Important
Prior to Fabric Engine 8.6, 5520 Series and 5420 Series platforms ran VOSS. VOSS support ends for these platforms with VOSS 8.5.x. For more information, see Migrating Ethernet Routing Switches to Fabric Engine Edge Solution .
This section provides information to configure a universal hardware VOSS Edge switch operating as a Fabric Connect node and to configure Shortest Bridging Path (SPB) and Intermediate System-to-Intermediate System (IS-IS) on a universal hardware VOSS switch.
Before you replace an existing Ethernet Routing Switch (ERS) configuration with the universal hardware VOSS edge solution, consider the following key decision points:
Will the edge switch use Network Access Control (NAC)?
Tip
If you use NAC then you should use Switched UNI (S-UNI) mode because it is more flexible in supporting the available RADIUS assigned attributes, which the RADIUS server can return. With NAC, RADIUS assigned attributes can automate assigning VLANs to ports, so a S-UNI configuration remains transparent.Will the universal hardware VOSS edge switch be deployed as a Distributed Virtual Routing (DvR) Leaf?
Note
A VOSS DvR Leaf supports S-UNI mode only.On the VOSS edge, you can apply VLANs on ports in two distinct ways:
C-VLAN-UNI Mode
In C-VLAN-UNI mode, you create every VLAN globally on the switch and assign membership of that VLAN to ports. You can configure VLAN ports as untagged, tagged, or untagPvidOnly. For some of these settings, you must configure a default port VLAN ID (PVID) on a per port basis. You can assign a Layer 2 service I-SID VLAN to extend that same VLAN to other switches in the fabric.
The Spanning Tree Protocol always operates on C-VLAN-UNI ports unless you disable it.
C-VLAN-UNI mode is very similar to VLAN configuration on an ERS and presents the easiest migration option to the VOSS edge solution.
S-UNI Mode
In S-UNI mode, the ports are flex-uni enabled. You do not need to create global VLANs. Instead, configure Layer 2 I-SIDs globally and assign ports directly to the Layer 2 I-SID. If the port is to process untagged traffic, then a VLAN-ID is not required. However, if the port is to process tagged traffic, then you need to specify a VLAN-ID on a per port basis.
The Spanning Tree Protocol never operates on S-UNI ports.
S-UNI Mode is more powerful than C-VLAN-UNI mode. With S-UNI, a VLAN-ID and a given port (VID, port) maps to a Layer 2 VSN I-SID. With this UNI type, VLAN-IDs can be reused on other ports and therefore mapped to different I-SIDs.
This configuration approach is significantly different from the way VLANs are configured on an ERS.
An additional consideration is the starting point of all configuration on the VOSS edge switch. There are two possible factory default configurations on a VOSS switch:
Pre VOSS-8.2 factory defaults mode
All ports are disabled by default.
All ports are untagged members of default VLAN 1 and are in C-VLAN-UNI mode.
All ports have Spanning Tree Protocol enabled.
Note
Pre VOSS 8.2 factory default mode can still be obtained in VOSS 8.2 and later versions by using the boot config flags factorydefaults boot flag followed by a switch reset.All ports are enabled by default.
All ports are flex-uni enabled and are untagged members of the new default onboarding VLAN 4048. This VLAN is a Private-VLAN and all ports operate as Private-VLAN isolated members.
Auto-sense functionality is enabled by default on all ports in VOSS 8.3 or later. If you globally configure a switch with a RADIUS server and you globally enable EAPOL, all Auto-sense access ports automatically perform both EAP and NEAP when they do not detect other possible Auto-sense states. This means that if you enable NAC, port level configuration is not necessary.
Note
Post VOSS-8.2 factory defaults mode is obtained in any VOSS 8.2 or later version when the switch resets and the switch does not have an existing primary or secondary configuration file loaded (for example, /intflash/config.cfg).The following guidelines are suggested:
If the VOSS edge deploys in DvR Leaf mode and/or you enable NAC on the switch:
Ensure the switch boots in Post VOSS-8.2 factory defaults so that flex-uni and Auto-sense are enabled on all access ports.
Configure the RADIUS server and globally enable EAPOL. Zero Touch Provisioning Plus (ZTP+) performs these actions while the switch onboards.
If the VOSS edge switch does not deploy in DvR Leaf mode and you do not enable NAC on the switch:
Ensure the switch boots in Pre VOSS-8.2 factory default mode so that all ports are in C-VLAN-UNI mode.
Or
If the switch boots in Post VOSS-8.2 factory default mode, before you configure a port, disable Auto-sense on that port. This disables Auto-sense on the port and flex-uni at the same time.
Configure the VLAN membership similar to your ERS configuration. For information about VLAN configuration using C-VLAN-UNI, see CLI Command Examples.
If the VOSS edge switch deploys in DvR Leaf and you do not enable NAC on the switch:
If the switch boots in Pre VOSS-8.2 factory defaults mode, enable flex-uni on all the access ports.
If the switch boots in Post VOSS-8.2 factory defaults mode, disable Auto-sense on all the access ports and enable flex-uni on the same ports.
Manually configure the VLAN membership using S-UNI. For more information about VLAN configuration using S-UNI, see CLI Command Examples.