configure terminal 2 service private config encryption 3 end 4 write memory DETAILED STEPS Purpose Com...

Page 242: ...TEPS 1 configure terminal 2 no service private config encryption 3 end 4 write memory DETAILED STEPS Purpose Command or Action Enters the global configuration mode configure terminal Example Step 1 Device configure terminal Disables the Secure Storage feature on your device When secure storage is disabled all the user data is stored in plain text in the NVRAM no service private config encryption E...

Page 243: ...e These features are available on all releases subsequent to the one they were introduced in unless noted otherwise Feature Information Feature Release Secure Storage feature allows you to secure critical configuration information by encrypting it It encrypts asymmetric key pairs pre shared secrets the type 6 password encryption key and certain credentials An instance unique encryption key is stor...

Page 244: ...System Management Configuration Guide Cisco IOS XE Gibraltar 16 10 x Catalyst 9200 Switches 230 Configuring Secure Storage Feature Information for Secure Storage ...

Page 245: ...in which each feature is supported see the feature information table at the end of this module Use Cisco Feature Navigator to find information about platform support and Cisco software image support To access Cisco Feature Navigator go to http www cisco com go cfn An account on Cisco com is not required Introduction to Conditional Debugging The Conditional Debugging feature allows you to selective...

Page 246: ...nal Debugging enable us to have a single debug CLI to debug all execution contexts related to the condition This can be done without being aware of the various control flow processes of the feature within the box and without having to issue debugs at these processes individually Location of Tracefiles By default the tracefile logs will be generated for each process and saved into either the tmp rp...

Page 247: ...ondition all DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode Enter your password if prompted enable Example Step 1 Device enable Configures conditional debugging for the MAC Address specified debug platform condition mac mac address Example Step 2 Device debug platform condition mac bc16 6509 3314 Starts conditional debugging this will start radioactive tracing if there is a ...

Page 248: ...addition to linux shell Generates a file with merged logs Displays merged logs only from staging area Note Clears all conditions clear platform condition all Example Step 8 Device clear platform condition all What to do next The commands request platform software trace filter binary and show platform software trace filter binary work in a similar way The only difference is Note request platform so...

Page 249: ...ing tracefiles off the box An example of the tracefile is shown below Device dir crashinfo tracelogs Directory of crashinfo tracelogs 50664 rwx 760 Sep 22 2015 11 12 21 00 00 plogd_F0 0 bin_0 gz 50603 rwx 991 Sep 22 2015 11 12 08 00 00 fed_pmanlog_F0 0 bin_0 9558 20150922111208 gz 50610 rw 11 Nov 2 2015 00 15 59 00 00 timestamp 50611 rwx 1443 Sep 22 2015 11 11 31 00 00 auto_upgrade_client_sh_pmanl...

Page 250: ...ow lists the various commands that can be used to monitor conditional debugging Purpose Command Displays the current conditions set show platform condition Displays the current debug conditions set show debug Displays logs merged from the latest tracefile show platform software trace filter binary Displays historical logs of merged tracefiles on the system request platform software trace filter bi...

Page 251: ...g URL http www cisco com go mibs All the supported MIBs for this release Technical Assistance Link Description http www cisco com support The Cisco Support website provides extensive online resources including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies To receive security and technical information about your products you can subs...

Page 252: ...ws you to selectively enable debugging and logging for specific features based on the set of conditions you define Conditional Debugging and Radioactive Tracing Cisco IOS XE Fuji 16 9 2 Use Cisco Feature Navigator to find information about platform and software image support To access Cisco Feature Navigator go to http www cisco com go cfn System Management Configuration Guide Cisco IOS XE Gibralt...

Page 253: ... on a Switch Switch software can be corrupted during an upgrade by downloading the incorrect file to the switch and by deleting the image file In all of these cases there is no connectivity Follow the steps described in the Recovering from a Software Failure on page 245 section to recover from a software failure Lost or Forgotten Password on a Device The default configuration for the device allows...

Page 254: ...ture allows the switch to identify the physical path that a packet takes from a source device to a destination device Layer 2 traceroute supports only unicast source and destination MAC addresses Traceroute finds the path by using the MAC address tables of the Device in the path When the Device detects a device in the path that does not support Layer 2 traceroute the Device continues to send Layer...

Page 255: ... 2 traceroute feature is not supported When more than one CDP neighbor is detected on a port the Layer 2 path is not identified and an error message appears This feature is not supported in Token Ring VLANs Layer 2 traceroute opens a listening socket on the User Datagram Protocol UDP port 2228 that can be accessed remotely with any IPv4 address and does not require any authentication This UDP sock...

Page 256: ... this message was sent by the destination port Go to Example Performing a Traceroute to an IP Host on page 261 to see an example of IP traceroute process Debug Commands Because debugging output is assigned high priority in the CPU process it can render the system unusable For this reason use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technic...

Page 257: ...ctory Ifit cannot be saved to the crashinfo partition for lack of space then it will be saved to the flash directory To display the files enter the dir crashinfo command The following is sample output of a crashinfo directory System reports are located in the crashinfo directory in the following format system report_ switch number _ date timestamp UTC gz After a switch crashes check for a system r...

Page 258: ... and voltage information and helps Cisco technical support representatives to troubleshoot Device problems We recommend that you keep OBFL enabled and do not erase the data stored in the flash memory By default OBFL is enabled It collects information about the Device and small form factor pluggable SFP modules The Device stores this information in the flash memory CLI commands Record of the OBFL C...

Page 259: ...ering from a Software Failure Before you begin This recovery procedure requires that you have physical access to the switch This procedure uses boot loader commands and TFTP to recover from a corrupted or incorrect image file Set the baud rate of the terminal to match the the default rate of 9600 bits per second bps of the switch console port If the baud rate is set to a value other than 9600 bps ...

Page 260: ... 2017 08 25_09 41 SSA bin interface eth0 macaddr E4 AA 5D 59 7B 44 ip 10 168 247 10 netmask 10 255 0 0 gateway 10 168 0 1 server 10 168 0 1 file cat9k cat9k_iosxe 2017 08 25_09 41 bin Restricted Rights Legend Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph c of the Commercial Computer Software Restricted Rights clause at FAR sec 52 227 19 and...

Page 261: ... you agree to comply with applicable laws and regulations If you are unable to comply with U S and local laws return this product immediately A summary of U S laws governing Cisco cryptographic products may be found at http www cisco com wwl export crypto tool stqrg html If you require further assistance please contact us by sending email to export cisco com cisco C9XXX X86 processor revision V00 ...

Page 262: ...55 254 254 auto tftpboot X86 cat9k_iosxe 16 05 01a SPA bin Verifying bundle tftp 10 255 254 254 auto tftpboot X86 cat9k_iosxe 16 05 01a SPA bin Package cat9k cc_srdriver 16 05 01a SPA pkg temp stage cat9k cc_srdriver 16 05 01a SPA pkg is Digitally Signed Package cat9k espbase 16 05 01a SPA pkg temp stage cat9k espbase 16 05 01a SPA pkg is Digitally Signed Package cat9k guestshell 16 05 01a SPA pkg...

Page 263: ...configuration If you are an end user trying to reset a password when password recovery has been disabled a status message shows this during the recovery process Note SUMMARY STEPS 1 Connect a terminal or PC to the switch 2 Set the line speed on the emulation software to 9600 baud 3 Power off the standalone switch or the entire switch stack 4 Reconnect the power cord to the switch or the active swi...

Page 264: ...load the switch or the active switch On a switch Switch reload Proceed with reload confirm y Procedure with Password Recovery Enabled Step 1 Ignore the startup configuration with the following command Device SWITCH_IGNORE_STARTUP_CFG 1 Step 2 Boot the switch with the packages conf file from flash Device boot flash packages conf Step 3 Terminate the initial configuration dialog by answering No Woul...

Page 265: ... boot BOOT variable flash packages conf Manual Boot yes Enable Break yes Step 10 Reload the device Device reload Step 11 Return the boot loader parameters to their original values Device SWITCH_IGNORE_STARTUP_CFG 0 Step 12 Boot the device with the packages conf file from flash Device boot flash packages conf Step 13 After the device boots up disable manual boot on the device Device config no boot ...

Page 266: ...sword You see the message Press Enter to continue If you enter y yes the configuration file in flash memory and the VLAN database file are deleted When the default configuration loads you can reset the password Step 1 Choose to continue with password recovery and delete the existing configuration Would you like to reset the system back to the default configuration y n Y Step 2 Display the contents...

Page 267: ...k is not operating at full bandwidth We recommend using only one CLI session when managing the switch stack Be careful when using multiple CLI sessions to the active switch Commands that you enter in one session are not displayed in the other sessions Therefore it is possible that you might not be able to identify the session from which you entered a command Manually assigning stack member numbers...

Page 268: ...iate Note Troubleshooting SFP Module Security and Identification Cisco small form factor pluggable SFP modules have a serial EEPROM that contains the module serial number the vendor name and ID a unique security code and cyclic redundancy check CRC When an SFP module is inserted in the Device the Device software reads the EEPROM to verify the serial number vendor name and vendor ID and recompute t...

Page 269: ...tname or network address ping ip host address Device ping 172 20 52 3 Monitoring Temperature The Device monitors the temperature conditions and uses the temperature information to control the fans Monitoring the Physical Path You can monitor the physical path that a packet takes from a source device to a destination device by using one of these privileged EXEC commands Table 14 Monitoring the Phys...

Page 270: ...d For more information about system message logging see Configuring System Message Logging Note Using the show platform Command The output from the show platform privileged EXEC command provides some useful information about the forwarding results if a packet entering an interface is sent through the system Depending upon the parameters entered about the packet the output provides lookup table res...

Page 271: ...0 47 0 14 0 11 0 HRPC pm counters 192 3093252 14081112 219 0 31 0 14 0 11 0 Spanning Tree 143 8 37 216 0 15 0 01 0 00 0 Exec output truncated This example shows normal CPU utilization The output shows that utilization for the last 5 seconds is 8 0 which has this meaning The total CPU utilization is 8 percent including both time running Cisco IOS processes and time spent handling interrupts The tim...

Page 272: ...crossover one Note Verify that the total cable length from the switch front panel to the powered device is not more than 100 meters Disconnect the Ethernet cable from the switch port Use a short Ethernet cable to connect a known good Ethernet device directly to this port on the switch front panel not on a patch panel Verify that it can establish an Ethernet link and exchange traffic with another h...

Page 273: ...ice to this port and verify that it powers on If the device powers on verify that all intermediate patch panels are correctly connected Disconnect all but one of the Ethernet cables from switch ports Using a short patch cord connect a powered device to only one PoE port Verify the powered device does not require more power than can be delivered by the switch port Use the show power inline privileg...

Page 274: ...loads or disconnects from PoE Use the show power inline command to verify that the switch power budget available PoE is not depleted before or after the powered device is connected Verify that sufficient power is available for the powered device type before you connect it Use the show interface status command to verify that the switch detects the connected powered device Use the show log command t...

Page 275: ...o perform a traceroute to an IP host Device traceroute ip 192 0 2 10 Type escape sequence to abort Tracing the route to 192 0 2 10 1 192 0 2 1 0 msec 0 msec 4 msec 2 192 0 2 203 12 msec 8 msec 0 msec 3 192 0 2 100 4 msec 0 msec 0 msec 4 192 0 2 10 0 msec 4 msec 0 msec The display shows the hop count the IP address of the router and the round trip time in milliseconds for each of the three probes t...

Page 276: ... one they were introduced in unless noted otherwise Feature Information Feature Release Troubleshooting software configuration describes how to identify and resolve software problems related to the Cisco IOS software on the switch Troubleshooting Software Configuration Cisco IOS XE Fuji 16 9 2 Use Cisco Feature Navigator to find information about platform and software image support To access Cisco...

Reviews:

No comments

Related manuals for Catalyst 9200 Series

N-Tron 100 Series User Manual & Installation Manual preview
100 Series
Brand: N-Tron Pages: 20
TAMS 1800 Series Installation & Operation Manual preview
1800 Series
Brand: TAMS Pages: 28
IBM 8265 Site Preparation Manual preview
8265
Brand: IBM Pages: 164
IBM 8265 Nways ATM Switch Problem Determination And Service Manual preview
8265 Nways ATM Switch
Brand: IBM Pages: 174
Vector MZ3-V01 Quick Start Manual preview
MZ3-V01
Brand: Vector Pages: 3
National Instruments SCXI-1127 Getting Started Manual preview
SCXI-1127
Brand: National Instruments Pages: 32
Black Box LB9019A Installation preview
LB9019A
Brand: Black Box Pages: 2
plasa SRS Lighting DTS16F-DIN Instruction Manual preview
SRS Lighting DTS16F-DIN
Brand: plasa Pages: 4
Handic VIC-Switch User Manual preview
VIC-Switch
Brand: Handic Pages: 2
Garland EdgeLens INT10G8SR56 User Manual preview
EdgeLens INT10G8SR56
Brand: Garland Pages: 76
Eaton T0-4 SE2 Series Instruction Leaflet preview
T0-4 SE2 Series
Brand: Eaton Pages: 2
SELS FT 40 R Quick Start Manual preview
FT 40 R
Brand: SELS Pages: 2
Omron WLM - Datasheet preview
WLM -
Brand: Omron Pages: 10
Campbell Hausfeld CW301300AJ Additional Operating Instructions preview
CW301300AJ
Brand: Campbell Hausfeld Pages: 4
Sunix ESW-5162GP User Manual preview
ESW-5162GP
Brand: Sunix Pages: 55
Black Box LGB408A-R2 Manual preview
LGB408A-R2
Brand: Black Box Pages: 20
W Box Technologies 0E-8P65W4POE Manual preview
0E-8P65W4POE
Brand: W Box Technologies Pages: 10
Vanco Evolution EVMX4442 Manual preview
Evolution EVMX4442
Brand: Vanco Pages: 12

Brands by name

Popular brands

Load more brands