Page 1 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches) First Published: 2020-11-30 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2 Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html.
Page 3 MAC Addresses and VLANs MAC Addresses and Device Stacks Default MAC Address Table Settings ARP Table Management How to Administer the Device Configuring the Time and Date Manually System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 4: Table Of Contents
Example: Configuring MAC Threshold Notification Traps Example: Adding the Static Address to the MAC Address Table Example: Configuring Unicast MAC Address Filtering Additional References for Device Administration Feature History for Device Administration System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 5 Manually Assigning IP Information to Multiple SVIs Modifying Device Startup Configuration Specifying a Filename to Read and Write a System Configuration Manually Booting the Switch Booting the Device in Installed Mode System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 6 License Duration Authorization Code Policy RUM Report and Report Acknowledgement Trust Code Supported Topologies Connected to CSSM Through CSLU Connected Directly to CSSM Connected to CSSM Through a Controller System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 7 Configuring the Call Home Service for Direct Cloud Access Configuring the Call Home Service for Direct Cloud Access through an HTTPs Proxy Server Removing and Returning an Authorization Code Removing the Product Instance from CSSM System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 8 Feature History for Application Visibility and Control in a Wired Network C H A P T E R 5 Environmental Monitoring and Power Management About Environmental Monitoring System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches) viii...
Page 9 Feature History for Environmental Monitoring and Power Management C H A P T E R 6 Configuring SDM Templates Information About SDM Templates SDM Templates and Switch Stacks System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 10 Additional References for System Message Logs Feature History for System Message Logs C H A P T E R 8 Configuring Online Diagnostics Information About Configuring Online Diagnostics System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 11 Copy Configuration Files from a Switch to Another Switch Configuration Files Larger than NVRAM Configuring the Device to Download Configuration Files How to Manage Configuration File Information Displaying Configuration File Information Modifying the Configuration File System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 12 What to Do Next Configuring the Device to Download Configuration Files Configuring the Device to Download the Network Configuration File Configuring the Device to Download the Host Configuration File System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 13 Replacing the Current Running Configuration with a Saved Cisco IOS Configuration File Reverting to the Startup Configuration File Performing a Configuration Replace Operation with the configure confirm Command Performing a Configuration Rollback Operation System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches) xiii...
Page 14 Restrictions for Software Maintenance Upgrade Information About Software Maintenance Upgrade SMU Overview SMU Workflow SMU Package SMU Reload How to Manage Software Maintenance Updates Installing an SMU Package System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 15 Copying tracefiles off the box Monitoring Conditional Debugging Configuration Examples for Conditional Debugging Additional References for Conditional Debugging and Radioactive Tracing Feature History for Conditional Debugging and Radioactive Tracing System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 16 Procedure with Password Recovery Enabled Procedure with Password Recovery Disabled Preventing Switch Stack Problems Preventing Autonegotiation Mismatches Troubleshooting SFP Module Security and Identification Monitoring SFP Module Status Executing Ping System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 17 Feature Information for Recovering a Switch C H A P T E R 2 1 Line Auto Consolidation Line Auto Consolidation Feature History for Line Auto Consolidation System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches) xvii...
Page 18 Contents System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches) xviii...
Page 19 You can manage the system time and date on your device using automatic configuration methods (RTC and NTP), or manual configuration methods. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference on Cisco.com. System Clock The basis of the time service is the system clock.
Page 20 Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 21 Figure 1: Typical NTP Network Configuration If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices then synchronize to that device through NTP.
Page 22 20 clients. Broadcast-based NTP associations are also recommended for use on networks that have limited bandwidth, system memory, or CPU resources. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 23 The authentication process begins from the moment an NTP packet is created. Cryptographic checksum keys are generated using the message digest algorithm 5 (MD5) and are embedded into the NTP synchronization System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 24 The following figure shows a typical network example using NTP. Switch A is the primary NTP, with the Switch B, C, and D configured in NTP server mode, in server association with Switch A. Switch E is configured System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 25 A greater-than symbol [>] is appended. The prompt is updated whenever the system name changes. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.4 and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.4.
Page 26 (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com.
Page 27 The MAC address tables on all stack members are synchronized. At any given time, each stack member has the same copy of the address tables for each VLAN. When an address ages out, the address is removed from System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 28: Setting The System Clock
If you have an outside source on the network that provides time services, such as an NTP server, you do not need to manually set the system clock. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 29: Configuring The Time Zone
Internal time is kept in Coordinated Universal Example: Time (UTC), so this command is used only for display purposes and when the time is manually set. Device(config)# clock timezone AST -3 30 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 30: Configuring Summer Time (Daylight Saving Time)
Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 31 (24-hour format) in hours and minutes. • (Optional) offset Specifies the number of minutes to add during summer time. The default is 60. Step 5 Returns to privileged EXEC mode. Example: Device(config)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 32: Configuring Ntp
The source address is set by the outgoing interface. NTP is enabled on all interfaces by default. All interfaces receive NTP packets. Configuring NTP Authentication To configure NTP authentication, perform this procedure: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 33 HMAC using the SHA2 hash function. The digest length is 256 bits and the key length is 1 to 32 bytes Use the no form of this command to remove authentication key. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 34: Configuring Poll-Based Ntp Associations
Purpose Step 1 enable Enables privileged EXEC mode. Example: Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 35 • prefer: Sets this peer as the preferred one that provides synchronization. This keyword reduces clock hop among peers. Use the no form of this command to remove a server association. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 36: Configuring Broadcast-Based Ntp Associations
Use the no form of this command to disable the interface from sending NTP broadcast packets. Step 5 [no] ntp broadcast client Enables the interface to receive NTP broadcast packets. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 37: Configuring Ntp Access Restrictions
Example: Device# configure terminal Step 3 [no] ntp access-group {query-only | Create an access group, and apply a basic IP access list.. serve-only | serve | peer} access-list-number System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 38 Returns to privileged EXEC mode. Example: Device(config)# end Disabling NTP Services on a Specific Interface To disable NTP packets from being received on an interface, perform this procedure: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 39: Configuring A System Name
Follow these steps to manually configure a system name: Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 40: Setting Up Dns
If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname.
Page 41 Internet naming scheme (DNS). Step 6 Returns to privileged EXEC mode. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 42: Configuring A Message-Of-The-Day Login Banner
This is a secure site. Only signifies the beginning and end of the banner authorized users are allowed. text. Characters after the ending delimiter are For access, contact technical discarded. support. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 43: Configuring A Login Banner
Device# configure terminal Step 3 banner login c message c Specifies the login message. Example: Enters the delimiting character of your choice, for example, a pound sign (#), and press System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 44: Managing The Mac Address Table
Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 45: Configuring Mac Address Change Notification Traps
Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 46 Device(config)# mac address-table notification change interval 123 generated to the NMS. The range is 0 to Device(config)#mac address-table System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 47: Configuring Mac Address Move Notification Traps
MAC address moves from one port to another within the same VLAN. Follow these steps to configure the device to send MAC address-move notification traps to an NMS host: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 48 Enables the device to send MAC address move move notification traps to the NMS. Example: Device(config)# snmp-server enable traps mac-notification move Step 5 mac address-table notification mac-move Enables the MAC address move notification feature. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 49: Configuring Mac Threshold Notification Traps
Follow these steps to configure the switch to send MAC address table threshold notification traps to an NMS host: Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 50 Example: Device(config)# mac address-table notification threshold Step 6 mac address-table notification threshold Enters the threshold value for the MAC address [limit percentage] | [interval time] threshold usage monitoring. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 51: Disabling Mac Address Learning On Vlan
• You can disable MAC address learning on a single VLAN ID from 2 - 4093 (for example, no mac address-table learning vlan 223) or a range of VLAN IDs, separated by a hyphen or comma (for example, no mac address-table learning vlan 1-10, 15). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 52: Adding And Removing Static Address Entries
(Optional) Reenable MAC address learning on VLAN in a global configuration mode. Example: Device# default mac address-table Adding and Removing Static Address Entries Follow these steps to add a static address: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 53 Step 4 show running-config Verifies your entries. Example: Device# show running-config Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Device# copy running-config startup-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 54: Configuring Unicast Mac Address Filtering
(Optional) Saves your entries in the copy running-config startup-config configuration file. Example: Device# copy running-config startup-config Monitoring and Maintaining Administration of the Device Command Purpose clear mac address-table dynamic Removes all dynamic entries. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 55: Configuration Examples For Device Administration
VLAN. Configuration Examples for Device Administration Example: Setting the System Clock This example shows how to manually set the system clock: Device# clock set 13:32:00 23 July 2013 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 56: Examples: Configuring Summer Time
Example: Configuring a Login Banner This example shows how to configure a login banner by using the dollar sign ($) symbol as the beginning and ending delimiter: Device(config)# banner login $ System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 57: Example: Configuring Mac Address Change Notification Traps
You cannot associate the same static MAC address to multiple interfaces. If the command is executed again with a different interface, the static MAC address is overwritten on the new interface. Device(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet1/1/1 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 58: Example: Configuring Unicast Mac Address Filtering
DNS. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 59: Performing Device Setup Configuration
Dynamic Host Configuration Protocol (DHCP) auto configuration. Device Boot Process To start your device, you need to follow the procedures described in the Cisco Catalyst 9400 Series Switches Hardware Installation Guide for installing and powering on the device and setting up the initial device configuration.
Page 60: Software Install Overview
The method that you use to upgrade Cisco IOS XE software depends on whether the switch is running in install mode or in bundle mode. In bundle mode or consolidated boot mode, a .bin image file is used from a local or remote location to boot the device.
Page 61: Software Boot Modes
To change a device running in bundle boot mode to install mode, set the boot variable to flash:packages.conf, and execute the install add file flash:cat9k_2.bin activate commit command. After the command is executed, the device reboots in install boot mode. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 62: Installing The Software Package
Use the device setup program if you want to be prompted for specific IP information. With this program, you can also configure a hostname and an enable secret password. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 63: Default Switch Information
If you want to use DHCP to relay the configuration file location on the network, you might also need to configure a Trivial File Transfer Protocol (TFTP) server and a Domain Name System (DNS) server. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 64: Dhcp Client Request Process
The offer from the DHCP server is not a guarantee that the IP address is allocated to the client; however, the server usually reserves the address until the client System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 65: Dhcp-Based Autoconfiguration And Image Update
To enable a DHCP auto-image update on the device, the TFTP server where the image and configuration files are located must be configured with the correct option 67 (the configuration filename), option 66 (the DHCP System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 66: Dhcp Server Configuration Guidelines
TFTP requests. Unavailability of other lease options does not affect autoconfiguration. • The device can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your device but are not configured. (These features are not operational.)
Page 67: Purpose Of The Dns Server
• Only the IP address is reserved for the device and provided in the DHCP reply. The configuration filename is not provided (two-file read method). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 68: How To Control Environment Variables
You can change the settings of the environment variables by accessing the boot loader or by using Cisco IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment variables.
Page 69: Common Environment Variables
If it is set to anything filesystem :/ file-url boot loader else, you must manually boot command, and specify the name of the up the switch from the boot bootable image. loader mode. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 70: Environment Variables For Tftp
TFTP. A reset is required for the new value to take effect. IP_ADDRESS Specifies the IP address and the subnet mask for the associated IP subnet of the switch. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 71: Scheduled Reload Of The Software Image
This task describes how to configure DHCP autoconfiguration of the TFTP and DHCP settings on an existing device in the network so that it can support the autoconfiguration of a new device. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 72 10.10.10.1 Step 6 option 150 address Specifies the IP address of the TFTP server. Example: Device(dhcp-config)# option 150 10.10.10.1 Step 7 exit Returns to global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 73: Configuring Dhcp Auto-Image Update (Configuration File And Image)
You must first create a text file (for example, autoinstall_dhcp) that will be uploaded to the device. In the text file, put the name of the image that you want to download (for example, cat9k_iosxe.16.xx.xx.SPA.bin). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 74 Device(dhcp-config)# option 150 10.10.10.1 Step 7 option 125 hex Specifies the path to the text file that describes the path to the image file. Example: Device(dhcp-config)# option 125 hex System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 75 Example: Device(config)# tftp-server flash:boot-config.text Step 14 interface interface-id Specifies the address of the client that will receive the configuration file. Example: Device(config)# interface gigabitEthernet1/0/4 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 76: Configuring The Client To Download Files From Dhcp Server
Step 1 configure terminal Enters global configuration mode. Example: Device# configure terminal Step 2 boot host dhcp Enables autoconfiguration with a saved configuration. Example: Device(conf)# boot host dhcp System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 77: Manually Assigning Ip Information To Multiple Svis
Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 78 Returns to privileged EXEC mode. Example: Device(config)# end Step 8 Displays the interfaces status for the specified show interfaces vlan vlan-id VLAN. Example: Device# show interfaces vlan 99 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 79: Modifying Device Startup Configuration
Specifying a Filename to Read and Write a System Configuration By default, the Cisco IOS software uses the config.text file to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next boot cycle.
Page 80: Manually Booting The Switch
Enables the switch to manually boot up during the next boot cycle. Example: Device(config)# boot manual Step 3 Returns to privileged EXEC mode. Example: Device(config)# end Step 4 show boot Verifies your entries. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 81: Booting The Device In Installed Mode
• This command extracts the individual components of the .bin file into sub-packages and packages.conf file. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 82 Step 4 install abort (Optional) Terminates the software install activation, and rolls back to the version that was Example: running before current installation procedure. Device# install abort System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 83: Booting A Device In Bundle Mode
Command or Action Purpose Step 1 switch:BOOT=<source path of .bin file> Sets the boot parameters. Example: switch:BOOT=tftp://10.0.0.2/cat9k_iosxe.16.06.01.SPA.bin] switch: switch: switch: Step 2 boot Boots the device. Example: switch:boot System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 84: Configuring A Scheduled Software Image Reload
The time is relative to the configured time zone on the device. To schedule reloads across several devices to occur simultaneously, the time on each device must be synchronized with NTP. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 85: Configuration Examples For Device Setup Configuration
USB device Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 86 If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
Page 87 Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco IOS Software [Everest], Catalyst L3 Switch Software (CAT9K_IOSXE), Experimental Version 16.6.20170902:081931 [v166_throttle-/scratch/mcpre/BLD-BLD_V166_THROTTLE_LATEST_20170902_091308 126] System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 88: Example: Managing An Update Package
If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
Page 89 [R0] Activate package(s) on R0 --- Starting list of software package changes --- Old files list: Removed cat9k-cc_srdriver.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg Removed cat9k-espbase.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg Removed cat9k-guestshell.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg Removed cat9k-rpbase.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg Removed cat9k-rpboot.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg Removed cat9k-sipbase.BLD_POLARIS_DEV_LATEST_20170622_233647.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 90 Device# The following example shows how to rollback an update package to the base package: Device# install rollback to committed install_rollback: START Tue Jun 20 14:55:12 PDT 2017 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 91 Current cc 5 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 5 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 6 cc_srdriver cat9k-cc_srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 6 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 6 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 92 Replacement: cc 0 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 1 cc_srdriver cat9k-cc_srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 1 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 1 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 10 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 93 1 0 cat9k-espbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: rp 0 0 guestshell cat9k-guestshell.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: rp 0 0 rp_base cat9k-rpbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: rp 0 0 rp_daemons cat9k-rpbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: rp 0 0 rp_iosd cat9k-rpbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 94 File is in use, will not delete. cat9k-srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg File is in use, will not delete. cat9k-webui.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg File is in use, will not delete. packages.conf File is in use, will not delete. done. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 95 Checking status of Post_Remove_Cleanup on [R0] Post_Remove_Cleanup: Passed on [R0] Finished Post_Remove_Cleanup SUCCESS: install_remove Tue Jun 20 14:16:29 PDT 2017 Device# The following is sample output from the install abort command: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 96 Current cc 4 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 4 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 5 cc_srdriver cat9k-cc_srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 5 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Current cc 5 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 97 Current rp 1 0 srdriver cat9k-srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248_2.SSA.pkg Replacement: cc 0 cc_srdriver cat9k-cc_srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 0 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 0 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 1 cc_srdriver cat9k-cc_srdriver.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 98 Replacement: cc 9 0 cat9k-sipbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: cc 9 0 cc_spa cat9k-sipspa.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: fp 0 0 cat9k-espbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: fp 1 0 cat9k-espbase.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg Replacement: rp 0 0 guestshell cat9k-guestshell.BLD_V166_THROTTLE_LATEST_20170618_152248.SSA.pkg System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 99 This operation requires a reload of the system. Do you want to proceed? [y/n] *Jun 20 18:07:47.821 PDT: %ENVIRONMENTAL-6-NOTICE: Temp: DopplerD, Location: R0, State: Minor, Reading: 85 Celsius System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 100: Verifying Software Install
SUCCESS: install_activate Tue Jun 20 18:53:27 PDT 2017 Device# Verifying Software Install Procedure Step 1 enable Example: Device> enable Enables privileged EXEC mode. • Enter your password if prompted. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 101 Type Filename/Version -------------------------------------------------------------------------------- 16.6.2.0 16.6.1.0 Device# Step 4 show install package filesystem: filename Example: Device# show install package flash:cat9k_iosxe.16.06.01.SPA.bin Displays information about the specified software install package file. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 102 [ R0 ] Inactive Package(s) Information: State (St): I - Inactive, U - Activated & Uncommitted, C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 103: Example: Configuring A Device As A Dhcp Server
Device(dhcp-config)# boot config-boot.text Device(dhcp-config)# default-router 10.10.10.1 Device(dhcp-config)# option 150 10.10.10.1 Device(dhcp-config)# exit Device(config)# tftp-server flash:config-boot.text Device(config)# interface gigabitethernet1/0/4 Device(config-if)# no switchport Device(config-if)# ip address 10.10.10.1 255.255.255.0 Device(config-if)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 104: Example: Configuring Dhcp Auto-Image Update
(next boot: enabled) Device# Example: Scheduling Software Image Reload This example shows how to reload the software on a device on the current day at 7:30 p.m: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 105: Additional References For Performing Device Setup
IP address assignments and DHCP. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 106 Performing Device Setup Configuration Feature History for Performing Device Setup Configuration System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 107: Smart Licensing Using Policy
After a license is ordered, no preliminary steps, such as registration or generation of keys etc., are required unless you use an export-controlled or enforced license. There are no export-controlled or enforced licenses on Cisco Catalyst Access, Core, and Aggregation Switches, and product features can be configured on the device right-away.
Page 108: Information About Smart Licensing Using Policy
This section explains the various components that can be part of your implementation of Smart Licensing Using Policy. Product Instance A product instance is a single instance of a Cisco product, identified by a Unique Device Identifier (UDI). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 109: Cslu
CSSM Cisco Smart Software Manager (CSSM) is a portal that enables you to manage all your Cisco software licenses from a centralized location. CSSM helps you manage current requirements and review usage trends to plan for future license requirements.
Page 110: Controller
Controller A management application or service that manages multiple product instances. On Cisco Catalyst Access, Core, and Aggregation Switches, Cisco DNA Center is the supported controller. Information about the controller, product instances that support the controller, and minimum required software...
Page 111: Concepts
Unenforced licenses do not require authorization before use in air-gapped networks, or registration, in connected networks. The terms of use for such licenses are as per the end user license agreement (EULA). All licenses available on Cisco Catalyst Access, Core, and Aggregation Switches are unenforced licenses. • Enforced Licenses that belong to this enforcement type require authorization before use.
Page 112: License Duration
The Smart Licensing Authorization Code (SLAC) allows activation and continued use of a license that is export-controlled or enforced. A SLAC is not required for any of the licenses available on Cisco Catalyst Access, Core, and Aggregation Switches, but if you are upgrading from an earlier licensing model to Smart Licensing Using Policy, you may have a Specific License Reservation (SLR) with its own authorization code.
Page 113 95) shows the policy values. Cisco default While you cannot configure a policy, you can request for a customized one, by contacting the Cisco Global Licensing Operations team. Go to Support Case Manager. Click OPEN NEW CASE > Select Software Licensing.
Page 114: Rum Report And Report Acknowledgement
The reporting method, that is, how a RUM report is sent to CSSM, depends on the topology you implement. Trust Code A UDI-tied public key with which the product instance signs a RUM report. This prevents tampering and ensures data authenticity. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 115: Supported Topologies
Supported workflows include receiving RUM reports from the product instance and sending the same to CSSM, authorization code installation, trust code installation, and application of policies. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 116: Connected Directly To Cssm
URL. This must be configured exactly as shown in the workflow section. • Smart transport through an HTTPs proxy: In this method, a product instance uses a proxy server to communicate with the licensing server, and eventually, CSSM. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 117 To change configuration after migration, see Workflow for Topology: Connected Directly to CSSM, on page > Product Instance Configuration > Configure a connection method and transport type > Option 1. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 118: Connected To Cssm Through A Controller
RUM reports, report to CSSM, and return the ACK for installation on the product instance. All product instances that must be managed by Cisco DNA Center must be part of its inventory and must be assigned to a site. Cisco DNA Center uses the NETCONF protocol to provision configuration and retrieve the required information from the product instance - the product instance must therefore have NETCONF enabled, to facilitate this.
Page 119: Cslu Disconnected From Cssm
Communication between CSLU and CSSM is sent and received in the form of signed files that are saved offline and then uploaded to or downloaded from CSLU or CSSM, as the case may be. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 120: No Connectivity To Cssm And No Cslu
Here you have a product instance and CSSM disconnected from each other, and without any other intermediary utilities or components. All communication is in the form of uploaded and downloaded files. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 121: Supported Products
117. Supported Products This section provides information about the Cisco IOS-XE product instances that are within the scope of this document and support Smart Licensing Using Policy. All models (Product IDs or PIDs) in a product series are supported – unless indicated otherwise.
Page 122: Interactions With Other Features
The Cisco StackWise Virtual feature, which is available on Cisco Catalyst switches, is an example of such a set-up. The Quad-Supervisor with Route Processor Redundancy, which is available on Cisco Catalyst switches, is an example of such a set-up. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 123: Upgrades
How Upgrade Affects Enforcement Types for Existing Licenses When you upgrade to a software version which supports Smart Licensing Using Policy, the way existing licenses are handled, depends primarily on the license enforcement type. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 124 • An enforced or export-controlled license that was being used before upgrade, continues to be available after upgrade if the required authorization exists. There are no export-controlled or enforced licenses on any of the supported Cisco Catalyst Access, Core, and Aggregation Switches, therefore, these enforcement types and the requisite SLAC do not apply.
Page 125: Downgrades
Smart Licensing environment. See Table 10: Outcome and Action for New Deployment Downgrade to Smart Licensing, on page 108 below. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 126 Smart Licensing Using Policy are not available anymore. Refer to the corresponding section below to know more about reverting to an earlier licensing model. Upgrade to Smart Licensing Using Policy and then Downgrade to Smart Licensing System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 127 CSLU) the Smart Licensing environment. Note Licenses that were in an evaluation or expired state in the Smart Licensing environment, revert to that same state after downgrade. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 128: How To Configure Smart Licensing Using Policy: Workflows By Topology
Logging into Cisco (CSLU Interface), on page 138 Configuring a Smart Account and a Virtual Account (CSLU Interface), on page 138 Adding a Product-Initiated Product Instance in CSLU (CSLU Interface), on page 139 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 129 CSLU forwards the information to CSSM and the returning ACK from CSSM, to the product instance. In case of a change in license usage, see Configuring a License , on page 163 to know how it affects reporting. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 130: Workflow For Topology: Connected Directly To Cssm
Setting Up a Connection to CSSM , on page 147. b. Configure a connection method and transport type (choose one) • Option 1: Smart transport: Set transport type to smart and configure the corresponding URL. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 131: Workflow For Topology: Connected To Cssm Through A Controller
To deploy Cisco DNA Center as the controller, complete the following workflow: Product Instance Configuration → Cisco DNA Center Configuration 1. Product Instance Configuration Where task is performed: Product Instance System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 132: Workflow For Topology: Cslu Disconnected From Cssm
The document provides detailed steps you have to complete in the Cisco DNA Center GUI: a. Set-up the Smart Account and Virtual Account. Enter the same log in credentials that you use to log in to the CSSM Web UI. This enables Cisco DNA Center to establish a connection with CSSM.
Page 133 2. CSLU Preference Settings Where tasks are performed: CSLU a. In the CSLU Preferences tab, click the Cisco Connectivity toggle switch to off. The field switches to “Cisco Is Not Available”. Configuring a Smart Account and a Virtual Account (CSLU Interface), on page 138 Adding a Product-Initiated Product Instance in CSLU (CSLU Interface), on page 139 3.
Page 134 Since CSLU is disconnected from CSSM, you must save usage data which CSLU has collected from the product instance to a file. Then, from a workstation that is connected to Cisco, upload it to CSSM. After this, download the ACK from CSSM. In the workstation where CSLU is installed and connected to the product instance, upload the file to CSLU.
Page 135: Workflow For Topology: No Connectivity To Cssm And No Cslu
Since CSLU is disconnected from CSSM, you must save usage data which CSLU has collected from the product instance to a file. Then, from a workstation that is connected to Cisco, upload it to CSSM. After this, download the ACK from CSSM. In the workstation where CSLU is installed and connected to the product instance, upload the file to CSLU.
Page 136: Migrating To Smart Licensing Using Policy
Smart Licensing Using Policy handles various aspects of all earlier licensing models. Smart Licensing Using Policy is introduced in Cisco IOS XE Amsterdam 17.3.2. This is therefore the minimum required version for Smart Licensing Using Policy.
Page 137 (Smart Licensing Using Policy) The license counts remain the same. field displays NOT ENFORCED. (There Enforcement Type are no export-controlled or enforced licenses on Cisco Catalyst Access, Core, and Aggregation Switches). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 138 RUM report to CSSM. field: The ID token is Trust Code Installed: successfully converted and a trusted connected has been established with CSSM. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 139 Last report push: Sep 22 12:05:43 2020 PST Last report file write: <none> Trust Code Installed: Active: PID:C9500-16X,SN:FCW2233A5ZV INSTALLED on Sep 22 12:02:20 2020 PST Standby: PID:C9500-16X,SN:FCW2233A5ZY INSTALLED on Sep 22 12:02:20 2020 PST System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 140 It is always the active that reports usage, so if the active in this High Availabilty set-up changes, the new active product instance will display license consumption information and report usage. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 141 Smart Licensing Using Policy Example: Smart Licensing to Smart Licensing Using Policy Figure 10: Smart Licensing to Smart Licensing Using Policy: Active and Standby Product Instances After Migration System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 142: Example: Rtu Licensing To Smart Licensing Using Policy
Smart Licensing Using Policy. This is a set-up with an active and members. RTU Licensing is available on Cisco Catalyst 9300, 9400, and 9500 Series Switches until Cisco IOS XE Fuji 16.8.x. Smart Licensing was introduced starting from Cisco IOS XE Fuji 16.9.1.
Page 143 If any add-on licenses Cisco default are used, the policy requires usage reporting in 90 days. Since all licenses on Cisco Catalyst Cisco default Access, Core, and Aggregation Switches are unenforced, (enforcement type), no functionality is lost.
Page 144 Trust Code Installed: not installed. Under the header, the Usage Reporting: Next report push: field provides information about when the next RUM report must be sent to CSSM. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 145 97 How to Configure Smart Licensing Using Policy: Workflows by Topology , on page 110. The reporting method you can use depends on the topology you implement. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 146: Example: Slr To Smart Licensing Using Policy
Example: SLR to Smart Licensing Using Policy The following is an example of a Cisco Catalyst 9500 switch migrating from Specific License Reservation (SLR) to Smart Licensing Using Policy. This is a High Availability set-up with an active and standby.
Page 147 C9500-DNA-16X-A (C9500-16X DNA Advantage): Description: C9500-DNA-16X-A Total reserved count: 2 Term information: Active: PID:C9500-16X,SN:FCW2233A5ZV License type: TERM Start Date: 2020-MAR-17 UTC End Date: 2021-MAR-17 UTC Term Count: 1 Standby: PID:C9500-16X,SN:FCW2233A5ZY System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 148 ============= network-advantage (C9500 Network Advantage): Description: network-advantage Count: 2 Version: 1.0 Status: IN USE Export status: NOT RESTRICTED Feature Name: network-advantage Feature Description: network-advantage Enforcement type: NOT ENFORCED System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 149 Total reserved count: 2 Enforcement type: NOT ENFORCED Term information: Active: PID:C9500-16X,SN:FCW2233A5ZV Authorization type: SPECIFIC INSTALLED on Aug 31 10:15:01 2020 PDT License type: PERPETUAL Term Count: 1 Standby: PID:C9500-16X,SN:FCW2233A5ZY System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 150 Transport: Type: set to off. header: field displays Usage Reporting: Next report push: if and when the next RUM report must be uploaded to CSSM. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 151 Licenses" since there has been no usage reporting yet. After the requisite RUM report is uploaded and acknowledged "Reserved Licenses" and license usage will only be seen in the Active PID product Instance. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 152 Figure 12: SLR to Smart Licensing Using Policy: Active and Standby Product Instances After Migration, Before Reporting Figure 13: SLR to Smart Licensing Using Policy: Active and Standby Product Instances After Migration, After Reporting System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 153: Example: Evaluation Or Expired To Smart Licensing Using Policy
Smart Licensing Using Policy, all licenses are displayed as IN USE and the Cisco default policy is applied to the product instance. Since all licenses on Cisco Catalyst Access, Core, and Aggregation Switches are unenforced, (enforcement type), no functionality is lost.
Page 154 Trust Code Installed: not installed. header: The field Usage Reporting: Next report push: provides information about when the next RUM report must be sent to CSSM. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 155 97 How to Configure Smart Licensing Using Policy: Workflows by Topology , on page 110. The reporting method you can use depends on the topology you implement. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 156: Task Library For Smart Licensing Using Policy
In the Preferences screen navigate to the Smart Account field and add the Smart Account Name. b) Next, navigate to the Virtual Account field and add the Virtual Account Name. If you are connected to CSSM (In the Preferences tab, Cisco is Available), you can select from the list of available SA/VAs.
Page 157: Adding A Product-Initiated Product Instance In Cslu (Cslu Interface)
Device# configure terminal Step 3 interface interface-type-number Enters interface configuration mode and specifies the Ethernet interface, subinterface, Example: or VLAN to be associated with the VRF. Device (config)# interface gigabitethernet0/0 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 158 Step 12 ip domain name domain-name Configure DNS discovery of your domain. In accompanying example, the name-server Example: creates entry cslu-local.example.com Device(config)# ip domain name example.com System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 159: Adding A Cslu-Initiated Product Instance In Cslu (Cslu Interface)
CSLU connects to the selected Product Instance(s)and collects the usage reports. These usage reports are stored in CSLU’s local library. These reports can then be transferred to Cisco if CSLU is connected to Cisco, or (if you are not connected to Cisco) you can manually trigger usage collection by selecting Product Instances >...
Page 160: Download All For Cisco (Cslu Interface)
If CSLU is currently logged into Cisco the reports will be automatically sent to the associated Smart Account and Virtual Account in Cisco and Cisco will send an acknowledgement to CSLU as well as to the Product Instance. The acknowledgement will be listed in the alerts column of the Product Instance table.
Page 161: Upload From Cisco (Cslu Interface)
Upload From Cisco (CSLU Interface) Once you have received the ACK or other file (such as an authorization code) from Cisco, you are ready to Upload that file to your system. This procedure can be used for workstations that are offline. Complete these steps to select and upload files from Cisco.
Page 162 (Required) Clears the specified username, if it exists. For name , enter the same username Example: you will create in the next step. This ensures Device(config)# no username admin System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 163 Defines the IP address for the VRF. Example: Device(config-if)# ip address 192.168.0.1 255.255.0.0 Step 15 negotiation auto Enables auto-negotiation operation for the speed and duplex parameters of an interface. Example: Device(config-if)# negotiation auto System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 164 Device(config)# ip route vrf mgmt-vrf 192.168.0.1 255.255.0.0 192.168.255.1 Step 24 Logs system messages and debug output to a logging host remote host. Example: Device(config)# logging host 172.25.33.20 vrf Mgmt-vrf System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 165: Setting Up A Connection To Cssm
The 209.165.201.1 209.165.200.225 209.165.201.14 209.165.200.230 device sends DNS queries to the primary server first. If that query fails, the backup servers are queried. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 166 Enables the VLAN for which this access port carries traffic and sets the interface as a Example: nontrunking nontagged single-VLAN Ethernet Device(config)# interface interface. GigabitEthernet1/0/1 Device(config-if)# switchport access System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 167: Configuring Smart Transport Through An Https Proxy
Note Authenticated HTTPs proxy configurations are not supported. Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Enter your password, if prompted. Example: Device> enable System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 168: Configuring The Call Home Service For Direct Cloud Access
To configure the transport mode, enable the Call Home service, and configure a destination profile (A destination profile contains the required delivery information for an alert notification. At least one destination profile is required.), complete the following steps: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 169 Step 8 profile name Enters the Call Home destination profile configuration submode for the specified Example: destination profile. Device(config-call-home)# profile By default: CiscoTAC-1 Device(config-call-home-profile)# System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 170 Call Home Example: configuration mode. Device(config-call-home-profile)# exit Step 13 exit Exits Call Home configuration mode and returns to privileged EXEC mode. Example: Device(config-call-home)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 171: Configuring The Call Home Service For Direct Cloud Access Through An Https Proxy Server
Enables Call Home as the transport mode. Example: Device(config)# license smart transport callhome Step 4 service call-home Enables the Call Home feature. Example: Device(config)# service call-home System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 172: Removing And Returning An Authorization Code
Ensure that the license that you want to remove and return is not in-use. If it is in-use, you must Example: first disable the feature. Device# show license summary System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 173 Step 4 Enters the global configuration mode. configure terminal Example: Device# configure terminal Step 5 no license smart reservation Disables SLR configuration on the product instance. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 174: Removing The Product Instance From Cssm
Log in using the username and password provided by Cisco. Step 2 Click the Inventory tab. Step 3 From the Virtual Account drop-down list, choose your Virtual Account. Step 4 Click the Product Instances tab. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 175: Generating A New Token For A Trust Code From Cssm
Step 9 Click Create Token. Step 10 You will see your new token in the list. Click Actions and download the token as a file. .txt System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 176: Installing A Trust Code
Date and time are in the local time zone. See Example: field Trust Code Installed: <output truncated> Trust Code Installed: Active: PID:C9500-24Y4C,SN:CAT2344L4GH INSTALLED on Sep 04 01:01:46 2020 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 177: Downloading A Policy File From Cssm
Log in to the CSSM Web UI at https://software.cisco.com. Log in using the username and password provided by Cisco. Step 2 Select the Smart Account (upper left-hand corner of the screen) that will receive the report. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 178: Installing A File On The Product Instance
From the Select Virtual Accounts pop-up, select the Virtual Account that will receive the uploaded file. The file is uploaded to Cisco and is listed in the Usage Data Files table in the Reports screen showing the File Name, time is was Reported, which Virtual Account it was uploaded to, the Reporting Status, Number of Product Instances reported, and the Acknowledgement status.
Page 179: Setting The Transport Type, Url, And Reporting Interval
• smart: Enables Smart transport. Step 4 license smart url{url |cslu Sets a URL for the configured transport mode. Depending on the transort mode you have cslu_url|default|smart smart_url|utility smart_url} System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 180 When you configure this option, the system automatically creates a duplicate of the URL in license smart url url. You can ignore the duplicate entry, no further action is required. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 181: Configuring A License
Network Advantage and you also want to use features available with a corresponding Digital Networking Architecture (DNA) Advantage license, you can configure the same using this task. Or System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 182 Step 4 exit Returns to the privileged EXEC mode. Example: Device(config)# exit Step 5 copy running-config startup-config Saves changes in the configuration file. Example: Device# copy running-config startup-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 183 Download All For Cisco (CSLU Interface), on page 142 > Uploading Usage Data to CSSM and Downloading an ACK, on page 159 > Upload From Cisco (CSLU Interface), on page 143. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 184: Sample Resource Utilization Measurement Report
• No Connectivity to CSSM and No CSLU: License usage is recorded on the product instance. You must save RUM reports to a file on the product instance, and from a workstation that has connectivity to the internet, and Cisco, upload it to CSSM: Enter license smart save usage privileged EXEC command to save usage >...
Page 185 Address or node name [t-line] Terminal line number in octal (or in decimal if the decimal-TTY service is enabled) [clock] Clock (for example, 01:20:08 UTC Tue Mar 2 1993 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 186: System Messages
(incase it is a failure message), and recommended action (if action is required). For all error messages, if you are not able to solve the problem, contact your Cisco technical support representative with the following information: The message, exactly as it appears on the console or in the system log.
Page 187 Error Message %SMART_LIC-3-AUTHORIZATION_INSTALL_FAILED: The install of a new licensing authorization code has failed on [chars]: [chars]. This message is not applicable to Cisco Catalyst Access, Core, and Aggregation Switches, because there are no enforced or export-controlled licenses on these product instances.
Page 188 8182. Transport: Type: cslu Cslu address: http://192.168.0.1:8182/cslu/v1/pi If it is not, configure the license smart transport cslu and license smart url cslu http://<cslu_ip_or_host>:8182/cslu/v1/pi commands in global configuration mode System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 189 From a Web browser on the device where CSLU is installed, verify https://<product-instance-ip>/ This ensures that the REST API from CSLU to the product instance works as expected. If the above does not work and policy installation still fails, contact your Cisco technical support representative. ---------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------- Error Message %SMART_LIC-3-COMM_RESTORED: Communications with the [chars] restored.
Page 190 • A signature mismatch: This means that the system clock is not accurate. • Timestamp mismatch: This means the product instance time is not synchronized with CSSM, and can cause installation to fail. Recommended Action: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 191 Explanation: Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite) is supported in the Smart Licensing Using Policy environment starting with Cisco IOS XE Amsterdam 17.3.3 only (See SSM On-Prem, on page 92). In unsupported releases, the product instance will behave as follows: •...
Page 192 Error Message %SMART_LIC-6-REPORTING_REQUIRED: A Usage report acknowledgement will be required in [dec] days. Explanation: This is an alert which means that RUM reporting to Cisco is required. [dec] is the amount of time (in days) left to meet this reporting requirements.
Page 193: Additional References For Smart Licensing Using Policy
• If the product instance is managed by a controller, the controller will send the RUM report at the scheduled time. If you want to trigger an ad-hoc report, you can do so in the Cisco DNA Center GUI. ----------------------------------------------------------------------------------------------------...
Page 194 Workflow for Topology: Connected to CSSM Through a Controller, on page 113. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 195: Configuring Application Visibility And Control In A Wired Network
Information About Application Visibility and Control in a Wired Network Application Visibility and Control (AVC) is a critical part of Cisco’s efforts to evolve its Branch and Campus solutions from being strictly packet and connection based to being application-aware and application-intelligent.
Page 196 Multiple set and police including Ingress and egress policy-map webex-policy class webex-class default set dscp af31 police 4000000 class class-webex-category set dscp ef police 6000000 class class-default set dscp <> System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 197: Restrictions For Wired Application Visibility And Control
• There is a delay in the QoS classification since the application classification is done offline (while the initial packet/s of the flow are meanwhile forwarded before the correct QoS classification). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 198 Guide). • Starting with Cisco IOS XE 16.12.1 release, a new flow record has been included - the DNS flow record. The DNS flow record is similar to the 5-tuple record and includes the DNS domain name field. It accounts only for DNS related fields.
Page 199: How To Configure Application Visibility And Control
Enters global configuration mode. Example: Device# configure terminal Step 2 interface interface-id Specifies the interface for which you are enabling protocol-discovery and enters interface Example: configuration mode. Device(config)# interface gigabitethernet 1/0/1 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 200: Creating Avc Qos Policy
Creates a class map. Example: Device(config)# class-map webex-class Step 3 match protocol application-name Specifies match to the application name. Example: Device(config)# class-map webex-class Device(config-cmap)# match protocol webex-media System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 201 Note To delete an existing class map, use the no class class-map-name policy-map configuration command. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 202: Applying A Qos Policy To The Switch Port
Applies local policy to interface. Example: Device(config-if)# service-policy input MARKING_IN Step 4 Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 203: Configuring Wired Avc Flexible Netflow
Device(config-flow-record)# match be matched against the application. application name Step 7 match connection client ipv4 address Specifies a match to the IPv4 address of the client (flow initiator). Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 204 : • 0x01 = Initiator - the flow source is the initiator of the connection For wired AVC, the initiator keyword is always set to initiator. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 205 Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Step 21 show flow record Displays information about all the flow records. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 206 (Optional) Specifies a match to the connection match connection client transport port port of the client as a key field for a flow Example: record. Device(config-flow-record)# match connection client transport port System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 207 : • 0x01 = Initiator - the flow source is the initiator of the connection For wired AVC, the initiator keyword is always set to initiator. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 208 Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Step 22 show flow record Displays information about all the flow records. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 209 Example: Device(config-flow-record)# match ipv4 destination address Step 8 match transport source-port Specifies a match to the transport source port as a key field. Example: Device(config-flow-record)# match transport source-port System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 210 Example: flow. Device(config-flow-record)# collect timestamp absolute last Step 17 Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 211 Example: Device(config-flow-record)# match ipv4 destination address Step 8 match transport source-port Specifies a match to the transport source port as a key field. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 212 Example: flow. Device(config-flow-record)# collect timestamp absolute last Step 17 Returns to privileged EXEC mode. Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 213 Step 7 match connection client ipv4 address Specifies a match to the IPv4 address of the client (flow initiator). Example: Device(config-flow-record)# match connection client ipv4 address System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 214 Specifies to collect the side of the flow — Initiator or Responder — relevant to the Example: direction of the flow specified by the collect System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 215 Step 20 Configures the use of the DNS Domain-Name collect application dns domain-name as a Collect field for a DNS flow record. Example: Device(config-flow-record)# collect application dns domain-name System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 216 Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Step 7 show flow exporter Displays information about all the flow exporters. Example: Device# show flow exporter System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 217 16 to Device(config-flow-monitor)# cache 65536. timeout active 1800 Only normal cache type is Example: Note supported. Device(config-flow-monitor)# cache timeout inactive 200 Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 218 Step 14 show flow monitor flow-monitor-name cache Displays flow cache contents in CSV format. format csv Example: Device# show flow monitor flow-monitor-1 cache format csv System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 219: Nbar2 Custom Applications
For each custom protocol, user can define a selector ID that can be used for reporting purposes. There are various types of application customization: Generic protocol customization • HTTP • SSL System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 220 Indication (SNI) or Common Name (CN). SSL Customization Custom application called MYSSL using SSL unique-name “mydomain.com” with selector ID 11. Device# configure terminal Device(config)#ip nbar custom MYSSL ssl unique-name *mydomain.com id 11 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 221 Device(config-custom)# dscp ef Examples: Monitoring Custom Applications Show Commands for Monitoring Custom Applications show ip nbar protocol-id | inc Custom Device# show ip nbar protocol-id | inc Custom LAYER4CUSTOM Custom System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 222: Nbar2 Dynamic Hitless Protocol Pack Upgrade
Protocol packs are software packages that update the NBAR2 protocol support on a device without replacing the Cisco software on the device. A protocol pack contains information on applications officially supported by NBAR2 which are compiled and packed together. For each application, the protocol-pack includes information on application signatures and application attributes.
Page 223 The following example shows how to use the force keyword to load a protocol pack of a lower version: Device> enable Device# configure terminal Device(config)# ip nbar protocol-pack flash:OldDefProtoPack force Device(config)# exit System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 224: Monitoring Application Visibility And Control
Device(config-pmap-c)# set dscp 12 Device(config-pmap-c)#end This example shows how to create policy maps and define existing class maps for ingress QoS: Device# configure terminal Device(config)# policy-map test-avc-down Device(config-pmap)# class cat-browsing System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 225 The following is a sample output for the statistics per interface: Device# show ip nbar protocol-discovery int GigabitEthernet1/0/1 GigabitEthernet1/0/1 Last clearing of "show ip nbar protocol-discovery" counters 00:03:16 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 226 Class-map: NBAR-VOICE (match-any) 718 packets Match: protocol ms-lync-audio 0 packets, 0 bytes 30 second rate 0 bps QoS Set dscp ef Class-map: NBAR-MM_CONFERENCING (match-any) 6451 packets Match: protocol ms-lync System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 227 Displays all the protocol attributes used by NBAR. The following shows sample output for some of the attributes: Device# show ip nbar protocol-attribute cisco-jabber-im Protocol Name : cisco-jabber-im encrypted : encrypted-yes System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 228 Show Commands for Viewing Flow Monitor Configuration show flow monitor wdavc Displays information about the specified wired AVC flow monitor. Device # show flow monitor wdavc Flow Monitor wdavc: Description: User defined System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 229 1800 secs) - Inactive timeout 15 secs) CONN IPV4 INITIATOR ADDR CONN IPV4 RESPONDER ADDR CONN RESPONDER PORT FLOW OBSPOINT ID IP VERSION IP PROT APP NAME flow System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 230 Displays flow cache contents in similar format as the flow record. Device# show flow monitor wdavc cache format record Cache type: Normal (Platform cache) Cache size: 12000 Current entries: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 231 FLOW OBSPOINT ID: 4294967305 IP VERSION: IP PROTOCOL: APPLICATION NAME: layer7 dhcp flow direction: Input timestamp abs first: 08:55:47.917 timestamp abs last: 08:55:53.917 connection initiator: Initiator connection count new: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 232 FLOW OBSPOINT ID: 4294967305 IP VERSION: IP PROTOCOL: APPLICATION NAME: layer7 dhcp flow direction: Input timestamp abs first: 08:55:47.917 timestamp abs last: 08:55:47.917 connection initiator: Initiator connection count new: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 233 FLOW OBSPOINT ID: 4294967305 IP VERSION: IP PROTOCOL: APPLICATION NAME: layer7 dhcp flow direction: Input timestamp abs first: 08:55:47.917 timestamp abs last: 08:55:47.917 connection initiator: Initiator connection count new: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 234 FLOW OBSPOINT ID: 4294967305 IP VERSION: IP PROTOCOL: APPLICATION NAME: layer7 dhcp flow direction: Input timestamp abs first: 08:55:47.917 timestamp abs last: 08:55:53.917 connection initiator: Initiator connection count new: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 235 64.103.125.147,144.254.71.184,53,4294967305,4,17,port dns,Input,08:55:46.917,08:55:46.917,Initiator,2,1,1,190,106 64.103.121.103,10.1.1.2,67,4294967305,4,17,layer7 dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,1,0,350 64.103.125.3,64.103.125.97,68,4294967305,4,17,layer7 dhcp,Input,08:55:47.917,08:55:53.917,Initiator,1,0,4,0,1412 10.0.2.6,157.55.40.149,443,4294967305,4,6,layer7 ms- lync,Input,08:55:46.917,08:55:46.917,Initiator,2,10,14,6490,1639 64.103.126.28,66.163.36.139,443,4294967305,4,6,layer7 cisco-jabber- im,Input,08:55:46.917,08:55:46.917,Initiator,2,12,10,5871,2088 64.103.125.2,64.103.125.29,68,4294967305,4,17,layer7 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 236: Basic Troubleshooting - Questions And Answers
Question: With protocol-discovery, I see an aggregate view of all application. How can I see traffic distribution over time? Answer: WebUI will give you view of traffic over time for the last 48 hours. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 237: Additional References For Application Visibility And Control
Cisco IOS XE Gibraltar DNS flow record Support for DNS flow record was introduced. DNS 16.12.1 flow record uses the DNS Domain-Name as the collect field for defining the flow record. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 238 Analytics on the same port was introduced. Encrypted Traffic Analytics Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 239: Environmental Monitoring And Power Management
This is the default. counters Displays operational counters. history Displays the sensor state change history. location Displays sensors by location. sensor Displays the sensor summary. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 240: Displaying Environment Conditions
Celsius (45 ,55 ,65 ,72 )(Celsius) The following example illustrates how to display the LED status on a supervisor module. Device# show hardware led Current Mode: STATUS SWITCH: C9407R SYSTEM: AMBER SUPERVISOR: ACTIVE System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 241: Displaying On Board Failure Logging (Obfl) Information
SYSTEM Rail-0.85DOPv 0 - 5 SYSTEM Rail-0.85DOPv^N 0 - 5 SYSTEM Rail-0.85DOPv^O 0 - 5 -------------------------------------------------------------------------------- Sensor Value Total Time of each Sensor -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- No historical data -------------------------------------------------------------------------------- System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 242: Emergency Actions
Case 3. Temperature emergency on a power supply. Power cycle the device to recover from power supply When critical or shutdown alarm threshold is shut down. exceeded, all the power supplies will shut down. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 243: System Alarms
Major Syslog message displays the shutdown threshold. when the alarm is issued. Chassis temperature Minor Orange Syslog message displays exceeds the warning when the alarm is issued. threshold. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 244: Disabling Thermal Shutdown
Disabling Thermal Shutdown Starting with the Cisco IOS XE Gibraltar 16.11.1 release, the option to manually disable the system thermal shutdown has been introduced. This prevents the triggerring of the supervisor engine's action to turn off the power supplies of the chassis even when the temperatures exceed the critical and shutdown temperatures. The thermal shutdown disable feature allows you to bypass the system thermal shutdown process even when the system has already reached the shutdown state.
Page 245: Power Management
• Supported during run time. Power Management This section describes the power management feature in the Cisco Catalyst 9400 Series Switchesand the aspects of power management that you can control and configure. For information about the hardware, including installation, removal and power supply specifications, see the Cisco Catalyst 9400 Series Switches Hardware Installation Guide.
Page 246: Operating States
System Power - Maximim Used 2115 • Total standby output power ( ) is equal to total active output power ( PS7 Capacity + PS8 Capacity Capacity + PS2 Capacity System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 247: Show Power Detail
: Combined Power supplies currently active Power supplies currently available : 8 Power Summary Maximum (in Watts) Used Available ------------- ------ --------- System Power 2030 2030 Inline Power 23570 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 248 Model No Priority State Budget Instantaneous Peak Reset Reset -------------------- -------- -------- ------ ------------- ---- ------ ----- C9400-LC-24XS accepted C9400-LC-48T accepted C9400-SUP-1 accepted C9400-SUP-1 accepted C9400-LC-48T accepted C9400-LC-24XS accepted System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 249: Power Management Considerations
• The power requirements for the installed modules exceed the power provided by the power supplies. • If the switch has a single power supply module that is unable to meet power requirements, the following error message is displayed: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 250: Selecting A Power Supply Mode
Cisco power calculator on cisco.com to help determine the number of power supplies that is required for either combined or redundant mode. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 251: Configuring The Redundant Mode
5 through 8. In the n+n example here, the power supply modules in slots PS5, PS6, PS7, and PS8 are being used as standby modules, and have been configured accordingly. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 252: Configuring The Combined Mode
To configure combined mode on your switch, perform this task: Before you begin Note that this mode utilizes the available power from all the power supplies; however, your switch has no power redundancy. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 253: Power Budgeting For Supervisor Modules
(including line cards and fan tray). Do not remove the second supervisor to remedy a situation where there is an insufficient number of power supply modules. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 254: Configuring The Power Budget Mode For A Single Supervisor
Beginning in the privileged EXEC mode, perform these steps to move from single to a dual supervisor setup: Before you begin Calculate the required power for a dual supervisor setup. Cisco Power Calculator (CPC) enables you to calculate the power supply requirements for a specified configuration:...
Page 255: Enabling Auto Line Card Shutdown
Starting from Cisco IOS XE Gibraltar 16.12.1 , autoLC shutdown is always enabled and cannot be disabled. In all earlier releases, autoLC shutdown is disabled by default and must be manually enabled if you want the system hardware to shut down line cards in the event of a power constraint.
Page 256 4 (shuts down first) If you do not specify an order and autoLC shutdown is enabled, then by default the system shuts down line cards from the highest to the System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 257: Powering Down A Line Card
Powers down the specified module by placing it in low power mode. shutdown unpowered Example: Device(config)# hw-module slot 1/0 shutdown unpowered Step 3 Exits the global configuration mode Example: Device(config)# end System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 258: Configuration Examples For Power Supply Modes And Operating States
Example: Combined Mode and State (AC- and DC-Input) The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, power supply modules of the same capacity (3200W) have been installed in slots 1 through 8.
Page 259: Example: Combined Mode And State (Dc-Input Only)
Example: Combined Mode and State (DC-Input Only) The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, power supply modules of the same capacity and type (C9400-PWR-3200DC) have been installed in slots 1 through 8.
Page 260: Normal Protected State
Different Types + Normal Protected State The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, power supply modules of the same capacity (3200W) have been installed in slots 1 through 8.
Page 261 Other valid configuration options for the n+1 mode: • All installed modules are AC-input power supply modules of the same capacity and with the same AC-input voltage voltage level; one module is configured as standby. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 262: Example: N+1 Redundant Mode
Type + Normal Protected State The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, power supply modules of the same capacity and type (C9400-PWR-3200DC) have been installed in slots 1 through 8.
Page 263: Example: N+N Redundant Mode
+ Full Protected State) The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, power supply modules of the same capacity (3200W) have been installed in slots 1 through 8.
Page 264: Example: N+N Redundant Mode
+ Normal Protected State) The table below represents the two rows of power supply slots in a Cisco Catalyst 9400 Series chassis. Power supply slots are indicated as PS1, PS2, and so on. For this example, slots 1 through 4 have AC-input power supply modules of the same capacity (2100W) and all are configured as active.
Page 265 (in Watts) Used Available ------------- ------ --------- System Power 3505 3505 Inline Power 4895 ------------- ------ --------- Total 3505 8400 Other valid configuration options for the n+n mode: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 266: Feature History For Environmental Monitoring And Power Management
Support for the 3200W DC-Input power supply Supply Module module was introduced (C9400-PWR-3200DC). Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 267: Configuring Sdm Templates
EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload. Table 24: Approximate Number of Feature Resources Allowed by Templates in Cisco Catalyst 9400 Series Supervisor 1 Resource...
Page 268 MPLS Label MPLS L3VPN Routes VRF MPLS L3VPN Routes Prefix MVPN MDT Tunnels L2VPN EOMPLS Attachment Table 25: Approximate Number of Feature Resources Allowed by Templates in Cisco Catalyst 9400 Series Supervisor 1XL and Supervisor 1XL-Y Module Template Name Access Core...
Page 269: Sdm Templates And Switch Stacks
Follow these steps to use the SDM template to maximize feature usage: Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Example: Enter your password if prompted. Device> enable System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 270: Monitoring And Maintaining Sdm Templates
Use the following commands to monitor and maintain SDM templates. Command Purpose show sdm prefer Displays the SDM template in use. reload Reloads the switch to activate the newly configured SDM template. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 271: Configuration Examples For Sdm Templates
Configuration Examples for SDM Templates Examples: Displaying SDM Templates This is an example output showing the advanced template information on Cisco Catalyst 9400 Series Supervisor 1 Module Device#show sdm prefer Showing SDM Template Info This is the Access template.
Page 272 Some features such as IPv6, use up double the entry size; so only half as many entries can be created. * values can be modified by sdm cli. This is an example output showing the advanced template information on Cisco Catalyst 9400 Series Supervisor 1XL Module Device This is the Access template.
Page 273 L2 Multicast entries: 16384 Overflow L2 Multicast entries: 1024 L3 Multicast entries: 32768 Overflow L3 Multicast entries: 1024 Directly connected routes: 49152 Indirect routes: 65536 STP Instances: 1024 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 274 Some features such as IPv6, use up double the entry size; so only half as many entries can be created. * values can be modified by sdm cli. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 275: Examples: Configuring Sdm Templates
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 276 Configuring SDM Templates Feature History for SDM Templates System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 277: Configuring System Message Logs
You can remotely monitor system messages by viewing the logs on a syslog server or by accessing the switch through Telnet, through the console port, or through the Ethernet management port. Note The syslog format is compatible with 4.3 BSD UNIX. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 278: System Log Message Format
Text string containing detailed information about the event being reported. Default System Message Logging Settings Table 28: Default System Message Logging Settings Feature Default Setting System message logging to the console Enabled. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 279: Syslog Message Limits
How to Configure System Message Logs Setting the Message Display Destination Device If message logging is enabled, you can send messages to specific locations in addition to the console. This task is optional. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 280 Device# terminal monitor session has ended. You must perform this step for each session to see the debugging messages. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 281: Synchronizing Log Messages
For example, to change the setting for vty line 2, enter: line vty 2 When you enter this command, the mode changes to line configuration. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 282: Disabling Message Logging
To reenable message logging after it has been disabled, use the logging on global configuration command. This task is optional. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 283: Enabling And Disabling Time Stamps On Log Messages
Device(config)# service timestamps log datetime Step 3 Returns to privileged EXEC mode. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 284: Enabling And Disabling Sequence Numbers In Log Messages
Limit messages displayed to the selected device by specifying the severity level of the message. This task is optional. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 285: Limiting Syslog Messages Sent To The History Table And To Snmp
Device(config)# logging history 3 and emergencies messages are sent. Step 3 logging history size number Specifies the number of syslog messages that can be stored in the history table. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 286: Logging Messages To A Unix Syslog Daemon
Creates the log file. The syslog daemon sends prompt. messages at this level or at a more severe level to this file. Example: $ touch /var/log/cisco.log $ chmod 666 /var/log/cisco.log System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 287: Monitoring And Maintaining System Message Logs
00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/2, changed state to up (Switch-2) 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down (Switch-2) 00:00:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/1, changed state to down 2 (Switch-2) System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 288: Example: Switch System Message
UNIX syslog server, depending on your configuration Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 289: Configuring Online Diagnostics
After you configure online diagnostics, you can manually start diagnostic tests or display the test results. You can also see which tests are configured for the device or switch stack and the diagnostic tests that have already run. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 290: Generic Online Diagnostics (Gold) Tests
Run this as a health-monitoring test in case you experience any problem with the fan module. Default Intitial release Cisco IOS XE Everest 16.6.1. Corrective action – Hardware support Supervisors. TestPhyLoopback System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 291 This can be run as a health-monitoring test and also as an on-demand test. Default Intitial release Cisco IOS XE Everest 16.6.1. Corrective action – System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 292 This test runs every 150 seconds. Attribute Description Disruptive or Nondisruptive Nondisruptive. Recommendation Do not disable. This can be run as a health-monitoring test and also as an on-demand test. Default System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 293: How To Configure Online Diagnostics
• complete: Starts the complete test suite. • minimal: Starts the minimal bootup test suite. • non-disruptive: Starts the nondisruptive test suite. • per-port: Starts the per-port test suite. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 294: Configuring Online Diagnostics
• non-disruptive: Starts the nondisruptive test suite. • per-port: Starts the per-port test suite. You can schedule the tests as follows: • Daily: Use the daily hh:mm parameter. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 295: Configuring Health-Monitoring Diagnostics
• name: Name of the test that appears in the show diagnostic content command output. • test-id: ID number of the test that appears in the show diagnostic content command output. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 296 Step 6 diagnostic monitor modulenumber test Enables the specified health-monitoring tests. {name | test-id | test-id-range | all} The switch number keyword is supported only Example: on stacking switches. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 297: Monitoring And Maintaining Online Diagnostics
EXEC show commands in this table: Table 29: Commands for Diagnostic Test Configuration and Results Command Purpose show diagnostic content module [number | all] Displays the online diagnostics configured for a switch. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 298: Configuration Examples For Online Diagnostics
Device(config)# diagnostic monitor interval module 1 test TestPortAsicStackPortLoopback Example: Schedule Diagnostic Test This example shows how to schedule diagnostic testing for a specific day and time on a specific switch: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 299: Example: Displaying Online Diagnostics
(ASICs) by writing values into registers and reading back the values from these registers. It is a non-disruptive test and can be run as a health monitoring test. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 300: Additional References For Online Diagnostics
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 301: Managing Configuration Files
Restrictions for Managing Configuration Files • Many of the Cisco IOS commands described in this document are available and function only in certain configuration modes on the device. • Some of the Cisco IOS configuration commands are only available on certain device platforms, and the command syntax may vary on different platforms.
Page 302: Configuration Mode And Selecting A Configuration Source
To enter configuration mode on the device, enter the configure command at the privileged EXEC prompt. The Cisco IOS software responds with the following prompt asking you to specify the terminal, memory, or a file stored on a network server (network) as the source of configuration commands:...
Page 303: Copy Configuration Files From A Network Server To The Device
In some implementations of TFTP, you must create a dummy file on the TFTP server and give it read, write, and execute permissions before copying a file over it. Refer to your TFTP documentation for more information. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 304: Copying A Configuration File From The Device To An Rcp Server
You also can enable rcp support to allow users on remote systems to copy files to and from the device. To configure the Cisco IOS software to allow remote users to copy files to and from the device, use the ip rcmd rcp-enable global configuration command.
Page 305: Copying A Configuration File From The Device To An Ftp Server
The RCP protocol requires a client to send a remote username on each RCP request to a server. When you copy a configuration file from the device to a server using RCP, the Cisco IOS software sends the first valid username it encounters in the following sequence: 1.
Page 306: Copying Files Through A Vrf
The configurations are copied onto the TFTP server. Then, login to another switch and run the command copy tftp: startup-config and follow the instructions. The configurations are now copied onto the other switch. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 307: Configuration Files Larger Than Nvram
Release 10.0 or later release boot ROMs. Installing new ROMs is a one-time operation and is necessary only if you do not already have Cisco IOS Release 10.0 in ROM. If the boot ROMs do not recognize a compressed configuration, the following message is displayed:...
Page 308: How To Manage Configuration File Information
Device# show running-config Step 5 show startup-config Displays the contents of the startup configuration file. (Command alias for the more Example: nvram:startup-config command.) Device# show startup-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 309: Modifying The Configuration File
NVRAM. Modifying the Configuration File The Cisco IOS software accepts one configuration command per line. You can enter as many configuration commands as you want. You can add comments to a configuration file describing the commands you have entered. Precede a comment with an exclamation point (!). Because comments are not stored in NVRAM or in the active copy of the configuration file, comments do not appear when you list the active configuration with the show running-config or more system:running-config EXEC commands.
Page 310: Copying A Configuration File From The Device To A Tftp Server
Copying a Configuration File from the Device to a TFTP Server To copy configuration information on a TFTP network server, complete the tasks in this section: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 311: What To Do Next
To copy a startup configuration file or a running configuration file from the device to an RCP server, use the following commands beginning in privileged EXEC mode: Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 312: Examples
Storing a Startup Configuration File on an RCP Server The following example shows how to store a startup configuration file on a server by using RCP to copy the file: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 313: What To Do Next
(Optional) Specifies the default password. ip ftp password password Example: Device(config)# ip ftp password adminpassword Step 5 (Optional) Exits global configuration mode. This step is required only if you override the Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 314: Examples
Device(config)# ip ftp password mypass Device(config)# end Device# copy nvram:startup-config ftp: Remote host[]? 172.16.101.101 Name of configuration file to write [start-confg]? Write file start-confg on host 172.16.101.101?[confirm] ![OK] System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 315: What To Do Next
Example: Device# copy tftp://server1/dir10/datasource flash:startup-config Examples In the following example, the software is configured from the file named tokyo-confg at IP address 172.16.2.155: Device# copy tftp://172.16.2.155/tokyo-confg system:running-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 316: What To Do Next
• copy r cp:[[[/ / [ username@]l o cat i o n]/ d i r ect o ry]/ f i l e name]n vram:startup-conf i g Example: Device# copy System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 317: Examples
To copy a configuration file from an FTP server to the running configuration or startup configuration, complete the tasks in this section: Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 318: Examples
IP address of 172.16.101.101, and loads and runs the commands on the device: device# copy ftp://netadmin1:mypass@172.16.101.101/host1-confg system:running-config Configure using host1-confg from 172.16.101.101? [confirm] Connected to 172.16.101.101 Loading 1112 byte file host1-confg:![OK] System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 319: What To Do Next
Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 320 Configure using tokyo-confg from 172.16.2.155? [confirm] y Booting tokyo-confg from 172.16.2.155:!!! [OK - 874/16000 bytes] Device# copy system:running-config nvram:startup-config Building configuration... Compressing configuration from 129648 bytes to 11077 bytes [OK] System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 321: Storing The Configuration In Flash Memory On Class A Flash File Systems
NVRAM size, the following error message is displayed: “[buffer overflow - file-size /buffer-size bytes]. ” • configure terminal Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 322: Loading The Configuration Commands From The Network
Device# configure terminal Step 4 boot network {ftp:[[[//[username [:password Specifies that the startup configuration file be ]@]location ]/directory ]/filename ] | loaded from the network server at startup. rcp:[[[//[username@]location ]/directory System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 323: Copying Configuration Files From Flash Memory To The Startup Or Running Configuration
• Loads a configuration file directly into NVRAM or • copy filesystem: [partition-number:][filename ] • Copies a configuration file to your running nvram:startup-config configuration • copy filesystem: [partition-number:][filename ] system:running-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 324: Copying Configuration Files Between Flash Memory File Systems
] • The source device and the destination Example: device cannot be the same. For example, the copy usbflash0: usbflash0: command is invalid. Device# copy flash: usbflash0: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 325: Copying A Configuration File From An Ftp Server To Flash Memory Devices
Step 2 configure terminal (Optional) Enters global configuration mode. This step is required only if you override the Example: default remote username or password (see Steps 3 and 4). System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 326: What To Do Next
Example: • Enter your password if prompted. Device> enable Step 2 configure terminal (Optional) Enters global configuration mode. This step is required only if you override the Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 327: Copying A Configuration File From A Tftp Server To Flash Memory Devices
The following example shows the copying of the configuration file named switch-config from a TFTP server to the flash memory card inserted in usbflash0. The copied file is renamed new-config. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 328: Re-Executing The Configuration Commands In The Startup Configuration File
Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 erase nvram Clears the contents of your startup configuration. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 329: Deleting A Specified Configuration File
Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 Deletes the specified configuration file on the delete flash-filesystem:filename specified flash device. Example: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 330: Specifying The Config_File Environment Variable On Class A Flash File Systems
Specifying the CONFIG_FILE Environment Variable on Class A Flash File Systems On Class A flash file systems, you can configure the Cisco IOS software to load the startup configuration file specified by the CONFIG_FILE environment variable. The CONFIG_FILE variable defaults to NVRAM.
Page 331: What To Do Next
CONFIG_FILE environment variable and a distilled version to NVRAM. A distilled version is one that does not contain access System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 332: Configuring The Device To Download Configuration Files
NVRAM, the device enters the Setup command facility. Configuring the Device to Download the Network Configuration File To configure the Cisco IOS software to download a network configuration file from a server at startup, complete the tasks in this section:...
Page 333: Configuring The Device To Download The Host Configuration File
Device# copy system:running-config nvram:startup-config Configuring the Device to Download the Host Configuration File To configure the Cisco IOS software to download a host configuration file from a server at startup, complete the tasks in this section: Procedure Command or Action...
Page 334 Step 5 Exits global configuration mode. Example: Device(config)# end Step 6 copy system:running-config Saves the running configuration to the startup configuration file. nvram:startup-config Example: Device# copy system:running-config nvram:startup-config System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 335: Feature History For Managing Configuration Files
CLI in a configuration mode. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 336 Managing Configuration Files Feature History for Managing Configuration Files System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 337: Secure Copy
SCP allows only users with a privilege level of 15 to copy a file in the Cisco IOS File System (Cisco IFS) to and from a device by using the copy command. An authorized administrator can also perform this action from a workstation.
Page 338: Secure Copy Performance Improvements
How to Configure Secure Copy The following sections provide information about the Secure Copy configuration tasks. Configuring Secure Copy To configure a Cisco device for SCP server-side functionality, perform the following steps. Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode.
Page 339: Enabling Secure Copy On The Ssh Server
Purpose Step 1 enable Enables privileged EXEC mode. Example: Enter your password, if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 340 Device(config)# ip scp server enable Step 10 ip ssh bulk-mode (Optional) Enables SSH bulk data transfer mode to enhance the throughput performance Example: of SCP. Device(config)# ip ssh bulk-mode System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 341: Configuration Examples For Secure Copy
Device(config)# aaa authorization exec default group tacacs+ ! SSH must be configured and functioning properly. Device(config)# ip ssh time-out 120 Device(config)# ip ssh authentication-retries 3 Device(config)# ip scp server enable System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 342: Additional References For Secure Copy
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 343: Configuration Replace And Configuration Rollback
The format of the configuration files used as input by the Configuration Replace and Configuration Rollback feature must comply with standard Cisco software configuration file indentation rules as follows: • Start all commands on a new line with no indentation, unless the command is within a configuration submode.
Page 344: Restrictions For Configuration Replace And Configuration Rollback
Rollback Configuration Archive The Cisco IOS configuration archive is intended to provide a mechanism to store, organize, and manage an archive of Cisco IOS configuration files to enhance the configuration rollback capability provided by the configure replace command. Before this feature was introduced, you could save copies of the running configuration using the copy running-config destination-url command, storing the replacement file either locally or remotely.
Page 345: Configuration Replace
The configure replace privileged EXEC command provides the capability to replace the current running configuration with any saved Cisco IOS configuration file. This functionality can be used to revert to a previous configuration state, effectively rolling back any configuration changes that were made since the previous configuration state was saved.
Page 346: Configuration Rollback
Cisco IOS configuration rollback capability uses the concept of reverting to a specific configuration state based on a saved Cisco IOS configuration file. This concept is similar to the database idea of saving a checkpoint (a saved version of the database) to preserve a specific state.
Page 347: How To Use Configuration Replace And Configuration Rollback
No prerequisite configuration is needed to use the configure replace command. Using the configure replace command in conjunction with the Cisco IOS configuration archive and the archive config command is optional but offers significant benefit for configuration rollback scenarios. Before using the archive config command, the configuration archive must be configured.
Page 348: Performing A Configuration Replace Or Configuration Rollback Operation
Device# archive config command. Performing a Configuration Replace or Configuration Rollback Operation Perform this task to replace the current running configuration file with a saved Cisco IOS configuration file. Note You must create a configuration archive before performing this procedure. See...
Page 349 • The nolock keyword disables the locking of the running configuration file that prevents other users from changing the running configuration during a configuration replace operation. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 350 Use this command only if the time Device# configure confirm seconds keyword and argument of the configure replace command are specified. Step 5 exit Exits to user EXEC mode. Example: Device# exit System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 351: Monitoring And Troubleshooting The Feature
Device> enable Device# Step 2 show archive Use this command to display information about the files saved in the Cisco IOS configuration archive. Example: Device# show archive There are currently 1 archive configurations saved. The next archive file will be named flash:myconfiguration-2...
Page 352 Configuration Replace and Configuration Rollback Monitoring and Troubleshooting the Feature Step 3 debug archive versioning Use this command to enable debugging of the Cisco IOS configuration archive activities to help monitor and troubleshoot configuration replace and rollback. Example: Device# debug archive versioning 9 06:46:28.419:backup_running_config...
Page 353: Configuration Examples For Configuration Replace And Configuration Rollback
Configuration Rollback Creating a Configuration Archive The following example shows how to perform the initial configuration of the Cisco IOS configuration archive. In this example, flash:myconfiguration is specified as the location and filename prefix for the files in the configuration archive and a value of 10 is set as the maximum number of archive files to be saved.
Page 354: Reverting To The Startup Configuration File
Reverting to the Startup Configuration File The following example shows how to revert to the Cisco IOS startup configuration file using the configure replace command. This example also shows the use of the optional force keyword to override the interactive...
Page 355: Additional References For Configuration Replace And Configuration Rollback
Additional References for Configuration Replace and Configuration Rollback Related Documents Related Topic Document Title For complete syntax and usage information for Command Reference (Catalyst 9400 Series Switches) the commands used in this chapter. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 356: Feature History For Configuration Replace And Configuration Rollback
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 357: Performing Factory Reset
Factory reset erases all the customer-specific data stored in a device and restores the device to its original configuration at the time of shipping. Data that is erased includes configurations, log files, boot variables, System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 358: How To Perform A Factory Reset
The factory reset process is used in the following scenarios: • Return Material Authorization (RMA) for a device: If you have to return a device to Cisco for RMA, remove all the customer-specific data before obtaining an RMA certificate for the device.
Page 359 The range is from 1 to 16. • all: Selects all the switches in the stack. After the factory reset process is successfully completed, the device reboots and enters ROMmon mode. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 360: Configuration Examples For Performing A Factory Reset
DO NOT UNPLUG THE POWER OR INTERRUPT THE OPERATION Are you sure you want to continue? [confirm] The following examples show how to perform a factory reset on Cisco StackWise Virtual enabled devices: Device> enable Device# factory-reset switch 2 all The factory reset operation is irreversible for all operations.
Page 361 % FACTORYRESET - Factory Reset Done for flash3 % FACTORYRESET - Unmounting flash7 % FACTORYRESET - Cleaning Up flash7 % FACTORYRESET - In progress.. please wait for completion... System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 362 % FACTORYRESET - Started Cleaning Up... % FACTORYRESET - Unmounting sd1 % FACTORYRESET - Cleaning Up sd1 [0] % FACTORYRESET - erase In progress.. please wait for completion... % FACTORYRESET - write zero... System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 363: Additional References For Performing A Factory Reset
For complete syntax and usage information for the Command Reference commands used in this chapter. Feature History for Performing a Factory Reset This table provides release and related information for features explained in this module. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 364 Cisco StackWise Virtual enabled devices is Cisco StackWise Virtual introduced. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 365: Configuring Secure Storage
Step 1 configure terminal Enters the global configuration mode. Example: Device# configure terminal Step 2 service private-config-encryption Enables the Secure Storage feature on your device. Example: DEvice(config)# service private-config-encryption System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 366: Disabling Secure Storage
The file is in ‘plain text’ format. Device#show parser encrypt file status Feature: Enabled File Format: Plain Text System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 367: Feature Information For Secure Storage
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 368 Configuring Secure Storage Feature Information for Secure Storage System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 369: Bios Protection
BIOS protection feature enables write-protection and secure upgrade of the golden ROMMON image. ROMMON is a bootstrap program that initializes the hardware and boots the Cisco IOS XE software image when you power on or restart the device. ROMMON upgrades can be required to resolve firmware defects or to support new features.
Page 370: Capsule Upgrade
These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. Release Feature Feature Information Cisco IOS XE Gibraltar BIOS Protection BIOS Protection feature enables write-protection 16.12.1 and secure upgrade of the golden ROMMON image. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 371 Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 372 BIOS Protection Feature History for BIOS Protection System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 373: Software Maintenance Upgrade
An SMU provides a significant benefit over classic Cisco IOS software because it allows you to address network issues quickly while reducing the time and scope of the testing required. The Cisco IOS XE platform internally validates SMU compatibility and does not allow you to install noncompatible SMUs.
Page 374: Smu Workflow
3. Commit the SMU changes so that it is persistent across reloads. SMU Workflow The SMU process is initiated with a request to the Cisco Customer Support. Contact your customer support to raise an SMU request. At release time, the SMU package is posted to the...
Page 375: Managing An Smu Package
Step 3 Runs compatibility checks, installs the package, install activate file flash: filename and updates the package status details. Example: Device# install activate add file flash:cat9k_iosxe.BLD_SMU_20180302_085005_ TWIG_LATEST_20180306_013805.3.SSA.smu.bin System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 376: Configuration Examples For Software Maintenance Upgrade
Example: Managing an SMU Note • The examples used in this section are of hot patching SMU. The following example shows how to copy an SMU file to flash: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 377 C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin 16.9.1.0.43131 -------------------------------------------------------------------------------- Auto abort timer: inactive -------------------------------------------------------------------------------- The following example shows how to activate an added SMU package file: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 378 [ Switch 1 ] Active Package(s) Information: State (St): I - Inactive, U - Activated & Uncommitted, C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 379 [1] SMU_ROLLBACK package(s) on switch 1 [1] Finished SMU_ROLLBACK on switch 1 Checking status of SMU_ROLLBACK on [1] SMU_ROLLBACK: Passed on [1] Finished SMU Rollback operation SUCCESS: install_rollback /flash/cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin Mon System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 380 Auto abort timer: active on install_deactivate, time before rollback - 01:59:50 -------------------------------------------------------------------------------- The following example shows how to remove an SMU from the device: Device# install remove file flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 381: Additional References For Software Maintenance Upgrade
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 382 The SMU package supports patching of the PKI 16.10.1 Infrastructure (PKI) component. Patching Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 383: Working With The Flash File System
To display the available file systems on your device, use the show file systems privileged EXEC command as shown in this example for a standalone device: Device# show file systems File Systems: Size(b) Free(b) Type Flags Prefixes - - opaque rw system: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 384 3 is displayed as flash-3: and so on up to . The example also shows the crashinfo directories and a USB flash drive plugged into the active device: Device# show file systems File Systems: Size(b) Free(b) Type Flags Prefixes opaque system: opaque tmpsys: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 385 (for example, the system) or a download interface, such as brimux. unknown—The file system is an unknown type. Flags Permission for file system. ro—read-only. rw—read/write. wo—write-only. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 386: Setting The Default File System
Similarly, before copying a flash configuration file System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 387 Jul 8 2015 11:18:33 +00:00 system-report_RP_0_20150708-111832-UTC.tar.gz 608491 -rw- 67587176 Aug 12 2015 05:30:35 +00:00 mcln_x86_kernel_20170628.SSA 608492 -rwx 74880100 Aug 12 2015 05:30:57 +00:00 stardust.x86.idprom.0718B 11250098176 bytes total (9128050688 bytes free) Device# System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 388: Changing Directories And Displaying The Working Directory
Command or Action Purpose Step 1 Displays the directories on the specified file dir filesystem: system. Example: For filesystem:, use flash: for the system board flash device. Device# dir flash: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 389: Removing Directories
Network file system URLs include ftp:, rcp:, tftp:, scp:, http:, and https: and have these syntaxes: • FTP—ftp:[[//username [:password]@location]/directory]/filename • RCP—rcp:[[//username@location]/directory]/filename • TFTP—tftp:[[//location]/directory]/filename • SCP—scp:[[//username [:password]@location]/directory]/filename • HTTP—http:[[//username [:password]@location]/directory]/filename • HTTPS—https:[[//username [:password]@location]/directory]/filename System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 390: Deleting Files
Beginning in privileged EXEC mode, follow these steps to create a file, display the contents, and extract it: Procedure Command or Action Purpose Step 1 archive tar /create destination-url flash: Creates a file and adds files to it. /file-url System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 391 Extracts a file into a directory on the flash file [dir/file...] system. Example: For source-url, specify the source URL alias for the local file system. The -filename. is the Device# archive tar /xtract System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 392: Additional References For Flash File System
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 393 Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 394 Working with the Flash File System Feature History for Flash File System System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 395: C H A P T E
This is in contrast to the general debug command, that produces its output without discriminating on the feature objects that are being processed. General debug command consumes a lot of system resources and impacts the system performance. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 396: Introduction To Radioactive Tracing
/tmp. The tracefiles in the crashinfo directory are located in the following formats: 1. Process-name_Process-ID_running-counter.timestamp.gz Example: IOSRP_R0-0.bin_0.14239.20151101234827.gz 2. Process-name_pmanlog_Process-ID_running-counter.timestamp.bin.gz Example: wcm_pmanlog_R0-0.30360_0.20151028233007.bin.gz System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 397: Configuring Conditional Debugging
Device# show platform software trace • filter-binary - Filter the modules to be message collated • level - Show trace levels • message - Show trace message ring contents System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 398: Radioactive Tracing For L2 Multicast
The Recommended Workflow for Trace files is listed below: 1. To request the tracelogs for a specific time period. EXAMPLE 1 day. Use the command: Device#request platform software trace archive last 1 day System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 399: Copying Tracefiles Off The Box
Destination filename [IOSRP_R0-0.bin_0.14239.20151101234827.gz]? Note It is important to clear the generated report or archive files off the switch in order to have flash space available for tracelog and other purposes. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 400: Monitoring Conditional Debugging
Packet Infra debugs: Ip Address Port ------------------------------------------------------|---------- Device# The following is a sample of the debug platform condition stop command. Device# debug platform condition stop Conditional Debug Global State: Stop System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 401: Additional References For Conditional Debugging And Radioactive Tracing
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 402 Conditional Debug and Radioactive Tracing Feature History for Conditional Debugging and Radioactive Tracing System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 403: Consent Token
In some debugging scenarios, the Cisco TAC engineer may have to collect certain debug information or perform live debug on a production system. In such cases, the Cisco TAC engineer will ask you (the network System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 404: Consent Token Authorization Process For System Shell Access
When you request access to system shell, you need to be authorized. You must first run the command to generate a challenge using the Consent Token feature on your device. The device generates a unique challenge as output. You must then copy this challenge string and send it to a Cisco Authorized Personnel through e-mail or Instant Message.
Page 405: Feature History For Consent Token
The Cisco Authorized Personnel processes the unique challenge string and generates a response. The response is also a base-64 string that is unique. The Cisco Authorized Personnel copies this response string and sends it to you through e-mail or Instant Message.
Page 406 Cisco Technical Assistance Centre (Cisco TAC). Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 407: C H A P T E
C H A P T E R Troubleshooting the Software Configuration This chapter describes how to identify and resolve software problems related to the Cisco IOS software on the switch. Depending on the nature of the problem, you can use the command-line interface (CLI), Device Manager, or Network Assistant to identify and solve problems.
Page 408: Power Over Ethernet Ports
Disabled Port Caused by Power Loss If a powered device (such as a Cisco IP Phone 7910) that is connected to a PoE device port and powered by an AC power source loses power from the AC power source, the device might enter an error-disabled state.
Page 409: Disabled Port Caused By False Link-Up
Disabled Port Caused by False Link-Up If a Cisco powered device is connected to a port and you configure the port by using the power inline never interface configuration command, a false link-up can occur, placing the port into an error-disabled state. To take the port out of the error-disabled state, enter the shutdown and the no shutdown interface configuration commands.
Page 410: Ip Traceroute
VLAN. However, if the intermediate Device is a multilayer Device that is routing a particular packet, this device shows up as a hop in the traceroute output. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 411: Time Domain Reflector Guidelines
• The cable for the gigabit link is a twisted-pair cable or is in series with a solid-core cable. • The link is a 10-megabit or a 100-megabit link. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 412: Debug Commands
System reports or crashinfo files save information that helps Cisco technical support representatives to debug problems that caused the Cisco IOS image to fail (crash). It is necessary to quickly and reliably collect critical crash information with high fidelity and integrity. Further, it is necessary to collect this information and bundle it in a way that it can be associated or identified with a specific crash occurrence.
Page 413 Copy to tftp: file system tmpsys: Copy to tmpsys: file system The general syntax for copying onto TFTP server is as follows: Switch#copy crashinfo: tftp: Source filename [system-report_1_20150909-092728-UTC.gz]? System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 414: Onboard Failure Logging On The Switch
In a complex network it is difficult to track the origin of a system-report file. This task is made easier if the system-report files are uniquely identifiable. Starting with the Cisco IOS XE Amsterdam 17.3.x release, the hostname will be prepended to the system-report file name making the reports uniquely identifiable.
Page 415: Fan Failures
You should manually set the system clock or configure it by using Network Time Protocol (NTP). When the device is running, you can retrieve the OBFL data by using the show logging onboard privileged EXEC commands. If the device fails, contact your Cisco technical support representative to find out how to retrieve the data.
Page 416: How To Troubleshoot The Software Configuration
Verify that you can ping the TFTP server switch: ping ip_address_of_TFTP_server Example: switch: ping 192.0.2.15 ping 192.0.2.1 with 32 bytes of data... Host 192.0.2.1 is alive. switch: Step 7 Choose one of the following: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 417 Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 418 If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
Page 419 C9X00 platform with 8388608 Kbytes of main memory Alternatively, you can copy the image from TFTP to local flash through Telnet or Management port and then boot the device from local flash. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 420: Recovering From A Lost Or Forgotten Password
Procedure with Password Recovery Enabled Procedure Step 1 Ignore the startup configuration with the following command: Device: SWITCH_IGNORE_STARTUP_CFG=1 Step 2 Boot the switch with the packages.conf file from flash. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 421 BOOT variable = flash:packages.conf; Manual Boot = yes Enable Break = yes Step 10 Reload the device. Device# reload Step 11 Return the boot loader parameters to their original values. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 422: Procedure With Password Recovery Disabled
Choose to continue with password recovery and delete the existing configuration: Would you like to reset the system back to the default configuration (y/n)? Y Step 2 Display the contents of flash memory: Device: dir flash: System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 423: Preventing Switch Stack Problems
• Make sure that the device that you add to or remove from the switch stack are powered off. For all powering considerations in switch stacks, see the “Switch Installation” chapter in the hardware installation guide. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 424: Preventing Autonegotiation Mismatches
If a remote device does not autonegotiate, configure the duplex settings on the two ports to match. The speed parameter can adjust itself even if the connected port does not autonegotiate. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 425: Troubleshooting Sfp Module Security And Identification
SFP modules and module interfaces. If you are using a non-Cisco SFP module, remove the SFP module from the device, and replace it with a Cisco module. After inserting a Cisco SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time interval for recovering from the error-disabled state.
Page 426: Monitoring Temperature
Running TDR and Displaying the Results To run TDR, enter the test cable-diagnostics tdr interface interface-id privileged EXEC command. To display the results, enter the show cable-diagnostics tdr interface interface-id privileged EXEC command. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 427: Redirecting Debug And Error Message Output
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
Page 428: Troubleshooting When Module Not Online
Collect the output from the show tech-support command. b. Remove all power supplies from the box, and collect the serial numbers, Cisco part number, and manufacturer of the power supplies. c. Contact Cisco Technical Support with the information that you collected.
Page 429: Troubleshooting Interface Problems
Enter the show diagnostics online module slot-number command to identify hardware failures on the module. If the module still does not come online, create a service request with Cisco Technical Support in order to troubleshoot further. Use the logs of the switch that you collected in the above output and the troubleshooting steps that you performed.
Page 430: Verifying Troubleshooting Of The Software Configuration
This example shows normal CPU utilization. The output shows that utilization for the last 5 seconds is 8%/0%, which has this meaning: • The total CPU utilization is 8 percent, including both time running Cisco IOS processes and time spent handling interrupts.
Page 431 50% with minimal time spent consuming too much CPU time. This troubleshoot the root cause. on interrupts. is usually triggered by an event that activated the process. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 432: Scenarios For Troubleshooting The Software Configuration
(available PoE). Use the show power inline command to verify the amount of available power. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 433 If there is still no PoE at any port, a fuse might be open in the PoE section of the power supply. This normally produces an alarm. Check the log again for alarms reported earlier by system messages. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 434: Configuration Examples For Troubleshooting Software
This example shows how to ping an IP host: Device# ping 172.20.52.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 172.20.52.3, timeout is 2 seconds: !!!!! System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 435: Example: Performing A Traceroute To An Ip Host
Table 38: Traceroute Output Display Characters Character Description The probe timed out. Unknown packet type. Administratively unreachable. Usually, this output means that an access list is blocking traffic. Host unreachable. Network unreachable. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 436: Additional References For Troubleshooting Software Configuration
This makes the system-report files uniquely identifiable. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 437: Recover From Corrupt Or Missing File Image Or In Rommon Mode
Feature Information for Recovering a Switch, on page 431 Introduction This section explains how to recover a Catalyst 9400 Series Supervisor from a missing or corrupted system image, or an incorrect boot variable. The Supervisor module image can sometimes be corrupted during a Trivial File Transfer Protocol (TFTP) download, or when manually deleted by the user.
Page 438: Recover Switch From A Corrupt Or Missing Image In Rommon Mode
• If you try to Telnet to any of the interfaces it fails, and if you are connected to the console port of the Supervisor, you see this prompt: rommon 1> System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 439: Recover Switch From A Continous Reboot
: 256 Mbytes ***** The system will autoboot in 5 seconds ***** Type control-C to prevent autobooting. !--- Press Control-C. Autoboot cancelled..please wait!!! rommon 1 > [interrupt] System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 440 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 441 Issue the show bootvar command in order to do this. Switch#show bootvar BOOT variable = bootflash:cat9400packages.conf Configuration Register is 0x1822 MANUAL_BOOT variable = yes BAUD variable = 115200 ENABLE_BREAK variable = CONFIG_FILE variable = System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 442: Recover From A Corrupt Or Missing Image
If you do have any valid file, see the Recovering from a Continuous Reboot section of this document for the recovery. Otherwise, continue to the next step. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 443 IP address configured in Step 6. rommon 8> set DEFAULT_GATEWAY=192.168.0.1 Enter the set command to verify the configurations which have been made. switch: set BAUD=9600 System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 444 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Restricted Rights Legend System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 445 If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com.
Page 446 R1/0: kernel: pci 0000:35:00.1: BAR 4: [??? 0x00000000 flags 0x102000] has bogus alignment *Sep 1 13:20:39.370: %IOSXE-3-PLATFORM: R1/0: kernel: pci 0000:35:00.0: BAR 4: error updating (0x2021000c != 0x00000c) System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 447 *Sep 1 13:21:33.591: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to up *Sep 1 13:21:33.813: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/16, changed state to up *Sep 1 13:21:34.591: %LINEPROTO-5-UPDOWN: Line protocol on Interface System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 448 Enter the show bootvar command to check the current boot variable. Remove any existing incorrect boot variables and add the correct one. Enter the write memory command to save the configuration from running to startup. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 449: Feature Information For Recovering A Switch
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 450 Recover from Corrupt or Missing File Image or in ROMmon Mode Feature Information for Recovering a Switch System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 451: Line Auto Consolidation
This can affect the performance of the device. Starting with Cisco IOS XE 17.4.1 release, you can use the no line auto-consolidation command, in the global configuration mode, to disable the auto consolidation of LINE commands. Auto consolidation is enabled by default.
Page 452 Device#sh running-config | sec line no line auto-consolidation line con 0 exec-timeout 0 0 logging synchronous stopbits 1 line vty 0 4 transport input ssh line vty 5 15 transport input ssh System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 453 • You can't configure lines with non-contiguous ranges. The configuration is rejected. Device#show run | sec line no line auto-consolidation line con 0 logging synchronous line aux 0 line vty 0 4 transport input none System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 454 You can’t modify subranges in the controller mode. This is a behavioural change between the controller and autonomous modes. In the controller mode, any modification of subranges is rejected to avoid discrepancy with the configuration pushed from a controller. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 455 The following example shows how you can modify overlapping ranges in autonomous mode. Device#show run | sec line no line auto-consolidation line con 0 stopbits 1 line vty 0 4 transport input ssh line vty 5 10 transport input none System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 456 Device#configure replace bootflash:cfg2.txt This will apply all necessary additions and deletions to replace the current running configuration with the contents of the specified configuration file, which is System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 457: Feature History For Line Auto Consolidation
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)
Page 458 The line auto-consolidation command was introduced. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Bengaluru 17.4.x (Catalyst 9400 Switches)

Cisco Catalyst 9400 System Management Configuration Manual

CHAPTER 2 Performing Device Setup Configuration

CHAPTER 3 Smart Licensing Using Policy

CHAPTER 4 Configuring Application Visibility and Control in a Wired Network

CHAPTER 5 Environmental Monitoring and Power Management

CHAPTER 6 Configuring SDM Templates

CHAPTER 7 Configuring System Message Logs

CHAPTER 8 Configuring Online Diagnostics

CHAPTER 9 Managing Configuration Files

CHAPTER 10 Secure Copy

Quick Links

Troubleshooting

Related Manuals for Cisco Catalyst 9400

Summary of Contents for Cisco Catalyst 9400