-
Cisco ME 6500 Series Cisco IOS Command Reference, 12.2ZU
-
Acronyms
-
Acknowledgments for Open-Source Software
-
channel-protocol to class-map
-
Command-Line Interface
-
action to channel-group
-
clear ca to copy /noverify
-
Quick Links to Catalyst 6500 Series Switch Cisco IOS Commands
-
Whole book PDF: Cisco ME 6500 Series Ethernet Switches Cisco IOS Command Reference, Release 12.2 ZU
-
Index
-
define interface-range to duplex
-
encapsulation to mls exclude
-
mls flow to pagp port
-
platform ip features sequential to process-min-time percent
-
Preface
-
rcv-queue to show bootvar
-
shutdown vlan to time-range
-
show cable-diag to show ip cache
-
show ip cef to show mls asic
-
show mls cef to show qm-sp
-
show queueing to show vtp
-
traceroute mac to username
-
verify to wrr-queue
-
wrr-queue cos to wrr-queue threshold
-
Table Of Contents
mls ip cef rpf interface-group
mls ip multicast (global configuration mode)
mls ip multicast (interface configuration mode)
mls ip multicast bidir gm-scan-interval
mls ip multicast consistency-check
mls ip multicast flow-stat-timer
mls ip nat netflow-frag-l4-zero
mls ip reflexive ndr-entry tcam
mls ipv6 acl compress address unicast
mls qos (global configuration mode)
mls qos (interface configuration mode)
mls qos statistics-export (global configuration mode)
mls qos statistics-export (interface configuration mode)
mls qos statistics-export aggregate-policer
mls qos statistics-export class-map
mls qos statistics-export delimiter
mls qos statistics-export destination
mls qos statistics-export interval
mls rate-limit unicast l3-features
mls rate-limit unicast vacl-log
mls rp ip (global configuration mode)
mls rp ip (interface configuration mode)
mode dot1q-in-dot1q access-gateway
monitor event-trace (global configuration)
name (MST configuration submode)
22mls flow
To configure the flow mask for NDE, use the mls flow command. To return to the default settings, use the no form of this command.
mls flow {{ip | ipv6} {destination | destination-source | full | interface-destination-source | interface-full | source}}
no mls flow {ip | ipv6}
Syntax Description
Defaults
The NDE flow mask is null.
Command Modes
Global configuration
Command History
Usage Guidelines
This command collects statistics information.
Examples
This example shows how to set the minimum flow mask for an extended access list for MLS IP:
Router(config)# mls flow ip fullRouter(config)#Related Commands
mls ip
To enable MLS IP for the internal router on the interface, use the mls ip command. To disable MLS IP on the interface, use the no form of this command.
mls ip
no mls ip
Syntax Description
This command has no arguments or keywords.
Defaults
Multicast is disabled.
Command Modes
Interface configuration
Command History
Examples
This example shows how to enable shortcuts for MLS IP:
Router(config-if)# mls ipRouter(config-if)#Related Commands
Allows the external systems to enable MLS IP on a specified interface.
Displays the MLS IP information.
mls ip acl port expand
To enable ACL-specific features for Layer 4, use the mls ip acl port expand command. To disable the ACL-specific Layer 4 features, use the no form of this command.
mls ip acl port expand
no mls ip acl port expand
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
Examples
This example shows how to enable the expansion of ACL logical operations on Layer 4 ports:
Router(config)# mls ip acl port expandRouter(config)#mls ip cef load-sharing
To configure the CEF load balancing, use the mls ip cef load-sharing command. To return to the default settings, use the no form of this command.
mls ip cef load-sharing [full [exclude-port {destination | source}]] [simple]
no mls ip cef load-sharing
Syntax Description
Defaults
Source IP address and universal identification
Command Modes
Global configuration
Command History
Usage Guidelines
The mls ip cef load-sharing command affects the IPv4 forwardings.
The mls ip cef load-sharing command is structured as follows:
•
mls ip cef load-sharing full—Uses Layer 3 and Layer 4 information with multiple adjacencies.
•
•
For additional guidelines, refer to the Cisco ME 6500 Series Ethernet Switch Cisco IOS Software Configuration Guide.
Examples
This example shows how to set load balancing to include Layer 3 and Layer 4 ports with multiple adjacencies:
Router(config)# mls ip cef load-sharing fullRouter(config)#This example shows how to set load balancing to exclude the destination Layer 4 ports and source and destination IP addresses (Layer 3) from the load-balancing algorithm:
Router(config)# mls ip cef load-sharing full exclude-port destinationRouter(config)#This example shows how to set load balancing to exclude the source Layer 4 ports and source and destination IP addresses (Layer 3) from the load-balancing algorithm:
Router(config)# mls ip cef load-sharing full exclude-port sourceRouter(config)#This example shows how to return to the default setting:
Router(config)# no mls ip cef load-sharingRouter(config)#Related Commands
mls ip cef rate-limit
To rate-limit CEF-punted data packets, use the mls ip cef rate-limit command. To disable the rate-limited CEF-punted data packets, use the no form of this command.
mls ip cef rate-limit pps
no mls ip cef rate-limit
Syntax Description
Defaults
No rate limit is configured.
Command Modes
Global configuration
Command History
Usage Guidelines
Certain denial-of-service attacks target the route processing engines of routers. Certain packets that cannot be forwarded by the PFC are directed to the MSFC for processing. Denial-of-service attacks can overload the route processing engine and cause routing instability when running dynamic routing protocols. You can use the mls ip cef rate-limit command to limit the amount of traffic that is sent to the MSFC to prevent denial-of-service attacks against the route processing engine.
This command rate limits all CEF-punted data packets including the following:
•
•
Setting the rate to a low value could impact the packets that are destined to the IP addresses of the local interfaces and the packets that require ARP. You should use this command to limit these packets to a normal rate and to avoid abnormal incoming rates.
For additional guidelines, refer to the Cisco ME 6500 Series Ethernet Switch Cisco IOS Software Configuration Guide.
Examples
This example shows how to enable and set rate limiting:
Router(config)# mls ip cef rate-limit 50000Router(config)#Related Commands
mls ip cef rpf interface-group
To define an interface group in the RPF-VLAN table, use the mls ip cef rpf interface-group command. To delete the interface group, use the no form of this command.
mls ip cef rpf interface-group group-number interface1 interface2 interface3 [...]
no mls ip cef rpf interface-group group-number interface1 interface2 interface3 [...]
Syntax Description
Defaults
No groups are configured.
Command Modes
Global configuration
Command History
Usage Guidelines
A single interface group contains three to six interfaces. You can configure up to four interface groups. For each interface group, the first four entries are installed in the hardware RPF-VLAN table.
Enter the interface as interface-type mod/port, where interface-type is gigabitethernet and mod is 1.
Separate each interface entry with a space. You do not have to include a space between the interface-type and the mod/port arguments. See the "Examples" section for a sample entry.
Examples
This example shows how to define an interface group:
Router(config)# mls ip cef rpf interface-group 0 gigabitethernet1/1 gigabitethernet1/2 gigabitethernet1/3 gigabitethernet1/4 gigabitethernet1/5 gigabitethernet1/6Router(config)#mls ip cef rpf multipath
To configure the RPF modes, use the mls ip cef rpf multipath command. To return to the default settings, use the no form of this command.
mls ip cef rpf multipath {interface-group | punt | pass}
Syntax Description
Defaults
punt
Command Modes
Global configuration
Command History
Usage Guidelines
The interface-group mode is similar to the pass mode but utilizes the RPF_VLAN global table for the RPF check. Packets from other multiple path prefixes always pass the RPF check.
You enter the mls ip cef rpf multipath interface-group command to define an RPF_VLAN table interface group. One interface group contains from three to six interfaces, and you can configure up to four interface groups. For each interface group, the first four entries are installed in the hardware RPF_VLAN table. For the prefix that has more than three multiple paths, and all paths except two are part of that interface group, the FIB entry of that prefix uses this RPF_VLAN entry.
Examples
This example shows how to redirect the RPF-failed packets to the route processor for multiple path prefix support:
Router(config)# mls ip cef rpf multipath interface-groupRouter(config)#Related Commands
mls ip delete-threshold
To delete the configured ACL thresholds, use the mls ip delete-threshold command.
mls ip delete-threshold acl-num
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
Usage Guidelines
The mls ip delete-threshold command is active only when you enable the mls ip reflexive ndr-entry tcam command.
Examples
This example shows how to delete an ACL threshold:
Router(config)# mls ip delete-threshold 223Router(config)#Related Commands
Installs the configured ACL thresholds.
Enables the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR.
mls ip directed-broadcast
To enable the hardware switching of the IP-directed broadcasts, use the mls ip directed-broadcast command. To return to the default settings, use the no form of this command.
mls ip directed-broadcast {exclude-router | include-router}
no mls ip directed-broadcast
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
The exclude-router and include-router keywords both support hardware switching, but exclude-router does not send a copy of the hardware-switched packets to the router. If you enter the include-router keyword, the router does not forward the IP-directed broadcast packet again.
In the default mode, IP-directed broadcast packets are not forwarded in the hardware; they are handled at the process level by the MSFC. The MSFC decision to forward or not forward the packet is dependent on the ip directed-broadcast command configuration.
There is no interaction between the ip directed-broadcast command and the mls ip directed-broadcast command. The ip directed-broadcast command involves software forwarding, and the mls ip directed-broadcast command involves hardware forwarding.
MLS IP-directed broadcast supports a secondary interface address.
Any packets that hit the CPU are not forwarded unless you add the ip directed-broadcast command to the same interface.
You can configure the MLS IP-directed broadcasts on a port-channel interface but not on the physical interfaces on the port-channel interface. If you want to add a physical interface to a port-channel group, the physical interface cannot have the MLS IP-directed broadcast configuration. You have to first remove the configuration manually and then add the physical interface to the channel group. If a physical interface is already part of a channel group, the CLI will not accept the mls ip directed-broadcast configuration command on that physical interface.
Examples
This example shows how to forward the IP-directed broadcast packet in the hardware to all hosts in the VLAN with the exception of the router:
Router(config-if)# mls ip directed-broadcast exclude-routerRouter(config-if)#This example shows how to forward the IP-directed broadcast packet in the hardware to all hosts in the VLAN:
Router(config-if)# mls ip directed-broadcast include-routerRouter(config-if)#Related Commands
mls ip install-threshold
To install the configured ACL thresholds, use the mls ip install-threshold command.
mls ip install-threshold acl-num
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
Usage Guidelines
The mls ip install-threshold command is active only when you enable the mls ip reflexive ndr-entry tcam command.
Examples
This example shows how to install an ACL threshold:
Router(config)# mls ip install-threshold 123Router(config)#Related Commands
Deletes configured ACL thresholds.
Enables the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR.
mls ip multicast (global configuration mode)
To enable MLS IP and configure the hardware switching globally, use the mls ip multicast command. To disable MLS IP, use the no form of this command.
mls ip multicast [capability]
mls ip multicast [vrf name] [connected | egress local | mfd | refresh-state | shared-tree-mfd | threshold ppsec]
no mls ip multicast [vrf]
Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
•
•
•
Command Modes
Global configuration
Command History
Usage Guidelines
Note
These optional keywords are not supported:
•
•
•
•
•
The threshold ppsec optional keyword and argument do not impact flows that are already populated in the hardware cache.
The expiration time refresh is updated when flow statistics are received from the Cisco ME 6500 series Ethernet switch (indicating that the traffic is received from the RPF interface).
Examples
This example shows how to enable the MLS IP shortcuts:
Router(config)# mls ip multicastRouter(config)#This example shows how to enable the hardware switching on a specific multicast route:
Router(config)# mls ip multicast vrf test1Router(config)#This example shows how to export the information about egress capability from the switch processor to the route processor:
Router(config)# mls ip multicast capabilityRouter(config)#This example shows how to populate the multicast expansion table with local Layer 3-routed interfaces:
Router(config)# mls ip multicast egress localRouter(config)#Related Commands
Enables external systems to establish IP shortcuts to the MSFC.
Displays the MLS IP information.
mls ip multicast (interface configuration mode)
To enable MLS IP shortcuts on the interface, use the mls ip multicast command. To disable MLS IP shortcuts on the interface, use the no form of this command.
mls ip multicast
no mls ip multicast
Syntax Description
This command has no arguments or keywords.
Defaults
Multicast is disabled.
Command Modes
Interface configuration
Command History
Examples
This example shows how to enable the MLS IP shortcuts:
Router(config-if)# mls ip multicastRouter(config-if)#Related Commands
mls ip multicast bidir gm-scan-interval
To set the RPF scan interval for the Bidir rendevous point, use the mls ip multicast bidir gm-scan-interval command. To disable the RPF scan interval for the Bidir rendevous point, use the no form of this command.
mls ip multicast bidir gm-scan-interval interval
no mls ip multicast bidir gm-scan-interval
Syntax Description
Defaults
10 seconds
Command Modes
Global configuration
Command History
Usage Guidelines
When you set the RPF scan interval for the Bidir rendevous point, you set the time that the periodic scan timer updates the RPF in the DF table for all Bidir rendevous points in the hardware.
Examples
This example shows how to set the RPF scan interval for the Bidir rendezvous point:
Router(config)# mls ip multicast bidir gm-scan-interval 30Router(config)#Related Commands
mls ip multicast connected
To enable the downloading of directly connected subnets globally, use the mls ip multicast connected command. To disable the downloading of directly connected subnets globally, use the no form of this command.
mls ip multicast connected
no mls ip multicast connected
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
Do not create directly connected subnets for the following cases:
•
•
•
In these cases, if you enable the downloading of directly connected subnets, the directly connected source hits the MMLS (*,G) entry and is switched using the MMLS (*,G) entry. The registers are not sent to the route processor (in the case of PIM-SM), and the (S,G) state is not created on the first hop (in the case of PIM-DM).
The subnet entry is installed in the TCAM entries with a shorter mask to catch directly connected sources before they hit such entries. You can punt traffic from directly connected sources to the MSFC. Once the MSFC sees this traffic, it can install an MMLS (S,G) entry for this source, which gets installed before the subnet entry in the TCAM. New packets from this source are now switched with the (S,G) entry.
Examples
This example shows how to enable the downloading of directly connected subnets:
Router(config)# mls ip multicast connectedRouter(config)#Related Commands
Enables MLS IP and configures the hardware switching globally.
Displays the MLS IP information.
mls ip multicast consistency-check
To enable and configure the hardware-shortcut consistency checker, use the mls ip multicast consistency-check command. To disable the consistency checkers, use the no form of this command.
mls ip multicast consistency-check [{settle-time seconds} | {type scan-mroute [count count-number] | {settle-time seconds}} | {period seconds}]
no mls ip multicast consistency-check
Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
Command Modes
Global configuration
Command History
Usage Guidelines
The oif entry is the outgoing interface of a multicast {*,G} or {source, group} flow.
The consistency checker scans the mroute table and assures that the multicast-hardware entries are consistent with the mroute table. Whenever an inconsistency is detected, the inconsistency is automatically corrected.
To display the inconsistency error, use the show mls ip multicast consistency-check command.
Examples
This example shows how to enable the hardware-shortcut consistency checker:
Router (config)# mls ip multicast consistency-checkRouter (config)#This example shows how to enable the hardware-shortcut consistency checker and configure the scan check of the mroute table:
Router (config)# mls ip multicast consistency-check type scan-mroute count 20 period 35Router (config)#This example shows how to enable the hardware-shortcut consistency checker and specify the period between scans:
Router (config)# mls ip multicast consistency-check type scan-mroute period 35Router (config)#Related Commands
show mls ip multicast consistency-check
Displays the MLS IP information.
mls ip multicast flow-stat-timer
To set the time interval between two consecutive batches of flow-statistics messages from the switch processor to the route processor, use the mls ip multicast flow-stat-timer command. To return to the default settings, use the no form of this command.
mls ip multicast flow-stat-timer num
no mls ip multicast flow-stat-timer
Syntax Description
num
Time interval between two consecutive batches of flow-statistics messages from the switch processor to the route processor.
Defaults
25 seconds
Command Modes
Global configuration
Command History
Examples
This example shows how to configure the time interval between two consecutive batches of flow-statistics messages from the switch processor to the route processor:
Router (config)# mls ip multicast flow-stat-timer 10Router (config)#Related Commands
mls ip multicast stub
To enable the support for non-RPF traffic drops for PIM sparse-mode stub networks, use the mls ip multicast stub command. To disable support for non-RPF traffic drops for PIM sparse-mode stub networks, use the no form of this command.
mls ip multicast stub
no mls ip multicast stub
Syntax Description
This command has no arguments or keywords.
Defaults
Multicast is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
The mls ip multicast stub command, creates the following filters on a routed interface or a VLAN:
•
This filter is meant to permit unicast and multicast packets from directly connected sources.
•
This filter allows packets to be sent from any source address to well-known multicast addresses; 224.0.0.0/24 is used by protocols such as PIM, OSPF, EIGRP, or NTP. Addresses in 224.0.1.0/24 are used by protocols such as AutoRP (224.0.1.39, 224.0.1.40).
•
This deny filter is meant to inhibit any multicast packets from nondirectly connected sources and is applied to the packets received on this interface or VLAN.
The permit IP multicast packets and the deny any other IP multicast packets filters are the same for all interfaces or VLANs to which you configure the mls ip multicast stub command. The permit IP packets from all addresses that are connected to the interface to any IP destination filter is different for each interface or VLAN.
Examples
This example shows how to enable the support for the non-RPF traffic drops for the PIM sparse-mode stub networks:
Router(config-if)# mls ip multicast stubRouter(config-if)#Related Commands
mls ip multicast threshold
To configure a threshold rate for installing hardware shortcuts, use the mls ip multicast threshold command. To deconfigure the threshold, use the no form of this command.
mls ip multicast threshold ppsec
no mls ip multicast threshold
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to prevent creation of MLS entries for short-lived multicast flows such as join requests.
If multicast traffic drops below the configured multicast rate threshold, all multicast traffic is routed by the MSFC.
This command does not affect already installed routes. For example, if you enter this command and the shortcuts are already installed, the shortcuts are not removed if they are disqualified. To apply the threshold to existing routes, clear the route and let it reestablish.
Examples
This example shows how to configure the IP MLS threshold to 10 packets per second:
Router (config)# mls ip multicast threshold 10Router (config)#Related Commands
Enables external systems to establish IP shortcuts to the MSFC.
Displays the MLS IP information.
mls ip nat netflow-frag-l4-zero
To zero out the Layer 4 information in the NetFlow lookup table for fragmented packets, use the mls ip nat netflow-frag-l4-zero command.
mls ip nat netflow-frag-l4-zero
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
Usage Guidelines
This command is supported in PFC3BXL or PFC3B mode only.
Use the mls ip nat netflow-frag-l4-zero command to prevent matching the first fragment to the NetFlow shortcut (normal operation) that is sent to the software. The next fragments that are sent to the software are translated based on the Layer 4 port information from the first fragment. The translation based on the Layer 4 port information from the first fragment occurs because there are no fragment bits for matching in the NetFlow key.
When there is a large feature configuration on an interface that requires a large number of ACL TCAM entries/masks that are programmed in TCAM, if the interface is configured as a NAT-inside interface, the feature configuration may not fit in the ACL TCAM and the traffic on the interface may get switched in the software.
Examples
This example shows how to zero out the Layer 4 information in the NetFlow lookup table for fragmented packets:
Router (config)# mls ip nat netflow-frag-l4-zeroRouter (config)#mls ip pbr
To enable the MLS support for policy-routed packets, use the mls ip pbr command. To disable the MLS support for policy-routed packets, use the no form of this command.
mls ip pbr [null0]
no mls ip pbr
Syntax Description
Defaults
MLS support for policy-routed packets is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
Note
When you enable the hardware-policy routing by entering the mls ip pbr command, all policy routing occurs in the hardware and is applied to all interfaces, regardless of which interface was configured for policy routing.
Use the null0 keyword when you have routed traffic only to enable the hardware support for the set interface null0 in the route maps.
Examples
This example shows how to enable the MLS support for policy-routed packets:
Router(config)# mls ip pbrRouter(config)#Related Commands
show tcam interface vlan acl
Displays information about the interface-based TCAM.
mls ip reflexive ndr-entry tcam
To enable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR, use the mls ip reflexive ndr-entry tcam command. To disable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR, use the no form of this command.
mls ip reflexive ndr-entry tcam
no mls ip reflexive ndr-entry tcam
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
When you enter the mls ip reflexive ndr-entry tcam command, the reflexive ACL dynamic entries are installed in TCAM instead of in NetFlow.
Examples
This example shows how to enable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR:
Router(config)# mls ip reflexive ndr-entry tcamRouter(config)#
