- Preface
- Product Overview
- Command-line Interfaces
- Configuring the Switch for the First Time
- Administering the Switch
- Configuring the Cisco IOS In Service Software Upgrade Process
- Configuring Interfaces
- Checking Port Status and Connectivity
- Configuring Supervisor Engine Redundancy Using RPR and SSO
- Configuring Cisco NSF with SSO Supervisor Engine Redundancy
- Environmental Monitoring and Power Management
- Configuring Power over Ethernet
- Configuring Energy Wise
- Configuring the Catalyst 4500 Series Switch with Cisco Network Assistant
- Configuring VLANs, VTP, and VMPS
- Configuring IP Unnumbered Interface
- Configuring Layer 2 Ethernet Interfaces
- Configuring SmartPort Macros
- Configuring STP and MST
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring Resilient Ethernet Protocol
- Configuring Optional STP Features
- Configuring EtherChannels
- Configuring IGMP Snooping and Filtering
- Configuring IPv6 MLD Snooping
- Configuring 802.1Q and Layer 2 Protocol Tunneling
- Configuring CDP
- Configuring LLDP and LLDP-MED
- Configuring UDLD
- Configuring Unidirectional Ethernet
- Configuring Layer 3 Interfaces
- Configuring Cisco Express Forwarding
- Configuring Unicast Reverse Path Forwarding
- Configuring IP Multicast
- Configuring ANCP Client
- Configuring Policy-Based Routing
- Configuring VRF-lite
- Configuring Quality of Service
- Configuring Voice Interfaces
- Configuring Private VLANs
- Configuring 802.1X Port-Based Authentication
- Configuring PPPoE Intermediate Agent
- Configuring Web-Based Authentication
- Configuring Port Security
- Configuring Control Plane Policing
- Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts
- Configuring Dynamic ARP Inspection
- Configuring Network Security with ACLs
- Port Unicast and Multicast Flood Blocking
- Configuring Storm Control
- Configuring SPAN and RSPAN
- Configuring System Message Logging
- Configuring SNMP
- Configuring NetFlow
- Configuring Ethernet CFM and OAM
- Configuring Y.1731 (AIS and RDI)
- Configuring Call Home
- Configuring Cisco IOS IP SLAs Operations
- Configuring RMON
- Performing Diagnostics
- Configuring WCCP Version 2 Services
- ROM Monitor
- Configuring MIB Support
- Index
- Acronyms
Configuring ANCP Client
This chapter describes ANCP Client on Catalyst 4500 series switches. It includes the following sections:
•
Enabling and Configuring ANCP Client
Note For complete syntax and usage information for the switch commands used in this chapter, look at the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products//hw/switches/ps4324/index.html
If the command is not found inthe Catalyst 4500 Command Reference, it will be found in the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/ps6350/index.html
Overview
ANCP Multicast enables you to control multicast traffic on a Catalyst 4500 series switch using either ANCP (rather than IGMP) or direct static configuration on the CLI. You can configure the switch as an ANCP client that connects to a remote ANCP server with multicast enabled. You can then initiate joins and leaves from that server. So, you can use the switch in a system in which a subscriber requests that a digital right management (DRM) server receive a given channel (multicast) potentially through any private protocol mechanism.
Note The ANCP client does not allow more than four multicast streams per port per VLAN. If a fifth join arrives, it is rejected.
If the DRM server determines that a subscriber is allowed to receive a multicast, it requests that the ANCP server sends an ANCP join command to the ANCP client (Catalyst 4500 series switch) for the port on which the subscriber is connected.
Note IGMP Snooping must be enabled on an ANCP Client (Catalyst 4500 series switch) for processing multicast commands (join, leave, leave all requests, and request for active flows report) from the ANCP server. For information on enabling IGMP snooping. Refer to Chapter 23, "Configuring IGMP Snooping and Filtering."
The ANCP protocol must be able to identify the port on which multicast must be added. (This port can be identified either through the identifier configured on the CLI or with the DHCP option 82 that was inserted by the Catalyst 4500 switch while the subscriber received an IP address with DHCP. Either way, the administrator should be consistent in identifying a given port.
Enabling and Configuring ANCP Client
Note If you intend to use DHCP option 82 rather than CLI mapping (with the ancp client port identif... command) you must enter the ip dhcp snooping command before configuring the ANCP client.
You can identify a port with the ancp mode client command or with DHCP option 82.
Topics include:
•Identifying a Port with the ANCP Protocol
•Identifying a Port with DHCP Option 82
Identifying a Port with the ANCP Protocol
To make the Catalyst 4500 series switch operate as an ANCP client and to build and initialize its relevant data, enter the ancp mode client command. The no version of this command disables ANCP. This command disconnects the ANCP client from the ANCP server and terminates any existing multicast streams that have been enabled with ANCP.
To configure a switch to communicate with a single ANCP server, use the [no] ancp client server interface command. This command directs the ANCP client to initiate a TCP connection to the remote ANCP server identified with the IP address. If the TCP connection fails, the connection times out and retries for the connection every 120 seconds until it succeeds. The interface command specifies the interface from which the local ANCP client obtains its IP address. The no command causes the command to terminate the TCP connection to the ANCP server but retain any existing ANCP activated multicast stream.
Separate commands enable the ANCP client and configure the IP address of the ANCP server. Therefore, you can re-configure the IP address of the remote ANCP server without losing existing ANCP activated multicast streams.
Step 1 Enable ANCP as follows:
Switch(config)> ancp mode client
Step 2 Configure the IP address of the remote server as the interface to acquire the source IP address:
Switch(config)> ancp client server <ipaddress of server> interface <interface>
The interface might be a loopback; this allows the client to reach the server through the interface.
Step 3 (Optional) Enable the ANCP multicast client to identify this VLAN interface using the port-identifier as opposed to the Option 82 circuit-id:
Switch(config)> ancp client port identifier [port-identifier] vlan [number] interface [interface]
The no version of this command prompts a warning message if any multicast stream is activated by ANCP using the port-identifier on a port:
Switch(config)# no ancp client port identifier bbb vlan 10 interface GigabitEthernet3/5
Warning: Multicast flows seems to exist for this port, remove mapping and delete flows anyway?[confirm]y
Switch(config)#
The ANCP client tries to connect to the server. If it fails, it tries again 10 seconds later. If it fails again, it tries at 20 seconds intervals, until it reaches the timeout setting (120 seconds). It remains timed out until it reconnects.
Note If the connection fails again and the client attempts to reconnect and it fails, the wait time returns to 10 seconds (and so on).
To determine whether the ANCP client is successfully connected to the server, enter the
show ancp status command, which displays the status of the ANCP TCP connection with the remote ANCP server.
Switch# show ancp status
ANCP enabled on following interfaces
Et0/0
ANCP end point(s) on this interface:
====================================
ANCP state ESTAB
Neighbor 10.1.1.1 Neighbor port 6068
Hello interval 100 Sender instance 1 Sender name 372F61C
Sender port 0 Partition ID 0 TCB 36E27E8
Capabilities negotiated: Transactional Multicast
Switch#
In the preceding example, only one capability is negotiated (supported): transactional multicast. This is the only one that the ANCP client supports. This means that the server also supports this capability and that the two entities can now communicate.
The server can send ANCP multicast commands (join, leave, leave all requests, and request for active flows report) as defined in the multicast portion of the ANCP protocol. At any time, an administrator can use to the show ancp multicast [interface vlan] [group | source] command to see the information the ANCP client has obtained about the current multicast flows.
Example 1
ANCP_Client# show ancp multicast group 239.6.6.6
ANCP Multicast Streams
ClientID VLAN Interface Joined on
Group 239.6.6.6
0x0106000700130103 19 Gi1/3 15:06:23 UTC Tue Aug 26 2008
ANCP_Client#
Example 2
ANCP_Client# show ancp multicast interface Fa2/3 vlan 19
ANCP Multicast Streams
Interface FastEthernet2/3 VLAN 19: client ID 0x0106000700130203
Group Source Joined on
239.5.6.7 - 15:03:14 UTC Tue Aug 26 2008
ANCP_Client#
Note Specifying the show ancp multicast command without parameters or keywords lists everything.
Identifying a Port with DHCP Option 82
Note To use DHCP option 82, you need to enable DHCP and DHCP snooping (see
Chapter 45, "Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts").
If you identify the port with DHCP option 82, you need to configure the Catalyst 4500 series switch as a DHCP relay to insert the DHCP option 82. This action adds a tag in the DHCP packet from the DHCP client so that the DHCP server knows the port connected to this specific DHCP client. The DHCP server can then map the IP address it is providing to the client with the DHCP option 82 it received from the switch. The DHCP server only needs to lookup the DHCP option 82 associated with a given IP address and provide it to the ANCP server. This allows the ANCP client on the switch to identify the proper port using an identifier the switch understands. The configure DHCP snooping on the
Catalyst 4500 series switch, use the following commands:
Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan <vlan-range>
By default, DHCP option 82 is inserted when DHCP snooping is activated. Turning this default off could cause ANCP to function improperly with the DHCP circuit-id; it must remain active. To activate it, enter the command:
Switch(config)# ip dhcp snooping information option
Note The DHCP option 82 circuit-ID is inserted in the Active-Flow report (when queried for all multicast flows) even if a configured circuit-ID exists.
ANCP allows a remote server to request the list of active flows from the ANCP client (Catalyst 4500 series switch is the ANCP client). This is very similar to the output from the show ancp multicast command except that it follows the ANCP protocol packet format (see IETF.org). Observe that the
show ancp multicast command provides the flows that have been activated with the
ancp port client identifier command while the ANCP active flow request only reports the client ID in DHCP option 82 circuit-ID format, regardless of the activation mechanism.
Refer to Chapter 45, "Configuring DHCP Snooping, IP Source Guard, and IPSG for Static Hosts" for details on the CLI.
Guidelines and Restrictions
Follow these guidelines when applying ANCP functionality:
•Entering a shut command on a port removes ANCP activated multicast streams from the port. They must be reactivated by the ANCP server.
•Entering a suspend or shut command on a VLAN removes ANCP-activated multicast streams from the VLAN.
•Deleting a VLAN removes ANCP-activated multicast streams from the VLAN.
•If a port enters the errdisable or blocked state, ANCP-activated multicast streams are removed from the port.
•Disabling IGMP snooping globally or per VLAN might disrupt ANCP client functionality.
•An ANCP client does not account for the Layer 3 interface state changes (if PIM interface at
Layer 3 shuts down, ANCP does not remove the streams). When a PIM interface is running again, multicast streams are received by subscribers.
Feedback