ccnp3 v5.0 bcmsn mod04 implementing intervlan routing.pptx

1

CCNP 3 (V50)

Building Cisco Multilayer

Switched Networks

(BCMSN) v30

Module 5 Implementing Inter-VALN routing

Origin Cisco Academic Press

Update 이훈재(李焄宰) HoonJae Lee 동서대학교

e-mail hjleedongseoackr

Homepage httpkowondongseoackr~hjlee

httpcryptodongseoackr

Module 4 Implementing Inter-VLAN

routing

- cisco flash v50 -

MCMSN v50

module 4

Cisco flash v50

Dongseo University

HoonJae Lee

2


routing (flash v50)

41 Describing Routing Between VLANs

42 Enabling Routing Between VLANS

43 Deploying CEF-Based Multilayer Switching

44 Inter-VLAN Routing Lab Exercises

4

Inter-VLAN Routing

A VLAN is a logical group of ports usually belonging to a single IP

subnet to control the size of the broadcast domain

Even though devices in different VLANs may be ldquophysicallyrdquo

connected as shown in the previous slides these devices cannot

communicate without the services of a default gateway a router

Because VLANs isolate traffic to a defined broadcast domain and

subnet network devices in different VLANs cannot communicate

with each other without the use of a router

This is known as Inter-VLAN Routing

3

5

Inter-VLAN Routing

The following devices are

capable of providing inter-

VLAN routing

1 Any Layer 3

multilayer Catalyst

switch

2 Any external router

with an interface that

supports trunking

(ldquorouter-on-a-stickrdquo)

3 Any external router or

group of routers with a

separate interface in

each VLAN

Or trunk port

Inter-VLAN Routing with External Router

bull a single trunk link between the

switch and the router that can

carry the traffic of multiple VLANs

and which in turn can be routed

by the router

6

4

The advantages are as follows

Implementation is simple

Layer 3 services are not required on the switch

The router provides communications between VLANs

The disadvantages are as follows

The router is a single point of failure

The single traffic path between the switch and the router may

become congested

Latency is higher than on a Layer 3 switch


7

8

Router On a Stick

Router on a stick is very simple to implement because routers are

usually available in every network

Most enterprise networks use multilayer switches to achieve high

packet-processing rates using hardware switching

Multilayer (layer 3) switches usually have packet-switching

throughputs in the millions of packets per second (pps) whereas

traditional general-purpose routers provide packet switching in the

range of 100000 pps to just over 1 million pps 110 speed down

5

9

Connecting VLANs with Multilayer Switches

Layer 2 Interfaces

Access portmdash Carries

traffic for a single VLAN

Trunk portmdash Carries

traffic for multiple

VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Describing Inter-VLAN Routing Using External

Router Configuration Commands

10

6

Inter-VLAN Routing on External Router

8021Q Trunk Link

switch(config)interface FastEthernet 00switch(config-if)switchport trunk encapsulation dot1qswitch(config-if)switchport mode trunk

11

Inter-VLAN Routing on External Router ISL

Trunk Link switch(config)interface FastEthernet 00switch(config-if)switchport trunk encapsulation islswitch(config-if)switchport mode trunk

12

7

Verifying Inter-VLAN Routing

13

MLS(multilayer switch) = Switch + Router

into one device

A multilayer switch combines the functionality of a

switch and a router into one device therefore

enabling the device to switch traffic when the

source and destination are in the same VLAN and

to route traffic when the source and destination are

in different VLANs (that is different subnets)

The same VLAN switching

Different VLANs routing

ASIC wire speed

Routing table access control list (ACL)

store in CAM TCAM

Explaining Multilayer Switching

14

8

Layer 2 Switch Forwarding process ndash In MLS

15

Logical Flow for a Multilayer Switch

16

9

Frame Rewrite

17

The source MAC address changes from the sender MAC address to the

router MAC address

The destination MAC address changes from the router MAC to the next-hop

MAC address

The TTL is decremented by one and as a result the IP header checksum

is recalculated

The frame checksum is recalculated

Routing switching ACL and QoS tables are stored in a high-speed table memory so that forwarding decisions and restrictions can be made in high-speed hardware

Cisco Catalyst switches create and use two primary table architectures

CAM (content addressable memory)

two results 0 (true) or 1 (false)

MAC address tables

TCAM (ternary content addressable memory ) ndash Ternary Logic

three results 0 (donrsquot care) 1 (true) 2 (false)

IP tables routing ACL QoS

Switching Table Architectures - Details

CAM TCAM

18

10

CAM Application

Key

VLAN ID

Key

19

The information a switch uses to perform a lookup in a CAM table is

called a key

For example a Layer 2 lookup would use a destination MAC address

and a VLAN ID as a key

In specific high-end switch platforms the TCAM

is a portion of memory designed for rapid

hardware-based table lookups of Layer 3 and

Layer 4 information In the TCAM a single

lookup provides all Layer 2 and Layer 3

forwarding information for frames including CAM

and ACL information

How the values are stored in the TCAM

access-list 101 permit ip host 10111 any

access-list 101 deny ip 10110 000255 any

Longest match region

Each longest match region consists of groups of

Layer 3 address entries (ldquobucketsrdquo) organized in

decreasing order by mask length All entries

within a bucket share the same mask value and

key size The buckets can change their size

dynamically by borrowing address entries from

neighboring buckets Although the size of the

whole protocol region is fixed you can

reconfigure it The reconfigured size of the

protocol region takes effect only after the next

system reboot

First-Match region

The first-match region consists of ACL entries

Lookup stops after the first match of the entry

TCAM

20

11


routing (flash v50)





22

Layer 3 Interfaces

The Catalyst multilayer switches support three different types of Layer 3 interfaces

Routed portmdash A pure Layer 3 interface similar to a routed port on a Cisco IOS router

Switch virtual interface (SVI) mdash A virtual VLAN interface for inter-VLAN routing In other words SVIs are the virtual routed VLAN interfaces

Bridge virtual interface (BVI) mdash A Layer 3 virtual bridging interface (Not discussed)

12

23

MLS Layer 3 Interface Routed Port

MLS Layer 3 Interface Routed Port A routed switch port is a physical switch port on a multilayer switch that is

capable of Layer 3 packet processing A routed port is not associated with a

particular VLAN as contrasted with an access port or SVI The switch port

functionality is removed from the interface A routed port behaves like a

regular router interface except that it does not support VLAN subinterfaces

Routed switch ports can be configured using most commands applied to a

physical router interface including the assignment of an IP address and the

configuration of Layer 3 routing protocols

A routed switch port is a standalone port that is not associated with a VLAN

whereas an SVI is a virtual interface that is associated with a VLAN SVIs

generally provide Layer 3 services for devices connected to the ports of the

switch where the SVI is configured Routed switch ports can provide a Layer

3 path into the switch for a number of devices on a specific subnet all of

which are accessible from a single physical switch port

The number of routed ports and SVIs that can be configured on a switch is

not limited by software However the interrelationship between these

interfaces and other features configured on the switch may overload the

CPU because of hardware limitations

24

13

A routed port has the following characteristics and functions

Physical switch port with Layer 3 capability

Not associated with any VLAN

Serves as the default gateway for devices out that switch port

Layer 2 port functionality must be removed before it can be

configured


25

Configuration of Routed Ports on a Multilayer

Switch

26

14

27

MLS Layer 3 Interface SVI

Switch virtual interfaces (SVI) are Layer 3 interfaces that are configured on multilayer Layer 3 Catalyst switches that are used for inter-VLAN routing

An SVI is a virtual VLAN interface that is associated with the VLAN-ID to enable routing capability on that VLAN

Note These are virtual interfaces

DLSwitch(config)interface vlan 1DLSwitch(config-if)ip address 1721611 2552552550DLSwitch(config)interface vlan 10DLSwitch(config-if)ip address 17216101 2552552550DLSwitch(config)interface vlan 20DLSwitch(config-if)ip address 17216201 2552552550DLSwitch(config)interface vlan 30DLSwitch(config-if)ip address 17216301 2552552550

28


To configure communication between VLANs you must configure each

SVI with an IP address and subnet mask in the chosen address

range for that subnet

The IP address associated with the VLAN interface is the default

gateway of the workstation


15

Layer 3 SVI

To provide a default

gateway for a VLAN so

that traffic can be routed

between VLANs

To provide fallback

bridging if it is required for

non-routable protocols

To provide Layer 3 IP

connectivity to the switch

To support routing protocol

and bridging configurations

29

Configuring Inter-VLAN Routing on a Multilayer Switch

30

16


routing (flash v50)





32

MLS and CEF

One of the bottlenecks in high-speed networking is the

decision-making process within the router

Two of the methods used by Cisco devices to speed

up this process are

1 Multilayer Switching (MLS)

2 Cisco Express Forwarding (CEF)

17

33

Internal route processors

Route Processors include

Route Switch Module (RSM) ndash 4000 5000 6000 7000

Route Switch Feature Card (RSFC) - 5000

Multilayer Switch Module (MSM) - 6000

Multilayer Switch Feature Card (MSFC) - 6000

Other terms used

Layer-3 Card or Layer-3 ldquoBladerdquo

MultiLayer Switch Route Processor (MLS-RP)

The router in the network (handles the first packet in every

flow)

34

Introduction to MLS

MLS is a technology used by a small number of older

Catalyst switches to provide wire-speed routing

MLS is sometimes known as Route once switch

many

The first packet of a flow is routed by the router in

software and the remaining packets are forwarded in

hardware by the switch

18

35

Introduction to CEF

CEF is the technology used by newer Cisco devices to provide wire-speed routing

Unlike MLS which requires the route processor to route the first packet of a flow CEF enables packet switching to circumvent the route processor altogether

This is accomplished by the communication process between the route processor and the switch processor to create the shortcut info before the first packet arrives

ldquoRoute never switch alwaysrdquo

36

Multilayer Switching

Multilayer switching refers to the ability of a Catalyst switch to

support switching and routing of packets in hardware with optional

support for Layers 4 through 7 switching in hardware as well

Hardware switching A route processor (Layer 3 engine) must

download software-based routing switching access lists QoS and

other information to the hardware for packet processing

Traditional MLS CEF-Based MLS

19

37

Traditional and CEF-based MLS

To accomplish multilayer switching (packet processing in hardware)

Cisco Catalyst switches use either

Traditional multilayer switching (traditional MLS)

Cisco Express Forwarding (CEF)-based MLS architecture

Traditional MLS is a legacy feature whereas all leading-edge

Catalyst switches support CEF-based multilayer switching (CEF-based

MLS)

38


The term multilayer switching (MLS) is a general networking term

that refers to hardware-based PDU header rewriting and forwarding

based on information specific to one or more OSI layers

When used in the context of this class MLS refers to Cisco MLS

20

39

Traditional MLS

MLS enables specialized

application-specific integrated

circuits (ASICs) to perform

Layer 2 rewrite operations of

routed packets

Layer 2 rewrites include

rewriting the source and

destination MAC addresses

and writing a recalculated cyclic

redundancy check (CRC)

Because the source and


change during Layer 3 rewrites

the switch must recalculate the

CRC for these new MAC

addresses

40

Traditional MLS

For Catalyst switches that support traditional MLS the switch learns

Layer 2 rewrite information from an MLS router via an MLS protocol

Also known as netflow-based switching

With traditional MLS the Layer 3 engine (route processor) and

switching ASICs work together to build Layer 3 entries on the switch

Each entry contains a source a source and destination or full flow

information including Layer 4 protocol information

21

41

Traditional MLS

With traditional MLS the switch forwards the first packet in any flow to the Layer 3 engine for processing using software switching

After the routing of the first packet in the flow the Layer 3 engine programs the hardware-switching components for routing for subsequent packets

dot1q Tag

(inside Eth Hdr)

Ethernet Header IP Header IP

Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE

MLS-RPMLS-RP The Destination MAC

Address is one of the

routerrsquos interfaces

There is not an existing

flow so I will flag this as

a candidate packet

Candidate Packet Info

Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE

MLS-RPCandidate Packet Info

Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

Dst IP Src IP Port Dst

Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS

Cache rewrite Ethernet

Header and send directly

to Host B forget the

router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF

CEF-based MLS forwarding model is used to download the control plane information such as the access lists to the data plane on the supervisor port or line card for hardware switching of packets

Control plane represents the Layer 3 engine (route processor)

Data plane represents the hardware components such as ASICs used by the switch for hardware switching

CEF is a topology-based forwarding model in which all routing information is prepopulated into a forwarding information base (FIB)

As a result of the prepopulation of routing information Catalyst switches can quickly look up routing information such as IP adjacencies and next-hop IP and MAC addresses

24

47

CEF

The two main components of CEF are FIB and Adjacency Tablebull Forwarding information base (FIB)

Used make IP destination prefix-based switching decisions

Similar to a routing table or information base

It maintains a mirror image of the forwarding information contained in the IP routing table

When routing or topology changes occur in the network the IP routing table is updated and those changes are reflected in the FIB

The FIB maintains next-hop address information based on the information in the IP routing table

In the context of CEF-based MLS both the Layer 3 engine and the hardware-switching components maintain an FIB

Routing Table

48

CEF

Adjacency tables

Network nodes in the network are said to be adjacent if they can

reach each other with a single hop across a link layer (OSPF

EIGRP)

A router normally maintains

Routing table containing Layer 3 network and next-hop

information

ARP table containing Layer 3 to Layer 2 address mapping

These tables are kept independently

25

49

CEF

Adjacency tables

Recall that the FIB keeps the Layer 3 next-hop address for each entry

To streamline packet forwarding even more the FIB has corresponding Layer 2 information for every next-hop entry

This portion of the FIB is called the adjacency table consisting of the MAC addresses of nodes that can be reached in a single Layer 2 hop

Layer 2 MAC Addresses

Next Hop Information

50

CEF

Adjacency tables (summary more detail coming)

The adjacency table information is built from the ARP table

As a next-hop address receives a valid ARP entry the adjacency table is updated

If an ARP entry does not exist the FIB entry is marked as ldquoCEF glean(이삭 줍기)rdquo

This means that the Layer 3 forwarding engine cant forward the packet in hardware due to the missing Layer 2 next-hop address

The packet is sent to the Layer 3 engine so that it can generate an ARP request and receive an ARP reply

This is known as the ldquoCEF gleanrdquo state where the Layer 3 engine must glean the next-hop destinations MAC address

No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3

Engine Irsquoll generate the ARP

Request and get an

ARP Reply

26

51

CEF

Adjacency tables

During the time that a FIB entry is in the CEF glean state waiting for the ARP resolution subsequent packets to that host are immediately dropped so that the input queues do not fill and the Layer 3 engine does not become too busy worrying about the need for duplicate ARP requests

This is called ARP throttling(목 조르기) or throttling adjacency

If an ARP reply is not received in two seconds the throttling is released so that another ARP request can be triggered

Otherwise after an ARP reply is received the throttling is released the FIB entry can be completed and packets can be forwarded completely in hardware

Explaining Layer 3 Switch Processing

52

27


Layer 3 switching refers to a class of high performance routers

optimized for the campus LAN or intranet providing both wire-speed

Ethernet routing and switching services

A Layer 3 switch router performs the following three major functions

Packet switching

Route processing

Intelligent network services

Compared to other routers Layer 3 switch routers process more

packets faster by using ASIC hardware instead of microprocessor-

based engines Layer 3 switch routers also improve network

performance with two software functions route processing and

intelligent network services

Layer 3 switching software employs a distributed architecture in

which the control path and data path are relatively independent The

control path code such as routing protocols runs on the route

processor whereas most of the data packets are forwarded by the

Ethernet interface module and the switching fabric 53


Each interface module includes a microcoded processor that

handles all packet forwarding The control layer functions between

the routing protocol and the with the firmware datapath microcode

following primary duties

Manages the internal data and control circuits for the packet-

forwarding and control functions

Extracts the other routing and packet forwarding-related control

information from the Layer 2 and Layer 3 bridging and routing

protocols and the configuration data and then conveys the

information to the interface module to control the datapath

Collects the datapath information such as traffic statistics from

the interface module to the route processor

Handles certain data packets sent from the Ethernet interface

modules to the route processor

54

28


55


Layer 3 switching can occur at two different locations on the switch

Centralized Switching decisions are made on the route

processor by a central forwarding table typically controlled by an

ASIC

Distributed Switching decisions are made on a port or line-card

level Cached tables are distributed and synchronized to various

hardware components so that processing can be distributed

throughout the switch chassis

Layer 3 switching uses one of these two methods depending on the

platform

Route caching Also known as flow-based or demand-based

switching a Layer 3 route cache is built in hardware since the

switch sees traffic flow into the switch

Topology-based Information from the routing table is used to

populate the route cache regardless of traffic flow The

populated route cache is called the forwarding information base

(FIB) CEF builds the FIB 56

29

Explaining CEF-based Multilayer Switches

bull CEF Operation modes

bull Central CEF

bull Distributed CEF

bull CEF-based Cisco MultiLayer SwitchesCatalyst 2970 Catalyst 3550Catalyst 3560

Catalyst 3750 Catalyst 4500Catalyst 4948

Catalyst 6500 two card modules of CP and DP

57


Cisco Layer 3 devices can use a variety of methods to switch packets from

one port to another The most basic method of switching packets between

interfaces is called process switching Process switching moves packets

between interfaces on a scheduled basis based on information in the

routing table and the Address Resolution Protocol (ARP) cache As packets

arrive they are put in a queue to wait for further processing When the

scheduler runs the outbound interface is determined and the packet is

switched Waiting for the scheduler introduces latency

To speed the switching process strategies exist to switch packets on

demand as they arrive and to cache the information necessary to make

packet-forwarding decisions

CEF uses these strategies to expediently switch data packets to their

destination It caches information generated by the Layer 3 routing engine

CEF caches routing information in one table (the FIB) and caches Layer 2

next-hop addresses for all FIB entries in an adjacency table Because CEF

maintains multiple tables for forwarding information parallel paths can exist

and enable CEF to load balance per packet

58

30


CEF operates in one of two modes

Central CEF The FIB and adjacency tables reside on the route

processor and the route processor performs the express forwarding

Use this mode when line cards are not available for CEF switching or

when features are not compatible with distributed CEF

Distributed CEF (dCEF) Supported only on Cisco Catalyst 6500

switches Line cards maintain identical copies of the FIB and adjacency

tables The line cards can perform the express forwarding by

themselves relieving the main processor of being involved in the

switching operation Distributed CEF uses an interprocess

communications (IPC) mechanism to ensure that the FIBs and

adjacency tables are synchronized on the route processor and line

cards

59

Identifying the Multilayer Switch Packet Forwarding Process

60

31


61

CEF separates the control plane hardware from the data plane hardware

and switching ASICs separate the control plane and data plane thereby

achieving higher data throughput

The control plane is responsible for building the FIB and adjacency

tables in software

The data plane is responsible for forwarding IP unicast traffic using

hardware

When traffic cannot be processed in hardware the traffic must receive

processing in software by the Layer 3 engine thereby not receiving the

benefit of expedited hardware-based forwarding A number of different

packet types may force the Layer 3 engine to process them Some

examples of IP exception packets are the following

IP packets that use IP header options (Packets that use TCP header options are

switched in hardware because they do not affect the forwarding decision)

Packets that have an expiring IP Time to Live (TTL) counter

Packets that are forwarded to a tunnel interface

Packets that arrive with non-supported encapsulation types

Packets that are routed to an interface with non-supported encapsulation types

Packets that exceed the maximum transmission unit (MTU) of an output interface

and must be fragmented

62


32


CEF-based tables are initially populated and used as follows

The FIB is derived from the IP routing table and is arranged for maximum lookup throughput

The adjacency table is derived from the ARP table and it contains Layer 2 rewrite (MAC) information for the

next hop

CEF IP destination prefixes are stored in the TCAM table from the most specific to the least specific entry

When the CEF TCAM table is full a wildcard entry redirects frames to the Layer 3 engine

When the adjacency table is full a CEF TCAM table entry points to the Layer 3 engine to redirect the

adjacency

The FIB lookup is based on the Layer 3 destination address prefix (longest match)

The FIB table is updated when the following occurs

An ARP entry for the destination next hop changes ages out or is removed

The routing table entry for a prefix changes

The routing table entry for the next hop changes

These are the basic steps for initially populating the adjacency table

Step 1 The Layer 3 engine queries the switch for a physical MAC address

Step 2 The switch selects a MAC address from the chassis MAC range and assigns it to the Layer 3 engine

This MAC address is assigned by the Layer 3 engine as a burned-in address for all VLANs and is used by

the switch to initiate Layer 3 packet lookups

Step 3 The switch installs wildcard CEF entries which point to drop adjacencies (for handling CEF table

lookup misses)

Step 4 The Layer 3 engine informs the switch of its interfaces participating in MLS (MAC address and

associated VLAN) The switch creates the (MAC VLAN) Layer 2 CAM entry for the Layer 3 engine

Step 5 The Layer 3 engine informs the switch about features for interfaces participating in MLS

Step 6 The Layer 3 engine informs the switch about all CEF entries related to its interfaces and connected

networks The switch populates the CEF entries and points them to Layer 3 engine redirect adjacencies

63


64

33


These are the steps that would occur when you use CEF to forward frames between

host A and host B on different VLANs

Step 1 Host A sends a packet to host B The switch recognizes the frame as a

Layer 3 packet because the destination MAC (MAC-M) matches the Layer 3

engine MAC

Step 2 The switch performs a CEF lookup based on the destination IP address

(IP-B) The packet hits the CEF entry for the connected (VLAN20) network and is

redirected to the Layer 3 engine using a glean adjacency

Step 3 The Layer 3 engine installs an ARP throttling adjacency in the switch for

the host B IP address

Step 4 The Layer 3 engine sends ARP requests for host B on VLAN20

Step 5 Host B sends an ARP response to the Layer 3 engine

Step 6 The Layer 3 engine installs the resolved adjacency in the switch

(removing the ARP throttling adjacency)

Step 7 The switch forwards the packet to host B

Step 8 The switch receives a subsequent packet for host B (IP-B)

Step 9 The switch performs a Layer 3 lookup and finds a CEF entry for host B

The entry points to the adjacency with rewrite information for host B

Step 10 The switch rewrites packets per the adjacency information and forwards

the packet to host B on VLAN20

65

Populating FIB and Adjacency Table

66

34


67


68

An example of ARP throttling which consists of these steps

Step 1 Host A sends a packet to host B

Step 2 The switch forwards the packet to the Layer 3 engine

based on the ldquogleanrdquo entry in the FIB A glean adjacency entry

indicates that a particular next hop should be directly connected

but there is no MAC header rewrite information available

Step 3 The Layer 3 engine sends an ARP request for host B and

installs the drop adjacency for host B At this point subsequent

frames destined for host B from host A are dropped (ARP

throttling)

Step 4 Host B responds to the ARP request The Layer 3 engine

installs an adjacency for host B and removes the drop

adjacency

35

69

ARP

Throttling

When a router is directly connected to a multiaccess segment(Ethernet) the router maintains an additional prefix for the subnet

This subnet prefix points to a glean adjacency

When a router receives a packets that needs to be forwarded to a specific host the adjacency database is gleaned for a specific prefix

If the prefix does not exist the subnet prefix is consulted

The glean adjacency indicates that any address with this range should be forwarded to the Layer 3 engine ARP processing

70

ARP

Throttling

1 Host A sends a packet to Host B

CEF lookup shows glean adjacency (ARP entry does not exist so no entry in adjacency table)

No rewrite information exists

2 Packet passed to Layer 3 Engine for processing

36

71

ARP

Throttling

3 Obtaining rewrite information

L3 Engine sends an ARP Request for Host B and waits for ARP Reply

Throttling Adjacency While in glean state subsequent packets to that host are dropped so that input queues do not fill and so the Layer 3 engine isnrsquot busy with duplicate ARP Requests (Note Ciscorsquos routers drop the first packet when there is no ARP entry while sending the ARP Request)

ARP

RequestDrop packets until ARP

Reply received

(Throttling Adjacency)

Throttling Adjacency is

removed when no ARP

Reply is received in 2

seconds This allows

for another packet to

initiate a new ARP

Request

Throttling Adjacency

relieves the Layer 3

Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling

4 Host B sends ARP Reply

ARP

Reply

Drop packets until ARP

Reply received


37

73

ARP

Throttling

5 The Layer 3 Engine installs Adjacency for Host B and removes the

throttling (drop) adjacency

Next Packet Rewrite (Coming)


Reply received


1020102

Describing CEF Configuration Commands

74

38

Verifying CEF

75

Does the Ideal switching (CEF DCEF) used

CEF table is perfected or accuracy

Common CEF Problems

76

39

Verify Layer 3 Switching

Switchshow interface type modport | port-channel number | begin L3

Switchshow interface fastethernet 33 | begin L3L3 in Switched ucast 0 pkt 0 bytes - mcast 12 pkt 778 bytes mcastL3 out Switched ucast 0 pkt 0 bytes - mcast 0 pkt 0 bytes

4046399 packets input 349370039 bytes 0 no bufferReceived 3795255 broadcasts 2 runts 0 giants 0 throttles

Switch

77

Displaying Hardware Layer 3 Switching

Statistics

Switchshow interfaces type modport | port-channel number include switched

Switchshow interfaces gigabitethernet 95 | include switchedL2 Switched ucast 8199 pkt 1362060 bytes - mcast 6980 pkt 371952 bytesL3 in Switched ucast 3045 pkt 742761 bytes - mcast 0 pkt 0 bytes mcastL3 out Switched ucast 2975 pkt 693411 bytes - mcast 0 pkt 0 bytes

78

40

Adjacency Information

Switchshow adjacency [type modport | port-channel number | detail | internal | summary]

Switchshow adjacency gigabitethernet 95 detailProtocol Interface AddressIP GigabitEthernet95 1722053206(11)

504 packets 6110 bytes00605C865B82000164F83FA50800ARP 034931

79

Debugging CEF Operations

Switchdebug ip cef drops | access-list | receive | events | prefix-ipc | table

bull Displays debug information for CEF

Switchdebug ip cef ipc | interface-ipc

bull Displays debug information related to IPC in CEF

Switchping ip

bull Performs an extended ping

80

41

Things to check(1) Check Layer 3 operations

(2) Verify the FIB and adjacency table

Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10

Step 2 Verify the running configuration

Step 3 Verify the routing

Switchshow ip route | include 1921681500

Step 4 Verify an ARP entry on the route processor

At Switch check ARP atable for 1921681993

Step5 Verify the CEF FIB table entry for the route

Switch show ip cef 1921681500

Step 6 Verify an adjacency table entry for the destination

Switchshow adjacency detail | begin 1921681993

Step 7 Verify CEF from the supervisor engine for

modular switch platforms

Troubleshooting Layer 3 CEF-Based MLS

81


routing (flash v50)





42


routing

Multilayer Switched Networks

CCNP 3 version 5

Rick Graziani

84

Internetwork Communications

Can two hosts on different subnets communicate without a router

What would happen if a host tried to ping another host

No they cannot communicate

Would it send an ARP Request Why or why not

The host would not send an ARP Request because there is no default-gateway

Cgtping 1721630100

43

85

Trunking with Default Gateway

What difference would it make if these hosts were on different VLANs

The Broadcasts would not be forwarded out all ports by the switch

Why does the host send the ARP Request to the router and not the

destination host After all theyrsquore on the same switch

The host doesnrsquot know where the destination host is just that itrsquos

not on itsrsquo network

Cgtping 1721630100

86


Then Destination MAC Address is that of the same device as the Destination IP Address

Check ARP cache for entry of Destination IP Address and its MAC Address

If no entry ARP Request Destination IP Address asking for MAC Address

bull Then Destination MAC Address will be that of the Default Gateway

bull Check ARP cache for entry of Default Gatewayrsquos IP Address and its MAC Address

ndash If no entry ARP Request Default Gatewayrsquos IP Address asking for MAC Address

44

87

Inter-VLAN Routing

VLAN is a logical group of ports usually belonging to a single IP



connected these devices cannot communicate without the services of

a default gateway a router


88

Inter-VLAN Routing



VLAN routing

Any external router or



each VLAN

Any external router with

an interface that

supports trunking

(router on a stick)

Any Layer 3 multilayer

Catalyst switch

Or trunk port

45

89

External Router separate interface in each VLAN

Download PT-Topology-MLS-1

Configure the router to route between VLANs

Is a routing protocol necessary Why or why not

No because all of our networks are directly connected

90

Router-on-a-Stick

bull Download PT-Topology-MLS-2pkt

bull Single trunk link carries traffic for multiple VLANs to and from router

172161010024 172162010024

46

91

Configure Router On A Stick 8021Q Trunk Link

interface GigabitEthernet11switchport mode trunk

interface GigabitEthernet50no shutdown Does not show in configinterface GigabitEthernet501description VLAN 1encapsulation dot1Q 1 nativeip address 1721611 2552552550interface GigabitEthernet5010description VLAN 10encapsulation dot1Q 10ip address 17216101 2552552550interface GigabitEthernet5020description VLAN 20encapsulation dot1Q 20ip address 17216201 2552552550interface GigabitEthernet5030description VLAN 30encapsulation dot1Q 30ip address 17216301 2552552550interface GigabitEthernet5040description VLAN 40encapsulation dot1Q 40ip address 17216401 2552552550

1721610100

24

1721620100

24

bull Router on a stick is very

simple to implement

because routers are usually

available in every network

92

Multilayer Switches

Layer 2 Interfaces



Which are the access

ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93


Cisco IOS Switchport command

The switchport command configures an interface as a Layer 2 interface

Note The no switchport command configures an interface as a Layer 3 interface

SwitchA(config)interface fa 01

SwitchA(config-if-range)switchport mode access

SwitchA(config-if-range)switchport access vlan 10

SwitchA(config)interface gigabitethernet 12

SwitchA(config-if-range)switchport trunk encapsulation dot1q

SwitchA(config-if-range)switchport mode trunk

Layer 2 Interfaces

94

Layer 3 Interfaces



Switch virtual interface (SVI)mdash A virtual VLAN interface for inter-VLAN routing In other words SVIs are the virtual routed VLAN interfaces

Bridge virtual interface (BVI)mdash A Layer 3 virtual bridging interface (Not discussed)

48

95


Download PT-Topology-MLS-3pkt

A routed port is a physical port that acts similarly to a port on a traditional router with Layer 3 addresses configured

Not associated with a particular VLAN

Like a regular router interface except that it does not support subinterfaces

96

Core1(config) interface GigabitEthernet01

Core1(config-if) no switchport

Core1(config-if) ip address 19216815 255255255252




MLS Layer 3 Interface

Routed Port

1921681430

1921681030 1921681830

bull Configure the other

Core and

Distribution switches

49

97








Routed Port

1921681430

1921681030 1921681830

98

DLS1(config) interface GigabitEthernet02

DLS1(config-if) no switchport

DLS1(config-if) ip address 19216812 255255255252


Routed Port

1921681430

1921681030 1921681830




50

99


Switch virtual interfaces (SVI)

Layer 3 interfaces that are configured on multilayer Layer 3 switches

Used for inter-VLAN routing

A virtual VLAN interface

Associated with the VLAN-ID

Enable routing capability on that VLAN


SVI

100


SVI

To configure communication

between VLANs you must

configure each SVI with an IP

address and subnet mask in

the chosen address range for

that subnet

The IP address associated with

the VLAN interface is the default


DLS1(config) interface vlan 1DLS1(config-if) ip address 1721611 2552552550DLS1(config-if) no shutdownDLS1(config) interface vlan 10DLS1(config-if) ip address 17216101 2552552550DLS1(config-if) no shutdownDLS1(config) interface vlan 20DLS1(config-if) ip address 17216201 2552552550DLS1(config-if) no shutdown

51

101


SVI

bull The switch routes frames between VLANs directly on the switch via

hardware switching without requiring an external router

ndash An SVI is mostly implemented to interconnect the VLANs on the

Building Distribution submodules or the Building Access submodules in the

multilayer switched network


102

MLS Layer 3 Interface BVI

httpwwwciscocomenUStechtk389tk689technologies_tech_note09186a0080094663shtml

BVIPDF

A bridge virtual interface (BVI) is a Layer 3 virtual interface that acts like a normal SVI to route packets across bridged or routed domains Bridging Layer 2 packets across Layer 3 interfaces is a legacy method of moving frames in a network To configure a BVI to route use the integrated routing and bridging (IRB) feature which makes it possible to route a given protocol between routed interfaces and bridge groups within the same device Specifically routable traffic is routed to other routed interfaces and bridge groups while local or unroutable traffic is bridged among the bridged interfaces in the same bridge group As a result bridging creates a single instance of spanning tree in multiple VLANs or routed subnets This type of configuration complicates spanning tree and the behavior of other protocols which in turn makes troubleshooting difficult

In todays network however bridging across routed domains is highly discouraged

52

103

IP Broadcast

Forwarding

DHCP use IP subnet broadcasts to the 255255255255 address

Routers do not route these packets by default

Routers and Layer 3 switches can be configured to forward these DHCP and other UDP broadcast packets to a

unicast

directed broadcast address

104

DHCP Relay Agent

Layer 3 devices do not pass broadcasts

What issue does this cause for DHCP Servers

Each subnet requires a DHCP server

To enable the DHCP relay agent feature configure the ip helper-addresscommand with the DHCP server IP address(es) on the client VLAN interfaces

MLS(config)interface vlan 1

MLS(configif)description DHCP Server VLAN

MLS(config-if)ip address 10111 2552552550

MLS(config-if)no ip directed-broadcast


MLS(config-ig)description DHCP clients


MLS(config-if)no shutdown


MLS(config-if)ip helper-address 1011254

53

105

DHCP Relay Agent

The ip helper-address command not only forwards DHCP UDP packets but also

forwards TFTP DNS Time NetBIOS name server and BOOTP packets by

default

By default the ip helper-address command forwards the eight UDPs services

106

DHCP Relay Agent

ip helper-address - make sure the ip directed-broadcast is notconfigured on any outbound interfaces that the UDP broadcast packets need to traverse

The no ip directed-broadcast command configures the router or switch to prevent the translation of a directed broadcast to a physical broadcast (MAC FF)

This is a default behavior since Cisco IOS Release 120 implemented as a security measure











See Improving Security on

Routers

httpwwwciscocomwarppublic

70721html

54

107

UDP Broadcast Forwarding

To specify additional UDP broadcasts for forwarding by the router

when configuring the ip helper-address interface command use the

following global command

ip forward protocol udp udp_ports

Use the no option to remove default or configured applications

Router(config)interface vlan 1

Router(config-if)ip address 1010011 2552552550

Router(config-if)ip helper-address 102001254

Router(config)ip forward-protocol udp mobile-ip

Router(config)no ip forward-protocol udp netbios-ns

Traditional and CEF Based


55

109


Multilayer switching - ability of a Catalyst switch to support switching and routing of packets in hardware

Optional support for Layers 4 through 7 switching in hardware as well

Hardware switching A route processor (Layer 3 engine) must download software-based routing switching access lists QoS and other information to the hardware for packet processing


110




A legacy feature


All leading-edge Catalyst switches support CEF-based

multilayer switching


56

111

Traditional MLS

Specialized application-specific integrated circuits (ASICs) perform

Layer 2 rewrite operations of routed packets

Source MAC address

Destination MAC address

Cyclic redundancy check (CRC)

Because the source and destination MAC addresses change

during Layer 3 rewrites the switch must recalculate the CRC

for these new MAC addresses

112

Traditional MLS

Switch learns Layer 2 rewrite information from an MLS router via

an MLS protocol

netflow-based switching



Each entry can be populated in one of three ways

Source IP address only

Source and destination IP addresses

Full Flow Information with Layer 4 protocol information

57

113

Traditional MLS

The switch forwards the first packet in any flow to the Layer 3 engine for processing using software switching


dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114

When workstation A sends a packet to workstation B workstation A sends the packet to its default gateway

The default gateway is the RSM

The switch (MLS-SE) recognizes this packet as an MLS candidate packet because the destination MAC address matches the MAC address of the MLS router (MLS-RP)

As a result the switch creates a candidate entry for this flow

MLS-SE

MLS-RPMLS-RPThe Destination MAC




flow so I will flag this as a

candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115

Next the router accepts the packets from workstation A rewrites the

Layer 2 MAC addresses and CRC and forwards the packet to

workstation B

The switch refers to the routed packet from the RSM as the enabler

packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116

MLS-SE recognizes various matches including CAM details not included

Basically the MLS-SE recognizes that the packet going out of VLAN 2 was the same one that came in on VLAN 1

The switch upon seeing both the candidate and enabler packets creates an MLS entry in hardware (MLS Cache) such that the switch rewrites and forwards all future packets matching this flow

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117

As future packets from the ldquoflowrdquo arrive the MLS-SE uses the destination IP address to look up the entry in the MLS cache

Finding a match rewrite engine modifies the necessary header information and forwards the frame (the packet is not forwarded to the router)

The rewrite operation modifies all the same fields initially modified by the router for the first packet including the source MAC and destination MAC addresses

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF





Result is switches can quickly look up routing information such as IP adjacencies and next-hop IP and MAC addresses

120

CEF

The two main components of CEF are FIB Adjacency Table

bull Forwarding information base

Make IP destination switching decisions

Similar to a routing table

Mirror image of the forwarding information contained in the IP routing table


Maintains next-hop address information based on the information in the IP routing table

Both the Layer 3 engine and the hardware-switching components maintain a FIB

Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables

The FIB keeps the Layer 3 next-hop address for each entry





Next hop

62

123

CEF


Built from the ARP table


If an ARP entry does not exist the FIB entry is marked as ldquoCEF gleanrdquo




No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables

What happens to subsequent packets while FIB entry is in glean state (L3 engine is sending ARP Request)

These packets are dropped

So input queues do not fill

So Layer 3 engine does not become too busy worrying about the need for duplicate ARP requests

This is called ARP throttling or throttling adjacency


After ARP reply is received

Throttling is released

FIB entry can be completed

Subsequent packets can be forwarded in hardware

63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows

for another packet to to

initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite

The switch receives another packet

After a multilayer switch finds valid entries in the FIB and adjacency tables a packet is almost ready to be forwarded

One step remainsmdashthe packet header information must be rewritten

Multilayer switching occurs as quick table lookups

Find the next-hop address

Outbound switch port

The IP header must also be adjusted as if a traditional router had done the forwarding (TTL)

Default

Gateway

Host ATTL

L3 ChecksumL2 Checksum

1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite

The packet rewrite engine makes the following changes to the packet just prior to forwarding

Layer 2 destination addressmdash Changed to the next-hop devices MAC address

Layer 2 source addressmdash Changed to the outbound Layer 3 switch interfaces MAC address

Layer 3 IP Time To Live (TTL)mdash Decremented by one as one router hop has just occurred

Layer 2 frame checksummdash Recalculated to include changes to the Layer 2 and Layer 3 headers

Layer 3 IP checksummdash Recalculated to include changes to the IP header

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1

L2 Checksum L3 Checksum

Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite

A traditional router would normally make the same changes to each

packet

The multilayer switch must act as if a traditional router were being used

making identical changes

The multilayer switch

Can do this very efficiently with dedicated packet rewrite

hardware and with address information obtained from table

lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite

The switch performs a Layer 3

lookup and finds a CEF entry for

Host B

The switch rewrites packets per

the adjacency information and

forwards the packet to Host B on

its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF

Catalyst switches do not support routing of all types of frames in hardware

For example the following list details common frame types that are not supported by hardware switching

Packets with IP header options

Packets sourced from or destined to tunnel interfaces

Packets using Ethernet encapsulation types other than ARPA

Packets that require fragmentation (exceed MTU of the interface)

Two types of CEF

Central CEF ndash Forwarding decisions done by ASIC that is central to all interfaces

Distributed CEF (dCEF) ndash Forwarding decisions done on independently on interfaces or line modules (faster)

68

135

Switching Table Architectures

Multilayer switches build the following tables for centralized or distributed switching in hardware using high-speed memory tables

Routing (CEF FIB and adjacency)

Bridging

QoS

Access Control ist (ACL) tables

136


Multilayer switches deploy memory tables using specialized memory architectures


Provides only two results 0 (true) or 1 (false)

For exact matches such as MAC address tables


Provides three results 0 (donrsquot care) 1 (true) 2 (false) Ternary Logic Ternary number system (Base 3) - trits

For longest matches such as IP routing tables organized by IP prefixes

CAM TCAM

69

137

CAM

For Layer 2 switching tables

With CAM tables switches must find exact matches or the switches

use a default behavior

Switch must find an exact match to a destination MAC address or

the switch floods the packet out all ports in the VLAN

138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM

TCAM is a specialized CAM designed for

rapid table lookups

For example the Catalyst 2950 3550

4500 and 6500 families of switches use

TCAM to handle ACL lookups at line

rate

Thus applying ACLs does not affect the

performance of the switch

Single lookup provides the following

information

Layer 2

Layer 3

ACL

140

TCAM

VMR (value mask and result) refers to the format of entries in TCAM

The ldquovaluerdquo in VMR refers to the pattern that is to be matched

Examples include IP addresses and protocol ports

The ldquomaskrdquo refers to the mask bitsassociated with the pattern and determines the prefix

The ldquoresultrdquo refers to the result or action that occurs in the case where a lookup returns a hit for the pattern and mask

This result might be a ldquopermitrdquo or ldquodenyrdquo in the case of a TCAM for ACLs

Another example of a result is a pointer to an entry in the hardware adjacency table that contains the next-hop MAC rewrite information in the case of a TCAM used for IP routing

If TCAM becomes full the wildcard entry will force the packet to route via the routing table

71

141

CEF-Based MLS Lookups

1 Layer 3 packets initiate TCAM lookup

2 The longest match returns adjacency with rewrite information

3 The packet is rewritten per adjacency information and forwarded

142

Inter-VLAN Routing Summary

A router on a stick can be used to route between VLANs using either

ISL or 8021Q as the trunking protocol

A router on a stick requires subinterfaces one for

each VLAN

Verify inter-VLAN routing by generating IP packets between two

subnets

Multilayer switches can forward traffic both at Layer 2 and at Layer

3

Multilayer switches rewrite the Layer 2 and Layer 3 header using

72

143

Configuring Inter-VLAN Routing

Through an SVI

Switch(config)ip routing

Step 1 Configure IP routing

Switch(config)router ip_routing_protocol ltoptionsgt

Step 4 Configure the IP routing protocol if needed

Switch(config)interface vlan vlan-id

Step 2 Create an SVI interface

Switch(config-if)ip address ip-address mask

Step 3 Assign an IP address to the SVI

144

Configuring a Routed Port





Switch(config-if)no switchport

Step 2 Create a routed port


Step 3 Assign an IP address to the routed port

73

145

Enabling CEF

Switch(config-if)ip cef

Switch(config-if)ip route-cache cef

The commands required to enable CEF are platform dependent

ndash On the Cisco Catalyst 4000 switch


146

Verifying CEF

Switchshow ip cef [type modport | vlan_interface] [detail]

Switch show ip cef vlan 11 detail

IP CEF with switching (Table Version 11) flags=0x010 routes 0 reresolve 0 unresolved (0 old 0 new) peak 013 leaves 12 nodes 14248 bytes 14 inserts 1 invalidations0 load sharing elements 0 bytes 0 referencesuniversal per-destination load sharing algorithm id 4B936A242(0) CEF resets 0 revisions of existing leavesResolution Timer Exponential (currently 1s peak 1s)0 in-place0 aborted modificationsrefcounts 1061 leaf 1052 node

Table epoch 0 (13 entries at this epoch)

1721611024 version 6 epoch 0 attached connected0 packets 0 bytesvia Vlan11 0 dependencies

valid glean adjacency

74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary

Layer 3 switching is high-performance packet switching in

hardware

MLS functionality can be implemented through CEF

CEF uses tables in hardware to forward packets

Specific commands are used to enable and verify

CEF operations

Commands to enable CEF are platform dependent

CEF problems can be matched to specific solutions

Specific commands are used to troubleshoot and solve CEF

problems

Ordered steps assist in troubleshooting CEF-based problems


CCNP 3 version 5

Rick Graziani


routing

2


routing (flash v50)





4

Inter-VLAN Routing

A VLAN is a logical group of ports usually belonging to a single IP



connected as shown in the previous slides these devices cannot

communicate without the services of a default gateway a router

Because VLANs isolate traffic to a defined broadcast domain and

subnet network devices in different VLANs cannot communicate

with each other without the use of a router


3

5

Inter-VLAN Routing



VLAN routing

1 Any Layer 3

multilayer Catalyst

switch



supports trunking





each VLAN

Or trunk port






by the router

6

4








become congested



7

8

Router On a Stick









5

9


Layer 2 Interfaces





VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging



10

6


8021Q Trunk Link


11



12

7


13


into one device









ASIC wire speed


store in CAM TCAM


14

8


15


16

9

Frame Rewrite

17


router MAC address


MAC address


is recalculated






MAC address tables





CAM TCAM

18

10

CAM Application

Key

VLAN ID

Key

19


called a key









and ACL information















system reboot

First-Match region



TCAM

20

11


routing (flash v50)





22

Layer 3 Interfaces





12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

3

5

Inter-VLAN Routing



VLAN routing

1 Any Layer 3

multilayer Catalyst

switch



supports trunking





each VLAN

Or trunk port






by the router

6

4








become congested



7

8

Router On a Stick









5

9


Layer 2 Interfaces





VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging



10

6


8021Q Trunk Link


11



12

7


13


into one device









ASIC wire speed


store in CAM TCAM


14

8


15


16

9

Frame Rewrite

17


router MAC address


MAC address


is recalculated






MAC address tables





CAM TCAM

18

10

CAM Application

Key

VLAN ID

Key

19


called a key









and ACL information















system reboot

First-Match region



TCAM

20

11


routing (flash v50)





22

Layer 3 Interfaces





12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

4








become congested



7

8

Router On a Stick









5

9


Layer 2 Interfaces





VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging



10

6


8021Q Trunk Link


11



12

7


13


into one device









ASIC wire speed


store in CAM TCAM


14

8


15


16

9

Frame Rewrite

17


router MAC address


MAC address


is recalculated






MAC address tables





CAM TCAM

18

10

CAM Application

Key

VLAN ID

Key

19


called a key









and ACL information















system reboot

First-Match region



TCAM

20

11


routing (flash v50)





22

Layer 3 Interfaces





12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

5

9


Layer 2 Interfaces





VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging



10

6


8021Q Trunk Link


11



12

7


13


into one device









ASIC wire speed


store in CAM TCAM


14

8


15


16

9

Frame Rewrite

17


router MAC address


MAC address


is recalculated






MAC address tables





CAM TCAM

18

10

CAM Application

Key

VLAN ID

Key

19


called a key









and ACL information















system reboot

First-Match region



TCAM

20

11


routing (flash v50)





22

Layer 3 Interfaces





12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

6


8021Q Trunk Link


11



12

7


13


into one device









ASIC wire speed


store in CAM TCAM


14

8


15


16

9

Frame Rewrite

17


router MAC address


MAC address


is recalculated






MAC address tables





CAM TCAM

18

10

CAM Application

Key

VLAN ID

Key

19


called a key









and ACL information















system reboot

First-Match region



TCAM

20

11


routing (flash v50)





22

Layer 3 Interfaces





12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

7


13


into one device









ASIC wire speed


store in CAM TCAM


14

8


15


16

9

Frame Rewrite

17


router MAC address


MAC address


is recalculated






MAC address tables





CAM TCAM

18

10

CAM Application

Key

VLAN ID

Key

19


called a key









and ACL information















system reboot

First-Match region



TCAM

20

11


routing (flash v50)





22

Layer 3 Interfaces





12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

8


15


16

9

Frame Rewrite

17


router MAC address


MAC address


is recalculated






MAC address tables





CAM TCAM

18

10

CAM Application

Key

VLAN ID

Key

19


called a key









and ACL information















system reboot

First-Match region



TCAM

20

11


routing (flash v50)





22

Layer 3 Interfaces





12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

9

Frame Rewrite

17


router MAC address


MAC address


is recalculated






MAC address tables





CAM TCAM

18

10

CAM Application

Key

VLAN ID

Key

19


called a key









and ACL information















system reboot

First-Match region



TCAM

20

11


routing (flash v50)





22

Layer 3 Interfaces





12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

10

CAM Application

Key

VLAN ID

Key

19


called a key









and ACL information















system reboot

First-Match region



TCAM

20

11


routing (flash v50)





22

Layer 3 Interfaces





12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

11


routing (flash v50)





22

Layer 3 Interfaces





12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

12

23




















24

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

13






configured


25


Switch

26

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

14

27






28








15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

15

Layer 3 SVI




between VLANs

To provide fallback







29


30

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

16


routing (flash v50)





32

MLS and CEF




up this process are



17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

17

33







Other terms used




flow)

34

Introduction to MLS




many




18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

18

35

Introduction to CEF





36









19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

19

37








MLS)

38






20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

20

39

Traditional MLS





routed packets











addresses

40

Traditional MLS








21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

21

41

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

MLS-SE






a candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-

00-11-11-11

S-IP =

101110

D-IP =

101220

Traditional MLS

42

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

22

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data


00-22-22-22

S-MAC= 00-00-

0C-22-22-22

S-IP =

101110

D-IP =

101220

Traditional MLS

43

MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-

22-22

00-00-

0C-22-

22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

Traditional MLS

44

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

23

45

CEF-based MLS

46

CEF






24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

24

47

CEF








Routing Table

48

CEF

Adjacency tables



EIGRP)



information



25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

25

49

CEF

Adjacency tables






50

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

26

51

CEF

Adjacency tables






52

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

27






Packet switching

Route processing



























54

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

28


55





ASIC






platform








29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

29



bull Central CEF





57



















58

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

30














cards

59


60

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

31


61





tables in software


hardware














62


32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

32





next hop




adjacency












lookup misses)






63


64

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

33






engine MAC
















65


66

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

34


67


68










throttling)



adjacency

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

35

69

ARP

Throttling






70

ARP

Throttling





36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

36

71

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

72

ARP

Throttling


ARP

Reply


Reply received


37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

37

73

ARP

Throttling





Reply received


1020102


74

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

38

Verifying CEF

75



Common CEF Problems

76

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

39





Switch

77


Statistics



78

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

40





79






Switchping ip


80

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

41



Step 1 Verify CEF

show ip cef summary

show ip cef vlan 10













81


routing (flash v50)





42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

42


routing


CCNP 3 version 5

Rick Graziani

84







Cgtping 1721630100

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

43

85








Cgtping 1721630100

86








44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

44

87

Inter-VLAN Routing







88

Inter-VLAN Routing



VLAN routing




each VLAN


an interface that

supports trunking

(router on a stick)


Catalyst switch

Or trunk port

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

45

89






90

Router-on-a-Stick



172161010024 172162010024

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

46

91




1721610100

24

1721620100

24


simple to implement



92

Multilayer Switches

Layer 2 Interfaces




ports



VLANs using Inter-

Switch Link (ISL)

encapsulation or

8021Q tagging

Which are the trunk

ports

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

47

93











Layer 2 Interfaces

94

Layer 3 Interfaces





48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

48

95






96








Routed Port

1921681430

1921681030 1921681830


Core and


49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

49

97








Routed Port

1921681430

1921681030 1921681830

98





Routed Port

1921681430

1921681030 1921681830




50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

50

99









SVI

100


SVI






that subnet





51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

51

101


SVI







102



BVIPDF



52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

52

103

IP Broadcast

Forwarding




unicast


104

DHCP Relay Agent















53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

53

105

DHCP Relay Agent



default


106

DHCP Relay Agent















Routers


70721html

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

54

107














55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

55

109






110




A legacy feature





56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

56

111

Traditional MLS



Source MAC address






112

Traditional MLS


an MLS protocol








57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

57

113

Traditional MLS



dot1q Tag

(inside Eth Hdr)


Data

VLAN

1

D-MAC= 00-00-

0C-11-11-11

S-MAC= 00-AA-00-11-

11-11S-IP = 101110

D-IP = 101220

S-MAC= 00-

AA-00-11-11-11

114





MLS-SE






candidate packet


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

dot1q Tag

(inside Eth Hdr)


Data

VLAN 1

D-MAC= 00-00-0C-11-11-11

S-MAC= 00-AA-00-11-11-11

S-IP = 101110

D-IP = 101220

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

58

115



workstation B


packet

MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2 D-MAC= 00-AA-00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220

116




MLS-SE

MLS-RP

dot1q Tag

(inside Eth Hdr)


Data

VLAN 2

D-MAC= 00-AA-

00-22-22-22

S-MAC= 00-00-0C-22-22-22

S-IP = 101110

D-IP = 101220


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

59

117




MLS-SE


Layer 3 Info

S-IP 101110

D-IP 101220

Layer 2 Info

S-MAC 00-AA-00-11-11-11

D-MAC 00-00-0C-11-11-11


Port

Src

Port

Dst

MAC

Src

MAC

VLAN Interface

101220 101110 TCP 23 1238 00-AA-

00-22-22-22

00-00-

0C-22-22-22

2 31

Future Packets

MLS

Cache

Found match in MLS




router

118

CEF-based MLS

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

60

119

CEF






120

CEF









Routing Table

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

61

121

CEF

Adjacency tables



EIGRP)



information



122

CEF

Adjacency tables






Next hop

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

62

123

CEF








No ARP entry

L3 forwarding

engine canrsquot

forward packet

in hardware

must send to L3


Request and get an

ARP Reply

124

CEF

Adjacency tables











63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

63

125

ARP

Throttling





126

ARP

Throttling




ARP


Reply received



removed when no ARP


seconds This allows


initiate a new ARP

Request



Engine of excessive

ARP processing or

ARP-based DoS

attacks

XX

X

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

64

127

ARP

Throttling


ARP

Reply


Reply received


XX

X

128

ARP

Throttling





Reply received


1020102

Host Brsquos

MAC

Address

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

65

129

Packet Rewrite

Egress

Packet

130

Packet Rewrite








Default

Gateway

Host ATTL


1020102Host Brsquos

MAC

Address

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

66

131

Packet Rewrite







Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

132

Packet Rewrite


packet






lookups

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

67

133

Packet Rewrite



Host B




its VLAN

Default

Gateway

TTL


Host B

MAC Add

TTL

- 1


Host AL3 switch

outbound

interface

1020102Host Brsquos

MAC

Address

134

CEF







Two types of CEF



68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

68

135




Bridging

QoS


136









CAM TCAM

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

69

137

CAM






138

CAM


called a key


VLAN ID

Key

VLAN ID

Key

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

70

139

TCAM


rapid table lookups




rate




information

Layer 2

Layer 3

ACL

140

TCAM









71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

71

141





142





each VLAN


subnets


3


72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

72

143


Through an SVI









144










73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

73

145

Enabling CEF






146

Verifying CEF







74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

74

147





Switch

148


Statistics



75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

75

149





150






Switchping ip


76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

76

151

CEF Summary


hardware




CEF operations




problems



CCNP 3 version 5

Rick Graziani


routing

ccnp3 v5.0 bcmsn mod04 implementing intervlan routing.pptx

Documents

content addressable

duplicate

based dos

switchport

dhcp relay

control plane

data plane

switchport