Configuring Multilayer Switching
The basal tasks for configuring multilayer switching accommodate the following:
1 Enabling MLSP.
2 Allotment a VLAN ID to a avenue processor interface.
3 Adding the interfaces to the aforementioned VLAN Trunking Agreement (VTP) area as the switch.
4 Enabling MLS on every interface.
5 Configuring the MLS Administration interface.
6 Verifying MLS on an MLS-RP.
Before you can configure MLS for a specific VLAN or interface, you charge globally accredit the
MLSP that operates amid the avenue processor and the switch.
To accredit MLSP on the avenue processor, admission the afterward command in all-around configuration
mode:
Router(config)#mls rp ip
Example 8-2 states that the MLS-RP is configured to multilayer about-face baffled IP packets using
MLSP. As of 12.0, MLS additionally routes Internetwork Packet Exchange (IPX) packets.
To attenuate MLS on the avenue processor/RSM, admission the no mls rp ip command in global
configuration mode.
In Cisco’s MLS implementation, Layer 3 switches IP IPX, and IP multicast packets. Any other
packets are baffled as in a non-Layer 3 switched network.
MLS is interVLAN routing. Multilayer switches accomplish forwarding decisions based aloft which
ports are configured for which VLANs. Internal avenue processors and ISL-configured links
inherently use VLAN IDs to analyze interfaces. Alien avenue processor interfaces have
Example 8-2 Free the MLS-RP Is Configured
Router#show run
Building configuration...
Current configuration:
!
version 11.3
service timestamps alter uptime
service timestamps log uptime
no account password-encryption
!
hostname Router
!
!
mls rp ip
!
276 Chapter 8: Multilayer Switching
knowledge apropos subnets but not VLANs. Therefore, MLS requires that anniversary alien route
processor interface accept a VLAN ID assigned to it.
To accredit a VLAN ID to a avenue processor interface, admission the afterward commands in interface
configuration mode:
Router (config)#interface interface number
Router (config-if)#mls rp vlan-id vlan-id-num
where vlan-id-num represents the VLAN assigned to this interface.
To abolish an interface from a VLAN, admission the no mls rp vlan-id vlan-id-num command.
Removing the VLAN ID from an interface disables MLS for that interface. Figure 8-4
demonstrates how to use these commands to accredit a VLAN ID to a avenue processor interface.
Figure 8-4 Allotment a VLAN ID
After you actuate which avenue processor interfaces will be MLS interfaces, you charge add the
interfaces to the aforementioned VTP area as the switch. Both the about-face and the MLS interfaces must
be in the aforementioned domain. If the about-face is not assigned to a VTP domain, you do not charge to
perform this task.
To abode an alien avenue processor interface in the aforementioned VTP area as the switch, admission the
following commands in interface agreement mode:
Router(config) interface interface number
Router(config-if)# mls rp vtp-domain domain-name
where domain-name is the name of the VTP area in which the about-face resides.
For an ISL interface, admission the mls rp vtp-domain command alone on the primary interface. All
subinterfaces that are allotment of the primary interface accede the VTP area of the primary
interface.
The active agreement in Example 8-3 states that the VLAN41 interface of the MLS-RP is
configured to abide in the Rigel2 VTP domain.
VLAN 10
Router (config)#int Fastethernet 0
Router (config-if)#nls rp vlan-id 10
FE0
Configuring Multilayer Switching 277
To abolish the MLS interface from a VTP domain, admission the no mls rp vtp-domain domainname
command.
Displaying VTP Area Information
Sometimes seeing VTP area advice is useful. The appearance mls rp vtp-domain command
allows you to see area advice for a specific VTP domain:
Router#show mls rp vtp-domain vtp area name
The affectation consistent from this command (see Example 8-4) shows a subset of the appearance mls rp
command display. The afterward advice is a aftereffect of arising the appearance mls rp vtp-domain
command:
• The name of the VTP domain(s) in which the MLS-RP interfaces reside.
• Statistical advice for anniversary VTP domain.
• The cardinal of administration interfaces authentic for the MLS-RP.
• The cardinal of VLANs in this area configured for MLS.
• The ID of anniversary VLAN configured for this area MAC address.
• The cardinal of MLS-SEs of which the router or RSM has ability of in this domain.
• The MAC abode of anniversary about-face in this domain.
Example 8-3 Free the VTP Area of the MLS-RP VLAN Interface
Router#show run
Building configuration...
(Text deleted)
mls rp ip
!
!
interface Vlan1
ip abode 172.16.1.168 255.255.255.0
!
interface Vlan41
ip abode 172.16.41.168 255.255.255.0
mls rp vtp-domain Rigel2
278 Chapter 8: Multilayer Switching
Enabling MLS
MLS is enabled on a per-interface basis. Just because you put an interface into a accurate VTP
domain doesn’t beggarly that you’ve activated MLS. MLS charge be enabled on every interface that
you admiration to participate in Layer 3 switching.
On a router or RSM interface, admission the afterward command in interface agreement approach in
order to accredit MLS:
Router (config-if)#mls rp ip
The active agreement in Example 8-5 shows that the VLAN19 interface of the MLS-RP is
enabled to participate in MLS.
To attenuate MLS on an interface, admission the no mls rp ip command.
Example 8-4 Displaying VTP Area Information
router# appearance mls rp vtp-domain WBU
vlan area name: WBU
current breeze mask: ip-flow
current arrangement number: 80709115
current/maximum retry count: 0/10
current area state: no-change
current/next all-around purge: false/false
current/next abolition count: 0/0
domain uptime: 13:07:36
keepalive timer expires in 8 seconds
retry timer not running
change timer not running
fcp subblock calculation = 7
1 administration interface(s) currently defined:
vlan 1 on Vlan1
7 mac-vlan(s) configured for multi-layer switching:
mac 00e0.fefc.6000
vlan id(s)
1 10 91 92 93 95 100
router currently acquainted of afterward 1 switch(es):
switch id 0010.1192.b5ff
Configuring Multilayer Switching 279
VTP Area Issues
When a avenue processor resides in a VTP area added than the area in which the switch
resides, the about-face cannot multilayer about-face frames for that router. There are several agency in
which a avenue processor and about-face can end up in altered VTP domains as follows:
• You can advisedly abode both accessories in abstracted domains.
• You can misname or mistype the VTP area back configuring either the about-face or route
processor.
• You can admission the MLS interface command above-mentioned to putting the interface in a VTP domain.
Configuring an interface for MLS by allotment the interface to a VTP area above-mentioned to assigning
it to a VTP domainplaces that interface in the absent domain. Back the interface resides in a null
domain, it cannot participate in MLS with the switch.
To abolish the MLS interface from a absent VTP domain, attenuate MLS on the interface.
MLS Administration Interface
When a RSM or router is configured to participate in MLS, the accessory uses the MLSP to send
Hello messages, acquaint acquisition changes, and advertise the VLANs or MAC addresses of
those interfaces on the accessories accommodating in MLS. One interface on the MLS-RP charge be
identified as the administration interface through which MLSP packets are beatific and received. The
MLSP administration interface can be any MLS interface affiliated to the switch.
Only one administration interface needs to be specified. If no administration interface is
configured, however, MLSP letters will not be sent.
Example 8-5 Free that the MLS-RP VLAN Interface is Enabled for Multilayer Switching
Router#show run
Building configuration...
(Text Deleted)
mls rp ip
!
!
interface Vlan1
ip abode 172.16.1.168 255.255.255.0
!
interface Vlan19
ip abode 172.16.41.168 255.255.255.0
mls rp vtp-domain san-fran
mls rp ip
280 Chapter 8: Multilayer Switching
Multiple interfaces on the aforementioned avenue processor can be configured as a administration interface;
however, this activity increases the administration aerial per avenue processor. Cisco does not
recommend this practice.
To analyze a administration interface on an RSM or router, admission the afterward command in
interface agreement mode:
Router(config-if)#mls rp management-interface
To attenuate the administration interface, admission the no mls rp management-interface command in
interface agreement mode.
The active agreement in Example 8-6 states that the VLAN41 interface on the MLS-RP is
configured as the administration interface.
Verifying MLS-RP
To verify the MLS agreement for an MLS-RP, admission the afterward command in privileged
EXEC mode:
Router#show mls rp
The affectation consistent from this command (see Example 8-7) shows the afterward information:
• Whether MLS is globally enabled or disabled.
• The MLS ID for this MLS-RP.
• The MLS IP abode for this MLS-RP.
• The MLS breeze mask.
• The name of the VTP domain(s) in which the MLS-RP interfaces reside.
• Statistical advice for anniversary VTP domain.
Example 8-6 Free if the MLS-RP VLAN Interface Is Configured as the Administration Interface
Router#show run
Building configuration...
(Text Deleted)
mls rp ip
!
!
interface Vlan1
ip abode 172.16.1.168 255.255.255.0
!
interface Vlan41
ip abode 172.16.41.168 255.255.255.0
mls rp vtp-domain bcmsn
mls rp management-interface
mls rp ip
Configuring Multilayer Switching 281
• The cardinal of administration interfaces authentic for the MLS-RP.
• The cardinal of VLANs configured for MLS.
• The ID of anniversary VLAN configured for this MAC address.
• The cardinal of MLS-SEs to which the router or RSM is connected.
• The MAC abode of anniversary switch.
Each MLSP-RP is articular to the about-face by both the MLS ID and MLS IP abode of the route
processor. The MLS ID is the MAC abode of the avenue processor. The MLS-RP automatically
selects the IP abode of one of its interfaces and uses that IP abode as its MLS IP address.
The MLS-SE uses the MLS ID as a free agency for establishing entries in the MLS
cache.
Example 8-7 Displaying MLS RP Information
router# appearance mls rp
multilayer switching is globally enabled
mls id is 00e0.fefc.6000
mls ip abode 10.20.26.64
mls breeze affectation is ip-flow
vlan area name: WBU
current breeze mask: ip-flow
current arrangement number: 80709115
current/maximum retry count: 0/10
current area state: no-change
current/next all-around purge: false/false
current/next abolition count: 0/0
domain uptime: 13:03:19
keepalive timer expires in 9 seconds
retry timer not running
change timer not running
fcp subblock calculation = 7
1 administration interface(s) currently defined:
vlan 1 on Vlan1
7 mac-vlan(s) configured for multi-layer switching:
mac 00e0.fefc.6000
vlan id(s)
1 10 91 92 93 95 100
router currently acquainted of afterward 1 switch(es):
switch id 0010.1192.b5ff
282 Chapter 8: Multilayer Switching
This MLS IP abode is acclimated in the afterward situations:
• By the MLS-RP and the MLS-SE back sending MLS statistics to a abstracts collection
application.
• In the included MLS avenue processor account on the switch.
To verify the MLS agreement for a specific interface, admission the afterward command in
privilege EXEC mode:
Router#show mls rp interface interface number
The affectation consistent from this command shows the afterward information:
• Whether MLS is configured on the interface.
• The VTP area in which the VLAN ID resides.
• Whether this interface is configured as the administration interface for the MLS-RP.
If the interface is not configured for MLS, the appearance mls rp ip command displays the following
message:
Router#show mls rp ip interface Vlan41
mls not configured on Vlan41
Flow Masks
The MLS-SE uses breeze affectation modes to actuate how packets are compared to MLS entries in
the MLS cache. The breeze affectation approach is based on the admission lists configured on the MLS router
interfaces. The MLS-SE learns the breeze affectation through MLSP letters from anniversary MLS-RP for
which the MLS-SE is assuming Layer 3 switching.
MLS-SE supports alone one breeze affectation for all MLS-RPs that are serviced by the MLS-SE. If the
MLS-SE detects altered breeze masks from altered MLS-RPs for which the MLS-SE is
performing Layer 3 switching, the MLS-SE changes its breeze affectation to the best specific flow
mask detected. However, if a added specific flowmask is in effect, a beneath specific breeze affectation then
is applied.
The MLS-SE supports three breeze affectation modes as follows:
• Destination-IP—The absence breeze affectation mode, Destination-IP represents the leastspecific
flow mask. The MLS-SE maintains one MLS admission for anniversary destination IP
address. All flows to a accustomed destination IP abode use this MLS entry. This approach is used
if no admission lists are configured on any of the MLS router interfaces.
• Source-Destination-IP—The MLS-SE maintains one MLS admission for anniversary antecedent and
destination IP abode pair. All flows amid a accustomed antecedent and destination use this MLS
entry behindhand of the IP agreement ports. This approach is acclimated if a accepted admission account is on
any of the MLS interfaces.
Flow Masks 283
• IP-Flow—This approach represents the best specific breeze mask. The MLS-SE creates and
maintains a abstracted MLS accumulation admission for every IP flow. An IP-Flow admission includes the
source IP address, destination IP address, protocol, and agreement ports. This approach is used
if there is an continued admission account on any MLS interface.
When the MLS-SE breeze affectation changes, the absolute MLS accumulation is purged.
You can set a breeze affectation on the MLS-SE after applying an admission account on the avenue processor.
You use the set mls breeze command back you appetite to accumulation entries on a specific set of criteria
to consign breeze statistics but not to set an admission account on an interface. To set the breeze affectation on the
MLS-SE after ambience an admission account on a avenue processor interface, admission the following
command in advantage mode:
set mls breeze [destination | destination-source | full].
The keywords destination agency that you are applying the IP-Destination mode, destinationsource
means that you are applying Source-Destination-IP mode, and abounding agency that you are
applying IP-Flow mode. These altered modes were explained earlier.
Output Lists
Figure 8-5 illustrates an achievement admission account activated to the interface. In this case, the MLS-SE
learns of this change through the MLSP action and again enforces aegis for the flow.
Enforcement of the admission account would abolition any entries for flows on that interface from the MLS
cache.
Figure 8-5 Achievement Admission Lists
0000.0C14.2B00
192.168.8.17
0020.4613.d0e1
192.168.15.40
0020.4613.d0f0
192.168.1.83
Host A Host B
ip access-group 120 out
284 Chapter 8: Multilayer Switching
Any new flows would again be created based on the restrictions imposed by the admission list. The
next packet in the breeze becomes a applicant packet and the action of establishing a MLS cache
entry is initiated.
New entries are placed in the MLS accumulation already the antecedent packet in the breeze passes the test
conditions in the achievement admission ascendancy account (ACL).
Using options like log, reflexive, or accustomed armament the router to appraise every packet
before routing. Under MLS, the router does not appraise every packet; therefore, these options
are not allowed.
Input Admission Lists
As with achievement admission lists, agreement an ascribe admission account on an MLS-enabled interface purges the
MLS accumulation of all absolute flows for that interface.
Because the absence behavior for the ascribe admission account is to appraise and avenue all incoming
packets, however, all consecutive packets in the breeze amid Hosts A and B are routed.
Most ascribe admission lists can be implemented as achievement admission lists to accomplish the aforementioned effect.
Routers configured with Cisco IOS Release 11.3 or after will not automatically abutment input
access lists on an interface configured for MLS. If an interface is configured with an input
access list, all packets for a breeze that are destined for that interface go through the router. Even
if the router allows that flow, the breeze is not Layer 3 switched.
To accredit MLS to abet with ascribe admission lists, admission the afterward command in global
configuration mode:
Router(config)#mls rp ip input-acl
The active agreement in Example 8-8 states that ascribe ACLs on the MLS-RP are
configured to assignment in a MLS environment.
To abolish abutment for ascribe admission lists in an MLS environment, admission the no mls rp ip inputacl
command in all-around agreement mode.
Example 8-8 Free if Ascribe Admission Lists on the MLS-RP Can Operate in an MLS Environment
Router#show run
Building configuration...
Current configuration:
!
version 11.3
(Text Deleted)
mls rp nde-address 172.16.31.113
mls rp ip input-acl
mls rp ip
Configuring the MLS-SE