Configuring IP Multilayer Switching

Table Of Contents

Configuring IP Multilayer Switching

Configuring and Monitoring MLS

Configuring MLS on a Router

Monitoring MLS

Monitoring MLS for an Interface

Monitoring MLS Interfaces for VTP Domains

Configuring NetFlow Data Export

Specifying an NDE Address on the Router

Multilayer Switching Configuration Examples

Router Configuration Without Access Lists Example

Router Configuration with a Standard Access List Example

Router Configuration with an Extended Access List Example

Configuring IP Multilayer Switching

This chapter describes how to configure your network to perform IP Multilayer Switching (MLS). This chapter contains these sections:

• Configuring and Monitoring MLS

• Configuring NetFlow Data Export

• Multilayer Switching Configuration Examples

For a complete description of the commands in this chapter, refer to the the Cisco IOS Switching Services Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.

To identify the hardware platform or software image information associated with a feature, use the Feature Navigator on Cisco.com to search for information about the feature or refer to the software release notes for a specific release. For more information, see the section "Identifying Supported Platforms" in the chapter "Using Cisco IOS Software."

Note The information in this chapter is a brief summary of the information contained in the Catalyst 5000 Series Multilayer Switching User Guide. The commands and configurations described in this guide apply only to the devices that provide routing services. Commands and configurations for Catalyst 5000 series switches are documented in the Catalyst 5000 Series Multilayer Switching User Guide. For configuration information for the Catalyst 6000 series switch, see Configuring and Troubleshooting IP MLS on Catalyst 6000 with an MSFC or the "Configuring IP Multilayer Switching" chapter in the Catalyst 6500 Series MSFC (12.x) & PFC Configuration Guide.

Configuring and Monitoring MLS

To configure your Cisco router for MLS, perform the tasks described in the following sections. The first section contains a required task; the remaining tasks are optional. To ensure a successful MLS configuration, you must also configure the Catalyst switches in your network. For a full description for the Catalyst 5000 series, see the Catalyst 5000 Series Multilayer Switching User Guide. For a full description for the Catalyst 6000 series, see the "Configuring IP Multilayer Switching" chapter in the Catalyst 6500 Series MSFC (12.x) & PFC Configuration Guide. Only configuration tasks and commands for routers are described in this chapter.

• Configuring MLS on a Router (Required)

• Monitoring MLS (Optional)

• Monitoring MLS for an Interface (Optional)

• Monitoring MLS Interfaces for VTP Domains (Optional)

Configuring MLS on a Router

To configure MLS on your router, use the following commands beginning in global configuration mode. Depending upon your configuration, you might not have to perform all the steps in the procedure.

Command

Purpose

Step 1

Router(config)# mls rp ip

Globally enables MLSP. MLSP is the protocol that runs between the MLS-SE and the MLS-RP.

Step 2

Router(config)# interface type number

Selects a router interface.

Step 3

Router(config-if)# mls rp vtp-domain [domain-name]

Selects the router interface to be Layer 3 switched and then adds that interface to the same VLAN Trunking Protocol (VTP) domain as the switch. This interface is referred to as the MLS interface. This command is required only if the Catalyst switch is in a VTP domain.

Step 4

Router(config-if)# mls rp vlan-id [vlan-id-num]

Assigns a VLAN ID to the MLS interface. MLS requires that each interface has a VLAN ID. This step is not required for RSM VLAN interfaces or ISL-encapsulated interfaces.

Step 5

Router(config-if)# mls rp ip

Enables each MLS interface.

Step 6

Router(config-if)# mls rp management-interface

Selects one MLS interface as a management interface. MLSP packets are sent and received through this interface. This can be any MLS interface connected to the switch.

Repeat steps 2 through 5 for each interface that will support MLS.

Note The interface-specific commands in this section apply only to Ethernet, Fast Ethernet, VLAN, and Fast Etherchannel interfaces on the Catalyst RSM/Versatile Interface Processor 2 (VIP2) or directly attached external router.

To globally disable MLS on the router, use the following command in global configuration mode:

Command

Purpose

Router(config)# no mls rp ip

Disables MLS on the router.

Monitoring MLS

To display MLS details including specifics for MLSP, use the following commands in EXEC mode, as needed:

•MLS status (enabled or disabled) for switch interfaces and subinterfaces

•Flow mask used by this MLS-enabled switch when creating Layer 3-switching entries for the router

•Current settings of the keepalive timer, retry timer, and retry count

•MLSP-ID used in MLSP messages

•List of interfaces in all VTP domains that are enabled for MLS

Command

Purpose

Router# show mls rp

Displays MLS details for all interfaces.

After entering this command, you see this display:

router# show mls rp

multilayer switching is globally enabled
mls id is 00e0.fefc.6000
mls ip address 10.20.26.64
mls flow mask is ip-flow

vlan domain name: WBU
current flow mask: ip-flow
current sequence number: 80709115
current/maximum retry count: 0/10
current domain state: no-change
current/next global purge: false/false
current/next purge count: 0/0
domain uptime: 13:03:19
keepalive timer expires in 9 seconds
retry timer not running
change timer not running
fcp subblock count = 7

1 management interface(s) currently defined:
vlan 1 on Vlan1

7 mac-vlan(s) configured for multi-layer switching:

mac 00e0.fefc.6000
vlan id(s)
1 10 91 92 93 95 100

router currently aware of following 1 switch(es):
switch id 0010.1192.b5ff
Monitoring MLS for an Interface

To show MLS information for a specific interface, use the following command in EXEC mode:

Command

Purpose

Router# show mls rp [interface]

Displays MLS details for a specific interface.

After entering this command, you see this display:

router# show mls rp int vlan 10

mls active on Vlan10, domain WBU
router#
Monitoring MLS Interfaces for VTP Domains

To show MLS information for a specific VTP domain use the following command in EXEC mode:

Command

Purpose

Router# show mls rp vtp-domain [domain-name]

Displays MLS interfaces for a specific VTP domain.

After entering this command, you see this display:

router# show mls rp vtp-domain WBU

vlan domain name: WBU
current flow mask: ip-flow
current sequence number: 80709115
current/maximum retry count: 0/10
current domain state: no-change
current/next global purge: false/false
current/next purge count: 0/0
domain uptime: 13:07:36
keepalive timer expires in 8 seconds
retry timer not running
change timer not running
fcp subblock count = 7

1 management interface(s) currently defined:
vlan 1 on Vlan1

7 mac-vlan(s) configured for multi-layer switching:

mac 00e0.fefc.6000
vlan id(s)
1 10 91 92 93 95 100

router currently aware of following 1 switch(es):
switch id 0010.1192.b5ff

Configuring NetFlow Data Export

Note You need to enable NDE only if you will export MLS cache entries to a data collection application.

Perform the task in this section to configure your Cisco router for NDE. To ensure a successful NDE configuration, you must also configure the Catalyst switch. For a full description, see the Catalyst 5000 Series Multilayer Switching User Guide.

Specifying an NDE Address on the Router

To specify an NDE address on the router, use the following command in global configuration mode:

Command

Purpose

Router(config)# mls rp nde-address ip-address

Specifies an NDE IP address for the router doing the Layer 3 switching. The router and the Catalyst 5000 series switch use the NDE IP address when sending MLS statistics to a data collection application.

Multilayer Switching Configuration Examples

In these examples, VLAN interfaces 1 and 3 are in VTP domain named Engineering. The management interface is configured on the VLAN 1 interface. Only information relevant to MLS is shown in the following configurations:

• Router Configuration Without Access Lists Example

• Router Configuration with a Standard Access List Example

• Router Configuration with an Extended Access List Example

Router Configuration Without Access Lists Example

This sample configuration shows a router configured without access lists on any of the VLAN interfaces. The flow mask is configured to be destination-ip.

router# more system:running-config

Building configuration...

Current configuration:
.
.
.
mls rp ip

interface Vlan1
ip address 172.20.26.56 255.255.255.0
mls rp vtp-domain Engineering
mls rp management-interface
mls rp ip

interface Vlan2
ip address 172.16.2.73 255.255.255.0

interface Vlan3
ip address 172.16.3.73 255.255.255.0
mls rp vtp-domain Engineering
mls rp ip
.
.
end
router#
router# show mls rp

multilayer switching is globally enabled
mls id is 0006.7c71.8600
mls ip address 172.20.26.56
mls flow mask is destination-ip

number of domains configured for mls 1
vlan domain name: Engineering
current flow mask: destination-ip
current sequence number: 82078006
current/maximum retry count: 0/10
current domain state: no-change
current/next global purge: false/false
current/next purge count: 0/0
domain uptime: 02:54:21
keepalive timer expires in 11 seconds
retry timer not running
change timer not running

1 management interface(s) currently defined:
vlan 1 on Vlan1

2 mac-vlan(s) configured for multi-layer switching:

mac 0006.7c71.8600
vlan id(s)
1 3

router currently aware of following 1 switch(es):
switch id 00e0.fe4a.aeff
Router Configuration with a Standard Access List Example

This configuration is the same as the previous example but with a standard access list configured on the VLAN 3 interface. The flow mask changes to source-destination-ip.

.
interface Vlan3
ip address 172.16.3.73 255.255.255.0
ip access-group 2 out
mls rp vtp-domain Engineering
mls rp ip
.

router# show mls rp

multilayer switching is globally enabled
mls id is 0006.7c71.8600
mls ip address 172.20.26.56
mls flow mask is source-destination-ip

number of domains configured for mls 1
vlan domain name: Engineering
current flow mask: source-destination-ip
current sequence number: 82078007
current/maximum retry count: 0/10
current domain state: no-change
current/next global purge: false/false
current/next purge count: 0/0
domain uptime: 02:57:31
keepalive timer expires in 4 seconds
retry timer not running
change timer not running

1 management interface(s) currently defined:
vlan 1 on Vlan1

2 mac-vlan(s) configured for multi-layer switching:

mac 0006.7c71.8600
vlan id(s)
1 3

router currently aware of following 1 switch(es):
switch id 00e0.fe4a.aeff
Router Configuration with an Extended Access List Example

This configuration is the same as the previous examples but with an extended access list configured on the VLAN 3 interface. The flow mask changes to ip-flow.

.
interface Vlan3
ip address 172.16.3.73 255.255.255.0
ip access-group 101 out
mls rp vtp-domain Engineering
mls rp ip
.

router# show mls rp

multilayer switching is globally enabled
mls id is 0006.7c71.8600
mls ip address 172.20.26.56
mls flow mask is ip-flow

number of domains configured for mls 1
vlan domain name: Engineering
current flow mask: ip-flow
current sequence number: 82078009
current/maximum retry count: 0/10
current domain state: no-change
current/next global purge: false/false
current/next purge count: 0/0
domain uptime: 03:01:52
keepalive timer expires in 3 seconds
retry timer not running
change timer not running

1 management interface(s) currently defined:
vlan 1 on Vlan1

2 mac-vlan(s) configured for multi-layer switching:

mac 0006.7c71.8600
vlan id(s)
1 3

router currently aware of following 1 switch(es):
switch id 00e0.fe4a.aeff

	Command	Purpose
Step 1	Router(config)# mls rp ip	Globally enables MLSP. MLSP is the protocol that runs between the MLS-SE and the MLS-RP.
Step 2	Router(config)# interface type number	Selects a router interface.
Step 3	Router(config-if)# mls rp vtp-domain [domain-name]	Selects the router interface to be Layer 3 switched and then adds that interface to the same VLAN Trunking Protocol (VTP) domain as the switch. This interface is referred to as the MLS interface. This command is required only if the Catalyst switch is in a VTP domain.
Step 4	Router(config-if)# mls rp vlan-id [vlan-id-num]	Assigns a VLAN ID to the MLS interface. MLS requires that each interface has a VLAN ID. This step is not required for RSM VLAN interfaces or ISL-encapsulated interfaces.
Step 5	Router(config-if)# mls rp ip	Enables each MLS interface.
Step 6	Router(config-if)# mls rp management-interface	Selects one MLS interface as a management interface. MLSP packets are sent and received through this interface. This can be any MLS interface connected to the switch.
	Repeat steps 2 through 5 for each interface that will support MLS.