EtherSwitch Service Module (ES) Configuration Example
Available Languages
Contents
Introduction
This document provides a sample configuration for the EtherSwitch Service module installed in the Integrated Service Router (ISR). This document does not discuss the configuration example for the EtherSwitch Network module.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
-
Cisco 2800 Series Router on Cisco IOS® Software Release 12.4(10)
-
NME-16ES-1G-P - 16-port 10/100 Cisco EtherSwitch Service Module
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Related Products
This configuration can also be used with Cisco 2600/3600/3700/3800 Series Routers.
Refer to Table 6 in Cisco EtherSwitch Service Modules - Data Sheet for more information.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
EtherSwitch Modules - Concepts
These are the two types of EtherSwitch modules available for Cisco ISRs:
-
EtherSwitch Service Module (ES)—ES modules have their own processors, switching engines, software and flash memory that run independent of the host router resources. After the ES module is installed in the router, you can console into the ES module from the host router. Then you can create VLANs, configure VLANs, spanning tree, and Virtual Terminal Protocol (VTP) from the ES module. ES modules are based on the Catalyst 3750 platform. This document shows the configuration example only for the ES module.
-
Refer to Cisco EtherSwitch Service Modules - Data Sheet for more information on ES modules.
-
Refer to Cisco EtherSwitch Service Modules Feature Guide for information on how to administrate ES modules.
-
Refer to Catalyst 3750 Series Switches - Configuration Guides for information on how to configure ES modules.
-
-
EtherSwitch Network Module (ESW)—ESW modules are configured by Router IOS. These modules do not run separate software. It is integrated into the host router IOS. You can create VLANs, configure VLANs, spanning tree, and VTP from the host router. The router stores the VLAN database file (vlan.dat) in the flash.
-
Refer to Cisco EtherSwitch Network Modules - Data Sheet for more information on ESW modules.
-
Refer to Cisco EtherSwitch Network Modules Feature Guide for information on how to configure ESW modules.
-
Refer to EtherSwitch Network Module (ESW) Configuration Example for information on the basic ESW module configuration.
-
Configure
In this section, you are presented with the information to configure the features described in this document.
Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.
Network Diagram
This document uses this network setup:
Configurations
This document uses these configurations:
EtherSwitch Module Initial Configuration
After the ES module is installed on the router, you see a new GigabitEthernet interface x/0 (where x is the slot number) recognized by the IOS. This output is taken after the ES module is installed on the router:
Router1#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 1.1.1.3 YES NVRAM up down GigabitEthernet0/1 unassigned YES NVRAM administratively down down GigabitEthernet1/0 unassigned YES unset administratively down down Vlan1 unassigned YES NVRAM up up
The service-module gigabitEthernet x/0 session command is the privileged EXEC mode command used to console into the ES module from the host router. You need to console into the ES module in order to configure it. In order to console into the ES module, it is required to configure the IP address for the GigabitEthernet interface x/0. If you try to console into the module without assigning an IP address, you receive this error message:
Router1#service-module gigabitEthernet 1/0 session
IP address needs to be configured on interface GigabitEthernet1/0
| Router1 |
|---|
Find out the router interface connected to the ES module.
Router1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
Lab-2811 Gi 1/0 157 R NME-16ES-1G Gi 1/0/2
!--- The Local interface shows the interface !--- on the router connected internally to the switch.
Configure the host router to manage the ES module.
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface gigabitethernet 1/0
Router1(config-if)#ip address 172.16.1.1 255.255.255.0
Router1(config-if)#no shutdown
Router1(config-if)#exit
Router1(config)#exit
Console into the ES Module
Router1#service-module gigabitEthernet 1/0 session
Trying 172.16.1.1, 2066 ... Open
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
Would you like to terminate autoinstall? [yes]:
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname Switch-ES
Switch-ES(config)#interface gigabitethernet 1/0/2
Switch-ES(config-if)#no switchport
Switch-ES(config-if)#ip address 172.16.1.2 255.255.255.0
Switch-ES(config-if)#exit
!--- GigabitEthernet 1/0/2 connects the ES module to the router.
Switch-ES(config)#line console 0
Switch-ES(config-line)#password a99l3
Switch-ES(config-line)#exec-timeout 30
Switch-ES(config-line)#exit
Switch-ES(config)#line vty 0 4
Switch-ES(config-line)#password a99l3
Switch-ES(config-line)#login
Switch-ES(config-line)#exec-timeout 30
Switch-ES(config-line)#exit
|
This output shows the show ip interface brief command from the ES module. The GigabitEthernet1/0/2 interface connects the ES module to the GigabitEthernet1/0 interface of the host router.
Switch-ES#show ip int brief Interface IP-Address OK? Method Status Protocol Vlan1 unassigned YES unset administratively down down FastEthernet1/0/1 unassigned YES unset down down FastEthernet1/0/2 unassigned YES unset down down FastEthernet1/0/3 unassigned YES unset down down FastEthernet1/0/4 unassigned YES unset down down FastEthernet1/0/5 unassigned YES unset down down FastEthernet1/0/6 unassigned YES unset down down FastEthernet1/0/7 unassigned YES unset down down FastEthernet1/0/8 unassigned YES unset down down FastEthernet1/0/9 unassigned YES unset down down FastEthernet1/0/10 unassigned YES unset down down FastEthernet1/0/11 unassigned YES unset down down FastEthernet1/0/12 unassigned YES unset down down FastEthernet1/0/13 unassigned YES unset down down FastEthernet1/0/14 unassigned YES unset down down FastEthernet1/0/15 unassigned YES unset down down FastEthernet1/0/16 unassigned YES unset down down GigabitEthernet1/0/1 unassigned YES unset down down GigabitEthernet1/0/2 172.16.1.2 YES manual up up
If the ES module or the devices connected to this ES module need to communicate to the external network via the host router, this port (GigabitEthernet1/0/2) needs to be a Layer 3 port or it needs to be a member of Layer 3 VLAN. See the Configure Routing section of this document to understand how to configure the routing on the ES module.
This diagram explains the host router and the ES module logical connectivity:
You need to press Ctrl+Shift+6, then X in order to go back to the host router.
If you need to clear the session from the router, issue the service-module gigabitEthernet x/0 session clear command from the router privileged EXEC mode.
Configure VTP and VLAN
By default, the VTP mode is server and the VTP domain name is null in ES module. By default, all the ports belong to vlan1. In this example, a DHCP server (172.16.10.20) is located in vlan 10. The ip helper-address 172.16.10.20 command is configured on all the VLANs except vlan 10 in order to obtain the IP addresses from the DHCP server for the devices located in these VLANs.
| Switch-ES |
|---|
VTP Configuration Switch-ES(config)#vtp mode transparent Setting device to VTP TRANSPARENT mode. Switch-ES(config)#vtp domain LAB Changing VTP domain name from NULL to LAB Switch-ES(config)# Create VLANs Switch-ES(config)#vlan 10,50,51,100,200 Switch-ES(config-vlan)#exit Switch-ES(config)# Configure VLANs Switch-ES(config)#interface vlan 10 Switch-ES(config-if)#ip address 172.16.10.1 255.255.255.0 Switch-ES(config-if)#no shutdown Switch-ES(config-if)#interface vlan 50 Switch-ES(config-if)#ip address 172.16.50.1 255.255.255.0 Switch-ES(config-if)#ip helper-address 172.16.10.20 Switch-ES(config-if)#no shutdown Switch-ES(config-if)#interface vlan 51 Switch-ES(config-if)#ip address 172.16.51.1 255.255.255.0 Switch-ES(config-if)#ip helper-address 172.16.10.20 Switch-ES(config-if)#no shutdown Switch-ES(config-if)#interface vlan 100 Switch-ES(config-if)#ip address 172.16.100.1 255.255.255.0 Switch-ES(config-if)#ip helper-address 172.16.10.20 Switch-ES(config-if)#no shutdown Switch-ES(config-if)#interface vlan 200 Switch-ES(config-if)#ip address 172.16.200.1 255.255.255.0 Switch-ES(config-if)#ip helper-address 172.16.10.20 Switch-ES(config-if)#no shutdown |
Switch-ES#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/7, Fa1/0/8
Fa1/0/9, Fa1/0/10, Fa1/0/11
Fa1/0/12, Fa1/0/13, Fa1/0/14
Fa1/0/15, Fa1/0/16, Gi1/0/1
Gi1/0/2
10 VLAN0010 active
50 VLAN0050 active
51 VLAN0051 active
100 VLAN0100 active
200 VLAN0200 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
10 enet 100010 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
51 enet 100051 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
Switch-ES#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 1005 Number of existing VLANs : 10 VTP Operating Mode : Transparent VTP Domain Name : LAB VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x21 0x51 0xD5 0x4E 0x30 0xA5 0x46 0x3C Configuration last modified by 0.0.0.0 at 10-27-06 18:28:10
Configure Spanning Tree, Trunk and Port Channel
This section shows the spanning-tree configuration on the ES module and the Access1 switch. This section also shows the port channel and the trunk configuration between the ES module and the Access1 switch. This example configures the rapid spanning tree on all the switches. The ES module is configured as the spanning-tree root for all the VLANs.
| Switch-ES |
|---|
Spanning-Tree Configuration Switch-ES(config)#spanning-tree mode rapid-pvst Switch-ES(config)#spanning-tree vlan 10,50,51,100,200 root primary Trunk & Port Channel Configuration Switch-ES(config)#interface port-channel 1 Switch-ES(config-if)#switchport trunk encapsulation dot1q Switch-ES(config-if)#switchport mode trunk Switch-ES(config-if)#switchport trunk allowed vlan 100,200 Switch-ES(config-if)#exit Switch-ES(config)#interface range fastethernet 1/0/5-6 Switch-ES(config-if-range)#switchport trunk encapsulation dot1q Switch-ES(config-if-range)#switchport mode trunk Switch-ES(config-if-range)#switchport trunk allowed vlan 100,200 Switch-ES(config-if-range)#channel-group 1 mode on Switch-ES(config-if-range)#exit |
| Access1 |
|---|
Access1 switch configuration Access1(config)#vtp mode transparent Setting device to VTP TRANSPARENT mode. Access1(config)#vtp domain LAB Changing VTP domain name from NULL to LAB Access1(config)#vlan 100,200 Access1(config-vlan)#exit Access1(config)#spanning-tree mode rapid-pvst Access1(config)#interface port-channel 1 Access1(config-if)#switchport trunk encapsulation dot1q Access1(config-if)#switchport mode trunk Access1(config-if)#switchport trunk allowed vlan 100,200 Access1(config-if)#exit Access1(config)#interface range FastEthernet 0/1 - 2 Access1(config-if-range)#switchport trunk encapsulation dot1q Access1(config-if-range)#switchport mode trunk Access1(config-if-range)#switchport trunk allowed vlan 100,200 Access1(config-if-range)#channel-group 1 mode on Access1(config-if-range)#exit |
Switch-ES#show spanning-tree summary Switch is in rapid-pvst mode Root bridge for: VLAN0001, VLAN0100, VLAN0200 Extended system ID is enabled Portfast Default is disabled PortFast BPDU Guard Default is disabled Portfast BPDU Filter Default is disabled Loopguard Default is disabled EtherChannel misconfig guard is enabled UplinkFast is disabled BackboneFast is disabled Configured Pathcost method used is short Name Blocking Listening Learning Forwarding STP Active ---------------------- -------- --------- -------- ---------- ---------- VLAN0001 0 0 0 1 1 VLAN0100 0 0 0 1 1 VLAN0200 0 0 0 1 1 ---------------------- -------- --------- -------- ---------- ---------- 3 vlans 0 0 0 3 3
Switch-ES#show interface port-channel 1 trunk Port Mode Encapsulation Status Native vlan Po1 on 802.1q trunking 1 Port Vlans allowed on trunk Po1 100,200 Port Vlans allowed and active in management domain Po1 100,200 Port Vlans in spanning tree forwarding state and not pruned Po1 100,200
Configure Access Port
The access port configuration is similar to the standard LAN switch configuration.
| Switch-ES |
|---|
Configure the port for server Switch-ES(config)#interface fastEthernet 1/0/7 Switch-ES(config-if)#switchport mode access Switch-ES(config-if)#switchport access vlan 10 Switch-ES(config-if)#spanning-tree portfast Switch-ES(config-if)#speed 100 Switch-ES(config-if)#duplex full Switch-ES(config-if)#exit Configure Port for Printer Switch-ES(config)#interface fastethernet 1/0/8 Switch-ES(config-if)#switchport mode access Switch-ES(config-if)#switchport access vlan 51 Switch-ES(config-if)#spanning-tree portfast Switch-ES(config-if)#exit |
Configure Voice Port
The voice port configuration is similar to the standard LAN switch configuration.
| Switch-ES |
|---|
Configure the port for Voice Switch-ES(config)#interface fastethernet 1/0/9 Switch-ES(config-if)#switchport mode access Switch-ES(config-if)#switchport access vlan 51 Switch-ES(config-if)#switchport voice vlan 50 Switch-ES(config-if)#spanning-tree portfast |
Configure Routing
This example uses static routes to configure the routing.
| Switch-ES |
|---|
Configure the default route Switch-ES(config)#ip routing Switch-ES(config)#ip route 0.0.0.0 0.0.0.0 172.16.1.1 |
| Router1 |
|---|
Configure the route to LAN Router1(config)#ip route 172.16.0.0 255.255.0.0 172.16.1.2 |
Configure QoS
This section uses auto QoS to configure QoS. Refer to Cisco AutoQoS White Paper for more information on auto QoS.
| Switch-ES |
|---|
Configure QoS on the port where IP phone is connected Switch-ES(config)#interface fastethernet 1/0/9 Switch-ES(config-if)#auto qos voip cisco-phone Switch-ES(config-if)#exit Configure QoS on the uplink port to the host router. Switch-ES(config)#interface gigabitEthernet 1/0/2 Switch-ES(config-if)#auto qos voip trust |
| Router1 |
|---|
Create Class map Router1(config)#class-map match-any VoIP-Control Router1(config-cmap)#match ip dscp AF31 Router1(config-cmap)#exit Router1(config)#class-map match-any VoIP-RTP Router1(config-cmap)#match ip dscp EF Router1(config-cmap)#exit Create Policy map Router1(config)#policy-map Policy-VoIP Router1(config-pmap)#class VoIP-RTP Router1(config-pmap-c)#priority percent 70 Router1(config-pmap-c)#class VoIP-Control Router1(config-pmap-c)#bandwidth percent 5 Router1(config-pmap-c)#class class-default Router1(config-pmap-c)#fair-queue Router1(config-pmap-c)#exit Router1(config-pmap)#exit Apply the policy on the interface connects to the ES Module Router1(config)#interface gigabitEthernet 1/0 Router1(config-if)#service-policy output Policy-VoIP Router1(config-if)#exit |
Verify
There is currently no verification procedure available for this configuration.
Troubleshoot
There is currently no specific troubleshooting information available for this configuration.
Related Information
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
24-Jun-2008 |
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)