Configuring SDM Templates

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http:/​/​www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About Configuring SDM Templates

Understanding the SDM Templates

You can use SDM templates to configure system resources in the Switch to optimize support for specific features, depending on how the Switch is used in the network. You can select a template to provide maximum system usage for some functions; for example, use the default template to balance resources, and use the access template to obtain maximum ACL usage. The Switch SDM templates allocate system hardware resources for different uses.

You can select SDM templates for IP Version 4 (IPv4) to optimize these features on Switch running the IP Base or IP Services feature set:


Note

When the Switch is running the LAN Base feature set, do not select a routing template (sdm prefer routing). The routing values shown in the templates are not valid on the Switch. To configure IPv4 static routing on Switch running the LAN Base feature set, you must use the default template.

  • Routing—The routing template maximizes system resources for unicast routing, typically required for a router or aggregator in the center of a network.

  • VLANs—The VLAN template disables routing and supports the maximum number of unicast MAC addresses. It would typically be selected for a Layer 2 Switch.

  • Default—The default template gives balance to all functions.


    Note
    Use this template when configuring IPv4 static routing on SVIs on Switch running the LAN Base feature set. You can configure up to 16 static routes.

  • Access—The access template maximizes system resources for access control lists (ACLs) to accommodate a large number of ACLs.

The Switch also supports multiple dual IPv4 and IP Version 6 (IPv6) templates for environments with both types of traffic.


Note
Although these templates are visible on all Switch, the resources on Switch running the LAN Base feature do not match those shown in the templates:

  • Switch running the LAN Base feature set support only 255 VLANs, not 1024 as shown in all templates.

  • Although the routing template is visible, the template is not supported. The LAN Base feature set supports IPv4 static routing on SVIs (up to 16 static routes) and the Switch must be running the default template.

Table 1 Approximate Number of Feature Resources Allowed by the Templates
Resource Access Default Routing VLAN
Unicast MAC addresses 4 K 6 K 3 K 12 K
Internet Group Management Protocol (IGMP) groups and multicast routes 1 K 1 K 1 K 1 K
Unicast routes 6 K 8 K 11 K 0

  • Directly connected hosts

4 K 6 K 3 K 0

  • Indirect routes

2 K 2 K 8 K 0
Policy-based routing access control entries (ACEs) 0.5 K 0 0.5 K 0
IPv4 or MAC QoS ACEs 0.5 K 1 K 1 K 0.5 K
IPv4 or MAC security ACEs 2 K 1 K 1 K 1 K
VLANs 1 K 1 K
Number of IPv6 security ACEs 52 60 58 60

The table represents approximate hardware boundaries set when a template is selected. If a section of a hardware resource is full, all processing overflow is sent to the CPU, seriously impacting Switch performance.

In mixed stack scenarios such as lotr and pixar, the default template will be enabled with IPv6 FHS on pixar, but not on lotr. You cannot have mixed stack with default/vlan/routing/access templates with IPv6 FHS enabled.

You can use IPv6 FHS features such as RA Guard, DHCP Guard and NDP snooping by using the entries reserved for IPv6 Security Aces. Other IPv6 features such as IPv6 QoS or other IPv6 FHS features such as Source Guard will not work with this template.

Dual IPv4 and IPv6 SDM Templates

The dual IPv4 and IPv6 templates allow the Switch to be used in dual-stack environments, supporting both IPv4 and IPv6 traffic.

Using the dual-stack templates results in less hardware capacity allowed for each resource. Do not use them if you plan to forward only IPv4 traffic. These SDM templates support IPv4 and IPv6 environments on Switch running the IP Base or IP Services feature set:


Note

Do not select a routing template (sdm prefer routing, sdm prefer dual-ipv4-and-ipv6 routing, indirect-ipv4-and-ipv6-routing, direct-ipv4-and-ipv6-routing) when the Switch is running the LAN Base feature set. Although visible in the command-line help, the LAN Base feature set does not support IPv6 routing. On Switch running the LAN Base feature set, routing values shown in all templates are not valid.

  • Dual IPv4 and IPv6 default template—Supports Layer 2, multicast, routing, QoS, and ACLs for IPv4; and Layer 2, routing, ACLs, and QoS for IPv6 on the Switch.

  • Dual IPv4 and IPv6 routing template—Supports Layer 2, multicast, routing (including policy-based routing), QoS, and ACLs for IPv4; and Layer 2, routing, ACLs, and QoS for IPv6 on the Switch.

  • Dual IPv4 and IPv6 VLAN template—Supports basic Layer 2, multicast, QoS, and ACLs for IPv4, and basic Layer 2, ACLs, and QoS for IPv6 on the Switch.

With the indirect IPv4 and IPv6 routing template, the Switch supports more IPv6 indirect routes for deployments that do not need much direct IPv6 host route connectivity. Compared to the dual IPv4 and IPv6 routing template, the indirect IPv4 and IPv6 routing template also provides more unicast MAC addresses and IPv4 and IPv6 direct routes. However, the indirect IPv4 and IPv6 routing template allows fewer IPv4 policy-based routing entries and IPv6 ACL, QoS, and policy-based routes.

With the direct IPv4 and IPv6 routing template, the Switch supports more IPv4 and IPv6 direct routes. The direct IPv4 and IPv6 routing template also provides more unicast MAC addresses.

You must reload the Switch with the dual IPv4 and IPv6 templates for Switch running IPv6.

The following table defines the approximate feature resources allocated by each dual IPv4 and IPv6 template on Switch running the IP Base or IP Services feature set. Template estimations are based on a Switch with 8 routed interfaces and 1024 VLANs (255 VLANs on Switch running the LAN Base feature set).


Note

Although these templates are visible on all Switch, the resources on Switch running the LAN Base feature set do not match those shown in the templates:

  • Switch running the LAN Base feature set support only 255 VLANs, not 1024 VLANs as shown in all templates.

  • Although the routing template is visible, the template is not supported. The LAN Base feature set supports only 16 static IPv4 routes on SVIs, and the Switch must be running the default template.

Table 2 Approximate Number of Feature Resources Allowed by Dual IPv4-IPv6 Templates
Resource Dual IPv4-and IPv6 Templates Indirect IPv4 and IPv6 Routing Direct IPv4 and IPv6 Routing
Default VLAN Routing
Unicast MAC addresses 2 K 8 K 1.5 K 2 K 6 K
Internet Group Management Protocol (IGMP) groups and multicast routes 1 K 1 K 1 K (IGMP) 0 (multicast) 1 K 1 K
Total IPv4 Unicast routes 3 K 0 2.7 K 4 K 4 K

  • Directly connected IPv4 hosts

2 K 0 1.5 K 2 K 3 K

  • Indirect IPv4 routes

1 K 0 1.2 K 2 K 1 K
IPv4 Policy-based routing access control entries (ACEs) 0 0 0.25 K 0.125 K 0
IPv4 or MAC QoS ACEs (total) 0.5 K 0.5 K 0.5 K 0.5 K 0.5 K
IPv4 or MAC security ACEs (total) 1 K 1 K 0.5 K 0.625 K 0.5 K
IPv6 multicast groups 1 K 1 K 1 K 1 K 0
Directly connected IPv6 addresses 2 K 0 1.5 K 2 K 3 K
Indirect IPv6 unicast routes 1 K 0.125 K 1.25 K 3 K 3 K
IPv6 policy-based routing ACEs 0 0 0.25 K 0.125 K 0
IPv6 QoS ACEs 0.5 K 0.5 K 0.5 K 0.125 K 0.25 K
IPv6 security ACEs 0.5 K 0.5 K 0.5 K 0.125 K 0.25 K

SDM Templates and Switch Stacks

In a switch stack, all stack members must use the same SDM template that is stored on the active switch. When a new switch is added to a stack, the SDM configuration that is stored on the active switch overrides the template configured on an individual switch.

You can use the show switch privileged EXEC command to see if any stack members are in SDM mismatch mode.

How to Configure SDM Templates

Configuring the Switch SDM Template

Default SDM Template

The default template is the default Switch Database Management (SDM) desktop template.

SDM Template Configuration Guidelines

  • When you configure a new SDM template, you must reload the switch for the configuration to take effect.
  • If you try to configure IPv6 without first selecting a dual IPv4 and IPv6 template, a warning message appears.
  • Using the dual stack template results in less hardware capacity allowed for each resource, so do not use it if you plan to forward only IPv4 traffic.
  • On switches running the IP Base or IP Services feature set, use the sdm prefer vlan global configuration command only on switches intended for Layer 2 switching with no routing.
  • Use the sdm prefer vlan global configuration command only on switches intended for Layer 2 switching with no routing. When you use the VLAN template, no system resources are reserved for routing entries, and any routing is done through software. This overloads the CPU and severely degrades routing performance.
  • Do not select a routing template (sdm prefer routing, sdm prefer dual-ipv4-and-ipv6 routing, indirect-ipv4-and-ipv6-routing, direct-ipv4-and-ipv6-routing) when the switch is running the LAN Base feature set. Although visible in the command-line help, the LAN Base feature set does not support the routing templates. On switches running the LAN Base feature set, none of the routing values shown for the templates are valid.
  • Use the default template when configuring static routing on switches running the LAN Base feature set.
  • On switches running the LAN Base feature set, the number of supported VLANs displayed in the templates is incorrect. The LAN Base feature set supports only 255 VLANs.
  • Do not use the routing template if you do not have routing enabled on your switch. To prevent other features from using the memory allocated to unicast routing in the routing template, use the sdm prefer routing global configuration command.
  • Use the indirect-ipv4-and-ipv6-routing template to provide more space for IPv4 and IPv6 summary or indirect routes by providing less space for IPv4 policy-based routing entries and IPv6 ACL, QoS, and policy-based routes.

  • Use the direct-ipv4-and-ipv6-routing template to provide more space for IPv4 and IPv6 connected or direct routes by providing less space for IPv6 ACL and QoS routes.

Setting the SDM Template

Follow these steps to use the SDM template to maximize feature usage:

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    sdm prefer {access | default | dual-ipv4-and-ipv6 { default | routing | vlan} | indirect-ipv4-and-ipv6-routing | direct-ipv4-and-ipv6-routing | routing | vlan}

    4.    end

    5.    reload


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example: 
    Switch> enable
     

    Enables privileged EXEC mode. Enter your password if prompted.

     

    Step 2configure terminal


    Example: 
    
Switch# configure terminal
     

    Enters the global configuration mode.

     
    Step 3 sdm prefer {access | default | dual-ipv4-and-ipv6 { default | routing | vlan} | indirect-ipv4-and-ipv6-routing | direct-ipv4-and-ipv6-routing | routing | vlan}


    Example: 
    Switch(config)# sdm prefer default
     

    Specifies the SDM template to be used on the switch. The keywords have these meanings:

    • access —Maximizes system resources for ACLs.

    • default —The default template provides balance for all Layer 2, IPv4 and IPv6 functionality.

    • dual-ipv4-and-ipv6 —Specifies a template that supports both IPv4 and IPv6 routing.

      • default —Balances IPv4 and IPv6 Layer 2 and Layer 3 functionality.

      • routing —Provides maximum usage for IPv4 and IPv6 routing, including IPv4 policy-based routing.

      • vlan —Provides maximum usage for IPv4 and IPv6 VLANs.

    • indirect-ipv4-and-ipv6-routing —Maximizes IPv4 and IPv6 entries for indirect routes.

    • direct-ipv4-and-ipv6-routing —Maximizes IPv4 and IPv6 entries for direct routes.

    • routing —Maximizes routing on the switch.

    • vlan —Maximizes VLAN configuration on the switch with no routing supported in hardware.

    Note   

    Do not select a routing template when the switch is running the LAN Base feature set. Although visible in the command-line help, the LAN Base feature set does not support the routing template. To configure IPv4 static routing (16 static routes) with the LAN Base feature set, use the default template.

    Use the no sdm prefer command to set the switch to the default template. The default template balances the use of system resources.

     
    Step 4end


    Example: 
    
Switch(config)# end
     

    Returns to privileged EXEC mode.

     
    Step 5reload


    Example: 
    Switch# reload
     

    Reloads the operating system.

    After the system reboots, you can use the show sdm prefer privileged EXEC command to verify the new template configuration. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.

     
    Related Concepts
    SDM Templates
    Related References
    Examples: Configuring SDM Templates

    Displaying the SDM Templates

    Use the show sdm prefer privileged EXEC command with no parameters to display the active template.

    To display the resource numbers supported by the specified template, use the show sdm prefer [access | default | dual-ipv4-and-ipv6 {default | vlan} | indirect-ipv4-and-ipv6-routing | routing | vlan] privileged EXEC command.


    Note

    On Switch running the LAN Base feature set, routing values shown in all templates are not valid.

    Configuration Examples for SDM Templates

    Examples: Configuring SDM Templates

    This is an example output when you have changed the template and have not reloaded the switch: 
    Switch(config)# show sdm prefer
The current template is "desktop routing" template.
The selected template optimizes the resources in the switch to support this level of features for
8 routed interfaces and 1024 VLANs.

number of unicast mac addresses:          3K
number of igmp groups + multicast routes: 1K
number of unicast routes:                 11K
number of directly connected hosts:       3K
number of indirect routes: 															8K
number of qos aces: 																						0.5K
number of security aces: 																	1K
On next reload, template will be “desktop vlan” template.
    This example shows how to configure a switch running the IP Base or IP Services feature set with the routing template: 
    Switch(config)# sdm prefer routing
Switch(config)# end
Switch(config)# reload
Proceed with reload? [confirm]
    This example shows how to configure the IPv4-and-IPv6 default template: 
    Switch(config)# sdm prefer dual-ipv4-and-ipv6 default
Switch(config)# exit
Switch(config)# reload
Proceed with reload? [confirm]
    Related Concepts
    SDM Templates
    Related Tasks
    Setting the SDM Template

    Examples: Displaying SDM Templates


    Note
    On switches running the LAN Base feature set, routing values shown in all templates are not valid.

    This is an example output showing the advanced template information: 

    Switch# show sdm prefer 

Showing SDM Template Info

This is the Advanced template.
  Number of VLANs:                                 4094
  Unicast MAC addresses:                           32768
  Overflow Unicast MAC addresses:                  512
  IGMP and Multicast groups:                       8192
  Overflow IGMP and Multicast groups:              512
  Directly connected routes:                       32768
  Indirect routes:                                 8192
  Security Access Control Entries:                 3072
  QoS Access Control Entries:                      2816
  Policy Based Routing ACEs:                       1024
  Netflow ACEs:                                    1024
  Input Microflow policer ACEs:                    256
  Output Microflow policer ACEs:                   256
  Flow SPAN ACEs:                                  256
  Tunnels:                                         256
  Control Plane Entries:                           512
  Input Netflow flows:                             8192
  Output Netflow flows:                            16384
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created.


Switch#

    This is an example output showing the VLAN template information: 

     
Switch# show sdm prefer vlan

Showing SDM Template Info

This is the VLAN template for a typical Layer 2 network.
  Number of VLANs:                                 4094
  Unicast MAC addresses:                           32768
  Overflow Unicast MAC addresses:                  512
  IGMP and Multicast groups:                       8192
  Overflow IGMP and Multicast groups:              512
  Directly connected routes:                       32768
  Indirect routes:                                 8192
  Security Access Control Entries:                 3072
  QoS Access Control Entries:                      3072
  Policy Based Routing ACEs:                       0
  Netflow ACEs:                                    1024
  Input Microflow policer ACEs:                    0
  Output Microflow policer ACEs:                   0
  Flow SPAN ACEs:                                  256
  Tunnels:                                         0
  Control Plane Entries:                           512
  Input Netflow flows:                             16384
  Output Netflow flows:                            8192
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created.

Switch#

    Additional References for SDM Templates

    Related Documents

    Related Topic Document Title
    SDM command reference  
    VLAN configuration guide  

    Standards and RFCs

    Standard/RFC Title
    None

    MIBs

    MIB MIBs Link
    All supported MIBs for this release.

    To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

    http:/​/​www.cisco.com/​go/​mibs

    Technical Assistance

    Description Link

    The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

    To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

    Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​support