Good afternoon gentlemen
Even searching some articles regarding MLS configuration and CEF configuration, both concepts are still not clear for me.
We have a 6509E switch with supervisor 720, with submodules PFC3B and MSFC3. IOS is 12.2(33)SXJ7.
Sometimes we face some high CPU usage due to IP Input and SNMP process and issuing "show run".
CEF is enable globally ("ip cef distributed") and for each interface VLAN ("ip route-cache cef")
MLS is enabled for QOS ("mls qos") for configuring policy-maps for policing traffic input and output in interface vlans. Configured "mls qos vlan-based" in physical interfaces associated to those VLANs.
There's a access-list applied in line vty with an ending deny and logging lots of attempts not allowed in switch.
Each interface VLAN has the following remaining configuration:
no mls ip
no mls switching unicast
Some remaining configuration I found in switch:
no mls ipv6 acl pbr svi hardware
no mls acl tcam override dynamic dhcp-snooping
no mls acl tcam override dynamic dai
no mls acl tcam share-acl
no mls acl tcam share-global
mls netflow interface
mls cef error action reset
Questions:
1 - Is there any tuning or best practices I could perform in switch configuration regarding mls and cef?
2 - What's the difference regarding "mls cef" and "ip cef" for comand "show" for troubleshooting?
Regards
Christian
