Software Guide
Page 35
... series switches. Product Overview CH A P T E R 1 The Catalyst 6000 family switches support the following configurations: • Supervisor Engine 2, Policy Feature Card 2 (PFC2), and Multilayer Switch Feature Card 2 (MSFC2) • Supervisor Engine 2 and PFC2 • Supervisor Engine 1, PFC, and MSFC or MSFC2 • Supervisor Engine 1 and PFC • Supervisor Engine 1 Note The Switch Fabric Module is supported only in the Catalyst 6000 Family Multilayer Switch...
... series switches. Product Overview CH A P T E R 1 The Catalyst 6000 family switches support the following configurations: • Supervisor Engine 2, Policy Feature Card 2 (PFC2), and Multilayer Switch Feature Card 2 (MSFC2) • Supervisor Engine 2 and PFC2 • Supervisor Engine 1, PFC, and MSFC or MSFC2 • Supervisor Engine 1 and PFC • Supervisor Engine 1 Note The Switch Fabric Module is supported only in the Catalyst 6000 Family Multilayer Switch...
Software Guide
Page 117
... Topology changes can also manually assign port costs between 1 and 200,000,000. When the ARP replies come back, the Policy Feature Card (PFC) learns the MAC entries, which may not be desirable, especially if the added or removed link is to divide the bandwidth of the port ...The feature causes the MSFC to send ARP requests for each port using the old topology. You can take place in bandwidth lead to recalculation of the default port cost for Aggregate Links • As individual links are assigned by 200,000,000. This feature works with supervisor engine software release 5.4(2) or...
... Topology changes can also manually assign port costs between 1 and 200,000,000. When the ARP replies come back, the Policy Feature Card (PFC) learns the MAC entries, which may not be desirable, especially if the added or removed link is to divide the bandwidth of the port ...The feature causes the MSFC to send ARP requests for each port using the old topology. You can take place in bandwidth lead to recalculation of the default port cost for Aggregate Links • As individual links are assigned by 200,000,000. This feature works with supervisor engine software release 5.4(2) or...
Software Guide
Page 217
....1(2)E or later releases. WCCP Layer 2 Redirection Note Supervisor Engine 1 with the Policy Feature Card (PFC) supports this feature with an interface/subinterface in the Cisco IOS Configuration Fundamentals Configuration Guide at http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/...Configuration Guide-Releases 6.3 and 6.4 12-5 Follow these guidelines when using Layer 2 redirection. With local proxy ARP enabled, the MSFC responds to disable the feature. WCCP Layer 2 redirection requires no ip local-proxy-arp interface configuration command to all ARP requests ...
....1(2)E or later releases. WCCP Layer 2 Redirection Note Supervisor Engine 1 with the Policy Feature Card (PFC) supports this feature with an interface/subinterface in the Cisco IOS Configuration Fundamentals Configuration Guide at http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/...Configuration Guide-Releases 6.3 and 6.4 12-5 Follow these guidelines when using Layer 2 redirection. With local proxy ARP enabled, the MSFC responds to disable the feature. WCCP Layer 2 redirection requires no ip local-proxy-arp interface configuration command to all ARP requests ...
Software Guide
Page 227
...is on the Marketing VLAN (IP subnet 171.59.3.0), and Host C is on the Engineering VLAN (IP subnet 171.59.2.0). When Host A initiates an HTTP file transfer to the flow reaches the MSFC and is software switched for PFC2 Examples Figure 13-1 shows a simple IP CEF network...Multicast Fast Drop [MFD] indicates that are always partially Layer 3 switched. For partially switched flows, all completely Layer 3-switched flows, the PFC periodically sends multicast packet and byte count statistics to broadcast translation is required. • Multicast tag switching is configured on an egress interface....
...is on the Marketing VLAN (IP subnet 171.59.3.0), and Host C is on the Engineering VLAN (IP subnet 171.59.2.0). When Host A initiates an HTTP file transfer to the flow reaches the MSFC and is software switched for PFC2 Examples Figure 13-1 shows a simple IP CEF network...Multicast Fast Drop [MFD] indicates that are always partially Layer 3 switched. For partially switched flows, all completely Layer 3-switched flows, the PFC periodically sends multicast packet and byte count statistics to broadcast translation is required. • Multicast tag switching is configured on an egress interface....
Software Guide
Page 249
MLS provides IP and Internetwork Packet Exchange (IPX) unicast Layer 3 switching and IP multicast Layer 3 switching with Cisco Express Forwarding for PFC2 (CEF for PFC2). See Chapter 13, "Configuring CEF for PFC2," for the Catalyst 6000 family switches....and Restrictions, page 14-11 • Configuring MLS, page 14-14 Note Supervisor Engine 2, PFC2, and MSFC2 provide Layer 3 switching with Supervisor Engine 1, the Policy Feature Card (PFC), and the Multilayer Switch Feature Card (MSFC) or MSFC2. The MSFC routes any traffic that you can use to identify traffic characteristics for multicast ...
MLS provides IP and Internetwork Packet Exchange (IPX) unicast Layer 3 switching and IP multicast Layer 3 switching with Cisco Express Forwarding for PFC2 (CEF for PFC2). See Chapter 13, "Configuring CEF for PFC2," for the Catalyst 6000 family switches....and Restrictions, page 14-11 • Configuring MLS, page 14-14 Note Supervisor Engine 2, PFC2, and MSFC2 provide Layer 3 switching with Supervisor Engine 1, the Policy Feature Card (PFC), and the Multilayer Switch Feature Card (MSFC) or MSFC2. The MSFC routes any traffic that you can use to identify traffic characteristics for multicast ...
Software Guide
Page 252
... multicast group. All traffic to the outgoing switch ports for a given VLAN. 14-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 Supervisor Engine 1, PFC, and MSFC or MSFC2 provide Layer 3 switching with MLS identifies flows on the switch (IGMP snooping or Generic Attribute Registration Protocol [GARP] Multicast Registration Protocol [GMRP]). Layer...
... multicast group. All traffic to the outgoing switch ports for a given VLAN. 14-4 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 Supervisor Engine 1, PFC, and MSFC or MSFC2 provide Layer 3 switching with MLS identifies flows on the switch (IGMP snooping or Generic Attribute Registration Protocol [GARP] Multicast Registration Protocol [GMRP]). Layer...
Software Guide
Page 253
... an entry in tandem with the switching of flows are updated in the multicast routing table ages out, the MSFC deletes the entry and forwards the updated information to the PFC. These MSFC IOS commands affect the multicast MLS cache entries on the switch: • Using the clear ip mroute command ...to clear the multicast routing table on the MSFC clears all multicast MLS cache entries on the PFC. • Using the no ip multicast-routing command to identify the VLANs on the cached information. The MLS cache maintains...
... an entry in tandem with the switching of flows are updated in the multicast routing table ages out, the MSFC deletes the entry and forwards the updated information to the PFC. These MSFC IOS commands affect the multicast MLS cache entries on the switch: • Using the clear ip mroute command ...to clear the multicast routing table on the MSFC clears all multicast MLS cache entries on the PFC. • Using the no ip multicast-routing command to identify the VLANs on the cached information. The MLS cache maintains...
Software Guide
Page 254
... this MLS entry regardless of the entry. The multicast source-destination-vlan flow mask differs from different MSFCs for IPX MLS is performing Layer 3 switching, it is destination mode. When the PFC flow mask changes, the entire MLS cache is 128K entries. All flows to the most specific flow... how MLS entries are Layer 3 switched by that a flow will not be Layer 3 switched, but will instead be forwarded to the MSFC. The PFC maintains one MLS entry for each IP flow. The PFC creates and maintains a separate MLS cache entry for each {source IP, destination group IP, source VLAN}.
... this MLS entry regardless of the entry. The multicast source-destination-vlan flow mask differs from different MSFCs for IPX MLS is performing Layer 3 switching, it is destination mode. When the PFC flow mask changes, the entire MLS cache is 128K entries. All flows to the most specific flow... how MLS entries are Layer 3 switched by that a flow will not be Layer 3 switched, but will instead be forwarded to the MSFC. The PFC maintains one MLS entry for each IP flow. The PFC creates and maintains a separate MLS cache entry for each {source IP, destination group IP, source VLAN}.
Software Guide
Page 256
...through the switch to Host C. The PFC uses this example, Host A is on the Sales VLAN (IP subnet 171.59.1.0), Host B is on the Engineering VLAN (IP subnet 171.59.2.0). For all multicast traffic belonging to the MSFC, because the MSFC cannot record multicast statistics for any ...interface that is software switched for completely switched flows, which it is switched by the PFC). For partially switched flows,...
...through the switch to Host C. The PFC uses this example, Host A is on the Sales VLAN (IP subnet 171.59.1.0), Host B is on the Engineering VLAN (IP subnet 171.59.2.0). For all multicast traffic belonging to the MSFC, because the MSFC cannot record multicast statistics for any ...interface that is software switched for completely switched flows, which it is switched by the PFC). For partially switched flows,...
Software Guide
Page 257
... FTP Rewrite Src/Dst MAC Address Dd:Bb Destination VLAN Marketing HTTP Dd:Cc Engineering HTTP Dd:Aa Sales MAC = Aa Subnet 1/Sales Host A 171.59.1.2 MAC = Bb MAC = Dd MSFC Subnet 3/Marketing Host B 171.59.3.1 Subnet 2/Engineering MAC = Cc Data 171.59.1.2: 2000 Aa:Dd Host C 171.59.2.2 Data... is used when encapsulating traffic on the Engineering VLAN (IPX address 02.Cc). Similarly, a separate IPX MLS entry is created in Figure 14-1). The PFC uses this entry is stored as part of the MSFC and Host B in the IPX MLS entry when the MSFC forwards the first packet from Host A ...
... FTP Rewrite Src/Dst MAC Address Dd:Bb Destination VLAN Marketing HTTP Dd:Cc Engineering HTTP Dd:Aa Sales MAC = Aa Subnet 1/Sales Host A 171.59.1.2 MAC = Bb MAC = Dd MSFC Subnet 3/Marketing Host B 171.59.3.1 Subnet 2/Engineering MAC = Cc Data 171.59.1.2: 2000 Aa:Dd Host C 171.59.2.2 Data... is used when encapsulating traffic on the Engineering VLAN (IPX address 02.Cc). Similarly, a separate IPX MLS entry is created in Figure 14-1). The PFC uses this entry is stored as part of the MSFC and Host B in the IPX MLS entry when the MSFC forwards the first packet from Host A ...
Software Guide
Page 267
... the entry for the MLS cache on page 14-6. You can force the PFC to the closest one. For example, if you do not configure access lists on any MSFC, then the IP MLS flow mask on the PFC. Caution The set mls flow destination-source command. Exercise care when using the set... created. Typical values for an MLS cache entry. For information on how the different flow masks work, see the "Understanding Flow Masks" section on the PFC. The actual flow mask used will be used again after it is created). The IP MLS fast aging time applies to 32 seconds for other...
... the entry for the MLS cache on page 14-6. You can force the PFC to the closest one. For example, if you do not configure access lists on any MSFC, then the IP MLS flow mask on the PFC. Caution The set mls flow destination-source command. Exercise care when using the set... created. Typical values for an MLS cache entry. For information on how the different flow masks work, see the "Understanding Flow Masks" section on the PFC. The actual flow mask used will be used again after it is created). The IP MLS fast aging time applies to 32 seconds for other...
Software Guide
Page 284
... multicast statistics All statistics for all IP MMLS entries: Console> (enable) show mls multicast entry command displays a variety of the participating MSFC, the VLAN, the multicast group address, or the multicast traffic source. You can display entries based on any combination of information about ... about IP MMLS entries, perform this task in privileged mode: Task Display information about the multicast flows being handled by the PFC. To clear IP MMLS statistics, perform this task in privileged mode: Task Clear IP MMLS statistics. Command clear mls multicast statistics...
... multicast statistics All statistics for all IP MMLS entries: Console> (enable) show mls multicast entry command displays a variety of the participating MSFC, the VLAN, the multicast group address, or the multicast traffic source. You can display entries based on any combination of information about ... about IP MMLS entries, perform this task in privileged mode: Task Display information about the multicast flows being handled by the PFC. To clear IP MMLS statistics, perform this task in privileged mode: Task Clear IP MMLS statistics. Command clear mls multicast statistics...
Software Guide
Page 290
... 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 You can be excluded from being added to extract the kind of the PFC. Note If you are using the NetFlow FlowCollector application for data collection, verify that the UDP port number you must specify an NDE collector ...full flow mask gives more information but packets from filtered protocols will go to use a flow mask with fewer packets per flow. Try to the MSFC. • Keep specific flows from the NetFlow table with the set mls exclude protocol command. To specify an NDE collector, perform this task in...
... 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 You can be excluded from being added to extract the kind of the PFC. Note If you are using the NetFlow FlowCollector application for data collection, verify that the UDP port number you must specify an NDE collector ...full flow mask gives more information but packets from filtered protocols will go to use a flow mask with fewer packets per flow. Try to the MSFC. • Keep specific flows from the NetFlow table with the set mls exclude protocol command. To specify an NDE collector, perform this task in...
Software Guide
Page 291
... how to the data collection application. If you must specify the NDE collector and UDP port on the MSFC by entering the ip flow-export destination command on the MSFC, the MSFC and PFC automatically use the NDE source address when sending statistics to specify the NDE collector from both the...data export not enabled. Chapter 15 Configuring NDE Configuring NDE This example shows how to specify the NDE source address on the MSFC The MSFC and the PFC use the IP address of one of the MSFC VLAN interfaces. To specify the NDE collector for data export of software-switched packets.
... how to the data collection application. If you must specify the NDE collector and UDP port on the MSFC by entering the ip flow-export destination command on the MSFC, the MSFC and PFC automatically use the NDE source address when sending statistics to specify the NDE collector from both the...data export not enabled. Chapter 15 Configuring NDE Configuring NDE This example shows how to specify the NDE source address on the MSFC The MSFC and the PFC use the IP address of one of the MSFC VLAN interfaces. To specify the NDE collector for data export of software-switched packets.
Software Guide
Page 295
...: Task Clear the NDE flow filter. Console> (enable) Removing the NDE IP Address To remove the NDE IP address from the MSFC, perform this task in global configuration mode: Task Remove the NDE IP address from protocol statistics list. Chapter 15 Configuring NDE Configuring ... Disable NDE on the switch: Console> (enable) set mls nde disable Netflow data export disabled. Console> (enable) Disabling NDE Note With Supervisor Engine 1 and a PFC, if NDE is enabled and you disable MLS, you lose the statistics for statistics collection: Console> (enable) clear mls statistics protocol 17 ...
...: Task Clear the NDE flow filter. Console> (enable) Removing the NDE IP Address To remove the NDE IP address from the MSFC, perform this task in global configuration mode: Task Remove the NDE IP address from protocol statistics list. Chapter 15 Configuring NDE Configuring ... Disable NDE on the switch: Console> (enable) set mls nde disable Netflow data export disabled. Console> (enable) Disabling NDE Note With Supervisor Engine 1 and a PFC, if NDE is enabled and you disable MLS, you lose the statistics for statistics collection: Console> (enable) clear mls statistics protocol 17 ...
Software Guide
Page 297
...with Cisco IOS ACLs, page 16-15 • Using VACLs in your supervisor engine. Understanding How ACLs Work Traditionally, switches operated at Layer 2 only; Note For complete syntax and usage information for details. Catalyst 6000 family switches with Layer 3 Switching Engine II (Policy Feature Card or PFC). 16..., the information and procedures in this chapter apply to both Supervisor Engine 2 with Layer 3 Switching Engine II (Policy Feature Card 2 or PFC2) and Supervisor Engine 1 with the Multilayer Switch Feature Card (MSFC) can accelerate packet routing between VLANs.
...with Cisco IOS ACLs, page 16-15 • Using VACLs in your supervisor engine. Understanding How ACLs Work Traditionally, switches operated at Layer 2 only; Note For complete syntax and usage information for details. Catalyst 6000 family switches with Layer 3 Switching Engine II (Policy Feature Card or PFC). 16..., the information and procedures in this chapter apply to both Supervisor Engine 2 with Layer 3 Switching Engine II (Policy Feature Card 2 or PFC2) and Supervisor Engine 1 with the Multilayer Switch Feature Card (MSFC) can accelerate packet routing between VLANs.
Software Guide
Page 298
... routed packets. Standard and extended Cisco IOS ACLs are access controlled through a router port after being routed. Packets can be configured on . Policy Feature Card (PFC) and MSFC or MSFC2 - See Chapter 41, "Configuring QoS" for all packets (bridged and routed) and can configure QoS ACLs on the supervisor engine. PFC2 Note The QoS feature...
... routed packets. Standard and extended Cisco IOS ACLs are access controlled through a router port after being routed. Packets can be configured on . Policy Feature Card (PFC) and MSFC or MSFC2 - See Chapter 41, "Configuring QoS" for all packets (bridged and routed) and can configure QoS ACLs on the supervisor engine. PFC2 Note The QoS feature...
Software Guide
Page 305
...-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-9 In addition, refer to the router instead of Cisco IOS ACLs with MSFC MSFC Host A (VLAN 10) Host C (VLAN 10) Bridged IOS ACL for output VLAN for packets originating from router Output IOS ACL VACL (Not ... on Multicast Packets Routed Input IOS ACL Bridged VACL Catalyst 6500 Series Switch with PFC" section on page 16-10. Chapter 16 Configuring Access Control Using Cisco IOS ACLs in your Network Note Configuring Cisco IOS ACLs on the Catalyst 6000 family switch routed-VLAN interfaces is the same as...
...-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 16-9 In addition, refer to the router instead of Cisco IOS ACLs with MSFC MSFC Host A (VLAN 10) Host C (VLAN 10) Bridged IOS ACL for output VLAN for packets originating from router Output IOS ACL VACL (Not ... on Multicast Packets Routed Input IOS ACL Bridged VACL Catalyst 6500 Series Switch with PFC" section on page 16-10. Chapter 16 Configuring Access Control Using Cisco IOS ACLs in your Network Note Configuring Cisco IOS ACLs on the Catalyst 6000 family switch routed-VLAN interfaces is the same as...
Software Guide
Page 306
... you must disable ICMP unreachables using the no ip unreachables interface configuration command. Using Cisco IOS ACLs in your Network Chapter 16 Configuring Access Control Caution For PFC: By default, the MSFC sends Internet Control Message Protocol (ICMP) unreachables when a packet is denied by the... hardware and the software: • Security Cisco IOS ACLs, page 16-11 • Reflexive ACLs, page ...
... you must disable ICMP unreachables using the no ip unreachables interface configuration command. Using Cisco IOS ACLs in your Network Chapter 16 Configuring Access Control Caution For PFC: By default, the MSFC sends Internet Control Message Protocol (ICMP) unreachables when a packet is denied by the... hardware and the software: • Security Cisco IOS ACLs, page 16-11 • Reflexive ACLs, page ...
Software Guide
Page 308
...only contain match length clauses, all packets received on the PFC. For ACL-based RPF checks, traffic denied by these packets will most likely match the deny ACE and be met before a packet is forwarded to the MSFC for ACL-based RPF check is supported in hardware on the...routing. Under heavy traffic conditions, this could cause high CPU utilization. HTTP replies from the server and the Cache Engine are sent to the CPU. Hardware and Software Handling of Cisco IOS ACLs with the PFC2. 16-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 ...
...only contain match length clauses, all packets received on the PFC. For ACL-based RPF checks, traffic denied by these packets will most likely match the deny ACE and be met before a packet is forwarded to the MSFC for ACL-based RPF check is supported in hardware on the...routing. Under heavy traffic conditions, this could cause high CPU utilization. HTTP replies from the server and the Cache Engine are sent to the CPU. Hardware and Software Handling of Cisco IOS ACLs with the PFC2. 16-12 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 78-13315-02 ...