Catalyst 3550 Multilayer Switch Software Configuration Guide, 12.1(4)EA1
Configuring IP Unicast Routing
Download this chapter
Configuring IP Unicast RoutingConfiguring IP Unicast Routing
Download the complete book
Catalyst 3550 Multilayer Switch Software Configuration Guide (full book in PDF format)Catalyst 3550 Multilayer Switch Software Configuration Guide (full book in PDF format) (PDF - 12 MB)
give_us_feedback

Table Of Contents

Configuring IP Unicast Routing

Understanding Routing

Steps for Configuring Routing

Configuring IP Addressing

Default Addressing Configuration

Assigning IP Addresses to Network Interfaces

Use of Subnet Zero

Classless Routing

Configuring Address Resolution Methods

Define a Static ARP Cache

Set ARP Encapsulation

Enable Proxy ARP

Configure HP Probe Proxy

Routing Assistance When IP Routing is Disabled

Proxy ARP

Default Gateway

ICMP Router Discovery Protocol (IRDP)

Configuring Broadcast Packet Handling

Enabling Directed Broadcast-to-Physical Broadcast Translation

Forwarding UDP Broadcast Packets and Protocols

Establishing an IP Broadcast Address

Flooding IP Broadcasts

Monitoring and Maintaining IP Addressing

Enabling IP Routing

Configuring RIP

RIP Authentication

Summary Addresses and Split Horizon

Configuring IGRP

Load Balancing and Traffic Distribution Control

Split Horizon

Configuring OSPF

OSPF Interface Parameters

OSPF Area Parameters

Other OSPF Behavior Parameters

Change LSA Group Pacing

Loopback Interface

Monitoring OSPF

Configuring EIGRP

EIGRP Router Mode Commands

EIGRP Interface Mode Commands

Configure EIGRP Route Authentication

Monitoring and Maintaining EIGRP

Configuring Protocol-Independent Features

Configuring Cisco Express Forwarding

Configuring the Number of Equal-Cost Routing Paths

Configuring Static Routes

Specifying Default Routes

Specifying a Default Network

Redistributing Routing Information

Filtering Routing Information

Setting Passive Interfaces

Controlling Advertising and Processing in Routing Updates

Filtering Sources of Routing Information

Managing Authentication Keys

Monitoring and Maintaining the IP Network


Configuring IP Unicast Routing

This chapter describes how to configure IP unicast routing on your multilayer switch. To use this feature, you must have the enhanced multilayer switch image installed on your switch.

Note For more detailed IP unicast configuration information, refer to the Cisco IOS IP and IP Routing Configuration Guide for Release 12.1. For complete syntax and usage information for the commands used in this chapter, refer to the Cisco IOS IP and IP Routing Command Reference for Release 12.1.

This chapter consists of these sections:

Understanding Routing

Steps for Configuring Routing

Configuring IP Addressing

Enabling IP Routing

Configuring RIP

Configuring IGRP

Configuring OSPF

Configuring EIGRP

Configuring Protocol-Independent Features

Monitoring and Maintaining the IP Network

Note When configuring routing parameters on the switch, to allocate system resources to maximize the number of unicast routes allowed, you can use the sdm prefer routing global configuration command to set the Switch Database Management feature to the routing template. For more information on the SDM templates, refer to the "Optimizing System Resources for User-Selected Features" section.

Understanding Routing

Network devices in different VLANs cannot communicate with one another without a Layer 3 device (router) to route traffic between the VLANs. Routers can perform routing in three different ways:

By using default routing

By using preprogrammed static routes for the traffic

By dynamically calculating routes by using a routing protocol

Default routing refers to sending traffic with a destination unknown to the router to a default outlet or destination.

Static routing forwards packets from predetermined ports through a single path into and out of a network. Static routing is secure and uses little bandwidth, but does not automatically respond to changes in the network, such as link failure, and therefore, might result in unreachable destinations. As networks grow, static routing becomes a labor-intensive liability.

Dynamic routing protocols are used by routers to dynamically calculate the best route for forwarding traffic. There are two types of dynamic routing protocols:

Distance-vector protocols maintain routing tables with distance values of networked resources, and routers periodically pass these tables to their neighbors. Distance-vector protocols use one or a series of metrics for calculating the best routes. These protocols are easy to configure and use.

Routers using link-state protocols maintain a complex database of network topology, based on the exchange of link-state advertisements (LSAs) between routers. LSAs are triggered by an event in the network, which speeds up the convergence time or time required to respond to these changes. Link-state protocols respond quickly to topology changes, but require greater bandwidth and more resources than distance-vector protocols.

Distance-vector protocols supported by the Catalyst 3550 switch are Routing Information Protocol (RIP), which uses a single distance metric (cost) to determine the best path, and Interior Gateway Routing Protocol (IGRP), which uses a series of metrics. The switch also supports the Open Shortest Path First (OSPF) link-state protocol and Enhanced IGRP (EIGRP), which adds some link-state routing features to traditional IGRP to improve efficiency.

In some network environments, VLANs are associated with individual networks or subnetworks. In an IP network, each subnetwork is mapped to an individual VLAN. Configuring VLANs helps control the size of the broadcast domain and keeps local traffic local. However, when an end station in one VLAN needs to communicate with an end station in another VLAN, inter-VLAN communication is required. This communication is supported by inter-VLAN routing. You configure one or more routers to route traffic to the appropriate destination VLAN.

Figure 20-1 shows a basic routing topology. Switch A is in VLAN 10, and Switch B is in VLAN 20. The router has an interface in each VLAN.

Figure 20-1 Routing Topology Example

When Host A in VLAN 10 needs to communicate with Host B in VLAN 10, it sends a packet addressed to that host. Switch A forwards the packet directly to Host B, without sending it to the router.

When Host A sends a packet to Host C in VLAN 20, Switch A forwards the packet to the router, which receives the traffic on the VLAN 10 interface. The router checks the routing table, determines the correct outgoing interface, and forwards the packet on the VLAN 20 interface to Switch B. Switch B receives the packet and forwards it to Host C.

Steps for Configuring Routing

By default, IP routing is disabled on the Catalyst 3550 switch, and you must enable it before routing can take place. For detailed IP routing configuration information, refer to the Cisco IOS IP and IP Routing Configuration Guide for Release 12.1.

In the following procedures, the specified interface must be one of these Layer 3 interfaces:

A routed port: a physical port configured as a Layer 3 port by using the no switchport interface configuration command.

A switch virtual interface (SVI): a VLAN interface created by using the interface vlan vlan_id global configuration command and by default a Layer 3 interface.

An EtherChannel port channel in Layer 3 mode: a port-channel logical interface created by using the interface port-channel port-channel-number global configuration command and binding the Ethernet interface into the channel group. For more information, see the "Configuring Layer 3 EtherChannels" section.

Note On a Catalyst 3550-12T switch, we recommend configuring a maximum total of 16 SVIs and routed ports at one time to allow enough system resources to support other features. If requirements exceed the system hardware allocation, processing overflow is sent to the CPU, degrading performance. Refer to the "Optimizing System Resources for User-Selected Features" section for more information about feature combinations.

All Layer 3 interfaces must have IP addresses assigned to them. Refer to the "Assigning IP Addresses to Network Interfaces" section.

Configuring routing consists of several main procedures:

To support VLAN interfaces, create and configure VLANs on the switch, and assign VLAN membership to Layer 2 interfaces. For more information, see "Creating and Maintaining VLANs."

Configure Layer 3 interfaces.

Enable IP routing on the switch.

Assign IP addresses to the Layer 3 interfaces.

Enable selected routing protocols on the switch.

Configure routing protocol parameters (optional).

Configuring IP Addressing

A required task for configuring IP routing is to assign IP addresses to Layer 3 network interfaces to enable the interfaces and allow communication with the hosts on those interfaces that use IP. These sections describe how to configure various IP addressing features. Assigning IP addresses to the interface is required; the other procedures are optional.

Default Addressing Configuration

Assigning IP Addresses to Network Interfaces

Configuring Address Resolution Methods

Routing Assistance When IP Routing is Disabled

Configuring Broadcast Packet Handling

Monitoring and Maintaining IP Addressing

Default Addressing Configuration

Table 20-1 shows the default addressing configuration.

Table 20-1 Default Addressing Configuration 

Feature
Default Setting

IP address

None defined.

ARP

No permanent entries in the Address Resolution Protocol (ARP) cache.

Encapsulation: Standard Ethernet-style ARP.

Timeout: 14400 seconds (4 hours).

IP broadcast address

255.255.255.255 (all ones).

IP classless routing

Enabled.

IP default gateway

Disabled.

IP directed broadcast

Disabled (all IP directed broadcasts are dropped).

IP domain

Domain list: No domain names defined.

Domain lookup: Enabled.

Domain name: Enabled.

IP forward-protocol

If a helper address is defined or User Datagram Protocol (UDP) flooding is configured, UDP forwarding is enabled on default ports.

Any-local-broadcast: Disabled.

Spanning Tree Protocol (STP): Disabled.

Turbo-flood: Disabled.

IP helper address

Disabled.

IP host

Disabled.

IRDP

Disabled.

Defaults when enabled:

Broadcast IDRP advertisements.

Maximum interval between advertisements: 600 seconds.

Minimum interval between advertisements: 0.75 times max interval

Preference: 0.

IP probe proxy

Disabled.

IP proxy ARP

Enabled.

IP routing

Disabled.

IP subnet-zero

Disabled.


Assigning IP Addresses to Network Interfaces

An IP address identifies a location to which IP packets can be sent. Some IP addresses are reserved for special uses and cannot be used for host, subnet, or network addresses. Table 20-2 lists ranges of IP addresses and shows which are reserved and which are available for use. RFC 1166, "Internet Numbers," contains the official description of IP addresses.

Table 20-2 Reserved and Available IP Addresses  

Class
Address or Range
Status

A

0.0.0.0
1.0.0.0 to 126.0.0.0
127.0.0.0

Reserved
Available
Reserved

B

128.0.0.0 to 191.254.0.0
191.255.0.0

Available
Reserved

C

192.0.0.0
192.0.1.0 to 223.255.254
223.255.255.0

Reserved
Available
Reserved

D

224.0.0.0 to 239.255.255.255

Multicast group addresses

E

240.0.0.0 to 255.255.255.254
255.255.255.255

Reserved
Broadcast


An interface can have one primary IP address. A mask identifies the bits that denote the network number in an IP address. When you use the mask to subnet a network, the mask is referred to as a subnet mask. To receive an assigned network number, contact your Internet service provider.

Beginning in privileged EXEC mode, follow these steps to assign an IP address and a network mask to a Layer 3 interface:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Enter interface configuration mode, and specify the Layer 3 interface to configure.

Step 3 

no switchport

Remove the interface from Layer 2 configuration mode (if it is a physical interface).

Step 4 

ip address ip_address subnet_mask

Configure the IP address and IP subnet mask.

Step 5 

no shutdown

Enable the interface.

Step 6 

end

Exit configuration mode.

Step 7 

show interfaces [interface-id]

show ip interfaces [interface-id]

show running-config interfaces [interface-id]

Verify the configuration.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no ip address command to remove an IP address or to disable IP processing.

This example shows how to configure an IP address on Gigabit Ethernet interface 0/10: 

Switch# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)# interface gigabitethernet0/10

Switch(config)# no switchport

Switch(config-if)# ip address 10.1.2.3 255.255.0.0 

Switch(config-if)# no shutdown

Switch(config-if)# end 

Switch#

This example uses the show interfaces command to display the interface IP address configuration and status of Gigabit Ethernet interface 0/10: 

Switch# show interfaces gigabitethernet0/10

GigabitEthernet0/10 is up, line protocol is up

  Hardware is Gigabit Ethernet, address is 0002.4b29.2e00 (bia 0002

  Internet address is 40.5.121.10/24

  MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 100Mb/s

  input flow-control is off, output flow-control is off

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output 00:00:04, output hang never

  Last clearing of "show interface" counters never

  Queueing strategy: fifo

  Output queue 0/40, 0 drops; input queue 0/75, 0 drops

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 input packets with dribble condition detected

     30745 packets output, 3432096 bytes, 0 underruns

     0 output errors, 0 collisions, 6 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

This example uses the show ip interface command to display the detailed configuration and status of Gigabit Ethernet interface 0/10: 

Switch# show ip interface gigabitethernet0/10

GigabitEthernet0/10 is up, line protocol is down

  Internet address is 10.1.2.3/16

  Broadcast address is 255.255.255.255

  Address determined by non-volatile memory

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Multicast reserved groups joined: 224.0.0.1 224.0.0.2 224.0.0.13

  Outgoing access list is stan1

  Inbound  access list is 23

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP Null turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Probe proxy name replies are disabled

  Policy routing is disabled

  Network address translation is enabled, interface in domain outside

  WCCP Redirect outbound is disabled

  WCCP Redirect exclude is disabled

  BGP Policy Mapping is disabled

This example uses the show running-config command to display the interface IP address configuration of Gigabit Ethernet interface 0/10: 

Switch# show running-config interfaces gigabitethernet0/10 

Building configuration...


Current configuration : 189 bytes

!

interface GigabitEthernet0/10

 description CubeB

 no switchport

 ip address 10.1.2.3 255.255.0.0

 ip access-group 23 in

 ip access-group stan1 out

 ip pim sparse-dense-mode

 ip cgmp

end

Use of Subnet Zero

Subnetting with a subnet address of zero is strongly discouraged because of the problems that can arise if a network and a subnet have the same addresses. For example, if network 131.108.0.0 is subnetted as 255.255.255.0, subnet zero would be written as 131.108.0.0, which is the same as the network address.

You can use the all ones subnet (131.108.255.0) and even though it is discouraged, you can enable the use of subnet zero if you need the entire subnet space for your IP address.

Beginning in privileged EXEC mode, follow these steps to enable subnet zero:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip subnet-zero

Enable the use of subnet zero for interface addresses and routing updates.

Step 3 

end

Exit configuration mode.

Step 4 

show running-config

(Optional) Verify the setting.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no ip subnet-zero command to restore the default and disable the use of subnet zero.

This is an example of a partial output from the show running-config command used to verify IP subnet zero setting. 

Switch# show running-config

Building configuration...


Current configuration : 7454 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Perdido1

!

!

<output truncated>

ip subnet-zero

ip routing

no ip domain-lookup

ip domain-name a,b,c

ip name-server 12.10.13.14 


<output truncated>

Classless Routing

By default, classless routing behavior is enabled on the switch when it is configured to route. With classless routing, if a router receives packets for a subnet of a network with no default route, the router forwards the packet to the best supernet route. A supernet consists of contiguous blocks of Class C address spaces used to simulate a single, larger address space and is designed to relieve the pressure on the rapidly depleting Class B address space.

In Figure 20-2, classless routing is enabled. When the host sends a packet to 120.20.4.1, instead of discarding the packet, the router forwards it to the best supernet route. If you disable classless routing and a router receives packets destined for a subnet of a network with no network default route, the router discards the packet.

Figure 20-2 IP Classless Routing

In Figure 20-3, the router in network 128.20.0.0 is connected to subnets 128.20.1.0, 128.20.2.0, and 128.20.3.0. If the host sends a packet to 120.20.4.1, because there is no network default route, the router discards the packet.

Figure 20-3 No IP Classless Routing

To prevent the switch from forwarding packets destined for unrecognized subnets to the best supernet route possible, you can disable classless routing behavior.

Beginning in privileged EXEC mode, follow these steps to disable classless routing:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

no ip classless

Disable classless routing behavior.

Step 3 

end

Exit configuration mode.

Step 4 

show running-config

(Optional) Verify the setting.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To restore the default and have the switch forward packets destined for a subnet of a network with no network default route to the best supernet route possible, use the ip classless global configuration command.

Configuring Address Resolution Methods

You can control interface-specific handling of IP by using address resolution. A device using IP can have both a local address or MAC address, which uniquely defines the device on its local segment or LAN, and a network address, which identifies the network to which the device belongs. The local address or MAC address is known as a data link address because it is contained in the data link layer (Layer 2) section of the packet header and is read by data link (Layer 2) devices. To communicate with a device on Ethernet, the software must determine the MAC address of the device. The process of determining the MAC address from an IP address is called address resolution. The process of determining the IP address from the MAC address is called reverse address resolution.

The switch can use these forms of address resolution:

Address Resolution Protocol (ARP) is used to associate IP address with MAC addresses. Taking an IP address as input, ARP determines the associated MAC address and then stores the IP address/MAC address association in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and sent over the network. Encapsulation of IP datagrams and ARP requests or replies on IEEE 802 networks other than Ethernet is specified by the Subnetwork Access Protocol (SNAP).

Proxy ARP helps hosts with no routing tables determine the MAC addresses of hosts on other networks or subnets. If the switch (router) receives an ARP request for a host that is not on the same interface as the ARP request sender, and if the router has all of its routes to the host through other interfaces, it generates a proxy ARP packet giving its own local data link address. The host that sent the ARP request then sends its packets to the router, which forwards them to the intended host.

HP Probe is a protocol developed by Hewlett-Packard Company (HP) for use on IEEE-802.3 networks.

Catalyst 3550 switches also use the Reverse Address Resolution Protocol (RARP), which works the same as ARP except that the RARP request packets requests an IP address instead of a local MAC address. Using RARP requires a RARP server on the same network segment as the router interface. Use the interface configuration command ip rarp-server address to identify the server.

For more information on RARP, refer to the Cisco IOS Configuration Fundamentals Configuration Guide for Release 12.1.

You can perform these tasks to configure address resolution:

Define a Static ARP Cache

Set ARP Encapsulation

Enable Proxy ARP

Configure HP Probe Proxy

Define a Static ARP Cache

ARP and other address resolution protocols provide dynamic mapping between IP addresses and MAC addresses. Because most hosts support dynamic address resolution, you usually do not need to specify static ARP cache entries. If you must define a static ARP cache entry, you can do so globally, which installs a permanent entry in the ARP cache that the switch uses to translate IP addresses into MAC addresses. Optionally, you can also specify that the switch respond to ARP requests as if it were the owner of the specified IP address. If you do not want the ARP entry to be permanent, you can specify a timeout period for the ARP entry.

Beginning in privileged EXEC mode, follow these steps to provide static mapping between IP addresses and MAC addresses:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

arp ip-address hardware-address type

Globally associate an IP address with a MAC (hardware) address in the ARP cache. Type defines the encapsulation type:

arpa for Ethernet interfaces

snap for Token Ring and FDDI interfaces

Step 3 

arp ip-address hardware-address type alias

(Optional) Specify that the switch respond to ARP requests as if it were the owner of the specified IP address.

Step 4 

interface interface-id

Enter interface configuration mode, and specify the interface to configure.

Step 5 

arp timeout seconds

(Optional) Set the length of time an ARP cache entry will stay in the cache.

Step 6 

end

Return to privileged EXEC mode.

Step 7 

show interface [interface-id]

(Optional) Verify the type of ARP and the timeout value used on all interfaces or a specific interface.

Step 8 

show arp

(Optional) View the contents of the ARP cache.

Step 9 

show ip arp

(Optional) Verify IP ARP entries.

Step 10 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To remove an entry from the ARP cache, use the no arp ip-address hardware-address type global configuration command. To remove all nonstatic entries from the ARP cache, use the clear arp-cache privileged EXEC command.

This is a sample output from the show arp privileged EXEC command. 

Switch# show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.1.2.3                -   0002.4b29.2e00  ARPA   GigabitEthernet0/10

Internet  172.20.136.9          120   0030.19c6.54e1  ARPA   Vlan1

Internet  172.20.250.42         149   0030.19c6.54e1  ARPA   Vlan1

Internet  120.20.30.1             -   0002.4b29.2e00  ARPA   Vlan27

Internet  172.20.139.152        101   0030.19c6.54e1  ARPA   Vlan1

Internet  172.20.139.130        205   0030.19c6.54e1  ARPA   Vlan1

Internet  172.20.141.225        186   0030.19c6.54e1  ARPA   Vlan1

Internet  172.20.135.204        169   0002.4b29.4400  ARPA   Vlan1

Internet  172.20.135.202          -   0002.4b29.2e00  ARPA   Vlan1

Internet  172.20.135.197        172   0002.4b28.ce80  ARPA   Vlan1

Internet  172.20.135.196        156   0002.4b28.ce00  ARPA   Vlan1

Note For the Catalyst 3550 switch, the output from the show arp command and the show ip arp command would usually be the same.

Set ARP Encapsulation

By default, Ethernet ARP encapsulation (represented by the arpa keyword) is enabled on an IP interface. You can change the encapsulation methods to SNAP or HP Probe, as required by your network.

When you set HP Probe encapsulation, the Probe protocol always is used to attempt to resolve an Ethernet MAC address, and the switch communicates transparently with Hewlett-Packard IEEE-802.3 hosts that use this type of encapsulation. You must explicitly configure Probe for all interfaces that will use Probe.

Beginning in privileged EXEC mode, follow these steps to specify the ARP encapsulation type:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Enter interface configuration mode, and specify the Layer 3 interface to configure.

Step 3 

arp {arpa | probe | snap}

Specify the ARP encapsulation method:

arpa: Address Resolution Protocol

probe: HP Probe protocol

snap: Subnetwork Address Protocol

Step 4 

end

Return to privileged EXEC mode.

Step 5 

show interface [interface-id]

(Optional) Verify ARP encapsulation configuration on all interfaces or the specified interface.

Step 6 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To disable an encapsulation type, use the no arp interface configuration command.

This is a sample output from the show interface interface-id privileged EXEC command displaying ARP encapsulation. 

Switch# show interface gigabitethernet0/10

GigabitEthernet0/10 is up, line protocol is up

  Hardware is Gigabit Ethernet, address is 0002.4b29.2e00 (bia 0002

  Internet address is 40.5.121.10/24

  MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 100Mb/s

  input flow-control is off, output flow-control is off

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output 00:00:04, output hang never

  Last clearing of "show interface" counters never

  Queueing strategy: fifo

  Output queue 0/40, 0 drops; input queue 0/75, 0 drops

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 input packets with dribble condition detected

     30745 packets output, 3432096 bytes, 0 underruns

     0 output errors, 0 collisions, 6 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

Enable Proxy ARP

By default, the switch uses proxy ARP to help hosts determine MAC addresses of hosts on other networks or subnets.

Beginning in privileged EXEC mode, follow these steps to enable proxy ARP if it has been disabled:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Enter interface configuration mode, and specify the Layer 3 interface to configure.

Step 3 

ip proxy-arp

Enable proxy ARP on the interface.

Step 4 

end

Return to privileged EXEC mode.

Step 5 

show ip interface [interface-id]

(Optional) Verify the configuration on the interface or all interfaces.

Step 6 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To disable proxy ARP on the interface, use the no ip proxy-arp command.

This is an example of the show ip interface privileged EXEC command for Gigabit Ethernet interface 0.3, where proxy ARP is enabled. 

Switch# show ip interface gigabitethernet0/3 

GigabitEthernet0/3 is up, line protocol is down

  Internet address is 10.1.3.59/24

  Broadcast address is 255.255.255.255

  Address determined by setup command

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Multicast reserved groups joined: 224.0.0.1 224.0.0.2

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP CEF Fast switching turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is enabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Probe proxy name replies are disabled

  Policy routing is disabled

  Network address translation is disabled

  WCCP Redirect outbound is disabled

  WCCP Redirect exclude is disabled

  BGP Policy Mapping is disabled

Configure HP Probe Proxy

HP Probe Proxy support allows the switch to respond to HP Probe Proxy name requests, typically used at sites with Hewlett Packard equipment.

Beginning in privileged EXEC mode, follow these steps to enable configure HP Probe Proxy:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Enter interface configuration mode, and specify the Layer 3 interface to configure.

Step 3 

ip probe proxy

Enable the switch to respond to HP Probe Proxy name requests.

Step 4 

exit

Return to global configuration mode.

Step 5 

ip hp-host hostname ip-address

Enter the host name and IP address of an IP host (for which the router is acting as a proxy).

Step 6 

end

Return to privileged EXEC mode.

Step 7 

show ip interface [interface-id]

(Optional) Verify the configuration on the interface or all interfaces.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To disable HP Probe Proxy, use the no ip probe proxy interface configuration command. To remove a host name, use the no ip hp-host hostname ip-address global configuration command.

Routing Assistance When IP Routing is Disabled

These mechanisms allow the switch to learn about routes to other networks when it does not have IP routing enabled:

Proxy ARP

Default Gateway

ICMP Router Discovery Protocol (IRDP)

Proxy ARP

Proxy ARP, the most common method for learning about other routes, enables an Ethernet host with no routing information to communicate with hosts on other networks or subnets. The host assumes that all hosts are on the same local Ethernet and that they can use ARP to determine their MAC addresses. If a switch receives an ARP request for a host that is not on the same network as the sender, the switch evaluates whether it has the best route to that host. If it does, it sends an ARP reply packet with its own Ethernet MAC address, and the host that sent the request sends the packet to the switch, which forwards it to the intended host. Proxy ARP treats all networks as if they are local and performs ARP requests for every IP address.

Proxy ARP is enabled by default. To enable it after it has been disabled, see the "Enable Proxy ARP" section. Proxy ARP works as long as other routers support it.

Default Gateway

Another method for locating routes is to define a default router or default gateway. All nonlocal packets are sent to this router, which either routes them appropriately or sends an IP Control Message Protocol (ICMP) redirect message back, defining which local router the host should use. The switch caches the redirect messages and forwards each packet as efficiently as possible. A limitation of this method is that there is no means of detecting when the default router has gone down or is unavailable.

Beginning in privileged EXEC mode, follow these steps to define a default gateway (router) when IP routing is disabled:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip default-gateway ip-address

Set up a default gateway (router).

Step 3 

end

Return to privileged EXEC mode.

Step 4 

show ip redirects

(Optional) Display the address of the default gateway router to verify the setting.

Step 5 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no ip default-gateway global configuration command to disable this function.

This example shows how to set and verify a default gateway: 

Switch(config)# ip default-gateway 10.1.5.59

Switch(config)# end 

Switch# show ip redirect

Default gateway is 10.1.5.59


Host               Gateway           Last Use    Total Uses  Interface

ICMP redirect cache is empty

ICMP Router Discovery Protocol (IRDP)

Router discovery allows the switch to dynamically learn about routes to other networks using IRDP. IRDP allows hosts to locate routers. When operating as a client, the switch generates router discovery packets. When operating as a host, the switch receives router discovery packets. The switch can also listen to Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP) routing updates and use this information to infer locations of routers. The switch does not actually store the routing tables sent by routing devices; it merely keeps track of which systems are sending the data. The advantage of using IRDP is that it allows each router to specify both a priority and the time after which a device is assumed to be down if no further packets are received.

Each device discovered becomes a candidate for the default router, and a new highest-priority router is selected when a higher priority router is discovered, when the current default router is declared down, or when a TCP connection is about to time out because of excessive retransmissions.

The only required task for IRDP routing on an interface is to enable IRDP processing on that interface. When enabled, the default parameters apply. You can optionally change any of these parameters.

Beginning in privileged EXEC mode, follow these steps to enable and configure IRDP on an interface:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Enter interface configuration mode, and specify the Layer 3 interface to configure.

Step 3 

ip irdp

Enable IRDP processing on the interface.

Step 4 

ip irdp multicast

(Optional) Send IRDP advertisements to the multicast address (224.0.0.1) instead of IP broadcasts.

Note This command allows for compatibility with Sun Microsystems Solaris, which requires IRDP packets to be sent out as multicasts. Many implementations cannot receive these multicasts; ensure end-host ability before using this command.

Step 5 

ip irdp holdtime seconds

(Optional) Set the IRDP period for which advertisements are valid. Default is three times the maxadvertinterval value. It must be greater than maxadvertinterval and cannot be greater than 9000 seconds. If you change the maxadvertinterval value, this value also changes.

Step 6 

ip irdp maxadvertinterval seconds

(Optional) Set the IRDP maximum interval between advertisements. The default is 600 seconds.

Step 7 

ip irdp minadvertinterval seconds

(Optional) Set the IRDP minimum interval between advertisements. The default is 0.75 times the maxadvertinterval. If you change the maxadvertinterval, this value changes to the new default (0.75 of maxadvertinterval).

Step 8 

ip irdp preference number

(Optional) Set a device IRDP preference level. The allowed range is -231 to 231. The default is 0. A higher value increases the router preference level.

Step 9 

ip irdp address address [number]

(Optional) Specify an IRDP address and preference to proxy-advertise.

Step 10 

end

Return to privileged EXEC mode.

Step 11 

show ip irdp

(Optional) Verify settings by displaying IRDP values.

Step 12 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

If you change the maxadvertinterval value, the holdtime and minadvertinterval values also change, so it is important to first change the maxadvertinterval value, before manually changing either the holdtime or minadvertinterval values.

Use the no ip irdp interface configuration command to disable IRDP routing.

This example shows IRDP routing enabled on Gigabit Ethernet interface 0/3: 

Switch# show ip irdp

Vlan1 has router discovery disabled


Vlan2 has router discovery disabled


GigabitEthernet0/1 has router discovery disabled


GigabitEthernet0/2 has router discovery disabled


GigabitEthernet0/3 has router discovery enabled


Advertisements will occur between every 450 and 600 seconds.

Advertisements are sent with broadcasts.

Advertisements are valid for 1800 seconds.

Default preference will be 0.

GigabitEthernet0/4 has router discovery disabled


Port-channel1 has router discovery disabled

Configuring Broadcast Packet Handling

After configuring IP interface address, you can choose to enable routing and configure one or more routing protocols, or you can configure the way the switch responds to network broadcasts. A broadcast is a data packet destined for all hosts on a physical network. The switch supports two kinds of broadcasting:

A directed broadcast packet is sent to a specific network or series of networks. A directed broadcast address includes the network or subnet fields.

A flooded broadcast packet is sent to every network.

Note You can also limit broadcast, unicast, and multicast traffic on Layer 2 interfaces by using the interface mode switchport broadcast, switchport unicast, and switchport multicast commands. For more information, see "Configuring Traffic Suppression and Traffic Control."

Routers provide some protection from broadcast storms by limiting their extent to the local cable. Bridges (including intelligent bridges), because they are Layer 2 devices, forward broadcasts to all network segments, thus propagating broadcast storms. The best solution to the broadcast storm problem is to use a single broadcast address scheme on a network. In most modern IP implementations, you can set the address to be used as the broadcast address. Many implementations, including the one in the Catalyst 3550 switch, support several addressing schemes for forwarding broadcast messages.

Perform the tasks in these sections to enable these schemes:

Enabling Directed Broadcast-to-Physical Broadcast Translation

Forwarding UDP Broadcast Packets and Protocols

Establishing an IP Broadcast Address

Flooding IP Broadcasts

Enabling Directed Broadcast-to-Physical Broadcast Translation

By default, IP directed broadcasts are dropped; they are not forwarded. Dropping IP-directed broadcasts makes routers less susceptible to denial-of-service attacks.

You can enable forwarding of IP-directed broadcasts on an interface where the broadcast becomes a physical (MAC-layer) broadcast. Only those protocols configured by using the ip forward-protocol global configuration command are forwarded.

You can specify an access list to control which broadcasts are forwarded. When an access list is specified, only those IP packets permitted by the access list are eligible to be translated from directed broadcasts to physical broadcasts. For more information on access lists, see "Configuring Network Security with ACLs."

Beginning in privileged EXEC mode, follow these steps to enable forwarding of IP-directed broadcasts on an interface:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Enter interface configuration mode, and specify the interface to configure.

Step 3 

ip directed-broadcast [access-list-number]

Enable directed broadcast-to-physical broadcast translation on the interface. You can include an access list to control which broadcasts are forwarded. When an access list is specified, only IP packets permitted by the access list are eligible to be translated.

Step 4 

exit

Return to global configuration mode.

Step 5 

ip forward-protocol {udp [port] | nd | sdns}

Specify which protocols and ports the router forwards when forwarding broadcast packets.

udp: Forward UPD datagrams.

port: (Optional) Destination port that controls which UDP services are forwarded.

nd: Forward ND datagrams.

sdns: Forward SDNS datagrams

Step 6 

show ip interface [interface-id]

show running-config

(Optional) Verify the configuration on the interface or all interfaces.

Step 7 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no ip directed-broadcast interface configuration command to disable translation of directed broadcast to physical broadcasts. Use the no ip forward-protocol global configuration command to remove a protocol or port.

Forwarding UDP Broadcast Packets and Protocols

User Datagram Protocol (UDP) is an IP host-to-host layer protocol, as is TCP. UDP provides a low-overhead, connectionless session between two end systems and does not provide for acknowledgment of received datagrams. Network hosts occasionally use UDP broadcasts to determine address, configuration, and name information. If such a host is on a network segment that does not include a server, UDP broadcasts are normally not forwarded. You can remedy this situation by configuring an interface on a router to forward certain classes of broadcasts to a helper address. You can use more than one helper address per interface.

You can specify a UDP destination port to c