Tag: Cisco

Cisco StackPower for 3750-X series

Peter TavenierLeave a comment

Today I got two new Cisco Catalyst 3750-X Series switches for a customer to configure. Next to the defaults contents, there was also one StackPower cable in each box. Since I didn’t see this cable before I did some research on the cisco webpage. And I found a nice white paper about the Cisco StackPower.

This white paper explain how to use this StackPower cable and all the different setups and possibilities. The cable basically is capable of connecting multiple switches and share their power source. In my case I’m going to use the described ring topology to connect the switches together in the same way as the switches are connected together with a ‘normal’ stack cable. There is also a star topology which can be configured by using a Cisco eXpandable Power System.

For the ring topology there are two modes of operation;

  • Power-Sharing mode
  • Redundant mode

Both modes could be used in strict or non-strict (loose) mode. The default is loose Power-Sharing mode. Which means that all power supplies of the switches in the power stack are added to a big power pool and the power can be allocated to switches in the power stack. As long as all the available power together in the pool is more then all the required power together (allocated power), you have, as Cisco it calls, a balanced power budget (Available power > Allocated power). which means we have Negative budget if the following equation is true: Available power < Allocated power.

For example you have four 3750-X switches with each one power supply of 715W. One switch in the stack requires 1000W and the other 3 requires only 250W. This gives us a balanced budget:

  • Power budget = 4x715W = 2860W
  • Allocated power = 1000W+3x250W = 1750W
  • Available unallocated power = 1110W

This even means that is one power supply fails there is still enough power available (a balanced budget). If the strict mode is enable you cannot have a negative power budget, if in case of an power supply failure the budget becomes negative the power stack begins shedding power until you have a balanced power budget. This will be done by preset (configured or defaults) priority levels. The higher the priority level number the earlier the power is shed. The default priority levels are divided in three categories:

  • Switches = 1-9
  • High Priority Ports = 10-18
  • Low Priority Ports = 19-27

In this case the low Priority ports are power shed as first. Then the High priority ports and last the switches.

The Redundant mode reserves in the power pool the amount of power (cannot be allocated) of the power supply with the most capacity. In this case you are sure you never have a negative power budget in case a random power supply fails.

For some nice pictures and best practices see the Cisco white paper.

Source: Cisco StackPower white paper (pdf)

Temporary disable failover on Cisco ASA

Peter Tavenier4 Comments

If you have a planned maintenance and you know you will hit your Failover LAN between two ASA’s in an Active/Standby configuration. If is very useful to temporary disable the Failover mechanism so the Standby firewall stays Standby and you don’t end up in a situation where you have two Active firewalls.

Below is an example output of the show failover output of an ASA 5520: (only relevant information is shown in this output)

firewall/act# show failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/1 (up)
...
        This host: Primary - Active
...
        Other host: Secondary - Standby Ready
...

Now login to the Standby firewall and disable failover very easily via the no failover command in configuration mode:

 
firewall/stby# conf t
firewall/stby(config)# no failover
INFO: This unit is currently in standby state. By disabling failover, this unit will remain in standby state.
firewall/stbyNoFailover(config)#

You can see on the output it adds NoFailover to the CLI prompt.

We’re back on the Active unit and you can see the Secondary in Disabled where it was previously Standby Ready:

firewall/act# show failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/1 (up)
...
        This host: Primary - Active
...
        Other host: Secondary - Disabled
...

If your maintenance is finished, you should enable the failover mechanism again on the Standby node:

firewall/stbyNoFailover(config)# failover
firewall/stby(config)# 

        Detected an Active mate
Beginning configuration replication from mate.
End configuration replication from mate.

firewall/stby(config)# end
firewall/stby#

Now you’re done, check you Active/Standby status again, this should be the same as the first show failover command in this post.