-
Catalyst 6500 Series Cisco IOS Software Configuration Guide, 12.1E
-
Index
-
Preface
-
Product Overview
-
Command-Line Interfaces
-
Configuring the Switch for the First Time
-
Configuring EHSA Supervisor Engine Redundancy
-
Configuring RPR or RPR+ Supervisor Engine Redundancy
-
Interface Configuration Overview
-
Configuring Layer 2 Ethernet Interfaces
-
Configuring VTP
-
Configuring VLANs
-
Configuring Private VLANs
-
Configuring Cisco IP Phone Support
-
Configuring Layer 3 Interfaces
-
Configuring Layer 3 and Layer 2 EtherChannel
-
Configuring IEEE 802.1Q Tunneling and Layer 2 Protocol Tunneling
-
Configuring STP and IEEE 802.1s MST
-
Configuring STP Features
-
Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2
-
Configuring IP Multicast Layer 3 Switching
-
Configuring IP Unicast Layer 3 Switching on Supervisor Engine 1
-
Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1
-
Configuring IGMP Snooping
-
Configuring RGMP
-
Configuring Network Security
-
Configuring Denial of Service Protection
-
Configuring 802.1X Port-Based Authentication
-
Configuring Port Security
-
Configuring Layer 3 Protocol Filtering on Supervisor Engine 1
-
Configuring Traffic-Storm Control
-
Configuring Broadcast Suppression
-
Configuring CDP
-
Configuring UDLD
-
Configuring PFC QoS
-
Configuring NDE
-
Configuring Local and Remote SPAN
-
Configuring WCCP
-
Configuring the Switch Fabric Module
-
Configuring SNMP IfIndex Persistence
-
Power Management and Environmental Monitoring
-
Acronyms
-
Table Of Contents
Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1
Understanding How IPX MLS Works
Flow Mask Mode and show mls entry Command Output
Layer 3-Switched Packet Rewrite
Configuration Guidelines and Restrictions
Enabling IPX MLS on a Layer 3 Interface
Configuring the MLS Aging Time
Configuring the Minimum IPX MLS Flow Mask
Displaying IPX MLS Information
Displaying IPX MLS Cache Entries
Displaying All IPX MLS Cache Entries
Displaying IPX MLS Cache Entries for a Specific Destination Address
Displaying IPX MLS Cache Entries for a Specific Source Address
Displaying IPX MLS Cache Entries for a Specific Interface
Displaying IPX MLS Cache Entries for a Specific MAC Destination or Source Address
Displaying the IPX MLS Contention Table
Displaying IPX MLS VLAN Statistics
Clearing IPX MLS Cache Entries
Configuring IPX Unicast Layer 3 Switching on Supervisor Engine 1
Note
The features described in this chapter are supported only on Supervisor Engine 1, PFC, and MSFC or MSFC2. For information about Supervisor Engine 2, PFC2, and MSFC2 see Chapter 17, "Configuring IP Unicast Layer 3 Switching on Supervisor Engine 2."
Supervisor Engine 1 with PFC and MSFC or MSFC2 provide Layer 3 switching with Multilayer Switching (MLS). This chapter describes how to configure Internetwork Packet Exchange (IPX) Layer 3 switching on the Catalyst 6500 series switch.
Note
This chapter consists of these sections:
•
•
•
•
•
Note
Understanding How IPX MLS Works
These sections provide an overview of MLS and describe how MLS works:
•
IPX MLS Overview
IPX MLS provides high-performance hardware-based Layer 3 switching for Catalyst 6500 series switches. IPX MLS switches unicast IPX data packet flows between networks using advanced application-specific integrated circuit (ASIC) switching hardware, offloading processor-intensive packet routing from network routers.
The packet forwarding function is moved onto Layer 3 switches whenever a partial or complete switched path exists between two hosts. Packets that do not have a partial or complete switched path to reach their destinations are still forwarded by routers. Standard routing protocols, such as Routing Information Protocol (RIP), Enhanced Interior Gateway Protocol (EIGRP), and NetWare Link Services Protocol (NLSP), are used for route determination.
IPX MLS Flows
Layer 3 protocols, such as IP and IPX, are connectionless—they deliver every packet independently of every other packet. However, actual network traffic consists of many end-to-end conversations, or flows, between users or applications.
A flow is a unidirectional sequence of packets between a particular source and destination that share the same protocol and network-layer information. Communication from a client to a server and from the server to the client are separate flows.
Flows are based only on Layer 3 addresses, which allow IPX traffic from multiple users or applications to a particular destination to be carried on a single flow if only the destination IPX address is used to identify a flow.
Layer 3 MLS Cache
The Policy Feature Card (PFC) maintains a Layer 3 switching table (MLS cache) for the Layer 3-switched flows. The cache includes entries for traffic statistics that are updated as packets are switched. After the MLS cache is created, packets identified as belonging to an existing flow can be Layer 3 switched based on the cached information. The MLS cache maintains flow information for all active flows.
An IPX MLS cache entry is created for the initial packet of each flow. Upon receipt of a packet that does not match any flow currently in the MLS cache, a new IPX MLS entry is created.
The state and identity of the flow are maintained while packet traffic is active; when traffic for a flow ceases, the entry ages out. You can configure the aging time for IPX MLS entries kept in the MLS cache. If an entry is not used for the specified period of time, the entry ages out and statistics for that flow can be exported to a flow collector application.
The maximum MLS cache size is 128K entries. However, an MLS cache larger than 32K entries increases the probability that a flow will not be switched by the PFC and will get forwarded to the MSFC.
Flow Masks
The PFC uses flow mask modes to determine how IPX MLS entries are created. The flow mask mode is based on the access lists configured on the IPX MLS router interfaces.
These sections describe how the flow mask modes work:
•
Flow Mask Modes
The PFC supports only one flow mask (the most specific one). When the PFC flow mask changes, the entire MLS cache is purged. When the PFC exports cached entries, flow records are created based on the current flow mask mode. Depending on the current mode, some fields in the flow record might not have values. Unsupported fields are filled with a dash (-).
The flow mask modes for IPX MLS are as follows:
•
•
Flow Mask Mode and show mls entry Command Output
The flow mask mode impacts the screen output of the show mls ipx command. In destination mode, the destination IPX address of the switched flows are displayed, along with the packet rewrite information: rewritten destination MAC, rewritten VLAN, and egress interface.
Layer 3-Switched Packet Rewrite
When a packet is Layer 3 switched from a source host to a destination host, the PFC performs a packet rewrite, based on information learned from the MSFC and stored in the MLS cache.
If Host A and Host B are on different VLANs and Host A sends a packet to the MSFC to be routed to Host B, the PFC recognizes that the packet was sent to the MAC address of the MSFC. The PFC checks the MLS cache and finds the entry matching the flow in question.
Received IPX packets are formatted (conceptually) as follows:
The PFC rewrites the Layer 2 frame header, changing the destination MAC address to the MAC address of Host B and the source MAC address to the MAC address of the MSFC (these MAC addresses are stored in the IPX MLS cache entry for this flow). The Layer 3 IPX addresses remain the same. The PFC rewrites the switched Layer 3 packets so that they appear to have been routed by a router.
The PFC forwards the rewritten packet to Host B's VLAN (the destination VLAN is saved in the IPX MLS cache entry) and Host B receives the packet.
After the switch rewrites an IPX packet, it is formatted (conceptually) as follows:
IPX MLS Operation
Figure 20-1 displays a conceptual IPX MLS network topology. In this example, Host A is on the Sales VLAN (IPX address 01.Aa), Host B is on the Marketing VLAN (IPX address 03.Bb), and Host C is on the Engineering VLAN (IPX address 02.Cc).
When Host A initiates a file transfer to Host C, an IPX MLS entry for this flow is created (this entry is the second item in the table shown in Figure 20-1). The PFC stores the MAC addresses of the MSFC and Host C in the IPX MLS entry when the MSFC forwards the first packet from Host A through the switch to Host C. The PFC uses this information to rewrite subsequent packets from Station A to Station C.
Similarly, a separate IPX MLS entry is created in the MLS cache for the traffic from Host A to Host B, and for the traffic from Host B to Host A. The destination VLAN is stored as part of each IPX MLS entry so that the correct VLAN identifier is used when encapsulating traffic on trunk links.
Figure 20-1 IPX MLS Example Topology
Default IPX MLS Configuration
Table 20-1 displays the default IPX MLS configuration.
Configuration Guidelines and Restrictions
•
–
–
–
–
–
•
Configuring IPX MLS
These sections describe how to configure IPX MLS:
•
•
•
Note
Note
Enabling IPX MLS Globally
IPX MLS is enabled globally and cannot be disabled.
Enabling IPX MLS on a Layer 3 Interface
To enable IPX MLS on an interface, perform this task:
Step 1
Router(config)# interface {{vlan vlan_ID} | {type1 slot/port} | {port-channel number}}
Selects the interface to configure.
Step 2
Router(config-if)# mls ipx
Enables IPX MLS.
Router(config-if)# no mls ipx
Disables IPX MLS.
1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
This example shows how to enable IPX MLS for Fast Ethernet interface 5/5:
Router(config)# interface fastethernet 5/5Router(config-if)# mls ipxRouter(config-if)#To display the IPX MLS interface configuration, perform this task:
Router# show [ipx [interface {{vlan vlan_ID} | {type1 slot/port} | {port-channel number}}] | nde]
Displays MLS details for an interface.
1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
This example shows how to display interface IPX MLS information for interface VLAN 200:
Router# show ipx interface vlan 200Vlan200 is up, line protocol is upIPX address is 2.0050.3e8d.6400, NOVELL-ETHER [up]Delay of this IPX network, in ticks is 1 throughput 0 link delay 0IPXWAN processing not enabled on this interface.IPX SAP update interval is 60 secondsIPX type 20 propagation packet forwarding is disabledIncoming access list is not setOutgoing access list is not setIPX helper access list is not setSAP GGS output filter list is not setSAP GNS processing enabled, delay 0 ms, output filter list is not setSAP Input filter list is not setSAP Output filter list is not setSAP Router filter list is not setInput filter list is not setOutput filter list is not setRouter filter list is not setNetbios Input host access list is not setNetbios Input bytes access list is not setNetbios Output host access list is not setNetbios Output bytes access list is not setUpdates each 60 seconds aging multiples RIP: 3 SAP: 3SAP interpacket delay is 55 ms, maximum size is 480 bytesRIP interpacket delay is 55 ms, maximum size is 432 bytesRIP response delay is not setIPX accounting is disabledIPX fast switching is configured (enabled)RIP packets received 0, RIP packets sent 1, 0 ThrottledRIP specific requests received 0, RIP specific replies sent 0RIP general requests received 0, 0 ignored, RIP general replies sent 0SAP packets received 0, SAP packets sent 1, 0 ThrottledSAP GNS packets received 0, SAP GNS replies sent 0SAP GGS packets received 0, 0 ignored, SAP GGS replies sent 0IPX mls switching is enabledRouter#Configuring the MLS Aging Time
The MLS aging time applies to all MLS cache entries. See the "Configuring the MLS Aging Time" section on page 33-10.
Note
Configuring the Minimum IPX MLS Flow Mask
You can configure the minimum granularity of the flow mask for the MLS cache on the PFC. The actual flow mask used will be at least of the granularity specified by this command. For information on how the different flow masks work, see the "Flow Masks" section.
Caution
To configure the minimum IPX MLS flow mask, perform this task:
Router(config)# mls flow ipx {destination | destination-source}
Configures the minimum IPX MLS flow mask.
Router(config)# no mls flow ipx
Reverts to the default IPX MLS flow mask.
This example displays how to configure the minimum IPX MLS flow mask to destination:
Router(config)# mls flow ipx destinationRouter(config)#To display the IPX MLS flow mask configuration, perform this task:
This example displays the MLS flow mask configuration:
Router# show mls flowmaskcurrent ip flowmask for unicast: destination onlycurrent ipx flowmask for unicast: destination onlyDisplaying IPX MLS Information
This section describes the commands used to display IPX MLS configuration and statistics for the switch and the various interfaces and is separated into the following:
•
•
•
Displaying IPX MLS Cache Entries
The show mls ipx command displays IPX shortcut cache entries. You can specify the following parameters to focus the information displayed:
•
•
•
•
To display all IPX MLS entries on the switch, perform this task:
Router# show mls ipx [destination ipx_network_address | interface {{vlan vlan_ID} | {type1 slot/port} | {port-channel number}} | macd destination_mac_address | macs source_mac_address | source ipx_network_address]]
Displays various IPX MLS cache entries.
1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
These sections provide examples of how to display specific IPX MLS cache entries on the switch:
•
•
•
•
•
Displaying All IPX MLS Cache Entries
To display all IPX MLS cache entries on the switch, perform this task:
This example shows how to display all IPX MLS entries on the switch:
Router# show mls ipxDstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes-----------------------------------------------------------------------SrcDstPorts SrcDstEncap Age LastSeen----------------------------------------Number of Entries Found = 0Router#Displaying IPX MLS Cache Entries for a Specific Destination Address
To display IPX MLS cache entries for a specific destination IPX address, perform this task:
Router# show mls ipx [destination ipx_addr]
Displays IPX MLS entries for a specific destination address (net_address.node_address).
This example shows how to display IPX MLS entries for a specific destination address:
Router# show mls ipx destination 1.2.2.2DstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes-----------------------------------------------------------------------SrcDstPorts SrcDstEncap Age LastSeen----------------------------------------Number of Entries Found = 0Router#Displaying IPX MLS Cache Entries for a Specific Source Address
To display IPX MLS cache entries for a specific source network address, perform this task:
Router# show mls ipx source ipx_address
Displays IPX MLS entries for a specific source network address (net_address).
Note
This example shows how to display IPX MLS entries for a specific source IPX address:
Router# show mls ipx source 1.2.2.2DstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes-----------------------------------------------------------------------SrcDstPorts SrcDstEncap Age LastSeen----------------------------------------Number of Entries Found = 0Router#Displaying IPX MLS Cache Entries for a Specific Interface
To display IPX MLS entries for a specific interface, perform this task:
Router# show mls ipx interface {{vlan vlan_ID} | {type1 slot/port} | {port-channel number}}
Displays IPX MLS cache entries for a specific interface.
1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
This example shows how to display IPX MLS entries for IPX Fast Ethernet interface 5/4:
Router# show mls ipx interface fastethernet 5/4DstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes-----------------------------------------------------------------------SrcDstPorts SrcDstEncap Age LastSeen----------------------------------------Number of Entries Found = 0Router#Displaying IPX MLS Cache Entries for a Specific MAC Destination or Source Address
To display IPX MLS entries for a specific MAC destination or source address, perform this task:
Router# show mls ipx [macd destination_address | macs source_address]
Displays IPX MLS cache entries for a specific destination or source MAC address.
This example shows how to display IPX MLS entries for a specific MAC destination address:
Router# show mls ipx macd aaaa.bbbb.bbbbDstNet-DstNode SrcNet DstVlan-DstMac Pkts Bytes-----------------------------------------------------------------------SrcDstPorts SrcDstEncap Age LastSeen----------------------------------------Number of Entries Found = 0Router#Displaying the IPX MLS Contention Table
The show mls table-contention command displays the flow contention level for the switch. The table contention level (TCL) is indicated with a number ranging from 0 (normal) to 3 (maximum). When reaching levels 1 through 3, accelerated aging starts, which begins to age out entries at a rate suitable to reduce the current contention rate. The detailed option displays the breakdown of contention between different flows.
To show the MLS contention table and VLAN statistics for the switch, perform this task:
Router# show mls table-contention [detailed | summary]
Displays the IPX MLS contention table.
This example displays the IPX MLS contention table for the switch:
Router# show mls table-contention detailedDetailed Table Contention Level Information===========================================Layer 3-------L3 Contention Level: 0Page Hits Requiring 1 Lookup = 10Page Hits Requiring 2 Lookups = 0Page Hits Requiring 3 Lookups = 0Page Hits Requiring 4 Lookups = 0Page Hits Requiring 5 Lookups = 0Page Hits Requiring 6 Lookups = 0Page Hits Requiring 7 Lookups = 0Page Hits Requiring 8 Lookups = 0Page Misses = 0Router#Displaying IPX MLS VLAN Statistics
The show mls vlan-statistics command displays VLAN-based statistics for IPX MLS cache entries. Specifying a VLAN identifier results in a display with only the shortcuts for that VLAN. If you specify a slot, only the information about that slot is shown; otherwise, all entries are displayed.
To display the IPX MLS VLAN statistics for the switch, perform this task:
This example displays the VLAN statistics for VLAN 1 for every slot in the switch:
Router# show mls vlan-statistics 1Slot 0=======Vlan 1 Statistics Information:-------------------------------65280 Layer 2 Packets Bridged, 0 Bytes65280 Layer 3 Packets Input, 0 Bytes65280 Layer 3 Packets Output, 0 BytesSlot 1=======Vlan 1 Statistics Information:-------------------------------65280 Layer 2 Packets Bridged, 0 Bytes65280 Layer 3 Packets Input, 0 Bytes65280 Layer 3 Packets Output, 0 BytesSlot 2=======Vlan 1 Statistics Information:-------------------------------65280 Layer 2 Packets Bridged, 0 Bytes65280 Layer 3 Packets Input, 0 Bytes65280 Layer 3 Packets Output, 0 BytesSlot 3=======Vlan 1 Statistics Information:-------------------------------65280 Layer 2 Packets Bridged, 0 Bytes65280 Layer 3 Packets Input, 0 Bytes65280 Layer 3 Packets Output, 0 BytesSlot 4=======Vlan 1 Statistics Information:-------------------------------65280 Layer 2 Packets Bridged, 0 Bytes65280 Layer 3 Packets Input, 0 Bytes65280 Layer 3 Packets Output, 0 BytesSlot 5(Information Deleted)Clearing IPX MLS Cache Entries
Clear IPX shortcut entries in the Layer 3 table based on the entered criteria. The clear mls ipx command clears shortcut entries in the Layer 3 tables matching configured parameters. If none of the following parameters are entered, all IPX Layer 3 entries in the table are cleared:
•
•
•
•
To clear the IPX MLS statistics, perform this task:
Router# clear mls ipx [exclude protocol [all port 1-96 | tcp port 1-96 | udp port 1-96] | [destination [hostname | ipx_address] interface {{vlan vlan_ID} | {type1 slot/port} | {port-channel number}} | macd destination_mac_address | macs source_mac_address]]
Clears the IPX MLS statistics.
1 type = ethernet, fastethernet, gigabitethernet, or tengigabitethernet
This example shows how to clear the MLS cache entries in the Layer 3 table IPX interface, Fast Ethernet interface 5/5:
Router# clear mls ipx interface fastethernet 5/5Router#To display the MLS entries and confirm they have been cleared, see the "Displaying IPX MLS Information" section.
Troubleshooting IPX MLS
Table 20-2 describes debug commands that you can use to troubleshoot IPX MLS problems.
To configure the debug commands that you can use to troubleshoot IPX MLS problems, perform this task:
This example displays how to configure all IPX debugging:
Router# debug mls ipx allmls ip all debugging is onRouter#
Note
Table 20-3 describes the Serial Control Protocol (SCP)-related debug commands to troubleshoot the SCP that runs over the Ethernet out-of-band channel (EOBC).
