Tags

, , , , , , , , , , , , ,

In the Small Branch office type of environment we are commonly limited to the budget of the design, the space for the hardware, as well as the remote supportability of the site.  By supportability I refer to being able to walk someone through what each device it, what it does, and how to check when (not if) there is a problem. Normally this design may look something a router connecting to WAN links (T1/DS3/etc), then that router connecting to some type of switch or switches, and finally the end stations being connected to the switch(es).  Perhaps in a simplistic fashion, the network looks like this:

Typical LAN WAN Design


Well, what if you could collapse this a bit and, not so much as remove, but integrate a component into another piece of hardware.  What would happen if you actually integrated a network switch into your router?  Technically speaking, you would still have the same pieces in your design, just one less physical component – so to speak. If you chose to integrate the switch into the router, the  support at a remote site via telephone becomes that much easier as you really only have to deal with a single piece of hardware.  The design may look something link this:

Collapsed LAN WAN Design


So, what are the benefits of this type of design and what about the caveats?  Well, I see the benefits as a reduced footprint for a site, shared power supply (reduced UPS requirements), reduce maintenance costs with regards to Smart Net, as well as the integrated switch module uses the back plane for connection to the router and not a physical cable.  The Switch module actually runs its own IOS code and has no up time relationship compared to the router.  What that means is if you reload the router the switch continues to function.  What about the caveats you ask, physical upgrades may be more difficult if the router you are upgrade to does not support the switch module – but that is all that really comes to mind.  To be honest, for a small site it is a hard sell not to go this route.  There are even some NME-XD modules that have stack-wise ports, so you can actually stack them to Cisco 3750 switches if you need more switch-ports.
Below are some pictures of the switch modules.  You can get them in 16, 32, and 48 port versions for the 2800/3800 2900/3900 series routers.

Network Switch Modules


Ok, enough of the background information and stuff – lets get to the good stuff.  How do you configure these things?
Color codes:
Router/Switch Output
Commands
Notes
For this posting I am using a Cisco 3845ISR running IOS 12.4(13r)T Advanced Services code and a NME-XD-48ES module.
Well, lets look at our interfaces and see what we can see:
FryGuyR1#sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         unassigned      YES unset  administratively down down
GigabitEthernet0/1         unassigned      YES unset  administratively down down
GigabitEthernet2/0         unassigned      YES unset  administratively down down
ATM3/0                     unassigned      YES unset  administratively down down
Serial4/0                  unassigned      YES unset  administratively down down
Serial4/1                  unassigned      YES unset  administratively down down
Serial4/2                  unassigned      YES unset  administratively down down
Serial4/3                  unassigned      YES unset  administratively down down
FryGuyR1#
It looks just like some normal interfaces, nothing fancy or special.  But if you notice, we have a GigabitEthernet 2/0 showing.  Normally the only interfaces we see are the GigabitEthernet0/x interfaces on a router.  What is this GigabitEthernet 2/0 interface actually? Well, perhaps we should take a look at the inventory on the router via the SHOW INV command:
FryGuyR1#sh inv
NAME: “3845 chassis”, DESCR: “3845 chassis”
PID: CISCO3845         , VID: V01 , SN: FTX1142A0HV
NAME: “c3845 Motherboard with Gigabit Ethernet”, DESCR: “c3845 Motherboard with Gigabit Ethernet”
PID: CISCO3845-MB      , VID: V06 , SN:
NAME: “NME-XD-48ES-2S-P: EtherSwitch SM 48 10/100T PoE + 2 SFP”, DESCR: “NME-XD-48ES-2S-P: EtherSwitch SM 48 10/100T PoE + 2 SFP”
PID: NME-XD-48ES-2S-P  , VID: V01 , SN:
NAME: “ATM DS3 “, DESCR: “ATM DS3 “
PID: NM-ATM-DS3        , VID: 1.0, SN:
NAME: “Four Port High-Speed Serial”, DESCR: “Four Port High-Speed Serial”
PID: NM-4T=            , VID: 1.1, SN:
As you can see, we have a NME-XD-48ES-S2-P EtherSwitch card installed in this router, but what slot?
To figure out what Slot it is installed.  I going to use the SHOW DIAG command and have it INCLUDE Slot and NME to limit the amount of information returned.
FryGuyR1#sh diag | inc Slot|NME
Slot 0:
WIC Slot 0:
WIC Slot 1:
WIC Slot 2:
WIC Slot 3:
Slot 2:
NME-XD-48ES-2S-P: EtherSwitch SM 48 10/100T PoE + 2 SFP Port adapter, 1 port
Product (FRU) Number     : NME-XD-48ES-2S-P
Slot 3:
Slot 4:
FryGuyR1#
Ahh, so that is why we have GigabitEthernet 2/0 on the router! The switch module is connected to the router via an “internal gigabit ethernet” connection.  Pretty cool!
So, how do we access this module from the CLI?  The command is Service-Module GeX/0 session from the privileged EXEC mode on the router.
FryGuyR1#service-module gigabitEthernet 2/0 session
IP address needs to be configured on interface GigabitEthernet2/0
FryGuyR1#
Hmm, guess we need to an IP address to the interface fist, lets do that now using 10.1.1.1/24.
FryGuyR1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
FryGuyR1(config)#int g2/0
FryGuyR1(config-if)#ip add 10.1.1.1 255.255.255.0
FryGuyR1(config-if)#no shut
FryGuyR1(config-if)#exit
FryGuyR1(config)#exit
FryGuyR1#
*Jan 23 01:28:08.195: %SYS-5-CONFIG_I: Configured from console by console
*Jan 23 01:28:08.243: %LINK-3-UPDOWN: Interface GigabitEthernet2/0, changed state to up
*Jan 23 01:28:09.243: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0, changed state to up
There we go, Gig2/0 is now UP – let’s take a quick look at the interface:
FryGuyR1#sh int g2/0
GigabitEthernet2/0 is up, line protocol is up
Hardware is Marvell 88E8000, address is 001c.f6e6.6aa8 (bia 001c.f6e6.6aa8)
Internet address is 10.1.1.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is force-up, media type is internal
There we go – up/up – also, notice the media type is listed as internal – means that we are connected via the backplane on the router to the switch module.
Now we can try to access the module again:
FryGuyR1#service-module gigabitEthernet 2/0 session
Trying 10.1.1.1, 2130 … Open
Would you like to terminate autoinstall? [yes]:yes
— System Configuration Dialog —
Would you like to enter the initial configuration dialog? [yes/no]: no
Switch>
02:52:02: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
02:52:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
There, we are connected.
Note: Notice the port-number when you service-moduled into the device, that would be the port you could telnet to on the router to connect to the console on the switch module.  Just like a reverse-console server.
Now, lets Enable up and look at a SHOW VER output on the switch:
Switch>en
Switch#sh ver
Cisco IOS Software, C3750 Software (C3750-ADVIPSERVICESK9-M), Version 12.2(25)SEE4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Mon 16-Jul-07 03:24 by myl
Image text-base: 0x00003000, data-base: 0x01280000
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)EZ, RELEASE SOFTWARE (fc1)
Switch uptime is 2 hours, 52 minutes
System returned to ROM by power-on
System restarted at 22:39:17 UTC Sat Jan 22 2011
System image file is “flash:/c3750-advipservicesk9-mz.122-25.SEE4/c3750-advipservicesk9-mz.122-25.SEE4.bin”
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco NME-XD-48ES-2S-P (PowerPC405) processor (revision 3.0) with 118784K/12280K bytes of memory.
Processor board ID FOC111222V0
Last reset from power-on
1 Virtual Ethernet interface
48 FastEthernet interfaces
4 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 00:1D:45:6B:7F:00
Motherboard serial number       : FOC111222V0
Model revision number           : 3.0
System serial number            : FOC1111222V0
Top Assembly Part Number        : 800-25015-01
Top Assembly Revision Number    : N/A
Version ID                      : V01
Hardware Board Revision Number  : 0x00
Switch   Ports  Model              SW Version              SW Image
——   —–  —–              ———-              ———-
*    1   52     NME-XD-48ES-2S-P   12.2(25)SEE4            C3750-ADVIPSERVICESK
Configuration register is 0xF
Switch#
If you look at the output you can see that the NME-XD-48ES is basically a 3750 switch that is integrated into the router.  Neat, eh?
Now, let’s take a look at the interfaces on the switch:
Switch#sh ip int br
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES unset  administratively down down
FastEthernet1/0/1      unassigned      YES unset  down                  down
FastEthernet1/0/2      unassigned      YES unset  down                  down
FastEthernet1/0/3      unassigned      YES unset  down                  down
FastEthernet1/0/4      unassigned      YES unset  down                  down
FastEthernet1/0/5      unassigned      YES unset  down                  down
FastEthernet1/0/6      unassigned      YES unset  down                  down
FastEthernet1/0/7      unassigned      YES unset  down                  down
FastEthernet1/0/8      unassigned      YES unset  down                  down
FastEthernet1/0/9      unassigned      YES unset  down                  down
FastEthernet1/0/10     unassigned      YES unset  down                  down
FastEthernet1/0/11     unassigned      YES unset  down                  down
FastEthernet1/0/12     unassigned      YES unset  down                  down
FastEthernet1/0/13     unassigned      YES unset  down                  down
FastEthernet1/0/14     unassigned      YES unset  down                  down
FastEthernet1/0/15     unassigned      YES unset  down                  down
FastEthernet1/0/16     unassigned      YES unset  down                  down
FastEthernet1/0/17     unassigned      YES unset  down                  down
FastEthernet1/0/18     unassigned      YES unset  down                  down
FastEthernet1/0/19     unassigned      YES unset  down                  down
FastEthernet1/0/20     unassigned      YES unset  down                  down
FastEthernet1/0/21     unassigned      YES unset  down                  down
FastEthernet1/0/22     unassigned      YES unset  down                  down
FastEthernet1/0/23     unassigned      YES unset  down                  down
FastEthernet1/0/24     unassigned      YES unset  down                  down
FastEthernet1/0/25     unassigned      YES unset  down                  down
FastEthernet1/0/26     unassigned      YES unset  down                  down
FastEthernet1/0/27     unassigned      YES unset  down                  down
FastEthernet1/0/28     unassigned      YES unset  down                  down
FastEthernet1/0/29     unassigned      YES unset  down                  down
FastEthernet1/0/30     unassigned      YES unset  down                  down
FastEthernet1/0/31     unassigned      YES unset  down                  down
FastEthernet1/0/32     unassigned      YES unset  down                  down
FastEthernet1/0/33     unassigned      YES unset  down                  down
FastEthernet1/0/34     unassigned      YES unset  down                  down
FastEthernet1/0/35     unassigned      YES unset  down                  down
FastEthernet1/0/36     unassigned      YES unset  down                  down
FastEthernet1/0/37     unassigned      YES unset  down                  down
FastEthernet1/0/38     unassigned      YES unset  down                  down
FastEthernet1/0/39     unassigned      YES unset  down                  down
FastEthernet1/0/40     unassigned      YES unset  down                  down
FastEthernet1/0/41     unassigned      YES unset  down                  down
FastEthernet1/0/42     unassigned      YES unset  down                  down
FastEthernet1/0/43     unassigned      YES unset  down                  down
FastEthernet1/0/44     unassigned      YES unset  down                  down
FastEthernet1/0/45     unassigned      YES unset  down                  down
FastEthernet1/0/46     unassigned      YES unset  down                  down
FastEthernet1/0/47     unassigned      YES unset  down                  down
FastEthernet1/0/48     unassigned      YES unset  down                  down
GigabitEthernet1/0/1   unassigned      YES unset  down                  down
GigabitEthernet1/0/2   unassigned      YES unset  down                  down
GigabitEthernet1/0/3   unassigned      YES unset  up                    up
GigabitEthernet1/0/4   unassigned      YES unset  up                    up
Switch#
To find out what interface we need to configure to talk to the router, issue the show service-module status command

Switch#sh service-module status
Service Module is in STEADY state
Service Module target interface is GigabitEthernet1/0/4
Interface GigabitEthernet1/0/3 is connected to BACKPLANE
Switch#

As you can see, the TARGET interface is G1/0/4, so that is the interface we need to configure.

For our first example, we will configure a Layer 3 interface on G1/0/4 using an IP address of 10.1.1.2/24
Switch(config)#int g1/0/4
Switch(config-if)#no switchport
Switch(config-if)#ip add 10.1.1.2 255.255.255.0
Switch(config-if)#exit
Switch(config)#exit
Now lets check that we have an IP on that interface.  The command that I am using is SHOW IP INTERFACE BRIEF | EXCLUDE unassigned.  I am only interested in the interfaces with an IP addresss, so why look at all of them?
Switch#sh ip int br | ex un
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1/0/4   10.1.1.2        YES manual up                    up
And now to PING 10.1.1.1
Switch#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1007 ms
Switch# ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#
Note: The first PING took a bit longer because of ARP, as you can see the second ping is 1ms RTT.
There we go, we now have connectivity.
Now, lets reset the G1/0/4 back to default settings:
Switch(config)#default interface g1/0/4
Interface GigabitEthernet1/0/4 set to default configuration
Switch(config)# ^Z
Note: The default interface command is a great way to reset a interface back to all the defaults!
Switch#sh run int g1/0/4
Building configuration…
Current configuration : 38 bytes
!
interface GigabitEthernet1/0/4
end
There, just like we never did anything.
Now, lets do an SVI interface by creating VLAN 100, assigning it an IP of 10.1.1.2/24, and then setting G1/0/4 in VLAN 100. Remember that this is a switch, so normal switch VLAN and Spanning-tree configuraitons should be applied as well.
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 100
Switch(config-vlan)#name RouterVLAN
Switch(config-vlan)#exit
Switch(config)#spanning-tree vlan 100 root primary
Switch(config)#int vlan 100
Switch(config-if)#ip add 10.1.1.2 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#int g1/0/4
Switch(config-if)#sw mo ac
Switch(config-if)#sw ac vl 100
Switch(config-if)#^Z
Switch#
Lets look at the interfaces again that have IP addresses and the VLANs as well as what VLANS are on the switch.
Switch#sh ip int br | ex un
Interface              IP-Address      OK? Method Status                Protocol
Vlan100                10.1.1.2        YES manual up                    up
Switch#sh vlan
VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1    default                          active    Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Fa1/0/25, Fa1/0/26, Fa1/0/27
Fa1/0/28, Fa1/0/29, Fa1/0/30
Fa1/0/31, Fa1/0/32, Fa1/0/33
Fa1/0/34, Fa1/0/35, Fa1/0/36
Fa1/0/37, Fa1/0/38, Fa1/0/39
Fa1/0/40, Fa1/0/41, Fa1/0/42
Fa1/0/43, Fa1/0/44, Fa1/0/45
Fa1/0/46, Fa1/0/47, Fa1/0/48
Gi1/0/1, Gi1/0/2, Gi1/0/3
100  RouterVLAN                       active    Gi1/0/4
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
VLAN Name                             Status    Ports
—- ——————————– ——— ——————————-
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
—- —– ———- —– —— —— ——– —- ——– —— ——
1    enet  100001     1500  –      –      –        –    –        0      0
100  enet  100100     1500  –      –      –        –    –        0      0
1002 fddi  101002     1500  –      –      –        –    –        0      0
1003 tr    101003     1500  –      –      –        –    –        0      0
1004 fdnet 101004     1500  –      –      –        ieee –        0      0
1005 trnet 101005     1500  –      –      –        ibm  –        0      0
Remote SPAN VLANs
——————————————————————————
Primary Secondary Type              Ports
——- ——— —————– ——————————————
Switch#
G1/0/4 is now assigned to VLAN 100 and all the remaining interfaces are in VLAN 1
Now to test with a PING
Switch# ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1007 ms
Switch# ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#
Note: The first PING took a bit longer because of ARP, as you can see the second ping is 1ms RTT.
So that is the basics on how to configure one of these modules.  The rest of the configuration is the same as any other switch, no difference.
Now, lets take a quick moment and prove that the switch stays up when you reload the router – you may lose network connectivity between the switch and the router, but rebooting the router does not take the switch down.
On the switch, lets do a SHOW VER | INC uptime
Switch#sh ver | inc uptim
Switch uptime is 17 minutes
Switch#
Now, lets go back to the router (CTRL-SHIFT-6-X) and reload the router:
FryGuyR1#rel
Proceed with reload? [confirm]y
*Jan 23 02:10:00.815: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
[—[ Output Omitted to save bits and bytes ]—-]
Press RETURN to get started!
FryGuyR1>en
FryGuyR1#service-module gigabitEthernet 2/0 session
Trying 10.1.1.1, 2130 … Open
Switch#
Switch#sh ver | inc up
Switch uptime is 21 minutes
Switch#
See, the switch did not reload when we reloaded the router, it has its own independent IOS.  The only thing that it relies on the router for is POWER and Ethernet via the backplane.
Pretty cool if you ask me!
More information can be found at the following Cisco links:
Cisco EtherSwitch Service Modules
Cisco Enhanced EtherSwitch Service Modules for Cisco 2900 and 3900 Series Routers
Cisco EtherSwitch Service Modules Feature Guide