You may become confused when trying to troubleshoot MLS because the commands you need to watch out for are not directly related to MLS. Remember this basic rule: Any command that involves the router examining each packet to perform an action will disable MLS on an interface.

Let’s take a look at some of these commands and the effect each command has on the interface:

clear ip route—Clears all MLS cache entries for all the switches that are acting as MLS−SEs

ip security—Disables MLS on the interface it is applied to

ip tcp header−compression—Disables MLS on the interface it is applied to

ip tcp compression−connection—Disables MLS on the interface it is applied to

no ip routing—Purges all MLS caches and disables MLS on the interface it is applied to

The following IP features and protocols also have a negative impact on MLS:

Committed access rate (CAR)—CAR will disable MLS on the interface.

Data encryption—Any data encryption configured on the interface will cause MLS to fail.

IP accounting—This feature will not work if MLS is enabled on an interface.

Network Address Translation (NAT)—MLS is automatically disabled on an interface if NAT is enabled.

Policy route map—MLS is disabled if policy route maps are used.

Now that we have discussed these issues, let’s see how to configure MLS in your network. Even though this is a book on switching, in order for MLS to work properly in your network, you need to know how to configure both the MLS supporting switch and the MLS supporting router or internal route processor. In the next section, we will cover the configuration of both of these devices.

Configuring MLS

Configuring MLS involves tasks on both the MLS−RP and the MLS−SE. When using an internal route processor (such as an RSM) on the Catalyst 5000, the only tasks necessary are to verify that MLS is enabled on each interface and that all the interfaces are members of the same VLAN Trunking Protocol (VTP) domain. Because MLS is enabled by default, you need to re−enable MLS only on the interfaces that have been disabled. On a Catalyst 6000, no configuration is needed unless you have disabled MLS.

On the MLS−SE, you need to configure the switch to determine the IP destination of the MLS−RP, if it is an external router. If it is an internal MLS−RP, no configuration is necessary. The default behavior of IP is to maintain a cache entry for each destination IP address. This entry can be modified either to a source−destination pair or to a more specific IP flow.

On an external router being used as the MLS−RP, you need to configure the router to participate in MLS. If your switch has been configured to participate in a VTP domain, the MLS−RP must be in the same domain. You must configure each individual interface acting as an MLS−RP for MLS. Only one interface on the MLS−RP needs to be configured as the MLS management interface.

Note If the router is connected via non−trunk links to the switch, you need to configure a VLAN ID for each interface.

When configuring MLS on both the switch and the router, you should pay attention to several items. This information can be helpful for troubleshooting and configuring MLS. Let’s take a look at the following MLS features and components:

MLS cache

Aging timers

VLAN IDs

233

Page 249
Image 249
Cisco Systems RJ-45-to-AUX manual Configuring MLS, 233