Page 1
System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches) First Published: 2020-03-30 Last Modified: 2020-05-08 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Page 3
MAC Addresses and VLANs MAC Addresses and Device Stacks Default MAC Address Table Settings ARP Table Management How to Administer the Device Configuring the Time and Date Manually System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Example: Configuring MAC Threshold Notification Traps Example: Adding the Static Address to the MAC Address Table Example: Configuring Unicast MAC Address Filtering Additional References for Device Administration Feature History for Device Administration System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 5
How to Control Environment Variables Common Environment Variables Environment Variables for TFTP Scheduled Reload of the Software Image How to Perform Device Setup Configuration Configuring DHCP Autoconfiguration (Only Configuration File) System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 6
Configuring the Call Home Service for Direct Cloud Access through an HTTPs Proxy Server Configuring the Call Home Service for Cisco Smart Software Manager On-Prem Configuring the License Level Registering a Device on CSSM System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 7
Feature History for Application Visibility and Control in a Wired Network C H A P T E R 6 Configuring SDM Templates Information About SDM Templates Customizable SDM Template System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 8
Logging Messages to a UNIX Syslog Daemon Monitoring and Maintaining System Message Logs Monitoring Configuration Archive Logs Configuration Examples for System Message Logs Example: Switch System Message System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches) viii...
Page 9
Copying a Configuration File from the Device to an RCP Server Copying a Configuration File from the Device to an FTP Server Copying files through a VRF Copy Configuration Files from a Switch to Another Switch System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 10
Copying a Configuration File from a TFTP Server to Flash Memory Devices Re-executing the Configuration Commands in the Startup Configuration File Clearing the Startup Configuration Deleting a Specified Configuration File System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 11
How to Use Configuration Replace and Configuration Rollback Creating a Configuration Archive Performing a Configuration Replace or Configuration Rollback Operation Monitoring and Troubleshooting the Feature Configuration Examples for Configuration Replace and Configuration Rollback System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 12
Working with the Flash File System Information About the Flash File System Displaying Available File Systems Setting the Default File System Displaying Information About Files on a File System System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 13
Topic 2 Topic 2.1 Introduction to Conditional Debugging Introduction to Radioactive Tracing How to Configure Conditional Debug and Radioactive Tracing Conditional Debugging and Radioactive Tracing Location of Tracefiles System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches) xiii...
Page 14
How to Troubleshoot the Software Configuration Recovering from a Software Failure Recovering from a Lost or Forgotten Password Procedure with Password Recovery Enabled Procedure with Password Recovery Disabled Preventing Switch Stack Problems System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 15
Configuration Examples for Troubleshooting Software Example: Pinging an IP Host Example: Performing a Traceroute to an IP Host Additional References for Troubleshooting Software Configuration Feature History for Troubleshooting Software Configuration System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
You can manage the system time and date on your device using automatic configuration methods (RTC and NTP), or manual configuration methods. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference on Cisco.com. System Clock The basis of the time service is the system clock.
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 19
Figure 1: Typical NTP Network Configuration If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices then synchronize to that device through NTP.
Page 20
20 clients. Broadcast-based NTP associations are also recommended for use on networks that have limited bandwidth, system memory, or CPU resources. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 21
The authentication process begins from the moment an NTP packet is created. Cryptographic checksum keys are generated using the message digest algorithm 5 (MD5) and are embedded into the NTP synchronization System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 22
The following figure shows a typical network example using NTP. Switch A is the primary NTP, with the Switch B, C, and D configured in NTP server mode, in server association with Switch A. Switch E is configured System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 23
A greater-than symbol [>] is appended. The prompt is updated whenever the system name changes. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.4 and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.4.
Page 24
(.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com.
Page 25
The MAC address tables on all stack members are synchronized. At any given time, each stack member has the same copy of the address tables for each VLAN. When an address ages out, the address is removed from System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 26
You must reconfigure this setting if you have manually configured the system clock before the device fails and a different stack member assumes the role of the device. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
To configure summer time (daylight saving time) in areas where it starts and ends on a particular day of the week each year, perform this task: Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 29
• (Optional) hh:mm Specifies the time (24-hour format) in hours and minutes. • (Optional) offset Specifies the number of minutes to add during summer time. The default is 60. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
No access control is specified. NTP packet source IP address The source address is set by the outgoing interface. NTP is enabled on all interfaces by default. All interfaces receive NTP packets. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
1 to 32 bytes. • hmac-sha2-256: Authentication using HMAC using the SHA2 hash function. The digest length is 256 bits and the key length is 1 to 32 bytes System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Purpose Step 1 Enables privileged EXEC mode. enable Example: Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 33
• prefer: Sets this peer as the preferred one that provides synchronization. This keyword reduces clock hop among peers. Use the no form of this command to remove a server association. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Use the no form of this command to disable the interface from sending NTP broadcast packets. Step 5 [no] ntp broadcast client Enables the interface to receive NTP broadcast packets. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Example: Device# configure terminal Step 3 [no] ntp access-group {query-only | Create an access group, and apply a basic IP access list.. serve-only | serve | peer} access-list-number System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 36
Returns to privileged EXEC mode. Example: Device(config)# end Disabling NTP Services on a Specific Interface To disable NTP packets from being received on an interface, perform this procedure: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Follow these steps to manually configure a system name: Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
This is a secure site. Only signifies the beginning and end of the banner authorized users are allowed. text. Characters after the ending delimiter are For access, contact technical discarded. support. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Device# configure terminal Step 3 banner login c message c Specifies the login message. Example: Enters the delimiting character of your choice, for example, a pound sign (#), and press System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 44
Device(config)# mac address-table notification change interval 123 generated to the NMS. The range is 0 to Device(config)#mac address-table System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
MAC address moves from one port to another within the same VLAN. Follow these steps to configure the device to send MAC address-move notification traps to an NMS host: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 46
Enables the device to send MAC address move move notification traps to the NMS. Example: Device(config)# snmp-server enable traps mac-notification move Step 5 mac address-table notification mac-move Enables the MAC address move notification feature. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Follow these steps to configure the switch to send MAC address table threshold notification traps to an NMS host: Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 48
Example: Device(config)# mac address-table notification threshold Step 6 mac address-table notification threshold Enters the threshold value for the MAC address [limit percentage] | [interval time] threshold usage monitoring. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Disabling MAC Address Learning on VLAN This feature is supported on Cisco Catalyst 9500 High Performance Series Switches. You can control MAC address learning on a VLAN to manage the available MAC address table space by controlling which VLANs can learn MAC addresses. Before you disable MAC address learning, be sure that you are familiar with the network topology.
(Optional) Reenable MAC address learning on VLAN in a global configuration mode. Example: Device# default mac address-table Adding and Removing Static Address Entries Follow these steps to add a static address: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 51
Step 4 show running-config Verifies your entries. Example: Device# show running-config Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Device# copy running-config startup-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
(Optional) Saves your entries in the copy running-config startup-config configuration file. Example: Device# copy running-config startup-config Monitoring and Maintaining Administration of the Device Command Purpose clear mac address-table dynamic Removes all dynamic entries. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
VLAN. Configuration Examples for Device Administration Example: Setting the System Clock This example shows how to manually set the system clock: Device# clock set 13:32:00 23 July 2013 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Example: Configuring a Login Banner This example shows how to configure a login banner by using the dollar sign ($) symbol as the beginning and ending delimiter: Device(config)# banner login $ System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
You cannot associate the same static MAC address to multiple interfaces. If the command is executed again with a different interface, the static MAC address is overwritten on the new interface. Device(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet1/1/1 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
During the boot process, the software creates a checksum record of each stage of the bootloader activities. You can retrieve this record and compare it with a Cisco-certified record to verify if your software image is genuine. If the checksum values do not match, you may be running a software image that is either not certified by Cisco or has been altered by an unauthorized party.
SUDI is the Product ID and Serial Number of each individual device such that the device can be uniquely identified on a network of thousands of devices. The first certificate is the Cisco Root CA 2048 and the second is the Cisco subordinate CA (ACT2 SUDI CA). Both certificates can be verified to match those published on https://www.cisco.com/security/pki/.
Page 59 || } Cisco management solutions are equipped with the ability to interpret the above output. However, a simple script using OpenSSL commands can also be used to display the identity of the platform and to verify the signature, thereby ensuring its Cisco unique device identity.
Page 60
These hashes can be compared against Cisco-provided reference values. An option to sign the output gives a verifier the ability to ensure the output is genuine and is not altered. A nonce can be provided to protect against replay attacks.
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 62
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Dynamic Host Configuration Protocol (DHCP) auto configuration. Device Boot Process To start your device, you need to follow the procedures described in the Cisco Catalyst 9500 Series Switches Hardware Installation Guide for installing and powering on the device and setting up the initial device configuration.
The method that you use to upgrade Cisco IOS XE software depends on whether the switch is running in install mode or in bundle mode. In bundle mode or consolidated boot mode, a .bin image file is used from a local or remote location to boot the device.
• Software rollback to a previously installed package set. • Emergency installation in the event that no valid installed packages reside on the boot flash. Note This feature is not supported on the Cisco Catalyst 9500 Series High Performance Switches. Software Boot Modes...
Use the install auto-abort-timer stop command to stop this timer. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
DHCP is built on a client-server model, in which designated DHCP servers allocate network addresses and deliver configuration parameters to dynamically configured devices. The device can act as both a DHCP client and a DHCP server. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
The downloaded configuration file becomes the running configuration of the device. It does not over write the bootup configuration saved in the flash, until you reload the device. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
TFTP requests. Unavailability of other lease options does not affect autoconfiguration. • The device can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your device but are not configured. (These features are not operational.)
DHCP server. The device sends a unicast message to the TFTP server to retrieve the named configuration file from the base directory of the server and upon receipt, it completes its boot up process. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
You can change the settings of the environment variables by accessing the boot loader or by using Cisco IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment variables.
If it is set to anything filesystem :/ file-url boot loader else, you must manually boot command, and specify the name of the up the switch from the boot bootable image. loader mode. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
TFTP. A reset is required for the new value to take effect. IP_ADDRESS Specifies the IP address and the subnet mask for the associated IP subnet of the switch. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
This task describes how to configure DHCP autoconfiguration of the TFTP and DHCP settings on an existing device in the network so that it can support the autoconfiguration of a new device. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 76
10.10.10.1 Step 6 option 150 address Specifies the IP address of the TFTP server. Example: Device(dhcp-config)# option 150 10.10.10.1 Step 7 exit Returns to global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
You must first create a text file (for example, autoinstall_dhcp) that will be uploaded to the device. In the text file, put the name of the image that you want to download (for example, cat9k_iosxe.16.xx.xx.SPA.bin). System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 78
Device(dhcp-config)# option 150 10.10.10.1 Step 7 option 125 hex Specifies the path to the text file that describes the path to the image file. Example: Device(dhcp-config)# option 125 hex System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 79
Example: Device(config)# tftp-server flash:boot-config.text Step 14 interface interface-id Specifies the address of the client that will receive the configuration file. Example: Device(config)# interface gigabitEthernet1/0/4 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Enters interface configuration mode, and enters the VLAN to which the IP information is Example: assigned. The range is 1 to 4094. Device(config)# interface vlan 99 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 82
Verifies the configured IP address. Example: Device# show interfaces vlan 99 Step 8 Verifies the configured default gateway. show ip redirects Example: Device# show ip redirects System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Specifying a Filename to Read and Write a System Configuration By default, the Cisco IOS software uses the config.text file to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next boot cycle.
To boot up the system, use the boot filesystem:/file-url boot loader command. • filesystem:—Uses flash: for the system board flash device. Switch: boot flash: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
• The device reloads after executing this command. Step 3 exit Exits privileged EXEC mode and returns to user EXEC mode. Example: Device# exit System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 86
Makes the changes persistent over reload. Example: • The install commit command completes the new image installation. Changes are Device# install commit persistent across reloads until the auto-abort timer expires. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
(Optional) Displays the version of the image installed. Configuring a Scheduled Software Image Reload This task describes how to configure your device to reload the software image at a later time. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 88
Device(config)# reload cancel Step 6 show reload Displays information about a previously scheduled reload or identifies if a reload has Example: been scheduled on the device. show reload System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
GPL code under the terms of GPL Version 2.0. For more details, see the documentation or "License Notice" file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 90
If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected].
Page 91
If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected].
Package cat9k-sipbase.16.05.01a.SPA.pkg /temp//stage/cat9k-sipbase.16.05.01a.SPA.pkg is Digitally Signed Package cat9k-sipspa.16.05.01a.SPA.pkg /temp//stage/cat9k-sipspa.16.05.01a.SPA.pkg is Digitally Signed Package cat9k-srdriver.16.05.01a.SPA.pkg /temp//stage/cat9k-srdriver.16.05.01a.SPA.pkg is Digitally Signed Package cat9k-webui.16.05.01a.SPA.pkg /temp//stage/cat9k-webui.16.05.01a.SPA.pkg is Digitally Signed Package cat9k-wlc.16.05.01a.SPA.pkg /temp//stage/cat9k-wlc.16.05.01a.SPA.pkg is Digitally System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
[1] Finished Add on switch 1 Checking status of Add on [1] Add: Passed on [1] Finished Add install_add_activate_commit: Activating PACKAGE Following packages shall be activated: /flash/cat9k-wlc.16.06.02.SPA.pkg /flash/cat9k-webui.16.06.02.SPA.pkg /flash/cat9k-srdriver.16.06.02.SPA.pkg /flash/cat9k-sipspa.16.06.02.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 94
The following example shows how to activate an added software package file: Device# install activate install_activate: START Mon Oct 30 20:14:20 UTC 2017 install_activate: Activating PACKAGE *Oct 30 20:14:21.379: %IOSXE-5-PLATFORM: Switch 1 R0/0: Oct 30 20:14:21 install_engine.sh: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 95
Chassis 1 reloading, reason - Reload command The following sample output from the show install summary command displays the status of the software package as active and uncommitted: Device# show install summary System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 96
Current cc 2 0 cat9k-sipbase.16.06.02.prd9.SPA.pkg Current cc 2 0 cc_spa cat9k-sipspa.16.06.02.prd9.SPA.pkg Current cc 3 cc_srdriver cat9k-cc_srdriver.16.06.02.prd9.SPA.pkg Current cc 3 0 cat9k-sipbase.16.06.02.prd9.SPA.pkg Current cc 3 0 cc_spa cat9k-sipspa.16.06.02.prd9.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 97
Replacement: cc 6 0 cc_spa cat9k-sipspa.16.06.02.SPA.pkg Replacement: cc 7 cc_srdriver cat9k-cc_srdriver.16.06.02.SPA.pkg Replacement: cc 7 0 cat9k-sipbase.16.06.02.SPA.pkg Replacement: cc 7 0 cc_spa cat9k-sipspa.16.06.02.SPA.pkg Replacement: cc 8 cc_srdriver cat9k-cc_srdriver.16.06.02.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 98
Scanning boot directory for packages ... done. Preparing packages list to delete ... done. The following files will be deleted: [switch 1]: /flash/cat9k-cc_srdriver.16.06.02.SPA.pkg /flash/cat9k-espbase.16.06.02.SPA.pkg /flash/cat9k-guestshell.16.06.02.SPA.pkg /flash/cat9k-rpbase.16.06.02.SPA.pkg /flash/cat9k-rpboot.16.06.02.SPA.pkg /flash/cat9k-sipbase.16.06.02.SPA.pkg /flash/cat9k-sipspa.16.06.02.SPA.pkg /flash/cat9k-srdriver.16.06.02.SPA.pkg /flash/cat9k-webui.16.06.02.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 99
Current rp 1 0 rp_boot cat9k-rpboot.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Replacement: rp 0 0 rp_boot cat9k-rpboot.16.06.02.SPA.pkg Replacement: rp 1 0 rp_boot cat9k-rpboot.16.06.02.SPA.pkg Current cc 0 cc_srdriver cat9k-cc_srdriver.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Current cc 0 0 cat9k-sipbase.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 100
Current cc 8 0 cc_spa cat9k-sipspa.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Current cc 9 cc_srdriver cat9k-cc_srdriver.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Current cc 9 0 cat9k-sipbase.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Current cc 9 0 cc_spa cat9k-sipspa.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Current fp 0 0 cat9k-espbase.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 101
Replacement: cc 7 0 cat9k-sipbase.16.06.02.SPA.pkg Replacement: cc 7 0 cc_spa cat9k-sipspa.16.06.02.SPA.pkg Replacement: cc 8 cc_srdriver cat9k-cc_srdriver.16.06.02.SPA.pkg Replacement: cc 8 0 cat9k-sipbase.16.06.02.SPA.pkg Replacement: cc 8 0 cc_spa cat9k-sipspa.16.06.02.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 102
--- Starting Activate --- Performing Activate on all members [1] Activate package(s) on switch 1 --- Starting list of software package changes --- Old files list: Removed cat9k-cc_srdriver.16.06.02.SPA.pkg Removed cat9k-espbase.16.06.02.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Chassis 1 reloading, reason - Reload command Verifying Software Install Procedure Step 1 enable Example: Device> enable Enables privileged EXEC mode. • Enter your password if prompted. Step 2 show install log Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 104
Device# show install package flash:cat9k_iosxe.16.06.01.SPA.bin Displays information about the specified software install package file. Device# show install package flash:cat9k_iosxe.16.06.01.SPA.bin Package: cat9k_iosxe.16.06.01.SPA.bin Size: 333806196 Timestamp: Sun Jun 11 14:47:23 2017 UTC System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 105
State (St): I - Inactive, U - Activated & Uncommitted, C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- 16.7.1.0 Device# Step 7 show install committed System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
This example shows how to reload the software on a device on the current day at 7:30 p.m: Device# reload at 19:30 Reload scheduled for 19:30:00 UTC Wed Jun 5 2013 (in 2 hours and 25 minutes) System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
• Network reachability to https://tools.cisco.com. Introduction to Smart Licensing Cisco Smart Licensing is a flexible licensing model that provides you with an easier, faster, and more consistent way to purchase and manage software across the Cisco portfolio and across your organization. And it’s secure –...
• License Flexibility: Your software is not node-locked to your hardware, so you can easily use and transfer licenses as needed. To use Smart Licensing, you must first set up a Smart Account on Cisco Software Central (software.cisco.com). For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.
Page 111
Connecting to CSSM Figure 5: Connection Options 1. Direct cloud access: In this method, Cisco products send usage information directly over the internet to Cisco.com; no additional components are needed for the connection. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
The following section is required for those licenses that were purchased without a Cisco Smart Account. These licenses will not be available in CSSM after you have upgraded to Cisco IOS XE Fuji 16.9.1. You are requested to contact the Cisco Global Licensing Operations (GLO) team with the following email template. Fill the template with the appropriate information to request linking of your existing licenses to your Cisco Smart Account in CSSM.
Device(config)# ip domain name example.com Step 7 (Optional) Configures static ip host tools.cisco.com ip-address hostname-to-address mappings in the DNS Example: hostname cache if automatic DNS mapping is not available. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 114
Configures a source interface for the HTTP ip http client source-interface interface-type interface-number client. Example: Note The ip http client source-interface interface-type Device(config)# ip http client interface-number command is source-interface Vlan100 mandatory. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Device(config-call-home)# no http secure server-identity-check Step 5 contact-email-address email-address Assigns customer's email address. You can enter up to 200 characters in email address Example: format with no spaces. Device(config-call-home)# contact-email-addr [email protected] System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 116
Exits global configuration mode and returns to privileged EXEC mode. Example: Device(config)# exit Step 15 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Device# copy running-config startup-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
To use this profile with the Call Home service, Example: you must enable the profile. Device(config-call-home)# profile CiscoTAC-1 Step 7 destination transport-method http Enables the Call Home service via HTTP. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 118
Device(config-call-home)# exit Step 16 service call-home Enables the Call Home feature. Example: Device(config)# service call-home Step 17 ip http client proxy-server proxy-address Enables the Call Home feature. proxy-port port-number System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
For information about Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite), see https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager-satellite.html. To configure the Call Home service for the Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite), perform this procedure:...
Page 120
Call Home Example: configuration mode. Device(config-call-home-profile)# exit Step 14 exit Exits Call Home configuration mode and returns to global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
• Network Essentials • Network Advantage (includes Network Essentials) Add-on licenses—These can be subscribed for a fixed term of three, five, or seven years. • Digital Networking Architecture (DNA) Essentials System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Note Downgrading a device from Cisco IOS XE Fuji 16.9.1 to any prior release will migrate the smart license to traditional license. All smart license information on the device will be removed. In case the device needs to be upgraded back to Cisco IOS XE Fuji 16.9.1, the license status will remain in evaluation mode until the...
Page 124
Step 9 Check the Allow export-controlled functionality on the products registered with this token checkbox. Enabling this checkbox ensures Cisco compliance with US and country-specific export policies and guidelines. For more information, see https://www.cisco.com/c/en/us/about/legal/global-export-trade.html. Step 10 Click Create Token to create a token.
Verifying the License Status After Registration To verify the status of a license after registration, use the show license all command. Device> enable Device# show license all Smart Licensing Status ====================== System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 126
Export status: NOT RESTRICTED Product Information =================== UDI: PID:C9500-48Y4C,SN:CAT2150L5HK Agent Version ============= Smart Agent for Licensing: 4.5.2_rel/32 Component Versions: SA:(1_3_dev)1.0.15, SI:(dev22)1.2.1, CH:(rel5)1.0.3, PK:(dev18)1.0.3 Reservation Info ================ License reservation: DISABLED System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Canceling a Device's Registration in CSSM Canceling a Device's Registration in CSSM When your device is taken off the inventory, shipped elsewhere for redeployment, or returned to Cisco for replacement using the return merchandise authorization (RMA) process, you can use the deregister command to cancel the registration of your device.
Displays all the entitlements in use. Additionally, it shows the associated licensing certificates, compliance status, UDI, and other details. show tech-support license Displays the detailed debug output. Displays the license usage information. show license usage System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
APF-.-WLC_.* warning major Example: Viewing the License Information Before Registering Example To display the license entitlements, use the show license all command: Device> enable Device# show license all System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 130
Component Versions: SA:(1_3_dev)1.0.15, SI:(dev22)1.2.1, CH:(rel5)1.0.3, PK:(dev18)1.0.3 Reservation Info ================ License reservation: DISABLED Example To display the license usage information, use the show license usage command: Device> enable Device# show license usage License Authorization: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 131
Device# show license status Smart Licensing is ENABLED Utility: Status: DISABLED Data Privacy: Sending Hostname: yes Callhome hostname privacy: DISABLED Smart Licensing hostname privacy: DISABLED Version privacy: DISABLED Transport: Type: Callhome System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Last Communication Attempt: SUCCEEDED on Jul 31 17:30:02 2018 IST Next Communication Attempt: Aug 30 17:30:01 2018 IST Communication Deadline: Oct 29 17:24:12 2018 IST Export Authorization Key: Features Authorized: Utility: Status: DISABLED System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 136
CLI. Support for this feature was introduced on all models of Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn...
This feature is not supported on the C9500-32C, C9500-32QC, C9500-48Y4C, and C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Application Visibility and Control (AVC) is a critical part of Cisco’s efforts to evolve its Branch and Campus solutions from being strictly packet and connection based to being application-aware and application-intelligent.
Multiple set and police including policy-map webex-policy Ingress and egress class webex-class default set dscp af31 police 4000000 class class-webex-category set dscp ef police 6000000 class class-default set dscp <> System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
NBAR2 match criteria will not be allowed in a policy that has queuing features configured. • ‘Match Protocol’: up to 255 concurrent different protocols in all policies (8 bits HW limitation). • AVC is not supported on management port (Gig 0/0). System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Guide). • Starting with Cisco IOS XE 16.12.1 release, a new flow record has been included - the DNS flow record. The DNS flow record is similar to the 5-tuple record and includes the DNS domain name field. It accounts only for DNS related fields.
Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Creating a Policy Map Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 143
(b/s). The range is 80000 8000 to 10000000000. • For burst-byte, specify the normal burst size in bytes. The range is 1000 to 512000000. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
The legacy bidirectional records are client/server application statistics records, and the new directional records are application-stats for input/output. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 145
(flow responder). Example: Device(config-flow-record)# match connection server ipv4 address Step 9 Specifies a match to the transport port of the match connection server transport port server. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 146
Specifies to collect the number of connection initiations observed. Example: Device(config-flow-record)# collect connection new-connections Step 14 collect connection client counter packets Specifies to collect the number of packets sent long by the client. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 147
Device(config)# end Step 21 show flow record Displays information about all the flow records. Example: Device# show flow record Flow Record 2 - Bidirectional Flow Record System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 148
Step 9 match connection server ipv4 address Specifies a match to the IPv4 address of the server (flow responder). Example: Device(config-flow-record)# match connection server ipv4 address System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 149
For wired AVC, the initiator keyword is always set to initiator. Step 14 collect connection new-connections Specifies to collect the number of connection initiations observed. Example: Device(config-flow-record)# collect connection new-connections System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 150
Step 22 show flow record Displays information about all the flow records. Example: Device# show flow record Directional Flow Records Flow Record 3 - Directional Flow Record - Ingress System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 151
Specifies a match to the transport destination port as a key field. Example: Device(config-flow-record)# match transport destination-port Step 10 match interface input Specifies a match to the input interface as a key field. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 152
Device(config)# end Step 18 show flow record Displays information about all the flow records. Example: Device# show flow record Flow Record 4 - Directional Flow Record - Egress System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 153
Specifies a match to the transport destination port as a key field. Example: Device(config-flow-record)# match transport destination-port Step 10 match interface output Specifies a match to the output interface as a key field. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 154
Device(config)# end Step 18 show flow record Displays information about all the flow records. Example: Device# show flow record DNS Flow Record Flow Record 5 - DNS Flow Record System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 155
Step 9 match connection server ipv4 address Specifies a match to the IPv4 address of the server (flow responder). Example: Device(config-flow-record)# match connection server ipv4 address System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 156
: • 0x01 = Initiator - the flow source is the initiator of the connection For wired AVC, the initiator keyword is always set to initiator. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 157
Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Creating a Flow Exporter You can create a flow exporter to define the export parameters for a flow. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 158
Displays flow exporter statistics. Example: Device# show flow exporter statistics Creating a Flow Monitor You can create a flow monitor and associate it with a flow record. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 159
Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Step 8 show flow monitor Displays information about all the flow monitors. Example: Device# show flow monitor System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 160
You can attach two different wired AVC monitors with different predefined records to an interface at the same time. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 162
To extend an existing application, use the command ip nbar custom application-name dns domain-name domain-name extends existing-application. For more information on DNS based customization, see http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ qos_nbar/configuration/xe-3s/asr1000/qos-nbar-xe-3s-asr-1000-book/nbar-custapp-dns-xe.html. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 163
LAYER4CUSTOM Custom MYDNS Custom MYDOMAIN Custom MYHTTP Custom MYSSL Custom show ip nbar protocol-discovery protocol CUSTOM_APP Device# show ip nbar protocol-id MYSSL Protocol Name type ---------------------------------------------- MYSSL Custom System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Protocol packs are software packages that update the NBAR2 protocol support on a device without replacing the Cisco software on the device. A protocol pack contains information on applications officially supported by NBAR2 which are compiled and packed together. For each application, the protocol-pack includes information on application signatures and application attributes.
The following example shows how to revert to the built-in protocol pack: Device> enable Device# configure terminal Device(config)# default ip nbar protocol-pack Device(config)# exit Monitoring Application Visibility and Control This section describes the new commands for application visibility. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Answer: For each new flow, it takes a few packets to classify it and install the result in the hardware. During this time, the classification would be 'un-known' and traffic will fall under the default queue. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
DNS Domain-Name as the collect field for defining the flow record. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 180
Configuring Application Visibility and Control in a Wired Network Feature History for Application Visibility and Control in a Wired Network System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Switch Device Manager (SDM) templates can be used to configure system resources and optimize support for specific features. However standard SDM templates are defined based on how the device is deployed in the network. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 182
A custom SDM template will allow you to configure the features of the template based on your requirements and not the location of the device in the network. Starting with the Cisco IOS XE Amsterdam 17.3.1 release, you can configure a custom SDM template for Forwarding Information Base (FIB) using the sdm prefer custom fib command.
Page 183
For features where the scale value can be set to zero, you need to specify the scale value as zero. If not, the default value will be assigned as the scale value. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
If the standby Supervisor is configured with a different custom template than the active Supervisor, the Customizable SDM Template of the active Supervisor is configured on the standby Supervisor during initialization. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
When a device with a customizable SDM template for FIB features undergoes a downgrade to a release earlier than the Cisco IOS XE Amsterdam 17.3.1 release, you need to change the SDM template to a static SDM template before the downgrade. You can change the template using the sdm prefer template name command.
Page 186
EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Configuration Examples for SDM Templates Examples: Displaying SDM Templates The following example output shows the core template information on Cisco Catalyst 9500 Series Switches: Device# show sdm prefer core This is the Core template. Security Ingress IPv4 Access Control Entries*:...
Page 188
* values can be modified by sdm cl These values can vary depending on device and version. The following example output shows the NAT template information on Cisco Catalyst 9500 Series Switches: Device# show sdm prefer nat This is the NAT template.
Page 189
16384 Ipv4/Ipv6 Direct and Indirect unicast routes share same space * values can be modified by sdm cli The following example output shows the distribution template information on Cisco Catalyst 9500 Series Switches: Device# show sdm prefer distribution This is the Distribution template.
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 191
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 192
Configuring SDM Templates Feature History for SDM Templates System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
You can remotely monitor system messages by viewing the logs on a syslog server or by accessing the switch through Telnet, through the console port, or through the Ethernet management port. In a switch stack, all member switch consoles provide the same console output. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Single-digit code from 0 to 7 that is the severity of the message. MNEMONIC Text string that uniquely describes the message. description Text string containing detailed information about the event being reported. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
The history table lists the level keywords and severity level. For SNMP usage, the severity level values increase by 1. For example, emergencies equal 1, not 0, and critical equals 3, not 2. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Stores log messages in a file in flash memory [min-file-size]] [severity-level-number | type] on a standalone switch or, in the case of a switch stack, on the active switch . Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
After the unsolicited messages appear, the console again displays the user prompt. This task is optional. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 198
• (Optional) level all Specifies that all messages are printed asynchronously regardless of the severity level. • (Optional) limit number-of-buffers Specifies the number of buffers to be queued for the terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
By default, sequence numbers in log messages are not displayed. This task is optional. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
0 to 500 messages. Device(config)# logging history size 200 Step 4 Returns to privileged EXEC mode. Example: Device(config)# end Logging Messages to a UNIX Syslog Daemon This task is optional. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 203
Make sure the syslog daemon reads the new For more information, see the man syslog.conf changes. and man syslogd commands on your UNIX system. Example: $ kill -HUP `cat /etc/syslog.pid` System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 205
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 206
Configuring System Message Logs Feature History for System Message Logs System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
After you configure online diagnostics, you can manually start diagnostic tests or display the test results. You can also see which tests are configured for the device or switch stack and the diagnostic tests that have already run. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Do not disable. Run this as an on-demand test, and as a health-monitoring test if the administrator is down. Default Intitial release Cisco IOS XE Everest 16.6.1. Corrective action – Hardware support Supervisors and linecards. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 209
This Scratch Register test monitors the health of ASICs by writing values into registers and reading back the values from these registers. Attribute Description Disruptive or Nondisruptive Nondisruptive. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 210
Default Off. Intitial release Cisco IOS XE Everest 16.6.1. Corrective action If the test fails, check the stack cables and connectors. Hardware support Supervisors. DiagMemoryTest System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 211
This test periodically monitors data-path traffic in the transmitted direction of each network port that is physically connected to a device with status as UP. This test is completed within a millisecond per port. It System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 212
ASIC level to verify that the ports are not stuck. It also displays syslog messages, and users can take corrective actions using the Cisco IOS Embedded Event Manager (EEM). Configure the time interval and threshold by entering the diagnostic monitor interval and diagnostic monitor threshold commands, respectively.
Page 213
Hardware support All modules. TestThermal This test verifies the temperature reading from a device sensor if it is below the yellow temperature threshold. This test runs every 90 seconds. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 214
Default Intitial release Cisco IOS XE Amsterdam 17.2.1. Corrective action Displays a syslog message if the test fails. Hardware support All modules. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
• test-id: Enters the ID number of the test. • test-id-range: Enters the range of test IDs by using integers separated by a comma and a hyphen. • all: Starts all of the tests. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
• test-id-range: ID numbers of the tests that appear in the show diagnostic content command output. • all: All test IDs. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Purpose Step 1 enable Enables privileged EXEC mode. Example: Enter your password, if prompted. Device> enable Step 2 Enters global configuration mode. configure terminal Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 218
When specifying the tests, use one of these Example: parameters: • name: Name of the test that appears in Device(config)# diagnostic monitor the show diagnostic content command threshold switch 2 test 1 failure count output. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 219
Step 9 (Optional) Verifies your entries. show running-config Example: Device# show running-config Step 10 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
C9500-16X, C9500-24Q, C9500-40X models of the Cisco Catalyst 9500 Series Switches. show post show diagnostic events {event-type | module} Displays diagnostic events such as error, information, or warning based on the test result. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Examples: Displaying Online Diagnostics This example shows how to display on demand diagnostic settings: Device# show diagnostic ondemand settings Test iterations = 1 Action on test failure = continue System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 222
The below example is not applicable to the C9500-12Q, C9500-16X, C9500-24Q, C9500-40X models of the Cisco Catalyst 9500 Series Switches. This example shows how to display the boot up level: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 224
Configuring Online Diagnostics Feature Information for Configuring Online Diagnostics System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Restrictions for Managing Configuration Files • Many of the Cisco IOS commands described in this document are available and function only in certain configuration modes on the device. • Some of the Cisco IOS configuration commands are only available on certain device platforms, and the command syntax may vary on different platforms.
To enter configuration mode on the device, enter the configure command at the privileged EXEC prompt. The Cisco IOS software responds with the following prompt asking you to specify the terminal, memory, or a file stored on a network server (network) as the source of configuration commands:...
In some implementations of TFTP, you must create a dummy file on the TFTP server and give it read, write, and execute permissions before copying a file over it. Refer to your TFTP documentation for more information. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
You also can enable rcp support to allow users on remote systems to copy files to and from the device. To configure the Cisco IOS software to allow remote users to copy files to and from the device, use the ip rcmd rcp-enable global configuration command.
The RCP protocol requires a client to send a remote username on each RCP request to a server. When you copy a configuration file from the device to a server using RCP, the Cisco IOS software sends the first valid username it encounters in the following sequence: 1.
The configurations are copied onto the TFTP server. Then, login to another switch and run the command copy tftp: startup-config and follow the instructions. The configurations are now copied onto the other switch. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Release 10.0 or later release boot ROMs. Installing new ROMs is a one-time operation and is necessary only if you do not already have Cisco IOS Release 10.0 in ROM. If the boot ROMs do not recognize a compressed configuration, the following message is displayed:...
Device# show running-config Step 5 show startup-config Displays the contents of the startup configuration file. (Command alias for the more Example: nvram:startup-config command.) Device# show startup-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
NVRAM. Modifying the Configuration File The Cisco IOS software accepts one configuration command per line. You can enter as many configuration commands as you want. You can add comments to a configuration file describing the commands you have entered. Precede a comment with an exclamation point (!). Because comments are not stored in NVRAM or in the active copy of the configuration file, comments do not appear when you list the active configuration with the show running-config or more system:running-config EXEC commands.
Copying a Configuration File from the Device to a TFTP Server To copy configuration information on a TFTP network server, complete the tasks in this section: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
To copy a startup configuration file or a running configuration file from the device to an RCP server, use the following commands beginning in privileged EXEC mode: Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Storing a Startup Configuration File on an RCP Server The following example shows how to store a startup configuration file on a server by using RCP to copy the file: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
(Optional) Specifies the default password. ip ftp password password Example: Device(config)# ip ftp password adminpassword Step 5 (Optional) Exits global configuration mode. This step is required only if you override the Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Example: Device# copy tftp://server1/dir10/datasource flash:startup-config Examples In the following example, the software is configured from the file named tokyo-confg at IP address 172.16.2.155: Device# copy tftp://172.16.2.155/tokyo-confg system:running-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
• copy r cp:[[[/ / [ username@]l o cat i o n]/ d i r ect o ry]/ f i l e name]n vram:startup-conf i g Example: Device# copy System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
To copy a configuration file from an FTP server to the running configuration or startup configuration, complete the tasks in this section: Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
IP address of 172.16.101.101, and loads and runs the commands on the device: device# copy ftp://netadmin1:[email protected]/host1-confg system:running-config Configure using host1-confg from 172.16.101.101? [confirm] Connected to 172.16.101.101 Loading 1112 byte file host1-confg:![OK] System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
] • The source device and the destination Example: device cannot be the same. For example, the copy usbflash0: usbflash0: command is invalid. Device# copy flash: usbflash0: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Step 2 configure terminal (Optional) Enters global configuration mode. This step is required only if you override the Example: default remote username or password (see Steps 3 and 4). System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Example: • Enter your password if prompted. Device> enable Step 2 configure terminal (Optional) Enters global configuration mode. This step is required only if you override the Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
The following example shows the copying of the configuration file named switch-config from a TFTP server to the flash memory card inserted in usbflash0. The copied file is renamed new-config. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Specifying the CONFIG_FILE Environment Variable on Class A Flash File Systems On Class A flash file systems, you can configure the Cisco IOS software to load the startup configuration file specified by the CONFIG_FILE environment variable. The CONFIG_FILE variable defaults to NVRAM.
The erase nvram:startup-config EXEC command erases the contents of NVRAM and deletes the file pointed to by the CONFIG_FILE environment variable. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
NVRAM, the device enters the Setup command facility. Configuring the Device to Download the Network Configuration File To configure the Cisco IOS software to download a network configuration file from a server at startup, complete the tasks in this section:...
Device# copy system:running-config nvram:startup-config Configuring the Device to Download the Host Configuration File To configure the Cisco IOS software to download a host configuration file from a server at startup, complete the tasks in this section: Procedure Command or Action...
Page 258
Step 5 Exits global configuration mode. Example: Device(config)# end Step 6 Saves the running configuration to the startup copy system:running-config nvram:startup-config configuration file. Example: Device# copy system:running-config nvram:startup-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 260
Managing Configuration Files Feature History for Managing Configuration Files System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
SCP allows only users with a privilege level of 15 to copy a file in the Cisco IOS File System (Cisco IFS) to and from a device by using the copy command. An authorized administrator can also perform this action from a workstation.
How to Configure Secure Copy The following sections provide information about the Secure Copy configuration tasks. Configuring Secure Copy To configure a Cisco device for SCP server-side functionality, perform the following steps. Procedure Command or Action Purpose...
Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Example: Enter your password, if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 264
Device(config)# ip ssh authentication-retries 3 Step 9 ip scp server enable Enables the device to securely copy files from a remote workstation. Example: Device(config)# ip scp server enable System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Support for this feature was introduced only on the C9500-12Q, C9500-16X, C9500-24Q, C9500-40X models of the Cisco Catalyst 9500 Series Switches. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 267
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 268
Secure Copy Feature Information for Secure Copy System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
The format of the configuration files used as input by the Configuration Replace and Configuration Rollback feature must comply with standard Cisco software configuration file indentation rules as follows: • Start all commands on a new line with no indentation, unless the command is within a configuration submode.
Rollback Configuration Archive The Cisco IOS configuration archive is intended to provide a mechanism to store, organize, and manage an archive of Cisco IOS configuration files to enhance the configuration rollback capability provided by the configure replace command. Before this feature was introduced, you could save copies of the running configuration using the copy running-config destination-url command, storing the replacement file either locally or remotely.
The configure replace privileged EXEC command provides the capability to replace the current running configuration with any saved Cisco IOS configuration file. This functionality can be used to revert to a previous configuration state, effectively rolling back any configuration changes that were made since the previous configuration state was saved.
Cisco IOS configuration rollback capability uses the concept of reverting to a specific configuration state based on a saved Cisco IOS configuration file. This concept is similar to the database idea of saving a checkpoint (a saved version of the database) to preserve a specific state.
No prerequisite configuration is needed to use the configure replace command. Using the configure replace command in conjunction with the Cisco IOS configuration archive and the archive config command is optional but offers significant benefit for configuration rollback scenarios. Before using the archive config command, the configuration archive must be configured.
Device# archive config command. Performing a Configuration Replace or Configuration Rollback Operation Perform this task to replace the current running configuration file with a saved Cisco IOS configuration file. Note You must create a configuration archive before performing this procedure. See...
Page 275
• The nolock keyword disables the locking of the running configuration file that prevents other users from changing the running configuration during a configuration replace operation. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 276
Use this command only if the time Device# configure confirm seconds keyword and argument of the configure replace command are specified. Step 5 exit Exits to user EXEC mode. Example: Device# exit System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Device> enable Device# Step 2 show archive Use this command to display information about the files saved in the Cisco IOS configuration archive. Example: Device# show archive There are currently 1 archive configurations saved. The next archive file will be named flash:myconfiguration-2...
Page 278
Configuration Replace and Configuration Rollback Monitoring and Troubleshooting the Feature Step 3 debug archive versioning Use this command to enable debugging of the Cisco IOS configuration archive activities to help monitor and troubleshoot configuration replace and rollback. Example: Device# debug archive versioning 9 06:46:28.419:backup_running_config...
Configuration Rollback Creating a Configuration Archive The following example shows how to perform the initial configuration of the Cisco IOS configuration archive. In this example, flash:myconfiguration is specified as the location and filename prefix for the files in the configuration archive and a value of 10 is set as the maximum number of archive files to be saved.
Reverting to the Startup Configuration File The following example shows how to revert to the Cisco IOS startup configuration file using the configure replace command. This example also shows the use of the optional force keyword to override the interactive...
Additional References for Configuration Replace and Configuration Rollback Related Documents Related Topic Document Title For complete syntax and usage information for Command Reference (Catalyst 9500 Series Switches) the commands used in this chapter. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
ROMMON in the primary SPI flash device, if a new version is applicable, and the release you are upgrading from is Cisco IOS XE Gibraltar 16.12.1 or a later release. (So if you upgrade from Cisco IOS XE Gibraltar 16.11.1 for example, a manual upgrade does not apply; the ROMMON is...
• If bootloader protection is already active, IOS copies the secure update capsule to bootflash and the device reboots. • When the device reboots, secure update capsule is picked for performing the upgrade. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 286
BIOS Protection Feature History for BIOS Protection System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
An SMU provides a significant benefit over classic Cisco IOS software because it allows you to address network issues quickly while reducing the time and scope of the testing required. The Cisco IOS XE platform internally validates SMU compatibility and does not allow you to install noncompatible SMUs.
3. Commit the SMU changes so that it is persistent across reloads. SMU Workflow The SMU process is initiated with a request to the Cisco Customer Support. Contact your customer support to raise an SMU request. At release time, the SMU package is posted to the...
Example: Managing an SMU Note • The examples used in this section are of hot patching SMU. The following example shows how to copy an SMU file to flash: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 291
C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin 16.9.1.0.43131 -------------------------------------------------------------------------------- Auto abort timer: inactive -------------------------------------------------------------------------------- The following example shows how to activate an added SMU package file: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 292
[ Switch 1 ] Active Package(s) Information: State (St): I - Inactive, U - Activated & Uncommitted, C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 293
[1] SMU_ROLLBACK package(s) on switch 1 [1] Finished SMU_ROLLBACK on switch 1 Checking status of SMU_ROLLBACK on [1] SMU_ROLLBACK: Passed on [1] Finished SMU Rollback operation SUCCESS: install_rollback /flash/cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin Mon System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 294
Auto abort timer: active on install_deactivate, time before rollback - 01:59:50 -------------------------------------------------------------------------------- The following example shows how to remove an SMU from the device: Device# install remove file flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 296
Support for this enhancement was introduced on all models of Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Device# show file systems Size(b) Free(b) Type Flags Prefixes - - opaque rw system: - - opaque rw tmpsys: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 298
(for example, the system) or a download interface, such as brimux. unknown—The file system is an unknown type. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
You can view a list of the contents of a file system before manipulating its contents. For example, before copying a new configuration file to flash memory, you might want to verify that the file system does not System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Command or Action Purpose Step 1 Displays the directories on the specified file dir filesystem: system. Example: For filesystem:, use flash: for the system board flash device. Device# dir flash: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
You can create a file and write files into it, list the files in a file, and extract the files from a file as described in the next sections. Beginning in privileged EXEC mode, follow these steps to create a file, display the contents, and extract it: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 304
Only those files appear. If none are specified, all files and directories appear. Step 3 archive tar /xtract source-url flash:/file-url Extracts a file into a directory on the flash file [dir/file...] system. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 306
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Factory reset erases all the customer-specific data stored in a device and restores the device to its original configuration at the time of shipping. Data that is erased includes configurations, log files, boot variables, System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
The factory reset process is used in the following scenarios: • Return Material Authorization (RMA) for a device: If you have to return a device to Cisco for RMA, remove all the customer-specific data before obtaining an RMA certificate for the device.
Page 309
The range is from 1 to 16. • all: Selects all the switches in the stack. After the factory reset process is successfully completed, the device reboots and enters ROMmon mode. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
DO NOT UNPLUG THE POWER OR INTERRUPT THE OPERATION Are you sure you want to continue? [confirm] The following examples shows how to perform a factory reset on switches in a Cisco StackWise Virtual solution: Device> enable Device# factory-reset switch 2 all The factory reset operation is irreversible for all operations.
Page 311
% FACTORYRESET - Factory Reset Done for flash3 % FACTORYRESET - Unmounting flash7 % FACTORYRESET - Cleaning Up flash7 % FACTORYRESET - In progress.. please wait for completion... System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
For complete syntax and usage information for the Command Reference commands used in this chapter. Feature History for Performing a Factory Reset This table provides release and related information for features explained in this module. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 314
Cisco StackWise Virtual enabled devices is Cisco StackWise Virtual introduced. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
The file is in ‘plain text’ format. Device#show parser encrypt file status Feature: Enabled File Format: Plain Text System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 318
Configuring Secure Storage Feature Information for Secure Storage System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
It allows you to observe detailed debugs for granular instances within the system. This is very useful when we need to debug only a particular session among thousands of sessions. It is also possible to specify multiple conditions. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
/crashinfo/tracelogs. In the archive directory, up to 25 files are accumulated, after which the oldest one is replaced by the newly rotated file from /tmp. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
# request platform software trace archive last 2 days Step 7 show platform software trace [filter-binary (Optional) Displays logs merged from the latest | level | message] tracefile. Filter on any combination of System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
MAC address ip Group IP address vlan id level debug level System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Copy to system: file system tftp: Copy to tftp: file system tmpsys: Copy to tmpsys: file system The general syntax for copying onto a TFTP server is as follows: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
MAC Address 0024.D7C7.0054 N/A Feature Condition Type Value -----------------------|-----------------------|-------------------------------- Packet Infra debugs: Ip Address Port ------------------------------------------------------|---------- Device# The following is a sample of the debug platform condition stop command. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 326
Conditional Debug and Radioactive Tracing Feature History for Conditional Debugging and Radioactive Tracing System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
In some debugging scenarios, the Cisco TAC engineer may have to collect certain debug information or perform live debug on a production system. In such cases, the Cisco TAC engineer will ask you (the network System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
When you request access to system shell, you need to be authorized. You must first run the command to generate a challenge using the Consent Token feature on your device. The device generates a unique challenge as output. You must then copy this challenge string and send it to a Cisco Authorized Personnel through e-mail or Instant Message.
The Cisco Authorized Personnel processes the unique challenge string and generates a response. The response is also a base-64 string that is unique. The Cisco Authorized Personnel copies this response string and sends it to you through e-mail or Instant Message.
Page 330
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
C H A P T E R Troubleshooting the Software Configuration This chapter describes how to identify and resolve software problems related to the Cisco IOS software on the switch. Depending on the nature of the problem, you can use the command-line interface (CLI), Device Manager, or Network Assistant to identify and solve problems.
Layer 2 Traceroute Guidelines • Cisco Discovery Protocol (CDP) must be enabled on all the devices in the network. For Layer 2 traceroute to function properly, do not disable CDP. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
You can use IP traceroute to identify the path that packets take through the network on a hop-by-hop basis. The command output displays all network layer (Layer 3) devices, such as routers, that the traffic passes through on the way to the destination. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
System reports or crashinfo files save information that helps Cisco technical support representatives to debug problems that caused the Cisco IOS image to fail (crash). It is necessary to quickly and reliably collect critical crash information with high fidelity and integrity. Further, it is necessary to collect this information and bundle it in a way that it can be associated or identified with a specific crash occurrence.
Page 335
TAC while troubleshooting the issue. The system report generated can be further copied using TFTP, HTTP and few other options. Device# copy crashinfo: ? crashinfo: Copy to crashinfo: file system System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
You can use the onboard failure logging (OBFL) feature to collect information about the device. The information includes uptime, temperature, and voltage information and helps Cisco technical support representatives to troubleshoot device problems. We recommend that you keep OBFL enabled and do not erase the data stored in the flash memory.
You should manually set the system clock or configure it by using Network Time Protocol (NTP). When the device is running, you can retrieve the OBFL data by using the show logging onboard privileged EXEC commands. If the device fails, contact your Cisco technical support representative to find out how to retrieve the data.
Before you begin Note Emergency install feature is not supported on the Cisco Catalyst 9500 Series High Performance Switches. This recovery procedure requires that you have physical access to the switch. This procedure uses boot loader commands and TFTP to recover from a corrupted or incorrect image file.
Page 339
For more details, see the documentation or "License Notice" file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. FIPS: Flash Key Check : Begin System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 340
If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected].
Page 341
System Bootstrap, Version 16.5.2r, RELEASE SOFTWARE (P) Compiled Wed 05/31/2017 15:58:35.22 by rel Current image running: Primary Rommon Image Last reset cause: SoftwareReload C9X00 platform with 8388608 Kbytes of main memory System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Ctrl-C to kill the bootup sequence. For Cisco Catalyst 9500 Series Switches, reconnect the power cord to the switch or the active switchAs soon as the System LED blinks, press and release the Mode button 2-3 times. The switch enters the ROMMON mode.
Ignore the startup configuration with the following command: Device: SWITCH_IGNORE_STARTUP_CFG=1 Step 2 Boot the switch with the packages.conf file from flash. Device: boot flash:packages.conf Step 3 Terminate the initial configuration dialog by answering No. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 344
Set the SWITCH_IGNORE_STARTUP_CFG parameter to 0. Device(config)# no system ignore startupconfig switch all Device(config)# end Device# write memory Step 12 Boot the device with the packages.conf file from flash. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
• Make sure that the device that you add to or remove from the switch stack are powered off. For all powering considerations in switch stacks, see the “Switch Installation” chapter in the hardware installation guide. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
If a remote device does not autonegotiate, configure the duplex settings on the two ports to match. The speed parameter can adjust itself even if the connected port does not autonegotiate. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
SFP modules and module interfaces. If you are using a non-Cisco SFP module, remove the SFP module from the device, and replace it with a Cisco module. After inserting a Cisco SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time interval for recovering from the error-disabled state.
Possible destinations include the console, virtual terminals, internal buffer, and UNIX hosts running a syslog server. The syslog format is compatible with 4.3 Berkeley Standard Distribution (BSD) UNIX and its derivatives. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
For more information about the commands in this section, see the command reference for this release. Verifying Troubleshooting of the Software Configuration Displaying OBFL Information Table 18: Commands for Displaying OBFL Information - Cisco Catalyst 9500 Series Switches - High Performance Command Purpose...
Page 352
Displays the UDI information for a standalone switch or the specified stack members and for Device# show onboard switch 1 environment all the connected FRU devices: the PID, the VID, and the serial number. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
This example shows normal CPU utilization. The output shows that utilization for the last 5 seconds is 8%/0%, which has this meaning: • The total CPU utilization is 8 percent, including both time running Cisco IOS processes and time spent handling interrupts.
Page 354
CPU time. troubleshoot the root cause. See the spent on interrupts. This is usually triggered by an section on “Debugging Active event that activated the process. Processes.” System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
(available PoE). Use the show power inline command to verify the amount of available power. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 356
If there is still no PoE at any port, a fuse might be open in the PoE section of the power supply. This normally produces an alarm. Check the log again for alarms reported earlier by system messages. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
This example shows how to ping an IP host: Device# ping 172.20.52.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 172.20.52.3, timeout is 2 seconds: !!!!! System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Table 23: Traceroute Output Display Characters Character Description The probe timed out. Unknown packet type. Administratively unreachable. Usually, this output means that an access list is blocking traffic. Host unreachable. Network unreachable. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 360
Troubleshooting the Software Configuration Feature History for Troubleshooting Software Configuration System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)