CISCO FLEX Configuration (L2 Failover)

-

Default Configuration

The Flex Links are not configured, and there are no backup interfaces defined.
The preemption mode is OFF.
The preemption delay is 35 seconds.
The MAC address-table move update feature is not configured on the switch.
Restrictions for Flex Links 

• You can configure only one Flex Links backup link for any active link, and it must be a different interface from the active interface. 

• An interface can belong to only one Flex Links pair. An interface can be a backup link for only one active link. An active link cannot belong to another Flex Links pair. 

• Neither of the links can be a port that belongs to an EtherChannel. However, you can configure two port channels (EtherChannel logical interfaces) as Flex Links, and you can configure a port channel and a physical interface as Flex Links, with either the port channel or the physical interface as the active link. 

• A backup link does not have to be the same type as the active link (Fast Ethernet, Gigabit Ethernet, or port channel). However, you should configure both Flex Links with similar characteristics so that there are no loops or changes in operation if the standby link becomes active. 

• STP is disabled on Flex Links ports. If STP is disabled on the switch, be sure that there are no Layer 2 loops in the network topology. 

• Do not configure any STP features (for example, PortFast, BPDU Guard, and so forth) on Flex Links ports or ports to which the links connect. 

• Local administrative shut down or a link that starts forwarding again due to preemption is not considered a link failure. In those cases, the feature flushes the dynamic hosts and and does not move them. 

• Static MAC addresses that are configured on the primary link are not moved to the standby link. 

• Static MAC addresses configured on a flex links port are restored when it starts forwarding again.
Information About Flex Links 

Flex Links are a pair of Layer 2 interfaces (ports or port channels), where one interface is configured to act as a backup to the other. Flex Links are typically configured in service-provider or enterprise networks where customers do not want to run STP. Flex Links provide link-level redundancy that is an alternative to Spanning Tree Protocol (STP). STP is automatically disabled on Flex Links interfaces. 

Release 15.0SY supports a maximum of 16 Flex Links. Flex Links are supported only on Layer 2 ports and port channels, not on VLANs or on Layer 3 ports. 


If a primary (forwarding) link goes down, a trap notifies the network management stations. If the standby link goes down, a trap notifies the users.When a primary link fails, the feature takes these actions: 

• Detects the failure. 

• Moves any dynamic unicast MAC addresses that are learned on the primary link to the standby link. 

• Moves the standby link to a forwarding state. 

• Transmits dummy multicast packets over the new active interface. The dummy multicast packet format is: 
– Destination: 01:00:0c:cd:cd:cd 
– Source: MAC address of the hosts or ports on the newly active Flex Link port. 
You can configure preemption in the following three modes:

Forced—The active interface always preempts the backup.
Bandwidth—The interface with the higher bandwidth always acts as the active interface.
Off—There is no preemption; the first interface that is up is put in forwarding mode.
In Figure 1-2, ports 1 and 2 on switch A are connected to switches B and D through a Flex Link pair. Port 1 is forwarding traffic, and port 2 is in the blocking state. Traffic from the PC to the server is forwarded from port 1 to port 3. The MAC address of the PC has been learned on port 3 of switch C. Traffic from the server to the PC is forwarded from port 3 to port 1. If port 1 shuts down, port 2 starts forwarding traffic. If there is no traffic from the PC to the server after failover to port 2, switch C does not learn the MAC address of the PC on port 4, and because of that, switch C keeps forwarding traffic from the server to the PC out of port 3. There is traffic loss from the server to the PC because port 1 is down. To alleviate this problem, the feature sends out a dummy multicast packet with the source MAC address of the PC over port 2. Switch C learns the PC MAC address on port 4 and start forwarding traffic from the server to the PC out of port 4. One dummy multicast packet is sent out for every MAC address. 

A Flex Links port can be a physical Ethernet port or a port channel.
You cannot configure Flex Links port on the following types of interface:

Fabric Extender (FEX) fabric port and FEX host port
Virtual Fibre Channel interface
Virtual network tag (VNTag)
Interface with port security enabled
Layer 3 interface
Switched Port Analyzer (SPAN) destination
Port channel member
Interface configured with private VLAN
Endnode mode
Fabric path core interface (Layer 2 multipath)
Flex Configuration
Switch# configure terminal 
Switch(conf)# interface gigabitethernet0/21
Switch(conf-if)# switchport backup interface gigabitethernet0/22
Switch(conf-if)# end
Switch# show interface switchport backup
Switch# configure terminal
Switch(conf)# interface gigabitethernet0/1
Switch(conf-if)#switchport backup interface gigabitethernet0/2 preemption mode forced
Switch(conf-if)#switchport backup interface gigabitethernet0/2 preemption delay 30
Switch(conf-if)# end
Switch# show interface switchport backup detail

Switch# show interface switchport backup detail 
Switch# show running-config backup 
Switch# show startup-config backup
Switch# show running-config flexlink 
Switch# show startup-config flexlink 



Reference Links:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/flexlinks.pdf
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-2_25_see/configuration/guide/swflink.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/503_n2_1/503_n2_1nw/Cisco_n5k_layer2_config_gd_rel_503_N2_1_chapter12.html#task_EBBB3C692C394A1EB384B9AF830CE203


Comments

Post a Comment

Popular posts from this blog

Cambium cnPilot E400/E410/E500 Configuration Tutorial

-
Image
Basic Connectivity:   Router (Broadband/mikrotik |dhcp enabled) >>> E400/E410/E500 + LAPTOP Cambium (Powered ON) [POE port] >>>> LAPTOP [LAN port] Step 1: Open Cambium controller in the browser. Step 2: After entering in to the site click on the Onboard Device option from Home Tab of Left Panel. Step 3: In the Onboard Option, we will get Claim Device option to adopt a Cambium AP. Step 4: Now we will move to the Cambium AP configuration Part. Below are credentials of default login access of cnpilot E400/E410/E500/E410/E500. IP:192.168.0.1 Command Line Access: Username: admin Telnet: Disabled by default Password: admin SSH: Enabled by default (on standard port: 22) ***We can also use dhcp IP to login to the cnpilot E400/E410/E500. We will get login page. Step 5: We can see several TAB on left panel. On the DashBoard Tab, we will get some overall information. Some are useful for the configuration; some are useful for troubleshoo...
Read more

Disabling Zimbra's AntiSpam, Amavis and AntiVirus filtering

-
 Check whether antispam and antivirus service is enabled currently on server using the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  The above command will list all the services which are currently installed and enabled on the server. Disable the antivirus and antispam services using the given commands zmprov -l ms <mail.example.com> -zimbraServiceEnabled antispam  zmprov -l ms <mail.example.com> -zimbraServiceEnabled amavis zmprov -l ms <mail.example.com> -zimbraServiceEnabled antivirus  Comment the following line in the file /opt/zimbra/postfix/conf/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024  Restart services on server zmcontrol restart  Confirm that the antispam and antivirus services are disabled with the given command zmprov -l gs <mail.example.com> | egrep -i 'serviceen|servicein'  zmcontrol status 
Read more

Error "Unable to retrive Zimbra GPG key for package validation"

-
From the installation log we see: Executing: /tmp/tmp.mSlzRMclVa/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 9BE6ED79 gpg: requesting key 9BE6ED79 from hkp server keyserver.ubuntu.com gpg: keyserver timed out gpg: keyserver receive failed: keyserver error 1. Open port 11371 11371 tcp,udp hkp OpenPGP HTTP Keyserver 2. Force it to use port 80: gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 9BE6ED79 Ref: https://wiki.zimbra.com/wiki/Error_%22Unable_to_retrive_Zimbra_GPG_key_for_package_validation%22
Read more