[c-nsp] unicast IPv4 packets punted on Cisco 4500

Martin T m4rtntns at gmail.com
Fri Oct 24 09:36:36 EDT 2014 

Hi,

FYI, if there is a switch which doesn't allow one to disable MAC
address learning, but supports ingress forwarding for SPAN(port
mirroring in non-Cisco terms), then following configuration will
achieve the same:

WS-C4506#sh run | i monitor
monitor session 1 source interface Gi6/36 rx
monitor session 1 destination interface Gi6/35 ingress vlan 555
WS-C4506#
WS-C4506#sh monitor session 1
Session 1
---------
Type                   : Local Session
Source Ports           :
    RX Only            : Gi6/36
Destination Ports      : Gi6/35
    Encapsulation      : Native
          Ingress      : Enabled, default VLAN = 555
         Learning : Disabled


WS-C4506#

Port Gi6/36 is in VLAN 555, hardware loop is connected to port Gi6/35
and traffic generator is connected to port Gi6/36.


regards,
Martin

On 10/24/14, Martin T <m4rtntns at gmail.com> wrote:
> Thanks!
>
>
> Martin
>
> On 10/23/14, Andras Toth <diosbejgli at gmail.com> wrote:
>> Hi Martin,
>>
>> On Catalyst 4500 the MAC learning is done by CPU.
>>
>> Catalyst 6500 (at least with Sup32 & Sup720), and Nexus switches perform
>> MAC learning in hardware.
>>
>> Best regards,
>> Andras
>>
>>
>> On Wed, Oct 22, 2014 at 1:58 PM, Martin T <m4rtntns at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> thanks for all the replies! I overlooked the "SA Miss" field. I guess
>>> the reason why source MAC address needs to be re-learned is that it's
>>> flapping between the ports Gi6/45 and Gi6/48. As I explained,
>>> "Ethernet tester" sends out frames with source MAC address
>>> 00:00:00:00:00:11 and destination MAC address 00:18:63:00:32:76 to
>>> Gi6/45 port and those frames are hardware-looped to port Gi6/48 with
>>> the same source MAC address.
>>> So in order to avoid the high CPU utilization because of source MAC
>>> address re-learning, I can:
>>>
>>> 1) create a static MAC address-table entry("mac address-table static
>>> 0000.0000.0011 vlan 900 interface GigabitEthernet6/48" or "mac
>>> address-table static 0000.0000.0011 vlan 900 interface
>>> GigabitEthernet6/45")
>>> 2) disable MAC address learning for VLAN 900("no mac address-table
>>> learning vlan 900")
>>>
>>> First command normalizes the CPU usage, but switch seems to drop the
>>> traffic if MAC address table entry points to a different port where
>>> the frame came in from. With disabling the MAC address learning I'm
>>> able to achieve what I needed.
>>>
>>>
>>> Is this Cisco Catalyst 4500 series platform-specific behavior that MAC
>>> address table entries are done by switch CPU? Or is this so for all
>>> the Catalyst and Nexus switches?
>>>
>>>
>>> thanks,
>>> Martin
>>>
>>> On 10/21/14, Lukas Tribus <luky-37 at hotmail.com> wrote:
>>> >> "Event: SA Miss" means that the MAC Source Address needs to be learnt
>>> (or
>>> >> re-learnt) so the switch send a copy of the packet to CPU for
>>> >> learning
>>> the
>>> >> MAC address. Perhaps the MAC is not learn yet, or the aging timer is
>>> >> too
>>> >> low, or the MAC is learnt on another port already and it's flapping.
>>> >
>>> > Or the traffic generator uses random source mac addresses.
>>> >
>>> >
>>> > Lukas
>>> >
>>> >
>>>
>>
>

More information about the cisco-nsp mailing list