Configuring Layer 3 Switching - Siemens RUGGEDCOM ROX II User Manual

RUGGEDCOM ROX II
CLI User Guide
firewall has to be implemented in software and the Layer 3 Switch must not switch traffic that is subject to firewall
processing.
Whenever a change is made to the firewall configuration, some of the dynamically learned Layer 3 switching
rules might conflict with the new firewall configuration. To resolve potential conflicts, dynamically learned Layer
3 switching rules are flushed upon any changes to the firewall configuration. The dynamically learned Layer 3
switching rules then have to be re-learned while the new firewall rules are applied.
For statically configured Layer 3 switching rules, take care to avoid conflicts between Layer 3 switching and the
firewall. It should be understood that static Layer 3 switching rules always take precedence. Therefore, you must
thoroughly examine the switch configuration for potential conflicts with the firewall. For more information about
firewalls, refer to Section 5.17, "Managing Firewalls"
Section 5.33.2

Configuring Layer 3 Switching

To configure Layer 3 switching, do the following:
NOTE
When hardware acceleration is used, and learning mode is set to flow-oriented, fragmented IP packets
cannot be forwarded. To overcome this limitation, if it is known there will be a significant amount of
fragmented packets, set learning mode to host-oriented.
1. Make sure the CLI is in Configuration mode.
2. To configure Layer 3 Switching , type:
switch layer3-switching
Configure the following parameter(s) as required:
Parameter
unicast-mode { unicast-mode }
multicast-mode { multicast-mode }
Configuring Layer 3 Switching
Description
Synopsis: { disabled, auto, static }
Default: auto
<itemizedlist><listitem>Disabled: Layer 3 switching is disabled.
The ability to disable routing hardware acceleration may be
desired, for example, in a system with sophisticated firewall rules,
which could not be supported by the Layer 3 switching ASIC and
would require software processing.</listitem> <listitem>Static:
Only statically configured Layer 3 switching rules will be used.
This mode may be useful, for example, in a system with complex
configuration where static routes do not conflict with a firewall,
while traffic flows following dynamic routes have to be subject
to sophisticated firewall filtering.</listitem> <listitem>Auto: Both
statically configured and dynamically learned Layer 3 switching
rules will be used. In this mode, maximum routing hardware
acceleration is utilized.</listitem></itemizedlist>
Synopsis: { disabled, auto, static }
Default: auto
<itemizedlist><listitem>Disabled: Layer 3 switching is disabled.
The ability to disable routing hardware acceleration may be
desired, for example, in a system with sophisticated firewall rules,
which could not be supported by the Layer 3 switching ASIC and
would require software processing.</listitem> <listitem>Static:
Only statically configured Layer 3 switching rules will be used.
This mode may be useful, for example, in a system with complex
configuration where static routes do not conflict with a firewall,
Chapter 5
Setup and Configuration
499