Re: MLS Flow Mask Question

kwftide · ‎09-29-2003

The 3 different flow masks are:

Destination IP Only

SRC & DST IP

SRC & DST IP / Port

My question is: Why would anyone use the 2nd or 3rd options? Isn't the primary objective to get the packet / frame to its destination, regardless of SRC or Port?

What are the benefits of the more granular approach?

Thanks in advance!!!

Ken

david.porter · ‎09-29-2003

Hi Ken,

This is not something we use so I could be way off track here but if you are using Netflow then the additional information could be used for accounting/reporting.

Dave

peterbe · ‎09-29-2003

We use option 3 because we have extended access-lists. If not access lists, then option 1 is great.

Peter

kwftide · ‎09-30-2003

I appreciate the responses. However, the question was regarding whether the 2nd or 3rd options are useful when implementing Multi-layer Switching.

The standard and/or extended ACLs would only be used to classify traffic for flow masks. That's "how" you would do it, rather that "why" you would do it.

I hope this clarifies things a little. I would really like to understand this from a real world standpoint.

Thanks again!

kwftide · ‎09-30-2003

Sorry for the confusion. I think I understand it better now.

Evidently, by simply adding a standard or extended ACL, the mask will change or will need to be changed. This is to keep the MLS Cache in line with the filtering ACL.

But will the flow mask type change automatically?

peterbe · ‎09-30-2003

It has been a while since I configured this so cannot remember. From the link below it seems it is automatic.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_2/layer3/mls.htm#31840

Peter