M Commands

mls aging fast
mls aging long
mls aging normal
mls exclude
mls flow
mls ip (interface configuration mode)
mls ipx (interface configuration mode)
mls nde flow
mls rp ip (global configuration mode)
mls rp ip (interface configuration mode)
mls rp ipx (global configuration mode)
mls rp ipx (interface configuration mode)
mls rp management-interface
mls rp nde-address
mls rp vlan-id
mls rp vtp-domain
monitor session

mls aging fast

Use the mls aging fast command to configure the fast-aging time for unicast entries in the Layer 3 table. Use the no form of this command to restore the MLS fast-aging time to the default.

mls aging fast [threshold packet_count [time seconds]]

mls aging fast [time seconds [threshold packet_count]

no mls aging fast

Syntax Description

threshold packet-count

(Optional) Keyword to specify the fast-aging threshold packet count for Layer 3 fast aging; valid values are from 1 to 128.

time seconds

(Optional) Keyword and variable to specify how often entries are checked; valid values are from 1 to 128 seconds.

threshold packet-count	(Optional) Keyword to specify the fast-aging threshold packet count for Layer 3 fast aging; valid values are from 1 to 128.
time seconds	(Optional) Keyword and variable to specify how often entries are checked; valid values are from 1 to 128 seconds.

Defaults

The default seconds is 32 seconds, and the default packet_count is 100.

Command Modes

Global configuration mode.

Examples

This example shows how to configure the MLS fast-aging threshold:

Router(config)# mls aging fast threshold 50
Router(config)#

Related Commands

show mls aging

mls aging long

Use the mls aging long command to configure the long-aging time for unicast entries in the Layer 3 table. Use the no form of this command to restore MLS long-aging time to the default.

mls aging long seconds

no mmls aging long

Syntax Description

seconds

Layer 3 long-aging timeout; valid values are from 64 to 900 seconds.

seconds	Layer 3 long-aging timeout; valid values are from 64 to 900 seconds.

Defaults

The default seconds is 900 seconds.

Command Modes

Global configuration mode.

Examples

This example shows how to configure the MLS long-aging threshold:

Router(config)# mls aging long 800
Router(config)#

Related Commands

show mls aging

mls aging normal

Use the mls aging normal command to configure the normal-aging time for unicast entries in the Layer 3 table. Use the no form of this command to restore MLS normal-aging time to the default.

mls aging normal second

no mls aging normal

Syntax Description

seconds

Normal Layer 3 aging timeout; valid values are from 32 to 4092 seconds.

seconds	Normal Layer 3 aging timeout; valid values are from 32 to 4092 seconds.

Defaults

The default seconds is 300 seconds.

Command Modes

Global configuration mode.

Examples

This example shows how to configure the MLS normal-aging threshold:

Router(config)# mls aging normal 200
Router(config)#

Related Commands

show mls aging

mls exclude

Use the mls exclude command to specify the protocol interface to exclude from shortcutting. Use the no form of this command to remove a prior entry.

mls exclude {protocol {both | tcp | udp}{port port_number}}

no mls exclude

Syntax Description

protocol

Keyword to specify protocol.

both

Keyword to specify both UDP and TCP.

tcp

Keyword to specify TCP.

udp

Keyword to specify UDP.

port port_number

Keyword and variable to specify port number; valid values are from 1 to 96.

protocol	Keyword to specify protocol.
both	Keyword to specify both UDP and TCP.
tcp	Keyword to specify TCP.
udp	Keyword to specify UDP.
port port_number	Keyword and variable to specify port number; valid values are from 1 to 96.

Command Modes

Global configuration mode.

Examples

This example shows how to configure MLS to exclude UDP on port 69:

Router(config)# mls exclude protocol udp port 69
set_mls_proto_exclude stub
protocol [ udp ]  port [ 69 ]  state [ 1 ]
 
Router(config)#

Related Commands

show mls ip
show mls ipx

mls flow

Use the mls flow command to specify the flow mask used for MLS. This command is needed to collect statistics for the supervisor engine. Use the no form of this command to restore the flow mask to the default.

mls flow {ip {destination | destination-source | full} | ipx {destination | destination-source}}

no mls flow {ip | ipx}

Syntax Description

ip

Keyword to enable the flow mask for MLS of IP packets.

destination

Keyword to use destination IP address as the key to the Layer 3 table.

destination-source

Keyword to use destination and source IP address as key to the Layer 3 table.

full

Keyword to use source and destination IP address, IP protocol (UDP or TCP), and source and destination port numbers as keys to the Layer 3 table.

ipx

Keyword to enable the flow mask for MLS IPX packets.

ip	Keyword to enable the flow mask for MLS of IP packets.
destination	Keyword to use destination IP address as the key to the Layer 3 table.
destination-source	Keyword to use destination and source IP address as key to the Layer 3 table.
full	Keyword to use source and destination IP address, IP protocol (UDP or TCP), and source and destination port numbers as keys to the Layer 3 table.
ipx	Keyword to enable the flow mask for MLS IPX packets.

Defaults

If there are no access lists on any MLS-RP, the flow mask is set to destination flow.

Command Modes

Global configuration mode.

Examples

This example shows how to set the minimum flow mask for an extended access list for MLS IP:

Router(config)# mls flow ip full
Router(config)#

Related Commands

show mls flowmask

mls ip (interface configuration mode)

Use the mls ip command to enable MLS IP for the internal router on the interface. Use the no form of this command to disable MLS IP on the interface.

mls ip [multicast]

no mls [multicast]

Syntax Description

multicast

(Optional) Keyword to enable MLS IP on the interface.

multicast	(Optional) Keyword to enable MLS IP on the interface.

Defaults

The default is multicast is disabled.

Command Modes

Interface configuration mode.

Examples

This example shows how to enable MLS IP shortcuts:

Router(config-if)# mls ip multicast
Router(config-if)#

Related Commands

mls rp ip (interface configuration mode)
show mls ip

mls ipx (interface configuration mode)

Use the mls ipx command to enable MLS IPX on the interface. Use the no form of this command to disable IPX on the interface.

mls ipx

no mls ipx

Syntax Description

This command has no arguments or keywords.

Defaults

The default is multicast is disabled.

Command Modes

Interface configuration mode.

Examples

This example shows how to enable MLS IPX on an interface:

Router(config)# mls ipx
Router(config)#

Related Commands

mls rp ipx (interface configuration mode)
show mls ipx

mls nde flow

Use the mls nde flow command to specify filter options for NDE. Use the no form of this command to remove a prior entry.

mls nde flow {include | exclude} {dest_port port_num | {destination ip_addr ip_mask} | {protocol {tcp | udp}} | source ip_addr ip_mask | src_port port_num}

no mls nde flow

Syntax Description

include

Keyword to include everything, or optionally only the specified parameters.

exclude

Keyword to exclude everything, or optionally only the specified parameters.

dest_port port_num

Keyword and variable to specify the destination port to filter.

destination ip_addr ip_mask

Keyword to specify a destination IP address and mask to filter.

protocol

Keyword to specify the protocol to include or exclude.

tcp

Keyword to include or exclude TCP.

udp

Keyword to include or exclude UDP.

source ip_addr ip_mask

Keyword to specify a source IP address and mask to filter.

src_port port_num

Keyword and variable to specify the source port to filter.

include	Keyword to include everything, or optionally only the specified parameters.
exclude	Keyword to exclude everything, or optionally only the specified parameters.
dest_port port_num	Keyword and variable to specify the destination port to filter.
destination ip_addr ip_mask	Keyword to specify a destination IP address and mask to filter.
protocol	Keyword to specify the protocol to include or exclude.
tcp	Keyword to include or exclude TCP.
udp	Keyword to include or exclude UDP.
source ip_addr ip_mask	Keyword to specify a source IP address and mask to filter.
src_port port_num	Keyword and variable to specify the source port to filter.

Defaults

This command has no default setting.

Command Modes

Global configuration mode.

Usage Guidelines

The include and exclude filters are stored in NVRAM and not removed if NDE is disabled.

Examples

This example shows how to specify an interface flow filter so that only expired flows to destination port 23 are exported (assuming the flow mask is set to ip-flow):

Router(config)# mls nde flow include dest-port 35
Router(config)#

Related Commands

show mls nde

mls rp ip (global configuration mode)

Use the mls rp ip command to enable external switches to establish IP shortcuts to the MSFC. Use the no form of this command to remove a prior entry.

mls rp ip [input_acl | route_map]

no mls rp ip

Syntax Description

input_acl

(Optional) Keyword to enable IP input access list.

route_map

(Optional) Keyword to enable IP route-map.

input_acl	(Optional) Keyword to enable IP input access list.
route_map	(Optional) Keyword to enable IP route-map.

Defaults

The default is no shortcuts are configured.

Command Modes

Global configuration mode.

Examples

This example shows how to allow external switches to establish IP shortcuts with IP input access lists configured:

Router(config)# mls rp ip input-acl
Router(config)#

Related Commands

show mls ip
mls ip (interface configuration mode)

mls rp ip (interface configuration mode)

Use the mls rp ip command to enable external switches to enable MLS IP on a specified interface. Use the no form of this command to disable MLS IP.

mls rp ip

no mls rp ip

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default setting.

Command Modes

Interface configuration mode.

Examples

This example shows how to enable external switches to enable MLS IP on an interface:

Router(config)# mls rp ip
Router(config)#

Related Commands

show mls ip
mls rp ip (global configuration mode)

mls rp ipx (global configuration mode)

Use the mls rp ipx command to enable external switches to enable MLS IPX to the MSFC. Use the no form of this command to remove a prior entry.

mls rp ip [input_acl]

no mls rp ip

Syntax Description

input_acl

(Optional) Keyword to enable MLS IPX and override ACLs.

input_acl	(Optional) Keyword to enable MLS IPX and override ACLs.

Defaults

This command has no default setting.

Command Modes

Global configuration mode.

Examples

This example shows how to enable external switches to MLS IPX to the MSFC and override ACLs:

Router(config)# mls rp ipx input-acl
Router(config)#

Related Commands

mls rp ipx (interface configuration mode)
show mls rp ipx (refer to Cisco IOS documentation)

mls rp ipx (interface configuration mode)

Use the mls rp ipx command to enable external switches to enable MLS IPX on the interface. Use the no form of this command to disable MLS IPX on the interface.

mls rp ipx

no mls rp ipx

Syntax Description

This command has no arguments or keywords.

Defaults

This command has no default setting.

Command Modes

Interface configuration mode.

Examples

This example shows how to enable external switches to enable MLS IPX on an interface:

Router(config-if)# mls rp ipx
Router(config-if)#

Related Commands

mls rp ipx (global configuration mode)
show mls rp ipx (refer to Cisco IOS documentation)

mls rp management-interface

Use the mls rp management-interface command to enable the interface as a managment interface. Use the no form of this command to remove a prior entry.

mls rp management-interface

no mls rp management-interface

Defaults

This command has no default setting.

Command Modes

Interface configuration mode.

Examples

This example shows how to enable an interface as a management interface:

Router(config)# mls rp management-interface
Router(config)#

Related Commands

show mls rp (refer to Cisco IOS documentation)

mls rp nde-address

Use the mls rp nde-address command to specify the NDE address. Use the no form of this command to remove a prior entry.

mls rp nde-address ip-address

no mls rp nde-address ip-address

Syntax Description

ip-address

NDE IP address.

ip-address	NDE IP address.

Defaults

This command has no default setting.

Command Modes

Global configuration mode.

Usage Guidelines

Use the following syntax to specify an IP subnet address:

ip_subnet_addr---This is the short subnet address format. The trailing decimal number 00 in an IP address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example, 172.22.36.00 indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0), and 173.24.00.00 indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0). However, this format can identify only a subnet address of 8, 16, or 24 bits.
ip_addr/subnet_mask---This is the long subnet address format. For example, 172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet address of any bit number. To provide more flexibility, the ip_addr is a full host address, such as 172.22.253.1/255.255.252.00.
ip_addr/maskbits---This is the simplified long subnet address format. The mask bits specify the number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet address. The ip_addr is a full host address, such as 193.22.253.1/22, which has the same subnet address as the ip_subnet_addr.

Examples

This example shows how to set the NDE address to 170.25.2.1:

Router(config)# mls rp nde-address 170.25.2.1
Router(config)#

Related Commands

show mls rp (refer to Cisco IOS documentation)

mls rp vlan-id

Use the mls rp vlan-id command to assign a VLAN ID to the interface. Use the no form of this command to remove a prior entry.

mls rp vlan-id {vlan_id}

no mls rp vlan-id

Syntax Description

vlan_id

VLAN ID number; valid values are from 1 to 4096.

vlan_id	VLAN ID number; valid values are from 1 to 4096.

Defaults

This command has no default setting.

Command Modes

Interface configuration mode.

Examples

Router(config)# mls rp vlan-id 4
Router(config)#

Related Commands

show mls rp (refer to Cisco IOS documentation)

mls rp vtp-domain

Use the mls rp vtp-domain command to link the interface to a VTP domain. Use the no form of this command to remove a prior entry.

mls rp vtp-domain {vlan_domain_name}

no mls rp vtp-domain {vlan_domain_name}

Syntax Description

vlan_domain_name

VLAN domain name.

vlan_domain_name	VLAN domain name.

Defaults

This command has no default setting.

Command Modes

Interface configuration mode.

Examples

This example shows how to link the interface to a VTP domain:

Router(config)# mls rp vtp-domain EverQuest
Router(config)#

Related Commands

show mls rp (refer to Cisco IOS documentation)
vtp domain

monitor session

Use the monitor session command to start a new SPAN session, add or delete interfaces or VLANs to or from an existing SPAN session, filter SPAN traffic to specific VLANs, or delete a SPAN session. Use the no form of this command to remove one or more source or destination interfaces from the SPAN session or a source VLAN from the SPAN session.

monitor session {session} {source {interface type num} | {vlan vlan}} [, | - | rx | tx | both]

no monitor session {session} {source {interface type num} | {vlan vlan}} [, | - | rx | tx | both]

monitor session {session} {destination {interface type num} [, | -]} | {vlan vlan}}

no monitor session {session} {destination {interface type num} [, | -]} | {vlan vlan}}

monitor session {session} {filter {vlan vlan} [, | -]}

no monitor session {session} {filter {vlan vlan} [, | -]}

Syntax Description

session

Number of the SPAN session; valid values are 1 and 2.

source

Keyword to specify the SPAN source.

interface type num

Keyword and variables to specify the interface type and number; valid values are Ethernet (1 to 9), FastEthernet (1 to 9), GigabitEthernet (1 to 9), Port-channel (1 to 256), and vlan (1 to 1000).

destination

Keyword to specify the SPAN destination interface.

filter vlan vlan

Keywords and variable to limit SPAN source traffic to specific VLANs; valid values are from 1 to 1005.

, vlan

(Optional) Keyword and variable to specify another range of SPAN VLANs; valid values are from 1 to 1005.

- vlan

(Optional) Keyword and variable to specify a range of SPAN VLANs.

rx

(Optional) Keyword to specify monitor received traffic only.

tx

(Optional) Keyword to specify monitor transmitted traffic only.

both

(Optional) Keyword to specify monitor received and transmitted traffic.

session	Number of the SPAN session; valid values are 1 and 2.
source	Keyword to specify the SPAN source.
interface type num	Keyword and variables to specify the interface type and number; valid values are Ethernet (1 to 9), FastEthernet (1 to 9), GigabitEthernet (1 to 9), Port-channel (1 to 256), and vlan (1 to 1000).
destination	Keyword to specify the SPAN destination interface.
filter vlan vlan	Keywords and variable to limit SPAN source traffic to specific VLANs; valid values are from 1 to 1005.
, vlan	(Optional) Keyword and variable to specify another range of SPAN VLANs; valid values are from 1 to 1005.
- vlan	(Optional) Keyword and variable to specify a range of SPAN VLANs.
rx	(Optional) Keyword to specify monitor received traffic only.
tx	(Optional) Keyword to specify monitor transmitted traffic only.
both	(Optional) Keyword to specify monitor received and transmitted traffic.

Defaults

The default is received and transmitted traffic and all VLANs are monitored on a trunk interface.

Command Modes

Global configuration mode.

Usage Guidelines

Only one SPAN destination for a SPAN session is supported. If you attempt to add another destination interface to a session that already has a destination interface configured, you will get an error. You must first remove a SPAN destination interface before changing the SPAN destination to a different interface.

You can configure up to 64 SPAN destination interfaces but you can have one egress SPAN source interface, and up to 64 ingress source interfaces only.

A particular SPAN session can either monitor VLANs or monitor individual interfaces---you cannot have a SPAN session that monitors both specific interfaces and specific VLANs. If you first configure a SPAN session with a source interface, and then try to add a source VLAN to the same SPAN session, you will get an error. You will also get an error if you configure a SPAN session with a source VLAN and then try to add a source interface to that session. You must first clear any sources for a SPAN session before switching to another type of source.

If you enter the filter keyword on a monitored trunk interface, only traffic on the set of specified VLANs is monitored.

Examples

This example shows how to add a destination VLAN to an existing SPAN session:

Router(config)# monitor session 1 destination vlan 100
Router(config)#

This example shows how to delete a destination VLAN from an existing SPAN session:

Router(config)# no monitor session 1 destination vlan 100
Router(config)#

This example shows how to limit SPAN traffic to specific VLANs:

Router(config)# monitor session 1 filter vlan 100 - 304
Router(config)#

Table of Contents