1. No category

http://www.cisco.com/systemtest/SH/safehbr.pdf

Cisco IOS Safe Harbor for Financial Enterprise
Customers, Release 12.1(8b)E11
Version History
Version Number
Date
Notes
1
06/07/2002
This document was created.
2
06/14/2002
The following section was changed:
•
3
06/18/2002
The following section was changed:
•
4
Enhanced Interior Gateway Routing Protocol—
Redistribution Test
07/26/2002
Supervisor Failover Test—In the Test Plan, Step 1
now states reset the active supervisor.
Minor editorial changes were made.
Executive Summary
Cisco IOS Safe Harbor is an initiative, the purpose of which is to provide the Global Financial Services
customer with a stable Cisco IOS E version-of-choice. This is accomplished through the regression
testing of functionality that is critical to the success of the financial services business.
This document describes the Safe Harbor testing environment, the testing plans, expected test results,
and a summary of the test results. Device configurations and actual test result logs are not part of this
document.
This document contains the following sections:
•
About Cisco IOS Safe Harbor, page 2
•
Test Results Summary, page 11
•
Feature Sets Testing, page 14
•
Hardware Redundancy, page 14
•
Layer 2 Features, page 16
•
Hardware Forwarding Features, page 26
Cisco IOS Safe Harbor for Financial Enterprise Customers
1
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
About Cisco IOS Safe Harbor
•
Layer 3 Routing Features, page 45
•
Network Management Features, page 53
•
Miscellaneous Features, page 55
•
Supplementary Information, page 60
About Cisco IOS Safe Harbor
The goal of Cisco IOS Safe Harbor is to provide improved network stability, reliability, and performance
with respect to Cisco IOS software. Safe Harbor involves testing the feature sets and protocols in a
particular Cisco IOS Release E image on certain platforms to provide high quality code for the financial
services business. This combination of features, hardware, and image are tested in a laboratory
environment that simulates the financial services business network environment. For information on the
hardware tested and the network setup of the test environment, see the “Financial Lab Topology” section
on page 2.
The groups of feature sets that are tested include the following: hardware redundancy, Layer 2 features,
hardware forwarding features, Layer 3 routing features, network management features, and several
miscellaneous features. Regression tests are conducted to validate existing features and ensure that
functionality is maintained. Negative tests are designed and conducted to stress the features and their
interoperability. For information on each feature and its testing, see the “Feature Sets Testing” section
on page 14.
During the testing, the network is placed under loads that are consistent with those in a financial services
network. A standard suite of tools (for example, Netcom’s Smartbits or IXIA’s packet generator) is used
to generate network traffic. Network testing includes a combination of automated and manual tests.
Simple Network Management Protocol (SNMP) is used to poll the network during the tests, and all tests
are analyzed. For a summary of the test results, see the “Test Results Summary” section on page 11.
Note
Safe Harbor testing does not address any issues that might exist in the customer change control and
operations processes.
Financial Lab Topology
Figure 1 shows the base financial lab topology. The financial services network environment configured
in the lab includes the following hardware:
•
Fourteen Catalyst 6500 switches running Cisco Native IOS Release 12.1(8b)E11 (SH1-97 to
SH1-110)
•
Two Catalyst 6500 switches that are running Hybrid CatOS 6.3(4) with no routing (Dist A-1 and
Dist A-2)
•
Pagent test devices to simulate the ISPs and Area 3 and Area 4, injecting BGP, OSPF, and EIGRP
routes
•
IXIA test devices to generate simulated customer traffic
Cisco IOS Safe Harbor for Financial Enterprise Customers
2
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
About Cisco IOS Safe Harbor
Figure 1
Base Topology
SH1-101
Distribution
block 1
Distribution
block 2
Dist A-1
SH1-102
SH1-97
Distribution
block 3
SH1-99
SH1-105
User
block 1
Dist A-2
SH1-98
SH1-100
SH1-103
SH1-106
SH1-107
User
block 2
Dist A-1
SH1-108
SH1-109
72711
SH1-104
User
block 3
Dist A-2
SH1-110
The hardware configuration in the financial test lab includes a combination of distributed fabric,
fabric-capable, and nonfabric modules.
Note
The Switch Fabric Module is supported only with the Supervisor Engine 2 in the Catalyst 6500 series
switch.
Cisco IOS Safe Harbor for Financial Enterprise Customers
3
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
About Cisco IOS Safe Harbor
Basic Topology: Port Channel Deployment
Figure 2 shows the port channel deployment for the Safe Harbor testing. Catalyst 6500 series switches
running Native Cisco IOS support both Layer 2 (L2) and Layer 3 (L3) Etherchannels, with up to eight
Ethernet interfaces on any module. All interfaces in each Etherchannel must be identically configured
(the same speed, all L2 or L3, and so forth).
Etherchannel load balancing can use either MAC addresses or IP addresses, and either source or
destination or both source and destination addresses. The selected mode applies to all Etherchannels
configured on the switch.
Etherchannel is a trunking technology that groups together multiple full-duplex 802.3 Ethernet
interfaces to provide fault-tolerant high-speed links between switches, routers, and servers. An
Etherchannel interface (consisting of up to eight Ethernet interfaces) is treated as a single interface; this
is called a port channel.
The port channels configured for Safe Harbor testing are Gigabit Etherchannels (GECs). The following
types of GEC port channels are configured and tested for Safe Harbor:
•
Layer 3 GEC distributed forwarding card (DFC)
•
Layer 3 GEC DFC and non-DFC mixed
•
Layer 3 GEC using fabric-capable modules, nonfabric modules, and combinations of both
•
Layer 2 GEC using fabric-capable modules, nonfabric modules, and combinations of both
Cisco IOS Safe Harbor for Financial Enterprise Customers
4
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
About Cisco IOS Safe Harbor
Port Channel Deployment
SH1-101
L3 GEC DFC
L3 GEC Mixed
L3 GEC Non-DFC
L2 GEC
Distribution
block 1
Distribution
block 2
Dist A-1
SH1-102
SH1-97
Distribution
block 3
SH1-99
SH1-105
User
block 1
Dist A-2
SH1-98
SH1-100
SH1-106
SH1-103
SH1-107
User
block 2
Dist A-1
SH1-104
SH1-108
SH1-109
User
block 3
Dist A-2
SH1-110
72713
Figure 2
Cisco IOS Safe Harbor for Financial Enterprise Customers
5
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
About Cisco IOS Safe Harbor
Basic Topology: Routing Protocols
The following routing protocols are configured for Safe Harbor testing:
•
Border Gateway Protocol (BGP)
– External Border Gateway Protocol (eBGP)
– Interior Border Gateway Protocol (iBGP)
•
External Interior Gateway Routing Protocol (EIGRP)
•
Open Shortest Path First (OSPF)
Figures 3, 4, and 5 show where each routing protocol is configured in the basic test lab topology.
Figure 3 shows the eBGP and iBGP routing protocol deployment for the Safe Harbor testing.
Figure 3
eBGP and iBGP Routing Protocol Deployment
SH1-101
Distribution
block 1
Dist A-1
Distribution
block 2
eBGP
iBGP
SH1-102
SH1-97
Distribution
block 3
SH1-99
ISP-A
SH1-105
User
block 1
Dist A-2
ISP-B
SH1-98
SH1-106
SH1-100
SH1-103
eBGP
SH1-107
User
block 2
Dist A-1
SH1-108
SH1-104
SH1-109
User
block 3
SH1-110
Cisco IOS Safe Harbor for Financial Enterprise Customers
6
72773
Dist A-2
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
About Cisco IOS Safe Harbor
Figure 4 shows the EIGRP routing protocol deployment for Safe Harbor testing.
Figure 4
EIGRP Routing Protocol Deployment
EIGRP
SH1-101
Distribution
block 1
Dist A-1
Distribution
block 2
SH1-102
Distribution
block 3
SH1-97
SH1-99
SH1-105
User
block 1
Dist A-2
SH1-106
SH1-100
SH1-103
SH1-107
User
block 2
Dist A-1
SH1-108
SH1-104
SH1-109
User
block 3
Dist A-2
SH1-110
72772
SH1-98
Cisco IOS Safe Harbor for Financial Enterprise Customers
7
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
About Cisco IOS Safe Harbor
Figures 5, 6, and 7 show the OSPF routing protocol areas configured for Safe Harbor testing.
Figure 5 shows OSPF routing protocol Area 0 for Safe Harbor testing.
Figure 5
OSPF Routing Protocol Area 0
SH1-101
Distribution
block 1
Dist A-1
Distribution
block 2
OSPF
Area 0
SH1-102
SH1-97
Distribution
block 3
SH1-99
SH1-105
User
block 1
Dist A-2
SH1-98
SH1-106
SH1-100
SH1-103
SH1-107
Area 3
User
block 2
Area 4
Dist A-1
SH1-108
SH1-104
SH1-109
User
block 3
SH1-110
Cisco IOS Safe Harbor for Financial Enterprise Customers
8
72774
Dist A-2
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
About Cisco IOS Safe Harbor
Figure 6 shows OSPF routing protocol Areas 1 and 2.
Figure 6
OSPF Routing Protocol Areas 1 and 2
SH1-101
Distribution
block 1
Dist A-1
Distribution
block 2
SH1-102
SH1-97
Distribution
block 3
OSPF
Area 2
SH1-99
SH1-105
User
block 1
Dist A-2
SH1-98
SH1-106
SH1-100
SH1-103
SH1-107
Area 3
User
block 2
Area 4
Dist A-1
SH1-108
SH1-104
SH1-109
User
block 3
SH1-110
72775
Dist A-2
OSPF
Area 1
Cisco IOS Safe Harbor for Financial Enterprise Customers
9
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
About Cisco IOS Safe Harbor
Figure 7 shows OSPF routing protocol Areas 3 and 4.
Figure 7
OSPF Routing Protocol Areas 3 and 4
SH1-101
Distribution
block 1
Dist A-1
Distribution
block 2
SH1-102
SH1-97
Distribution
block 3
SH1-99
SH1-105
User
block 1
Dist A-2
SH1-98
SH1-106
SH1-100
SH1-103
SH1-107
Area 3
User
block 2
Area 4
Dist A-1
OSPF
Area 3
SH1-108
OSPF
Area 4
SH1-104
SH1-109
User
block 3
SH1-110
Cisco IOS Safe Harbor for Financial Enterprise Customers
10
72776
Dist A-2
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Test Results Summary
Test Results Summary
Table 1 summarizes the results of all the testing that was completed as part of the Cisco IOS Safe Harbor
initiative. Table 1 includes the following information—The feature/function tested, the section that
describes the feature set to which the feature/function belongs, the results of the feature/function tests
(pass/fail), the component tests for each feature/function, and any DDTS found during the Safe Harbor
testing.
Note
Table 1
These test results are specific to the technologies covered and the actual test scenarios in which they
were tested. Safe Harbor is designed to cover critical path areas and augment ongoing regression and
systems testing.
Safe Harbor Test Results Summary
Feature/Function
Feature Set Section
Pass/Fail
Border Gateway Protocol
Layer 3 Routing
Features, page 45
Pass
Cisco Group Management
Protocol/Internet Group
Management Protocol
Hardware Forwarding
Features, page 26
Enhanced Interior Gateway
Routing Protocol
Layer 3 Routing
Features, page 45
Pass
Hardware Redundancy
Hardware Redundancy,
page 14
Pass
Layer 3 Routing
Features, page 45
Pass
Hardware Forwarding
Features, page 26
Pass
Hot Standby Routing Protocol
IP Unicast
Pass
Components Tests
DDTS
•
Scale to Ten Neighbors in Core None
Test
•
BGP Neighbor Flap Test
•
Route Redistribution Test
•
Basic IGMP/CGMP
Functionality Test
•
IGMP Functionality Test on
SUP1/MSFC2
•
Summarization Test
•
Redistribution Test
•
Supervisor Failover Test
•
SFM Fabric Flap Test
•
Basic HSRP Test
•
HSRP Failover Test
•
Hardware Shortcut and GEC
Load Balancing Test
•
CEF Distribution Test
•
Layer 2 GEC Failover Test
•
Layer 3 GEC Failover Test
•
ARP Test
None
None
None
None
None
Cisco IOS Safe Harbor for Financial Enterprise Customers
11
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Test Results Summary
Table 1
Safe Harbor Test Results Summary (continued)
Feature/Function
Feature Set Section
Pass/Fail
IP Multicast
Hardware Forwarding
Features, page 26
Pass
Components Tests
DDTS
•
Basic Multicast and MSDP Test None
•
Core MSDP Test
•
Non-RPF Rate Limiting and
Multicast Stub Test
•
GEC failover: Non-dCEF GEC
Failover Test
•
GEC failover: Mixed GEC
Failover Test
•
GEC failover: dCEF GEC
Failover Test
•
SFM Failover Test
•
GE Module Failover Test
•
PIM-DR Failover Test
•
PIM-DR and MSDP Failover
Test
•
Layer 3 Interface GEC Negative
Test
•
Unicast and Multicast Test with
130K Injected IP Routes
Network Time Protocol
Miscellaneous Features, Pass
page 55
•
Basic NTP Functionality Test
None
Open Shortest Path First
Layer 3 Routing
Features, page 45
•
Autocost Test
None
•
Passive Interface Test
•
Filtering Test
•
Redistribution Test
•
OSPF Topology Database Test
•
Basic Layer 2 Channeling
Configuration Test
•
Basic Layer 3 Channeling
Configuration Test
•
Etherchannel Load Balance
Test
•
Layer 3 Etherchannel Load
Balance Tests (1, 2)
•
Gigabit Ethernet Module Reset
Test
Port Aggregation Protocol
(Channeling)
Layer 2 Features,
page 16
Pass
Pass
None
Simple Network Management
Protocol
Network Management
Features, page 53
Pass
•
Basic Functionality Shut/No
Shut Interface Test
None
Spanning Tree Protocol
Layer 2 Features,
page 16
Pass
•
Basic SPT Configuration Test
None
Cisco IOS Safe Harbor for Financial Enterprise Customers
12
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Test Results Summary
Table 1
Safe Harbor Test Results Summary (continued)
Feature/Function
Feature Set Section
Syslog
Miscellaneous Features, Pass
page 55
•
Basic Syslog Functionality Test None
System Upgrading
Miscellaneous Features, Pass
page 55
•
Basic Procedure Test
Terminal Access Controller
Access Control System
Network Management
Features, page 53
Pass
•
Verify User Authentication Test None
Trunking
Layer 2 Features,
page 16
Pass
•
Basic Trunking Test
•
Failure and Recovery Test
Layer 2 Features,
page 16
Pass
•
Basic UDLD Test on Layer 2
Link
•
Basic UDLD Test on Layer 3
Link
Unidirectional Link
Detection-Aggressive Mode
Pass/Fail
Components Tests
DDTS
None
None
CSCdv74001
User Data Protocol Broadcast
Flooding
Miscellaneous Features, Pass
page 55
•
UDP Broadcast Flooding Test
None
VLAN Trunking Protocol
Layer 2 Features,
page 16
•
Basic VTP Configuration Test
None
Pass
Cisco IOS Safe Harbor for Financial Enterprise Customers
13
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Feature Sets Testing
Feature Sets Testing
Functionality critical to the global financial service business tested for the Cisco IOS Safe Harbor release
includes the following:
•
Hardware Redundancy, page 14
•
Layer 2 Features, page 16
•
Hardware Forwarding Features, page 26
•
Layer 3 Routing Features, page 45
•
Network Management Features, page 53
•
Miscellaneous Features, page 55
Hardware Redundancy
Whenever a fault is encountered, the redundant module takes over the functions of the failed hardware
module. Testing hardware redundancy for Safe Harbor involves performing various failover scenarios to
verify internal hardware redundancy fails over as expected. Verifying hardware redundancy involves the
following tests:
•
Supervisor Failover Test, page 14
•
Switch Fabric Module Fabric Flap Test, page 15
Supervisor Failover Test
The Supervisor Failover test verifies the proper operation of redundant supervisors during a series of
continual resets. The test measures time, but the test is not necessarily a measure of the speed at which
failover can take place because this is dependent on configuration and line cards in the system. The time
is a measure of the delta from when the reset is issued to the time all line cards come back online and
are ready and able to forward traffic.
Test Plan
Perform the following steps:
Step 1
Reset the active supervisor six times (three times per module).
Step 2
Record the time measured from the reset to the time required for all line cards to come back online.
Step 3
Compare the supervisor failover times to design guidelines for the particular hardware and software.
Expected Results
We expect that failure operations are within the design guidelines for the given hardware and software
versions under test with no configuration or functionality loss.
Cisco IOS Safe Harbor for Financial Enterprise Customers
14
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Redundancy
Results
Table 2 shows the Supervisor Failover test results.
Table 2
Supervisor Failover Test Results
Component
Pass/Fail
Supervisor Failover Test
Pass
Switch Fabric Module Fabric Flap Test
The Switch Fabric Module (SFM) Fabric Flap test involves resetting the active SFM in the system. This
test verifies that SFM failover operates as designed.
Test Plan
Perform the following steps:
Step 1
Flap the active SFM (forcing the redundant SFM to become active) continuously for several hours.
Step 2
Verify that failover operations are within the design guidelines for the particular hardware and software
versions under test.
Step 3
Verify memory allocation and CPU usage during the test.
Expected Results
We expect that failover operations are within the design guidelines for the hardware and software
versions being tested.
Results
Table 3 shows the Switch Fabric Module Fabric Flap test results.
Table 3
Switch Fabric Module Fabric Flap Test Results
Component
Pass/Fail
Switch Fabric Module Fabric Flap Test
Pass
Cisco IOS Safe Harbor for Financial Enterprise Customers
15
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 2 Features
Layer 2 Features
Layer 2 feature testing for Safe Harbor involves these features:
•
VLAN Trunking Protocol, page 16
•
Spanning Tree Protocol, page 17
•
Unidirectional Link Detection-Aggressive Mode, page 18
•
Trunking, page 21
•
Port Aggregation Protocol (Channeling), page 23
VLAN Trunking Protocol
VLAN Trunking Protocol (VTP) is a Layer 2 messaging protocol that maintains VLAN configuration
consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP
minimizes misconfigurations and configuration inconsistencies that can result in a number of problems,
such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
You can use VTP to manage VLANs 1 to 1005 in your network. (Note that VTP does not support VLANs
1025 to 4094.) With VTP, you can make configuration changes centrally on one switch and have those
changes automatically communicated to all other switches in the network.
Test Plan
VTP testing for Safe Harbor includes the Basic VLAN Trunking Protocol Configuration Test.
Basic VLAN Trunking Protocol Configuration Test
Perform the following steps:
Step 1
Verify that SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
Configure all switches for VTP transparent mode.
Step 3
Configure trunks between SH1-107 and Dist A-1.
Step 4
Analyze the following commands on SH1-107:
SH1-107# show vtp status
SH1-107# show interface port-id trunk
SH1-107# show spanning-tree vlan vlan-number brief
Step 5
Analyze the following commands on Dist A-1:
Dist A-1 (enable) show vtp domain
Dist A-1 (enable) show trunk
Dist A-1 (enable) show spantree vlan-number
Dist A-1 (enable) show cdp neighbors
Step 6
Configure SH1-107 for VTP mode server and add VLAN 200 to the VLAN database on SH1-107. Repeat
Steps 4 and 5, confirming that VLAN 200 is not added to the database on Dist A-1.
Cisco IOS Safe Harbor for Financial Enterprise Customers
16
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 2 Features
Step 7
With SH1-107 in VTP server mode and Dist A-1 in VTP transparent mode, add VLAN 201 to the VLAN
database of Dist A-1. Repeat Steps 4 and 5, confirming that VLAN 201 was not added to the VLAN
database on SH1-107.
Step 8
Configure Dist A-1 for VTP mode client and add VLAN 202 to the VLAN database on SH1-107. Repeat
Steps 4 and 5, confirming that VLAN 202 is not added to the database on Dist A-1.
Step 9
With SH1-107 in VTP server mode and Dist A-1 in VTP client mode, add VLAN 203 to VLAN database
on Dist A-1. Repeat Steps 4 and 5, confirming that VLAN 203 is not added to the VLAN database of
Dist A-1.
Step 10
Configure Dist A-1 for VTP server mode and add VLAN 204 to the VLAN database of SH1-107. Repeat
Steps 4 and 5, confirming that VLAN 204 was successfully added to the VLAN database of Dist A-1.
Step 11
Configure both SH1-107 and Dist A-1 for VTP transparent mode and remove VLANs 200 to 204 from
the VLAN databases of each.
Expected Results
We expect that VTP functions correctly.
Results
Table 4 shows the VLAN Trunking Protocol test results.
Table 4
VLAN Trunking Protocol Test Results
Component Test
Pass/Fail
Basic VLAN Trunking Protocol Configuration Test
Pass
Spanning Tree Protocol
Spanning Tree Protocol (STP) algorithms provide path redundancy by defining a tree that spans all the
switches in an extended network and forces certain redundant data paths into a standby (blocked) state.
At regular intervals, the switches in the network send and receive spanning tree packets that they use to
identify the path to the root. If one network segment becomes unreachable, or if spanning tree costs
change, the spanning tree algorithm reconfigures the spanning tree topology and reestablishes the link
by activating the blocked path.
Test Plan
STP testing for Safe Harbor includes the Basic Spanning Tree Protocol Configuration Test.
Cisco IOS Safe Harbor for Financial Enterprise Customers
17
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 2 Features
Basic Spanning Tree Protocol Configuration Test
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1-109 is running Native Cisco IOS Release 12.1(8b)E11.
•
Access switch Dist A-2 is running Hybrid CatOS 6.3(4).
•
Trunks are configured between SH1-109 and Dist A-2.
Step 2
Verify timers.
Step 3
Verify convergence.
Step 4
Verify CPU load.
Step 5
Confirm that the spanning tree properly converges.
Note
The spanning tree algorithm is not used in many customer networks; therefore, testing on spanning
tree is limited.
Expected Results
Spanning-tree recalculation occurs in an expected time frame. This value depends on the parameters of
the spanning-tree domain.
Results
Table 5 shows the Spanning Tree Protocol test results.
Table 5
Spanning Tree Protocol Test Results
Component Test
Pass/Fail
Basic Spanning Tree Protocol Configuration Test
Pass
Unidirectional Link Detection-Aggressive Mode
The Unidirectional Link Detection (UDLD) protocol allows devices connected through fiber-optic or
copper Ethernet cables (for example, Category 5 cabling) to monitor the physical status of the cables and
detect when a unidirectional link exists. When a unidirectional link is detected, UDLD shuts down the
affected port and alerts the user. Unidirectional links can cause a variety of problems, including
spanning-tree topology loops and erroneous Layer 3 routing.
In a bidirectional relationship, the UDLD-AM (aggressive mode) protocol disables the port at the end of
a link-up sequence if no reply is received. However, UDLD goes into an undetermined state.
Cisco IOS Safe Harbor for Financial Enterprise Customers
18
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 2 Features
Note
The lowest value of a UDLD-AM message interval can be only 7 seconds, and the holddown time
can be 21 seconds.
By default, the HSRP hello timer is 3 seconds and holddown timer is 10 seconds. If the link becomes
unidirectional before the UDLD-AM can shut down the port, the HSRP will flap. After UDLD-AM
shuts down the unidirectional port, the HSRP stays up and remains stable.
By default, the EIGRP hello timer is 5 seconds and holddown timer is 15 seconds. When the link
becomes unidirectional before the UDLD-AM can shut down the port, the EIGRP neighbor will flap.
After UDLD-AM shuts down the unidirectional port, the EIGRP neighbor stays up and remains
stable.
Note
If we enabled UDLD mode or UDLD-AM globally on SH1 switches, the interface shows the UDLD
message interval is 7 seconds, which is actually the running message interval. Once the UDLD
neighbor is established, the message interval changes to 15 seconds.
Test Plan
Perform the following steps:
Step 1
Verify that UDLD detects link failure and shuts down the port.
Step 2
Verify that the port can pass traffic after port reset.
Step 3
Cause link over-subscription.
Step 4
Enable QoS and reverify previous procedures.
Step 5
Execute failure and recovery scenarios.
.
The following tests are part of the UDLD testing for Safe Harbor:
•
Basic UDLD Test on Layer 2 Link, page 19
•
Basic UDLD Test on Layer 3 Link, page 20
Basic UDLD Test on Layer 2 Link
Test Plan
For UDLD testing on the Layer 2 link, perform the following steps:
Step 1
Configure UDLD-AM globally and on the interface.
Step 2
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11.
•
Access switch Dist A-2 is running Hybrid CatOS 6.3(4).
•
Trunks/channels with UDLD-AM are enabled on the GEC ports between SH1 switches and
Dist A-2.
Cisco IOS Safe Harbor for Financial Enterprise Customers
19
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 2 Features
Step 3
Set up the GEC nonnegotiation ports so that if the RX or TX fiber is pulled out, the remote-side Gigabit
Ethernet interface still stays up/up, which simulates the unidirectional link.
Step 4
Establish UDLD neighbors.
Step 5
Pull one of the fibers on Dist A-2 port 1/1.
Step 6
Reconnect the fibers on Dist A-2 port 1/1.
Step 7
Enter the reset udld command to reset all interfaces shut down by UDLD.
Basic UDLD Test on Layer 3 Link
Test Plan
For UDLD testing on the Layer 3 link, perform the following steps:
Step 1
Configure UDLD-AM globally and on the appropriate interfaces. Globally, set UDLD message time to 7.
Step 2
Verify the following switch and router configurations:
•
SH1-104 and SH1-109 switches are running Native Cisco IOS Release 12.1(8b)E11.
•
Trunks/channels with UDLD-AM are enabled on the GEC ports between these two switches.
Step 3
Set up the GEC nonnegotiation ports so that if the RX or TX fiber is pulled out, the remote-side Gigabit
Ethernet interface still stays up/up, which simulates the unidirectional link.
Step 4
Establish UDLD neighbors.
Step 5
Pull one of the fibers on SH1-109 Gigabit port 3/5.
Step 6
Reconnect the fiber on SH1-109 Gigabit port 3/5.
Step 7
Enter the reset udld command to reset all interfaces shut down by UDLD.
Expected Results
We expect that UDLD-AM will detect a unidirectional Layer 2 or Layer 3 link, shut down the affected
port, and alert the user. We also expect that the link is reestablished when physical connectivity is
restored and UDLD-disabled ports are reset.
Cisco IOS Safe Harbor for Financial Enterprise Customers
20
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 2 Features
Results
Table 6 shows UDLD-AM test results.
Table 6
Note
UDLD-AM Test Results
Component Test
Pass/Fail
Basic UDLD Test on Layer 2 Link
Pass
Basic UDLD Test on Layer 3 Link
Pass
A DDTS was found during UDLD testing. Refer to Table 1 for the DDTS number.
Trunking
A trunk is a point-to-point link between one or more switch ports and another networking device such
as a router or a switch. Trunks carry the traffic of multiple VLANs over a single link and allow VLANs
to be extended across an entire network. Table 7 lists and describes the five modes of trunking on Cisco
switches.
Table 7
Trunking Modes on Cisco Switches
Mode
Description
On
Local interface trunks and also sends Dynamic Trunking Protocol (DTP) packets.
Puts the port into permanent trunking mode and negotiates to convert the link to a
trunk link. The port becomes a trunk port even if the neighboring port does not agree
to the change.
Off
Local interface does not trunk. Puts the port into nontrunking mode and negotiates to
convert the link into a nontrunk link. The port becomes a nontrunk port even if the
neighboring port does not agree to the change.
Auto
Local interface trunks if it receives DTP packets. Enables the port to convert the link
to a trunk link. The port becomes a trunk port if the neighboring port is set to on or
desirable mode. This is the default mode for Fast and Gigabit Ethernet ports.
Desirable
Local interface sends DTP packets. Makes the port actively attempt to convert the
link to a trunk line. The port becomes a trunk port if the neighboring port is set to on,
desirable, or auto mode.
Nonnegotiate
Local interface forms a trunk and does not send DTP packets. Puts the port into
permanent trunking mode, but prevents the port from generating DTP frames. You
must configure the neighboring port normally as a trunk port to establish a trunk link.
Test Plan
Perform the following steps:
Step 1
Add and prune VLANs.
Step 2
Verify proper interoperation of various modes: on, off, auto, desirable, and nonnegotiate.
Cisco IOS Safe Harbor for Financial Enterprise Customers
21
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 2 Features
Step 3
Test Spanning Tree.
Step 4
Create misconfigurations.
Step 5
Verify proper operation of counters.
Step 6
Ensure that traffic can pass.
Step 7
Execute failure and recovery scenarios.
The following tests are part of the Trunking Tests for Safe Harbor:
•
Basic Trunking Tests, page 22
•
Failure and Recovery Tests, page 22
Basic Trunking Tests
Test Plan
For basic trunking tests, perform the following steps:
Step 1
Verify the following switch and router configuration:
•
SH1-107 and SH1-108 are running Native Cisco IOS Release 12.1(8b)E11.
•
Access switch Dist A-1 is running Hybrid CatOS 6.3(4).
Step 2
Configure static trunking between SH1-107 and Dist A-1.
Step 3
Configure dynamic trunking between SH1-108 and Dist A-1.
Step 4
Analyze output from the show interface interface trunk command on SH1-107, SH1-108 and the show
trunk command on Dist A-1.
Failure and Recovery Tests
Test Plan
For failure and recovery tests, perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1-107 and SH1-108 are running Native Cisco IOS Release 12.1(8b)E11.
•
Access switch Dist A-1 is running Hybrid CatOS 6.3(4).
Step 2
Configure static trunking between SH1-107 and Dist A-1.
Step 3
Configure dynamic trunking between SH1-108 and Dist A-1.
Step 4
Establish a trunk.
Step 5
Fail the link.
Step 6
Reconnect the link.
Cisco IOS Safe Harbor for Financial Enterprise Customers
22
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 2 Features
Expected Results
We expect trunking to work properly and perform correctly in the failure and recovery scenarios.
Results
Table 8 shows the Trunking test results.
Table 8
Trunking Test Results
Component Test
Pass/Fail
Basic Trunking Tests
Pass
Failure and Recovery Tests
Pass
Port Aggregation Protocol (Channeling)
The Port Aggregation Protocol (PAgP) facilitates the automatic creation of Etherchannels by exchanging
packets between Ethernet ports. PAgP packets are exchanged only between ports in auto and desirable
modes. Ports configured in on or off mode do not exchange PAgP packets. The protocol learns the
capabilities of port groups dynamically and informs the other ports. Once PAgP identifies correctly
matched Etherchannel links, it groups the ports into an Etherchannel. The Etherchannel is then added to
the spanning tree as a single bridge port.
Etherchannel includes four user-configurable modes: on, off, auto, and desirable. Only auto and
desirable are PAgP modes. The auto and desirable modes can be modified with the silent and non-silent
keywords. By default, ports are in auto silent mode.
An Etherchannel distributes frames across the links in a channel by reducing part of the binary pattern
formed from the addresses in the frame to a numerical value that selects one of the links in the channel.
Etherchannel frame distribution is based on a Cisco proprietary hashing algorithm. The algorithm is
deterministic; given the same addresses and session information, you always hash to the same port in the
channel, preventing out-of-order packet delivery.
Test Plan
Perform the following steps:
Step 1
Verify proper load distribution.
Step 2
Verify unicast.
Step 3
Verify multicast.
Step 4
Perform failure scenarios.
Step 5
Verify Layer 3 and Layer 2 channels.
Step 6
Split Layer 3 channel across multiple cards (both dCEF and non-dCEF).
Cisco IOS Safe Harbor for Financial Enterprise Customers
23
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 2 Features
The following tests are part of the PAgP (channeling) testing for Safe Harbor:
•
Basic Layer 2 Channeling Configuration Test, page 24
•
Basic Layer 3 Channeling Configuration Test, page 24
•
Etherchannel Load Balance Test, page 25
•
Layer 3 Etherchannel Load Balance Tests (1, 2), page 25
•
Gigabit Ethernet Module Reset Test, page 26
Basic Layer 2 Channeling Configuration Test
Test Plan
To check the Layer 2 channeling functionality, perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1-109 and SH1-110 are running Native Cisco IOS Release 12.1(8b)E11.
•
Access switch Dist A-2 is running Hybrid CatOS 6.3(4).
Step 2
Configure static channeling between SH1-109 and Dist A-1.
Step 3
Configure dynamic channeling between SH1-110 and Dist A-1.
Step 4
Analyze the output from the following commands:
SH1-109# show interfaces port etherchannel
SH1-110# show interfaces port etherchannel
SH1-110# show interface port-channel channel-number etherchannel
Dist A-1 (enable) show port channel
Basic Layer 3 Channeling Configuration Test
Test Plan
To check Layer 3 port channeling functionality with different combinations of dCEF and non-dCEF
ports, perform the following steps:
Step 1
Verify that all SH1 switches are running Native Cisco IOS Release 12.1(8b)E11.
Step 2
Configure all channels between SH1-103, SH1-104, SH1-109, SH1-110 switches as Layer 3 channels.
Step 3
Analyze the show interface port-channel channel-number etherchannel command output from the
following:
a.
Channels with both dCEF and non-dCEF (mixed) ports.
b.
Channels with only dCEF ports.
c.
Channels with only non-dCEF ports.
Cisco IOS Safe Harbor for Financial Enterprise Customers
24
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 2 Features
Etherchannel Load Balance Test
Test Plan
To verify Layer 2 and Layer 3 Etherchannel load distribution, perform the following steps:
Step 1
Verify that SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
Set up Layer 2 and Layer 3 Etherchannels.
Step 3
Use IXIA to send 20 traffic flows from Dist A-1 to Dist A-2, sourcing from 20 IP addresses to one
destination IP address. The traffic path is:
Dist A-1(trunk/L2-GEC)—>SH1-108 (L3-GEC)—>SH1-104 (L3-GEC) —>SH1-110(trunk/L2-GEC—>Dist A-2
Step 4
Analyze output from test etherchannel commands on the supervisor (SP).
Layer 3 Etherchannel Load Balance Tests (1, 2)
These tests verify Layer 3 Gigabit Etherchannel (GEC) load distribution and hash algorithm.
Test Plan 1
Perform the following steps:
Step 1
Verify that SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
Use IXIA to send 20 traffic flows from Dist A-2 to Dist A-1, sourcing from 20 IP addresses and to 20
destination IP addresses. Source and destination IP addresses increment concurrently. The traffic path is:
Dist A-2 (trunk/L2_GEC)—>SH1-109 (4-port GEC) SH1-103—>Dist A-1
Step 3
Analyze output from test etherchannel commands on the SP.
Test Plan 2
Perform the following steps:
Step 1
Verify that SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
Use IXIA to send traffic flows from Dist A-2 to Dist A-1, sourcing from 20 IP addresses and to 20
destination IP addresses. Source and destination IP addresses increment concurrently. The traffic path is:
Dist A-2—>L2 4-port GEC—>SH1-110 (L3 4 port-GEC) SH1-103—>Dist A-1
Step 3
Analyze output from test etherchannel commands on the SP.
Cisco IOS Safe Harbor for Financial Enterprise Customers
25
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Gigabit Ethernet Module Reset Test
Test Plan
To check the Port Aggregation Protocol functionality during reset of a Gigabit Ethernet module, perform
the following steps:
Step 1
Verify that SH1 switches under test are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
On SH1-110, reset module 3, which includes Layer 3 GEC ports. Verify port channel status and EIGRP
neighbor status.
SH1-110(config)# hw-module module 3 reset
SH1-110# show interface port-channel channel-number etherchannel
Step 3
On Dist A-2, reset module 4, which includes Layer 2 GEC ports. Verify port channel status and SH1-109
and SH1-110 HSRP status.
Dist A-2 (enable) reset 4
SH1-110# show standby vlan vlan-number
Expected Results
We expect that Etherchannels transmit and distribute frames across Layer 2 and Layer 3 links properly.
We expect that the GEC and GEC ports work properly if the GE module gets reset.
Results
Table 9 shows the Port Aggregation Protocol (channeling) test results.
Table 9
Port Aggregation Protocol (Channeling) Test Results
Component Test
Pass/Fail
Basic Layer 2 Channeling Configuration Test
Pass
Basic Layer 3 Channeling Configuration Test
Pass
Etherchannel Load Balance Test
Pass
Layer 3 Etherchannel Load Balance Tests (1, 2)
Pass
Gigabit Ethernet Module Reset Test
Pass
Hardware Forwarding Features
Hardware forwarding testing for Safe Harbor involves these features:
•
IP Unicast, page 27
•
IP Multicast, page 31
•
Cisco Group Management Protocol/Internet Group Management Protocol, page 43
Cisco IOS Safe Harbor for Financial Enterprise Customers
26
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
IP Unicast
The Internet Protocol (IP) is a packet-based protocol used to exchange data over computer networks. IP
handles addressing, fragmentation, reassembly, and protocol demultiplexing. It is the foundation on
which all other IP protocols (collectively referred to as the IP Protocol suite) are built. A network-layer
protocol, IP contains addressing and control information that allows data packets to be routed.
The Transmission Control Protocol (TCP) is built upon the IP layer. TCP is a connection-oriented
protocol that specifies the format of data and acknowledgments used in the transfer of data. TCP also
specifies the procedures that the networking devices use to ensure that the data arrives correctly. TCP
allows multiple applications on a system to communicate concurrently because it handles all
demultiplexing of the incoming traffic among the application programs.
Test Plan
IP Unicast tests verify the following:
•
Hardware shortcuts
•
RPF rate-limiting
•
TCP/UDP forwarding
•
RFC testing
Safe Harbor testing includes the following hardware forwarding tests:
•
Hardware Shortcut and Gigabit Etherchannel Load Balancing Test, page 27
•
Cisco Express Forwarding Distribution Test, page 28
•
Layer 2 Gigabit Etherchannel Failover Test, page 29
•
Layer 3 Gigabit Etherchannel Failover Test, page 30
•
Address Resolution Protocol Test, page 30
Hardware Shortcut and Gigabit Etherchannel Load Balancing Test
This test verifies IP unicast basic functionality and hardware shortcuts.
Test Plan
Perform the following steps:
Step 1
Verify that SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
Use IXIA to send 20 traffic flows from Dist A-1 to Dist A-2, sourcing from 20 IP addresses to one
destination IP address. The traffic path is:
Dist A-1(trunk/L2-GEC)—>SH1-108 (L3-GEC)—>SH1-104 (L3-GEC) —>SH1-110(trunk/L2-GEC—>Dist A-2
Step 3
Verify the creation of hardware shortcuts on SH1-108:
SH1-108# show mls ip
Cisco IOS Safe Harbor for Financial Enterprise Customers
27
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Step 4
Display output from the following command for each Gigabit Ethernet link to verify that GEC
distributed the traffic to each link:
SH1-108# show interface gi-port-id | include packets output
Display output for GEC port and compare it with output of the four Gigabit Ethernet links:
SH1-108# show interface port gec-port-id | include packets output
Step 5
Verify the creation of hardware shortcuts for every flow on the non-dCEF module (SH1-104):
SH1-104# show mls ip statistics
Step 6
Display output from the following command for each Gigabit Ethernet link in the non-dCEF module to
verify that GEC distributed the traffic to each link:
SH1-104# show interface gi-port-id | include packets output
Display output for GEC port and compare it with output of the four Gigabit Ethernet links:
SH1-108# show interface port gec-port-id | include packets output
Step 7
Verify the creation of hardware shortcuts for every flow on the dCEF module inband (SH1-110):
SH1-110-dfcx# show mls ip
Step 8
Display output from the following command for each Gigabit Ethernet link in the dCEF module to verify
that GEC distributed the traffic to each link:
SH1-110# show interface gi-port-id | include packets output
Display output for GEC port and compare it with output of the four Gigabit Ethernet links:
SH1-108# show interface port gec-port-id | include packets output
Expected Results
We expect to verify that unicast flows are propagated correctly and that hardware shortcuts are created.
Cisco Express Forwarding Distribution Test
This test verifies IP unicast hardware shortcut and Cisco Express Forwarding (CEF) distribution
functionality.
Test Plan
Perform the following steps:
Step 1
Step 2
Verify the following router and switch configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
SH1-107 and SH1-108 contain the following: Supervisor Engine 1 and MultiLayer Switch Fabric
Card 2.
•
SH1-103, SH1-104, SH1-109, and SH1-110 contain the following: Supervisor Engine 2 and
MultiLayer Switch Fabric Card 2.
Use IXIA to send 20 traffic flows from Dist A-1 to Dist A-2, sourcing from 20 IP addresses to one
destination IP address. The traffic chooses SH1-108 as the first step because SH1-108 is set as the
primary router for that HSRP group.
Cisco IOS Safe Harbor for Financial Enterprise Customers
28
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Step 3
Analyze output from the following commands:
a.
On SH1-103, SH1-104, and SH1-108, enter the following show command for each source and
destination address:
SH1-108# show ip cef exact-route 172.31.10.112 172.31.20.15
Where:
172.31.10.112 is the source IP address and 172.31.20.15 is the destination IP address.
b.
On SH1-108, SH1-103, SH1-104, SH1-109, and SH1-110, enter the following commands:
SH1-108# show mls ip
SH1-108# show interface counters
Step 4
Use IXIA to send 100 traffic flows from Dist A-2 to Dist A-1, sourcing from 100 IP addresses to 100
destination IP addresses. The traffic chooses SH1-109 as the first step because SH1-109 is set as the
primary router for that HSRP group.
Step 5
Analyze output from the following command on SH1-103, SH1-104, and SH1-108:
SH1-103# show interface counters | include Po
Expected Results
We expect that all traffic is forwarded correctly, that it is using the correct path, without drops, and that
all counters display accurate packet counts.
Layer 2 Gigabit Etherchannel Failover Test
This test verifies Layer 2 link failover time by using IP unicast traffic.
Test Plan
Perform the following steps:
Step 1
Verify that SH1 switches under test are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
Use IXIA to send 20 traffic flows from Dist A-1 to Dist A-2, sourcing from 20 IP addresses to one
destination IP address. The traffic chooses SH1-108 as the first step because SH1-108 is set as the
primary router for that HSRP group.
Step 3
Fail one link between Dist A-1 and SH1-108, forcing all traffic to go through another link.
Step 4
Fail the second link between Dist A-1 and SH1-108, so that HSRP failover forces all traffic to go to
SH1-107.
Step 5
View the log files for SH1-107 and SH1-108 when both links of the trunk failed.
Expected Results
We expect Layer 2 failover to function within the limits specified for the hardware device.
Cisco IOS Safe Harbor for Financial Enterprise Customers
29
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Layer 3 Gigabit Etherchannel Failover Test
This test verifies Layer 3 link failover time by using IP unicast traffic.
Test Plan
Perform the following steps:
Step 1
Verify that SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
Use IXIA to send 20 traffic flows traffic from Dist A-1 to Dist A-2, sourcing from 20 IP addresses to one
destination IP address. The traffic chooses SH1-108 as the first step because SH1-108 is set as the
primary router for that HSRP group.
Step 3
Fail two links of the 4-port non-dCEF GEC between SH1-108 and SH1-103, forcing some traffic to go
through two other links.
Step 4
Fail the other two links of the GEC between SH1-108 and SH1-103, forcing all traffic to go to SH1-104.
Step 5
Bring up all four links, so the traffic moves back to SH1-103.
Step 6
View the log files for SH1-108 and SH1-103.
Expected Results
We expect Layer 3 failover to function within the limits specified for the hardware device.
Address Resolution Protocol Test
This test verifies Address Resolution Protocol (ARP) functionality when a Catalyst 6500 series switch
running Native Cisco IOS connects to an access switch through a 4-port Gigabit Etherchannel (GEC).
Test Plan
Perform the following steps:
Step 1
Verify the following switch configurations:
•
SH1-108 and SH1-110 switches are running Native Cisco IOS Version 12.1(8b)E11.
•
Access switch Dist A-1 and Dist A-2 are running Hybrid CatOS 6.3(4).
Step 2
Connect IXIA 8/2 and 10/2 to Dist A-1 and Dist A-2.
Step 3
Verify that SH1-108 has a 4-port Layer 2 GEC to Dist A-1:
a.
Verify GEC ports on SH1-108:
SH1-108# show interface port-channel channel-number etherchannel
b.
Verify that the GEC connects SH1-108 with Dist A-1:
SH1-108# show cdp neighbors
c.
Verify that the device can be pinged, entries exist, and ARP functions properly:
SH1-108# ping 172.31.16.82
SH1-108# show ip route 172.31.16.0
SH1-108# show ip arp 172.31.16.82
Cisco IOS Safe Harbor for Financial Enterprise Customers
30
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Step 4
Verify that SH1-110 has a 4-port Layer 2 GEC to Dist A-2:
a.
Verify GEC ports on SH1-110:
SH1-110# show interface port-channel channel-number etherchannel
b.
Verify that the GEC connects SH1-110 with Dist A-2:
SH1-110# show cdp neighbors
c.
Verify that the device can be pinged, entries exist, and ARP functions properly:
SH1-110# ping 172.31.26.102
SH1-110# show ip route 172.31.26.0
SH1-110# show ip arp 172.31.26.102
Expected Results
We expect that ARP functions correctly when a Catalyst 6500 series switch running Native Cisco IOS
connects to an access switch through a 4-port Gigabit Etherchannel (GEC).
Results
Table 10 shows the IP Unicast test results.
Table 10
IP Unicast Test Results
Component Test
Pass/Fail
Hardware Shortcut and Gigabit Etherchannel Load
Balancing Test
Pass
Cisco Express Forwarding Distribution Test
Pass
Layer 2 Gigabit Etherchannel Failover Test
Pass
Layer 3 Gigabit Etherchannel Failover TEst
Pass
Address Resolution Protocol Test
Pass
IP Multicast
Traditional IP communication allows a host to send packets to a single host (unicast transmission) or to
all hosts (broadcast transmission). IP multicast provides a third scheme, allowing a host to send packets
to a subset of all hosts (group transmission). These hosts are known as group members.
Packets delivered to group members are identified by a single multicast group address. Multicast packets
are delivered to a group using best-effort reliability, just like IP unicast packets.
The multicast environment consists of senders and receivers. Any host, regardless of whether it is a
member of a group, can send to a group. However, only the members of a group receive the message.
Cisco IOS Safe Harbor for Financial Enterprise Customers
31
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
A multicast address is chosen for the receivers in a multicast group. Senders use that address as the
destination address of a datagram to reach all members of the group.
Membership in a multicast group is dynamic; hosts can join and leave at any time. There is no restriction
on the location or number of members in a multicast group. A host can be a member of more than one
multicast group at a time.
Note
On PFC1, the (*,G) can only be software switched. If the ip pim spt-threshold infinity command is
used on PFC1, there might be high CPU usage and multicast packets might be lost under heavy
traffic.
Test Plan
The following tests compose the IP multicast suite of tests:
•
Basic Multicast and Multicast Source Discovery Protocol Test, page 32
•
Core Multicast Source Discovery Protocol Test, page 33
•
Non-Reverse Path Forwarding Rate Limiting and Multicast Stub Test, page 33
•
Gigabit Etherchannel Failover: Non-dCEF GEC Failover Test, page 34
•
Gigabit Etherchannel Failover: Mixed GEC Failover Test, page 35
•
Gigabit Etherchannel Failover: dCEF GEC Failover Test, page 36
•
Switch Fabric Module Failover Test, page 37
•
Gigabit Ethernet Module Failover Test, page 37
•
Protocol Independent Module-Designated Router Failover Test, page 38
•
Protocol Independent Module-Designated Router and Multicast Source Discovery Protocol Failover
Test, page 39
•
Layer 3 Interface Multicast Negative Test, page 40
•
Unicast and Multicast Test with 130K Injected IP Routes, page 41
Basic Multicast and Multicast Source Discovery Protocol Test
This test verifies multicast and Multicast Source Discovery Protocol (MSDP) basic functionality,
including the hardware shortcut. These hardware shortcuts allow the router to forward multicast traffic
in millions of packets per second instead of thousands of packets per seconds.
Test Plan
Perform the following steps:
Step 1
Step 2
Verify the following switch configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
Distribution routers SH1-107 and SH1-108 are running MSDP Anycast for multicast group
239.255.129.x.
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Cisco IOS Safe Harbor for Financial Enterprise Customers
32
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Step 3
Use IXIA to send multicast traffic for groups 239.255.129.100 to 239.255.129.104 on SH1-108,
VLAN 15.
Step 4
Verify that multicast traffic is received by these ports: Dist A-1 VLAN 16, Dist A-1 VLAN 11, and on
the SH1-108 L3 port.
Expected Results
We expect the traffic sent by IXIA to be received by all three ports, with all traffic hardware switched
and no impact on CPU.
Core Multicast Source Discovery Protocol Test
This test verifies multicast and Multicast Source Discovery Protocol (MSDP) basic functionality,
including a hardware shortcut.
Test Plan
Perform the following steps:
Step 1
Verify the following switch configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
Core routers SH1-103 and SH1-104 are running MSDP Anycast for multicast group 239.255.127.x.
Step 2
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Step 3
Configure interface Loopback 1 on SH1-103 with ip ospf cost 10, so that SH1-104 is chosen as preferred
RP.
Step 4
Use IXIA to send traffic for multicast groups 239.255.127.100 to 239.255.127.104 on Dist A-2
VLAN 11.
Step 5
Verify that multicast traffic is received on these ports: Dist A-1 VLAN 11 and Dist A-2 VLAN 16.
Expected Results
We expect the traffic sent by IXIA to be received by all ports, with all traffic HW switched and no impact
on CPU. We expect SH1-103 (the MSDP rendezvous point (RP)) to receive the multicast source address
(SA) message and SH1-104 to receive the SA cache message and build a cache entry.
Non-Reverse Path Forwarding Rate Limiting and Multicast Stub Test
This test verifies multicast stub, non-Reverse Path Forwarding (RPF) rate-limiting functionality on
Policy Feature Cards (PFC1 and PFC2), and dCEF, including a hardware shortcut.
Cisco IOS Safe Harbor for Financial Enterprise Customers
33
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
Core routers SH1-103 and SH1-104 are running MSDP Anycast for multicast group 239.255.127.x.
•
Non-Designated Router (DR) routers are configured with the mls ip multicast stub command on all
VLANs.
Step 2
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Step 3
Use IXIA to send multicast traffic to multicast groups 239.255.129.100 to 239.255.129.104 on SH1-108
VLAN 15 and groups 239.255.127.100 to 104 on Dist A-2 VLAN 11.
Step 4
Execute the show fm feature command on non-DRs (SH1-107, SH1-109) to ensure that ACL is
programmed to block non-RPF traffic.
Expected Results
We expect all ports to receive the traffic sent by IXIA, with all traffic HW switched and no impact on
CPU. We expect that the Policy Feature Cards (PFCs) are programmed correctly and they are not passing
non-RPF traffic to the MultiLayer Switch Feature Card (MSFC) CPU.
Gigabit Etherchannel Failover: Non-dCEF GEC Failover Test
This test verifies multicast and Multicast Source Discovery Protocol (MSDP) functionality during a
non-distributed Cisco Express Forwarding (dCEF) Gigabit Etherchannel (GEC) failover.
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
Core routers SH1-103 and SH1-104 are running MSDP Anycast for multicast group 239.255.127.x.
Step 2
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Step 3
Set SH1-103 as the primary Protocol Independent Multicast rendezvous point (PIM-RP) by using the ip
ospf cost 10 command on the loopback 1 interface of SH1-104.
Step 4
Set SH1-108 and SH1-109 as the Protocol Independent Multicast designated routers (PIM-DRs) on their
respective segments.
Step 5
Use IXIA to send multicast traffic to multicast groups 239.255.127.100 to 239.255.127.104 on SH1-108
VLAN 15. The receiving port is on Dist A-2 VLAN 16.
Cisco IOS Safe Harbor for Financial Enterprise Customers
34
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Step 6
Use the test etherchannel load-balance interface port-channel 69 ip command on the supervisor (SP,
not RP) to confirm that each link of the GEC passes some multicast flow.
a.
Fail two links of the 4-port GEC between SH1-103 and SH1-108, forcing some multicast traffic to
move to two other links. Verify the multicast frame loss.
b.
Bring up the two links failed in Step 6a. Verify the multicast frame loss.
c.
Fail all four links of the GEC between SH1-103 and SH1-108, forcing multicast traffic to go through
SH1-107 to get to SH1-103. Verify the multicast frame loss. Use the show ip mroute and test
etherchannel load-balance commands to confirm that traffic is redirected through SH1-107.
d.
Bring up the four links between SH1-107 and SH1-103. Verify the multicast frame loss. Use the
show ip mroute and test etherchannel load-balance commands to confirm that traffic is once again
sent through SH1-108.
Expected Results
We expect all traffic to be routed and received correctly with an acceptable amount of loss.
Gigabit Etherchannel Failover: Mixed GEC Failover Test
This test verifies multicast and MSDP functionality during a dCEF and non-dCEF GEC failover.
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
Core routers SH1-103 and SH1-104 are running MSDP Anycast for multicast group 239.255.127.x.
Step 2
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Step 3
Set SH1-103 as the primary PIM-RP by configuring ip ospf cost 10 on interface loopback 1 of SH1-104.
Step 4
Ensure that SH1-108 and SH1-110 are the PIM-DR on their respective segments.
Step 5
Use IXIA to send multicast traffic to multicast groups 239.255.127.100 to 239.255.127.104 on Dist A-2
VLAN 11. The receiving port is IXIA 8/2 connected to Dist A-1 VLAN 16.
Step 6
Use the test etherchannel load-balance interface port-channel 71 ip command on the supervisor (SP)
to confirm that each link of the GEC passes some multicast flows.
a.
Fail links g3/1 and g4/1 (on SH1-110) of the 4-port GEC between SH1-103 and SH1-110, forcing
some multicast traffic to move to the other two links. Verify the multicast frame loss.
b.
Bring up the two links that were failed in Step 6a. Verify the multicast frame loss.
c.
Fail links g3/1 and g7/1 (on SH1-110) of the 4-port GEC between SH1-103 and SH1-110, forcing
some multicast traffic to move to the other two links. Verify the multicast frame loss.
Cisco IOS Safe Harbor for Financial Enterprise Customers
35
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
d.
Bring up the two links that were failed in Step 6c. Verify the multicast frame loss.
e.
Fail all four links (g3/1, g4/1, g7/1, and g8/1 of SH1-110) of the GEC between SH1-103 and
SH1-110, forcing the multicast traffic to go through router SH1-109 to get to SH1-103. Verify the
multicast frame loss. Use the show ip mroute and test etherchannel load-balance commands to
confirm that traffic is successfully redirected through SH1-109.
f.
Bring up the four links between SH1-110 and SH1-103. Verify the multicast frame loss. Use the
show ip mroute and test etherchannel load-balance commands to confirm that traffic is once again
being sent via SH1-110.
Expected Results
We expect all traffic to be received and routed correctly and links to fail over correctly. We expect an
acceptable quantity of traffic loss.
Gigabit Etherchannel Failover: dCEF GEC Failover Test
This test verifies multicast and MSDP functionality during a dCEF GEC failover.
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
Core routers SH1-103 and SH1-104 are running MSDP Anycast for multicast group 239.255.127.x.
Step 2
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Step 3
Set SH1-104 as the primary PIM-RP by configuring ip ospf cost 10 on interface loopback 1 of SH1-103.
Step 4
Ensure that SH1-108 and SH1-110 are the PIM-DR on their respective segments.
Step 5
Use IXIA to send multicast traffic to groups 239.255.127.100 to 239.255.127.104 on Dist A-2
VLAN 11. The receiving port is IXIA 8/2 connected to Dist A-1 VLAN 16.
Step 6
Use the test etherchannel load-balance interface port-channel 171 ip command on the supervisor
(SP) to confirm that each link of the GEC has some multicast flows.
a.
Fail two links on the same module of the 4-port GEC between SH1-104 and SH1-110, forcing some
multicast traffic to move to the other two links. Verify the multicast frame loss.
b.
Bring up the two links that were failed in Step 6a. Verify the multicast frame loss.
c.
Fail all four links of the GEC between SH1-104 and SH1-110, forcing the multicast traffic to go
through router SH1-109 to get to SH1-104. Verify the multicast frame loss. Use the show ip mroute
and test etherchannel load-balance commands to confirm that traffic is successfully redirected
through SH1-109.
d.
Bring up the four links between SH1-109 and SH1-104. Verify the multicast frame loss. Use the
show ip mroute and test etherchannel load-balance commands to confirm that traffic is once again
sent through SH1-110.
Cisco IOS Safe Harbor for Financial Enterprise Customers
36
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Expected Results
We expect all traffic to be received and rerouted correctly and the links to fail over correctly. We expect
an acceptable quantity of traffic loss.
Switch Fabric Module Failover Test
This test verifies multicast and Multicast Source Discovery Protocol (MSDP) functionality during
Switch Fabric Module (SFM) failover.
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
Core routers SH1-103 and SH1-104 are running MSDP Anycast for multicast group 239.255.127.x.
Step 2
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Step 3
Set SH1-103 as the primary PIM-RP by configuring ip ospf cost 10 on the interface loopback 1 of
SH1-104.
Step 4
Ensure that SH1-108 and SH1-110 are the PIM-DR on their respective segments.
Step 5
Use IXIA to send multicast traffic to groups 239.255.127.100 to 239.255.127.104 on Dist A-2
VLAN 11. The receiving port is IXIA 8/1 connected to Dist A-1 VLAN 16.
Step 6
On SH1-110, do the following:
a.
Power down the legacy module(s). Verify that multicast traffic passes through correctly.
b.
Fail over the active SFM. Verify that multicast traffic passes through correctly.
c.
Power up the legacy module. Verify that multicast traffic passes through correctly.
d.
Fail over the active SFM. Verify that multicast traffic passes through correctly.
e.
Repeat Step 6d.
Expected Results
We expect all traffic to be received and SFM to fail over correctly with an acceptable level of traffic loss.
Gigabit Ethernet Module Failover Test
This test verifies multicast and Multicast Source Discovery Protocol (MSDP) functionality during
Gigabit Ethernet (GE) module failover.
Cisco IOS Safe Harbor for Financial Enterprise Customers
37
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
Core routers SH1-103 and SH1-104 are running MSDP Anycast for multicast group 239.255.127.x.
Step 2
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Step 3
Set SH1-104 as the primary PIM-RP by configuring ip ospf cost 10 on interface loopback 1 of SH1-103.
Step 4
Ensure that SH1-108 and SH1-110 are the PIM-DR on their respective segments.
Step 5
(Test 1) Use IXIA to send multicast traffic to groups 239.255.129.100 to 239.255.129.104 on SH1-108
VLAN 15. The receiving ports are on Dist A-2 VLAN 16, and on SH1-110 VLAN 16 and an L3 port.
Then, perform the following steps and verify multicast traffic:
Step 6
a.
Reset SH1-110 GE module 7. Verify that multicast traffic passes through correctly.
b.
Reset SH1-110 GE module 8. Verify that multicast traffic passes through correctly.
c.
Reset SH1-110 GE module 3. Verify that multicast traffic passes through correctly.
d.
Reset SH1-110 GE module 4. Verify that multicast traffic passes through correctly.
e.
Reset SH1-108 GE module 3. Verify that multicast traffic passes through correctly.
f.
Reset SH1-108 GE module 4. Verify that multicast traffic passes through correctly.
(Test 2) Use IXIA to send multicast traffic to groups 239.255.129.100 to 239.255.129.104 on Dist A-2
VLAN 11. The receiving ports are on Dist A-1 VLAN 11. On SH1-110, do the following:
a.
Reset GE module 7. Verify that multicast traffic passes through correctly.
b.
Reset GE module 8. Verify that multicast traffic passes through correctly.
Expected Results
All traffic should be received, rerouted, and fails over correctly with an acceptable loss of traffic.
Protocol Independent Module-Designated Router Failover Test
This test verifies multicast and Internet Group Management Protocol (IGMP) query functionality during
designated router (DR) failover.
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
Core routers SH1-103 and SH1-104 are running MSDP Anycast for multicast group 239.255.127.x.
Step 2
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Step 3
Set SH1-103 as the primary PIM-RP by configuring ip ospf cost 10 on interface loopback 1 of SH1-104.
Cisco IOS Safe Harbor for Financial Enterprise Customers
38
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Step 4
Ensure that SH1-108 and SH1-110 are the PIM-DR on their respective segments.
Step 5
Use IXIA to send multicast traffic to groups 239.255.127.100 to 239.255.127.104 on SH1-108
VLAN 15. The receiving ports are on Dist A-2 VLAN 16 and VLAN 11.
Step 6
(Test 1) Fail SH1-110, so that SH1-109 acts as the DR.
Step 7
a.
Verify that the multicast DR fails over correctly and that the traffic is routed correctly.
b.
Verify that the IGMP query and reply are correct and that no problems are found with the multicast
data stream.
(Test 2) Bring up SH1-110, so SH1-110 becomes the DR.
a.
Verify the outgoing interface (OIF) on the DR and non-DR by using the show ip mroute command.
b.
Verify that hardware switching is correct.
Expected Results
The designated router (DR) should transition during failover and restore correctly. Traffic should be
correctly forwarded with an acceptable amount of loss.
Protocol Independent Module-Designated Router and Multicast Source Discovery Protocol Failover Test
This test verifies multicast Protocol Independent Module (PIM) and Multicast Source Discovery
Protocol (MSDP) functionality during PIM-designated router (DR) or MSDP PIM-rendezvous point
(RP) failover.
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
Core routers SH1-103 and SH1-104 are running MSDP Anycast for multicast group 239.255.127.x.
Step 2
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Step 3
Set SH1-103 as the primary PIM-RP by configuring ip ospf cost 10 on interface loopback 1 of SH1-104.
Step 4
Ensure that SH1-108 and SH1-110 are the PIM-DR on their respective segments.
Step 5
Use IXIA to send multicast traffic to groups 239.255.127.100 to 239.255.127.104 on SH1-108
VLAN 15. The receiving ports are on Dist A-2 VLAN 16 and SH1-110 VLAN 16.
Step 6
(Test 1) Fail SH1-110, so that SH1-109 becomes the DR. Verify that the multicast DR fails over correctly
and that the traffic is rerouted correctly.
Step 7
(Test 2) Shut down SH1-103 loopback 1, so that SH1-104 becomes the PIM-RP.
Step 8
a.
Verify the outgoing interface (OIF) on the DR by using the show ip mroute command.
b.
Verify that the hardware switching is correct.
(Test 3) Bring up SH1-103 loopback 1, so that SH1-103 becomes PIM-RP.
a.
Verify the OIF on the DR by using the show ip mroute command.
b.
Verify that the hardware switching is correct.
Cisco IOS Safe Harbor for Financial Enterprise Customers
39
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Step 9
Step 10
(Test 4) Shut down the link between SH1-103 and SH1-109, so that SH1-104 becomes the PIM-RP.
a.
Verify the OIF on DR by using the show ip mroute command.
b.
Verify that the hardware switching is correct.
(Test 5) Bring up link between SH1-103 and SH1-109, so that SH1-103 becomes the PIM-RP.
a.
Verify the OIF on DR by using the show ip mroute command.
b.
Verify that the hardware switching is correct.
Expected Results
We expect the PIM-RP and PIM-DR to switch over when the primary fails, and the PIM-DR and PIM-RP
to be restored when each comes back online. We expect an acceptable amount of traffic loss.
Layer 3 Interface Multicast Negative Test
This test introduces faults into the topology and verifies that multicast functionality remains consistent
with functional specifications on Layer 3 ports. We introduce online insertion and removal (OIR) of line
cards, resetting individual line cards, reloading the switch, and Supervisor Engine/Switch Fabric Module
failover.
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1-110 has a Layer 3 Gigabit Ethernet port that is plugged into an IXIA port.
•
Each IXIA port is configured to simulate multicast receivers for five groups, as well as sending
multicast traffic to the five groups configured through an opposite port.
•
All interfaces are running in PIM sparse-mode (PIM-SM).
Step 2
Set the ip pim spt-threshold infinity command on SH1-107 and SH1-108 (Engine Supervisor 1 and
MultiLayer Switch Feature Set 2) to ensure that the multicast routing state (*,G) is used, and not (S,G).
Step 3
Configure SH1-103 as the RP for the groups by configuring ip ospf 10 on interface loopback 1 of
SH1-104.
Step 4
Verify that the IXIA port connected to SH1-110 is receiving traffic destined for multicast groups
239.255.129.100 to 239.255.129.104 and is transmitting to multicast groups 239.255.127.100
to 239.255.127.104.
Step 5
Verify that the IXIA port connected to SH1-108 is configured exactly the opposite, that it is receiving
traffic destined for multicast groups 239.255.127.100 to 239.255.127.104 and transmitting to multicast
groups 239.255.129.100 to 239.255.129.104.
Step 6
Use the show ip igmp groups, show ip mroute summary, and show interface g4/16 commands to
verify correct traffic flow.
Step 7
Reload SH1-110 and repeat Step 6.
Step 8
Perform OIR on the active supervisor on SH1-110. Repeat Step 6.
Step 9
Reset module 4 on SH1-110. Repeat Step 6.
Cisco IOS Safe Harbor for Financial Enterprise Customers
40
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Step 10
Perform OIR on module 4 on SH1-110. Repeat Step 6.
Step 11
Fail over the active SFM on SH1-110. Repeat Step 6.
Step 12
Cycle interface g4/16 (shut/no shut) on SH1-110. Repeat Step 6.
Expected Results
We expect all traffic to be forwarded correctly, despite the faults, with an acceptable amount of traffic
loss.
Unicast and Multicast Test with 130K Injected IP Routes
This test verifies that the switch functions correctly when both unicast and multicast traffic are added
with 100K BGP, 20K OSPF, and 10K EIGRP routes injected into the network.
Test Plan
Perform the following steps:
Step 1
Verify that SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
Verify that the following are running Multicast Source Discovery Protocol (MSDP) Anycast for the
multicast group specified:
•
SH1-99 and SH1-100—Multicast group 239.255.126.x.
•
SH1-103 and SH1-104—Multicast group 239.255.127.x.
•
SH1-107 and SH1-108—Multicast group 239.255.129.x.
Step 3
Verify that SH1-102, SH1-106, SH1-108, and SH1-110 are PIM-DR on their respective VLAN
segments.
Step 4
Send unicast traffic, as follows:
Step 5
a.
Send 18K packets per second (pps) 64 bytes of unicast traffic from IXIA port 4/2 (V42 in EIGRP
100) to and from IXIA port 5/2 (V41 in OSPF Area 2).
b.
Send 1000 pps 64 bytes of unicast traffic from IXIA port 11/1 (L3 port on SH1-110) to 130 and 140
networks, generated by Pagent through OSPF Area 3 and Area 4.
Send multicast traffic, as follows:
a.
Use IXIA port 11/2 (L3 port on SH1-101 in EIGRP 100) to send 15K pps 64 bytes of multicast
traffic to group 239.255.126.100. The receivers are: IXIA port 4/1 (V41 in EIGRP 100) and IXIA
port 5/1 (V40 in OSPF Area 2).
b.
Use IXIA port 5/1 (V40 in OSPF Area 2) to send 15K pps 64 bytes of multicast traffic to group
239.255.126.101. The receivers are: IXIA port 4/1 (V41 in EIGRP 100) and IXIA port 5/2 (V41 in
OSPF Area 2).
Cisco IOS Safe Harbor for Financial Enterprise Customers
41
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Step 6
Step 7
Generate IP routes, as follows:
a.
Use Pagent 2 to generate 50K BGP routes in AS10.
b.
Use Pagent 3 to generate 50K BGP routes in AS20.
c.
Use Pagent 2 to generate 10K OSPF routes in Area 3.
d.
Use Pagent 2 to generate 10K OSPF routes in Area 4.
e.
Use Pagent 1 to generate 10K EIGRP routes.
Use an SNMP tool to do constant SNMP walks on all routers, one by one.
Expected Results
We expect all unicast and multicast traffic to be received on each port, that IP routes are propagated
correctly to the networks, and that CPU utilization does not increase appreciably on each router.
Results
Table 11 shows the IP Multicast test results.
Table 11
IP Multicast Test Results
Test Title
Pass/Fail
Basic Multicast and Multicast Source Discovery Protocol Test
Pass
Core Multicast Source Discovery Protocol Test
Pass
Non-RFF Rate Limiting and Multicast Stub Test
Pass
Gigabit Etherchannel Failover: Non-dCEF GEC Failover Test
Pass
Gigabit Etherchannel Failover: Mixed GEC Failover Test
Pass
Gigabit Etherchannel Failover: dCEF GEC Failover Test
Pass
Switch Fabric Module Failover Test
Pass
Gigabit Ethernet Module Failover Test
Pass
Protocol Independent Module-Designated Router Failover Test
Pass
Protocol Independent Module-Designated Router and Multicast
Source Discovery Protocol Failover Test
Pass
Layer 3 Interface Multicast Negative Test
Pass
Unicast and Multicast Test with 130K Injected IP Routes
Pass
Cisco IOS Safe Harbor for Financial Enterprise Customers
42
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Cisco Group Management Protocol/Internet Group Management Protocol
Internet Group Management Protocol (IGMP) software components run on both the Cisco router and the
switch. An IGMP-capable IP multicast router sees all IGMP packets and can inform the switch when
specific hosts join or leave IP multicast groups.
When the IGMP-capable router receives an IGMP control packet, it creates an IGMP packet that
contains the request type (either join or leave), the multicast group address, and the MAC address of the
host. The router sends the packet to a well-known address to which all switches listen. When a switch
receives the packet, the supervisor engine interprets the packet and modifies the forwarding table
automatically. Cisco Group Management Protocol (CGMP) should seamlessly integrate with IGMP and
perform the same function.
Test Plan
Hardware forwarding IGMP/CGMP testing for Safe Harbor involves the following:
•
Basic IGMP/CGMP Functionality Test, page 43
•
IGMP Functionality Test on SUP1/MSFC2, page 44
Basic IGMP/CGMP Functionality Test
This test verifies IGMP/CGMP basic functionality, including the IGMP/CGMP status and verifies that
no multicast traffic is flooded into ports which do not have a multicast client.
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
SH1-107 and SH1-108 are running Multicast Source Discovery Protocol (MSDP) Anycast.
Step 2
Use IXIA to send multicast traffic on Dist A-1 VLAN 10. One port on VLAN 15 joins the multicast
group.
Step 3
On Dist A-1, analyze output from the following commands to view IGMP status:
Dist A-1 (enable) show multicast router
Dist A-1 (enable) show multicast group
Dist A-1 (enable) show igmp statistics 10
Dist A-1 (enable) show igmp statistics 15
Step 4
On SH1-107 (standby-rp), analyze the following commands:
SH1-107# show ip mroute
SH1-107# show mls ip multicast
Cisco IOS Safe Harbor for Financial Enterprise Customers
43
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Hardware Forwarding Features
Step 5
On SH1-108 (PIM-RP), analyze the following commands:
SH1-108# show ip mroute
SH1-108# show mls ip multicast
Expected Results
We expect that IGMP and CGMP function properly and that ports that do not belong to the multicast
group do not receive multicast traffic.
IGMP Functionality Test on SUP1/MSFC2
This test verifies IGMP functionality on Supervisor Engine 1/MultiLayer Switch Feature Card 2
(MSFC2).
Test Plan
Perform the following steps:
Step 1
Verify the following switch and router configurations:
•
SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
•
SH1-107 and SH1-108 are running Multicast Source Discovery Protocol (MSDP) Anycast.
Step 2
Use IXIA connected to SH1-108 to send multicast traffic. The receivers are on SH1-108 switch port
Gi4/8, and Dist A-1 VLAN 15.
Step 3
Verify that port Gi4/8 on SH1-108 receives multicast traffic:
SH1-108# show ip mroute
SH1-108# show mls ip multicast
Expected Results
We expect IGMP to function correctly with a Catalyst 6000 series router with Supervisor Engine 1 and
MSFC2 cards.
Results
Table 12 shows the IGMP/CGMP test results.
Table 12
IGMP/CGMP Test Results
Component Test
Pass/Fail
Basic IGMP/CGMP Functionality Test
Pass
IGMP Functionality on SUP1/MSFC2 Test
Pass
Cisco IOS Safe Harbor for Financial Enterprise Customers
44
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 3 Routing Features
Layer 3 Routing Features
Layer 3 routing feature testing for Safe Harbor involves these features:
•
Open Shortest Path First, page 45
•
Border Gateway Protocol, page 48
•
Hot Standby Routing Protocol, page 50
•
Enhanced Interior Gateway Routing Protocol, page 51
Open Shortest Path First
Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) developed by the OSPF working
group of the Internet Engineering Task Force (IETF). Designed expressly for IP networks, OSPF
supports IP subnetting and tagging of externally derived routing information. OSPF also allows packet
authentication and uses IP multicast when sending and receiving packets.
Test Plan
Layer 3 OSPF routing feature tests include the following:
•
Autocost Test, page 45
•
Passive Interface Test, page 46
•
Filtering Test, page 46
•
Redistribution Test, page 47
•
OSPF Topology Database Test, page 47
Autocost Test
This test verifies that the auto-cost reference-bandwidth command functions correctly.
Test Plan
Perform the following steps:
Step 1
Verify that SH1-101 is running Native Cisco IOS Release 12.1(8b)E11 and is in OSPF routing process
ID 1.
Step 2
View output from SH1-101 before executing the auto-cost reference-bandwidth command:
SH1-101# show ip ospf interface po4
SH1-101# show ip ospf interface fa8/8
Step 3
Execute the auto-cost reference-bandwidth command on SH1-101, and view the output from the show
ip ospf interface commands again.
Expected Results
We expect that the auto-cost reference-bandwidth command correctly adjusts the default opsp default
cost for an interface as its value is changed.
Cisco IOS Safe Harbor for Financial Enterprise Customers
45
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 3 Routing Features
Passive Interface Test
This test verifies that the passive-interface command functions correctly.
Test Plan
Perform the following steps:
Step 1
Verify that SH1-100 and SH1-106 are running Native Cisco IOS Version 12.1(8b)E11, and that both are
in OSPF routing process ID 1.
Step 2
Verify the neighbor relationship.
Step 3
View neighbor output from SH1-99 and SH1-101 before adding the passive-interface port-channel #
command.
Step 4
Configure a passive interface on the port-channel between SH1-100 and SH1-106.
Step 5
View output from show ip ospf neighbor command on SH1-99 and SH1-101 again.
Step 6
Remove the passive-interface command and view output from the show ip ospf neighbor command
again.
Expected Results
We expect the passive-interface command to function correctly.
Filtering Test
Test Plan
Perform the following steps:
Step 1
Verify that SH1-97 and SH1-106 are running Native Cisco IOS Release 12.1(8b)E11 and is in OSPF
routing process ID 1.
Step 2
View output from the following show commands on SH1-97 and SH1-106:
SH1-106# show ip route 172.31.1.96
SH1-106# show ip ospf neighbor
SH1-97# show ip ospf
SH1-97# show ip ospf neighbor
Step 3
Filter the 172.31.1.96 route using the distribute-list command with an access list.
Step 4
View output from the show ip route commands to show that 172.31.1.96 is no longer in the routing table.
Step 5
Remove the distribute-list command.
Step 6
Analyze the traffic by entering a show debug command.
Step 7
View output from the show ip route commands after removing the distribute-list command.
Expected Results
We expect OSPF filtering using an access list to function properly.
Cisco IOS Safe Harbor for Financial Enterprise Customers
46
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 3 Routing Features
Redistribution Test
This test verifies that redistribution of EIGRP into OSPF functions properly.
Test Plan
Perform the following steps:
Step 1
Verify that SH1-100 and SH1-101 are running Native Cisco IOS Release 12.1(8b)E11 and are in OSPF
routing process ID 1.
Step 2
View output from the routing table of SH1-101 prior to redistribution.
Step 3
View output from the EIGRP routing table of SH1-100.
Step 4
Redistribute EIGRP routes into OSPF 1 using the redistribute eigrp 1320 subnets command.
Step 5
View output from the routing table of SH1-101 after redistribution.
Expected Results
We expect that EIGRP routes are redistributed into OSPF properly.
OSPF Topology Database Test
This test verifies that the OSPF Topology database functions correctly.
Test Plan
Perform the following steps:
Step 1
Verify that SH1-101 is running Native Cisco IOS Release 12.1(8b)E11 and is in OSPF routing process
ID 1.
Step 2
Analyze the output from SH1-101 showing the OSPF database using the show ip ospf database
command.
Expected Results
We expect that the OSPF Topology database functions properly.
Results
Table 13 shows the Open Shortest Path First test results.
Table 13
Open Shortest Path First Test Results
Component Test
Pass/Fail
Autocost Test
Pass
Passive Interface Test
Pass
Filtering Test
Pass
Cisco IOS Safe Harbor for Financial Enterprise Customers
47
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 3 Routing Features
Table 13
Open Shortest Path First Test Results (continued)
Component Test
Pass/Fail
Redistribution Test
Pass
OSPF Topology Database Test
Pass
Border Gateway Protocol
Border Gateway Protocol (BGP) is an exterior gateway protocol designed to exchange network
reachability information with other BGP systems in other autonomous systems. BGP exchanges routing
information in the form of routing updates. An update includes a network number, a list of autonomous
systems through which the routing information has passed (the AS path), and a list of other path
attributes.
Test Plan
Layer 3 BGP routing feature tests include the following:
•
Scale to Ten BGP Neighbors in Core Test, page 48
•
BGP Neighbor Flap Test, page 48
•
Route Redistribution Test, page 49
Scale to Ten BGP Neighbors in Core Test
This test ensures that no memory leaks or CPU load occurs with 10 BGP neighbors in the core and a
total of 100K BGP routes, 20K OSPF routes, and 10K EIGRP routes.
Test Plan
Perform the following steps:
Step 1
Using Pagent, IXIA and the 4 core switches (SH1-97, SH1-98, SH1-99, and SH1-100), inject 130K
routes —100K BGP, 20K OSPF, and 10K EIGRP routes.
Step 2
Monitor CPU and memory.
Expected Results
We expect no memory or CPU issues.
BGP Neighbor Flap Test
This test verifies that a flapping non-dampened BGP peer does not cause any memory leaks or prolonged
high CPU utilization, and that the device under test (DUT) functions properly after the peer stops
flapping.
Cisco IOS Safe Harbor for Financial Enterprise Customers
48
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 3 Routing Features
Test Plan
Perform the following steps:
Step 1
Verify that SH1-97 is running Native Cisco IOS Release 12.1(8b)E11 and is an eBGP peer with a Pagent
router. The Pagent router is sending 1000 route updates from AS 10.
Step 2
Flap the Pagent router up and down every 15 to 30 seconds.
Step 3
Check memory and CPU utilization before and after running the flapping test for 8 hours.
Expected Results
Memory and CPU results before and after should match.
Route Redistribution Test
This test verifies that the BGP route redistribution function works correctly.
Test Plan
Perform the following steps:
Step 1
Configure redistribution in BGP for OSPF.
Step 2
Configure redistribution in BGP for EIGRP.
Step 3
Configure redistribution in BGP for both OSPF and EIGRP.
Expected Results
We expect routes from OSPF and EIGRP to be redistributed and propagated.
Results
Table 14 shows Border Gateway Protocol test results.
Table 14
Border Gateway Protocol Test Results
Component Test
Pass/Fail
Scale to Ten BGP Neighbors in Core Test
Pass
BGP Neighbor Flap Test
Pass
Route Redistribution Test
Pass
Cisco IOS Safe Harbor for Financial Enterprise Customers
49
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 3 Routing Features
Hot Standby Routing Protocol
For IP, the Hot Standby Routing Protocol (HSRP) allows one router to automatically assume the default
gateway function for the hosts on a subnet if another router fails. HSRP is particularly useful when the
users on one subnet require continuous access to resources in the network.
Test Plan
The HSRP testing for Safe Harbor includes the following:
•
Basic HSRP Test, page 50
•
HSRP Failover Test, page 50
Basic HSRP Test
This test verifies basic HSRP functionality.
Test Plan
Perform the following steps:
Step 1
Verify the following configurations:
•
SH1-109 and SH1-110 are running Native Cisco IOS Release 12.1(8b)E11.
•
Access switch Dist A-2 is running Hybrid CatOS 6.3(4).
Step 2
Verify that trunking is configured between SH1-109, SH1-110, and Dist A-2.
Step 3
Verify that SH1-109 and SH1-110 are running multiple HSRP groups on VLAN 10 through VLAN 20.
Expected Results
We expect HSRP to show the correct active and standby addresses, that all states are correct on both
switches, and all traffic is forwarded correctly.
HSRP Failover Test
This test verifies HSRP failover when a link is down. This test also verifies that the HSRP preempt
command takes over when the link returns to an up/up state, if the interface is configured with a higher
priority than the currently active router interface in the same HSRP group.
Test Plan
Perform the following steps:
Step 1
Transmit to Group 1 gateway 172.31.40.251. Ensure that traffic is being routed through the active router,
SH1-101.
Step 2
Break the link. Check that the traffic destined for the Group 1 gateway fails over to SH1-102.
Expected Results
We expect HSRP to correctly fail over and that traffic continues to be forwarded.
Cisco IOS Safe Harbor for Financial Enterprise Customers
50
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 3 Routing Features
Results
Table 15 shows the Hot Standby Routing Protocol test results.
Table 15
Hot Standby Routing Protocol Test Results
Component Test
Pass/Fail
Basic HSRP Test
Pass
HSRP Failover Test
Pass
Enhanced Interior Gateway Routing Protocol
The Enhanced Interior Gateway Routing Protocol (EIGRP) is an enhanced version of the IGRP protocol
developed by Cisco Systems. Enhanced IGRP uses the same distance vector algorithm and distance
information as IGRP. However, the convergence properties and the operating efficiency of Enhanced
IGRP have improved significantly over IGRP.
The convergence technology is based on research conducted at SRI International and uses an algorithm
referred to as the Diffusing Update Algorithm (DUAL). This algorithm guarantees loop-free operation
at every instant throughout a route computation and allows all devices involved in a topology change to
synchronize at the same time. Routers that are not affected by topology changes are not involved in
recomputations. The convergence time with DUAL rivals that of any other existing routing protocol.
Test Plan
The EIGRP testing for Safe Harbor includes the following:
•
Summarization Test, page 51
•
Redistribution Test, page 52
Summarization Test
This test verifies manual EIGRP summarization by using the ip summary-address eigrp AS-number
interface configuration command.
There are a few /24 networks directly connected to SH1-109 and SH1-110 that can be summarized as
/22 or /21 on the port-channel interfaces up to the distribution layer. For example:
•
172.31.20.0/24 to 172.31.23.0/24, summarized as 172.31.20.0/22
•
172.31.24.0/24 to 172.31.30.0/24, summarized as 172.31.24.0/21
Test Plan
Perform the following steps:
Step 1
Step 2
Add the ip summary-address eigrp command on the following ports:
•
Interface port-channel 71 and port-channel 171 on SH1-110
•
Port-channel 70 and port-channel 170 on SH1-109
Verify the output of the show ip route eigrp command on both the distribution and core layer.
Cisco IOS Safe Harbor for Financial Enterprise Customers
51
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Layer 3 Routing Features
Expected Results
We expect routes to be summarized as expected on neighboring routers.
Redistribution Test
This test verifies that EIGRP route redistribution works correctly, with and without access lists (ACLs)
and route map filtering.
Test Plan
Five /24 loopbacks are directly connected to SH1-97. These loopbacks are to be redistributed into
EIGRP. After loopbacks are redistributed into the EIGRP domain, the loopback addresses are filtered to
allow only the even subnets.
Perform the following steps:
Step 1
Configure redistribution from OSPF into EIGRP with no filtering:
SH1-100(config)# router eigrp 1320
SH1-100(config-router)# redistribute ospf 1 match internal metric 100000 10 255 1 1500
Step 2
Verify that routes exist in the EIGRP domain:
SH1-102# show ip route eigrp
Step 3
Configure redistribution from OSPF into EIGRP by using a route map to filter:
SH1-100(config)# router eigrp 1320
SH1-100(config-router)# redistribute ospf 1 match internal metric 100000 10 255 1 1500
route-map OSPF2EIGRP
Step 4
Verify the contents of route map OSPF2EIGRP:
SH1-100# show route-map OSPF2EIGRP
route-map OSPF2EIGRP, deny, sequence 10
Match clauses:
ip address (access-lists): 17
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map OSPF2EIGRP, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Step 5
Verify the contents of access list 17:
SH1-100# show access-list 17
Standard IP access list 17
permit 1.0.0.0, wildcard bits 254.255.255.255 (56284 matches) check=14069
Step 6
Verify that the correct routing table entries are present after the filtered redistribution test:
SH1-102# show ip route eigrp
Expected Results
We expect all routes to be filtered correctly and seen on neighboring routers.
Cisco IOS Safe Harbor for Financial Enterprise Customers
52
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Network Management Features
Results
Table 16 shows the Enhanced Interior Gateway Routing Protocol test results.
Table 16
Enhanced Interior Gateway Routing Protocol Test Results
Component Test
Pass/Fail
Summarization Test
Pass
Redistribution Test
Pass
Network Management Features
Network management feature testing for Safe Harbor involves the following:
•
Simple Network Management Protocol, page 53
•
Terminal Access Controller Access Control System, page 54
Simple Network Management Protocol
The Simple Network Management Protocol (SNMP) system consists of the following three parts:
•
An SNMP manager
•
An SNMP agent
•
A Management Information Base (MIB)
SNMP is an application-layer protocol that provides a message format for communication between
SNMP managers and agents.
Test Plan
Perform the following steps:
Step 1
Verify that all SH1 switches are running Native IOS Cisco Release 12.1(8b)E11.
Step 2
Run SNMP walks on every device in the topology throughout the Safe Harbor testing of the 12.1(8b)E11
image.
SNMP testing for Safe Harbor involves a test of the basic SNMP functionality when an interface is shut
down and restarted.
Cisco IOS Safe Harbor for Financial Enterprise Customers
53
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Network Management Features
Basic Functionality Shut/No Shut Interface Test
This test verifies that SNMP functionality of the Native Cisco IOS device is according to specification.
Test Plan
Perform the following steps:
Step 1
Verify the SNMP configuration on SH1-101.
Step 2
Shut down the interface VLAN 40 on SH1-101
Step 3
Remove the shutdown with the no shut command configured for the interface VLAN 40 on SH1-101.
Step 4
Verify that the traps are received by a machine that is set up as the SNMP trap receiver. View the output
from the log files of that machine.
Expected Results
We expect that SNMP functions according to specifications.
Results
Table 17 shows the Simple Network Management Protocol test results.
Table 17
Simple Network Management Protocol Test Results
Component Test
Pass/Fail
Basic Functionality Shut/No Shut Interface Test
Pass
Terminal Access Controller Access Control System
Terminal Access Controller Access Control System (TACACS) is an authentication protocol that
provides remote access authentication and related services, such as event logging. User passwords are
administered in a central database rather than in individual routers, providing an easily scalable network
security solution.
Login authentication increases the security of the system by keeping unauthorized users from guessing
the password. The user is limited to a specific number of attempts to successfully log in to the switch. If
the user fails to authorize the password, the system delays access and captures the user ID and the IP
address of the station in the syslog file and in the SNMP trap.
Cisco IOS Safe Harbor for Financial Enterprise Customers
54
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Miscellaneous Features
Test Plan
Testing of the TACACS security protocol for Safe Harbor involves one test: the Verify User
Authentication Test.
Verify User Authentication Test
This test verifies that the TACACS login authentication works correctly.
Test Plan
Perform the following steps:
Step 1
Verify that SH1-101 is running Native Cisco IOS Release 12.1(8b)E11, configured with connectivity to
a Cisco Secure TACACS server.
Step 2
Verify that user authentication works by logging in to SH1-101.
Expected Results
We expect that TACACS login authentication works correctly.
Results
Table 18 shows the Terminal Access Controller Access Control System test results.
Table 18
Terminal Access Controller Access Control System Test Results
Component Test
Pass/Fail
Verify User Authentication Test
Pass
Miscellaneous Features
Miscellaneous features tested for Safe Harbor are as follows:
•
Network Time Protocol, page 56
•
Syslog, page 57
•
User Data Protocol Broadcast Flooding, page 58
•
System Upgrading, page 59
Cisco IOS Safe Harbor for Financial Enterprise Customers
55
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Miscellaneous Features
Network Time Protocol
Network Time Protocol (NTP) synchronizes timekeeping among a set of distributed time servers and
clients. This synchronization allows events to be correlated when system logs are created and other
time-specific events occur. An NTP server must be accessible by the client switch.
Test Plan
Perform the following steps:
Step 1
Verify that time is synchronized from the source.
Step 2
Create flap peers and ensure a return to the baseline.
Basic NTP Functionality Test
This test verifies the NTP functionality.
Test Plan
Perform the following steps:
Step 1
Verify that SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
Enable NTP on devices and point the NTP server to 10.194.17.254.
Step 3
Verify that the clock for a Native switch (SH1-104) is synchronized to the NTP server.
Step 4
Show the NTP association details of a Native switch and view the clock time.
Step 5
View NTP information on the access switch.
Expected Results
We expect that NTP functions correctly.
Results
Table 19 shows the Network Time Protocol test results.
Table 19
Network Time Protocol Test Results
Component Test
Pass/Fail
Basic NTP Functionality Test
Pass
Cisco IOS Safe Harbor for Financial Enterprise Customers
56
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Miscellaneous Features
Syslog
The Syslog protocol provides a transport to allow a machine to send event notification messages across
IP networks to event message collectors, also known as syslog servers.
Test Plan
Perform the following steps:
Step 1
Identify messages of consequence to a customer’s network.
Step 2
Verify that these messages are logged as expected.
Basic Syslog Functionality Test
This test verifies Syslog functionality.
Test Plan
Perform the following steps:
Step 1
Verify that SH1 switches are running Native Cisco IOS Release 12.1(8b)E11 or CatOS 6.3(4).
Step 2
Turn off all debugging on a Native switch.
Step 3
View output from Syslog server. Compare to messages received on SH1-110:
server% tail messages.local7 | grep 10.194.17.110
Results
Table 20 lists the Syslog test results.
Table 20
Syslog Test Results
Component Test
Pass/Fail
Basic Syslog Functionality Test
Pass
Cisco IOS Safe Harbor for Financial Enterprise Customers
57
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Miscellaneous Features
User Data Protocol Broadcast Flooding
A broadcast is a data packet that is destined for multiple hosts. Broadcasts can occur at the data link layer
and the network layer. Data-link broadcasts are sent to all hosts attached to a particular physical network.
Network layer broadcasts are sent to all hosts attached to a particular logical network. The Transmission
Control Protocol/Internet Protocol (TCP/IP) supports the following types of broadcast packets:
•
All ones—By setting the broadcast address to all ones (255.255.255.255), all hosts on the network
receive the broadcast.
•
Network—By setting the broadcast address to a specific network number in the network portion of
the IP address and setting all ones in the host portion of the broadcast address, all hosts on the
specified network receive the broadcast. For example, when a broadcast packet is sent with the
broadcast address of 131.108.255.255, all hosts on network number 131.108 receive the broadcast.
•
Subnet—By setting the broadcast address to a specific network number and a specific subnet
number, all hosts on the specified subnet receive the broadcast. For example, when a broadcast
packet is set with the broadcast address of 131.108.4.255, all hosts on subnet 4 of network 131.108
receive the broadcast.
Because broadcasts are recognized by all hosts, a significant goal of router configuration is to control
unnecessary proliferation of broadcast packets. Cisco routers support two kinds of broadcasts: directed
and flooded. A directed broadcast is a packet sent to a specific network or series of networks, whereas a
flooded broadcast is a packet sent to every network. In IP internetworks, most broadcasts take the form
of User Datagram Protocol (UDP) broadcasts.
Test Plan
Perform the following steps:
Step 1
Use the IP helper-address command.
Step 2
Do forwarding performance verification.
Step 3
Create an excessive load on the CPU and verify proper operation.
Step 4
Allow and disallow traffic with the no forward-protocol command to verify proper operation.
UDP Broadcast Flooding Test
This test verifies that the ip helper-address interface configuration command functions correctly.
Test Plan
Perform the following steps:
Step 1
Verify that SH1-101 is running Native Cisco IOS Release 12.1(8b)E11.
Step 2
Configure IXIA to send broadcast traffic into VLAN 40, UDP port 53 (DNS).
Step 3
Use IXIA to verify that no traffic is being forwarded to the IP-helper address because of the no ip
forward-protocol domain global configuration command.
Cisco IOS Safe Harbor for Financial Enterprise Customers
58
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Miscellaneous Features
Step 4
Reconfigure SH1-101 so that traffic is forwarded to the IP-helper address again.
Step 5
Configure IXIA to send 9000 pps of broadcast traffic into VLAN 40 and check performance.
Expected Results
We expect that the ip helper-address interface configuration command functions correctly.
Results
Table 21 shows the User Data Protocol Broadcast Flooding test results.
Table 21
User Data Protocol Broadcast Flooding Test Results
Component Test
Pass/Fail
UDP Broadcast Flooding Test
Pass
System Upgrading
This test verifies that the Cisco IOS upgrade process works correctly.
Test Plan
System Upgrading Test
Perform the following steps:
Step 1
Verify that SH1-101 is running Native Cisco IOS Release 12.1(8b)E10.
Step 2
Use FTP transfer (because of the 16-MB TFTP limitation) to upgrade to the new version 12.1(8b)E11.
Step 3
Configure each DUT first for connectivity to the FTP server, and with “ip ftp username X” and “ip ftp
password Y.”
Step 4
Format sup-bootflash to make space for the new image.
Step 5
Copy ftp sup-bootflash: and copy ftp slavesup-bootflash:.
Step 6
Set the boot variable to “boot system bootflash:c6sup22-jsv-mz.121-8b.E11,” which synchronizes to the
secondary supervisor module.
Step 7
Reload the switch to the new version.
Cisco IOS Safe Harbor for Financial Enterprise Customers
59
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Supplementary Information
Expected Results
We expect the Cisco IOS system upgrade process to work properly.
Results
Table 22 shows the System Upgrading test results.
Table 22
System Upgrading Test Results
Component Test
Pass/Fail
System Upgrading Test
Pass
Supplementary Information
This section contains additional information about Cisco IOS Safe Harbor testing.
Device Characteristics
Following is a list of devices in the topology used for the Safe Harbor financial testing. The card types,
along with their location, number of ports, model and serial numbers, are listed for each device. The
sub-modules are also listed with the hardware version, model number, serial number, and status for each
device.
SH1-97
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Catalyst 6000 supervisor 2 (Active)
WS-X6K-S2U-MSFC2
2
2 Catalyst 6000 supervisor 2 (Standby)
WS-X6K-S2U-MSFC2
3
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
4
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
5
0 Switching Fabric Module-136 (Active)
WS-X6500-SFM2
6
0 Switching Fabric Module-136 (Standby) WS-X6500-SFM2
7
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
8
48 48 port 10/100 mb RJ45
WS-X6348-RJ-45
Mod
--1
1
2
3
Sub-Module
--------------------------Policy Feature Card 2
Cat6k MSFC 2 daughterboard
Cat6k MSFC 2 daughterboard
Distributed Forwarding Card
Model
--------------WS-F6K-PFC2
WS-F6K-MSFC2
WS-F6K-MSFC2
WS-F6K-DFC
Serial No.
----------SAD060202WE
SAD0602033C
SAD055101LP
SAD055106YN
SAD055204B7
SAD055002UW
SAD055204VV
SAL0552FQTY
Serial
Hw
Status
--------------- ------- ------SAD060204KK
3.0
Ok
SAD055205SV
1.3
Ok
SAD0552066K
1.3
Ok
SAD055102P1
2.0
Ok
SH1-98
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Catalyst 6000 supervisor 2 (Active)
WS-X6K-S2U-MSFC2
2
2 Catalyst 6000 supervisor 2 (Standby)
WS-X6K-S2U-MSFC2
3
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
4
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
5
0 Switching Fabric Module-136 (Active)
WS-X6500-SFM2
6
0 Switching Fabric Module-136 (Standby) WS-X6500-SFM2
7
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
8
48 48 port 10/100 mb RJ45
WS-X6348-RJ-45
Cisco IOS Safe Harbor for Financial Enterprise Customers
60
Serial No.
----------SAD0602034Z
SAD055006L4
SAD055101KD
SAD055106XK
SAD05520493
SAD055204C7
SAD055204T3
SAL0547ESP4
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Supplementary Information
Mod
--1
1
2
3
Sub-Module
--------------------------Policy Feature Card 2
Cat6k MSFC 2 daughterboard
Cat6k MSFC 2 daughterboard
Distributed Forwarding Card
Model
--------------WS-F6K-PFC2
WS-F6K-MSFC2
WS-F6K-MSFC2
WS-F6K-DFC
Serial
Hw
Status
--------------- ------- ------SAD060204RK
3.0
Ok
SAD055205W6
1.3
Ok
SAD0552067L
1.3
Ok
SAD055102R3
2.0
Ok
SH1-99
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Catalyst 6000 supervisor 2 (Active)
WS-X6K-S2U-MSFC2
2
2 Catalyst 6000 supervisor 2 (Standby)
WS-X6K-S2U-MSFC2
3
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
4
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
5
0 Switching Fabric Module-136 (Active)
WS-X6500-SFM2
6
0 Switching Fabric Module-136 (Standby) WS-X6500-SFM2
7
48 48 port 10/100 mb RJ45
WS-X6348-RJ-45
8
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
9
16 16 port 1000mb GBIC ethernet
WS-X6416-GBIC
Mod
--1
1
2
3
4
Sub-Module
--------------------------Policy Feature Card 2
Cat6k MSFC 2 daughterboard
Cat6k MSFC 2 daughterboard
Distributed Forwarding Card
Distributed Forwarding Card
Model
--------------WS-F6K-PFC2
WS-F6K-MSFC2
WS-F6K-MSFC2
WS-F6K-DFC
WS-F6K-DFC
Serial No.
----------SAD06020371
SAD060100AY
SAD055101KC
SAD055101P1
SAD0552044G
SAD055204EZ
SAL0552FQW3
SAD055106Y1
SAD04310BGC
Serial
Hw
Status
--------------- ------- ------SAD060204MJ
3.0
Ok
SAD055205S7
1.3
Ok
SAD055205VK
1.3
Ok
SAD055102T4
2.0
Ok
SAD055102V4
2.0
Ok
SH1-100
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Catalyst 6000 supervisor 2 (Active)
WS-X6K-S2U-MSFC2
2
2 Catalyst 6000 supervisor 2 (Standby)
WS-X6K-S2U-MSFC2
3
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
4
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
5
0 Switching Fabric Module-136 (Active)
WS-X6500-SFM2
6
0 Switching Fabric Module-136 (Standby) WS-X6500-SFM2
7
48 48 port 10/100 mb RJ45
WS-X6348-RJ-45
8
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
9
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
Mod
--1
1
2
3
4
9
Sub-Module
--------------------------Policy Feature Card 2
Cat6k MSFC 2 daughterboard
Cat6k MSFC 2 daughterboard
Distributed Forwarding Card
Distributed Forwarding Card
Distributed Forwarding Card
Model
--------------WS-F6K-PFC2
WS-F6K-MSFC2
WS-F6K-MSFC2
WS-F6K-DFC
WS-F6K-DFC
WS-F6K-DFC
Serial No.
----------SAD055106GE
SAD0602030E
SAD055101LK
SAD055101PJ
SAD06010302
SAD0552048K
SAL0552FSB6
SAD0551070A
SAD0438056B
Serial
Hw
Status
--------------- ------- ------SAD055004RV
3.0
Ok
SAD055107AS
2.0
Ok
SAD0552068V
1.3
Ok
SAD055102P3
2.0
Ok
SAD060100F7
2.0
Ok
SAD044002NS
0.205 Ok
SH1-101
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Catalyst 6000 supervisor 2 (Standby)
WS-X6K-S2U-MSFC2
2
2 Catalyst 6000 supervisor 2 (Active)
WS-X6K-S2U-MSFC2
3
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
5
0 Switching Fabric Module-136 (Active)
WS-X6500-SFM2
6
0 Switching Fabric Module-136 (Standby) WS-X6500-SFM2
7
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
8
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
Serial No.
----------SAD06010069
SAD060100CA
SAD055101MR
SAD060102Y4
SAD055002UN
SAD055204XF
SAD055106ZS
Cisco IOS Safe Harbor for Financial Enterprise Customers
61
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Supplementary Information
Mod
--1
2
2
3
Sub-Module
--------------------------Cat6k MSFC 2 daughterboard
Policy Feature Card 2
Cat6k MSFC 2 daughterboard
Distributed Forwarding Card
Model
--------------WS-F6K-MSFC2
WS-F6K-PFC2
WS-F6K-MSFC2
WS-F6K-DFC
Serial
Hw
Status
--------------- ------- ------SAD055205S3
1.3
Ok
SAD05520068
3.0
Ok
SAD055205N5
1.3
Ok
SAD055102PV
2.0
Ok
SH1-102
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Catalyst 6000 supervisor 2 (Standby)
WS-X6K-S2U-MSFC2
2
2 Catalyst 6000 supervisor 2 (Active)
WS-X6K-S2U-MSFC2
3
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
4
48 48 port 10/100 mb RJ45
WS-X6348-RJ-45
Inline power present, Version: 1
5
6
7
8
Mod
--1
2
2
3
0
0
16
24
Switching Fabric Module-136 (Active)
Switching Fabric Module-136 (Standby)
SFM-capable 16 port 1000mb GBIC
24 port 100FX Multi mode
Sub-Module
--------------------------Cat6k MSFC 2 daughterboard
Policy Feature Card 2
Cat6k MSFC 2 daughterboard
Distributed Forwarding Card
Model
--------------WS-F6K-MSFC2
WS-F6K-PFC2
WS-F6K-MSFC2
WS-F6K-DFC
WS-X6500-SFM2
WS-X6500-SFM2
WS-X6516-GBIC
WS-X6324-100FX-MM
Serial No.
----------SAD0601007D
SAD06010090
SAD055101NA
SAD04340DY4
SAD060102Z7
SAD060102YG
SAD055204WM
SAD055106XY
Serial
Hw
Status
--------------- ------- ------SAD055205RT
1.3
Ok
SAD055205JU
3.0
Ok
SAD055205WH
1.3
Ok
SAD060100F0
2.0
Ok
SH1-103
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Catalyst 6000 supervisor 2 (Standby)
WS-X6K-S2U-MSFC2
2
2 Catalyst 6000 supervisor 2 (Active)
WS-X6K-S2U-MSFC2
3
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
4
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
5
0 Switching Fabric Module-136 (Active)
WS-X6500-SFM2
6
0 Switching Fabric Module-136 (Standby) WS-X6500-SFM2
7
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
8
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
9
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
Mod
--1
2
2
3
4
Sub-Module
--------------------------Cat6k MSFC 2 daughterboard
Policy Feature Card 2
Cat6k MSFC 2 daughterboard
Distributed Forwarding Card
Distributed Forwarding Card
Model
--------------WS-F6K-MSFC2
WS-F6K-PFC2
WS-F6K-MSFC2
WS-F6K-DFC
WS-F6K-DFC
Serial No.
----------SAD060100BX
SAD0601004E
SAD055101PD
SAD055101NL
SAD055204C8
SAD060102UV
SAD055204MG
SAD055204NZ
SAD055106YM
Serial
Hw
Status
--------------- ------- ------SAD055205T9
1.3
Ok
SAD0552053W
3.0
Ok
SAD055205TL
1.3
Ok
SAD055102U3
2.0
Ok
SAD060100EV
2.0
Ok
SH1-104
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Catalyst 6000 supervisor 2 (Standby)
WS-X6K-S2U-MSFC2
2
2 Catalyst 6000 supervisor 2 (Active)
WS-X6K-S2U-MSFC2
3
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
4
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
5
0 Switching Fabric Module-136 (Standby) WS-X6500-SFM2
6
0 Switching Fabric Module-136 (Active)
WS-X6500-SFM2
7
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
8
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
9
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
Cisco IOS Safe Harbor for Financial Enterprise Customers
62
Serial No.
----------SAD0601008Z
SAD060100DD
SAD055101KK
SAD055204TJ
SAD0601031V
SAD0552046C
SAD055204PB
SAD055204XJ
SAD055106Y3
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Supplementary Information
Mod
--1
2
2
3
Sub-Module
--------------------------Cat6k MSFC 2 daughterboard
Policy Feature Card 2
Cat6k MSFC 2 daughterboard
Distributed Forwarding Card
Model
--------------WS-F6K-MSFC2
WS-F6K-PFC2
WS-F6K-MSFC2
WS-F6K-DFC
Serial
Hw
Status
--------------- ------- ------SAD055206A3
1.3
Ok
SAD0552053D
3.0
Ok
SAD055205MJ
1.3
Ok
SAD055102NP
2.0
Ok
SH1-105
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Cat 6000 sup 1 Enhanced QoS (Active)
WS-X6K-SUP1A-2GE
2
2 Cat 6000 sup 1 Enhanced QoS (Standby) WS-X6K-SUP1A-2GE
3
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
4
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
5
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
6
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
7
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
9
48 48 port 10/100 mb RJ45
WS-X6348-RJ-45
Inline power present, Version: 1
Mod
--1
1
2
Sub-Module
--------------------------Policy Feature Card
MSFC Cat6k daughterboard
MSFC Cat6k daughterboard
Model
--------------WS-F6K-PFC
WS-F6K-MSFC
WS-F6K-MSFC
Serial No.
----------SAD060203GM
SAD060100V5
SAL0545E7GX
SAL0551FFML
SAL0545E6G3
SAL0545E7JA
SAD055106XG
SAL0544DYR3
Serial
Hw
Status
--------------- ------- ------SAD060100NR
1.1
Ok
SAD060203N1
2.1
Ok
SAD060203M8
2.1
Ok
SH1-106
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Cat 6000 sup 1 Enhanced QoS (Active)
WS-X6K-SUP1A-2GE
2
2 Cat 6000 sup 1 Enhanced QoS (Standby) WS-X6K-SUP1A-2GE
3
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
4
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
5
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
6
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
7
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
Mod
--1
1
2
Sub-Module
--------------------------Policy Feature Card
MSFC Cat6k daughterboard
MSFC Cat6k daughterboard
Model
--------------WS-F6K-PFC
WS-F6K-MSFC
WS-F6K-MSFC
Serial No.
----------SAL0546EC5N
SAL0542D559
SAL0545E7J9
SAL0540CTF5
SAL0545E7GY
SAL0540CTE7
SAD05510703
Serial
Hw
Status
--------------- ------- ------SAD060100LZ
1.1
Ok
SAD060203M3
2.1
Ok
SAD05280377
1.4
Ok
SH1-107
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Cat 6000 sup 1 Enhanced QoS (Active)
WS-X6K-SUP1A-2GE
2
2 Cat 6000 sup 1 Enhanced QoS (Standby) WS-X6K-SUP1A-2GE
3
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
4
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
5
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
Mod
--1
1
2
Sub-Module
--------------------------Policy Feature Card
Cat6k MSFC 2 daughterboard
Cat6k MSFC 2 daughterboard
Model
--------------WS-F6K-PFC
WS-F6K-MSFC2
WS-F6K-MSFC2
Serial No.
----------SAL0501FWA7
SAL0601G6BV
SAL0545E7FM
SAL0545E6C0
SAD0551070E
Serial
Hw
Status
--------------- ------- ------SAL0601FXD0
2.0
Ok
SAL0601FXUC
2.0
Ok
SAL0601FXUF
2.0
Ok
Cisco IOS Safe Harbor for Financial Enterprise Customers
63
Cisco IOS Safe Harbor for Financial Enterprise Customers, Release 12.1(8b)E11
Supplementary Information
SH1-108
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Cat 6000 sup 1 Enhanced QoS (Active)
WS-X6K-SUP1A-2GE
2
2 Cat 6000 sup 1 Enhanced QoS (Standby) WS-X6K-SUP1A-2GE
3
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
4
8 8 port 1000mb GBIC Enhanced QoS
WS-X6408A-GBIC
5
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
Mod
--1
1
2
Sub-Module
--------------------------Policy Feature Card
Cat6k MSFC 2 daughterboard
Cat6k MSFC 2 daughterboard
Model
--------------WS-F6K-PFC
WS-F6K-MSFC2
WS-F6K-MSFC2
Serial No.
----------SAL0550FAST
SAL0601G2HF
SAL0545E7GH
SAL0545E7FJ
SAD055106Z9
Serial
Hw
Status
--------------- ------- ------SAL0601FXM6
2.0
Ok
SAL0601FY7X
2.0
Ok
SAL0601FYB9
2.0
Ok
SH1-109
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Catalyst 6000 supervisor 2 (Standby)
WS-X6K-S2U-MSFC2
2
2 Catalyst 6000 supervisor 2 (Active)
WS-X6K-S2U-MSFC2
3
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
4
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
5
0 Switching Fabric Module-136 (Active)
WS-X6500-SFM2
6
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
7
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
8
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
9
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
Mod
--1
2
2
3
4
8
Sub-Module
--------------------------Cat6k MSFC 2 daughterboard
Policy Feature Card 2
Cat6k MSFC 2 daughterboard
Distributed Forwarding Card
Distributed Forwarding Card
Distributed Forwarding Card
Model
--------------WS-F6K-MSFC2
WS-F6K-PFC2
WS-F6K-MSFC2
WS-F6K-DFC
WS-F6K-DFC
WS-F6K-DFC
Serial No.
----------SAD0551063X
SAD060100BR
SAD055101NY
SAD054406ZX
SAD0550031L
SAD04440CLF
SAD055204WV
SAD055101M1
SAD05510702
Serial
Hw
Status
--------------- ------- ------SAD055205U3
1.3
Ok
SAD0552053U
3.0
Ok
SAD055205TB
1.3
Ok
SAD054904SP
2.0
Ok
SAD054904VC
2.0
Ok
SAD060100G8
2.0
Ok
SH1-110
Mod Ports Card Type
Model
--- ----- -------------------------------------- -----------------1
2 Catalyst 6000 supervisor 2 (Active)
WS-X6K-S2U-MSFC2
2
2 Catalyst 6000 supervisor 2 (Standby)
WS-X6K-S2U-MSFC2
3
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
4
16 Pure SFM-mode 16 port 1000mb GBIC
WS-X6816-GBIC
5
0 Switching Fabric Module-136 (Active)
WS-X6500-SFM2
6
0 Switching Fabric Module-136 (Standby) WS-X6500-SFM2
7
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
8
16 SFM-capable 16 port 1000mb GBIC
WS-X6516-GBIC
9
24 24 port 100FX Multi mode
WS-X6324-100FX-MM
Mod
--1
1
2
3
4
Sub-Module
--------------------------Policy Feature Card 2
Cat6k MSFC 2 daughterboard
Cat6k MSFC 2 daughterboard
Distributed Forwarding Card
Distributed Forwarding Card
Cisco IOS Safe Harbor for Financial Enterprise Customers
64
Model
--------------WS-F6K-PFC2
WS-F6K-MSFC2
WS-F6K-MSFC2
WS-F6K-DFC
WS-F6K-DFC
Serial No.
----------SAD0601009S
SAD060100CP
SAD055101JR
SAD055101KU
SAD05520456
SAD055204FX
SAD055204XP
SAD055204SV
SAD05510709
Serial
Hw
Status
--------------- ------- ------SAD0552059T
3.0
Ok
SAD0552067R
1.3
Ok
SAD0552061R
1.3
Ok
SAD060100F2
2.0
Ok
SAD055102NR
2.0
Ok

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2025 Paperzz