IOL-L2

Overview

IOL-L2 nodes are an implementation of Cisco IOS-XE that does not run as a full virtual machine. Therefore, the IOL-L2 nodes generally consume much less CPU and memory than an equivalent IOSv-L2 node in your lab. The IOL-L2 images are built from the latest Cisco IOS-XE software and support 16 Ethernet interfaces. IOL-L2 is primarily a Layer-2 switch, but Layer-3 control plane and data-plane functionality is also present in the image.

Limitations

The IOL-L2 images do not support the programmability features that are available in other VM images based on IOS XE. For example, the IOL-L2 images do not support restconf or netconf. You also cannot add EEM applets to the event manager on the device like you can with CSR 1000v nodes.

IOL-L2's normal L1 signaling mechanism is disabled. Because of that, turning OFF an IOL-L2 interface has no effect. Turning the link OFF stops forwarding packets, but there's no "link loss". From the inside of the IOL-L2 node, the interface will still be shown as UP. This behavior matches that of other node types in CML, but it may be unexpected if you have used other IOL-L2 images in the past.

Features Tested with CML

Each CML release is tested with the bundled version of IOL-L2 XE. The tests validate the following features:

Test Name Result
CDP Pass
SVI Pass
Port-security Pass
Autorecovery Pass
Port-channel Pass
DHCP Pass
DHCP Snooping Pass
Spanning-tree Pass
HSRP Pass
Loopback Pass
Routed port Pass

The lab used for the tests is similar to the IOSvL2 Feature Tests lab:

IOL-L2 XE Feature Test Topology

CDP

  • peer device is detected on the interface and listed in the CDP table
  • Neighbor type: IOL-L2
iol-l2-2#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
iol-l2-0         Eth 0/2           167             R S I  Linux Uni Eth 0/2
iol-l2-1         Eth 0/3           124              S I   Linux Uni Eth 0/3

SVI

  • Interface VLAN 100 configured with IP address 192.168.253.2
  • Alpine Linux VM in VLAN 100 can successfully ping the interface vlan 100
alpine-0:~$ ping 192.168.253.2
PING 192.168.253.2 (192.168.253.2): 56 data bytes
64 bytes from 192.168.253.2: seq=0 ttl=42 time=7.491 ms
64 bytes from 192.168.253.2: seq=1 ttl=42 time=3.528 ms
64 bytes from 192.168.253.2: seq=2 ttl=42 time=3.488 ms
64 bytes from 192.168.253.2: seq=3 ttl=42 time=4.045 ms

Port-security

  • Port-security configured on Et0/0 interface on iol-l2-2 switch
  • Violation mode set to shutdown
  • Verification: Interface goes to err-disabled mode if there is a violation
  • Autorecovery also works, port goes back up if there is no violation

Port-channel

  • Links between two IOL-L2 switches grouped into etherchannel using LACP
iol-l2-0#show etherchannel summary
Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Et0/0(P)    Et0/1(P)

DHCP

  • DHCP pool configured on IOL-L2 switch
  • Alpine Linux VM successfully obtains IP address
udhcpc: sending discover
udhcpc: sending select for 192.168.253.6
udhcpc: lease of 192.168.253.6 obtained, lease time 86400

DHCP SNOOPING

  • Switch successfully blocks DHCP messages on untrusted ports
  • VM always gets IP address from the trusted DHCP

SPANNING-TREE

  • Spanning-tree successfully calculates a loop-free topology for every VLAN
iol-l2-2#show spanning-tree vlan 100
Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0               Desg FWD 4       128.1    P2p
Et0/2               Root FWD 4       128.3    P2p
Et0/3               Altn BLK 4       128.4    P2p

HSRP

  • HSRP configured on SVI interfaces on two IOL-L2 switches
  • Verification: Alpine Linux VM can successfully ping the Virtual IP address
iol-l2-0#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Vl100       1    100 P Active  local           192.168.253.3   192.168.253.1

Loopback

  • Loopback interface configured on IOL-L2 switch
Loopback0              172.31.255.1    YES manual up                    up

Routed port

  • Interface Eth0/1 on IOL-L2 configured as routed port
  • Verification: Ping
iol-l2-2#show ip int br
Interface              IP-Address      OK? Method Status                Protocol
Ethernet0/0            unassigned      YES unset  up                    up
Ethernet0/1            192.168.253.4   YES manual up                    up