Yes I did the term mon when I used the telnet. Here in my lab I am using the console port.

Are you logging to console ?

Yes. Here in the lab when the debug ip packet is enable, i can see packet like broadcast or packet that has ip destination of the switch ip interface with no problem, it is only packet passing through that interface that I do not see??? Here is some stuff I got from my switch.

>>>>>Broadcast receive on the port<<<<<<<

21:32:44: datagramsize=342, IP 30: s=0.0.0.0 (GigabitEthernet1/0/2), d=255.255.255.255, totlen 328, fragment 0, fo 0, rcvd 2

>>>>>>Some debug ip packet from a telnet to the switch<<<<<

3750_lab# 21:32:47: datagramsize=342, IP 31: s=0.0.0.0 (GigabitEthernet1/0/2), d=255.255.255.255, totlen 328, fragment 0, fo 0, rcvd 2

3750_lab#21:32:49: datagramsize=62, IP 4597: s=172.29.254.254 (GigabitEthernet1/0/12), d=172.17.42.25, totlen 48, fragment 0, fo 0, rcvd 4

21:32:49: datagramsize=60, IP 0: s=172.17.42.25 (local), d=172.29.254.254, totlen 44, fragment 0, fo 0, cef process switched

21:32:49: datagramsize=60, IP 0: s=172.17.42.25 (local), d=172.29.254.254 (GigabitEthernet1/0/12), totlen 44, fragment 0, fo 0, sending

21:32:49: datagramsize=60, IP 0: s=172.17.42.25 (local), d=172.29.254.254 (GigabitEthernet1/0/12), totlen 44, fragme

3750_lab#

3750_lab#sh run

Building configuration...

Current configuration : 2939 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 3750_lab

!

!

ip subnet-zero

ip routing

!

ip cef accounting per-prefix non-recursive prefix-length

vtp mode transparent

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

vlan 2-3

!

vlan 16

name Gestion

!

vlan 25

!

vlan 31

name Wireless

!

vlan 42

!

interface Port-channel1

no ip address

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 42

switchport mode trunk

no ip address

no mdix auto

!

interface GigabitEthernet1/0/2

no switchport

ip address 172.17.42.25 255.255.255.0

no ip route-cache

mdix auto

!

interface GigabitEthernet1/0/3

no ip address

no mdix auto

3750_lab#sh ip int g1/0/2

GigabitEthernet1/0/2 is up, line protocol is up

Internet address is 172.17.42.25/24

Broadcast address is 255.255.255.255

Address determined by non-volatile memory

MTU is 1500 bytes

Helper address is not set

Directed broadcast forwarding is disabled

Outgoing access list is not set

Inbound access list is not set

Proxy ARP is enabled

Local Proxy ARP is disabled

Security level is default

Split horizon is enabled

ICMP redirects are always sent

ICMP unreachables are always sent

ICMP mask replies are never sent

IP fast switching is disabled

IP fast switching on the same interface is disabled

IP Flow switching is disabled

IP Fast switching turbo vector

IP multicast fast switching is disabled

IP multicast distributed fast switching is disabled

IP route-cache flags are No CEF, No Distributed

Router Discovery is disabled

IP output packet accounting is disabled

IP access violation accounting is disabled

TCP/IP header compression is disabled

RTP/IP header compression is disabled

Probe proxy name replies are disabled

Policy routing is disabled

Network address translation is disabled

WCCP Redirect outbound is disabled

WCCP Redirect inbound is disabled

WCCP Redirect exclude is disabled

BGP Policy Mapping is disabled

3750_lab#

Thanks

Just as an experiment, have you tried switching off CEF globally? I always get a bit confused whether CEF is affected by the settings on the ingress interface or on the egress interface. I know, for example, that the load-sharing algorithm depends on the settings on the egress interfaces.

If you can, try it in the lab and let us know.

Kevin Dorrell

Luxembourg

Hi,

"Disabling CEF or dCEF on an interface disables CEF switching for packets forwarded to the interface, but has no affect on packets forwarded out of the interface." (See http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_r/xrfscmd2.htm#wp1065558)

So you should see only packets coming TO the int g1/0/2, I think.

I'd also try

debug ip packet detail

(http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122sup/122debug/dbfipdrp.htm#1065633)

to see if the packets are not CEFed still.

BTW, one of my friends told me following idea:

The basic difference between a router and an L3 switch is the fact there is not possible to force process switching of all packets on an L3 switch.

(no ip route-cache command is not available in 3550 global config, e.g.).

So it might be a good idea to configure no ip route-cache on all routed interfaces...

Regards,

Milan

Hi,

I did the test with both switch 3550/3750 and it is not possible to remove CEF in the entire switch (I receive the following message) .

3750_lab(config)#no ip cef ?

accounting Enable CEF accounting

distributed Distributed Cisco Express Forwarding

linecard CEF linecard commands

load-sharing Load sharing

table Set CEF forwarding table characteristics

traffic-statistics Enable collection of traffic statistics

3750_lab(config)#no ip cef

% Incomplete command.

3750_lab(config)#no ip cef distributed

%Cannot disable CEF on this platform

3750_lab(config)#

Even if I did configure 2 port as router port and try to use those port as process switch it is not working.

So I think this is a limitation with the L3 switch.

Thanks for your help.

Marc

I'm thinking since this is a hardware assist platform there isn't a way to process switch the packets - hence no way to debug IP packet.

could be wrong though, but that's what it sounds like since you ARE getting process switched packets (broadcasts, packets to the router interfaces/processor)