background image
Fundamentals of MLS
275
The MLS-SE stores the necessary information in cache, such as the source
and destination IP addresses, the source and destination MAC addresses,
and the MLS-RP-related MAC addresses. Using this information, the MLS-
SE is then capable of identifying packets belonging to a specific flow, rewrit-
ing the frame, and forwarding the packets to the proper destination.
Disabling MLS
There is a right way and a wrong way (not necessarily wrong, just unwanted)
to disable MLS on a router or switch. Both methods will be discussed here.
The Right Way
The normal, and correct, way to disable MLS depends on the equipment you
are using. Disabling MLS on a router can be paralleled with disabling MLS
on an MSFC for a 6500 series switch. The command is even the same: no
mls rp ip
issued from the interface on either the router or the MSFC. To
disable it completely, you can issue the same command from the global con-
figuration mode. The consequences of this action vary depending on the sys-
tem on which it is issued. When the command is issued on the router, the
router alone disables MLS. When it's issued on an MSFC, MLS is disabled
on the MSFC and the switch itself.
That's why there is a difference when different switches are used. When
you're using a 5000 series switch, MLS is disabled by default. However, on
a 6000 series switch, MLS is enabled by default. To disable MLS on a 5000
series switch, use the set mls disable command. On a 6000 series, MLS
should be disabled by issuing the no ip mls command on the MSFC.
The Wrong Way
There are several ways to inadvertently disable MLS on switches. Some are
temporary, and others are permanent. Here is a list of MSFC/router com-
mands that can disable MLS:
no ip routing
ip security
ip tcp compression-connections
ip tcp header-compression
clear ip route
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com