Page 1 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches) First Published: 2020-03-30 Last Modified: 2020-05-08 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883...
Page 2 Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks.
Page 3 MAC Addresses and VLANs MAC Addresses and Device Stacks Default MAC Address Table Settings ARP Table Management How to Administer the Device Configuring the Time and Date Manually System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 4: Table Of Contents
Example: Configuring MAC Threshold Notification Traps Example: Adding the Static Address to the MAC Address Table Example: Configuring Unicast MAC Address Filtering Additional References for Device Administration Feature History for Device Administration System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 5 How to Control Environment Variables Common Environment Variables Environment Variables for TFTP Scheduled Reload of the Software Image How to Perform Device Setup Configuration Configuring DHCP Autoconfiguration (Only Configuration File) System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 6 Configuring the Call Home Service for Direct Cloud Access through an HTTPs Proxy Server Configuring the Call Home Service for Cisco Smart Software Manager On-Prem Configuring the License Level Registering a Device on CSSM System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 7 Feature History for Application Visibility and Control in a Wired Network C H A P T E R 6 Configuring SDM Templates Information About SDM Templates Customizable SDM Template System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 8 Logging Messages to a UNIX Syslog Daemon Monitoring and Maintaining System Message Logs Monitoring Configuration Archive Logs Configuration Examples for System Message Logs Example: Switch System Message System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches) viii...
Page 9 Copying a Configuration File from the Device to an RCP Server Copying a Configuration File from the Device to an FTP Server Copying files through a VRF Copy Configuration Files from a Switch to Another Switch System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 10 Copying a Configuration File from a TFTP Server to Flash Memory Devices Re-executing the Configuration Commands in the Startup Configuration File Clearing the Startup Configuration Deleting a Specified Configuration File System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 11 How to Use Configuration Replace and Configuration Rollback Creating a Configuration Archive Performing a Configuration Replace or Configuration Rollback Operation Monitoring and Troubleshooting the Feature Configuration Examples for Configuration Replace and Configuration Rollback System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 12 Working with the Flash File System Information About the Flash File System Displaying Available File Systems Setting the Default File System Displaying Information About Files on a File System System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 13 Topic 2 Topic 2.1 Introduction to Conditional Debugging Introduction to Radioactive Tracing How to Configure Conditional Debug and Radioactive Tracing Conditional Debugging and Radioactive Tracing Location of Tracefiles System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches) xiii...
Page 14 How to Troubleshoot the Software Configuration Recovering from a Software Failure Recovering from a Lost or Forgotten Password Procedure with Password Recovery Enabled Procedure with Password Recovery Disabled Preventing Switch Stack Problems System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 15 Configuration Examples for Troubleshooting Software Example: Pinging an IP Host Example: Performing a Traceroute to an IP Host Additional References for Troubleshooting Software Configuration Feature History for Troubleshooting Software Configuration System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 16 Contents System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 17: Topic
You can manage the system time and date on your device using automatic configuration methods (RTC and NTP), or manual configuration methods. Note For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference on Cisco.com. System Clock The basis of the time service is the system clock.
Page 18: Topic
Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that the time service for your network be derived from the public NTP servers available on the IP Internet.
Page 19 Figure 1: Typical NTP Network Configuration If the network is isolated from the Internet, Cisco’s implementation of NTP allows a device to act as if it is synchronized through NTP, when in fact it has learned the time by using other means. Other devices then synchronize to that device through NTP.
Page 20 20 clients. Broadcast-based NTP associations are also recommended for use on networks that have limited bandwidth, system memory, or CPU resources. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 21 The authentication process begins from the moment an NTP packet is created. Cryptographic checksum keys are generated using the message digest algorithm 5 (MD5) and are embedded into the NTP synchronization System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 22 The following figure shows a typical network example using NTP. Switch A is the primary NTP, with the Switch B, C, and D configured in NTP server mode, in server association with Switch A. Switch E is configured System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 23 A greater-than symbol [>] is appended. The prompt is updated whenever the system name changes. For complete syntax and usage information for the commands used in this section, see the Cisco IOS Configuration Fundamentals Command Reference, Release 12.4 and the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.4.
Page 24 (.) as the delimiting characters. For example, Cisco Systems is a commercial organization that IP identifies by a com domain name, so its domain name is cisco.com. A specific device in this domain, for example, the File Transfer Protocol (FTP) system is identified as ftp.cisco.com.
Page 25 The MAC address tables on all stack members are synchronized. At any given time, each stack member has the same copy of the address tables for each VLAN. When an address ages out, the address is removed from System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 26 You must reconfigure this setting if you have manually configured the system clock before the device fails and a different stack member assumes the role of the device. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 27: Setting The System Clock
Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 28: Configuring Summer Time (Daylight Saving Time)
To configure summer time (daylight saving time) in areas where it starts and ends on a particular day of the week each year, perform this task: Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 29 • (Optional) hh:mm Specifies the time (24-hour format) in hours and minutes. • (Optional) offset Specifies the number of minutes to add during summer time. The default is 60. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 30: Configuring Ntp
No access control is specified. NTP packet source IP address The source address is set by the outgoing interface. NTP is enabled on all interfaces by default. All interfaces receive NTP packets. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 31: Configuring Ntp Authentication
1 to 32 bytes. • hmac-sha2-256: Authentication using HMAC using the SHA2 hash function. The digest length is 256 bits and the key length is 1 to 32 bytes System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 32: Configuring Poll-Based Ntp Associations
Purpose Step 1 Enables privileged EXEC mode. enable Example: Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 33 • prefer: Sets this peer as the preferred one that provides synchronization. This keyword reduces clock hop among peers. Use the no form of this command to remove a server association. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 34: Configuring Broadcast-Based Ntp Associations
Use the no form of this command to disable the interface from sending NTP broadcast packets. Step 5 [no] ntp broadcast client Enables the interface to receive NTP broadcast packets. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 35: Configuring Ntp Access Restrictions
Example: Device# configure terminal Step 3 [no] ntp access-group {query-only | Create an access group, and apply a basic IP access list.. serve-only | serve | peer} access-list-number System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 36 Returns to privileged EXEC mode. Example: Device(config)# end Disabling NTP Services on a Specific Interface To disable NTP packets from being received on an interface, perform this procedure: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 37: Configuring A System Name
Follow these steps to manually configure a system name: Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 38: Setting Up Dns
If there is a period (.) in the hostname, the Cisco IOS software looks up the IP address without appending any default domain name to the hostname.
Page 39 Internet naming scheme (DNS). Step 6 Returns to privileged EXEC mode. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 40: Configuring A Message-Of-The-Day Login Banner
This is a secure site. Only signifies the beginning and end of the banner authorized users are allowed. text. Characters after the ending delimiter are For access, contact technical discarded. support. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 41: Configuring A Login Banner
Device# configure terminal Step 3 banner login c message c Specifies the login message. Example: Enters the delimiting character of your choice, for example, a pound sign (#), and press System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 42: Managing The Mac Address Table
Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 43: Configuring Mac Address Change Notification Traps
Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 44 Device(config)# mac address-table notification change interval 123 generated to the NMS. The range is 0 to Device(config)#mac address-table System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 45: Configuring Mac Address Move Notification Traps
MAC address moves from one port to another within the same VLAN. Follow these steps to configure the device to send MAC address-move notification traps to an NMS host: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 46 Enables the device to send MAC address move move notification traps to the NMS. Example: Device(config)# snmp-server enable traps mac-notification move Step 5 mac address-table notification mac-move Enables the MAC address move notification feature. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 47: Configuring Mac Threshold Notification Traps
Follow these steps to configure the switch to send MAC address table threshold notification traps to an NMS host: Procedure Command or Action Purpose Step 1 Enables privileged EXEC mode. enable Example: • Enter your password if prompted. Device> enable System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 48 Example: Device(config)# mac address-table notification threshold Step 6 mac address-table notification threshold Enters the threshold value for the MAC address [limit percentage] | [interval time] threshold usage monitoring. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 49: Disabling Mac Address Learning On Vlan
Disabling MAC Address Learning on VLAN This feature is supported on Cisco Catalyst 9500 High Performance Series Switches. You can control MAC address learning on a VLAN to manage the available MAC address table space by controlling which VLANs can learn MAC addresses. Before you disable MAC address learning, be sure that you are familiar with the network topology.
Page 50: Adding And Removing Static Address Entries
(Optional) Reenable MAC address learning on VLAN in a global configuration mode. Example: Device# default mac address-table Adding and Removing Static Address Entries Follow these steps to add a static address: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 51 Step 4 show running-config Verifies your entries. Example: Device# show running-config Step 5 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Device# copy running-config startup-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 52: Configuring Unicast Mac Address Filtering
(Optional) Saves your entries in the copy running-config startup-config configuration file. Example: Device# copy running-config startup-config Monitoring and Maintaining Administration of the Device Command Purpose clear mac address-table dynamic Removes all dynamic entries. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 53: Configuration Examples For Device Administration
VLAN. Configuration Examples for Device Administration Example: Setting the System Clock This example shows how to manually set the system clock: Device# clock set 13:32:00 23 July 2013 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 54: Examples: Configuring Summer Time
Example: Configuring a Login Banner This example shows how to configure a login banner by using the dollar sign ($) symbol as the beginning and ending delimiter: Device(config)# banner login $ System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 55: Example: Configuring Mac Address Change Notification Traps
You cannot associate the same static MAC address to multiple interfaces. If the command is executed again with a different interface, the static MAC address is overwritten on the new interface. Device(config)# mac address-table static c2f3.220a.12f4 vlan 4 interface gigabitethernet1/1/1 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 56: Example: Configuring Unicast Mac Address Filtering
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 57: Boot Integrity Visibility
During the boot process, the software creates a checksum record of each stage of the bootloader activities. You can retrieve this record and compare it with a Cisco-certified record to verify if your software image is genuine. If the checksum values do not match, you may be running a software image that is either not certified by Cisco or has been altered by an unauthorized party.
Page 58: Verifying Platform Identity And Software Integrity
SUDI is the Product ID and Serial Number of each individual device such that the device can be uniquely identified on a network of thousands of devices. The first certificate is the Cisco Root CA 2048 and the second is the Cisco subordinate CA (ACT2 SUDI CA). Both certificates can be verified to match those published on https://www.cisco.com/security/pki/.
Page 59 || } Cisco management solutions are equipped with the ability to interpret the above output. However, a simple script using OpenSSL commands can also be used to display the identity of the platform and to verify the signature, thereby ensuring its Cisco unique device identity.
Page 60 These hashes can be compared against Cisco-provided reference values. An option to sign the output gives a verifier the ability to ensure the output is genuine and is not altered. A nonce can be provided to protect against replay attacks.
Page 61: Additional References For Boot Integrity Visibility
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 62 C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 63: Performing Device Setup Configuration
Dynamic Host Configuration Protocol (DHCP) auto configuration. Device Boot Process To start your device, you need to follow the procedures described in the Cisco Catalyst 9500 Series Switches Hardware Installation Guide for installing and powering on the device and setting up the initial device configuration.
Page 64: Software Install Overview
The method that you use to upgrade Cisco IOS XE software depends on whether the switch is running in install mode or in bundle mode. In bundle mode or consolidated boot mode, a .bin image file is used from a local or remote location to boot the device.
Page 65: Software Boot Modes
• Software rollback to a previously installed package set. • Emergency installation in the event that no valid installed packages reside on the boot flash. Note This feature is not supported on the Cisco Catalyst 9500 Series High Performance Switches. Software Boot Modes...
Page 66: Installing The Software Package
Use the install auto-abort-timer stop command to stop this timer. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 67: Devices Information Assignment
DHCP is built on a client-server model, in which designated DHCP servers allocate network addresses and deliver configuration parameters to dynamically configured devices. The device can act as both a DHCP client and a DHCP server. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 68: Dhcp Client Request Process
If the configuration parameters sent to the client in the DHCPOFFER unicast message are invalid (a configuration error exists), the client returns a DHCPDECLINE broadcast message to the DHCP server. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 69: Dhcp-Based Autoconfiguration And Image Update
The downloaded configuration file becomes the running configuration of the device. It does not over write the bootup configuration saved in the flash, until you reload the device. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 70: Dhcp Auto-Image Update
TFTP requests. Unavailability of other lease options does not affect autoconfiguration. • The device can act as a DHCP server. By default, the Cisco IOS DHCP server and relay agent features are enabled on your device but are not configured. (These features are not operational.)
Page 71: Purpose Of The Tftp Server
DHCP server. The device sends a unicast message to the TFTP server to retrieve the named configuration file from the base directory of the server and upon receipt, it completes its boot up process. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 72: How To Control Environment Variables
You can change the settings of the environment variables by accessing the boot loader or by using Cisco IOS commands. Under normal circumstances, it is not necessary to alter the setting of the environment variables.
Page 73: Common Environment Variables
If it is set to anything filesystem :/ file-url boot loader else, you must manually boot command, and specify the name of the up the switch from the boot bootable image. loader mode. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 74: Environment Variables For Tftp
TFTP. A reset is required for the new value to take effect. IP_ADDRESS Specifies the IP address and the subnet mask for the associated IP subnet of the switch. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 75: Scheduled Reload Of The Software Image
This task describes how to configure DHCP autoconfiguration of the TFTP and DHCP settings on an existing device in the network so that it can support the autoconfiguration of a new device. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 76 10.10.10.1 Step 6 option 150 address Specifies the IP address of the TFTP server. Example: Device(dhcp-config)# option 150 10.10.10.1 Step 7 exit Returns to global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 77: Configuring Dhcp Auto-Image Update (Configuration File And Image)
You must first create a text file (for example, autoinstall_dhcp) that will be uploaded to the device. In the text file, put the name of the image that you want to download (for example, cat9k_iosxe.16.xx.xx.SPA.bin). System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 78 Device(dhcp-config)# option 150 10.10.10.1 Step 7 option 125 hex Specifies the path to the text file that describes the path to the image file. Example: Device(dhcp-config)# option 125 hex System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 79 Example: Device(config)# tftp-server flash:boot-config.text Step 14 interface interface-id Specifies the address of the client that will receive the configuration file. Example: Device(config)# interface gigabitEthernet1/0/4 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 80: Configuring The Client To Download Files From Dhcp Server
Step 1 configure terminal Enters global configuration mode. Example: Device# configure terminal Step 2 boot host dhcp Enables autoconfiguration with a saved configuration. Example: Device(conf)# boot host dhcp System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 81: Manually Assigning Ip Information To Multiple Svis
Enters interface configuration mode, and enters the VLAN to which the IP information is Example: assigned. The range is 1 to 4094. Device(config)# interface vlan 99 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 82 Verifies the configured IP address. Example: Device# show interfaces vlan 99 Step 8 Verifies the configured default gateway. show ip redirects Example: Device# show ip redirects System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 83: Modifying Device Startup Configuration
Specifying a Filename to Read and Write a System Configuration By default, the Cisco IOS software uses the config.text file to read and write a nonvolatile copy of the system configuration. However, you can specify a different filename, which will be loaded during the next boot cycle.
Page 84: Manually Booting The Switch
To boot up the system, use the boot filesystem:/file-url boot loader command. • filesystem:—Uses flash: for the system board flash device. Switch: boot flash: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 85: Booting The Device In Installed Mode
• The device reloads after executing this command. Step 3 exit Exits privileged EXEC mode and returns to user EXEC mode. Example: Device# exit System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 86 Makes the changes persistent over reload. Example: • The install commit command completes the new image installation. Changes are Device# install commit persistent across reloads until the auto-abort timer expires. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 87: Booting A Device In Bundle Mode
(Optional) Displays the version of the image installed. Configuring a Scheduled Software Image Reload This task describes how to configure your device to reload the software image at a later time. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 88 Device(config)# reload cancel Step 6 show reload Displays information about a previously scheduled reload or identifies if a reload has Example: been scheduled on the device. show reload System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 89: Configuration Examples For Device Setup Configuration
GPL code under the terms of GPL Version 2.0. For more details, see the documentation or "License Notice" file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 90 If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected].
Page 91 If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected].
Page 92: Example: Emergency Installation
Package cat9k-sipbase.16.05.01a.SPA.pkg /temp//stage/cat9k-sipbase.16.05.01a.SPA.pkg is Digitally Signed Package cat9k-sipspa.16.05.01a.SPA.pkg /temp//stage/cat9k-sipspa.16.05.01a.SPA.pkg is Digitally Signed Package cat9k-srdriver.16.05.01a.SPA.pkg /temp//stage/cat9k-srdriver.16.05.01a.SPA.pkg is Digitally Signed Package cat9k-webui.16.05.01a.SPA.pkg /temp//stage/cat9k-webui.16.05.01a.SPA.pkg is Digitally Signed Package cat9k-wlc.16.05.01a.SPA.pkg /temp//stage/cat9k-wlc.16.05.01a.SPA.pkg is Digitally System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 93: Example: Managing An Update Package
[1] Finished Add on switch 1 Checking status of Add on [1] Add: Passed on [1] Finished Add install_add_activate_commit: Activating PACKAGE Following packages shall be activated: /flash/cat9k-wlc.16.06.02.SPA.pkg /flash/cat9k-webui.16.06.02.SPA.pkg /flash/cat9k-srdriver.16.06.02.SPA.pkg /flash/cat9k-sipspa.16.06.02.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 94 The following example shows how to activate an added software package file: Device# install activate install_activate: START Mon Oct 30 20:14:20 UTC 2017 install_activate: Activating PACKAGE *Oct 30 20:14:21.379: %IOSXE-5-PLATFORM: Switch 1 R0/0: Oct 30 20:14:21 install_engine.sh: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 95 Chassis 1 reloading, reason - Reload command The following sample output from the show install summary command displays the status of the software package as active and uncommitted: Device# show install summary System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 96 Current cc 2 0 cat9k-sipbase.16.06.02.prd9.SPA.pkg Current cc 2 0 cc_spa cat9k-sipspa.16.06.02.prd9.SPA.pkg Current cc 3 cc_srdriver cat9k-cc_srdriver.16.06.02.prd9.SPA.pkg Current cc 3 0 cat9k-sipbase.16.06.02.prd9.SPA.pkg Current cc 3 0 cc_spa cat9k-sipspa.16.06.02.prd9.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 97 Replacement: cc 6 0 cc_spa cat9k-sipspa.16.06.02.SPA.pkg Replacement: cc 7 cc_srdriver cat9k-cc_srdriver.16.06.02.SPA.pkg Replacement: cc 7 0 cat9k-sipbase.16.06.02.SPA.pkg Replacement: cc 7 0 cc_spa cat9k-sipspa.16.06.02.SPA.pkg Replacement: cc 8 cc_srdriver cat9k-cc_srdriver.16.06.02.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 98 Scanning boot directory for packages ... done. Preparing packages list to delete ... done. The following files will be deleted: [switch 1]: /flash/cat9k-cc_srdriver.16.06.02.SPA.pkg /flash/cat9k-espbase.16.06.02.SPA.pkg /flash/cat9k-guestshell.16.06.02.SPA.pkg /flash/cat9k-rpbase.16.06.02.SPA.pkg /flash/cat9k-rpboot.16.06.02.SPA.pkg /flash/cat9k-sipbase.16.06.02.SPA.pkg /flash/cat9k-sipspa.16.06.02.SPA.pkg /flash/cat9k-srdriver.16.06.02.SPA.pkg /flash/cat9k-webui.16.06.02.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 99 Current rp 1 0 rp_boot cat9k-rpboot.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Replacement: rp 0 0 rp_boot cat9k-rpboot.16.06.02.SPA.pkg Replacement: rp 1 0 rp_boot cat9k-rpboot.16.06.02.SPA.pkg Current cc 0 cc_srdriver cat9k-cc_srdriver.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Current cc 0 0 cat9k-sipbase.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 100 Current cc 8 0 cc_spa cat9k-sipspa.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Current cc 9 cc_srdriver cat9k-cc_srdriver.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Current cc 9 0 cat9k-sipbase.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Current cc 9 0 cc_spa cat9k-sipspa.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg Current fp 0 0 cat9k-espbase.BLD_POLARIS_DEV_LATEST_20171029_082249.SSA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 101 Replacement: cc 7 0 cat9k-sipbase.16.06.02.SPA.pkg Replacement: cc 7 0 cc_spa cat9k-sipspa.16.06.02.SPA.pkg Replacement: cc 8 cc_srdriver cat9k-cc_srdriver.16.06.02.SPA.pkg Replacement: cc 8 0 cat9k-sipbase.16.06.02.SPA.pkg Replacement: cc 8 0 cc_spa cat9k-sipspa.16.06.02.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 102 --- Starting Activate --- Performing Activate on all members [1] Activate package(s) on switch 1 --- Starting list of software package changes --- Old files list: Removed cat9k-cc_srdriver.16.06.02.SPA.pkg Removed cat9k-espbase.16.06.02.SPA.pkg System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 103: Verifying Software Install
Chassis 1 reloading, reason - Reload command Verifying Software Install Procedure Step 1 enable Example: Device> enable Enables privileged EXEC mode. • Enter your password if prompted. Step 2 show install log Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 104 Device# show install package flash:cat9k_iosxe.16.06.01.SPA.bin Displays information about the specified software install package file. Device# show install package flash:cat9k_iosxe.16.06.01.SPA.bin Package: cat9k_iosxe.16.06.01.SPA.bin Size: 333806196 Timestamp: Sun Jun 11 14:47:23 2017 UTC System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 105 State (St): I - Inactive, U - Activated & Uncommitted, C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- 16.7.1.0 Device# Step 7 show install committed System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 106: Example: Configuring A Device As A Dhcp Server
Device(dhcp-config)# option 150 10.10.10.1 Device(dhcp-config)# exit Device(config)# tftp-server flash:config-boot.text Device(config)# interface gigabitethernet1/0/4 Device(config-if)# no switchport Device(config-if)# ip address 10.10.10.1 255.255.255.0 Device(config-if)# end Example: Configuring DHCP Auto-Image Update Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 107: Example: Configuring A Device To Download Configurations From A Dhcp Server
This example shows how to reload the software on a device on the current day at 7:30 p.m: Device# reload at 19:30 Reload scheduled for 19:30:00 UTC Wed Jun 5 2013 (in 2 hours and 25 minutes) System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 108: Additional References For Performing Device Setup
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 109: Configuring Smart Licensing
• Network reachability to https://tools.cisco.com. Introduction to Smart Licensing Cisco Smart Licensing is a flexible licensing model that provides you with an easier, faster, and more consistent way to purchase and manage software across the Cisco portfolio and across your organization. And it’s secure –...
Page 110: Overview Of Cssm
• License Flexibility: Your software is not node-locked to your hardware, so you can easily use and transfer licenses as needed. To use Smart Licensing, you must first set up a Smart Account on Cisco Software Central (software.cisco.com). For a more detailed overview on Cisco Licensing, go to cisco.com/go/licensingguide.
Page 111 Connecting to CSSM Figure 5: Connection Options 1. Direct cloud access: In this method, Cisco products send usage information directly over the internet to Cisco.com; no additional components are needed for the connection. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 112: Linking Existing Licenses To Cssm
The following section is required for those licenses that were purchased without a Cisco Smart Account. These licenses will not be available in CSSM after you have upgraded to Cisco IOS XE Fuji 16.9.1. You are requested to contact the Cisco Global Licensing Operations (GLO) team with the following email template. Fill the template with the appropriate information to request linking of your existing licenses to your Cisco Smart Account in CSSM.
Page 113: Setting Up A Connection To Cssm
Device(config)# ip domain name example.com Step 7 (Optional) Configures static ip host tools.cisco.com ip-address hostname-to-address mappings in the DNS Example: hostname cache if automatic DNS mapping is not available. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 114 Configures a source interface for the HTTP ip http client source-interface interface-type interface-number client. Example: Note The ip http client source-interface interface-type Device(config)# ip http client interface-number command is source-interface Vlan100 mandatory. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 115: Configuring The Call Home Service For Direct Cloud Access
Device(config-call-home)# no http secure server-identity-check Step 5 contact-email-address email-address Assigns customer's email address. You can enter up to 200 characters in email address Example: format with no spaces. Device(config-call-home)# contact-email-addr [email protected] System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 116 Exits global configuration mode and returns to privileged EXEC mode. Example: Device(config)# exit Step 15 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: Device# copy running-config startup-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 117: Configuring The Call Home Service For Direct Cloud Access Through An Https Proxy Server
To use this profile with the Call Home service, Example: you must enable the profile. Device(config-call-home)# profile CiscoTAC-1 Step 7 destination transport-method http Enables the Call Home service via HTTP. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 118 Device(config-call-home)# exit Step 16 service call-home Enables the Call Home feature. Example: Device(config)# service call-home Step 17 ip http client proxy-server proxy-address Enables the Call Home feature. proxy-port port-number System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 119: Configuring The Call Home Service For Cisco Smart Software Manager On-Prem
For information about Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite), see https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager-satellite.html. To configure the Call Home service for the Cisco Smart Software Manager On-Prem (formerly known as Cisco Smart Software Manager satellite), perform this procedure:...
Page 120 Call Home Example: configuration mode. Device(config-call-home-profile)# exit Step 14 exit Exits Call Home configuration mode and returns to global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 121: Configuring The License Level
• Network Essentials • Network Advantage (includes Network Essentials) Add-on licenses—These can be subscribed for a fixed term of three, five, or seven years. • Digital Networking Architecture (DNA) Essentials System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 122 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - network-essentials Smart License network-essentials None Subscription Smart License None Step 7 reload Reloads the device. Example: Device# reload System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 123: Registering A Device On Cssm
Note Downgrading a device from Cisco IOS XE Fuji 16.9.1 to any prior release will migrate the smart license to traditional license. All smart license information on the device will be removed. In case the device needs to be upgraded back to Cisco IOS XE Fuji 16.9.1, the license status will remain in evaluation mode until the...
Page 124 Step 9 Check the Allow export-controlled functionality on the products registered with this token checkbox. Enabling this checkbox ensures Cisco compliance with US and country-specific export policies and guidelines. For more information, see https://www.cisco.com/c/en/us/about/legal/global-export-trade.html. Step 10 Click Create Token to create a token.
Page 125: Registering A Device With The New Token
Verifying the License Status After Registration To verify the status of a license after registration, use the show license all command. Device> enable Device# show license all Smart Licensing Status ====================== System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 126 Export status: NOT RESTRICTED Product Information =================== UDI: PID:C9500-48Y4C,SN:CAT2150L5HK Agent Version ============= Smart Agent for Licensing: 4.5.2_rel/32 Component Versions: SA:(1_3_dev)1.0.15, SI:(dev22)1.2.1, CH:(rel5)1.0.3, PK:(dev18)1.0.3 Reservation Info ================ License reservation: DISABLED System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 127: Canceling A Device's Registration In Cssm
Canceling a Device's Registration in CSSM Canceling a Device's Registration in CSSM When your device is taken off the inventory, shipped elsewhere for redeployment, or returned to Cisco for replacement using the return merchandise authorization (RMA) process, you can use the deregister command to cancel the registration of your device.
Page 128: Monitoring Smart Licensing Configuration
Displays all the entitlements in use. Additionally, it shows the associated licensing certificates, compliance status, UDI, and other details. show tech-support license Displays the detailed debug output. Displays the license usage information. show license usage System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 129: Configuration Examples For Smart Licensing
APF-.-WLC_.* warning major Example: Viewing the License Information Before Registering Example To display the license entitlements, use the show license all command: Device> enable Device# show license all System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 130 Component Versions: SA:(1_3_dev)1.0.15, SI:(dev22)1.2.1, CH:(rel5)1.0.3, PK:(dev18)1.0.3 Reservation Info ================ License reservation: DISABLED Example To display the license usage information, use the show license usage command: Device> enable Device# show license usage License Authorization: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 131 Device# show license status Smart Licensing is ENABLED Utility: Status: DISABLED Data Privacy: Sending Hostname: yes Callhome hostname privacy: DISABLED Smart Licensing hostname privacy: DISABLED Version privacy: DISABLED Transport: Type: Callhome System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 132: Example: Registering A Device
Last Communication Attempt: SUCCEEDED on Jul 31 17:30:02 2018 IST Next Communication Attempt: Aug 30 17:30:01 2018 IST Communication Deadline: Oct 29 17:24:12 2018 IST Export Authorization Key: Features Authorized: Utility: Status: DISABLED System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 133 Description: C9500 48Y4C DNA Advantage Count: 1 Version: 1.0 Status: AUTHORIZED Export status: NOT RESTRICTED C9500 48Y4C NW Advantage (C9500-48Y4C-A): Description: C9500 48Y4C NW Advantage Count: 1 Version: 1.0 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 134 Initial Registration: SUCCEEDED on Jul 16 09:44:50 2018 IST Last Renewal Attempt: None Next Renewal Attempt: Jan 12 09:44:49 2019 IST Registration Expires: Jul 16 09:39:05 2019 IST System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 135: Additional References
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 136 CLI. Support for this feature was introduced on all models of Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn...
Page 137: Configuring Application Visibility And Control In A Wired Network
This feature is not supported on the C9500-32C, C9500-32QC, C9500-48Y4C, and C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Application Visibility and Control (AVC) is a critical part of Cisco’s efforts to evolve its Branch and Campus solutions from being strictly packet and connection based to being application-aware and application-intelligent.
Page 138: Supported Avc Class Map And Policy Map Formats
Multiple set and police including policy-map webex-policy Ingress and egress class webex-class default set dscp af31 police 4000000 class class-webex-category set dscp ef police 6000000 class class-default set dscp <> System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 139: Restrictions For Wired Application Visibility And Control
NBAR2 match criteria will not be allowed in a policy that has queuing features configured. • ‘Match Protocol’: up to 255 concurrent different protocols in all policies (8 bits HW limitation). • AVC is not supported on management port (Gig 0/0). System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 140: How To Configure Application Visibility And Control
Guide). • Starting with Cisco IOS XE 16.12.1 release, a new flow record has been included - the DNS flow record. The DNS flow record is similar to the 5-tuple record and includes the DNS domain name field. It accounts only for DNS related fields.
Page 141: Enabling Application Recognition On An Interface
Enables application recognition on the interface by activating NBAR2 engine. Example: Device(config-if)# ip nbar protocol-discovery Step 4 Returns to privileged EXEC mode. Example: Device(config-if)# end System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 142: Creating Avc Qos Policy
Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Creating a Policy Map Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 143 (b/s). The range is 80000 8000 to 10000000000. • For burst-byte, specify the normal burst size in bytes. The range is 1000 to 512000000. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 144: Applying A Qos Policy To The Switch Port
The legacy bidirectional records are client/server application statistics records, and the new directional records are application-stats for input/output. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 145 (flow responder). Example: Device(config-flow-record)# match connection server ipv4 address Step 9 Specifies a match to the transport port of the match connection server transport port server. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 146 Specifies to collect the number of connection initiations observed. Example: Device(config-flow-record)# collect connection new-connections Step 14 collect connection client counter packets Specifies to collect the number of packets sent long by the client. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 147 Device(config)# end Step 21 show flow record Displays information about all the flow records. Example: Device# show flow record Flow Record 2 - Bidirectional Flow Record System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 148 Step 9 match connection server ipv4 address Specifies a match to the IPv4 address of the server (flow responder). Example: Device(config-flow-record)# match connection server ipv4 address System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 149 For wired AVC, the initiator keyword is always set to initiator. Step 14 collect connection new-connections Specifies to collect the number of connection initiations observed. Example: Device(config-flow-record)# collect connection new-connections System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 150 Step 22 show flow record Displays information about all the flow records. Example: Device# show flow record Directional Flow Records Flow Record 3 - Directional Flow Record - Ingress System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 151 Specifies a match to the transport destination port as a key field. Example: Device(config-flow-record)# match transport destination-port Step 10 match interface input Specifies a match to the input interface as a key field. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 152 Device(config)# end Step 18 show flow record Displays information about all the flow records. Example: Device# show flow record Flow Record 4 - Directional Flow Record - Egress System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 153 Specifies a match to the transport destination port as a key field. Example: Device(config-flow-record)# match transport destination-port Step 10 match interface output Specifies a match to the output interface as a key field. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 154 Device(config)# end Step 18 show flow record Displays information about all the flow records. Example: Device# show flow record DNS Flow Record Flow Record 5 - DNS Flow Record System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 155 Step 9 match connection server ipv4 address Specifies a match to the IPv4 address of the server (flow responder). Example: Device(config-flow-record)# match connection server ipv4 address System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 156 : • 0x01 = Initiator - the flow source is the initiator of the connection For wired AVC, the initiator keyword is always set to initiator. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 157 Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Creating a Flow Exporter You can create a flow exporter to define the export parameters for a flow. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 158 Displays flow exporter statistics. Example: Device# show flow exporter statistics Creating a Flow Monitor You can create a flow monitor and associate it with a flow record. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 159 Alternatively, you can also press Ctrl-Z to exit Example: global configuration mode. Device(config)# end Step 8 show flow monitor Displays information about all the flow monitors. Example: Device# show flow monitor System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 160 You can attach two different wired AVC monitors with different predefined records to an interface at the same time. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 161: Nbar2 Custom Applications
Generic protocol customization • HTTP • SSL • DNS Composite : Customization based on multiple underlying protocols – server-name Layer3/Layer4 customization • IPv4 address • DSCP values • TCP/UDP ports System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 162 To extend an existing application, use the command ip nbar custom application-name dns domain-name domain-name extends existing-application. For more information on DNS based customization, see http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ qos_nbar/configuration/xe-3s/asr1000/qos-nbar-xe-3s-asr-1000-book/nbar-custapp-dns-xe.html. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 163 LAYER4CUSTOM Custom MYDNS Custom MYDOMAIN Custom MYHTTP Custom MYSSL Custom show ip nbar protocol-discovery protocol CUSTOM_APP Device# show ip nbar protocol-id MYSSL Protocol Name type ---------------------------------------------- MYSSL Custom System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 164: Nbar2 Dynamic Hitless Protocol Pack Upgrade
Protocol packs are software packages that update the NBAR2 protocol support on a device without replacing the Cisco software on the device. A protocol pack contains information on applications officially supported by NBAR2 which are compiled and packed together. For each application, the protocol-pack includes information on application signatures and application attributes.
Page 165: Monitoring Application Visibility And Control
The following example shows how to revert to the built-in protocol pack: Device> enable Device# configure terminal Device(config)# default ip nbar protocol-pack Device(config)# exit Monitoring Application Visibility and Control This section describes the new commands for application visibility. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 166: Examples: Application Visibility And Control Configuration
Device(config)# interface GigabitEthernet 1/0/1 Device(config-if)# switchport mode access Device(config-if)# switchport access vlan 20 Device(config-if)# service-policy input POLICING_IN Device(config-if)#end This example shows how to create class maps based on NBAR attributes. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 167 Last clearing of "show ip nbar protocol-discovery" counters 00:03:16 Input Output ----- ------ Protocol Packet Count Packet Count Byte Count Byte Count 30sec Bit Rate (bps) 30sec Bit Rate (bps) 30sec Max Bit Rate (bps) System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 168 30 second rate 0 bps Match: protocol ms-lync-video 0 packets, 0 bytes 30 second rate 0 bps QoS Set dscp af41 Class-map: class-default (match-any) 34 packets Match: any System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 169 : cisco-jabber-group p2p-technology : p2p-tech-no traffic-class : transactional-data business-relevance : business-relevant application-set : collaboration-apps Device# show ip nbar protocol-attribute google-services Protocol Name : google-services encrypted : encrypted-yes System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 170 (Platform cache) Status: not allocated Size: 12000 entries Inactive Timeout: 15 secs Active Timeout: 1800 secs show flow monitor wdavc statistics Displays statistics for wired AVC flow monitor. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 171 ------------------------ ------------------------ ------------------- ---------------- ---------- ------- --------------------------- --------- 64.103.125.147 144.254.71.184 4294967305 port dns Input ....64.103.121.103 10.1.1.2 4294967305 layer7 dhcp Input ..contd... 64.103.125.3 64.103.125.97 4294967305 layer7 dhcp Input System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 172 - Inactive timeout 15 secs) CONNECTION IPV4 INITIATOR ADDRESS: 64.103.125.147 CONNECTION IPV4 RESPONDER ADDRESS: 144.254.71.184 CONNECTION RESPONDER PORT: FLOW OBSPOINT ID: 4294967305 IP VERSION: IP PROTOCOL: APPLICATION NAME: port dns System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 173 1412 CONNECTION IPV4 INITIATOR ADDRESS: 10.0.2.6 CONNECTION IPV4 RESPONDER ADDRESS: 157.55.40.149 CONNECTION RESPONDER PORT: FLOW OBSPOINT ID: 4294967305 IP VERSION: IP PROTOCOL: APPLICATION NAME: layer7 ms-lync System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 174 CONNECTION IPV4 INITIATOR ADDRESS: 64.103.125.97 CONNECTION IPV4 RESPONDER ADDRESS: 64.103.101.181 CONNECTION RESPONDER PORT: FLOW OBSPOINT ID: 4294967305 IP VERSION: IP PROTOCOL: APPLICATION NAME: layer7 dhcp System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 175 CONNECTION IPV4 INITIATOR ADDRESS: 10.80.101.18 CONNECTION IPV4 RESPONDER ADDRESS: 10.80.101.6 CONNECTION RESPONDER PORT: 5060 FLOW OBSPOINT ID: 4294967305 IP VERSION: IP PROTOCOL: APPLICATION NAME: layer7 cisco-collab-control System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 176 1412 CONNECTION IPV4 INITIATOR ADDRESS: 64.103.125.29 CONNECTION IPV4 RESPONDER ADDRESS: 64.103.101.181 CONNECTION RESPONDER PORT: FLOW OBSPOINT ID: 4294967305 IP VERSION: IP PROTOCOL: APPLICATION NAME: layer7 dhcp System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 177 64.103.125.147,144.254.71.184,53,4294967305,4,17,port dns,Input,08:55:46.917,08:55:46.917,Initiator,2,1,1,190,106 64.103.121.103,10.1.1.2,67,4294967305,4,17,layer7 dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,1,0,350 64.103.125.3,64.103.125.97,68,4294967305,4,17,layer7 dhcp,Input,08:55:47.917,08:55:53.917,Initiator,1,0,4,0,1412 10.0.2.6,157.55.40.149,443,4294967305,4,6,layer7 ms- lync,Input,08:55:46.917,08:55:46.917,Initiator,2,10,14,6490,1639 64.103.126.28,66.163.36.139,443,4294967305,4,6,layer7 cisco-jabber- im,Input,08:55:46.917,08:55:46.917,Initiator,2,12,10,5871,2088 64.103.125.2,64.103.125.29,68,4294967305,4,17,layer7 dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,2,0,712 64.103.125.97,64.103.101.181,67,4294967305,4,17,layer7 dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,1,0,350 192.168.100.6,10.10.20.1,5060,4294967305,4,17,layer7 cisco-jabber- control,Input,08:55:46.917,08:55:46.917,Initiator,1,0,2,0,2046 64.103.125.3,64.103.125.29,68,4294967305,4,17,layer7 dhcp,Input,08:55:47.917,08:55:47.917,Initiator,1,0,2,0,712 10.80.101.18,10.80.101.6,5060,4294967305,4,6,layer7 cisco-collab- control,Input,08:55:46.917,08:55:47.917,Initiator,2,23,27,12752,8773 10.1.11.4,66.102.11.99,80,4294967305,4,6,layer7 google- services,Input,08:55:46.917,08:55:46.917,Initiator,2,3,5,1733,663 64.103.125.2,64.103.125.97,68,4294967305,4,17,layer7 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 178: Basic Troubleshooting - Questions And Answers
Answer: For each new flow, it takes a few packets to classify it and install the result in the hardware. During this time, the classification would be 'un-known' and traffic will fall under the default queue. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 179: Additional References For Application Visibility And Control
DNS Domain-Name as the collect field for defining the flow record. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 180 Configuring Application Visibility and Control in a Wired Network Feature History for Application Visibility and Control in a Wired Network System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 181: Configuring Sdm Templates
Switch Device Manager (SDM) templates can be used to configure system resources and optimize support for specific features. However standard SDM templates are defined based on how the device is deployed in the network. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 182 A custom SDM template will allow you to configure the features of the template based on your requirements and not the location of the device in the network. Starting with the Cisco IOS XE Amsterdam 17.3.1 release, you can configure a custom SDM template for Forwarding Information Base (FIB) using the sdm prefer custom fib command.
Page 183 For features where the scale value can be set to zero, you need to specify the scale value as zero. If not, the default value will be assigned as the scale value. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 184: System Resource Allocation For Customizable Sdm Template
If the standby Supervisor is configured with a different custom template than the active Supervisor, the Customizable SDM Template of the active Supervisor is configured on the standby Supervisor during initialization. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 185: Customizable Sdm Template And Stackwise Virtual
When a device with a customizable SDM template for FIB features undergoes a downgrade to a release earlier than the Cisco IOS XE Amsterdam 17.3.1 release, you need to change the SDM template to a static SDM template before the downgrade. You can change the template using the sdm prefer template name command.
Page 186 EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 187: Monitoring And Maintaining Sdm Templates
Configuration Examples for SDM Templates Examples: Displaying SDM Templates The following example output shows the core template information on Cisco Catalyst 9500 Series Switches: Device# show sdm prefer core This is the Core template. Security Ingress IPv4 Access Control Entries*:...
Page 188 * values can be modified by sdm cl These values can vary depending on device and version. The following example output shows the NAT template information on Cisco Catalyst 9500 Series Switches: Device# show sdm prefer nat This is the NAT template.
Page 189 16384 Ipv4/Ipv6 Direct and Indirect unicast routes share same space * values can be modified by sdm cli The following example output shows the distribution template information on Cisco Catalyst 9500 Series Switches: Device# show sdm prefer distribution This is the Distribution template.
Page 190: Examples: Configuring Sdm Templates
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 191 C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 192 Configuring SDM Templates Feature History for SDM Templates System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 193: Configuring System Message Logs
You can remotely monitor system messages by viewing the logs on a syslog server or by accessing the switch through Telnet, through the console port, or through the Ethernet management port. In a switch stack, all member switch consoles provide the same console output. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 194: System Log Message Format
Single-digit code from 0 to 7 that is the severity of the message. MNEMONIC Text string that uniquely describes the message. description Text string containing detailed information about the event being reported. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 195: Default System Message Logging Settings
The history table lists the level keywords and severity level. For SNMP usage, the severity level values increase by 1. For example, emergencies equal 1, not 0, and critical equals 3, not 2. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 196: How To Configure System Message Logs
Stores log messages in a file in flash memory [min-file-size]] [severity-level-number | type] on a standalone switch or, in the case of a switch stack, on the active switch . Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 197: Synchronizing Log Messages
After the unsolicited messages appear, the console again displays the user prompt. This task is optional. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 198 • (Optional) level all Specifies that all messages are printed asynchronously regardless of the severity level. • (Optional) limit number-of-buffers Specifies the number of buffers to be queued for the terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 199: Disabling Message Logging
Enters global configuration mode. Example: Device# configure terminal Step 2 no logging console Disables message logging. Example: Device(config)# no logging console Step 3 Returns to privileged EXEC mode. Example: Device(config)# end System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 200: Enabling And Disabling Time Stamps On Log Messages
By default, sequence numbers in log messages are not displayed. This task is optional. Procedure Command or Action Purpose Step 1 configure terminal Enters global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 201: Defining The Message Severity Level
Step 4 Limits messages logged to the syslog servers. logging trap level Example: By default, syslog servers receive informational messages and numerically lower levels. Device(config)# logging trap 3 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 202: Limiting Syslog Messages Sent To The History Table And To Snmp
0 to 500 messages. Device(config)# logging history size 200 Step 4 Returns to privileged EXEC mode. Example: Device(config)# end Logging Messages to a UNIX Syslog Daemon This task is optional. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 203 Make sure the syslog daemon reads the new For more information, see the man syslog.conf changes. and man syslogd commands on your UNIX system. Example: $ kill -HUP `cat /etc/syslog.pid` System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 204: Monitoring And Maintaining System Message Logs
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 205 C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 206 Configuring System Message Logs Feature History for System Message Logs System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 207: Configuring Online Diagnostics
After you configure online diagnostics, you can manually start diagnostic tests or display the test results. You can also see which tests are configured for the device or switch stack and the diagnostic tests that have already run. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 208: Generic Online Diagnostics (Gold) Tests
Do not disable. Run this as an on-demand test, and as a health-monitoring test if the administrator is down. Default Intitial release Cisco IOS XE Everest 16.6.1. Corrective action – Hardware support Supervisors and linecards. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 209 This Scratch Register test monitors the health of ASICs by writing values into registers and reading back the values from these registers. Attribute Description Disruptive or Nondisruptive Nondisruptive. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 210 Default Off. Intitial release Cisco IOS XE Everest 16.6.1. Corrective action If the test fails, check the stack cables and connectors. Hardware support Supervisors. DiagMemoryTest System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 211 This test periodically monitors data-path traffic in the transmitted direction of each network port that is physically connected to a device with status as UP. This test is completed within a millisecond per port. It System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 212 ASIC level to verify that the ports are not stuck. It also displays syslog messages, and users can take corrective actions using the Cisco IOS Embedded Event Manager (EEM). Configure the time interval and threshold by entering the diagnostic monitor interval and diagnostic monitor threshold commands, respectively.
Page 213 Hardware support All modules. TestThermal This test verifies the temperature reading from a device sensor if it is below the yellow temperature threshold. This test runs every 90 seconds. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 214 Default Intitial release Cisco IOS XE Amsterdam 17.2.1. Corrective action Displays a syslog message if the test fails. Hardware support All modules. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 215: How To Configure Online Diagnostics
• test-id: Enters the ID number of the test. • test-id-range: Enters the range of test IDs by using integers separated by a comma and a hyphen. • all: Starts all of the tests. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 216: Configuring Online Diagnostics
• test-id-range: ID numbers of the tests that appear in the show diagnostic content command output. • all: All test IDs. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 217: Configuring Health-Monitoring Diagnostics
Purpose Step 1 enable Enables privileged EXEC mode. Example: Enter your password, if prompted. Device> enable Step 2 Enters global configuration mode. configure terminal Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 218 When specifying the tests, use one of these Example: parameters: • name: Name of the test that appears in Device(config)# diagnostic monitor the show diagnostic content command threshold switch 2 test 1 failure count output. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 219 Step 9 (Optional) Verifies your entries. show running-config Example: Device# show running-config Step 10 copy running-config startup-config (Optional) Saves your entries in the configuration file. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 220: Monitoring And Maintaining Online Diagnostics
C9500-16X, C9500-24Q, C9500-40X models of the Cisco Catalyst 9500 Series Switches. show post show diagnostic events {event-type | module} Displays diagnostic events such as error, information, or warning based on the test result. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 221: Configuration Examples For Online Diagnostics
Examples: Displaying Online Diagnostics This example shows how to display on demand diagnostic settings: Device# show diagnostic ondemand settings Test iterations = 1 Action on test failure = continue System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 222 The below example is not applicable to the C9500-12Q, C9500-16X, C9500-24Q, C9500-40X models of the Cisco Catalyst 9500 Series Switches. This example shows how to display the boot up level: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 223: Additional References For Online Diagnostics
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 224 Configuring Online Diagnostics Feature Information for Configuring Online Diagnostics System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 225: Managing Configuration Files
Restrictions for Managing Configuration Files • Many of the Cisco IOS commands described in this document are available and function only in certain configuration modes on the device. • Some of the Cisco IOS configuration commands are only available on certain device platforms, and the command syntax may vary on different platforms.
Page 226: Configuration Mode And Selecting A Configuration Source
To enter configuration mode on the device, enter the configure command at the privileged EXEC prompt. The Cisco IOS software responds with the following prompt asking you to specify the terminal, memory, or a file stored on a network server (network) as the source of configuration commands:...
Page 227: Copy Configuration Files From A Network Server To The Device
In some implementations of TFTP, you must create a dummy file on the TFTP server and give it read, write, and execute permissions before copying a file over it. Refer to your TFTP documentation for more information. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 228: Copying A Configuration File From The Device To An Rcp Server
You also can enable rcp support to allow users on remote systems to copy files to and from the device. To configure the Cisco IOS software to allow remote users to copy files to and from the device, use the ip rcmd rcp-enable global configuration command.
Page 229: Copying A Configuration File From The Device To An Ftp Server
The RCP protocol requires a client to send a remote username on each RCP request to a server. When you copy a configuration file from the device to a server using RCP, the Cisco IOS software sends the first valid username it encounters in the following sequence: 1.
Page 230: Copying Files Through A Vrf
The configurations are copied onto the TFTP server. Then, login to another switch and run the command copy tftp: startup-config and follow the instructions. The configurations are now copied onto the other switch. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 231: Configuration Files Larger Than Nvram
Release 10.0 or later release boot ROMs. Installing new ROMs is a one-time operation and is necessary only if you do not already have Cisco IOS Release 10.0 in ROM. If the boot ROMs do not recognize a compressed configuration, the following message is displayed:...
Page 232: How To Manage Configuration File Information
Device# show running-config Step 5 show startup-config Displays the contents of the startup configuration file. (Command alias for the more Example: nvram:startup-config command.) Device# show startup-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 233: Modifying The Configuration File
NVRAM. Modifying the Configuration File The Cisco IOS software accepts one configuration command per line. You can enter as many configuration commands as you want. You can add comments to a configuration file describing the commands you have entered. Precede a comment with an exclamation point (!). Because comments are not stored in NVRAM or in the active copy of the configuration file, comments do not appear when you list the active configuration with the show running-config or more system:running-config EXEC commands.
Page 234: Copying A Configuration File From The Device To A Tftp Server
Copying a Configuration File from the Device to a TFTP Server To copy configuration information on a TFTP network server, complete the tasks in this section: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 235: What To Do Next
To copy a startup configuration file or a running configuration file from the device to an RCP server, use the following commands beginning in privileged EXEC mode: Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 236: Examples
Storing a Startup Configuration File on an RCP Server The following example shows how to store a startup configuration file on a server by using RCP to copy the file: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 237: What To Do Next
(Optional) Specifies the default password. ip ftp password password Example: Device(config)# ip ftp password adminpassword Step 5 (Optional) Exits global configuration mode. This step is required only if you override the Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 238: Examples
Device(config)# ip ftp password mypass Device(config)# end Device# copy nvram:startup-config ftp: Remote host[]? 172.16.101.101 Name of configuration file to write [start-confg]? Write file start-confg on host 172.16.101.101?[confirm] ![OK] System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 239: What To Do Next
Example: Device# copy tftp://server1/dir10/datasource flash:startup-config Examples In the following example, the software is configured from the file named tokyo-confg at IP address 172.16.2.155: Device# copy tftp://172.16.2.155/tokyo-confg system:running-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 240: What To Do Next
• copy r cp:[[[/ / [ username@]l o cat i o n]/ d i r ect o ry]/ f i l e name]n vram:startup-conf i g Example: Device# copy System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 241: Examples
To copy a configuration file from an FTP server to the running configuration or startup configuration, complete the tasks in this section: Procedure Command or Action Purpose Step 1 enable Enables privileged EXEC mode. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 242: Examples
IP address of 172.16.101.101, and loads and runs the commands on the device: device# copy ftp://netadmin1:[email protected]/host1-confg system:running-config Configure using host1-confg from 172.16.101.101? [confirm] Connected to 172.16.101.101 Loading 1112 byte file host1-confg:![OK] System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 243: What To Do Next
Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 244 Configure using tokyo-confg from 172.16.2.155? [confirm] y Booting tokyo-confg from 172.16.2.155:!!! [OK - 874/16000 bytes] Device# copy system:running-config nvram:startup-config Building configuration... Compressing configuration from 129648 bytes to 11077 bytes [OK] System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 245: Storing The Configuration In Flash Memory On Class A Flash File Systems
NVRAM size, the following error message is displayed: “[buffer overflow - file-size /buffer-size bytes]. ” • configure terminal Example: Device# configure terminal System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 246: Loading The Configuration Commands From The Network
Device# configure terminal Step 4 boot network {ftp:[[[//[username [:password Specifies that the startup configuration file be ]@]location ]/directory ]/filename ] | loaded from the network server at startup. rcp:[[[//[username@]location ]/directory System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 247: Copying Configuration Files From Flash Memory To The Startup Or Running Configuration
• Loads a configuration file directly into NVRAM or • copy filesystem: [partition-number:][filename ] • Copies a configuration file to your running nvram:startup-config configuration • copy filesystem: [partition-number:][filename ] system:running-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 248: Copying Configuration Files Between Flash Memory File Systems
] • The source device and the destination Example: device cannot be the same. For example, the copy usbflash0: usbflash0: command is invalid. Device# copy flash: usbflash0: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 249: Copying A Configuration File From An Ftp Server To Flash Memory Devices
Step 2 configure terminal (Optional) Enters global configuration mode. This step is required only if you override the Example: default remote username or password (see Steps 3 and 4). System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 250: What To Do Next
Example: • Enter your password if prompted. Device> enable Step 2 configure terminal (Optional) Enters global configuration mode. This step is required only if you override the Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 251: Copying A Configuration File From A Tftp Server To Flash Memory Devices
The following example shows the copying of the configuration file named switch-config from a TFTP server to the flash memory card inserted in usbflash0. The copied file is renamed new-config. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 252: Re-Executing The Configuration Commands In The Startup Configuration File
Step 1 enable Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 erase nvram Clears the contents of your startup configuration. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 253: Deleting A Specified Configuration File
Enables privileged EXEC mode. Example: • Enter your password if prompted. Device> enable Step 2 delete flash-filesystem:filename Deletes the specified configuration file on the specified flash device. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 254: Specifying The Config_File Environment Variable On Class A Flash File Systems
Specifying the CONFIG_FILE Environment Variable on Class A Flash File Systems On Class A flash file systems, you can configure the Cisco IOS software to load the startup configuration file specified by the CONFIG_FILE environment variable. The CONFIG_FILE variable defaults to NVRAM.
Page 255: What To Do Next
The erase nvram:startup-config EXEC command erases the contents of NVRAM and deletes the file pointed to by the CONFIG_FILE environment variable. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 256: Configuring The Device To Download Configuration Files
NVRAM, the device enters the Setup command facility. Configuring the Device to Download the Network Configuration File To configure the Cisco IOS software to download a network configuration file from a server at startup, complete the tasks in this section:...
Page 257: Configuring The Device To Download The Host Configuration File
Device# copy system:running-config nvram:startup-config Configuring the Device to Download the Host Configuration File To configure the Cisco IOS software to download a host configuration file from a server at startup, complete the tasks in this section: Procedure Command or Action...
Page 258 Step 5 Exits global configuration mode. Example: Device(config)# end Step 6 Saves the running configuration to the startup copy system:running-config nvram:startup-config configuration file. Example: Device# copy system:running-config nvram:startup-config System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 259: Feature History For Managing Configuration Files
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 260 Managing Configuration Files Feature History for Managing Configuration Files System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 261: C H A P T E
SCP allows only users with a privilege level of 15 to copy a file in the Cisco IOS File System (Cisco IFS) to and from a device by using the copy command. An authorized administrator can also perform this action from a workstation.
Page 262: Secure Copy Performance Improvements
How to Configure Secure Copy The following sections provide information about the Secure Copy configuration tasks. Configuring Secure Copy To configure a Cisco device for SCP server-side functionality, perform the following steps. Procedure Command or Action Purpose...
Page 263: Enabling Secure Copy On The Ssh Server
Command or Action Purpose Step 1 enable Enables privileged EXEC mode. Example: Enter your password, if prompted. Device> enable Step 2 configure terminal Enters global configuration mode. Example: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 264 Device(config)# ip ssh authentication-retries 3 Step 9 ip scp server enable Enables the device to securely copy files from a remote workstation. Example: Device(config)# ip scp server enable System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 265: Configuration Examples For Secure Copy
! AAA authentication and authorization must be configured properly for SCP to work. Device> enable Device# configure terminal Device(config)# aaa new-model Device(config)# aaa authentication login default group tacacs+ System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 266: Additional References For Secure Copy
Support for this feature was introduced only on the C9500-12Q, C9500-16X, C9500-24Q, C9500-40X models of the Cisco Catalyst 9500 Series Switches. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 267 Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 268 Secure Copy Feature Information for Secure Copy System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 269: Configuration Replace And Configuration Rollback
The format of the configuration files used as input by the Configuration Replace and Configuration Rollback feature must comply with standard Cisco software configuration file indentation rules as follows: • Start all commands on a new line with no indentation, unless the command is within a configuration submode.
Page 270: Restrictions For Configuration Replace And Configuration Rollback
Rollback Configuration Archive The Cisco IOS configuration archive is intended to provide a mechanism to store, organize, and manage an archive of Cisco IOS configuration files to enhance the configuration rollback capability provided by the configure replace command. Before this feature was introduced, you could save copies of the running configuration using the copy running-config destination-url command, storing the replacement file either locally or remotely.
Page 271: Configuration Replace
The configure replace privileged EXEC command provides the capability to replace the current running configuration with any saved Cisco IOS configuration file. This functionality can be used to revert to a previous configuration state, effectively rolling back any configuration changes that were made since the previous configuration state was saved.
Page 272: Configuration Rollback
Cisco IOS configuration rollback capability uses the concept of reverting to a specific configuration state based on a saved Cisco IOS configuration file. This concept is similar to the database idea of saving a checkpoint (a saved version of the database) to preserve a specific state.
Page 273: How To Use Configuration Replace And Configuration Rollback
No prerequisite configuration is needed to use the configure replace command. Using the configure replace command in conjunction with the Cisco IOS configuration archive and the archive config command is optional but offers significant benefit for configuration rollback scenarios. Before using the archive config command, the configuration archive must be configured.
Page 274: Performing A Configuration Replace Or Configuration Rollback Operation
Device# archive config command. Performing a Configuration Replace or Configuration Rollback Operation Perform this task to replace the current running configuration file with a saved Cisco IOS configuration file. Note You must create a configuration archive before performing this procedure. See...
Page 275 • The nolock keyword disables the locking of the running configuration file that prevents other users from changing the running configuration during a configuration replace operation. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 276 Use this command only if the time Device# configure confirm seconds keyword and argument of the configure replace command are specified. Step 5 exit Exits to user EXEC mode. Example: Device# exit System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 277: Monitoring And Troubleshooting The Feature
Device> enable Device# Step 2 show archive Use this command to display information about the files saved in the Cisco IOS configuration archive. Example: Device# show archive There are currently 1 archive configurations saved. The next archive file will be named flash:myconfiguration-2...
Page 278 Configuration Replace and Configuration Rollback Monitoring and Troubleshooting the Feature Step 3 debug archive versioning Use this command to enable debugging of the Cisco IOS configuration archive activities to help monitor and troubleshoot configuration replace and rollback. Example: Device# debug archive versioning 9 06:46:28.419:backup_running_config...
Page 279: Configuration Examples For Configuration Replace And Configuration Rollback
Configuration Rollback Creating a Configuration Archive The following example shows how to perform the initial configuration of the Cisco IOS configuration archive. In this example, flash:myconfiguration is specified as the location and filename prefix for the files in the configuration archive and a value of 10 is set as the maximum number of archive files to be saved.
Page 280: Reverting To The Startup Configuration File
Reverting to the Startup Configuration File The following example shows how to revert to the Cisco IOS startup configuration file using the configure replace command. This example also shows the use of the optional force keyword to override the interactive...
Page 281: Additional References For Configuration Replace And Configuration Rollback
Additional References for Configuration Replace and Configuration Rollback Related Documents Related Topic Document Title For complete syntax and usage information for Command Reference (Catalyst 9500 Series Switches) the commands used in this chapter. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 282: Feature History For Configuration Replace And Configuration Rollback
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 283: C H A P T E
ROMMON in the primary SPI flash device, if a new version is applicable, and the release you are upgrading from is Cisco IOS XE Gibraltar 16.12.1 or a later release. (So if you upgrade from Cisco IOS XE Gibraltar 16.11.1 for example, a manual upgrade does not apply; the ROMMON is...
Page 284: Capsule Upgrade
• If bootloader protection is already active, IOS copies the secure update capsule to bootflash and the device reboots. • When the device reboots, secure update capsule is picked for performing the upgrade. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 285: Feature History For Bios Protection
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 286 BIOS Protection Feature History for BIOS Protection System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 287: C H A P T E
An SMU provides a significant benefit over classic Cisco IOS software because it allows you to address network issues quickly while reducing the time and scope of the testing required. The Cisco IOS XE platform internally validates SMU compatibility and does not allow you to install noncompatible SMUs.
Page 288: Smu Workflow
3. Commit the SMU changes so that it is persistent across reloads. SMU Workflow The SMU process is initiated with a request to the Cisco Customer Support. Contact your customer support to raise an SMU request. At release time, the SMU package is posted to the...
Page 289: Managing An Smu Package
Step 3 install activate file flash: filename Runs compatibility checks, installs the package, and updates the package status details. Example: Device# install activate add file flash:cat9k_iosxe.BLD_SMU_20180302_085005_ TWIG_LATEST_20180306_013805.3.SSA.smu.bin System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 290: Configuration Examples For Software Maintenance Upgrade
Example: Managing an SMU Note • The examples used in this section are of hot patching SMU. The following example shows how to copy an SMU file to flash: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 291 C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin 16.9.1.0.43131 -------------------------------------------------------------------------------- Auto abort timer: inactive -------------------------------------------------------------------------------- The following example shows how to activate an added SMU package file: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 292 [ Switch 1 ] Active Package(s) Information: State (St): I - Inactive, U - Activated & Uncommitted, C - Activated & Committed, D - Deactivated & Uncommitted -------------------------------------------------------------------------------- Type Filename/Version -------------------------------------------------------------------------------- flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 293 [1] SMU_ROLLBACK package(s) on switch 1 [1] Finished SMU_ROLLBACK on switch 1 Checking status of SMU_ROLLBACK on [1] SMU_ROLLBACK: Passed on [1] Finished SMU Rollback operation SUCCESS: install_rollback /flash/cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin Mon System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 294 Auto abort timer: active on install_deactivate, time before rollback - 01:59:50 -------------------------------------------------------------------------------- The following example shows how to remove an SMU from the device: Device# install remove file flash:cat9k_iosxe.BLD_SMU_20180302_085005_TWIG_LATEST_20180306_013805.3.SSA.smu.bin System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 295: Additional References For Software Maintenance Upgrade
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 296 Support for this enhancement was introduced on all models of Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 297: C H A P T E
Device# show file systems Size(b) Free(b) Type Flags Prefixes - - opaque rw system: - - opaque rw tmpsys: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 298 (for example, the system) or a download interface, such as brimux. unknown—The file system is an unknown type. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 299: Setting The Default File System
You can view a list of the contents of a file system before manipulating its contents. For example, before copying a new configuration file to flash memory, you might want to verify that the file system does not System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 300 Jul 8 2015 11:18:33 +00:00 system-report_RP_0_20150708-111832-UTC.tar.gz 608491 -rw- 67587176 Aug 12 2015 05:30:35 +00:00 mcln_x86_kernel_20170628.SSA 608492 -rwx 74880100 Aug 12 2015 05:30:57 +00:00 stardust.x86.idprom.0718B 11250098176 bytes total (9128050688 bytes free) Device# System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 301: Changing Directories And Displaying The Working Directory
Command or Action Purpose Step 1 Displays the directories on the specified file dir filesystem: system. Example: For filesystem:, use flash: for the system board flash device. Device# dir flash: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 302: Removing Directories
Network file system URLs include ftp:, rcp:, tftp:, scp:, http:, and https: and have these syntaxes: • FTP—ftp:[[//username [:password]@location]/directory]/filename • RCP—rcp:[[//username@location]/directory]/filename • TFTP—tftp:[[//location]/directory]/filename • SCP—scp:[[//username [:password]@location]/directory]/filename • HTTP—http:[[//username [:password]@location]/directory]/filename System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 303: Deleting Files
You can create a file and write files into it, list the files in a file, and extract the files from a file as described in the next sections. Beginning in privileged EXEC mode, follow these steps to create a file, display the contents, and extract it: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 304 Only those files appear. If none are specified, all files and directories appear. Step 3 archive tar /xtract source-url flash:/file-url Extracts a file into a directory on the flash file [dir/file...] system. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 305: Additional References For Flash File System
This table provides release and related information for features explained in this module. These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 306 C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 307: C H A P T E
Factory reset erases all the customer-specific data stored in a device and restores the device to its original configuration at the time of shipping. Data that is erased includes configurations, log files, boot variables, System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 308: How To Perform A Factory Reset
The factory reset process is used in the following scenarios: • Return Material Authorization (RMA) for a device: If you have to return a device to Cisco for RMA, remove all the customer-specific data before obtaining an RMA certificate for the device.
Page 309 The range is from 1 to 16. • all: Selects all the switches in the stack. After the factory reset process is successfully completed, the device reboots and enters ROMmon mode. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 310: Configuration Example For Performing A Factory Reset
DO NOT UNPLUG THE POWER OR INTERRUPT THE OPERATION Are you sure you want to continue? [confirm] The following examples shows how to perform a factory reset on switches in a Cisco StackWise Virtual solution: Device> enable Device# factory-reset switch 2 all The factory reset operation is irreversible for all operations.
Page 311 % FACTORYRESET - Factory Reset Done for flash3 % FACTORYRESET - Unmounting flash7 % FACTORYRESET - Cleaning Up flash7 % FACTORYRESET - In progress.. please wait for completion... System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 312 % FACTORYRESET - Unmounting sd1 % FACTORYRESET - Cleaning Up sd1 [0] % FACTORYRESET - erase In progress.. please wait for completion... % FACTORYRESET - write zero... % FACTORYRESET - finish erase System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 313: Additional References For Factory Reset
For complete syntax and usage information for the Command Reference commands used in this chapter. Feature History for Performing a Factory Reset This table provides release and related information for features explained in this module. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 314 Cisco StackWise Virtual enabled devices is Cisco StackWise Virtual introduced. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 315: C H A P T E
Step 1 configure terminal Enters the global configuration mode. Example: Device# configure terminal Step 2 service private-config-encryption Enables the Secure Storage feature on your device. Example: DEvice(config)# service private-config-encryption System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 316: Disabling Secure Storage
The file is in ‘plain text’ format. Device#show parser encrypt file status Feature: Enabled File Format: Plain Text System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 317: Feature Information For Secure Storage
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 318 Configuring Secure Storage Feature Information for Secure Storage System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 319: C H A P T E
It allows you to observe detailed debugs for granular instances within the system. This is very useful when we need to debug only a particular session among thousands of sessions. It is also possible to specify multiple conditions. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 320: Introduction To Radioactive Tracing
/crashinfo/tracelogs. In the archive directory, up to 25 files are accumulated, after which the oldest one is replaced by the newly rotated file from /tmp. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 321: Configuring Conditional Debugging
# request platform software trace archive last 2 days Step 7 show platform software trace [filter-binary (Optional) Displays logs merged from the latest | level | message] tracefile. Filter on any combination of System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 322: Radioactive Tracing For L2 Multicast
MAC address ip Group IP address vlan id level debug level System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 323: Recommended Workflow For Trace Files
Copy to system: file system tftp: Copy to tftp: file system tmpsys: Copy to tmpsys: file system The general syntax for copying onto a TFTP server is as follows: System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 324: Monitoring Conditional Debugging
MAC Address 0024.D7C7.0054 N/A Feature Condition Type Value -----------------------|-----------------------|-------------------------------- Packet Infra debugs: Ip Address Port ------------------------------------------------------|---------- Device# The following is a sample of the debug platform condition stop command. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 325: Additional References For Conditional Debugging And Radioactive Tracing
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 326 Conditional Debug and Radioactive Tracing Feature History for Conditional Debugging and Radioactive Tracing System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 327: C H A P T E
In some debugging scenarios, the Cisco TAC engineer may have to collect certain debug information or perform live debug on a production system. In such cases, the Cisco TAC engineer will ask you (the network System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 328: Consent Token Authorization Process For System Shell Access
When you request access to system shell, you need to be authorized. You must first run the command to generate a challenge using the Consent Token feature on your device. The device generates a unique challenge as output. You must then copy this challenge string and send it to a Cisco Authorized Personnel through e-mail or Instant Message.
Page 329: Feature History For Consent Token
The Cisco Authorized Personnel processes the unique challenge string and generates a response. The response is also a base-64 string that is unique. The Cisco Authorized Personnel copies this response string and sends it to you through e-mail or Instant Message.
Page 330 C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 331: C H A P T E
C H A P T E R Troubleshooting the Software Configuration This chapter describes how to identify and resolve software problems related to the Cisco IOS software on the switch. Depending on the nature of the problem, you can use the command-line interface (CLI), Device Manager, or Network Assistant to identify and solve problems.
Page 332: Ping
Layer 2 Traceroute Guidelines • Cisco Discovery Protocol (CDP) must be enabled on all the devices in the network. For Layer 2 traceroute to function properly, do not disable CDP. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 333: Ip Traceroute
You can use IP traceroute to identify the path that packets take through the network on a hop-by-hop basis. The command output displays all network layer (Layer 3) devices, such as routers, that the traffic passes through on the way to the destination. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 334: Debug Commands
System reports or crashinfo files save information that helps Cisco technical support representatives to debug problems that caused the Cisco IOS image to fail (crash). It is necessary to quickly and reliably collect critical crash information with high fidelity and integrity. Further, it is necessary to collect this information and bundle it in a way that it can be associated or identified with a specific crash occurrence.
Page 335 TAC while troubleshooting the issue. The system report generated can be further copied using TFTP, HTTP and few other options. Device# copy crashinfo: ? crashinfo: Copy to crashinfo: file system System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 336: Onboard Failure Logging On The Switch
You can use the onboard failure logging (OBFL) feature to collect information about the device. The information includes uptime, temperature, and voltage information and helps Cisco technical support representatives to troubleshoot device problems. We recommend that you keep OBFL enabled and do not erase the data stored in the flash memory.
Page 337: Fan Failures
You should manually set the system clock or configure it by using Network Time Protocol (NTP). When the device is running, you can retrieve the OBFL data by using the show logging onboard privileged EXEC commands. If the device fails, contact your Cisco technical support representative to find out how to retrieve the data.
Page 338: How To Troubleshoot The Software Configuration
Before you begin Note Emergency install feature is not supported on the Cisco Catalyst 9500 Series High Performance Switches. This recovery procedure requires that you have physical access to the switch. This procedure uses boot loader commands and TFTP to recover from a corrupted or incorrect image file.
Page 339 For more details, see the documentation or "License Notice" file accompanying the IOS-XE software, or the applicable URL provided on the flyer accompanying the IOS-XE software. FIPS: Flash Key Check : Begin System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 340 If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to [email protected].
Page 341 System Bootstrap, Version 16.5.2r, RELEASE SOFTWARE (P) Compiled Wed 05/31/2017 15:58:35.22 by rel Current image running: Primary Rommon Image Last reset cause: SoftwareReload C9X00 platform with 8388608 Kbytes of main memory System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 342: Recovering From A Lost Or Forgotten Password
Ctrl-C to kill the bootup sequence. For Cisco Catalyst 9500 Series Switches, reconnect the power cord to the switch or the active switchAs soon as the System LED blinks, press and release the Mode button 2-3 times. The switch enters the ROMMON mode.
Page 343: Procedure With Password Recovery Enabled
Ignore the startup configuration with the following command: Device: SWITCH_IGNORE_STARTUP_CFG=1 Step 2 Boot the switch with the packages.conf file from flash. Device: boot flash:packages.conf Step 3 Terminate the initial configuration dialog by answering No. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 344 Set the SWITCH_IGNORE_STARTUP_CFG parameter to 0. Device(config)# no system ignore startupconfig switch all Device(config)# end Device# write memory Step 12 Boot the device with the packages.conf file from flash. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 345: Procedure With Password Recovery Disabled
Device: dir flash: The device file system appears. Directory of flash:/ 15494 drwx 4096 Jan 1 2000 00:20:20 +00:00 kirch 15508 -rw- 258065648 Sep 4 2013 14:19:03 +00:00 System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 346: Preventing Switch Stack Problems
• Make sure that the device that you add to or remove from the switch stack are powered off. For all powering considerations in switch stacks, see the “Switch Installation” chapter in the hardware installation guide. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 347: Preventing Autonegotiation Mismatches
If a remote device does not autonegotiate, configure the duplex settings on the two ports to match. The speed parameter can adjust itself even if the connected port does not autonegotiate. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 348: Troubleshooting Sfp Module Security And Identification
SFP modules and module interfaces. If you are using a non-Cisco SFP module, remove the SFP module from the device, and replace it with a Cisco module. After inserting a Cisco SFP module, use the errdisable recovery cause gbic-invalid global configuration command to verify the port status, and enter a time interval for recovering from the error-disabled state.
Page 349: Monitoring The Physical Path
Possible destinations include the console, virtual terminals, internal buffer, and UNIX hosts running a syslog server. The syslog format is compatible with 4.3 Berkeley Standard Distribution (BSD) UNIX and its derivatives. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 350: Using The Show Platform Forward Command
For this reason, use debug commands only to troubleshoot specific problems or during troubleshooting sessions with Cisco technical support staff. Moreover, it is best to use debug commands during periods of lower network traffic and fewer users. Debugging during these periods decreases the likelihood that increased debug command processing overhead will affect system use.
Page 351: Verifying Troubleshooting Of The Software Configuration
For more information about the commands in this section, see the command reference for this release. Verifying Troubleshooting of the Software Configuration Displaying OBFL Information Table 18: Commands for Displaying OBFL Information - Cisco Catalyst 9500 Series Switches - High Performance Command Purpose...
Page 352 Displays the UDI information for a standalone switch or the specified stack members and for Device# show onboard switch 1 environment all the connected FRU devices: the PID, the VID, and the serial number. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 353: Example: Verifying The Problem And Cause For High Cpu Utilization
This example shows normal CPU utilization. The output shows that utilization for the last 5 seconds is 8%/0%, which has this meaning: • The total CPU utilization is 8 percent, including both time running Cisco IOS processes and time spent handling interrupts.
Page 354 CPU time. troubleshoot the root cause. See the spent on interrupts. This is usually triggered by an section on “Debugging Active event that activated the process. Processes.” System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 355: Scenarios For Troubleshooting The Software Configuration
(available PoE). Use the show power inline command to verify the amount of available power. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 356 If there is still no PoE at any port, a fuse might be open in the PoE section of the power supply. This normally produces an alarm. Check the log again for alarms reported earlier by system messages. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 357: Configuration Examples For Troubleshooting Software
This example shows how to ping an IP host: Device# ping 172.20.52.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echoes to 172.20.52.3, timeout is 2 seconds: !!!!! System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 358: Example: Performing A Traceroute To An Ip Host
Table 23: Traceroute Output Display Characters Character Description The probe timed out. Unknown packet type. Administratively unreachable. Usually, this output means that an access list is blocking traffic. Host unreachable. Network unreachable. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 359: Additional References For Troubleshooting Software Configuration
C9500-24Y4C models of the Cisco Catalyst 9500 Series Switches. Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
Page 360 Troubleshooting the Software Configuration Feature History for Troubleshooting Software Configuration System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)

Cisco Catalyst 9500 Manual

Quick Links

Troubleshooting

Related Manuals for Cisco Catalyst 9500

Summary of Contents for Cisco Catalyst 9500