Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3814
Views
0
Helpful
3
Replies

Switch Configuration

cpremo
Level 1
Level 1

‎03-20-2014 12:37 PM - edited ‎03-07-2019 06:47 PM

We have very simple configurations on our switches (small offices on an MPLS WAN link) that come to our HQ office for Internet access.  Our switches are all 3560X switches running 12.2(58)SE2 - IP-BASE CRYPTO.

My question are these.

 

1.  Some switches have this:

         no ip route-cache cef

         no ip route-cache

         no ip mroute-cache

 

and some don't.  Which would be better?  To have it disabled or enabled.

 

2. Some swithches have this:

        mac address-table aging-time 0 vlan X

some don't.  Should they all have it or none?

 

3.  Some swithches have this:

         service tcp-keepalives-in

         service tcp-keepalives-out

         service counters max age 10

some don't. Should they all have it or none?

 

4.  Some swithches have this:

         ntp server xxx.xxx.xx.xxx prefer version 3

and some say:

         ntp server xxx.xxx.xx.xxx prefer

Which is most correct?

Labels:
0 Helpful
3 Replies 3

Mike Williams
Level 5
Level 5

‎03-20-2014 07:55 PM

Hello,

Here's my take:

1. Each of these commands disables CEF switching or fast switching, falling back to process switching. The first one disabling for unicast routing and the last one for multicast. CEF is MUCH more efficient at routing than process switching. Think of process switching as similar to using interrupts in a PC. It's processed in the CPU that can only do one thing at a time. CEF switching does the routing and switching in hardware bypassing the CPU, making it perform much better. Unless you have a reason to disable it, ip route-cache should be enabled.

2. This essentially times-out mac-address entries immediately for that VLAN. The default is 300 seconds. This can be handy if you are moving a device to a different port, but setting this to 0 can cause a lot of extra overhead on the switch and network since it will need to do a new mac-address broadcast for each packet that enters that switch on that VLAN in order to learn the destination MAC. You should set this back to the default.

3. service tcp-keepalives monitors tcp connections to and from the switch and will terminate the sessions if they are improperly closed on the remote device. This is a good thing to have on your switches.

service counters max age just sets the maximum age the interface counters are valid for when polled from SNMP or the CLI. The default is 5 seconds. It doesn't matter if you set this or not, but you should standardize across your configs.

4. Most versions of IOS, I believe, use version 2 by default. You only need to set version 3 if the NTP server requires it. You should be able to standardize across your configs if you are using the same NTP server.

 

Hope that helps.

Mike

0 Helpful

Dharamjeet Brar
Level 1
Level 1
In response to Mike Williams

‎03-20-2014 08:49 PM

2. The value of 0 disables mac-aging, rather than making it more frequent.
0 Helpful

Dharamjeet Brar
Level 1
Level 1

‎03-20-2014 08:46 PM

1. no ip route-cache cef => Fall to fast switching (Disables CEF on that port)

no ip route-cache => Fall to process switching (Disables Fast switching on that port)

no ip mroute-cache => Disables Fast switching for IP multicast on that port.

By default, new Cisco IOS comes along with CEF enabled (none of the first two command should be on an interface), which is the most efficient way to switch packets. Last command is insignificant unless you are doing Multicast routing.

 

2. mac address-table aging-time 0 vlan X => Disables MAC aging for that particular VLAN.

MAC entries are supposed to age inherently. It is safe to assume a default timeout value of 300 sec (5 minutes), but it largely depends on the device itself as well. Impact of unknown unicasts trigerred by aged-out entries depends on the (LAN) segment size.

 

3. service tcp-keepalives-in => To detect and drop broken (not idle) TCP connections to the device. Remember asking network admin to reset the line? This command prevents it.

service tcp-keepalives-out => To detect and drop broken (not idle) TCP connections from the device.

service counters max age 10 => It has something to do with statistic retrieval time, some SNMP stuff. Not related to previous two commands.

 

4. ntp server xxx.xxx.xx.xxx prefer version 3 => Prefer tags this server as the preferred NTP server. Version depends on your IOS, 12.something version on uses NTP version 3 as default so it is just an additional parameter in the command if you are using an IOS with default NTP version 3.

ntp server xxx.xxx.xx.xxx prefer => Blah. Correct would depend on comapatability with the NTP server you are using.

I really have no idea about NTP settings.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card