Table of Contents
Advertisement
Overview of the Catalyst 4003 and 4006 Layer 3 Services Module Interfaces
Switching Database Manager
Layer 3-switching software supports SDM. SDM resides on the central processor and its primary
function is to maintain the Layer 3-switching database in ternary TCAM. SDM maintains the address
entries contained in TCAM in an appropriate order. SDM manages TCAM space by partitioning
protocol-specific switching information into multiple regions.
The key benefit of SDM in Layer 3 switching is its ability to configure the size of the protocol regions
in TCAM. SDM enables exact-match and longest-match address searches, which result in high-speed
forwarding.
For more information about SDM, see the "Configuring the Switching Database Manager" section on
page 74.
Access Control Lists
ACLs allow you to filter packet flow into or out of switch router interfaces. ACLs are sometimes called
filters. You can use ACLs to restrict network use by certain users or devices. ACLs are created for each
protocol and applied on the interface either for inbound or outbound traffic. They can be configured for
all routed network protocols (IP or Novell IPX) to filter packets for the protocol as they pass through a
switch router. Only one ACL can be applied per protocol per (sub)interface in each direction.
When creating ACLs, you define criteria to apply to each packet processed by the switch router; the
switch router decides whether to forward or block the packet based on whether or not the packet
matches the criteria in your list. Packets that do not match any criteria in your list are automatically
blocked by the implicit "deny all traffic" criteria statement at the end of every access list.
The specific instructions for creating ACLs and applying them to interfaces vary from protocol to
protocol. Configuration of Layer 3-switching ACLs is identical to the configuration methods currently
employed on all Cisco routers.
ACL functionality is built into Gigabit Ethernet ports of the Catalyst 4000 Layer 3 Services module.
However, ACLs are not supported GEC. For more information on ACLs, see the "Configuring Access
Control Lists" section on page 60.
Traffic that is switched by interface modules does not support ACL logging. However, ACL logging is
supported for all traffic that goes to the CPU.
The enhanced Gigabit Ethernet interface module supports a TCAM size of 32K (32-bit) entries. The
combined size of the protocol regions and access lists should not exceed your TCAM space. The default
size of the access lists in a 32K TCAM is 512 (128-bit) entries. Before you configure the access list,
make sure that TCAM has enough space to accommodate the access list.
IEEE 802.1Q VLAN Bridging
Layer 3-switching software supports 802.1Q bridging over Gigabit Ethernet and GEC. The
Catalyst 4000 Layer 3 Services module can be deployed in environments with the 802.1Q trunking
protocol and can bridge between ISL and 802.1Q stations.
Local Proxy ARP
The Local Proxy ARP feature allows the Catalyst 4000 Layer 3 Services module to respond to ARP
requests for IP addresses within a subnet where normally no routing is required. With the local proxy
ARP feature enabled, the Catalyst 4000 Layer 3 Services module responds to all ARP requests for IP
Installation and Configuration Note for the Catalyst 4000 Layer 3 Services Module
38
78-10164-03
Advertisement
Table of Contents
