Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:

BCMSN Exam Certification Guide

10.82 Mб

316 Chapter 13: Multilayer Switching

During the time that a FIB entry is in the CEF glean state waiting for the ARP resolution, subsequent packets to that host are immediately dropped so that the input queues do not fill and the Layer 3 engine does not become too busy worrying about the need for duplicate ARP requests. This is called ARP throttling or throttling adjacency. If an ARP reply is not received in two seconds, the throttling is released so that another ARP request can be triggered. Otherwise, after an ARP reply is received, the throttling is released, the FIB entry can be completed, and packets can be forwarded completely in hardware.

Packet Rewrite

After a multilayer switch finds valid entries in the FIB and adjacency tables, a packet is almost ready to be forwarded. One step remains—the packet header information must be rewritten. Keep in mind that multilayer switching occurs as quick table lookups, to find the next-hop address and the outbound switch port. The packet is untouched, still having the original destination MAC address of the switch itself. The IP header must also be adjusted, as if a traditional router had done the forwarding.

The switch has an additional functional block that performs a packet rewrite in real time. The packet rewrite engine (as shown in Figure 13-3) makes the following changes to the packet just prior to forwarding:

Layer 2 destination address—Changed to the next-hop device’s MAC address

Layer 2 source address—Changed to the outbound Layer 3 switch interface’s MAC address

Layer 3 IP Time To Live (TTL)—Decremented by one, as one router hop has just occurred

Layer 3 IP checksum—Recalculated to include changes to the IP header

Layer 2 frame checksum—Recalculated to include changes to the Layer 2 and Layer 3 headers

A traditional router would normally make the same changes to each packet. The multilayer switch must act as if a traditional router were being used, making identical changes. However, the multilayer switch can do this very efficiently with dedicated packet rewrite hardware and address information obtained from table lookups.

Configuring CEF

CEF is enabled on all CEF-capable Catalyst switches by default. In fact, the Catalyst 3550, 4500, and 6500 (with a Supervisor 720 and its integrated MSFC3 or a Supervisor 2 and MSFC2 combination) all run CEF inherently, so CEF can never be disabled.

Multilayer Switching with CEF 317

Fallback Bridging

For protocols that can’t be routed or switched by CEF, a technique known as fallback bridging is used. Example protocols are IPX and AppleTalk, which are routable but not supported by CEF, as well as SNA and LAT, which are not routable at all. To summarize, each SVI associated with a VLAN where nonroutable protocols are being used is assigned to a bridge group. Packets that cannot be routed from one VLAN to another are transparently bridged instead, as long as the two VLANs belong to the same bridge group.

NOTE Only the Catalyst 3550 offers fallback bridging, as it can CEF switch IP packets but no others. The Catalyst 4500 and 6500 (all Supervisor models running Cisco IOS Software) can also CEF switch IP but can handle other routable protocols more slowly with their Layer 3 engines. Those two platforms have no need for fallback bridging.

Bridge groups used in fallback bridging do not interact with normal Layer 2 switching (also using bridging). They do use a special Spanning Tree Protocol to maintain loop-free fallback bridging, but these bridge protocol data units (BPDUs) are not exchanged with other 802.1D, Rapid Spanning Tree Protocol (RSTP), or Multiple Spanning Tree (MST) BPDUs on VLANs. Instead, the VLANbridge STP is used, with one instance per fallback bridge group.

To configure fallback bridging, first decide which VLANs have traffic that CEF cannot route. Begin by enabling a fallback bridge group and its instance of the VLAN bridge STP:

Switch(config)# bridge-group bridge-group protocol vlan-bridge

Next, for each VLAN SVI where nonroutable traffic will be bridged, assign it to the appropriate bridge group:

Switch(config)# interface vlan vlan-id

Switch(config-if)# bridge-group bridge-group

You can configure up to 31 different fallback bridge groups on a switch. Although the VLAN bridge STP instance running on each bridge group does not interact with normal 802.1D STP, it does behave similarly. For example, you can configure the bridge priority, port priority and cost, Hello timer, Forward Delay timer, and Max Age timer. These parameters should all look familiar, as they are used in the 802.1D STP. Rather than using the spanning-tree command to adjust the parameter values, you must adjust them according to the bridge group number with the bridge-group bridgegroup command keywords.

318 Chapter 13: Multilayer Switching

Verifying Multilayer Switching

The multilayer switching topics presented in this chapter are not difficult to configure. However, you might have a need to verify how a switch is forwarding packets. In particular, the following sections discuss the commands that you can use to verify the operation of InterVLAN routing, CEF, and fallback bridging.

InterVLAN Routing

To verify the configuration of a Layer 2 port, you can use the following EXEC command:

Switch# show interface type mod/num switchport

The output from this command displays the access VLAN or the trunking mode and native VLAN. The administrative modes reflect what has been configured for the port, while the operational modes show the port’s active status.

You can use this same command to verify the configuration of a Layer 3 or routed port. In this case, you should see the switchport (Layer 2) mode disabled, as in Example 13-1.

Example 13-1 Verifying Configuration of a Layer 3 Switch Port

Switch# show interface fastethernet 0/16 switchport

Name: Fa0/16

Switchport: Disabled

To see the physical interface’s status, use the command without the switchport keyword. To see a summary listing of all interfaces, you can use the show interface status command.

To verify the configuration of an SVI, you can use the following EXEC command:

Switch# show interface vlan vlan-id

The VLAN interface should be up with the line protocol also up. If this is not true, either the interface is disabled with the shutdown command, or the VLAN itself has not been defined on the switch. Use the show vlan command to see a list of configured VLANs.

Example 13-2 shows the output produced from the show vlan command. Notice that each defined VLAN is shown, along with the switch ports that are assigned to it.





Verifying Multilayer Switching 319

Example 13-2 Displaying a List of Configured VLANs









Switch# show vlan












-------------------------------- ---------






Fa0/5, Fa0/6, Fa0/7, Fa0/8





Fa0/9, Fa0/10, Fa0/11, Fa0/12





Fa0/13, Fa0/14,

Fa0/15, Fa0/17





Fa0/18, Fa0/19,

Fa0/20, Fa0/21





Fa0/22, Fa0/23,

Fa0/24, Fa0/25





Fa0/26, Fa0/27,

Fa0/28, Fa0/29





Fa0/30, Fa0/32,

Fa0/33, Fa0/34





Fa0/36, Fa0/37,

Fa0/38, Fa0/39





Fa0/41, Fa0/42,

Fa0/43, Fa0/44





Fa0/45, Fa0/46, Fa0/47, Gi0/1


















































CEF operation depends on the correct routing information being generated and downloaded to the Layer 3 forwarding engine hardware. This information is contained in the FIB and is dynamically maintained. To view the entire FIB, use the following EXEC command:

Switch# show ip cef

Example 13-3 shows sample output from this command.

Example 13-3 Displaying the FIB Contents for a Switch

Switch# show ip cef




Next Hop













320 Chapter 13: Multilayer Switching

On this switch, only VLAN 1 has been configured with the IP address Notice several things about the FIB for such a small configuration:—A FIB entry has been reserved for the default route. No next hop is defined, so the entry is marked “receive” so that packets will be sent to the Layer 3 engine for further processing.—The subnet assigned to the VLAN 1 interface is given its own entry. This is marked “attached” because it is directly connected to an SVI, VLAN 1.—A FIB entry has been reserved for the exact network address. This is used to contain an adjacency for packets sent to the network address, if the network is not directly connected. In this case, there is no adjacency, and the entry is marked “receive.”—An entry has been reserved for the VLAN 1 SVI’s IP address. Notice that this is a host route (/32). Packets destined for the VLAN 1 interface must be dealt with internally, so the entry is marked “receive.”—This is an entry for a neighboring multilayer switch, found on the VLAN 1 interface. The next-hop field has been filled in with the same IP address, denoting that an adjacency is available.—A FIB entry has been reserved for the subnet’s broadcast address. The route processor (Layer 3 engine) handles all directed broadcasts, so the entry is marked “receive.”

To see complete FIB and adjacency table information for a specific interface, use the following EXEC command:

Switch# show ip cef type mod/num [detail]

To get an idea of the number of packets being referred to the Layer 3 engine (not hardware CEF switched), use the following EXEC command:

Switch# show cef not-cef-switched

Counters are shown for these CEF punt reasons:

No_adj—No adjacency entry is available for the next hop.

No_encap—A frame needs further processing for ARP resolution.

Unsupp’ted—The frame type is unsupported.

Redirect—An ICMP redirect is involved.

Verifying Multilayer Switching 321

Receive—Packets are received and sent directly to the L3 engine.

Options—The IP options are being used.

Access—An access list needs further processing.

Frag—Fragmentation is needed.

Fallback Bridging

To verify the operation of fallback bridging, you can use the following EXEC commands:

Switch# show bridge group

Switch# show bridge bridge-group [verbose]

The first command shows a summary of all active fallback bridge groups, along with their STP states. The second command displays the bridging table contents for a specific fallback bridge group.

322 Chapter 13: Multilayer Switching

Foundation Summary

The Foundation Summary is a collection of information that provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary can help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, this information is a convenient way to review the day before the exam.

Table 13-2 InterVLAN Routing Configuration Commands


Command Syntax



Put a port into Layer 2 mode.




Put a port into Layer 3 mode.

no switchport



Define an SVI.

interface vlan vlan-id



Components of CEF:

Forwarding Information Base (FIB)—Contains routing and next-hop information; lookups are performed according to longest match IP prefix.

Adjacency table—Contains Layer 2 address information for next-hop FIB entries that are one hop away.

Packet rewrite—Hardware dedicated to rewriting the Layer 2 and Layer 3 header information of outbound packets after the forwarding decisions have been made.

Table 13-3 Fallback Bridging Configuration Commands


Command Syntax



Define a fallback bridge group.

bridge-group bridge-group protocol vlan-bridge



Assign an interface to a bridge group.

bridge-group bridge-group





Foundation Summary 323

Table 13-4 Multilayer Switching Verification Commands







Command Syntax





Show a Layer 2 port status.

show interface type mod/num switchport





Show a Layer 3 port status.

show interface type mod/num





Show an SVI status.

show interface vlan vlan-id





View the FIB contents.

show ip cef





View FIB and adjacency information for an interface.

show ip cef type mod/num [detail]





View counters for packets not switched by CEF.

show cef not-cef-switched





Show fallback bridge group status.

show bridge group





Show fallback bridging table contents.

show bridge bridge-group




324 Chapter 13: Multilayer Switching


The questions and scenarios in this book are more difficult than what you should experience on the actual exam. The questions do not attempt to cover more breadth or depth than the exam; however, they are designed to make sure that you know the answers. Rather than allowing you to derive the answers from clues hidden inside the questions themselves, the questions challenge your understanding and recall of the subject. Hopefully, these questions will help limit the number of exam questions on which you narrow your choices to two options and then guess.

You can find the answers to these questions in Appendix A.

1.What might you need to implement interVLAN routing?

2.Can interVLAN routing be performed over a single trunk link?

3.To configure an SVI, what commands are needed?

4.What command can verify the VLAN assignments on a Layer 2 port?

5.A switch has the following interface configurations in its running configuration:

interface fastethernet 0/1 switchport access vlan 5 interface vlan 5

ip address no shutdown

What is necessary for packets to get from the FastEthernet interface to the VLAN 5 SVI?

6.What is the source of FIB information?

7.How often is the FIB updated?

8.What is meant by the term “CEF punt?”

9.What happens to the FIB when distributed CEF (dCEF) is used?

10.What happens during a “CEF glean” process?

11.What does a multilayer switch do to the IP TTL value just before a packet is forwarded?

12.What is fallback bridging?

13.Is it possible for an SVI to go down? If so, what are the reasons?

Соседние файлы в предмете Сети и Телекоммуникации