12-13-2008 06:38 AM - edited 03-04-2019 12:41 AM
hi every body!
The command " show cef not-cef-switched" on IOS switch shows the reasons for a packet being punted to layer-3 engine. The reasons are:
1)no-adj.
2)n0-encap.
3) Unsupported.
4) redirect
5)options
6)access
7)frag.
However ,besides above mentioned reasons, there are other reasons which cause the packet to be punted to layer-3 engine such as:
1) access-list with log option is triggered.
2)Packets that are tunneled,requiring compression and encryption.
3)Nat( except for 6500 series switches which can handle Nat in cef)
MY question is if the packet is punted because of :
1) Packets need to be tunneled.
2)NAt
3)access-list with log optio is triggered.
Then the command" show cef-not-cef-switched " does not show these reasons in its output Or (Just my plain hunch) Would these reasons be Under" unsupported" field in the command output?
thanks a lot!
Solved! Go to Solution.
12-13-2008 12:35 PM
That's a very good question. It actually made me look at one of the routers here :)
It goes under 'unsupported' (I'm running NAT on this router, hence the number of hits).
sh cef not-cef-switched
CEF Packets passed on to next switching layer
Slot
RP
No_adj
189166
No_encap
0
Unsupp'ted
287823
Redirect
8
Receive
14001334
Options
0
Access
0
Frag
0
12-13-2008 12:35 PM
That's a very good question. It actually made me look at one of the routers here :)
It goes under 'unsupported' (I'm running NAT on this router, hence the number of hits).
sh cef not-cef-switched
CEF Packets passed on to next switching layer
Slot
RP
No_adj
189166
No_encap
0
Unsupp'ted
287823
Redirect
8
Receive
14001334
Options
0
Access
0
Frag
0
12-13-2008 02:12 PM
Thanks a lot Edison for your complement and reply!
12-10-2010 02:46 AM
By the way, can anybody clarify why a 'receive' counter can increase in 'show cef not-cef-switched' command on 3825 running 12.4(15)T8?
It increases with the rate roughly about 4 - 6 thousands (I beleive packets) per second.
The router has some 15 ipsec tunnel with eigrp, some 15 ipsec tunnels with rip, does very very little nat.
'show crypto engine stat' shows normal hardware encryption with no errors, interfaces display no rapidly growing errors or throttles.
'show ip route summary' doesn't display any changes observable on short intervals so it's unlikely from routing updates. no other users logged into the
box as well. 'show interfaces switching' displays about 1 - 2 thousands packets per second increase in 'packets in' for 'process' category in 'protocol IP'
(which I beleive to refer to process switching).
I'm investigating the case due to a cpu utilization steady at 40 - 50 %.
Would appreciate any clues.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide