ip multicast-routing distributed

In our example we have two vlans:
VLAN 3000 – clients that will receive multicast traffic
VLAN 4000 – in this VLAN are sources of multicast traffic
enter the following commands:

ip igmp snooping querier
ip igmp snooping vlan 3000 mrouter learn cgmp
ip igmp snooping vlan 4000 mrouter learn cgmp

According Cisco’s official documentation: “A querier is a network device that sends query messages to discover which network devices are members of a given multicast group.”
The next two lines configure VLAN 3000 and VLAN 4000 as multicast router port (static connection to a multicast router) and to learn sooping from CGMP (Cisco Group Management Protocol) self-join packets.
Configuration of VLAN interfaces 3000 and 4000

interface Vlan3000
 description multicast_client
 ip address 172.20.20.1 255.255.255.0
 ip pim dense-mode
!
interface Vlan4000
 description source_multicast
 ip address 150.158.231.111 255.255.0.0
 ip pim dense-mode
!

You can read this article about pim dense-mode.
To view IGMP grops:

sh ip igmp groups
226.168.20.44    Vlan3000                 5d04h     00:02:38  172.20.20.6
226.168.20.45    Vlan3000                 2d03h     00:02:35  172.20.20.6
226.168.20.46    Vlan3000                 1d14h     00:02:34  172.20.20.6
226.168.20.47    Vlan3000                 2d11h     00:02:41  172.20.20.6
226.168.20.49    Vlan3000                 00:58:13  00:02:38  172.20.20.9
226.168.20.48    Vlan3000                 1d14h     00:02:40  172.20.20.6
226.168.20.51    Vlan3000                 00:58:13  00:02:39  172.20.20.9
226.168.20.50    Vlan3000                 00:58:13  00:02:40  172.20.20.9
226.168.20.53    Vlan3000                 00:58:13  00:02:33  172.20.20.9
226.168.20.52    Vlan3000                 00:58:13  00:02:39  172.20.20.9
226.168.20.55    Vlan3000                 1d14h     00:02:41  172.20.20.6
226.168.20.54    Vlan3000                 00:58:13  00:02:35  172.20.20.9
226.168.20.57    Vlan3000                 1d14h     00:02:36  172.20.20.6

To view membership

multicast#sh ip igmp membership all
Flags: A  - aggregate, T - tracked
       L  - Local, S - static, V - virtual, R - Reported through v3
       I - v3lite, U - Urd, M - SSM (S,G) channel
       1,2,3 - The version of IGMP, the group is in
Channel/Group-Flags:
       / - Filtering entry (Exclude mode (S,G), Include mode (G))
Reporter:
        - last reporter if group is not explicitly tracked
       /      -  reporter in include mode,  reporter in exclude
 *,226.168.20.27                172.20.20.6     1d14h    02:37 2A     Vl3000
 *,226.168.20.26                172.20.20.6     1d14h    02:30 2A     Vl3000
 *,226.168.20.37                172.20.20.6     1d14h    02:32 2A     Vl3000
 *,226.168.20.40                172.20.20.6     2d03h    02:28 2A     Vl3000
 *,226.168.20.41                172.20.20.6     2d03h    02:31 2A     Vl3000
 *,226.168.20.43                172.20.20.6     1d14h    02:30 2A     Vl3000
 *,226.168.20.44                172.20.20.6     5d04h    02:34 2A     Vl3000
 *,226.168.20.45                172.20.20.6     2d03h    02:28 2A     Vl3000
 *,226.168.20.46                172.20.20.6     1d14h    02:34 2A     Vl3000
 *,226.168.20.47                172.20.20.6     2d11h    02:32 2A     Vl3000
 *,226.168.20.49                172.20.20.9     01:00:18 02:28 2A     Vl3000
 *,226.168.20.48                172.20.20.6     1d14h    02:33 2A     Vl3000
 *,226.168.20.51                172.20.20.9     01:00:18 02:29 2A     Vl3000
 *,226.168.20.50                172.20.20.9     01:00:18 02:35 2A     Vl3000
 *,226.168.20.53                172.20.20.9     01:00:18 02:31 2A     Vl3000

To view snooping groups

multicast#sh ip igmp snooping groups
Vlan      Group                    Type        Version     Port List
-----------------------------------------------------------------------
3000      226.168.1.1              igmp                    Gi0/6
3000      226.168.1.2              igmp                    Gi0/4
3000      226.168.1.3              igmp                    Gi0/4
3000      226.168.1.4              igmp                    Gi0/4
3000      226.168.1.6              igmp                    Gi0/6
3000      226.168.1.7              igmp                    Gi0/6
3000      226.168.1.9              igmp                    Gi0/6
3000      226.168.1.10             igmp                    Gi0/4
3000      226.168.1.12             igmp                    Gi0/4
3000      226.168.1.13             igmp                    Gi0/4
3000      226.168.1.14             igmp                    Gi0/4
3000      226.168.1.15             igmp                    Gi0/4
3000      226.168.1.16             igmp                    Gi0/4
3000      226.168.1.17             igmp                    Gi0/4
3000      226.168.1.18             igmp                    Gi0/4
3000      226.168.1.19             igmp                    Gi0/4
3000      226.168.1.22             igmp                    Gi0/6
3000      226.168.1.23             igmp                    Gi0/4
3000      226.168.1.24             igmp                    Gi0/4
3000      226.168.1.26             igmp                    Gi0/6
3000      226.168.1.28             igmp                    Gi0/6
3000      226.168.1.30             igmp                    Gi0/4

• UNI – User Network Interface
• NNI – Network Node Interface

Based on the port type, certain features/behaviors are enabled or disabled to ease configuration, deployment, and troubleshooting.

UNI ports will not do local switching by default,  for example no local switching on UNI protects customers from each other ( host A dosn’t see host B ), and Control Plane Security  (CPS) is enabled, CPS protects against DoS attacks.

By default UNI ports:

• not switching local traffic, for example no local switching on UNI protects customers from each other ( host A dosn’t see host B ).
• Control Plane Security  (CPS) is enabled, CPS protects against DoS attacks.
• using multiple UNI ports on the same ME 3400, up to 8 UNI ports can be configured to do local switching.

NNI ports:

• For ME 3400-24TS, by default, the 2 SFP ports are NNI port-type
• For ME 3400G-12CS and ME 3400G-2CS, by default, the SFP-only ports are NNI port-type
• There can be a maximum of 4 ports defined as NNI ports (applicable to ME 3400-24TS and ME 3400G-12CS, all 4 ports can be configured as NNI on ME 3400G-2CS)

NOTE: In 12.2(25)SEG and later releases—Metro IP Access Image, all ports can be optionally configured as NNI (not limited to 4).

To configure port type:

me3400#conf t
me3400(config)#int gi0/10
me3400(config-if)#port-type ?
  nni  Set port-type to NNI
  uni  Set port-type to UNI

Configuring UNI ports to do local switching (forwarding traffic between UNI ports)

Port Fa0/3 and Fa0/4 on Cisco me3400 are UNI ports, belongs to VLAN 10, and Fa0/3 is not forwarding traffic to Fa0/4, and vice versa, but we wand to do local switching between them. Interface Fa0/1 is NNI. Configuration:

me3400(config)#vlan 10
me3400(config-vlan)#uni-vlan community

Configuration of ports:

interface FastEthernet0/3
 switchport trunk allowed vlan 10
 switchport mode trunk
!
interface FastEthernet0/4
 switchport access vlan 10
!

View VLAN configuration:

me3400-test#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/5, Fa0/6, Fa0/7
                                                Fa0/8, Fa0/9, Fa0/10, Fa0/11
                                                Fa0/12, Fa0/13, Fa0/14, Fa0/15
                                                Fa0/16, Fa0/17, Fa0/18, Fa0/19
                                                Fa0/20, Fa0/21, Fa0/22, Fa0/23
                                                Fa0/24, Gi0/1, Gi0/2
10   test1                           active    Fa0/4
20   test                             active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
10   enet  100010     1500  -      -      -        -    -        0      0
20   enet  100020     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

VLAN Type              Ports
---- ----------------- -------------------------------------------------------
10   UNI community     Fa0/1, Fa0/3, Fa0/4

apt-get install  ifenslave

Edit or create file /etc/modprobe.d/aliases.conf

alias bond0 bonding
options bonding mode=4 miimon=100

where mode 4 – IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and
duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.
Edit /etc/network/interfaces.

auto bond0
iface bond0 inet static
        address 192.168.200.5
        netmask 255.255.255.0
        network 192.168.200.0
        broadcast 192.168.200.255
        post-up ifenslave bond0 eth0 eth1
        gateway 192.168.200.1
        dns-nameservers 192.168.200.1
        dns-search example.com

UPDATE (02.01.2012): Ubuntu 11.10 (oneiric).

1.  Edit or create file /etc/modprobe.d/aliases.conf

alias netdev-bond0 bonding
options bonding mode=4 miimon=100

or

2. To run bonding first put module “bonding” in “/etc/modules” :

# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
loop
lp
rtc
bonding

In “/etc/network/interfaces”

auto bond0
iface bond0 inet static
        slaves eth0 eth1
        bond_mode 4
        bond_miimon 100
        address 192.168.200.5
        netmask 255.255.255.0
        network 192.168.200.0
        broadcast 192.168.200.255
        post-up ifenslave bond0 eth0 eth1

Cisco configuration ( Gi1/0/1 and Gi1/0/2 will be aggregated ):

cisco-3750(config)#interface range GigabitEthernet 1/0/1, GigabitEthernet 1/0/2
cisco-3750(config-if-range)#switchport trunk encapsulation dot1q
cisco-3750(config-if-range)#switchport trunk allowed vlan 10,20
cisco-3750(config-if-range)#switchport mode trunk
cisco-3750(config-if-range)#channel-group 1 mode active
Creating a port-channel interface Port-channel 1
cisco-3750(config-if-range)#end
cisco-3750#

Configuration of interface Port-Channel 1 must be exactly the same as Gi1/0/1 and Gi1/0/2.

cisco-3750#sh ru int Po1
Building configuration...
Current configuration : 159 bytes
!
interface Port-channel1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,20
end

If you want to modify configuration of aggregated interfaces, modify only configuration of Port-Channel interface.
And the last step is to set load-balance algorithm:

cisco-3750(config)#port-channel load-balance src-dst-ip
cisco-3750#sh etherchannel load-balance
EtherChannel Load-Balancing Operational State (src-dst-ip):
Non-IP: Source XOR Destination MAC address
  IPv4: Source XOR Destination IP address
  IPv6: Source XOR Destination IP address

cisco-3750#show etherchannel summary
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Gi1/0/1(P)  Gi1/0/2(P)

cisco-3750#
cisco-3750#show etherchannel protocol
                Channel-group listing:
                ----------------------
Group: 1
----------
Protocol:  LACP

Traffic on Gi1/0/1

Traffic on Gi1/0/2

Traffic on Port-Channel1

%PM-4-ERR_DISABLE: gbic-invalid error detected on Gi0/2, putting Gi0/2 in err-disable state

This can happen if you are using third party SFP (non-cisco). The solution is to use undocumented command.
First enter command:

no errdisable detect cause gbic-invalid

and second command:

service unsupported-transceiver

There is no autocomplete for this command and no guarantee, but try it … It works for me on Cisco 3750.

perl -MCPAN -e 'install Cisco::CopyConfig'

Cisco::CopyConfig provides methods for manipulating the running-config of devices running IOS via SNMP directed TFTP. This module is essentially a wrapper for Net::SNMP and the CISCO-CONFIG-COPY-MIB-V1SMI.my MIB schema.
It’s a good idea to store switch’s ip address ( if you have more switches ) in database like MySQL. The following perl script uses MySQL database. In MySQL database we store switch’s ip and snmp community.
MySQL table:

 CREATE TABLE `sw_backup`.`switches` (
`id` BIGINT( 128 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`description` VARCHAR( 128 ) NOT NULL ,
`ip_address` VARCHAR( 128 ) NOT NULL ,
`community` VARCHAR( 128 ) NOT NULL
) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_bin

insert into switches values('','core-switch','192.168.200.251','SNMPconfigCommunity1');
insert into switches values('','access-switch','192.168.200.252','SNMPconfigCommunity2');

mysql> select * from switches;
+----+---------------+-----------------+----------------------+
| id | description   | ip_address      | community            |
+----+---------------+-----------------+----------------------+
|  1 | core-switch   | 192.168.200.251 | SNMPconfigCommunity1 |
|  2 | access-switch | 192.168.200.252 | SNMPconfigCommunity2 |
+----+---------------+-----------------+----------------------+
2 rows in set (0.00 sec)

We need to istall TFTP server:

on Debian: apt-get install atftp

TFTP config file (/etc/default/atftpd):

USE_INETD=true
OPTIONS="--tftpd-timeout 300 --retry-timeout 5  --maxthread 100 --verbose=5 /backup_switch"

TFTP working directory is /backup_switch
Configuring Cisco switch ( tested on C2960G, C3750G, 3400G ):
A read-write SNMP community needs to be defined on each device, which allows the setting of parameters to copy or merge a running-config. Below is an example configuration that attempts to restrict read-write access to only the 192.168.200.10 (tftp server) host :

access-list 70 remark tft-server-list
access-list 70 permit 192.168.200.10
access-list 70 deny   any

SNMP configuration:

snmp-server tftp-server-list 70
snmp-server view backup ciscoMgmt.96.1.1.1.1 included
snmp-server community SNMPconfigCommunity1 view backup RW 70

Variables used in cisco backup script:
/backup_switch – tftp root directory
/storage/backup/daily/switches/ – backup directory
Backup script:

#!/usr/bin/perl
use DBI;
use Cisco::CopyConfig;

my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst)=localtime(time);
$year+=1900;
$mon  = sprintf("%02d",$mon+1);
$mday = sprintf("%02d",$mday);
$hour = sprintf("%02d",$hour);
$min  = sprintf("%02d",$min);
$sec  = sprintf("%02d",$sec);
$date_format="$mday.$mon.$year";

$sql="select ip_address,community,description from switches order by inet_aton(ip_address) asc";
$dbh = DBI->connect("dbi:mysql:sw_backup:xxx.xxx.xxx.xxx","username","password") or die "Can't connect to MySQL: $DBI::errstr\n";
$sth = $dbh->prepare($sql);
$sth->execute();

$tftp_address   = '192.168.200.10';

while (@row=$sth->fetchrow_array) {
 $config     = Cisco::CopyConfig->new(
 Host => $row[0],   # host
 Comm => $row[1], # community
 Tmout => '10',       # timeout
 Retry => '2'           # retry
 );

 $tftp_file = "$row[2].$date_format.conf";

 if ($config->copy($tftp_address, $tftp_file) ) {
 print "OK -> switch ip: $row[0], file: $tftp_file\n"; }
 else {
 print "ERROR -> switch ip: $row[0], no backup file\n";
 }

}

system("mkdir /storage/backup/daily/switches/$date_format");
system("cp /backup_switch/cisco-* /storage/backup/daily/switches/$date_format");

Result:

sns ~ # perl cisco-backup.pl
OK -> switch ip: 192.168.200.251, file: core-switch.19.01.2010.conf
OK -> switch ip: 192.168.200.252, file: access-switch.19.01.2010.conf

sns ~ # tail -n 100 /var/log/syslog | grep tftp
Jan 19 15:56:53 sns atftpd[7848]: Fetching from 192.168.200.251 to core-switch.19.01.2010.conf
Jan 19 15:56:55 sns atftpd[7848]: Fetching from 192.168.200.252 to access-switch.19.01.2010.conf

cisco1800#vlan database
cisco1800(vlan)vlan 777
VLAN 777 added:
    Name: VLAN0777
cisco1800(vlan)#
cisco1800(vlan)#vlan 777 name dot1q_vlan_on_WAN_interface
VLAN 777 modified:
    Name: dot1q_vlan_on_WAN_interface

Now verify vlan:

cisco1800#show vlan-switch

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa4
2    Servers                          active    Fa1, Fa2
3    SERVICE                          active    Fa3
5    VLAN0005                         active
99   VLAN0099                         active
777  dot1q_vlan_on_WAN_interface      active
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

The last step is to create the tagged subinterface on FastEthernet0:

cisco1800(config)#interface FastEthernet 0.777

After the interface number just enter “.” (dot ) and vlan id.

cisco1800(config-subif)#encapsulation dot1Q 777
cisco1800(config-subif)#ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

View configuration:

cisco1800#sh ru interface FastEthernet 0.777
interface FastEthernet0.777
 encapsulation dot1Q 100
 ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
 no snmp trap link-status

Related articles:
Configuration of Cisco switch to rewrite ToS (DSCP)

Ports  	   	Model  	   	    SW Version  	  SW Image
------ 	  	------ 	  	    ----------------- 	  ------------
52 	        WS-C3750G-48TS      12.2(25)SEE4 	  C3750-ADVIPSERVICESK

By default QoS configuration is disabled:

sw3750#sh mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled

So we need to enable QoS:

sw3750#conf t
sw3750(config)#mls qos
sw3750(config)#end

sw3750#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled

We need to create access list:

sw3750#conf t
sw3750(config)#access-list 1 remark rewrite_dscp
sw3750(config)#access-list 1 permit any

sw3750#show access-lists 1
Standard IP access list 1
  10 permit any

Now we’ll begin with real QoS, and use terms as “class map” and “policy map“. According Cisco’s official documentation:

A class map is a mechanism that you use to name a specific traffic flow (or class) and to isolate it from all other traffic. The class map defines the criteria used to match against a specific traffic flow to further classify it. The criteria can include matching the access group defined by the ACL or matching a specific list of DSCP or IP precedence values. If you have more than one type of traffic that you want to classify, you can create another class map and use a different name. After a packet is matched against the
class-map criteria, you further classify it through the use of a policy map.

A policy map specifies which traffic class to act on. Actions can include trusting the CoS, DSCP, or IP precedence values in the traffic class; setting a specific DSCP or IP precedence value in the traffic class; or specifying the traffic bandwidth limitations and the action to take when the traffic is out of profile. Before a policy map can be effective, you must attach it to a port.

sw3750(config)#class-map ?
   WORD class-map name
   match-all Logical-AND all matching statements under this classmap
   match-any Logical-OR all matching statements under this classmap
sw3750(config)#class-map match-all class-map-dscp
sw3750(config-cmap)#match access-group 1

sw3750#show class-map class-map-dscp
 Class Map match-all class-map-dscp (id 1)
   Match access-group 1

After creting class-map, we need policy map. In this policy map we’ll rewrite dscp value of packet: “set dscp af32″ , this is ToS 0×70

sw3750(config)#policy-map vlan101
sw3750(config-pmap)#class class-map-dscp
sw3750(config-pmap-c)#set dscp af32

sw3750#sh policy-map vlan101
 Policy Map vlan101
  Class class-map-dscp
   set dscp af32

OK, we created calss map and policy map, and now we’ll aplly them to interface.

sw3750(config)#int vlan101
sw3750(config-if)#service-policy input vlan101

sw3750#sh ru int vlan101
interface Vlan101
  no ip address
  service-policy input vlan101
end

On a trunk port apply next commands:

sw3750(config)#int gi1/0/4
sw3750(config-if)#mls qos vlan-based

sw3750#sh ru int gi1/0/4
  interface GigabitEthernet1/0/4
  switchport trunk encapsulation dot1q
  switchport trunk allowed 101
  switchport mode trunk
  mls qos vlan-based
end