Configuring a Fabric Attach solution

The following section describes a simple configuration example to configure Fabric Attach (FA) at the edge of a Fabric Connect network. This is a typical deployment at its simplest level and is powerful because of its use in conjunction with a Fabric Connect core.

About this task

Configuring FA primarily consists of configuring the FA Server. The FA Server in turn discovers neighboring FA component devices (like the FA Proxies and FA Clients) using FA TLVs within the LLDP PDUs.

In the following deployment, the switch at the edge of the Fabric Connect cloud is configured as the FA Server. On this switch, FA is enabled globally and at the interface (port) level. Another switch, functioning as the FA Proxy connects to the FA enabled port (1/3) on the FA Server. User A is an end user device that needs to send and receive data traffic from User B (another end user device) across the network.

Click to expand in new window

Before you begin

Configure SPBM and IS-IS on the edge and core switches. For more information, see Configuring minimum SPBM and IS-IS parameters.

Procedure

Configure the edge switch (BEB) as the FA Server:

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Enable FA globally:

    fa enable

  3. Enter port interface configuration mode:

    interface GigabitEthernet {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

  4. Enable FA on the port:

    fa enable

    Note

    Note

    Enabling FA automatically enables message authentication. Also, the authentication key is set to the default value and appears encrypted on the output.

    Note

    Note

    Enabling FA on a port not only enables tagging but also disables spanning tree on that port.

Verify global and interface level FA configuration:

  1. Verify global configuration of FA using one of the following commands:
    • show fa

    • show fa agent

  2. Verify interface level configuration of FA:

    show fa interface

  3. Verify the discovery of clients attaching to the FA Server:

    show fa elements

  4. Display the FA I-SID-to-VLAN assignments:

    show fa assignment

    To verify I-SID-to-VLAN assignments on a specific port, enter:

    show fa assignment {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

  5. Verify creation of Switched UNI (ELAN) I-SIDs:

    show i-sid elan

Example

SPBM and IS-IS configuration on the core and edge switches:

SPBM configuration:

Switch:1>en
Switch:1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch:1(config)#spbm
Switch:1(config)#spbm ethertype 0x8100

IS-IS SPBM configuration:

Switch:1(config)#router isis
Switch:1(config)#spbm 1
Switch:1(config-isis)#spbm 1 nick-name 1.00.01
Switch:1(config-isis)#spbm 1 b-vid 41-42 primary 41
Switch:1(config-isis)#spbm 1 ip enable

IS-IS router configuration:

Switch:1(config-isis)#router isis
Switch:1(config-isis)#sys-name BEB-Switch
Switch:1(config-isis)#ip-source-address 3.3.3.3
Switch:1(config-isis)#is-type l1
Switch:1(config-isis)#system-id 0001.0001.0001
Switch:1(config-isis)#manual-area c0.2000.000.00
Switch:1(config-isis)#exit

Interface (port-level) configuration

Switch:1(config)#interface GigabitEthernet 1/2
Switch:1(config-if)#no shutdown
Switch:1(config-if)#isis
Switch:1(config-if)#isis spbm 1
Switch:1(config-if)#isis enable
Switch:1(config-isis)#exit
Switch(config)#vlan create 41 type spbm-vlan
Switch(config)#vlan create 42 type spbm-vlan
Switch(config)#router isis enable
Switch(config)#show isis spbm

Configuration of the edge switch as the FA Server.

Enable FA globally.

Switch:1(config)#fa enable 
Switch:1(config)#show fa

=========================================================
                          Fabric Attach Configuration
=========================================================
                            FA Service : enabled
                       FA Element Type : server
                 FA Assignment Timeout : 240
                  FA Discovery Timeout : 240
                     FA Provision Mode : spbm

Enable FA on the port.

Enabling FA automatically enables message authentication. The authentication key is configured with the default value, which appears in encrypted format in the output.

Switch:1(config)#int gigabitEthernet 1/3
Switch:1(config-if)#fa enable
Switch:1(config-if)#show fa interface port 1/3

=============================================================
                            Fabric Attach Interfaces
=============================================================
INTERFACE    SERVER   MGMT     MGMT     MSG AUTH MSG AUTH    
             STATUS   ISID     CVID     STATUS   KEY         
-------------------------------------------------------------
Port1/3      enabled  0        0        enabled  ****        

-------------------------------------------------------------
 1 out of 1 Total Num of fabric attach interfaces displayed
-------------------------------------------------------------
Switch:1(config-if)#exit
Switch:1(config)#exit

Verify that the FA Proxy is discovered by the FA Server.

Switch:1(config)#show fa elements

================================================================================
                        Fabric Attach Discovery Elements
================================================================================
                         MGMT                                         ELEM ASGN
PORT   TYPE              VLAN STATE  SYSTEM ID                        AUTH AUTH
--------------------------------------------------------------------------------
1/3    proxy             2    T / S  10:cd:ae:09:40:00:20:00:00:01    AP   AP

================================================================================
                      Fabric Attach Authentication Detail
================================================================================
       ELEM OPER                      ASGN OPER
PORT   AUTH STATUS                    AUTH STATUS
--------------------------------------------------------------------------------
1/3    successAuth                    successAuth

State Legend: (Tagging/AutoConfig)
T= Tagged,    U= Untagged,    D= Disabled,    S= Spbm,    V= Vlan,    I= Invalid

Auth Legend:
AP= Authentication Pass,  AF= Authentication Fail,
NA= Not Authenticated,  N= None



--------------------------------------------------------------------------------

2 out of 2 Total Num of fabric attach discovery elements displayed

Verify the FA I-SID-to-VLAN assignment. An active state indicates that the FA (ELAN) I-SID is successfully created with endpoint of type Switched UNI. By default, this I-SID is created for Layer 2.

Switch:1#show fa assignment

========================================================================
                          Fabric Attach Assignment Map
========================================================================
Interface  I-SID      Vlan       State      Origin
------------------------------------------------------------------------
1/3        44         2          active     proxy

------------------------------------------------------------------------
 1 out of 1 Total Num of fabric attach assignment mappings displayed
------------------------------------------------------------------------

For Layer 3 support, you must configure a platform VLAN. The platform VLAN can have the same value as that of the C-VID or it can have a different value.

In this example, the platform VLAN has the same value as the C-VID.

Switch:1(config)#vlan create 2 type port-mstprstp 0
Switch:1(config)#vlan i-sid 2 44
Switch:1#show i-sid elan

======================================================================
                                        Isid Info
======================================================================
ISID   ISID              PORT           MLT           ORIGIN       ISID                          
ID     TYPE    VLANID    INTERFACES    INTERFACES                  NAME                          
----------------------------------------------------------------------
44     ELAN    2         c2:1/3                       DISC_LOCAL   ISID-44

c: customer vid    u: untagged-traffic

All 1 out of 1 Total Num of Elan i-sids displayed

Verify neighbor discovery on the FA Proxy switch:

Note that the edge switch (BEB) is discovered as the FA Server by the FA Proxy.

Switch:2(config)#show fa agent 

Fabric Attach Service Status: Enabled
Fabric Attach Element Type: Proxy
Fabric Attach Zero Touch Status: Enabled
Fabric Attach Auto Provision Setting: Proxy
Fabric Attach Provision Mode: SPBM
Fabric Attach Client Proxy Status: Enabled
Fabric Attach Standalone Proxy Status: Disabled
Fabric Attach Agent Timeout: 50 seconds
Fabric Attach Extended Logging Status: Enabled
Fabric Attach Primary Server Id: aa:bb:cc:dd:ee:11:30:01:00:01 (SPBM)
Fabric Attach Primary Server Descr:BEB-Switch (6.0.0.0_GA)
Switch:2(config)#show fa elements 

Unit/   Element    Element           Element                                   
Port     Type      Subtype           VLAN    Auth   System ID                 
------- ------- -------------------- ------- ---- -----------------------------
1/3     Server     Server (Auth)     0       AP     aa:bb:cc:dd:ee:11:30:01:00:01
Switch:2(config)#show fa i-sid 

I-SID    VLAN     Source     Status   
-------  ----  ------------  -------  
44       2        Proxy      Active