We have very simple configurations on our switches (small offices on an MPLS WAN link) that come to our HQ office for Internet access. Our switches are all 3560X switches running 12.2(58)SE2 - IP-BASE CRYPTO.
My question are these.
1. Some switches have this:
no ip route-cache cef
no ip route-cache
no ip mroute-cache
and some don't. Which would be better? To have it disabled or enabled.
1. Each of these commands disables CEF switching or fast switching, falling back to process switching. The first one disabling for unicast routing and the last one for multicast. CEF is MUCH more efficient at routing than process switching. Think of process switching as similar to using interrupts in a PC. It's processed in the CPU that can only do one thing at a time. CEF switching does the routing and switching in hardware bypassing the CPU, making it perform much better. Unless you have a reason to disable it, ip route-cache should be enabled.
2. This essentially times-out mac-address entries immediately for that VLAN. The default is 300 seconds. This can be handy if you are moving a device to a different port, but setting this to 0 can cause a lot of extra overhead on the switch and network since it will need to do a new mac-address broadcast for each packet that enters that switch on that VLAN in order to learn the destination MAC. You should set this back to the default.
3. service tcp-keepalives monitors tcp connections to and from the switch and will terminate the sessions if they are improperly closed on the remote device. This is a good thing to have on your switches.
service counters max age just sets the maximum age the interface counters are valid for when polled from SNMP or the CLI. The default is 5 seconds. It doesn't matter if you set this or not, but you should standardize across your configs.
4. Most versions of IOS, I believe, use version 2 by default. You only need to set version 3 if the NTP server requires it. You should be able to standardize across your configs if you are using the same NTP server.
1. no ip route-cache cef => Fall to fast switching (Disables CEF on that port)
no ip route-cache => Fall to process switching (Disables Fast switching on that port)
no ip mroute-cache => Disables Fast switching for IP multicast on that port.
By default, new Cisco IOS comes along with CEF enabled (none of the first two command should be on an interface), which is the most efficient way to switch packets. Last command is insignificant unless you are doing Multicast routing.
2. mac address-table aging-time 0 vlan X => Disables MAC aging for that particular VLAN.
MAC entries are supposed to age inherently. It is safe to assume a default timeout value of 300 sec (5 minutes), but it largely depends on the device itself as well. Impact of unknown unicasts trigerred by aged-out entries depends on the (LAN) segment size.
3. service tcp-keepalives-in => To detect and drop broken (not idle) TCP connections to the device. Remember asking network admin to reset the line? This command prevents it.
service tcp-keepalives-out => To detect and drop broken (not idle) TCP connections from the device.
service counters max age 10 => It has something to do with statistic retrieval time, some SNMP stuff. Not related to previous two commands.
4. ntp server xxx.xxx.xx.xxx prefer version 3 => Prefer tags this server as the preferred NTP server. Version depends on your IOS, 12.something version on uses NTP version 3 as default so it is just an additional parameter in the command if you are using an IOS with default NTP version 3.
ntp server xxx.xxx.xx.xxx prefer => Blah. Correct would depend on comapatability with the NTP server you are using.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...