Tags

, , , , ,

Intranet Cats


Ahh, Catalyst OS – old skool Layer 2.  There is a dwindling number of engineer who have seen this code, let alone have ever used this code and understand it.  Since I am about to convert some of the CatOS switches at work to IOS, I figured I would share some of the basics and joys of CatOS with you. Ok, perhaps I am just reminiscing a bit here – but if this can help just one person, then all is good – right?
So, what is this thing called CatOS one might ask.  Well, in short it is Cisco OS that is Layer 2 only; there are no routed interfaces, no IP addresses on interfaces (well, there is SC0) or IPs for VLANS – just L2 VLANS and Ports.  When a Catalyst switch is running CatOS for Layer 2 it is called Hybrid mode – if the switch is running IOS for Layer 2 and Layer 3, it is called Native mode.  CatOS dates back to 1993 when Cisco acquired Crescendo Communications in 1993 and the Catalyst line – its first foray into Switching – and because of the wide acceptance of XDi/CatOS, the OS has lived on for many years.  As the Catalyst line moved forward from the 5000, to the 5500, and now the 6500 – CatOS has survived.  It is only recently ( Dec 2010 ) that Cisco is no longer fixing and producing CatOS code, and CatOS code will finally go End-Of-Support in December of 2014.

Cat5k


When running your Catalyst in hybrid mode you can think of CatOS and IOS relations like the separation of Church and State. The CatOS portion of the switch takes care of all Layer 2 technologies and configurations, while IOS takes care of all the Layer 3 and routing duties.   CatOS is configured by using SET based commands instead of the traditional Conf T mode, so there is no configure mode on the switch.  Also with CatOS everything is port-based – not FastEthernet, Gigabit Ethernet, Ten, etc – just blade/port – ie for Blade 7, port 1 its 7/1.  Does not matter if that is a 10G place, 1G blade, or 100 meg blade – just blade/port.  That is a nice feature in some ways, but with NX-OS everything becomes Ethernet – I can deal with that, just IOS uses all the nuances of the interface – Gig, Fast, Ten, etc.  Another thing with CatOS is that your commands are saved immediately, there is no write mem on it.
Lets lets talk about the Route Processor and Switch Processor that make up a Supervisor – both of these components sit on the Multilayer Switch Feature Card (MSFC) as can be seen in the image below:

Sup720 Components


When you split them apart in Hybrid mode, the CatOS runs on the Switch Processor (L2) on the left and the IOS runs on the Route Processor (L3) on the right.

Sup720 Hybrid


When you run the switch in Native mode, the Cisco IOS runs on both the Switch Processor and the Route Processor

Sup720 Native IOS


 
The connection between the CatOS L2 and the IOS L3 engine is handled by a permanent trunk port on port 15/1 (and 16/1 if you have dual supervisors) and can be seen by doing a show port 15/1.  So any traffic destined to the Layer 3 interface on the MSFC card is handled via the trunk – just like “router on a stick” configuration.  What is different is that 15/1 is automatically configured for this connection – there is nothing that you have to do.

CatOS-Hybrid# (enable) sh port 15/1
 * = Configured MAC Address
# = 802.1X Authenticated Port Name.
Port  Name                 Status     Vlan       Duplex Speed       Type
 ----- -------------------- ---------- ---------- ------ ----------- ------------
 15/1                       connected  trunk        full        1000 Route Switch

So now that you know how the L2 and L3 are tied together, lets talk about the command line and such.  So what does CatOS look like compared to IOS when you are at a command prompt?

As you can see they are identical when you are not in privileged exec mode, but when you Enable up you can see the difference.  With CatOS you get see (enable), but with IOS your prompt changes to a # sign.  The biggest difference is that CatOS uses SET base commands instead of the configuration mode commands we are used to.  Most of the commands used to show the status of things are very similar to IOS, CatOS will use PORT instead of INTERFACE.  For example lets look at port 1/1 and interface Gig1/1: (side note – there are two different switches I am pulling this data from, so the port information will not be 100% exact – but both are Gig and the same line-card type)
Hybrid:

CatOS-Hybrid# (enable) sh port 1/1
* = Configured MAC Address
# = 802.1X Authenticated Port Name.
Port  Name                 Status     Vlan       Duplex Speed       Type
----- -------------------- ---------- ---------- ------ ----------- ------------
 1/1  Yadda Yadda Yadda    connected  200        a-full       a-1Gb 10/100/1000
Port  AuxiliaryVlan AuxVlan-Status
----- ------------- --------------
 1/1  none          none          
Total inline power drawn by module 1:   0.000 Watts ( 0.000 Amps @42V)
Port   InlinePowered   PowerAllocated  ActualConsumption Device      IEEE class
       Admin  Oper     Admin   Oper
-----  -----  -------- -----   ------  ----------------- ----------  ----------
 1/1   auto   off      7000    0       0                 none        none      
*Power values are displayed in milliwatts unless stated otherwise
Port  Security Violation Shutdown-Time Age-Time Max-Addr Trap     IfIndex
----- -------- --------- ------------- -------- -------- -------- -------
 1/1  disabled  shutdown             0        0        1 disabled      86
Port  Flooding on Address Limit Last-Src-Addr     Vlan TimerType
----- ------------------------- ----------------- ---- ----------
 1/1                    Enabled                 -    -   Absolute
Port  Num-Addr Secure-Src-Addr     Vlan Age-Left Shutdown/Time-Left
----- -------- -----------------   ---- -------- ------------------
 1/1         0                 -      -        -        -         -
Port  802.1X Auth-State   802.1X Port-Status
----- ------------------  ------------------
 1/1  force-authorized    authorized
Port  Mac-Auth-Bypass State  Mac-Auth-Bypass Port-Status
----- ---------------------  ---------------------------
 1/1  Disabled               (null)                     
Port  Send FlowControl  Receive FlowControl   RxPause    TxPause
      admin    oper     admin     oper
----- -------- -------- --------- ---------   ---------- ----------
 1/1  desired  on       off       off         0          0          
Port  Status     Channel              Admin Ch
                 Mode                 Group Id
----- ---------- -------------------- ----- -----
 1/1  connected  off                     73     0
Port  Status      ErrDisable Reason    Port ErrDisableTimeout  Action on Timeout
----  ----------  -------------------  ----------------------  -----------------
 1/1  connected                     -  Enable                  No Change
Port  Align-Err  FCS-Err    Xmit-Err   Rcv-Err    UnderSize
----- ---------- ---------- ---------- ---------- ---------
 1/1           0          0          0          0         0
Port  Single-Col Multi-Coll Late-Coll  Excess-Col Carri-Sen Runts     Giants
----- ---------- ---------- ---------- ---------- --------- --------- ---------
 1/1           0          0          0          0         0         0         0
Port  Last-Time-Cleared
----- --------------------------
 1/1  Sat Aug 13 2011, 19:16:32
Idle Detection
--------------
   --    
CatOS-Hybrid# (enable)

And now Native:

CatIOS-Native# sh interface g1/1
 GigabitEthernet1/1 is up, line protocol is up (connected)
 Hardware is C6k 1000Mb 802.3, address is 1cdf.0f7b.75b4 (bia 1cdf.0f7b.75b4)
 Description: [---[ Yadda Yadda Yadda ]---]
 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
 reliability 255/255, txload 1/255, rxload 1/255
 Encapsulation ARPA, loopback not set
 Keepalive set (10 sec)
 Full-duplex, 1000Mb/s, media type is SX
 input flow-control is off, output flow-control is off
 Clock mode is auto
 ARP type: ARPA, ARP Timeout 04:00:00
 Last input 00:00:10, output 00:00:27, output hang never
 Last clearing of "show interface" counters never
 Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
 Queueing strategy: fifo
 Output queue: 0/40 (size/max)
 5 minute input rate 313000 bits/sec, 120 packets/sec
 5 minute output rate 584000 bits/sec, 125 packets/sec
 1025319228 packets input, 236186395790 bytes, 0 no buffer
 Received 8429791 broadcasts (4167372 multicasts)
 0 runts, 0 giants, 0 throttles
 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
 0 watchdog, 0 multicast, 0 pause input
 0 input packets with dribble condition detected
 1793186668 packets output, 1650422483796 bytes, 0 underruns
 0 output errors, 0 collisions, 3 interface resets
 0 babbles, 0 late collision, 0 deferred
 0 lost carrier, 0 no carrier, 0 PAUSE output
 0 output buffer failures, 0 output buffers swapped out
 CatIOS-Native#

As you can see CatOS and IOS interface stats are very similar, but CatOS is easier to read and understand.  Not only that, but CatOS gives you much more information – you can see the power consumption, vlan information, 802.1x, error-disable information, and such.  It is more geared towards Layer 2 stats, whereas with IOS it is geared towards Layer 3 information.
Here is a quick chart comparison of some of the more common commands that we tend to use:

CatOS Command IOS Command
show port <mod/port> show interface <intf type> <mod/port>
set vlan <vlan-id> <mod/port> int <intf type> <mod/port>
switchport mode access
switchport access vlan <vlan-id>
set port disable int <intf type> <mod/port>
shutdown
set port enable int <intf type> <mod/port>
no shutdown
set port speed <mod/port> <auto/10/100/1000> int <intf type> <mod/port>
speed <auto/10/100/1000>
set port duplex <mod/port> <auto/half/full> int <intf type> <mod/port>
duplex <auto/half/full>
set trunk <mod/port> <mode> <type> <vlans> int <intf type> <mod/port>
switchport trunk encap <type>
switchport mode trunk
switchport trunk allow <vlan-id>
clear trunk <mod/port> <vlans> int <intf-type> <mod/port
switchport trunk allowed vlan remote <vlan-id>
sh cam dynamic sh mac-address-table dynamic
show channel show etherchannel summary
sh vtp domain sh vtp status
show ver show ver
set span <source mod/port> <destination mod/port> both monitor session 1 source int <inft-type> <mod/port> <direction>
monitor session 1 destination <intf-type> <mod-port>
show span show monitor
set vlan <number> name <name> vlan <number>
name <name>
set spantree root {secondary} <vlan-id> spanning-tree vlan <vlan-id> root <primary/secondary>
set port jumbo <mod/port> enable int <intf-type> <mod/port>
mtu 9216
sh port jumbo show int <intf-type> <mod/port>
set test diaglevel <diaglevel> diagnostic level <diaglevel>

 
Lets cover the Console Port for a moment since that is an important factor when you are connected to the console and need access to Layer 3.  Since there is only 1 console port for the supervisor, there has to be a way to connect to the CatOS and the IOS from the same port.  By default when you connect to the console port, you are connected to the CatOS processor.  In order to access the L3 portion you need to issue the command switch console from Enable mode – that will place you in the L3 console.  In order to get back, just tyle ^C^C^C to switch back, just like it tells you:
CatOS-Hybrid-L2# (enable) switch console
Trying Router-15…
Connected to Router-15.
Type ^C^C^C to switch back…
User Access Verification
Password:
CatOS-Hybrid-L3#
CatOS-Hybrid-L3#
CatOS-Hybrid-L3#^C
CatOS-Hybrid-L3# (enable)
If you are telneted to the CatOS portion of the switch and want to access the L3 portion, just enter the command session 15 and you will be connected to that processor.
So, the next big question is how does one upgrade from CatOS to IOS – there are documented procedures on Cisco’s website here – Link

Now that I have given you the official link, here are the notes that I have taken when I did a few of the upgrades prior.
——————————————————————————————–
CAUTION
YOU WILL LOSE YOUR
CONFIGS AND NEED TO
RECREATE FROM SCRATCH (L2 and L3)
CAUTION
——————————————————————————————–

Converting CatOS to IOS
Connect to the CONSOLE of the Supervisor you are about to upgrade
(Also recommend capturing output to text file in case of problems)
Backup the CatOS config (L2) and MSFC Config (L3)
Copy the 72xy code to DISK0:
Enter switch console to switch to the MSFC console and then enable up
Enter show bootvar and check the book register.  Should be 0x2102
Enter configure t mode and change the boot var to 0x0
Config-reg 0x0
Enter show bootvar again and verify that it will be 0x0 at next boot:
Configuration register is 0x2102 (will be 0x0 at next reload)
Reload the router, but DO NOT SAVE THE CONFIG
The router will now reload and you will be placed in ROMMON
Enter the ROMMON privileged mode by entering:
rommon 1 > priv

Now issue the fill command
     rommon 2 > fillrommon 2 > fill

Enter in hex the start address [0x0]: be000000
Enter in hex the test size or length in bytes [0x0]: 80000
Enter in hex the pattern to be written [0x0]: ffff
Enter the operation size ‘l’ong, ‘w’ord, or ‘b’yte []: l
 
Now RESET once that is complete
rommon 3 > reset
When the box reboots, you will still be in ROMMON
Set the config-register back to 0x2102
rommon 1 > configreg 0x2102
DO NOT RESET!!!!
Now, press Ctrl-C three times to go back to L2 console
rommon 2 > ^C
rommon 2 > ^C
rommon 2 > ^C
 
Now set the L2 config-register to 0x0
Console> (enable) set boot config-register 0x0
Configuration register is 0x0
ignore-config: disabled
auto-config: non-recurring, overwrite, sync disabled
ROMMON console baud: 9600
boot: the ROM monitor
Now reset the system:
Console> (enable) reset
When it boots, you will be in the L2 ROMMON mode
rommon 1 >
Boot the switch with the s720xy* code
rommon 1 > dir disk0:
Directory of disk0:
2839    96960292  -rw-     s72033-ipservices_wan-mz.122-33.SXI3.bin

rommon 2 > boot disk0:s72033-ipservices_wan-mz.122-33.SXI3.bin
When the switch reboots, you will be in Native IOS mode
 
Format the Sup-bootflash:
Router# format sup-bootflash:
 
Now format Disk0:
Router# format disk0:
 
After formatting, recopy the s720xy IOS code to the device (I used Disk0)
Router#copy tftp disk0:
Address or name of remote host []? 10.1.3.11
Source filename []? s72033-ipservices_wan-mz.122-33.SXI3.bin
Destination filename [s72033-ipservices_wan-mz.122-33.SXI3.bin]?
 
Once the copy is complete, you will need to change the bootvar:
Router#sh bootva
BOOT variable = bootflash:c6msfc3-entservicesk9_wan-mz.122-18.SXF.bin,
Router#conf t
Router(config)#boot system flash disk0:s72033-ipservices_wan-mz.122-33.SXI3.bin
Router#wr mem
 
Check the bootvar changed
Router#show bootvar
BOOT variable = disk0:s72033-ipservices_wan-mz.122-33.SXI3.bin,1;
CONFIG_FILE variable =
BOOTLDR variable =
Configuration register is 0x2102
 
Check the remote switch:
Router#remote command switch show bootvar
 
BOOT variable = disk0:s72033-ipservices_wan-mz.122-33.SXI3.bin,1;
CONFIG_FILE variable =
BOOTLDR variable does not exist
Configuration register is 0x0
 
Change the config-register to 0x2102
Router#config t
Router(config)#config-register 0x2102
Router(config)#^Z
 
Then check again:
Router#remote command switch show bootvar
BOOT variable = disk0:s72033-ipservices_wan-mz.122-33.SXI3.bin,1;
CONFIG_FILE variable =
BOOTLDR variable does not exist
Configuration register is 0x0 (will be 0x2102 at next reload)
 
Once confirmed, reload the router:
Router#reload
Proceed with reload? [confirm]y
 
 
Apply the config and you are done