fryguypa

Archive for January, 2011|Monthly archive page

Cisco CallManager Express Setup for Home

In How To on January 30, 2011 at 22:28

This is just a quick post on how to setup CallManager Express for home using a Cisco 2800 series router.

The specs for this network are:

  • My home telephone number is 6105555555 (pretty cool, eh?  j/k – that is a fictitious number for this posting.)
  • Cisco PoE Capable Switch
  • Cisco 2811 Series Routers w/256 memory and 512 compact flash
  • VIC2-2FXO card for analog telephone in the house
  • VIC2-2FXS card for the connection to the Telephone Company
  • Cisco ASA 5500 Firewall for Internet connectivity
  • Cisco 7960G IP Phones
  • Cisco 7920 Wireless Phone
  • A few normal Analog phones around the house.
  • Hold music via multicast – BMG.wav
  • Web services hosted on berbee.com
  • CallManager Express v7.1

So, quick background on the FXO and FXS cards. These cards are what allow you to connect your router to the Telephone company for inbound/outbound calling or to an analog phone.  The FXS provides battery to (S)tuff, FXO points toward the Central (O)ffice (Thanks Tom for the analogy)

Below is an image that depicts the cards and their connections.

FXO and FXS Connections

 

Below is an image that represents a portion of my home network (yes, there is more like Wireless and other switches), but this will do for this posting.  I have a router connected to the PSTN (Public Switch Telephone Network), a Cisco ASA connected to the internet, an POTS (Plain Old Telephone Service) Analog phone hanging off the router, and assorted Cisco 7960G phones around the house with computers connected.  There are also two phones in the house with an Intercom function as well – this is used so we do not have to shout about between the floors when you need someone.  It is also good for listening in on the kids when they are either A) too quiet; or B) being loud and rambunctious.

Network Topology For Blog Post

 

So, lets get into the configuration.  This is an edited dump and only really showing the commands that deal with CallManager express

Red Configuration
Blue Commands
Green Notes

Here we define a hostname for the router.  This is purely arbitrary.
hostname FryGuyCCMExp

You need to specify your local timezone, this is where the time and date on the phones come from.
I did try UTC and such, but found you needed to put the router in the local time zone for it to all work.
clock timezone EDT -5
clock summer-time EST recurring

If you are running Music-on-hold (MOG), you will need to enable multicast
ip multicast-routing

Here the router has defined that we have a voice-card in slot 0 on the router
voice-card 0

This command will allow you to log all the calls received and made from your IPT network
gw-accounting syslog

Here we configure our interface that is on the network.  I am using a 192.168.0.9/24 for the router, have sparse-mode configured for the music-on-hold as well as an internal IPv6 network address.
interface FastEthernet0/0
ip address 192.168.0.9 255.255.255.0
ip pim sparse-mode
duplex auto
speed auto
ipv6 address FD9A:D51F:ABD9:0:192:168:0:9/64

This is the IP address of my firewall, I have both a default and a static route configured. This was done in case the router crashed and I needed generate a crashdump a file.
ip default-gateway 192.168.0.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1

This is actually the route to the installed Service Module engine.  I do have a Unity module installed, but I have not had the time to configure it.
ip route 192.168.0.8 255.255.255.255 Service-Engine1/0

Since we are running CallManager and such, we should enable HTTP services.  This is also how you share a global directory on the phones.
ip http server
ip http secure-server
ip http path flash:

Since we are running multicast, we should tell the router where the RP is

ip pim rp-address 192.168.0.9

Now, we need to device all the files that we need to have available via TFTP.  Many of these files are phone loads (SEP), Ringtones, Backgrounds, etc.  And yes, I do have some customer ring tones created on my CME 🙂
tftp-server flash:P00308000500.bin
tftp-server flash:P00405000700.bin
tftp-server flash:apps70.8-4-1-23.sbn
tftp-server flash:cnu70.8-4-1-23.sbn
tftp-server flash:cvm70sccp.8-4-1-23.sbn
tftp-server flash:dsp70.8-4-1-23.sbn
tftp-server flash:jar70sccp.8-4-1-23.sbn
tftp-server flash:SCCP70.8-4-2S.loads
tftp-server flash:term70.default.loads
tftp-server flash:term71.default.loads
tftp-server flash:RingList.xml
tftp-server flash:DistinctiveRingList.xml
tftp-server flash:Analog1.raw
tftp-server flash:Analog2.raw
tftp-server flash:AreYouThere.raw
tftp-server flash:AreYouThereF.raw
tftp-server flash:Bass.raw
tftp-server flash:CallBack.raw
tftp-server flash:Chime.raw
tftp-server flash:Classic1.raw
tftp-server flash:Classic2.raw
tftp-server flash:ClockShop.raw
tftp-server flash:Drums1.raw
tftp-server flash:Drums2.raw
tftp-server flash:FilmScore.raw
tftp-server flash:HarpSynth.raw
tftp-server flash:Jamaica.raw
tftp-server flash:KotoEffect.raw
tftp-server flash:MusicBox.raw
tftp-server flash:Piano1.raw
tftp-server flash:Piano2.raw
tftp-server flash:Pop.raw
tftp-server flash:Pulse1.raw
tftp-server flash:Ring1.raw
tftp-server flash:Ring2.raw
tftp-server flash:Ring3.raw
tftp-server flash:Ring4.raw
tftp-server flash:Ring5.raw
tftp-server flash:Ring6.raw
tftp-server flash:Ring7.raw
tftp-server flash:Sax1.raw
tftp-server flash:Sax2.raw
tftp-server flash:Vibe.raw
tftp-server flash:DeskTops/320x212x12/CampusNight.png
tftp-server flash:DeskTops/320x212x12/CiscoFountain.png
tftp-server flash:DeskTops/320x212x12/CiscoLogo.png
tftp-server flash:DeskTops/320x212x12/Fountain.png
tftp-server flash:DeskTops/320x212x12/List.xml
tftp-server flash:DeskTops/320x212x12/MorroRock.png
tftp-server flash:DeskTops/320x212x12/NantucketFlowers.png
tftp-server flash:DeskTops/320x212x12/TN-CampusNight.png
tftp-server flash:DeskTops/320x212x12/TN-CiscoFountain.png
tftp-server flash:DeskTops/320x212x12/TN-CiscoLogo.png
tftp-server flash:DeskTops/320x212x12/TN-Fountain.png
tftp-server flash:DeskTops/320x212x12/TN-MorroRock.png
tftp-server flash:DeskTops/320x212x12/TN-NantucketFlowers.png
tftp-server flash:DeskTops/320x212x16/CampusNight.png
tftp-server flash:DeskTops/320x212x16/CiscoFountain.png
tftp-server flash:DeskTops/320x212x16/CiscoLogo.png
tftp-server flash:DeskTops/320x212x16/Fountain.png
tftp-server flash:DeskTops/320x212x16/List.xml
tftp-server flash:DeskTops/320x212x16/MorroRock.png
tftp-server flash:DeskTops/320x212x16/NantucketFlowers.png
tftp-server flash:DeskTops/320x212x16/TN-CampusNight.png
tftp-server flash:DeskTops/320x212x16/TN-CiscoFountain.png
tftp-server flash:DeskTops/320x212x16/TN-CiscoLogo.png
tftp-server flash:DeskTops/320x212x16/TN-Fountain.png
tftp-server flash:DeskTops/320x212x16/TN-MorroRock.png
tftp-server flash:DeskTops/320x212x16/TN-NantucketFlowers.png
tftp-server flash:cvm70sccp.8-5-3TH1-6.sbn
tftp-server flash:dsp70.8-5-3TH1-6.sbn
tftp-server flash:jar70sccp.8-5-3TH1-6.sbn
tftp-server flash:SCCP70.8-5-3S.loads
tftp-server flash:apps70.8-5-3TH1-6.sbn
tftp-server flash:cnu70.8-5-3TH1-6.sbn
tftp-server flash:YoHo.ray
tftp-server flash:TikiRoom.raw
tftp-server flash:YoHo.raw
tftp-server flash:SmallWorld.raw
tftp-server flash:CTU_Final.raw
tftp-server flash:P00503010100.bin
tftp-server flash:cmterm_7920.bin

Now we can configured the FXO card to forward inbound calls into the network. the PLAR (Private-Line Automatic Ringdown) command with OPX (off-premise extenstion) is necessary in order to forward the call with your home telephone number to CallManager.  When using this for home, the telephone company does not send any digits to the house (ie no DID), so you need to inject them into the call.
voice-port 0/2/0
connection plar opx 6105555555
description POTS line from Telco
caller-id enable

This is another FXO card port, no configuration here as I do not have anything connected
voice-port 0/2/1

This configuration is for an Analog phone with the extension of 1009 connected.   The FXS port is able to power the phone just like it was connected into a wall-jack
voice-port 0/3/0
description [—-[ Jeff’s Desk ]—-]
station-id number 1009
caller-id enable

There is nothing connected to this port right now, so no config.  But I could easily add another analog phone (fax?) if I chose to.
voice-port 0/3/1

Now we are getting into the meat-and potatoes of the CallManager express – Dial-peers!
This dial-peer (voice 2) is for out-bound dialing of a 10-digit number that begins with 2-9, and is then followed by anything ( . is the wildcard)
If matched, the router will forward all digits out on port 0/2/0 – that is the FXS card – to the PSTN
dial-peer voice 2 pots
destination-pattern [2-9]………
port 0/2/0
forward-digits all

This is a similair dial-peer, but instead will look for a 11-digit number, starting with 1, then 2-9, then 9-digit wildcard.
Again, forwarding all digits out port 0/2/0 (PSTN)
dial-peer voice 3 pots
destination-pattern 1[2-9]………
port 0/2/0
forward-digits all

This dial-peer is looking for 1009 to be dialed and then will forward it out on port 0/3/0 to an analog phone.
dial-peer voice 4 pots
destination-pattern 1009
port 0/3/0
forward-digits 0

Now for the CallManager express configuration.  To enable CME, you need to enable telephone-service
telephony-service

Lets specify what the max-phones and directory numbers (DN) we want to support is
max-ephones 25
max-dn 99

This is the IP address for the CallManager – Port 2000 is the SCCP (skinny) default port.  Here I have also specified the QoS as well as the inter-digit timeout (time between digits before dialing)
ip source-address 192.168.0.9 port 2000
ip qos dscp af31 signal
timeouts interdigit 2

This is the message that is displayed on the telephone
system message Fry Family IP Telephony

Now to setup the Services button to host information.  Here I am using free information from Berbee.com (James?)  Also included is an image of the menu that you receive with these services.
url services http://phone-xml.berbee.com/menu.xml

This is where we specify the images for the phonesI have loads for a 7920, 7940-7960, as well as the 7970 color phone.
load 7920 flash:cmterm_7920.bin
load 7960-7940 P00308000500
load 7970 term70.default.loads

This is where you set what Time-Zone you are in.  You can hit ? here to see what other options there are.  12 is EST
time-zone 12

This is the dialplan pattern for my house, I am using the last-4 to identify extension.  Really do not think I am using this part of the config anymore though.
dialplan-pattern 1 6105555555 extension-length 4 extension-pattern 5555

Conference information if I need to add in another line
max-conferences 8 gain -6

This is my hold-music and the associated multi-cast information.  I am using port 2000 here as well as it is used for the normal RTP media between ip phones and the router.
moh flash:/BMG.wav
multicast moh 239.10.16.4 port 2000

This is the web account to access the CME via the url ( in this case https://192.168.0.9/Telephony_service.html )

web admin system name admin password cisco
dn-webedit
time-webedit

This allows me to transfer calls with full-consulatation (ie warn the other party)
transfer-system full-consult

This is to block certain dial-patterns.  Here I block 1-900, 1010, and 011 calls 7 days a week 24 hours a day.
after-hours block pattern 1 1900 7-24
after-hours block pattern 2 1010 7-24
after-hours block pattern 3 011 7-24

This is my phone directory.  If you use the directory listing on the phone, these are the listings that are available.
directory entry 1 16105551234 name Jeff Cell Phone
directory entry 2 6105552345 name Jeff Work
directory entry 3 6105553456 name Grammy
directory entry 4 6105554567 name Grandma Fry Home
directory entry 5 6105555678 name Grandma Fry Cell

This is used to create the config files for the phones (7960)
create cnf-files version-stamp 7960 Jan 11 2010 18:03:45

Now we can start to configured the phone extensions and their associated names:
ephone-dn  1  dual-line
number 1002
label 1002
name Playroom
!
ephone-dn  2  dual-line
number 1001
label 1001
name Master Bedroom

On this DN I have it set to ring for call waiting, I believe that the default is BEEP
ephone-dn  3  dual-line
call-waiting ring
number 1005
label 1005
name Jeff’s Desk
!
ephone-dn  4
number 1010
label 1010
name Computer Rack
!
ephone-dn  5
number 1011
label 1011
!
ephone-dn  6
number 1050
label 1050
name Wireless

This DN is the main house line
ephone-dn  25  dual-line
number 6105555555
label Home Phone

This is one of the Intercom lines (Extension 1998). This is what we use between floors as an intercom.
ephone-dn  98
number 1998
label Intercom
name Jeff Desk Intercom
intercom 1999 barge-in no-mute

And this is the other Intercom line that we have upstairs
ephone-dn  99
number 1999
label Intercom
name PlayRoom Intercom
intercom 1998 no-mute

Now here we start to configure the phones.  We have a local meaningful description, the associated MAC address, Speed-Dials buttons as well as associated buttons for calls.
The button 1:1 means – Line 1, ephone-dn 1(extension 1002) — 2:25 is button 2 ephone-dn 25 (main house number) — 3:99 is button ephone 99 (Intercom 1999)
ephone  1
device-security-mode none
description Playroom Phone
mac-address 000D.BC50.E06D
speed-dial 1 1001 label “Master Bedroom”
speed-dial 2 1006 label “Basement Computer”
speed-dial 3 1002 label “Playroom”
button  1:1 2:25 3:99
!
!
ephone  2
device-security-mode none
mac-address 000E.8349.CD0E
speed-dial 1 1002 label “Playroom”
speed-dial 2 1006 label “Basement Computer”
button  1:2 2:25
!
ephone  3
device-security-mode none
mac-address 0012.01E8.73C7
speed-dial 1 1001 label “Master Bedroom”
speed-dial 2 1002 label “Playroom”
speed-dial 3 1006 label “Basement Computer”
type 7960
button  1:3 2:25 3:98
!
ephone  4
device-security-mode none
mac-address 0012.008F.A1B5
speed-dial 1 1001 label “Master Bedroom”
speed-dial 2 1002 label “Playroom”
type 7960
button  1:4 2:25
!
ephone  5
device-security-mode none
mac-address 0012.01B3.5843
speed-dial 1 1001 label “Master Bedroom”
speed-dial 2 1002 label “Playroom”
speed-dial 3 1006 label “Basement Computer”
type 7960
button  1:5 2:25

This phone, ehpone 6, was an old wireless Cisco phone that we had.    The battery went bad  – but you can use the Cisco wireless with this setup as well.
ephone  6
device-security-mode none
mac-address 000D.282E.8F2A
max-calls-per-button 2
type 7920
auto-line incoming
button  2:6 3:25

The remaining part here is my NTP configuration.  A good NTP setup will keep the phone date/time correct.
ntp source FastEthernet0/0
ntp master
ntp update-calendar
ntp server 209.81.9.7
ntp server 128.2.129.21
ntp server 204.152.184.72
ntp server 216.218.192.202
ntp server 192.5.41.209 prefer

-END OF LINE

Now more on the gw-accounting syslog command.  It is a great to monitor call-history and such in the router log file, or to an external syslog.  I can see who has called me or who we have called.  This is also a good way to record call history for FCC purposes if ever needed.  The two numbers in this log are 6105555555 and 4845551212.

FryGuyCCMExp#sh log
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)

No Active Message Discriminator.

No Inactive Message Discriminator.

Console logging: disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging:  level debugging, 4498 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled

No active filter modules.

ESM: 0 messages dropped

Trap logging: level informational, 4033 message lines logged

Log Buffer (25000 bytes):
Jan 30 23:31:06.359: %VOIPAAA-5-VOIP_CALL_HISTORY: CallLegType 1, ConnectionId D75804FF2BFF11E093568DA073AA0AE2, SetupTime 18:31:05.069 EDT Sun Jan 30 2011, PeerAddress 1005, PeerSubAddress , DisconnectCause 10  , DisconnectText normal call clearing (16), ConnectTime 18:31:06.359 EDT Sun Jan 30 2011, DisconnectTime 18:31:06.359 EDT Sun Jan 30 2011, CallOrigin 2, ChargedUnits 0, InfoType 2, TransmitPackets 0, TransmitBytes 0, ReceivePackets 0, ReceiveBytes 0
Jan 30 23:31:06.359: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:01/30/2011 18:31:05.067,cgn:1005,cdn:,frs:0,fid:1875,fcid:D75804FF2BFF11E093568DA073AA0AE2,legID:73F,bguid:D75804FF2BFF11E093568DA073AA0AE2
Jan 30 23:31:10.212: %VOIPAAA-5-VOIP_CALL_HISTORY: CallLegType 1, ConnectionId D828260B2BFF11E0935A8DA073AA0AE2, SetupTime 18:31:06.452 EDT Sun Jan 30 2011, PeerAddress 6105555555, PeerSubAddress , DisconnectCause 10  , DisconnectText normal call clearing (16), ConnectTime 18:31:07.612 EDT Sun Jan 30 2011, DisconnectTime 18:31:10.192 EDT Sun Jan 30 2011, CallOrigin 1, ChargedUnits 0, InfoType 2, TransmitPackets 0, TransmitBytes 0, ReceivePackets 121, ReceiveBytes 19360
Jan 30 23:31:10.212: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:01/30/2011 18:31:06.439,cgn:4845551212,cdn:6105551212,frs:0,fid:1877,fcid:D828260B2BFF11E0935A8DA073AA0AE2,legID:741,bguid:D828260B2BFF11E0935A8DA073AA0AE2
Jan 30 23:31:10.228: %VOIPAAA-5-VOIP_CALL_HISTORY: CallLegType 1, ConnectionId D828260B2BFF11E0935A8DA073AA0AE2, SetupTime 18:31:06.438 EDT Sun Jan 30 2011, PeerAddress 484551212, PeerSubAddress , DisconnectCause 10  , DisconnectText normal call clearing (16), ConnectTime 18:31:07.638 EDT Sun Jan 30 2011, DisconnectTime 18:31:10.228 EDT Sun Jan 30 2011, CallOrigin 2, ChargedUnits 0, InfoType 2, TransmitPackets 121, TransmitBytes 20328, ReceivePackets 127, ReceiveBytes 20320
Jan 30 23:31:10.228: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:01/30/2011 18:31:06.431,cgn:48455512121,cdn:6105551212,frs:0,fid:1876,fcid:D828260B2BFF11E0935A8DA073AA0AE2,legID:740,bguid:D828260B2BFF11E0935A8DA073AA0AE2
Jan 30 23:34:15.310: %VOIPAAA-5-VOIP_CALL_HISTORY: CallLegType 1, ConnectionId 424A46052C0011E0935F8DA073AA0AE2, SetupTime 18:34:04.520 EDT Sun Jan 30 2011, PeerAddress 6105555555, PeerSubAddress , DisconnectCause 10  , DisconnectText normal call clearing (16), ConnectTime 18:34:05.690 EDT Sun Jan 30 2011, DisconnectTime 18:34:15.300 EDT Sun Jan 30 2011, CallOrigin 1, ChargedUnits 0, InfoType 2, TransmitPackets 0, TransmitBytes 0, ReceivePackets 465, ReceiveBytes 74400
Jan 30 23:34:15.310: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:RESUME,ft:01/30/2011 18:34:14.746,frs:0,fid:1883,fcid:48673BBD2C0011E093658DA073AA0AE2,legID:743,hrson:0,holding:6105555555,held:4845551212,sl:1,usr:,tag:3,bguid:424A46052C0011E0935F8DA073AA0AE2
Jan 30 23:34:15.310: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:HOLD,ft:01/30/2011 18:34:07.854,frs:0,fid:1880,fcid:444B95432C0011E093648DA073AA0AE2,legID:743,hrson:1,holding:6105555555,held:4845551212,sl:1,usr:,tag:3,bguid:424A46052C0011E0935F8DA073AA0AE2
Jan 30 23:34:15.310: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:01/30/2011 18:34:04.502,cgn:4845551212,cdn:6105551212,frs:0,fid:1879,fcid:424A46052C0011E0935F8DA073AA0AE2,legID:743,bguid:424A46052C0011E0935F8DA073AA0AE2
Jan 30 23:34:15.330: %VOIPAAA-5-VOIP_CALL_HISTORY: CallLegType 1, ConnectionId 424A46052C0011E0935F8DA073AA0AE2, SetupTime 18:34:04.500 EDT Sun Jan 30 2011, PeerAddress 4845551212, PeerSubAddress , DisconnectCause 10  , DisconnectText normal call clearing (16), ConnectTime 18:34:05.710 EDT Sun Jan 30 2011, DisconnectTime 18:34:15.330 EDT Sun Jan 30 2011, CallOrigin 2, ChargedUnits 0, InfoType 2, TransmitPackets 465, TransmitBytes 78120, ReceivePackets 478, ReceiveBytes 76480
Jan 30 23:34:15.330: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:RESUME,ft:01/30/2011 18:34:14.746,frs:0,fid:1883,fcid:48673BBD2C0011E093658DA073AA0AE2,legID:742,hrson:0,holding:6105551212,held:4845551212,sl:1,usr:,tag:3,bguid:424A46052C0011E0935F8DA073AA0AE2
Jan 30 23:34:15.330: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:HOLD,ft:01/30/2011 18:34:07.854,frs:0,fid:1880,fcid:444B95432C0011E093648DA073AA0AE2,legID:742,hrson:1,holding:6105551212,held:4845551212,sl:1,usr:,tag:3,bguid:424A46052C0011E0935F8DA073AA0AE2
Jan 30 23:34:15.330: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:01/30/2011 18:34:04.494,cgn:4845551212,cdn:6105555555,frs:0,fid:1878,fcid:424A46052C0011E0935F8DA073AA0AE2,legID:742,bguid:424A46052C0011E0935F8DA073AA0AE2

Now, if you want to see what calls have occurred over the past 5 or so minutes, you can also use the show call history voice brief command.  The output in this command shows the extenstion that answered (1005), the incoming call (6105555) and the number that called (4845551212).

FryGuyCCMExp#sh call hist voi br
<ID>: <CallID> <start>ms.<index> +<connect> +<disc> pid:<peer_id> <direction> <addr>
dur hh:mm:ss tx:<packets>/<bytes> rx:<packets>/<bytes> <disc-cause>(<text>)
IP <ip>:<udp> rtt:<time>ms pl:<play>/<gap>ms lost:<lost>/<early>/<late>
delay:<last>/<min>/<max>ms <codec>

media inactive detected:<y/n> media cntrl rcvd:<y/n> timestamp:<time>

long duration call detected:<y/n> long duration call duration :<sec> timestamp:<time>
MODEMPASS <method> buf:<fills>/<drains> loss <overall%> <multipkt>/<corrected>
last <buf event time>s dur:<Min>/<Max>s
FR <protocol> [int dlci cid] vad:<y/n> dtmf:<y/n> seq:<y/n>
<codec> (payload size)
ATM <protocol> [int vpi/vci cid] vad:<y/n> dtmf:<y/n> seq:<y/n>
<codec> (payload size)
Telephony <int> (callID) [channel_id] tx:<tot>/<voice>/<fax>ms <codec> noise:<lvl>dBm acom:<lvl>dBm
MODEMRELAY info:<rcvd>/<sent>/<resent> xid:<rcvd>/<sent> total:<rcvd>/<sent>/<drops> disc:<cause code>
speeds(bps): local <rx>/<tx> remote <rx>/<tx>
Proxy <ip>:<audio udp>,<video udp>,<tcp0>,<tcp1>,<tcp2>,<tcp3> endpt: <type>/<manf>
bw: <req>/<act> codec: <audio>/<video>
tx: <audio pkts>/<audio bytes>,<video pkts>/<video bytes>,<t120 pkts>/<t120 bytes>
rx: <audio pkts>/<audio bytes>,<video pkts>/<video bytes>,<t120 pkts>/<t120 bytes>

Telephony call-legs: 3
SIP call-legs: 0
H323 call-legs: 0
Call agent controlled call-legs: 0
Total call-legs: 3
2536 : 1855 -838053734ms.1855 +-1 +1290 pid:20003 Answer 1005
dur 00:00:00 tx:0/0 rx:0/0 10  (normal call clearing (16))
Telephony 50/0/3 (1855) [50/0/3.0] tx:0/0/0ms None noise:0dBm acom:0dBm
long duration call detected:n long dur callduration :n/a timestamp:n/a

253A : 1857 -838052344ms.1856 +1160 +3740 pid:20007 Originate 6105555555
dur 00:00:02 tx:0/0 rx:121/19360 10  (normal call clearing (16))
Telephony 50/0/25 (1857) [50/0/25.0] tx:2440/2440/0ms g711ulaw noise:0dBm acom:0dBm
long duration call detected:n long dur callduration :n/a timestamp:n/a

253A : 1856 -838052364ms.1857 +1200 +3790 pid:2 Answer 4845551212
dur 00:00:02 tx:121/20328 rx:127/20320 10  (normal call clearing (16))
Telephony 0/2/0 (1856) [0/2/0] tx:2560/2560/0ms g711ulaw noise:-60dBm acom:6dBm
long duration call detected:n long dur callduration :n/a timestamp:n/a

FryGuyCCMExp#

Now, there is also a GUI to the CallManager express – on my router the URL is  https://192.168.0.9/Telephony_service.html .  From what I can tell, you can do quite a bit from here as well.  To be honest though, I do not think that I have every really used this feature.

Advertisements

Using a Cisco Device as a TFTP Server

In How To, Uncategorized on January 26, 2011 at 08:00

The other day I mentioned about using a router as a TFTP server to upgrade other devices.  Since I did mention that, it makes sense to post on how to use a router for this functionality.

Have you ever need to upgrade the IOS on a remote device?  Happened to have more then one of those at a remote site? Have multiple devices at a site to upgrade?  I am sure we have all been there at one time or another with one or all of these scenarios.  Most of us tend to pre-load the code on the devices in preparation for the upgrade, but what happens when you have insufficient space on the device you need to upgrade?  Typically that means performing the IOS transfer when you are doing the upgrade and not before – that is usually during sleeping hours and not business hours.

What happens if you could A) send a USB drive to the site and have someone plug it in or B) Copy the files necessary to another device and use that to copy the files from?  Both of these sound much better then having to upload code in the middle of the night.  Well, but configuring your router to act as a TFTP server, you might allow yourself some sleep time instead of watching the !!!!! – and the occasional 000 – go across the screen.

For this blog, lets use this topology:

Network Topology

R1 will be configured as the TFTP server and host files for SW1 and R2 and the network we will be using is 100.100.100.0/24.  For the blog, I will only demonstrate on R2, but since the Switch is IOS, the commands are the same.

Router/Switch Output
Commands
Notes

On R1, lets configure the G0/0 interface on this router (its a 3800 series)

FryGuyR1(config)#int g0/0
FryGuyR1(config-if)#ip add 100.100.100.1 255.255.255.0
FryGuyR1(config-if)#no shut
FryGuyR1(config-if)#^Z
FryGuyR1#sh int g0/0 | inc up
GigabitEthernet0/0 is up, line protocol is up
Full-duplex, 100Mb/s, media type is RJ45
FryGuyR1#

Ok, onto Sw1 (VLAN 100 for this example)

FryGuyBlog-SW1(config)#vlan 100
FryGuyBlog-SW1(config-vlan)#name BlogVlan
FryGuyBlog-SW1(config-vlan)#exit
FryGuyBlog-SW1(config)#spanning-tree vl 100 roo pri
FryGuyBlog- SW1(config)#int vlan 100
FryGuyBlog-SW1(config-if)#ip add 100.100.100.10 255.255.255.0
FryGuyBlog-SW1(config-if)#no shut
FryGuyBlog-SW1(config-if)#int f0/1
FryGuyBlog-SW1(config-if)#sw mo ac
FryGuyBlog-SW1(config-if)#sw ac vl 100
FryGuyBlog-SW1(config-if)#int f0/2
FryGuyBlog-SW1(config-if)#sw mo ac
FryGuyBlog-SW1(config-if)#sw ac vl 100
FryGuyBlog-SW1(config-if)#^Z
FryGuyBlog-SW1#

Now onto R2

FryGuyBlogR2(config)#int g0/0
FryGuyBlogR2(config-if)#ip add 100.100.100.2 255.255.255.0
FryGuyBlogR2(config-if)#no shut
FryGuyBlogR2(config-if)#^Z
FryGuyBlogR2#

Now, lets use R1 to ping SW1 and R2 to test connectivity

FryGuyR1#ping 100.100.100.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
FryGuyR1#ping 100.100.100.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
FryGuyR1#

Good there!
Now lets copy some IOS to R1 from a remote computer at 100.100.100.25

FryGuyR1#copy tftp flash:
Address or name of remote host []? 100.100.100.25
Source filename []? c3550-ipservicesk9-mz.122-25.SEE.bin
Destination filename [c3550-ipservicesk9-mz.122-25.SEE.bin]?
Accessing tftp://100.100.100.10/c3550-ipservicesk9-mz.122-25.SEE.bin…
Loading c3550-ipservicesk9-mz.122-25.SEE.bin from 100.100.100.10 (via GigabitEthernet0/0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK – 7131928 bytes]

7131928 bytes copied in 31.452 secs (226756 bytes/sec)
FryGuyR1#

Note: on some platforms the system check to see if the image being copied is a valid executable for that system. If it is not, it will present a warning asking if you want to abort.  Just enter N and the image will copy.

FryGuyR3#copy tftp flash:
Address or name of remote host []? 100.100.100.1
Source filename []? c3845-advipservicesk9-mz.124-17b.bin
Destination filename [c3845-advipservicesk9-mz.124-17b.bin]?
Accessing tftp://100.100.100.1/c3845-advipservicesk9-mz.124-17b.bin…
%Warning: File not a valid executable for this system
Abort Copy? [confirm]N
Loading c3550-ipservicesk9-mz.122-25.SEE.bin from 100.100.100.10 (via FastEthernet0/0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK – 7131928 bytes]

So now that we have that file on R1, lets look at the flash and see what files are there:

FryGuyR1#dir
Directory of flash:/

1  -rw-    38906040   Apr 3 2008 19:07:08 +00:00  c3845-advipservicesk9-mz.124-17b.bin
2  -rw-     7131928  Jan 25 2011 04:11:56 +00:00  c3550-ipservicesk9-mz.122-25.SEE.bin

64012288 bytes total (7311360 bytes free)
FryGuyR1#

Ok, we have two IOS images in FLASH.  One for this router and another for a 3550 switch.
Next, lets configure R1 as a TFTP server to server these files out.

FryGuyR1(config)#tftp-server flash:c3550-ipservicesk9-mz.122-25.SEE.bin
FryGuyR1(config)#tftp-server flash:c3845-advipservicesk9-mz.124-17b.bin
FryGuyR1(config)# ^Z
FryGuyR1#

Note: If we had a USB drive, the you would use USBx (where X=usb slot) instead of flash

Now, lets test this out.  First, lets enable some TFTP debugs to make sure this is working
FryGuyR1#debug tftp events
TFTP Event debugging is on
FryGuyR1#

Now, lets initiate the transfer from R2

FryGuyBlogR2#copy tftp flash
Address or name of remote host []? 100.100.100.1
Source filename []? c3845-advipservicesk9-mz.124-17b.bin
Destination filename [c3845-advipservicesk9-mz.124-17b.bin]?
Accessing tftp://100.100.100.1/c3845-advipservicesk9-mz.124-17b.bin…
Loading c3845-advipservicesk9-mz.124-17b.bin from 100.100.100.1 (via GigabitEthernet0/0):
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK – 38906040 bytes]

FryGuyBlogR2#dir
Directory of flash:/

1  -rw-    38906040  Jan 25 2011 04:09:32 +00:00  c3845-advipservicesk9-mz.124-17b.bin

Great, file copied.  Now lets look at the debug output on R1 to see what is said.

FryGuyR1#debug tftp events
TFTP Event debugging is on
FryGuyR1#
*Jan 25 04:21:35.759: TFTP: Looking for c3845-advipservicesk9-mz.124-17b.bin
*Jan 25 04:21:35.927: TFTP: Opened flash:c3845-advipservicesk9-mz.124-17b.bin, fd 0, size 38906040 for process 97
*Jan 25 04:21:35.935: TFTP: Finished flash:c3845-advipservicesk9-mz.124-17b.bin, time 00:00:00 for process 97
*Jan 25 04:21:35.939: TFTP: Looking for c3845-advipservicesk9-mz.124-17b.bin
*Jan 25 04:21:36.107: TFTP: Opened flash:c3845-advipservicesk9-mz.124-17b.bin, fd 0, size 38906040 for process 97
*Jan 25 04:21:36.107: TFTP: Looking for c3845-advipservicesk9-mz.124-17b.bin
*Jan 25 04:21:36.275: TFTP: Opened flash:c3845-advipservicesk9-mz.124-17b.bin, fd 1, size 38906040 for process 239
*Jan 25 04:21:36.283: TFTP: Finished flash:c3845-advipservicesk9-mz.124-17b.bin, time 00:00:00 for process 239
*Jan 25 04:21:36.283: TFTP: Looking for c3845-advipservicesk9-mz.124-17b.bin
*Jan 25 04:21:36.451: TFTP: Opened flash:c3845-advipservicesk9-mz.124-17b.bin, fd 1, size 38906040 for process 239
*Jan 25 04:21:36.479: TFTP: Finished flash:c3845-advipservicesk9-mz.124-17b.bin, time 00:00:00 for process 239
*Jan 25 04:21:37.475: TFTP: Finished flash:c3845-advipservicesk9-mz.124-17b.bin, time 00:00:01 for process 97
*Jan 25 04:21:38.475: TFTP: Looking for c3845-advipservicesk9-mz.124-17b.bin
*Jan 25 04:21:38.643: TFTP: Opened flash:c3845-advipservicesk9-mz.124-17b.bin, fd 0, size 38906040 for process 97
*Jan 25 04:21:38.651: TFTP: Finished flash:c3845-advipservicesk9-mz.124-17b.bin, time 00:00:00 for process 97
*Jan 25 04:21:38.819: TFTP: Looking for c3845-advipservicesk9-mz.124-17b.bin
*Jan 25 04:21:38.987: TFTP: Opened flash:c3845-advipservicesk9-mz.124-17b.bin, fd 0, size 38906040 for process 97!
FryGuyR1#

As you can see, R1 showed the TFTP connections coming from R2 requesting the file.  This is a way to make sure you TFTP server is working, but then again if the copy was not you would probably know that.

Yet what is good about he debug, if you are working with someone else and they are having problems, you will see what file name they are looking for in the debug output:

*Jan 25 04:28:49.387: TFTP: Looking for asdfasdf

Now, if you are wondering why there are so many of the same entries in the log, to be honest I do not know.  What I suspect is that the receiving device is downloading the headers to see if is a valid IOS image.  I did a debug tftp packet and you can see part of the output here that shows part of the file was downloaded and stopped. I DO NOT recommend running this debug on a production router!
FryGuyR1#debug tftp packets
TFTP Packet debugging is on
FryGuyR1#
*Jan 25 04:36:36.639: TFTP: Server request for port 57088, socket_id 0x659592E4 for process 97
*Jan 25 04:36:36.639: TFTP: read request from host 100.100.100.2(57088) via GigabitEthernet0/0
*Jan 25 04:36:36.639: TFTP: Looking for c3845-advipservicesk9-mz.124-17b.bin
*Jan 25 04:36:36.807: TFTP: Opened flash:c3845-advipservicesk9-mz.124-17b.bin, fd 0, size 38906040 for process 97
*Jan 25 04:36:36.807: TFTP: Sending block 1 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.807: TFTP: Received ACK for block 1, socket_id 0x659592E4
*Jan 25 04:36:36.807: TFTP: Sending block 2 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.807: TFTP: Received ACK for block 2, socket_id 0x659592E4
*Jan 25 04:36:36.807: TFTP: Sending block 3 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Received ACK for block 3, socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Sending block 4 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Received ACK for block 4, socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Sending block 5 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Received ACK for block 5, socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Sending block 6 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Received ACK for block 6, socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Sending block 7 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Received ACK for block 7, socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Sending block 8 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Received ACK for block 8, socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: Sending block 9 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.811: TFTP: error code 0 received – 21349

*Jan 25 04:36:36.811: TFTP: Finished flash:c3845-advipservicesk9-mz.124-17b.bin, time 00:00:00 for process 97
*Jan 25 04:36:36.815: TFTP: Server request for port 52041, socket_id 0x659592E4 for process 97
*Jan 25 04:36:36.815: TFTP: read request from host 100.100.100.2(52041) via GigabitEthernet0/0
*Jan 25 04:36:36.815: TFTP: Looking for c3845-advipservicesk9-mz.124-17b.bin
*Jan 25 04:36:36.983: TFTP: Opened flash:c3845-advipservicesk9-mz.124-17b.bin, fd 0, size 38906040 for process 97
*Jan 25 04:36:36.983: TFTP: Sending block 1 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.991: TFTP: Received ACK for block 1, socket_id 0x659592E4
*Jan 25 04:36:36.991: TFTP: Sending block 2 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.991: TFTP: Received ACK for block 2, socket_id 0x659592E4
*Jan 25 04:36:36.991: TFTP: Sending block 3 (retry 0), socket_id 0x659592E4
*Jan 25 04:36:36.991: TFTP: Server request for port 53752, socket_id 0x66358420 for process 239
*Jan 25 04:36:36.991: TFTP: read request from host 100.100.100.2(53752) via GigabitEthernet0/0
*Jan 25 04:36:36.991: TFTP: Looking for c3845-advipservicesk9-mz.124-17b.bin
*Jan 25 04:36:37.159: TFTP: Opened flash:c3845-advipservicesk9-mz.124-17b.bin, ACK for block 6, socket_id 0x66358420
*Jan 25 04:36:37.163: TFTP: Sending block 7 (retry 0), socket_id 0x66358420
*Jan 25 04:36:37.163: TFTP: Received ACK for block 7, socket_id 0x66358420 fd 1, size 38906040 for process 239
*Jan 25 04:36:37.159: TFTP: Sending blo
*Jan 25 04:36:37.163: TFTP: Sending block 8 (retry 0), socket_id 0x66358420
*Jan 25 04:36:37.163: TFTP: Received ACK for block 8, socket_id 0x66358420
*Jan 25 04:36:37.163: TFTP: Sending block 9 (retry 0), socket_id 0x66358420
*Jan 25 04:36:37.163: TFTP: error code 0 received – 21349

Nexus 7000 and the Show Tech command (gzip too)

In How To, Nexus on January 25, 2011 at 08:18

Recently I have experience some interesting first-level support from our Cisco VAR.  They are not too familiar with the Nexus 7000 and insisted on us sending them a SHOW TECH from the switch.  If you are not familiar with a Nexus 7000, let me tell you – the show tech from this box can be over 100 Megs!  So, when they asked for that I was like – are you sure?  really really sure? I just have to say – thank you DropBox and public folders!  I used DropBox place the file and then send the support the public link.  Not sure that most e-mail systems would appreciate that large of a file!

So, if the Show Tech Support is so big, how do you get the information that support needs?  Well, instead of running a complete show tech, you run it for the sections you need!

Here is a list of what you can append to a Show Tech-Support command: (show tech-support option)

N7K1-CoreSwitch1# sh tech-support ?
<CR>
>               Redirect it to a file
>>              Redirect it to a file in append mode
aaa             Display aaa information
aclmgr          ACL commands
adjmgr          Display Adjmgr information
arp             Display ARP information
ascii-cfg       Show ascii-cfg information for technical support personnel
assoc_mgr       Gather detailed information for assoc_mgr troubleshooting
bgp             Display BGP status and configuration
bootvar         Gather detailed information for bootvar troubleshooting
brief           Display the switch summary
callhome        Callhome troubleshooting information
cdp             Gather information for CDP trouble shooting
cert-enroll     Display certificates information
cfs             Gather detailed information for cfs troubleshooting
cli             Gather information for parser troubleshooting
clis            Gather information for CLI Server troubleshooting
commands        Show commands executed as part of show tech-support commands
details         Gather detailed information for troubleshooting
dhcp            Gather detailed information for dhcp troubleshooting
eem             Show EEM tech-support information
eigrp           Display EIGRP status and configuration
eltm            Eltm debug info
ethpm           Gather detailed information for ETHPM troubleshooting
forwarding      Forwarding debug information
ha              Gather detailed information for HA troubleshooting
hsrp            Show hsrp tech-support information
icmpv6          Display Icmpv6 information
im              Gather detailed information for IM troubleshooting
include-time    Gather tech-support and capture time taken to execute each
command
interface-vlan  Gather detailed information for interface-vlan
troubleshooting
internal        Gather internal info for troubleshooting
ip              Display IP information
ipqos           IP QoS Manager
ipv4            Display IP information
ipv6            Display IPV6 information
l2fm            L2fm debug info
l2pt            Gather information for l2pt troubleshooting
l3vm            Display VRF information
lacp            Gather detailed information for LACP component
license         Display licensing information
logging         Show information on logging for technical support staff
m2fib           Gather detailed information for M2FIB troubleshooting
m2rib           Gather detailed information for M2RIB troubleshooting
mfwd            Display MCASTFWD status and configuration
module          Gather info related to a module
monitor         Gather detailed information for monitor troubleshooting
multicast       Display V4 Multicast information
netflow         Show NetFlow tech-support information
netstack        Gather information for NETSTACK troubleshooting
npacl           Display npacl information
pixm            Gather detailed information for PIXM troubleshooting
pixmc           PIXMC Information
pktmgr          Display Packet Manager information
port-channel    Gather detailed information for port channel troubleshooting
port-profile    Gather information for troubleshooting port-profiles
port-security   Port security related command

Ok, color code again:

Red – Router Output
Blue – Commands
Green – Notes

Traditionally when we have done show tech-support, we have always done terminal length to 0, set the capture buffer on our terminal application, and then executed the command – like this:

First we set the length to 0
FryGuyR1#terminal length 0
Then we configure our terminal to capture the data

Using SecureCRT to receive an ASCII file

Then we issue the show tech command:
FryGuyR1#show tech-support

After a few minutes we are done.  We can then take that file and then send it to TAC or some other VAR support.  The 3845ISR I just did a show-tech on was about 400kb, so it is no problem to e-mail that one to someone.

Well, that is fine until you get to a beast like the Nexus 7000.  As I mentioned earlier, the SHOW TECH from that beast is HUGE!  One of our production devices has a show tech of about 150 megs!

So, what are we do to if we need to do a SHOW TECH on the Nexus?  Well one thing cool about NX-OS is that you can redirect the output by appending >> or creating a file with > to the show tech.  You can redirect the output to Bootflahs, slot0, or volatile memory.  Once there, you can retrieve it vie FTP/TFTP and such.

N7K1# show tech-support >> ?
bootflash:  Destination filesystem path
slot0:      Destination filesystem path
volatile:   Destination filesystem path

N7K1#show tech-support >> bootflash:TechBlog.txt

So, once you have all that information – just look at the bootlfash:

N7K1# dir
144030405 Jan 23 16:49:17 2011  TechBlog.txt
44192    Nov 23 1:22:00 2010  Backuprunningconfig.txt

Usage for bootflash://
658034688 bytes used
1151864832 bytes free
1809899520 bytes total
N7K1-CoreSwitch1#

Now for another neat trick – the NX-OS has gzip installed, so we can gzip the file and make it even smaller before transferring it to our computer.

N7K1# gzip bootflash:TechBlog.txt
N7K1# dir
10590611 Jan 23 16:49:17 2011  TechBlog.txt.gz
44192    Nov 21 12:22:19 2010  runningconfig.txt

Usage for bootflash://
524464128 bytes used
1285435392 bytes free
1809899520 bytes total
N7K1#

There, we went from 144 meg file to a 10 meg zip.  From there, you should be able to e-mail the file to support for assistance.

Integrated Switch Modules in Routers (SM-E3SG and NME-XD)

In Blogroll, How To on January 23, 2011 at 09:03

In the Small Branch office type of environment we are commonly limited to the budget of the design, the space for the hardware, as well as the remote supportability of the site.  By supportability I refer to being able to walk someone through what each device it, what it does, and how to check when (not if) there is a problem. Normally this design may look something a router connecting to WAN links (T1/DS3/etc), then that router connecting to some type of switch or switches, and finally the end stations being connected to the switch(es).  Perhaps in a simplistic fashion, the network looks like this:

Typical LAN WAN Design

Well, what if you could collapse this a bit and, not so much as remove, but integrate a component into another piece of hardware.  What would happen if you actually integrated a network switch into your router?  Technically speaking, you would still have the same pieces in your design, just one less physical component – so to speak. If you chose to integrate the switch into the router, the  support at a remote site via telephone becomes that much easier as you really only have to deal with a single piece of hardware.  The design may look something link this:

Collapsed LAN WAN Design

So, what are the benefits of this type of design and what about the caveats?  Well, I see the benefits as a reduced footprint for a site, shared power supply (reduced UPS requirements), reduce maintenance costs with regards to Smart Net, as well as the integrated switch module uses the back plane for connection to the router and not a physical cable.  The Switch module actually runs its own IOS code and has no up time relationship compared to the router.  What that means is if you reload the router the switch continues to function.  What about the caveats you ask, physical upgrades may be more difficult if the router you are upgrade to does not support the switch module – but that is all that really comes to mind.  To be honest, for a small site it is a hard sell not to go this route.  There are even some NME-XD modules that have stack-wise ports, so you can actually stack them to Cisco 3750 switches if you need more switch-ports.

Below are some pictures of the switch modules.  You can get them in 16, 32, and 48 port versions for the 2800/3800 2900/3900 series routers.

Network Switch Modules

Ok, enough of the background information and stuff – lets get to the good stuff.  How do you configure these things?

Color codes:

Router/Switch Output
Commands
Notes

For this posting I am using a Cisco 3845ISR running IOS 12.4(13r)T Advanced Services code and a NME-XD-48ES module.

Well, lets look at our interfaces and see what we can see:
FryGuyR1#sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         unassigned      YES unset  administratively down down
GigabitEthernet0/1         unassigned      YES unset  administratively down down
GigabitEthernet2/0         unassigned      YES unset  administratively down down
ATM3/0                     unassigned      YES unset  administratively down down
Serial4/0                  unassigned      YES unset  administratively down down
Serial4/1                  unassigned      YES unset  administratively down down
Serial4/2                  unassigned      YES unset  administratively down down
Serial4/3                  unassigned      YES unset  administratively down down
FryGuyR1#

It looks just like some normal interfaces, nothing fancy or special.  But if you notice, we have a GigabitEthernet 2/0 showing.  Normally the only interfaces we see are the GigabitEthernet0/x interfaces on a router.  What is this GigabitEthernet 2/0 interface actually? Well, perhaps we should take a look at the inventory on the router via the SHOW INV command:

FryGuyR1#sh inv
NAME: “3845 chassis”, DESCR: “3845 chassis”
PID: CISCO3845         , VID: V01 , SN: FTX1142A0HV

NAME: “c3845 Motherboard with Gigabit Ethernet”, DESCR: “c3845 Motherboard with Gigabit Ethernet”
PID: CISCO3845-MB      , VID: V06 , SN:

NAME: “NME-XD-48ES-2S-P: EtherSwitch SM 48 10/100T PoE + 2 SFP”, DESCR: “NME-XD-48ES-2S-P: EtherSwitch SM 48 10/100T PoE + 2 SFP”
PID: NME-XD-48ES-2S-P  , VID: V01 , SN:

NAME: “ATM DS3 “, DESCR: “ATM DS3 “
PID: NM-ATM-DS3        , VID: 1.0, SN:

NAME: “Four Port High-Speed Serial”, DESCR: “Four Port High-Speed Serial”
PID: NM-4T=            , VID: 1.1, SN:

As you can see, we have a NME-XD-48ES-S2-P EtherSwitch card installed in this router, but what slot?
To figure out what Slot it is installed.  I going to use the SHOW DIAG command and have it INCLUDE Slot and NME to limit the amount of information returned.

FryGuyR1#sh diag | inc Slot|NME
Slot 0:
WIC Slot 0:
WIC Slot 1:
WIC Slot 2:
WIC Slot 3:
Slot 2:
NME-XD-48ES-2S-P: EtherSwitch SM 48 10/100T PoE + 2 SFP Port adapter, 1 port
Product (FRU) Number     : NME-XD-48ES-2S-P
Slot 3:
Slot 4:
FryGuyR1#

Ahh, so that is why we have GigabitEthernet 2/0 on the router! The switch module is connected to the router via an “internal gigabit ethernet” connection.  Pretty cool!

So, how do we access this module from the CLI?  The command is Service-Module GeX/0 session from the privileged EXEC mode on the router.

FryGuyR1#service-module gigabitEthernet 2/0 session
IP address needs to be configured on interface GigabitEthernet2/0
FryGuyR1#

Hmm, guess we need to an IP address to the interface fist, lets do that now using 10.1.1.1/24.

FryGuyR1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
FryGuyR1(config)#int g2/0
FryGuyR1(config-if)#ip add 10.1.1.1 255.255.255.0
FryGuyR1(config-if)#no shut
FryGuyR1(config-if)#exit
FryGuyR1(config)#exit
FryGuyR1#
*Jan 23 01:28:08.195: %SYS-5-CONFIG_I: Configured from console by console
*Jan 23 01:28:08.243: %LINK-3-UPDOWN: Interface GigabitEthernet2/0, changed state to up
*Jan 23 01:28:09.243: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0, changed state to up

There we go, Gig2/0 is now UP – let’s take a quick look at the interface:

FryGuyR1#sh int g2/0
GigabitEthernet2/0 is up, line protocol is up
Hardware is Marvell 88E8000, address is 001c.f6e6.6aa8 (bia 001c.f6e6.6aa8)
Internet address is 10.1.1.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is force-up, media type is internal

There we go – up/up – also, notice the media type is listed as internal – means that we are connected via the backplane on the router to the switch module.

Now we can try to access the module again:

FryGuyR1#service-module gigabitEthernet 2/0 session
Trying 10.1.1.1, 2130 … Open

Would you like to terminate autoinstall? [yes]:yes

— System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>
02:52:02: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
02:52:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down

There, we are connected.

Note: Notice the port-number when you service-moduled into the device, that would be the port you could telnet to on the router to connect to the console on the switch module.  Just like a reverse-console server.

Now, lets Enable up and look at a SHOW VER output on the switch:

Switch>en
Switch#sh ver
Cisco IOS Software, C3750 Software (C3750-ADVIPSERVICESK9-M), Version 12.2(25)SEE4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Mon 16-Jul-07 03:24 by myl
Image text-base: 0x00003000, data-base: 0x01280000

ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)EZ, RELEASE SOFTWARE (fc1)

Switch uptime is 2 hours, 52 minutes
System returned to ROM by power-on
System restarted at 22:39:17 UTC Sat Jan 22 2011
System image file is “flash:/c3750-advipservicesk9-mz.122-25.SEE4/c3750-advipservicesk9-mz.122-25.SEE4.bin”

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco NME-XD-48ES-2S-P (PowerPC405) processor (revision 3.0) with 118784K/12280K bytes of memory.
Processor board ID FOC111222V0
Last reset from power-on
1 Virtual Ethernet interface
48 FastEthernet interfaces
4 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:1D:45:6B:7F:00
Motherboard serial number       : FOC111222V0
Model revision number           : 3.0
System serial number            : FOC1111222V0
Top Assembly Part Number        : 800-25015-01
Top Assembly Revision Number    : N/A
Version ID                      : V01
Hardware Board Revision Number  : 0x00

Switch   Ports  Model              SW Version              SW Image
——   —–  —–              ———-              ———-
*    1   52     NME-XD-48ES-2S-P   12.2(25)SEE4            C3750-ADVIPSERVICESK

Configuration register is 0xF

Switch#

If you look at the output you can see that the NME-XD-48ES is basically a 3750 switch that is integrated into the router.  Neat, eh?

Now, let’s take a look at the interfaces on the switch:

Switch#sh ip int br
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES unset  administratively down down
FastEthernet1/0/1      unassigned      YES unset  down                  down
FastEthernet1/0/2      unassigned      YES unset  down                  down
FastEthernet1/0/3      unassigned      YES unset  down                  down
FastEthernet1/0/4      unassigned      YES unset  down                  down
FastEthernet1/0/5      unassigned      YES unset  down                  down
FastEthernet1/0/6      unassigned      YES unset  down                  down
FastEthernet1/0/7      unassigned      YES unset  down                  down
FastEthernet1/0/8      unassigned      YES unset  down                  down
FastEthernet1/0/9      unassigned      YES unset  down                  down
FastEthernet1/0/10     unassigned      YES unset  down                  down
FastEthernet1/0/11     unassigned      YES unset  down                  down
FastEthernet1/0/12     unassigned      YES unset  down                  down
FastEthernet1/0/13     unassigned      YES unset  down                  down
FastEthernet1/0/14     unassigned      YES unset  down                  down
FastEthernet1/0/15     unassigned      YES unset  down                  down
FastEthernet1/0/16     unassigned      YES unset  down                  down
FastEthernet1/0/17     unassigned      YES unset  down                  down
FastEthernet1/0/18     unassigned      YES unset  down                  down
FastEthernet1/0/19     unassigned      YES unset  down                  down
FastEthernet1/0/20     unassigned      YES unset  down                  down
FastEthernet1/0/21     unassigned      YES unset  down                  down
FastEthernet1/0/22     unassigned      YES unset  down                  down
FastEthernet1/0/23     unassigned      YES unset  down                  down
FastEthernet1/0/24     unassigned      YES unset  down                  down
FastEthernet1/0/25     unassigned      YES unset  down                  down
FastEthernet1/0/26     unassigned      YES unset  down                  down
FastEthernet1/0/27     unassigned      YES unset  down                  down
FastEthernet1/0/28     unassigned      YES unset  down                  down
FastEthernet1/0/29     unassigned      YES unset  down                  down
FastEthernet1/0/30     unassigned      YES unset  down                  down
FastEthernet1/0/31     unassigned      YES unset  down                  down
FastEthernet1/0/32     unassigned      YES unset  down                  down
FastEthernet1/0/33     unassigned      YES unset  down                  down
FastEthernet1/0/34     unassigned      YES unset  down                  down
FastEthernet1/0/35     unassigned      YES unset  down                  down
FastEthernet1/0/36     unassigned      YES unset  down                  down
FastEthernet1/0/37     unassigned      YES unset  down                  down
FastEthernet1/0/38     unassigned      YES unset  down                  down
FastEthernet1/0/39     unassigned      YES unset  down                  down
FastEthernet1/0/40     unassigned      YES unset  down                  down
FastEthernet1/0/41     unassigned      YES unset  down                  down
FastEthernet1/0/42     unassigned      YES unset  down                  down
FastEthernet1/0/43     unassigned      YES unset  down                  down
FastEthernet1/0/44     unassigned      YES unset  down                  down
FastEthernet1/0/45     unassigned      YES unset  down                  down
FastEthernet1/0/46     unassigned      YES unset  down                  down
FastEthernet1/0/47     unassigned      YES unset  down                  down
FastEthernet1/0/48     unassigned      YES unset  down                  down
GigabitEthernet1/0/1   unassigned      YES unset  down                  down
GigabitEthernet1/0/2   unassigned      YES unset  down                  down
GigabitEthernet1/0/3   unassigned      YES unset  up                    up
GigabitEthernet1/0/4   unassigned      YES unset  up                    up
Switch#

To find out what interface we need to configure to talk to the router, issue the show service-module status command

Switch#sh service-module status
Service Module is in STEADY state
Service Module target interface is GigabitEthernet1/0/4
Interface GigabitEthernet1/0/3 is connected to BACKPLANE
Switch#

As you can see, the TARGET interface is G1/0/4, so that is the interface we need to configure.

For our first example, we will configure a Layer 3 interface on G1/0/4 using an IP address of 10.1.1.2/24

Switch(config)#int g1/0/4
Switch(config-if)#no switchport
Switch(config-if)#ip add 10.1.1.2 255.255.255.0
Switch(config-if)#exit
Switch(config)#exit

Now lets check that we have an IP on that interface.  The command that I am using is SHOW IP INTERFACE BRIEF | EXCLUDE unassigned.  I am only interested in the interfaces with an IP addresss, so why look at all of them?
Switch#sh ip int br | ex un
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1/0/4   10.1.1.2        YES manual up                    up

And now to PING 10.1.1.1

Switch#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1007 ms
Switch# ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#

Note: The first PING took a bit longer because of ARP, as you can see the second ping is 1ms RTT.

There we go, we now have connectivity.

Now, lets reset the G1/0/4 back to default settings:

Switch(config)#default interface g1/0/4
Interface GigabitEthernet1/0/4 set to default configuration
Switch(config)# ^Z

Note: The default interface command is a great way to reset a interface back to all the defaults!

Switch#sh run int g1/0/4
Building configuration…

Current configuration : 38 bytes
!
interface GigabitEthernet1/0/4
end

There, just like we never did anything.

Now, lets do an SVI interface by creating VLAN 100, assigning it an IP of 10.1.1.2/24, and then setting G1/0/4 in VLAN 100. Remember that this is a switch, so normal switch VLAN and Spanning-tree configuraitons should be applied as well.

Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 100
Switch(config-vlan)#name RouterVLAN
Switch(config-vlan)#exit
Switch(config)#spanning-tree vlan 100 root primary
Switch(config)#int vlan 100
Switch(config-if)#ip add 10.1.1.2 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#int g1/0/4
Switch(config-if)#sw mo ac
Switch(config-if)#sw ac vl 100
Switch(config-if)#^Z
Switch#

Lets look at the interfaces again that have IP addresses and the VLANs as well as what VLANS are on the switch.

Switch#sh ip int br | ex un
Interface              IP-Address      OK? Method Status                Protocol
Vlan100                10.1.1.2        YES manual up                    up

Switch#sh vlan

VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Fa1/0/25, Fa1/0/26, Fa1/0/27
Fa1/0/28, Fa1/0/29, Fa1/0/30
Fa1/0/31, Fa1/0/32, Fa1/0/33
Fa1/0/34, Fa1/0/35, Fa1/0/36
Fa1/0/37, Fa1/0/38, Fa1/0/39
Fa1/0/40, Fa1/0/41, Fa1/0/42
Fa1/0/43, Fa1/0/44, Fa1/0/45
Fa1/0/46, Fa1/0/47, Fa1/0/48
Gi1/0/1, Gi1/0/2, Gi1/0/3
100  RouterVLAN                       active    Gi1/0/4
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup

VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1    enet  100001     1500  –      –      –        –    –        0      0
100  enet  100100     1500  –      –      –        –    –        0      0
1002 fddi  101002     1500  –      –      –        –    –        0      0
1003 tr    101003     1500  –      –      –        –    –        0      0
1004 fdnet 101004     1500  –      –      –        ieee –        0      0
1005 trnet 101005     1500  –      –      –        ibm  –        0      0

Remote SPAN VLANs
——————————————————————————

Primary Secondary Type              Ports
——- ——— —————– ——————————————

Switch#

G1/0/4 is now assigned to VLAN 100 and all the remaining interfaces are in VLAN 1

Now to test with a PING
Switch# ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1007 ms
Switch# ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#

Note: The first PING took a bit longer because of ARP, as you can see the second ping is 1ms RTT.

So that is the basics on how to configure one of these modules.  The rest of the configuration is the same as any other switch, no difference.

Now, lets take a quick moment and prove that the switch stays up when you reload the router – you may lose network connectivity between the switch and the router, but rebooting the router does not take the switch down.

On the switch, lets do a SHOW VER | INC uptime

Switch#sh ver | inc uptim
Switch uptime is 17 minutes
Switch#

Now, lets go back to the router (CTRL-SHIFT-6-X) and reload the router:

FryGuyR1#rel
Proceed with reload? [confirm]y
*Jan 23 02:10:00.815: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.

[—[ Output Omitted to save bits and bytes ]—-]

Press RETURN to get started!

FryGuyR1>en
FryGuyR1#service-module gigabitEthernet 2/0 session
Trying 10.1.1.1, 2130 … Open

Switch#
Switch#sh ver | inc up
Switch uptime is 21 minutes
Switch#

See, the switch did not reload when we reloaded the router, it has its own independent IOS.  The only thing that it relies on the router for is POWER and Ethernet via the backplane.

Pretty cool if you ask me!

More information can be found at the following Cisco links:

Cisco EtherSwitch Service Modules

Cisco Enhanced EtherSwitch Service Modules for Cisco 2900 and 3900 Series Routers

Cisco EtherSwitch Service Modules Feature Guide

1995 Mustang Cobra Hardtop Convertible

In Uncategorized on January 16, 2011 at 22:22

Well, if you have not figured it out from the title, this is not a technical blog posting.  I have had a few people ask me about my car and give me confused, bewildered, and otherwise mystified faces.  Why you wonder, well – most people do not know that Ford ever made this car.  Yes, it is a Mustang; Yes, it is a Cobra; Yes, it is a convertible; and Yes – it has a removable hard-top as well! This was a car that I have wanted since I first saw them in 1995 at a local dealership, but unfortunately at that time I was not able to afford one.  As they say, all good things come to those who wait.

The 1995 Cobra was powered by a 240-hp 5.0L V-8 and is the same engine used in the 1994 Mustang Cobra.  The cars do 0-60 in about 6.7 seconds (slow compared to most cars today but back then that was quick!) and has a top speed of 140 mph.  Color options for the standard Mustang Cobra were Black (1433), White (1125), and Red (1447), for a total of 4005 units, of those 1003 convertibles were produced.  The 1995 model year was the only year a convertible hardtop was produced and only 499 of these Hardtop Convertibles were produced – all in Black .  There was a hardtop/ragtop that was installed as a prototype on a V6 and some GT Mustangs but were never “officially” produced.  Another new feature for 1995 was the addition of SVT badging, the Cobra’s from the previous years did not designate themselves as Special Vehicle Team cars.

What is the purpose of the Hardtop Convertible one may ask?  Well, the whole reason behind it (from my understanding) is so you can have a convertible in the summer via the soft-top, and then when Winter comes, put the hardtop on and you are good to go.  It was designed to be an all year car, not like the regular convertibles of the day that were summer only.  The hardtop has glass in the rear with a defogger, so it is a fully functioning top. Interior light, headliner, etc!

You can see the V6 Hardtop Convertible as well as some of the other prototype cars in the VHS cassette that accompanied the purchase of the car.  This tape was the instructions for how to remove and install the hard-top.   When I purchased my car the VHS tape came with it – and it was in very good shape.  I have since paid for the VHS tape to be professionally transferred to DVD format so that I can review it any time I would like.  I have since taken the DVD video and converted it to WMV format. Below is the video:

This Cobra is number 934 of 1003 when it comes to the number of Cobra Convertibles ans #435/499 of the Hardtop Convertibles.  This card listed for $30,685 in 1995 – now, that might not seem like too much today, but remember that the average price of a NEW car was $15,000 and the average income in the USA was $35,000/yr !  This Cobra was definitely in the high-end of pricing for cars that year!  The hard-top option added $1825 to the price of the base Cobra Convertible – and rumor has it that each roof was hand-fitted to each car.  The factory have a very difficult time with these tops as they did not fit perfectly right off the line.

I have had this car a little over a year now (purchased in the fall of 2009) and have really enjoyed it.  I think that I will keep it for a few more years until it is time for another toy.  One thing I have vowed to do is keep this car stock and original.  That has been a very difficult task as after-market power adders are so easy to find for this car.  But in the end, I think that it is worth more to the next collector if it is all there.

Below are some pics of the car and various accessories:

Front View - 95 Cobra had the Running Pony emblem

Driver's side

With the hardtop on

Soft top on

Roof off

Roof

Interior

The ole 5.0

SVT Certificate

Brochure and VHS

Stand for the Hardtop

Winter rest...

Just some of the Mustang posters in the garage

Just some of the Mustang posters in the garage cont

Just about all the SN97 rear emblems

Original Sticker

Gestalt IT’s first datacenter-focused Field Day event

In Uncategorized on January 14, 2011 at 16:09

Well I got the official notice today that I will be attending a Gestalt IT Tech Field Day event on February 10th and 11th in 2011 in San Jose, CA.  I feel honored as well as humbled to be invited to this event.  It is a great chance to meet new people, learn from their experiences, listen to their war stories, as well as the chance to see what the vendors have to say.

What is Tech Field Day, you ask?  Well – to explain it best I am going to quote it from Gestalt’s website:

This unique event brings together innovative IT product vendors and independent thought leaders who have immense influence on the ways that products and companies are perceived and understood by the general public. The world of media has changed, with social media and blogging gaining special importance. Our Field Day is an opportunity for tech companies and independent writers to get to know each other. Ultimately, we hope to provide a forum for engagement, education, hands-on experience, and feedback. This event is run as a community service rather than a profit-motivated media business. In this way, costs are kept to a reasonable minimum, involvement is encouraged, and fun is part of everything we do.

Gestalt IT’s Tech Field Day #5 is their first data center focused event this year and will be held in Silicon Valley.  ( Ahh, a warmer climate for a few days – especially when you compare it to the North East right now.  ).  I am very excited to see the line-up for this even, companies like Symantec, DataRobotics (cool – Drobo!), NetEx, and Inflblox are just some of the companies I will get to listen to and learn from as well as have the opportunity to ask questions.

You can learn more about the event at the following link:  Gestalt IT Tech Field Day #5 or for more general information: Gestalt IT Tech Field Day

 

New Cisco Compact Switches!

In Uncategorized on January 11, 2011 at 19:48

Well, just the other day Cisco announced some new Compact switches that should replace the Cisco 2940(yeah, I know that they were EOL and replaced with 2960-8)  and 3560-8 series switches.  The product information can be found here – Link.  The new switches are the Cisco 3560-C and 2960-C series.

These really have my attention from an Enterprise perspective.  I cannot tell you how many conference rooms we have that have either the 2940 or the 3560-8 switches mounted under the table.  Those switches work great, except for the fact that we need to also run a power-cord to them.  I cannot tell you how many times our NOC has contacted us with regards to a switch being reset due to power-on and it turning out someone kicked the power cord.  We run the Cisco 3560-8 at places where we need PoE ports  for phones and such, and the 2940/2960 series are used where no PoE is required.

So what is so intriguing to me about the new 2960-C switches? Well, the biggest thing that I noticed is that you can now get switches that will be powered via PoE and  PoE+ ports instead of an external power cord. This is feature is called PD PSE -Powered Devices (PD) and Power Sourcing Equipment (PSE) and is in available it WS-C2960CPD series of switches.  The way that it works is that you connect the dedicated copper uplinks on the 2960CPD switch to a PoE or PoE+ capable switch, the switch then senses the device requesting the power and provides the power necessary to the device.  This is the 802.3af (PoE) and 802.3at (PoE+) standards and works just like an IP phone does connected to a switch. One thing to note on the PS/PSE 2960C is that you can also get an external power supply to power the device.  This is a nice feature if you do not have PoE capable devices today but plan to deploy them at a later date. Below is an image taken from Cisco’s website that shows the PD/PSE switches on the left and the non PD/PSE switches below

PD/PSE Capable 2960-C Switches

3560-C and 2960-C Switches non PD/PSE

What I can gather from the information that is currently available, but still cannot confirm, is that if you are using PoE+, the switch supports PoE pass-through so that you can also power a downstream IP Phone, Camera, etc via the compact switch.  This is a really good feature for conference rooms, kiosks, as well as areas where you do not want to run power cables.  This can help to insure that all your critical network devices are connected to protected (UPS/Generator) power sources in the event of a utility outage.  Most conference rooms that I have see are not considered critical rooms and are not usually on UPS power.  Most switch rooms and closets, on the other-hand, are almost always on some type of protected power.

Both switches feature the usual stuff expected in a network switch – VLAN, VTP, LACP, QoS, MDIX, UDLD, VTP, RSPAN, and such.  They also have some nice security features as well – Port Security, DHCP snooping, IP Source guard, PVLAN, port-based ACLs, Spanning-tree Root Guard and such.  The PVLAN feature for a conference room is an interesting concept.  Never truly thought about deploying it in a conference room switch, but might have to consider that in the future.  We do have conference rooms where Visitors are allowed to connect to an outside network, and perhaps configuring a switch with PVLANs there would be a nice way to prevent unauthorized snooping, virus passing, and just evil things that I would never do.

So, what are some of the differences between the 2960-C and 3560-C that are worth noting (or at least I noticed more then the others)?  Well, with the Cisco 3560-C you can get a L3 capable switch – just like it’s big brothers.  Having some of these features available is interesting, not sure if it is overly practical to be honest – but is a good feature to have if you are putting the switch in a lab network.    The Cisco 3560-C is also only powered via an external power supply and does not currently support PD/PSE.    One thing I did notice is that the GLC-T is NOT supported in these switches, you will probably need to buy the SFP-GE-T one.  The price difference is that the SFP-GE-T is about $50 more list (about 450 list for the SFP-GE-T and the GLC-T lists at about 400).

Another note on the L3 for the Cisco 3560-C, it is controlled by a license file on the switch itself.  There is no hardware difference between L2 and the L3 models, only a silly license file.  If you buy the 3560-C , you can transparently upgrade the software feature set through Cisco IOS® Software activation.   This is a nice way to do the upgrade – no IOS to upload just a simple activation routine.  I think they went this way because of the old 3500 switches that you buy with SMI code but can install EMI code and make it a full L3 switch.  This is good business sense, yet I think that it may make things a bit over-complicated at time.

Another nice feature on these is the support of a USB A type port.  This can make life much easier when it comes to either backing up configs, replacing a bad switch, or just IOS upgrades.  I have used the USB drives on ASR, Nexus 7000, 2800/3800, etc to upgrade code, backup configs before replacements, or even to quickly recover a device.    I have also been known to use the USB drive to load an image for another device at the site and configure the router as a TFTP server to serve the file out. (hmm, idea for future blog post 🙂 )

One thing to note on the support and warranty on these is that they come with a limited lifetime warranty, 8x5xNBD replacement and 90 days of TAC out of the box.  By limited, means non-transferrable and only application to the original purchaser.

You can always find more information at Cisco’s website on these devices – here

%d bloggers like this: