|
|
This chapter describes how to configure IP Multilayer Switching (MLS) on the Catalyst 6000 family switches.
This chapter contains these sections:
These sections provide an overview of IP MLS and describe how IP MLS works:
IP MLS provides high-performance hardware-based Layer 3 switching for Catalyst 6000 family LAN switches. IP MLS switches unicast IP data packet flows between IP subnets using advanced application-specific integrated circuit (ASIC) switching hardware, offloading processor-intensive packet routing from network routers.
The packet forwarding function is moved onto Layer 3 switches whenever a complete switched path exists between two hosts. Standard routing protocols, such as Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), Routing Information Protocol (RIP), and Intermediate System-to-Intermediate System (IS-IS), are used for route determination.
In addition, IP MLS provides traffic statistics you can use to identify traffic characteristics for administration, planning, and troubleshooting. IP MLS uses NetFlow Data Export (NDE) to export flow statistics.
Layer 3 protocols, such as IP and Internetwork Packet Exchange (IPX), are connectionless---they deliver every packet independently of every other packet. However, actual network traffic consists of many end-to-end conversations, or flows, between users or applications.
A flow is a unidirectional sequence of packets between a particular source and destination that share the same protocol and transport-layer information. Communication from a client to a server and from the server to the client are separate flows. For example, Telnet traffic transferred from a particular source to a particular destination comprises a separate flow from File Transfer Protocol (FTP) packets between the same source and destination.
Flows are based only on Layer 3 addresses, which allow IP traffic from multiple users or applications to a particular destination to be carried on a single flow if only the destination IP address is used to identify a flow.
The Policy Feature Card (PFC) maintains a Layer 3 switching table (the Layer 3 MLS cache) for Layer 3-switched flows. The cache also includes entries for traffic statistics that are updated in tandem with the switching of packets. After the MLS cache is created, packets identified as belonging to an existing flow can be Layer 3 switched based on the cached information. The MLS cache maintains flow information for all active flows.
An MLS cache entry is created for the initial packet of each flow. Upon receipt of a packet that does not match any flow currently in the MLS cache, a new IP MLS entry is created.
The state and identity of the flow are maintained while packet traffic is active; when traffic for a flow ceases, the entry ages out. You can configure the aging time for MLS entries kept in the MLS cache. If an entry is not used for the specified period of time, the entry ages out and statistics for that flow can be exported to a flow collector application.
The maximum MLS cache size is 128K entries. However, an MLS cache larger than 32K entries increases the probability that a flow will not be switched by the PFC and will get forwarded to the router.
The PFC uses flow masks to determine how MLS entries are created.
These sections describe how the flow mask modes work:
The PFC supports only one flow mask (the most specific one) for all MSFCs that are Layer 3 switched by that PFC. If the PFC detects different flow masks from different MSFCs for which it is performing Layer 3 switching, it changes its flow mask to the most specific flow mask detected.
When the PFC flow mask changes, the entire MLS cache is purged. When a PFC exports cached entries, flow records are created based on the current flow mask. Depending on the current flow mask, some fields in the flow record might not have values. Unsupported fields are filled with a zero (0).
The three flow masks for IP MLS are as follows:
With the destination-ip flow mask, the source IP, protocol, and source and destination port fields show the details of the last packet that was Layer-3 switched using the MLS cache entry.
This example shows how the show mls entry command output appears in destination-ip mode:
Console> (enable) show mls entry ip short Destination-IP Source-IP Prot DstPrt SrcPrt Destination-Mac Vlan --------------- --------------- ----- ------ ------ ----------------- ---- ESrc EDst SPort DPort Stat-Pkts Stat-Byte Uptime Age ---- ---- ----- ----- --------- ------------ -------- -------- 171.69.200.234 - - - - 00-60-70-6c-fc-22 4 ARPA SNAP 5/8 11/1 3152 347854 09:01:19 09:08:20 171.69.1.133 - - - - 00-60-70-6c-fc-23 2 SNAP ARPA 5/8 1/1 2345 123456 09:03:32 09:08:12 Total Entries: 2 * indicates TCP flow has ended Console> (enable)
With the source-destination-ip flow mask, the protocol, source port, and destination port fields show the details of the last packet that was Layer 3 switched using the MLS cache entry.
This example shows how the show mls entry command output appears in source-destination-ip mode:
Console> (enable) show mls entry ip short Destination-IP Source-IP Prot DstPrt SrcPrt Destination-Mac Vlan --------------- --------------- ----- ------ ------ ----------------- ---- ESrc EDst SPort DPort Stat-Pkts Stat-Byte Uptime Age ---- ---- ----- ----- --------- ------------ -------- -------- 171.69.200.234 171.69.192.41 - - - 00-60-70-6c-fc-22 4 ARPA SNAP 5/8 11/1 3152 347854 09:01:19 09:08:20 171.69.1.133 171.69.192.42 - - - 00-60-70-6c-fc-23 2 SNAP ARPA 5/8 1/1 2345 123456 09:03:32 09:08:12 Total Entries: 2 * indicates TCP flow has ended Console> (enable)
With the full-flow flow mask, because a separate MLS entry is created for every ip flow, details are shown for each flow.
This example shows how the show mls entry command output appears in full flow mode:
Console> (enable) show mls entry ip short Destination-IP Source-IP Prot DstPrt SrcPrt Destination-Mac Vlan --------------- --------------- ----- ------ ------ ----------------- ---- ESrc EDst SPort DPort Stat-Pkts Stat-Byte Uptime Age ---- ---- ----- ----- --------- ------------ -------- -------- 171.69.200.234 171.69.192.41 TCP* 6000 59181 00-60-70-6c-fc-22 4 ARPA SNAP 5/8 11/1 3152 347854 09:01:19 09:08:20 171.69.1.133 171.69.192.42 UDP 2049 41636 00-60-70-6c-fc-23 2 SNAP ARPA 5/8 1/1 2345 123456 09:03:32 09:08:12 Total Entries: 2 * indicates TCP flow has ended Console> (enable)
When a packet is Layer 3 switched from a source host to a destination host, the switch (PFC) performs a packet rewrite based on information learned from the router (MSFC) and stored in the MLS cache.
If Host A and Host B are on different VLANs and Host A sends a packet to the MSFC to be routed to Host B, the PFC recognizes that the packet was sent to the MAC address of the MSFC. The PFC checks the MLS cache and finds the entry matching the flow in question.
When the PFC receives the packet, it is (conceptually) formatted as follows:
| Frame Header | IP Header | Payload | |||||
|---|---|---|---|---|---|---|---|
Destination | Source | Destination | Source | TTL | Checksum | Data | Checksum |
MSFC MAC | Host A MAC | Host B IP | Host A IP | n | calculation1 | ||
The PFC rewrites the Layer 2 frame header, changing the destination MAC address to the MAC address of Host B and the source MAC address to the MAC address of the MSFC (these MAC addresses are stored in the MLS cache entry for this flow). The Layer 3 IP addresses remain the same, but the IP header Time to Live (TTL) is decremented and the checksum is recomputed. The PFC rewrites the switched Layer 3 packets so that they appear to have been routed by a router.
The PFC forwards the rewritten packet to Host B's VLAN (the destination VLAN is stored in the MLS cache entry) and Host B receives the packet.
After the PFC performs the packet rewrite, the packet is (conceptually) formatted as follows:
| Frame Header | IP Header | Payload | |||||
|---|---|---|---|---|---|---|---|
Destination | Source | Destination | Source | TTL | Checksum | Data | Checksum |
Host B MAC | MSFC MAC | Host B IP | Host A IP | n-1 | calculation2 | ||
Figure 3-1 shows a simple IP MLS network topology. In this example, Host A is on the Sales VLAN (IP subnet 171.59.1.0), Host B is on the Marketing VLAN (IP subnet 171.59.3.0), and Host C is on the Engineering VLAN (IP subnet 171.59.2.0).
When Host A initiates an HTTP file transfer to Host C, an MLS entry for this flow is created (this entry is the second item in the MLS cache shown in Figure 3-1). The PFC stores the MAC addresses of the MSFC and Host C in the MLS entry when the MSFC forwards the first packet from Host A through the switch to Host C. The PFC uses this information to rewrite subsequent packets from Host A to Host C.
Table 3-1 shows the default IP MLS configuration.
| Feature | Default Value |
|---|---|
IP MLS enable state | Enabled |
IP MLS aging time | 256 seconds |
IP MLS fast aging time | 0 seconds (no fast aging) |
IP MLS fast aging-time packet threshold | 0 packets |
These sections describe configuration guidelines that apply when configuring IP MLS:
The default maximum transmission unit (MTU) for IP MLS is 1500. To change the MTU on an IP MLS-enabled interface, enter the ip mtu mtu command.
Enabling certain IP processes on an interface will affect IP MLS on the interface. Table 3-2 shows the affected commands and the resulting behavior.
| Command | Behavior |
|---|---|
clear ip route | Clears all MLS cache entries for all switches performing Layer 3 switching for this MSFC. |
ip routing | The no form purges all MLS cache entries and disables IP MLS on this MSFC. |
ip security (all forms of this command) | Disables IP MLS on the interface. |
ip tcp compression-connections | Disables IP MLS on the interface. |
ip tcp header-compression | Disables IP MLS on the interface. |
These sections describe how to configure the MSFC for IP MLS:
For information on configuring interVLAN routing on the MSFC, see "Configuring InterVLAN Routing." For information on configuring IP MLS on the switch, see the "Configuring IP MLS on the Switch" section.
IP MLS is enabled globally by default, but can be disabled and enabled on a specified interface.
To disable IP MLS on a specific router interface, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Remove a router interface from IP MLS. | Router(config-if)# no mls ip |
This example shows how to disable IP MLS on a router interface:
Router(config-if)# no mls ip Router(config-if)#
To enable IP MLS on a specific router interface, perform this task in interface configuration mode:
| Task | Command |
|---|---|
Enable IP MLS on a router interface. | Router(config-if)# mls ip |
This example shows how to enable IP MLS on a router interface:
Router(config-if)# mls ip Router(config-if)#
The show ip [interface] command displays IP MLS details. The output of the command includes:
To display detailed IP MLS information on the router, perform this task:
| Task | Command |
|---|---|
Show IP MLS details for all interfaces. | show ip [interface] |
Table 3-3 describes IP MLS-related debug commands that you can use to troubleshoot IP MLS problems on the router.
| Command | Description |
[no] debug l3-mgr events | Displays Layer 3 manager-related events. |
[no] debug l3-mgr packets | Displays Layer 3 manager packets. |
[no] debug l3-mgr global | Displays bugtrace of ip global purge events. |
[no] debug l3-mgr all | Turns on all Layer 3 manager debugging messages. |
Table 3-4 describes IP MLS-related debug commands that you can use to troubleshoot IP MLS problems when using the MSFC as an external router for a Catalyst 5000 family switch.
| Command | Description |
|---|---|
[no] debug mls ip | Turns on IP-related events for MLS, including route purging and changes of access lists and flow masks. |
[no] debug mls locator | Identifies which switch is switching a particular flow by using MLS explorer packets. |
[no] debug mls all | Turns on all MLS debugging events. |
Table 3-5 describes the Serial Control Protocol (SCP)-related debug commands to troubleshoot the SCP that runs over the Ethernet out-of-band channel (EOBC).
| Command | Description |
[no] debug scp async | Displays trace for async data in and out of the SCP system. |
[no] debug scp data | Displays packet data trace. |
[no] debug scp errors | Displays errors and warnings in the SCP. |
[no] debug scp packets | Displays packet data in and out of the SCP system. |
[no] debug scp timeouts | Reports timeouts. |
[no] debug scp all | Turns on all SCP debugging messages. |
IP MLS is enabled by default on Catalyst 6000 family switches. You only need to configure the switch in these circumstances:
These sections describe how to configure IP MLS on the switch:
For information on configuring VLANs on the switch, see the "Configuring VLAN Trunk Protocol and VLANs on the Switch" section. For information on configuring IP MLS on the router, see the "Configuring IP MLS on the MSFC" section.
The IP MLS aging time applies to all MLS cache entries. Any MLS entry that has not been used for agingtime seconds is aged out. The default is 256 seconds.
You can configure the aging time in the range of 8 to 2032 seconds in 8-second increments. Any aging-time value that is not a multiple of 8 seconds is adjusted to the closest multiple of 8 seconds. For example, a value of 65 is adjusted to 64 and a value of 127 is adjusted to 128.
Other events might cause MLS entries to be purged, such as routing changes or a change in link state (PFC link is down).
To specify the IP MLS aging time, perform this task in privileged mode:
| Task | Command |
|---|---|
Specify the IP MLS aging time for an MLS cache entry. | set mls agingtime [agingtime] |
This example shows how to specify the IP MLS aging time:
Console> (enable) set mls agingtime 512 Multilayer switching aging time set to 512 Console> (enable)
To keep the MLS cache size below 32K entries, enable IP MLS fast aging time. The IP MLS fast aging time applies to MLS entries that have no more than pkt_threshold packets switched within fastagingtime seconds after they are created. A typical cache entry that is removed is the entry for flows to and from a Domain Name Server (DNS) or TFTP server; the entry might never be used again after it is created. Detecting and aging out these entries saves space in the MLS cache for other data traffic.
The default fastagingtime value is 0 (no fast aging). You can configure the fastagingtime value to 32, 64, 96, or 128 seconds. Any fastagingtime value that is not configured exactly as the indicated values is adjusted to the closest one. You can configure the pkt_threshold value to 0, 1, 3, 7, 15, 31, or 63 packets.
If you need to enable IP MLS fast aging time, initially set the value to 128 seconds. If the size of the MLS cache continues to grow over 32K entries, decrease the setting until the cache size stays below 32K. If the cache continues to grow over 32K entries, decrease the normal IP MLS aging time.
Typical values for fastagingtime and pkt_threshold are 32 seconds and 0 packets (no packets switched within 32 seconds after the entry is created).
To specify the IP MLS fast aging time and packet threshold, perform this task in privileged mode:
| Task | Command |
|---|---|
Specify the IP MLS fast aging time and packet threshold for an MLS cache entry. | set mls agingtime fast [fastagingtime] [pkt_threshold] |
This example shows how to set the IP MLS fast aging time to 32 seconds with a packet threshold of 0 packets:
Console> (enable) set mls agingtime fast 32 0 Multilayer switching fast aging time set to 32 seconds for entries with no more than 0 packets switched. Console> (enable)
You can set the minimum granularity of the flow mask for the MLS cache on the PFC. The actual flow mask used will be at least of the granularity specified by this command. For information on how the different flow masks work, see the "Flow Masks" section.
For example, if you do not configure access lists on any MSFC, then the IP MLS flow mask on the PFC is destination-ip by default. However, you can force the PFC to use the source-destination-ip flow mask by setting the minimum IP MLS flow mask using the set mls flow destination-source command. If an extended access list is configured on the MSFC, then the flow mask is changed to full flow, which is a more granular flow mask than the configured source-destination-ip flow mask.
 | Caution The set mls flow destination-source command purges all existing shortcuts in the MLS cache and affects the number of active shortcuts on the PFC. Exercise care when using this command. |
To set the minimum IP MLS flow mask, perform this task in privileged mode:
| Task | Command |
|---|---|
Set the minimum IP MLS flow mask. | set mls flow {destination | destination-source | full} |
This example shows how to set the minimum IP MLS flow mask to destination-source-ip:
Console> (enable) set mls flow destination-source Configured IP flow mask is set to destination-source flow. Console> (enable)
The show cam command displays the content-addressable memory (CAM) entries associated with a specific MAC address. If the MAC address belongs to an MSFC, an "R" is appended to the MAC address.
If you specify a VLAN number, only those CAM entries corresponding to that VLAN number are displayed. If a VLAN is not specified, entries for all VLANs are displayed.
To display CAM entries on the switch, perform this task:
| Task | Command |
|---|---|
Display CAM entries by MAC address. | show cam msfc [vlan] |
This example shows how to display the CAM entries on the switch:
Console> show cam msfc VLAN Destination MAC Destination-Ports or VCs Xtag Status ---- ------------------ ------------------------------ ---- ------ 194 00-e0-f9-d1-2c-00R 7/1 2 H 193 00-00-0c-07-ac-c1R 7/1 2 H 193 00-00-0c-07-ac-5dR 7/1 2 H 202 00-00-0c-07-ac-caR 7/1 2 H 204 00-e0-f9-d1-2c-00R 7/1 2 H 195 00-e0-f9-d1-2c-00R 7/1 2 H 192 00-00-0c-07-ac-c0R 7/1 2 H 192 00-e0-f9-d1-2c-00R 7/1 2 H 204 00-00-0c-07-ac-ccR 7/1 2 H 202 00-e0-f9-d1-2c-00R 7/1 2 H 194 00-00-0c-07-ac-5eR 7/1 2 H 196 00-e0-f9-d1-2c-00R 7/1 2 H 194 00-00-0c-07-ac-c2R 7/1 2 H 193 00-e0-f9-d1-2c-00R 7/1 2 H Total Matching CAM Entries Displayed = 14 Console>
This example shows how to display the CAM entries for a specified VLAN:
Console> show cam msfc 192 VLAN Destination MAC Destination-Ports or VCs Xtag Status ---- ------------------ ------------------------------ ---- ------ 192 00-00-0c-07-ac-c0R 7/1 2 H 192 00-e0-f9-d1-2c-00R 7/1 2 H Console>
The show mls command displays IP MLS information and MSFC-specific information.
To display IP MLS information and MSFC-specific information on the switch, perform this task:
| Task | Command |
|---|---|
Display general IP MLS information and router-specific information for all MSFCs. | show mls ip [mod1] |
| 1The mod keyword specifies the module number of the MSFC; either 15 (if the MSFC is installed on the supervisor engine in slot 1) or 16 (if the MSFC is installed on the supervisor engine in slot 2) |
This example shows how to display IP MLS information and MSFC-specific information on the switch:
Console> (enable) show mls ip
Total Active MLS entries = 0
Total packets switched = 0
IP Multilayer switching enabled
IP Multilayer switching aging time = 256 seconds
IP Multilayer switching fast aging time = 0 seconds, packet threshold = 0
IP Flow mask: Full Flow
Configured flow mask is Destination flow
Active IP MLS entries = 0
Netflow Data Export version: 8
Netflow Data Export disabled
Netflow Data Export port/host is not configured
Total packets exported = 0
MSFC ID Module XTAG MAC Vlans
--------------- ------ ---- ----------------- --------------------
52.0.03 15 1 01-10-29-8a-0c-00 1,10,123,434,121
222,666,959
Console> (enable)
These sections describe how to display MLS cache entries on the switch:
To display all MLS entries (IP and IPX) on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Display all MLS entries. | show mls entry [short | long] |
This example shows how to display all MLS entries (IP and IPX) on the switch:
Console> (enable) show mls entry short Destination-IP Source-IP Prot DstPrt SrcPrt Destination-Mac Vlan --------------- --------------- ----- ------ ------ ----------------- ---- ESrc EDst SPort DPort Stat-Pkts Stat-Bytes Created LastUsed ---- ---- ----- ----- ---------- ------------ -------- -------- 171.69.200.234 171.69.192.41 TCP* 6000 59181 00-60-70-6c-fc-22 4 ARPA SNAP 5/8 11/1 3152 347854 09:01:19 09:08:20 171.69.1.133 171.69.192.42 UDP 2049 41636 00-60-70-6c-fc-23 2 SNAP ARPA 5/8 1/1 2345 1234567 09:03:32 09:08:12 171.69.1.133 171.69.192.42 UDP 2049 41636 00-60-70-6c-fc-23 2 SNAP ARPA 5/8 1/1 2345 1234567 09:03:32 09:08:12 171.69.1.133 171.69.192.42 UDP 2049 41636 00-60-70-6c-fc-23 2 SNAP ARPA 5/8 1/1 2345 1234567 09:03:32 09:08:12 171.69.1.133 171.69.192.42 UDP 2049 41636 00-60-70-6c-fc-23 2 SNAP ARPA 5/8 1/1 2345 1234567 09:03:32 09:08:12 Total IP entries: 5 * indicates TCP flow has ended. Destination-IPX Source-IPX-net Destination-Mac Vlan Port Stat-Pkts Stat-Bytes ------------------------- -------------- ----------------- ---- ----- --------- ----------- BABE.0000.0000.0001 - 00-a0-c9-0a-89-1d 211 13/37 30230 1510775 201.00A0.2451.7423 - 00-a0-24-51-74-23 201 14/33 30256 31795084 501.0000.3100.0501 - 31-00-05-01-00-00 501 9/37 12121 323232 401.0000.0000.0401 - 00-00-04-01-00-00 401 3/1 4633 38676 Total IPX entries: 4 Console>
To display MLS entries for a specific destination IP address, perform this task in privileged mode:
| Task | Command |
|---|---|
Display MLS entries for the specified destination IP address. | show mls entry ip destination [ip_addr] |
This example shows how to display MLS entries for a specific destination IP address:
Console> (enable) show mls entry ip destination 172.20.22.14/24 Destination-IP Source-IP Prot DstPrt SrcPrt Destination-Mac Vlan EDst ESrc DPort SPort Stat-Pkts Stat-Bytes Uptime Age --------------- --------------- ----- ------ ------ ----------------- ---- ---- ---- ------ ------ ---------- ----------- -------- -------- MSFC 172.20.25.1 (Module 15): 172.20.22.14 - - - - 00-60-70-6c-fc-22 4 ARPA ARPA 5/39 5/40 115 5290 00:12:20 00:00:04 MSFC 172.20.27.1 (Module 16): Total entries:1 Console> (enable)
To display MLS entries for a specific source IP address, perform this task in privileged mode:
| Task | Command |
|---|---|
Display MLS entries for the specified source IP address. | show mls entry ip source [ip_addr] |
This example shows how to display MLS entries for a specific source IP address:
Console> (enable) show mls entry ip source 10.0.2.15 Destination-IP Source-IP Prot DstPrt SrcPrt Destination-Mac Vlan EDst ESrc DPort SPort Stat-Pkts Stat-Bytes Uptime Age --------------- --------------- ----- ------ ------ ----------------- ---- ---- ---- ------ ------ ---------- ----------- -------- -------- MSFC 172.20.25.1 (Module 15): 172.20.22.14 10.0.2.15 TCP Telnet 37819 00-e0-4f-15-49-ff 51 ARPA ARPA 5/39 5/40 115 5290 00:12:20 00:00:04 MSFC 172.20.27.1 (Module 16): Total entries:1 Console> (enable)
The show mls entry ip flow command displays MLS entries for a specific IP flow. The protocol argument can be tcp, udp, icmp, or a decimal number for other protocol families. The src_port and dst_port arguments specify the protocol ports if the protocol is TCP or User Datagram Protocol (UDP). A value of zero (0) for src_port and dst_port or protocol is treated as a wildcard and all entries are displayed (unspecified options are treated as wildcards). If the protocol selected is not TCP or UDP, set the src_port and dst_prt to 0 or no flows will display.
To display MLS entries for a specific IP flow (when the switch flow mask mode is full flow), perform this task in privileged mode:
| Task | Command |
|---|---|
Display entries for a specific IP flow (when the switch flow mask mode is full flow). | show mls entry ip flow [protocol src_port dst_port] |
This example shows how to display MLS entries for a specific IP flow:
Console> (enable) show mls entry ip flow tcp 23 37819 Destination IP Source IP Port DstPrt SrcPrt Destination Mac Vlan Port --------------- --------------- ---- ------ ------ ----------------- ---- ----- MSFC 51.0.0.3: 10.0.2.15 51.0.0.2 TCP 37819 Telnet 08-00-20-7a-07-75 10 3/1 Console> (enable)
The clear mls entry command removes specific MLS cache entries on the switch. The all keyword clears all MLS entries. The destination and source keywords specify the source and destination IP addresses. The destination and source ip_addr_spec can be a full IP address or a subnet address in the format ip_subnet_addr, ip_addr/subnet_mask, or ip_addr/subnet_mask_bits.
The flow keyword specifies the following additional flow information:
To clear an MLS entry, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear an MLS entry on the switch. | clear mls entry ip [destination ip_addr_spec] [source ip_addr_spec] [flow protocol src_port dst_port] [all] |
This example shows how to clear MLS entries with destination IP address 172.20.26.22:
Console> (enable) clear mls entry ip destination 172.20.26.22 MLS IP entry cleared Console> (enable)
This example shows how to clear MLS entries with destination IP address 172.20.22.113, TCP source port 1652, and TCP destination port 23:
Console> (enable) clear mls entry destination 172.20.26.22 source 172.20.22.113 flow tcp 1652 23 MLS IP entry cleared Console> (enable)
These sections describe how to display a variety of IP MLS statistics:
To display IP MLS statistics by protocol, perform this task in privileged mode:
| Task | Command |
|---|---|
Display IP MLS statistics by protocol (only if IP MLS is in full flow mode). | show mls statistics protocol |
This example shows how to display IP MLS statistics by protocol:
Console> (enable) show mls statistics protocol Protocol TotalFlows TotalPackets Total Bytes ------- ---------- -------------- ------------ Telnet 900 630 4298 FTP 688 2190 3105 WWW 389 42679 623686 SMTP 802 4966 92873 X 142 2487 36870 DNS 1580 52 1046 Others 82 1 73 Total 6583 53005 801951 Console> (enable)
The show mls statistics entry command displays IP MLS statistics for MLS cache entries. Specify the destination IP address, source IP address, protocol, and source and destination ports to see specific MLS cache entries.
A value of zero (0) for src_port or dst_port is treated as a wildcard, and all statistics are displayed (unspecified options are treated as wildcards). If the protocol specified is not TCP or UDP, set the src_port and dst_prt to 0 or no statistics will display.
To display statistics for MLS cache entries, perform this task in privileged mode:
| Task | Command |
|---|---|
Display statistics for MLS cache entries. If you do not specify an MLS cache entry, all statistics are shown. | show mls statistics entry ip [destination ip_addr_spec] [source ip_addr_spec] [flow protocol src_port dst_port] |
This example shows how to display statistics for a particular MLS cache entry:
Console> show mls statistics entry ip destination 172.20.22.14
Last Used
Destination IP Source IP Prot DstPrt SrcPrt Stat-Pkts Stat-Bytes
--------------- --------------- ---- ------ ------ --------- -----------
MSFC 127.0.0.12:
172.20.22.14 172.20.25.10 6 50648 80 3152 347854
Console>
The clear mls statistics command clears the following statistics on the switch:
To clear MLS statistics on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear MLS statistics on the switch. | clear mls statistics |
This example shows how to clear IP MLS statistics on the switch:
Console> (enable) clear mls statistics All mls statistics cleared. Console> (enable)
The show mls debug command displays IP MLS debug information that you can send to your technical support representative for analysis if necessary.
To display IP MLS debug information on the switch, perform this task:
| Task | Command |
|---|---|
Display IP MLS debug information that you can send to your technical support representative. | show mls debug |
Posted: Tue Feb 29 11:48:26 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.