manualshive.com logo in svg

Cisco Catalyst 9500 Series, Manual

The Cisco Catalyst 9500 Series offers industry-leading performance and reliability for your network infrastructure. To ensure seamless operations, troubleshooting any issues is crucial. Download the free user manual from our website to gain valuable insights and step-by-step guidance on resolving problems. Empower your network with Cisco Catalyst 9500 Series and download the manual from manualshive.com.

Share
Download
background image

C H A P T E R

13

Configuring Secure Storage

Information About Secure Storage, on page 251

Enabling Secure Storage , on page 251

Disabling Secure Storage , on page 252

Verifying the Status of Encryption, on page 253

Feature Information for Secure Storage, on page 253

Information About Secure Storage

Secure Storage feature allows you to secure critical configuration information by encrypting it. It encrypts
asymmetric key-pairs, pre-shared secrets, the type 6 password encryption key and certain credentials. An
instance-unique encryption key is stored in the hardware trust anchor to prevent it from being compromised.

By default, this feature is enabled on devices that come with a hardware trust anchor. This feature is not
supported on devices that do not have hardware trust anchor.

Enabling Secure Storage

Before you begin

By default, this feature is enabled. Perform this procedure only after disabling secure storage on the device.

SUMMARY STEPS

1.

configure terminal

2.

service private-config-encryption

3.

end

4.

write memory

DETAILED STEPS

Purpose

Command or Action

Enters the global configuration mode.

configure terminal

Example:

Step 1

System Management Configuration Guide, Cisco IOS XE Fuji 16.8.x (Catalyst 9500 Switches)

251

Summary of Contents for Catalyst 9500 Series

Page 1: ...de Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches First Published 2018 04 06 Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 ...

Page 2: ... 2018 Cisco Systems Inc All rights reserved ...

Page 3: ...on 6 System Name and Prompt 7 Stack System Name and Prompt 8 Default System Name and Prompt Configuration 8 DNS 8 Default DNS Settings 8 Login Banners 8 Default Banner Configuration 9 MAC Address Table 9 MAC Address Table Creation 9 MAC Addresses and VLANs 9 MAC Addresses and Device Stacks 9 Default MAC Address Table Settings 10 ARP Table Management 10 How to Administer the Device 10 Configuring t...

Page 4: ... Notification Traps 33 Adding and Removing Static Address Entries 35 Configuring Unicast MAC Address Filtering 36 Monitoring and Maintaining Administration of the Device 37 Configuration Examples for Device Administration 38 Example Setting the System Clock 38 Examples Configuring Summer Time 38 Example Configuring a MOTD Banner 38 Example Configuring a Login Banner 39 Example Configuring MAC Addr...

Page 5: ...CP Based Autoconfiguration Overview 51 DHCP Client Request Process 52 DHCP Based Autoconfiguration and Image Update 53 Restrictions for DHCP Based Autoconfiguration 53 DHCP Autoconfiguration 53 DHCP Auto Image Update 54 DHCP Server Configuration Guidelines 54 Purpose of the TFTP Server 55 Purpose of the DNS Server 55 How to Obtain Configuration Files 55 How to Control Environment Variables 56 Comm...

Page 6: ...3 Example Scheduling Software Image Reload 93 Additional References For Performing Device Setup 94 Feature History for Performing Device Setup Configuration 94 Configuring Right To Use Licenses 97 C H A P T E R 4 Restrictions for Configuring RTU Licenses 97 Information About Configuring RTU Licenses 97 Right To Use Licensing 97 How to Configure RTU Licenses 99 Activating a License 99 Rehosting a L...

Page 7: ... Flexible Netflow 119 NBAR2 Custom Applications 126 NBAR2 Dynamic Hitless Protocol Pack Upgrade 129 Monitoring Application Visibility and Control 131 Examples Application Visibility and Control Configuration 131 Basic Troubleshooting Questions and Answers 143 Additional References for Application Visibility and Control 144 Feature History for Application Visibility and Control in a Wired Network 1...

Page 8: ...ing Messages to a UNIX Syslog Daemon 165 Monitoring and Maintaining System Message Logs 166 Monitoring Configuration Archive Logs 166 Configuration Examples for System Message Logs 166 Example Stacking System Message 166 Example Switch System Message 167 Feature History and Information For System Message Logs 167 Configuring Online Diagnostics 169 C H A P T E R 8 Information About Configuring Onli...

Page 9: ...a TFTP Server 181 Copying a Configuration File from the Device to an RCP Server 182 Copying a Configuration File from the Device to an FTP Server 183 Copying files through a VRF 184 Copy Configuration Files from a Switch to Another Switch 184 Configuration Files Larger than NVRAM 185 Configuring the Device to Download Configuration Files 185 How to Manage Configuration File Information 186 Display...

Page 10: ...TFTP Server to Flash Memory Devices 207 Re executing the Configuration Commands in the Startup Configuration File 208 Clearing the Startup Configuration 209 Deleting a Specified Configuration File 209 Specifying the CONFIG_FILE Environment Variable on Class A Flash File Systems 210 What to Do Next 212 Configuring the Device to Download Configuration Files 212 Configuring the Device to Download the...

Page 11: ...re History for Configuration Replace and Configuration Rollback 229 Software Maintenance Upgrade 231 C H A P T E R 1 1 Restrictions for Software Maintenance Upgrade 231 Information About Software Maintenance Upgrade 231 SMU Overview 231 SMU Workflow 232 SMU Package 232 SMU Reload 232 How to Manage Software Maintenance Updates 232 Managing an SMU Package 232 Configuration Examples for Software Main...

Page 12: ...sites for Performing a Factory Reset 255 Restrictions for Performing a Factory Reset 255 Information About Factory Reset 255 How to Perform a Factory Reset 256 Feature History and Information for Factory Reset 257 Conditional Debug and Radioactive Tracing 259 C H A P T E R 1 5 Finding Feature Information 259 Introduction to Conditional Debugging 259 Introduction to Radioactive Tracing 260 How to C...

Page 13: ... Switch 272 Fan Failures 273 Possible Symptoms of High CPU Utilization 274 How to Troubleshoot the Software Configuration 274 Recovering from a Software Failure 274 Recovering from a Lost or Forgotten Password 278 Procedure with Password Recovery Enabled 279 Procedure with Password Recovery Disabled 281 Preventing Switch Stack Problems 282 Preventing Autonegotiation Mismatches 283 Configuring OBFL...

Page 14: ...ting the Software Configuration 291 Scenarios to Troubleshoot Power over Ethernet PoE 291 Configuration Examples for Troubleshooting Software 293 Example Pinging an IP Host 293 Example Performing a Traceroute to an IP Host 294 Feature History for Troubleshooting Software Configuration 295 System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches xiv Contents ...

Page 15: ...c configuration methods RTC and NTP or manual configuration methods For complete syntax and usage information for the commands used in this section see the Cisco IOS Configuration Fundamentals Command Reference on Cisco com Note System Clock The basis of the time service is the system clock This clock runs from the moment the system starts up and keeps track of the date and time The system clock c...

Page 16: ...self organizing tree of NTP speakers NTP avoids synchronizing to a device whose time might not be accurate by never synchronizing to a device that is not synchronized NTP also compares the time reported by several devices and does not synchronize to a device whose time is significantly different than the others even if its stratum is lower The communications between devices running NTP known as as...

Page 17: ...gh NTP from a stratum 1 time server and so on A device running NTP automatically chooses as its time source the device with the lowest stratum number with which it communicates through NTP This strategy effectively builds a self organizing tree of NTP speakers NTP avoids synchronizing to a device whose time might not be accurate by never synchronizing to a device that is not synchronized NTP also ...

Page 18: ...its hosts Because this is a peer to peer relationship the host will also retain time related information of the local networking device that it is communicating with This mode should be used when a number of mutually redundant servers are interconnected via diverse network paths Most stratum 1 and stratum 2 servers on the Internet adopt this form of network setup Use the ntp peer command to indivi...

Page 19: ...ess lists 2 ipv6 Configures IPv6 access lists 3 peer Allows time requests and NTP control queries and allows the system to synchronize itself to a system whose address passes the access list criteria 4 serve Allows time requests and NTP control queries but does not allow the system to synchronize itself to a system whose address passes the access list criteria 5 serve only Allows only time request...

Page 20: ... enabled globally when any NTP commands are entered You can selectively prevent NTP packets from being received through a specific interface by using the ntp disable command in interface configuration mode Source IP Address for NTP Packets When the system sends an NTP packet the source IP address is normally set to the address of the interface through which the NTP packet is sent Use the ntp sourc...

Page 21: ...rivatives is also available This software allows host systems to be time synchronized as well System Name and Prompt You configure the system name on the device to identify it By default the system name and prompt are Switch If you have not configured a system prompt the first 20 characters of the system name are used as the system prompt A greater than symbol is appended The prompt is updated whe...

Page 22: ...domain name is cisco com A specific device in this domain for example the File Transfer Protocol FTP system is identified as ftp cisco com To keep track of domain names IP has defined the concept of a domain name server which holds a cache or database of names mapped to IP addresses To map domain names to IP addresses you must first identify the hostnames specify the name server that is present on...

Page 23: ...aging out those that are not in use The aging interval is globally configured However the device maintains an address table for each VLAN and STP can accelerate the aging interval on a per VLAN basis The device sends packets between any combination of ports based on the destination address of the received packet Using the MAC address table the device forwards the packet only to the port associated...

Page 24: ...s association is stored in an ARP cache for rapid retrieval Then the IP datagram is encapsulated in a link layer frame and sent over the network Encapsulation of IP datagrams and ARP requests and replies on IEEE 802 networks other than Ethernet is specified by the Subnetwork Access Protocol SNAP By default standard Ethernet style ARP encapsulation represented by the arpa keyword is enabled on the ...

Page 25: ... the configured time zone clock set hh mm ss month day year Example day Specifies the day by date in the month Device clock set 13 32 00 23 March 2013 month Specifies the month by name year Specifies the year no abbreviation Configuring the Time Zone Follow these steps to manually configure the time zone SUMMARY STEPS 1 enable 2 configure terminal 3 clock timezone zone hours offset minutes offset ...

Page 26: ...e minutes offset from UTC This available where the local time zone is a percentage of an hour different from UTC Returns to privileged EXEC mode end Example Step 4 Device config end Verifies your entries show running config Example Step 5 Device show running config Optional Saves your entries in the configuration file copy running config startup config Example Step 6 Device copy running config sta...

Page 27: ...d days every year All times are relative to the local time zone The start time is relative to standard time clock summer time zone recurring week day month hh mm week day month hh mm offset Example Step 4 The end time is relative to summer time Summer time is disabled by default If you specify clock summer time Device config clock summer time PDT recurring 10 March 2013 2 00 3 November 2013 zone r...

Page 28: ...ck and cannot function as an NTP primary clock to which peers synchronize themselves when an external NTP source is not available The device also has no hardware support for a calendar As a result the ntp update calendar and the ntp master commands in global configuration mode are not available These following sections provide configuration information on NTP Default NTP Configuration shows the de...

Page 29: ... Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Enables NTP authentication no ntp authenticate Step 3 Example Use the no form of this command to disable NTP authentication Device config ntp authenticate Defines the authentication keys no ntp authentication ...

Page 30: ...evice config ntp trusted key 42 Step 5 Use the no form of this command to disable trusted authentication Allows the software clock to be synchronized by an NTP time server no ntp server ip address key key id prefer Example Step 6 ip address The IP address of the time server providing the clock synchronization Device config ntp server 172 16 22 44 key 42 key id Authentication key defined with the n...

Page 31: ... range is 1 to 4 By default version 4 is selected key id Authentication key defined with the ntp authentication key command interface The interface from which to pick the IP source address By default the source IP address is taken from the outgoing interface prefer Sets this peer as the preferred one that provides synchronization This keyword reduces switching back and forth between peers Use the ...

Page 32: ...onfiguring Broadcast Based NTP Associations To configure broadcast based NTP associations perform this procedure SUMMARY STEPS 1 enable 2 configure terminal 3 interface interface id 4 no ntp broadcast version number key key id destination address 5 no ntp broadcast client 6 exit 7 no ntp broadcastdelay microseconds 8 end DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable ...

Page 33: ...nables the interface to receive NTP broadcast packets no ntp broadcast client Step 5 Example Use the no form of this command to disable the interface from receiving NTP broadcast packets Device config if ntp broadcast client Returns to privileged EXEC mode exit Example Step 6 Device config if exit Optional Change the estimated round trip delay between the device and the NTP broadcast server no ntp...

Page 34: ...terminal Create an access group and apply a basic IP access list no ntp access group query only serve only serve peer access list number Step 3 query only NTP control queries Example serve only Time requests Device config ntp access group peer 99 serve Allows time requests and NTP control queries but does not allow the device to synchronize to the remote device peer Allows time requests and NTP co...

Page 35: ...e Use the no form of this command to remove authentication key Returns to privileged EXEC mode end Example Step 5 Device config end Disabling NTP Services on a Specific Interface To disable NTP packets from being received on an interface perform this procedure SUMMARY STEPS 1 enable 2 configure terminal 3 interface interface id 4 no ntp disable 5 end DETAILED STEPS Purpose Command or Action Enable...

Page 36: ... mode end Example Step 5 Device config if end Configuring a System Name Follow these steps to manually configure a system name SUMMARY STEPS 1 enable 2 configure terminal 3 hostname name 4 end 5 show running config 6 copy running config startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters glo...

Page 37: ...fig startup config Setting Up DNS If you use the device IP address as its hostname the IP address is used and no DNS query occurs If you configure a hostname that contains no periods a period followed by the default domain name is appended to the hostname before the DNS query is made to map the name to an IP address The default domain name is the value set by the ip domain name global configuratio...

Page 38: ... more name servers to use for name and address resolution ip name server server address1 server address2 server address6 Step 4 Example You can specify up to six name servers Separate each server address with a space The first server specified is the Device config ip primary server The device sends DNS queries to the name server 192 168 1 100 primary server first If that query fails the backup ser...

Page 39: ...low these steps to configure a MOTD login banner SUMMARY STEPS 1 enable 2 configure terminal 3 banner motd c message c 4 end 5 show running config 6 copy running config startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device conf...

Page 40: ... running config Example Step 5 Device show running config Optional Saves your entries in the configuration file copy running config startup config Example Step 6 Device copy running config startup config Configuring a Login Banner You can configure a login banner to be displayed on all connected terminals This banner appears after the MOTD banner and before the login prompt Follow these steps to c...

Page 41: ...username and password message Enters a login message up to 255 characters You cannot use the delimiting character in the message Returns to privileged EXEC mode end Example Step 4 Device config end Verifies your entries show running config Example Step 5 Device show running config Optional Saves your entries in the configuration file copy running config startup config Example Step 6 Device copy ru...

Page 42: ...00 You can also enter 0 which disables aging Static address entries are never aged or removed from the table Device config mac address table aging time 500 vlan 2 vlan id Valid IDs are 1 to 4094 Returns to privileged EXEC mode end Example Step 4 Device config end Verifies your entries show running config Example Step 5 Device show running config Optional Saves your entries in the configuration fil...

Page 43: ...message snmp server host host addr community string notification type informs traps version 1 2c 3 vrf vrf instance name Step 3 host addr Specifies the name or address of the NMS Example traps the default Sends SNMP traps to the host informs Sends SNMP informs to the host Device config snmp server host 172 20 10 10 traps private mac notification version Specifies the SNMP version to support Versio...

Page 44: ...hange interval 123 Optional history size value Specifies the maximum number of entries in the MAC notification history table The range is 0 to 500 the default is 1 Device config mac address table notification change history size 100 Enters interface configuration mode and specifies the Layer 2 interface on which to enable the SNMP MAC address notification trap interface interface id Example Device...

Page 45: ...n type 4 snmp server enable traps mac notification move 5 mac address table notification mac move 6 end 7 show running config 8 copy running config startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Specif...

Page 46: ...es the MAC address move notification feature mac address table notification mac move Example Step 5 Device config mac address table notification mac move Returns to privileged EXEC mode end Example Step 6 Device config end Verifies your entries show running config Example Step 7 Device show running config Optional Saves your entries in the configuration file copy running config startup config Exam...

Page 47: ...fig startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Specifies the recipient of the trap message snmp server host host addr traps informs version 1 2c 3 community string notification type Step 3 host add...

Page 48: ...me Step 6 Example Optional limit percentage Specifies the percentage of the MAC address table use valid values are from 1 to 100 percent The default is 50 percent Device config mac address table notification threshold interval 123 Optional interval time Specifies the time between notifications valid values are greater than or equal to 120 seconds The default is 120 seconds Device config mac addres...

Page 49: ...ackets with this Example destination address received in the specified VLAN are forwarded to the specified interface Device config mac address table static c2f3 220a 12f4 vlan 4 interface vlan id Specifies the VLAN for which the packet with the specified MAC address is received Valid VLAN IDs are 1 to 4094 gigabitethernet 1 0 1 interface id Specifies the interface to which the received packet is f...

Page 50: ...ed Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Enables unicast MAC address filtering and configure the device to drop a packet with the specified source or destination unicast static address mac address table static mac addr vlan vlan id drop Example Device config mac address table static c2f3 220a 12f4 vlan 4 drop Step 3 mac addr Spec...

Page 51: ...r the specified VLAN show ip igmp snooping groups Displays MAC address table information for the specified MAC address show mac address table address mac address Displays the aging time in all VLANs or the specified VLAN show mac address table aging time Displays the number of addresses present in all VLANs or the specified VLAN show mac address table count Displays only dynamic MAC address table ...

Page 52: ...3 at 02 00 Device config clock summer time PDT recurring PST date 10 March 2013 2 00 3 November 2013 2 00 This example shows how to set summer time start and end dates Device config clock summer time PST date 20 March 2013 2 00 20 November 2013 2 00 Example Configuring a MOTD Banner This example shows how to configure a MOTD banner by using the pound sign symbol as the beginning and ending delimit...

Page 53: ...host 172 20 10 10 traps private mac notification Device config snmp server enable traps mac notification change Device config mac address table notification change Device config mac address table notification change interval 123 Device config mac address table notification change history size 100 Device config interface gigabitethernet1 2 1 Device config if snmp trap mac notification change added ...

Page 54: ...address filtering and how to configure drop packets that have a source or destination address of c2f3 220a 12f4 When a packet is received in VLAN 4 with this MAC address as its source or destination the packet is dropped Device config mac address table static c2f3 220a 12f4 vlan 4 drop Additional References for Device Administration Related Documents Document Title Related Topic Command Reference ...

Page 55: ...XE Everest 16 5 1a Support for this feature was introduced only on the C9500 32C C9500 32QC C9500 48Y4C and C9500 24Y4C models of the Cisco Catalyst 9500 Series Switches Device Administration Cisco IOS XE Fuji 16 8 1a Use Cisco Feature Navigator to find information about platform and software image support To access Cisco Feature Navigator go to http www cisco com go cfn System Management Configur...

Page 56: ...System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 42 Administering the Device Feature History for Device Administration ...

Page 57: ... this record and compare it with a Cisco certified record to verify if your software image is genuine If the checksum values do not match you may be running a software image that is either not certified by Cisco or has been altered by an unauthorized party Verifying the Software Image and Hardware This task describes how to retrieve the checksum record that was created during a switch bootup Enter...

Page 58: ...jbyBSb290IENBIDIwNDgwggEg MA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQCwmrmrp68Kd6ficba0ZmKUeIhH xmJVhEAyv8CrLqUccda8bnuoqrpu0hWISEWdovyD0My5jOAmaHBKeN8hF570YQXJ FcjPFto1YYmUQ6iEqDGYeJu5Tm8sUxJszR2tKyS7McQr 4NEb7Y9JHcJ6r8qqB9q VvYgDxFUl4F1pyXOWWqCZe 36ufijXWLbvLdT6ZeYpzPEApk0E5tzivMW VgpSdH jWn0f84bcN5wGyDWbs2mAag8EtKpP6BrXruOIIt6keO1aO6g58QBdKhTCytKmg9l Eg6CTY5j e rmxrbU6YTYK CfdfHbBcl1HP7R2RQgYCUTOG r...

Page 59: ...PmEfLHw9 D6 l d6Fsc1M LeB q Q2a6L6oZd1rJJheNQyCN jOCYuM0dK9JyDjLda9jSa3AL7UsOcr9aciBQ CjZ6 8bV3x8LzAyPDs qy6fHgB4OpP8vOJtQdnYGDZAtOun4Jlz3PyXjSJy9XWoWflG 2nGXg9PCig8l1ppPjDg1prZ60lt scEEJzqZmoHGn lelOH4s mJTVAxbgBudcA3 0XpdeHqOD0OdkG8JkXPYcUQ5in4R6zgwXEnqMzY END CERTIFICATE Signature version 1 Signature 6 E 1 C D A E 6 D F 1 E 0 C D 8 1 3 E D D 7 B 9 8 F 5 D A 1 8 A 9 2 1 9 1 B 4 2 0 D 7 8 8 B D 3...

Page 60: ...B 7 6 6 C A 2 9 A 9 F 3 4 1 B 6 7 A C F C 3 A 7 9 6 7 F 4 6 C 4 1 C 8 A 6 1 5 Additional References for Boot Integrity Visibility Related Documents Document Title Related Topic Command Reference Catalyst 9500 Series Switches For complete syntax and usage information for the commands used in this chapter Feature History for Boot Integrity Visibility This table provides release and related informati...

Page 61: ...Dynamic Host Configuration Protocol DHCP auto configuration Device Boot Process To start your device you need to follow the procedures described in the Cisco Catalyst 9500 Series Switches Hardware Installation Guide for installing and powering on the device and setting up the initial device configuration The normal boot process involves the operation of the boot loader software and includes these ...

Page 62: ...ure you have configured the PC or terminal emulation software baud rate and character format to match these of the device console port Baud rate default is 9600 Data bits default is 8 If the data bits option is set to 8 set the parity option to none Note Stop bits default is 2 minor Parity settings default is none Software Install Overview The Software Install feature provides a uniform experience...

Page 63: ...m in each installed package is mounted to the root file system directly from flash The packages and provisioning file used to boot in installed mode must reside in flash Booting in installed mode from usbflash0 or tftp is not supported Note Bundle Boot Mode You can boot your device in bundle boot mode by booting the bundle bin file switch boot flash cat9k_iosxe 16 05 01a SPA bin The provisioning f...

Page 64: ...d previously added packages from the bin file get activated and the system reloads Enable the install commit command to make updates persistent over reloads Installing an update replaces any previously installed software image At any time only one image is installed on the device The following flow chart explains how the software install works Figure 3 Committing a Software Package The install act...

Page 65: ...ion steps manually configure the device Otherwise use the setup program described in section Device Boot Process on page 47 Default Switch Information Table 4 Default Switch Information Default Setting Feature No IP address or subnet mask are defined IP address and subnet mask No default gateway is defined Default gateway No password is defined Enable secret password The factory assigned default h...

Page 66: ...evice If the configuration file is present and the configuration includes the ip address dhcp interface configuration command on specific routed interfaces the DHCP client is invoked and requests the IP address information for those interfaces This is the sequence of messages that are exchanged between the DHCP client and the DHCP server Figure 4 DHCP Client and Server Message Exchange The client ...

Page 67: ...r more devices in a network Simultaneous image and configuration upgrade for all switches in the network helps ensure that each new device added to a network receives the same image and configuration There are two types of DHCP image upgrades DHCP autoconfiguration and DHCP auto image update Restrictions for DHCP Based Autoconfiguration The DHCP based autoconfiguration with a saved configuration p...

Page 68: ...rver with reserved leases that are bound to each device by the device hardware address If you want the device to receive IP address information you must configure the DHCP server with these lease options IP address of the client required Subnet mask of the client required DNS server IP address optional Router IP address default gateway address to be used by the device required If you want the devi...

Page 69: ...e to IP address mapping in the DNS server database If the TFTP server to be used is on a different LAN from the device or if it is to be accessed by the device through the broadcast address which occurs if the DHCP server response does not contain all the required information described previously a relay must be configured to forward the TFTP packets to the TFTP server The preferred solution is to...

Page 70: ... file it reads the router confg file If the device cannot read the router confg file it reads the ciscortr cfg file The device broadcasts TFTP server requests if the TFTP server is not obtained from the DHCP replies if all attempts to read the configuration file through unicast transmissions fail or if the TFTP server name cannot be resolved to an IP address Note How to Control Environment Variabl...

Page 71: ...ained in the booted bundle is used to activate the packages included in the bundle For example boot flash image bin set BOOT filesystem file url A semicolon separated list of executable files to try to load and execute when automatically booting BOOT boot manual Enables manually booting the switch during the next boot cycle and changes the setting of the MANUAL_BOOT environment variable The next t...

Page 72: ... the baud rate set BAUD baud rate BAUD boot enable break switch yes no Enables a break to the auto boot cycle You have 5 seconds to enter the break command set ENABLE_BREAK yes no ENABLE_BREAK Environment Variables for TFTP When the switch is connected to a PC through the Ethernet management port you can download or upload a configuration file to the boot loader by using TFTP Make sure the environ...

Page 73: ... not set to manually boot up it reboots itself If your device is configured for manual booting do not reload it from a virtual terminal This restriction prevents the device from entering the boot loader mode and then taking it from the remote user s control If you modify your configuration file the device prompts you to save the configuration before reloading During the save operation the system r...

Page 74: ...onfiguration file that is used as a boot image boot filename Example Step 3 Device dhcp config boot config boot text Specifies the subnet network number and mask of the DHCP address pool network network number mask prefix length Example Step 4 The prefix length specifies the number of bits that comprise the address prefix The prefix is an alternative way of specifying the network mask of the clien...

Page 75: ...f the client that will receive the configuration file interface interface id Example Step 9 Device config interface fortygigabitethernet1 0 4 Puts the interface into Layer 3 mode no switchport Example Step 10 Device config if no switchport Specifies the IP address and mask for the interface ip address address mask Example Step 11 Device config if ip address 10 10 10 1 255 255 255 0 Returns to priv...

Page 76: ...lename txt 9 copy tftp flash imagename bin 10 exit 11 tftp server flash config text 12 tftp server flash imagename bin 13 tftp server flash filename txt 14 interface interface id 15 no switchport 16 ip address address mask 17 end 18 copy running config startup config DETAILED STEPS Purpose Command or Action Enters global configuration mode configure terminal Example Step 1 Device configure termina...

Page 77: ...ddress of the TFTP server option 150 address Example Step 6 Device dhcp config option 150 10 10 10 1 Specifies the path to the text file that describes the path to the image file option 125 hex Example Step 7 Device dhcp config option 125 hex 0000 0009 0a05 08661 7574 6f69 6e73 7461 6c6c 5f64 686370 Uploads the text file to the device copy tftp flash filename txt Example Step 8 Device config copy ...

Page 78: ... will receive the configuration file interface interface id Example Step 14 Device config interface gigabitEthernet1 0 4 Puts the interface into Layer 3 mode no switchport Example Step 15 Device config if no switchport Specifies the IP address and mask for the interface ip address address mask Example Step 16 Device config if ip address 10 10 10 1 255 255 255 0 Returns to privileged EXEC mode end ...

Page 79: ...a saved configuration boot host dhcp Example Step 2 Device conf boot host dhcp Optional Sets the amount of time the system tries to download a configuration file boot host retry timeout timeout value Example Step 3 If you do not set a timeout the system will try indefinitely to obtain an IP address from the DHCP server Note Device conf boot host retry timeout 300 Optional Creates warning messages ...

Page 80: ...s SUMMARY STEPS 1 enable 2 configure terminal 3 interface vlan vlan id 4 ip address ip address subnet mask 5 exit 6 ip default gateway ip address 7 end 8 show interfaces vlan vlan id 9 show ip redirects DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example...

Page 81: ... IP addresses from the device Device config ip default gateway 10 10 10 1 Once the default gateway is configured the device has connectivity to the remote networks with which a host needs to communicate When your device is configured to route with IP it does not need to have a default gateway set Note The device capwap relays on default gateway configuration to support routed access point join the...

Page 82: ...le 2 configure terminal 3 boot flash file url 4 end 5 show boot 6 copy running config startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Specifies the configuration file to load during the next boot cycle ...

Page 83: ...g Example Step 6 Device copy running config startup config Manually Booting the Switch By default the switch automatically boots up however you can configure it to manually boot up Before you begin Use a standalone switch for this task SUMMARY STEPS 1 configure terminal 2 boot manual 3 end 4 show boot 5 copy running config startup config DETAILED STEPS Purpose Command or Action Enters global confi...

Page 84: ...rectory and the name of the bootable image Filenames and directory names are case sensitive Optional Saves your entries in the configuration file copy running config startup config Example Step 5 Device copy running config startup config Booting the Device in Installed Mode Installing a Software Package You can install activate and commit a software package using a single command or using separate...

Page 85: ...p 3 Device exit Managing the Update Package SUMMARY STEPS 1 enable 2 install add file tftp filename 3 install activate auto abort timer 4 install abort 5 install commit 6 install rollback to committed 7 install remove file filesystem filename inactive 8 show install summary DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted D...

Page 86: ...and completes the new image installation Changes are persistent across reloads until the auto abort timer expires Device install commit Optional Rolls back the update to the last committed version install rollback to committed Example Step 6 Device install rollback to committed Optional Deletes all unused and inactive software installation files install remove file filesystem filename inactive Exa...

Page 87: ...task describes how to configure your device to reload the software image at a later time SUMMARY STEPS 1 enable 2 configure terminal 3 copy running config startup config 4 reload in hh mm text 5 reload at hh mm month day day month text 6 reload cancel 7 show reload DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device ena...

Page 88: ...ocol NTP the hardware calendar or manually The time is relative to the configured time zone on the device To schedule reloads across several devices to occur simultaneously the time on each device must be synchronized with NTP Note Device config reload at 14 00 Cancels a previously scheduled reload reload cancel Example Step 6 Device config reload cancel Displays information about a previously sch...

Page 89: ...PL Version 2 0 The software code licensed under GPL Version 2 0 is free software that comes with ABSOLUTELY NO WARRANTY You can redistribute and or modify such GPL code under the terms of GPL Version 2 0 For more details see the documentation or License Notice file accompanying the IOS XE software or the applicable URL provided on the flyer accompanying the IOS XE software FIPS Flash Key Check Beg...

Page 90: ...h cat9k_iosxe 16 05 01a SPA bin Attempting to boot from flash cat9k_iosxe 16 05 01a SPA bin Located cat9k_iosxe 16 05 01a SPA bin Warning ignoring ROMMON var BOOT_PARAM Waiting for 120 seconds for other switches to boot Switch number is 3 Restricted Rights Legend Use duplication or disclosure by the Government is subject to restrictions as set forth in subparagraph c of the Commercial Computer Sof...

Page 91: ...ions If you are unable to comply with U S and local laws return this product immediately A summary of U S laws governing Cisco cryptographic products may be found at http www cisco com wwl export crypto tool stqrg html If you require further assistance please contact us by sending email to export cisco com cisco C9300 24U X86 processor with 818597K 6147K bytes of memory Processor board ID FCW2111G...

Page 92: ...at9k cc_srdriver 16 05 01a SPA pkg is Digitally Signed Package cat9k espbase 16 05 01a SPA pkg temp stage cat9k espbase 16 05 01a SPA pkg is Digitally Signed Package cat9k guestshell 16 05 01a SPA pkg temp stage cat9k guestshell 16 05 01a SPA pkg is Digitally Signed Package cat9k rpbase 16 05 01a SPA pkg temp stage cat9k rpbase 16 05 01a SPA pkg is Digitally Signed Package cat9k sipbase 16 05 01a ...

Page 93: ...o you want to proceed Please confirm you have changed boot config to flash packages conf y n y Starting initial file syncing Info Finished copying flash cat9k_iosxe 16 06 02 SPA bin to the selected switch es Finished initial file syncing Starting Add Performing Add on all members 1 Add package s on switch 1 1 Finished Add on switch 1 Checking status of Add on 1 Add Passed on 1 Finished Add install...

Page 94: ...mation State St I Inactive U Activated Uncommitted C Activated Committed D Deactivated Uncommitted Type St Filename Version IMG I 16 6 1 0 IMG C 16 6 2 0 The following example shows how to activate an added software package file Device install activate install_activate START Mon Oct 30 20 14 20 UTC 2017 install_activate Activating PACKAGE Oct 30 20 14 21 379 IOSXE 5 PLATFORM Switch 1 R0 0 Oct 30 2...

Page 95: ...sipspa BLD_POLARIS_DEV_LATEST_20171029_082249 SSA pkg Added cat9k srdriver BLD_POLARIS_DEV_LATEST_20171029_082249 SSA pkg Added cat9k webui BLD_POLARIS_DEV_LATEST_20171029_082249 SSA pkg Added cat9k wlc BLD_POLARIS_DEV_LATEST_20171029_082249 SSA pkg Finished list of software package changes 1 Finished Activate on switch 1 Checking status of Activate on 1 Activate Passed on 1 Finished Activate Oct ...

Page 96: ... SPA pkg Current cc 1 0 cc_srdriver cat9k cc_srdriver 16 06 02 prd9 SPA pkg Current cc 1 0 cc cat9k sipbase 16 06 02 prd9 SPA pkg Current cc 1 0 cc_spa cat9k sipspa 16 06 02 prd9 SPA pkg Current cc 10 0 cc cat9k sipbase 16 06 02 prd9 SPA pkg Current cc 10 0 cc_spa cat9k sipspa 16 06 02 prd9 SPA pkg Current cc 10 0 cc_srdriver cat9k cc_srdriver 16 06 02 prd9 SPA pkg Current cc 2 0 cc_srdriver cat9k...

Page 97: ... sipbase 16 06 02 SPA pkg Replacement cc 10 0 cc_spa cat9k sipspa 16 06 02 SPA pkg Replacement cc 10 0 cc_srdriver cat9k cc_srdriver 16 06 02 SPA pkg Replacement cc 2 0 cc_srdriver cat9k cc_srdriver 16 06 02 SPA pkg Replacement cc 2 0 cc cat9k sipbase 16 06 02 SPA pkg Replacement cc 2 0 cc_spa cat9k sipspa 16 06 02 SPA pkg Replacement cc 3 0 cc_srdriver cat9k cc_srdriver 16 06 02 SPA pkg Replaceme...

Page 98: ...o reason Reload command Oct 30 20 54 31 615 FP0 0 PMAN 5 EXITACTION Process manager is exiting reload fp action requested Oct 30 20 54 The following is a sample output from the install remove inactive command Device install remove inactive install_remove START Mon Oct 30 19 51 48 UTC 2017 Cleaning up unnecessary package files Scanning boot directory for packages done Preparing packages list to del...

Page 99: ...asfs_is_dominica readonly function usr binos conf chasutils sh line 428 chasfs_is_dominica readonly function usr binos conf chasutils sh line 428 chasfs_is_dominica readonly function usr binos conf chasutils sh line 428 chasfs_is_dominica readonly function usr binos conf chasutils sh line 428 chasfs_is_dominica readonly function usr binos conf chasutils sh line 428 chasfs_is_dominica readonly func...

Page 100: ...pkg Current cc 6 0 cc_spa cat9k sipspa BLD_POLARIS_DEV_LATEST_20171029_082249 SSA pkg Current cc 7 0 cc_srdriver cat9k cc_srdriver BLD_POLARIS_DEV_LATEST_20171029_082249 SSA pkg Current cc 7 0 cc cat9k sipbase BLD_POLARIS_DEV_LATEST_20171029_082249 SSA pkg Current cc 7 0 cc_spa cat9k sipspa BLD_POLARIS_DEV_LATEST_20171029_082249 SSA pkg Current cc 8 0 cc_srdriver cat9k cc_srdriver BLD_POLARIS_DEV_...

Page 101: ...spa 16 06 02 SPA pkg Replacement cc 3 0 cc_srdriver cat9k cc_srdriver 16 06 02 SPA pkg Replacement cc 3 0 cc cat9k sipbase 16 06 02 SPA pkg Replacement cc 3 0 cc_spa cat9k sipspa 16 06 02 SPA pkg Replacement cc 4 0 cc_srdriver cat9k cc_srdriver 16 06 02 SPA pkg Replacement cc 4 0 cc cat9k sipbase 16 06 02 SPA pkg Replacement cc 4 0 cc_spa cat9k sipspa 16 06 02 SPA pkg Replacement cc 5 0 cc_srdrive...

Page 102: ...g PACKAGE Oct 30 20 42 29 149 IOSXE 5 PLATFORM Switch 1 R0 0 Oct 30 20 42 29 install_engine sh INSTALL 5 INSTALL_START_INFO Started install activateFollowing packages shall be activated flash cat9k wlc 16 06 02 prd9 SPA pkg flash cat9k webui 16 06 02 prd9 SPA pkg flash cat9k srdriver 16 06 02 prd9 SPA pkg flash cat9k sipspa 16 06 02 prd9 SPA pkg flash cat9k sipbase 16 06 02 prd9 SPA pkg flash cat9...

Page 103: ...t timer will expire in 1800 seconds Install will reload the system now SUCCESS install_activate Mon Oct 30 20 43 44 UTC 2017 Device Oct 30 20 43 44 615 IOSXE 5 PLATFORM Switch 1 R0 0 Oct 30 20 43 44 install_engine sh INSTALL 5 INSTALL_COMPLETED_INFO Completed install activate PACKAGE Chassis 1 reloading reason Reload command Verifying Software Install SUMMARY STEPS 1 enable 2 show install log 3 sh...

Page 104: ...commit START Mon Jun 12 07 28 12 UTC 2017 SUCCESS install_commit Mon Jun 12 07 28 44 UTC 2017 1 install_commit INFO install_commit START Mon Jun 12 07 28 12 UTC 2017 SUCCESS install_commit Mon Jun 12 07 28 45 UTC 2017 1 install_commit END SUCCESS Mon Jun 12 07 28 47 UTC 2017 Step 3 show install summary Example Device show install summary Displays information about the image versions and their corr...

Page 105: ... is not bootable Device Step 5 show install active Example Device show install active Displays information about the active software install package Device show install active R0 Active Package s Information State St I Inactive U Activated Uncommitted C Activated Committed D Deactivated Uncommitted Type St Filename Version IMG C 16 6 2 0 Step 6 show install inactive Example Device show install ina...

Page 106: ...C Activated Committed D Deactivated Uncommitted Type St Filename Version IMG U 16 6 2 0 Device Example Configuring a Device as a DHCP Server Device configure terminal Device config ip dhcp pool pool1 Device dhcp config network 10 10 10 0 255 255 255 0 Device dhcp config boot config boot text Device dhcp config default router 10 10 10 1 Device dhcp config option 150 10 10 10 1 Device dhcp config ex...

Page 107: ...Layer 3 SVI interface on VLAN 99 to enable DHCP based autoconfiguration with a saved configuration Device configure terminal Device config boot host dhcp Device config boot host retry timeout 300 Device config banner config save C Caution Saving Configuration File to NVRAM May Cause You to No longer Automatically Download Configuration Files at Reboot C Device config vlan 99 Device config vlan int...

Page 108: ...ase and related information for features explained in this module These features are available on all releases subsequent to the one they were introduced in unless noted otherwise Feature Information Feature Release A device setup configuration can be performed including auto configuration of IP address assignments and DHCP Support for this feature was introduced only on the C9500 12Q C9500 16X C9...

Page 109: ...ftware image support To access Cisco Feature Navigator go to http www cisco com go cfn System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 95 Performing Device Setup Configuration Feature History for Performing Device Setup Configuration ...

Page 110: ...System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 96 Performing Device Setup Configuration Feature History for Performing Device Setup Configuration ...

Page 111: ...ng RTU licenses To activate a license you must reboot your switch after configuring the new license level An expired evaluation license can not be reactivated after reboot Information About Configuring RTU Licenses Right To Use Licensing The software features available with Right to use RTU licensing falls under the base or add on license levels The license types available are Base licenses These ...

Page 112: ...ed with a feature set for a specific subscription period You can verify the expiration date from Cisco Smart Software Manager CSSM Evaluation licenses Pre installed on the device and valid for a 90 day trial period They cannot be ordered or tranferred to another device Once activated this type of license cannot be deactivated until it expires Warning system messages about the evaluation license ex...

Page 113: ... essentials active both standby evaluation active both standby acceptEULA Example Device license right to use activate network essentials all acceptEULA Activates the license level Activation can happen on all switches and also include the EULA acceptance license right to use activate deactivate addon dna essentials dna advantage all evaluation Step 2 subscription all slot slot number 1 8 acceptEU...

Page 114: ...on 0 0 0 no no 1 dna essentials Subscription 0 0 0 no no 1 dna advantage Evaluation 0 0 0 no no 1 dna advantage Subscription 0 0 6 yes yes Device Rehosting a License To rehost a license you have to deactivate the license from one device and then activate the same license on another SUMMARY STEPS 1 license right to use deactivate license level slot slot num 2 license right to use activate license l...

Page 115: ...ID Enter acceptEULA to indicate acceptance Check the reboot license level is Network Advantage show license right to use summary Step 2 Reboots the switch to boot with Network Advantage reload Step 3 ActivatingDNAEssentialsLicenseonaSKUwithaNetworkEssentialsLicense SUMMARY STEPS 1 license right to use activate addon dna essentials subscription slot switch ID acceptEULA 2 show license right to use ...

Page 116: ...e switch to boot with Network Advantage evaluation license reload Step 3 Deactivating an Evaluation Network Advantage License on a Network Essentials SKU SUMMARY STEPS 1 license right to use deactivate network advantage evaluation slot switch ID acceptEULA 2 show license right to use summary 3 reload DETAILED STEPS Purpose Command or Action Deactivates the Network Advantage evaluation license lice...

Page 117: ... right to use activate deactivate addon dna advantage subscription acceptEULA license right to use activate deactivate addon dna advantage evaluation acceptEULA Monitoring and Maintaining RTU Licenses Purpose Command Displays the default license information show license right to use default Displays detailed information of the licenses on the device show license right to use detail Displays the en...

Page 118: ...etwork advantage Permanent Lifetime dna advantage Subscription CSSM Managed License Level In Use network advantage dna advantage Subscription License Level on Reboot network advantage dna advantage Subscription Example Output with Evaluation License Switch show license right to use summary Switch show license right to use summary License Name Type Period left network advantage Evaluation 90 dna ad...

Page 119: ...releases and feature sets use Cisco MIB Locator found at the following URL http www cisco com go mibs Object ciscoLicenseMIB OID 1 3 6 1 4 1 9 9 359 CISCO LICENSE MGMT MIB View Supporting Images Feature History and Information for RTU Licensing Feature Information Release This feature is introduced Cisco IOS XE 16 5 1a System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Sw...

Page 120: ...System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 106 Configuring Right To Use Licenses Feature History and Information for RTU Licensing ...

Page 121: ...Finding Feature Information Your software release may not support all the features documented in this module For the latest caveats and feature information see Bug Search Tool and the release notes for your platform and software release To find information about the features documented in this module and to see a list of the releases in which each feature is supported see the feature information t...

Page 122: ...ts This section descriobes the supported avc class maps and policy map formats Supported AVC Class Map Format Direction Class Map Example Class Map Format Both ingress and egress class map match any NBAR VOICE match protocol ms lync audio match protocol protocol name Both ingress and egress class map match any NBAR VOICE match protocol ms lync audio match dscp ef Combination filters Supported AVC ...

Page 123: ...ex category police 200000 set dscp af31 Hierarchical set and police Restrictions for Wired Application Visibility and Control AVC and Encrypted Traffic Analytics ETA cannot be configured together at the same time on the same interface NBAR and transmit Tx Switched Port Analyzer SPAN is not supported on the same interface Only one of the NBAR based QoS mechanisms are allowed to be attached to any p...

Page 124: ...XE Fuji 16 9 1 up to two wired AVC monitors each with a different predefined record can be attached to an interface at the same time Two new directional flow records ingress and egress have been introduced in Cisco IOS XE Fuji 16 9 1 in addition to the two existing legacy flow records Attachment should be done only on physical Layer 2 and Layer 3 ports and these ports cannot be part of a port chan...

Page 125: ...y specifying key and non key fields to the flow Create a flow exporter to export the flow record Create a flow monitor based on the flow record and the flow exporter Attach the flow monitor to the interface Protocol Discovery application based QoS and application based FNF are all independent features They can be configured independently or together on the same interface at the same time Enabling ...

Page 126: ... to the interface Creating a Class Map You need to create a class map before configuring any match protocol filter The QoS actions such as marking and policing can be applied to the traffic The AVC match protocol filters are applied to the wired access ports For more information about the protocols that are supported see http www cisco com c en us td docs ios xml ios qos_nbar prot_lib config_libra...

Page 127: ... global configuration mode configure terminal Example Step 1 Device configure terminal Creates a policy map by entering the policy map name and enters policy map configuration mode policy map policy map name Example Step 2 By default no policy maps are defined Device config policy map webex policy The default behavior of a policy map is to set the DSCP to 0 if the packet is an IP packet and to set...

Page 128: ...efined Device config pmap c police 100000 80000 For rate bps specify an average traffic rate in bits per second b s The range is 8000 to 10000000000 For burst byte specify the normal burst size in bytes The range is 1000 to 512000000 Classifies IP traffic by setting a new value in the packet set dscp new dscp cos cos value Step 5 Example For dscp new dscp enter a new DSCP value to be assigned to t...

Page 129: ...h is based on specific NBAR protocols To accommodate practically equivalent functionality a much more useful and efficient QoS NBAR defines a set of attributes that each protocol is classified to with defaults which may be overwritten in CLI as described further in this chapter e g business relevance and traffic class QoS classes and policies may be defined based on such general NBAR attributes in...

Page 130: ...STEPS Purpose Command or Action Enters global configuration mode configure terminal Example Step 1 Device configure terminal Creates a policy map based on a class map based on NBAR attributes no policy map policy map name Step 2 Defines a traffic classification and enters policy map class configuration mode no class class map name class default Example Step 3 By default no policy map and class map...

Page 131: ...TEPS 1 configure terminal 2 interface interface id 3 service policy input output policy map name 4 end 5 show class map 6 show policy map interface DETAILED STEPS Purpose Command or Action Enters global configuration mode configure terminal Example Step 1 Device configure terminal Enters the interface configuration mode interface interface id Example Step 2 Device config interface Gigabitethernet ...

Page 132: ...bute configuration mode no ip nbar attribute map attribute map name Step 2 Defines an attribute map that can be applied to specific protocols in order to override their default attribute settings no attribute attribute type attribute value Step 3 Sets an attribute map to a specific protocol to override their default attribute settings no ip nbar attribute set protocol name attribute map name Step ...

Page 133: ...connection client ipv4 address 8 match connection server ipv4 address 9 match connection server transport port 10 match flow observation point 11 collect flow direction 12 collect connection initiator 13 collect connection client counter packets long 14 collect connection client counter bytes network long 15 collect connection server counter packets long 16 collect connection server counter bytes ...

Page 134: ...Example Step 7 Device config flow record match connection client ipv4 address Specifies a match to the IPv4 address of the server flow responder match connection server ipv4 address Example Step 8 Device config flow record match connection server ipv4 address Specifies a match to the transport port of the server match connection server transport port Example Step 9 Device config flow record match ...

Page 135: ...pecifies to collect the number of packets sent by the client collect connection client counter packets long Example Step 13 Device config flow record collect connection client counter packets long Specifies to collect the total number of bytes transmitted by the client collect connection client counter bytes network long Example Step 14 Device config flow record collect connection client counter b...

Page 136: ...ords show flow record Example Step 21 Device show flow record Creating a Flow Exporter You can create a flow exporter to define the export parameters for a flow SUMMARY STEPS 1 configure terminal 2 flow exporter flow_exporter_name 3 description description 4 destination hostname ipv4 address ipv6 address 5 option application table timeout seconds 6 end 7 show flow exporter 8 show flow exporter sta...

Page 137: ...configuration mode end Example Step 6 Device config end Displays information about all the flow exporters show flow exporter Example Step 7 Device show flow exporter Displays flow exporter statistics show flow exporter statistics Example Step 8 Device show flow exporter statistics Creating a Flow Monitor You can create a flow monitor and associate it with a flow record SUMMARY STEPS 1 configure te...

Page 138: ...name Example Step 5 Device config flow monitor exporter flow exporter 1 Optional Specifies to configure flow cache parameters cache entries number of entries timeout active inactive type normal Step 6 entries number of entries Specifies the maximum number of flow entries in the flow cache in the range from 16 to 65536 Example Device config flow monitor cache timeout active 1800 Only normal cache t...

Page 139: ...monitor flow monitor name cache format table Step 12 Example Device show flow monitor flow monitor 1 cache format table Displays flow cache contents in similar format as the flow record show flow monitor flow monitor name cache format record Example Step 13 Device show flow monitor flow monitor 1 cache format record Displays flow cache contents in CSV format show flow monitor flow monitor name cac...

Page 140: ...cations which are not covered by the NBAR2 protocol pack provided by Cisco Local applications are mainly categorized as Specific applications to an organization Applications specific to a geography NBAR2 provides a way to manually customize such local applications You can manually customize applications using the command ip nbar custom myappname in global configuration mode Custom applications tak...

Page 141: ... Custom application called MYSSL using SSL unique name mydomain com with selector ID 11 Device configure terminal Device config ip nbar custom MYSSL ssl unique name mydomain com id 11 DNS Customization NBAR2 examines DNS request and response traffic and can correlate the DNS response to an application The IP address returned from the DNS response is cached and used for later packet flows associate...

Page 142: ...low L3 L4 Customization Custom application called LAYER4CUSTOM matching IP addresses 10 56 1 10 and 10 56 1 11 TCP and DSCP ef with selector ID 14 Device configure terminal Device config ip nbar custom LAYER4CUSTOM transport tcp id 14 Device config custom ip address 10 56 1 10 10 56 1 11 Device config custom dscp ef Examples Monitoring Custom Applications Show Commands for Monitoring Custom Applic...

Page 143: ...e primary switch in the stack any switch in the stack that does not have the file loaded will be reloaded due to a configuration mismatch Warning NBAR2 protocol packs are available for download on Cisco Software Center from this URL https software cisco com download home Prerequisites for the NBAR2 Protocol Pack Before loading a new protocol pack you must copy the protocol pack to the flash on all...

Page 144: ... active Use the protocol pack argument to display information about the specified protocol pack Use the active keyword to display active protocol pack information Use the detail keyword to display detailed protocol pack information Examples Loading the NBAR2 Protocol Pack The following example shows how to load a new protocol pack Device enable Device configure terminal Device config ip nbar proto...

Page 145: ...mples Application Visibility and Control Configuration This example shows how to create class maps with apply match protocol filters for application name Device configure terminal Device config class map match any NBAR VOICE Device config cmap match protocol ms lync audio Device config cmap end This example shows how to create policy maps and define existing class maps for egress QoS Device config...

Page 146: ... Device config pmap class rel relevant Device config pmap c set dscp ef Device config pmap c class rel irrelevant Device config pmap c set dscp af11 Device config pmap c class rel default Device config pmap c set dscp default Device config policy map attrib ops admin and rel Device config pmap class class ops admin and rel Device config pmap c set dscp cs5 This example shows how to attach a policy...

Page 147: ...terfaces Device show policy map int GigabitEthernet1 0 1 Service policy input MARKING IN Class map NBAR VOICE match any 718 packets Match protocol ms lync audio 0 packets 0 bytes 30 second rate 0 bps QoS Set dscp ef Class map NBAR MM_CONFERENCING match any 6451 packets Match protocol ms lync 0 packets 0 bytes 30 second rate 0 bps Match protocol ms lync video 0 packets 0 bytes 30 second rate 0 bps ...

Page 148: ... business irrelevant QoS Set dscp af11 Class map rel default match all 14 packets Match protocol attribute business relevance default QoS Set dscp default Class map class default match any 0 packets Match any show ip nbar protocol attribute Displays all the protocol attributes used by NBAR The following shows sample output for some of the attributes Device show ip nbar protocol attribute cisco jab...

Page 149: ...ication set general browsing Device show ip nbar protocol attribute unknown Protocol Name unknown encrypted encrypted no tunnel tunnel no category other sub category other application group other p2p technology p2p tech no traffic class bulk data business relevance default application set general misc Show Commands for Viewing Flow Monitor Configuration show flow monitor wdavc Displays information...

Page 150: ...tistics Device show flow monitor wdavc statistics Cache type Normal Platform cache Cache size 12000 Current entries 0 Flows added 0 Flows aged 0 Show Commands for Viewing Cache Contents show flow monitor wdavc cache format table Displays flow cache contents in a tabular format Device show flow monitor wdavc cache format table Cache type Normal Platform cache Cache size 12000 Current entries 13 Flo...

Page 151: ... cisco collab control Input 10 1 11 4 66 102 11 99 80 4294967305 4 6 layer7 google services Input contd 64 103 125 2 64 103 125 97 68 4294967305 4 17 layer7 dhcp Input 64 103 125 29 64 103 101 181 67 4294967305 4 17 layer7 dhcp Input show flow monitor wdavc cache format record Displays flow cache contents in similar format as the flow record Device show flow monitor wdavc cache format record Cache...

Page 152: ...initiator Initiator connection count new 1 connection server packets counter 0 connection client packets counter 1 connection server network bytes counter 0 connection client network bytes counter 350 CONNECTION IPV4 INITIATOR ADDRESS 64 103 125 3 CONNECTION IPV4 RESPONDER ADDRESS 64 103 125 97 CONNECTION RESPONDER PORT 68 FLOW OBSPOINT ID 4294967305 IP VERSION 4 IP PROTOCOL 17 APPLICATION NAME la...

Page 153: ...ection initiator Initiator connection count new 2 connection server packets counter 12 connection client packets counter 10 connection server network bytes counter 5871 connection client network bytes counter 2088 CONNECTION IPV4 INITIATOR ADDRESS 64 103 125 2 CONNECTION IPV4 RESPONDER ADDRESS 64 103 125 29 CONNECTION RESPONDER PORT 68 FLOW OBSPOINT ID 4294967305 IP VERSION 4 IP PROTOCOL 17 APPLIC...

Page 154: ...nection initiator Initiator connection count new 1 connection server packets counter 0 connection client packets counter 2 connection server network bytes counter 0 connection client network bytes counter 2046 CONNECTION IPV4 INITIATOR ADDRESS 64 103 125 3 CONNECTION IPV4 RESPONDER ADDRESS 64 103 125 29 CONNECTION RESPONDER PORT 68 FLOW OBSPOINT ID 4294967305 IP VERSION 4 IP PROTOCOL 17 APPLICATIO...

Page 155: ...connection initiator Initiator connection count new 2 connection server packets counter 3 connection client packets counter 5 connection server network bytes counter 1733 connection client network bytes counter 663 CONNECTION IPV4 INITIATOR ADDRESS 64 103 125 2 CONNECTION IPV4 RESPONDER ADDRESS 64 103 125 97 CONNECTION RESPONDER PORT 68 FLOW OBSPOINT ID 4294967305 IP VERSION 4 IP PROTOCOL 17 APPLI...

Page 156: ...network bytes cnt 64 103 125 147 144 254 71 184 53 4294967305 4 17 port dns Input 08 55 46 917 08 55 46 917 Initiator 2 1 1 190 106 64 103 121 103 10 1 1 2 67 4294967305 4 17 layer7 dhcp Input 08 55 47 917 08 55 47 917 Initiator 1 0 1 0 350 64 103 125 3 64 103 125 97 68 4294967305 4 17 layer7 dhcp Input 08 55 47 917 08 55 53 917 Initiator 1 0 4 0 1412 10 0 2 6 157 55 40 149 443 4294967305 4 6 laye...

Page 157: ...o a wireless access port All traffic coming from AP s will be classified as capwap Actual classification in this case happens either on the AP or WLC 6 Question In protocol discovery I see traffic only on one side Along with that there are a lot of unknown traffic Answer This usually indicates that NBAR sees asymmetric traffic one side of the traffic is classified in one switch member and the othe...

Page 158: ...wise Feature Information Feature Release AVC is a critical part of Cisco s efforts to evolve its Branch and Campus solutions from being strictly packet and connection based to being application aware and application intelligent Support for this feature was introduced only on the C9500 12Q C9500 16X C9500 24Q C9500 40X models of the Cisco Catalyst 9500 Series Switches Application Visibility and Con...

Page 159: ...d Traffic Analytics Cisco IOS XE Amsterdam 17 3 1 Use Cisco Feature Navigator to find information about platform and software image support To access Cisco Feature Navigator go to http www cisco com go cfn System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 145 Configuring Application Visibility and Control in a Wired Network Feature History for Application Visibi...

Page 160: ...ent Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 146 Configuring Application Visibility and Control in a Wired Network Feature History for Application Visibility and Control in a Wired Network ...

Page 161: ... system usage for some functions Cisco Catalyst 9500 Series Switches support the following standard templates Core NAT Distribution It is recommended that you reload the system as soon as you make a change to the SDM template After you change the template and the system reloads you can use the show sdm prefer privileged EXEC command to verify the new template configuration If you enter the show sd...

Page 162: ...terminal 3 sdm prefer core nat sda distribution 4 end 5 reload DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Specifies the SDM template to be used on the switch The keywords have these meanings sdm prefer core nat s...

Page 163: ...ommand Displays the SDM template in use show sdm prefer The SDM templates contain only those commands that are defined as part of the templates If a template enables another related command that is not defined in the template then this other command will be visible when the show running config command is entered For example if the SDM template enables the switchport voice vlan command then the spa...

Page 164: ...92 proposed QoS Ingress IPv4 Access Control Entries 4096 current 4096 proposed QoS Ingress Non IPv4 Access Control Entries 4096 current 4096 proposed QoS Egress IPv4 Access Control Entries 4096 current 4096 proposed QoS Egress Non IPv4 Access Control Entries 4096 current 4096 proposed Netflow Input Access Control Entries 512 current 512 proposed Netflow Output Access Control Entries 512 current 51...

Page 165: ...st MAC addresses 768 Overflow L2 Multicast entries 2304 L3 Multicast entries 32768 Overflow L3 Multicast entries 768 Ipv4 Ipv6 shared unicast routes 212992 Overflow shared unicast routes 1536 Policy Based Routing ACEs NAT ACEs 15872 Tunnels 1792 LISP Instance Mapping Entries 1024 Control Plane Entries 1024 Input Netflow flows 32768 Output Netflow flows 32768 SGT DGT or MPLS VPN entries 32768 SGT D...

Page 166: ... Input Netflow flows 49152 Output Netflow flows 49152 SGT DGT or MPLS VPN entries 32768 SGT DGT or MPLS VPN Overflow entries 768 Wired clients 2048 MACSec SPD Entries 256 MPLS L3 VPN VRF 1024 MPLS Labels 45056 MPLS L3 VPN Routes VRF Mode 112640 MPLS L3 VPN Routes Prefix Mode 32768 MVPN MDT Tunnels 1024 L2 VPN EOMPLS Attachment Circuit 1024 MAX VPLS Bridge Domains 1000 MAX VPLS Peers Per Bridge Dom...

Page 167: ...1a Support for customizable SDM templates for FIB features was introduced Customizable SDM templates can be used to configure the features of the template as per the user s requirements Customizable SDM Template for FIB Features Cisco IOS XE Amsterdam 17 3 1 Support for customizable SDM templates for ACL features was introduced Customizable SDM templates can be used to configure the features of th...

Page 168: ...System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 154 Configuring SDM Templates Feature History for SDM Templates ...

Page 169: ...om An account on Cisco com is not required Information About Configuring System Message Logs System Messsage Logging By default a switch sends the output from system messages and debug privileged EXEC commands to a logging process The logging process controls the distribution of logging messages to various destinations such as the logging buffer terminal lines or a UNIX syslog server depending on ...

Page 170: ...acility severity MNEMONIC description The part of the message preceding the percent sign depends on the setting of these global configuration commands service sequence numbers service timestamps log datetime service timestamps log datetime localtime msec show timezone service timestamps log uptime Table 12 System Log Message Elements Description Element Stamps log messages with a sequence number o...

Page 171: ...f messages sent and stored in the switch history table You also can change the number of messages that are stored in the history table Messages are stored in the history table because SNMP traps are not guaranteed to reach their destination By default one message of the level warning and numerically lower levels are stored in the history table even if syslog traps are not enabled When the history ...

Page 172: ... default buffer size is 4096 bytes Device config logging buffered 8192 If a standalone switch or the active switch fails the log file is lost unless you previously saved it to flash memory See Step 4 Do not make the buffer size too large because the switch could run out of memory for other tasks Use the show memory privileged EXEC command to view the free processor memory on the switch However thi...

Page 173: ...ach session to see the debugging messages Synchronizing Log Messages You can synchronize unsolicited messages and debug privileged EXEC command output with solicited device output and prompts for a specific console port line or virtual terminal line You can identify the types of messages to be output asynchronously based on the level of severity You can also configure the maximum number of buffers...

Page 174: ...ing used for your current connection For example to change the setting for vty line 2 enter line vty 2 When you enter this command the mode changes to line configuration Enables synchronous logging of messages logging synchronous level severity level all limit number of buffers Step 3 Optional level severity level Specifies the message severity level Messages with a severity level equal to Example...

Page 175: ...appearing in the middle of command output The logging synchronous global configuration command also affects the display of messages to the console When this command is enabled messages appear only after you press Return To reenable message logging after it has been disabled use the logging on global configuration command This task is optional SUMMARY STEPS 1 configure terminal 2 no logging console...

Page 176: ...ocaltime show timezone log datetime Enables time stamps on log messages Depending on the options selected the time stamp can Example include the date time in milliseconds relative to the local time zone and the time zone name Device config service timestamps log uptime or Device config service timestamps log datetime Returns to privileged EXEC mode end Example Step 3 Device config end Enabling and...

Page 177: ...config end Defining the Message Severity Level Limit messages displayed to the selected device by specifying the severity level of the message This task is optional SUMMARY STEPS 1 configure terminal 2 logging console level 3 logging monitor level 4 logging trap level 5 end DETAILED STEPS Purpose Command or Action Enters global configuration mode configure terminal Example Step 1 Device configure ...

Page 178: ...nal messages and numerically lower levels Device config logging trap 3 Returns to privileged EXEC mode end Example Step 5 Device config end Limiting Syslog Messages Sent to the History Table and to SNMP This task explains how to limit syslog messages that are sent to the history table and to SNMP This task is optional SUMMARY STEPS 1 configure terminal 2 logging history level 3 logging history siz...

Page 179: ...g daemons no longer accept by default syslog packets from the network If this is the case with your system use the UNIX man syslogd command to decide what options must be added to or removed from the syslog command line to enable logging of remote syslog messages Note Before you begin Log in as root Before you can send system log messages to a UNIX syslog server you must configure the syslog daemo...

Page 180: ...rovisioning Configuration Examples for System Message Logs Example Stacking System Message This example shows a partial switch system message for active stack and a stack member hostname Switch 2 00 00 46 LINK 3 UPDOWN Interface Port channel1 changed state to up 00 00 47 LINK 3 UPDOWN Interface GigabitEthernet1 0 1 changed state to up 00 00 47 LINK 3 UPDOWN Interface GigabitEthernet1 0 2 changed s...

Page 181: ...anged state to up 00 00 47 LINK 3 UPDOWN Interface GigabitEthernet0 2 changed state to up 00 00 48 LINEPROTO 5 UPDOWN Line protocol on Interface Vlan1 changed state to down 00 00 48 LINEPROTO 5 UPDOWN Line protocol on Interface GigabitEthernet0 1 changed state to down 2 Mar 1 18 46 11 SYS 5 CONFIG_I Configured from console by vty2 10 34 195 36 18 47 02 SYS 5 CONFIG_I Configured from console by vty...

Page 182: ...System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 168 Configuring System Message Logs Feature History and Information For System Message Logs ...

Page 183: ... areas Hardware components Interfaces Ethernet ports and so forth Solder joints Online diagnostics are categorized as on demand scheduled or health monitoring diagnostics On demand diagnostics run from the CLI scheduled diagnostics run at user designated intervals or at specified times when the device is connected to a live network and health monitoring runs in the background with user defined int...

Page 184: ... Device diagnostic start switch 2 test basic name Enters the name of the test test id Enters the ID number of the test test id range Enters the range of test IDs by using integers separated by a comma and a hyphen all Starts all of the tests basic Starts the basic test suite complete Starts the complete test suite minimal Starts the minimal bootup test suite non disruptive Starts the nondisruptive...

Page 185: ...e scheduled use these options Example name Name of the test that appears in the show diagnostic content command output Device config diagnostic schedule switch 3 test 1 5 on July 3 2013 23 10 test id ID number of the test that appears in the show diagnostic content command output test id range ID numbers of the tests that appear in the show diagnostic content command output all All test IDs basic ...

Page 186: ...name test id test id range all failure count count 6 diagnostic monitor switchnumber test name test id test id range all 7 end 8 show diagnostic content post result schedule status switch 9 show running config 10 copy running config startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global ...

Page 187: ...old switch number number test name test id test id range all failure count count Step 5 Example When specifying the tests use one of these parameters Device config diagnostic monitor threshold switch 2 test 1 failure count 20 name Name of the test that appears in the show diagnostic content command output test id ID number of the test that appears in the show diagnostic content command output test...

Page 188: ... Step 10 Device copy running config startup config Monitoring and Maintaining Online Diagnostics You can display the online diagnostic tests that are configured for a device or a device stack and check the test results by using the privileged EXEC show commands in this table Table 14 Commands for Diagnostic Test Configuration and Results Purpose Command Displays the online diagnostics configured f...

Page 189: ...ic events such as error information or warning based on the test result show diagnostic events event type module Displays the short description of the results from an individual test or all the tests show diagnostic description module number test name test id all Configuration Examples for Online Diagnostics The following sections provide examples of online diagnostics configurations Examples Star...

Page 190: ...ry exists This example shows how to display the description for a diagnostic test Device show diagnostic description switch 1 test all DiagGoldPktTest The GOLD packet Loopback test verifies the MAC level loopback functionality In this test a GOLD packet for which doppler provides the support in hardware is sent The packet loops back at MAC level and is matched against the stored packet It is a non...

Page 191: ... and requires switch reboot after the test Device The below example is not applicable to the C9500 12Q C9500 16X C9500 24Q C9500 40X models of the Cisco Catalyst 9500 Series Switches This example shows how to display the boot up level Device show diagnostic bootup level Current bootup diagnostic level minimal Device Additional References for Online Diagnostics Related Documents Document Title Rela...

Page 192: ...XE Everest 16 5 1a Support for this feature was introduced only on the C9500 32C C9500 32QC C9500 48Y4C and C9500 24Y4C models of the Cisco Catalyst 9500 Series Switches Online Diagnostics Cisco IOS XE Fuji 16 8 1a Use Cisco Feature Navigator to find information about platform and software image support To access Cisco Feature Navigator go to http www cisco com go cfn System Management Configurati...

Page 193: ...this document are available and function only in certain configuration modes on the device Some of the Cisco IOS configuration commands are only available on certain device platforms and the command syntax may vary on different platforms Information About Managing Configuration Files Types of Configuration Files Configuration files contain the Cisco IOS software commands used to customize the func...

Page 194: ... executing the Configuration Commands in the Startup Configuration File section for more information Configuring from the network allows you to load and execute configuration commands over the network See the Copying a Configuration File from a TFTP Server to the Device section for more information Configuration File Changes Using the CLI The Cisco IOS software accepts one configuration command pe...

Page 195: ...ation file replaces a command in the existing configuration file the existing command is erased For example if the copied configuration file contains a different IP address in a particular command than the existing configuration the IP address in the copied configuration is used However some commands in the existing configuration may not be replaced or negated In this case the resulting configurat...

Page 196: ...r and vice versa You also can enable rcp support to allow users on remote systems to copy files to and from the device To configure the Cisco IOS software to allow remote users to copy files to and from the device use the ip rcmd rcp enable global configuration command Restrictions The RCP protocol requires a client to send a remote username on each RCP request to a server When you copy a configur...

Page 197: ...me as the remote username 4 The device host name For the RCP copy request to execute an account must be defined on the network server for the remote username If the server has a directory structure the configuration file or image is written to or copied from the directory associated with the remote username on the server For example if the system image resides in the home directory of a user on th...

Page 198: ...rname for that copy operation only Copying files through a VRF You can copy files through a VRF interface specified in the copy command Specifying the VRF in the copy command is easier and more efficient as you can directly change the source interface without using a change request for the configuration Example The following example shows how to copy files through a VRF using the copy command Devi...

Page 199: ... not support NVRAM compression Config NOT written to NVRAM Storing the Configuration in Flash Memory on Class A Flash File Systems On class A Flash file system devices you can store the startup configuration in flash memory by setting the CONFIG_FILE environment variable to a file in internal flash memory or flash memory in a PCMCIA slot See the Specifying the CONFIG_FILE Environment Variable on C...

Page 200: ... host configuration files must reside on a network server reachable via TFTP RCP or FTP and must be readable How to Manage Configuration File Information Displaying Configuration File Information To display information about configuration files complete the tasks in this section SUMMARY STEPS 1 enable 2 show boot 3 more file url 4 show running config 5 show startup config DETAILED STEPS Purpose Co...

Page 201: ...not stored in NVRAM or in the active copy of the configuration file comments do not appear when you list the active configuration with the show running config or more system running config EXEC commands Comments do not display when you list the startup configuration with the show startup config or more nvram startup config EXEC mode commands Comments are stripped out of the configuration file when...

Page 202: ...ise On most platforms this command saves the configuration to NVRAM On the Class A Flash file system platforms this step saves the configuration to the location specified by the CONFIG_FILE environment variable the default CONFIG_FILE variable specifies that the file should be saved to NVRAM Examples In the following example the device prompt name of the device is configured The comment line indic...

Page 203: ...irectory filename 3 copy nvram startup config tftp location directory filename DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Copies the running configuration file to a TFTP server copy system running config tftp location directory filename Step 2 Example Device copy system running config tftp server1 topdir...

Page 204: ...nable 2 configure terminal 3 ip rcmd remote username username 4 end 5 Do one of the following copy system running config rcp username location directory filename copy nvram startup config rcp username location directory filename DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode ...

Page 205: ...file runfile2 confg on host 172 16 101 101 confirm Building configuration OK Connected to 172 16 101 101 Device Storing a Startup Configuration File on an RCP Server The following example shows how to store a startup configuration file on a server by using RCP to copy the file Device configure terminal Device config ip rcmd remote username netadmin2 Device config end Device copy nvram startup conf...

Page 206: ...mple Enter your password if prompted Device enable Enters global configuration mode on the device configure terminal Example Step 2 Device configure terminal Optional Specifies the default remote username ip ftp username username Example Step 3 Device config ip ftp username NetAdmin1 Optional Specifies the default password ip ftp password password Example Step 4 Device config ip ftp password admin...

Page 207: ...ding configuration OK Connected to 172 16 101 101 Device Storing a Startup Configuration File on an FTP Server The following example shows how to store a startup configuration file on a server by using FTP to copy the file Device configure terminal Device config ip ftp username netadmin2 Device config ip ftp password mypass Device config end Device copy nvram startup config ftp Remote host 172 16 ...

Page 208: ...r10 datasource system running config Copies a configuration file from a TFTP server to the startup configuration copy tftp location directory filename nvram startup config Example Step 3 Device copy tftp server1 dir10 datasource nvram startup config Copies a configuration file from a TFTP server to the startup configuration copy tftp location directory filename flash n directory startup config Exa...

Page 209: ...location directory filename system running config copy rcp username location directory filename nvram startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Optional Enters configuration mode from the terminal This step is required only if you override the default remote username see Step 3 configure ...

Page 210: ...llowing example specifies a remote username of netadmin1 Then it copies the configuration file named host2 confg from the netadmin1 directory on the remote server with an IP address of 172 16 101 101 to the startup configuration device configure terminal device config ip rcmd remote username netadmin1 device config end device copy rcp nvram startup config Address of remote host 255 255 255 255 172...

Page 211: ...lt remote username or password see Steps 3 and 4 configure terminal Example Device configure terminal Step 2 Optional Specifies the default remote username ip ftp username username Example Step 3 Device config ip ftp username NetAdmin1 Optional Specifies the default password ip ftp password password Example Step 4 Device config ip ftp password adminpassword Optional Exits global configuration mode...

Page 212: ...e startup configuration device configure terminal device config ip ftp username netadmin1 device config ip ftp password mypass device config end device copy ftp nvram startup config Address of remote host 255 255 255 255 172 16 101 101 Name of configuration file host1 confg host2 confg Configure using host2 confg from 172 16 101 101 confirm Connected to 172 16 101 101 Loading 1112 byte file host2 ...

Page 213: ...tep 2 Device configure terminal Specifies that the configuration file be compressed service compress config Example Step 3 Device config service compress config Exits global configuration mode end Example Step 4 Device config end Enters the new configuration Do one of the following Step 5 Use FTP RCP or TFTP to copy the new configuration If you try to load a configuration that is more than three t...

Page 214: ...configuration from 129648 bytes to 11077 bytes OK Storing the Configuration in Flash Memory on Class A Flash File Systems To store the startup configuration in flash memory complete the tasks in this section SUMMARY STEPS 1 enable 2 copy nvram startup config flash filesystem filename 3 configure terminal 4 boot config flash filesystem filename 5 end 6 Do one of the following Use FTP RCP or TFTP to...

Page 215: ...g usbflash0 switch config Exits global configuration mode end Example Step 5 Device config end Enters the new configuration Do one of the following Step 6 Use FTP RCP or TFTP to copy the new configuration If you try to load a configuration that is more than three times larger than the NVRAM size the following error message is displayed buffer overflow file size buffer size bytes configure terminal...

Page 216: ...assword location directory filename rcp username location directory filename tftp location directory filename 5 service config 6 end 7 copy system running config nvram startup config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Saves the running configuration to an FTP RCP or TFTP server copy system runnin...

Page 217: ...7 Device copy system running config nvram startup config Copying Configuration Files from Flash Memory to the Startup or Running Configuration To copy a configuration file from flash memory directly to your startup configuration in NVRAM or your running configuration enter one of the commands in Step 2 SUMMARY STEPS 1 enable 2 Do one of the following copy filesystem partition number filename nvram...

Page 218: ... systems you can copy files from one flash memory file system such as internal flash memory to another flash memory file system Copying files to different flash memory file systems lets you create backup copies of working configurations and duplicate configurations for other devices To copy a configuration file between flash memory file systems use the following commands in EXEC mode SUMMARY STEPS...

Page 219: ...1 3142748 dirt network mars test c3600 j mz latest 2 850 running config 3143728 bytes used 1050576 available 4194304 total usbflash0 flash directory File Length Name status 1 1711088 dirt gate c3600 i mz 2 850 running config 1712068 bytes used 2482236 available 4194304 total Source file name running config Destination file name running config Verifying checksum for running config file 2 OK Erase f...

Page 220: ...rd password Example Step 4 Device config ip ftp password adminpassword Optional Exits configuration mode This step is required only if you override the default remote username see Steps 3 and 4 end Example Device config end Step 5 Copies the configuration file from a network server to the flash memory device using FTP copy ftp location directory bundle_name flash Example Step 6 Device copy ftp cat...

Page 221: ...mote username Admin01 Optional Exits configuration mode This step is required only if you override the default remote username or password see Step 3 end Example Device config end Step 4 Copies the configuration file from a network server to the flash memory device using RCP Respond to any device copy rcp username location directory bundle_name flash Step 5 prompts for additional information or co...

Page 222: ...P 1 5 0 1 2 0 2 E Z P b i n flash Examples The following example shows the copying of the configuration file named switch config from a TFTP server to the flash memory card inserted in usbflash0 The copied file is renamed new config Device copy tftp switch config usbflash0 new config Re executing the Configuration Commands in the Startup Configuration File To re execute the commands located in the...

Page 223: ...tforms except the Class A Flash file system platforms this command erases NVRAM The startup configuration file cannot be restored once it has been deleted On Class A Flash file system platforms when you use the erase startup config EXEC command the device erases or deletes the configuration pointed to by the CONFIG_FILE environment variable If this variable points to NVRAM the device erases NVRAM ...

Page 224: ...tion file specified by the CONFIG_FILE environment variable the system prompts you to confirm the deletion Note Device delete usbflash0 myconfig Specifying the CONFIG_FILE Environment Variable on Class A Flash File Systems On Class A flash file systems you can configure the Cisco IOS software to load the startup configuration file specified by the CONFIG_FILE environment variable The CONFIG_FILE v...

Page 225: ...p 4 Device config boot config 172 16 1 1 Exits global configuration mode end Example Step 5 Device config end Saves the configuration performed in Step 3 to the startup configuration copy system running config nvram startup config Example Step 6 Device copy system running config nvram startup config Optional Allows you to verify the contents of the CONFIG_FILE environment variable show boot Exampl...

Page 226: ...n and proceeds with overwriting the existing distilled configuration file in NVRAM If you specify a file in a flash device as the CONFIG_FILE environment variable every time you save your configuration file with the copy system running config nvram startup config command the old configuration file is marked as deleted and the new configuration file is saved to that device Eventually Flash memory f...

Page 227: ...gure terminal Specifies the network configuration file to download at startup and the protocol to be used TFTP RCP or FTP boot network ftp username password location directory filename rcp username location Step 3 directory filename tftp location directory filename If you do not specify a network configuration filename the Cisco IOS software uses the default filename Example network confg If you o...

Page 228: ...ction Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Specifies the host configuration file to download at startup and the protocol to be used FTP RCP or TFTP boot host ftp username password location directory filename rcp username location Step 3 directory ...

Page 229: ...tem running config nvram startup config Example In the following example a device is configured to download the host configuration file named hostfile1 and the network configuration file named networkfile1 The device uses TFTP and the broadcast address to obtain the file Device configure terminal Device config boot host tftp hostfile1 Device config boot network tftp networkfile1 Device config serv...

Page 230: ...dels of the Cisco Catalyst 9500 Series Switches Managing Configuration Files Cisco IOS XE Everest 16 5 1a Support for this feature was introduced only on the C9500 32C C9500 32QC C9500 48Y4C and C9500 24Y4C models of the Cisco Catalyst 9500 Series Switches Managing Configuration Files Cisco IOS XE Fuji 16 8 1a Use Cisco Feature Navigator to find information about platform and software image suppor...

Page 231: ...iguration Rollback feature must comply with standard Cisco software configuration file indentation rules as follows Start all commands on a new line with no indentation unless the command is within a configuration submode Indent commands within a first level configuration submode one space Indent commands within a second level configuration submode two spaces Indent commands within subsequent subm...

Page 232: ...ded by the configure replace command Before this feature was introduced you could save copies of the running configuration using the copy running config destination url command storing the replacement file either locally or remotely However this method lacked any automated file management On the other hand the Configuration Replace and Configuration Rollback feature provides the capability to auto...

Page 233: ...EC command the following major differences should be noted The copy source url running config command is a merge operation and preserves all of the commands from both the source file and the current running configuration This command does not remove commands from the current running configuration that are not present in the source file In contrast the configure replace target url command removes c...

Page 234: ...use you can specify any saved Cisco IOS configuration file as the replacement configuration you are not limited to a fixed number of rollbacks as is the case in some rollback models Configuration Rollback Confirmed Change The Configuration Rollback Confirmed Change feature allows configuration changes to be performed with an optional requirement that they be confirmed If this confirmation is not r...

Page 235: ...STEPS 1 enable 2 configure terminal 3 archive 4 path url 5 maximum number 6 time period minutes 7 end 8 archive config DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Enters global configuration mode configure terminal Example Step 2 Device configure terminal Enters archive configuration mode archive Example ...

Page 236: ... Cisco IOS configuration archive Note Optional Sets the time increment for automatically saving an archive file of the current running configuration in the Cisco IOS configuration archive time period minutes Example Device config archive time period 1440 Step 6 The minutes argument specifies how often in minutes to automatically save an archive file of the current running configuration in the Cisc...

Page 237: ...r error timer minutes time minutes Step 2 The target url argument is a URL accessible by the Cisco IOS file system of the saved Cisco IOS Example configuration file that is to replace the current running Device configure replace flash startup config time 120 configuration such as the configuration file created using the archive config command The list keyword displays a list of the command lines a...

Page 238: ...set parameters for the timed configure revert now timer minutes idle minutes Step 3 rollback use the configure revertcommand in privileged EXEC mode Example Device configure revert now now Triggers the rollback immediately timer Resets the configuration revert timer Use the minutes argument with the timer keyword to specify a new revert time in minutes Use the idle keyword along with a time in min...

Page 239: ...rchive There are currently 1 archive configurations saved The next archive file will be named flash myconfiguration 2 Archive Name 0 1 flash myconfiguration 1 Most Recent 2 3 4 5 6 7 8 9 10 11 12 13 14 The following is sample output from the show archive command after several archive files of the running configuration have been saved In this example the maximum number of archive files to be saved ...

Page 240: ...e replace flash myconfiguration force Timing Debug Statistics for IOS Config Replace operation Time to read file usbflash0 sample_2 cfg 0 msec 0 sec Number of lines read 55 Size of file 1054 Starting Pass 1 Time to read file system running config 0 msec 0 sec Number of lines read 93 Size of file 2539 Time taken for positive rollback pass 320 msec 0 sec Time taken for negative rollback pass 0 msec ...

Page 241: ...eration Device configure replace flash myconfiguration This will apply all necessary additions and deletions to replace the current running configuration with the contents of the specified configuration file which is assumed to be a complete configuration not a partial configuration Enter Y if you are sure you want to proceed no Y Total number of passes 1 Rollback Done In the following example the...

Page 242: ...flash startup config time 120 This will apply all necessary additions and deletions to replace the current running configuration with the contents of the specified configuration file which is assumed to be a complete configuration not a partial configuration Enter Y if you are sure you want to proceed no Y Total number of passes 1 Rollback Done Device configure confirm The following example shows ...

Page 243: ...acement file The configure replace command is then used to revert to the replacement configuration file as shown in the following example Device show archive There are currently 1 archive configurations saved The next archive file will be named flash myconfiguration 2 Archive Name 0 1 flash myconfiguration 1 Most Recent 2 3 4 5 6 7 8 9 10 Device configure replace flash myconfiguration 1 Total numb...

Page 244: ...Configuration Rollback Cisco IOS XE Everest 16 5 1a Support for this feature was introduced only on the C9500 32C C9500 32QC C9500 48Y4C and C9500 24Y4C models of the Cisco Catalyst 9500 Series Switches Configuration Replace and Configuration Rollback Cisco IOS XE Fuji 16 8 1a Use Cisco Feature Navigator to find information about platform and software image support To access Cisco Feature Navigato...

Page 245: ... or a security resolution to a released image An SMU package is provided on a per release and per component basis and is specific to the platform An SMU provides a significant benefit over classic IOS software as it allows you to address the network issue quickly while reducing the time and scope of the testing required The Cisco IOS XE platform internally validates the SMU compatibility and does ...

Page 246: ...s can be non traffic affecting or can result in device restart reload or switchover All SMUs require a cold reload of the system during activation A cold reload is the complete reload of the operating system This action affects the traffic flow for the duration of the reload 5 min currently This reload ensures that all processes are started with the correct libraries and files that are installed a...

Page 247: ...Example Step 3 For a restartable package the command triggers the appropriate post install scripts to restart the necessary Device install activate file flash cat9k_iosxe 2017 01 10_13 15 1 CSCxxxxxxx SSA dmp bin processes and for non restartable packages it triggers a reload Commits the activation changes to be persistent across reloads install commit Example Step 4 The commit can be done after a...

Page 248: ...at9k_lite_iosxe xx xx xx CSCxxxxxxx SSA dmp bin Accessing tftp 172 19 1 250 auto tftpboot folder1 cat9k_lite_iosxe xx xx xx CSCxxxxxxx SSA dmp bin Loading auto tftpboot folder1 cat9k_lite_iosxe xx xx xx CSCxxxxxxx SSA dmp bin from 172 19 1 250 via GigabitEthernet0 OK 17668 bytes 17668 bytes copied in 0 058 secs 304621 bytes sec The following is sample output from the show install summary command D...

Page 249: ... 873 R0 0 PMAN 5 EXITACTION Process manager is exiting reload action requested Initializing Hardware Checking for PCIe device presence done System integrity status 0x610 Rom image verified correctly after reload Device The following sample output from the show version command Device show version Cisco IOS XE Software Version BLD_POLARIS_DEV_SMU_LATEST_20170110_13 15 1 SMU PATCHED Cisco IOS Softwar...

Page 250: ...tive Packages No packages Committed Packages flash cat9k universalk9 2017 01 10_13 15 1 CSCxxx SSA dmp bin Uncommitted Packages No packages Device The following example shows how to rollback an update package to the committed package Device install rollback to base install_rollback START Sat Feb 26 11 27 41 PST 2017 This rollback would require a reload Do you want to proceed y n y 2 install_rollba...

Page 251: ...nstall summary Active Packages No packages Inactive Packages flash cat9k universalk9 2017 01 10_13 15 1 CSCxxxxxxx SSA dmp bin Committed Packages No packages Uncommitted Packages No packages Device The following example shows how to remove an SMU from the device Device install remove file flash cat9k universalk9 2017 01 10_13 15 1 CSCxxxxxxx SSA dmp bin install_remove START Sat Feb 26 12 09 43 PST...

Page 252: ...t and Cisco software image support To access Cisco Feature Navigator go to www cisco com go cfn An account on Cisco com is not required Table 15 Feature Information for Software Maintenance Upgrade Modification Release This feature was introduced The SMU is a package that can be installed on a system in order to provide a patch fix or a security resolution to a released image The following command...

Page 253: ... the end of this module Use Cisco Feature Navigator to find information about platform support and Cisco software image support To access Cisco Feature Navigator go to http www cisco com go cfn An account on Cisco com is not required Information About the Flash File System The flash file system is a single flash device on which you can store files It also provides several commands to help you mana...

Page 254: ...twork rw https opaque ro cns Device show file systems File Systems Size b Free b Type Flags Prefixes opaque rw system opaque rw tmpsys 11250098176 9694093312 disk rw bootflash flash 1651314688 1232220160 disk rw crashinfo 118148280320 112084115456 disk rw disk0 189628416 145387520 disk rw usbflash0 7763918848 7696850944 disk ro webui opaque rw null opaque ro tar network rw tftp 33554432 33532852 n...

Page 255: ...ps Secure HTTP server nvram NVRAM null Null destination for copies You can copy a remote file to null to find its size rcp Remote Copy Protocol RCP server scp Session Control Protocol SCP server system Contains the system memory including the running configuration tftp TFTP network server usbflash0 USB flash memory ymodem Obtain the file from a network machine by using the Ymodem protocol Prefixes...

Page 256: ...ternal representations of open files You can use this command to see if another user has a file open show file descriptors For example to display a list of all files in a file system use the dir privileged EXEC command Device dir flash DDirectory of bootflash 616513 drwx 4096 Jul 15 2015 07 11 35 00 00 installer 608402 rw 33818 Sep 25 2015 11 41 35 00 00 bootloader_evt_handle log 608403 drwx 4096 ...

Page 257: ...ry SUMMARY STEPS 1 enable 2 dir filesystem 3 cd directory_name 4 pwd 5 cd DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Displays the directories on the specified file system dir filesystem Step 2 Example For filesystem use flash for the system board flash device Device dir flash Navigates to the specified d...

Page 258: ... dir filesystem Example Step 3 Device dir flash Removing Directories To remove a directory with all its files and subdirectories use the delete force recursive filesystem file url privileged EXEC command Use the recursive keyword to delete the named directory and all subdirectories and the files contained in it Use the force keyword to suppress the prompting that confirms a deletion of each file i...

Page 259: ...e password must not contain the special character If the character is used the copy fails to parse the IP address of the server Note Local writable file systems include flash Some invalid combinations of source and destination exist Specifically you cannot copy these combinations From a running configuration to a running configuration From a startup configuration to a startup configuration From a ...

Page 260: ... that confirms a deletion of each file in the directory You are prompted only once at the beginning of this deletion process Use the force and recursive keywords for deleting old software images that were installed by using the archive download sw command but are no longer needed If you omit the filesystem option the device uses the default device specified by the cd command For file url you speci...

Page 261: ...w file If none are specified all files and directories at this level are written to the newly created file Displays the contents of a file archive tar table source url Step 2 Example For source url specify the source URL alias for the local or network file system The filename is the file to display These options are supported Device archive tar table flash new_configs Local flash file system synta...

Page 262: ...o be extracted If none are specified all files and directories are extracted Displays the contents of any readable file including a file on a remote file system more ascii binary ebcdic file url Example Step 4 Device more flash new configs Additional References for Flash File System Related Documents Document Title Related Topic Cisco IOS Configuration Fundamentals Command Reference Commands for m...

Page 263: ... File System Cisco IOS XE Everest 16 5 1a Support for this feature was introduced only on the C9500 32C C9500 32QC C9500 48Y4C and C9500 24Y4C models of the Cisco Catalyst 9500 Series Switches Flash File System Cisco IOS XE Fuji 16 8 1a Use Cisco Feature Navigator to find information about platform and software image support To access Cisco Feature Navigator go to http www cisco com go cfn System ...

Page 264: ...System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 250 Working with the Flash File System Feature History for Flash File System ...

Page 265: ...nce unique encryption key is stored in the hardware trust anchor to prevent it from being compromised By default this feature is enabled on devices that come with a hardware trust anchor This feature is not supported on devices that do not have hardware trust anchor Enabling Secure Storage Before you begin By default this feature is enabled Perform this procedure only after disabling secure storag...

Page 266: ...s task SUMMARY STEPS 1 configure terminal 2 no service private config encryption 3 end 4 write memory DETAILED STEPS Purpose Command or Action Enters the global configuration mode configure terminal Example Step 1 Device configure terminal Disables the Secure Storage feature on your device When secure storage is disabled all the user data is stored in plain text in the NVRAM no service private con...

Page 267: ...ge feature allows you to secure critical configuration information by encrypting it It encrypts asymmetric key pairs pre shared secrets the type 6 password encryption key and certain credentials An instance unique encryption key is stored in the hardware trust anchor to prevent it from being compromised Support for this feature was introduced only on the C9500 12Q C9500 16X C9500 24Q C9500 40X mod...

Page 268: ...System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 254 Configuring Secure Storage Feature Information for Secure Storage ...

Page 269: ... process Restrictions for Performing a Factory Reset Software patches if installed on the device will not be restored after the factory reset process If the factory reset command is issued through a VTY session the session is not restored after completion of the factory reset process Factory reset is supported only in standalone mode and not in stacking mode For modular chassis devices configured ...

Page 270: ...he device to factory configuration and then reconfigure the device The device reloads to perform factory reset which results in the switch entering the ROMMON mode After a factory reset the device clears all its environment variables including the MAC_ADDRESS and the SERIAL_NUMBER which are required to locate and load the software Perform a reset in ROMMON mode to automatically set the environment...

Page 271: ...d boot variables After the factory reset process is successfully completed the device reboots and enters ROMmon mode Feature History and Information for Factory Reset Feature Information Release This feature was introduced Cisco IOS XE Fuji 16 8 1a Performing a factory reset erases contents of removable storage devices such as SATA SSD or USB Cisco IOS XE Gibraltar 16 12 1 System Management Config...

Page 272: ...System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 258 Performing Factory Reset Feature History and Information for Factory Reset ...

Page 273: ...es in which each feature is supported see the feature information table at the end of this module Use Cisco Feature Navigator to find information about platform support and Cisco software image support To access Cisco Feature Navigator go to http www cisco com go cfn An account on Cisco com is not required Introduction to Conditional Debugging The Conditional Debugging feature allows you to select...

Page 274: ...tional Debugging enable us to have a single debug CLI to debug all execution contexts related to the condition This can be done without being aware of the various control flow processes of the feature within the box and without having to issue debugs at these processes individually Location of Tracefiles By default the tracefile logs will be generated for each process and saved into either the tmp...

Page 275: ...m condition all DETAILED STEPS Purpose Command or Action Enables privileged EXEC mode enable Step 1 Example Enter your password if prompted Device enable Configures conditional debugging for the MAC Address specified debug platform condition mac mac address Example Step 2 Device debug platform condition mac bc16 6509 3314 Starts conditional debugging this will start radioactive tracing if there is...

Page 276: ...ddition to linux shell Generates a file with merged logs Displays merged logs only from staging area Note Clears all conditions clear platform condition all Example Step 8 Device clear platform condition all What to do next The commands request platform software trace filter binary and show platform software trace filter binary work in a similar way The only difference is Note request platform sof...

Page 277: ...opying tracefiles off the box An example of the tracefile is shown below Device dir crashinfo tracelogs Directory of crashinfo tracelogs 50664 rwx 760 Sep 22 2015 11 12 21 00 00 plogd_F0 0 bin_0 gz 50603 rwx 991 Sep 22 2015 11 12 08 00 00 fed_pmanlog_F0 0 bin_0 9558 20150922111208 gz 50610 rw 11 Nov 2 2015 00 15 59 00 00 timestamp 50611 rwx 1443 Sep 22 2015 11 11 31 00 00 auto_upgrade_client_sh_pm...

Page 278: ...below lists the various commands that can be used to monitor conditional debugging Purpose Command Displays the current conditions set show platform condition Displays the current debug conditions set show debug Displays logs merged from the latest tracefile show platform software trace filter binary Displays historical logs of merged tracefiles on the system request platform software trace filter...

Page 279: ...eleases subsequent to the one they were introduced in unless noted otherwise Feature Information Feature Release The Conditional Debugging feature allows you to selectively enable debugging and logging for specific features based on the set of conditions you define Support for this feature was introduced only on the C9500 12Q C9500 16X C9500 24Q C9500 40X models of the Cisco Catalyst 9500 Series S...

Page 280: ...image support To access Cisco Feature Navigator go to http www cisco com go cfn System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 266 Conditional Debug and Radioactive Tracing Feature History for Conditional Debugging and Radioactive Tracing ...

Page 281: ...are can be corrupted during an upgrade by downloading the incorrect file to the switch and by deleting the image file In all of these cases the switch does not pass the power on self test POST and there is no connectivity Follow the steps described in the Recovering from a Software Failure on page 274 section to recover from a software failure Lost or Forgotten Password on a Device The default con...

Page 282: ...feature allows the switch to identify the physical path that a packet takes from a source device to a destination device Layer 2 traceroute supports only unicast source and destination MAC addresses Traceroute finds the path by using the MAC address tables of the devices in the path When the Device detects a device in the path that does not support Layer 2 traceroute the Device continues to send L...

Page 283: ...er 2 traceroute feature is not supported When more than one CDP neighbor is detected on a port the Layer 2 path is not identified and an error message appears This feature is not supported in Token Ring VLANs Layer 2 traceroute opens a listening socket on the User Datagram Protocol UDP port 2228 that can be accessed remotely with any IPv4 address and does not require any authentication This UDP so...

Page 284: ...ion port Go to Example Performing a Traceroute to an IP Host on page 294 to see an example of IP traceroute process Debug Commands Because debugging output is assigned high priority in the CPU process it can render the system unusable For this reason use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff It is best to use deb...

Page 285: ...crashinfo directory Ifit cannot be saved to the crashinfo partition for lack of space then it will be saved to the flash directory To display the files enter the dir crashinfo command The following is sample output of a crashinfo directory Switch dir crashinfo Directory of crashinfo 23665 drwx 86016 Jun 9 2017 07 47 51 07 00 tracelogs 11 rw 0 May 26 2017 15 32 44 07 00 koops dat 12 rw 4782675 May ...

Page 286: ...or crashinfo directory once they are copied out in order to have space available for tracelogs and other purposes Note In a complex network it is difficult to track the origin of a system report file This task is made easier if the system report files are uniquely identifiable Starting with the Cisco IOS XE Amsterdam 17 3 x release the hostname will be prepended to the system report file name maki...

Page 287: ...gure it by using Network Time Protocol NTP When the device is running you can retrieve the OBFL data by using the show logging onboard privileged EXEC commands If the device fails contact your Cisco technical support representative to find out how to retrieve the data When an OBFL enabled device is restarted there is a 10 minute delay before logging of new data begins Fan Failures By default the f...

Page 288: ...e terminal to match the the default rate of 9600 bits per second bps of the switch console port If the baud rate is set to a value other than 9600 bps access to the console will be lost until the speed is set back to the dafault Step 1 From your PC download the software image file image bin from Cisco com Step 2 Load the software image to your TFTP server Step 3 Connect your PC to the switch Ether...

Page 289: ...Restricted Rights clause at FAR sec 52 227 19 and subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause at DFARS sec 252 227 7013 cisco Systems Inc 170 West Tasman Drive San Jose California 95134 1706 Cisco IOS Software Everest Catalyst L3 Switch Software CAT9K_IOSXE Version 16 6 1 RELEASE SOFTWARE fc2 Copyright c 1986 2017 by Cisco Systems Inc Compiled Thu 24 Aug 17 13 ...

Page 290: ...it Ethernet interfaces 16 Ten Gigabit Ethernet interfaces 4 Forty Gigabit Ethernet interfaces 32768K bytes of non volatile configuration memory 15958516K bytes of physical memory 11161600K bytes of Bootflash at bootflash 1638400K bytes of Crash Files at crashinfo 0K bytes of WebUI ODM Files at webui INIT waited 0 seconds for NVRAM to be available Press RETURN to get started Install the software fr...

Page 291: ...espbase 16 05 01a SPA pkg is Digitally Signed Package cat9k guestshell 16 05 01a SPA pkg temp stage cat9k guestshell 16 05 01a SPA pkg is Digitally Signed Package cat9k rpbase 16 05 01a SPA pkg temp stage cat9k rpbase 16 05 01a SPA pkg is Digitally Signed Package cat9k sipbase 16 05 01a SPA pkg temp stage cat9k sipbase 16 05 01a SPA pkg is Digitally Signed Package cat9k sipspa 16 05 01a SPA pkg te...

Page 292: ...o Catalyst 9500 Series Switches reconnect the power cord to the switch or the active switchAs soon as the System LED blinks press and release the Mode button 2 3 times The switch enters the ROMMON mode 5 After recovering the password reload the switch or the active switch DETAILED STEPS Step 1 Connect a terminal or PC to the switch Connect a terminal or a PC with terminal emulation software to the...

Page 293: ...Image Last reset cause PowerOn C9500 48Y4C platform with 16777216 Kbytes of main memory Preparing to autoboot Press Ctrl C to interrupt Break sequence to be pressed to get to rommon Proceed to the Procedure with Password Recovery Enabled section and follow the steps Step 5 After recovering the password reload the switch or the active switch On a switch Switch reload Proceed with reload confirm y P...

Page 294: ...d Step 7 Return to privileged EXEC mode Device config exit Device Step 8 Write the running configuration to the startup configuration file Device copy running config startup config Step 9 Confirm that manual boot mode is enabled Device show boot BOOT variable flash packages conf Manual Boot yes Enable Break yes Step 10 Reload the device Device reload Step 11 Set the SWITCH_IGNORE_STARTUP_CFG param...

Page 295: ...igurations We recommend that you contact your system administrator to verify if there are backup device and VLAN configuration files Caution If you enter y yes the configuration file in flash memory and the VLAN database file are deleted When the default configuration loads you can reset the password Step 1 Choose to continue with password recovery and delete the existing configuration Would you l...

Page 296: ...ation to the startup configuration file Device copy running config startup config The new password is now in the startup configuration Step 9 You must now reconfigure the device If the system administrator has the backup device and VLAN configuration files available you should use those Preventing Switch Stack Problems To prevent switch stack problems you should do the following Make sure that the...

Page 297: ...created switch stacks To recover from a partitioned switch stack follow these steps 1 Power off the newly created switch stacks 2 Reconnect them to the original switch stack through their StackWise Plus ports 3 Power on the device For the commands that you can use to monitor the switch stack and its members see the Displaying Switch Stack Information section Preventing Autonegotiation Mismatches T...

Page 298: ...e OBFL use the no hw module slot module number logging onboard application name global configuration command To clear all the OBFL data in the flash memory except for the uptime and CLI command information use the clear onboard switch switch number privileged EXEC command The following applies to the C9500 12Q C9500 16X C9500 24Q C9500 40X models of the Cisco Catalyst 9500 Series Switches To disab...

Page 299: ...tate and retries the operation For more information about the errdisable recovery command see the command reference for this release If the module is identified as a Cisco SFP module but the system is unable to read vendor data information to verify its accuracy an SFP module error message is generated In this case you should remove and reinsert the SFP module If it continues to fail the SFP modul...

Page 300: ...estination IP address or hostname tracetroute mac ip source ip address source hostname destination ip address destination hostname detail Executing IP Traceroute Though other protocol keywords are available with the traceroute privileged EXEC command they are not supported in this release Note Purpose Command Traces the path that packets take through the network traceroute ip host Device tracerout...

Page 301: ... debug command is entered in privileged EXEC mode This command displays all debug options available on the switch To view all conditional debug options run the command show debug condition The commands can be listed by selecting either a condition identifier 1 1000 or all conditions To disable debugging use the no debug all command Because debugging output is assigned high priority in the CPU proc...

Page 302: ... restarted show logging onboard RP active uptime continuous detail summary Device show logging onboard RP active uptime Displays the system voltages of a module show logging onboard RP active voltage continuous detail summary Device show logging onboard RP active voltage Displays the status of each OBFL application of a module show logging onboard RP active status continuous detail summary Device ...

Page 303: ... or the specified stack members show onboard switch switch number status Device show onboard switch 1 status Example Verifying the Problem and Cause for High CPU Utilization To determine if high CPU utilization is a problem enter the show processes cpu sorted privileged EXEC command Note the underlined information in the first line of the output example Device show processes cpu sorted CPU utiliza...

Page 304: ...tal CPU utilization value Identify the unusual event and troubleshoot the root cause See the section on Debugging Active Processes One or more Cisco IOS process is consuming too much CPU time This is usually triggered by an event that activated the process Total CPU utilization is greater than 50 with minimal time spent on interrupts System Management Configuration Guide Cisco IOS XE Fuji 16 8 x C...

Page 305: ...th crossover one Note Verify that the total cable length from the switch front panel to the powered device is not more than 100 meters Disconnect the Ethernet cable from the switch port Use a short Ethernet cable to connect a known good Ethernet device directly to this port on the switch front panel not on a patch panel Verify that it can establish an Ethernet link and exchange traffic with anothe...

Page 306: ...device to this port and verify that it powers on If the device powers on verify that all intermediate patch panels are correctly connected Disconnect all but one of the Ethernet cables from switch ports Using a short patch cord connect a powered device to only one PoE port Verify the powered device does not require more power than can be delivered by the switch port Use the show power inline privi...

Page 307: ... reloads or disconnects from PoE Use the show power inline command to verify that the switch power budget available PoE is not depleted before or after the powered device is connected Verify that sufficient power is available for the powered device type before you connect it Use the show interface status command to verify that the switch detects the connected powered device Use the show log comman...

Page 308: ...w to perform a traceroute to an IP host Device traceroute ip 192 0 2 10 Type escape sequence to abort Tracing the route to 192 0 2 10 1 192 0 2 1 0 msec 0 msec 4 msec 2 192 0 2 203 12 msec 8 msec 0 msec 3 192 0 2 100 4 msec 0 msec 0 msec 4 192 0 2 10 0 msec 4 msec 0 msec The display shows the hop count the IP address of the router and the round trip time in milliseconds for each of the three probe...

Page 309: ...s introduced only on the C9500 12Q C9500 16X C9500 24Q C9500 40X models of the Cisco Catalyst 9500 Series Switches Troubleshooting Software Configuration Cisco IOS XE Everest 16 5 1a Support for this feature was introduced only on the C9500 32C C9500 32QC C9500 48Y4C and C9500 24Y4C models of the Cisco Catalyst 9500 Series Switches Troubleshooting Software Configuration Cisco IOS XE Fuji 16 8 1a T...

Page 310: ...System Management Configuration Guide Cisco IOS XE Fuji 16 8 x Catalyst 9500 Switches 296 Troubleshooting the Software Configuration Feature History for Troubleshooting Software Configuration ...

Reviews:

No comments

Related manuals for Catalyst 9500 Series

Datavideo SE-1000 Reference Manual preview
SE-1000
Brand: Datavideo Pages: 4
Datavideo SE-1200MU Quick Start Manual preview
SE-1200MU
Brand: Datavideo Pages: 66
Lantronix SM12XPA Install Manual preview
SM12XPA
Brand: Lantronix Pages: 40
Lantronix SM12XPA Quick Start Manual preview
SM12XPA
Brand: Lantronix Pages: 2
Lantronix SISTP1040-551-LRT Quick Start Manual preview
SISTP1040-551-LRT
Brand: Lantronix Pages: 2
Lantronix SM24TBT2DPA Quick Start Manual preview
SM24TBT2DPA
Brand: Lantronix Pages: 2
Lantronix SISPM1040-3 L Series Quick Start Manual preview
SISPM1040-3 L Series
Brand: Lantronix Pages: 2
Lantronix SISPM1040 L3 Series Install Manual preview
SISPM1040 L3 Series
Brand: Lantronix Pages: 36
Lantronix SecureLinx Spider Quick Start Manual preview
SecureLinx Spider
Brand: Lantronix Pages: 18
Lantronix LSS2200-8P User Manual preview
LSS2200-8P
Brand: Lantronix Pages: 8
Lantronix EDS4100 Quick Start Manual preview
EDS4100
Brand: Lantronix Pages: 6
Lantronix SISPM1040-582-LRT Manual preview
SISPM1040-582-LRT
Brand: Lantronix Pages: 272
Lantronix Xpress-Pro SW 52000 Supplementary Manual preview
Xpress-Pro SW 52000
Brand: Lantronix Pages: 8
Aube Technologies TI034-3W Installation And User Manual preview
TI034-3W
Brand: Aube Technologies Pages: 118
HMS Networks Anybus SP2555 Startup Manual preview
Anybus SP2555
Brand: HMS Networks Pages: 16
WoMaster DS105 Quick Installation Manual preview
DS105
Brand: WoMaster Pages: 2
DAB ESC plus 3M Instruction For Installation And Maintenance preview
ESC plus 3M
Brand: DAB Pages: 56
DLS DLS 400A Operating Manual preview
DLS 400A
Brand: DLS Pages: 226

Brands by name

Popular brands

Load more brands