- Preface
- Product Overview
- Command-line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring the Cisco IOS In Service Software Upgrade Process
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Supervisor Engine Redundancy Using RPR and SSO
- Configuring Cisco NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant
- Configuring VLANs, VTP, and VMPS
- Configuring IP Unnumbered Interface
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring STP and MST
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring Resilient Ethernet Protocol
- Configuring Optional STP Features
- Configuring EtherChannels
- Configuring IGMP Snooping and Filtering
- Configuring IPv6 MLD Snooping
- Configuring 802.1Q and Layer 2 Protocol Tunneling
- Configuring CDP
- Configuring LLDP and LLDP-MED
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring Unicast Reverse Path Forwarding
- Configuring IP Multicast
- Configuring ANCP Client
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring Quality of Service
- Configuring Voice Interfaces
- Configuring Private VLANs
- Configuring 802.1X Port-Based Authentication
- Configuring PPPoE Intermediate Agent
- Configuring Web-Based Authentication
- Configuring Port Security
- Configuring Control Plane Policing
- Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
- Configuring Dynamic ARP Inspection
- Configuring Network Security with ACLs
- Port Unicast and Multicast Flood Blocking
- Configuring Storm Control
- Configuring SPAN and RSPAN
- Configuring System Message Logging
- Configuring SNMP
- Configuring NetFlow
- Configuring Ethernet CFM and OAM
- Configuring Y.1731 (AIS and RDI)
- Configuring Cisco IOS IP SLAs Operations
- Configuring RMON
- Performing Diagnostics
- Configuring WCCP Version 2 Services
- ROM Monitor
- Configuring MIB Support
- Acronyms
- Index
Configuring ANCP Client
This chapter describes ANCP Client on Catalyst 4500 series switches. It includes the following sections:
•Enabling and Configuring ANCP Client
Note For complete syntax and usage information for the switch commands used in this chapter, look at the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html
If the command is not found in the Catalyst 4500 Command Reference, it will be found in the larger Cisco IOS library. Refer to the Catalyst 4500 Series Switch Cisco IOS Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html
Overview
ANCP multicast enables you to control multicast traffic on a Catalyst 4500 series switch using either ANCP (rather than IGMP) or direct static configuration on the CLI. You can configure the switch as an ANCP client that connects to a remote ANCP server with multicast enabled. You can then initiate join and leave requests from that server. So, you can use the switch in a system in which a subscriber requests that a digital right management (DRM) server receive a given channel (multicast) potentially through any private protocol mechanism.
Note The ANCP client does not allow more than four multicast streams per port per VLAN. If a fifth join request arrives, it is rejected.
If the DRM server determines that a subscriber is allowed to receive a multicast, it requests that the ANCP server send an ANCP join command to the ANCP client (Catalyst 4500 series switch) for the port to which the subscriber is connected.
Note You must enable IGMP snooping on an ANCP Client (Catalyst 4500 series switch) in order to process multicast commands (join, leave, leave all requests, and request for active flows report) from the ANCP server. For information on enabling IGMP snooping, refer to Chapter 22, "Configuring IGMP Snooping and Filtering."
The ANCP protocol must be able to identify the port on which you must add multicast. (You can identify this port through either the identifier configured on the CLI or the DHCP option 82 inserted by the switch when the subscriber received an IP address with DHCP. Either way, the administrator should be consistent in identifying a given port.
Enabling and Configuring ANCP Client
Note If you intend to use DHCP option 82 rather than CLI mapping (with the ancp client port identif command) you must enter the ip dhcp snooping command before configuring the ANCP client.
You can identify a port by using the ancp mode client command or with DHCP option 82.
This section includes the following topics:
•Enabling ANCP Client on a Port
•Enabling DHCP Option 82 on a Port
Enabling ANCP Client on a Port
To make the Catalyst 4500 series switch operate as an ANCP client and to build and initialize its relevant data, enter the ancp mode client command. The no version of this command disables ANCP. This command disconnects the ANCP client from the ANCP server, and terminates any existing multicast streams that you enabled with ANCP.
To configure a switch to communicate with a single ANCP server, use the [no] ancp client server interface command. This command directs the ANCP client to initiate a TCP connection to the remote ANCP server identified with the IP address. If the TCP connection fails, it times out and retries the connection every 120 seconds until it succeeds. The interface command specifies the interface from which the local ANCP client obtains its IP address. The no version of the command terminates the TCP connection to the ANCP server but retains any existing ANCP-activated multicast stream.
By using separate commands to enable the ANCP client and to configure the IP address of the ANCP server, you can reconfigure the IP address of the remote ANCP server without losing existing ANCP- activated multicast streams.
Step 1 Enable ANCP:
Switch(config)> ancp mode client
Step 2 Configure the IP address of the remote server as the interface to acquire the source IP address:
Switch(config)> ancp client server ipaddress of server interface interface
The interface might be a loopback, which allows the client to reach the server through the interface.
Step 3 (Optional) Enable the ANCP multicast client to identify this VLAN interface using the port-identifier as opposed to the Option 82 circuit-id:
Switch(config)> ancp client port identifier port-identifier vlan number interface interface
The no version of this command prompts a warning message if any multicast stream is activated by ANCP using the port-identifier on a port:
Switch(config)# no ancp client port identifier bbb vlan 10 interface GigabitEthernet3/5
Warning: Multicast flows seems to exist for this port, remove mapping and delete flows anyway?[confirm]y
Switch(config)#
The ANCP client tries to connect to the server. If it fails, it tries again 10 seconds later. If it fails again, it tries again 20 seconds later and so on until it reaches the 120-second timeout. It remains timed out until it reconnects.
Note If the connection is made and then fails again and the client attempts to reconnect again and it fails, the wait time returns to 10 seconds (and so on).
To determine whether the ANCP client is successfully connected to the server, enter the
show ancp status command, which displays the status of the ANCP TCP connection with the remote ANCP server.
Switch# show ancp status
ANCP enabled on following interfaces
Et0/0
ANCP end point(s) on this interface:
====================================
ANCP state ESTAB
Neighbor 10.1.1.1 Neighbor port 6068
Hello interval 100 Sender instance 1 Sender name 372F61C
Sender port 0 Partition ID 0 TCB 36E27E8
Capabilities negotiated: Transactional Multicast
Switch#
In the preceding example, only one capability is negotiated (supported): transactional multicast. This is the only capability that the ANCP client supports. Therefore, the server also supports this capability and the two entities can now communicate.
The server can send ANCP multicast commands (join, leave, leave all requests, and request for active flows report) as defined in the multicast portion of the ANCP protocol. At any time, an administrator can use the show ancp multicast [interface vlan] [group | source] command to see the information the ANCP client has obtained about the current multicast flows.
Example 1
ANCP_Client# show ancp multicast group 239.6.6.6
ANCP Multicast Streams
ClientID VLAN Interface Joined on
Group 239.6.6.6
0x0106000700130103 19 Gi1/3 15:06:23 UTC Tue Aug 26 2008
ANCP_Client#
Example 2
ANCP_Client# show ancp multicast interface Fa2/3 vlan 19
ANCP Multicast Streams
Interface FastEthernet2/3 VLAN 19: client ID 0x0106000700130203
Group Source Joined on
239.5.6.7 - 15:03:14 UTC Tue Aug 26 2008
ANCP_Client#
Note Specifying the show ancp multicast command without parameters or keywords lists all available data.
Enabling DHCP Option 82 on a Port
Note To use DHCP option 82, you need to enable DHCP and DHCP snooping.
If you identify the port with DHCP option 82 and intend to insert DHCP option 82, you need to configure the Catalyst 4500 series switch as a DHCP relay. This action adds a tag in the DHCP packet from the DHCP client so that the DHCP server can detect the switch port that the DHCP client is connected to. The DHCP server can then map the IP address it is providing to the client with the DHCP option 82 it received from the switch. The DHCP server only needs to look up the DHCP option 82 associated with a given IP address and provide it to the ANCP server. This allows the ANCP client on the switch to identify the proper port using an identifier the switch has knowledge of. The configure DHCP snooping on the Catalyst 4500 series switch, use the following commands:
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan vlan-range
By default, DHCP option 82 is inserted when DHCP snooping is activated. Turning this default off could cause ANCP to function improperly with the DHCP circuit-id; it must remain active. To activate it, enter the command:
Switch(config)# ip dhcp snooping information option
Note The DHCP option 82 circuit-ID is inserted into the Active-Flow report (when queried for all multicast flows) even if a configured circuit-ID exists.
ANCP allows a remote server to request the list of active flows from the ANCP client (Catalyst 4500 series switch is the ANCP client). This list is very similar to the output from the show ancp multicast command except that it follows the ANCP protocol packet format (see IETF.org). Observe that the
show ancp multicast command provides the flows that have been activated with the
ancp port client identifier command even though the ANCP active flow request only reports the client ID in DHCP option 82 circuit-ID format, regardless of the activation mechanism.
Guidelines and Restrictions
Follow these guidelines when applying ANCP functionality:
•Entering a shut command on a port removes ANCP activated multicast streams from the port. They must be reactivated by the ANCP server.
•Entering a suspend or shut command on a VLAN removes ANCP-activated multicast streams from the VLAN.
•Deleting a VLAN removes ANCP-activated multicast streams from the VLAN.
•If a port enters the errdisable or blocked state, ANCP-activated multicast streams are removed from the port.
•Disabling IGMP snooping globally or on one VLAN might disrupt ANCP client functionality.
•An ANCP client does not account for the Layer 3 interface state changes (if PIM interface at
Layer 3 shuts down, ANCP does not remove the streams). When a PIM interface is running again, multicast streams are received by subscribers.