-
Catalyst Supervisor Engine 32 PISA IOS Command Reference, 12.2ZY
-
Index
-
Preface
-
Command-Line Interface
-
action to channel-group
-
channel-protocol to class-map
-
clear cable-diagnostics tdr to copy /noverify
-
define interface-range to duplex
-
eigrp event-log-size to mls exclude
-
mls flow to pagp port
-
platform ip features pisa to process-min-time percent
-
rcv-queue to show bootvar
-
show cable-diagnostics to show ip cache
-
show ip cef to show mls asic
-
show mls cef to show qm-sp
-
show queueing to show vtp
-
shutdown vlan to test cable-diagnostics
-
tunnel udlr address-resolution to username
-
verify to wrr-queue
-
wrr-queue cos-trap to wrr-queue threshold
-
Acronyms
-
Acknowledgments for Open-Source Software
-
Table Of Contents
mls ip cef accounting per-prefix
mls ip cef rpf hw-enable-rpf-acl
mls ip cef rpf interface-group
mls ip multicast (global configuration mode)
mls ip multicast (interface configuration mode)
mls ip multicast bidir gm-scan-interval
mls ip multicast consistency-check
mls ip multicast flow-stat-timer
mls ip multicast replication-mode
mls ip nat netflow-frag-l4-zero
mls ip reflexive ndr-entry tcam
mls ipv6 acl compress address unicast
mls mpls (guaranteed bandwidth traffic engineering)
mls qos (global configuration mode)
mls qos (interface configuration mode)
mls qos marking ignore port-trust
mls qos statistics-export (global configuration mode)
mls qos statistics-export (interface configuration mode)
mls qos statistics-export aggregate-policer
mls qos statistics-export class-map
mls qos statistics-export delimiter
mls qos statistics-export destination
mls qos statistics-export interval
mls rate-limit unicast l3-features
mls rate-limit unicast vacl-log
mls rp ip (global configuration mode)
mls rp ip (interface configuration mode)
mls rp ipx (global configuration mode)
mls rp ipx (interface configuration mode)
mode dot1q-in-dot1q access-gateway
monitor event-trace (global configuration)
name (MST configuration submode)
mls flow
To configure the flow mask for NDE, use the mls flow command. To restore the flow mask to the default, use the no form of this command.
mls flow {{ip | ipv6} {destination | destination-source | full | interface-destination-source | interface-full | source}}
no mls flow {ip | ipv6}
Syntax Description
Command Default
The NDE flow mask is null.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
This command collects statistics for the supervisor engine.
Examples
This example shows how to set the minimum flow mask for an extended access list for MLS IP:
Router(config)# mls flow ip fullRouter(config)#Related Commands
mls ip
To enable MLS IP for the internal router on the interface, use the mls ip command. To disable MLS IP on the interface, use the no form of this command.
mls ip
no mls ip
Syntax Description
This command has no arguments or keywords.
Command Default
Multicast is disabled.
Command Modes
Interface configuration
Command History
Examples
This example shows how to enable shortcuts for MLS IP:
Router(config-if)# mls ipRouter(config-if)#Related Commands
Allows the external systems to enable MLS IP on a specified interface.
Displays the MLS IP information.
mls ip acl port expand
To enable ACL-specific features for Layer 4, use the mls ip acl port expand command. To disable the ACL-specific Layer 4 features, use the no form of this command.
mls ip acl port expand
no mls ip acl port expand
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
Examples
This example shows how to enable the expansion of ACL logical operations on Layer 4 ports:
Router(config)# mls ip acl port expandRouter(config)#mls ip cef accounting per-prefix
To enable MLS per-prefix accounting, use the mls ip cef accounting per-prefix command. To disable MLS per-prefix accounting, use the no form of this command
mls ip cef accounting per-prefix prefix-entry prefix-entry-mask [instance-name]
no mls ip cef accounting per-prefix
Syntax Description
prefix
Prefix entry in the format A.B.C.D.
prefix-entry-mask
Prefix entry mask in the format A.B.C.D.
instance-name
(Optional) VPN routing and forwarding instance name.
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Per-prefix accounting collects the adjacency counters used by the prefix. When the prefix is used for accounting, the adjacency cannot be shared with other prefixes. You can use per-prefix accounting to account for the packets sent to a specific destination.
Examples
This example shows how to enable MLS per-prefix accounting:
Router(config)# mls ip cef accounting per-prefix 172.20.52.18 255.255.255.255Router(config)#This example shows how to disable MLS per-prefix accounting:
Router(config)# no mls ip cef accounting per-prefixRouter(config)#Related Commands
show mls cef ip accounting per-prefix
Displays all the prefixes that are configured for the statistic collection.
mls ip cef load-sharing
To configure the CEF load balancing, use the mls ip cef load-sharing command. To return to the default settings, use the no form of this command.
mls ip cef load-sharing [full [exclude-port {destination | source}]] [simple]
no mls ip cef load-sharing
Syntax Description
Command Default
Source and destination IP address and universal identification
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The mls ip cef load-sharing command affects the IPv4, the IPv6, and the MPLS forwardings.
The mls ip cef load-sharing command is structured as follows:
•
mls ip cef load-sharing full—Uses Layer 3 and Layer 4 information with multiple adjacencies.
•
•
For additional guidelines, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide—Release 12.2ZY.
Examples
This example shows how to set load balancing to include Layer 3 and Layer 4 ports with multiple adjacencies:
Router(config)# mls ip cef load-sharing fullRouter(config)#This example shows how to set load balancing to exclude the destination Layer 4 ports and source and destination IP addresses (Layer 3) from the load-balancing algorithm:
Router(config)# mls ip cef load-sharing full exclude-port destinationRouter(config)#This example shows how to set load balancing to exclude the source Layer 4 ports and source and destination IP addresses (Layer 3) from the load-balancing algorithm:
Router(config)# mls ip cef load-sharing full exclude-port sourceRouter(config)#This example shows how to return to the default setting:
Router(config)# no mls ip cef load-sharingRouter(config)#Related Commands
mls ip cef rate-limit
To rate-limit CEF-punted data packets, use the mls ip cef rate-limit command. To disable the rate-limited CEF-punted data packets, use the no form of this command.
mls ip cef rate-limit pps
no mls ip cef rate-limit
Syntax Description
Command Default
No rate limit is configured.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Certain denial-of-service attacks target the route processing engines of routers. Certain packets that cannot be forwarded by the PFC are directed to the PISA for processing. Denial-of-service attacks can overload the route processing engine and cause routing instability when running dynamic routing protocols. You can use the mls ip cef rate-limit command to limit the amount of traffic that is sent to the PISA to prevent denial-of-service attacks against the route processing engine.
This command rate limits all CEF-punted data packets including the following:
•
•
Setting the rate to a low value could impact the packets that are destined to the IP addresses of the local interfaces and the packets that require ARP. You should use this command to limit these packets to a normal rate and to avoid abnormal incoming rates.
For additional guidelines, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide—Release 12.2ZY.
Examples
This example shows how to enable and set rate limiting:
Router(config)# mls ip cef rate-limit 50000Router(config)#Related Commands
mls ip cef rpf hw-enable-rpf-acl
To enable hardware uRPF for packets matching the deny ace when uRPF with ACL is enabled, use the mls ip cef rpf hw-enable-rpf-acl command. To disable hardware uRPF when RPF and ACL are enabled, use the no form of this command.
mls ip cef rpf hw-enable-rpf-acl
no mls ip cef rpf hw-enable-rpf-acl
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
If you do not enter the mls ip cef rpf hw-enable-rpf-acl command, when the uRPF with ACL is specified, packets that are permitted by the uRPF ACL are forwarded in hardware and the denied packets are sent to the PISA for the uRPF check. This command enables hardware forwarding with the uRPF check for the packets that are denied by the uRPF ACL. However in this case packets permitted by uRPF ACL are sent to the PISA for forwarding.
uRPF is not supported on PVLAN host ports.
Examples
This example shows how to enable hardware uRPF when RPF and ACL are enabled:
Router(config)# mls ip cef rpf hw-enable-rpf-aclRouter(config)#This example shows how to disable hardware uRPF when RPF and ACL are enabled:
Router(config)# no mls ip cef rpf hw-enable-rpf-aclRouter(config)#Related Commands
ip verify unicast source reachable-via {any | rx}
Enables and configures RPF checks with ACL.
mls ip cef rpf interface-group
To define an interface group in the RPF-VLAN table, use the mls ip cef rpf interface-group command. To delete the interface group, use the no form of this command.
mls ip cef rpf interface-group group-number interface1 interface2 interface3 [...]
no mls ip cef rpf interface-group group-number interface1 interface2 interface3 [...]
Syntax Description
Command Default
No groups are configured.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
A single interface group contains three to six interfaces. You can configure up to four interface groups. For each interface group, the first four entries are installed in the hardware RPF-VLAN table.
Enter the interface as interface-typemod/port.
Separate each interface entry with a space. You do not have to include a space between the interface-type and the mod/port arguments. See the "Examples" section for a sample entry.
Examples
This example shows how to define an interface group:
Router(config)# mls ip cef rpf interface-group 0 F2/1 F2/2 F2/3 F2/4 F2/5 F2/6Router(config)#mls ip cef rpf multipath
To configure the RPF modes, use the mls ip cef rpf multipath command. To return to the default settings, use the no form of this command.
mls ip cef rpf multipath {interface-group | punt | pass}
Syntax Description
Command Default
punt
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The interface-group mode is similar to the pass mode but utilizes the RPF_VLAN global table for the RPF check. Packets from other multiple path prefixes always pass the RPF check.
You enter the mls ip cef rpf multipath interface-group command to define an RPF_VLAN table interface group. One interface group contains from three to six interfaces, and you can configure up to four interface groups. For each interface group, the first four entries are installed in the hardware RPF_VLAN table. For the prefix that has more than three multiple paths, and all paths except two are part of that interface group, the FIB entry of that prefix uses this RPF_VLAN entry.
Examples
This example shows how to redirect the RPF-failed packets to the route processor for multiple path prefix support:
Router(config)# mls ip cef rpf multipath interface-groupRouter(config)#Related Commands
mls ip delete-threshold
To delete the configured ACL thresholds, use the mls ip delete-threshold command.
mls ip delete-threshold acl-num
Syntax Description
Command Default
This command has no default settings.
Command Default
Global configuration (config)
Command History
Usage Guidelines
The mls ip delete-threshold command is active only when you enable the mls ip reflexive ndr-entry tcam command.
Examples
This example shows how to delete an ACL threshold:
Router(config)# mls ip delete-threshold 223Router(config)#Related Commands
Installs the configured ACL thresholds.
Enables the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR.
mls ip directed-broadcast
To enable the hardware switching of the IP-directed broadcasts, use the mls ip directed-broadcast command. To return to the default settings, use the no form of this command.
mls ip directed-broadcast {exclude-router | include-router}
no mls ip directed-broadcast
Syntax Description
Command Modes
Disabled
Command Default
Interface configuration
Command History
Usage Guidelines
The exclude-router and include-router keywords both support hardware switching, but exclude-router does not send a copy of the hardware-switched packets to the router. If you enter the include-router keyword, the router does not forward the IP-directed broadcast packet again.
In the default mode, IP-directed broadcast packets are not forwarded in the hardware; they are handled at the process level by the PISA. The PISA decision to forward or not forward the packet is dependent on the ip directed-broadcast command configuration.
There is no interaction between the ip directed-broadcast command and the mls ip directed-broadcast command. The ip directed-broadcast command involves software forwarding, and the mls ip directed-broadcast command involves hardware forwarding.
MLS IP-directed broadcast supports a secondary interface address.
Any packets that hit the CPU are not forwarded unless you add the ip directed-broadcast command to the same interface.
You can configure the MLS IP-directed broadcasts on a port-channel interface but not on the physical interfaces on the port-channel interface. If you want to add a physical interface to a port-channel group, the physical interface cannot have the MLS IP-directed broadcast configuration. You have to first remove the configuration manually and then add the physical interface to the channel group. If a physical interface is already part of a channel group, the CLI will not accept the mls ip directed-broadcast configuration command on that physical interface.
Examples
This example shows how to forward the IP-directed broadcast packet in the hardware to all hosts in the VLAN with the exception of the router:
Router(config-if)# mls ip directed-broadcast exclude-routerRouter(config-if)#This example shows how to forward the IP-directed broadcast packet in the hardware to all hosts in the VLAN:
Router(config-if)# mls ip directed-broadcast include-routerRouter(config-if)#Related Commands
mls ip inspect
To permit traffic through any ACLs that would deny the traffic through other interfaces, use the mls ip inspect command. To return to the default settings, use the no form of this command.
mls ip inspect acl-name
no mls ip inspect acl-name
Syntax Description
Command Modes
Disabled
Command Default
Global configuration (config)
Command History
Usage Guidelines
On a Catalyst 6500 series switch, when interfaces are configured to deny traffic, the CBAC permits traffic to flow bidirectionally only through the interface that is configured with the ip inspect command.
Examples
This example shows how to permit the traffic through a specific ACL (named deny_ftp_c):
Router(config)# mls ip inspect deny_ftp_cRouter(config)#Related Commands
mls ip install-threshold
To install the configured ACL thresholds, use the mls ip install-threshold command.
mls ip install-threshold acl-num
Syntax Description
Command Modes
This command has no default settings.
Command Default
Global configuration (config)
Command History
Usage Guidelines
The mls ip install-threshold command is active only when you enable the mls ip reflexive ndr-entry tcam command.
Examples
This example shows how to install an ACL threshold:
Router(config)# mls ip install-threshold 123Router(config)#Related Commands
Deletes configured ACL thresholds.
Enables the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR.
mls ip multicast (global configuration mode)
To enable MLS IP and configure the hardware switching globally, use the mls ip multicast command. To disable MLS IP, use the no form of this command.
mls ip multicast [capability]
mls ip multicast [vrf name] [connected | egress local | mfd | refresh-state | shared-tree-mfd | threshold ppsec]
no mls ip multicast [vrf]
Syntax Description
Command Modes
The defaults are as follows:
•
•
•
•
•
•
•
Command Default
Global configuration (config)
Command History
Usage Guidelines
Note
When entering the mls ip multicast egress local command, ensure that IPv6 multicast is not enabled. Since the egress multicast replication performance enhancement feature cannot separately turn on or turn off IPv4 and IPv6, you cannot have IPv4 and IPv6 multicast enabled when this feature is turned on.
These optional keywords are supported:
•
•
•
•
•
The threshold ppsec optional keyword and argument do not impact flows that are already populated in the hardware cache.
The expiration time refresh is updated when flow statistics are received from the Catalyst 6500 series switch (indicating that the traffic is received from the RPF interface).
Examples
This example shows how to enable the MLS IP shortcuts:
Router(config)# mls ip multicastRouter(config)#This example shows how to enable the hardware switching on a specific multicast route:
Router(config)# mls ip multicast vrf test1Router(config)#This example shows how to export the information about egress capability from the switch processor to the route processor:
Router(config)# mls ip multicast capabilityRouter(config)#This example shows how to populate the multicast expansion table with local Layer 3-routed interfaces:
Router(config)# mls ip multicast egress localRouter(config)#Related Commands
Enables external systems to establish IP shortcuts to the PISA.
Displays the MLS IP information.
mls ip multicast (interface configuration mode)
To enable MLS IP shortcuts on the interface, use the mls ip multicast command. To disable MLS IP shortcuts on the interface, use the no form of this command.
mls ip multicast
no mls ip multicast
Syntax Description
This command has no arguments or keywords.
Command Modes
Multicast is disabled.
Command Default
Interface configuration
Command History
Examples
This example shows how to enable the MLS IP shortcuts:
Router(config-if)# mls ip multicastRouter(config-if)#Related Commands
mls ip multicast bidir gm-scan-interval
To set the RPF scan interval for the Bidir rendezvous point, use the mls ip multicast bidir gm-scan-interval command. To disable the RPF scan interval for the Bidir rendezvous point, use the no form of this command.
mls ip multicast bidir gm-scan-interval interval
no mls ip multicast bidir gm-scan-interval
Syntax Description
Command Modes
10 seconds
Command Modes
Global configuration (config)
Command History
Usage Guidelines
When you set the RPF scan interval for the Bidir rendezvous point, you set the time that the periodic scan timer updates the RPF in the DF table for all Bidir rendezvous points in the hardware.
Examples
This example shows how to set the RPF scan interval for the Bidir rendezvous point:
Router(config)# mls ip multicast bidir gm-scan-interval 30Router(config)#Related Commands
mls ip multicast connected
To enable the downloading of directly connected subnets globally, use the mls ip multicast connected command. To disable the downloading of directly connected subnets globally, use the no form of this command.
mls ip multicast connected
no mls ip multicast connected
Syntax Description
This command has no arguments or keywords.
Command Modes
Disabled
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Do not create directly connected subnets for the following cases:
•
•
•
In these cases, if you enable the downloading of directly connected subnets, the directly connected source hits the MMLS (*,G) entry and is switched using the MMLS (*,G) entry. The registers are not sent to the route processor (in the case of PIM-SM), and the (S,G) state is not created on the first hop (in the case of PIM-DM).
The subnet entry is installed in the TCAM entries with a shorter mask to catch directly connected sources before they hit such entries. You can punt traffic from directly connected sources to the PISA. Once the PISA sees this traffic, it can install an MMLS (S,G) entry for this source, which gets installed before the subnet entry in the TCAM. New packets from this source are now switched with the (S,G) entry.
Examples
This example shows how to enable the downloading of directly connected subnets:
Router(config)# mls ip multicast connectedRouter(config)#Related Commands
Enables MLS IP and configures the hardware switching globally.
Displays the MLS IP information.
mls ip multicast consistency-check
To enable and configure the hardware-shortcut consistency checker, use the mls ip multicast consistency-check command. To disable the consistency checkers, use the no form of this command.
mls ip multicast consistency-check [{settle-time seconds} | {type scan-mroute [count count-number] | {settle-time seconds}} | {period seconds}]
no mls ip multicast consistency-check
Syntax Description
Command Default
The defaults are as follows:
•
•
•
•
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The oif entry is the outgoing interface of a multicast {*,G} or {source, group} flow.
The consistency checker scans the mroute table and assures that the multicast-hardware entries are consistent with the mroute table. Whenever an inconsistency is detected, the inconsistency is automatically corrected.
To display the inconsistency error, use the show mls ip multicast consistency-check command.
Examples
This example shows how to enable the hardware-shortcut consistency checker:
Router (config)# mls ip multicast consistency-checkRouter (config)#This example shows how to enable the hardware-shortcut consistency checker and configure the scan check of the mroute table:
Router (config)# mls ip multicast consistency-check type scan-mroute count 20 period 35Router (config)#This example shows how to enable the hardware-shortcut consistency checker and specify the period between scans:
Router (config)# mls ip multicast consistency-check type scan-mroute period 35Router (config)#Related Commands
show mls ip multicast consistency-check
Displays the MLS IP information.
mls ip multicast flow-stat-timer
To set the time interval between two consecutive batches of flow-statistics messages from the switch processor to the route processor, use the mls ip multicast flow-stat-timer command. To return to the default settings, use the no form of this command.
mls ip multicast flow-stat-timer num
no mls ip multicast flow-stat-timer
Syntax Description
num
Time interval between two consecutive batches of flow-statistics messages from the switch processor to the route processor.
Command Default
25 seconds
Command Modes
Global configuration (config)
Command History
Examples
This example shows how to configure the time interval between two consecutive batches of flow-statistics messages from the switch processor to the route processor:
Router (config)# mls ip multicast flow-stat-timer 10Router (config)#Related Commands
mls ip multicast replication-mode
To enable and specify the replication mode, use the mls ip multicast replication-mode command. To restore the system to automatic detection mode, use the no form of this command.
mls ip multicast replication-mode {egress | ingress}
no mls ip multicast replication-mode {egress | ingress}
Syntax Description
egress
Forces the system to the egress mode of replication.
ingress
Forces the system to the ingress mode of replication.
Command Default
ingress
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The Supervisor Engine 32 PISA does not support the egress keyword.
Note
If you enter the no mls ip multicast replication-mode ingress command, only the forced-ingress mode resets
Examples
This example shows how to enable the ingress-replication mode:
Router (config)# mls ip multicast replication-mode ingressRouter (config)#Related Commands
show mls ip multicast capability
Displays the MLS IP information.
mls ip multicast sso
To configure the SSO parameters, use the mls ip multicast sso command. To return to the default settings, use the no form of this command.
mls ip multicast sso {{convergence-time time} | {leak interval} | {leak percentage}}
Syntax Description
Command Default
The defaults are as follows:
•
•
•
Command Modes
Global configuration (config)
Command History
Examples
This example shows how to set the maximum time to wait for protocol convergence:
Router (config)# mls ip multicast sso convergence-time 300Router (config)#This example shows how to set the packet-leak interval:
Router (config)# mls ip multicast sso leak 200Router (config)#This example shows how to set the packet-leak percentage:
Router (config)# mls ip multicast sso leak 55Router (config)#Related Commands
mls ip multicast stub
To enable the support for non-RPF traffic drops for PIM sparse-mode stub networks, use the mls ip multicast stub command. To disable support for non-RPF traffic drops for PIM sparse-mode stub networks, use the no form of this command.
mls ip multicast stub
no mls ip multicast stub
Syntax Description
This command has no arguments or keywords.
Command Default
Multicast is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
The mls ip multicast stub command, creates the following filters on a routed interface or a VLAN:
•
This filter is meant to permit unicast and multicast packets from directly connected sources.
•
This filter allows packets to be sent from any source address to well-known multicast addresses; 224.0.0.0/24 is used by protocols such as PIM, OSPF, EIGRP, or NTP. Addresses in 224.0.1.0/24 are used by protocols such as AutoRP (224.0.1.39, 224.0.1.40).
•
This deny filter is meant to inhibit any multicast packets from nondirectly connected sources and is applied to the packets received on this interface or VLAN.
The permit IP multicast packets and the deny any other IP multicast packets filters are the same for all interface or VLANs to which you configure the mls ip multicast stub command. The permit IP packets from all addresses that are connected to the interface to any IP destination filter is different for each interface or VLAN.
Examples
This example shows how to enable the support for the non-RPF traffic drops for the PIM sparse-mode stub networks:
Router(config-if)# mls ip multicast stubRouter(config-if)#Related Commands
mls ip multicast threshold
To configure a threshold rate for installing hardware shortcuts, use the mls ip multicast threshold command. To deconfigure the threshold, use the no form of this command.
mls ip multicast threshold ppsec
no mls ip multicast threshold
Syntax Description
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use this command to prevent creation of MLS entries for short-lived multicast flows such as join requests.
If multicast traffic drops below the configured multicast rate threshold, all multicast traffic is routed by the PISA.
This command does not affect already installed routes. For example, if you enter this command and the shortcuts are already installed, the shortcuts are not removed if they are disqualified. To apply the threshold to existing routes, clear the route and let it reestablish.
Examples
This example shows how to configure the IP MLS threshold to 10 packets per second:
Router (config)# mls ip multicast threshold 10Router (config)#Related Commands
Enables external systems to establish IP shortcuts to the PISA.
Displays the MLS IP information.
mls ip nat netflow-frag-l4-zero
To zero out the Layer 4 information in the NetFlow lookup table for fragmented packets, use the mls ip nat netflow-frag-l4-zero command.
mls ip nat netflow-frag-l4-zero
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
This command is supported in PFC3BXL or PFC3B mode only.
Use the mls ip nat netflow-frag-l4-zero command to prevent matching the first fragment to the NetFlow shortcut (normal operation) that is sent to the software. The next fragments that are sent to the software are translated based on the Layer 4 port information from the first fragment. The translation based on the Layer 4 port information from the first fragment occurs because there are no fragment bits for matching in the NetFlow key.
When there is a large feature configuration on an interface that requires a large number of ACL TCAM entries/masks that are programmed in TCAM, if the interface is configured as a NAT-inside interface, the feature configuration may not fit in the ACL TCAM and the traffic on the interface may get switched in the software.
Examples
This example shows how to zero out the Layer 4 information in the NetFlow lookup table for fragmented packets:
Router (config)# mls ip nat netflow-frag-l4-zeroRouter (config)#mls ip pbr
To enable the MLS support for policy-routed packets, use the mls ip pbr command. To disable the MLS support for policy-routed packets, use the no form of this command.
mls ip pbr [null0]
no mls ip pbr
Syntax Description
Command Default
MLS support for policy-routed packets is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Note
When you enable the hardware-policy routing by entering the mls ip pbr command, all policy routing occurs in the hardware and is applied to all interfaces, regardless of which interface was configured for policy routing.
Use the null0 keyword when you have routed traffic only to enable the hardware support for the set interface null0 in the route maps.
Examples
This example shows how to enable the MLS support for policy-routed packets:
Router(config)# mls ip pbrRouter(config)#Related Commands
show tcam interface vlan acl
Displays information about the interface-based TCAM.
mls ip reflexive ndr-entry tcam
To enable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR, use the mls ip reflexive ndr-entry tcam command. To disable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR, use the no form of this command.
mls ip reflexive ndr-entry tcam
no mls ip reflexive ndr-entry tcam
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
Usage Guidelines
When you enter the mls ip reflexive ndr-entry tcam command, the reflexive ACL dynamic entries are installed in TCAM instead of in NetFlow.
Examples
This example shows how to enable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR:
Router(config)# mls ip reflexive ndr-entry tcamRouter(config)#This example shows how to disable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR:
Router(config)# no mls ip reflexive ndr-entry tcamRouter(config)#Related Commands
mls ipv6 acl compress address unicast
To turn on the compression of IPv6 addresses, use the mls ipv6 acl compress address unicast command. To turn off the compression of IPv6 addresses, use the no form of this command.
mls ipv6 acl compress address unicast
no mls ipv6 acl compress address unicast
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Caution
Examples
This example shows how to turn on the compression of the noncompressible IPv6 addresses:
Router(config)# mls ipv6 acl compress address unicastRouter(config)#This example shows how to turn off the compression of the noncompressible IPv6 addresses:
Router(config)# no mls ipv6 acl compress address unicastRouter(config)#Related Commands
Displays the IPv6 information.
show mls netflow ipv6
Displays configuration information about the NetFlow hardware.
mls ipv6 acl source
To deny all IPv6 packets from a source-specific address, use the mls ipv6 acl source command. To accept all IPv6 packets from a source-specific address, use the no form of this command.
mls ipv6 acl source {loopback | multicast}
no mls ipv6 acl source {loopback | multicast}
Syntax Description
loopback
Denies all IPv6 packets with a source loopback address.
multicast
Denies all IPv6 packets with a source multicast address.
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
Examples
This example shows how to deny all IPv6 packets with a source loopback address:
Router(config)# mls ipv6 acl source loopbackRouter(config)#This example shows how to deny all IPv6 packets with a source multicast address:
Router(config)# no mls ipv6 acl source multicastRouter(config)#Related Commands
show mls netflow ipv6
Displays configuration information about the NetFlow hardware.
mls mpls (recirculation)
To enable MPLS recirculation, use the mls mpls command. To disable MPLS recirculation, use the no form of this command.
mls mpls {recir-agg | tunnel-recir}
no mls mpls {recir-agg | tunnel-recir}
Syntax Description
recir-agg
Recirculates the MPLS aggregated-label packets (new aggregated labels are impacted only).
tunnel-recir
Recirculates the tunnel-MPLS packets.
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
Usage Guidelines
If you do not enable tunnel-MPLS recirculation, the IPv4 and IPv4-tunneled packets that need to be labeled (for example, the packets that are encapsulated with an MPLS header) will be corrupted when they are transmitted from the Catalyst 6500 series switch.
Use the show erm statistics command to display the FIB TCAM exception status for IPv4, IPv6, and MPLS protocols.
Examples
This example shows how to enable the aggregated-label MPLS recirculation:
Router(config)# mls mpls recir-aggRouter(config)#This example shows how to enable the tunnel-MPLS recirculation:
Router(config)# mls mpls tunnel-recirRouter(config)#This example shows how to disable the aggregated-label MPLS recirculation:
Router(config)# no mls mpls recir-aggRouter(config)#This example shows how to disable the tunnel-MPLS recirculation:
Router(config)# no mls mpls tunnel-recirRouter(config)#Related Commands
mls mpls (guaranteed bandwidth traffic engineering)
To configure the guaranteed bandwidth traffic engineering flow parameters globally, use the mls mpls command. To return to the default settings, use the no form of this command.
mls mpls {{gb-te-burst burst} | {gb-te-cir-ratio ratio} | {gb-te-dscp dscp-value [markdown]} | {gb-te-enable [global-pool]}}
no mls mpls {{gb-te-burst burst} | {gb-te-cir-ratio ratio} | {gb-te-dscp dscp-value [markdown]} | {gb-te-enable [global-pool]}}
Syntax Description
Command Default
The default settings are as follows:
•
•
•
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use the mls qos map dscp-exp command to reset the Exp value of the MPLS packet when the out-label gets swapped.
If you do not enable tunnel-MPLS recirculation, the IPv4 and IPv4-tunneled packets that need to be labeled (for example, the packets that are encapsulated with an MPLS header) will be corrupted when they are transmitted from the Catalyst 6500 series switch.
Use the show erm statistics command to display the FIB TCAM exception status for IPv4, IPv6, and MPLS protocols.
Examples
This example shows how to specify the burst duration for the guaranteed bandwidth traffic engineering flows:
Router(config)# mls mpls gb-te-burst 2000Router(config)#This example shows how to specify the ratio for CIR policing:
Router(config)# mls mpls gb-te-ratio 30Router(config)#This example shows how to specify the DSCP map for the guaranteed bandwidth traffic engineering flows and to drop the nonconforming flows:
Router(config)# mls mpls gb-te-dscp 25 markdownRouter(config)#This example shows how to enable the guaranteed bandwidth traffic engineering flow policing:
Router(config)# mls mpls gb-te-enableRouter(config)#Related Commands
mls nde flow
To specify the filter options for NDE, use the mls nde flow command. To clear the NDE flow filter and reset the filter to the default settings, use the no form of this command.
mls nde flow {include | exclude} {{dest-port port-num} | {destination ip-addr ip-mask} | {protocol {tcp | udp}} | {source ip-addr ip-mask} | {src-port port-num}}
no mls nde flow {include | exclude}
Syntax Description
Command Default
The defaults are as follows:
•
•
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The mls nde flow command adds filtering to the NDE. The expired flows matching the specified criteria are exported. These values are stored in NVRAM and do not clear when NDE is disabled. If any option is not specified in this command, it is treated as a wildcard. The NDE filter in NVRAM does not clear when you disable NDE.
Only one filter can be active at a time. If you do not enter the exclude or include keyword, the filter is assumed to be an inclusion filter.
The include and exclude filters are stored in NVRAM and are not removed if you disable NDE.
ip-addr maskbits is the simplified long subnet address format. The mask bits specify the number of bits of the network masks. For example, 172.25.2.1/22 indicates a 22-bit subnet address. The ip-addr is a full host address, such as 193.22.253.1/22.
Examples
This example shows how to specify an interface flow filter so that only expired flows to destination port 23 are exported (assuming that the flow mask is set to ip-flow):
Router(config)# mls nde flow include dest-port 23Router(config)#Related Commands
mls nde interface
To populate the additional fields in the NDE packets, use the mls nde interface command. To disable the population of the additional fields, use the no form of this command.
mls nde interface
no mls nde interface
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled
Command Modes
Interface configuration
Command History
Usage Guidelines
You can configure NDE to populate the following additional fields in the NDE packets:
•
•
•
•
The ingress-interface SNMP index is always populated if the flow mask is interface-full or interface-src-dst.
For detailed information, refer to the "Configuring NDE" chapter of the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide—Release 12.2ZY.
Examples
This example shows how to populate the additional fields in the NDE packets:
Router(config)# mls nde interfaceRouter(config)#This example shows how to disable the population of the additional fields:
Router(config)# no mls nde interfaceRouter(config)#Related Commands
Enables NetFlow to gather statistics.
Enables the sampled NetFlow on an interface.
mls nde sender
To enable MLS NDE export, use the mls nde sender command. To disable MLS NDE export, use the no form of this command.
mls nde sender [version version]
no mls nde sender
Syntax Description
Command Default
The defaults are as follows:
•
•
Command Modes
Global configuration (config)
Command History
Examples
This example shows how to enable MLS NDE export:
Router(config)# mls nde senderRouter(config)#This example shows how to disable MLS NDE export:
Router(config)# no mls nde senderRouter(config)#Related Commands
mls netflow
To enable NetFlow to gather the statistics, use the mls netflow command. To disable NetFlow from gathering the statistics, use the no form of this command.
mls netflow
no mls netflow
Syntax Description
Command Default
Enabled
Command Modes
Global configuration (config)
Command History
Usage Guidelines
NetFlow gathers the statistics from traffic that flows through the Catalyst 6500 series switch and stores the statistics in the NetFlow table. You can gather the statistics globally based on a protocol or optionally per interface.
If you are not using NDE or the Cisco IOS features that use the hardware NetFlow table (micro-flow QoS, WCCP, TCP Intercept, or Reflexive ACLs), you may safely disable the use and maintenance of the hardware NetFlow table using the no mls netflow command in global configuration mode.
Examples
This example shows how to gather the statistics:
Router(config)# mls netflowRouter(config)#This example shows how to disable NetFlow from gathering the statistics:
Router(config)# no mls netflowDisabling MLS netflow entry creation.Router(config)#Related Commands
mls netflow maximum-flows
To configure the maximum flow allocation in the NetFlow table, use the mls netflow maximum-flows command. To return to the default settings, use the no form of this command.
mls netflow maximum-flows [maximum-flows]
no mls netflow maximum-flows
Syntax Description
maximum-flows
(Optional) Maximum number of flows; valid values are 16, 32, 64, 80, 96, and 128. See the "Usage Guidelines" section for additional information.
Command Default
128
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The value that you specify for the maximum number of flows is that value times 1000. For example, if you enter 32, you specify that 32,000 is the maximum number of permitted flows.
Examples
This example shows how to configure the maximum flow allocation in the NetFlow table:
Router(config)# mls netflow maximum-flows 96Router(config)#This example shows how to return to the default setting:
Router(config)# no mls netflow maximum-flowsRouter(config)#Related Commands
show mls netflow table-contention
Displays configuration information at the table contention level for the NetFlow hardware.
mls netflow sampling
To enable the sampled NetFlow on an interface, use the mls netflow sampling command. To disable the sampled NetFlow, use the no form of this command.
mls netflow sampling
no mls netflow sampling
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
To enable sampling, you must enter the mls sampling command and the mls netflow sampling command on the appropriate interfaces. If you do not enter the mls netflow sampling command, NDE will not export flows.
Depending on the current flow mask, the sampled NetFlow can be global or per interface. For Interface-Full and Interface-Src-Dest flow masks, the sampled NetFlow is enabled on a per-interface basis. For all the other flow masks, the sampled NetFlow is always global and turned on/off for all interfaces.
Enter the mls sampling command to enable the sampled NetFlow globally.
Examples
This example shows how to enable the sampled NetFlow on an interface:
Router(config-if)# mls netflow samplingRouter(config-if)#This example shows how to disable the sampled NetFlow on an interface:
Router(config-if)# no mls netflow samplingRouter(config-if)#Related Commands
Enables the sampled NetFlow and specifies the sampling method.
Displays information about the sampled NDE status.
mls netflow usage notify
To monitor the NetFlow table usage on the switch processor, use the mls netflow usage notify command. To return to the default settings, use the no form of this command.
mls netflow usage notify {threshold interval}
no mls netflow usage notify
Syntax Description
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
Usage Guidelines
If the NetFlow table usage monitoring is enabled and the NetFlow table usage exceeds the percentage threshold, a warning message is displayed.
NetFlow gathers statistics from traffic that flows through the Catalyst 6500 series switch and stores the statistics in the NetFlow table. You can gather statistics globally based on a protocol or optionally per interface.
If you are not using NDE or the Cisco IOS features that use the hardware NetFlow table (micro-flow QoS, WCCP, TCP Intercept, or Reflexive ACLs), you may safely disable the use and maintenance of the hardware NetFlow table using the no mls netflow command in global configuration mode.
Examples
This example shows how to configure the monitoring of the NetFlow table usage on the switch processor:
Router(config)# mls netflow usage notify 80 300Router(config)#Related Commands
show mls netflow usage
Displays configuration information about the NetFlow hardware.
mls qos (global configuration mode)
To enable the QoS functionality globally, use the mls qos command. To disable the QoS functionality globally, use the no form of this command.
mls qos
no mls qos
Syntax Description
This command has no arguments or keywords.
Command Default
QoS is globally disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
If you enable QoS globally, QoS is enabled on all interfaces with the exception of the interfaces where you disabled QoS. If you disable QoS globally, all traffic is passed in QoS pass-through mode.
In port-queueing mode, PFC QoS (marking and policing) is disabled, and packet ToS and CoS are not changed by the PFC. All queueing on rcv and xmt is based on a QoS tag in the incoming packet, which is based on the incoming CoS.
For 802.1Q or ISL-encapsulated port links, queueing is based on the packet 802.1Q or ISL CoS.
For the router main interfaces or access ports, queueing is based on the configured per-port CoS (the default CoS is 0).
This command enables or disables TCAM QoS on all interfaces that are set in the OFF state.
Examples
This example shows how to enable QoS globally:
Router(config)# mls qosRouter(config)#This example shows how to disable QoS globally on the Catalyst 6500 series switch:
Router(config)# no mls qosRouter(config)#Related Commands
mls qos (interface configuration mode)
To enable the QoS functionality on an interface, use the mls qos command. To disable QoS functionality on an interface, use the no form of this command.
mls qos
no mls qos
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Although the CLI allows you to configure PFC-based QoS on the WAN ports on the OC-12 ATM OSMs and on the WAN ports on the channelized OSMs, PFC-based QoS is not supported on the WAN ports on these OSMs.
If you disable QoS globally, it is also disabled on all interfaces.
This command enables or disables TCAM QoS (classification, marking, and policing) for the interface.
Examples
This example shows how to enable QoS on an interface:
Router(config-if)# mls qosRouter(config-if)#Related Commands
mls qos aggregate-policer
To define a named aggregate policer for use in policy maps, use the mls qos aggregate-policer command. This policer can be shared by different policy map classes and on different interfaces. To delete a named aggregate policer, use the no form of this command.
mls qos aggregate-policer name rate-bps
mls qos aggregate-policer name rate-bps burst-bytes maximum-burst-bytes
mls qos aggregate-policer name rate-bps [{conform-action {drop [exceed-action action]}} | {set-dscp-transmit [new-dscp]} | {set-prec-transmit [new-precedence]} | {transmit [{exceed-action action} | {violate-action action]}}
mls qos aggregate-policer aggregate-name rate-bps {pir peak-rate-bps [{conform-action {drop [exceed-action action]}} | {set-dscp-transmit [new-dscp]} | {set-prec-transmit [new-precedence]} | {transmit [{exceed-action action}} | {violate-action action}]]}
no mls qos aggregate-policer name
Syntax Description
Command Default
The defaults are as follows:
•
•
•
•
•
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Valid values for action are as follows:
•
•
•
The Catalyst 6500 series switch supports up to 1023 aggregates and 1023 policing rules.
The mls qos aggregate-policer command allows you to configure an aggregate flow and a policing rule for that aggregate. When you enter the rate and burst parameters, the range for the average rate is 32 Kbps to 4 Gbps (entered as 32000 and 4000000000) and the range for the burst size is 1 KB (entered as 1000) to 512 MB (entered as 512000000). Modifying an existing aggregate rate limit entry causes that entry to be modified in NVRAM and in the Catalyst 6500 series switch if that entry is currently being used.
Note
Modifying an existing microflow or aggregate rate limit modifies that entry in NVRAM and in the Catalyst 6500 series switch if it is currently being used.
When you enter the aggregate policer name, follow these naming conventions:
•
•
•
•
•
Examples
This example shows how to configure a QoS aggregate policer to allow a maximum of 100000 bits per second with a normal burst byte size of 10000, set DSCP to 48 when these rates are not exceeded, and drop packets when these rates are exceeded:
Router(config)# mls qos aggregate-policer micro-one 100000 10000 conform-action set-dscp 48 exceed action dropRouter(config)#Related Commands
mls qos bridged
To enable the microflow policing for bridged traffic on Layer 3 LAN interfaces, use the mls qos bridged command. To disable microflow policing for bridged traffic, use the no form of this command.
mls qos bridged
no mls qos bridged
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
This command is supported on SVIs only.
Examples
This example shows how to enable the microflow policing for bridged traffic on a VLAN interface:
Router(config-if)# mls qos bridgedRouter(config-if)#Related Commands
mls qos channel-consistency
To enable the QoS-port attribute checks on EtherChannel bundling, use the mls qos channel-consistency command. To disable the QoS-port attribute checks on EtherChannel bundling, use the no form of this command.
mls qos channel-consistency
no mls qos channel-consistency
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled
Command Modes
Interface configuration
Command History
Usage Guidelines
The mls qos channel-consistency command is supported on port channels only.
Examples
This example shows how to enable the QoS-port attribute checks on the EtherChannel bundling:
Router(config-if)# mls qos channel-consistencyRouter(config-if)#This example shows how to disable the QoS-port attribute checks on the EtherChannel bundling:
Router(config-if)# no mls qos channel-consistencyRouter(config-if)#mls qos cos
To define the default CoS value for an interface, use the mls qos cos command. To remove a prior entry, use the no form of this command.
mls qos cos cos-value
no mls qos cos cos-value
Syntax Description
Command Default
The defaults are as follows:
•
•
Command Default
Interface configuration
Command History
Usage Guidelines
CoS values are configurable on physical LAN ports only.
Examples
This example shows how to configure the default QoS CoS value as 6:
Router(config-if)# mls qos cos 6Router(config-if)#Related Commands
mls qos cos-mutation
To attach an ingress-CoS mutation map to the interface, use the mls qos cos-mutation command. To remove the ingress-CoS mutation map from the interface, use the no form of this command.
mls qos cos-mutation cos-mutation-table-name
no mls qos cos-mutation
Syntax Description
Command Modes
No table is defined.
Command Default
Interface configuration
Command History
Examples
This example shows how to attach the ingress-CoS mutation map named mutemap2:
Router(config-if)# mls qos cos-mutation mutemap2Router(config-if)#Related Commands
mls qos dscp-mutation
To attach an egress-DSCP mutation map to the interface, use the mls qos dscp-mutation command. To remove the egress-DSCP mutation map from the interface, use the no form of this command.
mls qos dscp-mutation dscp-mutation-table-name
no mls qos dscp-mutation
Syntax Description
Command Modes
No table is defined.
Command Default
Interface configuration
Command History
Examples
This example shows how to attach the egress-DSCP mutation map named mutemap1:
Router(config-if)# mls qos dscp-mutation mutemap1Router(config-if)#Related Commands
mls qos exp-mutation
To attach an egress-EXP mutation map to the interface, use the mls qos exp-mutation command. To remove the egress-EXP mutation map from the interface, use the no form of this command.
mls qos exp-mutation exp-mutation-table-name
no mls qos exp-mutation
Syntax Description
Command Default
No table is defined.
Command Modes
Interface configuration
Command History
Examples
This example shows how to attach the egress-exp mutation map named mutemap2:
Router(config-if)# mls qos exp-mutation mutemap2Router(config-if)#Related Commands
Defines a named DSCP mutation map.
Displays an interface summary for MPLS QoS classes in the policy maps.
mls qos loopback
To remove a router port from the SVI flood for VLANs that are carried through by the loopback cable, use the mls qos loopback command. To return to the default settings, use the no form of this command.
mls qos loopback
no mls qos loopback
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Default
Interface configuration
Command History
Usage Guidelines
With mls qos loopback applied at the interface, the packets are not forwarded to the destination.
Before you enter the mls qos loopback command, you must specify a MAC address for the OSM interface. The MAC address must be different from the LAN router MAC address that is used in PFC2 hardware switching.
Examples
This example shows how to prevent packets from being forwarded to the destination:
Router (config-if)# mls qos loopbackRouter (config-if)#mls qos map cos-dscp
To define the ingress CoS-to-DSCP map for trusted interfaces, use the mls qos map cos-dscp command. To remove a prior entry, use the no form of this command.
mls qos map cos-dscp values
no mls qos map cos-dscp
Syntax Description
values
Eight DSCP values, separated by spaces, corresponding to the CoS values; valid values are from 0 to 63.
Command Modes
The default CoS-to-DSCP configuration is listed in Table 2-16.
Command Default
Global configuration (config)
Command History
Usage Guidelines
The CoS-to-DSCP map is used to map the CoS of packets arriving on trusted interfaces (or flows) to a DSCP where the trust type is trust-cos. This map is a table of eight CoS values (0 through 7) and their corresponding DSCP values. The Catalyst 6500 series switch has one map.
Examples
This example shows how to configure the ingress CoS-to-DSCP map for trusted interfaces:
Router(config)# mls qos map cos-dscp 20 30 1 43 63 12 13 8Router(config)#Related Commands
mls qos map cos-mutation
To map a packet's CoS to a new CoS value, use the mls qos map cos-mutation command. To remove the map, use the no form of this command.
mls qos map cos-mutation name mutated_cos1 mutated_cos2 mutated_cos3 mutated_cos4 mutated_cos5 mutated_cos6 mutated_cos7 mutated_cos8
no mls qos map cos-mutation name
Syntax Description
name
Name of the CoS map.
mutated_cos1 ... mutated_cos8
Eight CoS out values, separated by spaces; valid values are from 0 to 7. See the "Usage Guidelines" section for additional information.
Command Modes
If the CoS-to-CoS mutation map is not configured, the default CoS-to-CoS mutation mapping is listed in Table 2-17.
Command Default
Global configuration (config)
Command History
Usage Guidelines
This command is supported on Catalyst 6500 series switches that are configured with the following modules only:
•
•
•
CoS mutation is not supported on non-802.1Q tunnel ports.
When you enter the mls qos map cos-mutation command, you are configuring the mutated-CoS values map to sequential ingress-CoS numbers. For example, by entering the mls qos map cos-mutation 2 3 4 5 6 7 0 1 command, you configure this map:
Separate the eight CoS values by a space.
After you define the map in global configuration mode, you can attach the map to a port.
If QoS is disabled, the port is not in a trust CoS mode, and the port is not in 802.1Q tunneling mode. The changes appear once you put the port into trust CoS mode and the port is configured as an 802.1Q tunnel port.
Support for ingress-CoS mutation on 802.1Q tunnel ports and is on a per-port group basis only.
To avoid ingress-CoS mutation configuration failures, only create EtherChannels where all member ports support ingress-CoS mutation or where no member ports support ingress-CoS mutation. Do not create EtherChannels with mixed support for ingress-CoS mutation.
If you configure ingress-CoS mutation on a port that is a member of an EtherChannel, the ingress-CoS mutation is applied to the port-channel interface.
You can configure ingress-CoS mutation on port-channel interfaces.
Examples
This example shows how to define a CoS-to-CoS map:
Router(config)# mls qos map cos-mutation test-map 5 4 3 to 1Router(config)#Related Commands
mls qos map dscp-cos
To define an egress DSCP-to-CoS map, use the mls qos map dscp-cos command. To remove a prior entry, use the no form of this command.
mls qos map dscp-cos dscp-values to cos-values
no mls qos map dscp-cos
Syntax Description
dscp-values
DSCP values; valid values are from 0 to 63.
to
Defines mapping.
cos-values
CoS values; valid values are from 0 to 63.
Command Modes
The default DSCP-to-CoS map is listed in Table 2-18.
Table 2-18 DSCP-to-CoS Default Map
0-7
8-15
16-23
24-31
32-39
40-47
48-55
56-63
0
1
2
3
4
5
6
7
Command Default
Global configuration (config)
Command History
Usage Guidelines
The DSCP-to-CoS map is used to map the final DSCP classification to a final CoS. This final map determines the output queue and threshold to which the packet is assigned. The CoS map is written into the ISL header or 802.1Q tag of the transmitted packet on trunk interfaces and contains a table of 64 DSCP values and the corresponding CoS values. The Catalyst 6500 series switch has one map.
You can enter up to eight DSCP values separated by a space. You can enter up to eight CoS values separated by a space.
Examples
This example shows how to configure the egress DSCP-to-CoS map for trusted interfaces:
Router(config)# mls qos map dscp-cos 20 25 to 3Router(config)#Related Commands
Defines the ingress CoS-to-DSCP map for trusted interfaces.
Displays information about the QoS map configuration and run-time version.
mls qos map dscp-exp
To define the final DSCP classification to the final EXP value, use the mls qos map dscp-exp command. To remove a prior entry, use the no form of this command.
mls qos map dscp-exp dscp-values to exp-values
no mls qos map dscp-exp
Syntax Description
dscp-values
DSCP values; valid values are from 0 to 63.
to
Defines mapping.
exp-values
EXP values; valid values are from 0 to 7.
Command Modes
The default DSCP-to-EXP map is listed in Table 2-19.
Table 2-19 DSCP-to-EXP Default Map
0-7
8-15
16-23
24-31
32-39
40-47
48-55
56-63
0
1
2
3
4
5
6
7
Command Default
Global configuration (config)
Command History
Usage Guidelines
The DSCP-to-EXP map is used to map the final DSCP classification to a final EXP. This final map determines the output queue and threshold to which the packet is assigned. The EXP map contains a table of 64 DSCP values and the corresponding EXP values. The Catalyst 6500 series switch has one map.
You can enter up to eight DSCP values separated by a space. You can enter up to eight EXP values separated by a space.
Examples
This example shows how to configure the final DSCP classification to a final EXP value:
Router(config)# mls qos map dscp-exp 20 25 to 3Router(config)#Related Commands
mls qos map dscp-mutation
To define a named DSCP mutation map, use the mls qos map dscp-mutation command. To return to the default mapping, use the no form of this command.
mls qos map dscp-mutation map-name input-dscp1 [input-dscp2 [input-dscp3 [input-dscp4 [input-dscp5 [input-dscp6 [input-dscp7 [input-dscp8]]]]]]] to output-dscp
no mls qos map dscp-mutation map-name
Syntax Description
Command Default
output-dscp equals input-dscp.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
When configuring a named DSCP mutation map, note the following:
•
•
•
You can configure 15 egress-DSCP mutation maps to mutate the internal DSCP value before it is written as the egress-DSCP value. You can attach egress-DSCP mutation maps to any interface that PFC QoS supports.
PFC QoS derives the egress-CoS value from the internal DSCP value. If you configure egress-DSCP mutation, PFC QoS does not derive the egress-CoS value from the mutated DSCP value.
Examples
This example shows how to map DSCP 30 to mutated DSCP value 8:
Router(config)# mls qos map dscp-mutation mutemap1 30 to 8Router(config)#Related Commands
mls qos map exp-dscp
To define the ingress EXP value to the internal DSCP map, use the mls qos map exp-dscp command. To return to the default mappings, use the no form of this command.
mls qos map exp-dscp dscp-values
no mls qos map exp-dscp
Syntax Description
Command Default
The default EXP-to-DSCP map is listed in Table 2-20.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The DSCP in these maps refers to the internal DSCP, not the packet DSCP.
The EXP-to-DSCP map is used to map the received EXP value to the internal DSCP map. This final map determines the output queue and threshold to which the packet is assigned. The EXP map contains a table of 64 DSCP values and the corresponding EXP values. The Catalyst 6500 series switch has one map.
You can enter up to eight DSCP values separated by a space.
Examples
This example shows how to configure the received EXP value to an internal DSCP value:
Router(config)# mls qos map exp-dscp 20 25 30 31 32 32 33 34Router(config)#Related Commands
Maps a packet's EXP to a new EXP value.
Displays an interface summary for MPLS QoS classes in the policy maps.
mls qos map exp-mutation
To map a packet's EXP to a new EXP value, use the mls qos map exp-mutation command. To return to the default mappings, use the no form of this command.
mls qos map exp-mutation map-name mutated-exp1 mutated-exp2 mutated-exp3 mutated-exp4 mutated-exp5 mutated-exp6 mutated-exp7 mutated-exp8
no mls qos map exp-mutation map-name
Syntax Description
map-name
Name of the EXP-mutation map.
mutated-exp#
Eight EXP values, separated by spaces; valid values are from 0 to 7. See the "Usage Guidelines" section for additional information.
Command Default
If the EXP-to-EXP mutation map is not configured, the default EXP-to-EXP mutation mapping is listed in Table 2-21.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
When you enter the mls qos map exp-mutation command, you are configuring the mutated-EXP values map to the sequential EXP numbers. For example, by entering the mls qos map exp-mutation 2 3 4 5 6 7 0 1 command, you configure this map:
Separate the eight EXP values by a space.
After you define the map in global configuration mode, you can attach the map to a port.
You can configure 15 ingress-EXP mutation maps to mutate the internal EXP value before it is written as the ingress-EXP value. You can attach ingress-EXP mutation maps to any interface that PFC QoS supports.
The PFC QoS derives the egress EXP value from the internal DSCP value. If you configure ingress-EXP mutation, PFC QoS does not derive the ingress-EXP value from the mutated EXP value.
Examples
This example shows how to map a packet's EXP to a new EXP value:
Router(config)# mls qos map exp-mutation mutemap1 1 2 3 4 5 6 7 0Router(config)#Related Commands
Defines the ingress EXP value to the internal DSCP map.
Displays an interface summary for MPLS QoS classes in the policy maps.
mls qos map ip-prec-dscp
To define an ingress-IP precedence-to-DSCP map for trusted interfaces, use the mls qos map ip-prec-dscp command. To remove a prior entry, use the no form of this command.
mls qos map ip-prec-dscp dscp-values
no mls qos map ip-prec-dscp
Syntax Description
dscp-values
DSCP values corresponding to IP precedence values 0 to 7; valid values are from 0 to 63.
Command Default
The default IP precedence-to-DSCP configuration is listed in Table 2-22.
Table 2-22 IP Precedence-to-DSCP Default Map
0
1
2
3
4
5
6
7
0
8
16
24
32
40
48
56
Command Default
Global configuration (config)
Command History
Usage Guidelines
Use this command to map the IP precedence of IP packets arriving on trusted interfaces (or flows) to a DSCP when the trust type is trust-ipprec.
You can enter up to eight DSCP values separated by a space.
This map is a table of eight precedence values (0 through 7) and their corresponding DSCP values. The Catalyst 6500 series switch has one map. The IP precedence values are as follows:
•
•
•
•
•
•
•
•
Examples
This example shows how to configure the ingress-IP precedence-to-DSCP mapping for trusted interfaces:
Router(config)# mls qos map ip-prec-dscp 20 30 1 43 63 12 13 8Router(config)#Related Commands
mls qos map policed-dscp
To configure the DSCP markdown map, use the mls qos map policed-dscp command. To remove a prior entry, use the no form of this command.
mls qos map policed-dscp {normal-burst | max-burst} dscp1 [dscp2 [dscp3 [dscp4 [dscp5 [dscp6 [dscp7 [dscp8]]]]]]] to policed-dscp
no mls qos map policed-dscp
Syntax Description
Command Default
No marked-down values are configured.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The DSCP-to-policed-DSCP map determines the marked-down DSCP value that is applied to out-of-profile flows. The Catalyst 6500 series switch has one map.
You can enter up to eight DSCP values separated by a space.
You can enter up to eight policed DSCP values separated by a space.
Note
Examples
This example shows how to map multiple DSCPs to a single policed-DSCP value:
Router(config)# mls qos map policed-dscp normal-burst 20 25 43 to 4Router(config)#Related Commands
mls qos marking ignore port-trust
To mark packets even if the interface is trusted, use the mls qos marking ignore port-trust command. To return to the default settings, use the no form of this command.
mls qos marking ignore port-trust
no mls qos marking ignore port-trust
Syntax Description
This command has no arguments or keywords.
Command Default
Port trust is enabled.
Command Default
Global configuration (config)
Command History
Usage Guidelines
Use the mls qos marking ignore port-trust command to mark packets even if the interface is trusted.
Examples
This example shows how to mark packets even if the interface is trusted:
Router(config)# mls qos marking ignore port-trustRouter(config)#This example shows how to enable port trust:
Router(config)# no mls qos marking ignore port-trustRouter(config)#Related Commands
mls qos marking statistics
To disable allocation of the policer-traffic class identification with set actions, use the mls qos marking statistics command. To return to the default settings, use the no form of this command.
mls qos marking statistics
no mls qos marking statistics
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use the show policy-map interface command to display policy-map statistics.
Examples
This example shows how to disable the allocation of the policer-traffic class identification with set actions:
Router(config)# mls qos marking statisticsRouter(config)#This example shows how to allow the allocation of the policer-traffic class identification with set actions:
Router(config)# no mls qos marking statisticsRouter(config)#Related Commands
Displays the statistics and the configurations of the input and output policies that are attached to an interface.
mls qos mpls trust exp
To set the trusted state of MPLS packets only, use the mls qos mpls trust exp command. To set the trusted state of MPLS packets to untrusted, use the no form of this command.
mls qos mpls trust exp
no qos mpls trust exp
Syntax Description
This command has no arguments or keywords.
Command Default
With the trusted state enabled, the defaults are as follows:
•
•
With the trusted state disabled, the defaults are as follows:
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
You can enter the mls qos mpls trust exp command to treat MPLS packets as other Layer 2 packets for CoS and egress queueing purposes (for example, to apply port or policy trust). All trusted cases (trust CoS/IP/DSCP) are treated as trust-cos.
Examples
This example shows how to set the trusted state of MPLS packets to trust-cos:
Router(config-if)# mls qos mpls trust expRouter(config-if)#This example shows how to set the trusted state of MPLS packets to untrusted:
Router(config-if)# no mls qos mpls trust expRouter(config-if)#Related Commands
mls qos police redirected
To turn on ACL-redirected packet policing, use the mls qos police redirected command. To turn off policing of ACL-redirected packets, use the no form of this command.
mls qos police redirected
no mls qos police redirected
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled
Command Default
Global configuration (config)
Command History
Usage Guidelines
Use the no mls qos police redirected command whenever you require NDE accuracy (if you do not require QoS-redirected packets).
Examples
This example shows how to turn on the ACL-redirected packet policing:
Router(config)# mls qos police redirectedRouter(config)#This example shows how to turn off the ACL-redirected packet policing:
Router(config)# no mls qos police redirectedRouter(config)#Related Commands
show platform earl-mode
Displays platform information.
mls qos protocol
To define the routing-protocol packet policing, use the mls qos protocol command. To return to the default settings, use the no form of this command.
mls qos protocol protocol-name {pass-through | {police rate burst} | {precedence value [police rate burst]}}
no mls qos protocol
Syntax Description
Command Modes
The defaults are as follows:
•
•
•
Command Default
Global configuration (config)
Command History
Usage Guidelines
If you enter the precedence value keyword and arguments without entering the police rate burst keyword and arguments, only the packets from an untrusted port are marked.
You can make the protocol packets avoid the per-interface policy maps by entering the police rate, pass-through, or precedence value keywords and arguments.
The mls qos protocol command allows you to define the routing-protocol packet policing as follows:
•
•
•
•
•
–
–
You can make the protocol packets avoid policing completely if you choose the pass-through mode. If the police mode is chosen, the CIR specified is the rate that is used to police all the specified protocol's packets, both entering or leaving the Catalyst 6500 series switch.
To protect the system by ARP broadcast, you can enter the mls qos protocol arp police bps command.
Examples
This example shows how to define the routing-protocol packet policing:
Router(config)# mls qos protocol arp police 43000Router(config)#This example shows how to avoid policing completely:
Router(config)# mls qos protocol arp pass-through 43000Router(config)#This example shows how to define the IP-precedence value of the protocol packets to rewrite:
Router(config)# mls qos protocol bgp precedence 4Router(config)#This example shows how to define the IP-precedence value of the protocol packets to rewrite and police the DSCP value:
Router(config)# mls qos protocol bgp precedence 4 police 32000Router(config)#Related Commands
mls qos queueing-only
To enable port-queueing mode, use the mls qos queueing-only command. To disable the port-queueing mode, use the no form of this command.
mls qos queueing-only
no mls qos queueing-only
Syntax Description
This command has no arguments or keywords.
Command Default
QoS is globally disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
In port-queueing mode, PFC QoS (marking and policing) is disabled, and packet ToS and CoS are not changed by the PFC. All queueing on rcv and xmt is based on a QoS tag in the incoming packet, which is based on the incoming CoS.
For 802.1Q or ISL-encapsulated port links, queueing is based on the packet 802.1Q or ISL CoS.
For router main interfaces or access ports, queueing is based on the configured per-port CoS (the default CoS is 0).
Examples
This example shows how to enable the port-queueing mode globally:
Router(config)# mls qos queueing-onlyRouter(config)#This example shows how to disable the port-queueing mode globally:
Router(config)# no mls qos queueing-onlyRouter(config)#Related Commands
mls qos queue-mode mode-dscp
To set the queueing mode to DSCP on an interface, use the mls qos queue-mode mode-dscp command. To return to the default settings, use the no form of this command.
mls qos queue-mode mode-dscp
no mls qos queue-mode mode-dscp
Syntax Description
This command has no arguments or keywords.
Command Default
CoS mode.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command is supported on 10-Gigabit Ethernet ports only.
You should configure ports to trust DSCP only if they receive traffic that carries valid Layer 3 DSCP.
You can enable DSCP-based ingress queues and thresholds on WS-X6708-10GE ports to provide congestion avoidance.
For traffic from trust DSCP ports, PFC QoS uses the received DSCP value as the initial internal DSCP value. PFC QoS does not mark any traffic on ingress ports configured to trust received DSCP.
Examples
This example shows how to set the queueing mode to DSCP on an interface:
Router(config-if)# mls qos queue-mode mode-dscpRouter(config-if)#Related Commands
mls qos rewrite ip dscp
To enable ToS-to-DSCP rewrite, use the mls qos rewrite ip dscp command. To disable ToS-to-DSCP rewrite, use the no form of this command.
mls qos rewrite ip dscp
no mls qos rewrite ip dscp
Syntax Description
This command has no arguments or keywords.
Command Default
QoS is globally disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
If you disable ToS-to-DSCP rewrite, and QoS is enabled globally, the following occurs:
•
•
•
•
The no mls qos rewrite ip dscp command is incompatible with MPLS. The default mls qos rewrite ip dscp command must remain enabled in order for the PFC3BXL or PFC3B to assign the correct EXP value for the labels that it imposes.
Examples
This example shows how to disable ToS-to-DSCP rewrite:
Router(config)# mls qos rewrite ip dscpRouter(config)#This example shows how to disable port-queueing mode globally:
Router(config)# no mls qos rewrite ip dscpRouter(config)#Related Commands
mls qos statistics-export (global configuration mode)
To enable QoS-statistics data export globally, use the mls qos statistics-export command. To disable QoS-statistics data export globally, use the no form of this command.
mls qos statistics-export
no mls qos statistics-export
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Default
Global configuration (config)
Command History
Usage Guidelines
You must enable data export globally to set up data export on your Catalyst 6500 series switch.
QoS-statistics data export is not supported on OSM interfaces.
For QoS-statistics data export to perform correctly, you should set the export-destination hostname or IP address and the UDP port number.
Examples
This example shows how to enable data export globally:
Router(config)# mls qos statistics-exportRouter(config)#This example shows how to disable data export globally:
Router(config)# no mls qos statistics-exportRouter(config)#Related Commands
Displays information about the MLS-statistics data-export status and configuration.
mls qos statistics-export (interface configuration mode)
To enable per-port QoS-statistics data export, use the mls qos statistics-export command. To disable per-port QoS-statistics data export, use the no form of this command.
mls qos statistics-export
no mls qos statistics-export
Syntax Description
This command has no arguments or keywords.
Command Modes
Disabled
Command Default
Interface configuration
Command History
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
You must enable data export on the port and globally to set up data export on your Catalyst 6500 series switch.
For QoS-statistics data export to perform correctly, you should set the export-destination hostname or IP address and the UDP port number.
QoS-statistics data is exported using delimiter-separated fields. You can set the delimiter by entering the mls qos statistics-export delimiter command.
Port statistics are exported; port QoS statistics are not exported. For each data export-enabled port, the following information is exported:
•
•
•
•
•
•
•
For example, if you have QoS-statistics data export that is enabled on FastEthernet4/5, the exported records could be (in this example, the delimiter is a | [pipe]) as follows:
|1|4/5|123|80|12500|6800|982361894|Examples
This example shows how to enable QoS-statistics data export:
Router(config-if)# mls qos statistics-exportRouter(config-if)#This example shows how to disable QoS-statistics data export:
Router(config-if)# no mls qos statistics-exportRouter(config-if)#Related Commands
Sets the QoS-statistics data-export field delimiter.
Displays information about the MLS-statistics data-export status and configuration.
mls qos statistics-export aggregate-policer
To enable QoS-statistics data export on the named aggregate policer, use the mls qos statistics-export aggregate-policer command. To disable QoS-statistics data export on the named aggregate policer, use the no form of this command.
mls qos statistics-export aggregate-policer policer-name
no mls qos statistics-export aggregate-policer policer-name
Syntax Description
Command Modes
Disabled for all shared aggregate policers
Command Default
Global configuration (config)
Command History
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
You must enable data export on the shared aggregate policer and globally to set up data export on your Catalyst 6500 series switch.
QoS-statistics data is exported using delimiter-separated fields. You can set the delimiter by entering the mls qos statistics-export delimiter command.
For each data export-enabled shared aggregate or named policer, statistics data per policer per EARL is exported. For each data export-enabled shared aggregate or named policer, the following information is exported:
•
•
•
•
•
•
•
•
If a shared aggregate policer is attached to policies in both directions, two records are exported (one in each direction). Each record will contain the same counter values for accepted packets, exceeded normal packet rates, and exceeded excess packet rates.
For example, the exported records could be as follows (in this example, the delimiter is a | [pipe]):
|3|agg_1|in|1|45543|2345|982361894||3|agg_1|in|3|45543|2345|982361894|This example indicates the following information:
•
•
•
Examples
This example shows how to enable per-shared aggregate or named-policer data export:
Router(config)# mls qos statistics-export aggregate-policer aggr1MRouter(config)#Related Commands
Sets the QoS-statistics data-export field delimiter.
Displays information about the MLS-statistics data-export status and configuration.
mls qos statistics-export class-map
To enable QoS-statistics data export for a class map, use the mls qos statistics-export class-map command. To disable QoS-statistics data export for a class map, use the no form of this command.
mls qos statistics-export class-map classmap-name
no mls qos statistics-export class-map classmap-name
Syntax Description
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
You must enable data export on the class map and globally to set up data export on your Catalyst 6500 series switch.
QoS-statistics data is exported using delimiter-separated fields. You can set the delimiter by entering the mls qos statistics-export delimiter command.
For each data export-enabled class map, the statistics data per policer per interface is exported. If the interface is a physical interface, the following information is exported:
•
•
•
•
•
•
•
•
If the interface is a Catalyst 6500 series switch VLAN, the following information is exported:
•
•
•
•
•
•
•
•
•
If the interface is a Catalyst 6500 series switch port channel, the following information is exported:
•
•
•
•
•
•
•
•
•
For example, if you have the following configuration:
•
•
•
•
•
–
–
–
The exported records could be (in this example, the delimiter is a | [pipe]) as follows:
|4|class_1|in|4/5|45543|2345|2345|982361894|
|5|class_1|in|1|100|44000|3554|36678|982361894|
|5|class_1|in|3|100|30234|1575|1575|982361894|
Examples
This example shows how to enable QoS-statistics data export for a class map:
Router(config)# mls qos statistics-export class-map class3Router(config)#Related Commands
Sets the QoS-statistics data-export field delimiter.
Displays information about the MLS-statistics data-export status and configuration.
mls qos statistics-export delimiter
To set the QoS-statistics data-export field delimiter, use the mls qos statistics-export delimiter command. To return to the default settings, use the no form of this command.
mls qos statistics-export delimiter
no mls qos statistics-export delimiter
Syntax Description
This command has no arguments or keywords.
Command Default
The default delimiter is the pipe character (|).
Command Modes
Global configuration (config)
Command History
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
You must enable data export globally to set up data export on your Catalyst 6500 series switch.
Examples
This example shows how to set the QoS-statistics data-export field delimiter (a comma) and verify the configuration:
Router(config)# mls qos statistics-export delimiter ,Router(config)#Related Commands
Displays information about the MLS-statistics data-export status and configuration.
mls qos statistics-export destination
To configure the QoS-statistics data-export destination host and UDP port number, use the mls qos statistics-export destination command. To return to the default settings, use the no form of this command.
mls qos statistics-export destination {host-name | host-ip-address} {{port port-number} | syslog} [facility facility-name] [severity severity-value]
Syntax Description
Command Default
The default is none unless syslog is specified. If syslog is specified, the defaults are as follows:
•
•
•
Command Modes
Global configuration (config)
Command History
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
Valid facility values are as follows:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Valid severity levels are as follows:
•
•
•
•
•
•
•
•
Examples
This example shows how to specify the destination host address and syslog as the UDP port number:
Router(config)# mls qos statistics-export destination 172.20.52.3 syslogRouter(config)#Related Commands
Displays information about the MLS-statistics data-export status and configuration.
mls qos statistics-export interval
To specify how often a port and/or aggregate-policer QoS-statistics data is read and exported, use the mls qos statistics-export interval command. To return to the default settings, use the no form of this command.
mls qos statistics-export interval interval
no mls qos statistics-export interval
Syntax Description
Command Default
300 seconds
Command Modes
Global configuration (config)
Command History
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
The interval needs to be short enough to avoid counter wraparound with the activity in your configuration.
Caution
Examples
This example shows how to set the QoS-statistics data-export interval:
Router(config)# mls qos statistics-export interval 250Router(config)#Related Commands
Displays information about the MLS-statistics data-export status and configuration.
mls qos trust
To set the trusted state of an interface, use the mls qos trust command. To set an interface to the untrusted state, use the no form of this command.
mls qos trust [cos | dscp | ip-precedence]
no mls qos trust
Syntax Description
Command Default
The defaults for LAN interfaces and WAN interfaces on the OSMs are as follows:
•
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
You can enter the mls qos trust command to set the trusted state of an interface. For example, you can set whether the packets arriving at an interface are trusted to carry the correct CoS, ToS, and DSCP classifications.
The cos keyword is not supported for pos or atm interface types.
You cannot configure the trust state on FlexWAN modules.
You cannot configure the trust state on 1q4t LAN ports except for Gigabit Ethernet ports.
Ingress-queue drop thresholds are not implemented when you enter the mls qos trust cos command on 4-port Gigabit Ethernet WAN modules.
Use the set qos-group command to set the trust state on Layer 2 WAN interfaces.
Examples
This example shows how to set the trusted state of an interface to IP precedence:
Router(config-if)# mls qos trust ip-precedenceRouter(config-if)#Related Commands
mls qos trust extend
To configure the trust mode of the phone, use the mls qos trust extend command. To return to the default settings, use the no form of this command.
mls qos trust extend [cos value]
no mls qos trust extend
Syntax Description
cos value
(Optional) Specifies the CoS value that is used to remark the packets from the PC; valid values are from 0 to 7.
Command Default
The default settings are as follows:
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
This command is not supported on WAN modules.
If you set the phone to trusted mode, all the packets from the PC are sent untouched directly through the phone to the Catalyst 6500 series switch. If you set the phone to untrusted mode, all the traffic coming from the PC are remarked with the configured CoS value before being sent to the Catalyst 6500 series switch.
Each time that you enter the mls qos trust extend command, the mode is changed. For example, if the mode was previously set to trusted, if you enter the command, the mode changes to untrusted. Enter the show queueing interface command to display the current trust mode.
Examples
This example shows how to set the phone that is attached to the switch port in trust mode:
Router(config-if)# interface fastethernet5/1Router(config-if)# mls qos trust extendRouter(config-if)#This example shows how to change the mode to untrusted and set the remark CoS value to 3:
Router(config-if)# interface fastethernet5/1Router(config-if)# mls qos trust extend cos 3Router(config-if)#This example shows how to set the configuration to the default mode:
Router(config-if)# interface fastethernet5/1Router(config-if)# no mls qos trust extendRouter(config-if)#Related Commands
mls qos vlan-based
To enable per-VLAN QoS for a Layer 2 interface, use the mls qos vlan-based command. To disable per-VLAN QoS for a Layer 2 interface, use the no form of this command.
mls qos vlan-based
no mls qos vlan-based
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
This command is supported on switch-port and port-channel interfaces only.
In VLAN-based mode, the policy map that is attached to the Layer 2 interface is ignored, and QoS is driven by the policy map that is attached to the corresponding VLAN interface.
You can configure per-VLAN QoS only on Layer 2 interfaces.
Note
Examples
This example shows how to enable per-VLAN QoS for a Layer 2 interface:
Router(config-if)# mls qos vlan-basedRouter(config-if)#Related Commands
Enables the microflow policing for bridged traffic on Layer 3 LAN interfaces.
Defines the default CoS value for an interface.
Displays queueing information.
mls rate-limit all
To enable and set the rate limiters common to unicast and multicast packets, use the mls rate-limit all command. To disable the rate limiters, use the no form of this command.
mls rate-limit all {mtu-failure | ttl-failure} pps [packets-in-burst]
no mls rate-limit all {mtu-failure | ttl-failure}
Syntax Description
Command Default
The Layer 2 rate limiters are off by default. If you enable and set the rate limiters, the default packets-in-burst is 10.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Rate limiters can rate limit packets that are punted from the data path in the hardware up to the data path in the software. Rate limiters protect the control path in the software from congestion by dropping the traffic that exceeds the configured rate.
Examples
This example shows how to set the TTL-failure limiter for unicast and multicast packets:
Router(config)# mls rate-limit all ttl-failure 15Router(config)#Related Commands
mls rate-limit layer2
To enable and rate limit the control packets in Layer 2, use the mls rate-limit layer2 command. To disable the rate limiter in the hardware, use the no form of this command.
mls rate-limit layer2 {pdu | l2pt | port-security} pps [packets-in-burst]
no mls rate-limit layer2 [pdu | l2pt | port-security]
Syntax Description
Command Default
The default settings are as follows:
•
•
Command Modes
Global configuration (config)
Command History
Usage Guidelines
You cannot configure the Layer 2 rate limiters if the global switching mode is set to truncated mode.
For the port-security pps keywords and argument, use the following guidelines:
•
•
•
Rate limiters control packets as follows:
•
–
–
–
•
•
The Layer 2 control packets are as follows:
•
•
•
•
If the rate of the traffic exceeds the configured rate, the excessive packets are dropped at the hardware.
The pdu and l2pt rate limiters use specific hardware rate-limiter numbers only, such as 9 through 12. Enter the show mls rate-limit usage command to display the available rate-limiter numbers. The available numbers are displayed as "Free" in the output field. If all four rate limiters are in use by other features, a system message is displayed telling you to turn off a feature to rate limit the control packets in Layer 2.
When a MAC move occurs and a packet is seen on two ports, the packet is redirected to the software. If one of those ports has the violation mode set to restrict or protect, the packet is dropped in software. You can use the port-security rate limiter to throttle the amount of such packets redirected to software . This helps in protecting the software from high traffic rates.
Examples
This example shows how to enable and set the rate limiters for the protocol-tunneling packets in Layer 2:
Router(config)# mls rate-limit layer2 l2pt 3000Router(config)#This example shows how to configure the port-security rate limiter:
Router(config)# mls rate-limit layer2 port-security 500Router(config)# endRelated Commands
mls rate-limit multicast ipv4
To enable and set the rate limiters for the IPv4 multicast packets, use the mls rate-limit multicast ipv4 command. To disable the rate limiters, use the no form of this command.
mls rate-limit multicast ipv4 {connected | fib-miss | igmp | ip-option | partial | non-rpf} pps [packets-in-burst]
no mls rate-limit multicast ipv4 {connected | fib-miss | igmp | ip-option | partial | non-rpf}
Syntax Description
Command Default
The defaults are as follows:
•
•
•
•
Command Modes
Global configuration (config)
Command History
Usage Guidelines
You cannot configure the IPv4 rate limiters if the global switching mode is set to truncated mode.
The rate limiters can rate limit the packets that are punted from the data path in the hardware up to the data path in the software. The rate limiters protect the control path in the software from congestion and drop the traffic that exceeds the configured rate.
The ip-option keyword is supported in PFC3BXL or PFC3B mode only.
Examples
This example shows how to set the rate limiters for the multicast packets failing the RPF check:
Router(config)# mls rate-limit multicast ipv4 non-rpf 100Router(config)#This example shows how to set the rate limiters for the multicast packets during a partial SC state:
Router(config)# mls rate-limit multicast ipv4 partial 250Router(config)#This example shows how to set the rate limiters for the FIB-missed multicast packets:
Router(config)# mls rate-limit multicast ipv4 fib-miss 15Router(config)#Related Commands
mls rate-limit multicast ipv6
To configure the IPv6 multicast rate limiters, use the mls rate-limit multicast ipv6 command. To disable the rate limiters, use the no form of this command.
mls rate-limit multicast ipv6 {connected pps [packets-in-burst]} | {rate-limiter-name {share {auto | target-rate-limiter}}}
no mls rate-limit multicast ipv6 {connected | rate-limiter-type}
Syntax Description
Command Default
If the burst is not set, a default of 100 is programmed for multicast cases.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The rate-limiter-name argument must be a rate limiter that is not currently programmed.
The target-rate-limiter argument must be a rate limiter that is programmed in the hardware and must be the first rate limiter programmed for its group.
Table 2-23 lists the IPv6 rate limiters and the class of traffic that each rate limiter serves.
You can configure rate limiters for IPv6 multicast traffic using one of the following methods:
•
Router(config)# mls rate-limit multicast ipv6 default-drop 1000 20•
Router(config)# mls rate-limit multicast ipv6 route-cntl share default-dropIf the target rate limiter is not configured, a message displays that the target rate limiter must be configured for it to be shared with other rate limiters.
•
Router(config)# mls rate-limit multicast ipv6 route-cntl share autoExamples
This example shows how to set the rate limiters for the IPv6 multicast packets from a directly connected source:
Router(config)# mls rate-limit multicast ipv6 connected 1500 20Router(config)#This example shows shows how to configure a direct association of the rate limiters for a traffic class:
Router(config)# mls rate-limit multicast ipv6 default-drop 1000 20Router(config)#This example shows how to configure the static sharing of a rate limiter with another preconfigured rate limiter:
Router(config)# mls rate-limit multicast ipv6 route-cntl share default-dropRouter(config)#This example shows how to enable dynamic sharing for the route-cntrl rate limiter:
Router(config)# mls rate-limit multicast ipv6 route-cntl share autoRouter(config)#Related Commands
mls rate-limit unicast acl
To enable and set the ACL-bridged rate limiters, use the mls rate-limit unicast acl command. To disable the rate limiters, use the no form of this command.
mls rate-limit unicast acl {input | output | vacl-log} {pps [packets-in-burst]}
no mls rate-limit unicast acl {input | output | vacl-log}
Syntax Description
Command Default
The defaults are as follows:
•
•
•
•
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The rate limiters can rate limit the packets that are punted from the data path in the hardware up to the data path in the software. The rate limiters protect the control path in the software from congestion and drop the traffic that exceeds the configured rate.
When setting the pps, valid values are as follows:
•
•
You cannot change the vacl-log packets-in-burst keyword and argument; it is set to 1 by default.
Some cases (or scenarios) share the same hardware register. These cases are divided into the following two groups:
•
–
–
•
