Information Technology Reference
In-Depth Information
MLS requires that MLS components, including the end stations, must be in the same Virtual Trunking
Protocol (VTP) domain. VTP is a Layer 2 protocol used for managing VLANs on several Catalyst
switches from a central switch; it allows an administrator to create or delete a VLAN on all switches in
a domain without having to do so on every switch in that domain. The MLSP, which the MLS-SE and
the MLS-RP use to communicate with one another, does not cross a VTP domain boundary. If the
network administrator has VTP enabled on the switches (VTP is enabled on Catalyst 5xxx and 6xxx
family members by default), use the
show vtp domain
command on the switch to learn in which VTP
domain the MLS-SE has been placed. Except for the Catalyst 6xxx MSFC, on which MLS is essentially
a plug-and-play feature, add,
in the following steps
, the VTP domain to each of the router's MLS
interfaces. This will permit MLSP multicasts to move between the MLS-RP and MLS-SE, and therefore
allow MLS to function.
In interface configuration mode of the MLS-RP, enter the following commands:
•
no mls rp ip
—Disable MLS on the affected MLS-RP interface before modifying the VTP domain.
•
mls rp vtp-domain < VTP domain name>
—The VTP domain name on each MLS-enabled
interface must match that of the switch.
•
mls rp vlan-id <VLAN #>
—This is required only for non-ISL trunking, external MLS-RP
interfaces.
•
mls rp management-interface
—Do this for only one interface on the MLS-RP. This required step
tells the MLS-RP out which interface it should send MLSP messages.
•
mls rp ip
—Enable MLS once again on the interface of the MLS-RP.
To change the VTP domain name of the MLS-SE, use the following command at the switch CatOS
enable prompt:
set vtp domain name <VTP domain name>
For MLS to work, be sure that VTP is enabled on the switch:
set vtp enable
Step 7
Do the flowmasks agree on the MLS-RP and MLS-SE?
A flowmask is a filter configured by a network administrator that is used by MLS to determine whether
a shortcut should be created. Just like an access list, the more detailed the criteria you set up, the deeper
into the packet the MLS process must look to verify whether the packet meets those criteria. To adjust
the scope of MLS-created shortcuts, the flowmask can be made more or less specific; the flowmask is
essentially a “tuning” device.
There are three types of IP MLS modes: destination-ip, destination-source-ip, and full-flow-ip.
Destination-ip
mode, the default, is in use when no access list is applied to the router's MLS-enabled
interface.
Source-destination-ip
mode is in use when a standard access list is applied, and
full-flow-ip
is
in effect for an extended access list. The MLS mode on the MLS-RP is implicitly determined by the type
of access list applied to the interface. By contrast, the MLS mode on the MLS-SE is explicitly
configured. By choosing the appropriate mode, you can thus configure MLS so that either only the
destination address must match for an MLS shortcut to be created, or both source and destination must
match, or even Layer 4 information such as TCP/UDP port numbers must match.
The MLS mode is configurable on both the MLS-RP and the MLS-SE, and in general they must match.
However, if either source-destination-ip or full-flow-ip MLS modes are deemed to be required, it is best
to configure it on the router by applying the appropriate access list. MLS will always choose the most
specific mask, giving the flowmask configured on the MLS-RP precedence over the one found on the
MLS-SE.
Be careful
if you change the MLS mode of the switch from the default destination-ip: You
