You may become confused when trying to troubleshoot MLS because the commands you need to watch out
for are not directly related to MLS. Remember this basic rule: Any command that involves the router
examining each packet to perform an action will disable MLS on an interface.
Let’s take a look at some of these commands and the effect each command has on the interface:
clear ip route—Clears all MLS cache entries for all the switches that are acting as MLS−SEsip security—Disables MLS on the interface it is applied toip tcp header−compression—Disables MLS on the interface it is applied toip tcp compression−connection—Disables MLS on the interface it is applied tono ip routing—Purges all MLS caches and disables MLS on the interface it is applied to
The following IP features and protocols also have a negative impact on MLS:
Committed access rate (CAR)—CAR will disable MLS on the interface.Data encryption—Any data encryption configured on the interface will cause MLS to fail.IP accounting—This feature will not work if MLS is enabled on an interface.Network Address Translation (NAT)—MLS is automatically disabled on an interface if NAT is
enabled.
Policy route map—MLS is disabled if policy route maps are used.
Now that we have discussed these issues, let’s see how to configure MLS in your network. Even though this is
a book on switching, in order for MLS to work properly in your network, you need to know how to configure
both the MLS supporting switch and the MLS supporting router or internal route processor. In the next
section, we will cover the configuration of both of these devices.
Configuring MLS
Configuring MLS involves tasks on both the MLS−RP and the MLS−SE. When using an internal route
processor (such as an RSM) on the Catalyst 5000, the only tasks necessary are to verify that MLS is enabled
on each interface and that all the interfaces are members of the same VLAN Trunking Protocol (VTP)
domain. Because MLS is enabled by default, you need to re−enable MLS only on the interfaces that have
been disabled. On a Catalyst 6000, no configuration is needed unless you have disabled MLS.
On the MLS−SE, you need to configure the switch to determine the IP destination of the MLS−RP, if it is an
external router. If it is an internal MLS−RP, no configuration is necessary. The default behavior of IP is to
maintain a cache entry for each destination IP address. This entry can be modified either to a
source−destination pair or to a more specific IP flow.
On an external router being used as the MLS−RP, you need to configure the router to participate in MLS. If
your switch has been configured to participate in a VTP domain, the MLS−RP must be in the same domain.
You must configure each individual interface acting as an MLS−RP for MLS. Only one interface on the
MLS−RP needs to be configured as the MLS management interface.
Note If the router is connected via non−trunk links to the switch, you need to configure a VLAN ID for each
interface.
When configuring MLS on both the switch and the router, you should pay attention to several items. This
information can be helpful for troubleshooting and configuring MLS. Let’s take a look at the following MLS
features and components:
MLS cacheAging timersVLAN IDs
233