Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
243
Views
0
Helpful
4
Replies

mls question of newbie

henrybb
Level 1
Level 1

‎05-26-2003 12:23 AM - edited ‎03-02-2019 07:37 AM

1. Does mls running only on cat6000,cat5000 and cat4000? How to implement l3 switching on cat3550 if it doesn't support mls?

2.What's difference between mls and cef ? Cat6000 support these functions both.Will cat6000 choose which type of technology when packet come in? cef or mls?

3.In my 6509,mls flow mask is Destination flow and my msfc2 is configured with extented ip access-list. I remember book <lan switching> writened by clark said 6509 will use destination−source flow if there is extented access-list. what's wrong with this?

any comment is appreciated! thanks!

Regards

Henry

Labels:
0 Helpful
4 Replies 4

Prashanth Krishnappa
Cisco Employee
Cisco Employee

‎05-26-2003 04:36 AM

The following page should help

http://www.cisco.com/warp/public/473/55.html

CAT3550/CAT6000 with Sup2/MSFC2, CAT4000 with Sup3/4 uses CEF based forwarding. CAT6000 with Sup1/MSFC support MLS only

CEF is a enhanced implementation of MLS. With MLS, the first packet hits the router to get routed and then subsequent flows are hardware switched, but with CEF, even the first packet need not be routed by the router.

0 Helpful

henrybb
Level 1
Level 1
In response to Prashanth Krishnappa

‎05-26-2003 06:55 PM

thanks! I got it.

But why my sup1a/msfc2 6509 running mls based desination flow mask with extended access-list ? Is it right?

I found from cisco document which said destination-source will be used if extended access-list is configered .

sometime my network have strange errors. Is this possible reason?

Could you please help me.

Regards

Henry

0 Helpful

Prashanth Krishnappa
Cisco Employee
Cisco Employee
In response to henrybb

‎05-26-2003 07:15 PM

With access-lists, Source and Destination IP addresses needs to be cached as well. With extended Access-lists, TCP port numbers need to be cached as well(Full Flow). So if you have regular ACLs, the "destination-source flow" will be used and with extended ACLs, Full flow will be used

0 Helpful

henrybb
Level 1
Level 1
In response to Prashanth Krishnappa

‎05-26-2003 10:46 PM

So why my 6509 is running with Destination flow and simple extended access list without port numbers?

Do I need change Destination flow to destination-source flow ?

Except it will increase numbers of mls entry, are there any disadvantages ?

If I keep running this, are there any vulnerability ?

Regards

Henry

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents