Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

mls question of newbie

1. Does mls running only on cat6000,cat5000 and cat4000? How to implement l3 switching on cat3550 if it doesn't support mls?

2.What's difference between mls and cef ? Cat6000 support these functions both.Will cat6000 choose which type of technology when packet come in? cef or mls?

3.In my 6509,mls flow mask is Destination flow and my msfc2 is configured with extented ip access-list. I remember book <lan switching> writened by clark said 6509 will use destination−source flow if there is extented access-list. what's wrong with this?

any comment is appreciated! thanks!

Regards

Henry

4 REPLIES
Cisco Employee

Re: mls question of newbie

The following page should help

http://www.cisco.com/warp/public/473/55.html

CAT3550/CAT6000 with Sup2/MSFC2, CAT4000 with Sup3/4 uses CEF based forwarding. CAT6000 with Sup1/MSFC support MLS only

CEF is a enhanced implementation of MLS. With MLS, the first packet hits the router to get routed and then subsequent flows are hardware switched, but with CEF, even the first packet need not be routed by the router.

New Member

Re: mls question of newbie

thanks! I got it.

But why my sup1a/msfc2 6509 running mls based desination flow mask with extended access-list ? Is it right?

I found from cisco document which said destination-source will be used if extended access-list is configered .

sometime my network have strange errors. Is this possible reason?

Could you please help me.

Regards

Henry

Cisco Employee

Re: mls question of newbie

With access-lists, Source and Destination IP addresses needs to be cached as well. With extended Access-lists, TCP port numbers need to be cached as well(Full Flow). So if you have regular ACLs, the "destination-source flow" will be used and with extended ACLs, Full flow will be used

New Member

Re: mls question of newbie

So why my 6509 is running with Destination flow and simple extended access list without port numbers?

Do I need change Destination flow to destination-source flow ?

Except it will increase numbers of mls entry, are there any disadvantages ?

If I keep running this, are there any vulnerability ?

Regards

Henry

86
Views
0
Helpful
4
Replies
CreatePlease to create content