CISCO Catalyst IE9300 Rugged Series Switches App User Guide
- June 1, 2024
- Cisco
Table of Contents
CISCO Catalyst IE9300 Rugged Series Switches App
Product Information
- Specifications:
- Product Name: Cisco Catalyst IE9300 Rugged Series Switches
- Model: IE9300
- First Published: 2024-02-28
- Manufacturer: Cisco Systems, Inc.
- Website: http://www.cisco.com.
- Contact: Tel – 408 526-4000, Fax – 408 527-0883
Product Usage Instructions
- Chapter 1: Cisco IOx and Cisco Catalyst IE9300 Rugged Series Switches
- Prerequisites:
- Before deploying Cisco IOx Applications on the Cisco Catalyst IE9300 Rugged Series Switches, ensure that you meet all prerequisites mentioned in the manual.
- Chapter 2: Configuring the Network and IOx
-
* **Configuring the Network for IOX:**
- To configure the network for IOx, follow these steps:
- Configure the VLAN ID for the IOx Interface as shown in Figure 1.
- Ensure the dedicated interface AppGigabitEthernet1/0/1 is configured as a trunk.
- You can have multiple applications in an IOx network, each with multiple Ethernet connections and can be placed in any VLAN.
-
- Chapter 3: Deploying IOx Applications
- Prerequisites:
- Before deploying IOx Applications, make sure you have fulfilled all prerequisites outlined in the manual.
- Guidelines for IOx Applications:
- Refer to the guidelines provided in the manual for deploying IOx applications effectively.
FAQs
- Q: What is the Cisco Bug Search Tool?
- A: The Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, providing detailed defect information about Cisco products and software vulnerabilities.
- Q: How can I provide feedback on Cisco technical documentation?
- A: To provide feedback on Cisco technical documentation, use the feedback form available in the right pane of every online document.
Software License
Full Cisco Trademarks with Software License
-
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE OUTLINED IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
-
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
-
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. -
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
-
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
-
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
-
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Communications, Services, and Additional Information
- To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
- To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
- To submit a service request, visit Cisco Support.
- To discover and browse secure, validated enterprise-class apps, products, solutions, and services, visit Cisco DevNet.
- To obtain general networking, training, and certification titles, visit Cisco Press.
- To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
- Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.
Documentation Feedback
- To provide feedback about Cisco technical documentation, use the feedback form available in the right pane of every online document.
Rugged Series Switches
Cisco IOx and Cisco Catalyst IE9300 Rugged Series Switches
- Cisco IOx (IOS + Linux) is an end-to-end application framework that provides application-hosting capabilities for different application types on Cisco network platforms.
- Cisco IOx combines Cisco IOS-XE with Linux OS for secure application hosting. IOx enables you to host applications in the networking infrastructure, and securely manage them using cisco app hosting tools.
- IOx allows consistent deployment of applications that are independent of your network infrastructure and Docker tooling for development. It enables you to back up and restore application data, perform upgrades, and view troubleshooting logs.
- Note See the Cisco IOx page on cisco.com for more information.
- You can use Cisco IOx with a graphical UI on-premises or cloud-based management, or you can use an on-device CLI.
- Since Cisco IOS XE Cupertino 17.8.1, Cisco Catalyst IE9300 Rugged Series Switches support IOx application hosting. This allows you to run your own custom code, applications, and containers on the Cisco Catalyst IE9300 Rugged Series Switch.
- This document describes how to deploy, activate and start an IOx application on Cisco Catalyst IE9300 Rugged Series Switches.
Prerequisites
- We recommend that you know the following subjects:
- Cisco IOx and Cisco IOS XE Cupertino 17.8.1 or later
- Cisco Catalyst IE9300 Rugged Series Switches
Configuring the Network and IOx
- Cisco Catalyst IE9300 Rugged Series Switches have an additional interface for connectivity to the IOx applications, called Ap1/0/1. You can configure the Ap1/0/1 interface as a regular, physical, interface in trunk mode.
- You must configure a VLAN ID for the Ap1/0/1 interface even if the interface is configured in trunk mode.
- You also must configure an IP Address on an IE9300 VLAN interface where this VLAN is also a member of the Ap1/0/1 trunk interface.
- The allowed VLANs on the Ap1/0/1 trunk interface should match the VLANs that need to carry data traffic to or from applications on IOx. These VLANs include ones carrying management traffic. The example used in this guide is 10. VLAN 10 is the VLAN carrying traffic for the application to communicate with the network.
- This traffic can include the IP traffic to the management VLAN. You should configure the same VLAN ID when managing the applications so the VLANs match. If you intend to use vlan 1 to communicate with the network, then choose a different native VLAN on Ap1/0/1.
After you configure the network, you must enable IOx on the switch.
Figure 1: Connections with IE9300 IOx Network with Applications
- The preceding illustration shows Ethernet and Layer 2 connections possible in an IOx network on a Cisco Catalyst IE9300 Rugged Series Switch.
- The dedicated interface AppGigabitEthernet1/0/1 for IOx support is internally connected to a Linux bridge.
- The interface needs to be configured as a trunk. You can have multiple applications in an IOx network, each of which can have multiple Ethernet connections and can be placed in any VLAN.
- For a similar illustration showing a sample network configuration, see the section Deploying IOx Applications Using the IOS-XE CLI, on page 8 in this guide.
Configure the VLAN ID for the IOx Interface
You must configure the VLAN ID for the IOx interface and then configure the SVI address for the VLAN. You do so to connect to and manage the VLAN. You must make sure that the VLAN is routable throughout the network.
SUMMARY STEPS
- Configure a VLAN ID for the IOx interface.
- Configure the SVI address for the VLAN.
DETAILED STEPS
- Step 1 Configure a VLAN ID for the IOx interface.
- Enter the following command:
- Example:
- Step 2 Configure the SVI address for the VLAN.
- Example:
Enable IOx on the Switch
After you configure the VLAN for the IOx interface, you must enable IOx on the switch.
Note: Cisco IOS requires at least 1 GB on the SD card. If you have a 4 GB SD card partition for IOx, you can format up to 74 per cent of the card.
Before you begin
- Before enabling IOx on the switch, ensure that you have an SD card for IOx with at least 4GB. An SD card is required by IOx for storage.
SUMMARY STEPS
- Ensure that the SD card IOx partition is formatted with the EXT4 filesystem using CLI using the following command: partition flash: box
- Enable IOx:
- Ensure that the web server is enabled and that a user is configured for access:
- Leave configuration mode and enter enable mode:
DETAILED STEPS
- Step 1 Ensure that the SD card IOx partition is formatted with the EXT4 filesystem using CLI using the following command: partition flash: iox The SD card is required to store the IOx applications and data.
- Example:
- Note The default behavior of the partition command is for 66 percent of 4GB on the SD Card allocated to IOx, and 34 percent space allocated to IOS as a backup.
- Step 2 After you enter the partition command, the switch reloads.
- Enable IOx:
- Example:
- Step 3 Ensure that the web server is enabled and that a user is configured for access:
- Example:
- This step is required to get access to the IOx functionality through the Local Manager UI.
- Step 4 Leave configuration mode and enter enable mode:
- Example: ie9300#end
What to do next
- Check whether the IOC infrastructure is ready to use, as shown in the following example:
Deploying IOx Applications
Prerequisites
- Ensure that you have completed the tasks in the chapter Configuring the Network and IOx, on page 3 in this guide.
Guidelines for IOx Applications
- This section provides guidelines for deploying IOx applications.
- One of the most commonly used applications is Cisco Cyber Vision. See the Cisco Cyber Vision support page for more information.
- Cisco Catalyst IE9300 Rugged Series Switches support both LXC and Docker-based applications with ARM64 architecture.
- Both IPv4 and Ipv6 configurations are supported. Place the application package or tar file in the flash or SD card in the IOS partition for configuring with the CLI.
- Use the application Gigabit Ethernet interface (AppGig1/0/1) on the switch for forwarding the Layer 2 application traffic. Ensure that the interface is up on the switch and configured for a trunk port.
When configuring applications:
- Configure Layer 2 interfaces with Ap1/0/1 and VLAN with an IP address in the same VLAN network.
- Configure gateway interfaces to an SVI or IP address in the same network.
- You can configure multiple guest or Layer 2 interfaces [0-63] for an application, and each interface can be placed in a different VLAN.
- You can configure up to three gateway interfaces.
- Iox infra supports configuring multiple gateways; you can configure one default gateway to support all the interfaces.
- The application configuration allows options to configure Docker runtime options.
Methods of Deploying IOx Applications
- There are two methods of deploying IOx applications to a Cisco Catalyst IE9300 Rugged Series Switch:
- IOS-XE CLI: The CLI that is part of the switch software for connecting to the switch on the device. You can use the CLI on an IOx-enabled device to manage the device and deploy applications. You do not need to enable the web server on the IOS-XE device. For more information, see Deploying IOx Applications Using the IOS-XE CLI, on page 8.
- Cisco IOx Local Manager (GUI): A platform-specific application that is installed on a host system as part of the installation of the Cisco IOx framework on that device. You can access Cisco IOx Local Manager from the Cisco Catalyst IE9300 Rugged Series Switchweb-based user interface. For more information, see Deploy an Application using Cisco IOx Local Manager, on page 18.
- Cisco IOx Local Manager provides resource profiles, such as tiny, exclusive, default and custom. If you choose a custom profile, you can modify CPU, memory and disk values. See Methods of Deploying IOx Applications, on page 8 and Deploy an Application using Cisco IOx Local Manager, on page 18.
- The following sections in this document contain instructions for deploying IOx using each method.
Deploying IOx Applications Using the IOS-XE CLI
- To deploy IOx applications using the IOS-XE CLI, you need to configure the application and then install, activate, and start it.
Figure 2: Example of IOx Deployment with Application
The preceding illustration shows an example configuration of an IOx network on a Cisco Catalyst IE9300 Rugged Series Switch. The dedicated interface AppGigabitEthernet1/0/1 for IOx support is configured as a trunk and is internally connected to a Linux bridge. In the example, a single application, Iperf_3, is assigned the IP address 192.168.0.2 to the guest interface. The default gateway is assigned on SVI LAN 10 with the IP address of 192.168.0.1. For an illustration without interface examples, see the section Configuring the Network for IOX, on page 3 in this guide.
Configure an Application Using the CLI
- Enter the commands in the following procedure to configure an application using the IOS-XE CLI.
- Note The following procedure describes how to install and run the iPerf application.
Before you begin
- You must have configured the network for IOx. See the section Configuring the Network for IOX, on page 3.
SUMMARY STEPS
- enable
- configure terminal
- app-hosting applied iperf_3
- app-vnic AppGigabitEthernet trunk
- VLAN 10 guest-interface 0
- guest-address guest_ip_address netmask|prefix number
- exit
- exit
- app-default-gateway default_gateway_address guest-interface guest_interface number
- end
DETAILED STEPS
Configure Docker Run-Time Options
- You can add a maximum of 30 lines of run time options. The system generates a concatenated string from line 1 through line 30. A string can have more than one Docker run-time option.
- When a run-time option changes, do the following: Stop, deactivate, activate, and then start the application for the new run-time options to take effect.
Before you begin
- SUMMARY STEPS
1. app-hosting applied iperf_3
2. app-resource docker
3. run-opts 1 “–entry point ‘/bin/sleep 10000′”
4. exit
5. end
DETAILED STEPS
Configure Application Resources
- Complete the following steps to activate application hosting, which is required before resource changes take effect.
Before you begin
- Check memory and storage using the command show app-hosting resource.
SUMMARY STEPS
- app-hosting applied iperf_3
- app-resource profile custom
- CPU value
- memory value
- persist-disk value
- end
DETAILED STEPS
IOx Application Installation, Activation and Startup
- After you configure an application in the IOS-XE CLI, you activate the application by taking it through three states.
- You first install the application using the app-hosting install command, which after installation, the application moves to the deployed state. During installation, the sign verification of the application is checked, if the check is enabled. For more information, see the section IOX Application Sign Verification, on page 15.
- After installation, you activate the application using the app-hosting activate command. During activation, the application is assigned resources on the switch; activation fails if there are not enough resources available.
- After activation, you move the application to the running state using the app-hosting start command.
- During start, the application interfaces are created and assigned IP addresses.
- Note: You can check the state of the application at any point of installation, or activation, or start by using the show app-hosting list command. You can use the show app-hosting details command to see a description of the application with IP allocation, resource allocation, and other details
Install, Activate, and Start the Application
- Complete the following commands to install, activate, and start the IOx application on the switch and configure the interfaces.
Before you begin
- You must have configured the network and the IOx application. See the section Configuring the Network and IOx, on page 3.
SUMMARY STEPS
- app-hosting install applied application_name package application_filename
- (Optional) Confirm the application’s installation and state by entering the show app-hosting list command:
- app-hosting activate applied application_name
- app-hosting start applied application_name
DETAILED STEPS
IOX Application Sign Verification
- You can check the sign verification of a Cisco IOx application during its installation. Application package signature ensures that an application package is valid and that the one installed on the device comes from a trusted source.
- The configuration keyword start is available under application-hosting application configurations. If you use this keyword, then IOx infra automatically activates and starts the application after installation. Otherwise, you must explicitly use and activate and start CLI commands to start the application.
IOx infra checks for a signature in the following cases:
- When signature verification is enabled.
- When IOx infra uses bootflash as storage; it then checks for a signature regardless of signature verification status.
- If an application is using a restricted resource, such as secure storage.
- If signature verification is enabled, and the application is not signed, the application will not be allowed to run.
- However, you cannot run non-Cisco applications if signature verification is enabled. However, you can run unsigned non-Cisco applications if the following criteria are met:
- Signature verification is disabled.
- An SD card is used for storage instead of boot flash.
- The application is not using a restricted resource.
IOx Application Command Examples
This section provides examples of IOS-XE CLI commands for IOx applications.
View Resources on the Switch
The command in the following example shows the maximum resources on the switch that are allocated to an application:
The command in the following example shows the resources remaining on the switch after configuring an IOx application:
View IOx Application Information on the Switch
The command in the following example shows application-related information on
the switch:
The command in the following example shows detailed application-related information on the switch:
Stopping, Deactivating, and Uninstalling the Application
The command in the following example stops the IOx application:
The command in the following example stops the IOx application:
The command in the following example stops the IOx application:
The following shows the list of app-hosting commands:
Deploy an Application using Cisco IOx Local Manager
- Cisco IOx Local Manager provides a web-based user interface that you can use to manage, administer, monitor, and troubleshoot applications on a host system, and to perform various related activities.
- You can access Cisco IOx Local Manager from the Cisco Catalyst IE9300 Rugged Series Switch web-based user interface and use Cisco IOx Local Manager to deploy applications.
- To access Cisco IOx Local Manager, choose Configuration > IOx (IOx appears under Services).
- In the Cisco IOx Local Manager login window that appears, enter the user name and password that you use to log in to Cisco IOS, then click Log In.
- For detailed information about Cisco IOx Local Manager, including how to add, deploy, activate, start, and stop applications, see the Cisco IOx Local Manager Reference Guide.
- Deploying Cisco IOx Applications, Cisco Catalyst IE9300 Rugged Series Switches
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>