Intranet Cats
Ahh, Catalyst OS – old skool Layer 2. There is a dwindling number of engineer who have seen this code, let alone have ever used this code and understand it. Since I am about to convert some of the CatOS switches at work to IOS, I figured I would share some of the basics and joys of CatOS with you. Ok, perhaps I am just reminiscing a bit here – but if this can help just one person, then all is good – right?
So, what is this thing called CatOS one might ask. Well, in short it is Cisco OS that is Layer 2 only; there are no routed interfaces, no IP addresses on interfaces (well, there is SC0) or IPs for VLANS – just L2 VLANS and Ports. When a Catalyst switch is running CatOS for Layer 2 it is called Hybrid mode – if the switch is running IOS for Layer 2 and Layer 3, it is called Native mode. CatOS dates back to 1993 when Cisco acquired Crescendo Communications in 1993 and the Catalyst line – its first foray into Switching – and because of the wide acceptance of XDi/CatOS, the OS has lived on for many years. As the Catalyst line moved forward from the 5000, to the 5500, and now the 6500 – CatOS has survived. It is only recently ( Dec 2010 ) that Cisco is no longer fixing and producing CatOS code, and CatOS code will finally go End-Of-Support in December of 2014.
Cat5k
When running your Catalyst in hybrid mode you can think of CatOS and IOS relations like the separation of Church and State. The CatOS portion of the switch takes care of all Layer 2 technologies and configurations, while IOS takes care of all the Layer 3 and routing duties. CatOS is configured by using SET based commands instead of the traditional Conf T mode, so there is no configure mode on the switch. Also with CatOS everything is port-based – not FastEthernet, Gigabit Ethernet, Ten, etc – just blade/port – ie for Blade 7, port 1 its 7/1. Does not matter if that is a 10G place, 1G blade, or 100 meg blade – just blade/port. That is a nice feature in some ways, but with NX-OS everything becomes Ethernet – I can deal with that, just IOS uses all the nuances of the interface – Gig, Fast, Ten, etc. Another thing with CatOS is that your commands are saved immediately, there is no write mem on it.
Lets lets talk about the Route Processor and Switch Processor that make up a Supervisor – both of these components sit on the Multilayer Switch Feature Card (MSFC) as can be seen in the image below:
Sup720 Components
When you split them apart in Hybrid mode, the CatOS runs on the Switch Processor (L2) on the left and the IOS runs on the Route Processor (L3) on the right.
Sup720 Hybrid
When you run the switch in Native mode, the Cisco IOS runs on both the Switch Processor and the Route Processor
Sup720 Native IOS
The connection between the CatOS L2 and the IOS L3 engine is handled by a permanent trunk port on port 15/1 (and 16/1 if you have dual supervisors) and can be seen by doing a show port 15/1. So any traffic destined to the Layer 3 interface on the MSFC card is handled via the trunk – just like “router on a stick” configuration. What is different is that 15/1 is automatically configured for this connection – there is nothing that you have to do.
CatOS-Hybrid# (enable) sh port 15/1 * = Configured MAC Address
# = 802.1X Authenticated Port Name.
Port Name Status Vlan Duplex Speed Type ----- -------------------- ---------- ---------- ------ ----------- ------------ 15/1 connected trunk full 1000 Route Switch
So now that you know how the L2 and L3 are tied together, lets talk about the command line and such. So what does CatOS look like compared to IOS when you are at a command prompt?
As you can see they are identical when you are not in privileged exec mode, but when you Enable up you can see the difference. With CatOS you get see (enable), but with IOS your prompt changes to a # sign. The biggest difference is that CatOS uses SET base commands instead of the configuration mode commands we are used to. Most of the commands used to show the status of things are very similar to IOS, CatOS will use PORT instead of INTERFACE. For example lets look at port 1/1 and interface Gig1/1: (side note – there are two different switches I am pulling this data from, so the port information will not be 100% exact – but both are Gig and the same line-card type)
Hybrid:
CatOS-Hybrid# (enable) sh port 1/1 * = Configured MAC Address # = 802.1X Authenticated Port Name. Port Name Status Vlan Duplex Speed Type ----- -------------------- ---------- ---------- ------ ----------- ------------ 1/1 Yadda Yadda Yadda connected 200 a-full a-1Gb 10/100/1000 Port AuxiliaryVlan AuxVlan-Status ----- ------------- -------------- 1/1 none none Total inline power drawn by module 1: 0.000 Watts ( 0.000 Amps @42V) Port InlinePowered PowerAllocated ActualConsumption Device IEEE class Admin Oper Admin Oper ----- ----- -------- ----- ------ ----------------- ---------- ---------- 1/1 auto off 7000 0 0 none none *Power values are displayed in milliwatts unless stated otherwise Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex ----- -------- --------- ------------- -------- -------- -------- ------- 1/1 disabled shutdown 0 0 1 disabled 86 Port Flooding on Address Limit Last-Src-Addr Vlan TimerType ----- ------------------------- ----------------- ---- ---------- 1/1 Enabled - - Absolute Port Num-Addr Secure-Src-Addr Vlan Age-Left Shutdown/Time-Left ----- -------- ----------------- ---- -------- ------------------ 1/1 0 - - - - - Port 802.1X Auth-State 802.1X Port-Status ----- ------------------ ------------------ 1/1 force-authorized authorized Port Mac-Auth-Bypass State Mac-Auth-Bypass Port-Status ----- --------------------- --------------------------- 1/1 Disabled (null) Port Send FlowControl Receive FlowControl RxPause TxPause admin oper admin oper ----- -------- -------- --------- --------- ---------- ---------- 1/1 desired on off off 0 0 Port Status Channel Admin Ch Mode Group Id ----- ---------- -------------------- ----- ----- 1/1 connected off 73 0 Port Status ErrDisable Reason Port ErrDisableTimeout Action on Timeout ---- ---------- ------------------- ---------------------- ----------------- 1/1 connected - Enable No Change Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize ----- ---------- ---------- ---------- ---------- --------- 1/1 0 0 0 0 0 Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants ----- ---------- ---------- ---------- ---------- --------- --------- --------- 1/1 0 0 0 0 0 0 0 Port Last-Time-Cleared ----- -------------------------- 1/1 Sat Aug 13 2011, 19:16:32 Idle Detection -------------- -- CatOS-Hybrid# (enable)
And now Native:
CatIOS-Native# sh interface g1/1 GigabitEthernet1/1 is up, line protocol is up (connected) Hardware is C6k 1000Mb 802.3, address is 1cdf.0f7b.75b4 (bia 1cdf.0f7b.75b4) Description: [---[ Yadda Yadda Yadda ]---] MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is SX input flow-control is off, output flow-control is off Clock mode is auto ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:10, output 00:00:27, output hang never Last clearing of "show interface" counters never Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 313000 bits/sec, 120 packets/sec 5 minute output rate 584000 bits/sec, 125 packets/sec 1025319228 packets input, 236186395790 bytes, 0 no buffer Received 8429791 broadcasts (4167372 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 1793186668 packets output, 1650422483796 bytes, 0 underruns 0 output errors, 0 collisions, 3 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out CatIOS-Native#
As you can see CatOS and IOS interface stats are very similar, but CatOS is easier to read and understand. Not only that, but CatOS gives you much more information – you can see the power consumption, vlan information, 802.1x, error-disable information, and such. It is more geared towards Layer 2 stats, whereas with IOS it is geared towards Layer 3 information.
Here is a quick chart comparison of some of the more common commands that we tend to use:
| CatOS Command | IOS Command | ||
| show port <mod/port> | show interface <intf type> <mod/port> | ||
| set vlan <vlan-id> <mod/port> | int <intf type> <mod/port> | ||
| switchport mode access | |||
| switchport access vlan <vlan-id> | |||
| set port disable | int <intf type> <mod/port> | ||
| shutdown | |||
| set port enable | int <intf type> <mod/port> | ||
| no shutdown | |||
| set port speed <mod/port> <auto/10/100/1000> | int <intf type> <mod/port> | ||
| speed <auto/10/100/1000> | |||
| set port duplex <mod/port> <auto/half/full> | int <intf type> <mod/port> | ||
| duplex <auto/half/full> | |||
| set trunk <mod/port> <mode> <type> <vlans> | int <intf type> <mod/port> | ||
| switchport trunk encap <type> | |||
| switchport mode trunk | |||
| switchport trunk allow <vlan-id> | |||
| clear trunk <mod/port> <vlans> | int <intf-type> <mod/port | ||
| switchport trunk allowed vlan remote <vlan-id> | |||
| sh cam dynamic | sh mac-address-table dynamic | ||
| show channel | show etherchannel summary | ||
| sh vtp domain | sh vtp status | ||
| show ver | show ver | ||
| set span <source mod/port> <destination mod/port> both | monitor session 1 source int <inft-type> <mod/port> <direction> | ||
| monitor session 1 destination <intf-type> <mod-port> | |||
| show span | show monitor | ||
| set vlan <number> name <name> | vlan <number> | ||
| name <name> | |||
| set spantree root {secondary} <vlan-id> | spanning-tree vlan <vlan-id> root <primary/secondary> | ||
| set port jumbo <mod/port> enable | int <intf-type> <mod/port> | ||
| mtu 9216 | |||
| sh port jumbo | show int <intf-type> <mod/port> | ||
| set test diaglevel <diaglevel> | diagnostic level <diaglevel> | ||
Lets cover the Console Port for a moment since that is an important factor when you are connected to the console and need access to Layer 3. Since there is only 1 console port for the supervisor, there has to be a way to connect to the CatOS and the IOS from the same port. By default when you connect to the console port, you are connected to the CatOS processor. In order to access the L3 portion you need to issue the command switch console from Enable mode – that will place you in the L3 console. In order to get back, just tyle ^C^C^C to switch back, just like it tells you:
CatOS-Hybrid-L2# (enable) switch console
Trying Router-15…
Connected to Router-15.
Type ^C^C^C to switch back…
User Access Verification
Password:
CatOS-Hybrid-L3#
CatOS-Hybrid-L3#
CatOS-Hybrid-L3#^C
CatOS-Hybrid-L3# (enable)
If you are telneted to the CatOS portion of the switch and want to access the L3 portion, just enter the command session 15 and you will be connected to that processor.
So, the next big question is how does one upgrade from CatOS to IOS – there are documented procedures on Cisco’s website here – Link
Now that I have given you the official link, here are the notes that I have taken when I did a few of the upgrades prior.
——————————————————————————————–
CAUTION
YOU WILL LOSE YOUR CONFIGS AND NEED TO
RECREATE FROM SCRATCH (L2 and L3)
CAUTION
——————————————————————————————–
Converting CatOS to IOS
Connect to the CONSOLE of the Supervisor you are about to upgrade
(Also recommend capturing output to text file in case of problems)
Backup the CatOS config (L2) and MSFC Config (L3)
Copy the 72xy code to DISK0:
Enter switch console to switch to the MSFC console and then enable up
Enter show bootvar and check the book register. Should be 0x2102
Enter configure t mode and change the boot var to 0x0
Config-reg 0x0
Enter show bootvar again and verify that it will be 0x0 at next boot:
Configuration register is 0x2102 (will be 0x0 at next reload)
Reload the router, but DO NOT SAVE THE CONFIG
The router will now reload and you will be placed in ROMMON
Enter the ROMMON privileged mode by entering:
rommon 1 > priv
Now issue the fill command rommon 2 > fillrommon 2 > fill
Enter in hex the start address [0x0]: be000000
Enter in hex the test size or length in bytes [0x0]: 80000
Enter in hex the pattern to be written [0x0]: ffff
Enter the operation size ‘l’ong, ‘w’ord, or ‘b’yte []: l
Now RESET once that is complete
rommon 3 > reset
When the box reboots, you will still be in ROMMON
Set the config-register back to 0x2102
rommon 1 > configreg 0x2102
DO NOT RESET!!!!
Now, press Ctrl-C three times to go back to L2 console
rommon 2 > ^C
rommon 2 > ^C
rommon 2 > ^C
Now set the L2 config-register to 0x0
Console> (enable) set boot config-register 0x0
Configuration register is 0x0
ignore-config: disabled
auto-config: non-recurring, overwrite, sync disabled
ROMMON console baud: 9600
boot: the ROM monitor
Now reset the system:
Console> (enable) reset
When it boots, you will be in the L2 ROMMON mode
rommon 1 >
Boot the switch with the s720xy* code
rommon 1 > dir disk0:
Directory of disk0:
2839 96960292 -rw- s72033-ipservices_wan-mz.122-33.SXI3.bin
rommon 2 > boot disk0:s72033-ipservices_wan-mz.122-33.SXI3.bin
When the switch reboots, you will be in Native IOS mode
Format the Sup-bootflash:
Router# format sup-bootflash:
Now format Disk0:
Router# format disk0:
After formatting, recopy the s720xy IOS code to the device (I used Disk0)
Router#copy tftp disk0:
Address or name of remote host []? 10.1.3.11
Source filename []? s72033-ipservices_wan-mz.122-33.SXI3.bin
Destination filename [s72033-ipservices_wan-mz.122-33.SXI3.bin]?
Once the copy is complete, you will need to change the bootvar:
Router#sh bootva
BOOT variable = bootflash:c6msfc3-entservicesk9_wan-mz.122-18.SXF.bin,
Router#conf t
Router(config)#boot system flash disk0:s72033-ipservices_wan-mz.122-33.SXI3.bin
Router#wr mem
Check the bootvar changed
Router#show bootvar
BOOT variable = disk0:s72033-ipservices_wan-mz.122-33.SXI3.bin,1;
CONFIG_FILE variable =
BOOTLDR variable =
Configuration register is 0x2102
Check the remote switch:
Router#remote command switch show bootvar
BOOT variable = disk0:s72033-ipservices_wan-mz.122-33.SXI3.bin,1;
CONFIG_FILE variable =
BOOTLDR variable does not exist
Configuration register is 0x0
Change the config-register to 0x2102
Router#config t
Router(config)#config-register 0x2102
Router(config)#^Z
Then check again:
Router#remote command switch show bootvar
BOOT variable = disk0:s72033-ipservices_wan-mz.122-33.SXI3.bin,1;
CONFIG_FILE variable =
BOOTLDR variable does not exist
Configuration register is 0x0 (will be 0x2102 at next reload)
Once confirmed, reload the router:
Router#reload
Proceed with reload? [confirm]y
Apply the config and you are done