Re: 9400 configuration

carlos052001 · ‎10-20-2025

When configuring the 9400 switch as a core, I notice packet loss in ICMP redirect, broadcast, SW forwarding, and transit traffic due to CPU processes. I investigated whether this model has two types of workloads: software and hardware. I think it can handle hardware-based workloads and resolve the loss, since when I run tests, I experience slowness in my network or network malfunctions.
Is this correct, or are there other points to consider when configuring this device?

Torbjørn · ‎10-20-2025

Hello @carlos052001, Welcome to the community!

You will have to provide some more context for us to be able to give you a good answer on this. What does the topology look like? Which switching & routing protocols are in use? Can you see any interesting logs that might correlate to the issues you are observing?

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

pieterh · ‎10-21-2025

be aware this model is designed for the access/distribution layer
https://www.cisco.com/c/nl_nl/support/switches/catalyst-9400-series-switches/series.html

Cisco Catalyst 9400 Series Switches

Modular switches for enterprise-class midsize and large campus access networks

Explore Catalyst 9400 Series

I cannot say it will not operate as coreswitch, but you may need extra attention on it's configuration

Joseph W. Doherty · ‎10-21-2025

@pieterh wrote:

I cannot say it will not operate as coreswitch, but you may need extra attention on it's configuration

@pieterh I'm just curious, what particular configuration options might you pay additional attention to?

One reason I ask, traditionally in the classic 3 layer architecture, the core devices, compared to distro and access layer devices, were often "stupid", as their primary purpose was to move frames/packets though them as quickly as possible.

Or to put in another way, nothing comes to my mind why a 9400 couldn't be possible candidate for a core switch, assuming it has the physical capabilities I believe that are needed. So, what specific concerns do have have using a 9400, for a core switch, beyond Cisco not "positioning" it as a "core" switch?

pieterh · ‎10-22-2025

@Joseph W. Doherty
Hi Joseph,
I remembered the existance of SDM templates that configures the resources on the switch for a specific role.

I didn't check this before,
the differences in table-2 between core and access template default values are less then I thought they would be.
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9400/software/release/17-15/configuration_guide/sys_mgmt/b_1715_sys_mgmt_9400_cg/configuring_sdm_templates.html

Joseph W. Doherty · ‎10-22-2025

Ah, didn't realize a 9400 supported SDM templates. Agreed, that could be an important configuration option. I recall (???) some switches had a "default" SDM template that was suitable for most cases, but also provided SDM templates to skew resources for more demanding cases.

Interestingly, on the 9400, SDM options appear to be tied to the sup variant.

Thank you, an excellent configuration consideration.

Joseph W. Doherty · ‎10-21-2025

As a generalization, switch CPUs are often "underpowered" because all the heavy lifting (i.e. forwarding frames/packets) is usually supported by dedicated hardware.

Normally, the problems you note causing packet loss, shouldn't be issues on most switches because most switches shouldn't be dealing with them. I.e. you should try to identify why you have such a volume of such traffic kinds and mitigate.

Every hear of the old joke Patient: "Doctor, Doctor, it hurts when I do this." Doctor: "Don't do that."

For example, you mention packet loss due to ICMP redirects. So, why are there ICMP redirects?