Page 1
System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches) First Published: 2020-11-30 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html.
Page 3
MAC Addresses and VLANs MAC Addresses and Device Stacks Default MAC Address Table Settings ARP Table Management How to Administer the Device Configuring the Time and Date Manually System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Example: Configuring MAC Threshold Notification Traps Example: Adding the Static Address to the MAC Address Table Example: Configuring Unicast MAC Address Filtering Additional References for Device Administration Feature History for Device Administration System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 5
Manually Assigning IP Information to Multiple SVIs Modifying Device Startup Configuration Specifying a Filename to Read and Write a System Configuration Manually Booting the Switch Booting the Device in Installed Mode System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 6
License Duration Authorization Code Policy RUM Report and Report Acknowledgement Trust Code Supported Topologies Connected to CSSM Through CSLU Connected Directly to CSSM Connected to CSSM Through a Controller System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 7
Configuring the Call Home Service for Direct Cloud Access Configuring the Call Home Service for Direct Cloud Access through an HTTPs Proxy Server Removing and Returning an Authorization Code Removing the Product Instance from CSSM System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 8
Feature History for Application Visibility and Control in a Wired Network C H A P T E R 5 Environmental Monitoring and Power Management About Environmental Monitoring System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches) viii...
Page 9
Feature History for Environmental Monitoring and Power Management C H A P T E R 6 Configuring SDM Templates Information About SDM Templates SDM Templates and Switch Stacks System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 10
Additional References for System Message Logs Feature History for System Message Logs C H A P T E R 8 Configuring Online Diagnostics Information About Configuring Online Diagnostics System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 11
Copy Configuration Files from a Switch to Another Switch Configuration Files Larger than NVRAM Configuring the Device to Download Configuration Files How to Manage Configuration File Information Displaying Configuration File Information Modifying the Configuration File System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 12
What to Do Next Configuring the Device to Download Configuration Files Configuring the Device to Download the Network Configuration File Configuring the Device to Download the Host Configuration File System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 13
Replacing the Current Running Configuration with a Saved Cisco IOS Configuration File Reverting to the Startup Configuration File Performing a Configuration Replace Operation with the configure confirm Command Performing a Configuration Rollback Operation System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches) xiii...
Page 14
Restrictions for Software Maintenance Upgrade Information About Software Maintenance Upgrade SMU Overview SMU Workflow SMU Package SMU Reload How to Manage Software Maintenance Updates Installing an SMU Package System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 15
Copying tracefiles off the box Monitoring Conditional Debugging Configuration Examples for Conditional Debugging Additional References for Conditional Debugging and Radioactive Tracing Feature History for Conditional Debugging and Radioactive Tracing System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 16
Procedure with Password Recovery Enabled Procedure with Password Recovery Disabled Preventing Switch Stack Problems Preventing Autonegotiation Mismatches Troubleshooting SFP Module Security and Identification Monitoring SFP Module Status Executing Ping System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 17
Feature Information for Recovering a Switch C H A P T E R 2 1 Line Auto Consolidation Line Auto Consolidation Feature History for Line Auto Consolidation System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches) xvii...
Page 19
You can manage the system time and date on your device using automatic configuration methods (RTC and NTP), or manual configuration methods. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference on Cisco.com. System Clock The basis of the time service is the system clock.
Page 20
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 21
Figure 1: Typical NTP Network Configuration If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices then synchronize to that device through NTP.
Page 22
20 clients. Broadcast-based NTP associations are also recommended for use on networks that have limited bandwidth, system memory, or CPU resources. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 23
The authentication process begins from the moment an NTP packet is created. Cryptographic checksum keys are generated using the message digest algorithm 5 (MD5) and are embedded into the NTP synchronization System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 24
The following figure shows a typical network example using NTP. Switch A is the primary NTP, with the Switch B, C, and D configured in NTP server mode, in server association with Switch A. Switch E is configured System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 25
A greater-than symbol [>] is appended. The prompt is updated whenever the system name changes. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.4 and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.4.
Page 26
(.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com.
Page 27
The MAC address tables on all stack members are synchronized. At any given time, each stack member has the same copy of the address tables for each VLAN. When an address ages out, the address is removed from System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
If you have an outside source on the network that provides time services, such as an NTP server, you do not need to manually set the system clock. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Internal time is kept in Coordinated Universal Example: Time (UTC), so this command is used only for display purposes and when the time is manually set. Device(config)# clock timezone AST -3 30 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 31
(24-hour format) in hours and minutes. • (Optional) offset Specifies the number of minutes to add during summer time. The default is 60. Step 5 Returns to privileged EXEC mode. Example: Device(config)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
The source address is set by the outgoing interface. NTP is enabled on all interfaces by default. All interfaces receive NTP packets. Configuring NTP Authentication To configure NTP authentication, perform this procedure: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 33
HMAC using the SHA2 hash function. The digest length is 256 bits and the key length is 1 to 32 bytes Use the no form of this command to remove authentication key. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Purpose Step 1 enable Enables privileged EXEC mode. Example: Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 35
• prefer: Sets this peer as the preferred one that provides synchronization. This keyword reduces clock hop among peers. Use the no form of this command to remove a server association. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Use the no form of this command to disable the interface from sending NTP broadcast packets. Step 5 [no] ntp broadcast client Enables the interface to receive NTP broadcast packets. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Example: Device# configure terminal Step 3 [no] ntp access-group {query-only | Create an access group, and apply a basic IP access list.. serve-only | serve | peer} access-list-number System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 38
Returns to privileged EXEC mode. Example: Device(config)# end Disabling NTP Services on a Specific Interface To disable NTP packets from being received on an interface, perform this procedure: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Follow these steps to manually configure a system name: Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
This is a secure site. Only signifies the beginning and end of the banner authorized users are allowed. text. Characters after the ending delimiter are For access, contact technical discarded. support. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Device# configure terminal Step 3 banner login c message c Specifies the login message. Example: Enters the delimiting character of your choice, for example, a pound sign (#), and press System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 46
Device(config)# mac address-table notification change interval 123 generated to the NMS. The range is 0 to Device(config)#mac address-table System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
MAC address moves from one port to another within the same VLAN. Follow these steps to configure the device to send MAC address-move notification traps to an NMS host: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 48
Enables the device to send MAC address move move notification traps to the NMS. Example: Device(config)# snmp-server enable traps mac-notification move Step 5 mac address-table notification mac-move Enables the MAC address move notification feature. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Follow these steps to configure the switch to send MAC address table threshold notification traps to an NMS host: Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 50
Example: Device(config)# mac address-table notification threshold Step 6 mac address-table notification threshold Enters the threshold value for the MAC address [limit percentage] | [interval time] threshold usage monitoring. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• You can disable MAC address learning on a single VLAN ID from 2 - 4093 (for example, no mac address-table learning vlan 223) or a range of VLAN IDs, separated by a hyphen or comma (for example, no mac address-table learning vlan 1-10, 15). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
(Optional) Reenable MAC address learning on VLAN in a global configuration mode. Example: Device# default mac address-table Adding and Removing Static Address Entries Follow these steps to add a static address: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 53
Step 4 show running-config Verifies your entries. Example: Device# show running-config Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Device# copy running-config startup-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
(Optional) Saves your entries in the copy running-config startup-config configuration file. Example: Device# copy running-config startup-config Monitoring and Maintaining Administration of the Device Command Purpose clear mac address-table dynamic Removes all dynamic entries. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
VLAN. Configuration Examples for Device Administration Example: Setting the System Clock This example shows how to manually set the system clock: Device# clock set 13:32:00 23 July 2013 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Example: Configuring a Login Banner This example shows how to configure a login banner by using the dollar sign ($) symbol as the beginning and ending delimiter: Device(config)# banner login $ System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
You cannot associate the same static MAC address to multiple interfaces. If the command is executed again with a different interface, the static MAC address is overwritten on the new interface. Device(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet1/1/1 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
DNS. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Dynamic Host Configuration Protocol (DHCP) auto configuration. Device Boot Process To start your device, you need to follow the procedures described in the Cisco Catalyst 9400 Series Switches Hardware Installation Guide for installing and powering on the device and setting up the initial device configuration.
The method that you use to upgrade Cisco IOS XE software depends on whether the switch is running in install mode or in bundle mode. In bundle mode or consolidated boot mode, a .bin image file is used from a local or remote location to boot the device.
To change a device running in bundle boot mode to install mode, set the boot variable to flash:packages.conf, and execute the install add file flash:cat9k_2.bin activate commit command. After the command is executed, the device reboots in install boot mode. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Use the device setup program if you want to be prompted for specific IP information. With this program, you can also configure a hostname and an enable secret password. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
If you want to use DHCP to relay the configuration file location on the network, you might also need to configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
The offer from the DHCP server is not a guarantee that the IP address is allocated to the client; however, the server usually reserves the address until the client System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
To enable a DHCP auto-image update on the device, the TFTP server where the image and configuration files are located must be configured with the correct option 67 (the configuration filename), option 66 (the DHCP System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
TFTP requests. Unavailability of other lease options does not affect autoconfiguration. • The device can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your device but are not configured. (These features are not operational.)
• Only the IP address is reserved for the device and provided in the DHCP reply. The configuration filename is not provided (two-file read method). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
You can change the settings of the environment variables by accessing the boot loader or by using Cisco IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment variables.
If it is set to anything filesystem :/ file-url boot loader else, you must manually boot command, and specify the name of the up the switch from the boot bootable image. loader mode. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
TFTP. A reset is required for the new value to take effect. IP_ADDRESS Specifies the IP address and the subnet mask for the associated IP subnet of the switch. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
This task describes how to configure DHCP autoconfiguration of the TFTP and DHCP settings on an existing device in the network so that it can support the autoconfiguration of a new device. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 72
10.10.10.1 Step 6 option 150 address Specifies the IP address of the TFTP server. Example: Device(dhcp-config)# option 150 10.10.10.1 Step 7 exit Returns to global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
You must first create a text file (for example, autoinstall_dhcp) that will be uploaded to the device. In the text file, put the name of the image that you want to download (for example, cat9k_iosxe.16.xx.xx.SPA.bin). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 74
Device(dhcp-config)# option 150 10.10.10.1 Step 7 option 125 hex Specifies the path to the text file that describes the path to the image file. Example: Device(dhcp-config)# option 125 hex System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 75
Example: Device(config)# tftp-server flash:boot-config.text Step 14 interface interface-id Specifies the address of the client that will receive the configuration file. Example: Device(config)# interface gigabitEthernet1/0/4 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 78
Returns to privileged EXEC mode. Example: Device(config)# end Step 8 Displays the interfaces status for the specified show interfaces vlan vlan-id VLAN. Example: Device# show interfaces vlan 99 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Specifying a Filename to Read and Write a System Configuration By default, the Cisco IOS software uses the config.text file to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next boot cycle.
Enables the switch to manually boot up during the next boot cycle. Example: Device(config)# boot manual Step 3 Returns to privileged EXEC mode. Example: Device(config)# end Step 4 show boot Verifies your entries. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• This command extracts the individual components of the .bin file into sub-packages and packages.conf file. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 82
Step 4 install abort (Optional) Terminates the software install activation, and rolls back to the version that was Example: running before current installation procedure. Device# install abort System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
The time is relative to the configured time zone on the device. To schedule reloads across several devices to occur simultaneously, the time on each device must be synchronized with NTP. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
USB device Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 86
If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
Page 87
Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco IOS Software [Everest], Catalyst L3 Switch Software (CAT9K_IOSXE), Experimental Version 16.6.20170902:081931 [v166_throttle-/scratch/mcpre/BLD-BLD_V166_THROTTLE_LATEST_20170902_091308 126] System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
Page 89
[R0] Activate package(s) on R0 --- Starting list of software package changes --- Old files list: Removed cat9k-cc_srdriver.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg Removed cat9k-espbase.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg Removed cat9k-guestshell.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg Removed cat9k-rpbase.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg Removed cat9k-rpboot.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg Removed cat9k-sipbase.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 90
Device# The following example shows how to rollback an update package to the base package: Device# install rollback to committed install_rollback: START Tue Jun 20 14:55:12 PDT 2017 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 91
Current cc 5 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 5 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 6 cc_srdriver cat9k-cc_srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 6 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 6 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 92
Replacement: cc 0 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 1 cc_srdriver cat9k-cc_srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 1 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 1 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 10 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 93
1 0 cat9k-espbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: rp 0 0 guestshell cat9k-guestshell.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: rp 0 0 rp_base cat9k-rpbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: rp 0 0 rp_daemons cat9k-rpbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: rp 0 0 rp_iosd cat9k-rpbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 94
File is in use, will not delete. cat9k-srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg File is in use, will not delete. cat9k-webui.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg File is in use, will not delete. packages.conf File is in use, will not delete. done. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 95
Checking status of Post_Remove_Cleanup on [R0] Post_Remove_Cleanup: Passed on [R0] Finished Post_Remove_Cleanup SUCCESS: install_remove Tue Jun 20 14:16:29 PDT 2017 Device# The following is sample output from the install abort command: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 96
Current cc 4 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 4 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 5 cc_srdriver cat9k-cc_srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 5 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 5 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 97
Current rp 1 0 srdriver cat9k-srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Replacement: cc 0 cc_srdriver cat9k-cc_srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 0 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 0 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 1 cc_srdriver cat9k-cc_srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
(next boot: enabled) Device# Example: Scheduling Software Image Reload This example shows how to reload the software on a device on the current day at 7:30 p.m: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
IP address assignments and DHCP. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 106
Performing Device Setup Configuration Feature History for Performing Device Setup Configuration System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
After a license is ordered, no preliminary steps, such as registration or generation of keys etc., are required unless you use an export-controlled or enforced license. There are no export-controlled or enforced licenses on Cisco Catalyst Access, Core, and Aggregation Switches, and product features can be configured on the device right-away.
This section explains the various components that can be part of your implementation of Smart Licensing Using Policy. Product Instance A product instance is a single instance of a Cisco product, identified by a Unique Device Identifier (UDI). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
CSSM Cisco Smart Software Manager (CSSM) is a portal that enables you to manage all your Cisco software licenses from a centralized location. CSSM helps you manage current requirements and review usage trends to plan for future license requirements.
Controller A management application or service that manages multiple product instances. On Cisco Catalyst Access, Core, and Aggregation Switches, Cisco DNA Center is the supported controller. Information about the controller, product instances that support the controller, and minimum required software...
Unenforced licenses do not require authorization before use in air-gapped networks, or registration, in connected networks. The terms of use for such licenses are as per the end user license agreement (EULA). All licenses available on Cisco Catalyst Access, Core, and Aggregation Switches are unenforced licenses. • Enforced Licenses that belong to this enforcement type require authorization before use.
The Smart Licensing Authorization Code (SLAC) allows activation and continued use of a license that is export-controlled or enforced. A SLAC is not required for any of the licenses available on Cisco Catalyst Access, Core, and Aggregation Switches, but if you are upgrading from an earlier licensing model to Smart Licensing Using Policy, you may have a Specific License Reservation (SLR) with its own authorization code.
Page 113
95) shows the policy values. Cisco default While you cannot configure a policy, you can request for a customized one, by contacting the Cisco Global Licensing Operations team. Go to Support Case Manager. Click OPEN NEW CASE > Select Software Licensing.
The reporting method, that is, how a RUM report is sent to CSSM, depends on the topology you implement. Trust Code A UDI-tied public key with which the product instance signs a RUM report. This prevents tampering and ensures data authenticity. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Supported workflows include receiving RUM reports from the product instance and sending the same to CSSM, authorization code installation, trust code installation, and application of policies. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
URL. This must be configured exactly as shown in the workflow section. • Smart transport through an HTTPs proxy: In this method, a product instance uses a proxy server to communicate with the licensing server, and eventually, CSSM. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 117
To change configuration after migration, see Workflow for Topology: Connected Directly to CSSM, on page > Product Instance Configuration > Configure a connection method and transport type > Option 1. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
RUM reports, report to CSSM, and return the ACK for installation on the product instance. All product instances that must be managed by Cisco DNA Center must be part of its inventory and must be assigned to a site. Cisco DNA Center uses the NETCONF protocol to provision configuration and retrieve the required information from the product instance - the product instance must therefore have NETCONF enabled, to facilitate this.
Communication between CSLU and CSSM is sent and received in the form of signed files that are saved offline and then uploaded to or downloaded from CSLU or CSSM, as the case may be. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Here you have a product instance and CSSM disconnected from each other, and without any other intermediary utilities or components. All communication is in the form of uploaded and downloaded files. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
117. Supported Products This section provides information about the Cisco IOS-XE product instances that are within the scope of this document and support Smart Licensing Using Policy. All models (Product IDs or PIDs) in a product series are supported – unless indicated otherwise.
The Cisco StackWise Virtual feature, which is available on Cisco Catalyst switches, is an example of such a set-up. The Quad-Supervisor with Route Processor Redundancy, which is available on Cisco Catalyst switches, is an example of such a set-up. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
How Upgrade Affects Enforcement Types for Existing Licenses When you upgrade to a software version which supports Smart Licensing Using Policy, the way existing licenses are handled, depends primarily on the license enforcement type. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 124
• An enforced or export-controlled license that was being used before upgrade, continues to be available after upgrade if the required authorization exists. There are no export-controlled or enforced licenses on any of the supported Cisco Catalyst Access, Core, and Aggregation Switches, therefore, these enforcement types and the requisite SLAC do not apply.
Smart Licensing environment. See Table 10: Outcome and Action for New Deployment Downgrade to Smart Licensing, on page 108 below. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 126
Smart Licensing Using Policy are not available anymore. Refer to the corresponding section below to know more about reverting to an earlier licensing model. Upgrade to Smart Licensing Using Policy and then Downgrade to Smart Licensing System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 127
CSLU) the Smart Licensing environment. Note Licenses that were in an evaluation or expired state in the Smart Licensing environment, revert to that same state after downgrade. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Logging into Cisco (CSLU Interface), on page 138 Configuring a Smart Account and a Virtual Account (CSLU Interface), on page 138 Adding a Product-Initiated Product Instance in CSLU (CSLU Interface), on page 139 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 129
CSLU forwards the information to CSSM and the returning ACK from CSSM, to the product instance. In case of a change in license usage, see Configuring a License , on page 163 to know how it affects reporting. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Setting Up a Connection to CSSM , on page 147. b. Configure a connection method and transport type (choose one) • Option 1: Smart transport: Set transport type to smart and configure the corresponding URL. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
To deploy Cisco DNA Center as the controller, complete the following workflow: Product Instance Configuration → Cisco DNA Center Configuration 1. Product Instance Configuration Where task is performed: Product Instance System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
The document provides detailed steps you have to complete in the Cisco DNA Center GUI: a. Set-up the Smart Account and Virtual Account. Enter the same log in credentials that you use to log in to the CSSM Web UI. This enables Cisco DNA Center to establish a connection with CSSM.
Page 133
2. CSLU Preference Settings Where tasks are performed: CSLU a. In the CSLU Preferences tab, click the Cisco Connectivity toggle switch to off. The field switches to “Cisco Is Not Available”. Configuring a Smart Account and a Virtual Account (CSLU Interface), on page 138 Adding a Product-Initiated Product Instance in CSLU (CSLU Interface), on page 139 3.
Page 134
Since CSLU is disconnected from CSSM, you must save usage data which CSLU has collected from the product instance to a file. Then, from a workstation that is connected to Cisco, upload it to CSSM. After this, download the ACK from CSSM. In the workstation where CSLU is installed and connected to the product instance, upload the file to CSLU.
Since CSLU is disconnected from CSSM, you must save usage data which CSLU has collected from the product instance to a file. Then, from a workstation that is connected to Cisco, upload it to CSSM. After this, download the ACK from CSSM. In the workstation where CSLU is installed and connected to the product instance, upload the file to CSLU.
Smart Licensing Using Policy handles various aspects of all earlier licensing models. Smart Licensing Using Policy is introduced in Cisco IOS XE Amsterdam 17.3.2. This is therefore the minimum required version for Smart Licensing Using Policy.
Page 137
(Smart Licensing Using Policy) The license counts remain the same. field displays NOT ENFORCED. (There Enforcement Type are no export-controlled or enforced licenses on Cisco Catalyst Access, Core, and Aggregation Switches). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 138
RUM report to CSSM. field: The ID token is Trust Code Installed: successfully converted and a trusted connected has been established with CSSM. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 139
Last report push: Sep 22 12:05:43 2020 PST Last report file write: <none> Trust Code Installed: Active: PID:C9500-16X,SN:FCW2233A5ZV INSTALLED on Sep 22 12:02:20 2020 PST Standby: PID:C9500-16X,SN:FCW2233A5ZY INSTALLED on Sep 22 12:02:20 2020 PST System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 140
It is always the active that reports usage, so if the active in this High Availabilty set-up changes, the new active product instance will display license consumption information and report usage. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 141
Smart Licensing Using Policy Example: Smart Licensing to Smart Licensing Using Policy Figure 10: Smart Licensing to Smart Licensing Using Policy: Active and Standby Product Instances After Migration System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Smart Licensing Using Policy. This is a set-up with an active and members. RTU Licensing is available on Cisco Catalyst 9300, 9400, and 9500 Series Switches until Cisco IOS XE Fuji 16.8.x. Smart Licensing was introduced starting from Cisco IOS XE Fuji 16.9.1.
Page 143
If any add-on licenses Cisco default are used, the policy requires usage reporting in 90 days. Since all licenses on Cisco Catalyst Cisco default Access, Core, and Aggregation Switches are unenforced, (enforcement type), no functionality is lost.
Page 144
Trust Code Installed: not installed. Under the header, the Usage Reporting: Next report push: field provides information about when the next RUM report must be sent to CSSM. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 145
97 How to Configure Smart Licensing Using Policy: Workflows by Topology , on page 110. The reporting method you can use depends on the topology you implement. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Example: SLR to Smart Licensing Using Policy The following is an example of a Cisco Catalyst 9500 switch migrating from Specific License Reservation (SLR) to Smart Licensing Using Policy. This is a High Availability set-up with an active and standby.
Page 147
C9500-DNA-16X-A (C9500-16X DNA Advantage): Description: C9500-DNA-16X-A Total reserved count: 2 Term information: Active: PID:C9500-16X,SN:FCW2233A5ZV License type: TERM Start Date: 2020-MAR-17 UTC End Date: 2021-MAR-17 UTC Term Count: 1 Standby: PID:C9500-16X,SN:FCW2233A5ZY System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 148
============= network-advantage (C9500 Network Advantage): Description: network-advantage Count: 2 Version: 1.0 Status: IN USE Export status: NOT RESTRICTED Feature Name: network-advantage Feature Description: network-advantage Enforcement type: NOT ENFORCED System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 149
Total reserved count: 2 Enforcement type: NOT ENFORCED Term information: Active: PID:C9500-16X,SN:FCW2233A5ZV Authorization type: SPECIFIC INSTALLED on Aug 31 10:15:01 2020 PDT License type: PERPETUAL Term Count: 1 Standby: PID:C9500-16X,SN:FCW2233A5ZY System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 150
Transport: Type: set to off. header: field displays Usage Reporting: Next report push: if and when the next RUM report must be uploaded to CSSM. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 151
Licenses" since there has been no usage reporting yet. After the requisite RUM report is uploaded and acknowledged "Reserved Licenses" and license usage will only be seen in the Active PID product Instance. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 152
Figure 12: SLR to Smart Licensing Using Policy: Active and Standby Product Instances After Migration, Before Reporting Figure 13: SLR to Smart Licensing Using Policy: Active and Standby Product Instances After Migration, After Reporting System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Smart Licensing Using Policy, all licenses are displayed as IN USE and the Cisco default policy is applied to the product instance. Since all licenses on Cisco Catalyst Access, Core, and Aggregation Switches are unenforced, (enforcement type), no functionality is lost.
Page 154
Trust Code Installed: not installed. header: The field Usage Reporting: Next report push: provides information about when the next RUM report must be sent to CSSM. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 155
97 How to Configure Smart Licensing Using Policy: Workflows by Topology , on page 110. The reporting method you can use depends on the topology you implement. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
In the Preferences screen navigate to the Smart Account field and add the Smart Account Name. b) Next, navigate to the Virtual Account field and add the Virtual Account Name. If you are connected to CSSM (In the Preferences tab, Cisco is Available), you can select from the list of available SA/VAs.
Device# configure terminal Step 3 interface interface-type-number Enters interface configuration mode and specifies the Ethernet interface, subinterface, Example: or VLAN to be associated with the VRF. Device (config)# interface gigabitethernet0/0 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 158
Step 12 ip domain name domain-name Configure DNS discovery of your domain. In accompanying example, the name-server Example: creates entry cslu-local.example.com Device(config)# ip domain name example.com System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
CSLU connects to the selected Product Instance(s)and collects the usage reports. These usage reports are stored in CSLU’s local library. These reports can then be transferred to Cisco if CSLU is connected to Cisco, or (if you are not connected to Cisco) you can manually trigger usage collection by selecting Product Instances >...
If CSLU is currently logged into Cisco the reports will be automatically sent to the associated Smart Account and Virtual Account in Cisco and Cisco will send an acknowledgement to CSLU as well as to the Product Instance. The acknowledgement will be listed in the alerts column of the Product Instance table.
Upload From Cisco (CSLU Interface) Once you have received the ACK or other file (such as an authorization code) from Cisco, you are ready to Upload that file to your system. This procedure can be used for workstations that are offline. Complete these steps to select and upload files from Cisco.
Page 162
(Required) Clears the specified username, if it exists. For name , enter the same username Example: you will create in the next step. This ensures Device(config)# no username admin System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 163
Defines the IP address for the VRF. Example: Device(config-if)# ip address 192.168.0.1 255.255.0.0 Step 15 negotiation auto Enables auto-negotiation operation for the speed and duplex parameters of an interface. Example: Device(config-if)# negotiation auto System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 164
Device(config)# ip route vrf mgmt-vrf 192.168.0.1 255.255.0.0 192.168.255.1 Step 24 Logs system messages and debug output to a logging host remote host. Example: Device(config)# logging host 172.25.33.20 vrf Mgmt-vrf System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
The 209.165.201.1 209.165.200.225 209.165.201.14 209.165.200.230 device sends DNS queries to the primary server first. If that query fails, the backup servers are queried. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 166
Enables the VLAN for which this access port carries traffic and sets the interface as a Example: nontrunking nontagged single-VLAN Ethernet Device(config)# interface interface. GigabitEthernet1/0/1 Device(config-if)# switchport access System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
To configure the transport mode, enable the Call Home service, and configure a destination profile (A destination profile contains the required delivery information for an alert notification. At least one destination profile is required.), complete the following steps: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 169
Step 8 profile name Enters the Call Home destination profile configuration submode for the specified Example: destination profile. Device(config-call-home)# profile By default: CiscoTAC-1 Device(config-call-home-profile)# System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 170
Call Home Example: configuration mode. Device(config-call-home-profile)# exit Step 13 exit Exits Call Home configuration mode and returns to privileged EXEC mode. Example: Device(config-call-home)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Enables Call Home as the transport mode. Example: Device(config)# license smart transport callhome Step 4 service call-home Enables the Call Home feature. Example: Device(config)# service call-home System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Ensure that the license that you want to remove and return is not in-use. If it is in-use, you must Example: first disable the feature. Device# show license summary System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 173
Step 4 Enters the global configuration mode. configure terminal Example: Device# configure terminal Step 5 no license smart reservation Disables SLR configuration on the product instance. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Log in using the username and password provided by Cisco. Step 2 Click the Inventory tab. Step 3 From the Virtual Account drop-down list, choose your Virtual Account. Step 4 Click the Product Instances tab. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Step 9 Click Create Token. Step 10 You will see your new token in the list. Click Actions and download the token as a file. .txt System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Date and time are in the local time zone. See Example: field Trust Code Installed: <output truncated> Trust Code Installed: Active: PID:C9500-24Y4C,SN:CAT2344L4GH INSTALLED on Sep 04 01:01:46 2020 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Log in to the CSSM Web UI at https://software.cisco.com. Log in using the username and password provided by Cisco. Step 2 Select the Smart Account (upper left-hand corner of the screen) that will receive the report. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
From the Select Virtual Accounts pop-up, select the Virtual Account that will receive the uploaded file. The file is uploaded to Cisco and is listed in the Usage Data Files table in the Reports screen showing the File Name, time is was Reported, which Virtual Account it was uploaded to, the Reporting Status, Number of Product Instances reported, and the Acknowledgement status.
• smart: Enables Smart transport. Step 4 license smart url{url |cslu Sets a URL for the configured transport mode. Depending on the transort mode you have cslu_url|default|smart smart_url|utility smart_url} System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 180
When you configure this option, the system automatically creates a duplicate of the URL in license smart url url. You can ignore the duplicate entry, no further action is required. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Network Advantage and you also want to use features available with a corresponding Digital Networking Architecture (DNA) Advantage license, you can configure the same using this task. Or System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 182
Step 4 exit Returns to the privileged EXEC mode. Example: Device(config)# exit Step 5 copy running-config startup-config Saves changes in the configuration file. Example: Device# copy running-config startup-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 183
Download All For Cisco (CSLU Interface), on page 142 > Uploading Usage Data to CSSM and Downloading an ACK, on page 159 > Upload From Cisco (CSLU Interface), on page 143. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• No Connectivity to CSSM and No CSLU: License usage is recorded on the product instance. You must save RUM reports to a file on the product instance, and from a workstation that has connectivity to the internet, and Cisco, upload it to CSSM: Enter license smart save usage privileged EXEC command to save usage >...
Page 185
Address or node name [t-line] Terminal line number in octal (or in decimal if the decimal-TTY service is enabled) [clock] Clock (for example, 01:20:08 UTC Tue Mar 2 1993 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
(incase it is a failure message), and recommended action (if action is required). For all error messages, if you are not able to solve the problem, contact your Cisco technical support representative with the following information: The message, exactly as it appears on the console or in the system log.
Page 187
Error Message %SMART_LIC-3-AUTHORIZATION_INSTALL_FAILED: The install of a new licensing authorization code has failed on [chars]: [chars]. This message is not applicable to Cisco Catalyst Access, Core, and Aggregation Switches, because there are no enforced or export-controlled licenses on these product instances.
Page 188
8182. Transport: Type: cslu Cslu address: http://192.168.0.1:8182/cslu/v1/pi If it is not, configure the license smart transport cslu and license smart url cslu http://<cslu_ip_or_host>:8182/cslu/v1/pi commands in global configuration mode System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 189
From a Web browser on the device where CSLU is installed, verify https://<product-instance-ip>/ This ensures that the REST API from CSLU to the product instance works as expected. If the above does not work and policy installation still fails, contact your Cisco technical support representative. ---------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------- Error Message %SMART_LIC-3-COMM_RESTORED: Communications with the [chars] restored.
Page 190
• A signature mismatch: This means that the system clock is not accurate. • Timestamp mismatch: This means the product instance time is not synchronized with CSSM, and can cause installation to fail. Recommended Action: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 191
Explanation: Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite) is supported in the Smart Licensing Using Policy environment starting with Cisco IOS XE Amsterdam 17.3.3 only (See SSM On-Prem, on page 92). In unsupported releases, the product instance will behave as follows: •...
Page 192
Error Message %SMART_LIC-6-REPORTING_REQUIRED: A Usage report acknowledgement will be required in [dec] days. Explanation: This is an alert which means that RUM reporting to Cisco is required. [dec] is the amount of time (in days) left to meet this reporting requirements.
• If the product instance is managed by a controller, the controller will send the RUM report at the scheduled time. If you want to trigger an ad-hoc report, you can do so in the Cisco DNA Center GUI. ----------------------------------------------------------------------------------------------------...
Page 194
Workflow for Topology: Connected to CSSM Through a Controller, on page 113. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Information About Application Visibility and Control in a Wired Network Application Visibility and Control (AVC) is a critical part of Cisco’s efforts to evolve its Branch and Campus solutions from being strictly packet and connection based to being application-aware and application-intelligent.
Page 196
Multiple set and police including Ingress and egress policy-map webex-policy class webex-class default set dscp af31 police 4000000 class class-webex-category set dscp ef police 6000000 class class-default set dscp <> System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• There is a delay in the QoS classification since the application classification is done offline (while the initial packet/s of the flow are meanwhile forwarded before the correct QoS classification). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 198
Guide). • Starting with Cisco IOS XE 16.12.1 release, a new flow record has been included - the DNS flow record. The DNS flow record is similar to the 5-tuple record and includes the DNS domain name field. It accounts only for DNS related fields.
Creates a class map. Example: Device(config)# class-map webex-class Step 3 match protocol application-name Specifies match to the application name. Example: Device(config)# class-map webex-class Device(config-cmap)# match protocol webex-media System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 201
Note To delete an existing class map, use the no class class-map-name policy-map configuration command. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Applies local policy to interface. Example: Device(config-if)# service-policy input MARKING_IN Step 4 Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Device(config-flow-record)# match be matched against the application. application name Step 7 match connection client ipv4 address Specifies a match to the IPv4 address of the client (flow initiator). Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 204
: • 0x01 = Initiator - the flow source is the initiator of the connection For wired AVC, the initiator keyword is always set to initiator. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 205
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Step 21 show flow record Displays information about all the flow records. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 206
(Optional) Specifies a match to the connection match connection client transport port port of the client as a key field for a flow Example: record. Device(config-flow-record)# match connection client transport port System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 207
: • 0x01 = Initiator - the flow source is the initiator of the connection For wired AVC, the initiator keyword is always set to initiator. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 208
Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Step 22 show flow record Displays information about all the flow records. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 209
Example: Device(config-flow-record)# match ipv4 destination address Step 8 match transport source-port Specifies a match to the transport source port as a key field. Example: Device(config-flow-record)# match transport source-port System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 210
Example: flow. Device(config-flow-record)# collect timestamp absolute last Step 17 Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 211
Example: Device(config-flow-record)# match ipv4 destination address Step 8 match transport source-port Specifies a match to the transport source port as a key field. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 212
Example: flow. Device(config-flow-record)# collect timestamp absolute last Step 17 Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 213
Step 7 match connection client ipv4 address Specifies a match to the IPv4 address of the client (flow initiator). Example: Device(config-flow-record)# match connection client ipv4 address System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 214
Specifies to collect the side of the flow — Initiator or Responder — relevant to the Example: direction of the flow specified by the collect System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 215
Step 20 Configures the use of the DNS Domain-Name collect application dns domain-name as a Collect field for a DNS flow record. Example: Device(config-flow-record)# collect application dns domain-name System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 216
Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Step 7 show flow exporter Displays information about all the flow exporters. Example: Device# show flow exporter System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 217
16 to Device(config-flow-monitor)# cache 65536. timeout active 1800 Only normal cache type is Example: Note supported. Device(config-flow-monitor)# cache timeout inactive 200 Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 218
Step 14 show flow monitor flow-monitor-name cache Displays flow cache contents in CSV format. format csv Example: Device# show flow monitor flow-monitor-1 cache format csv System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
For each custom protocol, user can define a selector ID that can be used for reporting purposes. There are various types of application customization: Generic protocol customization • HTTP • SSL System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 220
Indication (SNI) or Common Name (CN). SSL Customization Custom application called MYSSL using SSL unique-name “mydomain.com” with selector ID 11. Device# configure terminal Device(config)#ip nbar custom MYSSL ssl unique-name *mydomain.com id 11 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 221
Device(config-custom)# dscp ef Examples: Monitoring Custom Applications Show Commands for Monitoring Custom Applications show ip nbar protocol-id | inc Custom Device# show ip nbar protocol-id | inc Custom LAYER4CUSTOM Custom System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Protocol packs are software packages that update the NBAR2 protocol support on a device without replacing the Cisco software on the device. A protocol pack contains information on applications officially supported by NBAR2 which are compiled and packed together. For each application, the protocol-pack includes information on application signatures and application attributes.
Page 223
The following example shows how to use the force keyword to load a protocol pack of a lower version: Device> enable Device# configure terminal Device(config)# ip nbar protocol-pack flash:OldDefProtoPack force Device(config)# exit System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Device(config-pmap-c)# set dscp 12 Device(config-pmap-c)#end This example shows how to create policy maps and define existing class maps for ingress QoS: Device# configure terminal Device(config)# policy-map test-avc-down Device(config-pmap)# class cat-browsing System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 225
The following is a sample output for the statistics per interface: Device# show ip nbar protocol-discovery int GigabitEthernet1/0/1 GigabitEthernet1/0/1 Last clearing of "show ip nbar protocol-discovery" counters 00:03:16 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 227
Displays all the protocol attributes used by NBAR. The following shows sample output for some of the attributes: Device# show ip nbar protocol-attribute cisco-jabber-im Protocol Name : cisco-jabber-im encrypted : encrypted-yes System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 228
Show Commands for Viewing Flow Monitor Configuration show flow monitor wdavc Displays information about the specified wired AVC flow monitor. Device # show flow monitor wdavc Flow Monitor wdavc: Description: User defined System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 229
1800 secs) - Inactive timeout 15 secs) CONN IPV4 INITIATOR ADDR CONN IPV4 RESPONDER ADDR CONN RESPONDER PORT FLOW OBSPOINT ID IP VERSION IP PROT APP NAME flow System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 230
Displays flow cache contents in similar format as the flow record. Device# show flow monitor wdavc cache format record Cache type: Normal (Platform cache) Cache size: 12000 Current entries: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Question: With protocol-discovery, I see an aggregate view of all application. How can I see traffic distribution over time? Answer: WebUI will give you view of traffic over time for the last 48 hours. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Cisco IOS XE Gibraltar DNS flow record Support for DNS flow record was introduced. DNS 16.12.1 flow record uses the DNS Domain-Name as the collect field for defining the flow record. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 238
Analytics on the same port was introduced. Encrypted Traffic Analytics Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
This is the default. counters Displays operational counters. history Displays the sensor state change history. location Displays sensors by location. sensor Displays the sensor summary. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Celsius (45 ,55 ,65 ,72 )(Celsius) The following example illustrates how to display the LED status on a supervisor module. Device# show hardware led Current Mode: STATUS SWITCH: C9407R SYSTEM: AMBER SUPERVISOR: ACTIVE System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
SYSTEM Rail-0.85DOPv 0 - 5 SYSTEM Rail-0.85DOPv^N 0 - 5 SYSTEM Rail-0.85DOPv^O 0 - 5 -------------------------------------------------------------------------------- Sensor Value Total Time of each Sensor -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- No historical data -------------------------------------------------------------------------------- System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Case 3. Temperature emergency on a power supply. Power cycle the device to recover from power supply When critical or shutdown alarm threshold is shut down. exceeded, all the power supplies will shut down. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Major Syslog message displays the shutdown threshold. when the alarm is issued. Chassis temperature Minor Orange Syslog message displays exceeds the warning when the alarm is issued. threshold. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Disabling Thermal Shutdown Starting with the Cisco IOS XE Gibraltar 16.11.1 release, the option to manually disable the system thermal shutdown has been introduced. This prevents the triggerring of the supervisor engine's action to turn off the power supplies of the chassis even when the temperatures exceed the critical and shutdown temperatures. The thermal shutdown disable feature allows you to bypass the system thermal shutdown process even when the system has already reached the shutdown state.
• Supported during run time. Power Management This section describes the power management feature in the Cisco Catalyst 9400 Series Switchesand the aspects of power management that you can control and configure. For information about the hardware, including installation, removal and power supply specifications, see the Cisco Catalyst 9400 Series Switches Hardware Installation Guide.
System Power - Maximim Used 2115 • Total standby output power ( ) is equal to total active output power ( PS7 Capacity + PS8 Capacity Capacity + PS2 Capacity System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
: Combined Power supplies currently active Power supplies currently available : 8 Power Summary Maximum (in Watts) Used Available ------------- ------ --------- System Power 2030 2030 Inline Power 23570 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• The power requirements for the installed modules exceed the power provided by the power supplies. • If the switch has a single power supply module that is unable to meet power requirements, the following error message is displayed: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Cisco power calculator on cisco.com to help determine the number of power supplies that is required for either combined or redundant mode. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
5 through 8. In the n+n example here, the power supply modules in slots PS5, PS6, PS7, and PS8 are being used as standby modules, and have been configured accordingly. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
To configure combined mode on your switch, perform this task: Before you begin Note that this mode utilizes the available power from all the power supplies; however, your switch has no power redundancy. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
(including line cards and fan tray). Do not remove the second supervisor to remedy a situation where there is an insufficient number of power supply modules. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Beginning in the privileged EXEC mode, perform these steps to move from single to a dual supervisor setup: Before you begin Calculate the required power for a dual supervisor setup. Cisco Power Calculator (CPC) enables you to calculate the power supply requirements for a specified configuration:...
Starting from Cisco IOS XE Gibraltar 16.12.1 , autoLC shutdown is always enabled and cannot be disabled. In all earlier releases, autoLC shutdown is disabled by default and must be manually enabled if you want the system hardware to shut down line cards in the event of a power constraint.
Page 256
4 (shuts down first) If you do not specify an order and autoLC shutdown is enabled, then by default the system shuts down line cards from the highest to the System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Powers down the specified module by placing it in low power mode. shutdown unpowered Example: Device(config)# hw-module slot 1/0 shutdown unpowered Step 3 Exits the global configuration mode Example: Device(config)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Example: Combined Mode and State (AC- and DC-Input) The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, power supply modules of the same capacity (3200W) have been installed in slots 1 through 8.
Example: Combined Mode and State (DC-Input Only) The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, power supply modules of the same capacity and type (C9400-PWR-3200DC) have been installed in slots 1 through 8.
Different Types + Normal Protected State The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, power supply modules of the same capacity (3200W) have been installed in slots 1 through 8.
Page 261
Other valid configuration options for the n+1 mode: • All installed modules are AC-input power supply modules of the same capacity and with the same AC-input voltage voltage level; one module is configured as standby. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Type + Normal Protected State The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, power supply modules of the same capacity and type (C9400-PWR-3200DC) have been installed in slots 1 through 8.
+ Full Protected State) The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, power supply modules of the same capacity (3200W) have been installed in slots 1 through 8.
+ Normal Protected State) The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, slots 1 through 4 have AC-input power supply modules of the same capacity (2100W) and all are configured as active.
Page 265
(in Watts) Used Available ------------- ------ --------- System Power 3505 3505 Inline Power 4895 ------------- ------ --------- Total 3505 8400 Other valid configuration options for the n+n mode: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Support for the 3200W DC-Input power supply Supply Module module was introduced (C9400-PWR-3200DC). Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload. Table 24: Approximate Number of Feature Resources Allowed by Templates in Cisco Catalyst 9400 Series Supervisor 1 Resource...
Page 268
MPLS Label MPLS L3VPN Routes VRF MPLS L3VPN Routes Prefix MVPN MDT Tunnels L2VPN EOMPLS Attachment Table 25: Approximate Number of Feature Resources Allowed by Templates in Cisco Catalyst 9400 Series Supervisor 1XL and Supervisor 1XL-Y Module Template Name Access Core...
Follow these steps to use the SDM template to maximize feature usage: Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Example: Enter your password if prompted. Device> enable System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Use the following commands to monitor and maintain SDM templates. Command Purpose show sdm prefer Displays the SDM template in use. reload Reloads the switch to activate the newly configured SDM template. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Configuration Examples for SDM Templates Examples: Displaying SDM Templates This is an example output showing the advanced template information on Cisco Catalyst 9400 Series Supervisor 1 Module Device#show sdm prefer Showing SDM Template Info This is the Access template.
Page 272
Some features such as IPv6, use up double the entry size; so only half as many entries can be created. * values can be modified by sdm cli. This is an example output showing the advanced template information on Cisco Catalyst 9400 Series Supervisor 1XL Module Device This is the Access template.
Page 274
Some features such as IPv6, use up double the entry size; so only half as many entries can be created. * values can be modified by sdm cli. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 276
Configuring SDM Templates Feature History for SDM Templates System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
You can remotely monitor system messages by viewing the logs on a syslog server or by accessing the switch through Telnet, through the console port, or through the Ethernet management port. Note The syslog format is compatible with 4.3 BSD UNIX. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Text string containing detailed information about the event being reported. Default System Message Logging Settings Table 28: Default System Message Logging Settings Feature Default Setting System message logging to the console Enabled. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
How to Configure System Message Logs Setting the Message Display Destination Device If message logging is enabled, you can send messages to specific locations in addition to the console. This task is optional. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 280
Device# terminal monitor session has ended. You must perform this step for each session to see the debugging messages. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
For example, to change the setting for vty line 2, enter: line vty 2 When you enter this command, the mode changes to line configuration. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
To reenable message logging after it has been disabled, use the logging on global configuration command. This task is optional. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Limit messages displayed to the selected device by specifying the severity level of the message. This task is optional. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Device(config)# logging history 3 and emergencies messages are sent. Step 3 logging history size number Specifies the number of syslog messages that can be stored in the history table. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Creates the log file. The syslog daemon sends prompt. messages at this level or at a more severe level to this file. Example: $ touch /var/log/cisco.log $ chmod 666 /var/log/cisco.log System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/2, changed state to up (Switch-2) 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down (Switch-2) 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/1, changed state to down 2 (Switch-2) System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
UNIX syslog server, depending on your configuration Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
After you configure online diagnostics, you can manually start diagnostic tests or display the test results. You can also see which tests are configured for the device or switch stack and the diagnostic tests that have already run. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Run this as a health-monitoring test in case you experience any problem with the fan module. Default Intitial release Cisco IOS XE Everest 16.6.1. Corrective action – Hardware support Supervisors. TestPhyLoopback System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 291
This can be run as a health-monitoring test and also as an on-demand test. Default Intitial release Cisco IOS XE Everest 16.6.1. Corrective action – System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 292
This test runs every 150 seconds. Attribute Description Disruptive or Nondisruptive Nondisruptive. Recommendation Do not disable. This can be run as a health-monitoring test and also as an on-demand test. Default System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• complete: Starts the complete test suite. • minimal: Starts the minimal bootup test suite. • non-disruptive: Starts the nondisruptive test suite. • per-port: Starts the per-port test suite. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• non-disruptive: Starts the nondisruptive test suite. • per-port: Starts the per-port test suite. You can schedule the tests as follows: • Daily: Use the daily hh:mm parameter. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• name: Name of the test that appears in the show diagnostic content command output. • test-id: ID number of the test that appears in the show diagnostic content command output. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 296
Step 6 diagnostic monitor modulenumber test Enables the specified health-monitoring tests. {name | test-id | test-id-range | all} The switch number keyword is supported only Example: on stacking switches. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
EXEC show commands in this table: Table 29: Commands for Diagnostic Test Configuration and Results Command Purpose show diagnostic content module [number | all] Displays the online diagnostics configured for a switch. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Device(config)# diagnostic monitor interval module 1 test TestPortAsicStackPortLoopback Example: Schedule Diagnostic Test This example shows how to schedule diagnostic testing for a specific day and time on a specific switch: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
(ASICs) by writing values into registers and reading back the values from these registers. It is a non-disruptive test and can be run as a health monitoring test. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Restrictions for Managing Configuration Files • Many of the Cisco IOS commands described in this document are available and function only in certain configuration modes on the device. • Some of the Cisco IOS configuration commands are only available on certain device platforms, and the command syntax may vary on different platforms.
To enter configuration mode on the device, enter the configure command at the privileged EXEC prompt. The Cisco IOS software responds with the following prompt asking you to specify the terminal, memory, or a file stored on a network server (network) as the source of configuration commands:...
In some implementations of TFTP, you must create a dummy file on the TFTP server and give it read, write, and execute permissions before copying a file over it. Refer to your TFTP documentation for more information. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
You also can enable rcp support to allow users on remote systems to copy files to and from the device. To configure the Cisco IOS software to allow remote users to copy files to and from the device, use the ip rcmd rcp-enable global configuration command.
The RCP protocol requires a client to send a remote username on each RCP request to a server. When you copy a configuration file from the device to a server using RCP, the Cisco IOS software sends the first valid username it encounters in the following sequence: 1.
The configurations are copied onto the TFTP server. Then, login to another switch and run the command copy tftp: startup-config and follow the instructions. The configurations are now copied onto the other switch. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Release 10.0 or later release boot ROMs. Installing new ROMs is a one-time operation and is necessary only if you do not already have Cisco IOS Release 10.0 in ROM. If the boot ROMs do not recognize a compressed configuration, the following message is displayed:...
Device# show running-config Step 5 show startup-config Displays the contents of the startup configuration file. (Command alias for the more Example: nvram:startup-config command.) Device# show startup-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
NVRAM. Modifying the Configuration File The Cisco IOS software accepts one configuration command per line. You can enter as many configuration commands as you want. You can add comments to a configuration file describing the commands you have entered. Precede a comment with an exclamation point (!). Because comments are not stored in NVRAM or in the active copy of the configuration file, comments do not appear when you list the active configuration with the show running-config or more system:running-config EXEC commands.
Copying a Configuration File from the Device to a TFTP Server To copy configuration information on a TFTP network server, complete the tasks in this section: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
To copy a startup configuration file or a running configuration file from the device to an RCP server, use the following commands beginning in privileged EXEC mode: Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Storing a Startup Configuration File on an RCP Server The following example shows how to store a startup configuration file on a server by using RCP to copy the file: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
(Optional) Specifies the default password. ip ftp password password Example: Device(config)# ip ftp password adminpassword Step 5 (Optional) Exits global configuration mode. This step is required only if you override the Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Example: Device# copy tftp://server1/dir10/datasource flash:startup-config Examples In the following example, the software is configured from the file named tokyo-confg at IP address 172.16.2.155: Device# copy tftp://172.16.2.155/tokyo-confg system:running-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• copy r cp:[[[/ / [ username@]l o cat i o n]/ d i r ect o ry]/ f i l e name]n vram:startup-conf i g Example: Device# copy System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
To copy a configuration file from an FTP server to the running configuration or startup configuration, complete the tasks in this section: Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
IP address of 172.16.101.101, and loads and runs the commands on the device: device# copy ftp://netadmin1:mypass@172.16.101.101/host1-confg system:running-config Configure using host1-confg from 172.16.101.101? [confirm] Connected to 172.16.101.101 Loading 1112 byte file host1-confg:![OK] System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
] • The source device and the destination Example: device cannot be the same. For example, the copy usbflash0: usbflash0: command is invalid. Device# copy flash: usbflash0: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Step 2 configure terminal (Optional) Enters global configuration mode. This step is required only if you override the Example: default remote username or password (see Steps 3 and 4). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Example: • Enter your password if prompted. Device> enable Step 2 configure terminal (Optional) Enters global configuration mode. This step is required only if you override the Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
The following example shows the copying of the configuration file named switch-config from a TFTP server to the flash memory card inserted in usbflash0. The copied file is renamed new-config. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Specifying the CONFIG_FILE Environment Variable on Class A Flash File Systems On Class A flash file systems, you can configure the Cisco IOS software to load the startup configuration file specified by the CONFIG_FILE environment variable. The CONFIG_FILE variable defaults to NVRAM.
CONFIG_FILE environment variable and a distilled version to NVRAM. A distilled version is one that does not contain access System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
NVRAM, the device enters the Setup command facility. Configuring the Device to Download the Network Configuration File To configure the Cisco IOS software to download a network configuration file from a server at startup, complete the tasks in this section:...
Device# copy system:running-config nvram:startup-config Configuring the Device to Download the Host Configuration File To configure the Cisco IOS software to download a host configuration file from a server at startup, complete the tasks in this section: Procedure Command or Action...
Page 334
Step 5 Exits global configuration mode. Example: Device(config)# end Step 6 copy system:running-config Saves the running configuration to the startup configuration file. nvram:startup-config Example: Device# copy system:running-config nvram:startup-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
CLI in a configuration mode. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 336
Managing Configuration Files Feature History for Managing Configuration Files System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
SCP allows only users with a privilege level of 15 to copy a file in the Cisco IOS File System (Cisco IFS) to and from a device by using the copy command. An authorized administrator can also perform this action from a workstation.
How to Configure Secure Copy The following sections provide information about the Secure Copy configuration tasks. Configuring Secure Copy To configure a Cisco device for SCP server-side functionality, perform the following steps. Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode.
Purpose Step 1 enable Enables privileged EXEC mode. Example: Enter your password, if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 340
Device(config)# ip scp server enable Step 10 ip ssh bulk-mode (Optional) Enables SSH bulk data transfer mode to enhance the throughput performance Example: of SCP. Device(config)# ip ssh bulk-mode System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Device(config)# aaa authorization exec default group tacacs+ ! SSH must be configured and functioning properly. Device(config)# ip ssh time-out 120 Device(config)# ip ssh authentication-retries 3 Device(config)# ip scp server enable System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
The format of the configuration files used as input by the Configuration Replace and Configuration Rollback feature must comply with standard Cisco software configuration file indentation rules as follows: • Start all commands on a new line with no indentation, unless the command is within a configuration submode.
Rollback Configuration Archive The Cisco IOS configuration archive is intended to provide a mechanism to store, organize, and manage an archive of Cisco IOS configuration files to enhance the configuration rollback capability provided by the configure replace command. Before this feature was introduced, you could save copies of the running configuration using the copy running-config destination-url command, storing the replacement file either locally or remotely.
The configure replace privileged EXEC command provides the capability to replace the current running configuration with any saved Cisco IOS configuration file. This functionality can be used to revert to a previous configuration state, effectively rolling back any configuration changes that were made since the previous configuration state was saved.
Cisco IOS configuration rollback capability uses the concept of reverting to a specific configuration state based on a saved Cisco IOS configuration file. This concept is similar to the database idea of saving a checkpoint (a saved version of the database) to preserve a specific state.
No prerequisite configuration is needed to use the configure replace command. Using the configure replace command in conjunction with the Cisco IOS configuration archive and the archive config command is optional but offers significant benefit for configuration rollback scenarios. Before using the archive config command, the configuration archive must be configured.
Device# archive config command. Performing a Configuration Replace or Configuration Rollback Operation Perform this task to replace the current running configuration file with a saved Cisco IOS configuration file. Note You must create a configuration archive before performing this procedure. See...
Page 349
• The nolock keyword disables the locking of the running configuration file that prevents other users from changing the running configuration during a configuration replace operation. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 350
Use this command only if the time Device# configure confirm seconds keyword and argument of the configure replace command are specified. Step 5 exit Exits to user EXEC mode. Example: Device# exit System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Device> enable Device# Step 2 show archive Use this command to display information about the files saved in the Cisco IOS configuration archive. Example: Device# show archive There are currently 1 archive configurations saved. The next archive file will be named flash:myconfiguration-2...
Page 352
Configuration Replace and Configuration Rollback Monitoring and Troubleshooting the Feature Step 3 debug archive versioning Use this command to enable debugging of the Cisco IOS configuration archive activities to help monitor and troubleshoot configuration replace and rollback. Example: Device# debug archive versioning 9 06:46:28.419:backup_running_config...
Configuration Rollback Creating a Configuration Archive The following example shows how to perform the initial configuration of the Cisco IOS configuration archive. In this example, flash:myconfiguration is specified as the location and filename prefix for the files in the configuration archive and a value of 10 is set as the maximum number of archive files to be saved.
Reverting to the Startup Configuration File The following example shows how to revert to the Cisco IOS startup configuration file using the configure replace command. This example also shows the use of the optional force keyword to override the interactive...
Additional References for Configuration Replace and Configuration Rollback Related Documents Related Topic Document Title For complete syntax and usage information for Command Reference (Catalyst 9400 Series Switches) the commands used in this chapter. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Factory reset erases all the customer-specific data stored in a device and restores the device to its original configuration at the time of shipping. Data that is erased includes configurations, log files, boot variables, System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
The factory reset process is used in the following scenarios: • Return Material Authorization (RMA) for a device: If you have to return a device to Cisco for RMA, remove all the customer-specific data before obtaining an RMA certificate for the device.
Page 359
The range is from 1 to 16. • all: Selects all the switches in the stack. After the factory reset process is successfully completed, the device reboots and enters ROMmon mode. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
DO NOT UNPLUG THE POWER OR INTERRUPT THE OPERATION Are you sure you want to continue? [confirm] The following examples show how to perform a factory reset on Cisco StackWise Virtual enabled devices: Device> enable Device# factory-reset switch 2 all The factory reset operation is irreversible for all operations.
Page 361
% FACTORYRESET - Factory Reset Done for flash3 % FACTORYRESET - Unmounting flash7 % FACTORYRESET - Cleaning Up flash7 % FACTORYRESET - In progress.. please wait for completion... System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 362
% FACTORYRESET - Started Cleaning Up... % FACTORYRESET - Unmounting sd1 % FACTORYRESET - Cleaning Up sd1 [0] % FACTORYRESET - erase In progress.. please wait for completion... % FACTORYRESET - write zero... System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
For complete syntax and usage information for the Command Reference commands used in this chapter. Feature History for Performing a Factory Reset This table provides release and related information for features explained in this module. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 364
Cisco StackWise Virtual enabled devices is Cisco StackWise Virtual introduced. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
The file is in ‘plain text’ format. Device#show parser encrypt file status Feature: Enabled File Format: Plain Text System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 368
Configuring Secure Storage Feature Information for Secure Storage System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
BIOS protection feature enables write-protection and secure upgrade of the golden ROMMON image. ROMMON is a bootstrap program that initializes the hardware and boots the Cisco IOS XE software image when you power on or restart the device. ROMMON upgrades can be required to resolve firmware defects or to support new features.
These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. Release Feature Feature Information Cisco IOS XE Gibraltar BIOS Protection BIOS Protection feature enables write-protection 16.12.1 and secure upgrade of the golden ROMMON image. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 371
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 372
BIOS Protection Feature History for BIOS Protection System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
An SMU provides a significant benefit over classic Cisco IOS software because it allows you to address network issues quickly while reducing the time and scope of the testing required. The Cisco IOS XE platform internally validates SMU compatibility and does not allow you to install noncompatible SMUs.
3. Commit the SMU changes so that it is persistent across reloads. SMU Workflow The SMU process is initiated with a request to the Cisco Customer Support. Contact your customer support to raise an SMU request. At release time, the SMU package is posted to the...
Example: Managing an SMU Note • The examples used in this section are of hot patching SMU. The following example shows how to copy an SMU file to flash: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 377
C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin 16.9.1.0.43131 -------------------------------------------------------------------------------- Auto abort timer: inactive -------------------------------------------------------------------------------- The following example shows how to activate an added SMU package file: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 378
[ Switch 1 ] Active Package(s) Information: State (St): I - Inactive, U - Activated & Uncommitted, C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 379
[1] SMU_ROLLBACK package(s) on switch 1 [1] Finished SMU_ROLLBACK on switch 1 Checking status of SMU_ROLLBACK on [1] SMU_ROLLBACK: Passed on [1] Finished SMU Rollback operation SUCCESS: install_rollback /flash/cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin Mon System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 380
Auto abort timer: active on install_deactivate, time before rollback - 01:59:50 -------------------------------------------------------------------------------- The following example shows how to remove an SMU from the device: Device# install remove file flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 382
The SMU package supports patching of the PKI 16.10.1 Infrastructure (PKI) component. Patching Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
To display the available file systems on your device, use the show file systems privileged EXEC command as shown in this example for a standalone device: Device# show file systems File Systems: Size(b) Free(b) Type Flags Prefixes - - opaque rw system: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 384
3 is displayed as flash-3: and so on up to . The example also shows the crashinfo directories and a USB flash drive plugged into the active device: Device# show file systems File Systems: Size(b) Free(b) Type Flags Prefixes opaque system: opaque tmpsys: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 385
(for example, the system) or a download interface, such as brimux. unknown—The file system is an unknown type. Flags Permission for file system. ro—read-only. rw—read/write. wo—write-only. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Command or Action Purpose Step 1 Displays the directories on the specified file dir filesystem: system. Example: For filesystem:, use flash: for the system board flash device. Device# dir flash: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Beginning in privileged EXEC mode, follow these steps to create a file, display the contents, and extract it: Procedure Command or Action Purpose Step 1 archive tar /create destination-url flash: Creates a file and adds files to it. /file-url System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 391
Extracts a file into a directory on the flash file [dir/file...] system. Example: For source-url, specify the source URL alias for the local file system. The -filename. is the Device# archive tar /xtract System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 393
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 394
Working with the Flash File System Feature History for Flash File System System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
This is in contrast to the general debug command, that produces its output without discriminating on the feature objects that are being processed. General debug command consumes a lot of system resources and impacts the system performance. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
/tmp. The tracefiles in the crashinfo directory are located in the following formats: 1. Process-name_Process-ID_running-counter.timestamp.gz Example: IOSRP_R0-0.bin_0.14239.20151101234827.gz 2. Process-name_pmanlog_Process-ID_running-counter.timestamp.bin.gz Example: wcm_pmanlog_R0-0.30360_0.20151028233007.bin.gz System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
The Recommended Workflow for Trace files is listed below: 1. To request the tracelogs for a specific time period. EXAMPLE 1 day. Use the command: Device#request platform software trace archive last 1 day System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Destination filename [IOSRP_R0-0.bin_0.14239.20151101234827.gz]? Note It is important to clear the generated report or archive files off the switch in order to have flash space available for tracelog and other purposes. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Packet Infra debugs: Ip Address Port ------------------------------------------------------|---------- Device# The following is a sample of the debug platform condition stop command. Device# debug platform condition stop Conditional Debug Global State: Stop System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 402
Conditional Debug and Radioactive Tracing Feature History for Conditional Debugging and Radioactive Tracing System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
In some debugging scenarios, the Cisco TAC engineer may have to collect certain debug information or perform live debug on a production system. In such cases, the Cisco TAC engineer will ask you (the network System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
When you request access to system shell, you need to be authorized. You must first run the command to generate a challenge using the Consent Token feature on your device. The device generates a unique challenge as output. You must then copy this challenge string and send it to a Cisco Authorized Personnel through e-mail or Instant Message.
The Cisco Authorized Personnel processes the unique challenge string and generates a response. The response is also a base-64 string that is unique. The Cisco Authorized Personnel copies this response string and sends it to you through e-mail or Instant Message.
Page 406
Cisco Technical Assistance Centre (Cisco TAC). Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
C H A P T E R Troubleshooting the Software Configuration This chapter describes how to identify and resolve software problems related to the Cisco IOS software on the switch. Depending on the nature of the problem, you can use the command-line interface (CLI), Device Manager, or Network Assistant to identify and solve problems.
Disabled Port Caused by Power Loss If a powered device (such as a Cisco IP Phone 7910) that is connected to a PoE device port and powered by an AC power source loses power from the AC power source, the device might enter an error-disabled state.
Disabled Port Caused by False Link-Up If a Cisco powered device is connected to a port and you configure the port by using the power inline never interface configuration command, a false link-up can occur, placing the port into an error-disabled state. To take the port out of the error-disabled state, enter the shutdown and the no shutdown interface configuration commands.
VLAN. However, if the intermediate Device is a multilayer Device that is routing a particular packet, this device shows up as a hop in the traceroute output. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• The cable for the gigabit link is a twisted-pair cable or is in series with a solid-core cable. • The link is a 10-megabit or a 100-megabit link. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
System reports or crashinfo files save information that helps Cisco technical support representatives to debug problems that caused the Cisco IOS image to fail (crash). It is necessary to quickly and reliably collect critical crash information with high fidelity and integrity. Further, it is necessary to collect this information and bundle it in a way that it can be associated or identified with a specific crash occurrence.
Page 413
Copy to tftp: file system tmpsys: Copy to tmpsys: file system The general syntax for copying onto TFTP server is as follows: Switch#copy crashinfo: tftp: Source filename [system-report_1_20150909-092728-UTC.gz]? System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
In a complex network it is difficult to track the origin of a system-report file. This task is made easier if the system-report files are uniquely identifiable. Starting with the Cisco IOS XE Amsterdam 17.3.x release, the hostname will be prepended to the system-report file name making the reports uniquely identifiable.
You should manually set the system clock or configure it by using Network Time Protocol (NTP). When the device is running, you can retrieve the OBFL data by using the show logging onboard privileged EXEC commands. If the device fails, contact your Cisco technical support representative to find out how to retrieve the data.
Verify that you can ping the TFTP server switch: ping ip_address_of_TFTP_server Example: switch: ping 192.0.2.15 ping 192.0.2.1 with 32 bytes of data... Host 192.0.2.1 is alive. switch: Step 7 Choose one of the following: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 417
Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 418
If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
Page 419
C9X00 platform with 8388608 Kbytes of main memory Alternatively, you can copy the image from TFTP to local flash through Telnet or Management port and then boot the device from local flash. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Procedure with Password Recovery Enabled Procedure Step 1 Ignore the startup configuration with the following command: Device: SWITCH_IGNORE_STARTUP_CFG=1 Step 2 Boot the switch with the packages.conf file from flash. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 421
BOOT variable = flash:packages.conf; Manual Boot = yes Enable Break = yes Step 10 Reload the device. Device# reload Step 11 Return the boot loader parameters to their original values. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Choose to continue with password recovery and delete the existing configuration: Would you like to reset the system back to the default configuration (y/n)? Y Step 2 Display the contents of flash memory: Device: dir flash: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
• Make sure that the device that you add to or remove from the switch stack are powered off. For all powering considerations in switch stacks, see the “Switch Installation” chapter in the hardware installation guide. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
If a remote device does not autonegotiate, configure the duplex settings on the two ports to match. The speed parameter can adjust itself even if the connected port does not autonegotiate. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
SFP modules and module interfaces. If you are using a non-Cisco SFP module, remove the SFP module from the device, and replace it with a Cisco module. After inserting a Cisco SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time interval for recovering from the error-disabled state.
Running TDR and Displaying the Results To run TDR, enter the test cable-diagnostics tdr interface interface-id privileged EXEC command. To display the results, enter the show cable-diagnostics tdr interface interface-id privileged EXEC command. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
Collect the output from the show tech-support command. b. Remove all power supplies from the box, and collect the serial numbers, Cisco part number, and manufacturer of the power supplies. c. Contact Cisco Technical Support with the information that you collected.
Enter the show diagnostics online module slot-number command to identify hardware failures on the module. If the module still does not come online, create a service request with Cisco Technical Support in order to troubleshoot further. Use the logs of the switch that you collected in the above output and the troubleshooting steps that you performed.
This example shows normal CPU utilization. The output shows that utilization for the last 5 seconds is 8%/0%, which has this meaning: • The total CPU utilization is 8 percent, including both time running Cisco IOS processes and time spent handling interrupts.
Page 431
50% with minimal time spent consuming too much CPU time. This troubleshoot the root cause. on interrupts. is usually triggered by an event that activated the process. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
(available PoE). Use the show power inline command to verify the amount of available power. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 433
If there is still no PoE at any port, a fuse might be open in the PoE section of the power supply. This normally produces an alarm. Check the log again for alarms reported earlier by system messages. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
This example shows how to ping an IP host: Device# ping 172.20.52.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 172.20.52.3, timeout is 2 seconds: !!!!! System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Table 38: Traceroute Output Display Characters Character Description The probe timed out. Unknown packet type. Administratively unreachable. Usually, this output means that an access list is blocking traffic. Host unreachable. Network unreachable. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
This makes the system-report files uniquely identifiable. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Feature Information for Recovering a Switch, on page 431 Introduction This section explains how to recover a Catalyst 9400 Series Supervisor from a missing or corrupted system image, or an incorrect boot variable. The Supervisor module image can sometimes be corrupted during a Trivial File Transfer Protocol (TFTP) download, or when manually deleted by the user.
• If you try to Telnet to any of the interfaces it fails, and if you are connected to the console port of the Supervisor, you see this prompt: rommon 1> System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
If you do have any valid file, see the Recovering from a Continuous Reboot section of this document for the recovery. Otherwise, continue to the next step. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 443
IP address configured in Step 6. rommon 8> set DEFAULT_GATEWAY=192.168.0.1 Enter the set command to verify the configurations which have been made. switch: set BAUD=9600 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 445
If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
Page 447
*Sep 1 13:21:33.591: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to up *Sep 1 13:21:33.813: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/16, changed state to up *Sep 1 13:21:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 448
Enter the show bootvar command to check the current boot variable. Remove any existing incorrect boot variables and add the correct one. Enter the write memory command to save the configuration from running to startup. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 450
Recover from Corrupt or Missing File Image or in ROMmon Mode Feature Information for Recovering a Switch System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
This can affect the performance of the device. Starting with Cisco IOS XE 17.4.1 release, you can use the no line auto-consolidation command, in the global configuration mode, to disable the auto consolidation of LINE commands. Auto consolidation is enabled by default.
Page 452
Device#sh running-config | sec line no line auto-consolidation line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line vty 0 4 transport input ssh line vty 5 15 transport input ssh System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 453
• You can't configure lines with non-contiguous ranges. The configuration is rejected. Device#show run | sec line no line auto-consolidation line con 0 logging synchronous line aux 0 line vty 0 4 transport input none System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 454
You can’t modify subranges in the controller mode. This is a behavioural change between the controller and autonomous modes. In the controller mode, any modification of subranges is rejected to avoid discrepancy with the configuration pushed from a controller. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 455
The following example shows how you can modify overlapping ranges in autonomous mode. Device#show run | sec line no line auto-consolidation line con 0 stopbits 1 line vty 0 4 transport input ssh line vty 5 10 transport input none System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 456
Device#configure replace bootflash:cfg2.txt This will apply all necessary additions and deletions to replace the current running configuration with the contents of the specified configuration file, which is System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 458
The line auto-consolidation command was introduced. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)