EtherChannel Between Catalyst 3550/3560/3750 Series Switches and Catalyst Switches Running Cisco IOS System Software Configuration Example

No comments

Contents

Introduction
Prerequisites
Requirements
Components Used
Conventions
Background Theory
Important Notes
Configure
Network Diagram
Configurations
Verify
Catalyst 3550
Catalyst 6500/6000
Troubleshoot
Err-Disable State
“speed nonegotiate” Command Does not Appear in the Running Configuration
Related Information

Introduction

This document provides a sample configuration for how to set up an EtherChannel between a Catalyst 3550 and a Catalyst 6500/6000 running Cisco IOS® System Software. EtherChannel can be called Fast EtherChannel or Gigabit EtherChannel, depending upon the speed of interfaces or ports used to form the EtherChannel.

Note: The EtherChannel commands applied to the Catalyst 3550 switch in this document can also be applied to Catalyst 3750 series switches.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Catalyst 3550 switch running Cisco IOS® Software Release 12.1(14)EA
  • Catalyst 6500/6000 switch running Cisco IOS® Software Release 12.1(13)E1

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Theory

In this document, two Gigabit Ethernet interfaces on a Catalyst 3550 switch — the GigabitEthernet interface on the 3500 is a 10/100/1000 negotiated Ethernet interface — have been bundled into a Fast EtherChannel with two Fast Ethernet interfaces from a Catalyst 6500/6000 switch running Cisco IOS System Software to form a Layer 2 (L2) EtherChannel.

Note: In this document, Fast EtherChannel, Gigabit EtherChannel, port channel, and channel group all refer to EtherChannel.

The Catalyst switch configuration in this document applies to any Catalyst 6500/6000 or Catalyst 4500/4000 series switch running Cisco IOS System Software.

This document shows configuration files for the switches only, as well as output from the related sample show commands. For details on how to configure an EtherChannel, refer to these documents:

Important Notes

EtherChannel can be configured manually with the appropriate commands. You can also configure the EtherChannel automatically with Port Aggregation Protocol (PAgP) in order to have the switch negotiate the channel with the other side. For details on PAgP, refer to these documents:

The configurations in this document are implemented with use of the desirable mode. If you plan to configure the EtherChannel manually, use the steps provided in order to create a port channel. This avoids problems with Spanning Tree Protocol (STP) during the configuration process. STP can shut down some ports, with a port status of error-disabled [errdisable], if one side is configured as a channel before the other side can be configured as a channel.

Perform these steps in order to create a port channel:

  1. Leave the interfaces to be used in port channeling as administratively shutdown.
  2. Create the port channel (channel group) on the Catalyst 6500/6000 switch.

    Ensure that you set the channel mode to on, for example, channel-group 1 mode on.

  3. Create port channels on the Catalyst 3550, 3560 or 3750 switch.

    Ensure that you set the channel mode to on.

  4. Reenable the interfaces that were disabled earlier on the Catalyst 6500/6000 switch with the no shut command.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool (registered customers only) .

Network Diagram

This document uses the network setup shown in this diagram:

89-a.gif

Note: The Gigabit Ethernet interface on the Catalyst 3550 is a 10/100/1000 Mbps negotiated Ethernet interface. The Gigabit port on the Catalyst 3550 can also be connected to a FastEthernet (100 Mbps) port on a Catalyst 6500/6000.

Note: The Catalyst 3750 series switches support cross-stack EtherChannel, which allows interfaces from different stack switches to be members of the same EtherChannel group. For more information on EtherChannel in a stacked switch environment, refer to the EtherChannel and Switch Stacks section of the Configuring EtherChannels documentation for Catalyst 3750 series switches.

Configurations

This document uses these configurations:

Configuring EtherChannel.

Catalyst 3550

Building configuration...
Current configuration : 1610 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cat3550
!
enable password ww
!
ip subnet-zero
no ip finger
!
!
!
!
!--- A logical port-channel interface is automatically created
!--- when ports are grouped into a channel group.

interface Port-channel 1


!--- In this example, the L2 EtherChannel is configured.
!--- A Layer 3 (L3) EtherChannel can also be configured on the Catalyst 3550 switches.
!--- For more information, refer to the document 
switchport mode access no ip address snmp trap link-status!

!--- Note: The Gigabit Ethernet interface on the Catalyst 3550 is a
!--- 10/100/1000 Mbps negotiated Ethernet interface. The Gigabit port on the Catalyst 3550 is
!--- connected to a FastEthernet (100 Mbps) port on the Catalyst 6500/6000.

!--- The port is a member of channel group 1.

interface GigabitEthernet0/1
switchport mode access
no ip address
snmp trap link-status
channel-group 1 mode desirable
!


!--- The port is a member of channel group 1.

interface GigabitEthernet0/2
switchport mode access
no ip address
snmp trap link-status
channel-group 1 mode desirable
!
interface GigabitEthernet0/3
switchport mode access
no ip address
snmp trap link-status
!


!--- Output suppressed.

interface GigabitEthernet0/12
switchport mode access
no ip address
snmp trap link-status


!--- Interface VLAN1 is required for management purposes.

interface Vlan1
ip address 10.1.1.1 255.255.255.0
!
ip classless
ip http server
!
!
line con 0
transport input none
line vty 5 15
!
end

Catalyst 6500/6000

Building configuration...

Current configuration : 5869 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cat6500
!
boot buffersize 126968
boot bootldr bootflash:c6msfc-boot-mz.121-4.E1
enable password ww
!
redundancy
 main-cpu
  auto-sync standard
ip subnet-zero
!
!
no ip finger
!
!
!
!


!--- A logical port-channel interface is automatically created
!--- when ports are grouped into a channel group.

interface Port-channel 1
 no ip address
 switchport
 switchport mode access
!
interface GigabitEthernet1/1
 no ip address
 shutdown
!
interface GigabitEthernet1/2
 no ip address
 shutdown
!

!--- Note: The Gigabit Ethernet interface on the Catalyst 3550 is a
!--- 10/100/1000 Mbps negotiated Ethernet interface. The Gigabit port on the Catalyst 3550 is
!--- connected to a FastEthernet (100 Mbps) port on the Catalyst 6500/6000.

interface FastEthernet3/1
 no ip address


!--- In this example, the L2 EtherChannel is configured.
!--- An L3 EtherChannel can also be configured on the Catalyst 6500/6000 running
!--- Cisco IOS System Software. For more details, refer to the document
!--- Configuring EtherChannel.

!--- On a Catalyst 6500/6000, you must issue the switchport
!--- command once, without any keywords, in order to configure the interface as an L2 port.
!--- By default, all the ports are router ports (L3 ports).
!--- On a Catalyst 4500/4000 switch, all ports are L2 ports by default;
!--- no additional command is required.

switchport

!--- This command puts the interface in VLAN1, by default.

switchport mode access

!--- The port is a member of channel group 1.

channel-group 1 mode desirable
!
interface FastEthernet3/2
 no ip address

!--- On a Catalyst 6500/6000, you must issue the switchport
!--- command once, without any keywords, in order to configure the interface as an L2 port.
!--- By default, all the ports are router ports (L3 ports).
!--- On a Catalyst 4500/4000 switch, all ports are L2 ports by default;
!--- no additional command is required.

 switchport

!--- This command puts the interface in VLAN1, by default.

 switchport mode access

!--- The port is a member of channel group 1.

 channel-group 1 mode desirable
!
interface FastEthernet3/3
 no ip address
switchport
 switchport mode access
!


!--- Output suppressed.

!
interface FastEthernet3/48
 no ip address
switchport
 switchport mode access
!


!--- Interface VLAN1 is required for management purposes.

interface Vlan1
 ip address 10.1.1.2 255.255.255.0
!
ip classless
no ip http server
!
!
!
line con 0
 transport input none
line vty 0 4
!
end

Note: This configuration example shows an EtherChannel configuration with access links. The same configuration applies to EtherChannel trunk links. Issue the switchport mode trunk command, or allow the switches to negotiate the mode with the dynamic desirable mode. For more information on how to configure trunking, refer to the Configuring VLAN Trunks section of the document Configuring VLANs.

Verify

Certain show commands are supported by the Output Interpreter Tool (registered customers only) , which allows you to view an analysis of show command output.

In order to verify the port channel in Catalyst 6500/6000 and Catalyst 3500 switches running Cisco IOS System Software, issue these commands:

  • show interfaces port-channel channel-group-number
  • show etherchannel channel-group-number summary

In order to check the STP status in Catalyst 6500/6000 and Catalyst 3500 switches running Cisco IOS System Software, issue this command:

  • show spanning-tree vlan vlan-number detail
Catalyst 3550
Cat3550# show interface port-channel 1
Port-channel1 is up, line protocol is up
Hardware is EtherChannel, address is 0002.4b28.db02 (bia 0002.4b28.db02)
MTU 1500 bytes, BW 200000 Kbit, DLY 1000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s
input flow-control is off, output flow-control is off
 Members in this channel: Gi0/1 Gi0/2
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:03:27, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
26 packets input, 5344 bytes, 0 no buffer
Received 17 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
59 packets output, 5050 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

Cat3550# show spanning-tree vlan 1 detail

VLAN1 is executing the ieee compatible Spanning Tree protocol
 Bridge Identifier has priority 32768, address 0002.4b28.db01
 Configured hello time 2, max age 20, forward delay 15
 We are the root of the spanning tree
 Topology change flag not set, detected flag not set
 Number of topology changes 1 last change occurred 00:00:38 ago
         from Port-channel1
 Times:  hold 1, topology change 35, notification 2
         hello 2, max age 20, forward delay 15
 Timers: hello 0, topology change 0, notification 0, aging 0

 Port 65 (Port-channel1) of VLAN1 is forwarding
  Port path cost 12, Port priority 128, Port Identifier 128.65.
  Designated root has priority 32768, address 0002.4b28.db01
  Designated bridge has priority 32768, address 0002.4b28.db01
  Designated port id is 128.65, designated path cost 0
  Timers: message age 0, forward delay 0, hold 0
  Number of transitions to forwarding state: 1
  BPDU: sent 34, received 0

Cat3550# show etherchannel 1 summary
Flags:  D - down        P - in port-channel
       I - stand-alone s - suspended
       R - Layer3      S - Layer2
       U - port-channel in use
Group Port-channel  Ports
-----+------------+-----------------------------------------------------------
1     Po1(SU)     Gi0/1(P)   Gi0/2(P)

Cat3550# ping 10.1.1.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
Catalyst 6500/6000
Cat6500# show interface port-channel 1
Port-channel1 is up, line protocol is up
 Hardware is EtherChannel, address is 0002.7ef1.36e1 (bia 0002.7ef1.36e1)
 MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation ARPA, loopback not set
 Full-duplex, 100Mb/s
 Members in this channel: Fa3/1 Fa3/2
 ARP type: ARPA, ARP Timeout 04:00:00
 Last input never, output never, output hang never
 Last clearing of "show interface" counters never
 Queueing strategy: fifo
 Output queue 0/40, 0 drops; input queue 0/2000, 0 drops
 5 minute input rate 1000 bits/sec, 1 packets/sec
 5 minute output rate 0 bits/sec, 0 packets/sec
    407 packets input, 34994 bytes, 0 no buffer
    Received 311 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 input packets with dribble condition detected
    93 packets output, 16598 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier
    0 output buffer failures, 0 output buffers swapped out

Cat6500# show spanning-tree vlan 1 detail

VLAN1 is executing the ieee compatible Spanning Tree protocol
 Bridge Identifier has priority 32768, address 00d0.024f.6001
 Configured hello time 2, max age 20, forward delay 15
 Current root has priority 32768, address 0002.4b28.db01
 Root port is 833 (Port-channel1), cost of root path is 12
 Topology change flag not set, detected flag not set
 Number of topology changes 0 last change occurred 00:02:13 ago
 Times:  hold 1, topology change 35, notification 2
         hello 2, max age 20, forward delay 15
 Timers: hello 0, topology change 0, notification 0, aging 300

 Port 833 (Port-channel1) of VLAN1 is forwarding
  Port path cost 12, Port priority 128, Port Identifier 131.65.
  Designated root has priority 32768, address 0002.4b28.db01
  Designated bridge has priority 32768, address 0002.4b28.db01
  Designated port id is 128.65, designated path cost 0
  Timers: message age 1, forward delay 0, hold 0
  Number of transitions to forwarding state: 1
  BPDU: sent 0, received 66

Cat6500# show etherchannel 1 summary
Flags:  D - down        P - in port-channel
       I - stand-alone s - suspended
       R - Layer3      S - Layer2
Group Port-channel  Ports
-----+------------+-----------------------------------------------------------
1     Po1(SU)     Fa3/1(P)   Fa3/2(P)

Cat6500# ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Troubleshoot

Err-Disable State

A common issue during EtherChannel configuration is that the interfaces go into err-disable mode. This can be seen when Etherchannel is switched to the ON mode in one switch, and the other switch is not configured immediately. If left in this state for a minute or so, STP on the switch where EtherChannel is enabled thinks there is a loop. This causes the channeling ports to be put in err-disable state. See this example for more information on how to determine if your EtherChannel interfaces are in the err-disable state:

%SPANTREE-2-CHNL_MISCFG: Detected loop due to etherchannel misconfiguration of Gi0/9
%PM-4-ERR_DISABLE: channel-misconfig error detected on Po10, putting Gi0/9 in err-disable state
%PM-4-ERR_DISABLE: channel-misconfig error detected on Po10, putting Gi0/10 in err-disable state
Switch1#show etherchannel summary
Flags:  D - down        P - in port-channel
       I - stand-alone s - suspended
       H - Hot-standby (LACP only)
       R - Layer3      S - Layer2
       u - unsuitable for bundling
       U - in use      f - failed to allocate aggregator
       d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
10     Po10(SD)         -        Gi0/9(D)    Gi0/10(D)

Switch1#show interfaces GigabitEthernet 0/9 status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/9                        err-disabled 1            auto   auto 10/100/1000BaseTX

Switch1#show interfaces GigabitEthernet 0/10 status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/10                       err-disabled 1            auto   auto 10/100/1000BaseTX

The error message states that the EtherChannel encountered a spanning tree loop. To resolve the issue, set the channel mode to desirable on both sides of the connection, and then re-enable the interfaces:

Switch1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Switch1(config)#interface gi0/9
Switch1(config-if)#channel-group 10 mode desirable

This causes each side to form a channel only if they both agree to channel. If they do not agree to channel, they continue to function as normal ports.

After the channel mode is set to desirable on both the sides of the connection, issue the shutdown and no shutdown commands on the associated interface to re-enable the ports by manually:

Switch1(config-if)#shutdown
Switch1(config-if)#no shutdown
“speed nonegotiate” Command Does not Appear in the Running Configuration

The speed nonegotiate command configured on a port channel does not always appear in the running configuration. This happens because nonegotiate on port channel interface depends on that of bundled ports. It is inserted when the port channel is active and based on the individual channel ports configuration.

Continue reading EtherChannel Between Catalyst 3550/3560/3750 Series Switches and Catalyst Switches Running Cisco IOS System Software Configuration Example
,

How to convert / migrate image based vm (guest / dom-U) to LVM based vm (virtual machine)-(Guest / dom-U) using xen.

2 comments
Hi all, In this article we will learn how to install virtual machine on sparse file (image file) and how to migrate / move it to LVM based storage / disk. It is recommended to use LVM based partition to install virtual machines for productions environment, as you may experience performance issues if you use images (sparse files) to install virtual machine.

How to install virtual machine on image based disk ...

I will presume that you have a server running xend on it. In my case I am using CentOS 5.4 and xend 3.0.3. After your xen dom-0 server is ready we need to install dom-u on it. First we will install dom-u using sparse (image)file. please follow steps listed below.
  1. Create sparse file using command
    #dd if=/dev/zero of=/home/xenvm01.img bs=1M count=1 seek=4096.
    I am considering that you have enough disk space in /home partition and you want to install a virtual machine under that partition. please use relevent partition as per your choice. After this command completes successfully, you will see a image file xenvm01.img
  2. Now we need to install virtual maching using this image file as disk. use
    #virt-install -p --name=xenvm01 --location=http://10.10.10.1/centos53/ --bridge=xenbr0 --ram=512 --file=/home/xenvm01.img -x "ks=http://10.10.10.1/xenvm01.ks?ip=10.10.10.11"
  3. After installation is completed, you will able to login to newly installed virtual machine.
    Configuration for this xen guest (dom-U) is stored in /etc/xen/ directory. my configuration file looks like.
      name = "xenvm01"
      uuid = "056a8eb9-c5e8-dc42-1f5a-a048d9a58f74"
      maxmem = 512
      memory = 512
      vcpus = 1
      bootloader = "/usr/bin/pygrub"
      on_poweroff = "destroy"
      on_reboot = "restart"
      on_crash = "restart"
      vfb = [ ]
      disk = [ "tap:aio:/home/xenvm01.img,xvda,w" ]
      vif = [ "mac=00:16:3e:1f:c3:a4,bridge=xenbr0" ]

    4. How to convert /migrate image based xen virtual machine (guest) to LVM based Guest

  4. To achieve this reult we need a volume group with free space not allocated to any logical volume. On my test system I've a volume group called "xenimg01" which has free space.
      [root@localhost ~]#vgdisplay
      --- Volume group ---
      VG Name xenimg01
      System ID
      Format lvm2
      Metadata Areas 1
      Metadata Sequence No 2
      VG Access read/write
      VG Status resizable
      MAX LV 0
      Cur LV 1
      Open LV 1
      Max PV 0
      Cur PV 1
      Act PV 1
      VG Size 50.00 GB
      PE Size 4.00 MB
      Total PE 12799
      Alloc PE / Size 3328 / 13.00 GB
      Free PE / Size 9471 / 37.00 GB
      VG UUID 5IZDY3-Vs4o-Zs26-p7sx-CaRk-8kdi-eX9fZC
    ... You can see from the above output that it has approximately 37 GB free. If you remember correctly , in our previous section we created an image disk of size 4 GB (4096 MB) to install guest OS. To convert that image based guest to LVM based disk we need logical volume with exactly same size .i.e 4 GB (4096 MB). lets create a logical volume now.
  5. [root@localhost ~]#lvcreate -L4096M -n lvmxen01 xenimg01.
    Logical volume "lvmxen01" created
    We don't need to format this logical volume. We will use it as raw disk to migrate / convert dom-u (guest) OS to it.
  6. Shutdown the dom-u we installed earlier.
      [root@localhost ~]#xm shutdown xenvm01
    After the xenvm01 virtual machine is donw completely you need to use command specified next to convert it to LVM based dom-U
  7. [root@localhost ~]#dd if=/home/xenvm01.img of=/dev/xenimg01/lvmxen01
    This process will take good amount of time. depending on resources available on server also. usually I have noticed it takes about 30 Minutes for image of 4GB.
  8. Once the command listed in above step completes successfully, we need to make a change in configuration file for dom-U. edit /etc/xen/xenvm01 file and change the disk parameter as mentioned below.
      name = "xenvm01"
      uuid = "056a8eb9-c5e8-dc42-1f5a-a048d9a58f74"
      maxmem = 512
      memory = 512
      vcpus = 1
      bootloader = "/usr/bin/pygrub"
      on_poweroff = "destroy"
      on_reboot = "restart"
      on_crash = "restart"
      vfb = [ ]
      disk = [ "phy:/dev/xenimg01/lvmxen01,xvda,w" ]
      vif = [ "mac=00:16:3e:1f:c3:a4,bridge=xenbr0" ]
    As specified disk value need to be changed from disk = [ "tap:aio:/home/xenvm01.img,xvda,w" ] to disk = [ "phy:/dev/xenimg01/lvmxen01,xvda,w" ]
  9. Now start the guest os with following command
    xm create -c xenvm01. This will start your dom-U guest from logical volume /dev/xenmg01/lvmxen01
    10. Hope this article will help lots of other people as it helped a lot to me.
Continue reading How to convert / migrate image based vm (guest / dom-U) to LVM based vm (virtual machine)-(Guest / dom-U) using xen.

BGP Essentials: Configuring Internal BGP Sessions

No comments

Internal BGP (IBGP) sessions (BGP sessions within your autonomous system) are identified by the neighbor’s AS number being identical to your AS number. While the external BGP (EBGP) sessions are usually established between directly-connected routers, IBGP sessions are expected to be configured across the network.

The current best practice is to configure IBGP sessions between the loopback interfaces of the BGP neighbors, ensuring that the TCP session between them (and the BGP adjacency using the TCP session) will not be disrupted after a physical link failure as long as there is an alternate path toward the adjacent router.

To configure IBGP session on a Cisco router, specify the neighbor’s loopback address in all neighbor commands and use the neighbor update-source command to specify the source IP address of the TCP session. Without the neighbor update-source configuration command, the TCP session will use the IP address of the outgoing physical interface and the neighbor will reject the incoming TCP SYN packet as it’s not coming from a recognized BGP neighbor.

The following table shows the configuration commands necessary to configure an IBGP session between loopback interfaces of two routers:

AS 11

AS 12

interface Loopback 0
ip address 10.0.0.1
!
router bgp 65001
neighbor 10.0.0.2 remote-as 65001

interface Loopback 0
ip address 10.0.0.2
!
router bgp 65001
neighbor 10.0.0.1 remote-as 65001
neighbor 10.0.0.1 update-source loopback 0

Continue reading BGP Essentials: Configuring Internal BGP Sessions
, ,

Inbound Rate Limiting on Cisco Catalyst Switches

No comments

Cisco Catalyst Switch Port Close-UpIf you need to limit the inbound bandwidth of a switch port on a Cisco Catalyst, the key is in the QoS configuration. Rather than going into an depth discussion of QoS and how it works, let’s skip that (check out Cisco’s QoS site for that level of detail) and jump into the configuration details. This particular configuration was done on a Cisco Catalyst 2960.

As I mentioned, the key is QoS. The first thing you need to do is globally enable QoS with the mls qos configuration command. Once this command is enabled, QoS is enabled on all ports with default settings.

Next, we’ll need an access-list to match traffic on. In this example, we are going to police all traffic coming through the switch port, so our access-list will match all IP addresses.

ip access-list extended ACL_SLAP
permit ip any any

A class map is necessary to classify our traffic. 

class-map match-all CLASS_SLAP
match access-group name ACL_SLAP

The policy map dictates what we want done to the traffic class previously defined. The police configuration command sets our rate limit in this example to 8 Mbps the a burst size of 100 KB. The burst size is the trickiest part of this command. If the burst is set too low, your traffic will not be able to approach the maximum allowed throughput do to packet drops.

Because TCP window scaling halves the window size for each dropped packet, it’s important to set the burst size at a level that doesn’t impact performance. The rule of thumb is that the burst size should be double the amount of traffic sent at the maximum rate at a given round-trip time. In this example, I assumed a round-trip time of 50 ms which results in a burst size of 100 KB.

policy-map POLICY_SLAP
class CLASS_SLAP
  police 8000000 100000 exceed-action drop

Finally, apply the policy-map to the switch port with the service-policy configuration command.

interface GigabitEthernet0/2
service-policy input POLICY_SLAP

And now you’re done. In our example, we configured a switch port to only allow inbound traffic at 8 Mbps. We won’t be able to truly max the 8 Mbps, but we should come close. I’ve created a full text example that should be ready to copy and paste.

Leave a comment and let me know how it goes for you.

Continue reading Inbound Rate Limiting on Cisco Catalyst Switches
, ,

How would you limit the bandwidth on a switch port?

No comments

Edit: this configuration doesn’t seem to be that simple, because it’s not working very well on my 3560 now.

Edit #2: It turns out everything works as stated, except for the minor fact that the command slows your interface down.

Go into interface configuration mode, on the port you are making changes on.

switch(config-if)#srr-queue bandwidth ?
limit Configure bandwidth-limit for this interface
shape Configure shaping on transmit queues
share Configure shared bandwidth

These is what the IOS help is showing; you can see that there are more options than merely limiting the bandwidth.

switch(config-if)#srr-queue bandwidth limit ?
<10-90> enter bandwidth limit for interface as percentage

The percentage value range that should be entered, ranging from 10 to 90. The default is 100.

Therefore, a workaround to limit the switch port’s speed to 5mbps would be to do the following instead:

switch(config-if)#speed 10

switch(config-if)#srr-queue bandwidth limit 50

*Remember that this will slow your interface down, as it’s reduced from a 100mbps interface to a 10mbps interface instead.

Continue reading How would you limit the bandwidth on a switch port?

Cisco Router Configuration Commands.(Basic)

No comments
Set a console password to cisco
Router(config)#line con 0
Router(config-line)#login
Router(config-line)#password cisco

Set a telnet password
Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password cisco

Stop console timing out
Router(config)#line con 0
Router(config-line)#exec-timeout 0 0

Set the enable password to cisco
Router(config)#enable password cisco

Set the enable secret password to peter.
This password overrides the enable password and is encypted within the config file
Router(config)#enable secret peter

Enable an interface
Router(config-if)#no shutdown

To disable an interface
Router(config-if)#shutdown

Set the clock rate for a router with a DCE cable to 64K
Router(config-if)clock rate 64000

Set a logical bandwidth assignment of 64K to the serial interface
Router(config-if)bandwidth 64
Note that the zeroes are not missing

To add an IP address to a interface
Router(config-if)#ip addr 10.1.1.1 255.255.255.0

To enable RIP on all 172.16.x.y interfaces
Router(config)#router rip
Router(config-router)#network 172.16.0.0

Disable RIP
Router(config)#no router rip

To enable IRGP with a AS of 200, to all interfaces
Router(config)#router igrp 200
Router(config-router)#network 172.16.0.0

Disable IGRP
Router(config)#no router igrp 200

Static route the remote network is 172.16.1.0, with a mask of 255.255.255.0, the next hop is 172.16.2.1, at a cost of 5 hops
Router(config)#ip route 172.16.1.0 255.255.255.0 172.16.2.1 5

Disable CDP for the whole router
Router(config)#no cdp run

Enable CDP for he whole router
Router(config)#cdp run

Disable CDP on an interface
Router(config-if)#no cdp enable
Continue reading Cisco Router Configuration Commands.(Basic)

How To Disable Windows Genuine Advantage Notification in 3 Simple Steps

No comments


--

Following three simple steps now you can get rid of the pesky and sometimes buggy Windows Genuine Advantage (WGA) notifications:

Step 1. Reboot Windows in safe mode (hold the f8 key while booting and you will get the option to boot in safe mode) and then:

Step 2. Open Registry Editor (regedit.exe) and search for wgalogon folder and delete it. You should backup up the registry beforehand, in case somethiong goes wrong.

Step 3. In your windows directory search for files wga* and delete them.

You are done!

Now reboot back normally and continue your work. Windows Genuine Advantage will not bother you anymore.

Warning: Use at your own risk. Backup everything before you do.

Continue reading How To Disable Windows Genuine Advantage Notification in 3 Simple Steps

Pin CPU core(s) to specific Xen domU (guest)

2 comments

It is often needed for a virtual machine to use specific cores of those available. On a multi-core system, one or more cores can be assigned for each virtual machine to improve performance. By default a virtual machine will use any available core. Assuming that there is a machine with 4 cores and a virtual machine needs to use two of them, the following entries in the guest’s configuration file will present the virtual machine with two virtual CPUs and will map them between the 3rd and the 4th physical cores.

cpus = "2,3"
vcpus = 2

A longer range, let’s say on a 8core machine, can be specified as “2-8″ for example.
Which CPU is used for each VCPU can be seen with the xm vcpu-list command:

# xm vcpu-list node1
Name                              ID VCPUs   CPU State   Time(s) CPU Affinity
node1                              4     0     2   -b-       1.9 2-3
node1                              4     1     3   -b-       2.8 2-3

If there’s no cpus definition in the config file, each VCPU will use any of the available physical ones. The following host is configured to have 4 VCPUS:

# xm vcpu-list node3
Name                              ID VCPUs   CPU State   Time(s) CPU Affinity
node3                              2     0     3   -b-       2.1 any cpu
node3                              2     1     0   -b-       1.2 any cpu
node3                              2     2     2   -b-       0.9 any cpu
node3                              2     3     1   -b-       2.9 any cpu

However, I noticed that Xen will assign different CPU to each VCPU at different times, and many times the same CPU will be mapped to more than one VCPUs:

# xm vcpu-list node2
Name                              ID VCPUs   CPU State   Time(s) CPU Affinity
node2                              8     0     2   -b-       4.1 0-2
node2                              8     1     1   -b-       1.6 0-2
node2                              8     2     1   -b-       1.5 0-2

Continue reading Pin CPU core(s) to specific Xen domU (guest)

Asterisk + ss7

1 comment
From last few days I am trying to set up Asterisk + SS7 with Sangoma A102 card on my Ubuntu 8.04 machine. This being my first time with Asterisk I was bit skeptical of things and was wondering if it will be smooth? Well, it wasn't really out-of-box, but it wasn't tough either. Here I will try to explain step-by-step of what I did, challenges I faced and solution for same.

First of all keep in mind that Zaptel module is now renamed to Dahdi. It really took some time for me to understand this and I was wondering if I need Zaptel or Dahdi. This might be very trivial for people who are into Asterisk, but for some one like me who has just started, especially after reading 'Asterisk - The future of Telephony' book where they always talk about Zaptel, it wasn't easy to make out that Dahdi is latest version of Zaptel. Follow the announcement here http://blogs.digium.com/2008/05/19/zaptel-project-being-renamed-to-dahdi/

To have Asterisk + SS7 you need following modules

  1. LibSS7
  2. Dahdi
  3. Asterisk

Even before you start on installation of these modules, there are few linux specific modules that needs to be installed in your machine.

#sudo apt-get install build-essential
#sudo apt-get install linux-headers-`uname -r`
#sudo apt-get install libssl-dev
#sudo apt-get install ncurses-dev
#sudo apt-get install libnewt-dev
#sudo apt-get install zlib1g-dev
#sudo apt-get install bison

In addition I also followed the packages explained in book 'Asterisk - The future of Telephony'. look at Table 3.1


LibSS7
Next download the source code for libss7 (this is still not available as binary). Remember you need to download the Branch 1.0 and *not* Trunk. Follow the forum entry http://archives.free.net.ph/message/20090331.150153.564445b6.en.html

Check out src code to your /usr/src svn co http://svn.digium.com/svn/libss7/branches/1.0/

Next call 'make' and then 'sudo make install'. Thats it! libss7 is installed.

Dahdi
Check out dahdi linux trunk src (there is also dahdi-tools) to /usr/src

svn co http://svn.digium.com/svn/dahdi/linux/trunk/

I renamed /usr/src/trunk to /usr/src/dahdi-trunk. But really it doesn't matter. Go to this dir and call 'make' and 'sudo make install' and your dahdi is installed

Dahdi Tools
Check out dahdi-tools trunk src to /usr/src

svn co http://svn.digium.com/svn/dahdi/tools/trunk/

Go to this dir call './configure' and 'make menuselect'. This will open up UI where you can select modules that you want. I just called 'Save & Exit'. Next call 'make' and 'sudo make install' This will install the dahdi tools for you.


Asterisk
Download the Asterisk 1.6.0.9 from http://downloads.digium.com/pub/asterisk/asterisk-1.6.0.9.tar.gz to /usr/src. Un-tar it and go to parent dir. Call './configure' You should see in console output that libss7 is selected. Call 'make menuselect'. In this under 'Channel Drivers' header you should see 'chan_dahdi' selected (* against it) This means libss7 is good! Just call 'Save & Exit'. Next execute 'make' command and then 'sudo make install'. If everything is good, Asterisk is installed for you!

So far we just talked about Asterisk side of the world. But for Asterisk to talk to your Sangoma Hardware you need to install the wanpipe drivers. I downloaded the beta version from Sangoma site and trying it out now. Will blog about Sangoma experience in next blog!


I also tried chan_ss7 instead of Asterisk libSS7 for Asterisk support of SS7, but realized chan_ss7 is not compatible with Asterisk 1.6.x.

Found a very good article on this and worth reading http://www.cesnet.cz/doc/techzpravy/2006/asterisk-ss7/asterisk-ss7.pdf


Stay Tunned!
Continue reading Asterisk + ss7