Home / Home Lab / EVE-NG / Cisco IOU Unsupported Features

Cisco IOU Unsupported Features

Here is a list of Cisco IOU unsupported features that you probably won’t find, when labbing using Eve-NG or GNS3. The missing features were found with i86bi-linux-l2-adventerprise-15.1b.bin image. But the same observations could be true for other versions too.

Cisco IOU Unsupported features in i86bi-linux-l2-adventerprise-15.1b.bin

Policy-based routing with IP SLA tracking based on ICMP Echo

We can configure the Cisco IOS PBR -aka Policy-Based-Routing- with a special set ip next-hop value.

When we want to incorporate the tracking object within the Cisco IOS PBR, the track object can track an IP SLA operation.

When you track an IP SLA ICMP Echo on a Cisco IOU image switch, you get nothing. This is unsupported. Here is an example of an ICMP Echo IP SLA:

DLS-1#sh ip sla configuration 5
IP SLAs Infrastructure Engine-III
Entry number: 5
Owner:
Tag:
Operation timeout (milliseconds): 5000
Type of operation to perform: icmp-echo
Target address/Source address: 11.11.11.10/11.11.11.9
Type Of Service parameter: 0x0
Request size (ARR data portion): 28
Data pattern: 0xABCDABCD
Verify data: No

I have invoked this IP SLA in a route map. A show route-map shows that the track object is down.

DLS-1#sh route-map RmapPBR
route-map RmapPBR, permit, sequence 10
Match clauses:
ip address (access-lists): PBRacl1
Set clauses:
ip next-hop verify-availability 11.11.11.10 1 track 55 [down]
Policy routing matches: 0 packets, 0 bytes
DLS-1#

But the reality is that the track object is not getting any feedback from the ICMP Echo IP SLA. Even a show track gives no useful information about the state or the reachability of the IP SLA operation:

DLS-1#sh track 55
Track 55
  IP SLA 5 state
  State is Down
    1 change, last change 00:12:58
  Latest operation return code: Unknown
  Tracked by:
    Route Map 0

However, tracking IP SLA ICMP Echo with a simple host, such as VPCS, works,

DLS-1>sh ip sla summ
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending

ID           Type        Destination       Stats       Return      Last
                                           (ms)        Code        Run
-----------------------------------------------------------------------
*2           icmp-echo   172.16.200.101    RTT=6       OK          49 seconds ag  !!! 172.16.200.101 is the IP address of a VPCS host.

So what is the solution? use object tracking with UDP Echo IP SLA, not ICMP Echo.

DLS-1>sh ip sla summ
IPSLAs Latest Operation Summary
Codes: * active, ^ inactive, ~ pending

ID           Type        Destination       Stats       Return      Last
                                           (ms)        Code        Run
-----------------------------------------------------------------------
*2           icmp-echo   172.16.200.101    RTT=6       OK          49 seconds ag
                                                                   o



*3           udp-echo    11.11.11.10       RTT=33      OK          9 seconds ago  !!!! 11.11.11.10 is the IP address of a SVI on a switch running Cisco IOU

LLDP

LLDP is not supported in Cisco IOU i86bi-linux-l2-ipbasek9-15.1e:

MLS(config)#lldp run
^
% Invalid input detected at '^' marker.

MLS(config)#

And it is indeed supported in Cisco IOU i86bi-linux-l3-adventerprisek9-15.2:

Router(config)#lldp run
Router(config)#

and in Cisco virtual IOS vios_l2-ADVENTERPRISEK9-M), Experimental Version 15.2:

DLS-2(config)#lldp ?
  holdtime    Specify the holdtime (in sec) to be sent in packets
  reinit      Delay (in sec) for LLDP initialization on any interface
  run         Enable LLDP
  timer       Specify the rate at which LLDP packets are sent (in sec)
  tlv-select  Selection of LLDP TLVs to send

LLDP on etherchannel interfaces

Cisco IOU vios_l2-ADVENTERPRISEK9-M), Experimental Version 15.2 does not support LLDP over Etherchannel ports.
Although we can see an exchange of LLDP packets, no LLDP neighbors are discovered on the ALS-2 switch:

Sep 26 10:52:38.661: LLDP advertisement packet TX'd on intf GigabitEthernet1/2
Sep 26 10:52:39.114: LLDP advertisement packet TX'd on intf GigabitEthernet0/0
Sep 26 10:52:39.297: LLDP advertisement packet TX'd on intf GigabitEthernet0/1
 --More--
Sep 26 10:52:49.120: LLDP advertisement packet RX'd on intf Port-channel2
Sep 26 10:52:49.425: LLDP advertisement packet RX'd on intf Port-channel2
 --More--
Sep 26 10:53:03.736: LLDP advertisement packet TX'd on intf GigabitEthernet0/2
 --More--
Sep 26 10:53:06.688: LLDP advertisement packet TX'd on intf GigabitEthernet0/3
 --More--
Sep 26 10:53:08.535: LLDP advertisement packet TX'd on intf GigabitEthernet1/2
Sep 26 10:53:08.979: LLDP advertisement packet TX'd on intf GigabitEthernet0/0
Sep 26 10:53:09.087: LLDP advertisement packet TX'd on intf GigabitEthernet0/1
 --More--
Sep 26 10:53:18.853: LLDP advertisement packet RX'd on intf Port-channel2
Sep 26 10:53:19.079: LLDP advertisement packet RX'd on intf Port-channel2

——————–

ALS-2#sh lldp nei
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID

Total entries displayed: 0

ALS-2#sh lldp nei
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID

Total entries displayed: 0

The home lab Etherchannel interface contains two member ports: gi0/0 and g0/1.
When I disabled then enabled LACP on one interface, LLDP suddenly found one neighbor on it:

ALS-2(config)#int gi0/1
ALS-2(config-if)#no channel-group 2 mod act
ALS-2(config-if)#channel-group 2 mod act
ALS-2(config-if)#end

ALS-2#sh lldp neighbors
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID
DLS-1               Gi0/1          120        R               Gi0/3

Total entries displayed: 1

I did the same thing with the second member port of the Etherchannel. I disabled then enabled LACP on gi0/0:

ALS-2(config)#int gi0/0
ALS-2(config-if)#no channel-group 2 mod act
ALS-2(config-if)#channel-group 2 mod act
ALS-2(config-if)#end
 !!! waiting a couple of seconds
ALS-2#sh lldp nei
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID
DLS-1               Gi0/0          120        R               Gi0/2
DLS-1               Gi0/1          120        R               Gi0/3

Total entries displayed: 2

However this situation lasts not long. As soon as we start seeing LLDP neighborship, we lose them again.

ALS-2#sh lldp nei
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID
DLS-1               Gi0/0          120        R               Gi0/2

Total entries displayed: 1

ALS-2#sh lldp nei
Capability codes:
    (R) Router, (B) Bridge, (T) Telephone, (C) DOCSIS Cable Device
    (W) WLAN Access Point, (P) Repeater, (S) Station, (O) Other

Device ID           Local Intf     Hold-time  Capability      Port ID

Total entries displayed: 0

UDLD

UDLD is supported in Cisco vIOS though.

Switchport mode dynamic desirable

Switch-1(config-if)#switchport mode ?
  access        Set trunking mode to ACCESS unconditionally
  dot1q-tunnel  set trunking mode to TUNNEL unconditionally
  private-vlan  Set private-vlan mode
  trunk         Set trunking mode to TRUNK unconditionally

IP DHCP Snooping trust

It is possible with IOL to configure the IP DHCP Snooping feature. However, during the configuration of trust settings under the interface, this was not possible.
Cisco vIOS however does support it.

GLBP

Switch-3(config-if)#glb?
% Unrecognized command
Switch-3(config-if)#glb

Not only GLBP is not supported neither on Cisco IOU, nor on Cisco vIOS, but also don’t use IOU or vIOS when they are connecting to two GLBP routers. In fact, no GLBP protocol packets are exchanged over IOU/vIOS.
To circumvent that, I simply use a normal hub in EVE-NG: Add a New Object –> Network.

HSRP

To circumvent this lacking feature, one can use Cisco 7200 IOS images. But these ones do not support HSRP Interface Tracking feature.

Top Courses in IT & Software 300x250

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Adsense black background: