Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Switch Configuration

We have very simple configurations on our switches (small offices on an MPLS WAN link) that come to our HQ office for Internet access.  Our switches are all 3560X switches running 12.2(58)SE2 - IP-BASE CRYPTO.

My question are these.


1.  Some switches have this:

         no ip route-cache cef

         no ip route-cache

         no ip mroute-cache


and some don't.  Which would be better?  To have it disabled or enabled.


2. Some swithches have this:

        mac address-table aging-time 0 vlan X

some don't.  Should they all have it or none?


3.  Some swithches have this:

         service tcp-keepalives-in

         service tcp-keepalives-out

         service counters max age 10

some don't. Should they all have it or none?


4.  Some swithches have this:

         ntp server prefer version 3

and some say:

         ntp server prefer

Which is most correct?


Hello,Here's my take:1. Each


Here's my take:

1. Each of these commands disables CEF switching or fast switching, falling back to process switching. The first one disabling for unicast routing and the last one for multicast. CEF is MUCH more efficient at routing than process switching. Think of process switching as similar to using interrupts in a PC. It's processed in the CPU that can only do one thing at a time. CEF switching does the routing and switching in hardware bypassing the CPU, making it perform much better. Unless you have a reason to disable it, ip route-cache should be enabled.

2. This essentially times-out mac-address entries immediately for that VLAN. The default is 300 seconds. This can be handy if you are moving a device to a different port, but setting this to 0 can cause a lot of extra overhead on the switch and network since it will need to do a new mac-address broadcast for each packet that enters that switch on that VLAN in order to learn the destination MAC. You should set this back to the default.

3. service tcp-keepalives monitors tcp connections to and from the switch and will terminate the sessions if they are improperly closed on the remote device. This is a good thing to have on your switches.

service counters max age just sets the maximum age the interface counters are valid for when polled from SNMP or the CLI. The default is 5 seconds. It doesn't matter if you set this or not, but you should standardize across your configs.

4. Most versions of IOS, I believe, use version 2 by default. You only need to set version 3 if the NTP server requires it. You should be able to standardize across your configs if you are using the same NTP server.


Hope that helps.


New Member

2. The value of 0 disables

2. The value of 0 disables mac-aging, rather than making it more frequent.
New Member

1. no ip route-cache cef =>

1. no ip route-cache cef => Fall to fast switching (Disables CEF on that port)

no ip route-cache => Fall to process switching (Disables Fast switching on that port)

no ip mroute-cache => Disables Fast switching for IP multicast on that port.

By default, new Cisco IOS comes along with CEF enabled (none of the first two command should be on an interface), which is the most efficient way to switch packets. Last command is insignificant unless you are doing Multicast routing.


2. mac address-table aging-time 0 vlan X => Disables MAC aging for that particular VLAN.

MAC entries are supposed to age inherently. It is safe to assume a default timeout value of 300 sec (5 minutes), but it largely depends on the device itself as well. Impact of unknown unicasts trigerred by aged-out entries depends on the (LAN) segment size.


3. service tcp-keepalives-in => To detect and drop broken (not idle) TCP connections to the device. Remember asking network admin to reset the line? This command prevents it.

service tcp-keepalives-out => To detect and drop broken (not idle) TCP connections from the device.

service counters max age 10 => It has something to do with statistic retrieval time, some SNMP stuff. Not related to previous two commands.


4. ntp server prefer version 3 => Prefer tags this server as the preferred NTP server. Version depends on your IOS, 12.something version on uses NTP version 3 as default so it is just an additional parameter in the command if you are using an IOS with default NTP version 3.

ntp server prefer => Blah. Correct would depend on comapatability with the NTP server you are using.

I really have no idea about NTP settings.

CreatePlease to create content