Information Technology Reference
In-Depth Information
When configuring the MLS-RP, also remember to place the
mls rp
management-interface
command under one of its IP MLS interfaces. This
required step tells the MLS-RP out which interface it should send MLSP messages
to communicate with the MLS-SE. Again, it is necessary to place this command
under one interface only.
Note
Are any features configured on the MLS-RP that automatically disable MLS on that interface?
Several configuration options on the router are not compatible with MLS. These include IP accounting,
encryption, compression, IP security, network address translation (NAT), and committed access rate
(CAR). For further information, see links regarding IP MLS configuration included at the end of this
chapter. Packets traversing a router interface configured with any of these features must be routed
normally; no MLS shortcut will be created. For MLS to work, you must disable these features on the
MLS-RP interface.
Another important feature that affects MLS is access lists, both input and output. Further information on
this option is included in the discussion of flowmasks (Step 7).
Step 4
Does the MLS-SE recognize the MLS-RP address?
For MLS to function, the switch must recognize the router as an MLS-RP. Internal MLS-RPs (again, the
RSM or RSFC in a Catalyst 5xxx family member, and the MSFC in a Catalyst 6xxx family member) are
automatically recognized by the MLS-SE in which they are installed. For external MLS-RPs, you must
explicitly inform the switch of the router's address. This address is not actually an IP address, although
on external MLS-RPs it is chosen from the list of IP addresses configured on the router's interfaces; it
is simply a router ID. In fact, for internal MLS-RPs, the MLS-ID is normally not even an IP address
configured on the router. Because internal MLS-RPs are included automatically, it is commonly a
loopback address (127.0.0.x). For MLS to function, include on the MLS-SE the MLS-ID found on the
MLS-RP.
Use
show mls rp
on the router to find the MLS-ID, and then configure that ID on the switch using
the
set mls include <
MLS-ID
>
command. This is a required configuration step when using external
MLS-RPs.
Step 5
Changing the IP address of MLS-RP interfaces and then reloading the router may cause
the MLS process on the router to choose a new MLS-ID. This new MLS-ID may be
different from the MLS-ID that was manually included on the MLS-SE, which may cause
MLS to cease functioning. This is not a software glitch, just an effect of the switch trying
to communicate with a MLS-ID that is no longer valid. Be sure to include this new
MLS-ID on the switch to get MLS working once again. You may have to disable/enable
IP MLS as well.
Warning
When the MLS-SE is not directly connected to the MLS-RP, the address that must
be included on the MLS-SE may appear as the loopback address mentioned
previously: a switch connected in between the MLS-SE and MLS-RP. You must
include the MLS-ID even though the MLS-RP is internal. To the second switch, the
MLS-RP appears as an
external
router because the MLS-RP and MLS-SE are not
contained in the same chassis.
Note
Are the MLS-RP interface and the MLS-SE in the same enabled VTP domain?
Step 6
