Catalyst 6500 Series Software Configuration Guide, 6.3 and 6.4 - Configuring CEF for PFC2 [Cisco Catalyst 6500 Series Switches]

Table Of Contents

Configuring CEF for PFC2

Understanding How Layer 3 Switching Works

Layer 3 Switching Overview

Understanding Layer 3-Switched Packet Rewrite

Understanding IP Unicast Rewrite

Understanding IPX Unicast Rewrite

Understanding IP Multicast Rewrite

Understanding CEF for PFC2

CEF for PFC2 Overview

Understanding Forwarding Decisions

Understanding the FIB

Understanding the Adjacency Table

Partially and Completely Switched Multicast Flows

CEF for PFC2 Examples

Understanding NetFlow Statistics

NetFlow Statistics Overview

NetFlow Table Entry Aging

Flow Masks

Default CEF for PFC2 Configuration

CEF for PFC2 Configuration Guidelines and Restrictions

Configuring CEF for PFC2

Displaying Layer 3-Switching Entries on the Supervisor Engine

Configuring CEF on the MSFC2

Configuring IP Multicast on the MSFC2

Enabling IP Multicast Routing Globally

Enabling IP PIM on an MSFC2 Interface

Configuring the IP MMLS Global Threshold

Enabling IP MMLS on MSFC Interfaces

Displaying IP Multicast Information

Displaying IP Multicast Information on the MSFC2

Displaying IP Multicast Information on the Supervisor Engine

Configuring NetFlow Statistics

Specifying the NetFlow Table Entry Aging-Time Value

Specifying NetFlow Table IP Entry Fast Aging Time and Packet Threshold Values

Setting the Minimum Statistics Flow Mask

Excluding IP Protocol Entries from the NetFlow Table

Displaying NetFlow Statistics

Clearing NetFlow IP and IPX Statistics

Clearing All NetFlow Statistics

Clearing NetFlow IP Statistics

Clearing NetFlow IPX Statistics

Clearing NetFlow Statistics Totals

Displaying NetFlow Statistics Debug Information

Configuring CEF for PFC2

This chapter describes how to configure Cisco Express Forwarding (CEF) for Policy Feature Card 2 (PFC2). CEF for PFC2 provides IP and Internetwork Packet Exchange (IPX) unicast Layer 3 switching and IP multicast Layer 3 switching for Supervisor Engine 2, PFC2, and Multilayer Switch Feature Card 2 (MSFC2).

Note For complete information on the syntax and usage information for the supervisor engine commands used in this chapter, refer to the Catalyst 6000 Family Command Reference publication.

This chapter consists of these sections:

•Understanding How Layer 3 Switching Works

•Default CEF for PFC2 Configuration

•CEF for PFC2 Configuration Guidelines and Restrictions

•Configuring CEF for PFC2

•Configuring NetFlow Statistics

Note Supervisor Engine 1 with the PFC1 and the MSFC or MSFC2 provide Layer 3 switching with Multilayer Switching (MLS). See "Configuring MLS," for more information.

Note To configure the MSFC2 to support MLS on a Catalyst 5000 family switch, refer to the Layer 3 Switching Software Configuration Guide at
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/layer3/index.htm.

Understanding How Layer 3 Switching Works

These sections describe Layer 3 switching with PFC2:

•Layer 3 Switching Overview

•Understanding Layer 3-Switched Packet Rewrite

•Understanding CEF for PFC2

•Understanding NetFlow Statistics

Layer 3 Switching Overview

Layer 3 switching allows the switch, instead of a router, to forward IP and IPX unicast traffic and IP multicast traffic between VLANs. Layer 3 switching is implemented in hardware and provides wire-speed interVLAN forwarding on the switch, rather than on the MSFC2. Layer 3 switching requires minimal support from the MSFC2. The MSFC2 routes any traffic that cannot be Layer 3 switched.

Note Layer 3 switching supports the routing protocols configured on the MSFC2. Layer 3 switching does not replace the routing protocols configured on the MSFC2. Layer 3 switching uses Protocol Independent Multicast (PIM) for multicast route determination.

Layer 3 switching on Catalyst 6000 family switches provides flow statistics that you can use to identify traffic characteristics for administration, planning, and troubleshooting. Layer 3 switching uses NetFlow Data Export (NDE) to export flow statistics (for more information about NDE, see "Configuring NDE").

Note Traffic is Layer 3 switched after being processed by the VLAN access control list (VACL) feature and the quality of service (QoS) feature.

Understanding Layer 3-Switched Packet Rewrite

When a packet is Layer 3 switched from a source in one VLAN to a destination in another VLAN, the switch performs a packet rewrite at the egress port based on information learned from the MSFC2 so that the packets appear to have been routed by the MSFC2.

Note Rather than just forwarding IP multicast packets, the PFC2 replicates them as necessary on the appropriate VLANs.

Packet rewrite alters five fields:

•Layer 2 (MAC) destination address

•Layer 2 (MAC) source address

•Layer 3 IP Time to Live (TTL) or IPX Transport Control

•Layer 3 checksum

•Layer 2 (MAC) checksum (also called the frame checksum or FCS)

Note Packets are rewritten with the encapsulation appropriate for the next-hop subnet.

If Source A and Destination B are on different VLANs and Source A sends a packet to the MSFC2 to be routed to Destination B, the switch recognizes that the packet was sent to the Layer 2 (MAC) address of the MSFC2.

To perform Layer 3 switching, the switch rewrites the Layer 2 frame header, changing the Layer 2 destination address to the Layer 2 address of Destination B and the Layer 2 source address to the Layer 2 address of the MSFC2. The Layer 3 addresses remain the same.

In IP unicast and IP multicast traffic, the switch decrements the Layer 3 TTL value by 1 and recomputes the Layer 3 packet checksum. In IPX traffic, the switch increments the Layer 3 Transport Control value by 1 and recomputes the Layer 3 packet checksum. The switch recomputes the Layer 2 frame checksum and forwards (or for multicast packets, replicates as necessary) the rewritten packet to Destination B's VLAN.

These sections describe how the packets are rewritten:

•Understanding IP Unicast Rewrite

•Understanding IPX Unicast Rewrite

•Understanding IP Multicast Rewrite

Understanding IP Unicast Rewrite

Received IP unicast packets are (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IP Header

Data

FCS

Destination

Source

Destination

Source

TTL

Checksum

MSFC2 MAC

Source A MAC

Destination B IP

Source A IP

n

calculation1

After the switch rewrites an IP unicast packet, it is (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IP Header

Data

FCS

Destination

Source

Destination

Source

TTL

Checksum

Destination B MAC

MSFC2 MAC

Destination B IP

Source A IP

n-1

calculation2

Understanding IPX Unicast Rewrite

Received IPX packets are (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IPX Header

Data

FCS

Destination

Source

Checksum/
IPX Length/
Transport Control

Destination Net/
Node/
Socket

Source Net/
Node/
Socket

MSFC2 MAC

Source A MAC

n

Destination B IPX

Source A IPX

After the switch rewrites an IPX packet, it is (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IPX Header

Data

FCS

Destination

Source

Checksum/
IPX Length/
Transport Control

Destination Net/
Node/
Socket

Source Net/
Node/
Socket

Destination B
MAC

MSFC2 MAC

n+1

Destination B IPX

Source A IPX

Understanding IP Multicast Rewrite

Received IP multicast packets are (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IP Header

Data

FCS

Destination

Source

Destination

Source

TTL

Checksum

Group G1 MAC¹

Source A MAC

Group G1 IP

Source A IP

n

calculation1

¹In this example, Destination B is a member of Group G1.

After the switch rewrites an IP multicast packet, it is (conceptually) formatted as follows:

Frame Header

IP Header

Data

FCS

Destination

Source

Destination

Source

TTL

Checksum

Group G1 MAC

MSFC2 MAC

Group G1 IP

Source A IP

n-1

calculation2

Understanding CEF for PFC2

These sections describe CEF for PFC2:

•CEF for PFC2 Overview

•Understanding Forwarding Decisions

•Understanding the FIB

•Understanding the Adjacency Table

•Partially and Completely Switched Multicast Flows

•CEF for PFC2 Examples

CEF for PFC2 Overview

Supervisor Engine 2, PFC2, and MSFC2 provide Layer 3 switching with CEF for PFC2. CEF for PFC2 is permanently enabled on Supervisor Engine 2. Cisco IOS CEF is permanently enabled on the MSFC2 in support of CEF for PFC2.

CEF for PFC2 works with CEF (for unicast traffic) and PIM (for multicast traffic) on the MSFC2 to support IP, IP multicast, and IPX traffic. CEF and PIM on the MSFC2 are enhanced to support CEF for PFC2. CEF for PFC2 generates flow statistics for Layer 3-switched traffic that can be displayed at the CLI or used for NDE.

CEF for PFC2 provides Layer 3 switching for all packets that match a complete forwarding information base (FIB) entry (see the "Understanding the FIB" section). CEF for PFC2 sends all packets that match an incomplete FIB entry (one where the MAC address has not been resolved) to the MSFC2 to be routed until the MSFC2 resolves the MAC address.

Note CEF for PFC2 sends bridge traffic that is addressed at Layer 2 to the MSFC2 to be processed.

Note Access control lists (ACLs) and policy-based routing can cause CEF for PFC2 to ignore the FIB when making a forwarding decision (see the "Understanding Forwarding Decisions" section).

Enter the show mls cef command to display a Layer 3 switching summary:
Console> (enable) show mls cef 
Total L3 packets switched:                     0
Total L3 octets switched:                      0
Total route entries:                          18
  IP route entries:                           15
  IPX route entries:                           3
  IPM route entries:                           0
IP load sharing entries:                       0
IPX load sharing entries:                      0
Forwarding entries:                            4
Bridge entries:                               12
Drop entries:                                  2
Understanding Forwarding Decisions

CEF for PFC2 provides Layer 3 switching based on:

•Entries in the ACL ternary content addressable memory (TCAM) for policy-based routing decisions

•Entries in the NetFlow table for TCP intercept and reflexive ACL forwarding decisions (see the "Understanding NetFlow Statistics" section)

•Entries in the FIB and adjacency table for all other forwarding decisions

Enter the show mls entry command to display information about the entries used to make forwarding decisions. CEF for PFC2 makes a forwarding decision for each packet and sends the rewrite information for each packet to the egress port, where the rewrite occurs when the packet is transmitted from the switch.

Understanding the FIB

The FIB resides in a separate TCAM. The adjacency table is stored separately in DRAM. The NetFlow table is stored separately in DRAM. The FIB, the adjacency table, and the NetFlow table do not compete with any other features for storage space.

The FIB is conceptually similar to a routing table. It maintains a mirror image of the forwarding information contained in the unicast and multicast routing tables on the MSFC2. When routing or topology changes occur in the network, the unicast and multicast routing tables on the MSFC2 are updated and those changes are reflected in the FIB. The FIB maintains next-hop address information based on the information in the routing tables on the MSFC2. The FIB supports 256K entries, which includes 16K IP multicast entries. With reverse path forwarding (RPF) check enabled, the number of IP entries doubles.

FIB lookup uses the following criteria:

•Destination IP address for IP unicast

•Destination IPX network for IPX unicast

•Source and destination IP address for IP unicast with RPF check

•Source and destination IP address for IP multicast with RPF check

Note Because the FIB mirrors the unicast and multicast routing tables on the MSFC2, any commands on the MSFC2 that change the unicast or multicast routing tables affect the FIB. Forwarding entries cannot be cleared from the Supervisor Engine 2 command-line interface (CLI).

In switches with redundant supervisor engines and MSFC2s, the designated MSFC2 supports the FIB on the active Supervisor Engine 2. The routing protocols on the nondesignated MSFC2 send information to the routing protocols on the designated MSFC2.

Enter the show mls entry cef command to display:

•Module number of the MSFC that is supporting the FIB

•FIB entry type (receive, connected, resolved, drop, wildcard, or default)

•Destination address (IP address or IPX network)

•Destination mask

•Next-hop address (IP address or IPX network)

•Next-hop mask

•Next-hop load-sharing weight

Understanding the Adjacency Table

For each FIB entry, CEF for PFC2 stores Layer 2 information from the designated MSFC2 for adjacent nodes in the adjacency table. Adjacent nodes are nodes that are directly connected at Layer 2. To forward traffic, CEF for PFC2 selects a route from a FIB entry, which points to an adjacency entry, and uses the Layer 2 header for the adjacent node in the adjacency table entry to rewrite the packet during Layer 3 switching. CEF for PFC2 supports 256K adjacency table entries.

Table 13-1 lists the adjacency types.

Table 13-1 Adjacency Types

Adjacency Type

Description

connect

Entry type that contains complete rewrite information

punt

Entry to send traffic to the MSFC2

no r/w

Entry to send traffic to the MSFC2 when rewrite information is incomplete

frc drp

Entry used to drop packets due to ARP throttling

drop, null, loopbk

Entries used to drop packets

Enter the show mls entry cef adjacency command to display:

•FIB information (see the "Understanding the FIB" section)

•Adjacency type (connect, drop, null, loopbk, frc drp, punt, no r/w)

•Next-hop MAC address

•Next-hop VLAN

•Next-hop encapsulation

•Number of packets transmitted to this adjacency from the associated FIB entry

•Number of bytes transmitted to this adjacency from the associated FIB entry

Partially and Completely Switched Multicast Flows

Some flows might be partially Layer 3 switched instead of completely Layer 3 switched in these situations:

•The MSFC is configured as a member of the IP multicast group (using the ip igmp join-group command) on the RPF interface of the multicast source.

•The MSFC is the first-hop router to the source in PIM sparse mode (in this case, the MSFC must send PIM-register messages to the rendezvous point).

•The multicast TTL threshold is configured on an egress interface for the flow.

•The multicast helper is configured on the RPF interface for the flow, and multicast to broadcast translation is required.

•Multicast tag switching is configured on an egress interface.

•Network address translation (NAT) is configured on an interface, and source address translation is required for the outgoing interface.

Note CEF for PFC2 provides Layer 3 switching when the extended access list deny condition on the RPF interface specifies something other than the Layer 3 source, Layer 3 destination, or IP protocol (an example is the Layer 4 port numbers).

For partially switched flows, all multicast traffic belonging to the flow reaches the MSFC and is software switched for any interface that is not Layer 3 switched.

Note All (*,G) flows are always partially Layer 3 switched.

The PFC prevents multicast traffic in flows that are completely Layer 3 switched from reaching the MSFC, reducing the load on the MSFC. The show ip mroute and show mls ip multicast commands identify completely Layer 3-switched flows with the text string RPF-MFD (Multicast Fast Drop [MFD] indicates that from the viewpoint of the MSFC, the multicast packet is dropped, because it is switched by the PFC).

For all completely Layer 3-switched flows, the PFC periodically sends multicast packet and byte count statistics to the MSFC, because the MSFC cannot record multicast statistics for completely switched flows, which it never sees. The MSFC uses the statistics to update the corresponding multicast routing table entries and reset the appropriate expiration timers.

CEF for PFC2 Examples

Figure 13-1 shows a simple IP CEF network topology. In this example, Host A is on the Sales VLAN (IP subnet 171.59.1.0), Host B is on the Marketing VLAN (IP subnet 171.59.3.0), and Host C is on the Engineering VLAN (IP subnet 171.59.2.0).

When Host A initiates an HTTP file transfer to Host C, the PFC2 uses the information in the FIB and adjacency table to forward packets from Host A to Host C.

Figure 13-1 IP CEF Example Topology

Figure 13-2 shows a simple IPX CEF network topology. In this example, Host A is on the Sales VLAN (IPX address 01.Aa), Host B is on the Marketing VLAN (IPX address 03.Bb), and Host C is on the Engineering VLAN (IPX address 02.Cc).

When Host A initiates a file transfer to Host C, the PFC2 uses the information in the FIB and adjacency table to forward packets from Host A to Host C.

Figure 13-2 IPX CEF Example Topology

Understanding NetFlow Statistics

These sections describe NetFlow statistics:

•NetFlow Statistics Overview

•NetFlow Table Entry Aging

•Flow Masks

NetFlow Statistics Overview

CEF for PFC2 generates flow statistics for Layer 3-switched traffic, which are stored in the NetFlow table. NetFlow statistics can be displayed with show commands and are also available to NetFlow Data Export (NDE).

Note A NetFlow table with more than 32K entries increases the probability that there will be insufficient room to store statistics. To reduce the number of entries in the NetFlow table, you can exclude specified IP protocols from the statistics (see the "Excluding IP Protocol Entries from the NetFlow Table" section).

NetFlow statistics supports unicast and multicast flows:

•A unicast flow can be any of the following:

–Destination only: all traffic to a particular destination

–Destination-source: all traffic from a particular source to a particular destination

–Full-flow: all traffic from a particular source to a particular destination that shares the same protocol and transport-layer information

•A multicast flow is all traffic with the same protocol and transport-layer information from a particular source to the members of a particular destination multicast group.

NetFlow Table Entry Aging

The state and identity of flows are maintained while packet traffic is active; when traffic for a flow ceases, the entry ages out. You can configure the aging time for NetFlow table entries kept in the NetFlow table. If an entry is not used for the specified period of time, the entry ages out and statistics for that flow can be exported to a flow collector application.

Flow Masks

Flow masks determine how NetFlow table entries are created. CEF for PFC2 supports only one flow mask (the most specific one) for all statistics. If CEF for PFC2 detects different flow masks from different MSFCs for which it is performing Layer 3 switching, it changes its flow mask to the most specific flow mask detected.

When the flow mask changes, the entire NetFlow table is purged. When CEF for PFC2 exports cached entries, flow records are created based on the current flow mask. Depending on the current flow mask, some fields in the flow record might not have values. Unsupported fields are filled with a zero (0).

The statistics flow masks are as follows:

•destination-ip—The least-specific flow mask for IP

•destination-ipx—The only flow mask for IPX

•source-destination-ip—For IP

•source-destination-vlan—For IP multicast

•full flow—The most-specific flow mask

Enter the show mls statistics entry command to display the contents of the NetFlow table and the current flow mask. Use the keyword options to display information for specific traffic (refer to the Catalyst 6000 Family Command Reference publication for more information).

Default CEF for PFC2 Configuration

Table 13-2 shows the default CEF for PFC2 configuration.

Table 13-2 Default CEF for PFC2 Configuration

Feature

Default Value

CEF for PFC2 enable state

Enabled (cannot be disabled)

CEF enable state on MSFC2

Enabled (cannot be disabled)

Multicast services (IGMP snooping or GMRP)

Disabled

Multicast routing on MSFC2

Disabled globally

PIM routing on MSFC2

Disabled on all interfaces

IP MMLS Threshold

Unconfigured—no default value

IP MMLS

Enabled when multicast routing is enabled and IP PIM is enabled on the interface

CEF for PFC2 Configuration Guidelines and Restrictions

Follow these guidelines and restrictions when configuring CEF for PFC2:

•PFC2 supports a maximum of 16 unique Hot Standby Router Protocol (HSRP) group numbers. You can use the same HSRP group numbers in different VLANs. If you configure more than 16 HSRP groups, this restriction prevents use of the VLAN number as the HSRP group number.

Note Identically numbered HSRP groups use the same virtual MAC address, which might cause errors if you configure bridging on the MSFC.

•Because of the restriction to 16 unique HSRP group numbers, CEF for PFC2 cannot support the standby use-bia HSRP command.

•CEF for PFC2 supports the following ingress and egress encapsulations:

–For IP unicast:
Ethernet V2.0 (ARPA)
802.3 with 802.2 with 1 byte control (SAP1)
802.3 with 802.2 and SNAP

–For IPX:
Ethernet V2.0 (ARPA)
802.3 (raw)
802.2 with 1 byte control (SAP1)
SNAP

Note When the ingress encapsulation for IPX traffic is SAP1, CEF for PFC2 provides Layer 3 switching only when the egress encapsulation is also SAP1. The MSFC2 routes IPX SAP1 traffic that requires an encapsulation change.

–For IP multicast—Ethernet V2.0 (ARPA)

CEF for PFC2 does not provide Layer 3 switching for an IP multicast flow in the following cases:

•For IP multicast groups that fall into the range 224.0.0.* (where * is in the range 0-255), which is used by routing protocols. CEF for PFC2 supports 225.0.0.* through 239.0.0.* and 224.128.0.* through 239.128.0.*.

Note Groups in the 224.0.0.* range are reserved for routing control packets and must be flooded to all forwarding ports of the VLAN. These addresses map to the multicast MAC address range 01-00-5E-00-00-xx, where xx is in the range 0-0xFF.

•For PIM auto-RP multicast groups (IP multicast group addresses 224.0.1.39 and 224.0.1.40).

Note In systems with redundant MSFC2s, the PIM interface configuration must be the same on both the active and the redundant MSFC2.

•If the shortest-path tree (SPT) bit for the flow is cleared when running PIM sparse mode for the interface or group.

•For fragmented IP packets and packets with IP options. However, packets in the flow that are not fragmented or that do not specify IP options are multilayer switched.

•For source traffic received on tunnel interfaces (such as MBONE traffic).

•For any RPF interface with multicast tag switching enabled.

Configuring CEF for PFC2

These sections describe how to configure CEF for PFC2:

•Displaying Layer 3-Switching Entries on the Supervisor Engine

•Configuring CEF on the MSFC2

•Configuring IP Multicast on the MSFC2

•Displaying IP Multicast Information

Note For information on configuring routing on the MSFC2, see "Configuring InterVLAN Routing."

Displaying Layer 3-Switching Entries on the Supervisor Engine

CEF for PFC2 is permanently enabled on Supervisor Engine 2 with the PFC2 and the MSFC2. No configuration is required.

To display all the Layer 3-switching entries on the supervisor engine, perform this task:

Task

Command

Display Layer 3-switching information.

show mls entry [cef] | [netflow-route]

This example shows how to display the Layer 3-switching entries:
Console> (enable) show mls entry 
Mod FIB-Type  Destination-IP  Destination-Mask NextHop-IP      Weight
--- --------- --------------- ---------------- --------------- ------
 15 receive   0.0.0.0         255.255.255.255
 15 receive   255.255.255.255 255.255.255.255
 15 receive   127.0.0.12      255.255.255.255
 16 receive   127.0.0.0       255.255.255.255
 16 receive   127.255.255.255 255.255.255.255
 15 resolved  127.0.0.11      255.255.255.255  127.0.0.11           1
 15 receive   21.2.0.4        255.255.255.255
 16 receive   21.0.0.0        255.255.255.255
 16 receive   21.255.255.255  255.255.255.255
 15 receive   44.0.0.1        255.255.255.255
 16 receive   44.0.0.0        255.255.255.255
 16 receive   44.255.255.255  255.255.255.255
 15 receive   42.0.0.1        255.255.255.255
 16 receive   42.0.0.0        255.255.255.255
 16 receive   42.255.255.255  255.255.255.255
 15 receive   43.0.0.99       255.255.255.255
 15 receive   43.0.0.0        255.255.255.255
 15 receive   43.255.255.255  255.255.255.255
 15 receive   192.20.20.20    255.255.255.255
 16 receive   21.2.0.5        255.255.255.255
 16 receive   42.0.0.20       255.255.255.255
 15 connected 43.0.0.0        255.0.0.0
 15 drop      224.0.0.0       240.0.0.0
 15 wildcard  0.0.0.0         0.0.0.0
Mod FIB-Type  Dest-IPX-net NextHop-IPX               Weight
--- --------- ------------ ------------------------- ------
 15 connected 21
 15 connected 44
 15 connected 42
 15 resolved  450          42.0050.3EA9.ABFD              1
 15 resolved  480          42.0050.3EA9.ABFD              1
 15 wildcard  0
Destination-IP  Source-IP       Prot  DstPrt SrcPrt Destination-Mac   Vlan EDst Stat-Pkts  
Stat-Bytes  Uptime   Age      TcpDltSeq TcpDltAck
--------------- --------------- ----- ------ ------ ----------------- ---- ---- ---------- 
----------- -------- -------- --------- ---------
0.0.0.5         0.0.0.5         5     204    104    cc-cc-cc-cc-cc-cc 5    ARPA 0          
0           01:03:18 01:00:51 cccccccc  cccccccc
0.0.0.2         0.0.0.2         2     201    101    cc-cc-cc-cc-cc-cc 2    ARPA 0          
0           01:03:21 01:00:51 cccccccc  cccccccc
0.0.0.4         0.0.0.4         4     203    X      cc-cc-cc-cc-cc-cc 4    ARPA 0          
0           01:03:19 01:00:51 cccccccc  cccccccc
0.0.0.1         0.0.0.1         ICMP  200    100    cc-cc-cc-cc-cc-cc 1    ARPA 0          
0           01:03:25 01:00:52 cccccccc  cccccccc
0.0.0.3         0.0.0.3         3     202    102    cc-cc-cc-cc-cc-cc 3    ARPA 0          
0           01:03:20 01:00:52 cccccccc  cccccccc
0.0.0.6         0.0.0.6         TCP   205    105    cc-cc-cc-cc-cc-cc 6    ARPA 0          
0           01:03:18 01:00:52 cccccccc  cccccccc
Console> (enable)
Enter the show mls entry cef command to display only the FIB entries. Enter the show mls entry netflow-route command to display only the entries from the TCP intercept feature and reflexive access control lists (ACLs).

Configuring CEF on the MSFC2

CEF is permanently enabled on the MSFC2. No configuration is required to support CEF for PFC2.

Note The ip load-sharing per-packet, ip cef accounting per-prefix, and ip cef accounting non-recursive IOS CEF commands on the MSFC2 apply only to traffic that is CEF-switched on the MSFC. The commands do not affect traffic that is switched by CEF for PFC2 on the supervisor engine.

Configuring IP Multicast on the MSFC2

These sections describe how to configure the MSFC2 for IP multicast:

•Enabling IP Multicast Routing Globally

•Enabling IP PIM on an MSFC2 Interface

•Configuring the IP MMLS Global Threshold

•Enabling IP MMLS on MSFC Interfaces

Note This section describes how to enable IP multicast routing on the MSFC2. For more detailed IP multicast configuration information, refer to the "IP Multicast" section of the Cisco IOS IP and IP Routing Configuration Guide at
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ip_c/ipcprt3/index.htm

Enabling IP Multicast Routing Globally

You must enable IP multicast routing globally on the MSFC2 before you can enable PIM on MSFC interfaces.

To enable IP multicast routing globally on the MSFC2, perform this task in global configuration mode:

Task

Command

Enable IP multicast routing globally.

Router(config)# ip multicast-routing

This example shows how to enable IP multicast routing globally:
Router(config)# ip multicast-routing
Router(config)# 
Enabling IP PIM on an MSFC2 Interface

You must enable PIM on MSFC2 interfaces before IP multicast will function on those interfaces.

To enable IP PIM on an MSFC2 interface, perform this task in interface configuration mode:

Task

Command

Enable IP PIM on an MSFC2 interface.

Router(config-if)# ip pim {dense-mode | sparse-mode | sparse-dense-mode}

This example shows how to enable PIM on an MSFC2 interface using the default mode (sparse-dense-mode):
Router(config-if)# ip pim
Router(config-if)# 
This example shows how to enable PIM sparse mode on an MSFC2 interface:
Router(config-if)# ip pim sparse-mode
Router(config-if)# 
Configuring the IP MMLS Global Threshold

You can configure a global multicast rate threshold, specified in packets per second, below which all multicast traffic is routed by the MSFC. This prevents creation of MLS entries for short-lived multicast flows, such as join requests.

Note This command does not affect flows that are already being routed. To apply the threshold to existing routes, clear the route and let it reestablish.

To configure the IP MMLS threshold, perform this task:

Task

Command

Configure the IP MMLS threshold.

Router(config)# [no] mls ip multicast threshold ppsec

This example shows how to configure the IP MMLS threshold to 10 packets per second:
Router(config)# mls ip multicast threshold 10 
Router(config)# 
Use the no keyword to deconfigure the threshold.

Enabling IP MMLS on MSFC Interfaces

IP MMLS is enabled by default on the MSFC interface when you enable IP PIM on the interface. Perform this task only if you disabled IP MMLS on the interface and you want to reenable it.

Note You must enable IP PIM on all participating MSFC interfaces before IP MMLS will function. For information on configuring IP PIM on MSFC interfaces, see the "Enabling IP PIM on an MSFC2 Interface" section.

To enable IP MMLS on an MSFC interface, perform this task:

Task

Command

Enable IP MMLS on an MSFC interface.

Router(config-if)# [no] mls ip multicast

This example shows how to enable IP MMLS on an MSFC interface:
Router(config-if)# mls ip multicast
Router(config-if)# 
Use the no keyword to disable IP MMLS on an MSFC interface.

Displaying IP Multicast Information

These sections describe how to display IP multicast information:

•Displaying IP Multicast Information on the MSFC2

•Displaying IP Multicast Information on the Supervisor Engine

Displaying IP Multicast Information on the MSFC2

These sections describe displaying IP multicast information on the MSFC2:

•Displaying IP MMLS Interface Information

•Displaying the IP Multicast Routing Table

•Displaying IP Multicast Details

•Using Debug Commands

•Using Debug Commands on the SCP

Displaying IP MMLS Interface Information

The show ip pim interface count command displays the IP MMLS enable state on MSFC IP PIM interfaces and the number of packets received and sent on the interface.

The show ip interface command displays the IP MMLS enable state on an MSFC interface.

To display IP MMLS information for an IP PIM MSFC interface, perform one of these tasks:

Task

Command

Display IP MMLS interface information.

Router# show ip pim interface [type number] count

Display the IP MMLS interface enable state.

Router# show ip interface

Displaying the IP Multicast Routing Table

The show ip mroute command displays the IP multicast routing table on the MSFC2.

To display the IP multicast routing table, perform this task:

Task

Command

Display the IP multicast routing table.

Router# show ip mroute [group[source]] | [summary] | [count] | [active kbps]

This example shows how to display the IP multicast routing table:
Router# show ip mroute 239.252.1.1 
IP Multicast Routing Table
Flags:D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned
       R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT
       M - MSDP created entry, X - Proxy Join Timer Running
       A - Advertised via MSDP
Outgoing interface flags:H - Hardware switched
Timers:Uptime/Expires
Interface state:Interface, Next-Hop or VCD, State/Mode
(*, 239.252.1.1), 04:04:59/00:02:59, RP 80.0.0.2, flags:SJ
  Incoming interface:Vlan800, RPF nbr 80.0.0.2
  Outgoing interface list:
    Vlan10, Forward/Dense, 01:29:57/00:00:00, H
(22.0.0.10, 239.252.1.1), 00:00:19/00:02:41, flags:JT
  Incoming interface:Vlan800, RPF nbr 80.0.0.2, RPF-MFD
  Outgoing interface list:
    Vlan10, Forward/Dense, 00:00:19/00:00:00, H
Displaying IP Multicast Details

The show mls ip multicast command displays detailed information about IP MMLS.

To display detailed MMLS information on the MSFC, perform one of these tasks:

Task

Command

Display IP MMLS group information.

Router# show mls ip multicast group group-address [interface type number | statistics]

Display IP MMLS details for all interfaces.

Router# show mls ip multicast interface type number [statistics | summary]

Display a summary of IP MMLS information.

Router# show mls ip multicast summary

Display IP MMLS statistics.

Router# show mls ip multicast statistics

Display IP MMLS source information.

Router# show mls ip multicast source ip-address [interface type number | statistics]

This example shows how to display IP MMLS statistics on the MSFC:
Router# show mls ip multicast statistics 
MLS Multicast configuration and state:
    Router Mac:0050.0f2d.9bfd, Router IP:1.12.123.234
    MLS multicast operating  state:ACTIVE
    Maximum number of allowed outstanding messages:1
    Maximum size reached from feQ:1
    Feature Notification sent:5 
    Feature Notification Ack received:4 
    Unsolicited Feature Notification received:0 
    MSM sent:33 
    MSM ACK received:33 
    Delete notifications received:1 
    Flow Statistics messages received:248 
MLS Multicast statistics:
    Flow install Ack:9 
    Flow install Nack:0 
    Flow update Ack:2 
    Flow update Nack:0 
    Flow delete Ack:0 
    Complete flow install Ack:10 
    Complete flow install Nack:0 
    Complete flow delete Ack:1 
    Input VLAN delete Ack:4 
    Output VLAN delete Ack:0 
    Group delete sent:0 
    Group delete Ack:0 
    Global delete sent:7 
    Global delete Ack:7 
    L2 entry not found error:0 
    Generic error :3 
    LTL entry not found error:0 
    MET entry not found error:0 
    L3 entry exists error :0 
    Hash collision error :0 
    L3 entry not found error:0 
    Complete flow exists error :0 
This example shows how to display information on a specific IP MMLS entry on the MSFC:
Router# show mls ip multicast 224.1.1.1
Multicast hardware switched flows:
(1.1.13.1, 224.1.1.1) Incoming interface: Vlan13, Packets switched: 61590
Hardware switched outgoing interfaces: Vlan20 Vlan9 
RFD-MFD installed: Vlan13 
(1.1.9.3, 224.1.1.1) Incoming interface: Vlan9, Packets switched: 0
Hardware switched outgoing interfaces: Vlan20 
RFD-MFD installed: Vlan9 
(1.1.12.1, 224.1.1.1) Incoming interface: Vlan12, Packets switched: 62010
Hardware switched outgoing interfaces: Vlan20 Vlan9 
RFD-MFD installed: Vlan12 
(1.1.12.3, 224.1.1.1) Incoming interface: Vlan12, Packets switched: 61980
Hardware switched outgoing interfaces: Vlan20 Vlan9 
RFD-MFD installed: Vlan12 
(1.1.11.1, 224.1.1.1) Incoming interface: Vlan11, Packets switched: 62430
Hardware switched outgoing interfaces: Vlan20 Vlan9 
RFD-MFD installed: Vlan11 
(1.1.11.3, 224.1.1.1) Incoming interface: Vlan11, Packets switched: 62430
Hardware switched outgoing interfaces: Vlan20 Vlan9 
RFD-MFD installed: Vlan11 
Total hardware switched installed: 6
Router# 
This example shows how to display a summary of IP MMLS information on the MSFC:
Router# show mls ip multicast summary
7 MMLS entries using 560 bytes of memory
Number of partial hardware-switched flows:2
Number of complete hardware-switched flows:5
Router# 
Using Debug Commands

Table 13-3 describes IP MMLS-related debug troubleshooting commands.

Table 13-3 IP MMLS Debug Commands

Command

Description

[no] debug mls ip multicast group group_id group_mask

Configures filtering that applies to all other multicast debugging commands.

[no] debug mls ip multicast events

Displays IP MMLS events.

[no] debug mls ip multicast errors

Turns on debug messages for multicast MLS-related errors.

[no] debug mls ip multicast messages

Displays IP MMLS messages from/to the hardware switching engine.

[no] debug mls ip multicast all

Turns on all IP MMLS messages.

[no] debug mdss error

Turns on MDSS¹ error messages.

[no] debug mdss events

Turns on MDSS-related events.

[no] debug mdss all

Turns on all MDSS messages.

¹MDSS = Multicast Distributed Switching Services

Using Debug Commands on the SCP

Table 13-4 describes the Serial Control Protocol (SCP)-related debug commands to troubleshoot the SCP that runs over the Ethernet out-of-band channel (EOBC).

Table 13-4 SCP Debug Commands

Command

Description

[no] debug scp async

Displays trace for asynchronous data in and out of the SCP system.

[no] debug scp data

Shows packet data trace.

[no] debug scp errors

Displays errors and warnings in the SCP.

[no] debug scp packets

Displays packet data in and out of the SCP system.

[no] debug scp timeouts

Reports timeouts.

[no] debug scp all

Turns on all SCP debugging messages.

Displaying IP Multicast Information on the Supervisor Engine

These sections describe how to display IP multicast information:

•Displaying IP Multicast Statistics

•Clearing IP Multicast Statistics

•Displaying IP Multicast Entries

Displaying IP Multicast Statistics

The show mls multicast statistics command displays IP multicast statistics.

To display IP multicast statistics, perform this task:

Task

Command

Display IP multicast statistics.

show mls multicast statistics [ip_addr]

This example shows how to display IP multicast statistics for the MSFC2:
Console (enable) show mls multicast statistics 
Router IP          Router Name        Router MAC
-------------------------------------------------------
1.1.9.254          ?                  00-50-0f-06-3c-a0
Transmit:
  Delete Notifications:                     23
  Acknowledgements:                         92
  Flow Statistics:                          56
Receive:
  Open Connection Requests:                 1
  Keep Alive Messages:                      72
  Shortcut Messages:                        19
    Shortcut Install TLV:                   8
    Selective Delete TLV:                   4
    Group Delete TLV:                       0
    Update TLV:                             3
    Input VLAN Delete TLV:                  0
    Output VLAN Delete TLV:                 0
    Global Delete TLV:                      0
    MFD Install TLV:                        7
    MFD Delete TLV:                         0
Router IP          Router Name        Router MAC
-------------------------------------------------------
1.1.5.252          ?                  00-10-29-8d-88-01
Transmit:
  Delete Notifications:                     22
  Acknowledgements:                         75
  Flow Statistics:                          22
Receive:
  Open Connection Requests:                 1
  Keep Alive Messages:                      68
  Shortcut Messages:                        6
    Shortcut Install TLV:                   4
    Selective Delete TLV:                   2
    Group Delete TLV:                       0
    Update TLV:                             0
    Input VLAN Delete TLV:                  0
    Output VLAN Delete TLV:                 0
    Global Delete TLV:                      0
    MFD Install TLV:                        4
    MFD Delete TLV:                         0
Console (enable) 
Clearing IP Multicast Statistics

The clear mls multicast statistics command clears IP multicast statistics.

To clear IP multicast statistics, perform this task in privileged mode:

Task

Command

Clear IP multicast statistics.

clear mls multicast statistics

This example shows how to clear IP multicast statistics:
Console> (enable) clear mls multicast statistics 
All statistics for the MLS routers in include list are cleared.
Console> (enable)
Displaying IP Multicast Entries

The show mls multicast entry command displays a variety of information about the multicast flows being handled by the PFC. You can display entries based on any combination of the participating MSFC2, the VLAN, the multicast group address, or the multicast traffic source.

To display information about IP multicast entries, perform this task in privileged mode:

Task

Command

Display information about IP multicast entries.

show mls multicast entry [[[mod] [vlan vlan_id] [group ip_addr] [source ip_addr]] | [all]]

This example shows how to display all IP multicast entries:
Console> (enable) show mls multicast entry all
Router IP       Dest IP         Source IP       Pkts       Bytes       InVlan  OutVlans
--------------- --------------- --------------- ---------- ----------- ------- --------
1.1.5.252       224.1.1.1       1.1.11.1        15870      2761380     20     
1.1.9.254       224.1.1.1       1.1.12.3        473220     82340280    12     
1.1.5.252       224.1.1.1       1.1.12.3        15759      2742066     20     
1.1.9.254       224.1.1.1       1.1.11.1        473670     82418580    11     
1.1.5.252       224.1.1.1       1.1.11.3        15810      2750940     20     
1.1.9.254       224.1.1.1       1.1.12.1        473220     82340280    12     
1.1.5.252       224.1.1.1       1.1.13.1        15840      2756160     20     
1.1.9.254       224.1.1.1       1.1.13.1        472770     82261980    13     
1.1.5.252       224.1.1.1       1.1.12.1        15840      2756160     20     
1.1.9.254       224.1.1.1       1.1.11.3        473667     82418058    11     
Total Entries: 10
Console> (enable)
This example shows how to display IP multicast entries for a specific MSFC2:
Console> (enable) show mls multicast entry 15
Router IP       Dest IP         Source IP       Pkts       Bytes       InVlan  OutVlans
--------------- --------------- --------------- ---------- ----------- ------- --------
1.1.5.252       224.1.1.1       1.1.11.1        15870      2761380     20     
1.1.5.252       224.1.1.1       1.1.12.3        15759      2742066     20     
1.1.5.252       224.1.1.1       1.1.11.3        15810      2750940     20     
1.1.5.252       224.1.1.1       1.1.13.1        15840      2756160     20     
1.1.5.252       224.1.1.1       1.1.12.1        15840      2756160     20     
Total Entries: 5
Console> (enable)
This example shows how to display IP multicast entries for a specific multicast group address:
Console> (enable) show mls multicast entry group 226.0.1.3 short
Router IP      Dest IP     Source IP    InVlan Pkts   Bytes     OutVlans
-------------- ----------- ------------ ------ ------ --------- ---------
171.69.2.1     226.0.1.3   172.2.3.8    20     171    23512     10,201,22,45 
171.69.2.1     226.0.1.3   172.3.4.9    12     25     3120      8,20 
Total Entries: 2
Console> (enable)
This example shows how to display IP multicast entries for a specific MSFC2 and a specific multicast source address:
Console> (enable) show mls multicast entry 15 source 1.1.11.1 short
Router IP       Dest IP         Source IP       Pkts       Bytes      
 InVlan  OutVlans
--------------- --------------- --------------- ---------- -------------------- 
  ------ ----------
172.20.49.159   224.1.1.6       1.1.40.4        368        57776                
  40     23,25
172.20.49.159   224.1.1.71      1.1.22.2        99         65142                
  22     30,37
172.20.49.159   224.1.1.8       1.1.22.2        396        235620               
  22     13,19
Console> (enable)
Configuring NetFlow Statistics

These sections describe how to configure NetFlow statistics:

•Specifying the NetFlow Table Entry Aging-Time Value

•Specifying NetFlow Table IP Entry Fast Aging Time and Packet Threshold Values

•Setting the Minimum Statistics Flow Mask

•Excluding IP Protocol Entries from the NetFlow Table

•Displaying NetFlow Statistics

•Clearing NetFlow IP and IPX Statistics

•Displaying NetFlow Statistics Debug Information

Specifying the NetFlow Table Entry Aging-Time Value

The entry aging time for each protocol (IP and IPX) applies to all protocol-specific NetFlow table entries. Any entry that has not been used for agingtime seconds is aged out. The default is 256 seconds.

You can specify the aging time in the range of 8 to 2032 seconds in 8-second increments. Any aging-time value that is not a multiple of 8 seconds is adjusted to the closest multiple of 8 seconds. For example, a value of 65 is adjusted to 64 and a value of 127 is adjusted to 128.

To specify the entry aging time for both IP and IPX, perform this task in privileged mode:

Task

Command

Specify the aging time for NetFlow table entries.

set mls agingtime [agingtime]

This example shows how to specify the entry aging time:
Console> (enable) set mls agingtime 512
Multilayer switching agingtime IP and IPX set to 512
Console> (enable) 
To specify the IP entry aging time, perform this task in privileged mode:

Task

Command

Specify the IP entry aging time for the NetFlow table.

set mls agingtime ip [agingtime]

This example shows how to specify the IP entry aging time:
Console> (enable) set mls agingtime ip 512
Multilayer switching aging time IP set to 512
Console> (enable) 
To specify the IPX entry aging time, perform this task in privileged mode:

Task

Command

Specify the IPX entry aging time for the NetFlow table.

set mls agingtime ipx [agingtime]

This example shows how to specify the IPX entry aging time:
Console> (enable) set mls agingtime ipx 512
Multilayer switching aging time IPX set to 512
Console> (enable)
Specifying NetFlow Table IP Entry Fast Aging Time and Packet Threshold Values

Note IPX entries do not use fast aging.

To minimize the size of the NetFlow table, enable IP entry fast aging time. The IP entry fast aging time applies to NetFlow table entries that have no more than pkt_threshold packets routed within fastagingtime seconds after they are created. A typical NetFlow table entry that is removed is the entry for flows to and from a Domain Name Server (DNS) or TFTP server; the entry might never be used again after it is created. Detecting and aging out these entries saves space in the NetFlow table for other data traffic.

The default fastagingtime value is 0 (no fast aging). You can configure the fastagingtime value to 32, 64, 96, or 128 seconds. Any fastagingtime value that is not configured exactly as the indicated values is adjusted to the closest one. You can configure the pkt_threshold value to 0, 1, 3, 7, 15, 31, or 63 packets.

If you need to enable IP entry fast aging time, initially set the value to 128 seconds. If the NetFlow table remains full, decrease the setting. If the NetFlow table continues to remain full, decrease the normal IP entry aging time.

Typical values for fastagingtime and pkt_threshold are 32 seconds and 0 packets (no packets switched within 32 seconds after the entry is created).

To specify the IP entry fast aging time and packet threshold, perform this task in privileged mode:

Task

Command

Specify the IP entry fast aging time and packet threshold for a NetFlow table entry.

set mls agingtime fast [fastagingtime] [pkt_threshold]

This example shows how to set the IP entry fast aging time to 32 seconds with a packet threshold of 0 packets:
Console> (enable) set mls agingtime fast 32 0
Multilayer switching fast aging time set to 32 seconds for entries with no more than 0 
packets switched.
Console> (enable)
Setting the Minimum Statistics Flow Mask

You can set the minimum granularity of the flow mask for the NetFlow table. The actual flow mask used will be at least of the granularity specified by this command. For information on how the different flow masks work, see the "Flow Masks" section.

Note Entering a set mls flow command purges all existing entries in the NetFlow table.

To set the minimum NetFlow statistics flow mask, perform this task in privileged mode:

Task

Command

Set the minimum statistics flow mask.

set mls flow {destination | destination-source | full}

This example shows how to set the minimum statistics flow mask to destination-source-ip:
Console> (enable) set mls flow destination-source
Configured IP flow mask is set to destination-source flow.
Console> (enable)
Excluding IP Protocol Entries from the NetFlow Table

You can configure the NetFlow table to exclude specified IP protocols.

To exclude IP protocols from the NetFlow table, perform this task in privileged mode:

Task

Command

Exclude IP protocols from the NetFlow table.

set mls exclude protocol {tcp | upd | both} port

The port parameter can be a port number or a keyword: dns, ftp, smtp, telnet, x (X-Windows), or www.

This example shows how to exclude Telnet traffic from the NetFlow table:
Console> (enable) set mls exclude protocol tcp telnet 
NetFlow table will not create entries for TCP packets with protocol port 23.
Note: MLS exclusion only works in full flow mode.
Console> (enable)
Displaying NetFlow Statistics

Note To display the forwarding decision entries, enter the show mls entry cef command (see the "Displaying Layer 3-Switching Entries on the Supervisor Engine" section.)

To display a summary of NetFlow table entries and statistics, perform this task in privileged mode:

Task

Command

Display all NetFlow table entries and statistics.

show mls

This example shows how to display all NetFlow table entries:
Console> (enable) show mls
show mls
=======
Total packets switched = 2
Total bytes switched = 112
Total routes = 48
IP statistics flows aging time = 256 seconds
IP statistics flows fast aging time = 0 seconds, packet threshold = 0
IP Current flow mask is Full flow
Netflow Data Export version:7
Netflow Data Export disabled
Netflow Data Export port/host is not configured.
Total packets exported = 0
IPX statistics flows aging time = 256 seconds
IPX flow mask is Destination flow
IPX max hop is 15
Module 15:Physical MAC-Address 00-50-3e-a9-ab-fc
Vlan Virtual MAC-Address(es)
---- -----------------------
  42 00-00-0c-07-ac-00
Console>
The show mls statistics entry command can display all statistics or statistics for specific NetFlow table entries. Specify the destination address, source address, and for IP, the protocol, and source and destination ports to see the statistics for a specific NetFlow table entry.

A value of zero (0) for src_port or dst_port is treated as a wildcard, and all NetFlow statistics are displayed (unspecified options are treated as wildcards). If the protocol specified is not TCP or UDP, set the src_port and dst_prt to 0 or no NetFlow statistics will display.

To display statistics for NetFlow table entries, perform this task in privileged mode:

Task

Command

Display statistics for NetFlow table entries. If you do not specify a NetFlow table entry, all NetFlow statistics are shown.

show mls statistics entry [ip | ipx | uptime] [destination ip_addr_spec] [source ip_addr_spec] [flow protocol src_port dst_port]

This example shows how to display NetFlow statistics for a particular NetFlow table entry:
Console> show mls statistics entry ip destination 172.20.22.14
                                  Last    Used
Destination IP  Source IP       Prot DstPrt SrcPrt Stat-Pkts Stat-Bytes
--------------- --------------- ---- ------ ------ --------- -----------
MSFC 127.0.0.12:
172.20.22.14    172.20.25.10    6    50648  80     3152       347854
Console>
Clearing NetFlow IP and IPX Statistics

These sections describe clearing NetFlow statistics:

•Clearing All NetFlow Statistics

•Clearing NetFlow IP Statistics

•Clearing NetFlow IPX Statistics

•Clearing NetFlow Statistics Totals

Note The clear mls commands affect only statistics. None of the clear mls commands affect forwarding entries or the NetFlow table entries that correspond to the forwarding entries.

Clearing All NetFlow Statistics

To clear all NetFlow IP and IPX statistics, perform this task in privileged mode:

Task

Command

Clear all NetFlow statistics.

clear mls statistics entry all

This example shows how to clear all NetFlow statistics:
Console> (enable) clear mls statistics entry all
All MLS IP and IPX entries cleared.
Console> (enable)
Clearing NetFlow IP Statistics

The clear mls statistics entry ip command clears NetFlow IP statistics. Use the all keyword to clear all NetFlow IP statistics. The destination and source keywords specify the source and destination IP addresses. The destination and source ip_addr_spec can be a full IP address or a subnet address in the format ip_subnet_addr, ip_addr/subnet_mask, or ip_addr/subnet_mask_bits.

The flow keyword specifies the following additional flow information:

•Protocol family (protocol)—Specify tcp, udp, icmp, or a decimal number for other protocol families. A value of zero (0) for protocol is treated as a wildcard (unspecified options are treated as wildcards).

•TCP or UDP source and destination port numbers (src_port and dst_port)—If the protocol you specify is TCP or UDP, specify the source and destination TCP or UDP port numbers. A value of zero (0) for src_port or dst_port is treated as a wildcard (unspecified options are treated as wildcards). For other protocols, set the src_port and dst_port to 0, or no entries will clear.

To clear statistics for a NetFlow table IP entry, perform this task in privileged mode:

Task

Command

Clear statistics for a NetFlow table IP entry.

clear mls statistics entry ip [destination ip_addr_spec] [source ip_addr_spec] [flow protocol src_port dst_port] [all]

This example shows how to clear statistics for NetFlow table entries with destination IP address 172.20.26.22:
Console> (enable) clear mls statistics entry ip destination 172.20.26.22
MLS IP entry cleared
Console> (enable)
This example shows how to clear statistics for NetFlow table entries with destination IP address 172.20.22.113, TCP source port 1652, and TCP destination port 23:
Console> (enable) clear mls statistics entry destination 172.20.26.22 source 172.20.22.113 
flow tcp 1652 23
MLS IP entry cleared
Console> (enable)
Clearing NetFlow IPX Statistics

The clear mls statistics entry ipx command clears NetFlow IPX statistics. Use the all keyword to clear all NetFlow IPX statistics. The destination and source keywords specify the source and destination IPX addresses.

To clear statistics for a NetFlow table IPX entry, perform this task in privileged mode:

Task

Command

Clear statistics for a NetFlow table IPX entry.

clear mls statistics entry ipx [destination ipx_addr_spec] [source ipx_addr_spec] [all]

This example shows how to clear statistics for IPX MLS entries with destination IPX address 1.0002.00e0.fefc.6000:
Console> (enable) clear mls statistics entry ipx destination 1.0002.00e0.fefc.6000
MLS IPX entry cleared.
Console> (enable)
Clearing NetFlow Statistics Totals

The clear mls statistics command clears the following NetFlow statistics:

•Total packets switched (IP and IPX)

•Total packets exported (for NDE)

To clear NetFlow statistic totals, perform this task in privileged mode:

Task

Command

Clear NetFlow statistics totals.

clear mls statistics

This example shows how to clear NetFlow statistics totals:
Console> (enable) clear mls statistics
All mls statistics cleared.
Console> (enable)
Displaying NetFlow Statistics Debug Information

The show mls debug command displays NetFlow statistics debug information that you can send to your technical support representative for analysis if necessary.

To display NetFlow statistics debug information, perform this task:

Task

Command

Display NetFlow statistics debug information that you can send to your technical support representative.

show mls debug

Note The show tech-support command displays supervisor engine system information. Use application-specific commands to get more information about particular applications.