Configuration and Overview of the Router Module
for the Catalyst 4500/4000 Family (WS-X4232-L3)Printable Pdf
Document ID: 6198
Contents
Introduction Prerequisites
Requirements
Components Used
Conventions Architecture Overview Configuration of the WS-X4232-L3
Supervisor Engine
Router
Access List Support on the WS-X4232-L3 Sample Configurations
Network Diagram
Switch Supervisor Engine Configuration
Router Module Configuration Conclusion and Tips NetPro Discussion Forums - Featured Conversations Related Information
Introduction
This document describes the WS-X4232-L3 router module for the Cisco Catalyst 4500/4000 series switches.
In addition to a description of the architecture and configuration of the WS-X4232-L3, this document also
provides a sample configuration that uses a Catalyst 4500/4000 series switch and the router module.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
Cisco Catalyst OS (CatOS) release 5.5(1) or later
Cisco IOS® Software Release 12.0(7)W5(15d)
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
The Cisco IOS Software image file name for the WS-X4232-L3 begins with "cat4232-". You can find the
file in the the Catalyst 4232 section of the Cisco IOS Upgrade Planner for LAN switching software.
Note: There is support for the router module when you use it in conjunction with the Supervisor Engine 1 and
Supervisor Engine 2. There is no support, however, for the router module when you use it in conjunction with
Supervisor Engine 2+, 3, 4, or 5.
Note: For details on the software features that have support on the router module (WS-X4232-L3), refer to
the Features section of the Installation and Configuration Note for the Catalyst 4000 Layer 3 Services Module
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
Architecture Overview
The WS-X4232-L3 module has 32 Fast Ethernet ports and two Gigabit Ethernet ports.
These two Gigabit Ethernet ports correspond to interfaces gigabit 1 and gigabit 2 in the router configuration.
These Gigabit Ethernet ports are routed ports.
Internally, the module has two Gigabit Ethernet interfaces (gigabit 3 and gigabit 4) that connect the router to
the switch backplane. The switch backplane uses the first two ports in that slot to connect to the router
module. When you insert the WS-X4232-L3 module in slot 3, Gigabit Ethernet interfaces 3 and 4 connect to
the backplane ports 3/1 and 3/2. Ports 3/1 and 3/2 are Layer 2 (L2) ports with configuration on the switch
Supervisor Engine. Gigabit Ethernet interfaces 3 and 4 are L3 ports with configuration on the router module.
There are 32 Fast Ethernet ports on the router module. These ports are L2 ports and do not perform any L3
functions. Although the ports have a physical location on the router module, you must configure the ports on
the switch Supervisor Engine.
This diagram provides a visual explanation of the architecture. For this setup, install the router module in slot
2 of the Catalyst switch.
Configuration of the WS-X4232-L3
Supervisor Engine
The show port command displays the two gigabit ports and the 32 10/100 Mbps ports with the numbers 1
through 34.
Note: The two gigabit ports that you see from the Supervisor Engine are not the two ports that you see on the
front panel; the ports that you see from the Supervisor Engine are the two switched ports that connect to the
route engine. You then need to configure the physical ports as switch ports. This configuration is similar to
the configuration of the Multilayer Switch Module (MSM) on the Catalyst 6500/6000 series switches. The
more common configuration for these ports is to set them as Gigabit EtherChannel (GEC) and trunking; that
way, you can route between all VLANs on the router.
Note: You can access the router module from the Supervisor Engine if you issue the session module#
command. This action is similar to access of the Route Switch Module (RSM) in a Catalyst 5500/5000 series
switch.
Router
If you see a router prompt, look for four Gigabit Ethernet interfaces with numbers from 1 to 4 (gigabit 1,
gigabit 2, gigabit 3, and gigabit 4) and a Fast Ethernet out-of-band interface.
This is the default configuration:
Router# show run
Building configuration...
Current configuration:
!
version 12.0
service config
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
interface FastEthernet1
no ip address
no ip directed-broadcast
shutdown
!
interface gigabitEthernet1
no ip address
no ip directed-broadcast
!--- Output suppressed.
Note: In this configuration, gigabit 3 and gigabit 4 are the connection that goes to the backplane; gigabit 1 and
gigabit 2 are the user ports on the front panel (routed ports). Most of the time, as on an MSM, you configure
port 3 and port 4 to be part of the same interface port channel. Also, you configure subinterfaces on that
channel (with Inter-Switch Link Protocol [ISL] or IEEE 802.1Q encapsulation). As on the MSM, the
configuration of gigabit 3 and gigabit 4 on the router module needs to be consistent with the configuration of
port slot/1 and slot/2 on the switch side. You can then check the traffic between the router and the switch if
you issue the show interface port-channel or show interface gigabitethernet commands.
Access List Support on the WS-X4232-L3
There is support for access control lists (ACLs) on the WS-X4232-L3 router module, but the sample
configuration that this document discusses does not support ACLs. For more information on ACL
configurations with support for the WS-X4232-L3 module, refer to the document Configuring ACLs on the
WS-X4232-L3 Router Module for the Catalyst 4000 Family.
Sample Configurations
The sample configuration contains the elements in this list. (See the Network Diagram that follows.)
Bang A Catalyst 4500/4000 series switch with a router module in slot 3.
Liki A router that attaches to Gigabit Ethernet 1 on the router module.
Donald A router that attaches in VLAN 2 on port 3/3 of Bang. Port 3/3 is one of the L2 ports of the
router module.
Daniella A router that attaches in VLAN 3 on port 2/3 of Bang.
This configuration includes a GEC connection between the router module and the Catalyst 4500/4000 series
switch. You configure trunking on the GEC to allow multiple VLANs to pass to the router for interVLAN
routing. This GEC configuration is the standard configuration; all the commands specific to this setup are
moved into the port-channel subinterfaces.
When you use the L3 module, remember that all traffic that reaches the router on the native VLAN is routed
in software. This situation has an adverse effect on the performance of the switch. The microcode on the
WS-X4232-L3 does not process 802.1Q packets that come in on the native VLAN without tags; instead, the
packets go to the CPU, and the CPU processes the packets. This process results in high CPU utilization if the
CPU receives packets without tags at a high rate on the native VLAN subinterfaces. Therefore, create a
dummy VLAN (which does not contain any user traffic) as the native VLAN. In this configuration example
(the Network Diagram), VLAN 99 serves as the native VLAN. Configure only the native VLAN on the GEC
between the router and the switch; do not configure any other ports on the switch in this dummy VLAN.
Note: Create a dummy VLAN as the native VLAN on the trunk links between the router and the switch. The
CPU routes in software all the traffic that sends on the native VLAN, which has an adverse effect on the
performance of the switch. Create an additional VLAN that you do not use anywhere else in the network and
make this VLAN the native VLAN for the trunk links between the router and the switch.
Network Diagram
The Switch Supervisor Engine Configuration and Router Module Configuration sections of this document
present configurations and output of some show commands. The configurations are on the Supervisor Engine
of the Catalyst 4500/4000 series switch and the router module, to allow routing between the three subnets
(VLAN 1, VLAN 2, and the router that attaches to Gigabit Ethernet 1).
Switch Supervisor Engine Configuration
The router switch card shows 34 ports in the show module command. These 34 ports include 32 switched
ports to the front panel and 2 gigabit switched ports that directly connect to two of the router ports. Here is a
sample:
bang> (enable) show module
Mod Slot Ports Module-Type Model Sub Status
--- ---- ----- ----------- ------ --- --------
1 1 0 Switching Supervisor WS-X4012 no ok
2 2 34 10/100/1000 Ethernet WS-X4232 no ok
3 3 34 Router Switch Card WS-X4232-L3 no ok
Mod Module-Name Serial-Num
--- ------------------- --------------------
1 JAB02380AYG
2 JAB03210B6Y
3 JAB0417055S
Mod MAC-Address(es) Hw Fw Sw
--- ----------------- --- --- ----
1 00-50-73-2a-f3-00 to 00-50-73-2a-f6-ff 1.0 4.5(1) 5.5(1)
2 00-50-73-42-a9-68 to 00-50-73-42-a9-89 1.6
3 00-01-42-06-73-a8 to 00-01-42-06-73-c9 1.0 12.0(7)W5( 12.0(7)W5(14.90
The only configuration added on the Catalyst 4000 side relates to the GEC trunk to the router module, as this
sample shows:
bang> (enable) show config
# ***** NON-DEFAULT CONFIGURATION *****
!
!
!
!
!
set port channel all distribution mac both
!
#ip
set interface sl0 down
set interface me1 down
!
#set boot command
set boot config-register 0x102
set boot system flash bootflash:cat4000.5-5-1.bin
!
#port channel
set port channel 3/1-2 156
!
#module 1 : 0-port Switching Supervisor
!
#module 2 : 34-port 10/100/1000 Ethernet
set VLAN 3 2/3
!
#module 3 : 34-port Router Switch Card
set VLAN 2 3/3
set VLAN 99 3/1-2
!--- This interface has a configuration for 802.1Q routing.
!--- The interface uses VLAN 99 as the native VLAN. The native VLAN on the
!--- router switch must match the one that you have configured on the router.
!--- VLAN 99 is a dummy native VLAN; for more information,
!--- see the note in the Sample Configurations section.
set trunk 3/1 nonegotiate dot1q 1-1005
!--- Note: Trunk mode needs to be in no-negotiate status
!--- because the router module does not support Dynamic Trunking Protocol (DTP).
set trunk 3/2 nonegotiate dot1q 1-1005
set port channel 3/1-2 mode on
!--- Note: You need to force the channel mode to on because
!--- the router module does not support Port Aggregation Protocol (PAgP).
end
On the switch, the show cdp neighbor command displays the router module as if the module were an external
router that connects by a GEC trunk on gigabit ports 3/1 and 3/2. Here is a sample:
bang> (enable) show cdp neighbor
* - indicates vlan mismatch.
# - indicates duplex mismatch.
Port Device-ID Port-ID Platform
----- --------- -------- ---------
2/3 daniella Ethernet0 cisco 2500
3/3 donald Ethernet0 cisco 2500
bang> (enable) show trunk
* - indicates vtp domain mismatch
Port Mode Encapsulation Status Native vlan
---- ----- ------------- ------ -----------
3/1 nonegotiate dot1q trunking 99
3/2 nonegotiate dot1q trunking 99
Port Vlans allowed on trunk
----- ---------------------
3/1 1-1005
3/2 1-1005
Port Vlans allowed and active in management domain
----- --------------------------------------------
3/1 1-3, 99
3/2 1-3, 99
Port Vlans in spanning tree forwarding state and not pruned
----- -----------------------------------------------------
3/1 1-3, 99
3/2 1-3, 99
If you have the output of a show trunk command from your Cisco device, you can use the Output Interpreter
Tool ( registered customers only) to display potential issues and fixes.
bang> (enable) show port channel
Port Status Channel Admin Ch
Mode Group Id
----- ------- ----------- ----------
3/1 connected on 156 833
3/2 connected on 156 833
----- ---------- -------------------- ----- -----
Port Device-ID Port-ID Platform
---- --------- ------- -----------
3/1 bang-rp GigabitEthernet3 cisco Cat4232
3/2 Not directly connected to switch
----- ------------------------------- ------------------------- ----------------
If you have the output of a show port channel command from your Cisco device, you can use the Output
Interpreter Tool ( registered customers only) to display potential issues and fixes.
Router Module Configuration
bang-rp# show verify
Cisco Internetwork Operating System Software
IOS (tm) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(7)W5(14.90) INTERIM
TEST SOFTWARE
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Fri 26-May-00 15:26 by integ
Image text-base: 0x60010928, data-base: 0x605C8000
ROM: System Bootstrap, Version 12.0(7)W5(15b) RELEASE SOFTWARE
bang-rp uptime is 1 day, 22 hours, 7 minutes
System restarted by power-on
System image file is "bootflash:cat4232-in-mz.120-7.W5.14.90"
cisco Cat4232 (R5000) processor with 57344K/8192K bytes of memory.
R5000 processor, Implementation 35, Revision 2.1
Last reset from power-on
1 FastEthernet/IEEE 802.3 interface(s)
4 Gigabit Ethernet/IEEE 802.3z interface(s)
123K bytes of non-volatile configuration memory.
16384K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x1
bang-rp# show run
Building configuration...
Current Configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname bang-rp
!
!
ip subnet-zero
!
!
!
interface Port-channel1
no ip redirects
no ip directed-broadcast
hold-queue 300 in
!
interface Port-channel1.2
!--- The configuration of this interface is for 802.1Q routing.
!--- The interface uses a VLAN 2 tag.
encapsulation dot1Q 2
ip address 2.2.2.2 255.255.255.0
no ip redirects
no ip directed-broadcast
!
interface Port-channel1.3
!--- The configuration of this interface is for 802.1Q routing.
!--- The interface uses a VLAN 3 tag.
encapsulation dot1Q 3
ip address 1.1.1.2 255.255.255.0
no ip redirects
no ip directed-broadcast
!
interface Port-channel1.99
!--- The configuration of this interface is for 802.1Q routing.
!--- The interface uses VLAN 99 as the native VLAN. The native VLAN on the router
!--- must match the one that you have configured on the switch. VLAN 99 is a dummy
!--- native VLAN; for more information, see the note
!--- in the Sample Configurations section.
encapsulation dot1Q 99 native
no ip address
no ip redirects
no ip directed-broadcast
!
interface FastEthernet1
!--- You can use this out-of-band interface for management.
no ip address
no ip directed-broadcast
shutdown
!
interface GigabitEthernet1
ip address 3.3.3.2 255.255.255.0
no ip directed-broadcast
!
interface GigabitEthernet2
no ip address
no ip directed-broadcast
shutdown
!
interface GigabitEthernet3
no ip address
no ip directed-broadcast
no negotiation auto
channel-group 1
!--- Both Gigabit Ethernet 3 and Gigabit Ethernet 4
!--- are part of channel group 1.
!
interface GigabitEthernet4
no ip address
no ip directed-broadcast
no negotiation auto
channel-group 1
!--- Both Gigabit Ethernet 3 and Gigabit Ethernet 4
!--- are part of channel group 1.
!
router eigrp 1
passive-interface FastEthernet1
network 1.0.0.0
network 2.0.0.0
network 3.0.0.0
!
ip classless
!
arp 127.0.0.2 0050.732a.f300 ARPA
!
line con 0
transport input none
line aux 0
line vty 0 4
login
!
end
bang-rp# show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
liki Gig 1
160 T S
WS-C3508G-Gig 0/1
!--- Liki connects to gigabit 1 on the router.
!--- You can only see Liki from the router; you cannot
!--- see Liki from the Supervisor Engine.
JAB02380AYG(bang)Port-channel1 148 T S WS-C4003 3/2
JAB02380AYG(bang)Port-channel1 147 T S WS-C4003 3/1
Conclusion and Tips
Remember these key points when you configure the routing module on the Catalyst 4500/4000:
The gigabit interfaces that you see on the front panel are not the same as the gigabit interfaces that
you see when you issue the show port command from the Supervisor Engine. The interfaces on the
front panel are the interfaces with the names gigabit 1 and gigabit 2 on the router.
Be sure that the native VLAN of the trunks between the switch and the router is a dummy VLAN. The
CPU routes in software all traffic that is on the native VLAN. Therefore, create one additional VLAN
that you do not use elsewhere and make that VLAN the native VLAN on the links between the switch
and router.
NetPro Discussion Forums - Featured Conversations
Networking Professionals Connection is a forum for networking professionals to share questions, suggestions,
and information about networking solutions, products, and technologies. The featured links are some of the
most recent conversations available in this technology.
Related Information
Catalyst 4500 Series Release Notes
Release Notes for Catalyst 4000 Family Layer 3 Services Module for Cisco IOS Release 12.0W5
Installation and Configuration Note for the Catalyst 4000 Layer 3 Services Module
Configuring ACLs on the WS-X4232-L3 Router Module for the Catalyst 4000 Family
