Configuring IPX Multilayer Switching

Table Of Contents

Configuring IPX Multilayer Switching

Prerequisites

Restrictions

General Configuration Guidelines

External Router Guidelines

Access List Restrictions

Restrictions on Interaction of IPX MLS with Other Features

Restriction on Maximum Transmission Unit Size

IPX MLS Configuration Task List

Adding an IPX MLS Interface to a VTP Domain

Enabling Multilayer Switching Protocol (MLSP) on the Router

Assigning a VLAN ID to a Router Interface

Enabling IPX MLS on a Router Interface

Specifying a Router Interface As a Management Interface

Verifying IPX MLS on the Router

Troubleshooting Tips

Monitoring and Maintaining IPX MLS on the Router

IPX MLS Configuration Examples

Configuring IPX Multilayer Switching

This chapter describes how to configure your network to perform IPX Multilayer Switching (MLS). This chapter contains these sections:

• Prerequisites

• Restrictions

• IPX MLS Configuration Task List

• Troubleshooting Tips

• Monitoring and Maintaining IPX MLS on the Router

• IPX MLS Configuration Examples

For a complete description of the commands in this chapter, refer to the the Cisco IOS Switching Services Command Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online.

To identify the hardware platform or software image information associated with a feature, use the Feature Navigator on Cisco.com to search for information about the feature or refer to the software release notes for a specific release. For more information, see the section "Identifying Supported Platforms" in the chapter "Using Cisco IOS Software."

Note The information in this chapter is a brief summary of the information contained in the Catalyst 5000 Series Multilayer Switching User Guide. The commands and configurations described in this guide apply only to the devices that provide routing services. Commands and configurations for Catalyst 5000 series switches are documented in the Catalyst 5000 Series Multilayer Switching User Guide.

Prerequisites

The following prerequisites must be met before IPX MLS can function:

•A VLAN interface must be configured on both the switch and the router. For information on configuring inter-VLAN routing on the RSM or external router, refer to the Catalyst 5000 Software Configuration Guide, Release 5.1.

•IPX MLS must be configured on the switch. For more information refer to the Catalyst 5000 Software Configuration Guide, Release 5.1 and the Catalyst 5000 Command Reference, Release 5.1.

IPX MLS must be enabled on the router. The minimal configuration steps are described in the section "IPX MLS Configuration Tasks." For more details on configuring IPX routing, refer to the Cisco IOS AppleTalk and Novell IPX Configuration Guide.

Restrictions

This section describes restrictions that apply to configuring IPX MLS on the router.

General Configuration Guidelines

Be aware of the following restrictions:

•You must configure the Catalyst 5000 series switch for IPX MLS to work.

•When you enable IPX MLS, the RSM or externally attached router continues to handle all non-IPX protocols, while offloading the switching of IPX packets to the MLS-SE.

•Do not confuse IPX MLS with NetFlow switching supported by Cisco routers. IPX MLS requires both the RSM or directly attached external router and the MLS-SE, but not NetFlow switching on the RSM or directly attached external router. Any switching path on the RSM or directly attached external router will function (process, fast, optimum, and so on).

External Router Guidelines

When using an external router, use the following guidelines:

•Use one directly attached external router per switch to ensure that the MLS-SE caches the appropriate flow information from both sides of the routed flow.

•Use Cisco high-end routers (Cisco 4500, 4700, 7200, and 7500 series) for IPX MLS when they are externally attached to the switch. Make the attachment with multiple Ethernet connections (one per subnet) or by using Fast or Gigabit Ethernet with Inter-Switch Link (ISL) or IEEE 802.1Q encapsulation.

•Connect end hosts through any media (Ethernet, Fast Ethernet, ATM, and FDDI), but connect the external router and the switch only through standard 10/100 Ethernet interfaces, ISL, or IEEE 802.1Q links.

Access List Restrictions

The following restrictions apply when you use access lists on interfaces that participate in IPX MLS:

•Input access lists—Router interfaces with input access lists cannot participate in IPX MLS. If you configure an input access list on an interface, no packets inbound or outbound for that interface are Layer 3 switched, even if the flow is not filtered by the access list. Existing flows for that interface are purged, and no new flows are cached.

Note You can translate input access lists to output access lists to provide the same effect on the interface.

•Output access lists—When an output access list is applied to an interface, the IPX MLS cache entries for that interface are purged. Entries associated with other interfaces are not affected; they follow their normal aging or purging procedures.

Applying access lists that filter according to packet type, source node, source socket, or destination socket prevents the interface from participating in IPX MLS.

Applying access lists that use the log option prevents the interface from participating in IPX MLS.

•Access list impact on flow masks—Access lists impact the flow mask mode advertised to the MLS-SE by an MLS-RP. If no access list has been applied on any MLS-RP interface, the flow mask mode is destination-ipx (the least specific) by default. If an access list that filters according to the source IPX network has been applied, the mode is source-destination-ipx by default.

Restrictions on Interaction of IPX MLS with Other Features

IPX MLS affects other Cisco IOS software features as follows:

•IPX accounting—IPX accounting cannot be enabled on an IPX MLS-enabled interface.

•IPX EIGRP—MLS is supported for EIGRP interfaces if the Transport Control (TC) maximum is set to a value greater than the default (16).

Restriction on Maximum Transmission Unit Size

In IPX the two endpoints of communication negotiate the maximum transmission unit (MTU) to be used. MTU size is limited by media type.

IPX MLS Configuration Task List

To configure one or more routers for IPX MLS, perform the tasks described in the following sections. The number of tasks you perform depends on your particular configuration.

• Adding an IPX MLS Interface to a VTP Domain (Optional)

• Enabling Multilayer Switching Protocol (MLSP) on the Router (Required)

• Assigning a VLAN ID to a Router Interface (Optional)

• Enabling IPX MLS on a Router Interface (Required)

• Specifying a Router Interface As a Management Interface (Required)

For examples of IPX MLS configurations, see the "IPX MLS Configuration Examples" section later in this document.

Adding an IPX MLS Interface to a VTP Domain

Caution Perform this configuration task only if the switch connected to your router interfaces is in a VTP domain. Perform the task before you enter any other IPX MLS interface command—specifically the mls rp ipx or mls rp management-interface command. If you enter these commands before adding the interface to a VTP domain, the interface will be automatically placed in a null domain. To place the IPX MLS interface into a domain other than the null domain, clear the IPX MLS interface configuration before you add the interface to another VTP domain. Refer to the section "Configuration, Verification, and Troubleshooting Tips" and the Catalyst 5000 Software Configuration Guide, Release 5.1.

Determine which router interfaces you will use as IPX MLS interfaces and add them to the same VTP domain as the switches.

To view the VTP configuration and its domain name on the switch, enter the show mls rp vtp-domain EXEC command at the switch Console> prompt.

To assign an MLS interface to a specific VTP domain on the MLS-RP, use the following command in interface configuration mode:

Command

Purpose

Router(config-if)# mls rp vtp-domain domain-name

Adds an IPX MLS interface to a VTP domain.

Enabling Multilayer Switching Protocol (MLSP) on the Router

To enable MLSP on the router, use the following command in global configuration mode:

Command

Purpose

Router(config)# mls rp ipx

Globally enables MLSP on the router. MLSP is the protocol that runs between the MLS-SE and MLS-RP.

Assigning a VLAN ID to a Router Interface

Note This task is not required for RSM VLAN interfaces (virtual interfaces), ISL-encapsulated interfaces, or IEEE 802.1Q-encapsulated interfaces.

To assign a VLAN ID to an IPX MLS interface, use the following command in interface configuration mode:

Command

Purpose

Router(config-if)# mls rp vlan-id vlan-id-number

Assigns a VLAN ID to an IPX MLS interface. The assigned IPX MLS interface must be either an Ethernet or Fast Ethernet interface with no subinterfaces.

Enabling IPX MLS on a Router Interface

To enable IPX MLS on a router interface, use the following command in interface configuration mode:

Command

Purpose

Router(config-if)# mls rp ipx

Enables a router interface for IPX MLS.

Specifying a Router Interface As a Management Interface

To specify an interface as the management interface, use the following command in interface configuration mode:

Command

Purpose

Router(config-if)# mls rp management-interface

Specifies an interface as the management interface. MLSP packets are sent and received through the management interface. Select only one IPX MLS interface connected to the switch.

Verifying IPX MLS on the Router

To verify that you have correctly installed IPX MLS on the router, perform the following steps:

Step 1 Enter the show mls rp ipx EXEC command.

Step 2 Examine the output to learn if the VLANs are enabled.

Step 3 Examine the output to learn if the switches are listed by MAC address, indicating they are recognized by the MLS-RP.

Troubleshooting Tips

If you entered either the mls rp ipx interface command or the mls rp management-interface interface command on the interface before assigning it to a VTP domain, the interface will be in the null domain, instead of the VTP domain.

To remove the interface from the null domain and add it to a new VTP domain, use the following commands in interface configuration mode:

Command

Purpose

Step 1

Router(config-if)# no mls rp ipx
Router(config-if)# no mls rp management-interface
Router(config-if)# no mls rp vtp-domain domain-name

Removes an interface from the null domain.

Step 2

Router(config-if)# mls rp vtp-domain domain-name

Adds the interface to a new VTP domain.

Monitoring and Maintaining IPX MLS on the Router

To monitor and maintain IPX MLS on the router, use the following command in EXEC mode, as needed:

Command

Purpose

Router# mls rp locate ipx

Displays information about all switches currently shortcutting for the specified IPX flow(s).

Router# show mls rp interface type number

Displays MLS details for a specific interface.

Router# show mls rp ipx

Displays details for all IPX MLS interfaces on the router:

•MLS status (enabled or disabled) for switch interfaces and subinterfaces.

•Flow mask required when creating Layer 3 switching entries for the router.

•Current settings for the keepalive timer, retry timer, and retry count.

•MLSP-ID used in MLSP messages.

•List of interfaces in all VTP domains enabled for MLS.

Router# show mls rp vtp-domain domain-name

Displays details about IPX MLS interfaces for a specific VTP domain.

IPX MLS Configuration Examples

ThisThis example consists of the following sections:

• IPX MLS Network Topology Example

• Operation Before IPX MLS Example

• Operation After IPX MLS Example

• Switch A Configuration

• Switch B Configuration

• Switch C Configuration

• MLS-RP Configuration

• Router with No Access Lists Configuration

• Configuring a Router with a Standard Access List Example

IPX MLS Network Topology Example

Figure 71 shows an IPX MLS network topology consisting of three Catalyst 5000 series switches and a Cisco 7505 router—all interconnected with ISL trunk links.

Figure 71 Example Network: IPX MLS with Cisco 7505 over ISL

The network is configured as follows:

•There are four VLANs (IPX networks):

–VLAN 1 (management VLAN), IPX network 1

–VLAN 10, IPX network 10

–VLAN 20, IPX network 20

–VLAN 30, IPX network 30

•The MLS-RP is a Cisco 7505 router with a Fast Ethernet interface (interface fastethernet2/0)

•The subinterfaces on the router interface have the following IPX network addresses:

–fastethernet2/0.1-IPX network 1

–fastethernet2/0.10-IPX network 10

–fastethernet2/0.20-IPX network 20

–fastethernet2/0.30-IPX network 30

•Switch A, the MLS-SE VTP server, is a Catalyst 5509 switch with Supervisor Engine III and the NFFC II.

•Switch B and Switch C are VTP client Catalyst 5505 switches.

Operation Before IPX MLS Example

Before IPX MLS is implemented, when the source host NC1 (on VLAN 10) sends traffic destined for destination server NS2 (on VLAN 30), Switch B forwards the traffic (based on the Layer 2 forwarding table) to Switch A over the ISL trunk link. Switch A forwards the packet to the router over the ISL trunk link.

The router receives the packet on the VLAN 10 subinterface, checks the destination IPX address, and routes the packet to the VLAN 30 subinterface. Switch A receives the routed packet and forwards it to Switch C. Switch C receives the packet and forwards it to destination server NS2. This process is repeated for each packet in the flow between source host NC1 and destination server NS2.

Operation After IPX MLS Example

After IPX MLS is implemented, when the source host NC1 (on VLAN 10) sends traffic destined for destination server NS2 (on VLAN 30), Switch B forwards the traffic (based on the Layer 2 forwarding table) to Switch A (the MLS-SE) over the ISL trunk link. When the first packet enters Switch A, a candidate flow entry is established in the MLS cache. Switch A forwards the packet to the MLS-RP over the ISL trunk link.

The MLS-RP receives the packet on the VLAN 10 subinterface, checks the destination IPX address, and routes the packet to the VLAN 30 subinterface. Switch A receives the routed packet (the enabler packet) and completes the flow entry in the MLS cache for the destination IPX address of NS2. Switch A forwards the packet to Switch C, where it is forwarded to destination server NS2.

Subsequent packets destined for the IPX address of NS2 are multilayer switched by the MLS-SE based on the flow entry in the MLS cache. For example, subsequent packets in the flow from source host NC1 are forwarded by Switch B to Switch A (the MLS-SE). The MLS-SE determines that the packets are part of the established flow, rewrites the packet headers, and switches the packets directly to Switch C, bypassing the router.

Switch A Configuration

This example shows how to configure Switch A (MLS-SE):

SwitchA> (enable) set vtp domain Corporate mode server
VTP domain Corporate modified
SwitchA> (enable) set vlan 10
Vlan 10 configuration successful
SwitchA> (enable) set vlan 20
Vlan 20 configuration successful
SwitchA> (enable) set vlan 30
Vlan 30 configuration successful
SwitchA> (enable) set port name 1/1 Router Link
Port 1/1 name set.
SwitchA> (enable) set trunk 1/1 on isl
Port(s) 1/1 trunk mode set to on.
Port(s) 1/1 trunk type set to isl.
SwitchA> (enable) set port name 1/2 SwitchB Link
Port 1/2 name set.
SwitchA> (enable) set trunk 1/2 desirable isl
Port(s) 1/2 trunk mode set to desirable.
Port(s) 1/2 trunk type set to isl.
SwitchA> (enable) set port name 1/3 SwitchC Link
Port 1/3 name set.
SwitchA> (enable) set trunk 1/3 desirable isl
Port(s) 1/3 trunk mode set to desirable.
Port(s) 1/3 trunk type set to isl.
SwitchA> (enable) set mls enable ipx
IPX Multilayer switching is enabled.
SwitchA> (enable) set mls include ipx 10.1.1.1
IPX Multilayer switching enabled for router 10.1.1.1.
SwitchA> (enable) set port name 3/1 Destination D2
Port 3/1 name set.
SwitchA> (enable) set vlan 20 3/1
VLAN 20 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
20 3/1

SwitchA> (enable)
Switch B Configuration

This example shows how to configure Switch B:

SwitchB> (enable) set port name 1/1 SwitchA Link
Port 1/1 name set.
SwitchB> (enable) set port name 3/1 Source S1
Port 3/1 name set.
SwitchB> (enable) set vlan 10 3/1
VLAN 10 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
10 3/1

SwitchB> (enable)
Switch C Configuration

This example shows how to configure Switch C:

SwitchC> (enable) set port name 1/1 SwitchA Link
Port 1/1 name set.
SwitchC> (enable) set port name 3/1 Destination D1
Port 3/1 name set.
SwitchC> (enable) set vlan 30 3/1
VLAN 30 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
30 3/1

SwitchC> (enable) set port name 4/1 Source S2
Port 4/1 name set.
SwitchC> (enable) set vlan 30 4/1
VLAN 30 modified.
VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
30 3/1
4/1

SwitchC> (enable)
MLS-RP Configuration

This example shows how to configure the MLS-RP:

mls rp ipx
interface fastethernet 2/0
full-duplex
mls rp vtp-domain Engineering
interface fastethernet2/0.1
encapsulation isl 1
ipx address 10.1.1.1 255.255.255.0
mls rp ipx
mls rp management-interface
interface fastethernet2/0.10
encapsulation isl 10
ipx network 10
mls rp ipx
interface fastethernet2/0.20
encapsulation isl 20
ipx network 20
mls rp ipx
interface fastethernet2/0.30
encapsulation isl 30
ipx network 30
mls rp ipx
This example shows how to configure the RSM VLAN interfaces with no access lists. Therefore, the flow mask mode is destination.

Building configuration...

Current configuration:
!
version 12.0

.
.
.
ipx routing 0010.0738.2917
mls rp ip
mls rp ipx

.
.
.
interface Vlan21
ip address 10.5.5.155 255.255.255.0
ipx network 2121
mls rp vtp-domain Engineering
mls rp management-interface
mls rp ip
mls rp ipx
!
interface Vlan22
ip address 10.2.2.155 255.255.255.0
ipx network 2222
mls rp vtp-domain Engineering
mls rp ip
mls rp ipx
!
.
.
.
end
Router# show run
Building configuration...
Current configuration:
!
version 12.0
!
interface Vlan22
ip address 10.2.2.155 255.255.255.0
ipx access-group 800 out
ipx network 2222
mls rp vtp-domain Engineering
mls rp ip
mls rp ipx
!

.
.
.
!
!
!

access-list 800 deny 1111 2222
access-list 800 permit FFFFFFFF FFFFFFFF

.
.
.
end

	Command	Purpose
Step 1	Router(config-if)# no mls rp ipx Router(config-if)# no mls rp management-interface Router(config-if)# no mls rp vtp-domain domain-name	Removes an interface from the null domain.
Step 2	Router(config-if)# mls rp vtp-domain domain-name	Adds the interface to a new VTP domain.

Command	Purpose
Router# mls rp locate ipx	Displays information about all switches currently shortcutting for the specified IPX flow(s).
Router# show mls rp interface type number	Displays MLS details for a specific interface.
Router# show mls rp ipx	Displays details for all IPX MLS interfaces on the router: •MLS status (enabled or disabled) for switch interfaces and subinterfaces. •Flow mask required when creating Layer 3 switching entries for the router. •Current settings for the keepalive timer, retry timer, and retry count. •MLSP-ID used in MLSP messages. •List of interfaces in all VTP domains enabled for MLS.
Router# show mls rp vtp-domain domain-name	Displays details about IPX MLS interfaces for a specific VTP domain.