CCNP Study Notes – Multilayer Switching

By | March 4, 2012

InterVLAN Routing

  • requires that routing be enabled for the layer 3 protocol – eg. IP Routing
  • requires static routes or a dynamic routing protocol
  • by default every port on most catalyst switch platforms is layer 2, and on 6500’s every port is layer 3 by default
  • to determine the mode a switch port is in: Switch# show interface type mod/num switchport
    • if the status is Switchport: Disabled then it’s layer 3
  • to swap ports between layer 2 and 3: Switch# (config-if) [no] switchport
  • an etherchannel can also become a layer 3 port
  • to configure a Switched Virtual Interface (SVI):
    • Switch(config)# vlan 100
    • Switch(config-if)# ip address ip-address mask [secondary]
    • Switch(config-if)# no shutdown

Multilayer Switching with CEF

  • route once and switch many.  The Route Processor (RP) receives the first packet and a routing decision is made.  The Switching Engine (SE) then listens to see if it can switch the packet in both directions, and if so then subsequent packets can be switched directly to the destination port, bypassing the RP.
  • AKA Netflow Switching or Route Cache Switching
  • CEF has taken over from Netflow switching as it is more efficient, and runs by default in hardware
  • The layer 3 engine maintains routing information, and the routing table is reformatted into a list with the most specific route first for each destination subnet – this is called the Forwarding Information Base
  • the switch examines the FIB for the longest match (ie. most specific) destination route for a packet
  • the FIB also contains the next hop address for each entry
  • the FIB is dynamically updated upon changes to the routing table, or next hop addresses change or age-out of the ARP table
  • display the FIB table: Switch# show ip cef [type mod/num | vlan vlan-id] [detail]
  • packets that cannot be switched in hardware are marked as “CEF punt” and sent to the layer 3 engine.  some conditions can lead to this:
    • no entry in FIB
    • FIB table is full
    • TTL expired
    • MTU exceeded
    • ICMP redirect is involved
    • encapsulation type is not supported
    • packets are tunneled and require encryption or compression
    • an ACL with a log option is triggered
    • NAT’ing is taking place
  • aCEF (accelerated) is where CEF is multiple layer 3 forwarding engines, but only subsection of the FIB table is known each engine
  • dCEF (disrtibuted) is as aCEF but with the whole FIB table on each engine
  • the Adjacency Table is the list of IP to MAC mappings for every next hop entry in the FIB table.  view details with:
    • Switch# show adjacency [type mod/num | vlan vlan-id ] [summary | detail]
  • Packet Re-write – After finding valid FIB and adjacency table entries the switch must re-write the packet header before it can be forward the packet.   This is done in real time by the re-write packet engine.  The following changes are made:
    • L2 dest address – changed to next-hop MAC
    • L2 src address – changed to out bound L3 switch interface’s MAC
    • L3 IP TTL – decremented by 1
    • L3 IP checksum – recalculated due to changes to the IP header
    • L2 frame checksum – recalculated due to changes to the L2 and L3 headers
  • CEF is enabled by default on all CEF capable switches
  • disable CEF on 3750 series interface: no ip route-cache cef
  • disable CEF on 4500 series interface: no ip cef
  • verify CEF: show ip cef

Using DHCP with a multilayer switch

  • configuring an IOS DHCP server
    • switch(config)# ip dhcp excluded- address start-ip and ip
    • switch(config)# ip dhcp pool pool-name
    • switch(config-dhcp)# network ip-address subnet-mask
    • switch(config-dhcp)#  default-router ip address [ip-address2] [ip-address3]
    • switch(config-dhcp)# lease {infinite | {days [hours [minutes]]}}
    • switch(config-dhcp)# exit
    • check leases with: show ip dhcp binding
  • configuring a DHCP relay
    • switch(config)# interface vlan 5
    • switch(config-if)# ip address 192.168.1.1 255.255.255.0
    • switch(config-if)# ip helper-address 192.168.199.4
    • switch(config-if)# exit

2 thoughts on “CCNP Study Notes – Multilayer Switching

  1. Peter

    Hi Rich,

    I am quite frustrated with my Checkpoint and Juniper studies at the moment. Could you tell me how to start (do i need any equipments like Cisco Lab?)

    Can i use GNS3 to study Junos ? Could you point me to the right direction on where, how i can get the right materials for Junos and also hands-on experience ?

    Thank you.
    Peter

    Reply
    1. Rich Bibby Post author

      Hi Peter,

      I use Virtual Box or VMware for virtualizing both Check Point and juniper. You can do Juniper in GNS3 also. Check out http://routerjockey.com/2009/10/03/running-junos-under-vmware/ for Junos and then follow the lab guides on the GNS3 site here: http://www.gns3.net/labs

      I’ve come across a good site for learning check point also: http://elearncheckpoint.com/ Even if you don’t buy their course ware they have a great guide to setting up your own Check Point lab.

      Hope this helps

      Rich

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *