c29!35!37xx qos presentation for cenicv31

1© 2002, Cisco Systems, Inc. All rights reserved.

Catalyst Desktop Switches QoS Overview

Jean-François Vincent

Technical Marketing EngineerDesktop Switching Business Unit


Agenda

• Catalyst 1900

• Catalyst 2900XL/3500XL

• Catalyst 2940/2950/2955/3550

• Catalyst 2970/3750

• SmartPorts


Share Memory Switch Architecture


Catalyst 3550 Board Layout

TCAM’s

CPU

DRAM

Flash

PHY

SRAM

Port ASIC

Packet Memory

Switch Fabric

Many

components

make up the

base board of

a Catalyst

3550

Some of

those

components

are listed to

the right


Shared Memory Architecture Overview

NotifyRing

1 x Gb port1 x Gb port

CPUSubsystem

Satellite[GE]

Satellite[10/100]

Satellite[10/100]

Satellite[GE]

SharedMemory

TCAM

SRAM

SRAMSRAM

SRAM

Catalyst 3550


Catalyst 3550 Packet Walk

SharedMemory

10/100Satellite

ASICSRAM

10/100Satellite

ASICSRAM

PacketControl PlaneControl Plane

Packet

1. Packet arrives at satellite port 2. Ingress Satellite ASIC will perform a set of L2/L3 lookups, along with

processing QoS, Policing, Multicast and Security ACL’s3. Satellite upon processing this information will then send the packet to

the shared memory pool and notify the destination satellite over the notify ring of a pending packet that needs to be switched.

DataPlane

DataPlane


Catalyst 3550 Packet Walk

SharedMemory

10/100Satellite

ASICSRAM

10/100Satellite

ASICSRAM

PacketControl PlaneControl Plane

Packet

4. Egress satellite receives packet notification from source satellite5. Egress satellite retrieves packet from shared memory buffer pool6. Performs Output ACL processing, Packet rewrite and multicast

expansion7. Send frame out on egress port

DataPlane

DataPlane


Catalyst 1900/2820


Catalyst 1900/2820

No QoS

Launched in 1995

Evolution from the HUB


Catalyst 2900XL/3500XL


Catalyst 2900XL / 3500XL

• 2900XL First generation launched in Dec 97•4 MB of DRAM

• 2900XL Second generation launched in Dec 98

•Added .1q and ISL

•8 MB of DRAM

•Recognizable by its SKU number that finishes by –A or –EN (and also yellow letters on the Bezel).

• 3500XL launched in May 99


2900XL / 3500XL queues

• Switch will honor the CoS of tagged framed, will mark the CoS of untagged frames.

• 2 Queues

0-3 Low Priority

4-7 High Priority

• Strict Priority Scheduling.

• The 3548 XL & 3524-PWR XL can override the CoS of tagged framed with a default per port value.


Catalyst 2900XL / 3500XL QoS config

• Switch(config-if)#switch priority default 5

Will set the CoS of untagged frames to 5

• Switch(config-if)#switchport priority override

Will enable a 3548XL or 3524 PWR XL to also override the CoS of tagged frames to the value set by the previous command


Catalyst 2940/2950/2955


Catalyst 2940/2950/2955

•4 Queues

•Scheduling algorithm:

•Weighted Round Robin (WRR)

•Strict Priority (SP)

•2 families of features:

•Standard image (SI) 2940, 2950.

•Enhance Image (EI) 2950, 2955.


2950 Standard Image

• Bring basic QoS functionality:

–802.1q (ISL is no longer supported)

–CoS override

–Unicast/Multicast/Broadcast Storm Control

–Voice Vlan


2950 Enhanced Image

• Add more advanced QoS features:

–Ingress policing/ rate limiting

–Expedite queue (strict priority queuing)

–DSCP Mapping

–DSCP Filtering

–Auto QoS

181818© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID

How QoS Works

An Intelligent Delivery System


2950 EI QoS steps

Based on CoS, determine into which of the egress queues to place packet. Then service queues according to configured weights.

Classify packet based on ACE.

Determine if packet is in profile or out of profile based on policer associated with filter.

Based on whether packet is in or out of profile and configured parameters, determine whether to pass through, mark down, or drop packet. DSCP & CoS marked/changed accordingly.

Classification Policing MarkingQueue/

Schedule

Actions at Ingress

Actions at Egress


Classification

• Classification –process of distinguishing one kind of traffic from another by examining the Layer 2 through Layer 4 and QoS fields in the packet


Policing

• Policing – process of inspecting an Ethernet frame to see if it has exceeded a pre-defined rate of traffic within a certain timeframe


Marking

• Marking – the ability of the switch to modify the CoS bits in the Ethernet header or the ToS byte in the IPv4 header.


Output Queue Scheduling

• Output Queue Scheduling: Algorithm used to decide how queues are going to be served.


DSCP to CoS

• The switch will forward the packet to the specific priority queue depending on the DSCP value.

• This mapping is enabled globally per switch

• The DSCP-CoS mapping will apply on an interface when that interface is configured to trust DSCP.

• Packet with an unsupported DSCP value enters the switch, and the interface is configured to trust DSCP values, the CoS value for that packet will be set to 0 since the DSCP-CoS mapping cannot be applied.

• The CoS value for all non-IP packets on an interface configured to trust DSCP will also be set to 0.


DSCP to CoS Map

• Default DSCP to CoS values on 2950 EI

DSCP Value CoS Value

0 0

8 1

10 1

16 2

18 2

24 3

26 3

32 4

34 4

40 5

46 5

48 6

56 7


CoS to DSCP

• Map the Layer 2 priority to a Layer 3 priority.

• On the Catalyst 2950 EI, the mapping is applied globally.

• There are 8 possible mappings supported based on the 8 CoS values supported.

• The CoS-DSCP mapping will apply to an interface only if the interface is configured to trust CoS. This mapping can be overridden by a policy map configured on that interface.

• When an interface is configured to trust CoS, the DSCP value of all outgoing packets from this port will be modified according to the CoS-DSCP map.


• Default CoS to DSCP Values on a 2950 EI

CoS Value DSCP Value

0 0

1 8

2 16

3 24

4 32

5 40

6 48

7 56

CoS to DSCP Map


Commands

To enable CoS trust on an interface:

Switch(config)# interface FastEthernet0/10Switch(config-if)# mls qos trust cos

To enable DSCP trust on an interface:

Switch(config)# interface FastEthernet0/10Switch(config-if)# mls qos trust dscp

To force a specific QoS on a port:

Switch(config)# interface gigabitethernet0/1Switch(config-if)# mls qos cos 4Switch(config-if)# mls qos cos override


Commands

Display the current COS/DSCP maps:Switch> show mls qos mapsDscp-cos map:dscp: 0 8 10 16 18 24 26 32 34 40 46 48 56-----------------------------------------------cos: 0 1 1 2 2 3 7 4 4 5 5 7 7Cos-dscp map:cos: 0 1 2 3 4 5 6 7--------------------------------dscp: 0 8 16 24 32 40 48 56

Display the current COS to Queue map:

Switch> show wrr-queue cos-mapCoS Value : 0 1 2 3 4 5 6 7Priority Queue : 1 1 2 2 3 3 4 4


Commands

Define a CoS-to-DSCP map. (CoS values 0 to 7 are mapped to DSCP values 8, 8, 8, 8, 24, 32, 56, and 56.)

Switch# configure terminalSwitch(config)# mls qos map cos-dscp 8 8 8 8 24 32 56 56

Define a DSCP-to-CoS map. (DSCP values 16, 18, 24, and 26 are mapped to CoS 1. DSCP values 0, 8, and 10 are mapped to CoS 0).

Switch# configure terminalSwitch(config)# mls qos map dscp-cos 16 18 24 26 to 1Switch(config)# mls qos map dscp-cos 0 8 10 to 0

Define a CoS to queue mapSwitch(config)# wrr-queue cos-map 1 0 1 2Switch(config)# wrr-queue cos-map 2 3Switch(config)# wrr-queue cos-map 3 4 5Switch(config)# wrr-queue cos-map 4 6 7


CoS/DSCP Trust table

Untrusted State(no trust DSCP or CoS)

Trust DSCP Trust CoS

IP Packets •No modification to the packet made. The egress queue is derived from CoS-CoS queue mapping using CoS value of 0.

•Set the packet CoS as per DSCP-CoS map using supported DSCP value; otherwise set the packet CoS to 0.•Packet DSCP remains unmodified.•Egress queue is derived from CoS-CoS queue mapping using modified packet CoS.

•Set the DSCP value as per the CoS-DSCP mapping by using the packet CoS.•Packet CoS remains unmodified.•Egress queue is derived from CoS-CoS queue mapping using packet CoS.

Non-IP Packets •No modification to the packet made. The egress queue is derived from CoS-CoS queue mapping using CoS value of 0.

•Egress queue is derived from CoS-CoS queue mapping using CoS.

•Egress queue is derived from CoS-CoS queue mapping using CoS.


Policing

Policing involves creating a policer that specifies the bandwidth limits for the traffic.Packets that exceed the limits are out of profile or nonconforming. Each policer specifiesthe action to take for packets that are in or out of profile. These actions, carried out by the marker, include passing through the packet without modification, dropping the packet, or marking down the packet with a new DSCP value


Example of a simple policer

Define a class of traffic (category) called ixia-qos-2m-class. This class will identify the packets received that have their DSCP value set to 56:

class-map match-all ixia-qos-2m-class match ip dscp 56

Now that we are able to “detect” and classify these “special’ packets, let configure a policer (rule) that will limit a port to receive a maximum of 20Mbps (with a maximum burst size of 524288 bytes/s ) of that type (class) of packet:

policy-map test-2mbps-policy class ixia-qos-2m-class police 20000000 524288 exceed-action drop


Example of a simple policer

Attach the policer to a port (and enable DSCP trust)

mls qos trust dscpservice-policy input test-2mbps-policy


Scheduling

The last stage of the process consist of taking the packet out of the different priority queues and send them to their final destination. The technique use to “de-queue” the packets is referred to as the scheduling algorithm.

#4 Critical

#3 High

#2 Medium

#1 Low

Scheduling

4 queues


Scheduling

•Strict Priority Scheduling :The queue with the highest priority that contains packets is always served (packet from that queue are de-queued and transmitted). Packets within a lower priority queue will not transmit until all the higher-priority queues become empty

•Weighted Round Robin uses a number that indicates the importance (weight) of each queues. WRR scheduling prevents the low-priority queues from being completely neglected during periods of high-priority traffic. The WRR scheduler transmits some packets from each queue in turn. The number of packets it transmits corresponds to the relative importance of the queue.


SP Command

By default, the 2950 is configured to use SP. To enable SP queuing (when WRR was previously used) simply type:

Switch(config)# no wrr-queue bandwidth

Note that the scheduling algorithm is a global setting


WRR Commands

To enable WRR, simply assign the weights to each queues.

Switch(config)# wrr-queue bandwidth 5 10 25 60

To display the WRR weights table:

#show wrr-queue bandwidthWRR Queue : 1 2 3 4 Bandwidth : 5 10 25 60

Note that the value for queues 1 to 3 can range between 1-255, queue 4 value can rage between 0-255 (0 has a special meaning)


Strict Priority Queuing (Expedite Queue)

Strict Priority Queuing is based on a combination of SPS and WRR.

•Packets in the high-priority queue (4) use the SPS model and always transmit first.

•Packets in the low-priority queues(1-3) use WRR scheduling to transmit.

SPQ algorithm sets the highest priority queue to 0 and this value cannot be modified. The remaining three queues support weights from 1-255 exactly like WRR. Therefore, the queue structure can looks like this:



SPQ Command

To enable SPQ, simply assign weights to the WRR queues and make sure to assign a value of 0 to queue #4. The weight 0 is used to force that queue in a SP mode.

Switch(config)# wrr-queue bandwidth 10 30 60 0

To display the WRR weights table:



Auto QoS

The Auto QoS feature has been implemented on the Catalyst 2950 switch platform in order to give priority to Voice over IP traffic. By simply using one CLI command to enable Auto QoS on a per port basis, this feature automatically generates ‘trust’ and egress queue configuration for that port.

Auto QoS feature trusts COS values on the ingress ports and automatically maps the CoS values to DSCP values.


Auto QoS Trust

Switch(config-if)#auto qos voip trustwrr-queue bandwidth 20 1 80 0

no wrr-queue cos-map wrr-queue cos-map 1 0 1 2 4Switch(config-if)#wrr-queue cos-map 3 3 6 7wrr-queue cos-map 4 5

mls qos map cos-dscp 0 8 16 26 32 46 48 56interface FastEthernet0/10mls qos trust cos

The lowest value for a WRR queue is 1. When the WRR weight of a queue is set to 0, this queue becomes an expedite queue

Because the expedite queue (queue 4) contains the VoIP data traffic, the queue is serviced until empty


Auto QoS cisco-phone

Switch(config-if)#auto qos voip cisco-phonewrr-queue bandwidth 20 1 80 0

no wrr-queue cos-map wrr-queue cos-map 1 0 1 2 4Switch(config-if)#wrr-queue cos-map 3 3 6 7wrr-queue cos-map 4 5

mls qos map cos-dscp 0 8 16 26 32 46 48 56interface FastEthernet0/10mls qos trust device cisco-phonemls qos trust cos

The lowest value for a WRR queue is 1. When the WRR weight of a queue is set to 0, this queue becomes an expedite queue

Because the expedite queue (queue 4) contains the VoIP data traffic, the queue is serviced until empty


Catalyst 3550


Catalyst 3550 QoS

The 3550 has the QoS features of the 2950 EI and adds:

• Egress rate limiting

• Per port per VLAN ingress policing

• Congestion AvoidanceTail drop ( enabled by default)

Weighted Random Early Detect (WRED) (on GiG ports only, disabled by default)


Catalyst 3550 QoS Flow

Classification/Reclassification

Policing Marking

Queue/ Schedule

Congestion Control

QoS Actions at Ingress

QoS Actions at Egress

Trusted or untrusted ports

Identify packet groupsand label using DSCPor CoS

Ensure conformanceto a specified rate

Support for rate and burst

Act on Policerdecision

Re-class or dropout-of-profile

Four queues/port

WRR SchedulingStrict Priority Scheduling

WRED for congestioncontrol (2 thresholdsPer queue)

Egress Policing (up to 8Aggregate policers)


Congestion Avoidance

The switches support both Tail Drop and WRED as congestion avoidance techniques on the egress queues. Both techniques will drop packets when pre-configured thresholds on the egress queues have been reached.

IT allows assignment of two thresholds per egress queue and maps specific DSCP values to each drop threshold for both tail drop and WRED.

•Tail Drop will drop all packets with DSCP values assigned to the thresholds

• WRED will selectively drop assigned to the threshold.


Displaying DSCP threshold map

Display the DSCP threshold map

Switch> show mls qos interface gigabitethernet0/1 queueingGigabitEthernet0/1

Dscp-threshold map:d1 : d2 0 1 2 3 4 5 6 7 8 9---------------------------------------0 : 01 01 01 01 01 01 01 01 01 011 : 01 01 01 01 01 01 01 01 01 012 : 01 01 01 01 01 01 01 01 01 013 : 01 01 01 01 01 01 01 01 01 014 : 01 01 01 01 01 01 01 01 01 015 : 01 01 01 01 01 01 01 01 01 016 : 01 01 01 01


Setting the DSCP threshold MAP

This example shows how to map DSCP values 0 to 9 to threshold 1 and 10 to 14 to threshold 2:

Switch(config)# interface gigabitethernet0/1Switch(config-if)# wrr-queue dscp-map 1 0 1 2 3 4 5 6 7Switch(config-if)# wrr-queue dscp-map 1 8 9Switch(config-if)# wrr-queue dscp-map 2 10 11 12 13 14


Assigning threshold to queue

Assigning the Tail Drop thresholds to the 4 queues:

Switch(config)# interface gigabitethernet0/1Switch(config-if)# wrr-queue threshold 1 50 100Switch(config-if)# wrr-queue threshold 2 70 100Switch(config-if)# wrr-queue threshold 3 80 100Switch(config-if)# wrr-queue threshold 4 100 100

Assigning the WRED thresholds to the 4 queues:

Switch(config-if)# wrr-queue random-detect max-threshold 1 20 100Switch(config-if)# wrr-queue random-detect max-threshold 2 40 100Switch(config-if)# wrr-queue random-detect max-threshold 3 60 100Switch(config-if)# wrr-queue random-detect max-threshold 4 80 100

Note that Tail Drop and WRED are mutually exclusive


Ring Switch Fabrics

• Typically oversubscribed architecture• Only one module/port can access the fabric at

any given time• Buffering typically implemented at module level,

not in fabric itself• Well-suited for multicast and broadcast traffic

Switches Usinga Ring Fabric

Catalyst 2970/3750

Shared RingFabric

SwitchingSwitchingModuleModule



ForwardingForwardingEngineEngine




Catalyst 2970/3750


Catalyst 3750

32 Gbps stack interconnect

Stack up to 9 units

Separate stacking port

1:N master redundancy

Autoconfiguration and Cisco IOS version check/update

Cross-stack EtherChannel and QoS

Line-speed performance with QoS and ACLs for gigabit Ethernet

Hot add and delete of gigabit Ethernet and Fast Ethernet chassis in same stack

Patented cable connector

Click the following link to get Kaon’s PowerPoint Viewer add-in: http://www.kaon.ws/ppinst.php

After loading Kaon’s plugin, this 3D model can be viewed in presentation mode

Unified stacking, behaving as a single unit

http://www.kaon.ws/ppinst.php

http://www.kaon.ws/ppinst.php


Catalyst 3750 StackWise Architecture

Ethernet Port ASICEthernet Port ASIC

TCAMTCAM

Fast or Gigabit

Ethernet Interfaces


TCAMTCAM

Fast or Gigabit

Ethernet Interfaces

StackStackInterfaceInterface

CPUCPUEthernet Port ASICEthernet Port ASIC

TCAMTCAM

Fast or Gigabit

Ethernet Interfaces

StackRings

Switch 1


Catalyst 3750 StackWise Architecture


TCAMTCAM

Fast or Gigabit

Ethernet Interfaces


TCAMTCAM

Fast or Gigabit

Ethernet Interfaces

StackStackInterfaceInterface

CPUCPUEthernet Port ASICEthernet Port ASIC

TCAMTCAM

Fast or Gigabit

Ethernet Interfaces

StackRings

Switch 1

Switch 2

Switch 3


Stacking Highlights

Port ASIC

Stack is two 16 Gbps counter-rotating rings

– Data on both rings when fully connected (32 Gbps)

– Loopbacks provide healing

Port ASIC Port ASIC

Port ASIC Port ASIC Port ASIC

Port ASIC Port ASIC Port ASIC

Two rings of 16 Gbps for

a total of 32G


Healing a Missing Cable

Both ends of cable loop Ring back on themselves

– 16 Gbps backplane when cable is missing

Port ASIC

Missing Cable

Port ASICPort ASIC

Port ASICPort ASICPort ASIC


Loopbacks


Healing a Failed System

Both links to failed system loop Ring back on themselves

Port ASIC

Failed System

Port ASICPort ASIC



Loopbacks


StackWise Demo Video


Stacking Bandwidth: FE vs. GE capable Gigastack vs. StackWise™

• 1 Gig Shared interconnect

Optimized for FE/low density GE

• Uses “extra” Gig ports to interconnect stack

• No Stack QoS to prioritize traffic

• No unified forwarding

• Redundancy based on STP

Switch/link failure causes Stack failure

• Switches function as logically separate - with superior L2 connectivity

• 32Gbps ring interconnect

• Increase in bandwidth to support GTTD

• Stacking separate from Gig Uplink portsIncreases available ports = increased customer value

• Stack-wide QoS

• All packets are switched via the ring

• Master switch redundancy on stackSwitch/Link failure is detected and ring “heals” itself

• Stack functions as one logical unit with unified forwarding of L2 & L3 traffic

Catalyst 3500 series XL









Catalyst 3750 QoS Model

Classification Policing Marking

Egress Queue/Schedule

Congestion Control

QoS Actions at Ingress

QoS Actions at Egress

Inspect incoming packets

Based on ACLs or configuration, determine Classification Label

Ensure conformanceto a specified rate.

On an aggregate or Individual flow basisUp to 256 policers per Port ASIC.

Support for rate and burst

Act on Policerdecision.

Reclass or dropout-of-profile.

Four queues/portSRR servicing

WTD for congestioncontrol (3 thresholdsPer queue)

Egress Shaping &Rate Limiting

Classification Label QoS LabelIngress Queue/

Schedule

Congestion Control

Four queues/port ASICSRR servicing.

WTD for congestioncontrol. (3 thresholdsPer queue)


Differences from Catalyst 3550

• Two user-configurable ingress queues / switching ASIC, that can be shared

• Support for 256 Policers / Port ASIC

Maximum of 64 policers / port

• Support for Shaping and Sharing of 4 egress queues

• Shaped Round Robin (SRR) is used for queue servicing

• Weighted Tail Drop (WTD), with 3 thresholds on each queue, for congestion avoidance


SRR

Q1 Q2 Q3 Q4

Round-robin

Weight = 3Weight = 2 Weight = 4 Weight = 1

Packets order after round-robin:

Weighted Round-robin(WRR) : Q1, Q1, Q2, Q2, Q2, Q3, Q3, Q3, Q3, Q4, …..

Shaped Round Robin (SRR): Q1, Q2, Q3, Q4, Q1, Q2, Q3, Q2, Q3, Q3, …..

Protects against overwhelming buffers with huge bursts of traffic


Classification

• Classification performed on ingress interface/port

• Classification can be based on:

Port State (trust or untrusted)

Port Policy (policy-map/ACL)

• Based on Classification, a Classification Label is created that ensures correct QoS is applied on each packet, internal to the switch


2970/3750 Ingress Policing

• Support for individual and aggregate policing

• Future support for per port, per vlan policing

• Support for 256 policers/ port ASIC

Maximum 64 policers / port

• Policers/policy map can only be attached to physical interfaces

• Rate range is 8000 bits to 1000000000 bits (8Kb – 1Gb) for all ports, in increments of 8000 bits

• Burst range is 8000 bytes to 1000000 bytes (8KB – 1MB)


2970/3750 Ingress Queuing and Scheduling

• Two user-configurable ingress queues/ ASIC

Two more queues reserved for the system

One queue is an expedite queue – by default maps to voice traffic

• Queues can be shared but not shaped

• Shaped Round Robin is used to service these queues

• Weighted Tail Drop with 3 thresholds is used for congestion avoidance (better than WRED)


Ingress queues threshold setting

This example shows how to map DSCP values 0 to 6 to ingress queue 1 and to threshold 1 with a drop threshold of 50 percent. It maps DSCP values 20 to 26 to ingress queue 1 and to threshold 2 with a drop threshold of 70 percent:

Switch(config)# mls qos srr-queue input dscp-map queue 1 threshold 1 0 1 2 3 4 5 6Switch(config)# mls qos srr-queue input dscp-map queue 1 threshold 2 20 21 22 23 24 25 26Switch(config)# mls qos srr-queue input threshold 1 50 70

Note: Threshold can be set on DSCP or CoS


2970/3750 Egress Queuing, scheduling & Shaping

• Four egress queues per port

• SRR used to manage the queues

• WTD used for congestion avoidance

• Egress Queues are shaped (better than policed)

CLI for Intf. Command:

srr-queue bandwidth shape <queue-1 weight> <queue-2 weight> ….


Shaping –An improvement over Policing!

Buffering of data allows TCP windowing and traffic back-off time

More sophisticated that simple dropping of pkts done by policing!


QoS statistics

Category Definition

DSCP incoming Number of received packets for each DSCP value.

DSCP outgoing Number of sent packets for each DSCP value.

CoS incoming Number of received packets for each class of service (CoS) value.

CoS outgoing Number of sent packets for each CoS value.

Output queues enqueued

Number of packets enqueued per egress queue and drop threshold.

Output queues dropped Number of packets dropped per egress queue and drop threshold.

Policer in profile Number of in profile packets for each policer.

Policer out of profile Number of out of profile packets for each policer.

show mls qos int <interface> stat.


SmartPorts


Cisco Device Network – Interface Types

AccessAccessL2+L2+

AccessAccessL2+L2+

AccessAccessL2+L2+

AccessAccessL2+L2+

SiSi

SiSi

WAN /Internet

1

2

3

4

5

6

1: IP Phone + Standard Desktop 2: Standard Desktop3: Access Point 4: Inter-Switch Trunk5: Connection to Server 6: Uplink to Router


Smartports Addressing complexity and consistency of operation within a Role

Example – Access Switch in Campus

Access SwitchAccess Switch

• Standard templates can be applied for Products on a per Role basis

• Apply sophisticated Layer 2 and Layer 3 Features

• Provide “Secret Sauce” that represents Cisco “Best Practices”

• SMARTPORTS Templates for this

• Breaks a Role down to the port level

1. IP Phone + Standard Desktop

2. Standard Desktop

3. Access Point

AccessAccessL2+L2+

1

2

3


Smartports Example for CampusNarrows the deployment options for customers

• Consistent Short form Macros across Products

• Consistent operation for all Products

AccessAccessL2+L2+

1

2

3

Access Switch in Campus Role

Products6500 4500 3750

! Enable dynamic port error recovery for link state failures. errdisable recovery cause link-flap

errdisable recovery cause udlderrdisable recovery interval 60

! VTP requires Transparent mode for future 802.1x Guest VLAN! and current Best Practicevtp domain [smartports]vtp mode transparent ! Enable aggressive mode UDLD on all fiber uplinksudld aggressive ! Enable Rapid PVST+ and Loopguardspanning-tree mode rapid-pvstspanning-tree loopguard defaultspanning-tree extend system-id

! Enable dynamic port error recovery for link state!failureserrdisable recovery cause link-flap errdisable recovery cause udlderrdisable recovery interval 60 ! VTP requires Transparent mode for future 802.1x Guest VLAN ! and current Best Practice vtp domain [smartports]vtp mode transparent ! Enable aggressive mode UDLD on all fiber uplinks udld aggressive ! Enable Rapid PVST+ and Loopguard spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree extend system-id

! Enable dynamic port error recovery for link state failures. errdisable recovery cause link-flap

errdisable recovery cause udlderrdisable recovery interval 60

! VTP requires Transparent mode for future 802.1x Guest VLAN! and current Best Practicevtp domain [smartports]vtp mode transparent ! Enable aggressive mode UDLD on all fiber uplinksudld aggressive ! Enable Rapid PVST+ and Loopguardspanning-tree mode rapid-pvstspanning-tree loopguard defaultspanning-tree extend system-id

Global Commands for Access Switch Role

interface range FastEthernet0/[1 - 48] switchport access vlan [data] switchport mode access switchport voice vlan [voice]

! Enable port security limiting port to 3 MAC addresses. Ensure age is ! greater than one minute and use inactivity timer switchport port-security switchport port-security maximum 3 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity

! Enable auto-qos to extend trust to attached Cisco phone auto qos voip cisco-phone ! Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable

! Reset all end-station interfaces to default configuration (global command)default interface range FastEthernet[1]/0/[1 - 48] ! VoIP enabled interface - Enable voice (VVID) and data VLAN interface range FastEthernet[1]/0/[1 - 48] switchport access vlan [data] switchport mode access switchport voice vlan [voice]! Enable port security limiting port to 3 MAC addresses. Ensure age is! greater than one minute and use inactivity timer switchport port-security switchport port-security maximum 3 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity

! Enable auto-qos to extend trust to attached Cisco phone auto qos voip cisco-phone ! Configure port as an edge network port

! Ensure that another switch cannot become active on this interface spanning-tree portfast spanning-tree bpduguard enable

interface range FastEthernet0/[1 - 48] switchport access vlan [data] switchport mode access switchport voice vlan [voice]

! Enable port security limiting port to 3 MAC addresses. Ensure age is ! greater than one minute and use inactivity timer switchport port-security switchport port-security maximum 3 switchport port-security violation restrict switchport port-security aging time 2 switchport port-security aging type inactivity

! Enable auto-qos to extend trust to attached Cisco phone auto qos voip cisco-phone ! Configure port as an edge network port spanning-tree portfast spanning-tree bpduguard enable

Interface Commands for Port Type by Role


Smartports (Role Based Macro) Creation (STEP 1)

• The following sequence could be optionally used in place of CMS to create and apply a template to a Catalyst switch configuration.

• Static Role Based Macro Creation (STEP 1)

Log on to the switch via a serial console connection

Using IOS version 12.1(19)EA1 or above, enter the ‘macro name <word>’ global configuration command via CLI. The following CLI output will result -

Switch(config)#macro name cisco-desktopEnter macro commands one per line. End with the

character '@'

NOTE: The keyword ‘cisco-desktop’ was used as an example. Users can key in any meaningful name of their choice



• Create a list of commands that you’d like to see in the port configuration

• Refer to the SMB Configuration Reference Guide for sample templates

• Sample CLI for 2950 EI Default Standard Desktop Template below -

! Basic interface - Enable data VLAN only switchport access vlan 2switchport mode access ! Enable port security limiting port to a single MAC addresses! Ensure age is greater than one minute and use inactivity timer switchport port-security ! “Port-security maximum 1” is the default and will not show up in the configswitchport port-security violation restrictswitchport port-security aging time 2switchport port-security aging type inactivity

! Configure port as an edge network portspanning-tree portfastspanning-tree bpduguard enable

! Remark all inbound data packets with COS=0 & DSCP=0 mls qos cos override



• Manually Paste the Standard Desktop template created using the editor into CLI where IOS prompts you for the commands

• As per the ‘@’ sign above, you can exit the macro mode at any time by keying in the ‘@’ key to return to global configuration mode on CLI

Switch(config)# macro name cisco-desktopEnter macro commands one per line. End with the character '@'.! Basic interface - Enable data VLAN onlyswitchport access vlan 2switchport mode access! Enable port security limiting port to a single MAC addresses! Ensure age is greater than one minute and use inactivity timer switchport port-security! Port-security maximum1 is the default and will not! Show up in the configswitchport port-security violation restrictswitchport port-security aging time 2switchport port-security aging type inactivity! Configure port as an edge network portspanning-tree portfastspanning-tree bpduguard enable! Remark all inbound data packets with COS=0 & DSCP=0mls qos cos override@



• Finally, use CLI to navigate to the interface or interface range level in order to apply the macro to specific ports as follows -

Switch(config)#int fa0/1Switch(config-if)#macro ? apply Apply a macro description Macro description for this interface trace Apply a macro with tracing onSwitch(config-if)#macro apply ? WORD Name of the macro to applySwitch(config-if)#macro apply cisco-desktop ? <cr>

Switch(config-if)#macro apply cisco-desktop%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this interface when portfast is enabled, can cause temporary bridging loops. Use with CAUTION%Portfast has been configured on FastEthernet0/1 but will only have effect when the interface is in a non-trunking mode.


Smartports Creation Sequence Summary

STEP 1: Enter Smartports Macro Name

STEP 2: Create a list of commands that you’d like to see in the switch port configuration

STEP 3: Manually paste the list of commands created in STEP 2 into CLI when prompted by the ‘macro name <word>’ command

STEP 4: Apply the Smartports Macro to a switch interface or a range of interfaces


Smartports Feature command output

• The following IOS commands can be entered to verify Smartports

Command Purpose

macro description text (Optional) Enter a description about the macro that is applied to the interface

show parser macro Verify that the macro was created

show running-config interface Verify that the macro is applied to an interface


Cluster Management Suite (CMS)

• After Express Setup, use CMS for advanced configurations of multiple switches and ports simultaneously

• CMS is supported on all Catalyst 3750, 3550, 2950, 2970, 2940, 3500 XL, and 2900 XL switches

• Up to 16 of these switches can be managed at once – “one click upgrade” possible for entire cluster!

Cross Launch AP Device Manager

Cross Launch SDM


Smartports Macro Configuration via CMS

1. Launch Smartports Window from CMS Tree View Bar

2. Select related Switch-ports from Front Panel View

3. Click on Modify Button to apply a Smartports Macro

4. Assign one of the following Default Templates based on connection type –

Cisco Desktop

Cisco Desktop + IP Phone

Cisco Switch to Switch Connection

Cisco Switch to Router Uplink


Sophisticated Intelligent Services Made Easy

• Extensive, context-sensitive help files

No need to access an external Web site for help

• One-click for easy software upgrades

• Smartports Configuration via CMS

• Manage multiple clusters from one web interface

• Cross Launch SDM in order to Manage Cisco Routers

• Ability to see Cisco IP Phones and Wireless AP’s via CMS Topology View

c29!35!37xx qos presentation for cenicv31

Documents