- Preface
- Command-Line Interface
- action to channel-group
- channel-protocol to class-map
- clear cable-diagnostics tdr to copy /noverify
- define interface-range to duplex
- eigrp event-log-size to mls exclude
- mls flow to pagp port
- platform ip features pisa to process-min-time percent
- rcv-queue to show bootvar
- show cable-diagnostics to show ip cache
- show ip cef to show mls asic
- show mls cef to show qm-sp
- show queueing to show vtp
- shutdown vlan to test cable-diagnostics
- tunnel udlr address-resolution to username
- verify to wrr-queue
- wrr-queue cos-trap to wrr-queue threshold
- Acronyms
- Acknowledgments for Open-Source Software
- mls flow
- mls ip
- mls ip acl port expand
- mls ip cef accounting per-prefix
- mls ip cef load-sharing
- mls ip cef rate-limit
- mls ip cef rpf hw-enable-rpf-acl
- mls ip cef rpf interface-group
- mls ip cef rpf multipath
- mls ip delete-threshold
- mls ip directed-broadcast
- mls ip inspect
- mls ip install-threshold
- mls ip multicast (global configuration mode)
- mls ip multicast (interface configuration mode)
- mls ip multicast bidir gm-scan-interval
- mls ip multicast connected
- mls ip multicast consistency-check
- mls ip multicast flow-stat-timer
- mls ip multicast replication-mode
- mls ip multicast sso
- mls ip multicast stub
- mls ip multicast threshold
- mls ip nat netflow-frag-l4-zero
- mls ip pbr
- mls ip reflexive ndr-entry tcam
- mls ipv6 acl compress address unicast
- mls ipv6 acl source
- mls mpls (recirculation)
- mls mpls (guaranteed bandwidth traffic engineering)
- mls nde flow
- mls nde interface
- mls nde sender
- mls netflow
- mls netflow maximum-flows
- mls netflow sampling
- mls netflow usage notify
- mls qos (global configuration mode)
- mls qos (interface configuration mode)
- mls qos aggregate-policer
- mls qos bridged
- mls qos channel-consistency
- mls qos cos
- mls qos cos-mutation
- mls qos dscp-mutation
- mls qos exp-mutation
- mls qos loopback
- mls qos map cos-dscp
- mls qos map cos-mutation
- mls qos map dscp-cos
- mls qos map dscp-exp
- mls qos map dscp-mutation
- mls qos map exp-dscp
- mls qos map exp-mutation
- mls qos map ip-prec-dscp
- mls qos map policed-dscp
- mls qos marking ignore port-trust
- mls qos marking statistics
- mls qos mpls trust exp
- mls qos police redirected
- mls qos protocol
- mls qos queueing-only
- mls qos queue-mode mode-dscp
- mls qos rewrite ip dscp
- mls qos statistics-export (global configuration mode)
- mls qos statistics-export (interface configuration mode)
- mls qos statistics-export aggregate-policer
- mls qos statistics-export class-map
- mls qos statistics-export delimiter
- mls qos statistics-export destination
- mls qos statistics-export interval
- mls qos trust
- mls qos trust extend
- mls qos vlan-based
- mls rate-limit all
- mls rate-limit layer2
- mls rate-limit multicast ipv4
- mls rate-limit multicast ipv6
- mls rate-limit unicast acl
- mls rate-limit unicast cef
- mls rate-limit unicast ip
- mls rate-limit unicast l3-features
- mls rate-limit unicast vacl-log
- mls rp ip (global configuration mode)
- mls rp ip (interface configuration mode)
- mls rp ipx (global configuration mode)
- mls rp ipx (interface configuration mode)
- mls rp management-interface
- mls rp nde-address
- mls rp vlan-id
- mls rp vtp-domain
- mls sampling
- mls switching
- mls switching unicast
- mls verify
- mobility
- mode
- mode dot1q-in-dot1q access-gateway
- monitor event-trace (EXEC)
- monitor event-trace (global configuration)
- monitor permit-list
- monitor session
- monitor session type
- mpls l2transport route
- mpls load-balance per-label
- mpls ttl-dec
- mtu
- name (MST configuration submode)
- neighbor
- net
- nsf
- pagp learn-method
- pagp port-priority
mls flow
To configure the flow mask for NDE, use the mls flow command. To restore the flow mask to the default, use the no form of this command.
mls flow {{ip | ipv6} {destination | destination-source | full | interface-destination-source | interface-full | source}}
no mls flow {ip | ipv6}
Syntax Description
Command Default
The NDE flow mask is null.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
This command collects statistics for the supervisor engine.
Examples
This example shows how to set the minimum flow mask for an extended access list for MLS IP:
Router(config)#
mls flow ip full
Router(config)#
Related Commands
|
|
---|---|
Displays configuration information about the NetFlow hardware. |
mls ip
To enable MLS IP for the internal router on the interface, use the mls ip command. To disable MLS IP on the interface, use the no form of this command.
mls ip
no mls ip
Syntax Description
This command has no arguments or keywords.
Command Default
Multicast is disabled.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to enable shortcuts for MLS IP:
Router(config-if)#
mls ip
Router(config-if)#
Related Commands
|
|
---|---|
Allows the external systems to enable MLS IP on a specified interface. |
|
Displays the MLS IP information. |
mls ip acl port expand
To enable ACL-specific features for Layer 4, use the mls ip acl port expand command. To disable the ACL-specific Layer 4 features, use the no form of this command.
mls ip acl port expand
no mls ip acl port expand
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to enable the expansion of ACL logical operations on Layer 4 ports:
Router(config)#
mls ip acl port expand
Router(config)#
mls ip cef accounting per-prefix
To enable MLS per-prefix accounting, use the mls ip cef accounting per-prefix command. To disable MLS per-prefix accounting, use the no form of this command
mls ip cef accounting per-prefix prefix-entry prefix-entry-mask [instance-name]
no mls ip cef accounting per-prefix
Syntax Description
prefix |
Prefix entry in the format A.B.C.D. |
prefix-entry-mask |
Prefix entry mask in the format A.B.C.D. |
instance-name |
(Optional) VPN routing and forwarding instance name. |
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Per-prefix accounting collects the adjacency counters used by the prefix. When the prefix is used for accounting, the adjacency cannot be shared with other prefixes. You can use per-prefix accounting to account for the packets sent to a specific destination.
Examples
This example shows how to enable MLS per-prefix accounting:
Router(config)#
mls ip cef accounting per-prefix 172.20.52.18 255.255.255.255
Router(config)#
This example shows how to disable MLS per-prefix accounting:
Router(config)#
no mls ip cef accounting per-prefix
Router(config)#
Related Commands
|
|
---|---|
show mls cef ip accounting per-prefix |
Displays all the prefixes that are configured for the statistic collection. |
mls ip cef load-sharing
To configure the CEF load balancing, use the mls ip cef load-sharing command. To return to the default settings, use the no form of this command.
mls ip cef load-sharing [full [exclude-port {destination | source}]] [simple]
no mls ip cef load-sharing
Syntax Description
Command Default
Source and destination IP address and universal identification
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The mls ip cef load-sharing command affects the IPv4, the IPv6, and the MPLS forwardings.
The mls ip cef load-sharing command is structured as follows:
•mls ip cef load-sharing full—Uses Layer 3 and Layer 4 information with multiple adjacencies.
•mls ip cef load-sharing full simple—Uses Layer 3 and Layer 4 information without multiple adjacencies.
•mls ip cef load-sharing simple—Uses Layer 3 information without multiple adjacencies.
For additional guidelines, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide—Release 12.2ZY.
Examples
This example shows how to set load balancing to include Layer 3 and Layer 4 ports with multiple adjacencies:
Router(config)# mls ip cef load-sharing full
Router(config)#
This example shows how to set load balancing to exclude the destination Layer 4 ports and source and destination IP addresses (Layer 3) from the load-balancing algorithm:
Router(config)# mls ip cef load-sharing full exclude-port destination
Router(config)#
This example shows how to set load balancing to exclude the source Layer 4 ports and source and destination IP addresses (Layer 3) from the load-balancing algorithm:
Router(config)# mls ip cef load-sharing full exclude-port source
Router(config)#
This example shows how to return to the default setting:
Router(config)# no mls ip cef load-sharing
Router(config)#
Related Commands
|
|
---|---|
Displays the IP entries in the MLS-hardware Layer 3-switching table. |
mls ip cef rate-limit
To rate-limit CEF-punted data packets, use the mls ip cef rate-limit command. To disable the rate-limited CEF-punted data packets, use the no form of this command.
mls ip cef rate-limit pps
no mls ip cef rate-limit
Syntax Description
pps |
Number of data packets; valid values are from 0 to 1000000. |
Command Default
No rate limit is configured.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Certain denial-of-service attacks target the route processing engines of routers. Certain packets that cannot be forwarded by the PFC are directed to the PISA for processing. Denial-of-service attacks can overload the route processing engine and cause routing instability when running dynamic routing protocols. You can use the mls ip cef rate-limit command to limit the amount of traffic that is sent to the PISA to prevent denial-of-service attacks against the route processing engine.
This command rate limits all CEF-punted data packets including the following:
•Data packets going to the local interface IP address
•Data packets requiring ARP
Setting the rate to a low value could impact the packets that are destined to the IP addresses of the local interfaces and the packets that require ARP. You should use this command to limit these packets to a normal rate and to avoid abnormal incoming rates.
For additional guidelines, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide—Release 12.2ZY.
Examples
This example shows how to enable and set rate limiting:
Router(config)#
mls ip cef rate-limit 50000
Router(config)#
Related Commands
|
|
---|---|
Displays the IP entries in the MLS-hardware Layer 3-switching table. |
mls ip cef rpf hw-enable-rpf-acl
To enable hardware uRPF for packets matching the deny ace when uRPF with ACL is enabled, use the mls ip cef rpf hw-enable-rpf-acl command. To disable hardware uRPF when RPF and ACL are enabled, use the no form of this command.
mls ip cef rpf hw-enable-rpf-acl
no mls ip cef rpf hw-enable-rpf-acl
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
If you do not enter the mls ip cef rpf hw-enable-rpf-acl command, when the uRPF with ACL is specified, packets that are permitted by the uRPF ACL are forwarded in hardware and the denied packets are sent to the PISA for the uRPF check. This command enables hardware forwarding with the uRPF check for the packets that are denied by the uRPF ACL. However in this case packets permitted by uRPF ACL are sent to the PISA for forwarding.
uRPF is not supported on PVLAN host ports.
Examples
This example shows how to enable hardware uRPF when RPF and ACL are enabled:
Router(config)#
mls ip cef rpf hw-enable-rpf-acl
Router(config)#
This example shows how to disable hardware uRPF when RPF and ACL are enabled:
Router(config)#
no mls ip cef rpf hw-enable-rpf-acl
Router(config)#
Related Commands
|
|
---|---|
ip verify unicast source reachable-via {any | rx} |
Enables and configures RPF checks with ACL. |
mls ip cef rpf interface-group
To define an interface group in the RPF-VLAN table, use the mls ip cef rpf interface-group command. To delete the interface group, use the no form of this command.
mls ip cef rpf interface-group group-number interface1 interface2 interface3 [...]
no mls ip cef rpf interface-group group-number interface1 interface2 interface3 [...]
Syntax Description
Command Default
No groups are configured.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
A single interface group contains three to six interfaces. You can configure up to four interface groups. For each interface group, the first four entries are installed in the hardware RPF-VLAN table.
Enter the interface as interface-typemod/port.
Separate each interface entry with a space. You do not have to include a space between the interface-type and the mod/port arguments. See the "Examples" section for a sample entry.
Examples
This example shows how to define an interface group:
Router(config)#
mls ip cef rpf interface-group 0 F2/1 F2/2 F2/3 F2/4 F2/5 F2/6
Router(config)#
mls ip cef rpf multipath
To configure the RPF modes, use the mls ip cef rpf multipath command. To return to the default settings, use the no form of this command.
mls ip cef rpf multipath {interface-group | punt | pass}
Syntax Description
Command Default
punt
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The interface-group mode is similar to the pass mode but utilizes the RPF_VLAN global table for the RPF check. Packets from other multiple path prefixes always pass the RPF check.
You enter the mls ip cef rpf multipath interface-group command to define an RPF_VLAN table interface group. One interface group contains from three to six interfaces, and you can configure up to four interface groups. For each interface group, the first four entries are installed in the hardware RPF_VLAN table. For the prefix that has more than three multiple paths, and all paths except two are part of that interface group, the FIB entry of that prefix uses this RPF_VLAN entry.
Examples
This example shows how to redirect the RPF-failed packets to the route processor for multiple path prefix support:
Router(config)#
mls ip cef rpf multipath interface-group
Router(config)#
Related Commands
|
|
---|---|
Displays the IP entries in the MLS-hardware Layer 3-switching table. |
mls ip delete-threshold
To delete the configured ACL thresholds, use the mls ip delete-threshold command.
mls ip delete-threshold acl-num
Syntax Description
acl-num |
Reflective ACL number; valid values are from 1 to 10000. |
Command Default
This command has no default settings.
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The mls ip delete-threshold command is active only when you enable the mls ip reflexive ndr-entry tcam command.
Examples
This example shows how to delete an ACL threshold:
Router(config)# mls ip delete-threshold 223
Router(config)#
Related Commands
|
|
---|---|
Installs the configured ACL thresholds. |
|
Enables the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR. |
mls ip directed-broadcast
To enable the hardware switching of the IP-directed broadcasts, use the mls ip directed-broadcast command. To return to the default settings, use the no form of this command.
mls ip directed-broadcast {exclude-router | include-router}
no mls ip directed-broadcast
Syntax Description
Command Modes
Disabled
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The exclude-router and include-router keywords both support hardware switching, but exclude-router does not send a copy of the hardware-switched packets to the router. If you enter the include-router keyword, the router does not forward the IP-directed broadcast packet again.
In the default mode, IP-directed broadcast packets are not forwarded in the hardware; they are handled at the process level by the PISA. The PISA decision to forward or not forward the packet is dependent on the ip directed-broadcast command configuration.
There is no interaction between the ip directed-broadcast command and the mls ip directed-broadcast command. The ip directed-broadcast command involves software forwarding, and the mls ip directed-broadcast command involves hardware forwarding.
MLS IP-directed broadcast supports a secondary interface address.
Any packets that hit the CPU are not forwarded unless you add the ip directed-broadcast command to the same interface.
You can configure the MLS IP-directed broadcasts on a port-channel interface but not on the physical interfaces on the port-channel interface. If you want to add a physical interface to a port-channel group, the physical interface cannot have the MLS IP-directed broadcast configuration. You have to first remove the configuration manually and then add the physical interface to the channel group. If a physical interface is already part of a channel group, the CLI will not accept the mls ip directed-broadcast configuration command on that physical interface.
Examples
This example shows how to forward the IP-directed broadcast packet in the hardware to all hosts in the VLAN with the exception of the router:
Router(config-if)#
mls ip directed-broadcast exclude-router
Router(config-if)#
This example shows how to forward the IP-directed broadcast packet in the hardware to all hosts in the VLAN:
Router(config-if)#
mls ip directed-broadcast include-router
Router(config-if)#
Related Commands
|
|
---|---|
Displays hardware-switched IP-directed broadcast information. |
mls ip inspect
To permit traffic through any ACLs that would deny the traffic through other interfaces, use the mls ip inspect command. To return to the default settings, use the no form of this command.
mls ip inspect acl-name
no mls ip inspect acl-name
Syntax Description
acl-name |
ACL name. |
Command Modes
Disabled
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
On a Catalyst 6500 series switch, when interfaces are configured to deny traffic, the CBAC permits traffic to flow bidirectionally only through the interface that is configured with the ip inspect command.
Examples
This example shows how to permit the traffic through a specific ACL (named deny_ftp_c):
Router(config)# mls ip inspect deny_ftp_c
Router(config)#
Related Commands
|
|
---|---|
ip inspect |
Applies a set of inspection rules to an interface. |
mls ip install-threshold
To install the configured ACL thresholds, use the mls ip install-threshold command.
mls ip install-threshold acl-num
Syntax Description
acl-num |
Reflective ACL number; valid values are from 1 to 10000. |
Command Modes
This command has no default settings.
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The mls ip install-threshold command is active only when you enable the mls ip reflexive ndr-entry tcam command.
Examples
This example shows how to install an ACL threshold:
Router(config)# mls ip install-threshold 123
Router(config)#
Related Commands
|
|
---|---|
Deletes configured ACL thresholds. |
|
Enables the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR. |
mls ip multicast (global configuration mode)
To enable MLS IP and configure the hardware switching globally, use the mls ip multicast command. To disable MLS IP, use the no form of this command.
mls ip multicast [capability]
mls ip multicast [vrf name] [connected | egress local | mfd | refresh-state | shared-tree-mfd | threshold ppsec]
no mls ip multicast [vrf]
Syntax Description
Command Modes
The defaults are as follows:
•Multicast is disabled.
•Hardware switching is allowed for all eligible multicast routes.
•connected is enabled.
•egress local is disabled.
•mfd is enabled.
•refresh-state is enabled.
•shared-tree-mfd is enabled.
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Note After you enter the mls ip multicast egress local command, you must perform a system reset for the configuration to take effect.
When entering the mls ip multicast egress local command, ensure that IPv6 multicast is not enabled. Since the egress multicast replication performance enhancement feature cannot separately turn on or turn off IPv4 and IPv6, you cannot have IPv4 and IPv6 multicast enabled when this feature is turned on.
These optional keywords are supported:
•threshold
•connected
•refresh-state
•shared-tree-mfd
•mfd
The threshold ppsec optional keyword and argument do not impact flows that are already populated in the hardware cache.
The expiration time refresh is updated when flow statistics are received from the Catalyst 6500 series switch (indicating that the traffic is received from the RPF interface).
Examples
This example shows how to enable the MLS IP shortcuts:
Router(config)#
mls ip multicast
Router(config)#
This example shows how to enable the hardware switching on a specific multicast route:
Router(config)#
mls ip multicast vrf test1
Router(config)#
This example shows how to export the information about egress capability from the switch processor to the route processor:
Router(config)#
mls ip multicast capability
Router(config)#
This example shows how to populate the multicast expansion table with local Layer 3-routed interfaces:
Router(config)#
mls ip multicast egress local
Router(config)#
Related Commands
|
|
---|---|
Enables external systems to establish IP shortcuts to the PISA. |
|
Displays the MLS IP information. |
mls ip multicast (interface configuration mode)
To enable MLS IP shortcuts on the interface, use the mls ip multicast command. To disable MLS IP shortcuts on the interface, use the no form of this command.
mls ip multicast
no mls ip multicast
Syntax Description
This command has no arguments or keywords.
Command Modes
Multicast is disabled.
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to enable the MLS IP shortcuts:
Router(config-if)#
mls ip multicast
Router(config-if)#
Related Commands
|
|
---|---|
Displays the MLS IP information. |
mls ip multicast bidir gm-scan-interval
To set the RPF scan interval for the Bidir rendezvous point, use the mls ip multicast bidir gm-scan-interval command. To disable the RPF scan interval for the Bidir rendezvous point, use the no form of this command.
mls ip multicast bidir gm-scan-interval interval
no mls ip multicast bidir gm-scan-interval
Syntax Description
interval |
RPF scan interval for the Bidir rendezvous point; valid values are from 1 to 1000 seconds. |
Command Modes
10 seconds
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
When you set the RPF scan interval for the Bidir rendezvous point, you set the time that the periodic scan timer updates the RPF in the DF table for all Bidir rendezvous points in the hardware.
Examples
This example shows how to set the RPF scan interval for the Bidir rendezvous point:
Router(config)#
mls ip multicast bidir gm-scan-interval 30
Router(config)#
Related Commands
|
|
---|---|
Displays the Bidir hardware-switched entries. |
mls ip multicast connected
To enable the downloading of directly connected subnets globally, use the mls ip multicast connected command. To disable the downloading of directly connected subnets globally, use the no form of this command.
mls ip multicast connected
no mls ip multicast connected
Syntax Description
This command has no arguments or keywords.
Command Modes
Disabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Do not create directly connected subnets for the following cases:
•To make more room available in the FIB TCAM
•The switch is the first-hop router for a source
•The entries are for Bidir, SSM, and DM mode groups
In these cases, if you enable the downloading of directly connected subnets, the directly connected source hits the MMLS (*,G) entry and is switched using the MMLS (*,G) entry. The registers are not sent to the route processor (in the case of PIM-SM), and the (S,G) state is not created on the first hop (in the case of PIM-DM).
The subnet entry is installed in the TCAM entries with a shorter mask to catch directly connected sources before they hit such entries. You can punt traffic from directly connected sources to the PISA. Once the PISA sees this traffic, it can install an MMLS (S,G) entry for this source, which gets installed before the subnet entry in the TCAM. New packets from this source are now switched with the (S,G) entry.
Examples
This example shows how to enable the downloading of directly connected subnets:
Router(config)#
mls ip multicast connected
Router(config)#
Related Commands
|
|
---|---|
Enables MLS IP and configures the hardware switching globally. |
|
Displays the MLS IP information. |
mls ip multicast consistency-check
To enable and configure the hardware-shortcut consistency checker, use the mls ip multicast consistency-check command. To disable the consistency checkers, use the no form of this command.
mls ip multicast consistency-check [{settle-time seconds} | {type scan-mroute [count count-number] | {settle-time seconds}} | {period seconds}]
no mls ip multicast consistency-check
Syntax Description
Command Default
The defaults are as follows:
•Consistency check is enabled.
•count count-number is 20.
•period seconds is 2 seconds.
•settle-time seconds is 60 seconds.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The oif entry is the outgoing interface of a multicast {*,G} or {source, group} flow.
The consistency checker scans the mroute table and assures that the multicast-hardware entries are consistent with the mroute table. Whenever an inconsistency is detected, the inconsistency is automatically corrected.
To display the inconsistency error, use the show mls ip multicast consistency-check command.
Examples
This example shows how to enable the hardware-shortcut consistency checker:
Router (config)#
mls ip multicast consistency-check
Router (config)#
This example shows how to enable the hardware-shortcut consistency checker and configure the scan check of the mroute table:
Router (config)#
mls ip multicast consistency-check type scan-mroute count 20 period 35
Router (config)#
This example shows how to enable the hardware-shortcut consistency checker and specify the period between scans:
Router (config)#
mls ip multicast consistency-check type scan-mroute period 35
Router (config)#
Related Commands
|
|
---|---|
show mls ip multicast consistency-check |
Displays the MLS IP information. |
mls ip multicast flow-stat-timer
To set the time interval between two consecutive batches of flow-statistics messages from the switch processor to the route processor, use the mls ip multicast flow-stat-timer command. To return to the default settings, use the no form of this command.
mls ip multicast flow-stat-timer num
no mls ip multicast flow-stat-timer
Syntax Description
num |
Time interval between two consecutive batches of flow-statistics messages from the switch processor to the route processor. |
Command Default
25 seconds
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to configure the time interval between two consecutive batches of flow-statistics messages from the switch processor to the route processor:
Router (config)#
mls ip multicast flow-stat-timer 10
Router (config)#
Related Commands
|
|
---|---|
Displays the MLS IP information. |
mls ip multicast replication-mode
To enable and specify the replication mode, use the mls ip multicast replication-mode command. To restore the system to automatic detection mode, use the no form of this command.
mls ip multicast replication-mode {egress | ingress}
no mls ip multicast replication-mode {egress | ingress}
Syntax Description
egress |
Forces the system to the egress mode of replication. |
ingress |
Forces the system to the ingress mode of replication. |
Command Default
ingress
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The Supervisor Engine 32 PISA does not support the egress keyword.
Note During the change from egress- to ingress-replication mode, traffic interruptions may occur because the shortcuts are purged and reinstalled. To avoid interruptions in traffic forwarding, enter the mls ip multicast replication-mode ingress command.
If you enter the no mls ip multicast replication-mode ingress command, only the forced-ingress mode resets
Examples
This example shows how to enable the ingress-replication mode:
Router (config)#
mls ip multicast replication-mode ingress
Router (config)#
Related Commands
|
|
---|---|
show mls ip multicast capability |
Displays the MLS IP information. |
mls ip multicast sso
To configure the SSO parameters, use the mls ip multicast sso command. To return to the default settings, use the no form of this command.
mls ip multicast sso {{convergence-time time} | {leak interval} | {leak percentage}}
Syntax Description
Command Default
The defaults are as follows:
•convergence-time time—20 seconds
•leak interval—60 seconds
•leak percentage—10 percent
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to set the maximum time to wait for protocol convergence:
Router (config)#
mls ip multicast sso convergence-time 300
Router (config)#
This example shows how to set the packet-leak interval:
Router (config)#
mls ip multicast sso leak 200
Router (config)#
This example shows how to set the packet-leak percentage:
Router (config)#
mls ip multicast sso leak 55
Router (config)#
Related Commands
|
|
---|---|
Displays information about multicast high-availability SSO. |
mls ip multicast stub
To enable the support for non-RPF traffic drops for PIM sparse-mode stub networks, use the mls ip multicast stub command. To disable support for non-RPF traffic drops for PIM sparse-mode stub networks, use the no form of this command.
mls ip multicast stub
no mls ip multicast stub
Syntax Description
This command has no arguments or keywords.
Command Default
Multicast is disabled.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The mls ip multicast stub command, creates the following filters on a routed interface or a VLAN:
•Permits IP packets from all addresses that are connected to the interface to any IP destination. An address is connected to the interface if it is within the IP address prefixes configured through the ip address addr mask [secondary] command.
This filter is meant to permit unicast and multicast packets from directly connected sources.
•Permits IP multicast packets from any source address to multicast group prefixes 224.0.0.0/24 and 224.0.1.0/24.
This filter allows packets to be sent from any source address to well-known multicast addresses; 224.0.0.0/24 is used by protocols such as PIM, OSPF, EIGRP, or NTP. Addresses in 224.0.1.0/24 are used by protocols such as AutoRP (224.0.1.39, 224.0.1.40).
•Denies any other IP multicast packets.
This deny filter is meant to inhibit any multicast packets from nondirectly connected sources and is applied to the packets received on this interface or VLAN.
The permit IP multicast packets and the deny any other IP multicast packets filters are the same for all interface or VLANs to which you configure the mls ip multicast stub command. The permit IP packets from all addresses that are connected to the interface to any IP destination filter is different for each interface or VLAN.
Examples
This example shows how to enable the support for the non-RPF traffic drops for the PIM sparse-mode stub networks:
Router(config-if)#
mls ip multicast stub
Router(config-if)#
Related Commands
|
|
---|---|
Displays the MLS IP information. |
mls ip multicast threshold
To configure a threshold rate for installing hardware shortcuts, use the mls ip multicast threshold command. To deconfigure the threshold, use the no form of this command.
mls ip multicast threshold ppsec
no mls ip multicast threshold
Syntax Description
ppsec |
Threshold in packets per seconds; valid values are from 10 to 10000 packets per second. |
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Use this command to prevent creation of MLS entries for short-lived multicast flows such as join requests.
If multicast traffic drops below the configured multicast rate threshold, all multicast traffic is routed by the PISA.
This command does not affect already installed routes. For example, if you enter this command and the shortcuts are already installed, the shortcuts are not removed if they are disqualified. To apply the threshold to existing routes, clear the route and let it reestablish.
Examples
This example shows how to configure the IP MLS threshold to 10 packets per second:
Router (config)#
mls ip multicast threshold 10
Router (config)#
Related Commands
|
|
---|---|
Enables external systems to establish IP shortcuts to the PISA. |
|
Displays the MLS IP information. |
mls ip nat netflow-frag-l4-zero
To zero out the Layer 4 information in the NetFlow lookup table for fragmented packets, use the mls ip nat netflow-frag-l4-zero command.
mls ip nat netflow-frag-l4-zero
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
This command is supported in PFC3BXL or PFC3B mode only.
Use the mls ip nat netflow-frag-l4-zero command to prevent matching the first fragment to the NetFlow shortcut (normal operation) that is sent to the software. The next fragments that are sent to the software are translated based on the Layer 4 port information from the first fragment. The translation based on the Layer 4 port information from the first fragment occurs because there are no fragment bits for matching in the NetFlow key.
When there is a large feature configuration on an interface that requires a large number of ACL TCAM entries/masks that are programmed in TCAM, if the interface is configured as a NAT-inside interface, the feature configuration may not fit in the ACL TCAM and the traffic on the interface may get switched in the software.
Examples
This example shows how to zero out the Layer 4 information in the NetFlow lookup table for fragmented packets:
Router (config)#
mls ip nat netflow-frag-l4-zero
Router (config)#
mls ip pbr
To enable the MLS support for policy-routed packets, use the mls ip pbr command. To disable the MLS support for policy-routed packets, use the no form of this command.
mls ip pbr [null0]
no mls ip pbr
Syntax Description
null0 |
(Optional) Enables the hardware support for the interface null0 in the route maps. |
Command Default
MLS support for policy-routed packets is disabled.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Note Do not enable PBR and SLB on the same interface; PBR-based packets are not forwarded correctly.
When you enable the hardware-policy routing by entering the mls ip pbr command, all policy routing occurs in the hardware and is applied to all interfaces, regardless of which interface was configured for policy routing.
Use the null0 keyword when you have routed traffic only to enable the hardware support for the set interface null0 in the route maps.
Examples
This example shows how to enable the MLS support for policy-routed packets:
Router(config)#
mls ip pbr
Router(config)#
Related Commands
|
|
---|---|
show tcam interface vlan acl |
Displays information about the interface-based TCAM. |
mls ip reflexive ndr-entry tcam
To enable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR, use the mls ip reflexive ndr-entry tcam command. To disable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR, use the no form of this command.
mls ip reflexive ndr-entry tcam
no mls ip reflexive ndr-entry tcam
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
When you enter the mls ip reflexive ndr-entry tcam command, the reflexive ACL dynamic entries are installed in TCAM instead of in NetFlow.
Examples
This example shows how to enable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR:
Router(config)#
mls ip reflexive ndr-entry tcam
Router(config)#
This example shows how to disable the shortcuts in TCAM for the reflexive TCP/UDP entries when installed by the NDR:
Router(config)#
no mls ip reflexive ndr-entry tcam
Router(config)#
Related Commands
|
|
---|---|
Deletes the configured ACL thresholds. |
|
Installs the configured ACL thresholds. |
mls ipv6 acl compress address unicast
To turn on the compression of IPv6 addresses, use the mls ipv6 acl compress address unicast command. To turn off the compression of IPv6 addresses, use the no form of this command.
mls ipv6 acl compress address unicast
no mls ipv6 acl compress address unicast
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Examples
This example shows how to turn on the compression of the noncompressible IPv6 addresses:
Router(config)#
mls ipv6 acl compress address unicast
Router(config)#
This example shows how to turn off the compression of the noncompressible IPv6 addresses:
Router(config)#
no mls ipv6 acl compress address unicast
Router(config)#
Related Commands
|
|
---|---|
Displays the IPv6 information. |
|
show mls netflow ipv6 |
Displays configuration information about the NetFlow hardware. |
mls ipv6 acl source
To deny all IPv6 packets from a source-specific address, use the mls ipv6 acl source command. To accept all IPv6 packets from a source-specific address, use the no form of this command.
mls ipv6 acl source {loopback | multicast}
no mls ipv6 acl source {loopback | multicast}
Syntax Description
loopback |
Denies all IPv6 packets with a source loopback address. |
multicast |
Denies all IPv6 packets with a source multicast address. |
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to deny all IPv6 packets with a source loopback address:
Router(config)#
mls ipv6 acl source loopback
Router(config)#
This example shows how to deny all IPv6 packets with a source multicast address:
Router(config)#
no mls ipv6 acl source multicast
Router(config)#
Related Commands
|
|
---|---|
show mls netflow ipv6 |
Displays configuration information about the NetFlow hardware. |
mls mpls (recirculation)
To enable MPLS recirculation, use the mls mpls command. To disable MPLS recirculation, use the no form of this command.
mls mpls {recir-agg | tunnel-recir}
no mls mpls {recir-agg | tunnel-recir}
Syntax Description
recir-agg |
Recirculates the MPLS aggregated-label packets (new aggregated labels are impacted only). |
tunnel-recir |
Recirculates the tunnel-MPLS packets. |
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
If you do not enable tunnel-MPLS recirculation, the IPv4 and IPv4-tunneled packets that need to be labeled (for example, the packets that are encapsulated with an MPLS header) will be corrupted when they are transmitted from the Catalyst 6500 series switch.
Use the show erm statistics command to display the FIB TCAM exception status for IPv4, IPv6, and MPLS protocols.
Examples
This example shows how to enable the aggregated-label MPLS recirculation:
Router(config)#
mls mpls recir-agg
Router(config)#
This example shows how to enable the tunnel-MPLS recirculation:
Router(config)#
mls mpls tunnel-recir
Router(config)#
This example shows how to disable the aggregated-label MPLS recirculation:
Router(config)#
no mls mpls recir-agg
Router(config)#
This example shows how to disable the tunnel-MPLS recirculation:
Router(config)#
no mls mpls tunnel-recir
Router(config)#
Related Commands
|
|
---|---|
Displays the FIB TCAM exception status for IPv4, IPv6, and MPLS protocols. |
mls mpls (guaranteed bandwidth traffic engineering)
To configure the guaranteed bandwidth traffic engineering flow parameters globally, use the mls mpls command. To return to the default settings, use the no form of this command.
mls mpls {{gb-te-burst burst} | {gb-te-cir-ratio ratio} | {gb-te-dscp dscp-value [markdown]} | {gb-te-enable [global-pool]}}
no mls mpls {{gb-te-burst burst} | {gb-te-cir-ratio ratio} | {gb-te-dscp dscp-value [markdown]} | {gb-te-enable [global-pool]}}
Syntax Description
Command Default
The default settings are as follows:
•burst is 1000 milliseconds.
•ratio is 1 percent.
•dscp-value is 40.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Use the mls qos map dscp-exp command to reset the Exp value of the MPLS packet when the out-label gets swapped.
If you do not enable tunnel-MPLS recirculation, the IPv4 and IPv4-tunneled packets that need to be labeled (for example, the packets that are encapsulated with an MPLS header) will be corrupted when they are transmitted from the Catalyst 6500 series switch.
Use the show erm statistics command to display the FIB TCAM exception status for IPv4, IPv6, and MPLS protocols.
Examples
This example shows how to specify the burst duration for the guaranteed bandwidth traffic engineering flows:
Router(config)#
mls mpls gb-te-burst 2000
Router(config)#
This example shows how to specify the ratio for CIR policing:
Router(config)#
mls mpls gb-te-ratio 30
Router(config)#
This example shows how to specify the DSCP map for the guaranteed bandwidth traffic engineering flows and to drop the nonconforming flows:
Router(config)#
mls mpls gb-te-dscp 25 markdown
Router(config)#
This example shows how to enable the guaranteed bandwidth traffic engineering flow policing:
Router(config)#
mls mpls gb-te-enable
Router(config)#
Related Commands
|
|
---|---|
Displays the FIB TCAM exception status for IPv4, IPv6, and MPLS protocols. |
mls nde flow
To specify the filter options for NDE, use the mls nde flow command. To clear the NDE flow filter and reset the filter to the default settings, use the no form of this command.
mls nde flow {include | exclude} {{dest-port port-num} | {destination ip-addr ip-mask} | {protocol {tcp | udp}} | {source ip-addr ip-mask} | {src-port port-num}}
no mls nde flow {include | exclude}
Syntax Description
Command Default
The defaults are as follows:
•All expired flows are imported.
•Interface export is disabled (no mls nde interface).
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The mls nde flow command adds filtering to the NDE. The expired flows matching the specified criteria are exported. These values are stored in NVRAM and do not clear when NDE is disabled. If any option is not specified in this command, it is treated as a wildcard. The NDE filter in NVRAM does not clear when you disable NDE.
Only one filter can be active at a time. If you do not enter the exclude or include keyword, the filter is assumed to be an inclusion filter.
The include and exclude filters are stored in NVRAM and are not removed if you disable NDE.
ip-addr maskbits is the simplified long subnet address format. The mask bits specify the number of bits of the network masks. For example, 172.25.2.1/22 indicates a 22-bit subnet address. The ip-addr is a full host address, such as 193.22.253.1/22.
Examples
This example shows how to specify an interface flow filter so that only expired flows to destination port 23 are exported (assuming that the flow mask is set to ip-flow):
Router(config)#
mls nde flow include dest-port 23
Router(config)#
Related Commands
|
|
---|---|
Displays configuration information about the NetFlow hardware. |
mls nde interface
To populate the additional fields in the NDE packets, use the mls nde interface command. To disable the population of the additional fields, use the no form of this command.
mls nde interface
no mls nde interface
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
You can configure NDE to populate the following additional fields in the NDE packets:
•Egress interface SNMP index
•Source-autonomous system number
•Destination-autonomous system number
•IP address of the next-hop router
The ingress-interface SNMP index is always populated if the flow mask is interface-full or interface-src-dst.
For detailed information, refer to the "Configuring NDE" chapter of the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide—Release 12.2ZY.
Examples
This example shows how to populate the additional fields in the NDE packets:
Router(config)#
mls nde interface
Router(config)#
This example shows how to disable the population of the additional fields:
Router(config)#
no mls nde interface
Router(config)#
Related Commands
|
|
---|---|
Enables NetFlow to gather statistics. |
|
Enables the sampled NetFlow on an interface. |
mls nde sender
To enable MLS NDE export, use the mls nde sender command. To disable MLS NDE export, use the no form of this command.
mls nde sender [version version]
no mls nde sender
Syntax Description
version version |
(Optional) Specifies the NDE version; valid values are 5 and 7. |
Command Default
The defaults are as follows:
•MLS NDE export is disabled.
•version is 7.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to enable MLS NDE export:
Router(config)#
mls nde sender
Router(config)#
This example shows how to disable MLS NDE export:
Router(config)#
no mls nde sender
Router(config)#
Related Commands
|
|
---|---|
Displays information about the NDE hardware-switched flow. |
mls netflow
To enable NetFlow to gather the statistics, use the mls netflow command. To disable NetFlow from gathering the statistics, use the no form of this command.
mls netflow
no mls netflow
Syntax Description
interface |
(Optional) Specifies statistics gathering per interface. |
Command Default
Enabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
NetFlow gathers the statistics from traffic that flows through the Catalyst 6500 series switch and stores the statistics in the NetFlow table. You can gather the statistics globally based on a protocol or optionally per interface.
If you are not using NDE or the Cisco IOS features that use the hardware NetFlow table (micro-flow QoS, WCCP, TCP Intercept, or Reflexive ACLs), you may safely disable the use and maintenance of the hardware NetFlow table using the no mls netflow command in global configuration mode.
Examples
This example shows how to gather the statistics:
Router(config)#
mls netflow
Router(config)#
This example shows how to disable NetFlow from gathering the statistics:
Router(config)# no mls netflow
Disabling MLS netflow entry creation.
Router(config)#
Related Commands
|
|
---|---|
Displays configuration information about the NetFlow hardware. |
mls netflow maximum-flows
To configure the maximum flow allocation in the NetFlow table, use the mls netflow maximum-flows command. To return to the default settings, use the no form of this command.
mls netflow maximum-flows [maximum-flows]
no mls netflow maximum-flows
Syntax Description
maximum-flows |
(Optional) Maximum number of flows; valid values are 16, 32, 64, 80, 96, and 128. See the "Usage Guidelines" section for additional information. |
Command Default
128
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The value that you specify for the maximum number of flows is that value times 1000. For example, if you enter 32, you specify that 32,000 is the maximum number of permitted flows.
Examples
This example shows how to configure the maximum flow allocation in the NetFlow table:
Router(config)#
mls netflow maximum-flows 96
Router(config)#
This example shows how to return to the default setting:
Router(config)# no mls netflow maximum-flows
Router(config)#
Related Commands
|
|
---|---|
show mls netflow table-contention |
Displays configuration information at the table contention level for the NetFlow hardware. |
mls netflow sampling
To enable the sampled NetFlow on an interface, use the mls netflow sampling command. To disable the sampled NetFlow, use the no form of this command.
mls netflow sampling
no mls netflow sampling
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
To enable sampling, you must enter the mls sampling command and the mls netflow sampling command on the appropriate interfaces. If you do not enter the mls netflow sampling command, NDE will not export flows.
Depending on the current flow mask, the sampled NetFlow can be global or per interface. For Interface-Full and Interface-Src-Dest flow masks, the sampled NetFlow is enabled on a per-interface basis. For all the other flow masks, the sampled NetFlow is always global and turned on/off for all interfaces.
Enter the mls sampling command to enable the sampled NetFlow globally.
Examples
This example shows how to enable the sampled NetFlow on an interface:
Router(config-if)# mls netflow sampling
Router(config-if)#
This example shows how to disable the sampled NetFlow on an interface:
Router(config-if)# no mls netflow sampling
Router(config-if)#
Related Commands
|
|
---|---|
Enables the sampled NetFlow and specifies the sampling method. |
|
Displays information about the sampled NDE status. |
mls netflow usage notify
To monitor the NetFlow table usage on the switch processor, use the mls netflow usage notify command. To return to the default settings, use the no form of this command.
mls netflow usage notify {threshold interval}
no mls netflow usage notify
Syntax Description
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
If the NetFlow table usage monitoring is enabled and the NetFlow table usage exceeds the percentage threshold, a warning message is displayed.
NetFlow gathers statistics from traffic that flows through the Catalyst 6500 series switch and stores the statistics in the NetFlow table. You can gather statistics globally based on a protocol or optionally per interface.
If you are not using NDE or the Cisco IOS features that use the hardware NetFlow table (micro-flow QoS, WCCP, TCP Intercept, or Reflexive ACLs), you may safely disable the use and maintenance of the hardware NetFlow table using the no mls netflow command in global configuration mode.
Examples
This example shows how to configure the monitoring of the NetFlow table usage on the switch processor:
Router(config)#
mls netflow usage notify 80 300
Router(config)#
Related Commands
|
|
---|---|
show mls netflow usage |
Displays configuration information about the NetFlow hardware. |
mls qos (global configuration mode)
To enable the QoS functionality globally, use the mls qos command. To disable the QoS functionality globally, use the no form of this command.
mls qos
no mls qos
Syntax Description
This command has no arguments or keywords.
Command Default
QoS is globally disabled.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
If you enable QoS globally, QoS is enabled on all interfaces with the exception of the interfaces where you disabled QoS. If you disable QoS globally, all traffic is passed in QoS pass-through mode.
In port-queueing mode, PFC QoS (marking and policing) is disabled, and packet ToS and CoS are not changed by the PFC. All queueing on rcv and xmt is based on a QoS tag in the incoming packet, which is based on the incoming CoS.
For 802.1Q or ISL-encapsulated port links, queueing is based on the packet 802.1Q or ISL CoS.
For the router main interfaces or access ports, queueing is based on the configured per-port CoS (the default CoS is 0).
This command enables or disables TCAM QoS on all interfaces that are set in the OFF state.
Examples
This example shows how to enable QoS globally:
Router(config)# mls qos
Router(config)#
This example shows how to disable QoS globally on the Catalyst 6500 series switch:
Router(config)# no mls qos
Router(config)#
Related Commands
|
|
---|---|
Enables the QoS functionality on an interface. |
|
Displays MLS QoS information. |
mls qos (interface configuration mode)
To enable the QoS functionality on an interface, use the mls qos command. To disable QoS functionality on an interface, use the no form of this command.
mls qos
no mls qos
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Although the CLI allows you to configure PFC-based QoS on the WAN ports on the OC-12 ATM OSMs and on the WAN ports on the channelized OSMs, PFC-based QoS is not supported on the WAN ports on these OSMs.
If you disable QoS globally, it is also disabled on all interfaces.
This command enables or disables TCAM QoS (classification, marking, and policing) for the interface.
Examples
This example shows how to enable QoS on an interface:
Router(config-if)# mls qos
Router(config-if)#
Related Commands
|
|
---|---|
Enables the QoS functionality globally. |
|
Displays MLS QoS information. |
mls qos aggregate-policer
To define a named aggregate policer for use in policy maps, use the mls qos aggregate-policer command. This policer can be shared by different policy map classes and on different interfaces. To delete a named aggregate policer, use the no form of this command.
mls qos aggregate-policer name rate-bps
mls qos aggregate-policer name rate-bps burst-bytes maximum-burst-bytes
mls qos aggregate-policer name rate-bps [{conform-action {drop [exceed-action action]}} | {set-dscp-transmit [new-dscp]} | {set-prec-transmit [new-precedence]} | {transmit [{exceed-action action} | {violate-action action]}}
mls qos aggregate-policer aggregate-name rate-bps {pir peak-rate-bps [{conform-action {drop [exceed-action action]}} | {set-dscp-transmit [new-dscp]} | {set-prec-transmit [new-precedence]} | {transmit [{exceed-action action}} | {violate-action action}]]}
no mls qos aggregate-policer name
Syntax Description
Command Default
The defaults are as follows:
•extended-burst-bytes is equal to burst-bytes.
•conform-action is transmit.
•exceed-action is drop.
•violate-action is equal to the exceed-action.
•pir peak-rate-bps is equal to the normal (cir) rate.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Valid values for action are as follows:
•drop—Drops the packet
•policed-dscp-transmit—Changes the DSCP per the policed-DSCP map and sends it
•transmit—Transmits the package
The Catalyst 6500 series switch supports up to 1023 aggregates and 1023 policing rules.
The mls qos aggregate-policer command allows you to configure an aggregate flow and a policing rule for that aggregate. When you enter the rate and burst parameters, the range for the average rate is 32 Kbps to 4 Gbps (entered as 32000 and 4000000000) and the range for the burst size is 1 KB (entered as 1000) to 512 MB (entered as 512000000). Modifying an existing aggregate rate limit entry causes that entry to be modified in NVRAM and in the Catalyst 6500 series switch if that entry is currently being used.
Note Due to hardware granularity, the rate value is limited so the burst that you configure may not be the value that is used.
Modifying an existing microflow or aggregate rate limit modifies that entry in NVRAM and in the Catalyst 6500 series switch if it is currently being used.
When you enter the aggregate policer name, follow these naming conventions:
•Maximum of 31 characters and may include a-z, A-Z, 0-9, the dash character (-), the underscore character (_), and the period character (.)
•Must start with an alphabetic character and must be unique across all ACLs of all types
•Case sensitive
•Cannot be a number
•Must not be a keyword; keywords to avoid are all, default-action, map, help, and editbuffer
Examples
This example shows how to configure a QoS aggregate policer to allow a maximum of 100000 bits per second with a normal burst byte size of 10000, set DSCP to 48 when these rates are not exceeded, and drop packets when these rates are exceeded:
Router(config)# mls qos aggregate-policer micro-one 100000 10000 conform-action set-dscp 48 exceed action drop
Router(config)#
Related Commands
|
|
---|---|
Marks a packet by setting the IP DSCP in the ToS byte. |
mls qos bridged
To enable the microflow policing for bridged traffic on Layer 3 LAN interfaces, use the mls qos bridged command. To disable microflow policing for bridged traffic, use the no form of this command.
mls qos bridged
no mls qos bridged
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
This command is supported on SVIs only.
Examples
This example shows how to enable the microflow policing for bridged traffic on a VLAN interface:
Router(config-if)# mls qos bridged
Router(config-if)#
Related Commands
|
|
---|---|
Displays MLS QoS information. |
mls qos channel-consistency
To enable the QoS-port attribute checks on EtherChannel bundling, use the mls qos channel-consistency command. To disable the QoS-port attribute checks on EtherChannel bundling, use the no form of this command.
mls qos channel-consistency
no mls qos channel-consistency
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The mls qos channel-consistency command is supported on port channels only.
Examples
This example shows how to enable the QoS-port attribute checks on the EtherChannel bundling:
Router(config-if)# mls qos channel-consistency
Router(config-if)#
This example shows how to disable the QoS-port attribute checks on the EtherChannel bundling:
Router(config-if)# no mls qos channel-consistency
Router(config-if)#
mls qos cos
To define the default CoS value for an interface, use the mls qos cos command. To remove a prior entry, use the no form of this command.
mls qos cos cos-value
no mls qos cos cos-value
Syntax Description
cos-value |
Default CoS value for the interface; valid values are from 0 to 7. |
Command Default
The defaults are as follows:
•cos-value is 0.
•CoS override is not configured.
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
CoS values are configurable on physical LAN ports only.
Examples
This example shows how to configure the default QoS CoS value as 6:
Router(config-if)# mls qos cos 6
Router(config-if)#
Related Commands
|
|
---|---|
Displays MLS QoS information. |
mls qos cos-mutation
To attach an ingress-CoS mutation map to the interface, use the mls qos cos-mutation command. To remove the ingress-CoS mutation map from the interface, use the no form of this command.
mls qos cos-mutation cos-mutation-table-name
no mls qos cos-mutation
Syntax Description
cos-mutation-table-name |
Name of the ingress-CoS mutation table. |
Command Modes
No table is defined.
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to attach the ingress-CoS mutation map named mutemap2:
Router(config-if)# mls qos cos-mutation mutemap2
Router(config-if)#
Related Commands
|
|
---|---|
Maps a packet's CoS to a new CoS value. |
|
Displays MLS QoS information. |
mls qos dscp-mutation
To attach an egress-DSCP mutation map to the interface, use the mls qos dscp-mutation command. To remove the egress-DSCP mutation map from the interface, use the no form of this command.
mls qos dscp-mutation dscp-mutation-table-name
no mls qos dscp-mutation
Syntax Description
dscp-mutation-table-name |
Name of the egress-DSCP mutation table. |
Command Modes
No table is defined.
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to attach the egress-DSCP mutation map named mutemap1:
Router(config-if)# mls qos dscp-mutation mutemap1
Router(config-if)#
Related Commands
|
|
---|---|
Defines a named DSCP mutation map. |
|
Displays MLS QoS information. |
mls qos exp-mutation
To attach an egress-EXP mutation map to the interface, use the mls qos exp-mutation command. To remove the egress-EXP mutation map from the interface, use the no form of this command.
mls qos exp-mutation exp-mutation-table-name
no mls qos exp-mutation
Syntax Description
exp-mutation-table-name |
Name of the egress-EXP mutation table. |
Command Default
No table is defined.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to attach the egress-exp mutation map named mutemap2:
Router(config-if)# mls qos exp-mutation mutemap2
Router(config-if)#
Related Commands
|
|
---|---|
Defines a named DSCP mutation map. |
|
Displays an interface summary for MPLS QoS classes in the policy maps. |
mls qos loopback
To remove a router port from the SVI flood for VLANs that are carried through by the loopback cable, use the mls qos loopback command. To return to the default settings, use the no form of this command.
mls qos loopback
no mls qos loopback
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
With mls qos loopback applied at the interface, the packets are not forwarded to the destination.
Before you enter the mls qos loopback command, you must specify a MAC address for the OSM interface. The MAC address must be different from the LAN router MAC address that is used in PFC2 hardware switching.
Examples
This example shows how to prevent packets from being forwarded to the destination:
Router (config-if)# mls qos loopback
Router (config-if)#
mls qos map cos-dscp
To define the ingress CoS-to-DSCP map for trusted interfaces, use the mls qos map cos-dscp command. To remove a prior entry, use the no form of this command.
mls qos map cos-dscp values
no mls qos map cos-dscp
Syntax Description
values |
Eight DSCP values, separated by spaces, corresponding to the CoS values; valid values are from 0 to 63. |
Command Modes
The default CoS-to-DSCP configuration is listed in Table 2-16.
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
|
0 |
8 |
16 |
24 |
32 |
40 |
48 |
56 |
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The CoS-to-DSCP map is used to map the CoS of packets arriving on trusted interfaces (or flows) to a DSCP where the trust type is trust-cos. This map is a table of eight CoS values (0 through 7) and their corresponding DSCP values. The Catalyst 6500 series switch has one map.
Examples
This example shows how to configure the ingress CoS-to-DSCP map for trusted interfaces:
Router(config)# mls qos map cos-dscp 20 30 1 43 63 12 13 8
Router(config)#
Related Commands
mls qos map cos-mutation
To map a packet's CoS to a new CoS value, use the mls qos map cos-mutation command. To remove the map, use the no form of this command.
mls qos map cos-mutation name mutated_cos1 mutated_cos2 mutated_cos3 mutated_cos4 mutated_cos5 mutated_cos6 mutated_cos7 mutated_cos8
no mls qos map cos-mutation name
Syntax Description
name |
Name of the CoS map. |
mutated_cos1 ... mutated_cos8 |
Eight CoS out values, separated by spaces; valid values are from 0 to 7. See the "Usage Guidelines" section for additional information. |
Command Modes
If the CoS-to-CoS mutation map is not configured, the default CoS-to-CoS mutation mapping is listed in Table 2-17.
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
This command is supported on Catalyst 6500 series switches that are configured with the following modules only:
•WS-X6704-10GE
•WS-X6724-SFP
•WS-X6748-GE-TX
CoS mutation is not supported on non-802.1Q tunnel ports.
When you enter the mls qos map cos-mutation command, you are configuring the mutated-CoS values map to sequential ingress-CoS numbers. For example, by entering the mls qos map cos-mutation 2 3 4 5 6 7 0 1 command, you configure this map:
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
|
2 |
3 |
4 |
5 |
6 |
7 |
0 |
1 |
Separate the eight CoS values by a space.
After you define the map in global configuration mode, you can attach the map to a port.
If QoS is disabled, the port is not in a trust CoS mode, and the port is not in 802.1Q tunneling mode. The changes appear once you put the port into trust CoS mode and the port is configured as an 802.1Q tunnel port.
Support for ingress-CoS mutation on 802.1Q tunnel ports and is on a per-port group basis only.
To avoid ingress-CoS mutation configuration failures, only create EtherChannels where all member ports support ingress-CoS mutation or where no member ports support ingress-CoS mutation. Do not create EtherChannels with mixed support for ingress-CoS mutation.
If you configure ingress-CoS mutation on a port that is a member of an EtherChannel, the ingress-CoS mutation is applied to the port-channel interface.
You can configure ingress-CoS mutation on port-channel interfaces.
Examples
This example shows how to define a CoS-to-CoS map:
Router(config)# mls qos map cos-mutation test-map 5 4 3 to 1
Router(config)#
Related Commands
|
|
---|---|
Displays information about the QoS map configuration and run-time version. |
mls qos map dscp-cos
To define an egress DSCP-to-CoS map, use the mls qos map dscp-cos command. To remove a prior entry, use the no form of this command.
mls qos map dscp-cos dscp-values to cos-values
no mls qos map dscp-cos
Syntax Description
dscp-values |
DSCP values; valid values are from 0 to 63. |
to |
Defines mapping. |
cos-values |
CoS values; valid values are from 0 to 63. |
Command Modes
The default DSCP-to-CoS map is listed in Table 2-18.
|
0-7 |
8-15 |
16-23 |
24-31 |
32-39 |
40-47 |
48-55 |
56-63 |
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The DSCP-to-CoS map is used to map the final DSCP classification to a final CoS. This final map determines the output queue and threshold to which the packet is assigned. The CoS map is written into the ISL header or 802.1Q tag of the transmitted packet on trunk interfaces and contains a table of 64 DSCP values and the corresponding CoS values. The Catalyst 6500 series switch has one map.
You can enter up to eight DSCP values separated by a space. You can enter up to eight CoS values separated by a space.
Examples
This example shows how to configure the egress DSCP-to-CoS map for trusted interfaces:
Router(config)# mls qos map dscp-cos 20 25 to 3
Router(config)#
Related Commands
|
|
---|---|
Defines the ingress CoS-to-DSCP map for trusted interfaces. |
|
Displays information about the QoS map configuration and run-time version. |
mls qos map dscp-exp
To define the final DSCP classification to the final EXP value, use the mls qos map dscp-exp command. To remove a prior entry, use the no form of this command.
mls qos map dscp-exp dscp-values to exp-values
no mls qos map dscp-exp
Syntax Description
dscp-values |
DSCP values; valid values are from 0 to 63. |
to |
Defines mapping. |
exp-values |
EXP values; valid values are from 0 to 7. |
Command Modes
The default DSCP-to-EXP map is listed in Table 2-19.
|
0-7 |
8-15 |
16-23 |
24-31 |
32-39 |
40-47 |
48-55 |
56-63 |
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The DSCP-to-EXP map is used to map the final DSCP classification to a final EXP. This final map determines the output queue and threshold to which the packet is assigned. The EXP map contains a table of 64 DSCP values and the corresponding EXP values. The Catalyst 6500 series switch has one map.
You can enter up to eight DSCP values separated by a space. You can enter up to eight EXP values separated by a space.
Examples
This example shows how to configure the final DSCP classification to a final EXP value:
Router(config)# mls qos map dscp-exp 20 25 to 3
Router(config)#
Related Commands
|
|
---|---|
Displays information about the QoS map configuration and run-time version. |
mls qos map dscp-mutation
To define a named DSCP mutation map, use the mls qos map dscp-mutation command. To return to the default mapping, use the no form of this command.
mls qos map dscp-mutation map-name input-dscp1 [input-dscp2 [input-dscp3 [input-dscp4 [input-dscp5 [input-dscp6 [input-dscp7 [input-dscp8]]]]]]] to output-dscp
no mls qos map dscp-mutation map-name
Syntax Description
Command Default
output-dscp equals input-dscp.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
When configuring a named DSCP mutation map, note the following:
•You can enter up to eight input DSCP values that map to a mutated DSCP value.
•You can enter multiple commands to map additional DSCP values to a mutated DSCP value.
•You can enter a separate command for each mutated DSCP value.
You can configure 15 egress-DSCP mutation maps to mutate the internal DSCP value before it is written as the egress-DSCP value. You can attach egress-DSCP mutation maps to any interface that PFC QoS supports.
PFC QoS derives the egress-CoS value from the internal DSCP value. If you configure egress-DSCP mutation, PFC QoS does not derive the egress-CoS value from the mutated DSCP value.
Examples
This example shows how to map DSCP 30 to mutated DSCP value 8:
Router(config)# mls qos map dscp-mutation mutemap1 30 to 8
Router(config)#
Related Commands
|
|
---|---|
Displays information about the QoS map configuration and run-time version. |
mls qos map exp-dscp
To define the ingress EXP value to the internal DSCP map, use the mls qos map exp-dscp command. To return to the default mappings, use the no form of this command.
mls qos map exp-dscp dscp-values
no mls qos map exp-dscp
Syntax Description
dscp-values |
Interval DSCP values; valid values are from 0 to 63. |
Command Default
The default EXP-to-DSCP map is listed in Table 2-20.
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
|
0 |
8 |
16 |
24 |
32 |
40 |
48 |
56 |
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The DSCP in these maps refers to the internal DSCP, not the packet DSCP.
The EXP-to-DSCP map is used to map the received EXP value to the internal DSCP map. This final map determines the output queue and threshold to which the packet is assigned. The EXP map contains a table of 64 DSCP values and the corresponding EXP values. The Catalyst 6500 series switch has one map.
You can enter up to eight DSCP values separated by a space.
Examples
This example shows how to configure the received EXP value to an internal DSCP value:
Router(config)# mls qos map exp-dscp 20 25 30 31 32 32 33 34
Router(config)#
Related Commands
|
|
---|---|
Maps a packet's EXP to a new EXP value. |
|
Displays an interface summary for MPLS QoS classes in the policy maps. |
mls qos map exp-mutation
To map a packet's EXP to a new EXP value, use the mls qos map exp-mutation command. To return to the default mappings, use the no form of this command.
mls qos map exp-mutation map-name mutated-exp1 mutated-exp2 mutated-exp3 mutated-exp4 mutated-exp5 mutated-exp6 mutated-exp7 mutated-exp8
no mls qos map exp-mutation map-name
Syntax Description
map-name |
Name of the EXP-mutation map. |
mutated-exp# |
Eight EXP values, separated by spaces; valid values are from 0 to 7. See the "Usage Guidelines" section for additional information. |
Command Default
If the EXP-to-EXP mutation map is not configured, the default EXP-to-EXP mutation mapping is listed in Table 2-21.
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
When you enter the mls qos map exp-mutation command, you are configuring the mutated-EXP values map to the sequential EXP numbers. For example, by entering the mls qos map exp-mutation 2 3 4 5 6 7 0 1 command, you configure this map:
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
|
2 |
3 |
4 |
5 |
6 |
7 |
0 |
1 |
Separate the eight EXP values by a space.
After you define the map in global configuration mode, you can attach the map to a port.
You can configure 15 ingress-EXP mutation maps to mutate the internal EXP value before it is written as the ingress-EXP value. You can attach ingress-EXP mutation maps to any interface that PFC QoS supports.
The PFC QoS derives the egress EXP value from the internal DSCP value. If you configure ingress-EXP mutation, PFC QoS does not derive the ingress-EXP value from the mutated EXP value.
Examples
This example shows how to map a packet's EXP to a new EXP value:
Router(config)# mls qos map exp-mutation mutemap1 1 2 3 4 5 6 7 0
Router(config)#
Related Commands
|
|
---|---|
Defines the ingress EXP value to the internal DSCP map. |
|
Displays an interface summary for MPLS QoS classes in the policy maps. |
mls qos map ip-prec-dscp
To define an ingress-IP precedence-to-DSCP map for trusted interfaces, use the mls qos map ip-prec-dscp command. To remove a prior entry, use the no form of this command.
mls qos map ip-prec-dscp dscp-values
no mls qos map ip-prec-dscp
Syntax Description
dscp-values |
DSCP values corresponding to IP precedence values 0 to 7; valid values are from 0 to 63. |
Command Default
The default IP precedence-to-DSCP configuration is listed in Table 2-22.
|
0 |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
|
0 |
8 |
16 |
24 |
32 |
40 |
48 |
56 |
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Use this command to map the IP precedence of IP packets arriving on trusted interfaces (or flows) to a DSCP when the trust type is trust-ipprec.
You can enter up to eight DSCP values separated by a space.
This map is a table of eight precedence values (0 through 7) and their corresponding DSCP values. The Catalyst 6500 series switch has one map. The IP precedence values are as follows:
•network 7
•internet 6
•critical 5
•flash-override 4
•flash 3
•immediate 2
•priority 1
•routine 0
Examples
This example shows how to configure the ingress-IP precedence-to-DSCP mapping for trusted interfaces:
Router(config)# mls qos map ip-prec-dscp 20 30 1 43 63 12 13 8
Router(config)#
Related Commands
mls qos map policed-dscp
To configure the DSCP markdown map, use the mls qos map policed-dscp command. To remove a prior entry, use the no form of this command.
mls qos map policed-dscp {normal-burst | max-burst} dscp1 [dscp2 [dscp3 [dscp4 [dscp5 [dscp6 [dscp7 [dscp8]]]]]]] to policed-dscp
no mls qos map policed-dscp
Syntax Description
Command Default
No marked-down values are configured.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The DSCP-to-policed-DSCP map determines the marked-down DSCP value that is applied to out-of-profile flows. The Catalyst 6500 series switch has one map.
You can enter up to eight DSCP values separated by a space.
You can enter up to eight policed DSCP values separated by a space.
Note To avoid out-of-sequence packets, configure the DSCP-to-policed-DSCP map so that marked-down packets remain in the same queue as the in-profile traffic.
Examples
This example shows how to map multiple DSCPs to a single policed-DSCP value:
Router(config)# mls qos map policed-dscp normal-burst 20 25 43 to 4
Router(config)#
Related Commands
mls qos marking ignore port-trust
To mark packets even if the interface is trusted, use the mls qos marking ignore port-trust command. To return to the default settings, use the no form of this command.
mls qos marking ignore port-trust
no mls qos marking ignore port-trust
Syntax Description
This command has no arguments or keywords.
Command Default
Port trust is enabled.
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Use the mls qos marking ignore port-trust command to mark packets even if the interface is trusted.
Examples
This example shows how to mark packets even if the interface is trusted:
Router(config)# mls qos marking ignore port-trust
Router(config)#
This example shows how to enable port trust:
Router(config)# no mls qos marking ignore port-trust
Router(config)#
Related Commands
mls qos marking statistics
To disable allocation of the policer-traffic class identification with set actions, use the mls qos marking statistics command. To return to the default settings, use the no form of this command.
mls qos marking statistics
no mls qos marking statistics
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Use the show policy-map interface command to display policy-map statistics.
Examples
This example shows how to disable the allocation of the policer-traffic class identification with set actions:
Router(config)# mls qos marking statistics
Router(config)#
This example shows how to allow the allocation of the policer-traffic class identification with set actions:
Router(config)# no mls qos marking statistics
Router(config)#
Related Commands
|
|
---|---|
Displays the statistics and the configurations of the input and output policies that are attached to an interface. |
mls qos mpls trust exp
To set the trusted state of MPLS packets only, use the mls qos mpls trust exp command. To set the trusted state of MPLS packets to untrusted, use the no form of this command.
mls qos mpls trust exp
no qos mpls trust exp
Syntax Description
This command has no arguments or keywords.
Command Default
With the trusted state enabled, the defaults are as follows:
•Untrusted—The packets are marked to 0 or by policy.
•trust-cos.
With the trusted state disabled, the defaults are as follows:
•trust-exp—The port/policy trust state is ignored.
•The packets are marked by policy.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
You can enter the mls qos mpls trust exp command to treat MPLS packets as other Layer 2 packets for CoS and egress queueing purposes (for example, to apply port or policy trust). All trusted cases (trust CoS/IP/DSCP) are treated as trust-cos.
Examples
This example shows how to set the trusted state of MPLS packets to trust-cos:
Router(config-if)# mls qos mpls trust exp
Router(config-if)#
This example shows how to set the trusted state of MPLS packets to untrusted:
Router(config-if)# no mls qos mpls trust exp
Router(config-if)#
Related Commands
|
|
---|---|
Displays an interface summary for MPLS QoS classes in the policy maps. |
mls qos police redirected
To turn on ACL-redirected packet policing, use the mls qos police redirected command. To turn off policing of ACL-redirected packets, use the no form of this command.
mls qos police redirected
no mls qos police redirected
Syntax Description
This command has no arguments or keywords.
Command Default
Enabled
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Use the no mls qos police redirected command whenever you require NDE accuracy (if you do not require QoS-redirected packets).
Examples
This example shows how to turn on the ACL-redirected packet policing:
Router(config)# mls qos police redirected
Router(config)#
This example shows how to turn off the ACL-redirected packet policing:
Router(config)# no mls qos police redirected
Router(config)#
Related Commands
|
|
---|---|
show platform earl-mode |
Displays platform information. |
mls qos protocol
To define the routing-protocol packet policing, use the mls qos protocol command. To return to the default settings, use the no form of this command.
mls qos protocol protocol-name {pass-through | {police rate burst} | {precedence value [police rate burst]}}
no mls qos protocol
Syntax Description
Command Modes
The defaults are as follows:
•burst is 1000 bits per second.
•If QoS is enabled, DSCP is rewritten to zero.
•If QoS is disabled, the port is in a pass-through mode (no marking or policing is applied).
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
If you enter the precedence value keyword and arguments without entering the police rate burst keyword and arguments, only the packets from an untrusted port are marked.
You can make the protocol packets avoid the per-interface policy maps by entering the police rate, pass-through, or precedence value keywords and arguments.
The mls qos protocol command allows you to define the routing-protocol packet policing as follows:
•When you specify the pass-through mode, the DSCP value does not change and is not policed.
•When you set the police rate, the DSCP value does not change and is policed.
•When you specify the precedence value, the DSCP value changes for the packets that come from an untrusted port, the CoS value that is based on DSCP-to-CoS map changes, and the traffic is not policed.
•When you specify the precedence value and the police rate, the DSCP value changes, the CoS value that is based on DSCP-to-CoS map changes, and the DSCP value is policed. In this case, the DSCP value changes are based on the trust state of the port; the DSCP value is changed only for the packets that come from an untrusted port.
•If you do not enter a precedence value, the DSCP value is based on whether or not you have enabled MLS QoS as follows:
–If you enabled MLS QoS and the port is untrusted, the internal DSCP value is overwritten to zero.
–If you enabled MLS QoS and the port is trusted, then the incoming DSCP value is maintained.
You can make the protocol packets avoid policing completely if you choose the pass-through mode. If the police mode is chosen, the CIR specified is the rate that is used to police all the specified protocol's packets, both entering or leaving the Catalyst 6500 series switch.
To protect the system by ARP broadcast, you can enter the mls qos protocol arp police bps command.
Examples
This example shows how to define the routing-protocol packet policing:
Router(config)# mls qos protocol arp police 43000
Router(config)#
This example shows how to avoid policing completely:
Router(config)# mls qos protocol arp pass-through 43000
Router(config)#
This example shows how to define the IP-precedence value of the protocol packets to rewrite:
Router(config)# mls qos protocol bgp precedence 4
Router(config)#
This example shows how to define the IP-precedence value of the protocol packets to rewrite and police the DSCP value:
Router(config)# mls qos protocol bgp precedence 4 police 32000
Router(config)#
Related Commands
|
|
---|---|
Displays the protocol pass-through information. |
mls qos queueing-only
To enable port-queueing mode, use the mls qos queueing-only command. To disable the port-queueing mode, use the no form of this command.
mls qos queueing-only
no mls qos queueing-only
Syntax Description
This command has no arguments or keywords.
Command Default
QoS is globally disabled.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
In port-queueing mode, PFC QoS (marking and policing) is disabled, and packet ToS and CoS are not changed by the PFC. All queueing on rcv and xmt is based on a QoS tag in the incoming packet, which is based on the incoming CoS.
For 802.1Q or ISL-encapsulated port links, queueing is based on the packet 802.1Q or ISL CoS.
For router main interfaces or access ports, queueing is based on the configured per-port CoS (the default CoS is 0).
Examples
This example shows how to enable the port-queueing mode globally:
Router(config)# mls qos queueing-only
Router(config)#
This example shows how to disable the port-queueing mode globally:
Router(config)# no mls qos queueing-only
Router(config)#
Related Commands
|
|
---|---|
Enables the QoS functionality globally. |
|
Displays MLS QoS information. |
mls qos queue-mode mode-dscp
To set the queueing mode to DSCP on an interface, use the mls qos queue-mode mode-dscp command. To return to the default settings, use the no form of this command.
mls qos queue-mode mode-dscp
no mls qos queue-mode mode-dscp
Syntax Description
This command has no arguments or keywords.
Command Default
CoS mode.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
This command is supported on 10-Gigabit Ethernet ports only.
You should configure ports to trust DSCP only if they receive traffic that carries valid Layer 3 DSCP.
You can enable DSCP-based ingress queues and thresholds on WS-X6708-10GE ports to provide congestion avoidance.
For traffic from trust DSCP ports, PFC QoS uses the received DSCP value as the initial internal DSCP value. PFC QoS does not mark any traffic on ingress ports configured to trust received DSCP.
Examples
This example shows how to set the queueing mode to DSCP on an interface:
Router(config-if)# mls qos queue-mode mode-dscp
Router(config-if)#
Related Commands
|
|
---|---|
Allocates the available buffer space to a queue. |
|
Displays MLS QoS information. |
mls qos rewrite ip dscp
To enable ToS-to-DSCP rewrite, use the mls qos rewrite ip dscp command. To disable ToS-to-DSCP rewrite, use the no form of this command.
mls qos rewrite ip dscp
no mls qos rewrite ip dscp
Syntax Description
This command has no arguments or keywords.
Command Default
QoS is globally disabled.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
If you disable ToS-to-DSCP rewrite, and QoS is enabled globally, the following occurs:
•Final ToS-to-DSCP rewrite is disabled, and the ToS-to-DSCP packet is preserved.
•Policing and marking function according to the QoS configuration.
•Marked and marked-down CoS is used for queueing.
•In QoS disabled mode, both ToS and CoS are preserved.
The no mls qos rewrite ip dscp command is incompatible with MPLS. The default mls qos rewrite ip dscp command must remain enabled in order for the PFC3BXL or PFC3B to assign the correct EXP value for the labels that it imposes.
Examples
This example shows how to disable ToS-to-DSCP rewrite:
Router(config)# mls qos rewrite ip dscp
Router(config)#
This example shows how to disable port-queueing mode globally:
Router(config)# no mls qos rewrite ip dscp
Router(config)#
Related Commands
|
|
---|---|
Enables the QoS functionality globally. |
|
Displays MLS QoS information. |
mls qos statistics-export (global configuration mode)
To enable QoS-statistics data export globally, use the mls qos statistics-export command. To disable QoS-statistics data export globally, use the no form of this command.
mls qos statistics-export
no mls qos statistics-export
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
You must enable data export globally to set up data export on your Catalyst 6500 series switch.
QoS-statistics data export is not supported on OSM interfaces.
For QoS-statistics data export to perform correctly, you should set the export-destination hostname or IP address and the UDP port number.
Examples
This example shows how to enable data export globally:
Router(config)# mls qos statistics-export
Router(config)#
This example shows how to disable data export globally:
Router(config)# no mls qos statistics-export
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS-statistics data-export status and configuration. |
mls qos statistics-export (interface configuration mode)
To enable per-port QoS-statistics data export, use the mls qos statistics-export command. To disable per-port QoS-statistics data export, use the no form of this command.
mls qos statistics-export
no mls qos statistics-export
Syntax Description
This command has no arguments or keywords.
Command Modes
Disabled
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
You must enable data export on the port and globally to set up data export on your Catalyst 6500 series switch.
For QoS-statistics data export to perform correctly, you should set the export-destination hostname or IP address and the UDP port number.
QoS-statistics data is exported using delimiter-separated fields. You can set the delimiter by entering the mls qos statistics-export delimiter command.
Port statistics are exported; port QoS statistics are not exported. For each data export-enabled port, the following information is exported:
•Type (1 denotes the type of port)
•Module/port
•In packets (cumulated hardware-counter values)
•In bytes (cumulated hardware-counter values)
•Out packets (cumulated hardware-counter values)
•Out bytes (cumulated hardware-counter values)
•Time stamp (time in seconds since January 1, 1970 UTC relative)
For example, if you have QoS-statistics data export that is enabled on FastEthernet4/5, the exported records could be (in this example, the delimiter is a | [pipe]) as follows:
|1|4/5|123|80|12500|6800|982361894|
Examples
This example shows how to enable QoS-statistics data export:
Router(config-if)# mls qos statistics-export
Router(config-if)#
This example shows how to disable QoS-statistics data export:
Router(config-if)# no mls qos statistics-export
Router(config-if)#
Related Commands
|
|
---|---|
Sets the QoS-statistics data-export field delimiter. |
|
Displays information about the MLS-statistics data-export status and configuration. |
mls qos statistics-export aggregate-policer
To enable QoS-statistics data export on the named aggregate policer, use the mls qos statistics-export aggregate-policer command. To disable QoS-statistics data export on the named aggregate policer, use the no form of this command.
mls qos statistics-export aggregate-policer policer-name
no mls qos statistics-export aggregate-policer policer-name
Syntax Description
policer-name |
Name of the policer. |
Command Modes
Disabled for all shared aggregate policers
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
You must enable data export on the shared aggregate policer and globally to set up data export on your Catalyst 6500 series switch.
QoS-statistics data is exported using delimiter-separated fields. You can set the delimiter by entering the mls qos statistics-export delimiter command.
For each data export-enabled shared aggregate or named policer, statistics data per policer per EARL is exported. For each data export-enabled shared aggregate or named policer, the following information is exported:
•Type (3 denotes aggregate policer export type)
•Aggregate name
•Direction (in or out)
•EARL identification
•Accepted packets (cumulated hardware-counter values)
•Exceeded normal-rate packets (cumulated hardware-counter values)
•Exceeded excess-rate packets (cumulated hardware-counter values)
•Time stamp (time in seconds since January 1, 1970 UTC relative)
If a shared aggregate policer is attached to policies in both directions, two records are exported (one in each direction). Each record will contain the same counter values for accepted packets, exceeded normal packet rates, and exceeded excess packet rates.
For example, the exported records could be as follows (in this example, the delimiter is a | [pipe]):
|3|agg_1|in|1|45543|2345|982361894|
|3|agg_1|in|3|45543|2345|982361894|
This example indicates the following information:
•QoS-statistics data export that is enabled on the shared aggregate policer named "aggr_1"
•An EARL in the supervisor engine that is installed in slot 1
•An EARL that is installed in slot 3
Examples
This example shows how to enable per-shared aggregate or named-policer data export:
Router(config)# mls qos statistics-export aggregate-policer aggr1M
Router(config)#
Related Commands
|
|
---|---|
Sets the QoS-statistics data-export field delimiter. |
|
Displays information about the MLS-statistics data-export status and configuration. |
mls qos statistics-export class-map
To enable QoS-statistics data export for a class map, use the mls qos statistics-export class-map command. To disable QoS-statistics data export for a class map, use the no form of this command.
mls qos statistics-export class-map classmap-name
no mls qos statistics-export class-map classmap-name
Syntax Description
classmap-name |
Name of the class map. |
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
You must enable data export on the class map and globally to set up data export on your Catalyst 6500 series switch.
QoS-statistics data is exported using delimiter-separated fields. You can set the delimiter by entering the mls qos statistics-export delimiter command.
For each data export-enabled class map, the statistics data per policer per interface is exported. If the interface is a physical interface, the following information is exported:
•Type (4 denotes a class map physical export)
•Class map name
•Direction (in or out)
•Module/port
•Accepted packets (cumulated hardware-counter values)
•Exceeded normal-rate packets (cumulated hardware-counter values)
•Exceeded excess-rate packets (cumulated hardware-ounter values)
•Time stamp (time in seconds since January 1, 1970 UTC relative)
If the interface is a Catalyst 6500 series switch VLAN, the following information is exported:
•Type (5 denotes class-map VLAN export)
•Class-map name
•Direction (in or out)
•EARL identification (slot number in which the EARL is installed)
•VLAN number
•Accepted packets (cumulated hardware-counter values)
•Exceeded normal-rate packets (cumulated hardware-counter values)
•Exceeded excess-rate packets (cumulated hardware-counter values)
•Time stamp (time in seconds since January 1, 1970 UTC relative)
If the interface is a Catalyst 6500 series switch port channel, the following information is exported:
•Type (6 denotes class-map port-channel export)
•Class-map name
•Direction (in or out)
•EARL identification (slot number in which the EARL is installed)
•Port-channel number
•Accepted packets (cumulated hardware-counter values)
•Exceeded normal-rate packets (cumulated hardware-counter values)
•Exceeded excess-rate packets (cumulated hardware-counter values)
•Time stamp (time in seconds since January 1, 1970 UTC relative)
For example, if you have the following configuration:
•QoS-statistics data export enabled on the class map named "class_1"
•An EARL in the supervisor engine that is installed in slot 1
•An EARL that is installed in slot 3
•The Catalyst 6500 series switch is in the policy map named "policy_1"
•policy_1 is attached to the following interfaces in the ingress direction:
–FastEthernet4/5
–VLAN 100
–Port-channel 24
The exported records could be (in this example, the delimiter is a | [pipe]) as follows:
|4|class_1|in|4/5|45543|2345|2345|982361894|
|5|class_1|in|1|100|44000|3554|36678|982361894|
|5|class_1|in|3|100|30234|1575|1575|982361894|
Examples
This example shows how to enable QoS-statistics data export for a class map:
Router(config)# mls qos statistics-export class-map class3
Router(config)#
Related Commands
|
|
---|---|
Sets the QoS-statistics data-export field delimiter. |
|
Displays information about the MLS-statistics data-export status and configuration. |
mls qos statistics-export delimiter
To set the QoS-statistics data-export field delimiter, use the mls qos statistics-export delimiter command. To return to the default settings, use the no form of this command.
mls qos statistics-export delimiter
no mls qos statistics-export delimiter
Syntax Description
This command has no arguments or keywords.
Command Default
The default delimiter is the pipe character (|).
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
You must enable data export globally to set up data export on your Catalyst 6500 series switch.
Examples
This example shows how to set the QoS-statistics data-export field delimiter (a comma) and verify the configuration:
Router(config)# mls qos statistics-export delimiter ,
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS-statistics data-export status and configuration. |
mls qos statistics-export destination
To configure the QoS-statistics data-export destination host and UDP port number, use the mls qos statistics-export destination command. To return to the default settings, use the no form of this command.
mls qos statistics-export destination {host-name | host-ip-address} {{port port-number} | syslog} [facility facility-name] [severity severity-value]
Syntax Description
Command Default
The default is none unless syslog is specified. If syslog is specified, the defaults are as follows:
•port is 514.
•facility is local6.
•severity is debug.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
Valid facility values are as follows:
•authorization—Security/authorization messages
•cron—Clock daemon
•daemon—System daemon
•kernel—Kernel messages
•local0—Local use 0
•local1—Local use 1
•local2—Local use 2
•local3—Local use 3
•local4—Local use 4
•local5—Local use 5
•local6—Local use 6
•local7—Local use 7
•lpr—Line printer subsystem
•mail—Mail system
•news—Network news subsystem
•syslog—Messages that are generated internally by syslogd
•user—User-level messages
•uucp—UUCP subsystem
Valid severity levels are as follows:
•alert—Action must be taken immediately
•critical—Critical conditions
•debug—Debug-level messages
•emergency—System is unusable
•error—Error conditions
•informational—Informational
•notice—Normal but significant conditions
•warning—Warning conditions
Examples
This example shows how to specify the destination host address and syslog as the UDP port number:
Router(config)# mls qos statistics-export destination 172.20.52.3 syslog
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS-statistics data-export status and configuration. |
mls qos statistics-export interval
To specify how often a port and/or aggregate-policer QoS-statistics data is read and exported, use the mls qos statistics-export interval command. To return to the default settings, use the no form of this command.
mls qos statistics-export interval interval
no mls qos statistics-export interval
Syntax Description
interval |
Export time; valid values are from 30 to 65535 seconds. |
Command Default
300 seconds
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
QoS-statistics data export is not supported on OSM interfaces.
The interval needs to be short enough to avoid counter wraparound with the activity in your configuration.
Examples
This example shows how to set the QoS-statistics data-export interval:
Router(config)# mls qos statistics-export interval 250
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS-statistics data-export status and configuration. |
mls qos trust
To set the trusted state of an interface, use the mls qos trust command. To set an interface to the untrusted state, use the no form of this command.
mls qos trust [cos | dscp | ip-precedence]
no mls qos trust
Syntax Description
Command Default
The defaults for LAN interfaces and WAN interfaces on the OSMs are as follows:
•If you enable global QoS, the port is untrusted.
•If you disable global QoS, the default is dscp.
•If you do not enter an argument, trust dscp is assumed.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
You can enter the mls qos trust command to set the trusted state of an interface. For example, you can set whether the packets arriving at an interface are trusted to carry the correct CoS, ToS, and DSCP classifications.
The cos keyword is not supported for pos or atm interface types.
You cannot configure the trust state on FlexWAN modules.
You cannot configure the trust state on 1q4t LAN ports except for Gigabit Ethernet ports.
Ingress-queue drop thresholds are not implemented when you enter the mls qos trust cos command on 4-port Gigabit Ethernet WAN modules.
Use the set qos-group command to set the trust state on Layer 2 WAN interfaces.
Examples
This example shows how to set the trusted state of an interface to IP precedence:
Router(config-if)# mls qos trust ip-precedence
Router(config-if)#
Related Commands
mls qos trust extend
To configure the trust mode of the phone, use the mls qos trust extend command. To return to the default settings, use the no form of this command.
mls qos trust extend [cos value]
no mls qos trust extend
Syntax Description
cos value |
(Optional) Specifies the CoS value that is used to remark the packets from the PC; valid values are from 0 to 7. |
Command Default
The default settings are as follows:
•Mode is untrusted.
•cos value is 0.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
This command is not supported on WAN modules.
If you set the phone to trusted mode, all the packets from the PC are sent untouched directly through the phone to the Catalyst 6500 series switch. If you set the phone to untrusted mode, all the traffic coming from the PC are remarked with the configured CoS value before being sent to the Catalyst 6500 series switch.
Each time that you enter the mls qos trust extend command, the mode is changed. For example, if the mode was previously set to trusted, if you enter the command, the mode changes to untrusted. Enter the show queueing interface command to display the current trust mode.
Examples
This example shows how to set the phone that is attached to the switch port in trust mode:
Router(config-if)# interface fastethernet5/1
Router(config-if)# mls qos trust extend
Router(config-if)#
This example shows how to change the mode to untrusted and set the remark CoS value to 3:
Router(config-if)# interface fastethernet5/1
Router(config-if)# mls qos trust extend cos 3
Router(config-if)#
This example shows how to set the configuration to the default mode:
Router(config-if)# interface fastethernet5/1
Router(config-if)# no mls qos trust extend
Router(config-if)#
Related Commands
|
|
---|---|
Displays queueing information. |
mls qos vlan-based
To enable per-VLAN QoS for a Layer 2 interface, use the mls qos vlan-based command. To disable per-VLAN QoS for a Layer 2 interface, use the no form of this command.
mls qos vlan-based
no mls qos vlan-based
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
This command is supported on switch-port and port-channel interfaces only.
In VLAN-based mode, the policy map that is attached to the Layer 2 interface is ignored, and QoS is driven by the policy map that is attached to the corresponding VLAN interface.
You can configure per-VLAN QoS only on Layer 2 interfaces.
Note Layer 3 interfaces are always in interface-based mode. Layer 3 VLAN interfaces are always in VLAN-based mode.
Examples
This example shows how to enable per-VLAN QoS for a Layer 2 interface:
Router(config-if)# mls qos vlan-based
Router(config-if)#
Related Commands
|
|
---|---|
Enables the microflow policing for bridged traffic on Layer 3 LAN interfaces. |
|
Defines the default CoS value for an interface. |
|
Displays queueing information. |
mls rate-limit all
To enable and set the rate limiters common to unicast and multicast packets, use the mls rate-limit all command. To disable the rate limiters, use the no form of this command.
mls rate-limit all {mtu-failure | ttl-failure} pps [packets-in-burst]
no mls rate-limit all {mtu-failure | ttl-failure}
Syntax Description
Command Default
The Layer 2 rate limiters are off by default. If you enable and set the rate limiters, the default packets-in-burst is 10.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Rate limiters can rate limit packets that are punted from the data path in the hardware up to the data path in the software. Rate limiters protect the control path in the software from congestion by dropping the traffic that exceeds the configured rate.
Examples
This example shows how to set the TTL-failure limiter for unicast and multicast packets:
Router(config)# mls rate-limit all ttl-failure 15
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS rate limiter. |
mls rate-limit layer2
To enable and rate limit the control packets in Layer 2, use the mls rate-limit layer2 command. To disable the rate limiter in the hardware, use the no form of this command.
mls rate-limit layer2 {pdu | l2pt | port-security} pps [packets-in-burst]
no mls rate-limit layer2 [pdu | l2pt | port-security]
Syntax Description
Command Default
The default settings are as follows:
•Layer 2 rate limiters are off by default.
•If you enable and set the rate limiters, the default setting for packets-in-burst is 10 and pps has no default setting.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
You cannot configure the Layer 2 rate limiters if the global switching mode is set to truncated mode.
For the port-security pps keywords and argument, use the following guidelines:
•The PFC2 does not support the port-security rate limiter.
•The truncated switching mode does not support the port-security rate limiter.
•The lower the value, the more the CPU is protected.
Rate limiters control packets as follows:
•The frames are classified as Layer 2 control frames by the destination MAC address. The destination MAC address used are as follows:
–0180.C200.0000 for IEEE BPDU
–0100.0CCC.CCCC for CDP
–0100.0CCC.CCCD for PVST/SSTP BPDU
•The software allocates an LTL index for the frames.
•The LTL index is submitted to the forwarding engine for aggregate rate limiting of all the associated frames.
The Layer 2 control packets are as follows:
•GVRP
•BPDUs
•CDP/DTP/PAgP/UDLD/LACP/VTP PDUs
•PVST/SSTP PDUs
If the rate of the traffic exceeds the configured rate, the excessive packets are dropped at the hardware.
The pdu and l2pt rate limiters use specific hardware rate-limiter numbers only, such as 9 through 12. Enter the show mls rate-limit usage command to display the available rate-limiter numbers. The available numbers are displayed as "Free" in the output field. If all four rate limiters are in use by other features, a system message is displayed telling you to turn off a feature to rate limit the control packets in Layer 2.
When a MAC move occurs and a packet is seen on two ports, the packet is redirected to the software. If one of those ports has the violation mode set to restrict or protect, the packet is dropped in software. You can use the port-security rate limiter to throttle the amount of such packets redirected to software . This helps in protecting the software from high traffic rates.
Examples
This example shows how to enable and set the rate limiters for the protocol-tunneling packets in Layer 2:
Router(config)# mls rate-limit layer2 l2pt 3000
Router(config)#
This example shows how to configure the port-security rate limiter:
Router(config)# mls rate-limit layer2 port-security 500
Router(config)# end
Related Commands
|
|
---|---|
Displays information about the MLS rate limiter. |
mls rate-limit multicast ipv4
To enable and set the rate limiters for the IPv4 multicast packets, use the mls rate-limit multicast ipv4 command. To disable the rate limiters, use the no form of this command.
mls rate-limit multicast ipv4 {connected | fib-miss | igmp | ip-option | partial | non-rpf} pps [packets-in-burst]
no mls rate-limit multicast ipv4 {connected | fib-miss | igmp | ip-option | partial | non-rpf}
Syntax Description
Command Default
The defaults are as follows:
•If the packets-in-burst is not set, a default of 100 is programmed for multicast cases.
•fib-miss—Enabled at 100000 pps and packet-in-burst is set to 100.
•ip-option—Disabled.
•partial—Enabled at 100000 pps and packet-in-burst is set to 100.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
You cannot configure the IPv4 rate limiters if the global switching mode is set to truncated mode.
The rate limiters can rate limit the packets that are punted from the data path in the hardware up to the data path in the software. The rate limiters protect the control path in the software from congestion and drop the traffic that exceeds the configured rate.
The ip-option keyword is supported in PFC3BXL or PFC3B mode only.
Examples
This example shows how to set the rate limiters for the multicast packets failing the RPF check:
Router(config)# mls rate-limit multicast ipv4 non-rpf 100
Router(config)#
This example shows how to set the rate limiters for the multicast packets during a partial SC state:
Router(config)# mls rate-limit multicast ipv4 partial 250
Router(config)#
This example shows how to set the rate limiters for the FIB-missed multicast packets:
Router(config)# mls rate-limit multicast ipv4 fib-miss 15
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS rate limiter. |
mls rate-limit multicast ipv6
To configure the IPv6 multicast rate limiters, use the mls rate-limit multicast ipv6 command. To disable the rate limiters, use the no form of this command.
mls rate-limit multicast ipv6 {connected pps [packets-in-burst]} | {rate-limiter-name {share {auto | target-rate-limiter}}}
no mls rate-limit multicast ipv6 {connected | rate-limiter-type}
Syntax Description
Command Default
If the burst is not set, a default of 100 is programmed for multicast cases.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The rate-limiter-name argument must be a rate limiter that is not currently programmed.
The target-rate-limiter argument must be a rate limiter that is programmed in the hardware and must be the first rate limiter programmed for its group.
Table 2-23 lists the IPv6 rate limiters and the class of traffic that each rate limiter serves.
You can configure rate limiters for IPv6 multicast traffic using one of the following methods:
•Direct association of the rate limiters for a traffic class—Select a rate and associate the rate with a rate limiter. This example shows how to pick a rate of 1000 pps and 20 packets per burst and associate the rate with the default-drop rate limiter:
Router(config)# mls rate-limit multicast ipv6 default-drop 1000 20
•Static sharing of a rate limiter with another preconfigured rate limiter—When there are not enough adjacency-based rate limiters available, you can share a rate limiter with an already configured rate limiter (target rate limiter). This example shows how to share the route-cntl rate limiter with the default-drop target rate limiter:
Router(config)# mls rate-limit multicast ipv6 route-cntl share default-drop
If the target rate limiter is not configured, a message displays that the target rate limiter must be configured for it to be shared with other rate limiters.
•Dynamic sharing of rate limiters—If you are not sure about which rate limiter to share with, use the share auto keywords to enable dynamic sharing. When you enable dynamic sharing, the system picks a preconfigured rate limiter and shares the given rate limiter with the preconfigured rate limiter. This example shows how to choose dynamic sharing for the route-cntrl rate limiter:
Router(config)# mls rate-limit multicast ipv6 route-cntl share auto
Examples
This example shows how to set the rate limiters for the IPv6 multicast packets from a directly connected source:
Router(config)# mls rate-limit multicast ipv6 connected 1500 20
Router(config)#
This example shows shows how to configure a direct association of the rate limiters for a traffic class:
Router(config)# mls rate-limit multicast ipv6 default-drop 1000 20
Router(config)#
This example shows how to configure the static sharing of a rate limiter with another preconfigured rate limiter:
Router(config)# mls rate-limit multicast ipv6 route-cntl share default-drop
Router(config)#
This example shows how to enable dynamic sharing for the route-cntrl rate limiter:
Router(config)# mls rate-limit multicast ipv6 route-cntl share auto
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS rate limiter. |
mls rate-limit unicast acl
To enable and set the ACL-bridged rate limiters, use the mls rate-limit unicast acl command. To disable the rate limiters, use the no form of this command.
mls rate-limit unicast acl {input | output | vacl-log} {pps [packets-in-burst]}
no mls rate-limit unicast acl {input | output | vacl-log}
Syntax Description
Command Default
The defaults are as follows:
•input—Disabled.
•output—Disabled.
•vacl-log—Enabled at 2000 pps and packets-in-burst is set to 1.
•If the packets-in-burst is not set, 10 is programmed for unicast cases.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The rate limiters can rate limit the packets that are punted from the data path in the hardware up to the data path in the software. The rate limiters protect the control path in the software from congestion and drop the traffic that exceeds the configured rate.
When setting the pps, valid values are as follows:
•ACL input and output cases—10 to 1000000 pps
•VACL log cases—10 to 5000 pps
You cannot change the vacl-log packets-in-burst keyword and argument; it is set to 1 by default.
Some cases (or scenarios) share the same hardware register. These cases are divided into the following two groups:
•Group1:
–Egress ACL-bridged packets
–Ingress ACL-bridged packets
•Group 2:
–RPF failure
–ICMP unreachable for ACL drop
–ICMP unreachable for no-route
–IP errors
All the components of each group use or share the same hardware register. For example, ACL-bridged ingress and egress packets use register A. ICMP-unreachable, no-route, and RPF failures use register B.
In most cases, when you change a component of a group, all the components in the group are overwritten to use the same hardware register as the first component changed. A warning message is printed out each time that an overwriting operation occurs, but only if you enable the service internal mode. The overwriting operation does not occur in these situations:
•The pps value is set to 0 (zero) for a particular case.
•When the ingress or egress ACL-bridged packet cases are disabled, overwriting does not occur until the cases are enabled again. If either case is disabled, the other is not affected if the remaining case is enabled. For example, if you program the ingress ACL-bridged packets with a 100-pps rate, and then you configure the egress ACL-bridged packets with a 200-pps rate, the ingress ACL-bridged packet value is overwritten to 200 pps and both the ingress and the egress ACL-bridged packets have a 200-pps rate.
Examples
This example shows how to set the input ACL-bridged packet limiter for unicast packets:
Router(config)# mls rate-limit unicast acl ingress 100
Router(config)#
This example shows how to disable the input ACL-bridged packet limiter for unicast packets:
Router(config)# no mls rate-limit unicast acl ingress
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS rate limiter. |
mls rate-limit unicast cef
To enable and set the CEF rate limiters, use the mls rate-limit unicast cef command. To disable the rate limiters, use the no form of this command.
mls rate-limit unicast cef {receive | glean} pps [packets-in-burst]
no mls rate-limit unicast cef {receive | glean}
Syntax Description
Command Default
The defaults are as follows:
•receive—Disabled.
•glean—Disabled.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
If you enable the CEF rate limiters, the following situations occur (if the situation that is listed is unacceptable, disable the CEF rate limiters):
•If a packet hits a glean/receive adjacency, the packet may be dropped instead of being sent to the software if there is an output ACL on the input VLAN and the matched entry result is deny.
•If the matched ACL entry result is bridge, the packet is subject to egress ACL bridge rate limiting (if turned ON) instead of glean/receive rate limiting.
•The glean/receive adjacency rate limiting is applied only if the output ACL lookup result is permit or there is no output ACLs on the input VLAN.
Examples
This example shows how to set the CEF-glean limiter for the unicast packets:
Router(config)# mls rate-limit unicast cef glean 5000
Router(config)#
This example shows disable the CEF-glean limiter for the unicast packets:
Router(config)# no mls rate-limit unicast cef glean
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS rate limiter. |
mls rate-limit unicast ip
To enable and set the rate limiters for the unicast packets, use the mls rate-limit unicast ip command. To disable the rate limiters, use the no form of this command.
mls rate-limit unicast ip {errors | features | options | rpf-failure} pps [packets-in-burst]
mls rate-limit unicast ip icmp {redirect | unreachable {acl-drop pps} | no-route pps} [packets-in-burst]
no mls rate-limit unicast ip {errors | features | {icmp {redirect | unreachable {acl-drop | no-route}}} | options | rpf-failure} pps [packets-in-burst]
Syntax Description
Command Default
The defaults are as follows:
•If the packets-in-burst is not set, a default of 10 is programmed as the burst for unicast cases.
•errors—Enabled at 100 pps and packets-in-burst set to 10.
•rpf-failure—Enabled at 100 pps and packets-in-burst set to 10.
•icmp unreachable acl-drop—Enabled at 100 pps and packets-in-burst set to 10.
•icmp unreachable no-route—Enabled at 100 pps and packets-in-burst set to 10.
•icmp redirect—Disabled.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
To provide OAL support for denied packets, enter the mls rate-limit unicast ip icmp unreachable acl-drop 0 command.
OAL and VACL capture are incompatible. Do not configure both features on the switch. With OAL configured, use SPAN to capture traffic.
The rate limiters can rate limit the packets that are punted from the data path in the hardware up to the data path in the software. The rate limiters protect the control path in the software from congestion and drop the traffic that exceeds the configured rate.
Note When you configure an ICMP rate limiter, and an ICMP redirect occurs, exiting data traffic is dropped while the remaining traffic on the same interface is forwarded.
When setting the pps, the valid values are 0 and from 10 to 1000000. Setting the pps to 0 globally disables the redirection of the packets to the route processor. The 0 value is supported for these rate limiters:
•ICMP unreachable ACL-drop
•ICMP unreachable no-route
•ICMP redirect
•IP rpf failure
Some cases (or scenarios) share the same hardware register. These cases are divided into the following two groups:
•Group1:
–Egress ACL-bridged packets
–Ingress ACL-bridged packets
•Group 2:
–RPF failure
–ICMP unreachable for ACL drop
–ICMP unreachable for no-route
–IP errors
All the components of each group use or share the same hardware register. For example, ACL-bridged ingress and egress packets use register A. ICMP-unreachable, no-route, and RPF failures use register B.
In most cases, when you change a component of a group, all the components in the group are overwritten to use the same hardware register as the first component changed. A warning message is printed out each time that an overwriting operation occurs, but only if you enable the service internal mode. The overwriting operation does not occur in these situations:
•The pps value is set to 0 (zero) for a particular case.
•When the ingress or egress ACL-bridged packet cases are disabled, overwriting does not occur until the cases are enabled again. If either case is disabled, the other is not affected as long as the remaining case is enabled. For example, if you program the ingress ACL-bridged packets with a 100-pps rate, and then you configure the egress ACL-bridged packets with a 200-pps rate, the ingress ACL-bridged packet value is overwritten to 200 pps and both the ingress and the egress ACL-bridged packets have a 200-pps rate.
Examples
This example shows how to set the ICMP-redirect limiter for unicast packets:
Router(config)# mls rate-limit unicast ip icmp redirect 250
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS rate limiter. |
mls rate-limit unicast l3-features
To enable and set the Layer 3 security rate limiters for the unicast packets, use the mls rate-limit unicast l3-features command. To disable the rate limiters, use the no form of this command.
mls rate-limit unicast l3-features pps [packets-in-burst]
no mls rate-limit unicast l3-features pps [packets-in-burst]
Syntax Description
pps |
Packets per second; see the "Usage Guidelines" section for valid values. |
packets-in-burst |
(Optional) Packets in burst; valid values are from 1 to 255. |
Command Default
The defaults are as follows:
•Enabled at 2000 pps and packets-in-burst is set to 1.
•If the packets-in-burst is not set, 10 is programmed for unicast cases.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to set the Layer 3 security rate limiters for the unicast packets:
Router(config)# mls rate-limit unicast l3-features 5000
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS rate limiter. |
mls rate-limit unicast vacl-log
To enable and set the VACL-log case rate limiters, use the mls rate-limit unicast vacl-log command. To disable the rate limiters, use the no form of this command.
mls rate-limit unicast vacl-log {pps [packets-in-burst]}
no mls rate-limit unicast vacl-log
Syntax Description
pps |
Packets per second; see the "Usage Guidelines" section for valid values. |
packets-in-burst |
(Optional) Packets in burst; valid values are from 1 to 255. |
Command Default
The defaults are as follows:
•Enabled at 2000 pps and packets-in-burst is set to 1.
•If the packets-in-burst is not set, 10 is programmed for unicast cases.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The rate limiters can rate limit the packets that are punted from the data path in the hardware up to the data path in the software. The rate limiters protect the control path in the software from congestion and drop the traffic that exceeds the configured rate.
When setting the pps, valid values are as follows:
•ACL input and output cases—10 to 1000000 pps
•VACL log cases—10 to 5000 pps
Setting the pps to 0 globally disables the redirection of the packets to the route processor.
You cannot change the vacl-log packets-in-burst keyword and argument; it is set to 1 by default.
Some cases (or scenarios) share the same hardware register. These cases are divided into the following two groups:
•Group1:
–Egress ACL-bridged packets
–Ingress ACL-bridged packets
•Group 2:
–RPF failure
–ICMP unreachable for ACL drop
–ICMP unreachable for no-route
–IP errors
All the components of each group use or share the same hardware register. For example, ACL-bridged ingress and egress packets use register A. ICMP-unreachable, no-route, and RPF failures use register B.
In most cases, when you change a component of a group, all the components in the group are overwritten to use the same hardware register as the first component changed. A warning message is printed out each time that an overwriting operation occurs, but only if you enable the service internal mode. The overwriting operation does not occur in these situations:
•The pps value is set to 0 (zero) for a particular case.
•When the ingress or egress ACL-bridged packet cases are disabled, overwriting does not occur until the cases are enabled again. If either case is disabled, the other is not affected if the remaining case is enabled. For example, if you program the ingress ACL-bridged packets with a 100-pps rate, and then you configure the egress ACL-bridged packets with a 200-pps rate, the ingress ACL-bridged packet value is overwritten to 200 pps and both the ingress and the egress ACL-bridged packets have a 200-pps rate.
Examples
This example shows how to set the VACL-log case packet limiter for unicast packets:
Router(config)# mls rate-limit unicast vacl-log 100
Router(config)#
This example shows how to disable the rate limiters:
Router(config)# no mls rate-limit unicast vacl-log 100
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MLS rate limiter. |
mls rp ip (global configuration mode)
To enable external systems to establish IP shortcuts to the PISA, use the mls rp ip command. To remove a prior entry, use the no form of this command.
mls rp ip [input-acl | route-map]
no mls rp ip
Syntax Description
input-acl |
(Optional) Enables the IP-input access list. |
route-map |
(Optional) Enables the IP-route map. |
Command Default
No shortcuts are configured.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to allow the external systems to establish IP shortcuts with IP-input access lists:
Router(config)#
mls rp ip input-acl
Router(config)#
Related Commands
|
|
---|---|
Enables MLS IP for the internal router on the interface. |
|
Displays the MLS IP information. |
mls rp ip (interface configuration mode)
To enable the external systems to enable MLS IP on a specified interface, use the mls rp ip command. To disable MLS IP, use the no form of this command.
mls rp ip
no mls rp ip
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to enable the external systems to enable MLS IP on an interface:
Router(config-if)#
mls rp ip
Router(config-if)
Related Commands
|
|
---|---|
Enables external systems to establish IP shortcuts to the PISA. |
|
Displays the MLS IP information. |
mls rp ipx (global configuration mode)
To allow the external systems to enable MLS IPX to the PISA, use the mls rp ipx command. To remove a prior entry, use the no form of this command.
mls rp ipx [input-acl]
no mls rp ipx
Syntax Description
input-acl |
(Optional) Enables MLS IPX and overrides ACLs. |
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to allow the external systems to enable MLS IPX to the PISA and override ACLs:
Router(config)#
mls rp ipx input-acl
Router(config)#
Related Commands
|
|
---|---|
Allows the external systems to enable MLS IPX on the interface. |
|
show mls rp ipx |
Displays details for all IPX MLS interfaces on the IPX MLS router. |
mls rp ipx (interface configuration mode)
To allow the external systems to enable MLS IPX on the interface, use the mls rp ipx command. To disable MLS IPX on the interface, use the no form of this command.
mls rp ipx
no mls rp ipx
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to allow the external systems to enable MLS IPX on an interface:
Router(config-if)#
mls rp ipx
Router(config-if)#
Related Commands
|
|
---|---|
Allows the external systems to enable MLS IPX to the PISA. |
|
show mls rp ipx |
Displays details for all IPX MLS interfaces on the IPX MLS router. |
mls rp management-interface
To enable the interface as a management interface, use the mls rp management-interface command. To remove a prior entry, use the no form of this command.
mls rp management-interface
no mls rp management-interface
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to enable an interface as a management interface:
Router(config-if)#
mls rp management-interface
Router(config-if)#
Related Commands
|
|
---|---|
show mls rp |
Displays MLS details. |
mls rp nde-address
To specify the NDE address, use the mls rp nde-address command. To remove a prior entry, use the no form of this command.
mls rp nde-address ip-address
no mls rp nde-address ip-address
Syntax Description
ip-address |
NDE IP address. |
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Use the following syntax to specify an IP subnet address:
•ip-subnet-addr—Short subnet address format. The trailing decimal number 00 in an IP address YY.YY.YY.00 specifies the boundary for an IP-subnet address. For example, 172.22.36.00 indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0), and 173.24.00.00 indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0). However, this format can identify only a subnet address of 8, 16, or 24 bits.
•ip-addr/subnet-mask—Long subnet address format. For example, 172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a subnet address of any bit number. To provide more flexibility, the ip-addr is a full host address, such as 172.22.253.1/255.255.252.00.
•ip-addr/maskbits—Simplified long subnet address format. The mask bits specify the number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit subnet address. The ip-addr is a full host address, such as 193.22.253.1/22, which has the same subnet address as the ip-subnet-addr.
Examples
This example shows how to set the NDE address to 170.25.2.1:
Router(config)#
mls rp nde-address 170.25.2.1
Router(config)#
Related Commands
|
|
---|---|
show mls rp |
Displays MLS details. |
mls rp vlan-id
To assign a VLAN ID to the interface, use the mls rp vlan-id command. To remove a prior entry, use the no form of this command.
mls rp vlan-id {vlan-id}
no mls rp vlan-id
Syntax Description
vlan-id |
VLAN ID number; valid values are from 1 to 4094. |
Command Default
This command has no default settings.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to assign a VLAN ID to the interface:
Router(config-if)#
mls rp vlan-id 4
Router(config-if)#
Related Commands
|
|
---|---|
show mls rp |
Displays MLS details. |
mls rp vtp-domain
To link the interface to a VTP domain, use the mls rp vtp-domain command. To remove a prior entry, use the no form of this command.
mls rp vtp-domain name
no mls rp vtp-domain name
Syntax Description
name |
VLAN domain name. |
Command Default
This command has no default settings.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to link the interface to a VTP domain:
Router(config-if)#
mls rp vtp-domain EverQuest
Router(config-if)#
Related Commands
|
|
---|---|
show mls rp |
Displays MLS details. |
Configures the global VTP state. |
mls sampling
To enable the sampled NetFlow and specify the sampling method, use the mls sampling command. To disable the sampled NetFlow, use the no form of this command.
mls sampling {{time-based rate} | {packet-based rate [interval]}}
no mls sampling
Syntax Description
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
To enable sampling on the PFC3, you must enter the mls sampling command and the mls netflow sampling command on the appropriate interfaces. If you do not enter the mls netflow sampling command, NDE will not export flows.
The sampled NetFlow is supported on Layer 3 interfaces only.
You can enable the sampled NetFlow even if NDE is disabled, but no flows are exported.
With packet-based sampling, a flow with a packet count of n is sampled n/m times, where m is the sampling rate.
The time-based sampling is based on a preset interval for each sampling rate. Table 2-24 lists the sample intervals for each rate and period.
Examples
This example shows how to enable the time-based NetFlow sampling and set the sampling rate:
Router(config
)# mls sampling time-based 1024
Router(config)#
This example shows how to enable the packet-based NetFlow sampling and set the sampling rate and interval:
Router(config
)# mls sampling packet-based 1024 8192
Router(config)#
Related Commands
|
|
---|---|
Enables the sampled NetFlow on an interface. |
|
Displays information about the sampled NDE status. |
mls switching
To enable the hardware switching, use the mls switching command. To disable hardware switching, use the no form of this command.
mls switching
no mls switching
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to enable the hardware switching:
Router(config
)# mls switching
Router(config)#
This example shows how to disable the hardware switching:
Router(config
)# no mls switching
Router(config)#
Related Commands
|
|
---|---|
Enables the hardware switching of the unicast traffic for an interface. |
mls switching unicast
To enable the hardware switching of the unicast traffic for an interface, use the mls switching unicast command. To disable the hardware switching of the unicast traffic for an interface, use the no form of this command.
mls switching unicast
no mls switching unicast
Syntax Description
This command has no arguments or keywords.
Command Default
This command has no default settings.
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to enable the hardware switching for an interface:
Router(config-if
)# mls switching unicast
Router(config-if)#
This example shows how to disable the hardware switching for an interface:
Router(config-if
)# no mls switching unicast
Router(config-if)#
Related Commands
|
|
---|---|
Enables hardware switching. |
mls verify
To enable hardware packet parsing error checks, use the mls verify command. To disable Layer 3 error checking in the hardware, use the no form of this command.
mls verify {ip | ipx} {checksum | {length {consistent | minimum}} | same-address | syslog}
no mls verify {ip | ipx} {checksum | {length {consistent | minimum}} same-address | syslog}
Syntax Description
Command Default
The default settings are as follows:
•checksum
•same-address is disabled.
•syslog is disabled.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The IP too-short packets are the IP packets with an IP header length or IP total length field that is smaller than 20 bytes.
When you enter the mls verify ip length minimum command, valid IPv4 packets are switched in the hardware only if the IP protocol fields are equal to one of the following types:
•ICMP (1)
•IGMP (2)
•IP (4)
•TCP (6)
•UDP (17)
•IPv6 (41)
•GRE (47)
•SIPP-ESP (50)
When you enter the no mls verify ip length minimum command, too-short packets are switched in the hardware. The too-short packets that have IP protocol = 6 (TCP) are sent to the software.
To prevent packets with the same source and destination IP address from being switched in the hardware, use the mls verify ip same-address command.
Examples
This example shows how to enable Layer 3 error checking in the hardware:
Router(config
)# mls verify ip checksum
Router(config)#
This example shows how to disable Layer 3 error checking in the hardware:
Router(config
)# no mls verify ip checksum
Router(config)#
This example shows how to prevent packets with the same source and destination IP address from being switched in the hardware:
Router(config
)# mls verify ip same-address
Router(config)#
mobility
To configure the wireless mGRE tunnels, use the mobility command. To return to the default settings, use the no form of this command.
mobility {network-id id} | {tcp adjust-mss}
mobility [trust | broadcast]
Syntax Description
Command Default
Untrusted network
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
This command is supported on Catalyst 6500 series switches that are configured with a WLSM only.
The tcp adjust-mss keywords are supported on mGRE tunnel interfaces only.
You can enter the ip tcp adjust-mss value command to change the TCP MSS to a lower value.
A trusted network can use DHCP or a static IP address. An untrusted network supports only DHCP clients.
Examples
This example shows how to specify the network identification number for the mGRE tunnel:
Router (config-if)# mobility network-id 200
Router (config-if)#
This example shows how to specify the trusted network:
Router (config-if)# mobility trust
Router (config-if)#
This example shows how to specify that the mGRE tunnel convert the NBMA to the BMA:
Router (config-if)# mobility broadcast
Router (config-if)#
This example shows how to adjust the MSS value in TCP SYN and TCP ACK on the access points automatically:
Router (config-if)# mobility tcp adjust-mss
Router (config-if)#
Related Commands
|
|
---|---|
ip tcp adjust-mss |
Adjusts the MSS value of TCP SYN packets going through a router. |
Displays information about the Layer 3 mobility and the wireless network. |
mode
To set the redundancy mode, use the mode command.
mode {rpr | rpr-plus | sso}
Syntax Description
rpr |
Specifies RPR mode. |
rpr-plus |
Specifies RPR+ mode. |
sso |
Specifies SSO mode. |
Command Default
The defaults are as follows:
•SSO mode if the system is not configured for redundancy and the active and standby supervisor engines have the same image.
•RPR mode if different versions are installed.
•If redundancy is enabled, the default is the mode that you have configured.
Command Modes
Redundancy configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The rpr-plus keywords are not supported by the Supervisor Engine 32 PISA.
NSF with SSO redundancy mode supports IPv4. NSF with SSO redundancy mode does not support IPv6, IPX, and MPLS.
If you have configured MPLS on the Catalyst 6500 series switch with redundant supervisor engines, you must configure the Catalyst 6500 series switch in RPR mode. The switch should not be running in the default mode of SSO.
Enter the redundancy command in global configuration mode to enter redundancy configuration mode. You can enter the mode command within redundancy configuration mode.
The standby supervisor engine reloads on any change of mode and begins to work in the current mode.
Examples
This example shows how to set the redundancy mode to SSO:
Router(config)# redundancy
Router(config-red)# mode sso
Router(config-red)#
Related Commands
mode dot1q-in-dot1q access-gateway
To enable a Gigabit Ethernet WAN interface to act as a gateway for QinQ VLAN translation, use the mode dot1q-in-dot1q access-gateway command. To disable the QinQ VLAN translation on the interface, use the no form of this command.
mode dot1q-in-dot1q access-gateway
no mode dot1q-in-dot1q access-gateway
Syntax Description
This command has no keywords or arguments.
Command Default
Disabled
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
This command is supported on the Gigabit Ethernet WAN interfaces on Catalyst 6500 series switches that are configured with an OSM-2+4GE-WAN+ OSM module only.
802.1Q provides a trunking option that tags packets with two VLAN tags to allow multiple VLANs to be trunked together across an intermediate network. This use of a double-tagged tunnel is also referred to as QinQ tunneling.
The mode dot1q-in-dot1q access-gateway command enhances QinQ tunneling by tagging packets with two VLAN tags to allow multiple VLANs to be trunked together across an intermediate network. A double-tagged tunnel performs the following functions:
•Switches packets that are tagged with two 802.1Q VLAN tags to a destination service that is based on a combination of VLAN tags.
•Supports traffic shaping based on the VLAN tags.
•Copies the 802.1P prioritization bits (P bits) from the inner (customer) VLAN tag to the outer (service provider) VLAN tag.
You can also combine multiple GE-WAN interfaces into a virtual port-channel interface to enable QinQ link bundling. Combining the interfaces not only simplifies the configuration but allows the GE-WAN OSM to load balance the PE VLANs among the physical interfaces that are members of the bundle. In addition, if one interface member of the link bundle goes down, its PE VLANs are automatically reallocated to the other members of the bundle.
Note You must remove all IP addresses that have been configured on the interface before using the mode dot1q-in-dot1q access-gateway command.
After configuring the mode dot1q-in-dot1q access-gateway command, use the bridge-domain (subinterface configuration) command to configure the VLAN mapping to be used on each subinterface.
Note Port-channel interface counters (as shown by the show counters interface port-channel and show interface port-channel counters commands) are not supported for channel groups that are using GE-WAN interfaces for QinQ link bundling. The show interface port-channel {number | number.subif} command (without the counters keyword) is supported, however.
Tip The mls qos trust command has no effect on a GE-WAN interface or port-channel group that has been configured with the mode dot1q-in-dot1q access-gateway command. These interfaces and port channels always trust the VLAN CoS bits in this configuration.
Examples
This example shows a typical configuration for the mode dot1q-in-dot1q access-gateway command:
Router# configure terminal
Router(config)# interface GE-WAN 4/1
Router(config-if)# mode dot1q-in-dot1q access-gateway
Router(config-if)#
This example shows the system message that appears when you try to configure the mode dot1q-in-dot1q access-gateway command without first removing the IP address configuration:
Router# configure terminal
Router(config)# interface GE-WAN 3/0
Router(config-if)# mode dot1q-in-dot1q access-gateway
% interface GE-WAN3/0 has IP address 192.168.100.101
configured. Please remove the IP address before configuring
'mode dot1q-in-dot1q access-gateway' on this interface.
Router(config-if)# no ip address 192.168.100.101 255.255.255
Router(config-if)# mode dot1q-in-dot1q access-gateway
Router(config-if)#
This example shows how to disable QinQ mapping on an interface by using the no form of the mode dot1q-in-dot1q access-gateway command. In addition, this command automatically removes all subinterfaces on the interface and all of the subinterface QinQ mappings (configured with the bridge-domain (subinterface configuration) command) and service policies.
Router# configure terminal
Router(config)# interface GE-WAN 3/0
Router(config-if)# no mode dot1q-in-dot1q access-gateway
Router(config-if)#
This example shows a virtual port-channel interface that was created and assigned with two GE-WAN interfaces. The mode dot1q-in-dot1q access-gateway command is then enabled on the port-channel interface to allow it to act as a QinQ link bundle:
Router(config)# interface port-channel 20
Router(config-if)# interface GE-WAN 3/0
Router(config-if)# port-channel 20 mode on
Router(config-if)# interface GE-WAN 3/1
Router(config-if)# port-channel 20 mode on
Router(config-if)# interface port-channel 20
Router(config-if)# no ip address
Router(config-if)# mode dot1q-in-dot1q access-gateway
Router(config-if)#
This example shows the error message that appears if you attempt to enable QinQ translation on a port-channel interface that contains one or more invalid interfaces:
Router# configure terminal
Router(config)# interface port-channel 30
7600-2(config-if)# mode dot1q-in-dot1q access-gateway
% 'mode dot1q-in-dot1q access-gateway' is not supported on Port-channel30
% Port-channel30 contains 2 Layer 2 Gigabit Ethernet interface(s)
Router(config-if)#
Related Commands
monitor event-trace (EXEC)
To control the event trace function for a specified Cisco IOS software subsystem component, use the monitor event-trace command.
monitor event-trace all-traces {{continuous [cancel]} | {dump [merged] [pretty]}}
monitor event-trace l3 {clear | {continuous [cancel]} | disable | {dump [pretty]} | enable | {interface type mod/port} | one-shot}
monitor event-trace spa {clear | {continuous [cancel]} | disable | {dump [pretty]} | enable | one-shot}
monitor event-trace subsys {clear | {continuous [cancel]} | disable | {dump [pretty]} | enable | one-shot}
Syntax Description
all-traces |
Displays the configured merged-event traces. |
continuous |
Displays the latest event trace entries continuously. |
cancel |
(Optional) Cancels the continuous display of latest trace entries. |
dump |
Writes the event trace results to the file configured using the monitor event-trace (global configuration) command. |
merged |
(Optional) Dumps the entries in all event traces sorted by time. |
pretty |
(Optional) Saves the event trace message in an ASCII format. |
l3 |
Displays information about the Layer 3 trace. |
clear |
Clears the trace. |
disable |
Turns off event tracing for the specified component. |
enable |
Turns on event tracing for the specified component. |
interface type mod/port |
Specifies the interface to be logged. |
one-shot |
Clears any existing trace information from the memory, starts event tracing again, and disables the trace when the trace reaches the size specified using the monitor event-trace (global configuration) command. |
spa |
Displays information about the SPA trace. |
subsys |
Displays information about the initial trace of the subsystem. |
Command Default
Trace information is saved in a binary format.
Command Modes
Privileged EXEC (#)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Use the monitor event-trace (EXEC) command to control what, when, and how event trace data is collected. Use this command after you have configured the event trace functionality on the networking device using the monitor event-trace (global configuration) command.
The trace messages are saved in a binary format.
Note The amount of data collected from the trace depends on the trace message size configured using the monitor event-trace (global configuration) command for each instance of a trace.
Cisco IOS software allows for the subsystem components to define whether support for event tracing is enabled or disabled at boot. You can enable or disable event tracing in two ways: using the monitor event-trace (EXEC) command or using the monitor event-trace (global configuration) command. To enable event tracing again, you would enter the enable form of either of these commands.
To determine whether a subsystem has enabled or disabled event tracing, use the monitor event-trace ? command to get a list of software components that support event tracing. To determine whether event tracing is enabled by default for the subsystem, use the show monitor event-trace command to view trace messages.
Use the show monitor event-trace command to display trace messages.
Use the monitor event-trace component dump command to save trace message information for a single event. By default, trace information is saved in a binary format. If you want to save trace messages in an ASCII format, possibly for additional application processing, use the monitor event-trace component dump pretty command.
To write the trace messages for all events currently enabled on a networking device to a file, enter the monitor event-trace dump-file (global configuration) command.
To configure the file where you want to save trace information, use the monitor event-trace (global configuration) command.
Examples
This example shows how to stop event tracing, clear the current memory, and reenable the trace function for the SPA component. This example assumes that the tracing function is configured and enabled on the networking device.
Router# monitor event-trace spa disable
Router# monitor event-trace spa clear
Router# monitor event-trace spa enable
This example shows how you can use the one-shot keyword to accomplish the same function as the previous example except that you do not have to enter as many commands. Once the size of the trace message file has been exceeded, the trace is terminated.
Router# monitor event-trace spa one-shot
Router#
This example shows how to write the trace messages for an event in a binary format. The trace messages for the IPC component are written to a file as follows:
Router# monitor event-trace ipc dump
Router#
This example shows how to write the trace messages for an event in an ASCII format. In this example, the trace messages for the MBUS component are written to a file.
Router# monitor event-trace mbus dump pretty
Router#
Related Commands
monitor event-trace (global configuration)
To configure event tracing for a specified Cisco IOS software subsystem component, use the monitor event-trace (global) command. To change the default setting to enable or disable event tracing, see the "Usage Guidelines" section for this command.
monitor event-trace all-traces dump-file filename
monitor event-trace l3 {disable | dump-file filename | enable | size number | {stacktrace [depth]}}
monitor event-trace sequence-number
monitor event-trace spa {disable | dump-file filename | enable | size number | {stacktrace [depth]}}
monitor event-trace stacktrace
monitor event-trace subsys {disable | dump-file filename | enable | size number | {stacktrace [depth]}}
monitor event-trace timestamps [{datetime [localtime] [msec] [show-timezone]} | uptime]
Syntax Description
Command Default
Enabled or disabled depending on the software component.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Note Event tracing is intended for use as a software diagnostic tool and should be configured only under the direction of a TAC representative. In Cisco IOS software images that do not provide subsystem support for the event trace function, the monitor event-trace (global configuration) command is not available.
Cisco IOS software allows the subsystem components to define whether support for event tracing is enabled or disabled by default. The command interface for event tracing allows users to change the default two ways: using the monitor event-trace (EXEC) command or using the monitor event-trace (global configuration) command.
Additionally, default settings do not show up in the configuration file. If the subsystem software enables event tracing by default, the monitor event-trace component enable command will not show up in the configuration file of the networking device; however, disabling event tracing that has been enabled by default by the subsystem will create a line in the configuration file.
Note The amount of data collected from the trace depends on the trace message size configured using the monitor event-trace (global configuration) command for each instance of a trace.
When the number of event trace messages in memory exceeds the size, new messages will begin to overwrite the older messages in the file.
The maximum filename length (path and filename) is 100 characters and the path can point to flash memory on the networking device or to a TFTP or FTP server.
To determine whether a subsystem has enabled or disabled event tracing, use the monitor event-trace ? command to get a list of software components that support event tracing.
To determine whether event tracing is enabled by default for the subsystem, use the show monitor event-trace command to view trace messages.
To specify the trace call stack at tracepoints, you must clear the trace buffer first.
Examples
This example shows how to stop event tracing, clear the current memory, and reenable the trace function for the SPA component. This example assumes that the tracing function is configured and enabled on the networking device.
Router(config)# monitor event-trace spa disable
Router(config)# monitor event-trace spa clear
Router(config)# monitor event-trace spa enable
Related Commands
monitor permit-list
To configure a destination port permit list or add to an existing destination port permit list, use the monitor permit-list command. To delete from or clear an existing destination port permit list, use the no form of this command.
monitor permit-list
monitor permit-list destination {interface type} {slot/port[-port] [, type slot/port - port]
no monitor permit-list
no monitor permit-list destination {interface type} {slot/port[-port] [, type slot/port - port]
Syntax Description
Command Default
Disabled
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
To prevent accidental configuration of ports as destinations, you can create a permit list of the ports that are valid for use as destinations. With a destination port permit list configured, you can only configure the ports in the permit list as destinations.
Examples
This example shows how to configure a destination port permit list that includes Gigabit Ethernet ports 5/1 through 5/4 and 6/1:
Router# configure terminal
Router(config)# monitor permit-list
Router(config)# monitor permit-list destination interface gigabitethernet 5/1-4,
gigabitethernet 6/1
Related Commands
|
|
---|---|
Displays the permit-list state and interfaces configured. |
monitor session
To start a new ERSPAN, SPAN, or RSPAN session, add or delete interfaces or VLANs to or from an existing session, filter ERSPAN, SPAN, or RSPAN traffic to specific VLANs, or delete a session, use the monitor session command. To remove one or more source or destination interfaces from the session, remove a source VLAN from the session, or delete a session, use the no form of this command.
monitor session session source {{interface type} | {{vlan vlan-id} [rx | tx | both]} | {remote vlan rspan-vlan-id}}
monitor session session destination {{interface type} | {vlan vlan-id} | {remote vlan vlan-id} | {analysis-module slot-number} | {data-port port-number}}
monitor session session-number filter vlan vlan-range
monitor session servicemodule mod-list
monitor session session-number type {erspan-source | erspan-destination}
no monitor session {{range session-range} | local | remote | all | session}
no monitor session session source {{interface type} | {{vlan vlan-id} [rx | tx | both]} | {remote vlan rspan-vlan-id}}
no monitor session session destination {{interface type} | {vlan vlan-id} | {remote vlan vlan-id} | {analysis-module slot-number} | {data-port port-number}}
Syntax Description
session |
Number of the SPAN session; valid values are from 1 to 66. |
source |
Specifies the SPAN source. |
interface type |
Specifies the interface type; see the "Usage Guidelines" section for formatting information. |
vlan vlan-id |
Specifies the VLAN ID; valid values are from 1 to 4094. |
rx |
(Optional) Specifies the monitor-received traffic only. |
tx |
(Optional) Specifies the monitor-transmitted traffic only. |
both |
(Optional) Specifies the monitor-received and monitor-transmitted traffic. |
remote vlan rspan-vlan-id |
Specifies the RSPAN VLAN as a destination VLAN. |
destination |
Specifies the SPAN-destination interface. |
analysis-module slot-number |
Specifies the network analysis module number; see the "Usage Guidelines" section for additional information. |
data-port port-number |
Specifies the data-port number; see the "Usage Guidelines" section for additional information. |
filter vlan vlan-range |
Limits SPAN-source traffic to specific VLANs. |
servicemodule |
Specifies service modules. |
mod-list |
(Optional) List of service module numbers. |
type erspan-source |
Enters the ERSPAN source-session configuration mode; see the monitor session type command for additional information. |
type erspan-destination |
Enters the ERSPAN destination-session configuration mode; see the monitor session type command for additional information. |
range session-range |
Specifies the range of sessions. |
local |
Specifies the local session. |
remote |
Specifies the remote session. |
all |
Specifies all sessions. |
Command Default
The defaults are as follows:
•both.
•servicemodule—All service modules are allowed to use the SPAN servicemodule session.
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Note Be careful when configuring SPAN-type source ports that are associated to SPAN-type destination ports because you do not configure SPAN on high-traffic interfaces. If you configure SPAN on high-traffic interfaces, you may saturate replication engines and interfaces. To configure SPAN-type source ports that are associated to SPAN-type destination ports, enter the monitor session session source {{interface type} | {{vlan vlan-id} [rx | tx | both]} | {remote vlan rspan-vlan-id}} command.
Use these formatting guidelines when configuring monitor sessions:
•interface and single-interface formats are type slot/port; valid values for type are ethernet, fastethernet, gigabitethernet, or tengigabitethernet.
•An interface-list is a list of interfaces that are separated by commas. Insert a space before and after each comma as shown in this example:
single-interface , single-interface , single-interface ...
•An interface-range is a range of interfaces that are separated by dashes. Insert a space before and after each dash. To enter multiple ranges, separate each range with a comma as shown in this example:
type slot/first-port - last-port
•A mixed-interface-list is a mixed list of interfaces. Insert a space before and after each dash and comma as shown in this example:
single-interface, interface-range , ... in any order.
•A single-vlan is an ID number of a single VLAN; valid values are from 1 to 4094.
•A vlan-list is a list of VLAN IDs that are separated by commas. An example is shown as follows:
single-vlan , single-vlan , single-vlan ...
•A vlan-range is a range of VLAN IDs that are separated by dashes. An example is shown as follows:
first-vlan-ID - last-vlan-ID
•A mixed-vlan-list is a mixed list of VLAN IDs. Insert a space before and after each dash. To enter multiple ranges, separate each VLAN ID with a comma as shown in this example:
single-vlan , vlan-range , ... in any order
The analysis-module slot-number and the data-port port-number keywords and arguments are supported on Network Analysis Modules only.
The number of valid values for port-channel number are a maximum of 64 values ranging from 1 to 256.
You cannot share the destination interfaces among SPAN sessions. For example, a single destination interface can belong to one SPAN session only and cannot be configured as a destination interface in another SPAN session.
The local SPAN, RSPAN, and ERSPAN session limits are as follows:
|
|
|
|
---|---|---|---|
66 |
2 (ingress or egress or both) |
64 |
23 |
The local SPAN, RSPAN, and ERSPAN source and destination limits are as follows:
A particular SPAN session can either monitor the VLANs or monitor individual interfaces—you cannot have a SPAN session that monitors both specific interfaces and specific VLANs. If you first configure a SPAN session with a source interface, and then try to add a source VLAN to the same SPAN session, you get an error. You also get an error if you configure a SPAN session with a source VLAN and then try to add a source interface to that session. You must first clear any sources for a SPAN session before switching to another type of source.
If you enter the filter keyword on a monitored trunk interface, only traffic on the set of specified VLANs is monitored.
The port-channel interfaces display in the list of interface options if you have them configured. The VLAN interfaces are not supported. However, you can span a particular VLAN by entering the monitor session session source vlan vlan-id command.
The show monitor command displays the SPAN servicemodule session only if it is allocated in the system. It also displays a list of allowed modules and a list of active modules that can use the servicemodule session.
Only the no form of the monitor session servicemodule command is displayed when you enter the show running-config command.
If no module is allowed to use the servicemodule session, the servicemodule session is automatically deallocated. If at least one module is allowed to use the servicemodule session and at least one module is online, the servicemodule session is automatically allocated.
If you allow or disallow a list of modules that are not service modules from using the servicemodule session, there will be no effect on the allocation or deallocation of the servicemodule session. Only the list of modules is saved in the configuration.
If you disable the SPAN servicemodule session with the no monitor session servicemodule command, allowing or disallowing a list of modules from using the servicemodule session has no effect on the allocation or deallocation of the servicemodule session. Only the list of modules is saved in the configuration.
The monitor session servicemodule command is accepted even if there are no modules physically inserted in any slot.
Examples
This example shows how to configure multiple sources for a session:
Router(config)# monitor session 2 source interface fastethernet 5/15 , 7/3 rx
Router(config)# monitor session 2 source interface gigabitethernet 1/2 tx
Router(config)# monitor session 2 source interface port-channel 102
Router(config)# monitor session 2 source filter vlan 2 - 3
Router(config)# monitor session 2 destination remote vlan 901
This example shows how to configure an RSPAN destination in the final switch (RSPAN destination session):
Router(config)# monitor session 8 source remote vlan 901
Router(config)# monitor session 8 destination interface fastethernet 1/2 , 2/3
This example shows how to clear the configuration for sessions 1 and 2:
Router(config)# no monitor session 1 - 2
Router(config)#
This example shows how to clear the configuration for all sessions:
Router(config)# no monitor session all
Router(config)#
This example shows how to clear the configuration for all remote sessions:
Router(config)# no monitor session remote
Router(config)#
This example shows how to allow a list of modules to use the SPAN servicemodule session:
Router(config)# monitor session servicemodule module 1-2
Router(config)#
This example shows how to disallow a list of modules from using the SPAN servicemodule session:
Router(config)# no monitor session servicemodule module 1-2
Router(config)#
Related Commands
|
|
---|---|
Configures a VLAN as an RSPAN VLAN. |
|
Displays information about the ERSPAN, SPAN, and RSPAN sessions. |
monitor session type
To create an ERSPAN source session number or enter the ERSPAN session configuration mode for the session, use the monitor session type command. To remove one or more source or destination interfaces from the ERSPAN session, use the no form of this command.
monitor session erspan-session-number type {erspan-destination | erspan-source}
no monitor session erspan-session-number type {erspan-destination | erspan-source}
Syntax Description
Command Modes
This command has no default settings.
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
ERSPAN is supported on hardware revision 3.2 or higher. Enter the show module version | include WS-SUP720-BASE command to display the hardware revision.
ERSPAN traffic is GRE-encapsulated SPAN traffic that can only be processed by an ERSPAN destination session.
All ERSPAN source sessions on a switch must use the same source IP address. You enter the origin ip address command to configure the IP address for the ERSPAN source sessions.
All ERSPAN destination sessions on a switch must use the same IP address. You enter the ip address command to configure the IP address for the ERSPAN destination sessions. If the ERSPAN destination IP address is not a Supervisor Engine 32 PISA (for example, it is a network sniffer), the traffic arrives with the GRE and RSPAN headers/encapsulation intact.
The ERSPAN source session destination IP address, which must be configured on an interface on the destination switch, is the source of traffic that an ERSPAN destination session sends to the destination ports. You configure the same address in both the source and destination sessions with the ip address command.
The ERSPAN ID differentiates the ERSPAN traffic arriving at the same destination IP address from different ERSPAN source sessions.
The local ERSPAN session limits are as follows:
•Total sessions—66
•Source sessions—2 (ingress or egress or both)
•Destination sessions—23
The monitor session type command creates a new ERSPAN session or allows you to enter the ERSPAN session configuration mode. ERSPAN uses separate source and destination sessions. You configure the source and destination sessions on different switches. The ERSPAN session configuration mode prompts are as follows:
•Router(config-mon-erspan-src)—Indicates the ERSPAN source session configuration mode.
•Router(config-mon-erspan-src-dst)—Indicates the ERSPAN source session destination configuration mode.
•Router(config-mon-erspan-dst)—Indicates the ERSPAN destination session configuration mode.
•Router(config-mon-erspan-dst-src)—Indicates the ERSPAN destination session source configuration mode
Table 2-25 lists the ERSPAN destination session configuration mode syntaxes.
Table 2-26 lists the ERSPAN source session configuration mode syntaxes.
When you configure the monitor sessions, follow these syntax guidelines:
•erspan-destination-span-session-number can range from 1 to 66.
•single-interface is interface type slot/port; type is ethernet, fastethernet, gigabitethernet, or tengigabitethernet.
•interface-list is single-interface , single-interface , single-interface ...
Note In lists, you must enter a space before and after the comma. In ranges, you must enter a space before and after the dash.
•interface-range is interface type slot/first-port - last-port .
•mixed-interface-list is, in any order, single-interface , interface-range , ...
•erspan-flow-id can range from 1 to 1023.
When you clear the monitor sessions, follow these syntax guidelines:
•The no monitor session session-number command entered with no other parameters clears the session session-number.
•session-range is first-session-number-last-session-number.
Note When you enter the no monitor session range command, do not enter spaces before or after the dash. If you enter multiple ranges, do not enter spaces before or after the commas.
Examples
This example shows how to configure an ERSPAN source session number and enter the ERSPAN source session configuration mode for the session:
Router(config)# monitor session 55 type erspan-source
Router(config-mon-erspan-src)#
This example shows how to configure an ERSPAN destination session number and enter the ERSPAN destination session configuration mode for the session:
Router(config)# monitor session 55 type erspan-destination
Router(config-mon-erspan-dst)#
This example shows how to associate the ERSPAN destination session number with the destination ports:
Router(config-mon-erspan-dst) destination interface fastethernet 1/2 , 2/3
This example shows how to enter the ERSPAN destination session source configuration:
Router(config-mon-erspan-dst)# source
Router(config-mon-erspan-dst-src)#
This example shows how to enter the ERSPAN destination session source configuration mode:
Router(config-mon-erspan-dst)# source
Router(config-mon-erspan-dst-src)#
This example shows how to configure multiple sources for a session:
Router(config-mon-erspan-src)# source interface fastethernet 5/15 , 7/3 rx
Router(config-mon-erspan-src)# source interface gigabitethernet 1/2 tx
Router(config-mon-erspan-src)# source interface port-channel 102
Router(config-mon-erspan-src)# source filter vlan 2 - 3
Router(config-mon-erspan-src)#
This example shows how to enter the ERSPAN source session destination configuration mode:
Router(config-mon-erspan-src)# destination
Router(config-mon-erspan-src-dst)#
This example shows how to configure the ID number that is used by the source and destination sessions to identify the ERSPAN traffic:
Router(config-mon-erspan-src-dst)# erspan-id 1005
Router(config-mon-erspan-src-dst)#
Related Commands
|
|
---|---|
Displays information about the ERSPAN, SPAN, and RSPAN sessions. |
mpls l2transport route
To enable routing of Layer 2 packets over MPLS, use the mpls l2transport route command. To disable routing over MPLS, use the no form of this command.
mpls l2transport route destination vc-id
no mpls l2transport route destination vc-id
Syntax Description
destination |
IP address of the router to which the virtual circuit is destined. |
vc-id |
Virtual-circuit identification to a router. |
Command Modes
This command has no default settings.
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The mpls l2transport route command enables the virtual connection used to route the VLAN packets. The types of virtual connections used are as follows:
•VC Type 4—Allows all the traffic in a VLAN to use a single VC across the MPLS network.
•VC Type 5—Allows all traffic on a port to share a single VC across the MPLS network.
During the VC setup, VC type 5 is advertised. If the peer advertises VC type 4, the VC type is changed to type 4 and the VC is restarted. Note that the change only happens from type 5 to type 4 and never from type 4 to type 5.
An MPLS VLAN virtual circuit in Layer 2 runs across an MPLS cloud to connect the VLAN interfaces on two PE routers.
Use the mpls l2transport route command on the VLAN interface of each PE router to route the VLAN packets in Layer 2 across the MPLS cloud to the VLAN interface of the other PE router. Specify the IP address of the other PE router for the destination parameter. Do not specify the IP address of the router from which you are issuing the command.
You can choose any value for the virtual-connection ID. However, the virtual-circuit ID must be unique to the virtual connection. In large networks, you may need to track the virtual-connection ID assignments to ensure that a virtual-connection ID does not get assigned twice.
The routed virtual connections are supported on the main interfaces, not subinterfaces.
The virtual-circuit ID must be unique to each virtual connection.
Examples
This example shows how to enable routing of Layer 2 packets over MPLS:
Router(config-if)# mpls l2transport route 192.16.0.1
Router(config-if)#
Related Commands
|
|
---|---|
Displays the state of virtual circuits on a router. |
mpls load-balance per-label
To enable the load balancing for the tag-to-tag traffic, use the mpls load-balance per-label command. To return to the default settings, use the no form of this command.
mpls load-balance per-label
no mpls load-balance per-label
Syntax Description
This command has no arguments or keywords.
Command Modes
Disabled
Command Default
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
When you enable load balancing for the tag-to-tag traffic, the traffic is balanced based on the incoming label (per prefix) among MPLS interfaces. Each MPLS interface supports an equal number of incoming labels.
You can use the show mpls ttfib command to display the incoming label (indicated by an asterisk) that is included in the load balancer.
Examples
This example shows how to enable the load balancing for the tag-to-tag traffic:
Router(config)# mpls load-balance per-label
Router(config)#
This example shows how to disable the load balancing for the tag-to-tag traffic:
Router(config)# no mpls load-balance per-label
Router(config)#
Related Commands
|
|
---|---|
Displays information about the MPLS TTFIB table. |
mpls ttl-dec
To specify standard MPLS tagging, use the mpls ttl-dec command. To return to the default settings, use the no form of this command.
mpls ttl-dec
no mpls ttl-dec
Syntax Description
This command has no arguments or keywords.
Command Modes
Optimized MPLS tagging (no mpls ttl-dec).
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
MPLS tagging has been optimized to allow the rewriting of the original packet's IP ToS and TTL values before the MPLS label is pushed onto the packet header. This change can result in a slightly lower performance for certain types of traffic. If the packet's original ToS/TTL values are not significant, you enter the mpls ttl-dec command for standard MPLS tagging.
Examples
This example shows how to configure the Catalyst 6500 series switch to use standard MPLS tagging behavior:
Router(config)# mpls ttl-dec
Router(config)#
This example shows how to configure the Catalyst 6500 series switch to use optimized MPLS tagging behavior:
Router(config)# no mpls ttl-dec
Router(config)#
Related Commands
|
|
---|---|
Enables routing of Layer 2 packets over MPLS. |
mtu
To adjust the maximum packet size or MTU size, use the mtu command. To return to the default settings, use the no form of this command.
mtu bytes
no mtu
Syntax Description
bytes |
Byte size; valid values are from 64 to 9216 for SVI ports, from 1500 to 9170 for the GE-WAN+ ports, and from 1500 to 9216 for all other ports. |
Command Modes
Table 2-27 lists the default MTU values if you disable the jumbo frames.
|
|
---|---|
Ethernet |
1500 |
Serial |
1500 |
Token Ring |
4464 |
ATM |
4470 |
FDDI |
4470 |
HSSI (HSA) |
4470 |
If you enable the jumbo frames, the default is 64 for the SVI ports and 9216 for all the other ports. The jumbo frames are disabled by default.
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
For switch ports, only one larger-than-default MTU value is allowed globally. For Layer 3 ports, including router ports and VLANs, you can configure nondefault MTU values on a per-interface basis.
For a complete list of modules that do not support jumbo frames, refer to the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide—Release 12.2ZY.
Changing the MTU value with the mtu command can affect values for the protocol-specific versions of the command (for example, the ip mtu command). If the values that are specified with the ip mtu command are the same as the value that is specified with the mtu command, and you change the value for the mtu command, the ip mtu value automatically matches the new mtu command value. However, changing the values for the ip mtu command has no effect on the value for the mtu command.
Examples
This example shows how to specify an MTU of 1800 bytes:
Router(config)# interface fastethernet 5/1
Router(config-if)# mtu 1800
Related Commands
|
|
---|---|
ip mtu |
Sets the MTU size of IP packets sent on an interface. |
name (MST configuration submode)
To set the name of an MST region, use the name command. To return to the default name, use the no form of this command.
name name
no name name
Syntax Description
name |
Name to give the MST region. It can be any string with a maximum length of 32 characters. |
Command Modes
Empty string
Command Default
MST configuration submode
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
Two or more Catalyst 6500 series switches with the same VLAN mapping and configuration version number are considered to be in different MST regions if the region names are different.
Examples
This example shows how to name a region:
Router(config-mst)# name Cisco
Router(config-mst)#
Related Commands
neighbor
To specify the type of tunnel signaling and encapsulation mechanism for each peer, use the neighbor command. To disable a split horizon, use the no form of this command.
neighbor remote-router-id {encapsulation encapsulation-type} | {pw-class pw-name} [no-split-horizon]
no neighbor remote-router-id
Syntax Description
Command Modes
Split horizon is enabled.
Command Default
Layer 2 VFI manual configuration submode
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
To avoid looping, you should not disable a split horizon in a fully meshed Virtual PVLAN service (VPLS) network.
Examples
This example shows how to specify the tunnel encapsulation type:
Router(config-vfi)# neighbor 333 encapsulation mpls
Router(config-vfi)#
This example shows how to disable the Layer 2 split horizon in the data path:
Router(config-vfi)# neighbor 333 no-split-horizon
Router(config-vfi)#
net
To configure an IS-IS NET for the routing process, use the net command. To remove a NET, use the no form of this command.
net net1 {alt net2}
no net net
Syntax Description
Command Default
The defaults are as follows:
•No NET is configured.
•IS-IS process is disabled.
Command Modes
Global configuration (config)
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
A NET is an NSAP where the last byte is always the n-selector and is always zero. A NET can be from 8 to 20 bytes.
Under most circumstances, you should configure one NET only.
When entering the net, use these guidelines:
•In a 3-slot chassis, slot 1 is the primary slot and slot 2 is the alternate slot.
•In a 6-slot chassis, slot 5 is the primary slot and slot 6 is the alternate slot.
•In a 9-slot chassis, slot 5 is the primary slot and slot 6 is the alternate slot.
•In a 13-slot chassis, slot 7 is the primary slot and slot 8 is the alternate slot.
If you are using IS-IS to perform IP routing only (no connectionless network service routing is enabled), you must configure a NET to define the router ID and area ID.
Multiple NETs per router are allowed with a maximum of three NETs. In rare circumstances, you can configure two or three NETs. In such a case, the area this router is in will have three area addresses and only one area.
Multiple NETs can be temporarily useful for network reconfiguration where multiple areas are merged, or where one area is split into more areas. Multiple area addresses enable you to renumber an area individually as needed.
Examples
This example shows how to configure a router with system ID 0000.0c11.1110 and area ID 47.0004.004d.0001:
router isis Pieinthesky
net 47.0004.004d.0001.0001.0c11.1111.00
This example shows three IS-IS routing processes with three areas that are configured. Each area has a unique identifier, but the system ID is the same for all areas.
clns routing
...
interface Tunnel529
ip address 10.0.0.5 255.255.255.0
ip router isis BB
clns router isis BB
interface Ethernet1
ip address 10.1.1.5 255.255.255.0
ip router isis A3253-01
clns router isis A3253-01
!
interface Ethernet2
ip address 10.2.2.5 255.255.255.0
ip router isis A3253-02
clns router isis A3253-02
...
router isis BB ! Defaults to "is-type level-1-2"
net 49.2222.0000.0000.0005.00
!
router isis A3253-01
net 49.0553.0001.0000.0000.0005.00
is-type level-1
!
router isis A3253-02
net 49.0553.0002.0000.0000.0005.00
is-type level-1
Related Commands
|
|
---|---|
is-type |
Configures the routing level for an instance of the IS-IS routing process. |
router isis |
Enables the IS-IS routing protocol and specifies an IS-IS process. |
nsf
To enable and configure Cisco NSF, use the nsf command. To disable NSF, use the no form of this command.
nsf [enforce global]
nsf [{cisco | ietf} | {interface {wait seconds}} | {interval minutes} | {t3 [adjacency | {manual seconds}}]
no nsf
Syntax Description
Command Default
The default settings are as follows:
•NSF is disabled.
•enforce global—Enabled.
•interval minutes—5 minutes.
•interface wait seconds—10 seconds.
•t3 manual seconds—30 seconds.
Command Modes
Router configuration IS-IS
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The nsf interface wait command can be used if Cisco proprietary IS-IS NSF is configured or if the Internet Engineering Task Force (IETF) IS-IS NSF is enabled using the nsf t3 manual command. You can use this command if an interface is slow to come up.
Note Cisco NSF is required only if the Catalyst 6500 series switch is expected to perform Cisco NSF during a restart. If the Catalyst 6500 series switch is expected to cooperate with a neighbor that is doing a Cisco NSF restart only, the switch must be NSF capable by default (running a version of code that supports Cisco NSF), but Cisco NSF does not have to be configured on the switch.
The nsf commands are a subset of the router command and affects all the interfaces that are covered by the designated process. Cisco NSF supports the BGP, OSPF, IS-IS, and EIGRP protocols. The configuration commands that enable NSF processing are as follows:
•nsf under the router ospf command
•nsf ietf under the router isis command
•bgp graceful-restart under the router bgp command
These commands must be issued as part of the router's running configuration. During the restart, these commands are restored to activate the NSF processing.
The [{cisco | ietf} | {interface {wait seconds}} | {interval minutes} | {t3 [adjacency | {manual seconds}}] keywords and arguments apply to IS-IS only.
The {enforce global} keywords apply to OSPF only.
BGP NSF Guidelines
BGP support in NSF requires that neighbor networking devices be NSF-aware devices; that is, they must have the graceful restart capability and advertise that capability in the OPEN message during session establishment. If an NSF-capable router discovers that a particular BGP neighbor does not have the graceful restart capability enabled, it will not establish an NSF-capable session with that neighbor. All other neighbors that have a graceful restart capability will continue to have NSF-capable sessions with this NSF-capable networking device. Enter the bgp graceful-restart router configuration command to enable the graceful restart capability. Refer to the Cisco IOS Release 12.2 Command Reference for more information.
EIRGP NSF Guidelines
A router may be an NSF-aware router but may not be participating in helping out the NSF restarting neighbor because it is coming up from a cold start.
IS-IS NSF Guidelines
If you configure IETF on the networking device, but neighbor routers are not IETF-compatible, NSF will abort after the switchover.
Use these two keywords when configuring IS-IS NSF:
•ietf—Internet Engineering Task Force IS-IS—After a supervisor engine switchover, the NSF-capable router sends the IS-IS NSF restart requests to the neighboring NSF-aware devices.
•cisco—Cisco IS-IS. Full adjacency and LSP information is saved (checkpointed) to the standby supervisor engine. After a switchover, the newly active supervisor engine maintains its adjacencies using the checkpointed data to quickly rebuild its routing tables.
OSPF NSF Guidelines
OSPF NSF requires that all neighbor networking devices be NSF-aware devices. If an NSF-capable router discovers that it has non-NSF aware neighbors on a particular network segment, it will disable the NSF capabilities for that segment. The other network segments that are composed entirely of NSF-capable or NSF-aware routers will continue to provide NSF capabilities.
OSPF NSF supports NSF/SSO for IPv4 traffic only. OSPFv3 is not supported with NSF/SSO. Only OSPFv2 is supported with NSF/SSO.
Examples
This example shows how to enable NSF for all OSPF-process interfaces:
Router(config)# router ospf 109
Router(config-router)# nsf
Router(config-router)#
This example shows how to disable NSF for all OSPF-process interfaces:
Router(config)# router ospf 109
Router(config-router)# no nsf
Router(config-router)#
Related Commands
|
|
---|---|
Enables a routing process. |
pagp learn-method
To learn the input interface of the incoming packets, use the pagp learn-method command. To return to the default settings, use the no form of this command.
pagp learn-method {aggregation-port | physical-port}
no pagp learn-method
Syntax Description
aggregation-port |
Specifies how to learn the address on the port channel. |
physical-port |
Specifies how to learn the address on the physical port within the bundle. |
Command Default
aggregation-port method
Command Modes
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Examples
This example shows how to set the learning method to learn the address on the physical port within the bundle:
Router(config-if)#
pagp learn-method physical-port
Router(config-if)#
This example shows how to set the learning method to learn the address on the port channel within the bundle:
Router(config-if)#
pagp learn-method
Router(config-if)#
Related Commands
|
|
---|---|
Displays port-channel information. |
pagp port-priority
To select a port in hot standby mode, use the pagp port-priority command. To return to the default settings, use the no form of this command.
pagp port-priority priority
no pagp port-priority
Syntax Description
priority |
Priority number; valid values are from 1 to 255. |
Command Default
priority is 128.
Command Default
Interface configuration
Command History
|
|
---|---|
12.2(18)ZY |
Support for this command was introduced. |
Usage Guidelines
The higher the priority means the better the chances are that the port will be selected in the hot standby mode.
Examples
This example shows how to set the port priority:
Router(config-if)#
pagp port-priority 45
Router(config-if)#
Related Commands
|
|
---|---|
Learns the input interface of the incoming packets. |
|
Displays port-channel information. |