BRKRST 2600

Are You Utilizing your Campus
Network to its Full Potential?
Shashank Singh
Technical Leader, Cisco
BRKRST-2600
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
BRKRST-2600 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
• Introduction
• Advanced platform visibility
• Zero Touch Provisioning (ZTP)
• PoE Innovations & StackPower
• Manageability Innovations
• Support Packages
• Appendix (Script Examples for Reference)
Your Instructor Today…
Shashank is a Technical Leader with Routing

Shashank Singh and Switching Technical Leadership team in San
Technical Leader, Cisco Services Jose, CA and has extensive experience in
troubleshooting Catalyst line of products.
Shashank works as an escalation point for Cisco
Customer Experience teams and partners with
engineering teams to solve some of the most
Email: shashasi@cisco.com complex customer problems pertaining to Cisco
Twitter: @shashankcisco switches.
Prior to this role, Shashank has worked as a TAC
engineer for over five years, troubleshooting
switching products and technologies. Shashank
has a software development background from
his previous role as a software developer in
General Electric.
Introduction
I wish I knew I could do that!
Cisco Catalyst 9000 switches at a glance
Enabling a new era of intent-based networking
Secure IoT Convergence Mobility Cloud
• Encrypted Traffic Analytics • Constrained Application • Fabric-enabled wireless • DevOps toolkit

• MACsec link encryption Protocol (CoAP) • Embedded Cisco Catalyst 9800 • NETCONF/YANG models
• Trustworthy solutions • Cisco DNA Service for Bonjour Series wireless controller • Streaming telemetry
• Group-based policy • Perpetual PoE • Unified control and policy • Patching and Graceful
• IEEE 1588 Audio Video • Wired and wireless Insertion and Removal (GIR)
• Full Flexible NetFlow
Bridging (AVB) guest access • Application hosting
Software and hardware Innovations

• Cisco Catalyst 9600 Series switches
Built on a Lead modular core
modern modular • Cisco Catalyst 9500 Series switches
OS (Cisco Lead fixed core
IOS XE) and • Cisco Catalyst 9400 Series switches
programmable Lead modular access
ASIC
Lead fixed access
Entry-level fixed access
Cisco Catalyst 9000 innovations
Cisco DNA Center™
Converged
Open Cisco IOS XE
ASIC
Segmentation Automation Assurance
UADP ASIC
Single image
Common
licensing Analytics On-box app hosting
• Streaming telemetry • Monitoring security IoT
• Network monitoring
DevOps toolkit High availability

• Zero-touch provisioning • Patching, GIR, In-
Flexibility, operational simplicity,
Benefits and optimized cost • Model-driven programmability Service Software
Upgrades (ISSU)
• Server management tools
Campus switching portfolio
Cisco Catalyst
Cisco Catalyst 9600 Series
9400 Series Cisco
Cisco Catalyst Catalyst Cisco Catalyst
9300 Series 9000 9500 Series
Cisco Catalyst
9200 Series
switch
platform
Cisco Catalyst Cisco Catalyst Cisco Catalyst Cisco Catalyst Cisco Catalyst Cisco Catalyst
2960-X/XR Series 3650/3850 Series 4500E Series 3850F/4500-X 6840-X/6880-X 6807-XL/6500-E
Access switching Backbone switching
Simplified operations and serviceability with
Cisco Catalyst 9000
Ease of serviceability with blue beacons on
Inventory management efficiency with built-in RFID
each component
Ergonomic design with industry-standard icons Wireless console access with Bluetooth
Icons
Mobile Laptop
Advanced Platform Visibility
Guestshell
Real life problems and tools
Application Hosting
Embedded Event Manager (EEM)

Event driven actions
Model driven programmability
(RESTCONF etc)
Periodic monitoring
TCL
Day 0/1 deployment
Cisco Guestshell
Network-wide configuration
Use this space to provide a bit of detail.
Cisco DNAC/PnP
On the box Python
Guestshell overview
• 64 bit application environment running on IOS XE and

NX OS platforms
• Isolated user space - Fault isolation, Resource isolation
• Access to bootflash.
• Linux Commands - Integrate into existing Linux

workflows
• Bundled with Python- Cisco cli python library for CLI DMI = Data Model Interface = Netconf/Yang interface
PnP = Plug N Play = Zero Touch provisioning
operations and automated output collection.
Also Supported…
• Default access only permitted through Mgmt VRF.
• ZTP – Zero Touch Provisioning can retrieve a Python
Additional options to integrate with device data plane.
script via DHCP at boot time
• EEM – Use Embedded Event Manager to trigger a
Python script in response to an event
Guestshell
Preparation
Cat9K#conf t
Cat9K(config)#iox Start IOx
Cat9K#show iox-service
IOx Infrastructure Summary:
--------------------------- Ensure service is running
IOx service (CAF) : Running
IOx service (HA) : Running
IOx service (IOxman) : Running
Libvirtd : Running Configuration required before activation
Configuration includes VPG interface for Guestshell
Activation is via simplified exec command
Cat9K#conf t
Cat9K(config)#app-hosting appid guestshell
Cat9K(config-app-hosting)#app-vnic management guest-interface 0
Cat9K#guestshell enable
Cat9K#show app-hosting detail | b Network

Network interfaces
--------------------------------------- IP address configured on eth0 in guestshell will
eth0: MAC address : 52:54:dd:42:ee:b3 always be 192.168.30.2 even though specific IP
IPv4 address : 192.168.30.2 address could be given in IOS-XE configuration
Guestshell
Verification
Ensure guestshell is up and
running
Cat9K#show app-hosting list
App id State
------------------------------------------------------
guestshell RUNNING Double-check that Linux
inherited mgmt
configuration
Cat9K#guestshell run sudo ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.30.2 netmask 255.255.255.248 broadcast 192.168.30.7
inet6 fe80::5054:ddff:fe20:e54c prefixlen 64 scopeid 0x20<link>
ether 52:54:dd:20:e5:4c txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 00
Cat9K#guestshell destroy
Guestshell destroyed successfully
Cat9K(config)#no iox In case of any issues you

Cat9K(config)#iox may restart guestshell / IOX
Cat9K(config)#exit service
Cat9K#guestshell enable
Guestshell
Using cli library Cat9K#guestshell run python
Python 2.7.5 (default, Aug 4 2017, 00:39:18) Run python and
execute cisco CLI.
[GCC 4.8.5 20150623 (Red Hat 4.8.5-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>> import cli

>>> interface_cmd = 'show run interface gi1/0/1'
>>> interface_cfg = cli.cli(interface_cmd) Run basic script to run
>>> print (interface_cfg) commands
Building configuration...
Current configuration : 38 bytes
!
interface GigabitEthernet1/0/1 Change configuration (i.e. go to interface
end gi1/0/1 and set description and IP address)
>> import cli

>>> config_cmd = '''interface GigabitEthernet1/0/1\ndescription Configured by
Python\nno switchport\nip address 10.1.1.1 255.255.255.0'''
>>> config_result = cli.configure(config_cmd)
>>> print(config_result)
[ConfigResult(success=True, command='interface GigabitEthernet1/0/1', line=1,
output='', notes=None), ConfigResult(success=True, command='description Configured
by Python', line=2, output='', notes=None), ConfigResult(success=True, command='no
switchport', line=3, output='', notes=None), ConfigResult(success=True,
command='ip address 10.1.1.1 255.255.255.0', line=4, output='', notes=None)]
Events?
Syslog
waits Value/string in an output
Meows Wags tail

SNMP result
gets petted
sees squirrels gets petted Configuration change

Sits
Custom Triggers
Regular Expressions
Regex Cheatsheets & Activities
https://regex101.com/ -Test your expressions against a string, very useful tool.

http://www.rexegg.com/regex-quickstart.html
https://alf.nu/RegexGolf
https://regexone.com/
http://regexr.com/
Trigger off an interface statistic
EEM example
event manager applet test_applet

event interface name GigabitEthernet1/0/1 parameter output_errors entry-op ge
entry-val 0 poll-interval 1 entry-type value
action 1.0 syslog msg "Found errors on interface GigabitEthernet1/0/1"
Cat9K(config-applet)#event interface name Gi1/0/1 parameter ?
input_errors Number of damaged packets received
input_errors_crc Number of packets received with CRC errors
input_errors_frame Number of framing ERR packets received
input_errors_overrun Number of overruns and resource errors
Event Type Description
input_packets_dropped Number of packets dropped from input Q
interface_resets Number of times an interface has been reset
event snmp Look for the data of a specific output_buffer_failures Number of failed buffers
oid SNMP OID. The data in these output_buffer_swappedout Number of packets swapped to DRAM
come in many data types, output_errors Number of packets errored on output
output_errors_underrun Number of underruns on output
strings, ints, and booleans. A output_packets_dropped Number of packets dropped from output Q
logical operator will be needed receive_broadcasts Number of broadcast packets received
to trigger the event. receive_giants Number of too large packets received
receive_rate_bps Interface receive rate in bits/sec
event Perform an action based off of receive_rate_pps Interface receive rate in pkts/sec
syslog the state of an interface. receive_runts Number of too small packets received
receive_throttle Number of times the receiver was disabled
reliability Interface reliability as a fraction of 255
rxload Receive rate as a fraction of 255
transmit_rate_bps Interface transmit rate in bits/sec
Other common event types transmit_rate_pps Interface transmit rate in pkts/sec
Other interface parameters txload Transmit rate as a fraction of 255
Packet capture
EEM + Python – Automated data collection
Trigger is receive rate on Gi1/0/1
event manager applet detect_high_interface_rate
event interface name GigabitEthernet1/0/1 parameter receive_rate_bps entry-op ge
entry-val 1000 poll-interval 1 entry-type value
Variables can be passed to
action 0.01 syslog msg "High Rx rate detected, running automated packet capture." python script at runtime
action 0.02 cli command "enable" Python script called
action 0.03 cli command "guestshell run python /flash/gs_script/packet_capture.py Gi1/0/1"
packet_capturet.py
import cli,time,sys
Unique filename
t = time.localtime() using timestamp
timestamp = time.strftime('%b-%d-%Y_%H%M%S', t)
PATH_NAME = ("flash:/gs_script/" + timestamp + ".pcap")
INTERFACE_NAME = str(sys.argv[1])
Interface name received
cli.execute("enable") from EEM as variable
cli.execute("mon cap pack_cap int %s in file loc %s size 10 match any" % (INTERFACE_NAME, PATH_NAME))
cli.execute("monitor capture pack_cap start")
cli.execute("send log Capture running on %s for 10 sec" %INTERFACE_NAME)
cli.executep("show monitor capture pack_cap")
time.sleep(10)
cli.execute("monitor capture pack_cap stop")
cli.execute("send log Capture saved in %s" %PATH_NAME) 21
BRKRST-2600 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Periodic Events
At certain time/day
Every N sec
Common trigger mechanisms
Time before script Time before system
runs in seconds kills script in seconds
Watchdog timers: • event timer watchdog time 120 maxrun 100

0 = Sun.
1 = Mon.
“minute hour day-of-month month day-of-week” 5 = Fri.
6 = Sat.
7 = Sun.
Cron Timers: • event timer cron cron-entry "1 2 3 4 5"
• “15 9 * * *” 9:15 every morning

Cron Timer
Examples: • “00 10 * * 1-5” 10:00 every Mon. through
Fri.
Shut down a port at 6pm every Thursday.
EEM example
event manager applet shut_port authorization

bypass
event timer cron cron-entry "0 18 * * 4" “minute hour day-of-month month day-of-week”
action 1.0 syslog msg "shutting port"
action 1.2 cli command "enable"
action 1.3 cli command "config t"
action 1.4 cli command "interface Te2/1/15"
action 1.5 cli command "shutdown" And cron lets you do a lot more…
action 1.6 cli command "end"
17 8*** --run daily at 8:17 am
17 20 * * * --run daily at 8:17 pm
00 4**0 --run at 4 am every Sunday
42 41** --run 4:42 am every 1st of the month
01 * 19 07 * --run hourly on the 19th of July
59 11 * * 1-5 --run at 11:59 Monday, Tuesday,
Wednesday, Thursday and Friday
*/1 * * * * --Run every minute
* */2 * * * -- Run every two hours
ASIC level drops and exceptions
show platform hardware fed switch active fwd-asic drop exceptions
Run command multiple times

to check for incrementing
counts
Monitoring Cat9K forwarding asic drops
Guestshell example
import re,time,cli
import sys
Raw data
#Get output of- show platform hard fed sw active fwd-asic drop exceptions
sh_drop_exceptions = cli.execute('show platform hard fed sw active fwd-asic drop exceptions')
#Check for non zero value against any field in delta column.
#Ignore rows NO_EXCEPTION PKT_DROP_COUNT BLOCK_FORWARD these rows as they are seen to increment without any
issue too
non_zero_values_delta = re.findall(r"\d+?\s+?\d+?\s+?(\S+?)\s+?\d+?\s+?\d+?\s+?([1-9]\d*?)\s",
sh_drop_exceptions)
non_zero = 0 Regex to match
if non_zero_values_delta: desired pattern
for name, non_zero_delta in non_zero_values_delta:
if str(name) != "NO_EXCEPTION" and str(name) != "PKT_DROP_COUNT" and str(name) != "BLOCK_FORWARD":
non_zero =1
cli.execute("send log" + "Non zero delta value found found %s, for %s. Check 'show platform hard
fed sw active fwd-asic drop exceptions'" % (non_zero_delta, name))
#If not non zero delta values found generating no problem found alert.
if not non_zero:
cli.execute("send log" + "No problem found")
Demo
Forwarding asic drops
Troubleshooting Bot
(Tbot) Scripts
Troubleshooting bot scripts – IOS-XE 17.1.X
Bundled python bots
• Python scripts bundled with IOS-XE software that can be run from guestshell in
order to confirm hardware programming for Layer 2 and 3 entries.
• Collects the dumps of different components and analyzes them on the box.
• Integrated in the build image, scripts will be copied to the /flash/Tbot directory.
Tbot scripts on IOS XE 17.1.1
Troubleshooting bot scripts – Demo
Run the L2DebugInfraAPi.py script, it will use the other .py files in the Tbot directory. Running Tbot
guestshell run python /flash/Tbot/L2DebugInfraAPIs.py 2182 00a7.428a.93d9
############################### Matm RP Active Mac Address Matches -- SUCCESS
#### Layer2 Debugging Tool #### Matm FP Active Table ID Matches -- SUCCESS
############################### Aom Vlan ID and Mac Address Matches -- SUCCESS
Aom Status Matches -- SUCCESS
@@@@ User Inputs @@@@
-> VLAN ID : 2182 @@@@ Hardware Programming @@@@
-> MAC ADDRESS : 00a7.428a.93d9 -> AsicHexList : []
-> ECIFIDIntf : Port-channel101
@@@@ L2 Forwarding Programming @@@@ -> FedMVID : 15
-> PoMembers : ['Fo6/0/9'] -> ECIFIDGpn : 2144
-> MacAddrindex : 0 -> AsicVlanList : []
-> PoMemStats : ['P'] -> AsicCoreList : ['0']
-> PoID : 101 -> AsicGpnList : []
-> PoNAME : Port-channel101 -> ECIFID : 0x00000106
-> PoProtocol : On -> MacHandle : 0x7f34d24dd178
-> DIInstIDList : ['4']
@@@@ Interface to Doppler D Instance Mapping @@@@ -> DIHandle : 0x7f34d271b758
-> IntfIfID_List : ['0x92'] -> DIPortIDList : ['20']
-> IntfAsic_List : ['2'] -> DICoreIDList : ['0']
-> IntfCore_List : ['0'] Contextual data -> DIAsicIDList : ['2']
-> IntfInst_List : ['4'] gathering and analysis -> SI_PortMapList : 0x00000000 0x00100000
-> SI_RIList : ['0x2']
MVID Value and Lead Vlan LookUp Value Matches -- SUCCESS -> SICoreIDList : ['0']
-> SIAsicIDList : ['2']
@@@@ Software Programming @@@@ -> SIHandle : 0x7f34d2713628
-> Matm_FPPortsList : 262 -> SI_DIList : ['0x5248']
-> Matm_RPPortsList : 262 -> SIPortIDList : ['20']
-> Matm_RPOmPtr : OM: 0x3480768298
<snip> ++++ MAC Handle Programming Validation ++++

Vlan Programming and Mac Handle Programming Matches -- SUCCESS
Zero-Touch Provisioning
Zero Touch Provisioning
What is this?
Ability to configure a device with no

human interacting with device CLI
ZTP workflow using option 67
ip dhcp pool ztp
network 10.1.1.0 255.255.255.0
default-router 10.1.1.254
option 150 ip 10.1.1.254
option 67 ascii ZTP_demo.py
!
tftp-server flash:ZTP_demo.py
TFTP/HTTP
Zero touch provisioning workflow
ZTP device boots up & does not ZTP device gets IP address of
1 find the startup configuration. 4 HTTP/TFTP server, and
downloads Python script.
Guest Shell executes Python

2 Device enters ZTP mode. 5 script & applies configuration to
the device.
ZTP device searches for DHCP

server, gets IP address and After provisioning is complete,
3 6 Guest Shell gets disabled.
enables Guest Shell.
Day 0 configuration
print "\n\n *** ZTP Python Script *** \n\n"
import cli,re
user = "cisco"
password = "cisco"
enable = "cisco"
print "\n\n *** Configuring hostname *** \n\n"

cli.configurep(["hostname ZTP-Switch", "end"]) Configure hostname
print "\n\n *** Configuring credentials *** \n\n"

cli.configurep(['username {} privilege 15 password {}'.format(user, password)])
cli.configurep(['enable secret {}'.format(enable)])
Configure credentials
print "\n\n *** Configuring telnet & ssh *** \n\n"
cli.configurep(['line vty 0 4', 'login local', 'transport input telnet ssh'])
Configure telnet & ssh
Day 1 configuration
list = cli.execute('show interface status') Get list of all interfaces
gig_ports = re.findall(r"(Gi\d\/\d\/\d{1,2}).+?connect", list) Find all 1G interfaces

for gig_port in gig_ports:
print '\n\n Configuring interface {} as access port in vlan 10'.format(gig_port)
cli.configurep(['int {}'.format(gig_port), 'switchport mode access', 'switchport access vlan
10', 'description configured by python'])
Configure all 1G interfaces
TenG_ports = re.findall(r"(Te\d\/\d\/\d{1,2}).+?connect", list) Find all 10G interfaces

for TenG_port in TenG_ports:
print '\n\n Configuring interface {} as trunk port'.format(TenG_port)
cli.configurep(['int {}'.format(TenG_port), 'switchport mode trunk', 'description configured
by python'])
Configure all 10G interfaces
print "\n\n *** ZTP Python Script Execution Complete *** \n\n"
Demo
PoE Innovations
& StackPower
UPoE+ on Catalyst 9000
Cisco and
New partner
802.3bt* cloud
services for
Type 4 control
90W Cisco UPOE+©
UPOE+©
(low voltage) New
Devices
30 - 60 Watt devices 90 Watt devices
Sensor Wall Network

Powered PTZ UHD Large Video
(light, motion, switch Displays HVAC VAV’s
CO2/CO, etc.) Light arrays Cameras
End-to-end solution managed by central IT team that lowers TCO
*Type 4 UPOE+ shipping on Catalyst 9400 and Type 3 shipping on Catalyst 9300.
Type 4 UPOE+ on 9300 is on roadmap. Catalyst 9200 is PoE+.
90W UPOE+ standardization is enabling a
growing ecosystem of Switches
UPOE+© Standardization Growing ecosystem
UPoE Powered Compact
switches
802.1AC Access Points New
VOIP Phones
90W
UPOE+ USB-C POE Displays Network HVAC VAV’s
60W © Dongle
Touchscreen IP Cameras Powered Light
PCs
30W UPOE
PoE+
15W
PoE
Badge Facial
Readers Recognition
Systems
2019 UPOE Powered Nurse call
CBRS Biometric
2011 Compact Switches systems
Private LTE
Environmental
Door Locks IP Call Tower
Sensor Hubs
2009
2003 IT OT
Cisco validated solutions with 90W Switch eco-system

• 802.3bt complements Cisco UPOE by adding 4 new classes of Switches
• Safety measures ensure up to 90W of power is safely delivered
Push architecture boundaries with UPOE+ 90W
IEEE 802.3bt compliant platforms Daisy-chaining
1 (for cable cost savings)
PoE+
UPOE+ / UPOE PoE+

Single Pair PoE
2
Passthrough
(for replacing RSxx for BMS)
single-pair
PoE
Cisco compact switch
USB-C powering
3 (laptop/phone charging data)
Catalyst 9400 and 9300 Series* USB-C

Power +
Data
*IEEE 802.3bt Type 3 (60W) supported on C9300. Type 4 (90W) in roadmap.
Cisco innovations in PoE deliver a robust low
voltage infrastructure
2-event
Perpetual PoE Fast PoE
classification
• Fast power negotiation • Uninterrupted PoE • Bypasses IOS control
without LLDP power during control plane boot
• Physical layer plane reboot • Restores power to PD
negotiation < 1s within 30 sec of
power resumption
2-Event Classification
 Class 4 PD gets 30W even before the link
Without 2-Event Classification: comes up, otherwise 15.4W
 Type-2 PSE sends classification voltage (2nd
Handshake) pulse to Class 4 PD (PoE+,
12.96-25.5 W) confirming it is a high power
LLDP LLDP capable PSE
(Layer 2) 20-25 sec (Layer 2)
 30W of power is allocated for PD (PD draws
up to 25.5W)
 Both PSE and PD need to support 2-Event
 No waiting for CDP/LLDP exchange for
With 2-Event Classification (Hardware Based): PoE+ power levels
Switch> enable
Switch# configure terminal
Electrical signal Switch(config)# interface gigabitethernet2/0/1
Electrical signal
(Layer 1) Switch(config-if)# power inline port 2-event
1 sec (Layer 1)
Switch(config-if)# end
Perpetual PoE/UPOE
PoE devices connected to switch stay powered even on switch reload
• PoE devices continue to get Last Negotiated Power

• Applicable to “Soft” Reload – image upgrade, Switch Soft Reload
software crash, manual reboot
• Supported with stacking deployments
• Not applicable during power outage to switch or
power supply removal
• Not applicable when switch is in hibernation mode
Switch> enable
Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# power inline port perpetual-poe-ha
Fast PoE/UPOE
Power
• Remembers the last power drawn from Supplies

CLI/CDP/LLDP Main CPU
a particular PSE port Status

PoE configuration:
MCU
• Restores power to PD in less than 30 Enable, Port PoE
Priority, Power
Budget etc
seconds post restoration of power
PSE
• Works even before IOS comes up Controller
2 event
Classification
• Allocates last power (stored in P
NVRAM) drawn from PDs

D
• Works in stacking deployments * In case of UPOE, since the PD relies on LLDP to get
to higher power levels, PD may still need to wait till the
IOS comes up and LLDP packet exchanges happen
Switch> enable
Switch(config)# interface gigabitethernet2/0/1
Switch(config-if)# power inline port perpetual-poe-ha
[“perpetual-poe-ha” is a perquisite to “poe-ha”] Switch(config-if)# power inline port poe-ha
StackPower - Overview
“Zero-Footprint” RPS deployment
• Provides RPS functionality with Zero RPS

Footprint
• Pay-as-you-grow architecture – similar to the
Data Stack
• 1+N Redundancy with Inline Power
• Up to 4 Switches in a StackPower Ring
Intelligent power management
Cisco StackPower • Multiple StackPower Possible within one
Data Stack
• Up to 9 Switches in a star topology with XPS
How StackPower Works?
StackPower
715 W
• Pools power from all power supplies
• All switches in StackPower domain share

available power in Pool
715 W 1100W • Each switch is given their minimum power
DataStack
Budget
1100
715 W
W
715
W
Total Input Power = 2530W
Power Budget Modes Load shedding does not occur in redundant mode
unless two or more power supplies fail, because the
largest power supply is used as a backup power source.
1100 1100
715 W 715 W
W W
715 715
W W
2530W – 30W 1430W – 30W

Power Sharing Mode Redundant Mode
• The Default Mode • User Configurable

• Sum of all power supplies – 30~60W • Sum of all power supplies – Largest PS - 30~60W
Switch(config)# stack-power stack power1
Switch(config-stackpower)# mode redundant
Switch(config-stackpower)# exit
Global StackPower Reserve = 30W

Enforcement Modes
Strict & Loose Modes Control The Behavior of Load Shed
BUDGET ALLOCATED ACTUAL BUDGET ALLOCATED ACTUAL
Available Committed Drawn Available Committed Drawn
Power Pool Power Power Power Pool Power Power
Lost PS or Lost PS or
Power source Power source
Shed Load
Lost Shed Load
another PS
Dropped PD Dropped PD
Non strict mode Strict mode

• Non Strict mode allows for a negative power budget
• Strict mode sheds load as soon as the power budget goes below the allocated power level
StackPower CLIs For Your
Reference
Power supply
inputs, PIDs
PowerStack domain
Detailed power accounting
StackPower Best Practice
Balance Power supplies across the stack
Total Input Power = 4400W
Total Output Power = 3800W

The right half generates 0A but
consumes 60A
Stackpower rated for ~55A

In failure scenario, Stackpower could be
oversubscribed; console messages
will warn about the condition and
Recommendation: Intelligent load shed will occur.
1. Balance PS across all systems
2. Fill up PS slot A on every switch in the stack, before using slot B on any switch!
Support Packages
Support Packages – IOS-XE 16.9.3, 16.10.1
Layer3 unicast stream
show tech-support platform layer3 unicast [vrf <VRFname>] destIp
<destinationIP> srcIp <destinationIP> Context aware data
collection
Layer3 multicast stream REP - show tech-support rep [<segment_id>]

show tech-support platform layer3 multicast group_ipAdd <mcast dest IP>
srcIp <source IP> SDA (fabric) - show tech-support fabric
CPU - show tech-support qos switch <id> control-plane
IGMP snooping group
show tech-support platf igmp_snooping PoE - show tech-support poe
[group_ipAddr <IPv4McastGroupAddress> [vlan <vlan_ID>] ] Platform - show tech-support platform
MLD snooping group ACL - show tech-support acl

show tech-support platform mld_snooping group_ipv6Addr <IPv6 MLD Diagnostics - show tech-support diagnostic
Group Address>
Stack - show tech-support stack
QoS Port (Interfaces) - show tech-support port
show tech-support qos switch <id> [interface <interfaceID>]
Dot1x
show tech-support identity mac <mac address> interface <type_and_#>
Serviceability Innovations
CPU Punt packet rate per interface
C9300#show platform software fed sw active ifm mappings
Interface IF_ID Inst Asic Core Port SubPort Mac Cntx LPN GPN Type Active
GigabitEthernet1/0/1 0x8 1 0 1 0 0 26 6 1 1 NIF Y
IF_ID mapping
C9300#show platform software fed sw active punt rates interfaces 0x8
Punt Rate on Single Interfaces Statistics
Interface : GigabitEthernet1/0/1 [if_id: 0x8]
Received Dropped
-------- -------
Total : 3263 Total : 0
10 sec average : 4340 10 sec average : 0
1 min average : 4340 1 min average : 0 Also works without specifying
5 min average : 450 5 min average : 0
interface number
Per CPUQ punt stats on the interface (rate averaged over 10s interval)
==========================================================================
Q | Queue | Recv | Recv | Drop | Drop |
no | Name | Total | Rate | Total | Rate |
==========================================================================
0 CPU_Q_DOT1X_AUTH 0 0 0 0
1 CPU_Q_L2_CONTROL 1582 0 0 0
2 CPU_Q_FORUS_TRAFFIC 0 0 0 0
3 CPU_Q_ICMP_GEN 0 0 0 0
4 CPU_Q_ROUTING_CONTROL 0 0 0 0
5 CPU_Q_FORUS_ADDR_RESOLUTION 482 0 0 0
Interface level stat for

punted traffic BRKRST-2600 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Serviceability Innovations
CPU Punt & Inject packet capture with punt reason and platform context
to start the capture
debug platform software fed switch active [punt|inject] packet-capture start
to stop the capture

debug platform software fed switch active [punt|inject] packet-capture stop
to display the captured packets

show platform software fed switch active punt packet-capture [ brief |detailed ]
Punt packet capturing: disabled. Buffer wrapping: disabled

Total captured so far: 19 packets. Capture capacity : 4096 packets Supports display filters
------ Punt Packet Number: 1, Timestamp: 2019/07/03 20:43:16.087 ------
interface : physical: TenGigabitEthernet1/0/40[if-id: 0x00000030], pal: TenGigabitEthernet1/0/40 [if-id: 0x00000030]
metadata : cause: 96 [Layer2 control protocols], sub-cause: 0, q-no: 15, linktype: MCP_LINK_TYPE_LAYER2 [10]
ether hdr : dest mac: 0180.c200.0000, src mac: 34f8.e795.4b59
ether hdr : length: 39
------ Punt Packet Number: 2, Timestamp: 2019/07/03 20:43:17.919 ------

interface : physical: TenGigabitEthernet1/0/4[if-id: 0x00000040], pal: TenGigabitEthernet1/0/4 [if-id: 0x00000040]
metadata : cause: 11 [For-us data], sub-cause: 0, q-no: 2, linktype: MCP_LINK_TYPE_IP [1]
ether hdr : dest mac: cc70.edc4.f676, src mac: 700b.4f28.d964
ether hdr : ethertype: 0x0800 (IPv4)
ipv4 hdr : dest ip: 21.1.1.1, src ip: 21.1.1.2
ipv4 hdr : packet len: 100, ttl: 254, protocol: 1 (ICMP)
icmp hdr : icmp type: 0, code: 0
Manageability Innovations
Manageability that fits your network
Active switch
UP Ports
Switch Stack
Standby switch
POE status
WebUI
Cisco DNA Center
Small Branch - CPC Migration
Part of the Larger Network
Catalyst 9000 switches can be managed multiple ways
Embedded WebUI
Build Troubleshooting
Ease of Access Intuitive Interface Switch View
configurations made fun
WebUI - Switch view
Active switch UP Ports
Switch Stack
Standby switch POE status

WebUI - Troubleshooting made fun
Check the Core files
Ping and traceroute View Syslog
Wireless manageability with Bluetooth
• Supported IOS XE version 16.12.1 onwards.
• Supported on all Catalyst 9000 series switches except C9500-32C, C9500-32QC,
C9500-48Y4C, and C9500-24Y4C models
• Bluetooth 4.0 version only.
• In a stack, external USB Bluetooth dongle needs to be enabled on active switch.
• After Stateful Switchover (SSO), external USB Bluetooth needs to be re-enabled on
the new active switch.
• External USB Bluetooth dongle is not supported with the following configurations:
Quality of Service (QoS)
Access Control List (ACL)
Bluetooth Dongle for wireless management
Step 1 Connect an external USB Bluetooth dongle to the USB Type A port on the Switch.
Step 2
Switch(config)# interface bluetooth 0/4
Switch(config-if)# enable
Switch(config-if)# no shut
Step 3
Switch(config-if)#bluetooth pin 1111
OR
Switch(config-if)#exit Mobile Laptop
Switch(config)#bluetooth pin 1111
Configuring an External USB Bluetooth Dongle
Bluetooth Dongle for wireless management
Configuring an External USB Bluetooth Dongle
Summary
What?
Features that solve your problem
Which?
More than one way, which is the best?
How?
Configure, observe, evaluate, tweak
Appendix - Reference Scripts
• Find IPs in ARP table and ping them

• Upgrade IOS-XE version on Catalyst 9000
• Stack Event Checker
• Monitoring Cat9K CPU Punt cause & drops
• Cat9K QoS drops checker
• And more cool examples at https://github.com/shashasi/BRKRST-2600
Find IP addresses in ARP cache and ping them
Guestshell example
import cli
#Get a copy of the ARP table in Mgmt-vrf

arp_table = cli.execute('show ip arp vrf Mgmt-vrf')
#Find all IP addresses in the ARP table

hosts = re.findall(r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", arp_table)
if hosts:
for host in hosts:
#ping each IP address
ping_result = cli.execute("ping vrf Mgmt-vrf %s timeout 1" % host)
#See if ping was successful
success = re.findall(r"Success rate is 100 percent", ping_result)
if success:
cli.execute("send log %s is reachable" % host)
else:
cli.execute("send log %s is NOT reachable" % host)
Upgrade IOS-XE version on Catalyst 9000
EEM example
no event manager applet UPGRADE authorization bypass

event manager applet UPGRADE authorization bypass
event none maxrun 300
action 1.0 cli command "enable"
action 1.1 cli command "install add file flash:cat9k_iosxe.16.06.05.SPA.bin activate
commit" pattern "y\/n"
action 1.2 cli command "y" pattern "y\/n"
action 1.3 puts "Fixing to reload"
action 1.5 cli command "y"
Stack event checker
Guestshell example – Part 1/2
import re, time, cli
# check stack-ports summary

show_cmd = 'show switch stack-ports summary'
re.search('\d+\/\d+\s+?\w+.*(\d{2,})', show_cmd)
summary_op = cli.execute(show_cmd)
pattern = '(\d+\/\d+)\s+?\w+.*(\d{2,})'
if summary_op:
for line in summary_op.splitlines():
link_ok = re.search(pattern, line)
if link_ok:
cli.execute("send log" + " Stack port '%s' has %s 'Changes to LinkOK'"%(link_ok.group(1), link_ok.group(2)))
# collect switch and its asic count

show_switch_op = cli.execute('show switch')
stack_numbers = re.findall('[\*|\s](\d+)\s+?(?:Active|Standby|Member)', show_switch_op)
switch_asic_dict = {}
for stack in stack_numbers:
show_cmd = 'show platform hardware fed switch %s fwd-asic drops exceptions | count ASIC'%(stack)
asic_op = cli.execute(show_cmd)
if asic_op:
count = re.search('Number of lines which match regexp \= (\d+)', asic_op)
if count:
switch_asic_dict.update({stack:count.group(1)})
# SDP counter check for non zero count against Tx Fail or Rx Fail
pattern = re.compile(r'(\w+.*)\s+?\d+\s+?(((\d{2,}|[1-9])\s+?\d+\s+(0))|((0)\s+?\d+\s+(\d{2,}|[1-9])))')
show_cmd = 'show platform software stack-mgr switch %s r0 sdp-counters'%(stack)
sdp_counter_op = cli.execute(show_cmd)
if sdp_counter_op:
for line in sdp_counter_op.splitlines():
match = pattern.search(line)
if match:
message = match.group(1).strip()
tx_fail = match.group(4)
rx_fail = match.group(8)
if not tx_fail:
tx_fail = '0'
if not rx_fail:
rx_fail = '0'
cli.execute("send log" + " '%s' has %s Tx_Fail and %s Rx_Fail counters"%(message, tx_fail, rx_fail))
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Stack event checker
Guestshell example – Part 2/2
# Register's snapshot
cmd_list = ['show platform hardware fed switch %s fwd-asic register read register-name SifRacDataCrcErrorCnt asic %s', 'show
platform hardware fed switch %s fwd-asic register read register-name SifRacRwCrcErrorCnt asic %s', 'show platform hardware fed
switch %s fwd-asic register read register-name SifRacPcsCodeWordErrorCnt asic %s', 'show platform hardware fed switch %s fwd-asic
register read register-name SifRacInvalidRingWordCnt asic %s']
snapshot = {}
for asic in range(int(switch_asic_dict[stack])):
# Loop for 2 snapshot
for x in range(2):
snapshot.update({x:[]})
# collect value for all 4 commands
for cmd in cmd_list:
sh_cmd = cmd%(stack, asic)
output = cli.execute(sh_cmd)
value = re.search('count\s+?:\s(\w+)',output)
if value:
# check for hex 3+ digits
if int(value.group(1), 16) > int('0x99', 16):
cli.execute("send log" + " '%s' has '%s' count"%(sh_cmd, value.group(1)))
snapshot[x].append((sh_cmd, value.group(1)))
else:
snapshot[x].append([sh_cmd, 'None'])
# wait for 5 sec and collect again for above 4 commands
time.sleep(5)
# compare two snapshot values
for index, cmd in enumerate(cmd_list):
if snapshot[1][index][1] and snapshot[0][index][1]:
if snapshot[1][index][1] > snapshot[0][index][1]:
cli.execute("send log" + " '%s' has increased from '%s' to '%s' within 5 seconds"%(snapshot[0][index][0],
snapshot[0][index][1], snapshot[1][index][1] © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Monitoring Cat9K CPU Punt cause & drops
Guestshell example
import re,time,cli
import sys
#Get output of following commands Raw data

#(a) sh platform software fed sw active punt cause summary
#(b) sh platform hardware fed switch active qos queue stats internal cpu policer
#(c) sh platform software fed sw active punt cpuq all
sh_sw_punt_cause = cli.execute('show platform software fed switch active punt cause summary')
sh_sw_cpu_int = cli.execute('show platform hardware fed switch active qos queue stats internal cpu policer')
sh_sw_punt_cpuq = cli.execute('show platform software fed switch active punt cpuq all')
Regex to match
desired pattern
#Look for any non zero drop count. If found generate log along with the cause and non zero field.
non_zero_values_punt_cause = re.findall(r"\n\d+?\s+?(\S+?.*?)\s+?\d+?\s+?([1-9][0-9]*?)\s+?\n", sh_sw_punt_cause)

if non_zero_values_punt_cause:
for cause, non_zero in non_zero_values_punt_cause:
cli.execute("send log" + " Drop found %s, cause info %s. Check 'show platform software fed switch active
punt cause summary'" % (non_zero, cause))
Guestshell example
##looking for any cpu policer queue dropping packets. If found generate alert along with the queue and
corresponding non zero field.
cpu_int_queue = re.findall(r"\d+?\s+?\d+?\s+(.+?)\s+Yes.+?(\d+?)\s+?\n", sh_sw_cpu_policer)

if cpu_int_queue:
for queue, dropped in cpu_int_queue: Regex to match
if int(dropped)>0: desired pattern
cli.execute("send log" + " Non zero value %s found for %s. Check ‘show platform hardware fed
switch active qos queue stats internal cpu policer''" % (dropped, queue))
else:
cli.execute("send log" + " No queue found dropping any packets")
Sends log
Guestshell example
#Look for any non zero count following fields -
#Send to IOSd failed count
#RX suspend count
#RX unsuspend send failed count
#RX dropped count
#RX non-active dropped count Regex to match
#RX conversion failure dropped desired pattern
#RX spurious interrupt
punt_cpuq = 0
non_zero_values_punt_cpuq = re.findall(r"(CPU Q Id\s+?\: (\d{1,})(?:(?!(?:CPU Q Id))[\s\S])*)", sh_sw_punt_cpuq)
if non_zero_values_punt_cpuq:
for cpq_entry, cpu_q_id in non_zero_values_punt_cpuq:
match = re.findall(r"(Send to IOSd failed count|RX suspend count|RX unsuspend send failed count|RX dropped count|RX
non-active dropped count|RX conversion failure dropped|RX spurious interrupt)\s+?\: ([1-9][0-9]{0,})", cpq_entry)
if match:
punt_cpuq = 1
for field, non_zero_value in match:
cli.execute("send log" + " Non zero value %s found for %s - CPU Q ID %s. Check 'show platform software fed
switch active punt cpuq all'" % (non_zero_value, field, cpu_q_id))
#If no drops are found, generating no problem found alert.

if not non_zero_values_punt_cause and not punt_cpuq:
cli.execute("send log" + " No problem found")
Cat9K QoS drops checker
Use case
Cat9K#show platform hardware fed sw active qos queue stats int Gi2/0/1
-------------------------------
Queue Buffers Enqueue-TH0 Enqueue-TH1 Enqueue-TH2
----- ------- ----------- ----------- -----------
0 0 0 0 756751
1 0 0 0 452
2 0 0 0 37645
3 0 0 0 0
4 0 0 0 0
5 0 0 0 0
6 0 0 0 0
7 0 0 0 0
------------------------------- Cat9K#show platform hardware fed sw active qos queue stats inter Gi2/0/1
Queue Drop-TH0 Drop-TH1 Drop-TH2 SBufDrop QebDrop -------------------------------
----- ----------- ----------- ----------- ----------- ----------- Queue Buffers Enqueue-TH0 Enqueue-TH1 Enqueue-TH2
0 0 0 9393 0 0 ----- ------- ----------- ----------- -----------
1 0 0 0 0 0 0 0 0 0 978374
2 0 0 0 0 0 1 0 0 0 934
2 0 0 0 37989
3 0 0 0 0
4 0 0 0 0
5 0 0 0 0
6 0 0 0 0
7 0 0 0 0
-------------------------------
Queue Drop-TH0 Drop-TH1 Drop-TH2 SBufDrop QebDrop
----- ----------- ----------- ----------- ----------- -----------
0 0 0 10393 0 0
1 0 0 0 0 0
2 0 0 0 0 0
Cat9K QoS drops checker - continued
Guestshell example
import re,time,cli
import sys
Raw data
#Get show interface status output
show_int_status_op = cli.execute('show interface status')
show_running_op = cli.execute('show running-config')
#Find all interfaces that are in up/up state. Look for connected in show interface status output.
up_interfaces_list = re.findall(r"(Gi\d\/\d\/\d{1,2}|Te\d\/\d\/\d{1,2}).+?connected", show_int_status_op)
if not up_interfaces_list:
cli.execute("send log" + " Need interface is found to be up'") Regex to match
exit() desired pattern
#Check if drops are happening in any queue-threshold by comparing 2 snapshots with 2 secs time interval
for the up interfaces
intf_drop_traffic = []
for up_interface in up_interfaces_list:
snapshot_1 = cli.execute('show platform hard fed sw active qos queue stats interface ' +
up_interface)
time.sleep(2) Introduce delay
snapshot_2 = cli.execute('show platform hard fed sw active qos queue stats interface ' +
up_interface)
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cat9K QoS drops checker - continued
Guestshell example
for queue in range (0, 8):
match_2 = re.search(r"Drop Counters[^!]+?(%d)\s+?(\d+)\s+?(\d+)\s+?(\d+)\s+?(\d+)\s+?(\d+)\n"
%(queue), snapshot_2)
match_1 = re.search(r"Drop Counters[^!]+?(%d)\s+?(\d+)\s+?(\d+)\s+?(\d+)\s+?(\d+)\s+?(\d+)\n"
%(queue), snapshot_1)
for threshold in range (2, 7):
if match_2: Regex to match
drop_count_2 = int(match_2.group(threshold)) desired pattern
if match_1:
drop_count_1 = int(match_1.group(threshold))
if match_2 and match_1: Check if drop counter
if drop_count_2 > drop_count_1: incremented between snapshots
intf_drop_trafffic.append(up_interface)
if threshold < 5:
cli.execute("send log" + " Drop-Th%d is dropping traffic in queue %d. Drop count is
%d. Check 'show platform hard fed sw active qos queue stats interface %s'" % (threshold-2, queue,
drop_count_2, up_interface))
elif threshold == 5:
cli.execute("send log" + " SBufDrop is incrementing queue %d. Drop count is %d. Check
'show platform hard fed sw active qos queue stats interface %s'." % (queue, drop_count_2, up_interface))
elif threshold == 6:
cli.execute("send log" + " QebDrop is incrementing in queue %d. Drop count is %d.
Check 'show platform hard fed sw active qos queue stats interface %s'." % (queue, drop_count_2,
up_interface))
Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.
Cisco Live sessions will be available for viewing on

demand after the event at ciscolive.com.
Continue your education
Demos in the
Walk-In Labs
Cisco Showcase
Meet the Engineer

Related sessions
1:1 meetings
Thank you

BRKRST 2600

Uploaded by

Copyright:

Available Formats

BRKRST 2600

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKRST 2600

Uploaded by

Copyright:

Available Formats

Are You Utilizing your Campus

Network to its Full Potential?

Shashank is a Technical Leader with Routing

Secure IoT Convergence Mobility Cloud

• Encrypted Traffic Analytics • Constrained Application • Fabric-enabled wireless • DevOps toolkit

Software and hardware Innovations

DevOps toolkit High availability

Access switching Backbone switching

Embedded Event Manager (EEM)

• 64 bit application environment running on IOS XE and

• Isolated user space - Fault isolation, Resource isolation

• Linux Commands - Integrate into existing Linux

Cat9K#show app-hosting detail | b Network

Cat9K(config)#no iox In case of any issues you

>> import cli

>> import cli

waits Value/string in an output

Meows Wags tail

sees squirrels gets petted Configuration change

https://regex101.com/ -Test your expressions against a string, very useful tool.

event manager applet test_applet

Watchdog timers: • event timer watchdog time 120 maxrun 100

• “15 9 * * *” 9:15 every morning

event manager applet shut_port authorization

Run command multiple times

sh_drop_exceptions = cli.execute('show platform hard fed sw active fwd-asic drop exceptions')

Tbot scripts on IOS XE 17.1.1

<snip> ++++ MAC Handle Programming Validation ++++

Ability to configure a device with no

Guest Shell executes Python

ZTP device searches for DHCP

print "\n\n *** Configuring hostname *** \n\n"

print "\n\n *** Configuring credentials *** \n\n"

Configure telnet & ssh

list = cli.execute('show interface status') Get list of all interfaces

gig_ports = re.findall(r"(Gi\d\/\d\/\d{1,2}).+?connect", list) Find all 1G interfaces

TenG_ports = re.findall(r"(Te\d\/\d\/\d{1,2}).+?connect", list) Find all 10G interfaces

Sensor Wall Network

End-to-end solution managed by central IT team that lowers TCO

Cisco validated solutions with 90W Switch eco-system

UPOE+ / UPOE PoE+

Catalyst 9400 and 9300 Series* USB-C

*IEEE 802.3bt Type 3 (60W) supported on C9300. Type 4 (90W) in roadmap.

• PoE devices continue to get Last Negotiated Power

• Remembers the last power drawn from Supplies

a particular PSE port Status

• Works even before IOS comes up Controller

• Allocates last power (stored in P

NVRAM) drawn from PDs

• Provides RPS functionality with Zero RPS

• All switches in StackPower domain share

Total Input Power = 2530W

2530W – 30W 1430W – 30W

• The Default Mode • User Configurable

Global StackPower Reserve = 30W

Non strict mode Strict mode

Detailed power accounting

Total Output Power = 3800W

Stackpower rated for ~55A

print "\n\n * Configuring hostname * \n\n"

print "\n\n * Configuring credentials * \n\n"

non_zero_values_punt_cause = re.findall(r"\n\d+?\s+?(\S+?.?)\s+?\d+?\s+?([1-9][0-9]?)\s+?\n", sh_sw_punt_cause)