#

Thursday, November 23, 2017

VSS Related Configuration of Cisco Catalyst 6500 Series Switches

Here are the essential steps to configure Virtual Switching System (VSS) of a Cisco Catalyst 6509 switch. Here in my setup I have 2 6509 switches with 720 Supervisor Engines, one per each chassis. In this setup, only 1 Supervisor engine will be active and the other will stay standby.
















STEP1: Assigning Virtual Switch Domain & Switch Numbers

Domain name must be same on both the switches.

ADM-6509-VSS(config)#switch virtual domain 100
ADM-6509-VSS(config-vs-domain)#switch 1
ADM-6509-VSS(config-vs-domain)#switch 1 priority 110
ADM-6509-VSS(config-vs-domain)#switch 2 priority 100

ADM-6509-VSS-2(config)#switch virtual domain 100
ADM-6509-VSS-2(config-vs-domain)#switch 2
ADM-6509-VSS-2(config-vs-domain)#switch 1 priority 110
ADM-6509-VSS-2(config-vs-domain)#switch 2 priority 100

Highest priority value switch will be the priority. If the priority is not configured, the lowest switch number will be the active switch..

STEP2: Configuring VSL Port Channel

Virtual Switch Link (VSL) is the port channel which the VSS parameters will be exchanged to sync data & management planes. They are configured as L3 port-channels.

ADM-6509-VSS(config)#int port-channel 11
ADM-6509-VSS(config-if)#no switchport
ADM-6509-VSS(config-if)#switch virtual link 1

ADM-6509-VSS-2(config)#int port-channel 12
ADM-6509-VSS-2(config)#no switchport
ADM-6509-VSS-2(config-if)#switch virtual link 2

STEP3: configure the VSL ports

Typically we use 2x10GE links as the members of the VSL portchannel.

ADM-6509-VSS(config)#int range te1/5/4-5
ADM-6509-VSS(config-if-range)#switchport mode trunk
ADM-6509-VSS(config-if-range)#channel-group 11 mode on

ADM-6509-VSS-2(config)#int range te2/5/4-5
ADM-6509-VSS-2(config-if-range)#switchport mode trunk
ADM-6509-VSS-2(config-if-range)#channel-group 12 mode on

STEP4: Converting the Switch to Virtual Switch Mode:

ADM-6509-VSS#switch convert mode virtual 

ADM-6509-VSS-2#switch convert mode virtual

If there are no mismatching parameters, switches will reboot after entering this command..

STEP5: Configuring the Dual Active Fast-Hello

MCEC (Multi Chassis Ether Channel) is created like in this diagram. So if the VSL links fail for some reason, SW2 will think the supervisor engine of SW1 is gone and SW2 will also become active. Because both the supervisor engines are active now it can cause routing & switching loops and black holes. 

To prevent this we have to configure a dedicated link to monitor the active status of the supervisor engines.

It can be any link, usually a Gig port..



ADM-6509-VSS(config)#switch virtual domain 100
ADM-6509-VSS(config-vs-domain)#dual-active detection fast-hello

ADM-6509-VSS(config)#interface GigabitEthernet1/7/48
ADM-6509-VSS(config-if)#no switchport
ADM-6509-VSS(config-if)#no ip address
ADM-6509-VSS(config-if)#dual-active fast-hello

ADM-6509-VSS(config-if)#interface GigabitEthernet2/7/48
ADM-6509-VSS(config-if)#no switchport
ADM-6509-VSS(config-if)#no ip address
ADM-6509-VSS(config-if)#dual-active fast-hello

When dual-active condition is detected, the original active chassis enters into recovery mode and brings down all of its interfaces except the VSL and excluded interfaces.

Verification Commands

Following outputs are from a currently working VSS..

show switch virtual







show switch virtual role







show switch virtual link







show switch virtual link port-channel














show switch virtual redundancy














show redundancy















show switch virtual dual fast-hello







You can also find the mismatch parameters in VSS by issuing the following command
show switch virtual redundancy mismatch

5 comments:

  1. Hi there friends, fastidious paragraph and pleasant urging commented
    here, I am in fact enjoying by these.

    ReplyDelete
  2. nice blog my friend, thanks for sharing your knowledge

    ReplyDelete
  3. 1. InterNIC is iin control off registering domains.

    ReplyDelete
  4. Hi, Are these on real gear or simulated on EVE ?

    ReplyDelete