Multi-layer Switching Exceptions – Packets that Need further Processing

There are some packets that are not forwarded directly by Multi layer switches, but are required further processing. To forward packets using the simultaneous decision processes, the packet must be “Multi Layer Switch-ready” and must require no additional decisions. For example, CEF can directly forward most IP packets between hosts. This occurs when the source and destination addresses (both MAC and IP) are known already and no other IP parameters must be manipulated.
Other packets cannot be directly forwarded by CEF and must be handled in more detail. This is done by a quick inspection during the forwarding decisions. 

If a packet meets criteria such as the following, it is flagged for further processing and sent to the switch CPU for process switching:
  • ARP requests and replies
  • IP packets requiring a response from a router (TTL has expired, MTU is exceeded,
  • fragmentation is needed, and so on)
  • IP broadcasts that will be relayed as unicast (DHCP requests, IP helper-address functions)
  • Routing protocol updates
  • Cisco Discovery Protocol packets
  • IPX routing protocol and service advertisements
  • Packets needing encryption
  • Packets triggering Network Address Translation (NAT)
  • Other non-IP and non-IPX protocol packets (AppleTalk, DECnet, and so on)