Software Guide
Page 11
... VLANs 7 Bridged Packets 7 Routed Packets 7 Multicast Packets 8 Using Cisco IOS ACLs in your Network 9 Hardware and Software Handling of Cisco IOS ACLs with PFC 10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on the Same VLAN Interface...
... VLANs 7 Bridged Packets 7 Routed Packets 7 Multicast Packets 8 Using Cisco IOS ACLs in your Network 9 Hardware and Software Handling of Cisco IOS ACLs with PFC 10 Hardware and Software Handling of Cisco IOS ACLs with PFC2 12 Using VACLs with Cisco IOS ACLs 15 Guidelines for Configuring Cisco IOS ACLs and VACLs on the Same VLAN Interface...
Software Guide
Page 35
Product Overview CH A P T E R 1 The Catalyst 6000 family switches support the following configurations: • Supervisor Engine 2, Policy Feature Card 2 (PFC2), and Multilayer Switch Feature Card 2 (MSFC2) • Supervisor Engine 2 and PFC2 • Supervisor Engine 1, PFC, and MSFC or MSFC2 • Supervisor Engine 1 and PFC • Supervisor Engine 1 Note The Switch Fabric Module is supported only in the Catalyst 6000 Family Multilayer Switch Feature Card...
Product Overview CH A P T E R 1 The Catalyst 6000 family switches support the following configurations: • Supervisor Engine 2, Policy Feature Card 2 (PFC2), and Multilayer Switch Feature Card 2 (MSFC2) • Supervisor Engine 2 and PFC2 • Supervisor Engine 1, PFC, and MSFC or MSFC2 • Supervisor Engine 1 and PFC • Supervisor Engine 1 Note The Switch Fabric Module is supported only in the Catalyst 6000 Family Multilayer Switch Feature Card...
Software Guide
Page 117
... Feature Card (MSFC), the Address Resolution Protocol (ARP) on the MSFC. When the ARP replies come back, the Policy Feature Card (PFC) learns the MAC entries, which may not be desirable, especially if the added or removed link is to divide the bandwidth of the ... information to propagate through the switches in changes to the cost of the port concerned. You can start forwarding frames. This feature works with supervisor engine software release 5.4(2) or later releases. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-5 The formula for all the...
... Feature Card (MSFC), the Address Resolution Protocol (ARP) on the MSFC. When the ARP replies come back, the Policy Feature Card (PFC) learns the MAC entries, which may not be desirable, especially if the added or removed link is to divide the bandwidth of the ... information to propagate through the switches in changes to the cost of the port concerned. You can start forwarding frames. This feature works with supervisor engine software release 5.4(2) or later releases. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 8-5 The formula for all the...
Software Guide
Page 217
...web-cache detail command to all ARP requests for each cache. Web Cache Communication Protocol (WCCP) Layer 2 redirection allows directly connected Cisco Cache Engines to use for each Layer 3 interface: %AUTOSTATE-6-SHUT_DOWN 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4... addresses within the subnet and forwards all traffic between hosts in the subnet. WCCP Layer 2 Redirection Note Supervisor Engine 1 with the Policy Feature Card (PFC) supports this feature with an interface/subinterface in the VLAN. Enter the show ip wccp web-cache detail...
...web-cache detail command to all ARP requests for each cache. Web Cache Communication Protocol (WCCP) Layer 2 redirection allows directly connected Cisco Cache Engines to use for each Layer 3 interface: %AUTOSTATE-6-SHUT_DOWN 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4... addresses within the subnet and forwards all traffic between hosts in the subnet. WCCP Layer 2 Redirection Note Supervisor Engine 1 with the Policy Feature Card (PFC) supports this feature with an interface/subinterface in the VLAN. Enter the show ip wccp web-cache detail...
Software Guide
Page 227
... condition on the RPF interface specifies something other than the Layer 3 source, Layer 3 destination, or IP protocol (an example is on the Engineering VLAN (IP subnet 171.59.2.0). The show ip mroute and show mls ip multicast commands identify completely Layer 3-switched flows with the text string...Layer 3 switched. The MSFC uses the statistics to Host C. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 13-7 The PFC prevents multicast traffic in flows that from the viewpoint of the multicast source. • The MSFC is the first-hop router to the MSFC, ...
... condition on the RPF interface specifies something other than the Layer 3 source, Layer 3 destination, or IP protocol (an example is on the Engineering VLAN (IP subnet 171.59.2.0). The show ip mroute and show mls ip multicast commands identify completely Layer 3-switched flows with the text string...Layer 3 switched. The MSFC uses the statistics to Host C. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 13-7 The PFC prevents multicast traffic in flows that from the viewpoint of the multicast source. • The MSFC is the first-hop router to the MSFC, ...
Software Guide
Page 241
...-21 To display information about IP multicast entries, perform this task in privileged mode: Task Display information about the multicast flows being handled by the PFC. Command clear mls multicast statistics This example shows how to display all IP multicast entries: Console> (enable) show mls multicast entry command displays a variety of...
...-21 To display information about IP multicast entries, perform this task in privileged mode: Task Display information about the multicast flows being handled by the PFC. Command clear mls multicast statistics This example shows how to display all IP multicast entries: Console> (enable) show mls multicast entry command displays a variety of...
Software Guide
Page 249
... 14-11 • Configuring MLS, page 14-14 Note Supervisor Engine 2, PFC2, and MSFC2 provide Layer 3 switching with Supervisor Engine 1, the Policy Feature Card (PFC), and the Multilayer Switch Feature Card (MSFC) or MSFC2.... Layer 3 switching requires minimal support from the MSFC. Layer 3 switching is implemented in this chapter, refer to the Catalyst 6000 Family Command Reference publication. MLS provides IP and Internetwork Packet Exchange (IPX) unicast Layer 3 switching and IP multicast Layer 3 switching with Cisco...
... 14-11 • Configuring MLS, page 14-14 Note Supervisor Engine 2, PFC2, and MSFC2 provide Layer 3 switching with Supervisor Engine 1, the Policy Feature Card (PFC), and the Multilayer Switch Feature Card (MSFC) or MSFC2.... Layer 3 switching requires minimal support from the MSFC. Layer 3 switching is implemented in this chapter, refer to the Catalyst 6000 Family Command Reference publication. MLS provides IP and Internetwork Packet Exchange (IPX) unicast Layer 3 switching and IP multicast Layer 3 switching with Cisco...
Software Guide
Page 252
Supervisor Engine 1, PFC, and MSFC or MSFC2 provide Layer 3 switching with MLS. ..., such as IP and IPX, are connectionless-they deliver every packet independently of the following: - Note The PFC uses the Layer 2 multicast forwarding table to identify the ports to a particular destination that shares the same protocol...destination - Understanding How Layer 3 Switching Works Chapter 14 Configuring MLS Understanding MLS Note Supervisor Engine 1, PFC, and MSFC or MSFC2 can be any ). Telnet traffic transferred from File Transfer Protocol (FTP) packets between users or...
Supervisor Engine 1, PFC, and MSFC or MSFC2 provide Layer 3 switching with MLS. ..., such as IP and IPX, are connectionless-they deliver every packet independently of the following: - Note The PFC uses the Layer 2 multicast forwarding table to identify the ports to a particular destination that shares the same protocol...destination - Understanding How Layer 3 Switching Works Chapter 14 Configuring MLS Understanding MLS Note Supervisor Engine 1, PFC, and MSFC or MSFC2 can be any ). Telnet traffic transferred from File Transfer Protocol (FTP) packets between users or...
Software Guide
Page 253
...entries for that are maintained while packet traffic is not used for the specified period of outgoing interfaces for Layer 3-switched flows. The PFC uses this list to a flow collector application. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-5 These...of a routed packet that does not match any unicast flow currently in the MLS cache. Multicast Traffic For multicast traffic, the PFC populates the MLS cache using information learned from the MSFC. Chapter 14 Configuring MLS Understanding How Layer 3 Switching Works Understanding the ...
...entries for that are maintained while packet traffic is not used for the specified period of outgoing interfaces for Layer 3-switched flows. The PFC uses this list to a flow collector application. 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14-5 These...of a routed packet that does not match any unicast flow currently in the MLS cache. Multicast Traffic For multicast traffic, the PFC populates the MLS cache using information learned from the MSFC. Chapter 14 Configuring MLS Understanding How Layer 3 Switching Works Understanding the ...
Software Guide
Page 254
...page 14-6 • Flow Mask Mode and show mls entry Command Output, page 14-7 Flow Mask Modes The PFC supports only one flow mask (the most specific one) for all MSFCs that are Layer 3 switched by all... MLS processes on the switch (IP MLS, IP MMLS, and IPX MLS). When the PFC flow mask changes, the entire MLS cache is 128K entries. Depending on the current flow mask. All flows... 14 Configuring MLS MLS Cache Size The maximum MLS cache size is purged. If the PFC detects different flow masks from the IP unicast MLS source-destination-ip flow mask in the flow record...
...page 14-6 • Flow Mask Mode and show mls entry Command Output, page 14-7 Flow Mask Modes The PFC supports only one flow mask (the most specific one) for all MSFCs that are Layer 3 switched by all... MLS processes on the switch (IP MLS, IP MMLS, and IPX MLS). When the PFC flow mask changes, the entire MLS cache is 128K entries. Depending on the current flow mask. All flows... 14 Configuring MLS MLS Cache Size The maximum MLS cache size is purged. If the PFC detects different flow masks from the IP unicast MLS source-destination-ip flow mask in the flow record...
Software Guide
Page 256
...PFC stores the MAC addresses of the MSFC and Host C in the MLS entry when the MSFC forwards the first packet from reaching the MSFC, reducing the load on the MSFC. When Host A initiates an HTTP file transfer to Host C, an MLS entry for any interface that is on the Engineering...VLAN (IP subnet 171.59.3.0), and Host C is not Layer 3 switched. For partially switched flows, all completely Layer 3-switched flows, the PFC periodically sends multicast packet and byte count statistics to the MSFC, because the MSFC cannot record multicast statistics for the outgoing interface. For all ...
...PFC stores the MAC addresses of the MSFC and Host C in the MLS entry when the MSFC forwards the first packet from reaching the MSFC, reducing the load on the MSFC. When Host A initiates an HTTP file transfer to Host C, an MLS entry for any interface that is on the Engineering...VLAN (IP subnet 171.59.3.0), and Host C is not Layer 3 switched. For partially switched flows, all completely Layer 3-switched flows, the PFC periodically sends multicast packet and byte count statistics to the MSFC, because the MSFC cannot record multicast statistics for the outgoing interface. For all ...
Software Guide
Page 257
... information to rewrite subsequent packets from Host A to Host A. Similarly, a separate IPX MLS entry is used when encapsulating traffic on the Engineering VLAN (IPX address 02.Cc). The PFC stores the MAC addresses of each IPX MLS entry so that the correct VLAN identifier is created in Figure 14-1). The... 171.59.1.2 171.59.2.2 171.59.2.2 171.59.1.2 Application FTP Rewrite Src/Dst MAC Address Dd:Bb Destination VLAN Marketing HTTP Dd:Cc Engineering HTTP Dd:Aa Sales MAC = Aa Subnet 1/Sales Host A 171.59.1.2 MAC = Bb MAC = Dd MSFC Subnet 3/Marketing Host B 171.59.3.1 Subnet...
... information to rewrite subsequent packets from Host A to Host A. Similarly, a separate IPX MLS entry is used when encapsulating traffic on the Engineering VLAN (IPX address 02.Cc). The PFC stores the MAC addresses of each IPX MLS entry so that the correct VLAN identifier is created in Figure 14-1). The... 171.59.1.2 171.59.2.2 171.59.2.2 171.59.1.2 Application FTP Rewrite Src/Dst MAC Address Dd:Bb Destination VLAN Marketing HTTP Dd:Cc Engineering HTTP Dd:Aa Sales MAC = Aa Subnet 1/Sales Host A 171.59.1.2 MAC = Bb MAC = Dd MSFC Subnet 3/Marketing Host B 171.59.3.1 Subnet...
Software Guide
Page 267
...0, 1, 3, 7, 15, 31, or 63 packets. For information on how the different flow masks work, see the "Understanding Flow Masks" section on the PFC. Exercise care when using the set mls flow {destination | destination-source | full} 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14...granularity specified by setting the minimum IP MLS flow mask using this command. Typical values for an MLS cache entry. You can force the PFC to and from a Domain Name Server (DNS) or TFTP server; To specify the IP MLS fast aging time and packet threshold, ...
...0, 1, 3, 7, 15, 31, or 63 packets. For information on how the different flow masks work, see the "Understanding Flow Masks" section on the PFC. Exercise care when using the set mls flow {destination | destination-source | full} 78-13315-02 Catalyst 6000 Family Software Configuration Guide-Releases 6.3 and 6.4 14...granularity specified by setting the minimum IP MLS flow mask using this command. Typical values for an MLS cache entry. You can force the PFC to and from a Domain Name Server (DNS) or TFTP server; To specify the IP MLS fast aging time and packet threshold, ...
Software Guide
Page 284
... source. To display information about IP MMLS entries, perform this task in privileged mode: Task Display information about the multicast flows being handled by the PFC. Command show mls multicast entry all Router IP Dest IP Source IP Pkts Bytes InVlan OutVlans 1.1.5.252 1.1.9.254 1.1.5.252 1.1.9.254 1.1.5.252 1.1.9.254 1.1.5.252 224.1.1.1 224...
... source. To display information about IP MMLS entries, perform this task in privileged mode: Task Display information about the multicast flows being handled by the PFC. Command show mls multicast entry all Router IP Dest IP Source IP Pkts Bytes InVlan OutVlans 1.1.5.252 1.1.9.254 1.1.5.252 1.1.9.254 1.1.5.252 1.1.9.254 1.1.5.252 224.1.1.1 224...
Software Guide
Page 290
... flow mask required to the Netflow table with fewer packets per flow. You can be excluded from being added to extract the kind of the PFC. To specify an NDE collector, perform this task in privileged mode: Task Specify an NDE collector and UDP port for the first time, you must...
... flow mask required to the Netflow table with fewer packets per flow. You can be excluded from being added to extract the kind of the PFC. To specify an NDE collector, perform this task in privileged mode: Task Specify an NDE collector and UDP port for the first time, you must...
Software Guide
Page 291
...Command ip flow-export destination {hostname | ip_address} {udp_port_number} This example shows how to specify the NDE collector from both the MSFC and the PFC for the same flow by the MSFC, peform this task in privileged mode: Task Specify an NDE source address for data export of software-switched... MSFC: Router(config)# ip flow-export destination Stargate 9996 Router(config)# Specifying an NDE Source Address on the MSFC The MSFC and the PFC use the IP address of one of software-switched packets. Chapter 15 Configuring NDE Configuring NDE This example shows how to specify the NDE...
...Command ip flow-export destination {hostname | ip_address} {udp_port_number} This example shows how to specify the NDE collector from both the MSFC and the PFC for the same flow by the MSFC, peform this task in privileged mode: Task Specify an NDE source address for data export of software-switched... MSFC: Router(config)# ip flow-export destination Stargate 9996 Router(config)# Specifying an NDE Source Address on the MSFC The MSFC and the PFC use the IP address of one of software-switched packets. Chapter 15 Configuring NDE Configuring NDE This example shows how to specify the NDE...
Software Guide
Page 295
... flow filter. Command clear mls nde flow This example shows how to the default (all flows are not exported. Console> (enable) Disabling NDE Note With Supervisor Engine 1 and a PFC, if NDE is enabled and you disable MLS, you lose the statistics for statistics collection: Console> (enable) clear mls statistics protocol 17 1934 Protocol...
... flow filter. Command clear mls nde flow This example shows how to the default (all flows are not exported. Console> (enable) Disabling NDE Note With Supervisor Engine 1 and a PFC, if NDE is enabled and you disable MLS, you lose the statistics for statistics collection: Console> (enable) clear mls statistics protocol 17 1934 Protocol...
Software Guide
Page 297
..."Hardware Requirements" section on VLANs, page 16-7 • Using Cisco IOS ACLs in your Network, page 16-9 • Using VACLs with Cisco IOS ACLs, page 16-15 • Using VACLs in your supervisor engine. This chapter consists of hardware you install on the Catalyst 6000 ...Cisco IOS ACLs and VACLs on page 16-2 for the commands used in this chapter, refer to the Catalyst 6000 Family Command Reference publication. Understanding How ACLs Work Traditionally, switches operated at Layer 2 only; Catalyst 6000 family switches with Layer 3 Switching Engine II (Policy Feature Card or PFC...
..."Hardware Requirements" section on VLANs, page 16-7 • Using Cisco IOS ACLs in your Network, page 16-9 • Using VACLs with Cisco IOS ACLs, page 16-15 • Using VACLs in your supervisor engine. This chapter consists of hardware you install on the Catalyst 6000 ...Cisco IOS ACLs and VACLs on page 16-2 for the commands used in this chapter, refer to the Catalyst 6000 Family Command Reference publication. Understanding How ACLs Work Traditionally, switches operated at Layer 2 only; Catalyst 6000 family switches with Layer 3 Switching Engine II (Policy Feature Card or PFC...
Software Guide
Page 298
...Note The QoS feature set supported on your switch is determined by the Catalyst 6000 family switches: • QoS ACLs, page 16-2 • Cisco IOS ACLs, page 16-3 • VACLs, page 16-3 QoS ACLs You can either enter the VLAN through a switch port or through MAC addresses... all packets (bridged and routed) and can be configured on the supervisor engine. Standard and extended Cisco IOS ACLs are checked against the VACL. Hardware Requirements The hardware that is required to its destination. Policy Feature Card (PFC) and MSFC or MSFC2 - See Chapter 41, "Configuring QoS" for...
...Note The QoS feature set supported on your switch is determined by the Catalyst 6000 family switches: • QoS ACLs, page 16-2 • Cisco IOS ACLs, page 16-3 • VACLs, page 16-3 QoS ACLs You can either enter the VLAN through a switch port or through MAC addresses... all packets (bridged and routed) and can be configured on the supervisor engine. Standard and extended Cisco IOS ACLs are checked against the VACL. Hardware Requirements The hardware that is required to its destination. Policy Feature Card (PFC) and MSFC or MSFC2 - See Chapter 41, "Configuring QoS" for...
Software Guide
Page 303
Figure 16-1 Applying ACLs on Bridged Packets VACL Bridged Host A (VLAN 10) Catalyst 6500 Series Switch with PFC Host B (VLAN 10) 26961 Routed Packets Figure 16-2 shows how ACLs are applied: • Bridged Packets, page 16-7 • Routed Packets, page 16-7 • ... ACLs and VACLs to the input VLAN. These sections show how ACLs and VACLs are applied on bridged packets. Output Cisco IOS ACL 4. Input Cisco IOS ACL 3. For bridged packets, only Layer 2 ACLs are applied in the following order: 1. VACL for bridged packets, routed packets, and multicast packets. VACL for...
Figure 16-1 Applying ACLs on Bridged Packets VACL Bridged Host A (VLAN 10) Catalyst 6500 Series Switch with PFC Host B (VLAN 10) 26961 Routed Packets Figure 16-2 shows how ACLs are applied: • Bridged Packets, page 16-7 • Routed Packets, page 16-7 • ... ACLs and VACLs to the input VLAN. These sections show how ACLs and VACLs are applied on bridged packets. Output Cisco IOS ACL 4. Input Cisco IOS ACL 3. For bridged packets, only Layer 2 ACLs are applied in the following order: 1. VACL for bridged packets, routed packets, and multicast packets. VACL for...