Specifications
Multilayer Switching Overview
Introduction to IPX MLS
15
Figure 68 IPX MLS Example Topology
Standard Access Lists
Note Router interfaces with input access lists or outbound access lists unsupported by MLS cannot participate
in IPX MLS. However, you can translate any input access list to an output access list to provide the same
effect on the interface.
IPX MLS enforces access lists on every packet of the flow, without compromising IPX MLS
performance. The MLS-SE handles permit traffic supported by MLS at wire speed.
Note Access list deny traffic is always handled by the MLS-RP, not the MLS-SE.
The MLS switching path automatically reflects route topology changes and the addition or modification
of access lists on the MLS-SE. The techniques for handling route and access list changes apply to both
the RSM and directly attached external routers.
For example, for Stations A and B to communicate, Station A sends the first packet to the MLS-RP. If the
MLS-RP is configured with an access list to deny access from Station A to Station B, the MLS-RP
receives the packet, checks its access list permissions to learn if the packet flow is permitted, and then
discards the packet. Because the MLS-SE does not receive the returned first packet for this flow from
the MLS-RP, the MLS-SE does not create an MLS cache entry.
Source IPX
Address
01.Aa
01.Aa
02.Cc
01.Aa:02.CcData
03.Bb
02.Cc
01.Aa
Dd:Bb
Dd:Cc
Dd:Aa
Marketing
Engineering
Sales
Destination
IPX Address
Rewrite Src/Dst
MAC Address
Destination
VLAN
RSM
Net 1/Sales
01
MAC = Aa
MAC = Dd
MAC = Bb
MAC = Cc
Net 3/Marketing
03
Net 2/Engineering
02
Aa:Dd
01.Aa:02.CcData Dd:Cc
18561