- Index
- Preface
- Overview
- Using the Command-Line Interface
- Configuring Cisco IOS Configuration Engine
- Assigning the Switch IP Address and Default Gateway
- Managing Switch Stacks
- Clustering Switches
- Administering the Switch
- Configuring SDM Templates
- Managing Catalyst 3750-X Stack Power
- Configuring Switch-Based Authentication
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring MACsec Encryption
- Configuring Web-Based Authentication
- Cisco TrustSec
- Configuring Interface Characteristics
- Configuring VLANs
- Configuring VTP
- Configuring Voice VLANs
- Configuring Private VLANs
- Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Resilient Ethernet Protocol
- Configuring Flex Links
- Configuring DHCP Features and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring IGMP Snooping and MVR
- Configuring IPv6 MLD Snooping
- Configuring CDP
- Configuring Port-Based Traffic Control
- Configuring LLDP, LLDP-MED, and Wired Location Service
- Configuring UDLD
- Configuring SPAN and RSPAN
- Configuring RMON
- Configuring System Message Logging and Smart Logging
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring QoS
- Configuring IPv6 ACLs
- Configuring EtherChannels and Link-State Tracking
- Configuring TelePresence E911 IP Phone Support
- Configuring IP Unicast Routing
- Configuring IPv6 Unicast Routing
- Configuring HSRP and VRRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Flexible NetFlow
- Configuring Enhanced Object Tracking
- Configuring WCCP
- Configuring IP Multicast Routing
- Implementing IPv6 Multicast
- Configuring MSDP
- Configuring Fallback Bridging
- Troubleshooting
- Configuring Online Diagnostics
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- Unsupported Commands in Cisco IOS Release 15.0(2)EZ
Configuring SDM Templates
This chapter describes how to configure the Switch Database Management (SDM) templates on the Catalyst 3750-X or 3560-X switch. Unless otherwise noted, the term switch refers to a Catalyst 3750-X or 3560-X standalone switch and to a Catalyst 3750-X switch stack.
Note
For complete syntax and usage information for the commands used in this chapter, see the command reference for this release.
Understanding the SDM Templates
You can use SDM templates to configure system resources in the switch to optimize support for specific features, depending on how the switch is used in the network. You can select a template to provide maximum system usage for some functions; for example, use the default template to balance resources, and use the access template to obtain maximum ACL usage. The switch SDM templates allocate system hardware resources for different uses.
You can select SDM templates for IP Version 4 (IPv4) to optimize these features on switches running the IP Base or IP Services feature set:
Note When the switch is running the LAN Base feature set, do not select a routing template (sdm prefer routing). The routing values shown in the templates are not valid on the switch. To configure IPv4 static routing on switches running the LAN Base feature set, you must use the default template.
- Routing—The routing template maximizes system resources for unicast routing, typically required for a router or aggregator in the center of a network.
- VLANs—The VLAN template disables routing and supports the maximum number of unicast MAC addresses. It would typically be selected for a Layer 2 switch.
- Default—The default template gives balance to all functions.
Note Use this template when configuring IPv4 static routing on SVIs on switches running the LAN Base feature set. You can configure up to 16 static routes.
- Access—The access template maximizes system resources for access control lists (ACLs) to accommodate a large number of ACLs.
The switch also supports multiple dual IPv4 and IP Version 6 (IPv6) templates for environments with both types of traffic. See the “Dual IPv4 and IPv6 SDM Templates” section.
Table 8-1 lists the approximate numbers of each resource supported in each of the four IPv4 templates.
Note Although these templates are visible on all switches, the resources on switches running the LAN Base feature do not match those shown in the templates:
- Switches running the LAN Base feature set support only 255 VLANs, not 1024 as shown in all templates.
- Although the routing template is visible, the template is not supported. The LAN Base feature set supports IPv4 static routing on SVIs (up to 16 static routes) and the switch must be running the default template.
|
|
|
|
|
|
|---|---|---|---|---|
The table represents approximate hardware boundaries set when a template is selected. If a section of a hardware resource is full, all processing overflow is sent to the CPU, seriously impacting switch performance.
In mixed stack scenarios such as lotr and pixar, the default template will be enabled with IPv6 FHS on pixar, but not on lotr. You cannot have mixed stack with default/vlan/routing/access templates with IPv6 FHS enabled.
You can use IPv6 FHS features such as RA Guard, DHCP Guard and NDP snooping by using the entries reserved for IPv6 Security Aces. Other IPv6 features such as IPv6 QoS or other IPv6 FHS features such as Source Guard will not work with this template.
Dual IPv4 and IPv6 SDM Templates
The dual IPv4 and IPv6 templates allow the switch to be used in dual-stack environments, supporting both IPv4 and IPv6 traffic. For more information about IPv6 and how to configure IPv6 unicast routing, see Chapter45, “Configuring IPv6 Unicast Routing”
Using the dual-stack templates results in less hardware capacity allowed for each resource. Do not use them if you plan to forward only IPv4 traffic. These SDM templates support IPv4 and IPv6 environments on switches running the IP Base or IP Services feature set:
Note Do not select a routing template (sdm prefer routing, sdm prefer dual-ipv4-and-ipv6 routing, or indirect-ipv4-and-ipv6-routing) when the switch is running the LAN Base feature set. Although visible in the command-line help, the LAN Base feature set does not support IPv6 routing. On switches running the LAN Base feature set, routing values shown in all templates are not valid.
- Dual IPv4 and IPv6 default template—Supports Layer 2, multicast, routing, QoS, and ACLs for IPv4; and Layer 2, routing, ACLs, and QoS for IPv6 on the switch.
- Dual IPv4 and IPv6 routing template—Supports Layer 2, multicast, routing (including policy-based routing), QoS, and ACLs for IPv4; and Layer 2, routing, ACLs, and QoS for IPv6 on the switch.
- Dual IPv4 and IPv6 VLAN template—Supports basic Layer 2, multicast, QoS, and ACLs for IPv4, and basic Layer 2, ACLs, and QoS for IPv6 on the switch.
With the indirect IPv4 and IPv6 routing template (introduced in Cisco IOS Release 12.2(58)SE), the switch supports more IPv6 indirect routes for deployments that do not need much direct IPv6 host route connectivity. Compared to the dual IPv4 and IPv6 routing template, the indirect IPv4 and IPv6 routing template also provides more unicast MAC addresses and IPv4 and IPv6 direct routes. However, the indirect IPv4 and IPv6 routing template allows fewer IPv4 policy-based routing entries and IPv6 ACL, QoS, and policy-based routes.
You must reload the switch with the dual IPv4 and IPv6 templates for switches running IPv6.
Table 8-2 defines the approximate feature resources allocated by each dual IPv4 and IPv6 template on switches running the IP Base or IP Services feature set. Template estimations are based on a switch with 8 routed interfaces and 1024 VLANs (255 VLANs on switches running the LAN Base feature set).
Note Although these templates are visible on all switches, the resources on switches running the LAN Base feature set do not match those shown in the templates:
- Switches running the LAN Base feature set support only 255 VLANs, not 1024 VLANs as shown in all templates.
- Although the routing template is visible, the template is not supported. The LAN Base feature set supports only 16 static IPv4 routes on SVIs, and the switch must be running the default template.
|
|
|
|
||
|---|---|---|---|---|
|
|
|
|
||
SDM Templates and Switch Stacks
In only a Catalyst 3750-X or a mixed hardware switch stack, all stack members must use the same SDM template that is stored on the active switch. When a new switch is added to a stack, the SDM configuration that is stored on the active switch overrides the template configured on an individual switch. For more information about stacking, see Chapter5, “Managing Switch Stacks”
You can use the show switch privileged EXEC command to see if any stack members are in SDM mismatch mode. This example shows the output from the show switch privileged EXEC command when an SDM mismatch exists:
This is an example of a syslog message notifying the stack master that a stack member is in SDM mismatch mode:
Configuring the Switch SDM Template
These sections contain this configuration information:
Default SDM Template
The default template is the default Switch Database Management (SDM) desktop template.
SDM Template Configuration Guidelines
- When you configure a new SDM template, you must reload the switch for the configuration to take effect.
- On switches running the IP Base or IP Services feature set, use the sdm prefer vlan global configuration command only on switches intended for Layer 2 switching with no routing.
When you use the VLAN template, no system resources are reserved for routing entries, and any routing is done through software. This overloads the CPU and severely degrades routing performance.
- Do not select a routing template ( sdm prefer routing, sdm prefer dual-ipv4 -and-ipv6 routing, or indirect-ipv4-and-ipv6-routing) when the switch is running the LAN Base feature set. Although visible in the command-line help, the LAN Base feature set does not support the routing templates. On switches running the LAN Base feature set, none of the routing values shown for the templates are valid.
- Beginning with Cisco IOS Release 12.2(58)SE, the LAN Base feature set supports configuration of 16 static IPv4 routes on SVIs. Use the default template when configuring static routing on switches running the LAN Base feature set.
- On switches running the LAN Base feature set, the number of supported VLANs displayed in the templates is incorrect. The LAN Base feature set supports only 255 VLANs.
- Do not use the routing template if you do not have routing enabled on your switch. To prevent other features from using the memory allocated to unicast routing in the routing template, use the sdm prefer routing global configuration command.
- If you try to configure IPv6 without first selecting a dual IPv4 and IPv6 template, a warning message appears.
- Using the dual stack template results in less hardware capacity allowed for each resource, so do not use it if you plan to forward only IPv4 traffic.
- Use the indirect-ipv4-and-ipv6-routing template to provide more space for IPv4 and IPv6 summary or indirect routes by providing less space for IPv4 policy-based routing entries and IPv6 ACL, QoS, and policy-based routes.
Setting the SDM Template
To configure an SDM template:, follow these steps beginning in privileged EXEC mode:
After the system reboots, you can use the show sdm prefer privileged EXEC command to verify the new template configuration. If you enter the show sdm prefer command before you enter the reload privileged EXEC command, the show sdm prefer command shows the template currently in use and the template that will become active after a reload.
This is an example output when you have changed the template and have not reloaded the switch:
To return to the default template, use the no sdm prefer global configuration command.
This example shows how to configure a switch running the IP Base or IP Services feature set with the routing template:
This example shows how to configure the IPv4-and-IPv6 default template:
Displaying the SDM Templates
Use the show sdm prefer privileged EXEC command with no parameters to display the active template.
To display the resource numbers supported by the specified template, use the show sdm prefer [ access | default | dual-ipv4-and-ipv6 { default | vlan } | indirect-ipv4-and-ipv6-routing | routing | vlan ] privileged EXEC command.
Note On switches running the LAN Base feature set, routing values shown in all templates are not valid.
This is an example of output from the show sdm prefer command that displays the template in use:
Although the outputs are the same on all switches, the outputs for the routing templates are valid only on switches running the IP Base or IP Services feature set. This is an example of output from the show sdm prefer routing command:
This is an example of output from the show sdm prefer dual-ipv4-and-ipv6 routing command:
Feedback