|
|
This chapter describes how to configure Internetwork Packet Exchange (IPX) Multilayer Switching (MLS) on the Catalyst 5000 family switches.
This chapter consists of these sections:
These sections provide an overview of MLS and describe how MLS works:
IPX MLS provides high-performance hardware-based Layer 3 switching for Catalyst 5000 family LAN switches. IPX MLS switches unicast IPX data packet flows between networks using advanced application-specific integrated circuit (ASIC) switching hardware, offloading processor-intensive packet routing from network routers.
The packet forwarding function is moved onto Layer 3 switches whenever a partial or complete switched path exists between two hosts. Packets that do not have a partial or complete switched path to reach their destinations are still forwarded by routers. Standard routing protocols, such as IPX Routing Information Protocol (RIP), Enhanced Interior Gateway Protocol (EIGRP), and NetWare Link Services Protocol (NLSP), are used for route determination.
In addition, IPX MLS allows you to debug and trace flows in your network. You can identify which switch is handling a particular flow by using MLS explorer packets. The explorer packets aid you in path detection and troubleshooting. For complete information on debugging IPX MLS, see the "Using Debug Commands on the IPX MLS Router" section.
An IPX MLS network topology consists of these components:
Layer 3 protocols, such as IP and IPX, are connectionless—they deliver every packet independently of every other packet. However, actual network traffic consists of many end-to-end conversations, or flows, between users or applications.
A flow is a unidirectional sequence of packets between a particular source and destination that share the same protocol and network-layer information. Communication from a client to a server and from the server to the client are separate flows.
Flows are based only on Layer 3 addresses, which allow IPX traffic from multiple users or applications to a particular destination to be carried on a single flow if only the destination IPX address is used to identify a flow.
The NFFC II maintains a Layer 3 switching table (MLS cache) for the Layer 3-switched flows. The cache also includes entries for traffic statistics that are updated in tandem with the switching of packets. After the MLS cache is created, packets identified as belonging to an existing flow can be Layer 3-switched based on the cached information. The MLS cache maintains flow information for all active flows. When the Layer 3-switching entry for a flow ages out, the flow statistics can be exported to a flow collector application.
The MLS-SE maintains a cache for MLS flows and maintains statistics for each flow. An IPX MLS cache entry is created for the initial packet of each flow. Upon receipt of a packet that does not match any flow currently in the MLS cache, a new IPX MLS entry is created.
The state and identity of the flow are maintained while packet traffic is active; when traffic for a flow ceases, the entry ages out. You can configure the aging time for IPX MLS entries kept in the MLS cache. If an entry is not used for the specified period of time, the entry ages out and statistics for that flow can be exported to a flow collector application.
The maximum MLS cache size is 128K. However, an MLS cache larger than 32K increases the probability that a flow will not be switched by the MLS-SE and will get forwarded to the router.
The MLS-SE uses flow mask modes to determine how IPX MLS entries are created. The flow mask mode is based on the access lists configured on the IPX MLS router interfaces. The MLS-SE learns the flow mask through MLSP messages from each MLS-RP for which the MLS-SE is performing Layer 3 switching.
These sections describe how the flow mask modes work:
An MLS-SE supports only one flow mask (the most specific one) for all MLS-RPs that are Layer 3 switched. If the MLS-SE detects different flow masks from different MLS-RPs for which it is performing Layer 3 switching, it changes its flow mask to the most specific flow mask detected.
When the MLS-SE flow mask changes, the entire MLS cache is purged. When an MLS-SE exports cached entries, flow records are created based on the current flow mask mode. Depending on the current mode, some fields in the flow record might not have values. Unsupported fields are filled with a dash (-).
The flow mask modes are as follows:
This section describes how the flow mask mode impacts the screen output of the show mls entry ipx command.
In destination mode, the destination IPX address of the switched flows are displayed, along with the packet rewrite information: rewritten destination MAC, rewritten VLAN, and egress port.
This example shows how the show mls entry ipx command output appears in destination mode:
Console> (enable) show mls entry ipx Destination IPX Source IPX net Destination Mac Vlan Port ------------------------- -------------- ----------------- ---- ----- MLS-RP 10.20.6.161: 124A.0000.0000.0001 - 00-10-0b-16-98-00 250 1/1-2 3E.0010.298a.0c00 - 00-00-00-00-00-09 26 4/7 MLS-RP 10.20.6.82: 1019.6313.7314.0010 - 00-00-00-00-00-13 63 4/11 Console> (enable)
In destination-source mode, the destination IPX address and source IPX network of the switched flows are displayed, along with the packet rewrite information: rewritten destination MAC, rewritten VLAN, and egress port.
This example shows how the show mls entry ipx command output appears in destination-source mode:
Console> (enable) show mls entry ipx Destination IPX Source IPX net Destination Mac Vlan Port ------------------------- -------------- ----------------- ---- ----- MLS-RP 10.20.6.161: 124A.0000.0000.0001 34E0 00-10-0b-16-98-00 250 1/1-2 3E.0010.298a.0c00 13 00-00-00-00-00-09 26 4/7 MLS-RP 10.20.6.82: 1019.6313.7314.0010 34A 00-00-00-00-00-13 63 4/11 Console> (enable)
When a packet is Layer 3 switched from a source host to a destination host, the switch (MLS-SE) performs a packet rewrite, based on information learned from the router (MLS-RP) and stored in the MLS cache.
If Host A and Host B are on different virtual LANs (VLANs) and Host A sends a packet to the MLS-RP to be routed to Host B, the MLS-SE recognizes that the packet was sent to the Media Access Control (MAC) address of the MLS-RP. The MLS-SE checks the MLS cache and finds the entry matching the flow in question.
When the MLS-SE receives the packet, it is formatted as follows:
| Frame Header | Encap | IPX Header | Payload | |||||
|---|---|---|---|---|---|---|---|---|
Destination | Source | Length | Checksum/ IPX Length/ Transport Control1 | Packet Type | Destination Net/Node/ Socket | Source Net/Node/ Socket | Data | Pad/ |
MLS-RP MAC | Host A MAC |
|
| Host B IPX | Host A IPX |
|
| |
| 1Transport Control counts the number of times this packet has been routed. If this number is greater than the maximum (the default is 16), then the packet is dropped. |
The MLS-SE rewrites the Layer 2 frame header, changing the destination MAC address to the MAC address of Host B and the source MAC address to the MAC address of the MLS-RP (these MAC addresses are stored in the IPX MLS cache entry for this flow). The Layer 3 IPX addresses remain the same. The MLS-SE rewrites the switched Layer 3 packets so that they appear to have been routed by a router.
The MLS-SE forwards the rewritten packet to Host B's VLAN (the destination VLAN is saved in the IPX MLS cache entry) and Host B receives the packet.
After the MLS-SE performs the packet rewrite, the packet is formatted as follows:
| Frame Header | Encap | IPX Header | Payload | |||||
|---|---|---|---|---|---|---|---|---|
Destination | Source | Length | Checksum/ IPX Length/ Transport Control | Packet Type | Destination Net/Node/ Socket | Source Net/Node/ Socket | Data | Pad/ |
Host B MAC | MLS-RP MAC |
|
| Host B IPX | Host A IPX |
|
| |
Figure 7-1 shows a basic IPX MLS network topology. In this example, Host A is on the Sales VLAN (IPX address 01.Aa), Host B is on the Marketing VLAN (IPX address 03.Bb), and Host C is on the Engineering VLAN (IPX address 02.Cc).
When Host A initiates a file transfer to Host B, an IPX MLS entry for this flow is created (this entry is the first item in the table shown in Figure 7-1). The MLS-SE stores the MAC addresses of the MLS-RP and Host B in the IPX MLS entry when the MLS-RP forwards the first packet from Host A through the switch to Host B. The MLS-SE uses this information to rewrite subsequent packets from Station A to Station B.
Similarly, a separate IPX MLS entry is created in the MLS cache for the traffic from Host A to Host C, and for the traffic from Host C to Host A. The destination VLAN is stored as part of each IPX MLS entry so that the correct VLAN identifier is used when encapsulating traffic on trunk links.
IPX MLS allows you to enforce access lists on every packet of the flow without compromising IPX MLS performance. When you enable IPX MLS, the MLS-SE handles MLS supported access list permit traffic at wire speed.
Route topology changes and the addition or modification of access lists are reflected in the MLS switching path automatically on the MLS-SE. The techniques for handling route and access list changes apply to both the RSM and directly attached external routers.
For example, when Station A wants to communicate with Station B, it sends the first packet to the MLS-RP. If an access list is configured on the MLS-RP to deny access from Station A to Station B, the MLS-RP receives the packet, checks the access list to see if the packet flow is permitted, and discards the packet based on the access list. Because the first packet for this flow does not return from the MLS-RP, an MLS cache entry is not established by the MLS-SE.
If a flow is already being Layer 3 switched by the MLS-SE and the access list is created on the MLS-RP, the MLS-SE learns of the change through the Multilayer Switching Protocol (MLSP), the protocol running between the MLS-SE and MLS-RP to enable MLS, and immediately enforces security for the affected flow by purging it from the MLS cache. New flows are created based on the restrictions imposed by the access list.
Similarly, when the MLS-RP detects a routing topology change, the appropriate MLS cache entries are deleted in the MLS-SE. New flows are created based on the new topology.
IPX MLS requires these software and hardware versions:
Table 7-1 shows the default IPX MLS configuration.
| Feature | Default Value |
|---|---|
IPX MLS enable state | Disabled |
Participating routers | None1 |
IPX MLS aging-time | 256 seconds |
| 1If an RSM is installed in the switch, the RSM is automatically included as a participating IPX MLS router. |
These sections describe configuration guidelines that apply when configuring IPX MLS:
Follow these general guidelines when configuring IPX MLS:
Follow these guidelines when using an external router:
Access lists affect IPX MLS as follows:
Other Cisco IOS software features affect IPX MLS as follows:
In IPX, the two end points of communication negotiate the maximum transmission unit (MTU) to be used. MTU size is limited by media type.
When you enable some IPX processes on an interface, you will disable IPX MLS on the interface. Table 7-2 shows the affected commands.
| Command | Behavior |
|---|---|
clear ipx-route | Clears all IPX MLS cache entries for all switches performing Layer 3 switching for this MLS-RP. |
ipx routing | The no form purges all IPX MLS cache entries and disables IPX MLS on this MLS-RP. |
ipx security (all forms of this command) | Disables IPX MLS on the interface. |
ipx tcp compression-connections | Disables IPX MLS on the interface. |
ipx tcp header-compression | Disables IPX MLS on the interface. |
These sections describe how to configure one or more routers for IPX MLS. Depending upon your configuration, you might not have to perform all the steps in the procedure.
After you perform the steps in this section to configure the router, see the "Configuring IPX MLS on the Switch" section.
To enable IPX MLS globally on the MLS-RP, perform this task in global configuration mode:
| Task | Command |
|---|---|
Globally enable IPX MLS on the router. | mls rp ipx |
This example shows how to enable PX MLS on the router:
Router(config)#mls rp ipx Router(config)#
Determine which router interfaces you will use as IPX MLS interfaces and add those interfaces to the same VTP domain as the switches. A switch can be in only one VTP domain and you must add the IPX MLS interfaces to the same domain.
To view the VTP configuration on the switch, including the VTP domain name, enter the show vtp domain command at the switch Console> prompt.
 | Caution Perform this task before you enter any other IPX MLS interface commands on the IPX MLS interface (specifically, the mls rp ipx or mls rp management-interface commands). Entering IPX MLS interface commands on an interface prior to putting the interface into a VTP domain places the interface in the null domain. To put the IPX MLS interface into a domain other than the null domain, you must clear the IPX MLS interface configuration before you can add it to another VTP domain (for more information, see the "Removing an IPX MLS Interface from the Null Domain" section). |
On ISL and IEEE 802.1Q interfaces, enter the mls rp vtp-domain command on the primary interface. All subinterfaces on the primary interface inherit the VTP domain assigned to the primary interface.
To add an IPX MLS interface to a VTP domain, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Add an IPX MLS interface to a VTP domain. | mls rp vtp-domain [domain_name] |
This example shows how to add an IPX MLS interface to a VTP domain:
Router(config-if)#mls rp vtp-domain engineering Router(config-if)#
The assigned IPX MLS interface must be either an Ethernet or Fast Ethernet interface with no subinterfaces.
To assign a VLAN ID to an IPX MLS interface, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Assign a VLAN ID to an IPX MLS interface. | mls rp vlan-id [vlan_id_num] |
This example shows how to assign a VLAN ID to an IPX MLS interface:
Router(config-if)#mls rp vlan-id 23 Router(config-if)#
To enable IPX MLS on a specific router interface, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Specify a router interface for IPX MLS. | mls rp ipx |
This example shows how to enable IPX MLS on a router interface:
Router(config-if)#mls rp ipx Router(config-if)#
The management interface can be any IPX MLS interface connected to the switch. Specifying more than one interface is not necessary.
To specify a router interface as a management interface, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Specify an interface as the management interface. | mls rp management-interface |
This example shows how to specify a router interface as a management interface:
Router(config-if)#mls rp management-interface Router(config-if)#
To remove a router interface as a management interface, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Remove an interface as the management interface. | no mls rp management-interface |
This example shows how to remove a router interface as a management interface:
Router(config-if)#no mls rp management-interface Router(config-if)#
To disable IPX MLS on a specific router interface, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Remove a router interface from IPX MLS. | no mls rp ipx |
This example shows how to disable IPX MLS on a router interface:
Router(config-if)#no mls rp ipx Router(config-if)#
Removing the VLAN ID from an interface disables IPX MLS for the interface.
To clear a VLAN ID from an IPX MLS interface, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Remove a VLAN ID from an IPX MLS interface. | no mls rp vlan-id [vlan_id_num] |
This example shows how to clear a VLAN ID from an IPX MLS interface:
Router(config-if)#no mls rp vlan-id 23 Router(config-if)#
To remove an interface from one VTP domain, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Remove an interface from a VTP domain if you have not already entered the mls rp ip or mls rp management-interface commands on the interface. | no mls rp vtp-domain [domain_name] |
This example shows how to remove an interface from a VTP domain:
Router(config-if)#no mls rp vtp-domain engineering Router(config-if)#
If you entered either the mls rp ipx command or the mls rp management-interface command on the interface before you assigned the interface to a VTP domain, the interface will be in the null domain.
To remove an interface from the null domain and add it to another domain, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Step 1 Remove an interface from the null domain. | no mls rp ipx no mls rp management-interface no mls rp vtp-domain [domain_name] |
Step 2 Add the interface to a new VTP domain. | mls rp vtp-domain [domain_name] |
This example shows how to remove an interface from the null domain and add it to another VTP domain:
Router(config-if)#no mls rp ipx Router(config-if)#no mls rp management-interface Router(config-if)#no mls rp vtp-domain Router(config-if)#mls rp vtp-domain wbu Router(config-if)#
To disable IPX MLS on the router, perform this task in global configuration mode:
| Task | Command |
|---|---|
Globally disable IPX MLS on the router. | no mls rp ipx |
This example shows how to disable IPX MLS on the router:
Router(config)#no mls rp ipx Router(config)#
The show mls rp ipx command displays IPX MLS details, including specific information about MLSP. The output of the show mls rp ipx command includes:
To display detailed MLS information on the router, perform one of these tasks in privileged EXEC mode:
| Task | Command |
|---|---|
| show mls rp ipx |
| show mls rp interface interface |
| show mls rp vtp-domain [domain_name] |
This example shows how to display details about all IPX MLS interfaces on the router:
Router# show mls rp ipx
ipx multilayer switching is globally enabled
ipx mls inbound acl override is globally disabled
mls id is 0090.6dfc.5800
mls ip address 22.1.0.55
mls ipx flow mask is destination
number of domains configured for mls 1
vlan domain name: WBU
current ipx flow mask: destination
ipx current/next global purge: false/false
ipx current/next purge count: 0/0
current sequence number: 590678296
current/maximum retry count: 0/10
current domain state: no-change
domain uptime: 1d13h
keepalive timer expires in 0 seconds
retry timer not running
change timer not running
1 management interface(s) currently defined:
vlan 2 on Vlan2
18 mac-vlan(s) enabled for ipx multi-layer switching:
mac 0010.0738.2917
vlan id(s)
2 3 4 5 6 7 8 9 10 11 12
13 14 15 66 77 88 99
router currently aware of following 1 switch(es):
switch id 0010.141f.6fff
Router#
This example shows how to display MLS information about a specific interface (in this case, interface vlan 10)
Router# show mls rp interface vlan 10 ipx mls active on Vlan10, domain WBU Router#
This example shows how to show detailed information about IPX MLS interfaces in a specific VTP domain:
Router# show mls rp vtp-domain WBU
vlan domain name: WBU
current ip flow mask: destination
ip current/next global purge: false/false
ip current/next purge count: 0/0
current ipx flow mask: destination
ipx current/next global purge: false/false
ipx current/next purge count: 0/0
current sequence number: 590678296
current/maximum retry count: 0/10
current domain state: no-change
domain uptime: 1d14h
keepalive timer expires in 3 seconds
retry timer not running
change timer not running
fcp subblock count = 20
1 management interface(s) currently defined:
vlan 2 on Vlan2
20 mac-vlan(s) configured for multi-layer switching
17 mac-vlan(s) enabled for ip multi-layer switching:
mac 0010.0738.2917
vlan id(s)
2 3 4 5 6 7 8 9 10 12 13
14 15 88 99
mac 0090.6dfc.5800
vlan id(s)
20 21
18 mac-vlan(s) enabled for ipx multi-layer switching:
mac 0010.0738.2917
vlan id(s)
2 3 4 5 6 7 8 9 10 11 12
13 14 15 66 77 88 99
router currently aware of following 1 switch(es):
switch id 0010.141f.6fff
Router#
Table 7-3 describes IPX MLS-related debug commands that you can use to troubleshoot IPX MLS problems on the router.
| Command | Description |
|---|---|
[no] debug mls rp events | Displays a run-time sequence of events for the MLSP. |
[no] debug mls rp packets | Displays packet contents (in verbose and hexadecimal formats) for MLSP messages. |
[no] debug mls rp error | Displays error messages related to MLS. |
[no] debug mls rp ipx | Turns on IPX-related events for MLS, including route purging and changes of access lists and flow masks. |
[no] debug mls rp locator | Identifies which switch is switching a particular flow by using MLS explorer packets. |
[no] debug mls rp all | Turns on all MLS debugging events. |
[no] mls rp locate ipx ipx_addr [source_net] | Displays information about all the switches that are currently shortcutting for the specified IPX flow(s). |
IPX MLS is disabled by default on Catalyst 5000 family switches.
These sections describe how to configure IPX MLS on the switch:
When you enable IPX MLS on the switch, the switch (MLS-SE) starts to process MLSP messages from the MLS-RPs and starts Layer 3 switching. IPX MLS is disabled by default on the MLS-SE.
To enable IPX MLS on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable IPX MLS on the switch. | set mls enable ipx |
Step 2 Verify that IPX MLS is enabled. | show mls ipx [noalias] |
This example shows how to enable IPX MLS on the switch and verify the configuration:
Console> (enable) set mls enable ipx
IPX Multilayer switching is enabled
Console> (enable) show mls ipx
IPX Multilayer switching enabled
IPX Multilayer switching aging time = 256 seconds
IPX flow mask is Destination flow
IPX max hop is 15
Active IPX MLS entries = 2
IPX MLS-RP IP MLS-RP ID XTAG MLS-RP MAC-Vlans
---------------- ------------ ---- ---------------------------------
22.1.0.55 00906dfc5800 5 00-10-07-38-29-17 2-15,66,77,88,99
00-90-6d-fc-58-00 20-21
Console> (enable)
If the MLS-RP is an external router, you must specify the IP address of the MLS-RP to participate in IPX MLS. The MLS-SE does not process MLSP messages from external routers that have not been included as MLS-RPs.
If an RSM is installed in the switch, it participates in IPX MLS automatically and is included in the inclusion list (provided the RSM is running the correct Cisco IOS software version). If you physically remove the RSM or disable IPX MLS on the RSM, the RSM is removed from the inclusion list.
To specify a router to participate in IPX MLS, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 On the switch, specify the IP address of the MLS-RP to participate in IPX MLS. | set mls include ipx [ip_addr] |
Step 2 Verify the configuration. | show mls include ipx |
This example shows how to specify the MLS-RP to participate in IPX MLS and how to verify the configuration:
Console> (enable) set mls include ipx 170.170.2.1 IPX Multilayer switching is enabled for router 170.170.2.1 Console> (enable) show mls include ipx IPX: Included IPX MLS-RP --------------------------------------- 170.67.2.1 170.67.2.12 Console> (enable)
The IPX MLS aging time applies to all IPX MLS cache entries. Any IPX MLS entry that has not been used for agingtime seconds is aged out. The default is 256 seconds.
You can configure the aging time in the range of 8 to 2024 seconds in 8-second increments. Any aging-time value that is not a multiple of 8 seconds is adjusted down to the closest one. For example, a value of 65 is adjusted to 64 and a value of 127 is adjusted to 120.
Other events might cause IPX MLS entries to be purged, such as routing changes or a change in link state (MLS-SE link down).
To specify the IPX MLS aging time, perform this task in privileged mode:
| Task | Command |
|---|---|
Specify the IPX MLS aging time for an MLS cache entry. | set mls agingtime ipx [agingtime] |
This example shows how to set the IPX MLS aging time:
Console> (enable) set mls agingtime ipx 512 IPX Multilayer switching aging time set to 512 Console> (enable)
To remove a router from the list of routers participating in IPX MLS, perform this task in privileged mode:
| Task | Command |
|---|---|
Remove an MLS-RP from participation in IPX MLS. | clear mls include ipx [ip_addr] [all] |
This example shows how to remove a router from the IPX MLS inclusion list on the switch:
Console> (enable) clear mls include ipx stargate IPX Multilayer switching is disabled for router 170.20.15.1 (Stargate) Console> (enable)
When you disable IPX MLS on the switch, the MLS-SE does not process any MLSP messages from MLS-RPs, and all existing IPX MLS cache entries are purged.
To disable IPX MLS on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable IPX MLS on the switch. | set mls disable ipx |
Step 2 Verify that IPX MLS is disabled. | show mls |
This example shows how to disable IPX MLS on the switch:
Console> (enable) set mls disable ipx IPX Multilayer switching is disabled Console> (enable)
The show cam command displays the content-addressable memory (CAM) entries associated with a specific MAC address. If the MAC address belongs to an MLS-RP, an "R" is appended to the MAC address.
If you specify a VLAN number, only those CAM entries corresponding to that VLAN number are displayed. If a VLAN is not specified, entries for all VLANs are displayed.
The show cam mlsrp command displays entries in the forwarding table for the specified MLS-RP.
To display CAM entries on the switch, perform one of these tasks:
| Task | Command |
|---|---|
| show cam mac_addr [vlan] |
| show cam mlsrp ip_addr [vlan] |
This example shows how to display the CAM entries on the switch:
Console> (enable) show cam 00-10-29-8a-4c-00 * = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry. X = Port Security Entry VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type] ---- ------------------ ----- ------------------------------------------- 10 00-10-07-38-29-17 R 9/1 51 00-10-07-38-29-17 R 9/1 52 00-10-07-38-29-17 R 9/1 53 00-10-07-38-29-17 # 9/1 54 00-10-07-38-29-17 # 9/1 Total Matching CAM Entries Displayed = 5 Console> (enable)
This example shows how to display CAM entries for the specified MLS-RP:
Console> (enable) show cam mlsrp 51.0.0.3 VLAN Destination MAC Destination Ports or VCs Xtag Status ---- ------------------ ------------------------------------- 52 00-10-29-8a-4c-00R 9/1 5 H 51 00-10-29-8a-4c-00R 9/1 5 H 10 00-10-29-8a-4c-00R 9/1 5 H Total Matching CAM Entries Displayed = 3 Console> (enable)
The show mls ipx command displays IPX MLS information and MLS-RP-specific information. The show mls rp ipx command displays MLS-RP-specific information for the specified MLS-RP.
To display IPX MLS information on the switch, perform one of these tasks:
| Task | Command |
|---|---|
| show mls ipx [noalias] |
| show mls rp ipx ip_addr [noalias] |
This example shows how to display IPX MLS information on the switch:
Console> (enable)show mls ipxIPX Multilayer switching enabledIPX Multilayer switching aging time = 256 secondsIPX flow mask is Destination flowIPX max hop is 15Active IPX MLS entries = 16IPX MLS-RP IP MLS-RP ID XTAG MLS-RP MAC-Vlans---------------- ------------ ---- ---------------------------------22.1.0.55 00906dfc5800 4 00-10-07-38-29-17 2-15,66,77,88,9900-90-6d-fc-58-00Console> (enable)
These sections describe how to display IPX MLS cache entries on the switch:
To display all IPX MLS entries on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Show all IPX MLS entries. | show mls entry ipx |
This example shows how to display all IPX MLS entries on the switch:
Console> (enable) show mls entry ipx Destination IPX Source IPX net Destination Mac Vlan Port ------------------------- -------------- ----------------- ---- ----- MLS-RP 22.1.0.55: 14.0000.0000.0014 00-00-00-00-00-14 15 10/3 7.0000.0000.0007 00-00-00-00-00-07 8 12/7 13.0000.0000.0013 00-00-00-00-00-13 14 10/2 10.0000.0000.0010 00-00-00-00-00-10 11 12/10 4.0000.0000.0004 00-00-00-00-00-04 5 12/4 66.0000.0000.0066 00-00-00-00-00-66 66 3/2 9.0000.0000.0009 00-00-00-00-00-09 10 12/9 3.0000.0000.0003 00-00-00-00-00-03 4 12/3 5.0000.0000.0005 00-00-00-00-00-05 6 12/5 11.0000.0000.0011 00-00-00-00-00-11 12 12/11 8.0000.0000.0008 00-00-00-00-00-08 9 12/8 2.0000.0000.0002 00-00-00-00-00-02 3 12/2 1.0000.0000.0001 00-00-00-00-00-01 2 12/1 12.0000.0000.0012 00-00-00-00-00-12 13 12/12 77.0000.0000.0077 00-00-00-00-00-77 77 3/3 6.0000.0000.0006 00-00-00-00-00-06 7 12/6 Console> (enable)
To display IPX MLS entries for a specific destination IPX address, perform this task in privileged mode:
| Task | Command |
|---|---|
Show IPX MLS entries for the specified destination IPX address (net_address.node_address). | show mls entry ipx destination ipx_addr |
This example shows how to display IPX MLS entries for a specific destination IPX address:
Console> (enable) show mls entry ipx destination 3E.0010.298a.0c00 Destination IPX Source IPX net Destination Mac Vlan Port ------------------------- -------------- ----------------- ---- ----- MLS-RP 10.20.6.161: 3E.0010.298a.0c00 13 00-00-00-00-00-09 26 4/7 Console> (enable)
To display IPX MLS entries for a specific source IPX net address, perform this task in privileged mode:
| Task | Command |
|---|---|
Show IPX MLS entries for the specified source IPX net address (net_address). | show mls entry ipx source ipx_net |
This example shows how to display IPX MLS entries for a specific source IPX address:
Console> (enable) show mls entry ipx source 13 Destination IPX Source IPX net Destination Mac Vlan Port ------------------------- -------------- ----------------- ---- ----- MLS-RP 10.20.6.161: 3E.0010.298a.0c00 13 00-00-00-00-00-09 26 4/7 Console> (enable)
To display IPX MLS entries for a specific MLS-RP, perform this task in privileged mode:
| Task | Command |
|---|---|
Show IPX MLS entries for the specified MLS-RP. | show mls entry ipx rp ip_addr |
This example shows how to display IPX MLS entries for a specific MLS-RP:
Console> (enable) show mls entry ipx rp 172.20.27.1 Destination IPX Source IPX net Destination Mac Vlan Port ----------------------- ---------------- ----------------- ---- ----- MLS-RP 10.20.6.161: 124A.0000.0000.0001 34E0 00-10-0b-16-98-00 250 1/1-2 3E.0010.298a.0c00 13 00-00-00-00-00-09 26 4/7 Console> (enable)
The clear mls entry ipx command removes specific IPX MLS cache entries on the switch. The all keyword clears all MLS entries. The destination and source keywords specify the source and destination IPX addresses.
To clear an IPX MLS entry, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear an IPX MLS entry on the switch. | clear mls entry ipx [destination ipx_addr] [source ipx_net] [all] |
This example shows how to clear IPX MLS entries with destination IPX address 1.0002.00e0.fefc.6000:
Console> (enable) clear mls entry ipx destination 1.0002.00e0.fefc.6000 Console> (enable)
These sections describe how to display a variety of IPX MLS statistics:
The show mls statistics ipx rp command displays IPX MLS statistics for MLS-RPs. If you do not specify a particular MLS-RP, statistics for all MLS-RPs are displayed.
To display IPX MLS statistics for MLS-RPs, perform this task in privileged mode:
| Task | Command |
|---|---|
Show IPX MLS statistics for MLS-RPs. If a particular MLS-RP is not specified, statistics for all MLS-RPs are shown. | show mls statistics ipx rp ip_addr [noalias] |
This example shows how to display IPX MLS statistics for all MLS-RPs:
Console> (enable) show mls statistics ipx rp
Total packets switched = 212540292
Active IPX MLS entries = 16
Total switched
MLS-RP IP MLS-RP ID packets bytes
--------------- ------------ ---------- ------------
10.20.26.64 00e0fefc6000 7877192 803473584
Console> (enable)
The show mls statistics entry command displays IPX MLS statistics for MLS cache entries. Specify the destination IPX address and source IPX address to see specific IPX MLS cache entries.
To display statistics for IPX MLS cache entries, perform this task in privileged mode:
| Task | Command |
|---|---|
Show statistics for IPX MLS cache entries. If a specific IPX MLS cache entry is not specified, all statistics are shown. | show mls statistics entry ipx [destination ipx_addr] [source ipx_net] |
This example shows how to display statistics for a particular IPX MLS cache entry:
Console> (enable) show mls statistics entry ipx destination 1.0002.00e0.fefc.6000 Destination IPX Source IPX net Stat-Pkts Stat-Bytes ---------------------- --------------- --------- ---------- MLS-RP 10.20.26.64: 1.00e0.fefc.6000 1.0003 11 521 Console> (enable)
The clear mls statistics command clears the total packets switched statistics on the switch.
To clear IPX MLS statistics on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear IPX MLS statistics on the switch. | clear mls statistics |
This example shows how to clear IPX MLS statistics on the switch:
Console> (enable) clear mls statistics Console> (enable)
The show mls debug command displays IPX MLS debug information that you can send to your technical support representative for analysis if necessary.
To display IPX MLS debug information on the switch, perform this task:
| Task | Command |
|---|---|
Display IPX MLS debug information that you can send to your technical support representative. | show mls debug |
This example consists of these sections:
Figure 7-2 shows an IPX MLS example network topology using three Catalyst 5000 family switches and a Cisco 7505 router, all interconnected using ISL trunk links. The network is configured as follows:
Before IPX MLS is implemented, when the source host NC1 (on VLAN 10) transmits traffic destined for destination server NS2 (on VLAN 30), Switch B forwards the traffic (based on the Layer 2 forwarding table) to Switch A over the ISL trunk link. Switch A forwards the packet to the router over the ISL trunk.
The router receives the packet on the VLAN 10 subinterface, checks the destination IPX address, and routes the packet to the VLAN 30 subinterface. Switch A receives the routed packet and forwards it to Switch C. Switch C receives the packet and forwards it to destination server NS2. This process is repeated for each packet in the flow between source host NC1 and destination server NS2.
After IPX MLS is implemented, when the source host NC1 (on VLAN 10) transmits traffic destined for destination server NS2 (on VLAN 30), Switch B forwards the traffic (based on the Layer 2 forwarding table) to Switch A (the MLS-SE) over the ISL trunk link. When the first packet enters Switch A, a candidate flow entry is established in the MLS cache. Switch A forwards the packet to the MLS-RP over the ISL trunk.
The MLS-RP receives the packet on the VLAN 10 subinterface, checks the destination IPX address, and routes the packet to the VLAN 30 subinterface. Switch A receives the routed packet (the enabler packet) and completes the flow entry in the MLS cache for the destination IPX address of NS2. Switch A forwards the packet to Switch C, where it is forwarded to destination server NS2.
Subsequent packets destined for the IPX address of NS2 are multilayer switched by the MLS-SE based on the flow entry in the MLS cache. For example, subsequent packets in the flow from source host NC1 are forwarded by Switch B to Switch A (the MLS-SE). The MLS-SE determines that the packets are part of the established flow, rewrites the packet headers, and switches the packets directly to Switch C, bypassing the router.
This example shows how to configure the router (MLS-RP):
Cisco7505#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Cisco7505(config)#mls rp ipx Cisco7505(config)#interface fastethernet 2/0 Cisco7505(config-if)#full-duplex Cisco7505(config-if)#mls rp vtp-domain Corporate Cisco7505(config-if)#interface fastethernet2/0.1 Cisco7505(config-subif)#encapsulation isl 1 Cisco7505(config-subif)#ip address 10.1.1.1 255.255.255.0 Cisco7505(config-subif)#mls rp ipx Cisco7505(config-subif)#mls rp management-interface Cisco7505(config-subif)#interface fastethernet2/0.10 Cisco7505(config-subif)#encapsulation isl 10 Cisco7505(config-subif)#ipx network 10 Cisco7505(config-subif)#mls rp ipx Cisco7505(config-subif)#interface fastethernet2/0.20 Cisco7505(config-subif)#encapsulation isl 20 Cisco7505(config-subif)#ipx network 20 Cisco7505(config-subif)#mls rp ipx Cisco7505(config-subif)#interface fastethernet2/0.30 Cisco7505(config-subif)#encapsulation isl 30 Cisco7505(config-subif)#ipx network 30 Cisco7505(config-subif)#mls rp ipx Cisco7505(config-subif)#^Z Cisco7505#
This example shows how to configure Switch A (MLS-SE):
SwitchA> (enable) set vtp domain Corporate mode server
VTP domain Corporate modified
SwitchA> (enable) set vlan 10
Vlan 10 configuration successful
SwitchA> (enable) set vlan 20
Vlan 20 configuration successful
SwitchA> (enable) set vlan 30
Vlan 30 configuration successful
SwitchA> (enable) set port name 1/1 Router Link
Port 1/1 name set.
SwitchA> (enable) set trunk 1/1 on isl
Port(s) 1/1 trunk mode set to on.
Port(s) 1/1 trunk type set to isl.
SwitchA> (enable) set port name 1/2 SwitchB Link
Port 1/2 name set.
SwitchA> (enable) set trunk 1/2 desirable isl
Port(s) 1/2 trunk mode set to desirable.
Port(s) 1/2 trunk type set to isl.
SwitchA> (enable) set port name 1/3 SwitchC Link
Port 1/3 name set.
SwitchA> (enable) set trunk 1/3 desirable isl
Port(s) 1/3 trunk mode set to desirable.
Port(s) 1/3 trunk type set to isl.
SwitchA> (enable) set mls enable ipx
IPX Multilayer switching is enabled.
SwitchA> (enable) set mls include ipx 10.1.1.1
IPX Multilayer switching enabled for router 10.1.1.1.
SwitchA> (enable) set port name 3/1 Destination D2
Port 3/1 name set.
SwitchA> (enable) set vlan 20 3/1
VLAN 20 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
20 3/1
SwitchA> (enable)
This example shows how to configure Switch B:
SwitchB> (enable) set port name 1/1 SwitchA Link
Port 1/1 name set.
SwitchB> (enable) set port name 3/1 Source S1
Port 3/1 name set.
SwitchB> (enable) set vlan 10 3/1
VLAN 10 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
10 3/1
SwitchB> (enable)
This example shows how to configure Switch C:
SwitchC> (enable) set port name 1/1 SwitchA Link
Port 1/1 name set.
SwitchC> (enable) set port name 3/1 Destination D1
Port 3/1 name set.
SwitchC> (enable) set vlan 30 3/1
VLAN 30 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
30 3/1
SwitchC> (enable) set port name 4/1 Source S2
Port 4/1 name set.
SwitchC> (enable) set vlan 30 4/1
VLAN 30 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
30 3/1
4/1
SwitchC> (enable)
These sections show different example IPX MLS configurations. In these examples, VLAN interfaces 1 and 3 are in the VTP domain Engineering. The management interface is configured on the VLAN 1 interface. Only information relevant to IPX MLS is shown in these configurations.
In this example configuration, no access lists are configured on the RSM VLAN interfaces. Therefore, the flow mask mode is destination.
Router# show running-config
Building configuration...
Current configuration:
.
.
.
mls rp ip
interface Vlan1
ip address 172.20.26.56 255.255.255.0
mls rp vtp-domain Engineering
mls rp management-interface
mls rp ip
interface Vlan2
ip address 128.6.2.73 255.255.255.0
interface Vlan3
ip address 128.6.3.73 255.255.255.0
mls rp vtp-domain Engineering
mls rp ip
.
.
end
Router#
Router# show mls rp
multilayer switching is globally enabled
mls id is 0006.7c71.8600
mls ip address 172.20.26.56
mls flow mask is destination-ip
number of domains configured for mls 1
vlan domain name: Engineering
current flow mask: destination-ip
current sequence number: 82078006
current/maximum retry count: 0/10
current domain state: no-change
current/next global purge: false/false
current/next purge count: 0/0
domain uptime: 02:54:21
keepalive timer expires in 11 seconds
retry timer not running
change timer not running
1 management interface(s) currently defined:
vlan 1 on Vlan1
2 mac-vlan(s) configured for multi-layer switching:
mac 0006.7c71.8600
vlan id(s)
1 3
router currently aware of following 1 switch(es):
switch id 00e0.fe4a.aeff
Router#
In this example configuration, a standard access list is configured on the RSM VLAN 3 interface. Therefore, the flow mask mode is destination-source.
.
interface Vlan3
ip address 128.6.3.73 255.255.255.0
ip access-group 2 out
mls rp vtp-domain Engineering
mls rp ip
.
Router# show mls rp
multilayer switching is globally enabled
mls id is 0006.7c71.8600
mls ip address 172.20.26.56
mls flow mask is source-destination-ip
number of domains configured for mls 1
vlan domain name: Engineering
current flow mask: source-destination-ip
current sequence number: 82078007
current/maximum retry count: 0/10
current domain state: no-change
current/next global purge: false/false
current/next purge count: 0/0
domain uptime: 02:57:31
keepalive timer expires in 4 seconds
retry timer not running
change timer not running
1 management interface(s) currently defined:
vlan 1 on Vlan1
2 mac-vlan(s) configured for multi-layer switching:
mac 0006.7c71.8600
vlan id(s)
1 3
router currently aware of following 1 switch(es):
switch id 00e0.fe4a.aeff
Router#
Posted: Thu Aug 24 16:54:23 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.