Configuring Layer 3 Interfaces

This chapter describes the Layer 3 interfaces on a Catalyst 4500 series switch. It also provides guidelines, procedures, and configuration examples.

This chapter includes the following major sections:

note.gif

Noteblank.gif For complete syntax and usage information for the switch commands used in this chapter, see the
Cisco IOS Command Reference Guides for the Catalyst 4500 Series Switch.

If a command is not in the Cisco Catalyst 4500 Series Switch Command Reference , you can locate it in the Cisco IOS Master Command List, All Releases.

About Layer 3 Interfaces

The Catalyst 4500 series switch supports Layer 3 interfaces with the Cisco IOS IP and IP routing protocols. Layer 3, the network layer, is primarily responsible for the routing of data in packets across logical internetwork paths.

Layer 2, the data link layer, contains the protocols that control the physical layer (Layer 1) and how data is framed before being transmitted on the medium. The Layer 2 function of filtering and forwarding data in frames between two segments on a LAN is known as bridging.

The Catalyst 4500 series switch supports two types of Layer 3 interfaces. The logical Layer 3 VLAN interfaces integrate the functions of routing and bridging. The physical Layer 3 interfaces allow the Catalyst 4500 series switch to be configured like a traditional router.

note.gif

Noteblank.gif On a Catalyst 4500 series switch, a physical Layer 3 interface has MAC address learning enabled.

This section contains the following subsections:

Logical Layer 3 VLAN Interfaces

The logical Layer 3 VLAN interfaces provide logical routing interfaces to VLANs on Layer 2 switches. A traditional network requires a physical interface from a router to a switch to perform inter-VLAN routing. The Catalyst 4500 series switch supports inter-VLAN routing by integrating the routing and bridging functions on a single Catalyst 4500 series switch.

Figure 36-1 shows how the routing and bridging functions in the three physical devices of the traditional network are performed logically on one Catalyst 4500 series switch.

Figure 36-1 Logical Layer 3 VLAN Interfaces for the Catalyst 4500 Series Switch

 

94169a.jpg

Physical Layer 3 Interfaces

The physical Layer 3 interfaces support capabilities equivalent to a traditional router. These Layer 3 interfaces provide hosts with physical routing interfaces to a Catalyst 4500 series switch.

Figure 36-2 shows how the Catalyst 4500 series switch functions as a traditional router.

Figure 36-2 Physical Layer 3 Interfaces for the Catalyst 4500 Series Switch

 

94168a.jpg

Understanding SVI Autostate Exclude

To be up/up, a router VLAN interface must fulfill the following general conditions:

  • The VLAN exists and is active on the VLAN database of the switch.
  • The VLAN interface exists on the router and is not administratively down.
  • At least one Layer 2 (access port or trunk) port exists, has a link up on this VLAN, and is in spanning-tree forwarding state on the VLAN.
note.gif

Noteblank.gif The protocol line state for the VLAN interfaces comes up when the first switch port belonging to the corresponding VLAN link comes up and is in spanning-tree forwarding state.

Ordinarily, when a VLAN interface has multiple ports in the VLAN, the SVI goes down when all the ports in the VLAN go down. The SVI Autostate Exclude feature provides a knob to mark a port so that it is not counted in the SVI up and down calculation and applies to all VLANs that are enabled on that port.

A VLAN interface is brought up after the Layer 2 port has had time to converge (that is, transition from listening-learning to forwarding). This prevents routing protocols and other features from using the VLAN interface as if it were fully operational. It also prevents other problems from occurring, such as routing black holes.

Understanding Layer 3 Interface Counters

note.gif

Noteblank.gif Supervisor Engine 9-E, 8L-E, 8-E, 7-LE, 7-E, 6L-E, do not support Layer 2 interface counters. However, they do support Layer 3 (SVI) interface counters.

When you run IPv4 and IPv6 on Supervisor Engines 9-E, 8L-E, 8-E, 7-LE, 7-E, 6L-E, 6-E, packets are routed in hardware by the forwarding engine. They support the following statistics for counting routed packets with a maximum of 4092 interfaces:

  • Input unicast
  • Input multicast
  • Output unicast
  • Output multicast

For each counter type, both the number of packets and the total number of bytes received or transmitted are counted. You can collect these statistics uniquely for IPv4 and IPv6 traffic.

Because the total number of supported Layer 3 interfaces exceeds the number of counters supported by hardware, all Layer 3 interfaces might not have counters. You assign counters to Layer 3 interfaces; the default configuration for a Layer 3 interface has no counters.

You can configure collection statistics at an interface level in one of the four ways (see Table 36-1 ). The maximum number of interfaces applied to the configuration depends on the collection mode.

 

Table 36-1 Configuring Statistics Collection Node
Counter Mode
Configuration CLI
Function
Maximum

IPv4 only

counter ipv4

Only IPv4 statistics are collected.

4092

IPv6 only

counter ipv6

Only IPv6 statistics are collected.

4092

IPv4 and IPv6 combined

counter

Both IPv4 and IPv6 statistics are collected but are displayed only as a sum.

4092

IPv4 and IPv6 separate

counter ipv4 ipv6 separate

Both IPv4 and IPv6 statistics are collected and can be displayed individually.

2046

When mixing these configured modes, the rule is as follows:

(number of v4/v6/v4v6combined interfaces) + 2*(number of v4v6separate interfaces) <= 4092

note.gif

Noteblank.gif To enable Layer 3 interface counters, you need to enter the counter command in interface mode. For instructions, see the “Configuring Layer 3 Interface Counters” section.

The hardware counters are displayed in the output of the show interface command, as shown in the following example. Counter fields that are updated when the counter configuration is present are highlighted.

Switch# show interface gi3/1
GigabitEthernet3/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet Port, address is 001f.9e9e.f43f (bia 001f.9e9e.f43f)
Internet address is 10.10.10.2/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000-TX
input flow-control is on, output flow-control is on
Auto-MDIX on (operational: on)
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 53000 bits/sec, 122 packets/sec
5 minute output rate 53000 bits/sec, 122 packets/sec
L3 in Switched: ucast: 37522 pkt, 752892 bytes - mcast: 0 pkt, 0 bytes <===== (A)
L3 out Switched: ucast: 37522 pkt, 752892 bytes - mcast: 0 pkt, 0 bytes <===== (B)
IPv6 L3 in Switched: ucast: 24328 pkt, 145968 bytes - mcast: 0 pkt, 0 bytes <==(C)
IPv6 L3 out Switched: ucast: 24328 pkt, 145968 bytes - mcast: 0 pkt, 0 bytes <===(D)
103639 packets input, 6632896 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
103674 packets output, 6641715 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
 

The output of the previous configuration depends on the counter configuration ( Table 36-2 ).

 

Table 36-2 Fields Updated in Previous Configuration/Counter Configuration
Counter Configuration
Updated Fields

IPv4 only

(A) and (B) only

IPv6 only

(C) and (D) only

IPv4 and IPv6 combined

(A) and (B) only

IPv4 and IPv6 separate

(A) and (B) for IPv4

(C) and (D) for IPv6

Configuration Guidelines

The Catalyst 4500 series switch supports AppleTalk routing and IPX routing. For AppleTalk routing and IPX routing information, refer to “Configuring AppleTalk” and “Configuring Novell IPX” in the Cisco IOS AppleTalk and Novell IPX configuration guides at the following URLs:

http://www.cisco.com/en/US/docs/ios/at/configuration/guide/12_4/atk_12_4_book.html

http://www.cisco.com/en/US/docs/ios/novipx/configuration/guide/config_novellipx_ps6350_TSD_Products_Configuration_Guide_Chapter.html

note.gif

Noteblank.gif Supervisor Engine 9-E, 8L-E, 8-E, 7-LE, 7-E, 6L-E, and 6-E do not support AppleTalk and IPX routing.

  • Catalyst 4500 series switches do not support subinterfaces or the encapsulation keyword on
    Layer 3 Fast Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet interfaces.
  • Starting IOS XE 3.11.0, Catalyst 4500 series switches do not support egress Access Controlled Lists (ACLs) on a tunnel interface and on the source interface of the tunnel.
note.gif

Noteblank.gif As with any Layer 3 interface running Cisco IOS software, the IP address and network assigned to an SVI cannot overlap those assigned to any other Layer 3 interface on the switch.

Configuring Logical Layer 3 GRE Tunnel Interfaces

Tunnels are point-to-point dedicated virtual links to transport packets from one endpoint to another. Generic Routing Encapsulation (GRE) is a tunneling protocol used to encapsulate network layer protocols inside virtual point-to-point links. A GRE tunnel only provides encapsulation and not encryption.

With GRE, devices running a given network layer protocol can communicate over a network running a different network layer protocol. A network receives and encapsulates the native packet into another network protocol and sends the encapsulated packet towards its de-encapsulation point. The encapsulation point is the tunnel entry and the de-encapsulation point is the tunnel exit.

note.gif

Noteblank.gif Beginning in Cisco IOS XE Release 3.7.1E, GRE tunnels are supported on the hardware on Cisco Catalyst 4500 Series switches.

When GRE is configured with tunnel options (such as key, checksum, etc.), packets are switched in software. When GRE is configured without tunnel options, packets are hardware-switched.

Restrictions and Limitations for Logical Layer 3 GRE Tunnel Interfaces:

  • Multicast routing is not supported on GRE tunnels, so PIM configuration is not supported on a GRE tunnel interface.
  • Limitation relating to GRE-encapsulated packets that are switched in hardware (applies only to Catalyst 4500-X Series Switches):

If a GRE tunnel is configured on a Catalyst 4500 switch and the ingress to this device is through a Layer 2 interface which has an SVI configured locally and is running HSRP (and is the current active), GRE encapsulated unicast traffic is not sent across the endpoints of the GRE tunnel, because of which routing adjacencies cannot be established and pings across the GRE tunnel do not work.

To work around this problem, configure the HSRP group to the use the burned-in address (BIA) feature ( standby use-bia interface configuration command). It enables HSRP groups to use an interface's burned-in MAC address (or physical MAC address) instead of a virtual MAC address. Note that configuring the standby use-bia interface configuration command may slow down convergence after an HSRP switchover, since the new active has to send a gratuitous ARP to refresh the ARP entries through the subnet. For more information, see: https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9281-3.html.

To configure a GRE tunnel, perform this task:

 

Command
Purpose

Step 1
Switch(config)# interface tunnel number

Enables tunneling on the interface.

Step 2
Switch(config-if)# ipv6 address ip_address subnet_mask

Configures the IPv6 address and subnet mask.

Step 3
Switch(config-if)# ip address ip_address subnet_mask

Configures the IP address and IP subnet.

Step 4
Switch(config-if)# tunnel source {ip-address | type number}

Configures the tunnel source.

Step 5
Switch(config-if)# tunnel destination {hostname | ip-address}

Configures the tunnel destination.

Step 6
Switch(config-if)# tunnel mode gre ip

Configures the tunnel mode.

Step 7
Switch(config-if)# end

Exits configuration mode.

Step 8
Switch# copy running-config startup-config

Saves your configuration changes to NVRAM.

Step 9
Switch# show running-config interface tunnel number

Verifies the configuration.

This example shows how to configure the logical Layer 3 GRE tunnel interface tunnel 2:

Switch> enable
Switch# config term
Switch(config)# interface tunnel 2
Switch(config-if)# ipv6 address 1001:1::1/64
Switch(config-if)# ip address 100.1.1.1 255.255.255.0
Switch(config-if)# tunnel source 10.10.10.1
Switch(config-if)# tunnel destination 10.10.10.2
Switch(config-if)# tunnel mode gre ip
Switch(config-if)# end

Configuring Logical Layer 3 VLAN Interfaces

note.gif

Noteblank.gif Before you can configure logical Layer 3 VLAN interfaces, you must create and configure the VLANs on the switch, assign VLAN membership to the Layer 2 interfaces, enable IP routing if IP routing is disabled, and specify an IP routing protocol.

To configure logical Layer 3 VLAN interfaces, perform this task:

 

Command
Purpose

Step 1
Switch(config)# vlan vlan_ID

Creates the VLAN.

Step 2
Switch(config)# interface vlan vlan_ID

Selects an interface to configure.

Step 3
Switch(config-if)# ip address ip_address subnet_mask

Configures the IP address and IP subnet.

Step 4
Switch(config-if)# no shutdown

Enables the interface.

Step 5
Switch(config-if)# end

Exits configuration mode.

Step 6
Switch# copy running-config startup-config

Saves your configuration changes to NVRAM.

Step 7
Switch# show interfaces [ type slot/interface ]
Switch# show ip interfaces [ type slot/interface ]
Switch# show running-config interfaces [ type slot/interface ]
Switch# show running-config interfaces vlan vlan_ID

Verifies the configuration.

This example shows how to configure the logical Layer 3 VLAN interface VLAN 2 and assign an IP address:

Switch> enable
Switch# config term
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# vlan 2
Switch(config)# interface vlan 2
Switch(config-if)# ip address 10.1.1.1 255.255.255.248
Switch(config-if)# no shutdown
Switch(config-if)# end
 

This example shows how to use the show interfaces command to display the interface IP address configuration and status of Layer 3 VLAN interface VLAN 2:

Switch# show interfaces vlan 2
Vlan2 is up, line protocol is down
Hardware is Ethernet SVI, address is 00D.588F.B604 (bia 00D.588F.B604)
Internet address is 172.20.52.106/29
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Switch#
 

This example shows how to use the show running-config command to display the interface IP address configuration of Layer 3 VLAN interface VLAN 2:

Switch# show running-config
Building configuration...
 
Current configuration : !
interface Vlan2
ip address 10.1.1.1 255.255.255.248
!
ip classless
no ip http server
!
!line con 0
line aux 0
line vty 0 4
!
end

Configuring VLANs as Layer 3 Interfaces

This section consists of the following subsections:

Configuring SVI Autostate Exclude

note.gif

Noteblank.gif The SVI Autostate Exclude feature is enabled by default and is synchronized with the STP state.

The SVI Autostate Exclude feature shuts down (or brings up) the Layer 3 interfaces of a switch when the following port configuration changes occur:

  • When the last port on a VLAN goes down, the Layer 3 interface on that VLAN is shut down
    (SVI- autostated).
  • When the first port on the VLAN is brought back up, the Layer 3 interface on the VLAN that was previously shut down is brought up.

SVI Autostate Exclude enables you to exclude the access ports and trunks in defining the status of the SVI (up or down) even if it belongs to the same VLAN. If the excluded access port and trunk is in up state and other ports are in down state in the VLAN, the SVI state is changed to down.

To make the SVI state up, at least one port in the VLAN should be up and not excluded. This action helps to exclude the monitoring port status when you are determining the status of the SVI.

To apply SVI Autostate Exclude, perform this task:

 

Command
Purpose

Step 1
Switch# configure terminal

Enters global configuration mode.

Step 2
Switch(config)# interface interface-id

Enters interface configuration mode.

Step 3
Switch(config-if)# switchport autostate exclude

Excludes the access ports and trunks in defining the status of an SVI (up or down).

Step 4
Switch(config)# end

Exits configuration mode.

Step 5
Switch# show run interface

Displays the running configuration.

Step 6
Switch# show interface switchport

Verifies the configuration.

This example shows how to apply SVI Autostate Exclude on interface g3/1:

Switch# conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface g3/1
Switch(config-if)# switchport autostate exclude
Switch(config-if)# end
Switch# show run int g3/4
Building configuration...
 
Current configuration : 162 bytes
!
interface GigabitEthernet3/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2,3
switchport autostate exclude <=====
switchport mode trunk
end
 
Switch# show int g3/4 switchport
Name: Gi3/4
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: none Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk associations: none Administrative private-vlan trunk mappings: none Operational private-vlan: none Trunking VLANs Enabled: 2,3 Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL
Autostate mode exclude <======
 
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Switch#

Configuring IP MTU Sizes

You can set the protocol-specific maximum transmission unit (MTU) size of IPv4 or IPv6 packets that are sent on an interface.

For information on MTU limitations, refer to “Maximum Transmission Units” section.

note.gif

Noteblank.gif To set the nonprotocol-specific MTU value for an interface, use the mtu interface configuration command. Changing the MTU value (with the mtu interface configuration command) can affect the IP MTU value. If the current IP MTU value matches the MTU value, and you change the MTU value, the IP MTU value is modified automatically to match the new MTU. However, the reverse is not true; changing the IP MTU value has no effect on the value for the mtu command.

For information on how to configure MTU size, refer to “Configuring MTU Sizes” section.

To set the protocol-specific maximum transmission unit (MTU) size of IPv4 or IPv6 packets sent on an interface, perform this task:

 

Command
Purpose

Step 1
Switch# configure terminal

Enters global configuration mode.

Step 2
Switch(config)# interface interface-id

Enters interface configuration mode.

Step 3
Switch(config-if)# [no] ip mtu mtu_size
or
Switch(config-if)# [no] ipv6 mtu mtu_size

Configures the IPv4 MTU size

Configures the IPv6 MTU size.

The no form of the command reverts to the default MTU size (1500 bytes).

Step 4
Switch(config-if)# exit

Exits configuration interface mode.

Step 5
Switch(config)# end

Exits configuration mode.

Step 6
Switch# show run interface interface-id

Displays the running configuration.

This example shows how to configure IPv4 MTU on an interface:

Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface vlan 1
Switch(config-if)# ip mtu 68
Switch(config-if)# exit
Switch(config)# end
Switch# show ip interface vlan 1
Vlan1 is up, line protocol is up
Internet address is 10.10.10.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 68 bytes
Helper address is not set
.........................(continued)
 

The following example shows how to configure IPv6 MTU on an interface:

 
Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface vlan 1
Switch(config-if)# ipv6 mtu 1280
Switch(config)# end
 

This example shows how to verify the configuration

Switch# show ipv6 interface vlan 1
Vlan1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::214:6AFF:FEBC:DEEA
Global unicast address(es):
1001::1, subnet is 1001::/64
Joined group address(es):
FF02::1
FF02::1:FF00:1
FF02::1:FFBC:DEEA
MTU is 1280 bytes
...................(continued)
note.gif

Noteblank.gif When IPv6 is enabled on an interface using any CLI command, you may see the following message:

% Hardware MTU table exhausted

In this situation, the IPv6 MTU value programmed in hardware differs from the IPv6 interface MTU value. This situation occurs if no room exists in the hardware MTU table to store additional values. You must free up some space in the table by unconfiguring some unused MTU values and subsequently disable and reenable IPv6 on the interface or reapply the MTU configuration.

Configuring Layer 3 Interface Counters

note.gif

Noteblank.gif Supervisor Engine 9-E, 8L-E, 8-E, 7-LE, 7-E, 6L-E, 6-E, do not support Layer 2 interface counters.

To configure Layer 3 interface counters (assign counters to a Layer 3 interface), perform this task:

 

Command
Purpose

Step 1
Switch# configure terminal

Enters global configuration mode.

Step 2
Switch(config)# interface interface-id

Enters interface configuration mode.

Step 3
Switch(config-if)# counter {ipv4 | ipv6 | ipv4 ipv6 separate>

Enables counters.

counter —Enables collection of IPv4 and IPv6 statistics and displays them as a sum

counter ipv4 — Enables collection of IPv4 statistics only

counter ipv6 — Enables collection of IPv6 statistics only

counter ipv4 ipv6 separate —Enables collection of IPv4 and IPv6 statistics and displays them individually

Step 4
Switch(config)# end

Exits configuration mode.

Step 5
Switch# show run interface interface-id

Displays the running configuration.

This example shows how to enable counters on interface VLAN 1:

Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface vlan 1
Switch(config-if)# counter ipv4
Switch(config-if)# end
Switch#
00:17:15: %SYS-5-CONFIG_I: Configured from console by console
Switch# show run interface vlan 1
Building configuration...
 
Current configuration : 63 bytes
!
interface Vlan1
ip address 10.0.0.1 255.0.0.0
counter ipv4
end
note.gif

Noteblank.gif To remove the counters, use the no counter command.

If you have already assigned the maximum number of counters, the counter command fails and displays an error message:

Switch# config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fa3/2
Switch(config-if)# no switchport
Switch(config-if)# counter ipv6
Counter resource exhausted for interface fa3/2
Switch(config-if)# end
Switch#
00:24:18: %SYS-5-CONFIG_I: Configured from console by console
 

In this situation, you must release a counter from another interface for use by the new interface.

Configuring Physical Layer 3 Interfaces

note.gif

Noteblank.gif Before you can configure physical Layer 3 interfaces, you must enable IP routing if IP routing is disabled, and specify an IP routing protocol.

To configure physical Layer 3 interfaces, perform this task:

 

Command
Purpose

Step 1
Switch(config)# ip routing

Enables IP routing (required only if disabled)

Step 2
Switch(config)# interface { fastethernet | gigabitethernet | tengigabitethernet } slot / port } | { port-channel port_channel_number }

Selects an interface to configure.

Step 3
Switch(config-if)# no switchport

Converts this port from physical Layer 2 port to physical Layer 3 port.

Step 4
Switch(config-if)# ip address ip_address subnet_mask

Configures the IP address and IP subnet.

Step 5
Switch(config-if)# no shutdown

Enables the interface.

Step 6
Switch(config-if)# end

Exits configuration mode.

Step 7
Switch# copy running-config startup-config

Saves your configuration changes to NVRAM.

Step 8
Switch# show interfaces [ type slot/interface ]
Switch# show ip interfaces [ type slot/interface ]
Switch# show running-config interfaces [ type slot/interface ]

Verifies the configuration.

This example shows how to configure an IP address on Fast Ethernet interface 2/1:

Switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# ip routing
Switch(config)# interface fastethernet 2/1
Switch(config-if)# no switchport
Switch(config-if)# ip address 10.1.1.1 255.255.255.248
Switch(config-if)# no shutdown
Switch(config-if)# end
Switch#
 

This example shows how to use the show running-config command to display the interface IP address configuration of Fast Ethernet interface 2/1:

Switch# show running-config
Building configuration...
!
interface FastEthernet2/1
no switchport
ip address 10.1.1.1 255.255.255.248
!
ip classless
no ip http server
!
!
line con 0
line aux 0
line vty 0 4
!
end

Configuring Multipoint GRE

This section consists of the following subsections:

About Multipoint GRE

Point-to-Multipoint (P2MP) is a hub-n-spoke topology that uses Multipoint GRE protocol (mGRE). mGRE is built over IPv4 core/underlying network and allows multiple destinations to be grouped into a single multipoint interface. It supports Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) protocols, IPv4 and IPv6 unicast payload, and IPv4 multicast payload. mGRE does static and dynamic Next Hop Resolution Protocol (NHRP) tunneling for hub-to-spoke and spoke-to-spoke technologies, providing scalability and also reducing configuration complexity. Spokes dynamically register themselves with the hub and individual spokes also dynamically learn about other spokes using the NHRP protocol forming a dynamic-mesh network, that is, a non-broadcast multi-access network (NBMA). In NBMA, all routing protocols send their updates to a physical NBMA address. mGRE in conjunction with IPSEC and NHRP can be used in Dynamic Multipoint VPN (DMVPN).

 

355421.jpg

In this figure, each spoke acts as a Next Hop Client (NHC) and is configured with static mapping information (hub’s tunnel IP address and NBMA address) to reach hub which acts as Next Hop Server (NHS). NHCs send Next Hop Resolution Protocol (NHRP) registration request to NHS which allows NHS to learn mapping information of the spoke and form a tunnel (hub and spoke) dynamically.

In addition to NHRP registration of NHCs (spokes) with NHS (hub), NHRP provides the capability for NHC to dynamically discover another NHC on demand and form spoke-to-spoke tunnel. Without this discovery, IP packets traversing from hosts behind one spoke to hosts behind another spoke have to traverse by way of the NHS router. This increases the utilization of the hub's physical bandwidth and CPU to process these packets that come into the hub on the multipoint interface and go right back out the multipoint interface. This is often called hairpinning. With NHRP, systems attached to an NBMA network dynamically learn the NBMA address of the other systems that are part of that network, allowing these systems to directly communicate without requiring traffic to use an intermediate hop. This alleviates the load on the intermediate hop (NHS) and can increase the overall bandwidth of the NBMA network to be greater than the bandwidth of the hub router and effectively creates a full-mesh-capable network without having to discover all possible connections beforehand.

This is called a dynamic-mesh network, where there is a base hub-and-spoke network of NHCs and NHSs for transporting NHRP, dynamic routing protocol information, data traffic, and dynamic direct spoke-to-spoke links that are built when there is data traffic to use the link and torn down when the data traffic stops.

Configuring Unicast mGRE at Hub

 

Command
Purpose

Step 1

enable

 
Device> enable
 

Enables privileged EXEC mode..

Step 2

configure terminal

 
Device# configure terminal

Enters global configuration mode.

Step 3

interface type number

 
Device(config)# interface tunnel 1

Configures an interface and enters interface configuration mode.

Step 4

ip nhrp map ip-address nbma-address

 
Device(config-if)# ip nhrp map 10.0.0.1

Configures multipoint GRE as the tunnel mode.

Step 5

ip ospf network point-to-multipoint

 
Device(config-if)# ip ospf network point-to-multipoint

If the underlying protocol is OSPF, execute this command to set the network type to point-to-multipoint.

Step 6

ip address address mask

 
Device(config-if)# ip address 10.1.1.1 255.255.255.255

Configures IP address of the tunnel.

Step 7

ipv6 address address prefix

 
Device(config-if)# ipv6 address 2001:DB8:1::1

Configures IPv6 address of the tunnel.

Step 8

tunnel source address

 
Device(config-if))# tunnel source 172.16.1.3

Configures the source IP address of the tunnel.

Step 9

tunnel mode gre multipoint

 
Device(config-if))# tunnel mode gre multipoint
 

Configures multipoint GRE as the tunnel mode.

Step 10
{ip | ipv6} nhrp network-id id
 
Switch(config-if)# ip nhrp network id 1

Defines the NHRP domain which differentiates if multiple NHRP domains (GRE tunnel interfaces) are available on the same NHRP router.

Step 11

{ip | ipv6} nhrp registration timeout seconds

Device(config-if)# ip nhrp registration timeout 30

Changes the interval that NHRP NHCs take to send NHRP registration requests to configured NHRP NHSs..

Step 12

{ip | ipv6} nhrp holdtime seconds

Device(config-if)# ip nhrp holdtime 400#

Changes the number of seconds that NHRP NBMA addresses are advertised as valid in positive NHRP responses

Step 13

{ip | ipv6} nhrp authentication string

 
Device(config-if)# ip nhrp authentication DMVPN

Specifies an authentication string.

Step 14

ip pim nbma-mode

 
Device(config-ip)# ip pim nbma-mode

Configures a multiaccess WAN interface to be in non-broadcast multiaccess (NBMA) mode.

Step 15

ip nhrp map multicast dynamic

 
Device(config-if)# ip nhrp map multicast dynamic

(Optional) Enables NHRP server (hub) to create a broadcast/multicast mapping for the spoke when spoke routers register their unicast NHRP mapping with the hub.

Step 16

ip next-hop self eigrp number

 
Device(config-if)# ip next-hop self eigrp 10

(Optional) Enables the hub to use the next received hop while sending routing protocol updates of one spoke to another, so that hosts behind hosts can reach directly.

Step 17

ip split-horizon eigrp number

 
Device(config-if)# ip split-horizon eigrp 10

(Optional) Enables routing protocol updates of one spoke to be sent to another spoke.

Step 18

end

Device(config-if)# end

Exits interface configuration mode and returns to user EXEC mode.

Configuring Unicast mGRE at Spoke

 

Command
Purpose

Step 1

enable

 
Device> enable

Enables privileged EXEC mode..

Step 2

configure terminal

 
Device# configure terminal

Enters global configuration mode.

Step 3

interface type number

 
Device(config)# interface tunnel1

Configures an interface and enters interface configuration mode.Ensure that this configuration is on a tunnel interface.

Step 4

ip nhrp map ip-address nbma-address

 
Device(config-if)# ip nhrp map 10.0.0.1 192.0.0.1

Configures static IP-to-NBMA address mapping of hub on spoke.

Step 5

{ip | ipv6} nhrp map multicast nbma-address

 
Device(config-if)# ip nhrp map multicast 10.0.0.2

Enables IP multicast and broadcast packets (example: routing protocol information) to be sent from spoke to hub.

Step 6

ip nhrp nhs nhs-address

 
Device(config-if)# ip nhrp nhs 192.0.2.1

Enables spoke to send NHRP registration request to hub.

Here nhs-address is the hub tunnel’s address.

Step 7

tunnel source address

 
Device(config-if))# tunnel source 172.16.1.3

Configures the source IP address of the tunnel.

Step 8

tunnel mode gre multipoint

 
Device(config-if))# tunnel mode gre multipoint
 

Configures multipoint GRE as the tunnel mode.

Step 9

end

Device(config-if)# end

Exits interface configuration mode and returns to user EXEC mode.

Sample mGRE Configuration at Hub and Spokes

On SPOKE 1:

interface Tunnel1
ip address 192.168.1.3 255.255.255.0
no ip redirects
ip nhrp map 192.168.1.1 172.16.1.1
ip nhrp network-id 1
ip nhrp holdtime 600
ip nhrp nhs 192.168.1.1
ip nhrp registration timeout 30
tunnel source 172.16.1.3
tunnel mode gre multipoint
end
 

On SPOKE 2:

interface Tunnel1
ip address 192.168.1.2 255.255.255.0
no ip redirects
ip nhrp map 192.168.1.1 172.16.1.1
ip nhrp network-id 1
ip nhrp holdtime 600
ip nhrp nhs 192.168.1.1
ip nhrp registration timeout 30
tunnel source 172.16.1.2
tunnel mode gre multipoint

On HUB:

interface Tunnel1
ip address 192.168.1.1 255.255.255.0
no ip redirects
ip nhrp network-id 1
ip nhrp holdtime 600
ip nhrp registration timeout 30
ip ospf 1 area 0
tunnel source 172.16.1.1
tunnel mode gre multipoint
end