11-21-2012 05:38 AM - edited 03-07-2019 10:10 AM
Hi There.
We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.
Here are the Layer 3 Design:
Client -> vlan 2 - Switch - vlan 7 -> vlan 1 - ASA 5505 -> ISP
The Layer 2 Design:
Client -> Gig2/0/13 - Switch - Gig4/0/43 -> Eth0/1 ASA5505 -> ISP
IP Address:
Client: 172.16.2.10
Vlan2: 172.16.2.1
Vlan7: 172.16.7.1
ASA: 172.16.7.2
I assuming the switch has a problem with routing ?
It is a stacked Switch with following members:
switch 1 provision ws-c3750g-12s
switch 2 provision ws-c3750g-24ts
switch 3 provision ws-c3750g-24ts
switch 4 provision ws-c3750x-48
And we have following error message in the log from the switch:
%PLATFORM_UCAST-4-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded
I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue, maybe you guys know more.
Here are the relevant config:
ASA Interface on the Switch:
interface GigabitEthernet4/0/43
description ASA-inside LAN
switchport access vlan 7
switchport mode access
spanning-tree portfast
Client Interface on the Switch:
interface GigabitEthernet3/0/1
switchport access vlan 2
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
Routing:
ip route 0.0.0.0 0.0.0.0 172.16.7.2
ip route 10.0.0.0 255.255.0.0 172.16.7.2
ip route 10.4.1.0 255.255.255.0 172.16.7.5
ip route 10.4.16.1 255.255.255.255 172.16.7.5
ip route 10.6.5.0 255.255.255.0 172.16.7.5
ip route 10.7.2.0 255.255.255.0 172.16.7.5
ip route 10.7.3.0 255.255.255.0 172.16.7.5
ip route 10.7.4.0 255.255.255.0 172.16.7.5
ip route 194.56.145.128 255.255.255.128 172.16.7.5
sh ip route
Gateway of last resort is 172.16.7.2 to network 0.0.0.0
194.56.145.0/25 is subnetted, 1 subnets
S 194.56.145.128 [1/0] via 172.16.7.5
172.16.0.0/24 is subnetted, 8 subnets
C 172.16.8.0 is directly connected, Vlan8
C 172.16.4.0 is directly connected, Vlan4
C 172.16.5.0 is directly connected, Vlan5
C 172.16.6.0 is directly connected, Vlan6
C 172.16.7.0 is directly connected, Vlan7
C 172.16.1.0 is directly connected, Vlan1
C 172.16.2.0 is directly connected, Vlan2
C 172.16.3.0 is directly connected, Vlan3
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
S 10.7.4.0/24 [1/0] via 172.16.7.5
S 10.6.5.0/24 [1/0] via 172.16.7.5
S 10.0.0.0/16 [1/0] via 172.16.7.2
S 10.7.3.0/24 [1/0] via 172.16.7.5
S 10.7.2.0/24 [1/0] via 172.16.7.5
S 10.4.1.0/24 [1/0] via 172.16.7.5
S 10.4.16.1/32 [1/0] via 172.16.7.5
S* 0.0.0.0/0 [1/0] via 172.16.7.2
VLAN-Interfaces:
interface Vlan2
description Server
ip address 172.16.2.1 255.255.255.0
ip access-group 102 in
interface Vlan7
description Wan
ip address 172.16.7.1 255.255.255.0
SDM:
sh sdm prefer
The current template is "desktop vlan" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 12K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 0
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 0.5K
number of IPv4/MAC security aces: 1K
Solved! Go to Solution.
11-21-2012 06:47 AM
Dear Patrick,
First at all, interfaces are free of errors? Check also if any of connections is on half.
for the error mesage see:
(is a message that tells you that the number of IP routes is higher then the TCAM CEF entries for IP prefixes).
11-21-2012 07:42 AM
As Christos already the error message indicated TCAM table doesn't have enough room te store all the routes in your routing table.
If the routes are not able to store in the TCAM that means the traffic to that destination isn't switched in hardware anymore.
Packets may be switched in software (thru CPU) which could explain the performance issieu.
u should consider using another SDM template :
to show the current utilization u can use the command:sh platform tcam utilization
11-21-2012 06:47 AM
Dear Patrick,
First at all, interfaces are free of errors? Check also if any of connections is on half.
for the error mesage see:
(is a message that tells you that the number of IP routes is higher then the TCAM CEF entries for IP prefixes).
11-21-2012 07:42 AM
As Christos already the error message indicated TCAM table doesn't have enough room te store all the routes in your routing table.
If the routes are not able to store in the TCAM that means the traffic to that destination isn't switched in hardware anymore.
Packets may be switched in software (thru CPU) which could explain the performance issieu.
u should consider using another SDM template :
to show the current utilization u can use the command:sh platform tcam utilization
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide