Catalyst 6500 Series Software Configuration Guide, 8.7 - Configuring MLS [Cisco Catalyst 6500 Series Switches]

Table Of Contents

Configuring MLS

Understanding How Layer 3 Switching Works

Understanding Layer 3-Switched Packet Rewrite

Understanding IP Unicast Rewrite

Understanding IPX Unicast Rewrite

Understanding IP Multicast Rewrite

Understanding MLS

Understanding MLS Flows

Understanding the MLS Cache

Understanding Flow Masks

Partially and Completely Switched Multicast Flows

MLS Examples

Default MLS Configuration

Configuration Guidelines and Restrictions

IP MLS

Maximum Transmission Unit Size

Restrictions on Using IP Routing Commands with IP MLS Enabled

IP MMLS

IP MMLS Supervisor Engine Guidelines and Restrictions

IP MMLS MSFC Configuration Restrictions

Unsupported IP MMLS Features

IPX MLS

IPX MLS Interaction with Other Features

IPX MLS and Maximum Transmission Unit Size

Configuring MLS

Configuring Unicast MLS on the MSFC

Disabling and Enabling Unicast MLS on an MSFC Interface

Displaying MLS Information on the MSFC

Using Debug Commands on the MSFC

Using Debug Commands on the SCP

Configuring MLS on Supervisor Engine 1

Specifying the MLS Aging-Time Value

Specifying IP MLS Long-Duration Aging Time, Fast Aging Time, and Packet Threshold Values

Setting the Minimum IP MLS Flow Mask

Displaying CAM Entries on the Supervisor Engine

Displaying MLS Information

Displaying IP MLS Cache Entries

Clearing MLS Cache Entries

Clearing IPX MLS Cache Entries

Displaying IP MLS Statistics

Clearing MLS Statistics

Displaying MLS Debug Information

Configuring IP MMLS

Configuring IP MMLS on the MSFC

Displaying Global IP MMLS Information on the Supervisor Engine

Configuring MLS

This chapter describes how to configure Multilayer Switching (MLS) for the Catalyst 6500 series switches. MLS provides IP and Internetwork Packet Exchange (IPX) unicast Layer 3 switching and IP multicast Layer 3 switching with Supervisor Engine 1, the Policy Feature Card (PFC), and the Multilayer Switch Feature Card (MSFC) or MSFC2.

Note For complete information on the syntax and usage information for the supervisor engine commands that are used in this chapter, refer to the Catalyst 6500 Series Switch Command Reference publication.

This chapter consists of these sections:

•Understanding How Layer 3 Switching Works

•Default MLS Configuration

•Configuration Guidelines and Restrictions

•Configuring MLS

Note Supervisor Engine 720 with PFC3A/PFC3B/PFC3BXL and MSFC3 and Supervisor Engine 32 with PFC3B/PFC3BXL and MSFC2A provide Layer 3 switching with Cisco Express Forwarding for PFC3 (CEF for PFC3). See Chapter 13, "Configuring CEF for PFC2 and PFC3A," for more information.

Note Supervisor Engine 2, PFC2, and MSFC2 provide Layer 3 switching with Cisco Express Forwarding for PFC2 (CEF for PFC2). See Chapter 13, "Configuring CEF for PFC2 and PFC3A," for more information.

Understanding How Layer 3 Switching Works

Layer 3 switching allows the switch, instead of a router, to forward IP and IPX unicast traffic and IP multicast traffic between VLANs. Layer 3 switching is implemented in the hardware and provides wire-speed interVLAN forwarding on the switch, rather than on the MSFC. Layer 3 switching requires minimal support from the MSFC. The MSFC routes any traffic that cannot be Layer 3 switched.

Note Layer 3 switching supports the routing protocols that are configured on the MSFC. Layer 3 switching does not replace the routing protocols that are configured on the MSFC. Layer 3 switching uses IP Protocol Independent Multicast (IP PIM) for multicast route determination.

Layer 3 switching on Catalyst 6500 series switches provides traffic statistics that you can use to identify traffic characteristics for administration, planning, and troubleshooting. Layer 3 switching uses NetFlow Data Export (NDE) to export flow statistics (for more information about NDE, see Chapter 16, "Configuring NDE").

These sections describe Layer 3 switching and MLS on the Catalyst 6500 series switches:

•Understanding Layer 3-Switched Packet Rewrite

•Understanding MLS

Understanding Layer 3-Switched Packet Rewrite

When a packet is Layer 3 switched from a source in one VLAN to a destination in another VLAN, the switch performs a packet rewrite at the egress port based on information learned from the MSFC so that the packets appear to have been routed by the MSFC.

Note Rather than just forwarding multicast packets, the switch replicates them as necessary on the appropriate VLANs.

The packet rewrite alters these five fields:

•Layer 2 (MAC) destination address

•Layer 2 (MAC) source address

•Layer 3 IP Time to Live (TTL) or IPX Transport Control

•Layer 3 checksum

•Layer 2 (MAC) checksum (also called the frame checksum or FCS)

If Source A and Destination B are on different VLANs and Source A sends a packet to the MSFC to be routed to Destination B, the switch recognizes that the packet was sent to the Layer 2 (MAC) address of the MSFC.

To perform Layer 3 switching, the switch rewrites the Layer 2 frame header, changing the Layer 2 destination address to the Layer 2 address of Destination B and the Layer 2 source address to the Layer 2 address of the MSFC. The Layer 3 addresses remain the same.

In IP unicast and IP multicast traffic, the switch decrements the Layer 3 Time to Live (TTL) value by 1 and recomputes the Layer 3 packet checksum. In IPX traffic, the switch increments the Layer 3 Transport Control value by 1 and recomputes the Layer 3 packet checksum. The switch recomputes the Layer 2 frame checksum and forwards (or for multicast packets, replicates as necessary) the rewritten packet to Destination B's VLAN.

These sections describe how the packets are rewritten:

•Understanding IP Unicast Rewrite

•Understanding IPX Unicast Rewrite

•Understanding IP Multicast Rewrite

Understanding IP Unicast Rewrite

Received IP unicast packets are (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IP Header

Data

FCS

Destination

Source

Destination

Source

TTL

Checksum

MSFC MAC

Source A MAC

Destination B IP

Source A IP

n

calculation1

After the switch rewrites an IP unicast packet, it is (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IP Header

Data

FCS

Destination

Source

Destination

Source

TTL

Checksum

Destination B MAC

MSFC MAC

Destination B IP

Source A IP

n-1

calculation2

Understanding IPX Unicast Rewrite

Received IPX packets are (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IPX Header

Data

FCS

Destination

Source

Checksum/
IPX Length/
Transport Control

Destination Net/
Node/
Socket

Source Net/
Node/
Socket

MSFC MAC

Source A MAC

n

Destination B IPX

Source A IPX

After the switch rewrites an IPX packet, it is (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IPX Header

Data

FCS

Destination

Source

Checksum/
IPX Length/
Transport Control

Destination Net/
Node/
Socket

Source Net/
Node/
Socket

Destination B
MAC

MSFC MAC

n+1

Destination B IPX

Source A IPX

Understanding IP Multicast Rewrite

Received IP multicast packets are (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IP Header

Data

FCS

Destination

Source

Destination

Source

TTL

Checksum

Group G1 MAC¹

Source A MAC

Group G1 IP

Source A IP

n

calculation1

¹In this example, Destination B is a member of Group G1.

After the switch rewrites an IP multicast packet, it is (conceptually) formatted as follows:

Layer 2 Frame Header

Layer 3 IP Header

Data

FCS

Destination

Source

Destination

Source

TTL

Checksum

Group G1 MAC

MSFC MAC

Group G1 IP

Source A IP

n-1

calculation2

Understanding MLS

Note Supervisor Engine 1, PFC, and MSFC or MSFC2 can only do MLS internally with the MSFC or MSFC2 in the same chassis; an external MLS-RP cannot be used in place of the internal MLS-RP.

Supervisor Engine 1, PFC, and MSFC or MSFC2 provide Layer 3 switching with MLS. Layer 3 switching with MLS identifies flows on the switch after the first packet has been routed by the MSFC and transfers the process of forwarding the remaining traffic in the flow to the switch, which reduces the load on the MSFC.

These sections describe MLS:

•Understanding MLS Flows

•Understanding the MLS Cache

•Understanding Flow Masks

•Partially and Completely Switched Multicast Flows

•MLS Examples

Understanding MLS Flows

Layer 3 protocols, such as IP and IPX, are connectionless—they deliver every packet independently of every other packet. However, actual network traffic consists of many end-to-end conversations, or flows, between users or applications.

MLS supports unicast and multicast flows:

•A unicast flow can be any of the following:

–All traffic to a particular destination

–All traffic from a particular source to a particular destination

–All traffic from a particular source to a particular destination that shares the same protocol and transport-layer information

•A multicast flow is all traffic with the same protocol and transport-layer information from a particular source to the members of a particular destination multicast group.

For example, communication from a client to a server and from the server to the client are separate flows. The Telnet traffic that is transferred from a particular source to a particular destination comprises a separate flow from File Transfer Protocol (FTP) packets between the same source and destination.

Note The PFC uses the Layer 2 multicast forwarding table to identify the ports to which Layer 2 multicast traffic should be forwarded (if any). The multicast forwarding table entries are populated by whichever multicast constraint feature is enabled on the switch (IGMP snooping or Generic Attribute Registration Protocol [GARP] Multicast Registration Protocol [GMRP]). These entries map the destination multicast MAC address to the outgoing switch ports for a given VLAN.

Understanding the MLS Cache

These sections describe the MLS cache:

•MLS Cache

•Unicast Traffic

•Multicast Traffic

•MLS Cache Aging

•MLS Cache Size

MLS Cache

The PFC maintains a Layer 3 switching table called the MLS cache for the Layer 3-switched flows. The cache also includes the entries for the traffic statistics that are updated simultaneously with the switching of packets. After the PFC creates an MLS cache entry, the packets that are identified as belonging to an existing flow can be Layer 3 switched based on the cached information. The MLS cache maintains flow information for all the active flows.

Unicast Traffic

For unicast traffic, the PFC creates an MLS cache entry for the initial routed packet of each unicast flow. Upon receipt of a routed packet that does not match any unicast flow currently in the MLS cache, the PFC creates a new MLS entry.

Multicast Traffic

For multicast traffic, the PFC populates the MLS cache using information that is learned from the MSFC. Whenever the MSFC receives traffic for a new multicast flow, it updates its multicast routing table and forwards the new information to the PFC. In addition, if an entry in the multicast routing table ages out, the MSFC deletes the entry and forwards the updated information to the PFC.

For each multicast flow cache entry, the PFC maintains a list of outgoing interfaces for the destination IP multicast group. The PFC uses this list to identify the VLANs on which traffic to a given multicast flow should be replicated.

These Cisco IOS commands affect the multicast MLS cache entries on the switch:

•Using the clear ip mroute command to clear the multicast routing table on the MSFC clears all multicast MLS cache entries on the PFC.

•Using the no ip multicast-routing command to disable IP multicast routing on the MSFC purges all multicast MLS cache entries on the PFC.

MLS Cache Aging

The state and identity of flows are maintained while the packet traffic is active; when the traffic for a flow ceases, the entry ages out. You can configure the aging time for the MLS entries that are kept in the MLS cache. If an entry is not used for the specified period of time, the entry ages out and the statistics for that flow can be exported to a flow collector application.

MLS Cache Size

The maximum MLS cache size is 128,000 entries. The MLS cache is shared by all MLS processes on the switch (IP MLS, IP MMLS, and IPX MLS). An MLS cache that is larger than 32,000 entries increases the probability that a flow will not be Layer 3 switched but will be forwarded to the MSFC.

Understanding Flow Masks

The PFC uses flow masks to determine how the MLS entries are created.

These sections describe the flow mask modes:

•Flow Mask Modes—Prior to Software Release 8.5(1)

•Flow Mask Modes—Software Release 8.5(1) and Later Releases

•Flow Mask Modes and show mls entry Command Outputs

Flow Mask Modes—Prior to Software Release 8.5(1)

The PFC supports only one flow mask (the most specific one) for all MSFCs that are Layer 3 switched by that PFC. If the PFC detects different flow masks from the different MSFCs for which it is performing Layer 3 switching, it changes its flow mask to the most specific flow mask detected.

When the PFC flow mask changes, the entire MLS cache is purged. When the PFC exports the cached entries, the flow records are created based on the current flow mask. Depending on the current flow mask, some fields in the flow record might not have values. The unsupported fields are filled with a zero (0).

The MLS flow masks are as follows:

•destination-ip—The least-specific flow mask. The PFC maintains one MLS entry for each Layer 3 destination address. All flows to a given Layer 3 destination address use this MLS entry.

•destination-ipx—The only flow mask mode for IPX MLS is destination mode. The PFC maintains one IPX MLS entry for each destination IPX address (network and node). All flows to a given destination IPX address use this IPX MLS entry.

•source-destination-ip—The PFC maintains one MLS entry for each source and destination IP address pair. All flows between a given source and destination use this MLS entry regardless of the IP protocol ports.

•source-destination-vlan—For IP MMLS. The PFC maintains one MMLS cache entry for each {source IP, destination group IP, source VLAN}. The multicast source-destination-vlan flow mask differs from the IP unicast MLS source-destination-ip flow mask in that, for IP MMLS, the source VLAN is included as part of the entry. The source VLAN is the multicast reverse path forwarding (RPF) interface for the multicast flow.

•full flow—The most-specific flow mask. The PFC creates and maintains a separate MLS cache entry for each IP flow. A full flow entry includes the source IP address, destination IP address, protocol, and protocol ports.

Flow Mask Modes—Software Release 8.5(1) and Later Releases

With software release 8.5(1) and later releases, the multiple flow mask feature is supported on Supervisor Engine 720. This feature results in some changes to the NetFlow Data Export (NDE) functionality.

A new value for the flow mask is null. Enter the set mls flow null command to set the flow mask to null (null is the new default flow mask). When the flow mask is set to null and no feature is driving a more specific flow mask, all the flows will match to the same null flow. The counters for the null flow are incremented each time a flow hits the null flow. When the flow masks are null and no other feature is driving a flow mask, when you enter the show mls statistics entry command, the command output displays the null flow as follows (in the example, flows are not being exported because NDE is disabled):
Console> (enable) show mls statistics entry
Flowmask set to Null. Please set the flowmask to see the flows
                                  Last    Used
Destination IP   Source IP       Prot  DstPrt SrcPrt Vlan  Stat-Pkts  Stat-Bytes
---------------- --------------- ----- ------ ------ ----- ---------  -----------
 -              -             -     -     -      N/A  728915    33530090  
Console> (enable) 
To enable flow creation, specify the flow mask by entering the set mls flow {destination | destination-source | null | full} command and specify a keyword other than the null keyword. If NDE is enabled when the null flow mask is configured, NDE will not export any flows. An example is as follows:
Console> (enable) set mls nde enable
Netflow export enabled
Console> (enable) 2005 Sep 18 18:04:43 %MLS-5-FLOWMASK_NULL:IP Flowmask set to Null:Flows 
will not be exported 
Conversely, if NDE is enabled and you set the flow mask to null, the following message displays:
Console> (enable) set mls flow null
2000 Sep 18 18:04:02 %MLS-5-FLOWMASK_NULL:IP Flowmask set to Null:Flows will not be 
exported
Console> (enable)
When you upgrade from software release 8.4(x) to software release 8.5(1) and later releases, note the following:

•In binary configuration mode:

–In software release 8.4(x), if you set the flow mask to "xxx" by entering the set mls flow xxx command (where xxx is any of the keyword options), after the upgrade, the flow mask is still xxx.

–In software release 8.4(x), if you did not set the flow mask, after the upgrade, the flowmask would be destination.

•In text configuration mode:

–In software release 8.4(x), if you set the flow mask to destination (the default) by entering the set mls flow destination command, after the upgrade, the flow mask would be null (the new default).

–In software release 8.4(x), if you did not set the flow mask, after the upgrade, the flow mask would be null.

–In software release 8.4(x), if you set the flow mask to any keyword option other than destination, after the upgrade, the flow mask would be the same flow mask that you configured.

Because multiple flow masks can now coexist on the switch, the show mls statistics entry command displays only the relevant fields per flow. Depending on the flow mask that is used to create a particular flow, the relevant fields are zeroed out. NDE is used by the flow collector software. NDE assumes that all flows are created with the same flow mask. Due to this restriction, NDE cannot be enabled with certain features requiring conflicting flow masks. One specific case is hardware-accelerated NAT. NDE and hardware-accelerated NAT are mutually exclusive.

Software release 8.5(1) introduces hardware acceleration for some MSFC features. When upgrading from software release 8.4(x) to software release 8.5(1), there are no issues with MSFC features that were already configured and running. In addition to NAT, such features as reflexive ACLs and Context Based Access Control (CBAC) can work in the hardware if there is no flow mask conflict. A feature will work in the hardware unless the feature needs a flow mask that is in conflict with another feature such as an NDE or QoS microflow policer.

Hardware acceleration is also introduced in software release 8.5(1) for WCCP and TCP intercept. These MSFC features can coexist with NDE if there is no flow mask conflict. The ACL manager attempts to merge the flow mask requirements of different features. The basic idea is to allocate a new flow mask only for a strict flow mask requirement that is incompatible with already allocated flow masks. NDE does not have a strict flow mask requirement, so the flow mask for NDE can be moved up.

To use the hardware acceleration functionality for NAT, if a flow mask has been configured for NDE (enter the show mls command to display flow masks), perform these steps:

Step 1 Enter the set mls flow null command.

Step 2 The MSFC needs to request a flow mask. This is accomplished by reconfiguring the specific MSFC feature.

NDE will fail if any of the following events occur:

•Hardware-accelerated NAT is enabled.

•Two or more features with conflicting flow masks have been configured on the switch.

Conversely, once NDE is successfully configured, NAT cannot be configured to work in the hardware and two different features with conflicting flow mask requirements cannot be configured on the switch.

Software release 8.5(1) introduces the show mls flowmask command that displays the flow masks used by the various features on the switch.

These examples show the output with various configurations when no features are configured on the MSFC:
Console> show mls flowmask
Netflow Data Export is enabled
NDE Flowmask is configured to use at least Null flowmask
Console>
Console> show mls flowmask
Netflow Data Export is enabled and is using Full flowmask
NDE Flowmask is configured to use at least Full flowmask
Console>
Console> show mls flowmask
Netflow Data Export is disabled
NDE Flowmask is configured to use at least Full flowmask
Console>
This example shows the output when NAT is configured on the MSFC:
Console> show mls flowmask
The MSFC features are using NotVlanFullFlow and VlanFullFlowOnly flow mask on vlan(s) 
10-11,50-51,90-91.
Netflow Data Export is disabled 
NDE Flowmask is configured to at least the Null flowmask
Console>
These examples show the output with various configurations when the reflexive ACL feature is configured on the MSFC:
Console> show mls flowmask
The MSFC features are using VlanFullFlowOnly flow mask on vlan(s) 13.
Netflow Data Export is disabled
NDE Flowmask is configured to use at least Null flowmask
Console>
Console> show mls flowmask
The MSFC features are using VlanFullFlowOnly flow mask on vlan(s) 13.
Netflow Data Export is enabled and is using Full-Vlan flowmask
NDE Flowmask is configured to use at least Full-Vlan flowmask
Console>
Flow Mask Modes and show mls entry Command Outputs

With the destination-ip flow mask, the source IP, protocol, and source and destination port fields show the details of the last packet that was Layer 3 switched using the MLS cache entry.

This example shows how the show mls entry command output appears in destination-ip mode:
Console> (enable) show mls entry ip short
Destination-IP  Source-IP       Prot  DstPrt SrcPrt Destination-Mac   Vlan 
--------------- --------------- ----- ------ ------ ----------------- ---- 
 ESrc EDst SPort DPort Stat-Pkts Stat-Byte    Uptime   Age
 ---- ---- ----- ----- --------- ------------ -------- --------
171.69.200.234  -               -     -      -      00-60-70-6c-fc-22 4    
 ARPA SNAP 5/8   11/1  3152      347854       09:01:19 09:08:20
171.69.1.133    -               -     -      -      00-60-70-6c-fc-23 2    
 SNAP ARPA 5/8   1/1   2345      123456       09:03:32 09:08:12
Total Entries: 2
* indicates TCP flow has ended
Console> (enable)
Note The short keyword exists for some show commands and displays the output by wrapping the text after 80 characters. The default is long (no text wrap).

With the source-destination-ip flow mask, the protocol, source port, and destination port fields display the details of the last packet that was Layer 3 switched using the MLS cache entry.

This example shows how the show mls entry command output appears in source-destination-ip mode:
Console> (enable) show mls entry ip short
Destination-IP  Source-IP       Prot  DstPrt SrcPrt Destination-Mac   Vlan 
--------------- --------------- ----- ------ ------ ----------------- ---- 
 ESrc EDst SPort DPort Stat-Pkts Stat-Byte    Uptime   Age
 ---- ---- ----- ----- --------- ------------ -------- --------
171.69.200.234  171.69.192.41   -     -      -      00-60-70-6c-fc-22 4 
 ARPA SNAP 5/8   11/1  3152      347854       09:01:19 09:08:20
171.69.1.133    171.69.192.42   -     -      -      00-60-70-6c-fc-23 2 
 SNAP ARPA 5/8   1/1   2345      123456       09:03:32 09:08:12
Total Entries: 2
* indicates TCP flow has ended
Console> (enable)
With the full-flow flow mask, because a separate MLS entry is created for every ip flow, the details are shown for each flow.

This example shows how the show mls entry command output appears in full flow mode:
Console> (enable) show mls entry ip short
Destination-IP  Source-IP       Prot  DstPrt SrcPrt Destination-Mac   Vlan 
--------------- --------------- ----- ------ ------ ----------------- ---- 
 ESrc EDst SPort DPort Stat-Pkts Stat-Byte    Uptime   Age
 ---- ---- ----- ----- --------- ------------ -------- --------
171.69.200.234  171.69.192.41   TCP*  6000   59181  00-60-70-6c-fc-22 4 
 ARPA SNAP 5/8   11/1  3152      347854       09:01:19 09:08:20
171.69.1.133    171.69.192.42   UDP   2049   41636  00-60-70-6c-fc-23 2 
 SNAP ARPA 5/8   1/1   2345      123456       09:03:32 09:08:12
Total Entries: 2
* indicates TCP flow has ended
Console> (enable)
Partially and Completely Switched Multicast Flows

Some flows might be partially Layer 3 switched instead of completely Layer 3 switched in these situations:

•The MSFC is configured as a member of the IP multicast group (using the ip igmp join-group command) on the RPF interface of the multicast source.

•The MSFC is the first-hop router to the source in PIM sparse mode (in this case, the MSFC must send PIM-register messages to the rendezvous point).

•The multicast TTL threshold is configured on an egress interface for the flow.

•The extended access list deny condition on the RPF interface specifies anything other than the Layer 3 source, Layer 3 destination, or IP protocol (an example is a Layer 4 port number).

•The multicast helper is configured on the RPF interface for the flow, and multicast to broadcast translation is required.

•Multicast tag switching is configured on an egress interface.

•Network address translation (NAT) is configured on an interface, and source address translation is required for the outgoing interface.

For partially switched flows, all multicast traffic belonging to the flow reaches the MSFC and is software switched for any interface that is not Layer 3 switched.

The PFC prevents multicast traffic in flows that are completely Layer 3 switched from reaching the MSFC, reducing the load on the MSFC. The show ip mroute and show mls ip multicast commands identify completely Layer 3-switched flows with the text string "RPF-MFD." Multicast Fast Drop (MFD) indicates that from the perspective of the MSFC, the multicast packet is dropped because it is switched by the PFC.

For all completely Layer 3-switched flows, the PFC periodically sends the multicast packet and byte count statistics to the MSFC, because the MSFC cannot record the multicast statistics for completely switched flows, which it never sees. The MSFC uses the statistics to update the corresponding multicast routing table entries and to reset the appropriate expiration timers.

MLS Examples

Figure 14-1 shows a simple IP MLS network topology. In this example, Host A is on the Sales VLAN (IP subnet 171.59.1.0), Host B is on the Marketing VLAN (IP subnet 171.59.3.0), and Host C is on the Engineering VLAN (IP subnet 171.59.2.0).

When Host A initiates an HTTP file transfer to Host C, an MLS entry for this flow is created (this entry is the second item in the MLS cache shown in Figure 14-1). The PFC stores the MAC addresses of the MSFC and Host C in the MLS entry when the MSFC forwards the first packet from Host A through the switch to Host C. The PFC uses this information to rewrite the subsequent packets from Host A to Host C.

Figure 14-1 IP MLS Example Topology

Figure 14-2 shows a simple IPX MLS network topology. In this example, Host A is on the Sales VLAN (IPX address 01.Aa), Host B is on the Marketing VLAN (IPX address 03.Bb), and Host C is on the Engineering VLAN (IPX address 02.Cc).

When Host A initiates a file transfer to Host B, an IPX MLS entry for this flow is created (this entry is the first item in the table shown in Figure 14-1). The PFC stores the MAC addresses of the MSFC and Host B in the IPX MLS entry when the MSFC forwards the first packet from Host A through the switch to Host B. The PFC uses this information to rewrite the subsequent packets from Host A to Host B.

Similarly, a separate IPX MLS entry is created in the MLS cache for the traffic from Host A to Host C, and for the traffic from Host C to Host A. The destination VLAN is stored as part of each IPX MLS entry so that the correct VLAN identifier is used when encapsulating traffic on the trunk links.

Figure 14-2 IPX MLS Example Topology

Default MLS Configuration

Table 14-1 shows the default IP MLS configuration.

Table 14-1 Default IP MLS Configuration

Feature

Default Value

IP MLS enable state

Enabled

IP MLS aging time

16 seconds

IP MLS fast aging time

0 seconds (no fast aging)

IP MLS fast aging-time packet threshold

0 packets

Table 14-2 shows the default IP MMLS switch configuration.

Table 14-2 Default IP MMLS Supervisor Engine Configuration

Feature

Default Value

Multicast services (IGMP snooping or GMRP)

Disabled

IP MMLS

Enabled

Table 14-3 shows the default IP MMLS MSFC configuration.

Table 14-3 Default IP MMLS MSFC Configuration

Feature

Default Value

Multicast routing

Disabled globally

IP PIM routing

Disabled on all interfaces

IP MMLS Threshold

Unconfigured—no default value

IP MMLS

Enabled when multicast routing is enabled and IP PIM is enabled on the interface

Table 14-4 shows the default IPX MLS configuration.

Table 14-4 Default IPX MLS Configuration

Feature

Default Value

IPX MLS enable state

Enabled

IPX MLS aging time

256 seconds

Configuration Guidelines and Restrictions

These sections describe the configuration guidelines and restrictions for IP MLS, IP MMLS, and IPX MLS:

•IP MLS

•IP MMLS

•IPX MLS

IP MLS

These sections describe the IP MLS configuration guidelines:

•Maximum Transmission Unit Size

•Restrictions on Using IP Routing Commands with IP MLS Enabled

Maximum Transmission Unit Size

The default maximum transmission unit (MTU) for IP MLS is 1500. To change the MTU on an IP MLS-enabled interface, enter the ip mtu mtu command.

Restrictions on Using IP Routing Commands with IP MLS Enabled

Enabling certain IP processes on an interface will affect IP MLS on the interface. Table 14-5 shows the affected commands and the resulting behavior.

Table 14-5 IP Routing Command Restrictions

Command

Behavior

clear ip route

Clears all MLS cache entries for all switches performing Layer 3 switching for this MSFC.

ip routing

The no form purges all MLS cache entries and disables IP MLS on this MSFC.

ip security (all forms of this command)

Disables IP MLS on the interface.

ip tcp compression-connections

Disables IP MLS on the interface.

ip tcp header-compression

Disables IP MLS on the interface.

IP MMLS

These sections describe the IP MMLS configuration guidelines:

•IP MMLS Supervisor Engine Guidelines and Restrictions

•IP MMLS MSFC Configuration Restrictions

•Unsupported IP MMLS Features

IP MMLS Supervisor Engine Guidelines and Restrictions

This section describes the guidelines and restrictions for configuring Supervisor Engine 1 for IP MMLS:

•Only the ARPA rewrites are supported for the IP multicast packets.

•The Subnetwork Address Protocol (SNAP) rewrites are not supported.

•You must enable one of the multicast services (IGMP snooping or GMRP) on the switch in order to use IP MMLS.

•The IP multicast flows are not multilayer switched if there is no entry in the Layer 2 multicast forwarding table (for example, if no Layer 2 multicast services are enabled or the forwarding table is full). Enter the show multicast group command to check for a Layer 2 entry for a particular IP multicast destination.

•If a Layer 2 entry is cleared, the corresponding Layer 3 flow information is purged.

•When using two MSFCs that have one or more interfaces in the same VLAN, the switch uses two reserved VLANs (VLANs 1012 and 1013) internally to forward the multicast flows properly.

•The MSFC will not act as an external router for a Catalyst 5000 family switch that has Layer 3- switching hardware.

IP MMLS MSFC Configuration Restrictions

IP MMLS does not perform multilayer switching for an IP multicast flow in these situations:

•For the IP multicast groups that fall into these ranges (where * is in the range 0-255):

224.0.0.* through 239.0.0.*
224.128.0.* through 239.128.0.*

Note The groups in the 224.0.0.* range are reserved for routing the control packets and must be flooded to all the forwarding ports of the VLAN. These addresses map to the multicast MAC address range 01-00-5E-00-00-xx where xx is in the range 0-0xFF.

•For the IP PIM auto-RP multicast groups (IP multicast group addresses 224.0.1.39 and 224.0.1.40).

Note In the systems with redundant MSFCs, the IP PIM interface configuration must be the same on both the active and redundant MSFCs.

•For the flows that are forwarded on the multicast-shared tree (that is, {*,G,*} forwarding) when the interface or group is running IP PIM sparse mode.

•If the shortest-path tree (SPT) bit for the flow is cleared when running IP PIM sparse mode for the interface or group.

•For the fragmented IP packets and packets with IP options. However, the packets in the flow that are not fragmented or that do not specify the IP options are multilayer switched.

•For the source traffic that is received on the tunnel interfaces (such as MBONE traffic).

•For any RPF interface with multicast tag switching enabled.

Unsupported IP MMLS Features

If you enable IP MMLS, the IP accounting for the interface will not reflect accurate values.

IPX MLS

These sections describe the configuration guidelines that apply when configuring IPX MLS:

•IPX MLS Interaction with Other Features

•IPX MLS and Maximum Transmission Unit Size

IPX MLS Interaction with Other Features

Other Cisco IOS software features affect IPX MLS as follows:

•IPX accounting—IPX accounting cannot be enabled on an IPX MLS-enabled interface.

•IPX EIGRP—To support MLS on EIGRP interfaces, you must set the Transport Control (TC) maximum to a value that is greater than the default (16). Enter the ipx maximum-hop tc_value global configuration command on the MSFC with the tc_value greater than 16.

IPX MLS and Maximum Transmission Unit Size

In IPX, the two end points of communication negotiate the maximum transmission unit (MTU) to be used. The MTU size is limited by the media type.

Configuring MLS

These sections describe how to configure MLS:

•Configuring Unicast MLS on the MSFC

•Configuring MLS on Supervisor Engine 1

•Configuring IP MMLS

Configuring Unicast MLS on the MSFC

These sections describe how to configure MLS on the MSFC:

•Disabling and Enabling Unicast MLS on an MSFC Interface

•Displaying MLS Information on the MSFC

•Using Debug Commands on the MSFC

•Using Debug Commands on the SCP

For information on configuring routing on the MSFC, see Chapter 12, "Configuring InterVLAN Routing." For information on configuring unicast Layer 3 switching on Supervisor Engine 1, see the "Configuring MLS on Supervisor Engine 1" section.

Note The MSFC can be specified as the MLS route processor (MLS-RP) for Catalyst 5000 family switches using MLS. Refer to the Layer 3 Switching Configuration Guide—Catalyst 5000 Family, 2926G Series, 2926 Series Switches, for MLS configuration procedures.

Disabling and Enabling Unicast MLS on an MSFC Interface

Unicast MLS for IP and IPX is enabled globally by default, but can be disabled and enabled on a specified interface.

To disable unicast IP or IPX MLS on a specific MSFC interface, perform one of these tasks:

Task

Command

Specify an MSFC interface.

Router(config)# interface vlan-id

Disable IP MLS on an MSFC interface.

Router(config-if)# no mls ip

Disable IPX MLS on an MSFC interface.

Router(config-if)# no mls ipx

This example shows how to disable IP MLS on an MSFC interface:
Router(config)# interface vlan 100
Router(config-if)# no mls ip
Router(config-if)# 
This example shows how to disable IPX MLS on an MSFC interface:
Router(config)# interface vlan 100
Router(config-if)# no mls ipx
Router(config-if)# 
Note Unicast MLS is enabled by default; you only need to enable (or reenable) it if you have previously disabled it.

To enable unicast IP or IPX MLS on a specific MSFC interface, perform this task:

Task

Command

Step 1

Specify an MSFC interface.

Router(config)# interface vlan-id

Step 2

Enable IP or IPX MLS on an MSFC interface.

Router(config-if)# mls ip

or

Router(config-if)# mls ipx

This example shows how to enable IP MLS on an MSFC interface:
Router(config)# interface vlan 100
Router(config-if)# mls ip
Router(config-if)# 
This example shows how to enable IPX MLS on an MSFC interface:
Router(config)# interface vlan 100
Router(config-if)# mls ipx
Router(config-if)# 
Displaying MLS Information on the MSFC

The show mls status command displays the MLS details. To display the MLS information on the MSFC, perform this task:

Task

Command

Display the MLS status.

show mls status

This example shows how to display the MLS status on the MSFC:
Router# show mls status 
MLS global configuration status:
global mls ip:                     enabled
global mls ipx:                    enabled
global mls ip multicast:           disabled
current ip flowmask for unicast:   destination only
current ipx flowmask for unicast:  destination only
Router#
Using Debug Commands on the MSFC

Table 14-6 describes the MLS-related debug commands that you can use to troubleshoot the MLS problems on the MSFC.

Table 14-6 MLS Debug Commands

Command

Description

[no] debug l3-mgr events

Displays the Layer 3 manager-related events.

[no] debug l3-mgr packets

Displays the Layer 3 manager packets.

[no] debug l3-mgr global

Displays the bug trace of IP global purge events.

[no] debug l3-mgr all

Turns on all the Layer 3 manager debugging messages.

Table 14-7 describes the MLS-related debug commands that you can use to troubleshoot the MLS problems when using the MSFC as an external router for a Catalyst 5000 family switch.

Table 14-7 MLS Debug Commands—External Router Function

Command

Description

[no] debug mls ip

Turns on the IP-related events for MLS including route purging and changes of access lists and flow masks.

[no] debug mls ipx

Turns on the IPX-related events for MLS including route purging and changes of access lists and flow masks.

[no] debug mls rp

Turns on the route processor-related events.

[no] debug mls locator

Identifies which switch is switching a particular flow by using MLS explorer packets.

[no] debug mls all

Turns on all the MLS debugging events.

Using Debug Commands on the SCP

Table 14-8 describes the Serial Control Protocol (SCP)-related debug commands to troubleshoot the SCP that runs over the Ethernet out-of-band channel (EOBC).

Table 14-8 SCP Debug Commands

Command

Description

[no] debug scp async

Displays the trace for asynchronous data in and out of the SCP system.

[no] debug scp data

Displays the packet data trace.

[no] debug scp errors

Displays the errors and warnings in the SCP.

[no] debug scp packets

Displays the packet data in and out of the SCP system.

[no] debug scp timeouts

Reports the timeouts.

[no] debug scp all

Turns on all the SCP debugging messages.

Configuring MLS on Supervisor Engine 1

MLS is enabled by default on Catalyst 6500 series switches. You only need to configure Supervisor Engine 1 in these circumstances:

•You want to change the MLS aging time

•You want to enable NDE

These sections describe how to configure MLS on Supervisor Engine 1:

•Specifying the MLS Aging-Time Value

•Specifying IP MLS Long-Duration Aging Time, Fast Aging Time, and Packet Threshold Values

•Setting the Minimum IP MLS Flow Mask

•Displaying CAM Entries on the Supervisor Engine

•Displaying MLS Information

•Displaying IP MLS Cache Entries

•Clearing MLS Cache Entries

•Clearing IPX MLS Cache Entries

•Displaying IP MLS Statistics

•Clearing MLS Statistics

•Displaying MLS Debug Information

For information on configuring the VLANs on the switch, see Chapter 11, "Configuring VLANs." For information on configuring MLS on the MSFC, see the "Configuring Unicast MLS on the MSFC" section.

Note When you disable IP or IPX MLS on the MSFC, IP or IPX MLS is automatically disabled on Supervisor Engine 1. All the existing protocol-specific MLS cache entries are purged. To disable MLS on the MSFC, see the "Disabling and Enabling Unicast MLS on an MSFC Interface" section.

Note If NDE is enabled and you disable MLS, you will lose the statistics for existing cache entries—they are not exported.

Specifying the MLS Aging-Time Value

The MLS aging time for each protocol (IP and IPX) applies to all protocol-specific MLS cache entries. Any MLS entry that has not been used for agingtime seconds is aged out. The default is 256 seconds.

You can configure the aging time in the range of 8 to 2032 seconds in 8-second increments. Any aging-time value that is not a multiple of 8 seconds is adjusted to the closest multiple of 8 seconds. For example, a value of 65 is adjusted to 64 and a value of 127 is adjusted to 128.

Note We recommend that you keep the size of the MLS cache below 32,000 entries. If the number of MLS entries exceeds 32,000, some flows are sent to the MSFC. To keep the size of the MLS cache down, for IP, enable IP MLS fast aging as described in the "Specifying IP MLS Long-Duration Aging Time, Fast Aging Time, and Packet Threshold Values" section.

To specify the MLS aging time for both IP and IPX, perform this task in privileged mode:

Task

Command

Specify the MLS aging time for MLS cache entries.

set mls agingtime [agingtime]

This example shows how to specify the MLS aging time:
Console> (enable) set mls agingtime 512
Multilayer switching agingtime IP and IPX set to 512
Console> (enable) 
To specify the IP MLS aging time, perform this task in privileged mode:

Task

Command

Specify the IP MLS aging time for an MLS cache entry.

set mls agingtime ip [agingtime]

This example shows how to specify the IP MLS aging time:
Console> (enable) set mls agingtime ip 512
Multilayer switching aging time IP set to 512
Console> (enable) 
To specify the IPX MLS aging time, perform this task in privileged mode:

Task

Command

Specify the IPX MLS aging time for an MLS cache entry.

set mls agingtime ipx [agingtime]

This example shows how to specify the IPX MLS aging time:
Console> (enable) set mls agingtime ipx 512
Multilayer switching aging time IPX set to 512
Console> (enable)
Specifying IP MLS Long-Duration Aging Time, Fast Aging Time, and Packet Threshold Values

Note IPX MLS does not use fast aging. IPX MLS only operates in destination-source and destination flow modes; therefore, the number of IPX MLS entries in the MLS table is low relative to the number of IP MLS entries in full-flow mode.

To keep the MLS cache size below 32,000 entries, enable IP MLS fast aging time. The IP MLS fast aging time applies to the MLS entries that have no more than pkt_threshold packets that are switched within fastagingtime seconds after they are created. A typical cache entry that is removed is the entry for flows to and from a Domain Name Server (DNS) or TFTP server; the entry might never be used again after it is created. Detecting and aging out these entries saves space in the MLS cache for the other data traffic.

The default fastagingtime value is 0 (no fast aging). You can configure the fastagingtime value to 32, 64, 96, or 128 seconds. Any fastagingtime value that is not configured exactly as the indicated values is adjusted to the closest one. You can configure the pkt_threshold value to 0, 1, 3, 7, 15, 31, or 63 packets.

If you need to enable IP MLS fast aging time, initially set the value to 128 seconds. If the size of the MLS cache continues to grow over 32,000 entries, decrease the setting until the cache size stays below 32,000. If the cache continues to grow over 32,000 entries, decrease the normal IP MLS aging time.

The typical values for fastagingtime and pkt_threshold are 32 seconds and 0 packets (no packets are switched within 32 seconds after the entry is created).

To specify the IP MLS fast aging time and packet threshold, perform this task in privileged mode:

Task

Command

Specify the IP MLS fast aging time and packet threshold for an MLS cache entry.

set mls agingtime fast [fastagingtime] [pkt_threshold]

This example shows how to set the IP MLS fast aging time to 32 seconds with a packet threshold of 0 packets:
Console> (enable) set mls agingtime fast 32 0
Multilayer switching fast aging time set to 32 seconds for entries with no more than 0 
packets switched.
Console> (enable)
To specify that an active flow gets aged out, perform this task in privileged mode:

Task

Command

Specify that an active flow gets aged out.

set mls agingtime long-duration agingtime

This example shows how to force an active flow to age out. You can specify the aging time of the active flow in the range of 64 to 1920 seconds in increments of 64.
Console> (enable) set mls agingtime long-duration 128
Multilayer switching agingtime set to 128 seconds for long duration flows 
Console> (enable)
Setting the Minimum IP MLS Flow Mask

You can set the minimum granularity of the flow mask for the MLS cache on the PFC. The actual flow mask that is used will be at least of the granularity that is specified by this command. For information on how the different flow masks work, see the "Understanding Flow Masks" section.

For example, if you do not configure the access lists on any MSFC, then the IP MLS flow mask on the PFC is destination-ip by default. However, you can force the PFC to use the source-destination-ip flow mask by setting the minimum IP MLS flow mask using the set mls flow destination-source command.

Caution The set mls flow destination-source command purges all the existing shortcuts in the MLS cache and affects the number of the active shortcuts on the PFC. Exercise care when using this command.

To set the minimum IP MLS flow mask, perform this task in privileged mode:

Task

Command

Set the minimum IP MLS flow mask.

set mls flow {destination | destination-source | null | full}

This example shows how to set the minimum IP MLS flow mask to destination-source-ip:
Console> (enable) set mls flow destination-source
Configured IP flow mask is set to destination-source flow.
Console> (enable)
Displaying CAM Entries on the Supervisor Engine

The show cam command displays the content-addressable memory (CAM) entries that are associated with a specific MAC address. If the MAC address belongs to an MSFC, an "R" is appended to the MAC address.

If you specify a VLAN number, only those CAM entries that correspond to that VLAN number are displayed. If a VLAN is not specified, the entries for all the VLANs are displayed.

To display the CAM entries, perform this task:

Task

Command

Display the CAM entries by MAC address.

show cam msfc [vlan]

This example shows how to display the CAM entries:
Console> show cam msfc
VLAN  Destination MAC      Destination-Ports or VCs        Xtag  Status
----  ------------------   ------------------------------  ----  ------
194   00-e0-f9-d1-2c-00R   7/1                             2     H
193   00-00-0c-07-ac-c1R   7/1                             2     H
193   00-00-0c-07-ac-5dR   7/1                             2     H
202   00-00-0c-07-ac-caR   7/1                             2     H
204   00-e0-f9-d1-2c-00R   7/1                             2     H
195   00-e0-f9-d1-2c-00R   7/1                             2     H
192   00-00-0c-07-ac-c0R   7/1                             2     H
192   00-e0-f9-d1-2c-00R   7/1                             2     H
204   00-00-0c-07-ac-ccR   7/1                             2     H
202   00-e0-f9-d1-2c-00R   7/1                             2     H
194   00-00-0c-07-ac-5eR   7/1                             2     H
196   00-e0-f9-d1-2c-00R   7/1                             2     H
194   00-00-0c-07-ac-c2R   7/1                             2     H
193   00-e0-f9-d1-2c-00R   7/1                             2     H
Total Matching CAM Entries Displayed = 14
Console>
This example shows how to display the CAM entries for a specified VLAN:
Console> show cam msfc 192
VLAN  Destination MAC      Destination-Ports or VCs        Xtag  Status
----  ------------------   ------------------------------  ----  ------
192   00-00-0c-07-ac-c0R   7/1                             2     H
192   00-e0-f9-d1-2c-00R   7/1                             2     H
Console> 
Displaying MLS Information

The show mls command displays protocol-specific MLS information and MSFC-specific information.

To display protocol-specific MLS information and MSFC-specific information, perform this task:

Task

Command

Display general IP or IPX MLS information and MSFC-specific information for all MSFCs.

show mls {ip | ipx} [mod¹]

¹The mod keyword specifies the module number of the MSFC; either 15 (if the MSFC is installed on Supervisor Engine 1 in slot 1) or 16 (if the MSFC is installed on Supervisor Engine 1 in slot 2).

This example shows how to display IP MLS information and MSFC-specific information:
Console> (enable) show mls ip
Total Active MLS entries = 0
Total packets switched = 0
IP Multilayer switching enabled
IP Multilayer switching aging time = 256 seconds
IP Multilayer switching fast aging time = 0 seconds, packet threshold = 0
IP Flow mask: Full Flow
Configured flow mask is Destination flow
Active IP MLS entries = 0
Netflow Data Export version: 8
Netflow Data Export disabled
Netflow Data Export port/host is not configured
Total packets exported = 0
MSFC ID         Module XTAG MAC               Vlans  
--------------- ------ ---- ----------------- --------------------
52.0.03         15     1    01-10-29-8a-0c-00 1,10,123,434,121
                                              222,666,959
Console> (enable) 
This example shows how to display IPX MLS information:
Console> (enable) show mls ipx
IPX Multilayer switching aging time = 256 seconds
IPX flow mask is Destination flow
IPX max hop is 15
Active IPX MLS entries = 356
IPX MSFC ID     Module XTAG MAC               Vlans
--------------- ------ ---- ----------------- ----------------
22.1.0.56       15     1    00-10-07-38-29-18 2,3,4,5,6,
                                              7,8,9,10,11,
                                              12,13,14,15,16,
                                              17,18,19,20,66,
                                              77
                            00-d0-d3-9c-e3-f4 25
                            00-10-07-38-29-18 26,111
                            00-d0-d3-9c-e3-f4 112
22.1.0.58       16     2    00-10-07-38-22-22 2,3,4,5,6,
                                              7,8,9,10,11,
                                              12,13,14,15,16,
                                              17,18,19,20
                            00-d0-d3-33-17-8c 25
                            00-10-07-38-22-22 26,66,77,88,99,
                                              111
                            00-d0-d3-33-17-8c 112
Console> (enable)
Displaying IP MLS Cache Entries

These sections describe how to display the MLS cache entries on Supervisor Engine 1:

•Displaying All MLS Entries

•Displaying MLS Entries for a Specific IP Destination Address

•Displaying IPX MLS Entries for a Specific IPX Destination Address

•Displaying MLS Entries for a Specific IP Source Address

•Displaying MLS Entries for a Specific IP Flow

•Displaying IPX MLS Entries for a Specific MSFC

•Displaying MLS Entries for Bridged-Flow Statistics

Note For a description of how the flow mask mode affects the screen displays when showing the MLS entries, see the "Flow Mask Modes and show mls entry Command Outputs" section.

Displaying All MLS Entries

To display all the MLS entries (IP and IPX), perform this task in privileged mode:

Task

Command

Display all the MLS entries.

show mls entry [short | long]

This example shows how to display all the MLS entries (IP and IPX):
Console> (enable) show mls entry short
Destination-IP  Source-IP       Prot  DstPrt SrcPrt Destination-Mac  Vlan
--------------- --------------- ----- ------ ------ ----------------- ----
 ESrc EDst SPort DPort Stat-Pkts  Stat-Bytes   Created  LastUsed
 ---- ---- ----- ----- ---------- ------------ -------- --------
171.69.200.234  171.69.192.41   TCP*  6000   59181  00-60-70-6c-fc-22 4   
 ARPA SNAP 5/8   11/1  3152       347854       09:01:19 09:08:20
171.69.1.133    171.69.192.42   UDP   2049   41636  00-60-70-6c-fc-23 2   
 SNAP ARPA 5/8   1/1   2345       1234567      09:03:32 09:08:12
171.69.1.133    171.69.192.42   UDP   2049   41636  00-60-70-6c-fc-23 2   
 SNAP ARPA 5/8   1/1   2345       1234567      09:03:32 09:08:12
171.69.1.133    171.69.192.42   UDP   2049   41636  00-60-70-6c-fc-23 2   
 SNAP ARPA 5/8   1/1   2345       1234567      09:03:32 09:08:12
171.69.1.133    171.69.192.42   UDP   2049   41636  00-60-70-6c-fc-23 2   
 SNAP ARPA 5/8   1/1   2345       1234567      09:03:32 09:08:12
Total IP entries: 5
* indicates TCP flow has ended.
Destination-IPX           Source-IPX-net Destination-Mac   Vlan Port  
 Stat-Pkts Stat-Bytes
------------------------- -------------- ----------------- ---- ----- 
 --------- -----------
BABE.0000.0000.0001       -              00-a0-c9-0a-89-1d 211  13/37 
 30230     1510775     
201.00A0.2451.7423        -              00-a0-24-51-74-23 201  14/33 
 30256     31795084    
501.0000.3100.0501        -              31-00-05-01-00-00 501  9/37  
 12121     323232
401.0000.0000.0401        -              00-00-04-01-00-00 401  3/1   
 4633      38676
Total IPX entries: 4
Console>
Displaying MLS Entries for a Specific IP Destination Address

To display the MLS entries for a specific destination IP address, perform this task in privileged mode:

Task

Command

Display the MLS entries for the specified destination IP address.

show mls entry ip destination [ip_addr]

This example shows how to display the MLS entries for a specific destination IP address:
Console> (enable) show mls entry ip destination 172.20.22.14/24
Destination-IP  Source-IP       Prot  DstPrt SrcPrt Destination-Mac   Vlan 
 EDst ESrc DPort  SPort  Stat-Pkts  Stat-Bytes  Uptime   Age
--------------- --------------- ----- ------ ------ ----------------- ---- 
 ---- ---- ------ ------ ---------- ----------- -------- --------
MSFC 172.20.25.1 (Module 15):
172.20.22.14    -               -     -      -      00-60-70-6c-fc-22 4    
 ARPA ARPA 5/39   5/40   115        5290        00:12:20 00:00:04
MSFC 172.20.27.1 (Module 16):
Total entries:1
Console> (enable)
Displaying IPX MLS Entries for a Specific IPX Destination Address

To display the IPX MLS entries for a specific destination IPX address, perform this task in privileged mode:

Task

Command

Display the IPX MLS entries for a specific destination IPX address (net_address.node_address).

show mls entry ipx destination ipx_addr

This example shows how to display the IPX MLS entries for a specific destination IPX address:
Console> (enable) show mls entry ipx destination 3E.0010.298a.0c00
Destination IPX           Source IPX net Destination Mac   Vlan Port
------------------------- -------------- ----------------- ---- -----
MSFC 22.1.0.56 (Module 15):
3E.0010.298a.0c00                     13 00-00-00-00-00-09 26   4/7
Console> (enable)
Displaying MLS Entries for a Specific IP Source Address

To display the MLS entries for a specific source IP address, perform this task in privileged mode:

Task

Command

Display the MLS entries for the specified source IP address.

show mls entry ip source [ip_addr]

This example shows how to display the MLS entries for a specific source IP address:
Console> (enable) show mls entry ip source 10.0.2.15
Destination-IP  Source-IP       Prot  DstPrt SrcPrt Destination-Mac   Vlan 
 EDst ESrc DPort  SPort  Stat-Pkts  Stat-Bytes  Uptime   Age
--------------- --------------- ----- ------ ------ ----------------- ---- 
 ---- ---- ------ ------ ---------- ----------- -------- --------
MSFC 172.20.25.1 (Module 15):
172.20.22.14    10.0.2.15       TCP   Telnet 37819  00-e0-4f-15-49-ff 51
 ARPA ARPA 5/39   5/40   115        5290        00:12:20 00:00:04
MSFC 172.20.27.1 (Module 16):
Total entries:1
Console> (enable)
Displaying MLS Entries for a Specific IP Flow

The show mls entry ip flow command displays the MLS entries for a specific IP flow. The protocol argument can be tcp, udp, icmp, or a decimal number for other protocol families. The src_port and dst_port arguments specify the protocol ports if the protocol is TCP or User Datagram Protocol (UDP). A value of zero (0) for src_port, dst_port, or protocol is treated as a wildcard and all entries are displayed (unspecified options are treated as wildcards). If the protocol selected is not TCP or UDP, set the src_port and dst_prt to 0 or no flows will display.

To display the MLS entries for a specific IP flow (when the flow mask mode is full flow), perform this task in privileged mode:

Task

Command

Display the MLS entries for a specific IP flow (when the flow mask mode is full flow).

show mls entry ip flow [protocol src_port dst_port]

This example shows how to display the MLS entries for a specific IP flow:
Console> (enable) show mls entry ip flow tcp 23 37819
Destination IP  Source IP       Port DstPrt SrcPrt Destination Mac   Vlan Port
--------------- --------------- ---- ------ ------ ----------------- ---- -----
MSFC 51.0.0.3:
10.0.2.15       51.0.0.2        TCP  37819  Telnet 08-00-20-7a-07-75 10   3/1
Console> (enable)
Displaying IPX MLS Entries for a Specific MSFC

To display the IPX MLS entries for a specific MSFC, perform this task in privileged mode:

Task

Command

Display the IPX MLS entries for a specific MSFC.

show mls entry ipx mod¹

¹The mod keyword specifies the module number of the MSFC; either 15 (if the MSFC is installed on Supervisor Engine 1 in slot 1) or 16 (if the MSFC is installed on Supervisor Engine 1 in slot 2).

This example shows how to display the IPX MLS entries for a specific MSFC:
Console> (enable) show mls entry ipx 15
Destination-IPX           Destination-Mac   Vlan EDst ESrc  Port  Stat-Pkts
 Stat-Bytes  Uptime   Age
------------------------- ----------------- ---- ---- ---- ----- ----------
 ----------- -------- --------
MSFC 22.1.0.56 (Module 15):
11.0000.0000.2B10         00-00-00-00-2b-10 11   ARPA ARPA  -     7869
 361974      00:15:52 00:00:00
11.0000.0000.A810         00-00-00-00-a8-10 11   ARPA ARPA  -     3934
 180964      00:15:52 00:00:00
11.0000.0000.3210         00-00-00-00-32-10 11   ARPA ARPA  -     7871
 362066      00:15:52 00:00:00
11.0000.0000.B110         00-00-00-00-b1-10 11   ARPA ARPA  -     3935
 181010      00:15:52 00:00:00
11.0000.0000.1910         00-00-00-00-19-10 11   ARPA ARPA  -     7873
 362158      00:15:52 00:00:00
11.0000.0000.9A10         00-00-00-00-9a-10 11   ARPA ARPA  -     3936
 181056      00:15:52 00:00:00
11.0000.0000.0010         00-00-00-00-00-10 11   ARPA ARPA  3/11  7875
 362250      00:15:52 00:00:00
11.0000.0000.8310         00-00-00-00-83-10 11   ARPA ARPA  -     3937
 181102      00:15:52 00:00:00
10.0000.0000.0109         00-00-00-00-01-09 10   ARPA ARPA  3/10  96364
 4432744     00:15:52 00:00:00
11.0000.0000.4F10         00-00-00-00-4f-10 11   ARPA ARPA  -     7877
 362342      00:15:53 00:00:00
11.0000.0000.CC10         00-00-00-00-cc-10 11   ARPA ARPA  -     3938
 181148      00:15:53 00:00:00
11.0000.0000.5610         00-00-00-00-56-10 11   ARPA ARPA  -     7879
 362434      00:15:53 00:00:00
11.0000.0000.D510         00-00-00-00-d5-10 11   ARPA ARPA  -     3939
 181194      00:15:53 00:00:00
11.0000.0000.7D10         00-00-00-00-7d-10 11   ARPA ARPA  -     3940
 181240      00:15:53 00:00:00
11.0000.0000.FE10         00-00-00-00-fe-10 11   ARPA ARPA  -     3941
 181286      00:15:53 00:00:00
11.0000.0000.6410         00-00-00-00-64-10 11   ARPA ARPA  -     7883
 362618      00:15:53 00:00:00
11.0000.0000.E710         00-00-00-00-e7-10 11   ARPA ARPA  -     3941
 181286      00:15:53 00:00:00
11.0000.0000.6010         00-00-00-00-60-10 11   ARPA ARPA  -     7885
 362710      00:15:53 00:00:00
11.0000.0000.E310         00-00-00-00-e3-10 11   ARPA ARPA  -     3942
 181332      00:15:53 00:00:00
11.0000.0000.7910         00-00-00-00-79-10 11   ARPA ARPA  -     3943
 181378      00:15:54 00:00:00
Console> (enable)
Displaying MLS Entries for Bridged-Flow Statistics

To display the MLS entries for the bridged-flow statistics, perform this task in privileged mode:

Task

Command

Display the MLS entries for the bridged-flow statistics.

show mls entry

This example shows how to display the MLS entries for the bridged-flow statistics:
Console> (enable) show mls entry
     Destination-IP  Source-IP       Prot  DstPrt SrcPrt Destination-Mac   Vlan EDst ESrc 
DPort     SPort     Stat-Pkts  Stat-Bytes  Uptime   Age
     --------------- --------------- ----- ------ ------ ----------------- ---- ---- ---- 
--------- --------- ---------- ----------- -------- --------
     224.0.0.5       21.2.0.22       -     0      0      00-00-00-00-00-00 0    ARPA ARPA 
-         5/11      20         1280        00:03:14 00:00:04
     224.0.0.13      1.1.1.2         -     0      0      00-00-00-00-00-00 0    ARPA ARPA 
-         5/11      7          210         00:03:02 00:00:02
     255.255.255.255 -               -     0      0      ff-ff-ff-ff-ff-ff 21   ARPA ARPA 
-         5/11      28         2996        00:03:10 00:00:02
     10.6.62.195     -               -     0      0      00-00-00-00-00-02 20   ARPA ARPA 
-         5/5       291494     13408724    00:03:16 00:00:00
     Destination-IPX           Destination-Mac   Vlan EDst ESrc  Port  Stat-Pkts  
Stat-Bytes  Uptime   Age
     ------------------------- ----------------- ---- ---- ---- ----- ---------- 
----------- -------- --------
Total entries displayed:2
Clearing MLS Cache Entries

The clear mls entry command removes specific MLS cache entries. The all keyword clears all the MLS entries. The destination and source keywords specify the source and destination IP addresses. The destination and source ip_addr_spec can be a full IP address or a subnet address in the format ip_subnet_addr, ip_addr/subnet_mask, or ip_addr/subnet_mask_bits.

The flow keyword specifies the following additional flow information:

•Protocol family (protocol)—Specify tcp, udp, icmp, or a decimal number for other protocol families. A value of zero (0) for protocol is treated as a wildcard, and the entries for all protocols are cleared (the unspecified options are treated as wildcards).

•TCP or UDP source and destination port numbers (src_port and dst_port)—If the protocol you specify is TCP or UDP, specify the source and destination TCP or UDP port numbers. A value of zero (0) for src_port or dst_port is treated as a wildcard, and the entries for all source or destination ports are cleared (the unspecified options are treated as wildcards). For other protocols, set the src_port and dst_port to 0, or no entries will clear.

To clear an MLS entry, perform this task in privileged mode:

Task

Command

Clear an MLS entry.

clear mls entry ip [destination ip_addr_spec] [source ip_addr_spec] [flow protocol src_port dst_port] [all]

This example shows how to clear the MLS entries with destination IP address 172.20.26.22:
Console> (enable) clear mls entry ip destination 172.20.26.22
MLS IP entry cleared
Console> (enable)
This example shows how to clear the MLS entries with destination IP address 172.20.22.113, TCP source port 1652, and TCP destination port 23:
Console> (enable) clear mls entry destination 172.20.26.22 source 172.20.22.113 flow tcp 
1652 23
MLS IP entry cleared
Console> (enable)
Clearing IPX MLS Cache Entries

The clear mls entry ipx command removes specific IPX MLS cache entries. The destination and source keywords specify the source and destination IPX addresses. The all keyword clears all the MLS entries.

Displaying IP MLS Statistics

These sections describe how to display the IP MLS statistics:

•Displaying IP MLS Statistics by Protocol

•Displaying Statistics for MLS Cache Entries

Displaying IP MLS Statistics by Protocol

The show mls statistics protocol command displays the IP MLS statistics by protocol (such as Telnet, FTP, and WWW). The protocol keyword functions only if the flow mask mode is full flow. Enter the show mls command to see the current flow mask.

To display the IP MLS statistics by protocol, perform this task in privileged mode:

Task

Command

Display the IP MLS statistics by protocol (only if IP MLS is in full flow mode).

show mls statistics protocol

This example shows how to display the IP MLS statistics by protocol:
Console> (enable) show mls statistics protocol
Protocol  TotalFlows  TotalPackets    Total Bytes
-------   ----------  --------------  ------------
Telnet    900         630             4298
FTP       688         2190            3105	
WWW       389         42679           623686
SMTP      802         4966            92873
X         142         2487            36870
DNS       1580        52              1046
Others    82          1               73
Total     6583        53005           801951
Console> (enable)
Displaying Statistics for MLS Cache Entries

The show mls statistics entry command displays the IP MLS statistics for the MLS cache entries. Specify the destination IP address, source IP address, protocol, and source and destination ports to see the specific MLS cache entries.

A value of zero (0) for src_port or dst_port is treated as a wildcard, and all the statistics are displayed (the unspecified options are treated as wildcards). If the protocol specified is not TCP or UDP, set the src_port and dst_prt to 0 or no statistics will display.

To display the statistics for the MLS cache entries, perform this task in privileged mode:

Task

Command

Display the statistics for the MLS cache entries. If you do not specify an MLS cache entry, all the statistics are shown.

show mls statistics entry ip [destination ip_addr_spec] [source ip_addr_spec] [flow protocol src_port dst_port]

This example shows how to display the statistics for a particular MLS cache entry:
Console> show mls statistics entry ip destination 172.20.22.14
                                  Last    Used
Destination IP  Source IP       Prot DstPrt SrcPrt Stat-Pkts Stat-Bytes
--------------- --------------- ---- ------ ------ --------- -----------
MSFC 127.0.0.12:
172.20.22.14    172.20.25.10    6    50648  80     3152       347854
Console>
Clearing MLS Statistics

The clear mls statistics command clears the following statistics:

•Total packets that are switched (IP and IPX)

•Total packets that are exported (for NDE)

To clear the IP MLS statistics, perform this task in privileged mode:

Task

Command

Clear the IP MLS statistics.

clear mls statistics

This example shows how to clear the IP MLS statistics:
Console> (enable) clear mls statistics
All mls statistics cleared.
Console> (enable)
Displaying MLS Debug Information

The show mls debug command displays MLS debug information that you can send to your technical support representative for analysis if necessary.

To display the MLS debug information, perform this task:

Task

Command

Display the MLS debug information that you can send to your technical support representative.

show mls debug

Note The show tech-support command displays supervisor engine system information. Use the application-specific commands to get more information about particular applications.

Configuring IP MMLS

These sections describe how to configure IP MMLS:

•Configuring IP MMLS on the MSFC

•Displaying Global IP MMLS Information on the Supervisor Engine

Configuring IP MMLS on the MSFC

These sections describe how to configure the MSFC for IP MMLS:

•Enabling IP Multicast Routing Globally

•Enabling IP PIM on MSFC Interfaces

•Configuring the IP MMLS Global Threshold

•Enabling IP MMLS on MSFC Interfaces

•Displaying IP MMLS Interface Information

•Displaying the IP Multicast Routing Table

•Monitoring IP MMLS on the MSFC

•Using Debug Commands on the IP MMLS MSFC

•Using Debug Commands on the SCP

Note For information on configuring routing on the MSFC, see Chapter 12, "Configuring InterVLAN Routing."

Note You can specify the MSFC as the MLS route processor (MLS-RP) for Catalyst 5000 family switches using MLS. Refer to the Layer 3 Switching Configuration Guide—Catalyst 5000 Family, 2926G Series, 2926 Series Switches for the Catalyst 5000 family switch MLS configuration procedures.

Note This section describes how to enable IP multicast routing on the MSFC. For more detailed IP multicast configuration information, refer to the "IP Multicast" section of the Cisco IOS IP and IP Routing Configuration Guide at this URL:
http://www.cisco.com/en/US/docs/ios/12_1/iproute/configuration/guide/ip_c.html

Enabling IP Multicast Routing Globally

You must enable IP multicast routing globally on the MSFC before you can enable IP MMLS on the MSFC interfaces.

To enable IP multicast routing globally on the MSFC, perform this task in global configuration mode:

Task

Command

Enable IP multicast routing globally.

Router(config)# ip multicast-routing

This example shows how to enable IP multicast routing globally:
Router(config)# ip multicast-routing
Router(config)# 
Enabling IP PIM on MSFC Interfaces

You must enable IP PIM on the MSFC interfaces before IP MMLS will function on those interfaces.

To enable IP PIM on an interface, perform this task:

Task

Command

Enable IP PIM on an MSFC interface.

Router(config-if)# ip pim {dense-mode | sparse-mode | sparse-dense-mode}

This example shows how to enable IP PIM on an interface using the default mode (sparse-dense-mode):
Router(config-if)# ip pim
Router(config-if)# 
This example shows how to enable IP PIM sparse mode on an interface:
Router(config-if)# ip pim sparse-mode
Router(config-if)# 
Configuring the IP MMLS Global Threshold

You can configure a global multicast rate threshold, which is specified in packets per second, below which all (S,G) multicast traffic is routed by the MSFC. Entering the command prevents the creation of MLS entries for short-lived multicast flows (such as join requests).

Note This command does not affect the flows that are already being routed. To apply the threshold to existing routes, clear the route and let it reestablish.

To configure the IP MMLS threshold, perform this task:

Task

Command

Configure the IP MMLS threshold.

Router(config)# [no] mls ip multicast threshold ppsec

This example shows how to configure the IP MMLS threshold to 10 packets per second:
Router(config)# mls ip multicast threshold 10 
Router(config)# 
Use the no keyword to deconfigure the threshold.

Enabling IP MMLS on MSFC Interfaces

IP MMLS is enabled by default on the MSFC interface when you enable IP PIM on the interface. Perform this task only if you disabled IP MMLS on the interface and you want to reenable it.

Note You must enable IP PIM on all the participating MSFC interfaces before IP MMLS will function. For information on configuring IP PIM on the MSFC interfaces, see the "Enabling IP PIM on MSFC Interfaces" section.

To enable IP MMLS on an MSFC interface, perform this task:

Task

Command

Enable IP MMLS on an MSFC interface.

Router(config-if)# [no] mls ip multicast

This example shows how to enable IP MMLS on an MSFC interface:
Router(config-if)# mls ip multicast
Router(config-if)# 
Use the no keyword to disable IP MMLS on an MSFC interface.

Displaying IP MMLS Interface Information

The show ip pim interface count command displays the IP MMLS enable state on the MSFC IP PIM interfaces and the number of packets that are received and sent on the interface.

The show ip interface command displays the IP MMLS enable state on an MSFC interface.

To display the IP MMLS information for an IP PIM MSFC interface, perform one of these tasks:

Task

Command

Display IP MMLS interface information.

Router# show ip pim interface [type number] count

Display the IP MMLS interface enable state.

Router# show ip interface

Displaying the IP Multicast Routing Table

The show ip mroute command displays the IP multicast routing table on the MSFC.

To display the IP multicast routing table, perform this task:

Task

Command

Display the IP multicast routing table.

Router# show ip mroute [group[source]] | [summary] | [count] | [active kbps]

This example shows how to display the IP multicast routing table for 239.252.1.1:
Router# show ip mroute 239.252.1.1 
IP Multicast Routing Table
Flags:D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned
       R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT
       M - MSDP created entry, X - Proxy Join Timer Running
       A - Advertised via MSDP
Outgoing interface flags:H - Hardware switched
Timers:Uptime/Expires
Interface state:Interface, Next-Hop or VCD, State/Mode
(*, 239.252.1.1), 04:04:59/00:02:59, RP 80.0.0.2, flags:SJ
  Incoming interface:Vlan800, RPF nbr 80.0.0.2
  Outgoing interface list:
    Vlan10, Forward/Dense, 01:29:57/00:00:00, H
(22.0.0.10, 239.252.1.1), 00:00:19/00:02:41, flags:JT
  Incoming interface:Vlan800, RPF nbr 80.0.0.2, RPF-MFD
  Outgoing interface list:
    Vlan10, Forward/Dense, 00:00:19/00:00:00, H
Monitoring IP MMLS on the MSFC

The show mls ip multicast command displays detailed information about IP MMLS.

To display the detailed IP MMLS information on the MSFC, perform one of these tasks:

Task

Command

Display IP MMLS group information.

Router# show mls ip multicast group group-address [interface type number | statistics]

Display IP MMLS details for all interfaces.

Router# show mls ip multicast interface type number [statistics | summary]

Display a summary of IP MMLS information.

Router# show mls ip multicast summary

Display IP MMLS statistics.

Router# show mls ip multicast statistics

Display IP MMLS source information.

Router# show mls ip multicast source ip-address [interface type number | statistics]

This example shows how to display the IP MMLS statistics on the MSFC:
Router# show mls ip multicast statistics 
MLS Multicast configuration and state:
    Router Mac:0050.0f2d.9bfd, Router IP:1.12.123.234
    MLS multicast operating  state:ACTIVE
    Maximum number of allowed outstanding messages:1
    Maximum size reached from feQ:1
    Feature Notification sent:5 
    Feature Notification Ack received:4 
    Unsolicited Feature Notification received:0 
    MSM sent:33 
    MSM ACK received:33 
    Delete notifications received:1 
    Flow Statistics messages received:248 
MLS Multicast statistics:
    Flow install Ack:9 
    Flow install Nack:0 
    Flow update Ack:2 
    Flow update Nack:0 
    Flow delete Ack:0 
    Complete flow install Ack:10 
    Complete flow install Nack:0 
    Complete flow delete Ack:1 
    Input VLAN delete Ack:4 
    Output VLAN delete Ack:0 
    Group delete sent:0 
    Group delete Ack:0 
    Global delete sent:7 
    Global delete Ack:7 
    L2 entry not found error:0 
    Generic error :3 
    LTL entry not found error:0 
    MET entry not found error:0 
    L3 entry exists error :0 
    Hash collision error :0 
    L3 entry not found error:0 
    Complete flow exists error :0 
This example shows how to display information on a specific IP MMLS entry on the MSFC:
Router# show mls ip multicast 224.1.1.1
Multicast hardware switched flows:
(1.1.13.1, 224.1.1.1) Incoming interface: Vlan13, Packets switched: 61590
Hardware switched outgoing interfaces: Vlan20 Vlan9 
RFD-MFD installed: Vlan13 
(1.1.9.3, 224.1.1.1) Incoming interface: Vlan9, Packets switched: 0
Hardware switched outgoing interfaces: Vlan20 
RFD-MFD installed: Vlan9 
(1.1.12.1, 224.1.1.1) Incoming interface: Vlan12, Packets switched: 62010
Hardware switched outgoing interfaces: Vlan20 Vlan9 
RFD-MFD installed: Vlan12 
(1.1.12.3, 224.1.1.1) Incoming interface: Vlan12, Packets switched: 61980
Hardware switched outgoing interfaces: Vlan20 Vlan9 
RFD-MFD installed: Vlan12 
(1.1.11.1, 224.1.1.1) Incoming interface: Vlan11, Packets switched: 62430
Hardware switched outgoing interfaces: Vlan20 Vlan9 
RFD-MFD installed: Vlan11 
(1.1.11.3, 224.1.1.1) Incoming interface: Vlan11, Packets switched: 62430
Hardware switched outgoing interfaces: Vlan20 Vlan9 
RFD-MFD installed: Vlan11 
Total hardware switched installed: 6
Router# 
This example shows how to display a summary of the IP MMLS information on the MSFC:
Router# show mls ip multicast summary
7 MMLS entries using 560 bytes of memory
Number of partial hardware-switched flows:2
Number of complete hardware-switched flows:5
Router# 
Using Debug Commands on the IP MMLS MSFC

Table 14-9 describes the IP MMLS-related debug troubleshooting commands.

Table 14-9 IP MMLS Debug Commands

Command

Description

[no] debug mls ip multicast group group_id group_mask

Configures filtering that applies to all the other multicast debugging commands.

[no] debug mls ip multicast events

Displays the IP MMLS events.

[no] debug mls ip multicast errors

Turns on the debug messages for the multicast MLS-related errors.

[no] debug mls ip multicast messages

Displays IP MMLS messages from/to the hardware switching engine.

[no] debug mls ip multicast all

Turns on all the IP MMLS messages.

[no] debug mdss error

Turns on the MDSS¹ error messages.

[no] debug mdss events

Turns on the MDSS-related events.

[no] debug mdss all

Turns on all the MDSS messages.

¹MDSS = Multicast Distributed Switching Services

Using Debug Commands on the SCP

Table 14-10 describes the Serial Control Protocol (SCP)-related debug commands to troubleshoot the SCP that runs over the Ethernet out-of-band channel (EOBC).

Table 14-10 SCP Debug Commands

Command

Description

[no] debug scp async

Displays the trace for asynchronous data in and out of the SCP system.

[no] debug scp data

Displays the packet data trace.

[no] debug scp errors

Displays the errors and warnings in the SCP.

[no] debug scp packets

Displays the packet data in and out of the SCP system.

[no] debug scp timeouts

Reports the timeouts.

[no] debug scp all

Turns on all the SCP debugging messages.

Displaying Global IP MMLS Information on the Supervisor Engine

These sections describe how to configure IP MMLS on Supervisor Engine 1:

•Displaying IP MMLS Configuration Information

•Displaying IP MMLS Statistics

•Clearing IP MMLS Statistics

•Displaying IP MMLS Entries

Note IP MMLS is permanently enabled on Supervisor Engine 1 and cannot be disabled.

Note To configure IP MMLS on the MSFC, see the "Configuring IP MMLS on the MSFC" section.

Displaying IP MMLS Configuration Information

The show mls multicast command displays the global IP MMLS configuration information and the state of the participating MSFCs.

To display the global IP MMLS configuration information, perform this task:

Task

Command

Display the global IP MMLS configuration information.

show mls multicast

This example shows how to display the global IP MMLS configuration information:
Console> (enable) show mls multicast
Admin Status: Enabled
Operational Status: Active
Configured flow mask is {Destination-source-vlan flow}
Active Entries = 10
Router include list : 
1.1.9.254 (Active)
1.1.5.252 (Active)
Console> (enable)
Displaying IP MMLS Statistics

The show mls multicast statistics command displays the IP MMLS statistics for the multicast MSFCs.

To display the IP MMLS statistics for the multicast MSFCs, perform this task:

Task

Command

Display the IP multicast MSFC statistics.

show mls multicast statistics [ip_addr]

This example shows how to display the IP MMLS statistics for the multicast MSFCs:
Console (enable) show mls multicast statistics 
Router IP          Router Name        Router MAC
-------------------------------------------------------
1.1.9.254          ?                  00-50-0f-06-3c-a0
Transmit:
  Delete Notifications:                     23
  Acknowledgements:                         92
  Flow Statistics:                          56
Receive:
  Open Connection Requests:                 1
  Keep Alive Messages:                      72
  Shortcut Messages:                        19
    Shortcut Install TLV:                   8
    Selective Delete TLV:                   4
    Group Delete TLV:                       0
    Update TLV:                             3
    Input VLAN Delete TLV:                  0
    Output VLAN Delete TLV:                 0
    Global Delete TLV:                      0
    MFD Install TLV:                        7
    MFD Delete TLV:                         0
Router IP          Router Name        Router MAC
-------------------------------------------------------
1.1.5.252          ?                  00-10-29-8d-88-01
Transmit:
  Delete Notifications:                     22
  Acknowledgements:                         75
  Flow Statistics:                          22
Receive:
  Open Connection Requests:                 1
  Keep Alive Messages:                      68
  Shortcut Messages:                        6
    Shortcut Install TLV:                   4
    Selective Delete TLV:                   2
    Group Delete TLV:                       0
    Update TLV:                             0
    Input VLAN Delete TLV:                  0
    Output VLAN Delete TLV:                 0
    Global Delete TLV:                      0
    MFD Install TLV:                        4
    MFD Delete TLV:                         0
Console (enable) 
Clearing IP MMLS Statistics

The clear mls multicast statistics command clears the IP MMLS statistics for all the participating MSFCs.

To clear the IP MMLS statistics, perform this task in privileged mode:

Task

Command

Clear the IP MMLS statistics.

clear mls multicast statistics

This example shows how to clear the IP MMLS statistics:
Console> (enable) clear mls multicast statistics 
All statistics for the MLS routers in include list are cleared.
Console> (enable)
Displaying IP MMLS Entries

The show mls multicast entry command displays information about the multicast flows that are handled by the PFC. You can display the entries that are based on any combination of the participating MSFC, the VLAN, the multicast group address, or the multicast traffic source.

To display information about the IP MMLS entries, perform this task in privileged mode:

Task

Command

Display information about the IP MMLS entries.

show mls multicast entry [[[mod] [vlan vlan_id] [group ip_addr] [source ip_addr]] | [all]]

This example shows how to display all the IP MMLS entries:
Console> (enable) show mls multicast entry all
Router IP       Dest IP         Source IP       Pkts       Bytes       InVlan  OutVlans
--------------- --------------- --------------- ---------- ----------- ------- --------
1.1.5.252       224.1.1.1       1.1.11.1        15870      2761380     20     
1.1.9.254       224.1.1.1       1.1.12.3        473220     82340280    12     
1.1.5.252       224.1.1.1       1.1.12.3        15759      2742066     20     
1.1.9.254       224.1.1.1       1.1.11.1        473670     82418580    11     
1.1.5.252       224.1.1.1       1.1.11.3        15810      2750940     20     
1.1.9.254       224.1.1.1       1.1.12.1        473220     82340280    12     
1.1.5.252       224.1.1.1       1.1.13.1        15840      2756160     20     
1.1.9.254       224.1.1.1       1.1.13.1        472770     82261980    13     
1.1.5.252       224.1.1.1       1.1.12.1        15840      2756160     20     
1.1.9.254       224.1.1.1       1.1.11.3        473667     82418058    11     
Total Entries: 10
Console> (enable)
This example shows how to display the IP MMLS entries for a specific MSFC:
Console> (enable) show mls multicast entry 15
Router IP       Dest IP         Source IP       Pkts       Bytes       InVlan  OutVlans
--------------- --------------- --------------- ---------- ----------- ------- --------
1.1.5.252       224.1.1.1       1.1.11.1        15870      2761380     20     
1.1.5.252       224.1.1.1       1.1.12.3        15759      2742066     20     
1.1.5.252       224.1.1.1       1.1.11.3        15810      2750940     20     
1.1.5.252       224.1.1.1       1.1.13.1        15840      2756160     20     
1.1.5.252       224.1.1.1       1.1.12.1        15840      2756160     20     
Total Entries: 5
Console> (enable)
This example shows how to display the IP MMLS entries for a specific multicast group address:
Console> (enable) show mls multicast entry group 226.0.1.3 short
Router IP      Dest IP     Source IP    InVlan Pkts   Bytes     OutVlans
-------------- ----------- ------------ ------ ------ --------- ---------
171.69.2.1     226.0.1.3   172.2.3.8    20     171    23512     10,201,22,45 
171.69.2.1     226.0.1.3   172.3.4.9    12     25     3120      8,20 
Total Entries: 2
Console> (enable)
This example shows how to display the IP MMLS entries for a specific MSFC and a specific multicast source address:
Console> (enable) show mls multicast entry 15 1.1.5.252 source 1.1.11.1 short
Router IP       Dest IP         Source IP       Pkts       Bytes      
 InVlan  OutVlans
--------------- --------------- --------------- ---------- -------------------- 
  ------ ----------
172.20.49.159   224.1.1.6       1.1.40.4        368        57776                
  40     23,25
172.20.49.159   224.1.1.71      1.1.22.2        99         65142                
  22     30,37
172.20.49.159   224.1.1.8       1.1.22.2        396        235620               
  22     13,19
Console> (enable)