disable ip routing on sup720 ?

Answered Question
Jan 3rd, 2008

Hi,

Is it possible to disable the layer 3 function on the sup720 in a cat6509E, as a step in the implementation of a secondary core we liked to have just only layer2 and not layer3, i was looking for a command "no ip routing" but couldn't find it in de ios

Thanks

I have this problem too.
0 votes
Correct Answer by ankbhasi about 9 years 2 weeks ago

Hi Jon,

You are always welcome :)

Now coming to your questions "service internal" command is an engineering command and should not be used in live production network by any customer. There is no official documentation for the same.

As I mentioned in my previous post software Release 12.1(20)E and later, the support for disablement of IP routing has been removed but you mentioned you were able to do "no ip routing" on sup 720 running 12.2(18) code correct? If this is a case I am not sure why it worked may be service internal command is already enabled on the release which you are running. Not sure though. I have to dig more to find that informaion.

Your last question is very tricky and the most easy way is to check 'sh ip route" but "no ip routing" is not saved in configuration but when you issue this command we will see this command in show run as this is not the default behavior and non default commands are displayed in running config but when you reload the same it will be enable again.

So the crux of conversation is we cannot disable ip routing and to make sure there is no ruting happening just configure all physical ports as "switchport" and make sure no logical layer 3 interfaces are configured with exception of 1 interface for management purpose.

I am not sure if I am able to put my thaughts well explained.

Regards,

Ankur

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (4 ratings)
Loading.
Jon Marshall Thu, 01/03/2008 - 14:14

Hi

I have to say that i thought the same as Glen until i just tested it in our lab and spent the next 10 mins logging in via a backdoor to turn it back on again. Once the "no ip routing" command was entered it removed the EIGRP config and lost all of it's routes.

This is with a SUP720-BASE running 12.2(18)SXF6.

We do have more up to date supervisor in our data centre but you can hopefully understand my reluctance to try it :)

Jon

pbogaerts Thu, 01/03/2008 - 14:22

hi Jon,

We have a WS-SUP720-3BXL (when i remember it good with the 12.2(18)SFX6), will try it tomorrow when I can have my hands on the catalyst, but today I was looking in the help and could not find the "no ip routing". Give you an update soon.

Thanks,

Peter

Jon Marshall Thu, 01/03/2008 - 14:26

Peter

Just checked one of our more up to date sups - SUP720-3B (no i didn't :)) and the command "no ip routing" is not an option so i suspect you wont be able to do it. It is also running 12.2(18)SXF6 so it must just be an option on the SUP720BASE.

Jon

Richard Burts Thu, 01/03/2008 - 14:24

It has been a long time - and it is possible that my memory is not entirely accurate about it - but I believe that at one time I discovered that even if you turn off ip routing that when the switch reboots ip routing is on again. (turning ip routing off does not survive over the reboot)

HTH

Rick

Jon Marshall Thu, 01/03/2008 - 14:30

Rick

You may well be right because once i managed to log onto the switch and do a

sh run | include no ip routing

it didn't show up in the config. Would be interesting to know but i think i'd like to physically be at the switch to try it.

Jon

Jon Marshall Fri, 01/04/2008 - 00:47

Hi Ankur

Had a look at the document and it mentions that if "service internal" is enabled on the switch the switch will accept "no ip routing" but it will not save it across a reboot.

Couple of questions if you don't mind

1) On the switch where i entered "no ip routing" (see previous post) there is indeed a "service internal" in the config.

On the switch where there was no option to enter "no ip routing" there wasn't. I can't try this on a live 6500 but when i entered "service internal ?" from global config it said unrecognised command. So is "service internal" a hidden command ?

2) Both the switches i tried it on were running 12.2(18)SXF6. So is it right to say you cannot disable ip routing because i did on 6500 with a SUP720BASE running 12.2(18)SXF6. Yes it would restore routing once rebooted but then how often do you reboot 6500 switches.

3) Out of interest, apart from the absence of routes which is the obvious thing, if the switch does not save the "no ip routing" command into it's config how would you know "ip routing" had been disabled ?

Jon

Correct Answer
ankbhasi Fri, 01/04/2008 - 04:44

Hi Jon,

You are always welcome :)

Now coming to your questions "service internal" command is an engineering command and should not be used in live production network by any customer. There is no official documentation for the same.

As I mentioned in my previous post software Release 12.1(20)E and later, the support for disablement of IP routing has been removed but you mentioned you were able to do "no ip routing" on sup 720 running 12.2(18) code correct? If this is a case I am not sure why it worked may be service internal command is already enabled on the release which you are running. Not sure though. I have to dig more to find that informaion.

Your last question is very tricky and the most easy way is to check 'sh ip route" but "no ip routing" is not saved in configuration but when you issue this command we will see this command in show run as this is not the default behavior and non default commands are displayed in running config but when you reload the same it will be enable again.

So the crux of conversation is we cannot disable ip routing and to make sure there is no ruting happening just configure all physical ports as "switchport" and make sure no logical layer 3 interfaces are configured with exception of 1 interface for management purpose.

I am not sure if I am able to put my thaughts well explained.

Regards,

Ankur

pbogaerts Fri, 01/04/2008 - 05:13

HI ankbhasi,

You ar right, i have just put one vlan interface for management purposes and this is working, there is only thing that i added when your are comming from another subnet to the management, you need to add a static route 0.0.0.0 0.0.0.0 A.B.C.D

with A.B.C.D the ip of the management interface on the core router, otherwise the packets are lost, the rest of the vlans are routed on the core.

Thanks all for you help

Jon Marshall Fri, 01/04/2008 - 05:42

Ankur

Many thanks for this. I would need to rerun test and i can't at the moment but i think i did check for "no ip routing" in the config once i had run the command and i didn't see it. Perhaps i just missed it.

Yes both switches were running 12.2(18) code. And the switch that allowed me to turn off ip routing did have a "service internal" line in the config.

Yes agreed, easiest way is to just to make all ports switchports and only one L3 interface for management.

Many thanks

Jon

glen.grant Thu, 01/03/2008 - 17:22

Think Rick hit it on the head , I recall that also .You can remove it but next reload it automatically puts it back . Not that it really matters just use a default route for management of the switch and trunk all other vlans up hill and route it at a dist layer if thats what you want to do . Just give the switch and ip address in a vlan with a default static route pointing to the dist or layer routing device , all other vlans will be trunked to the dist or core .

pbogaerts Fri, 01/04/2008 - 05:15

HI ankbhasi,

You ar right, i have just put one vlan interface for management purposes and this is working, there is only thing that i added when your are comming from another subnet to the management, you need to add a static route 0.0.0.0 0.0.0.0 A.B.C.D

with A.B.C.D the ip of the management interface on the core router, otherwise the packets are lost, the rest of the vlans are routed on the core.

Thanks all for you help

pbogaerts Tue, 01/08/2008 - 14:26

In addition on my previous question.

Do i have an issue when I configure HSRP already on the management vlan + a loopback address

ankbhasi Tue, 01/08/2008 - 19:44

Hi Friend,

HSRP is a gateway redundancy protocol. As understand from your original post you will be using this box as layer 2 box correct? HSRP is configured on layer 3 interface on L3 switch or routers whose interface ip address are used as gateway for end hosts.

If you are planning to deploy this box as layer 3 box then you can configure HSRP on your layer 3 interfaces but that is not required on your loopback interfaces as loopback interface ip address are not used as default gateway by your end hosts.

HTH

Ankur

*Pls rate all helpull post

pbogaerts Wed, 01/09/2008 - 03:58

The secondary switch should work for one week as L2 (first step to make it easy to fall back when there is production), but then we plan to put also the secondary new switch in L3 (HSRP and EIGRP like already configured on the primary), when i put already the management vlan in HSRP and I put a loopback address for TACACS, I would think this should work, because the rest of the vlans is routed by the primary switch, or do I mis something.

Thanks,

Peter

Actions

This Discussion