Cisco IOS Switching Services Configuration Guide, Release 12.1
Configuring IPX Multilayer Switching
Download this chapter
Configuring IPX Multilayer SwitchingConfiguring IPX Multilayer Switching
give_us_feedback

Table Of Contents

Configuring IPX Multilayer Switching

Prerequisites

Restrictions

General Configuration Guidelines

External Router Guidelines

Access List Restrictions

Restrictions on Interaction of IPX MLS with Other Features

Restriction on Maximum Transmission Unit Size

IPX MLS Configuration Tasks

Adding an IPX MLS Interface to a Virtual Trunk Protocol (VTP) Domain

Enabling Multilayer Switching Protocol (MLSP) on the Router

Assigning a VLAN ID to a Router Interface

Enabling IPX MLS on a Router Interface

Specifying a Router Interface as a Management Interface

Verifying IPX MLS on the Router

Troubleshooting Tips

Monitoring and Maintaining IPX MLS on the Router

IPX MLS Configuration Example

Example Network Topology

Operation Before IPX MLS

Operation After IPX MLS

Configuring Switch A Example

Configuring Switch B Example

Configuring Switch C Example

Configuring the Multilayer-Switching-Route Processor Example


Configuring IPX Multilayer Switching

This chapter describes how to configure your network to perform IPX Multilayer Switching (MLS). For a complete description of the Multilayer Switching commands, see the chapter "Multilayer Switching Commands" in the Cisco IOS Switching Services Command Reference. For documentation of other commands that appear in this chapter, you can use the command reference master index or search online.

This chapter contains these sections:

Restrictions

Prerequisites

IPX MLS Configuration Tasks

Troubleshooting Tips

Monitoring and Maintaining IPX MLS on the Router

IPX MLS Configuration Example

Note The information in this chapter is a brief summary of the information contained in the Catalyst 5000 Series Multilayer Switching User Guide. The commands and configurations described in this guide apply only to the devices that provide routing services. Commands and configurations for Catalyst 5000 series switches are documented in the Catalyst 5000 Series Multilayer Switching User Guide.

Prerequisites

The following prerequisites must be met before IPX MLS can function:

A VLAN interface must be configured on both the switch and the router. For information on configuring inter-VLAN routing on the RSM or external router, refer to the Catalyst 5000 Software Configuration Guide, Release 5.1.

IPX MLS must be configured on the switch. For more information refer to the Catalyst 5000 Software Configuration Guide, Release 5.1 and the Catalyst 5000 Command Reference, Release 5.1.

IPX MLS must be enabled on the router. The minimal configuration steps are described in the section "IPX MLS Configuration Tasks." For more details on configuring IPX routing, refer to the Cisco IOS AppleTalk and Novell IPX Configuration Guide.

Restrictions

This section describes restrictions that apply to configuring IPX MLS on the router.

General Configuration Guidelines

Be aware of the following:

You must configure the Catalyst 5000 series switch for IPX MLS to work.

When you enable IPX MLS, the RSM or externally attached router continues to handle all non-IPX protocols, while off-loading the switching of IPX packets to the MLS-SE.

Do not confuse IPX MLS with NetFlow switching supported by Cisco routers. IPX MLS requires both the RSM or directly attached external router and the MLS-SE, but not NetFlow switching on the RSM or directly attached external router. Any switching path on the RSM or directly attached external router will function (process, fast, optimum, and so on).

External Router Guidelines

When using an external router, use the following guidelines:

Use one directly attached external router per switch to ensure that the MLS-SE caches the appropriate flow information from both sides of the routed flow.

Use Cisco high-end routers (Cisco 4500, 4700, 7200, and 7500 series) for IPX MLS when they are externally attached to the switch. Make the attachment with multiple Ethernet connections (one per subnet) or by using Fast or Gigabit Ethernet with Inter-Switch Link (ISL) or IEEE 802.1Q encapsulation.

Connect end hosts through any media (Ethernet, Fast Ethernet, ATM, and Fiber Distributed Data Interface [FDDI]), but connect the external router and the switch only through standard 10/100 Ethernet interfaces, ISL, or IEEE 802.1Q links.

Access List Restrictions

The following restrictions apply when you use access lists on interfaces that participate in IPX MLS:

Input access lists—Router interfaces with input access lists cannot participate in IPX MLS. If you configure an input access list on an interface, no packets inbound or outbound for that interface are Layer 3 switched, even if the flow is not filtered by the access list. Existing flows for that interface are purged, and no new flows are cached.

Note You can translate input access lists to output access lists to provide the same effect on the interface.

Output access lists—When an output access list is applied to an interface, the IPX MLS cache entries for that interface are purged. Entries associated with other interfaces are not affected; they follow their normal aging or purging procedures.

Applying access lists that filter according to packet type, source node, source socket, or destination socket prevents the interface from participating in IPX MLS.

Applying access lists that use the log option prevents the interface from participating in IPX MLS.

Access list impact on flow masks—Access lists impact the flow mask mode advertised to the MLS-SE by an MLS-RP. If no access list has been applied on any MLS-RP interface, the flow mask mode is destination-ipx (the least specific) by default. If an access list that filters according to the source IPX network has been applied, the mode is source-destination-ipx by default.

Restrictions on Interaction of IPX MLS with Other Features

IPX MLS affects other Cisco IOS software features as follows:

IPX accounting—IPX accounting cannot be enabled on an IPX MLS-enabled interface.

IPX EIGRP—MLS is supported for EIGRP interfaces if the Transport Control (TC) maximum is set to a value greater than the default (16).

Restriction on Maximum Transmission Unit Size

In IPX the two endpoints of communication negotiate the maximum transmission unit (MTU) to be used. MTU size is limited by media type.

IPX MLS Configuration Tasks

Perform the following tasks to configure one or more routers for IPX MLS. The number of tasks you perform depends on your particular configuration.

Adding an IPX MLS Interface to a Virtual Trunk Protocol (VTP) Domain (Optional)

Enabling Multilayer Switching Protocol (MLSP) on the Router (Required)

Assigning a VLAN ID to a Router Interface (Optional)

Enabling IPX MLS on a Router Interface (Required)

Specifying a Router Interface as a Management Interface (Required)

For examples of IPX MLS configurations, see the "Configuration Examples" section later in this document.

Adding an IPX MLS Interface to a Virtual Trunk Protocol (VTP) Domain

Caution Perform this configuration task only if the switch connected to your router interfaces is in a VTP domain. Perform the task before you enter any other IPX MLS interface command—specifically the mls rp ipx or mls rp management-interface commands. If you enter these commands before adding the interface to a VTP domain, the interface will be automatically placed in a null domain. To place the IPX MLS interface into a domain other than the null domain, clear the IPX MLS interface configuration before you add the interface to another VTP domain. See the section "Configuration, Verification, and Troubleshooting Tips" and the Catalyst 5000 Software Configuration Guide, Release 5.1.

Determine which router interfaces you will use as IPX MLS interfaces and add them to the same VTP domain as the switches.

To view the VTP configuration and its domain name on the switch, enter the show mls rp vtp-domain command at the switch Console> prompt.

To assign an MLS interface to a specific VTP domain on the MLS-RP, use the mls rp vtp-domain command in interface configuration mode:

Command
Purpose

Router(config-if)# mls rp vtp-domain domain-name

Adds an IPX MLS interface to a Virtual Trunk Protocol (VTP) domain.


Enabling Multilayer Switching Protocol (MLSP) on the Router

To enable MLSP on the router, use the mls rp ipx command in global configuration mode:

Command
Purpose

Router(config)# mls rp ipx

Globally enables MLSP on the router. MLSP is the protocol that runs between the MLS-SE and MLS-RP.


Assigning a VLAN ID to a Router Interface

Note This task is not required for RSM VLAN interfaces (virtual interfaces), ISL-encapsulated interfaces, or IEEE 802.1Q-encapsulated interfaces.

To assign a VLAN ID to an IPX MLS interface, use the mls rp vlan-id command in interface configuration mode:

Command
Purpose

Router(config-if)# mls rp vlan-id vlan-id-number

Assigns a VLAN ID to an IPX MLS interface. The assigned IPX MLS interface must be either an Ethernet or Fast Ethernet interface with no subinterfaces.


Enabling IPX MLS on a Router Interface

To enable IPX MLS on a router interface, use the mls rp ipx command in interface configuration mode:

Command
Purpose

Router(config-if)# mls rp ipx

Enables a router interface for IPX MLS.


Specifying a Router Interface as a Management Interface

To specify an interface as the management interface, use the mls rp management-interface command in interface configuration mode:

Command
Purpose

Router(config-if)# mls rp management-interface

Specifies an interface as the management interface. MLSP packets are sent and received through the management interface. Select only one IPX MLS interface connected to the switch.


Verifying IPX MLS on the Router

To verify that you have correctly installed IPX MLS on the router, perform the following steps:

Step 1 Enter the show mls rp ipx command.

Step 2 Examine the output to learn if the VLANs are enabled.

Step 3 Examine the output to learn if the switches are listed by MAC address, indicating they are recognized by the MLS-RP.

Troubleshooting Tips

If you entered either the mls rp ipx command or the mls rp management-interface command on the interface before assigning it to a Virtual Trunk Protocol (VTP) domain, the interface will be in the null domain, instead of the VTP domain.

To remove the interface from the null domain and add it to a new VTP domain, use the following commands in interface configuration mode:

 
Command
Purpose

Step 1 

Router(config-if)# no mls rp ipx
Router(config-if)# no mls rp management-interface
Router(config-if)# no mls rp vtp-domain domain-name

Removes an interface from the null domain.

Step 2 

Router(config-if)# mls rp vtp-domain domain-name

Adds the interface to a new Virtual Trunk Protocol (VTP) domain.

Monitoring and Maintaining IPX MLS on the Router

Command
Purpose

Router# mls rp locate ipx

Displays information about all switches currently shortcutting for the specified IPX flow(s).

Router# show mls rp interface type number

Displays MLS details for a specific interface.

Router# show mls rp ipx

Displays details for all IPX MLS interfaces on the router: MLS status (enabled or disabled) for switch interfaces and subinterfaces; flow mask required when creating Layer 3 switching entries for the router; current settings for the keepalive timer, retry timer, and retry count; MLSP-ID used in MLSP messages; and list of interfaces in all Virtual Trunk Protocol (VTP) domains enabled for MLS.

Router#  show mls rp vtp-domain domain-name

Displays details about IPX MLS interfaces for a specific Virtual Trunk Protocol (VTP) domain.


IPX MLS Configuration Example

ThisThis example consists of the following sections:

Example Network Topology

Operation Before IPX MLS

Operation After IPX MLS

Configuring Switch A Example

Configuring Switch B Example

Configuring Switch C Example

Configuring the Multilayer-Switching-Route Processor Example

Configuring a Router with No Access Lists Example

Configuring a Router with a Standard Access List Example

Example Network Topology

Figure 34 shows an IPX MLS network topology consisting of three Catalyst 5000 series switches and a Cisco 7505 router—all interconnected with ISL trunk links.

Figure 34 Example Network: IPX MLS with Cisco 7505 over ISL

The network is configured as follows:

There are four VLANs (IPX networks):

VLAN 1 (management VLAN), IPX network 1

VLAN 10, IPX network 10

VLAN 20, IPX network 20

VLAN 30, IPX network 30

The Multilayer Switching-Route Processor is a Cisco 7505 router with a Fast Ethernet interface (interface fastethernet2/0)

The subinterfaces on the router interface have the following IPX network addresses:

fastethernet2/0.1-IPX network 1

fastethernet2/0.10-IPX network 10

fastethernet2/0.20-IPX network 20

fastethernet2/0.30-IPX network 30

Switch A, the MLS-SE Virtual Trunk Protocol (VTP) server, is a Catalyst 5509 switch with Supervisor Engine III and the NFFC II

Switch B and Switch C are Virtual Trunk Protocol (VTP) client Catalyst 5505 switches

Operation Before IPX MLS

Before IPX MLS is implemented, when the source host NC1 (on VLAN 10) sends traffic destined for destination server NS2 (on VLAN 30), Switch B forwards the traffic (based on the Layer 2 forwarding table) to Switch A over the ISL trunk link. Switch A forwards the packet to the router over the ISL trunk link.

The router receives the packet on the VLAN 10 subinterface, checks the destination IPX address, and routes the packet to the VLAN 30 subinterface. Switch A receives the routed packet and forwards it to Switch C. Switch C receives the packet and forwards it to destination server NS2. This process is repeated for each packet in the flow between source host NC1 and destination server NS2.

Operation After IPX MLS

After IPX MLS is implemented, when the source host NC1 (on VLAN 10) sends traffic destined for destination server NS2 (on VLAN 30), Switch B forwards the traffic (based on the Layer 2 forwarding table) to Switch A (the MLS-SE) over the ISL trunk link. When the first packet enters Switch A, a candidate flow entry is established in the MLS cache. Switch A forwards the packet to the MLS-RP over the ISL trunk link.

The MLS-RP receives the packet on the VLAN 10 subinterface, checks the destination IPX address, and routes the packet to the VLAN 30 subinterface. Switch A receives the routed packet (the enabler packet) and completes the flow entry in the MLS cache for the destination IPX address of NS2. Switch A forwards the packet to Switch C, where it is forwarded to destination server NS2.

Subsequent packets destined for the IPX address of NS2 are multilayer switched by the MLS-SE based on the flow entry in the MLS cache. For example, subsequent packets in the flow from source host NC1 are forwarded by Switch B to Switch A (the MLS-SE). The MLS-SE determines that the packets are part of the established flow, rewrites the packet headers, and switches the packets directly to Switch C, bypassing the router.

Configuring Switch A Example

This example shows how to configure Switch A (MLS-SE): 

SwitchA> (enable) set vtp domain Corporate mode server

VTP domain Corporate modified

SwitchA> (enable) set vlan 10

Vlan 10 configuration successful

SwitchA> (enable) set vlan 20

Vlan 20 configuration successful

SwitchA> (enable) set vlan 30

Vlan 30 configuration successful

SwitchA> (enable) set port name 1/1 Router Link

Port 1/1 name set.

SwitchA> (enable) set trunk 1/1 on isl

Port(s) 1/1 trunk mode set to on.

Port(s) 1/1 trunk type set to isl.

SwitchA> (enable) set port name 1/2 SwitchB Link

Port 1/2 name set.

SwitchA> (enable) set trunk 1/2 desirable isl

Port(s) 1/2 trunk mode set to desirable.

Port(s) 1/2 trunk type set to isl.

SwitchA> (enable) set port name 1/3 SwitchC Link

Port 1/3 name set.

SwitchA> (enable) set trunk 1/3 desirable isl

Port(s) 1/3 trunk mode set to desirable.

Port(s) 1/3 trunk type set to isl.

SwitchA> (enable) set mls enable ipx

IPX Multilayer switching is enabled.

SwitchA> (enable) set mls include ipx 10.1.1.1

IPX Multilayer switching enabled for router 10.1.1.1.

SwitchA> (enable) set port name 3/1 Destination D2

Port 3/1 name set.

SwitchA> (enable) set vlan 20 3/1

VLAN 20 modified.

VLAN 1 modified.

VLAN  Mod/Ports

---- -----------------------

20    3/1

SwitchA> (enable)

Configuring Switch B Example

This example shows how to configure Switch B: 

SwitchB> (enable) set port name 1/1 SwitchA Link

Port 1/1 name set.

SwitchB> (enable) set port name 3/1 Source S1

Port 3/1 name set.

SwitchB> (enable) set vlan 10 3/1

VLAN 10 modified.

VLAN 1 modified.

VLAN  Mod/Ports

---- -----------------------

10    3/1

SwitchB> (enable)

Configuring Switch C Example

This example shows how to configure Switch C: 

SwitchC> (enable) set port name 1/1 SwitchA Link

Port 1/1 name set.

SwitchC> (enable) set port name 3/1 Destination D1

Port 3/1 name set.

SwitchC> (enable) set vlan 30 3/1

VLAN 30 modified.

VLAN 1 modified.

VLAN  Mod/Ports

---- -----------------------

30    3/1

SwitchC> (enable) set port name 4/1 Source S2

Port 4/1 name set.

SwitchC> (enable) set vlan 30 4/1

VLAN 30 modified.

VLAN 1 modified.

VLAN  Mod/Ports

---- -----------------------

30    3/1

      4/1

SwitchC> (enable)

Configuring the Multilayer-Switching-Route Processor Example

This example shows how to configure the Multilayer-Switching-Route Processor: 

mls rp ipx

interface fastethernet 2/0

 full-duplex

 mls rp vtp-domain Engineering

interface fastethernet2/0.1

 encapsulation isl 1

 ipx address 10.1.1.1 255.255.255.0

 mls rp ipx

 mls rp management-interface

interface fastethernet2/0.10

 encapsulation isl 10

 ipx network 10

 mls rp ipx

interface fastethernet2/0.20

 encapsulation isl 20

 ipx network  20

 mls rp ipx

interface fastethernet2/0.30

 encapsulation isl 30

 ipx network 30

 mls rp ipx

This example shows how to configure the RSM VLAN interfaces with no access lists. Therefore, the flow mask mode is destination. 

Building configuration...


Current configuration:

!

version 12.0


.

.


ipx routing 0010.0738.2917

mls rp ip 

mls rp ipx


.

.


interface Vlan21

 ip address 5.5.5.155 255.255.255.0

 ipx network 2121

 mls rp vtp-domain Engineering

 mls rp management-interface

 mls rp ip

 mls rp ipx

!

interface Vlan22

ip address 2.2.2.155 255.255.255.0

 ipx network 2222

 mls rp vtp-domain Engineering

 mls rp ip

 mls rp ipx

!

.

.

end

Router#show run

Building configuration...

Current configuration:

!

version 12.0

!

interface Vlan22

ip address 2.2.2.155 255.255.255.0

 ipx access-group 800 out

 ipx network 2222

 mls rp vtp-domain Engineering

 mls rp ip

 mls rp ipx

!


.

.


!

!

!


access-list 800 deny 1111 2222

access-list 800 permit FFFFFFFF FFFFFFFF


.

.


end