-

i also get the output below on my 3560!

switch#sh int | i Tun

Tunnel10 is up, line protocol is down

Hardware is Tunnel

Tunnel source UNKNOWN

Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled

Tunnel TTL 255

So how reliable is the Cisco FN in situations like this ?

try to forward traffic through the tunnel

Rack1SW1#show ip route eigrp 1

91.0.0.0/24 is subnetted, 1 subnets

D 91.91.91.0 [90/297372416] via 9.9.9.2, 00:00:33, Tunnel0

Rack1SW1#ping 91.91.91.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 91.91.91.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 67/70/76 ms

Rack1SW1#telnet 91.91.91.2

Trying 91.91.91.2 ... Open

User Access Verification

Password:

Any impact on the CPU utilization?

I was routing 1 network.

I checked the CPU and showed no spike. Not sure how it would behave with a lot of traffic. Most likely, it will spike the CPU since packets will be processed switched.

Not a recommended solution but tunneling in the 3560 does work.

So the point here is whether it is 'usable' or not?

As most of the documents clearly indicated it is not recommended/fully support for "some" reason(CPU,etc).

Is this a generic rule for Catalyst 2XXX and 3XXX?

Are there any exceptions?

Edison: As a NCE would you suggest that Netpros rely on Cisco Feature Navigator?

Right, the feature works but not recommended due to hardware limitation.

The problem is that Cat3xxx shares a lot of the code from regular IOS routers and while the commands are available, the feature does not work. It comes to mind some QoS commands and ip accounting. While you can enter the commands in the CLI, they do nothing.

On this case, the tunnel actually works and transport data. In a pinch, you can configure a tunnel with a 3560 but I wouldn't recommend such design in a production environment. Large amount of data via the tunnel can result in a denial of service on the switch.

The Feature Navigator is a solid search engine. With that said, there are a lot of Cisco products out there and there are times when all the features/services aren't incorporated in the tool. Best bet is to double-check a feature/service by looking at the product's Release Notes.

HTH,

__

Edison.

Edison,

Great explanation !

Thanks for your valued thoughts and time..5+ :)

this is localy generated traffic...

interface Loopback91

ip address 91.91.91.2 255.255.255.0

interface Tunnel0

ip address 9.9.9.2 255.255.255.0

tunnel source Loopback0

tunnel destination 150.1.7.7

router eigrp 1

network 9.9.9.0 0.0.0.255

network 91.91.91.0 0.0.0.255

no auto-summary

Rack1SW2#sh ip eigrp neighbors tunnel 0

IP-EIGRP neighbors for process 100

IP-EIGRP neighbors for process 1

H Address Interface Hold Uptime SRTT RTO Q Seq Type

(sec) (ms) Cnt Num

0 9.9.9.1 Tu0 13 00:01:34 59 5000 0 3

Rack1SW2#

interface Tunnel0

ip address 9.9.9.1 255.255.255.0

tunnel source Loopback0

tunnel destination 150.1.8.8

router eigrp 1

network 9.9.9.0 0.0.0.255

no auto-summary

Rack1SW1#sh ip eigrp ne tunnel 0

IP-EIGRP neighbors for process 100

IP-EIGRP neighbors for process 1

H Address Interface Hold Uptime SRTT RTO Q Seq Type

(sec) (ms) Cnt Num

0 9.9.9.2 Tu0 12 00:02:21 285 5000 0 3

Rack1SW1#

!

!

!

Rack1R1(config)#ip route 9.9.9.0 255.255.255.0 183.1.17.7

Rack1SW2(config)#ip route 183.1.17.0 255.255.255.0 9.9.9.1

Rack1R1#trace 9.9.9.2

Type escape sequence to abort.

Tracing the route to 9.9.9.2

1 183.1.17.7 0 msec 4 msec 0 msec

2 9.9.9.2 45 msec * 40 msec

Rack1R1#telnet 9.9.9.2

Trying 9.9.9.2 ... Open

User Access Verification

Password:

Rack1SW2>

Rack1SW2#sh int tunnel 0

Tunnel0 is up, line protocol is up

Hardware is Tunnel

Internet address is 9.9.9.2/24

MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation TUNNEL, loopback not set

Keepalive not set

Tunnel source 150.1.8.8 (Loopback0), destination 150.1.7.7, fastswitch TTL 255

Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled

Tunnel TTL 255

Checksumming of packets disabled, fast tunneling enabled

Last input 00:00:00, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/0 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

140 packets input, 11041 bytes, 0 no buffer

Received 0 broadcasts (86 IP multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

128 packets output, 10944 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

Edison Ortiz

thank you for your patience. 5 ponits :)

but could you add some device behind 3560?