So you want to use a 3750-X as a Router?

Easy peasy lemon squeezy

This seems a straightforward question! Just load up with advanced IP services license, install the license file and reboot the switch and you should be good to go. Well that’s what I thought until recently when I done the very steps above and on the surface seemed okay but I wanted to do some fancy layer 3 functionality then FAIL.

Everything seemed okay

I had EIGRP running, advertising several networks, receiving the default routes and from a routing perspective everything was fine. Now comes along our project to install a Citrix branch repeater where we were going to implement WCCP. Now looking through the documentation on the Cisco website and the Citrix website everything seemed straight forward. Just a few commands on the 3750-X and we should be able to use WCCP to redirect packets towards the Citrix repeater at layer 2. Indeed the Citrix repeater synchronised with the router under WCCP and all was looking super. I soon realised that there were no packets being sent to the Citrix repeater, configurations were †checked, re-checked, removed and re-applied. But apart from the odd packet being forwarded according to “show IP WCCP” it definitely was forwarding packets.

After some investigation I came across the following article on the Citrix website http://support.citrix.com/article/CTX127522

Now this points to the switch and database management not being in the correct mode. So hands up here I have not done much work with these type of switches, I suppose what was disappointing was the switch and did not †flag any errors during the configuration. In my defence I did not put the design together, therefore I did not do the research I would normally do when implementing new features. Having said that changing the SDM preferred mode does not exactly jump out of the documentation.

My switch is running in default mode as you can see from the table extracted from the Cisco documentation (http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_53_se/configuration/guide/swsdm.html )I have ZERO resources allocated to PBR, which in the TCAM is also responsible for WCCP.

Resource

Access

Default

Routing

VLAN

Unicast MAC Address

4K

6K

3K

12K

IGPM groups and Multicast

1K

1K

1K

1K

Unicast Routes

6K

8K

11K

0K

Directly connected Hosts

4K

6K

3K

0K

Indirect Routes

2K

2K

8K

0K

Policy-Based ACEs

0.5K

0K

0.5K

0K

QoS classification ACEs

0.5K

0.5K

0.5K

0.5K

Security ACEs

2K

1K

1K

1K

VLAN

1K

1K

1K

1K

Unfortunately I was working in a live environment and did not have access to test lab so I had to back out the WCCP changes because to change the SDM preferred to “routing” would require a switch reboot and this could not be done without causing operational issues.

I am now trying to locate a 3750-X to test this theory but the†evidences†seems pretty conclusive that having the wrong preferred SDM is the source of my problem.

Summary

I have recently run into issues when WCCP would not work on what seemed a very simple configuration only to find that something fundamental in the 3750-X and other stackables Cisco switches that had been overlooked, the Switch Database Management Template (SDM). I hope if you read this article, you will not get tripped up too.

  • Jon

    The prefered SDM was quite a surprise to me as well. I hit the Security ACEs limit on a 3750 stack during production hours and everything hitting the certain access-list went to process forwarding.

    I periodically check the TCAM with this command:
    show platform tcam utilization

  • Rob G

    Had a customer have the exact same issue… They wanted to use PBR to redirect to a NAC. It was resolved by changing the preferred SDM

  • Ivan Brunello

    Same here.
    Wanted to do PBR on a 3750, and it did not work.
    Luckily enough, I found the relevant SDM docs before going live, and I had a chance to switch SDM, reboot, and voila’, it worked.

    I did not know that PBR is needed for WCCP. Will take care of this.

    Being the most experienced (and only) network guy in there, I then preferred (if budget allowed me), to use the bigger, fixed TCAM L3 switches, such as 45xx and 65xx, which are not hit to such weird Cisco internal “features”.

    • John McManus

      I can confirm that you need to change the preferred SDM to routing before WCCP will burst into life. I did manage to get a test lab up and running two weeks ago and proved the point, then went live last week with WCCP for Citrix Branch Repeaters.

  • Cherry Cherian

    Very useful tip. I have updated our L3 switch templates to reflect this.

  • Sysadmin

    got the same – live switches with non routing template – now need to schedule a downtime window to make things right. I agree, switch should give you some message that PBR can’t be enabled on this sdm mode…..

    • mlan

      The switch will give you a message about the inability to enable PBR, but not WCCP.  No excuse though, it’s still annoying.

  • Michael Gonnason

    it is the same thing on ME3400s also. Not WCCP, but certain features require different SDM profiles to be selected.