Migrating from Cisco Catalyst 4500E to 9400 Series Switches

 

Introduction

The new Cisco^® Catalyst^® 9000 switching platform is the next generation in the legendary Cisco Catalyst family of enterprise LAN access, aggregation, and core switches. Within the Cisco Catalyst 9000 switching family, the 9400 Series switches are Cisco’s leading modular enterprise switching access platform, built for security, Internet of Things (IoT), and cloud.

Purpose of this guide

This document is intended to help network planners and engineers who are familiar with the Cisco Catalyst 4500E Series in deploying Cisco Catalyst 9400 Series Switches in the enterprise networking environment (Figure 1).

Cisco Catalyst 4500E Series to Cisco Catalyst 9400 Series

Why migrate?

The Cisco Catalyst 9400 Series Switches are Cisco’s leading modular enterprise switching access platform, built for security, IoT, and cloud. These switches form the foundational building block for Software-Defined Access (SD-Access) – Cisco’s leading enterprise architecture. The platform provides unparalleled investment protection with a chassis architecture that can support up to 9 Tbps of system bandwidth and unmatched power delivery for high-density IEEE 802.3BT (60W and 90W Power over Ethernet [PoE]). Redundancy is now the norm across the portfolio. The 9400 Series delivers state-of-the-art High Availability with capabilities such as uplink resiliency and N+1/N+N redundancy for power supplies. The platform is enterprise optimized with an innovative dual-serviceable fan tray design and side-to-side airflow and is closet friendly with ~16-inch depth. A single system can scale up to 384 access ports with your choice of 10G, 5G, and 2.5G multigigabit copper, 1G copper, Cisco UPOE+, Cisco UPOE and PoE+ options and up to 384 ports of 10G Fiber and 1G Fiber options. The platform also supports advanced routing and infrastructure services, SD-Access capabilities, and network system virtualization. These features enable optional placement of the platform in the core and aggregation layers of small to medium-sized campus environments.

The Cisco Catalyst 9400 Series offers an industry-leading supervisor engine built for secure networks, IoT applications, next-generation mobility, and cloud adoption. Supervisor Engines are built with the latest Cisco Unified Access^® Data Plane ASICs (UADP 3.0 on Supervisor 2/2XL and UADP 2.0XL on Supervisor 1/XL/XL-Y) future-proofed for next-generation technologies with its programmable pipeline, micro engine capabilities, and template-based configurable allocation of Layer 2, Layer 3, forwarding, Access Control Lists (ACLs), and Quality of Service (QoS) entries.

Migration overview

The Cisco Catalyst 9400 Series Switches retain the same centralized architecture as the 4500E Series, but with many new capabilities. This guide lists the different considerations when migrating from the 4500E Series to the 9400 Series.

Chassis hardware

Table 1.        Compares the chassis available on the Cisco Catalyst 4500E and 9400 Series.

Supervisor hardware

The Cisco Catalyst 9400 Supervisor Engines are based on Cisco’s UADP ASIC architecture an x86 CPU architecture. Supervisor Engines also provide options for additional internal and external storage, which enables the device to host containers and run third-party applications and scripts natively within the switch. Table 2 compares the hardware of the 4500E and 9400 Series.

Table 2.        Hardware comparison

System default behaviors

The system default behaviors on the Cisco Catalyst 9400 Series are very similar to those of the 4500E Series. For example, interfaces are default in Layer 2 switch port mode, IP routing is enabled, the management interface is in a dedicated Virtual Routing and Forwarding (VRF) instance, and so on. However, there are also some differences.

Control Plane Policing (CoPP): CoPP is enabled on the Cisco Catalyst 9400 Series, with default policing rates for different classes of traffic. These policing rates are optimized for a typical campus environment. The policing rates can be changed or disabled to meet the requirements of different application environments. On the Cisco Catalyst 4500E, CoPP is not enabled by default, but the system provides a macro to create the different classes, and the user can specify the policing rate for different classes.

Link-status logging: The logging for link-status changes is on by default with the Cisco Catalyst 9400 Series, and the behavior can be changed per interface in the configuration. On the 4500E Series, the logging for link-status changes is off by default and can be changed globally. See Table 3.

Table 3.        Hardware comparison

Power redundancy

The Cisco Catalyst 9400 Series provides eight slots for the power supply in the 9407R and 9410R models, compared to two slots in the 4500E Series. Those eight power supply slots can be operated in the following three modes:

1.     Combined mode: This is the default mode. All power supply modules in the system are active and sharing power.

2.     N+1 redundant mode: N is the number of active power supply modules, and there is one power supply module in standby mode. If any one of the active power supply modules fails, the standby power supply becomes active.

3.     N+N redundant mode: In this mode, the system is configured with an equal number of active and standby power supply modules.

Table 4 compares the power capabilities of the Cisco Catalyst 4500E Series with those of the 9400 Series.

Table 4.        Power comparison

For more details on power redundancy, please see the Environmental Monitoring and Power Management chapter of the System Management Configuration Guide.

ROMMON and config-register

The Cisco Catalyst 9400 Series uses the x86 CPU architecture to enable hosting containers and third-party applications. With this change, there are also changes in the ROMMON.

Prompts and file system

In ROMMON, the prompt on the Cisco Catalyst 9400 Series is “switch:” and the “flash:” is the memory partition for local storage. On the Cisco Catalyst 4500E Series, the prompt is “rommon>” and the “bootflash:” is the memory partition for local storage. Table 5 shows outputs in ROMMON from the 4500E and 9400 Series.

Table 5.        ROMMON outputs

The Cisco Catalyst 4500E Series uses the traditional “config-register” command in both Cisco IOS and ROMMON to control the booting behavior. The Cisco Catalyst 9400 Series uses a parallel set of commands in Cisco IOS XE Software, which creates the equivalent ROMMON variables. See Table 6.

Table 6.        Boot variables

Baud rate

Table 7.        Setting the baud rate

“Break” processing

At the beginning of the bootup process, the user can use Ctrl+C to break out of the booting process and drop the system back into ROMMON if the break sequence is enabled. See Table 8.

Table 8.         “Break” processing

Table 9.        Ignoring the startup configuration

Operations

Interface reference

The Cisco Catalyst 4500E Series has two level of interface numbering:

interface <Type><Slot#>/<Port#>

The 9400 Series has three levels:

interface <Type><Slot#>/<Bay#>/<Port#>

As of release 16.6.2, the bay number is unused and is always 0. For example, Gigabit Ethernet port 1 on slot 1 is referenced as gi1/1 with the 4500E Series and as gi1/0/1 with the 9400 Series. See Table 10.

Table 10.     Interface numbering

Management interface

The management interface on the Cisco Catalyst 9400 Series is Gigabit Ethernet, which is much more capable than the Fast Ethernet on the 4500E Series. The management port on both platforms has its own VRF for separation of management traffic from normal data traffic. However, the name of the VRF for the management port is different between the 9400 Series and 4500E Series. Note also that the names of the VRFs are case sensitive. Table 11 lists the management port differences between the two platforms.

Table 11.     Management interface and VRF

Software features

For details on the software features supported on the Cisco Catalyst 9400 Series, please use the feature navigator on Cisco.com. Some of the features behave differently on the 9400 Series compared to the 4500E Series. Following are some of these differences.

System MTU

On the Cisco Catalyst 9400 Series, the global command “system mtu <1500-9216>” changes the MTU on all the interfaces within the system. On the Cisco Catalyst 4500E Series, the global command “system mtu <1500-1552>” sets the global baby giant MTU for all interfaces. Both C9400 and 4500E Series also support per-interface MTU. The per-interface MTU command takes precedence. See Table 12.

Table 12.     Setting the system MTU

Host tracking feature

The Cisco Catalyst 4500E Series supports IP Device Tracking (IPDT) for keeping track of connected hosts (association of MAC and IP addresses). In the Cisco Catalyst 9400 Series with the latest Cisco IOS XE release, the new Switch Integrated Security Features (SISF)-based IP device-tracking feature acts as a container policy that enables snooping and device-tracking features available with First Hop Security (FHS) in both IPv4 and IPv6, using IP-agnostic CLI commands. See Appendix A for more information on migrating from the IPDT CLI configuration to the new SISF-based device-tracking CLI configuration.

Flexible NetFlow

Both the Cisco Catalyst 9400 Series and the Cisco Catalyst 4500E Series support Flexible NetFlow. Beside the scalability differences, there are a few configuration differences. They are listed in Table 13.

Table 13.     Flexible NetFlow differences

Quality of Service (QoS)

The ASICs that power the Cisco Catalyst 4500E and 9400 Series are different, so there are some differences in QoS behaviors, as described below.

Per-port per-VLAN QoS policy

The Cisco Catalyst 4500E Series provides the ability to configure service policy per VLAN under the trunk interface. The Cisco Catalyst 9400 Series supports this with the use of Hierarchical QoS. In this case, the parent policy consists of two different VLAN policies. Table 14 contains the per-port per- VLAN QoS configuration for both the 4500E and 9400 Series.

Table 14.     Per-port per-VLAN configuration

Congestion avoidance

The Cisco Catalyst 4500E Series supports Dynamic Buffer Limiting (DBL), and there are no user-configurable parameters. The Cisco Catalyst 9400 Series uses Weighted Random Early Detection (WRED), which randomly discards packets at specified queue thresholds. WRED gives the network operator much more control over the drop behavior. The following is an example of WRED configuration on the 9400 Series.

policy-map 2P6Q3T

class PRIORITY-QUEUE

priority level 1

class VIDEO-PRIORITY-QUEUE

priority level 2 class DATA-QUEUE

bandwidth remaining percent <number> queue-buffers ratio <number> random-detect dscp-based

random-detect dscp 10 percent 60 80

Table 15 lists other QoS differences between Supervisor Engine 9E on the Cisco Catalyst 4500E Series and Supervisor Engine-1/1XL on the Cisco Catalyst 9400 Series.

Table 15.     QoS differences

Cisco Catalyst 4500E Series platform-specific commands

Table 16 lists commands that are specific to the Cisco Catalyst 4500E Series and are not available on the 9400 Series.

Table 16.     Cisco Catalyst 4500E Series platform-specific commands

Conclusion

The Cisco Catalyst 9400 Series Switches are Cisco’s leading modular enterprise switching access platforms. They are the new generation of the access platform and provide many additional capabilities, making them well suited for enterprises looking to migrate from their existing Cisco Catalyst 4500E Series deployment.

Appendix A. IPDT/SISF

If your device has no legacy IP device tracking or IPv6 snooping configurations, you can use only the new SISF-based device-tracking commands for all your future configurations. The legacy IPDT commands and IPv6 snooping commands are not available.

IPDT, IPv6 snooping, and device-tracking CLI compatibility

Table 17 displays the new SISF-based device-tracking commands and the corresponding IPDT and IPv6 snooping commands. For details on SISF configuration, please refer to the configuration guide.

Table 17.     Device-tracking and corresponding IPDT and IPv6 snooping commands