I have a 3560C switch i'm using for Routing between some VLANs and default route. But the default route is giving me some problems, because as far as I can se the Switch does not support indirectly connected routes on the defualt SDM template and i can't change the template.
The routing is working but with high CPU utilization and an error:
Cisco IOS Software, C3560C Software (C3560c405ex-UNIVERSALK9-M), Version 15.2(2)E5
Can you share the output of "show version" from the switch in question? I want to know the exact switch model and it's license level.
I guess you are using Gigabit switch model which does not allow you to change the default SDM template. It is a limitation on this platform.
You must be seeing high CPU or TCAM related error because routes are failing to get installed in TCAM table. Output of following CLIs might be helpful to understand the situation better-
show platform tcam utilization asic all
sh ip route sum
show platform ip unicast failed route
1. If you are using IPBASE license, then whatever you see in SDM output that definitely looks buggy. You must see support of Indirectly connected routes with IPBASE license. It should support 4K directly connected and 875 indirectly connected routes. With IPBASE license, we have seen some issues where TCAM output shows incorrectly but that was cosmetic. A bug (CSCtz11560) was filed to correct that issue, it is not fixed yet. But I don't think your issue is cosmetic.
2. LAN BASE feature do support static routing on quite a few platforms but I need to check if 3560CG supports that or not. Feature navigator indicates it does not but I can double check for you if you confirm that your switch is running LANBASE. If this turns out to be bottleneck then you may need to upgrade the license to IPBASE.
Search for 'static route support on lanbase images', click add and then click on continue.
From the release/platform tree, choose platform tab.
You will notice that your platform which < WS-C3560CG-8TC-S > not included on the supported platforms list.
Please rate this post if helpful
Thanks for the reply.
It is an IPBASE license
Thanks for the outputs. With IPBASE license , you should be able to work with direct and indirect routes both.
I know a few platforms which needs "IP Routing" need to be enabled explicitly, can you check if you have that enabled on your switch or not (Don't go by "show ip route" output) ? Running-config should display that - "ip routing".
If it is not then I think you should just enabled that globally and verify the TCAM again. Ideally the TCAM output on this switch with ipbase license should look like this. If it is already enabled then kindly attach the "show tech" pls.
The current template is "default" template. The selected template optimizes the resources in the switch to support this level of features for 8 routed interfaces and 1024 VLANs. number of unicast mac addresses: 4K number of IPv4 IGMP groups + multicast routes: 0.25K number of IPv4 unicast routes: 4.875k number of directly-connected IPv4 hosts: 4K number of indirect IPv4 routes: 0.875k <<<<<<<<<< number of IPv6 multicast groups: 0.25K number of directly-connected IPv6 addresses: 0.25K number of indirect IPv6 unicast routes: 0 number of IPv4 policy based routing aces: 0 number of IPv4/MAC qos aces: 0.375k number of IPv4/MAC security aces: 0.375k number of IPv6 policy based routing aces: 0 number of IPv6 qos aces: 60 number of IPv6 security aces: 0.125k
Please rate this post if helpful.
It looks buggy. Can you open a TAC case and give me the case number?
Can you tell me when did u start seeing this strange output of "show SDM prefer" ? Is it seen after upgrading the software or doing any change with SSH etc?
A reload of the box might help. If it does not then try downgrading the software. 15.2(2)E5 is very promising code but this symptom does not look good.
One more thing - I noticed that your switch is reporting lot of "Adj resolve request failed" error, and it has potential of spiking CPU.
Aug 11 04:26:52.467: %ADJ-5-RESOLVE_REQ_FAIL: Adj resolve request failed for 10.7.200.130 on Vlan200
Aug 11 04:26:57.889: %ADJ-5-RESOLVE_REQ_FAIL: Adj resolve request failed for 10.7.10.35 on Vlan10
Aug 11 04:27:02.891: %ADJ-5-RESOLVE_REQ_FAIL: Adj resolve request failed for 10.7.200.144 on Vlan200
This is due to ARP retry feature enhancement, I guess your switch has quite a few incomplete ARP entries. Try following commands, it should stop printing these logs.
no ip arp incomplete enable
no ip cef optimize neighbor resolution <<<try this only if above command does not help
But check why it has incomplete ARP entries. Make sure default-route's next hop is reachable.