- Title
- Table of Contents
- Preface
- Product Overview
- Command-Line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring the Cisco IOS XE In Service Software Upgrade Process
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Supervisor Engine Redundancy Using RPR and SSO on Supervisor Engine 8-E
- Configuring Cisco NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant
- Configuring VLANs, VTP, and VMPS
- Configuring IP Unnumbered Interface
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring Cisco IOS Auto Smartport Macros
- Configuring STP and MST
- Configuring Flex Links and MAC Address-Table Move Update
- Configuring Resilient Ethernet Protocol
- Configuring Optional STP Features
- Configuring EtherChannel and Link State Tracking
- Configuring IGMP Snooping and Filtering
- Configuring IPv6 MLD Snooping
- Configuring 802.1Q Tunneling, VLAN Mapping, and Layer 2 Protocol Tunneling
- Configuring CDP
- Configuring LLDP, LLDP-MED, and Location Service
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring Unicast Reverse Path Forwarding
- Configuring IP Multicast
- Configuring ANCP Client
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring Quality of Service
- Configuring Voice Interfaces
- Configuring Private VLANs
- Configuring MACsec Encryption
- Configuring 802.1X Port-Based Authentication
- Configuring the PPPoE Intermediate Agent
- Configuring Web-Based Authentication
- Configuring Port Security
- Configuring Control Plane Policing and Layer 2 Control Packet QoS
- Configuring Dynamic ARP Inspection
- Support for IPv6
- Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
- Configuring Network Security with ACLs
- Port Unicast and Multicast Flood Blocking
- Configuring Storm Control
- Configuring Wireshark
- Configuring SPAN and RSPAN
- Configuring Enhanced Object Tracking
- Configuring System Message Logging
- Onboard Failure Logging (OBFL)
- Configuring SNMP
- Configuring Flexible NetFlow
- Configuring Ethernet OAM and CFM
- Configuring Y.1731 (AIS and RDI)
- Configuring Call Home
- Configuring Cisco IOS IP SLA Operations
- Configuring RMON
- Performing Diagnostics
- Configuring WCCP Version 2 Services
- ROM Monitor
- Configuring MIB Support
- Acronyms and Abbreviations
- Index
Configuring ANCP Client
This chapter describes Access-Network Control Protocol (ANCP) Client on a Catalyst 4500 series switch. It includes the following sections:
Note For complete syntax and usage information for the switch commands used in this chapter, first look at the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html
If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html
About ANCP Client
ANCP Multicast enables you to control multicast traffic on a Catalyst 4500 series switch using either ANCP (instead of IGMP) or direct static configuration on the CLI. You can configure the switch as an ANCP client that connects to a remote ANCP server with multicast enabled. You can then initiate joins and leaves from that server. Use the switch in a system in which a subscriber requests that a digital right management (DRM) server receive a given channel (multicast) potentially through any private protocol mechanism.
Note The ANCP client does not allow more than four multicast streams per-port per-VLAN. If a fifth join arrives, it is rejected.
If the digital right management (DRM) server determines that a subscriber is allowed to receive a multicast, it requests that the ANCP server sends an ANCP join command to the ANCP client (Catalyst 4500 series switch) for the port on which the subscriber is connected.
Note IGMP snooping must be enabled on an ANCP client (Catalyst 4500 series switch) for processing multicast commands (join, leave, leave all requests, and request for active flows report) from the ANCP server. For information on enabling IGMP snooping. Refer to Chapter23, “Configuring IGMP Snooping and Filtering”
The ANCP protocol must be able to identify the port on which multicast must be added. (This port can be identified either using the identifier configured on the CLI or with the DHCP option 82 that was inserted by the Catalyst 4500 switch while the subscriber received an IP address with DHCP. Either way, you should be consistent in identifying a given port.
Enabling and Configuring ANCP Client
Note If you intend to use DHCP option 82 rather than CLI mapping (with the ancp client port identif... command) you must enter the ip dhcp snooping command before configuring the ANCP client.
You can identify a port with the ancp mode client command or with DHCP option 82.
This section includes these topics:
Identifying a Port with the ANCP Protocol
To make the Catalyst 4500 series switch operate as an ANCP client and to build and initialize its relevant data, enter the ancp mode client command. The no version of this command disables ANCP. This command disconnects the ANCP client from the ANCP server and terminates any existing multicast streams that have been enabled with ANCP.
To configure a switch to communicate with a single ANCP server, use the [no] ancp client server interface command. This command directs the ANCP client to initiate a TCP connection to the remote ANCP server identified with the IP address. If the TCP connection fails, the connection times out and retries for the connection every 120 seconds until it succeeds. The interface command specifies the interface from which the local ANCP client obtains its IP address.The no command terminates the TCP connection to the ANCP server but retains any existing ANCP activated multicast stream.
Separate commands enable the ANCP client and configure the IP address of the ANCP server. You can reconfigure the IP address of the remote ANCP server without losing existing ANCP activated multicast streams.
To identify a port with the ANCP protocol, follow these steps:
Step 1 Enable ANCP as follows:
Step 2 Configure the IP address of the remote server as the interface to acquire the source IP address:
The interface might be a loopback; this allows the client to reach the server using the interface.
Step 3 (Optional) Enable the ANCP multicast client to identify this VLAN interface using the port-identifier as opposed to the Option 82 circuit-id:
The no version of this command prompts a warning message if any multicast stream is activated by ANCP using the port-identifier on a port:
The ANCP client tries to connect to the server. If it fails, it tries again 10 seconds later. If it fails again, it tries at 20 seconds intervals, until it reaches the timeout setting (120 seconds). It remains timed out until it reconnects.
Note If the connection fails again and the client attempts to reconnect and it fails, the wait time returns to 10 seconds (and so on).
To determine whether the ANCP client is successfully connected to the server, enter the
show ancp status command, which displays the status of the ANCP TCP connection with the remote ANCP server.
In the preceding example, only one capability (transactional multicast) is negotiated (or supported). This capability is the only one that the ANCP client supports. Because the server also supports this capability, the two entities can now communicate.
The server can send ANCP multicast commands (join, leave, leave all requests, and request for active flows report) as defined in the multicast portion of the ANCP protocol. At any time, an administrator can use to the show ancp multicast [interface vlan] [group | source] command to see the information the ANCP client has obtained about the current multicast flows.
Example 2
Note Specifying the show ancp multicast command without parameters or keywords lists everything.
Identifying a Port with DHCP Option 82
Note To use DHCP option 82, you need to enable DHCP and DHCP snooping (see
Chapter 48, “Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts”).
If you identify the port with DHCP option 82, you need to configure the Catalyst 4500 series switch as a DHCP relay to insert the DHCP option 82. This action adds a tag in the DHCP packet from the DHCP client so that the DHCP server knows the port connected to this specific DHCP client. The DHCP server can then map the IP address it is providing to the client with the DHCP option 82 it received from the switch. The DHCP server only needs to lookup the DHCP option 82 associated with a given IP address and provide it to the ANCP server. This allows the ANCP client on the switch to identify the proper port using an identifier the switch understands. The configure DHCP snooping on the Catalyst 4500 series switch, use the following commands:
By default, DHCP option 82 is inserted when DHCP snooping is activated. Turning this default off could cause ANCP to function improperly with the DHCP circuit-id; it must remain active. To activate it, enter this command:
Note The DHCP option 82 circuit-ID is inserted in the Active-Flow report (when queried for all multicast flows) even if a configured circuit-ID exists.
ANCP allows a remote server to request the list of active flows from the ANCP client (Catalyst 4500 series switch is the ANCP client). This list is very similar to the output from the show ancp multicast command except that it follows the ANCP protocol packet format (see IETF.org). Observe that the
show ancp multicast command provides the flows that have been activated with the
ancp port client identifier command while the ANCP active flow request only reports the client ID in DHCP option 82 circuit-ID format, regardless of the activation mechanism.
Refer to Chapter 48, “Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts” for details on the CLI.
ANCP Guidelines and Restrictions
When using (or configuring) ANCP, consider these guidelines and restrictions:
- Entering a shut command on a port removes ANCP activated multicast streams from the port. They must be reactivated by the ANCP server.
- Entering a suspend or shut command on a VLAN removes ANCP-activated multicast streams from the VLAN.
- Deleting a VLAN removes ANCP-activated multicast streams from the VLAN.
- If a port enters the errdisable or blocked state, ANCP-activated multicast streams are removed from the port.
- Disabling IGMP snooping globally or per-VLAN might disrupt ANCP client functionality.
-
An ANCP client does not account for the Layer 3 interface state changes (if PIM interface at
Layer 3 shuts down, ANCP does not remove the streams). When a PIM interface is running again, multicast streams are received by subscribers.