Cisco IOS Switching Services Configuration Guide, Release 12.1
Configuring IP Multilayer Switching
Download this chapter
Configuring IP Multilayer SwitchingConfiguring IP Multilayer Switching
give_us_feedback

Table Of Contents

Configuring IP Multilayer Switching

Configuring and Monitoring MLS

Configuring MLS on a Router

Monitoring MLS

Monitoring MLS for an Interface

Monitoring MLS Interfaces for VTP Domains

Configuring NetFlow Data Export

Specifying a NetFlow Data Export Address on the Router

Multilayer Switching Configuration Examples

Router Configuration Without Access Lists Example

Router Configuration with a Standard Access List Example

Router Configuration with an Extended Access List Example


Configuring IP Multilayer Switching

This chapter describes how to configure your network to perform IP Multilayer Switching (MLS). For a complete description of the Multilayer Switching commands, see the chapter "Multilayer Switching Commands" in the Cisco IOS Switching Services Command Reference. For documentation of other commands that appear in this chapter, you can use the command reference master index or search online.

This chapter contains these sections:

Configuring and Monitoring MLS

Configuring NetFlow Data Export

Multilayer Switching Configuration Examples

Note The information in this chapter is a brief summary of the information contained in the Catalyst 5000 Series Multilayer Switching User Guide. The commands and configurations described in this guide apply only to the devices that provide routing services. Commands and configurations for Catalyst 5000 series switches are documented in the Catalyst 5000 Series Multilayer Switching User Guide. For configuration information for the Catalyst 6000 series switch, see Configuring and Troubleshooting IP MLS on Catalyst 6000 with an MSFC or the "Configuring IP Multilayer Switching" chapter in the Catalyst 6500 Series MSFC (12.x) & PFC Configuration Guide.

Configuring and Monitoring MLS

Perform the tasks in this section to configure your Cisco router for MLS. To ensure a successful MLS configuration, you must also configure the Catalyst Switches in your network. For a full description for the Catalyst 5000 series, see the Catalyst 5000 Series Multilayer Switching User Guide. For a full description for the Catalyst 6000 series, see the "Configuring IP Multilayer Switching" chapter in the Catalyst 6500 Series MSFC (12.x) & PFC Configuration Guide. Only configuration tasks and commands for routers are described in this chapter.

Configuring MLS on a Router (Required)

Monitoring MLS (Optional)

Monitoring MLS for an Interface (Optional)

Monitoring MLS Interfaces for VTP Domains (Optional)

Configuring MLS on a Router

Use the following commands to configure MLS on your router. Depending upon your configuration, you might not have to perform all the steps in the procedure.

 
Command
Purpose

Step 1 

mls rp ip

Globally enables MLSP. MLSP is the protocol that runs between the MLS-SE and the MLS-RP.

Step 2 

interface type number

Selects a router interface.

Step 3 

mls rp vtp-domain [domain-name]

Selects the router interface to be Layer 3 switched and then adds that interface to the same VLAN Trunking Protocol (VTP) domain as the switch. This interface is referred to as the MLS interface. This command is required only if the Catalyst switch is in a VTP domain.

Step 4 

mls rp vlan-id [vlan-id-num]

Assigns a VLAN ID to the MLS interface. MLS requires that each interface has a VLAN ID. This step is not required for RSM VLAN interfaces or ISL-encapsulated interfaces.

Step 5 

mls rp ip

Enables each MLS interface.

Step 6 

mls rp management-interface

Selects one MLS interface as a management interface. MLSP packets are sent and received through this interface. This can be any MLS interface connected to the switch.

 

Repeat steps 2 through 5 for each interface that will support MLS.

 

Note The interface-specific commands in this section apply only to Ethernet, Fast Ethernet, VLAN, and Fast Etherchannel interfaces on the Catalyst RSM/Versatile Interface Processor 2 (VIP2) or directly attached external router.

Use the following command to globally disable MLS on the router:

Command
Purpose

no mls rp ip

Disables MLS on the router.


Monitoring MLS

Use the show mls rp command to display MLS details including specifics for MLSP. Displays include:

MLS status (enabled or disabled) for switch interfaces and subinterfaces

Flow mask used by this MLS-enabled switch when creating Layer 3-switching entries for the router

Current settings of the keepalive timer, retry timer, and retry count

MLSP-ID used in MLSP messages

List of interfaces in all VTP domains that are enabled for MLS

Command
Purpose

show mls rp

Shows MLS details for all interfaces.


After entering this command, you see this display: 

router# show mls rp

multilayer switching is globally enabled

mls id is 00e0.fefc.6000

mls ip address 10.20.26.64

mls flow mask is ip-flow

vlan domain name: WBU

   current flow mask: ip-flow

   current sequence number: 80709115

   current/maximum retry count: 0/10

   current domain state: no-change

   current/next global purge: false/false

   current/next purge count: 0/0

   domain uptime: 13:03:19

   keepalive timer expires in 9 seconds

   retry timer not running

   change timer not running

   fcp subblock count = 7

   1 management interface(s) currently defined:

      vlan 1 on Vlan1

   7 mac-vlan(s) configured for multi-layer switching:

      mac 00e0.fefc.6000

         vlan id(s)

         1    10   91   92   93   95   100

   router currently aware of following 1 switch(es):

      switch id 0010.1192.b5ff

router#

Monitoring MLS for an Interface

Use the following command to show MLS information for a specific interface:

Command
Purpose

show mls rp [interface]

Shows MLS details for a specific interface.


After entering this command, you see this display: 

router# show mls rp int vlan 10

mls active on Vlan10, domain WBU

router#

Monitoring MLS Interfaces for VTP Domains

Use the following command to show MLS information for a specific VTP domain:

Command
Purpose

show mls rp vtp-domain [domain-name]

Shows MLS interfaces for a specific VTP domain.


After entering this command, you see this display: 

router# show mls rp vtp-domain WBU

vlan domain name: WBU

   current flow mask: ip-flow

   current sequence number: 80709115

   current/maximum retry count: 0/10

   current domain state: no-change

   current/next global purge: false/false

   current/next purge count: 0/0

   domain uptime: 13:07:36

   keepalive timer expires in 8 seconds

   retry timer not running

   change timer not running

   fcp subblock count = 7

   1 management interface(s) currently defined:

      vlan 1 on Vlan1

   7 mac-vlan(s) configured for multi-layer switching:

      mac 00e0.fefc.6000

         vlan id(s)

         1    10   91   92   93   95   100

   router currently aware of following 1 switch(es):

      switch id 0010.1192.b5ff

router#

Configuring NetFlow Data Export

Note You need to enable NDE only if you are going to export MLS cache entries to a data collection application.

Perform the task in this section to configure your Cisco router for NDE. To ensure a successful NDE configuration, you must also configure the Catalyst Switch. For a full description, see the Catalyst 5000 Series Multilayer Switching User Guide. Only configuration tasks and commands for routers are described in this chapter.

Specifying a NetFlow Data Export Address on the Router

Use the following command to specify a NewFlow Data Export address on the router:

Command
Purpose

mls rp nde-address ip-address

Specifies an NDE IP address for the router doing the Layer 3 switching. The router and the Catalyst 5000 series switch use the NDE IP address when sending MLS statistics to a data collection application.


Multilayer Switching Configuration Examples

In these examples, VLAN interfaces 1 and 3 are in VTP domain Engineering. The management interface is configured on the VLAN 1 interface. Only information relevant to MLS is shown in the following configurations:

Router Configuration Without Access Lists Example

Router Configuration with a Standard Access List Example

Router Configuration with an Extended Access List Example

Router Configuration Without Access Lists Example

This sample configuration shows a router configured without access lists on any of the VLAN interfaces. The flow mask is configured to be destination-ip. 

router# more system:running-config

Building configuration...

Current configuration:

.

.

.

mls rp ip


interface Vlan1

 ip address 172.20.26.56 255.255.255.0

 mls rp vtp-domain Engineering

 mls rp management-interface

 mls rp ip


interface Vlan2

 ip address 128.6.2.73 255.255.255.0


interface Vlan3

 ip address 128.6.3.73 255.255.255.0

 mls rp vtp-domain Engineering

 mls rp ip

 .

 .

 end

router#

router# show mls rp

multilayer switching is globally enabled

mls id is 0006.7c71.8600

mls ip address 172.20.26.56

mls flow mask is destination-ip


number of domains configured for mls 1

vlan domain name: Engineering

   current flow mask: destination-ip

   current sequence number: 82078006

   current/maximum retry count: 0/10

   current domain state: no-change

   current/next global purge: false/false

   current/next purge count: 0/0

   domain uptime: 02:54:21

   keepalive timer expires in 11 seconds

   retry timer not running

   change timer not running

   1 management interface(s) currently defined:

      vlan 1 on Vlan1

   2 mac-vlan(s) configured for multi-layer switching:

      mac 0006.7c71.8600

         vlan id(s)

         1    3

   router currently aware of following 1 switch(es):

      switch id 00e0.fe4a.aeff

router#

Router Configuration with a Standard Access List Example

This configuration is the same as the previous example but with a standard access list configured on the VLAN 3 interface. The flow mask changes to source-destination-ip. 

.

interface Vlan3

 ip address 128.6.3.73 255.255.255.0

 ip access-group 2 out

 mls rp vtp-domain Engineering

 mls rp ip

.


router# show mls rp

multilayer switching is globally enabled

mls id is 0006.7c71.8600

mls ip address 172.20.26.56

mls flow mask is source-destination-ip

number of domains configured for mls 1

vlan domain name: Engineering

   current flow mask: source-destination-ip

   current sequence number: 82078007

   current/maximum retry count: 0/10

   current domain state: no-change

   current/next global purge: false/false

   current/next purge count: 0/0

   domain uptime: 02:57:31

   keepalive timer expires in 4 seconds

   retry timer not running

   change timer not running

   1 management interface(s) currently defined:

      vlan 1 on Vlan1

   2 mac-vlan(s) configured for multi-layer switching:

      mac 0006.7c71.8600

         vlan id(s)

         1    3

   router currently aware of following 1 switch(es):

      switch id 00e0.fe4a.aeff

router#

Router Configuration with an Extended Access List Example

This configuration is the same as the previous examples but with an extended access list configured on the VLAN 3 interface. The flow mask changes to ip-flow. 

.

interface Vlan3

 ip address 128.6.3.73 255.255.255.0

 ip access-group 101 out

 mls rp vtp-domain Engineering

 mls rp ip

.



router# show mls rp

multilayer switching is globally enabled

mls id is 0006.7c71.8600

mls ip address 172.20.26.56

mls flow mask is ip-flow

number of domains configured for mls 1

vlan domain name: Engineering

   current flow mask: ip-flow

   current sequence number: 82078009

   current/maximum retry count: 0/10

   current domain state: no-change

   current/next global purge: false/false

   current/next purge count: 0/0

   domain uptime: 03:01:52

   keepalive timer expires in 3 seconds

   retry timer not running

   change timer not running

   1 management interface(s) currently defined:

      vlan 1 on Vlan1

   2 mac-vlan(s) configured for multi-layer switching:

      mac 0006.7c71.8600

         vlan id(s)

         1    3

   router currently aware of following 1 switch(es):

      switch id 00e0.fe4a.aeff

router#