Destination-IP flow mask on the MLS-SE is the default flow mask, no access-lists are being used on the MLS-RP. Source-Destination-IP flow mask on the MLS-SE is used when there is a standard access-list used on the MLS-RP. IP-Flow flow mask on the MLS-SE is used when there is an extended access-list used on the MLS-RP.
Depending on what flow mask is being used (depending on what access-list is being used) will influence the type of MLS cache. If the Destination-IP flow mask is used, then the MLS-SE cache maintains one MLS entry for each given destination IP address. If the Source-Destination-IP flow mask is used, the MLS-SE cache has a separate entry for each source and destination pair. If the IP-Flow flow mask is used, the MLS-SE cache has a separate entry for each unique combination of source and destination IP address, each protocol port number, and each type of IP protocol. HTH, Shawn K. > -----Original Message----- > From: David Ristau [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, January 07, 2003 5:33 PM > To: [EMAIL PROTECTED] > Subject: CCNP switching Exam question [7:60537] > > 640-604 exam description says under multilayer switching topic > "apply flow masks to influence the type of MLS cache" > > what is your interpretation of this statement. > > I know there are 3 types of Flow Masks, Destination-IP, > Source-Destination-IP, and IP-Flow. > > I also know we can control the MLS cache via the aging time parameter > i.e. SET MLS AGINGTIME 272 or > SET MLS AGINGTIME FAST ... > > I don't understand how to control the MLS cache by applying access lists > on > the switch. > > I can stop packets coming in by placing a deny access filter on an > interface > but don't understand how to "influence the type of MLS cache". Am I > reading > to deep into this? > > thanks for your opinion. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60570&t=60537 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]