Configuring Classification On The Pisa; Configuring Tagging On The Pisa - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Permitting or Denying Application Types with PISA Integration
•
•
•
•
•
See also the
Changing the MTU on the Switch to Support Longer Packet Length
Because of the GRE encapsulation, you should increase the MTU size on VLANs used between the PISA
and the FWSM. The GRE encapsulation adds 32 bytes (20 bytes for the outer IP header and 12 bytes for
the GRE header).
•
•
Configuring Classification on the PISA
•
•
Configuring Tagging on the PISA
After protocol discovery is enabled, enable egress packet tagging by entering the following commands.
Classification and tagging need to be enabled on the same port; for example, you cannot enable
Note
classification on access ports and tagging on a trunk port.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
21-8
Network Based Application Recognition (NBAR) does not work on Layer 3 EtherChannels. Layer
2 EtherChannels are supported.
The RP on the PISA does not support protocol tagging. So any packets going to the FWSM from the
RP will not be tagged.
NBAR implementation does not support IPv6. So protocol discovery and tagging are only applicable
to IPv4. In addition to this restriction imposed by NBAR, the underlying PISA infrastructure also
does not support acceleration of IPv6 packets.
Currently there is a caveat in the L2 PISA implementation for VLANs that have been
PISA-accelerated on an Layer 2 port (for example, a trunk); the SVI interfaces for VLANs passing
through the accelerated Layer 2 port cannot be in an up state (they will become admin down).
Multi-VLAN access ports are not supported.
"PISA Integration Guidelines and Limitations" section on page
To change the MTU on a routed switch port or a Layer 3 interface (SVI), enter the following
command:
Router(config-if)# mtu mtu_size
For an SVI, the mtu_size is between 64 and 9216 bytes. For a routed switch port, the mtu_size is
between 1500 and 9216 bytes. The default MTU size is 1500 bytes.
To configure the global LAN port MTU size for Layer 2 ports, enter the following command:
Router(config)# system jumbomtu mtu_size
The mtu_size can be between 1500 and 921 bytes. The default size is 9216 bytes.
To enable classification on a Layer 2 switch port (access, trunk or EtherChannel configured on a
physical port) or a Layer 3 interface (SVI, routed port, or subinterface), enter the following
command in interface configuration mode.
Router(config-if)# ip nbar protocol-discovery
To show protocol discovery statistics on a Layer 2 or Layer 3 interface, enter the following
command:
Router# show ip nbar protocol-discovery interface ifname
Chapter 21
Configuring Advanced Connection Features
21-5.
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
