CCNP 642-811 BCMSN Exam Certification Guide - Cisco press
.pdf
Multilayer Switching with CEF 317
Fallback Bridging
For protocols that can’t be routed or switched by CEF, a technique known as fallback bridging is used. Example protocols are IPX and AppleTalk, which are routable but not supported by CEF, as well as SNA and LAT, which are not routable at all. To summarize, each SVI associated with a VLAN where nonroutable protocols are being used is assigned to a bridge group. Packets that cannot be routed from one VLAN to another are transparently bridged instead, as long as the two VLANs belong to the same bridge group.
NOTE Only the Catalyst 3550 offers fallback bridging, as it can CEF switch IP packets but no others. The Catalyst 4500 and 6500 (all Supervisor models running Cisco IOS Software) can also CEF switch IP but can handle other routable protocols more slowly with their Layer 3 engines. Those two platforms have no need for fallback bridging.
Bridge groups used in fallback bridging do not interact with normal Layer 2 switching (also using bridging). They do use a special Spanning Tree Protocol to maintain loop-free fallback bridging, but these bridge protocol data units (BPDUs) are not exchanged with other 802.1D, Rapid Spanning Tree Protocol (RSTP), or Multiple Spanning Tree (MST) BPDUs on VLANs. Instead, the VLANbridge STP is used, with one instance per fallback bridge group.
To configure fallback bridging, first decide which VLANs have traffic that CEF cannot route. Begin by enabling a fallback bridge group and its instance of the VLAN bridge STP:
Switch(config)# bridge-group bridge-group protocol vlan-bridge
Next, for each VLAN SVI where nonroutable traffic will be bridged, assign it to the appropriate bridge group:
Switch(config)# interface vlan vlan-id
Switch(config-if)# bridge-group bridge-group
You can configure up to 31 different fallback bridge groups on a switch. Although the VLAN bridge STP instance running on each bridge group does not interact with normal 802.1D STP, it does behave similarly. For example, you can configure the bridge priority, port priority and cost, Hello timer, Forward Delay timer, and Max Age timer. These parameters should all look familiar, as they are used in the 802.1D STP. Rather than using the spanning-tree command to adjust the parameter values, you must adjust them according to the bridge group number with the bridge-group bridgegroup command keywords.
318 Chapter 13: Multilayer Switching
Verifying Multilayer Switching
The multilayer switching topics presented in this chapter are not difficult to configure. However, you might have a need to verify how a switch is forwarding packets. In particular, the following sections discuss the commands that you can use to verify the operation of InterVLAN routing, CEF, and fallback bridging.
InterVLAN Routing
To verify the configuration of a Layer 2 port, you can use the following EXEC command:
Switch# show interface type mod/num switchport
The output from this command displays the access VLAN or the trunking mode and native VLAN. The administrative modes reflect what has been configured for the port, while the operational modes show the port’s active status.
You can use this same command to verify the configuration of a Layer 3 or routed port. In this case, you should see the switchport (Layer 2) mode disabled, as in Example 13-1.
Example 13-1 Verifying Configuration of a Layer 3 Switch Port
Switch# show interface fastethernet 0/16 switchport
Name: Fa0/16
Switchport: Disabled
To see the physical interface’s status, use the command without the switchport keyword. To see a summary listing of all interfaces, you can use the show interface status command.
To verify the configuration of an SVI, you can use the following EXEC command:
Switch# show interface vlan vlan-id
The VLAN interface should be up with the line protocol also up. If this is not true, either the interface is disabled with the shutdown command, or the VLAN itself has not been defined on the switch. Use the show vlan command to see a list of configured VLANs.
Example 13-2 shows the output produced from the show vlan command. Notice that each defined VLAN is shown, along with the switch ports that are assigned to it.
|
|
|
|
Verifying Multilayer Switching 319 |
|
Example 13-2 Displaying a List of Configured VLANs |
|
|
|||
|
|
|
|
|
|
|
Switch# show vlan |
|
|
|
|
|
VLAN |
Name |
Status |
Ports |
|
|
---- |
-------------------------------- --------- |
------------------------------- |
||
|
1 |
default |
active |
Fa0/5, Fa0/6, Fa0/7, Fa0/8 |
|
|
|
|
|
Fa0/9, Fa0/10, Fa0/11, Fa0/12 |
|
|
|
|
|
Fa0/13, Fa0/14, |
Fa0/15, Fa0/17 |
|
|
|
|
Fa0/18, Fa0/19, |
Fa0/20, Fa0/21 |
|
|
|
|
Fa0/22, Fa0/23, |
Fa0/24, Fa0/25 |
|
|
|
|
Fa0/26, Fa0/27, |
Fa0/28, Fa0/29 |
|
|
|
|
Fa0/30, Fa0/32, |
Fa0/33, Fa0/34 |
|
|
|
|
Fa0/36, Fa0/37, |
Fa0/38, Fa0/39 |
|
|
|
|
Fa0/41, Fa0/42, |
Fa0/43, Fa0/44 |
|
|
|
|
Fa0/45, Fa0/46, Fa0/47, Gi0/1 |
|
|
|
|
|
Gi0/2 |
|
|
2 |
VLAN0002 |
active |
Fa0/40 |
|
|
5 |
VLAN0005 |
active |
|
|
|
10 |
VLAN0010 |
active |
|
|
|
11 |
VLAN0011 |
active |
Fa0/31 |
|
|
12 |
VLAN0012 |
active |
|
|
|
99 |
VLAN0099 |
active |
Fa0/35 |
|
|
|
|
|
|
|
CEF
CEF operation depends on the correct routing information being generated and downloaded to the Layer 3 forwarding engine hardware. This information is contained in the FIB and is dynamically maintained. To view the entire FIB, use the following EXEC command:
Switch# show ip cef
Example 13-3 shows sample output from this command.
Example 13-3 Displaying the FIB Contents for a Switch
Switch# show ip cef |
|
|
Prefix |
Next Hop |
Interface |
0.0.0.0/32 |
receive |
|
192.168.199.0/24 |
attached |
Vlan1 |
192.168.199.0/32 |
receive |
|
192.168.199.1/32 |
receive |
|
192.168.199.2/32 |
192.168.199.2 |
Vlan1 |
192.168.199.255/32 |
receive |
|
|
|
|
320 Chapter 13: Multilayer Switching
On this switch, only VLAN 1 has been configured with the IP address 192.168.199.1 255.255.255.0. Notice several things about the FIB for such a small configuration:
■0.0.0.0/32—A FIB entry has been reserved for the default route. No next hop is defined, so the entry is marked “receive” so that packets will be sent to the Layer 3 engine for further processing.
■192.168.199.0/24—The subnet assigned to the VLAN 1 interface is given its own entry. This is marked “attached” because it is directly connected to an SVI, VLAN 1.
■192.168.199.0/32—A FIB entry has been reserved for the exact network address. This is used to contain an adjacency for packets sent to the network address, if the network is not directly connected. In this case, there is no adjacency, and the entry is marked “receive.”
■192.168.199.1/32—An entry has been reserved for the VLAN 1 SVI’s IP address. Notice that this is a host route (/32). Packets destined for the VLAN 1 interface must be dealt with internally, so the entry is marked “receive.”
■192.168.199.2/32—This is an entry for a neighboring multilayer switch, found on the VLAN 1 interface. The next-hop field has been filled in with the same IP address, denoting that an adjacency is available.
■192.168.199.255/32—A FIB entry has been reserved for the 192.168.199.0 subnet’s broadcast address. The route processor (Layer 3 engine) handles all directed broadcasts, so the entry is marked “receive.”
To see complete FIB and adjacency table information for a specific interface, use the following EXEC command:
Switch# show ip cef type mod/num [detail]
To get an idea of the number of packets being referred to the Layer 3 engine (not hardware CEF switched), use the following EXEC command:
Switch# show cef not-cef-switched
Counters are shown for these CEF punt reasons:
■No_adj—No adjacency entry is available for the next hop.
■No_encap—A frame needs further processing for ARP resolution.
■Unsupp’ted—The frame type is unsupported.
■Redirect—An ICMP redirect is involved.
Verifying Multilayer Switching 321
■Receive—Packets are received and sent directly to the L3 engine.
■Options—The IP options are being used.
■Access—An access list needs further processing.
■Frag—Fragmentation is needed.
Fallback Bridging
To verify the operation of fallback bridging, you can use the following EXEC commands:
Switch# show bridge group
Switch# show bridge bridge-group [verbose]
The first command shows a summary of all active fallback bridge groups, along with their STP states. The second command displays the bridging table contents for a specific fallback bridge group.
322 Chapter 13: Multilayer Switching
Foundation Summary
The Foundation Summary is a collection of information that provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary can help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, this information is a convenient way to review the day before the exam.
Table 13-2 InterVLAN Routing Configuration Commands
Task |
Command Syntax |
|
|
Put a port into Layer 2 mode. |
switchport |
|
|
Put a port into Layer 3 mode. |
no switchport |
|
|
Define an SVI. |
interface vlan vlan-id |
|
|
Components of CEF:
■Forwarding Information Base (FIB)—Contains routing and next-hop information; lookups are performed according to longest match IP prefix.
■Adjacency table—Contains Layer 2 address information for next-hop FIB entries that are one hop away.
■Packet rewrite—Hardware dedicated to rewriting the Layer 2 and Layer 3 header information of outbound packets after the forwarding decisions have been made.
Table 13-3 Fallback Bridging Configuration Commands
Task |
Command Syntax |
|
|
Define a fallback bridge group. |
bridge-group bridge-group protocol vlan-bridge |
|
|
Assign an interface to a bridge group. |
bridge-group bridge-group |
|
|
|
|
Foundation Summary 323 |
Table 13-4 Multilayer Switching Verification Commands |
|
|
|
|
|
|
Task |
Command Syntax |
|
|
|
|
Show a Layer 2 port status. |
show interface type mod/num switchport |
|
|
|
|
Show a Layer 3 port status. |
show interface type mod/num |
|
|
|
|
Show an SVI status. |
show interface vlan vlan-id |
|
|
|
|
View the FIB contents. |
show ip cef |
|
|
|
|
View FIB and adjacency information for an interface. |
show ip cef type mod/num [detail] |
|
|
|
|
View counters for packets not switched by CEF. |
show cef not-cef-switched |
|
|
|
|
Show fallback bridge group status. |
show bridge group |
|
|
|
|
Show fallback bridging table contents. |
show bridge bridge-group |
|
|
|
324 Chapter 13: Multilayer Switching
Q&A
The questions and scenarios in this book are more difficult than what you should experience on the actual exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answers. Rather than allowing you to derive the answers from clues hidden inside the questions themselves, the questions challenge your understanding and recall of the subject. Hopefully, these questions will help limit the number of exam questions on which you narrow your choices to two options and then guess.
You can find the answers to these questions in Appendix A.
1.What might you need to implement interVLAN routing?
2.Can interVLAN routing be performed over a single trunk link?
3.To configure an SVI, what commands are needed?
4.What command can verify the VLAN assignments on a Layer 2 port?
5.A switch has the following interface configurations in its running configuration:
interface fastethernet 0/1 switchport access vlan 5 interface vlan 5
ip address 192.168.10.1 255.255.255.0 no shutdown
What is necessary for packets to get from the FastEthernet interface to the VLAN 5 SVI?
6.What is the source of FIB information?
7.How often is the FIB updated?
8.What is meant by the term “CEF punt?”
9.What happens to the FIB when distributed CEF (dCEF) is used?
10.What happens during a “CEF glean” process?
11.What does a multilayer switch do to the IP TTL value just before a packet is forwarded?
12.What is fallback bridging?
13.Is it possible for an SVI to go down? If so, what are the reasons?
