aaa accounting
aaa accounting delay-start
aaa accounting gigawords
aaa accounting nested
aaa accounting resource
aaa accounting send stop-record authentication failure
aaa accounting session-duration ntp-adjusted
aaa accounting suppress null-username
aaa accounting update
aaa authentication attempts login
aaa authentication banner
aaa authentication enable default
aaa authentication fail-message
aaa authentication local-override
aaa authentication login
aaa authentication password-prompt
aaa authentication ppp
aaa authentication username-prompt
aaa authorization
aaa authorization config-commands
aaa authorization reverse-access
aaa authorization template
aaa configuration route
aaa group server radius
aaa group server tacacs+
aaa new-model
absolute-timeout
access-class
access-enable
access-list
access-list rate-limit
access-template
activation-character
aggregate-address
alias
area authentication
area default-cost
area nssa
area-password
area range
area stub
area virtual-link
arp (global)
arp (interface)
arp timeout
async-bootp
async default ip address
async default routing
async dynamic address
async dynamic routing
async mode
atm address
atm arp-server
atm esi-address
atm lecs-address
atm lecs-address-default
atm nsap-address
atm pvc
atm-vc
autobaud
autocommand
autodetect encapsulation
autohangup
auto discovery qos
auto qos voip
auto secure
autoselect
auto-summary
backup
bandwidth (interface)
bandwidth (policy-map)
banner exec
banner incoming
banner login
banner motd
bgp always-compare-med
bgp bestpath as-path ignore
bgp bestpath med-confed
bgp bestpath missing-as-worst
bgp client-to-client reflection
bgp cluster-id
bgp confederation identifier
bgp confederation peers
bgp dampening
bgp default local-preference
bgp default route-target filter
bgp deterministic med
bgp fast-external-fallover
bgp log-neighbor-changes
bgp-policy
bridge acquire
bridge address
bridge cmf
bridge crb
bridge forward-time
bridge-group
bridge-group aging-time
bridge-group circuit-group
bridge-group input-address-list
bridge-group input-lsap-list
bridge-group input-pattern
bridge-group input-type-list
bridge-group output-address-list
bridge-group output-lsap-list
bridge-group output-pattern
bridge-group output-type-list
bridge-group path-cost
bridge-group priority
bridge-group spanning-disabled
bridge hello-time
bridge irb
bridge max-age
bridge multicast-source
bridge priority
bridge protocol
bridge route
busy-message
cable helper-address
calendar set
callback forced-wait
cd
cdp advertise-v2
cdp enable
cdp holdtime
cdp run
cdp timer
channel-group (controller)
channel-group (interface)
chat-script
class (frame-relay)
class (MPLS)
class (policy-map)
class-map
clear
client-atm-address name
clock calendar-valid
clock rate
clock read-calendar
clock set
clock summer-time
clock timezone
clock update-calendar
compress
config-register
configure
controller
copy
crc
custom-queue-list
databits
data-character-bits
dce-terminal-timing enable
debug
default-information
default-information originate
default-metric
default-name
delay
delete
description
dialer aaa
dialer callback-secure
dialer callback-server
dialer caller
dialer dtr
dialer enable-timeout
dialer fast-idle
dialer-group
dialer hold-queue
dialer idle-timeout
dialer in-band
dialer isdn
dialer-list
dialer load-threshold
dialer map
dialer map snapshot
dialer max-link
dialer pool
dialer pool-member
dialer priority
dialer remote-name
dialer rotary-group
dialer rotor
dialer string
dialer wait-for-carrier-time
dialer watch-disable
dialer watch-group
dialer watch-list
dir
disable
disconnect
disconnect-character
disconnect ssh
dispatch-character
distance
distance bgp
distance eigrp
distribute-list in
distribute-list out
domain-password
downward-compatible-config
down-when-looped
drop
dte-invert-txc
early-token-release
editing
eigrp log-neighbor-changes
enable
enable last-resort
enable password
enable secret
enable use-tacacs
encapsulation (ATM/MPLS)
encapsulation (interface)
end
erase
escape-character
exception core-file
exception dump
exception memory
exception protocol
exception spurious-interrupt
exec
exec-timeout
exit
fair-queue (policy-map class)
fair-queue (interface)
fair-queue aggregate-limit
fair-queue individual-limit
fair-queue limit
fair-queue qos-group
fair-queue tos
fair-queue weight
fddi burst-count
fddi c-min
fddi cmt-signal-bits
fddi duplicate-address-check
fddi encapsulate
fddi frames-per-token
fddi smt-frames
fddi tb-min
fddi tl-min-time
fddi token-rotation-time
fddi t-out
fddi valid-transmission-time
flowcontrol
format
frame-relay adaptive-shaping
frame-relay [ bc | be]
frame-relay becn-response-enable
frame-relay broadcast-queue
frame-relay cir
frame-relay class
frame-relay custom-queue-list
frame-relay de-group
frame-relay de-list
frame-relay idle-timer
frame-relay interface-dlci
frame-relay intf-type
frame-relay inverse-arp
frame-relay ip rtp header-compression
frame-relay ip tcp header-compression
frame-relay lmi-type
frame-relay local-dlci
frame-relay map
frame-relay map bridge
frame-relay map clns
frame-relay map ip compress
frame-relay map ip rtp header-compression
frame-relay map ip tcp header-compression
frame-relay mincir
frame-relay multicast-dlci
frame-relay payload-compress packet-by-packet
frame-relay priority-dlci-group
frame-relay priority-group
frame-relay route
frame-relay svc
frame-relay switching
frame-relay traffic-rate
frame-relay traffic-shaping
fsck
ftp-server enable
ftp-server topdir
full-duplex
full-help
group-range
half-duplex
half-duplex controlled-carrier
help
history
hold-character
hold-queue
hostname
hssi external-loop-request
hssi internal-clock
hub
ignore-dcd
interface
interface bvi
interface dialer
interface group-async
ip access-group
ip access-list
ip accounting
ip accounting-list
ip accounting-threshold
ip accounting-transits
ip address
ip address negotiated
ip address-pool
ip alias
ip as-path access-list
ip authentication
ip bandwidth-percent eigrp
ip bgp-community new-format
ip bootp server
ip broadcast-address
ip cef
ip cef traffic-statistics
ip cgmp
ip classless
ip community-list
ip default-gateway
ip default-network
ip dhcp-server
ip directed-broadcast
ip domain-list
ip domain-lookup
ip domain-name
ip dvmrp accept-filter
ip dvmrp auto-summary
ip dvmrp default-information
ip dvmrp metric
ip dvmrp metric-offset
ip dvmrp output-report-delay
ip dvmrp reject-non-pruners
ip dvmrp routehog-notification
ip dvmrp route-limit
ip dvmrp summary-address
ip dvmrp unicast-routing
ip forward-protocol
ip ftp passive
ip ftp password
ip ftp source-interface
ip ftp username
ip hello-interval eigrp
ip helper-address
ip hold-time eigrp
ip host
ip http
ip identd
ip igmp access-group
ip igmp explicit-tracking
ip igmp helper-address
ip igmp join-group
ip igmp query-interval
ip igmp query-max-response-time
ip igmp query-timeout
ip igmp static-group
ip igmp version
ip irdp
ip load-sharing
ip local policy route-map
ip local pool
ip mask-reply
ip mroute
ip mroute-cache
ip mtu
ip multicast boundary
ip multicast cache-headers
ip multicast helper-map
ip multicast rate-limit
ip multicast-routing
ip multicast ttl-threshold
ip name-server
ip nat
ip nat inside destination
ip nat inside source
ip nat outside source
ip nat pool
ip nat stateful id
ip nat translation
ip nbar pdlm
ip nbar port-map
ip nbar protocol-discovery
ip netmask-format
ip nhrp authentication
ip nhrp holdtime
ip nhrp interest
ip nhrp map
ip nhrp map multicast
ip nhrp max-send
ip nhrp network-id
ip nhrp nhs
ip nhrp record
ip nhrp responder
ip nhrp server-only
ip nhrp trigger-svc
ip nhrp use
ip ospf authentication
ip ospf authentication-key
ip ospf cost
ip ospf dead-interval
ip ospf demand-circuit
ip ospf hello-interval
ip ospf message-digest-key
ip ospf name-lookup
ip ospf network
ip ospf priority
ip ospf retransmit-interval
ip ospf transmit-delay
ip pim
ip pim accept-rp
ip pim message-interval
ip pim minimum-vc-rate
ip pim multipoint-signalling
ip pim nbma-mode
ip pim neighbor-filter
ip pim query-interval
ip pim rp-address
ip pim rp-announce-filter
ip pim send-rp-announce
ip pim send-rp-discovery
ip pim vc-count
ip pim version
ip policy-list
ip policy route-map
ip proxy-arp
ip radius source-interface
ip rarp-server
ip rcmd rcp-enable
ip rcmd remote-host
ip rcmd remote-username
ip rcmd rsh-enable
ip redirects
ip rip authentication
ip rip receive version
ip rip send version
ip rip triggered
ip rip v2-broadcast
ip route
ip route-cache
ip route-cache policy
ip route priority high
ip route profile
ip router isis
ip routing
ip rtp compression-connections
ip rtp header-compression
ip rtp priority
ip scp server enable
ip source-route
ip split-horizon
ip ssh
ip subnet-zero
ip summary-address eigrp
ip summary-address rip
ip tcp chunk-size
ip tcp compression-connections
ip tcp header-compression
ip tcp mtu-path-discovery
ip tcp queuemax
ip tcp synwait-time
ip tcp window-size
ip telnet source-interface
ip tftp source-interface
ip unnumbered
ip unreachables
isdn answer1, isdn answer2
isdn autodetect
isdn bchan-number-order
isdn busy
isdn caller
isdn call interface
isdn calling-number
isdn conference-code
isdn disconnect interface
isdn fast-rollover-delay
isdn incoming-voice
isdn leased-line bri 128
isdn not-end-to-end
isdn nsf-service
isdn outgoing-voice
isdn overlap-receiving
isdn send-alerting
isdn sending-complete
isdn service
isdn spid1 (spid2)
isdn switch-type
isdn tei
isdn tei-negotiation
isdn transfer-code
isdn twait-disable
isdn voice-priority
isis advertise-prefix
isis authentication key-chain
isis authentication mode
isis authentication send-only
isis circuit-type
isis csnp-interval
isis hello-interval
isis hello-multiplier
isis lsp-interval
isis metric
isis password
isis priority
isis retransmit-interval
isis retransmit-throttle-interval
is-type
keepalive
key
key chain
key config-key
key-string
lane auto-config-atm-address
lane bus-atm-address
lane client
lane client-atm-address
lane config-atm-address
lane config database
lane database
lane fixed-config-atm-address
lane global-lecs-address
lane le-arp
lane server-atm-address
lane server-bus
line
linecode
link-test
location
logging
logging buffered
logging buffered xml
logging console
logging console xml
logging count
logging facility
logging history
logging history size
logging host
logging monitor
logging on
logging source-interface
logging synchronous
logging trap
login
login authentication
logout-warning
loopback
mac-address-table aging-time
mac-address-table dynamic
mac-address-table secure
mac-address-table static
map-class dialer
map-class frame-relay
map-group
map-list
match access-group
match any
match as-path
match class-map
match community-list
match cos
match destination-address mac
match discard-class
match dscp
match fr-dlci
match input-interface
match interface
match ip address
match ip dscp
match ip next-hop
match ip precedence
match ip route-source
match ip rtp
match length
match metric
match mpls experimental
match mpls-label
match not
match packet length
match precedence
match protocol
match qos-group
match route-type
match source-address mac
match tag
maximum-paths
max-reserved-bandwidth
media-type
member
menu
menu command
menu text
menu title
metric holddown
metric maximum-hops
metric weights
mkdir
modem
monitor session
more
motd-banner
mpls atm control-vc
mpls atm cos
mpls atm disable-headend-vc
mpls atm multi-vc
mpls atm vpi
mpls atm vp-tunnel
mpls cos-map
mpls ip
mpls ip default-route
mpls ip encapsulate explicit-null
mpls ip ttl-expiration pop
mpls label protocol
mpls label range
mpls mtu
mpls prefix-map
mpls request-labels for
mrinfo
mstat
mtrace
mtu
name elan-id
name local-seg-id
name preempt
name server-atm-address
neighbor
neighbor advertisement-interval
neighbor database-filter
neighbor default-originate
neighbor description
neighbor distribute-list
neighbor filter-list
neighbor maximum-prefix
neighbor next-hop-self
neighbor password
neighbor peer-group
neighbor prefix-list
neighbor remote-as
neighbor route-map
neighbor route-reflector-client
neighbor send-community
neighbor send-label
neighbor shutdown
neighbor soft-reconfiguration inbound
neighbor ttl-security
neighbor timers
neighbor ttl-security
neighbor update-source
neighbor version
neighbor weight
net
network
network backdoor
network weight
nrzi-encoding
ntp access-group
ntp authenticate
ntp authentication-key
ntp broadcast
ntp broadcast client
ntp broadcastdelay
ntp disable
ntp master
ntp peer
ntp server
ntp source
ntp trusted-key
ntp update-calendar
offset-list
ospf auto-cost reference-bandwidth
ospf log-adj-changes
output-delay
padding
parity
passive-interface
password
peer default ip address
peer neighbor-route
physical-layer
ping
police
policy-map
ppp
ppp authentication
ppp bridge ip
ppp chap
ppp compress
ppp multilink
ppp quality
ppp reliable-link
ppp use-tacacs
priority-group
priority-list
privilege level (global)
privilege level (line)
prompt
pulse-time
pvc
qos pre-classify
queue-limit
queue-list
radius-server
random-detect
random-detect discard-class
random-detect discard-class-based
random-detect dscp
random-detect ecn
random-detect exponential-weighting-constant
random-detect flow
rate-limit
redistribute
refuse-message
reload
rename
ring-speed
rlogin
rmdir
route-map
router
rsh
rxspeed
send
service
service compress-config
service linenumber
service-module 56k
service-module t1
service-policy (interface)
service-policy (policy-map)
service timestamps
session-limit
session-timeout
set as-path
set atm-clp
set automatic-tag
set community
set cos
set default interface
set discard-class
set dscp
set fr-de
set interface
set ip default next-hop
set ip next-hop
set ip precedence
set ip tos
set level
set local-preference
set metric
set metric-type
set metric-type internal
set mpls-label
set origin
set ospf router-id
set-overload-bit
set precedence
set qos-group
set tag
setup
set weight
shape
show
shutdown
smt-queue-threshold
snapshot
snmp-server
snmp-server chassis-id
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server engine-id
snmp-server group
snmp-server host
snmp-server location
snmp-server packetsize
snmp-server queue-length
snmp-server system-shutdown
snmp-server tftp-server-list
snmp-server trap-source
snmp-server trap-timeout
snmp-server user
snmp-server view
snmp trap link-status
source-address
spanning-tree backbonefast
spanning-tree cost
spanning-tree port-priority
spanning-tree vlan
speed
squeeze
squelch
sscop cc-timer
sscop keepalive-timer
sscop max-cc
sscop poll-timer
sscop rcv-window
sscop send-window
standby authentication
standby ip
standby preempt
standby priority
standby timers
standby track
stopbits
summary-address
synchronization
table-map
tacacs-server attempts
tacacs-server authenticate
tacacs-server directed-request
tacacs-server extended
tacacs-server host
tacacs-server key
tacacs-server last-resort
tacacs-server notify
tacacs-server optional-passwords
tacacs-server retransmit
tacacs-server timeout
tag-switching
terminal editing
terminal escape-character
terminal history
terminal length
terminal monitor
tftp-server
timers basic
timers bgp
timers spf
trace, traceroute
traffic-shape adaptive
traffic-shape fecn-adapt
traffic-shape group
traffic-shape rate
traffic-share
transport
tunnel checksum
tunnel destination
tunnel key
tunnel mode
tunnel sequence-datagrams
tunnel source
txspeed
undebug
undelete
username
vacant-message
validate-update-source
variance
verify
version
vlan
vlan database
vtp client
vtp domain
vtp password
vtp server
vtp transparent
vtp v2-mode
vty-async
vty-async dynamic-routing
vty-async header-compression
vty-async keepalive
vty-async mtu
vty-async ppp authentication
vty-async ppp use-tacacs
width
write
aaa accounting {auth-proxy | system | network | exec | connection | commands level} {default | list-name} [vrf vrf-name] {start-stop | stop-only | none} [broadcast] group group-name no aaa accounting {auth-proxy | system | network | exec | connection | commands level} {default | list-name} [vrf vrf-name] {start-stop | stop-only | none} [broadcast] group group-name Configures AAA Accounting Default Disabled Description This command enables accounting, which can be used for billing and security purposes. auth-proxy Provides information about all authenticated proxy user events. system Enables accounting for all system events that are not associated with a user (such as a reload). exec Enables accounting for EXEC-level commands. connection Provides information about all outbound connections, such as telnet, LAT, rlogin and SSH. commands level Enables accounting for the specified privilege level (0 to 15). default Uses the listed accounting methods that follow this argument as the default list for accounting services list-name Specifies the AAA accounting protocol to use (radius or tacacs+). vrf vrf-name Optional. Specifies a virtual route forwarding (VRF) configuration. start-stop Creates an accounting entry at the start and end of the command. stop-only Sends an accounting entry only when the command has completed execution. none Disables accounting services on this line or interface. broadcast Optional. Enables the sending accounting records to multiple AAA servers. group group-name Specifies the AAA accounting protocol to use for the specified server group (group radius and group tacacs+). Example The following configuration statements enable AAA accounting for commands at level 5. An accounting entry is generated when the command is initiated and when it is terminated; the command doesn't execute until the server has received the message and the TACACS+ protocol is used to send the entries to the accounting server. aaa new-model aaa accounting command 5 default group tacacs+ |
aaa accounting delay-start no accounting delay-start Configures Delays accounting start records until the user's IP address is established Default Disabled (no delay) Description The default behavior is to start accounting as soon as the user connects, even before her IP address has been established. The command delays the accounting until the IP address has been established. |
aaa accounting gigawords no aaa accounting gigawords Configures Enables 64-bit counters within AAA Default Enabled Description The command is enabled by default and only shows up in the configuration if the no version is used. The high-capacity counters provide greater counter capacity but use 8 percent of CPU memory for 24,000 sessions running under the ready state. If you do disable this with the no form of the command, you must reload the router to have it take effect. |
aaa accounting nested no aaa accounting nested Configures Nesting network records within EXEC start and stop records Default Disabled Description This commands keeps EXEC start and stop records togetheror nestedfor PPP users who start EXEC terminal sessions. Such nesting can be helpful for certain billing practices. |
aaa accounting resource method-list start-stop [broadcast] group group-name no accounting resource method-list start-stop [broadcast] group group-name aaa accounting resource method-list stop-failure [broadcast] group group-name no accounting resource method-list stop-failure [broadcast] group group-name Configures Accounting for the starting or stopping of a connection Default N/A Description The start-stop version of this command enables the accounting of a user's connection at the start of the call and at the end. The stop-failure command enables the generation of a stop record if the user's call is terminated. method-list Method used for accounting services. You can set this to default or provide a list of accounting methods. broadcast Optional. Enables the sending of accounting records to multiple AAA servers. group group-name Specifies the AAA accounting protocol to use (group radius or group tacacs+). Example aaa accounting resource default start-stop group radius aaa accounting resource default stop-failure group radius |
aaa accounting send stop-record authentication failure no aaa accounting send stop-record authentication failure Configures Stop records for users who fail to authenticate Default Disabled Description If the user fails a login or session negotiation, this command causes a stop record to be generated for this connection attempt. |
aaa accounting session-duration ntp-adjusted no accounting session-duration ntp-adjusted Configures Use of NTP clock to calculate Radius session time Default Disabled Description By default, the Radius attribute acct-sess-time is calculated on a 64-bit monotonically increasing counter, which is not Network Time Protocol-adjusted. This command causes the attribute to be calculated based on the NTP clock. |
aaa accounting suppress null-username no aaa accounting suppress null-username Configures Stopping the sending of accounting messages when the username is NULL Default Disabled Description This command prevents the creation of accounting records with usernames of NULL. |
aaa accounting update [newinfo] [periodic minutes [jitter {maximum max-value}]] no accounting update Configures Periodic interim accounting records Default Disabled Description Enables periodic interim accounting records to be sent to the accounting server. If the newinfo option is used, periodic reports are sent only when there is new information to report. newinfo Optional. Causes periodic information to be sent whenever there is new information about the user. periodic Optional. Specifies the number of minutes between periodic updates. jitter Optional. Allows the setting of the maximum jitter value. maximum Required for the jitter command. Sets the number of seconds for the maximum jitter in a periodic update. A value of 0 disables jitter. The default is 300 seconds. |
aaa authentication attempts login number no aaa authentication attempts login Configures The maximum number of login failures Default Three attempts Description This command sets the number of login attempts that will be permitted before the connection is dropped. number is the maximum value, which can be 1 to 25. |
aaa authentication banner delimiter no aaa authentication banner Configures A banner to be displayed at user login Default None Description Like all banner commands, this one takes a delimiter, which marks the end of the following banner string. This banner is displayed to the user at login. Example aaa new-model aaa authentication banner * Welcome to our system. Unauthorized access is prohibited * aaa authentication login default group radius |
aaa authentication enable default method ... method no aaa authentication enable default method ... method Configures Authentication for privileged command level Default None Description This command configures the router to use AAA to determine whether a user can access the privileged command set. The method parameter can be any of the following: enable, line, none, group tacacs+, or group radius. Each method describes where to get the password for authentication. If more than one method is listed, the methods are tried in order until one succeeds or all fail. This command does not work with TACACS or Extended TACACS (XTACACS). |
aaa authentication fail-message delimiter no aaa authentication fail-message Configures A failed login attempt banner message Default Disabled Description Like all banner commands, this one takes a delimiter, which marks the end of the following banner string. This banner is displayed to the user at a failed login attempt. |
aaa authentication local-override no aaa authentication local-override Configures The use of local usernames and passwords Default Disabled Description This command tells the router to check its own username and password database for a match before using any other authentication methods. It is useful if you have a small set of administrators who need access to the router even when the AAA server is down. |
aaa authentication login {default | listname} method ... method no aaa authentication login Configures AAA authentication method for login Default local Description This command defines a named list of authentication methods that can be used when a user logs into the device. The listname parameter specifies the name of the list; the login authentication command is used to apply a list. default is a special list name; the default list specifies the authentication methods to be used by default (i.e., in the absence of explicit login authentication commands). method describes where to get the password for authentication. If more than one method is listed, the methods are tried in order until one succeeds or all have failed. The valid methods are: enable, krb5, line, local, local-case, none, group radius, group tacacs+, and krb5-telnet. The local-case option uses case-sensitive local usernames. Example The following command defines the default list of login authentication methods. Because this is the default list, it applies to all users, even if there is no login authentication command. The router first attempts to use the tacacs+ method for authentication, then the enable method. Therefore, the enable password is used to authenticate users if the device cannot contact the TACACS+ server. ! Set authentication for login aaa authentication login default group tacacs+ enable none |
aaa authentication password-prompt string no aaa authentication password-prompt Configures Password prompt for logins Default Password: Description This command sets the text displayed for a user's password prompt to string. Example aaa authentication password-prompt "What is your password?" |
aaa authentication ppp {default | listname} method ... method no aaa authentication ppp Configures AAA authentication method for PPP Default local Description This command defines a named list of authentication methods that can be used when a user starts a PPP session. The listname parameter specifies the name of the list; the login authentication command is used to apply a list. default is a special list name; the default list specifies the authentication methods to be used by default (i.e., in the absence of explicit login authentication commands). method describes where to get the password for authentication. If more than one method is listed, they are tried in order until one succeeds or all fail. The valid methods are enable, krb5, line, local, local-case, none, group radius, group tacacs+, and krb5-telnet. Example The following command defines the default list of authentication methods for PPP users. Because this is the default list, it applies to all PPP users, even if there is no login authentication command. The router attempts to use the tacacs+ method for authentication; if the device cannot contact the TACACS+ server, no other authentication is attempted, and the connection is rejected. ! Set authentication for ppp aaa authentication ppp default tacacs+ none |
aaa authentication username-prompt string no aaa authentication username-prompt string Configures Username prompt for AAA authentication Default Username: Description Like the password-prompt command, this command sets the text used to prompt for a username when using AAA authentication. The prompt is set to string. |
aaa authorization {network | exec | command level} method ... method no aaa authorization {network | exec | command level} Configures Authorization for actions Default Disabled Description This command sets the authorization method for different command sets. network Sets the authorization method used for network commands. exec Sets the authorization method for any EXEC-level command. command level Sets the authorization method for commands at the given privilege level. Privilege levels range from 0 to 15, inclusive. method ... method Specifies where the device looks up the authorization information for a user. method describes where to get the password for authentication. If more than one method is listed, the methods are tried in order until one succeeds or all have failed. The valid method types are group tacacs+, if-authenticated, none, local, group radius, and krb5-instance. Example The following commands require TACACS+ authentication for users giving commands at level 8. aaa new-model aaa authorization command 8 group tacacs+ none |
aaa authorization config-commands no aaa authorization config-commands Configures Authorization for config level access Default Disabled, unless the aaa authorization command has been given, in which case all config-commands require authorization Description This command enables authorization of config-commands (i.e., any command that requires you to give the conf terminal command to enter configuration mode). Here's a scenario in which you might use it: if you give the aaa authorization command, AAA authorization will be required for all commands. To disable authorization of config-commands, you can give the command no aaa authorization config-commands. Example aaa new-model aaa authorization command 8 tacacs+ none no aaa authorization config-commands |
aaa authorization reverse-access {group tacacs+ | group radius} no aaa authorization reverse-access Configures Authorization for reverse telnet access Default Disabled (no authorization for reverse telnet) Description This command enables authorization for a user who is requesting reverse telnet access. If specified, group tacacs+ or group radius is used for authentication. |
aaa authorization template no aaa authorization template Configures Local or remote customer templates Default Disabled Description This command enables the use of customer templates for VPN or VPN Routing and Forwarding (VRF). |
aaa configuration route username string [password string] no aaa configuration route username string [password string] Configures Username and password for downloading static routes from Radius server Default Username is hostname and password is cisco Description This command allows for the definition of a username and password other than the defaults for downloading static route information from a Radius server. |
aaa group server radius group-name no aaa group server radius group-name Configures A group of Radius servers Default None Description This command defines a group of Radius servers. To add a Radius server to the group, use the server command, followed by the IP address of the server. If the auth-port and acct-port are not defined, the default ports of 1645 and 1646 are used. Example aaa group server radius myradiusgroup server 10.1.1.1 server 10.1.2.1 auth-port 1700 acct-port 1701 |
aaa group server tacacs+ group-name no aaa group server tacacs+ group-name Configures A group of TACACS+ servers Default None Description This command defines a group of TACACS+ servers. To add a TACACS+ server to the group, use the server command, followed by the IP address of the server. Example aaa group server tacacs+ mytacacsplusgroup server 10.1.1.1 server 10.1.2.1 |
aaa new-model no aaa new-model Configures Enables AAA access control Default Disabled Description By default, the AAA model is not enabled, and you cannot use the AAA configuration commands. This command enables AAA and allows you to configure it. |
absolute-timeout number-of-minutes no absolute-timeout Configures Amount of time a connection can be open Default None Description This command sets the interval before closing a connection to number-of-minutes. Unlike the other timeouts, this command sets a hard limit for the connection time; it is not an idle timeout. The connection will be closed at this time even if the connection is not idle. Use the no form of the command to disable the timeout. |
access-class access-list [in | out] no access-class access-list Configures Applies an access list to a line Default None Description This command specifies which access list to apply to this line (access-list), and in what direction the list should be applied (in or out). For more information on creating access lists, see Chapter 7. Example The following commands apply access list 10 to outgoing traffic on virtual terminals 0-4. access-list 10 permit host 10.10.1.2 ! Apply the access-list to the virtual lines 0-4 line vty 0 4 access-class 10 out |
access-enable [host] [timeout minutes] Configures Creates an entry in a dynamic access list Default None Description This command enables the Lock and Key feature . It allows an entry to be made in a dynamic access list for the current session. The host keyword is optional; it tells the access list to allow access only from the host that initiated the session. The timeout option specifies the time in minutes, after which the access list entry is deleted if no traffic matching the entry is seen. In other words, if the connection is idle for the given time, the entry in the access list is deleted and the user must re-authenticate. access-enable is often used with autocommand to create a dynamic access list for an incoming telnet session. Example This example creates a dynamic access list for the host that made the connection. The access list times out after five minutes. autocommand access-enable host timeout 5 To make use of this entry, there must be an extended access list like the following: access-list 110 dynamic incoming-user timeout 5 permit ip any any This list must be applied to any interfaces that support dial-in users. The permit part of the statement controls the incoming user's access to network resources. The timeout in the access-list command is absolute; the temporary entry exists only for the given number of minutes. It overrides the timeout in the access-enable command. |
Standard: access-list number {permit | deny} src-address-spec Extended: access-list number {permit | deny} protocol src-address-spec [operator port] dest-address-spec [operator port] [established] [precedence value] [tos value] [log] Named: ip access-list {standard | extended} name All access list types: no access-list number Configures An access list Default None Description Access lists are an extremely general method for controlling access to the router, the traffic flowing in and out of the router, and even the routes accepted by the router. This command defines an entry in an access list. number A number that identifies the list and list type. Table 17-1 shows the ranges assigned to each list type. This book covers only standard and extended IP access lists, plus named and reflexive access lists.
permit|deny Specifies if the line is to permit or deny matched traffic. protocol Specifies the protocol to which the access list entry applies. For IP access lists, this option can be ip, tcp, udp, igmp, or icmp. src-address-spec dest-address-spec The source and destination addresses or networks can be expressed in a number of ways: any, a single host address, or an entire network address, as follows: any Matches any address. This command is shorthand for the IP address and wildcard mask of 0.0.0.0 255.255.255.255. (See Chapter 7 for more information.) host ip-address Matches a single host, identified by its IP address. ip-address wildcard-mask Matches any address in the set specified by the IP address and the wildcard mask. For example, 10.10.1.0 0.0.0.255 matches the address range 10.10.1.0 through 10.10.1.255. Wildcards are covered in Chapter 7. operator port These options, operator and port, allow you to specify services or groups of services. The operator must be one of the following: lt Less than gt Greater than eq Equal neq Not equal range The range between two port numbers Ports can be specified either by number or by the name of a service (smtp, telnet, www, ftp, etc.). If a port expression follows the source address in an access list, packets must have a source port that matches the expression in order to pass the access list. Likewise, if a port expression follows the destination address, packets must have a destination port that matches the expression to pass the access list. precedence value Optional. This command allows packets to be filtered on IP precedence level. The value can be 0 to 7. tos value Optional. TOS stands for Type of Service. Packets can be filtered by the IP Type of Service, with a value of 0 to 15. log This keyword causes the router to write a log message to the console for packets that match this line. It logs the first packet that matches the line and then repeats only every few minutes, which prevents a flood of log messages. Console logging must be enabled before messages appear. established This keyword matches TCP packets that have ACK or RST bits set, i.e., packets that belonged to an established connection. It is used to prevent hosts from outside the local network from starting connections to hosts within the network, while allowing packets from an established connection back into the network. icmp-type value ICMP packets can be filtered based on their type, which is a value from 0 to 255. igmp-type value IGMP packets can be filtered based on their type, which is a value from 0 to 15. Many different kinds of statements are used to apply an access list. The most common are ip access-group, which applies an access list to incoming or outgoing traffic on an interface, and access-class, which applies an access list to incoming or outgoing traffic on a line. Note that the no form of this command deletes the entire access list, not just a single entry. Named Access Lists (IOS 11.0 and greater) IOS 11.0 introduced a new method of creating and editing IP access lists, called named access lists. As the name implies, named access lists are assigned a string-based name, rather than a number. Otherwise, they are essentially identical to standard and extended IP access lists but with the added ability to do some basic editing. To create a named access list, start with the ip access list command: ip access-list {standard | extended} name The keyword standard indicates that this is a standard IP access list; extended indicates that this is an extended IP access list. name is the name of the list; it must be a unique alphanumeric string. You may then enter a series of permit and deny commands. For standard access lists, these commands have the following syntax: {permit | deny} src-address-spec For an extended list, the syntax is: {permit | deny} protocol src-address-spec [operator port] dest-address-spec [operator port] [established] [precedence value] [tos value] [log] The parameters for the permit and deny commands in named access lists are the same as for extended access lists. Named access lists cannot always be used in the same places that numbered access lists can, though this is slowly being corrected as IOS evolves. As of IOS 12.4, you can enter noncontiguous ports on a single line within a named access list. Before, you would write such an access list like this: ip access-list extended acllist1 permit tcp any host 192.168.1.1 eq telnet permit tcp any host 192.168.1.1 eq www permit tcp any host 192.168.1.1 eq smtp permit tcp any host 192.168.1.1 eq pop3 With noncontiguous port support, you can write it more tersely: ip access-list extended acllist1 permit tcp any host 192.168.1.1 eq telnet www smtp pop3 Example Here are examples of several types of access list elements. We assume that these access lists are used to restrict incoming traffic on an interface. First, a standard IP access list that permits traffic from the network 10.0.1.0: access-list 5 permit 10.0.1.0 0.0.0.255 This access list element permits HTTP traffic from any source to reach the server at 10.1.2.3: access-list 105 permit tcp any host 10.1.2.3 eq http And this element permits TCP traffic to enter the router from any destination, provided that the session was initiated by a host "behind" the router: access-list 105 permit tcp any any established Remember that all access lists end with an "implicit deny," which rejects all traffic not permitted by a statement in the access list. |
access-list rate-limit access-list {precedence | exp | mac-address | mask precedence-mask} no access-list rate-limit access-list Configures An access list for Committed Access Rate (CAR) Default None Description This command selects packets for CAR policies based on IP precedence or MAC addresses. There can only be one command per access list. If you need to assign more than one precedence level to a single access list, use the mask keyword. The access list is used to classify packets. For IP, use any number from 1 to 99; for MAC, use any number from 100 to 199; and for the MPLS experimental field, use any number from 200 to 299. precedence The IP precedence level to apply to the access list. exp MPLS experimental field. Valid values are number from 0 to 7. mac-address The MAC address to apply to the access list. mask precedence-mask The precedence mask to apply to the access list. To calculate the mask, convert the precedence value to an eight-bit mask. A precedence of 0 is encoded as 000000001; a precedence of 1 is 00000010. Then AND all the bit values together to get a single mask. For example, the mask that covers a precedence of 1 through 3 would be 00001110. When you have the binary mask, convert it to a two-digit hexadecimal number; for this example, the mask would be 0E. Example ! This command assigns a CAR access-list of 10 to packets with an IP ! precedence of 1 through 3. access-list rate-limit 10 mask 0E |
access-template [access-list] [temp-list] [source] [destination] [timeout minutes] Configures An entry in a temporary access list Default None Description This command creates an entry in a temporary access list on the router to which you are connected. access-list The name or number of the dynamic access list. temp-list The name of the temporary list within the access list. source The usual source address specification (the host and any keywords are allowed). destination The usual destination address specification (the host and any keywords are allowed). timeout minutes The maximum time, in minutes, that the entry will remain in the list. For more information about how source and destination addresses are specified, see the description of the access-list command and Chapter 7. |
activation-character ascii-number no activation-character Configures The activation character for an idle terminal session Default Return character (13) Description This command specifies which key initiates a session at an idle terminal. ascii-number is the decimal value of the activation character you wish to set. To disable this command and return to the default, use the no form. Example These commands set the activation character for a terminal connected to line 2 to ASCII character 13 (Return or Enter): Router(config)# line 2 Router(config-line)# activation-character 13 |
aggregate-address address mask [as-set] [summary-only] [suppress-map map] [advertise-map map] [attribute-map map] no aggregate-address address mask [as-set] [summary-only] [suppress-map map] [advertise-map map] [attribute-map map] Configures BGP route aggregation Default Disabled Description This command configures route aggregation when using BGP. An aggregate route is generated by combining several different routes. The new route covers all the smaller routes with a single route, making the routing table smaller and easier to manage. address The IP address of the destination network for the aggregate route. mask The network mask for the aggregate route. as-set Optional. Generates AS-SET path information. summary-only Optional. This keyword causes routes that are more specific than the aggregate address to be suppressed. suppress-map map Optional. The map to use to select routes to be suppressed. advertise-map map Optional. The map to use to select routes to create AS-SET origin communities. attribute-map map Optional. The map to use to set the attributes of the aggregate route. Example Say that we're configuring a router for the network 10.10.0.0. Instead of advertising all the routes within this network that we know about (10.10.1.0, 10.10.2.0, etc.), we want to advertise an aggregate address for the whole 10.10.0.0 network: ! BGP configuration router bgp 100 neighbor 10.1.1.1 remote-as 100 neighbor 10.2.2.2 remote-as 200 network 10.10.0.0 ! Without the summary-only keyword, the router would continue to advertise ! the component networks of this summary route. aggregrate-address 10.10.0.0 255.255.0.0 summary-only |
alias mode alias-name command Configures Command aliases Default None Description This command allows you to configure an alias, or abbreviation, for any IOS command. mode The mode to which the alias and the command that you are aliasing belong. It can be any of the configuration modes: configuration (for global commands), user, exec, hub, interface, line, map-class, map-list, route-map, router, etc. alias-name The name to be assigned to the alias. command The IOS command represented by the alias. Example To assign the shorthand t1 to the command telnet 10.1.1.1 2001, use the following command: alias exec t1 telnet 10.1.1.1 2001 |
area area-id authentication [message-digest] no area area-id authentication Configures OSPF authentication Default No authentication Description This command enables simple password authentication for an OSPF network. All routers within the OSPF area must be configured to use the same password. The authentication password is set by the ip ospf authentication-key command. area-id The area to which this command applies. message-digest Enables MD5 authentication for the area. Example The following configuration starts an OSPF process using authentication for area 0. The authentication key is letmein. ! Set the OSPF key on interface serial 0 to letmein interface serial 0 ip address 10.100.1.1 255.255.2255.0 ip ospf authentication-key letmein ! router ospf 99 network 10.0.0.0 0.255.255.255 area 0 area 0 authentication |
area area-id default-cost cost no area area-id default-cost Configures The OSPF cost for a default summary route Default 1 Description This command is used only for an Area Border Router (ABR) to a stub area. area-id The area to which the default-cost applies. cost The value of the cost. Any 24-bit number can be used. |
area area-id nssa [no-redistribution] [default-information-originate] no area area-id nssa Configures An OSPF NSSA Default None Description A not-so-stubby area (NSSA) is just like a stub area, but shares routing information with an external network that is using a different routing protocol. In other words, it is a stub area with an ASBR router. The remote network becomes an area to your OSPF network, eliminating the need to implement the different routing protocol within the OSPF network. See the OSPF section in Chapter 9 for more information. area-id The area to which this command applies. no-redistribution Optional. Disables redistribution of normal area routes into the NSSA. default-information-originate Optional. Generates type-7 default routes into the NSSA. |
area-password password no area-password Configures IS-IS area authentication password Default No password authentication Description This command enables password authentication for an IS-IS area. The password is transmitted in clear text; it thus provides very little security but may help prevent misconfiguration. |
area area-id range address mask no area area-id range address mask Configures OSPF route summarization Default None Description This command tells the OSPF routing process to summarize selected routes for an area. A single route to the given address is generated, instead of separate routes for the individual networks. area-id The area to be summarized. address The IP address of the network to summarize. mask The mask for the IP address, showing which routes to include in the summary. Example The following OSPF configuration summarizes all routes for area 2 into a single route for network 10.0.0.0/8: router ospf 99 network 10.0.0.0 0.255.255.255 area 2 area 2 range 10.0.0.0 255.0.0.0 |
area area-id stub [no-summary] no area area-id stub Configures An OSPF stub area Default None Description This command defines an area to be a stub area. A stub area receives a default summary route from the ABR for destinations outside the autonomous system. The no-summary option makes the area a Totally Stubby network, which restricts LSA Type-3 packets (intra-area summaries) from entering the stubby area. area-id The area to define as a stub. no-summary Prevents summary link advertisements from entering the stub area. |
area area-id virtual-link router-id [hello-interval seconds] [retransmit-interval seconds] [transmit-delay seconds] [dead-interval seconds] [authentication-key key] [message-digest-key keyid md5 key] no area area-id virtual-link router-id Configures An OSPF virtual link Default None Description This command establishes a virtual link that connects a broken OSPF backbone; in OSPF, the backbone must be contiguous. It is useful when a contiguous backbone is not possible. Virtual links can also be used to create an area that does not have a direct link to the backbone (area 0). area-id The ID of the area being crossed by the virtual link. router-id The ID of the router at the other end of the virtual link. hello-interval seconds Optional. The time in seconds between transmission of hello messages by the router over the virtual link. The default is 10 seconds. All routers participating in the same area must have the same hello interval. retransmit-interval seconds Optional. The time in seconds that a router waits before retransmitting a link-state announcement (LSA). The default is five seconds. When setting this value, you need to ensure that the time includes the entire round trip of the packet. transmit-delay seconds Optional. This is the estimated time, in seconds, that the interface will take to transmit the packet. An LSA's age is decremented by this value before transmission. The default is one second. dead-interval seconds Optional. A router is considered down if a hello packet isn't received from it within this interval. All routers participating in the area must have the same dead-interval. The default is 40 seconds. authentication-key key Optional. This is the authentication password used for OSPF routing if authentication is enabled. The key can be up to eight bytes long. If you want to use authentication, all routers in the OSPF network must have authentication enabled, and all neighbor routers must use the same key. message-digest-key keyid md5 key Optional. This is the authentication key and password to be used by neighboring OSPF routers. The keyid is a number between 1 and 255, and is used to identify this key in subsequent commands. The key is essentially a password; it is a string up to 16 characters long. All neighbor routers must use the same keyid and key. |
arp ip-address mac-address type [alias] no arp ip-address mac-address type [alias] Configures Adds a static entry to the ARP table Default No static ARP entries are made Description This command allows you to place a static entry in the ARP table, which is a dynamic table that maps IP addresses to the corresponding MAC (hardware) addresses. The ip-address and mac-address are simply the IP address and the hardware address for the entry you wish to create. The type argument is the encapsulation type (arpa for Ethernet, smds for SMDS, snap for FDDI and token ring, etc.). The optional alias keyword tells the router to respond to ARP requests as if it were the requested device itself; i.e., the router responds to an ARP request for an aliased device with its own IP address. |
arp {arpa | frame-relay | probe | snap} no arp {arpa | frame-relay | probe | snap} Configures Interface-specific handling of ARP requests Default ARPA (Ethernet) Description This command allows you to specify the type of encapsulation to use for ARP packets on this interface. The types are arpa (Ethernet, the default), frame-relay (ARP over Frame Relay encapsulation), probe (HP Probe protocol), and snap (RFC 1042). |
arp timeout seconds no arp timeout seconds Configures The lifetime of an ARP entry in the ARP table Default 14400 seconds Description This command allows you to set the time that an entry will remain in the ARP table. The default is 4 hours. |
async-bootp keyword [:hostname] value no async-bootp keyword [:hostname] value Configures BOOTP parameters for async dial-up lines Default Disabled Description This command assigns a value to a given BOOTP keyword. Table 17-2 shows the BOOTP parameters and their values. Normally, all BOOTP parameters are sent to dial-up hosts requesting BOOTP information. Adding :hostname to a keyword applies the BOOTP variable to a specific requesting host. Other hosts that request BOOTP parameters will not be sent this keyword.
Example The following commands define the DNS server, subnet mask, and NBNS server to be sent to hosts requesting BOOTP information: ! Configure our bootp items async-bootp subnet-mask 255.255.255.0 async-bootp dns-server 10.1.1.1 async-bootp nbns-server 10.1.1.2 |
async default ip address address no async default ip address address Configures The IP address used by the connecting (remote) system Default None Description This command is defunct. Use peer default ip address instead. |
async default routing no async default routing Configures Routing on async interfaces Default Disabled Description By default, routing protocols like RIP, IGRP, EIGRP, and OSPF are not enabled on asynchronous interfaces. This command allows all the routing protocols to be enabled on these interfaces. It can be used to route between offices that are linked by traditional analog modems. Use the no form to disable routing on this interface. Example The following commands set up default routing for a dedicated async line: interface async 2 encapsulation ppp async mode dedicated async default routing |
async dynamic address no async dynamic address Configures Dynamic IP addresses on async interfaces Default Disabled Description Dynamic addressing means that a user connecting to the router for a PPP or SLIP session is allowed to select the interface's IP address using the EXEC mode commands. This feature can be used only when the async mode is interactive. |
async dynamic routing no async dynamic routing Configures Dynamic routing on an async interface Default Disabled Description Dynamic routing means that remote users who connect to this asynchronous interface can enable routing over their PPP or SLIP connections. By default, no dynamic routing is done on an asynchronous interface. Example interface async 5 ip tcp header-compression passive async dynamic routing async dynamic address |
async mode {dedicated | interactive} no async mode {dedicated | interactive} Configures The mode the user receives when connecting to an async interface Default Disabled Description The mode can be either dedicated or interactive. dedicated The interface is reserved for PPP and SLIP connections. No user prompt ever appears on a dedicated line when a user connects. Instead, the connection parameters are negotiated automatically. interactive Users are given a prompt when they connect to this interface. It is up to the user to start PPP or SLIP, or to interact directly with the router from the command prompt. The autoselect command can be used to detect PPP packets on an interactive async line and start PPP automatically. autoselect is not needed on dedicated mode async lines. Example On the first interface (async1), we set up a dedicated interface, which means that an IOS prompt doesn't appear when a user connects to the router through this interface. We make the second interface interactive, allowing the user to enter IOS commands and requiring her to start PPP or SLIP manually. interface async1 peer default ip address 10.10.1.1 async mode dedicated encapsulation ppp ! interface async2 peer default ip address 10.10.1.2 async mode interactive |
atm address address no atm address Configures An ATM address Default An automatically generated ATM address is assigned Description This command assigns a full (20-byte) ATM address or a partial (13-byte) address. Multiple ATM addresses are allowed. The first address in the list is the active address. |
atm arp-server {self [timeout minutes] |nsap nsap-address} no atm arp-server {self [timeout minutes] | nsap nsap-address} Configures An ARP server for the network Default No ATM ARP server Description This command assigns an ARP server for the ATM network. The self keyword identifies the current device as the ARP server. The timeout minutes option specifies the amount of time that an ARP entry is listed before the server tries to verify the entry; the default timeout value is 20 minutes. The nsap nsap-address parameter specifies the NSAP address of the ATM ARP server if the current device isn't acting as the server. |
atm esi-address esi.selector no atm esi-address Configures End station ID and selector fields of the ATM NSAP address Default None Description This command specifies the end station ID (ESI) and the selector byte fields of an ATM address. The ESI is 12 hexadecimal characters; the selector byte field is 2 hexadecimal characters. |
atm lecs-address lecs-address[sequence-number] no atm lecs-address Configures The LECS address to be advertised Default None Description This command configures the address of the LAN Emulation Configuration Server (LECS) for the current interface. If this command isn't in the interface's configuration, the LECS defaults to the server given by atm lecs-address-default. The lecs-address is the NSAP address of the server. The sequence-number provides the position in the address in the LECS table. |
atm lecs-address-default lecs-address[sequence-number] no atm lecs-address-default lecs-address Configures The LECS address to be advertised Default None Description This command configures the address of the LECS. It is a global command; the server specified here is overridden by the interface-specific atm lecs-address command. The lecs-address is the NSAP address of the server. The sequence-number provides the position in the address in the LECS table. |
atm nsap-address address no atm nsap-address Configures The NSAP ATM end-system address of the interface Default None Description This command sets the NSAP address of the interface, which consists of 40 hexadecimal characters. |
atm pvc vcd vpi vci encap [peak avg [burst]] [inarp [minutes]] [oam [seconds]] [compress] no atm pvc vcd vpi vci encap [peak avg [burst]] [inarp [minutes]] [oam [seconds]] [compress] Configures Creates an ATM PVC Default None Description This command creates an ATM Permanent Virtual Circuit (PVC). On recent versions of IOS, it's preferable to use the pvc command, if available. ATM commands are highly hardware-dependent, so the commands available on any particular router vary. For more information on creating PVCs, consult Chapter 6. vcd A Virtual Circuit Descriptor, which is a unique number used to identify this particular VPI/VCI pair on the router. vpi The Virtual Path Identifier of the PVC. This identifier is unique only to the interface. The value can be from 0 to 255. vci The Virtual Channel Identifier of the PVC, which is a value from 0 to 1023. 0 to 31 are typically reserved for specific kinds of management traffic. vpi and vci may not both be 0. encap The type of encapsulation used on the line. The encapsulation may be aal5mux (a MUX-type virtual connection), aal5snap (the only encapsulation supported for Inverse ARP), aal1 (used for streaming video), aal5voice (used for voice traffic), ilmi, and qsaal. peak Optional, but required for voice circuits. The maximum capacity of the virtual circuit in Kbps. peak ranges from 56 to 10,000. The default is the link's maximum capacity. avg Optional, but required for voice circuits. The average rate at which data is sent over the virtual circuit. Legal values are hardware-dependent. The default is the link's maximum capacity. burst Optional, but required for voice circuits. The maximum number of ATM cells that the circuit can transmit at its peak rate. inarp minutes Optional. This option generates inverse ARP packets on this virtual circuit. minutes specifies the interval between inverse ARP packets, and ranges from 1 to 60; if omitted, minutes defaults to 15. oam seconds Optional. This option generates OAM cells on this virtual circuit. seconds specifies the interval at which OAM cells are generated, and ranges from 1 to 600; if omitted, seconds defaults to 10. compress Optional. This option compresses traffic over the circuit; hardware compression is used if it's available. Example The following commands set up a permanent virtual circuit on an ATM interface. interface atm0.1 ! assign our interface's IP address ip address 10.10.1.1 255.255.255.0 ! Create pvc 20 with a VPI of 0 and a VCI of 60 atm pvc 20 0 60 aal5snap |
ip address atm-vc vci [class class-name] [broadcast] [aal5mux] no ip address atm-vc vci [class class-name] [broadcast] [aal5mux] Configures An ATM PVC Default None Description This command creates an ATM PVC. The map-list command places you in the map list configuration mode; you must be in this mode to use the atm-vc command. Note that it is rather bizarre to call this command atm-vc; by normal notions of command naming, it should be called ip. We're following Cisco's usage; in its defense, there are many commands whose names start with ip and have nothing to do with ATM configuration. address The destination IP address being mapped to this PVC. vci The Virtual Channel Identifier (VCI). class class-name Optional. class-name is the name of a table that contains encapsulation-specific parameters. broadcast Optional. This specifies that this entry should be used when broadcast packets need to be sent. aal5mux Optional. This specifies AAL5 multiplexing encapsulation. The default is snap encapsulation. Example The following commands create an ATM map named atm-map1. It establishes a virtual channel with a VCI of 20, which is mapped to the IP address 10.10.2.1; this virtual channel can be used for broadcast. map-list atm-map1 ip 10.10.2.1 atm-vc 20 broadcast |
autobaud [fast] no autobaud Configures Automatic baud rate detection Default Disabled Description The autobaud command configures a line to select the incoming baud rate automatically. The baud rate must be between 300 and 115,200. There are two limitations to this command:
The optional fast keyword detects the baud rate with exactly three carriage returns. Many routers do not support the higher baud rates. Example The following commands enable automatic baud rate detection on line 3: Router(config)#line 3 Router(config-line)#autobaud To disable autobaud and to return to the default, use the no form of this command: Router(config)#line 3 Router(config-line)#no autobaud |
autocommand command-string no autocommand Configures Automatic execution of a command upon connection Default Disabled Description This command forces a specified line command, given by command-string, to be executed automatically when a login session is started. The command string can be any valid command. Use the no form to delete the selected autocommand. Example The following code starts PPP automatically after a successful login on line 5: Router(config)#line tty 5 Router(config-line)#autocommand ppp |
autodetect encapsulation {lapb-ta | ppp | v120} no autodetect encapsulation Configures Automatic detection of encapsulation types Default No autodetect Description This command enables automatic detection of the encapsulation type for ISDN or point-to-point serial links. The interface changes its encapsulation type if it detects that the remote system is using a different configuration. The valid types are lapb-ta (Link Access Procedure Balanced for ISDN), ppp, and v120 (for V.120 on ISDN B channels). |
autohangup no autohangup Configures Automatic line disconnect Default Disabled Description This command tells the router to hang up the line automatically after the session is closed. |
auto discovery qos [trust] no auto discovery qos Configures Auto QoS Autodiscovery Default Disabled Description This command enables the disovery and collecting of data for the configuration of AutoQoS. Using NBAR, this command can analyze the traffic on the network in order to produce a more relevant QoS configuration. You should let this command run a few days in order for the data collection to work. Once the system has collected enough data, disable this command with the no auto disovery qos command and then enable AutoQoS with the auto qos command. To view the QoS policy generated by this command, use the show auto qos command. This command was introduced in IOS 12.3(7)T. trust Optional. When used, this keyword tells AutoQoS that the DSCP (Differentiated Service Code Point) values of a packet can be trusted for packet classification. If the trust keyword is not used, AutoQoS relies solely on NBAR for DSCP values. |
auto qos [voip] [trust] [fr-atm] no auto qos [voip] [trust] [fr-atm] Configures The AutoQos VoIP feature on an interface Default Disabled Description This command enables the AutoQoS VoIP feature on an interface. trust Optional. Indicates that the DSCP markings are to be trusted for classification of voice traffic. fr-atm Optional. Enables this feature for Frame Relay-to-ATM links. Example interface serial3/1.102 point-to-point bandwidth 100 ip address 192.168.1.2 255.255.255.0 frame-relay interface-dlci 102 auto qos voip trust fr-dlci |
auto secure [management | forwarding] [no-interact] Configures The router for security automatically Default Disabled Description By using this command, you are telling the router to try to automatically secure as many IP services as it can in order to configure the router as much as possible. This command reduces the complexity of securely configuring your router. For more information on this command, see Chapter 15. management Optional. Configure only the management level of the router. forwarding Optional. Configure only the packet forwarding part of the router. no-interact Optional. No user prompts on any configuration items. |
autoselect {arap | ppp | slip| during-login} no autoselect Configures Automatic selection of session type Default ARAP sessions Description This command configures a line to start the selected session type automatically. The sessions allowed are arap (AppleTalk remote access), ppp, and slip. during-login means that the username and password prompt are presented without a carriage return, and the user must log in normally before autoselection takes place. Example The following commands configure the router to start a PPP session automatically on line 10, but only after the user has successfully logged in: line 10 autoselect ppp autoselect during-login |
auto-summary no auto-summary Configures RIP (Version 2), EIGRP, BGP route summarization Default Enabled Description By default, subnet routes are summarized to "classful" network routes. If you need to advertise subnets across networks, auto-summary must be disabled. To disable auto-summary, use the no form of this command. For more information, consult Chapter 8. Example The following configuration disables auto-summary for an EIGRP routing process: router eigrp 110 network 10.0.0.0 no auto-summary |
backup interface interface no backup interface interface backup delay {enable-time | never} {disable-time | never} no backup delay {enable-time | never} {disable-time | never} backup load {enable-load | never} {disable-load | never} no backup load {enable-load | never} {disable-load | never} Configures A backup interface Default None Description This family of commands configures a backup interface for the current interface. The first command, backup interface, specifies the interface to be used as the backup. The backup interface is activated when the primary interface goes down or reaches the load specified by the backup load command. The backup delay command specifies how long the router should wait before activating (enable-time) or deactivating (disable-time) the backup interface. Both enable-time and disable-time are in seconds. Use of the backup delay command allows you to prevent routing instability if you have an intermittent interface. The keyword never, when used for the enable-time parameter, prevents the backup interface from being activated; when used for the disable-time parameter, it prevents the backup interface from being deactivated once it has been activated. The backup load command specifies the load on the primary interface at which the backup interface should be activated (enable-load) or deactivated (disable-load). The load is expressed as a percentage of the primary interface's maximum capacity. The keyword never, when used for the enable-load parameter, prevents the backup interface from being activated; when used for the disable-load parameter, it prevents the backup interface from being deactivated once it has been activated. Example This example configures serial1 as a backup interface for serial0. If serial0 goes down for more than five seconds, or if the load on serial0 reaches 70%, the backup interface is activated. interface serial0 backup interface serial 1 backup delay 5 20 backup load 70 20 |
bandwidth rate no bandwidth rate Configures The bandwidth value to be used in computing routing metrics Default Depends on the interface Description This command describes the bandwidth value to the routing protocols that use the bandwidth in computing routing metrics. It does not actually set the bit-rate on the interface itself. It does not affect the speed at which data is transmitted over the link, but does affect how the router selects routes and, therefore, how the link is used. Example A T1 connection would be: bandwidth 1536 A 56K connection would be: bandwidth 56 |
bandwidth {rate | remaining percent value | percent value } no bandwidth {rate | remaining percent value | percent value } Configures Specifies or modifies the bandwidth allocated for a policy map Default None Description This command specifies the bandwidth in Kbps to be assigned to the class in a policy map. Alternatively, a percentage of the available bandwidth can be specified. The amount configured should be large enough to accommodate the Layer-2 overhead. rate The amount of bandwidth in Kbps. remaining percent Amount of guaranteed bandwidth, based on a relative percentage of remaining bandwidth. Value can be from 1 to 100. percent This is the percentage of available bandwidth to be set aside for this class. Value can be from 1 to 100. Example policy-map policy1 class class1 bandwidth percent 80 |
banner exec delimiter message delimiter no banner exec Configures The banner that is displayed to the user upon successful login Default None Description This command specifies the message that is displayed after the user has logged in to the router. It is not displayed for reverse-telnet connections. This command defines only the banner message; use the exec-banner command to enable or disable the message. The delimiter marks the beginning and the end of the message; it may be any character that isn't used in the message. Example Here's an example of a banner: Router(config)# banner exec # Welcome to Pyramid # You can also do multiple lines: Router(config)# banner exec # Enter TEXT message. End with the character '#'. Welcome to Pyramid Enjoy your stay # To delete the banner: Router(config)#no banner exec By default, this banner is automatically active; disabling the banner requires the use of no exec-banner: Router(config)#no exec-banner Note that disabling the exec-banner also disables the motd-banner. |
banner incoming delimiter message delimiter no banner incoming Configures The banner message for all incoming reverse telnet connections Default None Description This command specifies the message that is displayed to all incoming reverse telnet connections (instead of the exec banner). If you want to disable the message, delete the banner with the no form of this command. The delimiter marks the beginning and the end of the message; it may be any character that isn't used in the message. Example Here's how to set a banner: Router(config)#banner incoming # Welcome to Pyramid # You can also do multiple lines: Router(config)#banner incoming # Enter TEXT message. End with the character '#'. Welcome to Pyramid Enjoy your stay # To disable the message, delete it with the following command: Router(config)#no banner incoming |
banner login delimiter message delimiter no banner login Configures The login banner message Default None Description This command specifies the message that is displayed prior to the login prompt for all connections. This message cannot be disabled. If you do not want it displayed, delete it with the no form of this command. The delimiter marks the beginning and the end of the message; it may be any character that isn't used in the message. Example Here's an example of a login banner: Router(config)#banner login # Restricted Access # To disable this message, delete it with the following command: Router(config)#no banner login |
banner motd delimiter message delimiter no banner motd Configures The banner that is displayed before the login prompt Default None Description This command specifies the message that is displayed as the message of the day, the very first message displayed to an incoming connection. This command defines only the message; the motd-banner command enables or disables the display. The delimiter marks the beginning and the end of the message; it may be any character that isn't used in the message. Example The following commands create a message-of-the-day banner and enable its display: Router(config)# banner motd # All routers will be rebooted at Sunday 10AM # Router(config)# motd-banner The motd-banner command isn't strictly necessary, since the display is enabled by default. To disable the display, use the no motd-banner command: Router(config)#no banner motd |
bgp always-compare-med no bgp always-compare-med Configures BGP route selection Default Disabled Description This command allows the comparison of the multi-exit discriminator (MED) for paths, regardless of which autonomous system the path comes from. |
bgp bestpath as-path ignore no bgp bestpath as-path ignore Configures BGP route selection Default Disabled Description This command prevents the router from considering the autonomous system path (as-path) when selecting routes. |
bgp bestpath med-confed no bgp bestpath med-confed Configures BGP route selection Default Disabled Description This command enables MED comparison among paths from confederation peers. |
bgp bestpath missing-as-worst no bgp bestpath missing-as-worst Configures BGP route selection Default Disabled Description By default, routers give a route with a missing MED a value of 1, which causes that route to be considered the best path. This command causes the router to assign a value of infinity to the missing MED, which makes the route the least desirable of all the routes. For more information on MED values, consult Chapter 10. |
bgp client-to-client reflection no bgp client-to-client reflection Configures Route reflection Default Enabled Description A route reflector automatically reflects routes from one BGP client to another. The no form of this command disables route reflection. Route reflection isn't needed if the clients already have fully meshed IBGP connections, because the clients will learn their routes directly from each other. |
bgp cluster-id id no bgp cluster-id id Configures Cluster ID of a route reflector Default Router ID Description This command specifies the cluster ID (id) for a BGP router. When you have one route reflector, its cluster ID is normally its router ID. If there is more than one route reflector in a cluster, they must all have the same cluster ID. In this case, you would use the bgp cluster-id command to specify the ID explicitly. A cluster ID is four bytes long. Example The following BGP configuration creates a BGP process for autonomous system 10. This router is designated as a route reflector. We set its cluster ID explicitly, because there is presumably more than one route reflector in the cluster. router bgp 10 network 10.200.200.1 route-reflector bgp cluster-id 10000 |
bgp confederation identifier as no bgp confederation identifier as Configures AS number of the confederation Default None Description This command specifies the autonomous system (AS) number for a confederation. A confederation is a group of small autonomous systems that appear to the world as a single large autonomous system. The autonomous system number for the confederation is set to as. |
bgp confederation peers as [as] no bgp confederation peers as [as] Configures A BGP confederation Default None Description This command lets you list the AS numbers that belong to the confederation. Example router bgp 1000 bgp conferation peers 1001 1002 1003 1004 |
bgp dampening [half-life reuse suppress max-suppress-time] [route-map map] no bgp dampening [half-life reuse suppress max-suppress-time] [route-map map] Configures BGP dampening settings Defaults half-life, 15 min; reuse, 750; suppress, 2000; max-suppress-time, 60 min Description This command allows you to specify the route dampening values for BGP. Dampening allows you to control "route flap," which is routing instability that results from a route making repeated transitions. half-life The time in minutes after which a penalty is decreased by half. reuse If the penalty for a flapping route increases to this value, the route can be reused. suppress When the penalty exceeds this limit, the route is suppressed. max-suppress-time The maximum amount of time a route can be suppressed; this should be about four times the half-life. route-map map A route map that controls which routes are selected for route dampening. |
bgp default local-preference value no bgp default local-preference value Configures BGP local preference Default 100 Description This command allows you to set the local preference to value. The higher the preference, the better the path. Acceptable values range from 0 to 4,294,967,295. |
bgp default route-target filter no bgp default route-target filter Configures BGP route-target community filtering Default Enabled Description When the no form of this command is used, all received VPN IPv4 routes are accepted. If the router is an autonomous system border or customer edge router, this is the desired behavior. |
bgp deterministic med no bgp deterministic med Configures BGP route selection Default Disabled Description By default, the router does not compare the MED values for paths learned from different autonomous systems within the same confederation. This command allows you to enable MED comparison for routes learned from different autonomous systems within the same confederation. |
bgp fast-external-fallover no bgp fast-external-fallover Configures BGP fast failover Default Enabled Description This command enables the router to reset the BGP sessions of any direct peers immediately if the link that connects the router to the peer goes down. |
bgp log-neighbor-changes no bgp log-neighbor-changes Configures BGP logging Default Disabled prior to IOS 12.1 Description This command allows you to log changes in the status of BGP neighbors. |
bgp-policy {source | destination} {ip-prec-map | ip-qos-map} no bgp-policy {source | destination} {ip-prec-map | ip-qos-map} Configures Propagation of policy information via BGP Default Disabled Description This command allows the propagation of policy information that is based on the IP precedence setting via BGP. To enable this properly, you must also configure a route map to set the IP precedence or QoS (quality of service) group ID by using the set ip precedence or set ip qos-group commands. source Use the precedence or QoS bit from the source address. destination Use the precedence or QoS bit from the destination address. ip-prec-map Use IP precedence as the QoS policy. ip-qos-map Use the QoS group ID as the QoS policy. |
bridge bridge-group acquire no bridge bridge-group acquire Configures Bridge forwarding Default Enabled Description By default, the router forwards frames from dynamically learned hosts. The no form of this command allows you to change this behavior so that the router only forwards frames from statically configured stations. To create static bridge hosts, use the bridge address command. |
bridge bridge-group address mac {forward | discard} [interface] no bridge bridge-group address mac Configures Static bridge hosts Default None Description This command allows a bridge group to filter packets based on the MAC address. bridge-group The bridge group to which this command applies. A bridge group can have a value of 1 to 63. On larger routers, the value can be from 1 to 255. mac The MAC address to be filtered. forward This keyword tells the router to forward frames from the given MAC address to other interfaces in the bridge group. discard This keyword tells the router to discard frames from the given MAC address. interface Optional. The interface on which the MAC address can be found. |
bridge cmf no bridge cmf Configures Constrained Multicast Flooding (CMF) Default Disabled Description This command enables CMF for all configured bridge groups. |
bridge crb no bridge crb Configures Concurrent Routing and Bridging (CRB) Default Disabled Description This command allows the router to route and bridge a protocol at the same time but on different interfaces. Unlike Integrated Routing and Bridging (IRB), the routed and bridged interfaces cannot communicate with each other. |
bridge bridge-group forward-time seconds no bridge bridge-group forward-time seconds Configures The forward delay interval Default 30 seconds Description This command sets the bridge forwarding delay interval for the interface to seconds. The value of seconds can be from 10 to 200. (Note: Catalysts use 6-40 seconds.) |
bridge-group bridge-group no bridge-group bridge-group Configures Makes an interface part of a bridge group Default None Description This command makes the interface a member of the given bridge group. Use the no form of this command to remove the bridge group from the interface. |
bridge-group bridge-group aging-time seconds no bridge-group bridge-group aging-time Configures The time that a dynamic entry remains in the bridge table Default 300 seconds Description This command sets the amount of time in seconds that a dynamic entry can remain in the bridge table. If the entry is updated, the counter starts over. The value can range from 0 to 1,000,000 seconds. |
bridge-group bridge-group circuit-group circuit-group no bridge-group bridge-group circuit-group circuit-group Configures Assigns a circuit group to a bridge group for the interface Default None Description This command assigns a circuit group for a bridge group. It is used only for HDLC encapsulated interfaces. |
bridge-group bridge-group input-address-list access-list no bridge-group bridge-group input-address-list access-list Configures Allows an interface to filter based on an access list Default None Description This command applies an access list to an interface for a bridge group . This access list must filter based on MAC addresses, which means that the access list must be an Ethernet access list with a number between 700 and 799. By applying an access list, you can permit or deny bridging to hosts based on the MAC addresses. |
bridge-group bridge-group input-lsap-list access-list no bridge-group bridge-group input-lsap-list access-list Configures An access list for filtering IEEE 802.2 packets Default Disabled Description This command applies an access list to all IEEE 802.2 packets received on the interface. |
bridge-group bridge-group input-pattern access-list no bridge-group bridge-group input-pattern access-list Configures An access list for a bridge group Default None Description This command applies an access list to incoming packets on an interface for a specific bridge group. |
bridge-group bridge-group input-type-list access-list no bridge-group bridge-group input-type-list access-list Configures An access list for a bridge group Default None Description This command applies an access list to all incoming Ethernet and SNAP frames on an interface for a specific bridge group. |
bridge-group bridge-group output-address-list access-list no bridge-group bridge-group output-address-list access-list Configures Filtering based on an access list Default None Description This command allows you to apply an access list to an interface for a bridge group. This access list can filter based on MAC addresses, which means the access list must be an Ethernet access list numbered 700 through 799. With this command, you can permit or deny bridging to hosts based on the MAC addresses. |
bridge-group bridge-group output-lsap-listaccess-list no bridge-group bridge-group output-lsap-list access-list Configures An access list for outgoing IEEE 802.2 Default Disabled Description This command applies an access list to all IEEE 802.2 packets leaving the interface. |
bridge-group bridge-group output-pattern access-list no bridge-group bridge-group output-pattern access-list Configures An access list for a bridge group Default None Description This command applies an access list to outgoing packets on an interface for a specific bridge group. |
bridge-group bridge-group output-type-list access-list no bridge-group bridge-group output-type-list access-list Configures An access list for a bridge group Default None Description This command applies an access list to all outgoing Ethernet and SNAP frames on an interface for a specific bridge group. |
bridge-group bridge-group path-cost value no bridge-group bridge-group path-cost value Configures Changes a bridge group's path cost for an interface Default Based on the interface's bandwidth setting Description This command changes the path cost for an interface, which is usually calculated as 10,000 ÷ bandwidth, where the bandwidth is the value set by the bandwidth command or the default bandwidth for the interface. The value can be from 1 to 65,535. The higher the value, the higher the cost. |
bridge-group bridge-group priority value no bridge-group bridge-group priority value Configures Assigns a priority to a bridge group Default 32,768 for bridges using the IEEE protocol; 128 for bridges using the Digital spanning-tree protocol Description This command assigns a priority to an interface within the given bridge-group. value specifies the interface's priority; this must be between 0 and 65,535. A higher priority increases the chance that the interface will be selected as the root bridge. |
bridge-group bridge-group spanning-disabled no bridge-group bridge-group spanning-disabled Configures Use of the spanning-tree algorithm Default Enabled Description This command disables the spanning-tree algorithm for the given bridge-group. The spanning algorithm can be disabled safely for bridge groups that have no possible loop paths at layer 2. Example interface ethernet 1 bridge-group 1 bridge-group 1 spanning-disabled |
bridge bridge-group hello-time seconds no bridge bridge-group hello-time seconds Configures The interval between hello packets Default 2 seconds Description This command sets the hello interval for the given bridge-group to seconds. The value of seconds can be from 1 to 10. |
bridge irb no bridge irb Configures Integrated Routing and Bridging (IRB) Default Disabled Description Like CRB, IRB allows a router to both route and bridge a single protocol. However, unlike CRB, IRB allows the routed and bridged interfaces to communicate with each other. See also interface bvi. |
bridgebridge-group max-age seconds no bridge bridge-group max-age seconds Configures The time to save Bridge Protocol Data Units (BPDUs) Default 15 seconds Description This command sets the maximum time that the router will wait to hear from the root bridge for the given bridge-group. If the router does not hear from the root bridge within this interval, the spanning tree is recomputed. The value of seconds can be from 6 to 200. (Note: Catalysts use 6-40 seconds.) |
bridge bridge-group multicast-source no bridge bridge-group multicast-source Configures Bridging to support the forwarding of multicast packets Default Disabled Description This command permits the given bridge-group to forward multicast packets. |
bridge bridge-group priority value no bridge bridge-group priority value Configures The priority of an individual bridge Default 32768 for bridges using the IEEE protocol; 128 for bridges using the Digital spanning-tree protocol Description This command assigns a priority to an individual bridge within the given bridge-group. value specifies the interface's priority; value must be between 0 and 65535. A higher priority increases the chance that an interface will be selected as the root bridge. To set an interface to a specific priority, use the bridge-group priority command. |
bridge bridge-group protocol {ieee | dec} no bridge bridge-group protocol {ieee | dec} Configures The spanning-tree protocol Default None Description This command selects the spanning-tree protocol to use for the bridge-group. Possible values are dec, for the Digital spanning-tree protocol, and ieee, for the IEEE spanning-tree protocol. IEEE is the recommend protocol. |
bridge bridge-group route protocol {apollo | appletalk | clns | decnet | ip | ipx | vines | xns} no bridge bridge-group route protocol {apollo | appletalk | clns | decnet | ip | ipx | vines | xns} Configures Routing of a protocol in a bridge group Default None Description This command enables routing of the given protocol on a specific bridge group. The protocol parameter may be apollo, appletalk, clns, decnet, ip, ipx, vines, or xns. Example This example enables routing of both IP and IPX in a CRB environment: bridge crb bridge 5 protocol ieee bridge 5 route ip bridge 5 ipx |
busy-message hostname delimiter message delimiter no busy-message Configures The message displayed when a connection fails Default None Description This command sets the message that is displayed when a telnet connection to a specific host (given by the hostname parameter) fails. The new message replaces the generic "host failed" message. To disable this message, delete it with the no form of this command. This banner is useful when you want to give the user information about the connection failure. The delimiter marks the beginning and end of the message; it may be any character that is not used in the message. Example Router(config)#busy-message sunserver2 # server2 is down, please contact sysadmin at 555-1234 # |
cable helper-address ip-address [cable-modem | host ] no cable helper-address ip-address [cable-modem | host ] Configures DHCP destination address Default Disabled Description This command specifies an IP address of a DHCP server to use for UDP broadcasts from cable modems or other hosts. The cable-modem option specifies that only cable modem UDP broadcasts are forwarded while the host option specifies that only host UDP broadcasts are forwarded. |
calendar set hh:mm:ss day month year Configures The system calendar Description The calendar is available only on high-end routers. It is an internal clock that continues to run even when the router is powered off. This command allows you to set the calendar to a new time. The month must be a name, for example, june. The year must be a complete four-digit value, for example, 2000. |
callback forced-wait seconds no callback forced-wait seconds Configures The time the router waits before a callback Default None Description This command specifies the amount of time in seconds that the router waits before initiating a callback to a remote modem. |
cd [URL] Description This command changes the current working directory within the router's filesystem. The URL is optional; if not provided, the system defaults to the flash: directory. See the copy command for other valid filesystem URLs. |
cdp advertise-v2 no cdp advertise-v2 Configures Cisco Discovery Protocol (CDP ) Default Enabled Description This command enables Version 2 of CDP, which provides added information. CDP is available only on Cisco routers. |
cdp enable no cdp enable Configures Cisco Discovery Protocol (CDP) Default Enabled Description This command enables CDP on a specific interface. CDP provides information about neighboring Cisco routers. It is a proprietary protocol, and therefore isn't implemented by other router vendors. Use show cdp neighbors to see the output. Example interface ethernet0 cdp enable |
cdp holdtime seconds no cdp holdtime seconds Configures CDP holdtime Default 180 seconds Description This command sets the amount of time, in seconds, that the router holds CDP packets before discarding them. |
cdp run no cdp run Configures Globally enables/disables CDP Default Enabled Description This command enables CDP on all interfaces. Example Router(config)#cdp run |
cdp timer seconds no cdp timer seconds Configures CDP update broadcast interval Default 60 seconds Description This command sets the interval, in seconds, at which the router transmits CDP updates to its neighbors. |
channel-group channel-number timeslots range [speed kbps] no channel-group channel-number timeslots range [speed kbps] Configures T1 or E1 timeslots Default None Description This command defines the channel timeslots for a fractional T1 or E1 line. Your service provider determines the timeslots for your lines. channel-number A number identifying the communication channel you are defining. For T1 lines, the channel number can be from 0 to 23; for E1 lines, 0 to 30. timeslots range A list of timeslots that make up this communication channel. The list can be a series of comma-separated timeslot numbers, or a pair of timeslots separated by a dash to indicate a range. Timeslot numbers range from 1 to 24 on a T1 line; 1 to 31 for E1. A timeslot cannot belong to more than one channel group. speed kbps The speed of a single timeslot in Kbps. Allowable values are 48, 56, and 64. 56 is the default for T1; 64 is the default for E1. Example When defining the timeslots range, the value can be a single number or a group of ranges separated by commas and hyphens. For example, the following ranges are all valid: channel-group 3 timeslots 4 channel-group 5 timeslots 4,6-15,24 channel-group 8 timeslots 4-10 |
channel-group channel-number no channel-group channel-number Configures A Fast EtherChannel group Default None Description This command allows a Fast Ethernet interface to be part of a Fast EtherChannel group. A Fast EtherChannel group allows multiple point-to-point Fast Ethernet interfaces to act as one logical interface. At most, four Fast Ethernet interfaces can belong to a channel group. |
chat-script name script-string no chat-script name script-string Configures A chat script for placing a call over a modem Default None Description The chat-script command defines the script to use for modem communication when dialing to a remote device. name identifies the chat script for use in other commands; script-string specifies the script itself. The script-string contains a series of expect/send characters that communicate with the modem. Table 17-3 shows special characters and escape codes that can be used in chat scripts . Chat scripts are allowed only on asynchronous interfaces like ASYNC and BRI.
|
class name no class name Configures Association of a map class with a DLCI Default None Description This command associates the map class given by name with a Data Link Connection Identifier (DLCI). |
class class [available | standard | premium | control] no class class Configures MPLS Default Disabled Description This command specifies a class that shows how classes map to Label Switched Controlled Virtual Circuits (LVCs ) . class The precedence of identified traffic to classify (from 0 to 7). available Optional. Means low precedence. standard Optional. Means next precedence. premium Optional. Means high precedence. control Optional. Means highest precedence. Example mpls cos-map 50 Class 1 premium |
class name no class name Configures The name of a class within a policy Default None Description This command identifies the name of the class to change or modify within a policy. The policy-map command must be used to enter the policy map configuration mode before entering this command. The maximum number of classes that can be configured for a router is 64. Example policy-map policy1 class class1 bandwidth 1000 queue-limit 50 class class2 bandwidth 2000 random-detect |
class-map name [ match-all | match-any] no class-map name [ match-all | match-any] Configures A class map to be used for matching packets to a specified class Default None Description This command creates a class map, which is used for matching packets with a defined class. The name is the class's name as defined in the policy-map. match-all means that all of the following criteria must be met before a packet is marked for the class. match-any means that if any of the following criteria matches, the packet is marked for the class. The class map consists of a set of criteria defined by the match command. Example class-map class1 match-all match input-interface ethernet0 match access-group 100 |
clear command Description A clear command erases counters for various statistics or performs a reset action. For example, clear line clears an asynchronous line and drops the connection, while clear cdp counters resets the Cisco Discovery Protocol statistics. Table 17-4 summarizes the many clear commands.
|
client-atm-address atm-address name elan-name no client-atm-address atm-address Configures Adds a LANE client address to the database Default None Description This command adds a LANE client address to the LAN emulation configuration server's database. atm-address Either a complete ATM address or a template that specifies matching ATM addresses. You can create a template by using wildcard characters: an asterisk (*) to match a single character, or an ellipsis (... ) to match any number of leading, middle, or trailing characters. A full address is 20 bytes (40 hex characters) long, and is similar to (though not the same as) an NSAP address. name elan-name The name of the emulated LAN. The maximum length of a name is 32 characters. If you use a template, any name that matches the template is associated with the ELAN. If the given address or template matches addresses that are already in the database, the command has no effect; the database is not changed. |
clock calendar-valid no clock calendar-valid Configures Network Time Protocol (NTP) Default Disabled Description This command tells the router to consider the RTC calendar in hardware to be a valid source of time. This command is valid only on high-end routers (5000, 6000, 7500, 8500, etc.). |
clock rate bps no clock rate Configures Clock rate for serial devices Default None Description By default, no clock rate is configured for any serial devices. This command specifies the bit rate for DCE serial devices in bps. Possible values for bps are 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 500000, 800000, 1000000, 1300000, 2000000, and 4000000. This command is most useful for connecting routers back-to-back in a lab setting. In this case, the command is required only on the DCE end of the link. You usually don't need this command when connecting to a WAN service because the network provider provides the clockings. |
clock read-calendar Configures Calendar time Description This command manually updates the calendar time into the router's system clock. It is not a configuration command and is not stored in the router's configuration. Normally, the system clock is updated from the calendar during system boot-up. This command is available only on high-end routers (5000, 6000, 7500, 8500, etc.). |
clock set hh:mm:ss day month year Description This command manually sets the router's internal clock. It is not stored in the router's configuration. The time is specified in terms of a 24-hour clock; the year must be a full four digits (for example, 2001). |
clock summer-time zone recurring [sweek sday smonth shh:mm eweek eday emonth ehh:mm][offset] clock summer-time zone date sday smonth syear shh:mm eday emonth eyear ehh:mm [offset] no clock summer-time Configures daylight savings time behavior Default No daylight savings time Description This command tells the router to update for daylight savings time. The recurring form of the command specifies that daylight savings time should be observed at the given time every year. The date form of the command specifies a specific start date and end date for daylight savings time. Use the no form of the command to return to the default, in which daylight savings time is not observed. zone The time zone (EDT, CDT, etc.). sweek, eweek The week of the month (1, 2, 3, 4, 5, last) on which daylight savings time begins (sweek) or ends (eweek). (This is only used in the recurring form of the command.) sday, eday The day on which daylight savings time starts (sday) or ends (eday). For the recurring form of the command, use the actual name of the day (Monday, Tuesday, etc.) For the date form of the command, use a numeric date (1-31). smonth, emonth The month in which daylight savings time starts (smonth) or ends (emonth). Use the actual name of the month (September, October, etc.). syear, eyear All four digits of the year. syear is the year in which daylight savings time starts; eyear is the year in which it ends (used only in the date form of the command). shh:mm, ehh:mm The time in hours and minutes at which daylight savings time starts or ends. offset The number of minutes to add for daylight savings time (optional; the default is 60). Example The following command sets the time zone to use U.S. rules in the Eastern time zone: clock summer-time EDT recurring |
clock timezone zone hours[minutes] no clock timezone Configures The router's time zone Default Coordinated Universal Time (UTC) Description This command sets the router's time zone and the number of hours from the UTC. minutes is optional and is also an offset from the UTC. zone The time zone (PST, EST, etc.). hours The offset from the UTC (a positive or negative integer). minutes Optional. The offset from the UTC in minutes (a positive or negative integer). |
clock update-calendar Configures Updates the calendar Description This command manually updates the calendar from the router's system clock. The calendar is a separate internal clock that continuously runs even if the router is powered off. This command is available only on high-end routers (5000, 6000, 7500, 8500, etc.). |
compress {predictor | stac} no compress {predictor | stac} Configures Type of compression used across an interface Default None Description This command enables compression for the selected interface. Compression can be enabled only for PPP or HDLC encapsulation. Two types of compression are supported: predictor Can be used on PPP connections; consumes more of the router's CPU and memory, but less bandwidth. stac Can be used on HDLC or PPP connections; consumes more bandwidth, but requires less CPU power. Compression should not be activated on lines where link speeds are very high or most of the data is already compressed. If the data is already compressed, the router spends valuable CPU cycles for no reason. When using compression, monitor the router's CPU usage. If the CPU usage is consistently high (65%), compression might be hindering the router. The same type of compression must be enabled on both ends of the link. Example The following commands enable stac compression for the serial1 interface, which uses HDLC encapsulation. interface serial1 encapsulation hdlc compress stac |
config-register value Configures Sets the configuration register Default Depends on the product Description This command allows the user to change the configuration register. Setting the configuration register is useful for recovering lost passwords and remedying other situations. value The value to set in the configuration register. The register is 16 bits wide, so legal values range from 0x0 to 0xFFFF in hexadecimal (0 to 65,535 decimal). Table 17-5 shows the significance of the bits in the configuration register. (There are some differences in bit assignments on different products; check your documentation.)
Since the baud settings are now spread over three different bits (5, 11, and 12), Table 17-6 shows the baud settings for the bits:
|
configure {terminal | memory | network | overwrite-network} Configures Enters global configuration mode Description The conf terminal command places you in configuration mode. conf memory executes the commands stored in memory (essentially a reload of the startup config). Note that the commands conf network and conf overwrite-network have been deprecated; it is now preferable to use copy tftp running-config. Example The following command places you in configuration mode; from there, you can enter global configuration commands. Router#configure terminal Router(config)# ! I can now enter configuration commands! |
controller {t1 | e1} slot/port controller {t1 | e1} number Configures T1 or E1 controllers Default None Description This command places you in the controller mode, allowing you to configure a controller for a T1 or E1 line. slot/port and number identify the controller that you are configuring. |
copy source [destination] Description This command allows you to copy system images and configuration files. You can copy files within the router's memory (for example, copy running-config startup-config), or you can copy files to or from a TFTP server or an RCP server. Table 17-7 shows possible values for the source and destination parameters. If you omit the destination, the router will prompt you for it.
Newer versions of IOS also permit the use of URLs. The syntax of a URL can look like this: tftp:[[//hostname]/path]/filename ftp:[[//[username[:password]@]hostname]/path]/filename rcp:[[//[username@]hostname]/path]/filename scp:[[//[username@hostname]/path/filename In each of these URLs, the hostname is simply the hostname or IP address of the end device. TFTP doesn't require a username or password. FTP and RCP can have an optional username and password, which depends on the server configuration. To use the URL, simply provide the correct hostname and path in the source or destination. Example Here are some accepted uses of the copy command: copy running-config startup-config copy startup-config tftp copy running-config tftp copy flash tftp copy startup-config rcp copy running-config rcp copy flash rcp copy tftp running-config copy tftp://ourserver/newconfig running-config copy ftp://bob:letmein@oursever/newconfig running-config |
crc length no crc Configures The length of the CRC checksum Default 16 bits Description This command sets the length (in bits) of the CRC (Cyclic Redundancy Check) on FSIP (Fast Serial Interface Processor) and HIP (HSSI Interface Processor) interfaces. These interfaces are found only on the 7500 series routers. The length must be 16 or 32 bits. |
custom-queue-list list-number no custom-queue-list list-number Configures Applies a custom queue list to an interface Default None Description This command applies a custom queue to the current interface. The list-number must be between 1 and 16. Custom queue lists are used to implement priority-based queuing; they allow you to configure the bandwidth used by a particular type of traffic. To create a queue list, use the queue-list command. If you're configuring a Frame Relay interface, see the frame-relay custom-queue-list command. Queue lists are discussed in Chapter 11. |
databits {5 | 6 | 7 | 8} Configures Databits per character Default 8 Description This command defines the number of databits per character that are interpreted and generated by the hardware. Possible values are 5, 6, 7, and 8. Example The following commands configure TTY 3 for seven databits per character: Router(config)#line tty3 Router(config-line)#databits 7 |
data-character-bits {7 | 8} Configures Software databits per character Default 8 Description This command defines the number of databits per character that are interpreted and generated by the software. Possible values are 7 and 8. |
dce-terminal-timing enable no dce-terminal-timing enable Configures Interface timing Default Off (the DCE provides its own clock) Description This command prevents phase-shifting of data on high-speed data lines that span long distances. Phase-shifting is prevented by taking the clock from the DTE to provide timing for the DCE. (The DTE's timing is called SCTE.) |
debug level undebug level undebug all Configures System debugging Default Disabled Description This command enables debugging at the specified level. Just about every configuration item within the IOS has a debug level associated with it. The debug ? command gives you an extensive list that allows you to find the debug level that meets your needs. Be careful in selecting your debug level; you can easily crash a busy router with the incorrect selection. For example, debug ip packet might render a busy router useless until debugging is disabled. See Chapter 16 for more information on using debug correctly. If you get in trouble, issue the command undebug all, which disables all debug output. Example Here is the output from debug ip ?: Router#debug ip ? bgp BGP information cache IP cache operations cgmp CGMP protocol activity dvmrp DVMRP protocol activity egp EGP information eigrp IP-EIGRP information error IP error debugging ftp FTP dialogue http HTTP connections icmp ICMP transactions igmp IGMP protocol activity igrp IGRP information mcache IP multicast cache operations mobile Mobility protocols mpacket IP multicast packet debugging mrouting IP multicast routing table activity ospf OSPF information packet General IP debugging and IPSO security transactions peer IP peer address activity pim PIM protocol activity policy Policy routing rip RIP protocol transactions routing Routing table events rsvp RSVP protocol activity sd Session Directory (SD) security IP security options tcp TCP information udp UDP based transactions Though there is a debug all command, using it is not recommended. It produces so much output that it will overwhelm you and the router. Use it only as a last resort. The undebug all command disables all debugging that is currently enabled. |
default-information {in | out} access-list no default-information {in | out} Configures Default routing information Default EIGRP announces the default route in both incoming and outgoing updates Description When redistributing EIGRP into IGRP, you can use this command to allow (or suppress, using the no form of the command) the redistribution of the default routes or exterior routes from EIGRP. By default, all exterior routes (including default routes) are passed between IGRP and EIGRP. in Allows the protocol to receive the default route via redistribution. out Allows the protocol to propagate the default route via redistribution. access-list The number or name of a simple access list that permits or denies the default routes you want to propagate. Example The following commands prevent IGRP from receiving exterior or default routes via redistribution from EIGRP. router igrp 109 network 10.0.0.0 redistribute eigrp 100 no default-information in To disable the default routes in outgoing updates, use the no form of the command. router eigrp 100 network 10.0.0.0 no default-information out |
default-information originate [route-map map] no default information originate BGP: default-information originate no default-information originate OSPF: default-information originate [always] [metric metric-value] [metric-type type] [route-map map] no default-information originate [always] [metric metric-value] [metric-type type] [route-map map] Configures Redistribution of the default route Default Disabled Description This command allows the protocol to propagate the default route (0.0.0.0). The use of a route map, map, tells the router to inject the default route if the route map's conditions are met. For OSPF, this command tells an Autonomous System Border Router (ASBR) to inject a default route into the OSPF domain. When used with OSPF, this command has the following additional parameters. always Optional. Specifies to advertise the route even if the software does not have a default route. metric metric-value Optional. The metric value of the default route. The default metric is 10. metric-type metric-type Optional. Defines the link type associated with the default route. Possible values are 1 (Type-1 external route) and 2 (Type-2 external route; the default). route-map map Optional. Defines the route map to use for the default route. The route is advertised only if the route map is successful. This option can be used to set a different default metric depending on the host to which the route is sent. Example ! BGP router bgp 150 default-information orginate ! ! Ospf router ospf 110 default-information originate metric 100 metric-type 1 |
BGP: default-metric number no default-metric number RIP: default-metric number no default-metric IGRP/EIGRP: default-metric bandwidth delay reliability loading mtu no default metric bandwidth delay reliability loading mtu OSPF: default-metric number no default-metric number Configures Default metric for routes learned from a different routing protocol Default Depends on the protocol Description When redistributing routes from one routing protocol to another, the metrics used by the different protocols are not compatible. This command allows you to set the metric values for routes learned from other protocols. For RIP and OSPF, this command simply sets the metric value to number. For BGP, this command sets the value for the multi-exit discriminator (MED) metric to number. For IGRP and EIGRP, this command sets the default metric for redistributing other protocols into EIGRP. (Note that IGRP and EIGRP have compatible metrics, so the default metric set by this command is not required when distributing routes between these two protocols.) The default metric is computed using the following parameters: bandwidth The route bandwidth measured in kilobits per second. delay The route delay in microseconds. reliability An estimate of the reliability of packet transmission on this link. It must be a value between 0 and 255; 255 indicates 100% reliability and 0 indicates that the link is completely unreliable (no packets are transferred correctly). loading The effective bandwidth of a route as a fraction of the bandwidth's capacity. This value must be between 0 and 255; 255 indicates 100% loading. mtu The maximum transmission unit for this route in octets. Example The following commands assign metric 10 to all routes redistributed from OSPF into RIP: router rip network 192.168.1.0 default-metric 10 redistribute ospf 110 The following commands provide various parameters for computing an EIGRP metric to be used when redistributing routes from RIP into EIGRP: router eigrp 101 network 10.0.0.0 redistribute rip default-metric 1000 100 250 100 1500 |
default-name elan-name no default-name Configures A default ELAN for clients Default None Description This command sets the default name for the ELAN (Emulated LAN) in the configuration server's database. This name is used for clients who do not have an explicit name set. The name can be up to 32 characters in length and must already be in the configuration server's database. To put a name in the LANE emulation server database, use the commands lane database and name server-atm-address. |
delay tens-of-milliseconds no delay Configures Link delay Default Depends on the interface type Description This command is used to specify the latency of an interface in tens-of-milliseconds. The value is used as input to route metric calculations; it does not set anything on the interface itself. |
delete URL Description This command marks a file as deleted in the flash filesystem. The actual behavior of this command depends on the type of filesystem implemented for your router. In a Class-A filesystem, deleted files are only marked for deletion, and can be recovered with the undelete command; the squeeze command permanently deletes the marked files. In a Class-B filesystem, files are deleted immediately, but the space they occupied can't be recovered without erasing the entire filesystem. In a Class-C filesystem, files are deleted immediately, and their space is recovered immediately. Filesystems are described in more detail in Chapter 2. |
description text no description Configures A description for the interface Default None Description This command provides a description for the interface, letting you build some documentation into your IOS configuration. The description is for informational purposes and does not affect the interface's behavior. The description you give appears in the output of some show commands. Example interface serial0 description T1 Connection to Baltimore |
dialer aaa no dialer aaa Configures AAA for dial-on-demand routing (DDR) Default Disabled Description This command enables AAA for a dialer interface. |
dialer callback-secure no dialer callback-secure Configures Callback security Default Disabled Description This command enables secure callback dialing on the interface. |
dialer callback-server [username] [dialstring] no dialer callback-server Configures An interface to return calls Default Disabled Description This command enables an interface to return calls. The username keyword tells the router to identify the caller by looking up the authenticated hostname in the dialer map command; this is the default behavior for this command. The dialstring keyword tells the router to identify the caller during callback negotiation. |
dialer caller number [callback] no dialer caller number [callback] Configures Caller ID screening Default Disabled Description This command configures a dialer interface to reject calls that do not match the given number. The number can be any phone number; the character x can be used as a wildcard. The callback keyword enables Caller ID callback; in this case, the incoming call is refused, and the router initiates a call to the Caller ID number. This may help you to manage your telephone charges. This feature is available only on certain routers with special dialer interfaces. A switch that supports Caller ID is also required for this operation. If you enable this feature and do not have the required hardware for Caller ID, all calls are denied. Example The following command allows any number from 4,105,554,290 through 4,105,554,299: dialer caller 410555429x |
dialer dtr no dialer dtr Configures Enables DDR and specifies that the modem handles only DTR signaling Default None Description Configures interfaces that are connected to modems that require DTR (Data Terminal Ready) , and enables DDR. Interfaces configured with this command cannot receive calls; they can only make them. |
dialer enable-timeout seconds no dialer enable-timeout Configures The amount of time the interface remains down Default 15 seconds Description Sets the time in seconds that an interface remains down between calls or failed connections. |
dialer fast-idle seconds no dialer fast-idle Configures The amount of idle time when there is contention for the line Default 20 seconds Description This command can apply to interfaces or map-class configurations. When used on an interface or a map class, it defines the number of seconds that must pass before a line is disconnected when there is contention for the interface, i.e., when there is traffic waiting for a different destination other than the current connection. When used for a map class, this command defines the number of seconds to wait before placing another call, and defaults to the fast-idle setting for the interface. For regular idle-timeouts for a DDR interface, see the dialer idle-timeout command. Example Interface configuration: interface async 5 dialer fast-idle 55 Map-class configuration: map-class dialer office dialer fast-idle 55 |
dialer-group number no dialer-group number Configures Associates an interface with a dialer group Default None Description This command adds the interface to the dialer group specified by number. An interface can have only one dialer group associated with it. Each dialer group has an associated access list that defines "interesting" traffic for this interface. If the traffic is permitted by the access list, a call is initiated for the interface if the interface is not already connected. Example The following commands add the async1 interface to dialer-group 1. access-list 110 specifies the traffic that causes this interface to initiate a call; in this case, ICMP traffic doesn't bring up the connection, but any other IP traffic does. Note that this access list does not block ICMP traffic once the link is up; it just prevents ICMP traffic from bringing it up in the first place. ! Set the interface as part of the dialer group interface async 1 dialer-group 1 ! ! Set the dialer group to use access-list 110 dialer-list 1 list 110 ! ! Configure the access-list for the dialer group access-list 110 deny icmp any any access-list 110 permit ip any any |
dialer hold-queue packets timeout seconds no dialer hold-queue packets timeout seconds Configures A queue that holds packets until a dial-up connection is established Default Disabled Description Instructs the interface to queue traffic until the dial-up connection is completed. By default, queuing is not enabled and packets are dropped until the connection is established. packets The number of packets to hold in the queue, waiting for the connection. The value can be set from 0 to 100. timeout seconds The period of time after which the connection attempt is determined to have failed, and the waiting packets are discarded. |
dialer idle-timeout seconds no dialer idle-timeout seconds Configures The amount of idle time before a connection is disconnected Default 120 seconds Description This command can apply to interfaces or map-class configurations. When used on an interface or a map class, it defines the number of seconds an interface must be idle (no traffic) before the connection is closed. When there is contention for a dialer (i.e., traffic for a destination different from the one to which the interface is currently connected), then the fast idle timeout is used. (See dialer fast-idle.) Example Interface configuration: interface async 4 dialer idle-timeout 300 Map-class configuration: map-class dialer office dialer idle-timeout 300 |
dialer in-band [no-parity | odd-parity] no dialer in-band Configures Dial-on-demand routing (DDR) Default Disabled; no-parity is the default when the command is issued with no options Description This command configures an interface to support DDR. no-parity Optional. Chat scripts to the modem have no parity. odd-parity Optional. Chat scripts to the modem have odd parity. This is not required on BRI interfaces. |
dialer isdn [speed value] [spc] no dialer isdn [speed value] [spc] Configures Bit rate used on the B channel Default 64 Description This command is for map-class configurations only. It defines the bit rate for the B channel of an ISDN connection and sets up semipermanent connections for the map class. speed value Optional. Defines the bit rate in Kbps for the B channel; either 56 or 64. Default is 64. spc Optional. Requires the use of ISDN semipermanent connections for this map class (Germany only). Example map-class dialer office dialer isdn speed 64 |
dialer-list grouplist access-list dialer-list group protocol protocol {permit | deny | list} access-list no dialer-list group Configures Assigns an access list to a dialer group Default None Description The first version of this command specifies a group number and applies the given access list to that group. The access list defines "interesting" traffic for the dialer group. If traffic matches the access list, it is deemed interesting, and the DDR interface establishes a connection (if one hasn't been already established). group The dialer group number. list access-list The access list that defines interesting traffic for this group. The second version of this command allows you to specify the traffic that brings up the connection without using an external access list. Its parameters are: group The dialer group number. protocol protocol The protocol to allow (or reject): ip, ipx, etc. permit Permits traffic using this protocol. deny Denies the entire protocol. list access-list Applies an access list to the protocol. Used to single out ports within the protocol. Examples The following commands define a dialer group, assign an interface to that dialer group, and specify that the interface should be brought up if traffic matching access list 110 appears on the interface. interface async 5 dialer-group 10 ! ! Define the access-list for group 10 dialer-list 10 list 110 ! ! Define the list ( all IP traffic to 10.10.1.0 network) access-list 110 permit ip any 10.10.1.0 0.0.0.255 The following commands define a dialer group, assign an interface to that dialer group, and specify that the interface should be brought up for any IP traffic. No access list is used. interface async 5 dialer-group 10 ! ! Define all ip traffic as interesting dialer-list 10 protocol ip permit |
dialer load-threshold load [{outbound | inbound | either}] no dialer load-threshold Configures The threshold for opening an additional connection Default None Description This command defines the threshold at which the router opens an additional connection to obtain more bandwidth. Another connection can be made only if this interface is part of a rotary group. This command can be used only if the interface belongs to a rotary group. load The utilization at which another connection to the destination is established. The number can be from 1 to 255 (255 = 100% utilization). outbound Optional. Load is considered only for outbound traffic. inbound Optional. Load is considered only for inbound traffic. either Optional. Default. A new connection is established if the utilization exceeds the given load in either the outbound or inbound direction. |
dialer map protocol destination [name hostname] [class name] [broadcast] [spc] [speed {56|64}] [modem-script script-name] [system-script script-name] [dial-string] no dialer map protocol destination [name hostname] [class name] [broadcast] [spc] [speed {56|64}] [modem-script script-name] [system-script script-name] [dial-string] Configures Any non-DTR dialer interface for PPP callback Default None Description The dialer map command allows an interface to call one or more different sites by mapping a destination address to connection-specific dial strings and connection scripts. protocol Names the protocol to use for the connection. Valid values are ip, appletalk, bridge, decnet, ipx, novell, snapshot, vines, and xns. destination The destination address to use for this map. The next-hop address of a packet is the destination address in map configurations. name hostname Optional. The name of the remote system for the DDR connection. class name Optional. Names a map class to use for this mapping. A map class is defined with the map-class command. broadcast Optional. Allows broadcast packets to be forwarded over this connection. spc Optional. ISDN only; Germany only. Configures a semipermanent connection between the ISDN device and the exchange. speed speed Optional. ISDN only. Defines the speed of an ISDN B channel in Kbps. Valid values are 56 and 64. The default value is 64. modem-script script-name Optional. Names the modem script to use for dialing the connection. Required only if no dialer string is defined for the interface used. system-script script-name Optional. Names the system script to use for logging into the remote system. dial-string Optional. This option must be the last entry on the command line. It defines the telephone number to be sent to the dialing device. For multipoint ISDN connections, append the subaddress to the dial string (separated by a colon). |
dialer map snapshot seq-number dial-string no dialer map snapshot [seq-number] Configures Snapshot routing Default None Description This command configures client snapshot routing on a DDR interface. seq-number Identifies the dialer map. This number can range from 1 to 254. dial-string The telephone number to dial for this snapshot connection. |
dialer max-link number no dialer max-link Configures The maximum number of open links that a dialer profile can have to a destination Default 255 Description This command sets the maximum number of links that a dialer profile can have open to a single destination at any time. This command can be used only on dialer interfaces. number can be from 1 to 255. |
dialer pool pool-number no dialer pool pool-number Configures The dialing pool to use to connect to a specific network Default None Description Specifies the dialer pool to which a dialer interface belongs. Pool numbers range from 1 to 255. For more information on dialer pools, consult Chapter 12. Example The following code configures a dialer interface with an IP address and PPP encapsulation, and assigns the interface to dialer pool 5. interface dialer1 ip address 10.10.1.0 255.255.255.0 encapsulation ppp dialer pool 5 |
dialer pool-member pool-number [priority value] [min-link value] [max-link value] no dialer pool-member pool-number Configures Assigns a physical interface to a dialer pool Default Disabled Description Any interface can belong to a dialer pool. Dialer pools are configured using the dialer interface. This command assigns an interface to a pool. pool-number The pool to which the interface is assigned. priority value Optional. This value is the interface's priority within the pool. The interface with the highest priority is selected first for dialing out. This value can be from 0 to 255; the default is 0. min-link value Optional. This is for ISDN lines; it specifies the minimum number of B channels that are reserved on this interface. The value can be from to 255; the default is 0. max-link value Optional. This is for ISDN lines; it specifies the maximum number of B channels that are reserved on this interface. The value can be from to 255; the default is 0. Example The following commands assign the ISDN interface BRI1 to dialer pool 1: interface BRI1 encapsulation ppp dialer pool-member 1 priority 50 |
dialer priority value no dialer priority value Configures The priority of an interface in a rotary group Default 0 Description This command sets the priority of the interface within a rotary group. value can be from 0 to 255. The highest-priority interface is selected first for dialing. |
dialer remote-name username no dialer remote-name username Configures The authentication name for the remote router Default None Description This command sets the username to use when connecting to a remote system with CHAP or PAP authentication. |
dialer rotary-group group-number no dialer rotary-group group-number Configures Includes the interface as part of a dialer rotary group Default None Description This command sets the rotary group for an interface to group-number. The number of the rotary group must match the number of the dialer interface for which the rotary group is defined. The group number can range from 0 to 255. |
dialer rotor {priority | best} no dialer rotor {priority | best} Configures The method for selecting the next interface to use to dial out Default Disabled Description For rotary groups, this command tells the router whether to select the interface with the highest priority (priority) or the interface with the most recent connection success (best). |
dialer string string [class dialer-map-name] no dialer string Configures Legacy DDR phone numbers Default None Description Specifies the dial string for the interface's modem. Table 17-8 shows the codes that can be used in the dialer string. This command is used only for legacy DDR; on modern routers, it's more flexible to use dialer pools or dialer map statements, which allow more than one destination to be called. The class option names the dialer map associated with this dialer string.
|
dialer wait-for-carrier-time seconds no dialer wait-for-carrier-time Configures The amount of time the interface waits for a carrier Default 30 seconds Description This command sets the maximum amount of time in seconds that the router waits for a carrier when bringing up a dialer interface. It can be used on an interface or map-class configuration. |
dialer watch-disable seconds no dialer watch-disable Configures Delay time for the backup interface Default Disabled Description This command configures the time in seconds to keep the backup link up after the primary link recovers, if the backup link has been brought up by a dialer watch group. |
dialer watch-group group-number no dialer watch-group group-number Configures Enables backup DDR for an interface Default Disabled Description This command is used to configure an interface as a backup DDR link using a watch list. The group-number identifies the watch list that triggers calls on this interface; the interface is brought up if the router doesn't have any routes to the networks listed in the watch list. A watch list is created by the dialer watch-list command; the interface must have a dialer map that corresponds exactly to the networks listed in that command. |
dialer watch-list group-number ip address mask no dialer watch-list group-number ip address mask Configures A watch group number assigned to an IP address range Default None Description This command allows you to define a group of routes based on IP address and mask, and assign that group to a group-number. If no routes to these networks are in the routing table, the router dials a backup connection. Note that this connection is dialed regardless of whether there is any traffic for these destinations; dialing depends only on the existence of a route. This command is used in conjunction with dialer watch-group, dialer watch-disable, and dialer map. Valid group numbers are from 1 to 255. |
dir [/all] [filesystem:] Description This command displays the files in the router's filesystem. If you supply a directory as an argument, the command lists the files in that directory; otherwise, it lists the current working directory. Use the /all keyword to list all files, including those marked for deletion. |
disable [level] Description This command exits privileged mode and returns the user to user mode. The optional level parameter value ranges from 0 through 15. 0 is the normal user mode; 15 is the privileged user mode. If no level is specified, the user is returned to level 0 (user mode). See the privilege command for more information on setting the level values. Example Router# disable Router |
disconnect Description This command terminates a background telnet session. |
disconnect-character ascii-number no disconnect-character Configures The character to use to disconnect a session Default None Description This command defines the character that a user types to end an interactive session. As with the activation-character command, the ascii-number is the decimal value of the desired character. Example In this example, we set the disconnect character to control-D, which is ASCII number 4, and we inform the users with a banner message. Router(config)# line 2 Router(config-line)# activation-character 13 Router(config-line)# disconnect-character 4 Router(config-line)# vacant-message # Router(config-line)# ***** Welcome to Sphinx ***** Router(config-line)# Press the return key to start the connection Router(config-line)# Disconnect with a control-D key Router(config-line)# # |
disconnect ssh session-id Configures The character to use to disconnect a session Description This command terminates a background SSH session. Run show ip ssh to display the session-id. |
dispatch-character ascii-number no dispatch-character Configures The character that causes a packet to be sent Default None Description This command defines the character that causes a packet to be sent. Setting the dispatch character causes the router to buffer a group of characters into a packet before sending them to the remote host. ascii-number is the decimal value of the desired character. Example The following example sets the Enter key (ASCII 13) as the dispatch character for virtual terminals 1 through 4. line vty 1 4 dispatch-character 13 |
distance distance [address mask] [access-list] no distance distance [address mask] [access-list] Configures Administrative distance Default Depends on the protocol Description The distance command allows you to change the trustworthiness of a route's source relative to other routing protocols. The lower the distance, the more the route's source is trusted. Routes with a distance of 255 are not added to the route table. Chapter 8 discusses how routing protocols use administrative distances and lists the default value for each protocol. distance The administrative distance to be assigned to this protocol (or to routes selected by the other arguments to this command). Administrative distance must be a value from 1 to 255. address mask Optional. If these arguments are present, the administrative distance applies only to routes whose destinations match this address/mask pair. access-list Optional. If this argument is present, the administrative distance applies only to routes that match the given access list. |
distance bgp external-distance internal-distance local-distance no distance bgp Configures Administrative distance for BGP Default External distance, 20; internal distance, 200; local distance, 200 Description The distance bgp command allows you to change the trustworthiness of a route's source relative to other routing protocols. The lower the distance, the more the route's source is trusted. Routes with a distance of 255 are not added to the route table. external-distance applies to external BGP routes (routes learned from a peer outside your AS); internal-distance applies to internal BGP routes (routes learned from a peer within your AS); local-distance applies to routes added with the network command. It's usually not a good idea to change BGP's routing distances. Example The distance bgp command is often used to change the internal distance so that its value is equal to the external distance, as in the following example: router bgp 101 distance bgp 20 20 200 |
distance eigrp internal-distance external-distance no distance eigrp Configures Administrative distance for EIGRP Default External distance, 170; internal distance, 90 Description This command sets the internal and external administrative distances for the EIGRP protocol. The administrative distance reflects the trustworthiness of a route's source relative to other routing protocols. The internal-distance applies to internal routes, which are routes learned from the current EIGRP routing process (commonly called "autonomous system"). The external-distance applies to routes learned from other EIGRP routing processes. internal-distance and external-distance must be in the range of 1 to 255. Chapter 8 discusses the use of administrative distance and shows the default distances for the different routing protocols. |
distribute-list access-list in [interface] no distribute-list access-list in [interface] Configures An access list to filter incoming routing updates Default None Description This command allows you to apply an access list to incoming route updates to a routing protocol. If no interface is specified, the access list is applied to all incoming route updates. If an interface is specified, the access list is applied only to route updates received on that interface. The access list should be a standard access list. Example The following distribute list applies access list 1 to incoming routes: route rip network 10.0.0.0 distribute-list 1 in ! ! Deny network 10.1.1.0 access-list 1 deny 10.1.1.0 ! Permit everything else access-list 1 permit 0.0.0.0 255.255.255.255 |
distribute-list access-list out [interface | routing-process] no distribute-list access-list out [interface | routing-process] Configures A filter list to be applied to outbound routing updates Default None Description This command applies the given access list to outbound routing updates. The access list must be a standard IP access list; it defines which networks will be denied or permitted. The interface name applies the list to routing updates going out a specific interface. (This does not apply to OSPF.) The routing-process applies the access list to routes going to another routing process. The connected and static keywords may be used to specify a routing process. Example route rip network 10.0.0.0 distribute-list 1 out ! ! Deny network 10.1.1.0 access-list 1 deny 10.1.1.0 ! Permit everything else access-list 1 permit 0.0.0.0 255.255.255.255 |
domain-password password no domain-password Configures Password for IS-IS routing Default Disabled Description This command assigns a password for exchanging L2 routing information for IS-IS. Like the area-password command, this password is transmitted in clear text and provides very little security. |
downward-compatible-config version no downward-compatible-config Configures Configuration Default Disabled Description This command generates a configuration that is compatible with an earlier IOS version. The version number must be 10.2 or later. |
down-when-looped no down-when-looped Configures Loopback detection Default Disabled Description This command tells the interface to go down when a loopback is detected. The default behavior is for the interface to remain up when the device is placed in loopback, so you can place a DCE device such as a CSU/DSU in loopback and ping the interface. This allows you to test the cable between the router and the DCE device. Use the no form of this command to disable this behavior. If this command is given, the interface shuts down when the DCE device (CSU/DSU) is placed in loopback mode. |
drop no drop Configures A traffic class to discard packets for a specific class Default Disabled Description This command enables packet discarding for a class. Use the no form of the command to disable packet discarding. Example policy-map policy1 class class1 drop interface serial1/0 service-policy output policy1 class-map class1 match access-group 101 |
dte-invert-txc no dte-invert-txc Configures Inverts TXC clock signal Default Disabled Description This command inverts the TXC clock signal when the interface is operating as the DTE. |
early-token-release no early-token-release Configures Token ring interfaces Default Disabled Description This command tells the interface to immediately release the token back to the ring after transmitting a packet. Normally, a token ring interface waits for a transmitted packet to return before releasing the token. This command is used only on 16-Mb rings where all devices support it. |
editing no editing Configures Enhanced editing mode Default Enabled Description The no form of this command disables the enhanced editing mode for a line: i.e., the support for control keys such as Ctrl-w, which erases a word. The command-line editing keys are discussed in Chapter 1; they should be familiar to users of Unix and Unix-like operating systems. |
eigrp log-neighbor-changes no eigrp log-neighbor-changes Configures Logging for EIGRP neighbor states Default Disabled Description This command enables logging of changes in the status of EIGRP neighbors. Logging provides information to help you detect routing or connectivity problems. |
enable [level] Description With no arguments, this command takes an interactive session from user EXEC mode to privileged EXEC mode. If the level argument is present, it can be used to enter any of 16 levels, 0 through 15. Level 0 is the normal user mode (user EXEC mode) and 15 is the privileged user mode (privileged EXEC mode). See the privilege command in Chapter 4 for more information on setting the level values. |
enable last-resort {password | succeed} no enable last-resort {password | succeed} Configures The action to take if the TACACS servers do not respond Default Disabled Description This command tells the router what to do if the TACACS server times out, and you are using TACACS for the enable password. The password keyword tells the router to prompt for the enable password that is in the configuration. The succeed keyword tells the router to go to enable mode without further action. The latter behavior is very insecure. |
enable password [level level] password no enable password Configures The password for the enable mode Default None Description This command sets the password for the enable mode. It can also be used to establish passwords for other levels. In the router's configuration, the password is stored in the clear and can be viewed by using show running-config and other commands. You can encrypt this password as well as other passwords with the command service password-encryption. However, because this encryption uses a very simple XOR algorithm, it is easily cracked. |
enable secret [level level] password no enable secret Configures The password for the enable mode Default None Description This command sets the password for the enable mode. It can also be used to establish passwords for other levels. In the router's configuration, the password is stored in an encrypted form and is never displayed in the clear. |
enable use-tacacs no enable use-tacacs Configures TACACS authentication for the privileged (enable) command level Default Disabled Description This command requires the use of TACACS for the enable password. If you use this command, be sure that you also use the tacacs-server authenticate enable command. |
encapsulation layer-type no encapsulation Configures ATM adaptation layer for Any Transport over MPLS (AtoM) Default AAL5 Description This command configures the ATM adaptation layer for Any Transport over MPLS (AtoM) while in the AtoM VC configuration. The layer-type can be aa5 for ATM Adaptation layer 5 or aal0 for ATM adaptation layer 0. Example ! For AtoM we must use the l2transport command with the pvc command pvc 1/101 l2transport encapsulation aal5 |
encapsulation type encapsulation dot1q vlan-id [native] encapsulation isl vlan-id no encapsulation Configures Encapsulation method used by the interface Default Depends on interface Description This command sets the encapsulation method for this interface. Possible values for the encapsulation type are atm-dxi, bstun (block serial tunnel), dot1q, frame-relay (see Chapter 6), hdlc, isl, lapb, ppp, sde, dlc, and smds. For Frame Relay interfaces, the options are cisco and ietf. The default is cisco, which is Cisco's proprietary encapsulation method. ietf sets the encapsulation method to the IETF standard, which is used when connecting to another vendor's Frame Relay router or switch. For interfaces that are compatible, such as Fast Ethernet interfaces, you can enable dot1q to apply a VLAN ID to the interface. native is an optional keyword that sets the VLAN ID value of the port to the value specified by vlan-id. To enable ISL encapsulation on an interface, use the isl keyword followed by the VLAN ID you wish to use. For more information on dot1q and ISL encapsulation, see Chapter 14. Example The following code uses hdlc encapsulation on a serial line: interface serial0 encapsulation hdlc This code uses PPP on an ISDN line: interface bri0 encapsulation ppp This code sets vlan 101 to a subinterface: interface fastethernet0/1.101 encapsulation dot1q 101 |
end Description This command exits the current configuration mode and must be used to mark the end of any configuration file. Example ! lengthy configuration file omitted ! some commands here ! end of configuration file end |
erase [startup-config] [flash] Description This command erases the stored configuration (startup-config) or the flash memory (flash) on the router. Flash memory stores the IOS operating system image; obviously, this command is dangerous. Example This command erases your stored configuration: Router# erase startup-config This one erases your IOS image: Router# erase flash |
escape-character ascii-number no escape-character Configures The system escape character Default Ctrl-^ Description This command defines the character that terminates a running command. The default, as specified in the hot-key listing, is Ctrl-^ (Control+Shift+6 on most keyboards). ascii-number must be the decimal value of the character you want to use. The Break key cannot be used as an escape character. The no form of the instruction returns the escape character to the default. Example The following commands set the disconnect character to Ctrl-C, which has a decimal value of 3: Router(config)# line 2 Router(config-line)# escape-characer 3 Router(config-line)# vacant-message # Router(config-line)# ***** Welcome to Sphinx ***** Router(config-line)# Escape key is Ctrl-C Router(config-line)# # |
exception core-file name no exception core-file name Configures A core dump filename Default routername-core Description This command sets the name of the core file that is generated when a router crashes. Use the exception protocol command to set the protocol that the router uses to transmit the core file. |
exception dump ip no exception dump Configures The exception dump server IP address Default None Description This command sets the IP address of the server to which the router sends a core dump when the router crashes. |
exception memory {fragment size | minimum size} no exception memory Configures Memory parameters that cause a core dump Default Disabled Description This command causes a core dump if certain memory parameters are exceeded. The fragment size is the minimum contiguous block of memory in the free pool in bytes; the minimum size is the lowest allowable size of the free memory pool in bytes. If these parameters are exceeded, a core dump is generated. For example, if you set the minimum size to 100000 and the memory goes below 100,000 bytes, a core file is generated. |
exception protocol {ftp | rcp | tftp} no exception protocol Configures Protocol to transmit a core file to a server Default tftp Description This command sets the protocol to use for transmitting a core file to a server. The protocol can be ftp, rcp, or tftp. Use the exception dump command to set the IP address of the server. Example exception protocol tftp exception dump 192.168.1.1 |
exception spurious-interrupt [number] no exception spurious-interrupt Configures The number of spurious interrupts that generate a core dump Default Disabled Description This command sets the number of spurious interrupts that will cause the router to generate a core file and reboot. number can be from 1 to 4,294,967,295. |
exec no exec Configures Access to the router command interface Default Enabled Description The no form of this command disables EXEC processes, which are enabled by default. Disabling EXEC processes is useful for lines on which you do not want users to access the router. For example, you may want to disallow login access on a dial-in line. |
exec-timeout minutes [seconds] no exec-timeout Configures The time an EXEC session can be idle Default 10 minutes Description This command sets the amount of time a session waits for user input before timing out and closing the session. minutes specifies the number of minutes in the timeout period; seconds specifies the number of seconds. Don't set the EXEC timeout to be extremely short; for example, don't give a command like exec-timeout 0 1. You may never get back into your router without doing a configuration recovery. Example The following command sets the timeout period to 4 minutes and 59 seconds: exec-timeout 4 59 |
exit Description This command closes your current connection if you are in user EXEC mode or privileged EXEC mode. If you are in a subconfiguration mode such as the interface or routing configuration mode, this command takes you to the next higher level (e.g., back to EXEC mode from interface configuration mode). Example Routerexit Connection Closed Routerenable Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface serial0 Router(config-if)#exit Router(config)# |
fair-queue [queues] no fair-queue [queues] Configures The number of dynamic queues to be reserved for the default class Default Depends on interface Description This command specifies the number of dynamic queues reserved for the default class (class-default) only. It can be used with the queue-limit command and or the random-detect command. The default number of queues is based on bandwidth: less than 64 Kbps is 16 queues, 64 to 128 Kbps is 32 queues, 128 to 256 Kbps is 64 queues, 256 to 512 Kbps is 128 queues, and more than 512 Kbps is 256 queues. Example policy-map policy1 class class-default fair-queue 16 queue-limit 20 |
fair-queue [congestive [dynamic [reservable]]] no fair-queue [congestive [dynamic [reservable]]] Configures Weighted Fair Queueing Default WFQ is enabled for interfaces with bandwidth less than or equal to 2 Mbps; default values are congestive 64, dynamic 256, reservable 0. Description This command enables Weighted Fair Queueing on an interface. For Weighted Fair Queueing, the options are: congestive Optional. The number of messages allowed in each queue past which traffic is discarded. The value can range from 1 to 512. dynamic Optional. The number of queues for best-effort conversations. Valid values are 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096. reservable Optional. The number of queues for reserved conversations. The value can be from 0 to 1,000. |
fair-queue aggregate-limit packets no fair-queue aggregate-limit Configures Maximum number of packets for DWFQ Default Based on buffer space in the Versatile Interface Processor (VIP) Description This command sets the total number of buffered packets allowed before packets are dropped. This is the sum of all packets in buffers for Distributed Weighted Fair Queuing (DWFQ). If the buffered packets stay below this limit, no packets are dropped. |
fair-queue individual-limit packets no fair-queue individual-limit Configures Maximum queue depth for an individual queue Default Half of the aggregate queue limit Description This command sets the maximum number of packets allowed in an individual queue during periods of congestion. |
fair-queue {qos-group group | tos number} limit class-packet-size no fair-queue {qos-group group | tos number} limit class-packet-size Configures Maximum queue depth for a specific DWFQ class Default Half the aggregate limit size unless the individual limit is set, in which case that is the default Description This command sets the queue size for a specific DWFQ. The qos-group number can be from 1 to 99; it is used to match the value set by the Committed Access Rate (CAR) or the BGP policy propagation. The tos value is used to match the two low-order IP precedence bits in the ToS (Type of Service) field. The class-packet-size is the maximum number of packets allowed in the queue during periods of congestion. |
fair-queue qos-group no fair-queue qos-group Configures DWFQ based on QoS (Quality of Service) group numbers Default Disabled Description This command enables DWFQ based on QoS group numbers. The QoS group numbers, which are taken from the CAR or BGP policy propagation, are used to sort traffic into queues. The fair-queue weight and fair-queue limit commands set up the appropriate queues. |
fair-queue tos no fair-queue tos Configures DWFQ based on ToS (Type of Service) values Default Disabled Description This command enables DWFQ based on ToS values. The ToS fields in the packet provide two low-order IP precedence bits, which are used to sort packets into queues. The fair-queue weight and fair-queue limit commands set up the appropriate queues. |
fair-queue {qos-group group | tos number} weight value no fair-queue {qos-group group | tos number} weight value Configures Assigns a specific weight for DWFQ Default For qos-group, unallocated bandwidth defaults to group 0; for tos, the default class/weight values are 0/10, 1/20, 2/30, and 3/40 Description This command allocates a specific weight (percentage of the bandwidth) to each QoS group or ToS type. value must be between 0 and 100. |
fddi burst-count size no fddi burst-count Configures Buffers to allocate to handle extra FDDI traffic Default 3 Description This command enables an FDDI interface to allocate extra buffers ahead of time. These buffers are used to handle possible traffic bursts. The buffer size can be from 1 to 10; the default is 3. |
fddi c-min microseconds no fddi c-min Configures The C-Min timer Default 1,600 microseconds Description This command sets the C-Min timer on the interface to microseconds. |
fddi cmt-signal-bits signal-bits [phy-a | phy-b] no fddi cmt-signal-bits signal-bits [phy-a | phy-b] Configures CMT transmission bits Default None Description This command sets the bits to be transmitted during the signal phase of CMT. Changing these values is not recommended and should be done only to debug specific CMT problems. signal-bits is the hexadecimal value of the bit fields you wish to set. phy-a and phy-b select the physical sublayer, either a or b. Table 17-9 describes the bit fields.
|
fddi duplicate-address-check no fddi duplicate-address-check Configures Duplicate address checking during ring initialization Default Disabled Description This command enables an FDDI interface to detect duplicate addresses on the ring. |
fddi encapsulate no fddi encapsulate Configures Encapsulation mode Default Enabled (SNAP) Description This command enables the bridge encapsulating mode for this interface, which is used to interface the CSC-FCIT with other FDDI modules. The CSC-FCIT has bridging enabled by default. no fddi encapsulate disables bridging for this interface. |
fddi frames-per-token number no fddi frames-per-token Configures Number of frames that an interface transmits per token capture Default 3 frames Description This command sets the number of frames that an interface transmits during a token capture. number can be from 1 to 10. |
fddi smt-frames no fddi smt-frames Configures Enables SMT frame processing Default Enabled Description This command enables the interface to process and generate SMT (FDDI Station Management) frames. |
fddi tb-min milliseconds no fddi tb-min Configures TB-min timer Default 100 milliseconds Description This command sets the TB-min timer in the Physical Connection Management (PCM) for this interface. |
fddi tl-min-time microseconds no fddi tl-min-time microseconds Configures Minimum time to transmit a physical line state Default 30 microseconds Description This command sets the minimum time to transmit a physical line state before transitioning to the PCM state for this interface. Changing this field is not recommended. |
fddi token-rotation-time microseconds no fddi token-rotation-time microseconds Configures Ring scheduling Default 5,000 microseconds Description This command sets the time in microseconds for the ring to recover from ring errors. The range can be from 4,000 to 165,000 microseconds. |
fddi t-out milliseconds no fddi t-out Configures The t-out timer Default 100 ms Description This command sets the t-out timer for the PCM. |
fddi valid-transmission-time microseconds no fddi valid-transmission-time microseconds Configures Time to recover from a transient ring error Default 2,500 microseconds Description This command sets the transmission time for the interface. The range can be from 40 to 1,342,200 microseconds. |
flowcontrol {none | software [lock] [in | out] | hardware [in | out]} no flowcontrol {none | software [lock] [in | out] | hardware [in | out]} Configures Flow control for a line Default No flow control Description This command defines the serial flow control between the router and the device connected to a serial line. none No flow control. software Sets to software flow control. lock Makes it impossible to turn off flow control. hardware Sets to hardware flow control. If neither in nor out are specified, flow control is assumed to be in both directions, i.e., the router accepts and sends flow control. |
Class C filesystem: format filesystem: Class A filesystem: format [spare number] filesystem: Configures A Class C or Class A filesystem Description This command formats a flash filesystem. Each filesystem name must be followed by a colon; for example, format slot0:. The spare option is valid only for Class A filesystems, which allow you to reserve a number of spare sectors. number can be from 0 to 16. The default is 0. |
frame-relay adaptive-shaping {becn | foresight} no frame-relay adaptive-shaping Configures The type of backward notification Default Disabled Description This command selects the type of backward notification to which the Frame Relay interface should respond. It can be set to becn (backwards explicit congestion notification) or foresight. |
frame-relay {bc | be} {in | out} bits no frame-relay {bc | be} {in | out} bits Configures The committed and excess burst sizes Default 7000 bits for both bc and be Description This command specifies the incoming (in) or outgoing (out) committed burst size (bc) and the excess burst size (be) for a Frame Relay virtual circuit. The burst size is given in bits. |
frame-relay becn-response-enable no frame-relay becn-response-enable Configures The use of BECNs to regulate output traffic Default Enabled when frame traffic shaping is in use Description This command is enabled when traffic shaping is in use. The use of BECNs (backwards explicit congestion notifications) regulates output traffic. You won't see this command in the configuration when you do a show. Use the no form to disable traffic shaping. |
frame-relay broadcast-queue size byte-rate packet-rate no frame-relay broadcast-queue Configures Queues for broadcast traffic Default Size, 64; byte rate, 256,000 bps; packet rate, 36 packets per second Description This command sets the broadcast queue parameters for a Frame Relay interface. A broadcast queue is used for any broadcast packets that have to be replicated for multiple DLCIs on the interface. size The number of packets to hold in the queue. Normally, you want at least 20 for each DLCI on the interface. byte-rate The maximum number of bytes to be transmitted per second. This value should be less than:
packet-rate The maximum number of packets to be transmitted per second. |
frame-relay cir {in | out} bps no frame-relay cir {in | out} bps Configures Incoming or outgoing CIR Default 56,000 bps Description This command sets the Committed Information Rate (CIR) for a Switched Virtual Circuit (SVC) to bps (bits per second). The CIR is the guaranteed available bandwidth for the circuit, and may be 0. The in and out keywords specify the direction to which the CIR applies. |
frame-relay class name no frame-relay class name Configures Associates a map class with an interface Default None Description This command applies the map class given by name to a Frame Relay interface. The map class may be built from Frame Relay commands used in the map-class context. Example In this example, we assign a map class called MAP1 to interface serial1.1: interface serial1.1 frame-relay class MAP1 ! ! Now make the map-class map-class frame-relay MAP1 frame-relay cir in 56000 no frame-relay becn-response-enable |
frame-relay custom-queue-list list no frame-relay custom-queue-list list Configures The custom queue list to be used for the interface Default None (FIFO) Description See the queue-list command for information about creating a custom queue list. |
frame-relay de-group group-number dlci no frame-relay de-group Configures Discard Eligibility (DE) Default None Description This command applies a DE group to a DLCI. group-number can be from 1 to 10. DE groups are defined with the command frame-relay de-list; they identify traffic that may be discarded if the traffic on the interface exceeds the committed information rate and the Frame Relay switch is congested. |
frame-relay de-list list-number {protocol type | interface type number} characteristic no frame-relay de-list list-number {protocol type | interface type number} characteristic Configures Discard Eligibility (DE) Default None Description This command defines packets that are eligible for discard during times of congestion on a Frame Relay switch. Packets matched by this list have the "discard eligible" bit set in the Frame Relay header. list-number An identifying number. This number identifies the list when it is referenced by other commands, particularly frame-relay de-group. A DE list may be defined by several frame-relay de-list statements with the same number. protocol type Specifies the protocol of the packets to be selected by this list. Possible values are arp, apollo, appletalk, bridge, clns, clns_es, clns_is, compressedtcp, decnet, ip, ipx, vines, and xns. interface type number Specifies the interface of packets to be selected for the list; that is, you can specify that all traffic coming through a certain interface should be marked as discard-eligible. The interface must be a serial interface, an Ethernet interface, or the null interface. characteristic Specifies the characteristics of the packets that are eligible for discard. It must be one of the following: fragments (fragmented packets eligible for discard), tcp port (TCP traffic on the specified port), udp port (UDP traffic on the specified port), list access-list (TRaffic matched by the given access list), gt bytes (packets larger than the given size; make sure to include all headers), or lt bytes (packets less than the given size; again, include all headers). |
frame-relay idle-timer seconds no frame-relay idle-timer seconds Configures Idle timeout for an SVC Default 120 seconds Description This command sets the idle timeout for a Switched Virtual Circuit (SVC) to seconds. |
frame-relay interface-dlci dlci [broadcast] [ietf | cisco] no frame-relay interface-dlci dlci [broadcast] [ietf | cisco] Configures DLCI for a Frame Relay subinterface Default No DLCI is set as default Description Assigns a Data Link Connection Identifier (DLCI) to a Frame Relay subinterface. dlci The DLCI number to be used on the current subinterface. broadcast Allows broadcast packets on this connection. ietf Specifies IETF encapsulation for this connection. cisco Specifies CISCO encapsulation for this connection. |
frame-relay intf-type [dce | dte | nni] no frame-relay intf-type Configures Frame Relay switch type Default dte Description This command sets the Frame Relay switch type. It is valid only if Frame Relay switching has been enabled with the global frame-relay switching command. The keyword dce causes the router to function as a switch connected to another router; dte is used when the router is connected to a Frame Relay network; nni (Network-to-Network Interface) is used when the router connects to another switch. |
frame-relay inverse-arp [protocol] [dlci] no frame-relay inverse-arp [protocol] [dlci] Configures Inverse ARP for Frame Relay Default Enabled Description This command configures the use of inverse ARP for associating an IP address with a Frame Relay interface. This command is useful if inverse ARP was globally disabled on the router, but you want to enable inverse ARP for a particular interface or subinterface. To enable or disable inverse ARP for a specific protocol and DLCI pair, use both arguments (protocol and dlci); for all protocols on a DLCI, use only the dlci argument; for all DLCIs, use only the protocol argument. protocol The protocol to support on this interface. Supported protocols include appletalk, decnet, ip, ipx, vines, and xns. dlci One of the DLCI numbers for this interface. The value can be from 16 to 1,007. |
frame-relay ip rtp header-compression [active | passive] no frame-relay ip rtp header-compression Configures RTP header compression on the interface Default Disabled Description This command enables RTP header compression on the interface. The active keyword tells the device to compress all headers; the passive keyword tells it to compress headers only if the incoming packet had its headers compressed. The default is active. |
frame-relay ip tcp header-compression [passive] no frame-relay ip tcp header-compression Configures Compression of TCP/IP packet headers Default Enabled Description This command configures an interface so that its PVCs compress IP headers. passive Optional. Performs compression only if the incoming packets are compressed. |
frame-relay lmi-type {ansi | cisco | q933a} no frame-relay lmi-type {ansi | cisco | q933a] Configures The LMI Default Autosense Description This command allows you to set the Local Management Type (LMI) of the Frame Relay switch the router is talking to. Setting the LMI type explicitly deactivates autosensing. Use the keepalive command with this command. Example interface serial0 encapulation frame-relay frame-relay lmi-type cisco keepalive 20 |
frame-relay local-dlci number no frame-relay local-dlci Configures The local DLCI Default None Description This command sets the local DLCI. It is rarely needed because LMI is normally used to set the local DLCI. If you don't use LMI, this command allows you to set the local DLCI explicitly. |
frame-relay map protocol protocol-address dlci [broadcast] [ietf | cisco] [payload-compress {packet-by-packet | frf9 stac [hardware-options]}] no frame-relay map protocol protocol-address Configures Frame Relay connection parameters Default None Description This command defines a mapping between a protocol-specific destination address and the DLCI to use for connections to that destination. protocol One of appletalk, decnet, dlsw, ip, ipx, llc2, rsrb, vines, or xns. protocol-address The destination address. dlci The DLCI to use. broadcast Optional. Activates forwarding of broadcasts to this address when multicast is not enabled. ietf Optional. Use IETF encapsulation on this interface. cisco Optional. Use Cisco's encapsulation method on this interface. If neither ietf nor cisco is specified, the interface uses the encapsulation specified by the encapsulation frame-relay command. payload-compress packet-by-packet Optional. Activates packet-by-packet compression using the Stacker method. Packet-by-packet compression is a proprietary Cisco feature and won't interoperate with other vendors' equipment. payload-compress frf9 stac Optional. Activates FRF.9 compression using the Stacker method. hardware-options Optional. Can be distributed, software, or csa. distributed causes compression to be performed in a VIP2; software causes compression to occur in the IOS software on the main processor; csa csa-number specifies the CSA to use for a particular interface (available only on 7200 series routers). |
frame-relay map bridge dlci[broadcast] [ietf] no frame-relay map bridge dlci [broadcast] [ietf] Configures Broadcast forwarding Default None Description This command specifies that broadcasts are to be forwarded. dlci The DLCI to use for bridging on this interface. broadcast Optional. Forwards broadcasts when multicast is not enabled. ietf Optional. Forces the use of IETF encapsulation, which is used when talking to a non-Cisco device. |
frame-relay map clns dlci [broadcast] no frame-relay map clns dlci [broadcast] Configures Broadcast forwarding for ISO CLNS routing Default None Description This command causes broadcasts to be forwarded when ISO CLNS is used for routing. dlci The DLCI to use for CLNS broadcast forwarding. broadcast Optional. Causes broadcasts to be forwarded when multicast is not enabled. |
frame-relay map ip address dlci [broadcast] compress frame-relay map ip address dlci [broadcast] nocompress Configures Compression for both RTP and TCP headers Default Disabled Description This command enables compression for both RTP and TCP packet headers. address The IP address of the destination or next hop. dlci The DLCI number. broadcast Optional. Forwards broadcasts to the specified IP address. |
frame-relay map ip rtp address dlci rtp header-compression [active | passive] no frame-relay map ip rtp address dlci rtp header-compression [active | passive] Configures Compression for RTP headers per DLCI Default Disabled Description This command enables RTP compression for a specific dlci on a link. The active keyword means that the router should always compress the RTP headers (this is the default). The passive keyword specifies that the router should compress packets only when the incoming packet was compressed. |
frame-relay map ip address dlci [broadcast] [cisco| ietf] [no compress] tcp header-compression {active | passive} no frame-relay map ip address dlci [broadcast] [cisco| ietf] [no compress] tcp header-compression {active | passive} Configures Compression methods for a map Default None Description This command maps a Frame Relay DLCI to an IP address, enabling TCP header compression for this connection. It's useful if header compression isn't the default for the interface. address The IP address. dlci The DLCI to use. broadcast Optional. Causes broadcasts to be forwarded. cisco Optional. Uses Cisco's encapsulation method. ietf Optional. Uses RFC 1490 encapsulation. no compress Optional. Disables compression. active Causes every TCP/IP packet header to be compressed. passive Compresses packet headers only if the incoming packet was compressed. |
frame-relay mincir {in | out} bps no frame-relay mincir {in | out} bps Configures The CIR Default 56,000 bps Description This command sets the minimum incoming (in) or outgoing (out) committed information rate (CIR) that you are willing to accept, in bits per second (bps). |
frame-relay multicast-dlci dlci no frame-relay multicast-dlci Configures The DLCI to be used for multicasts Default None Description This command defines a dlci for multicasts. This command is used for testing Frame Relay configurations and is not required in a production configuration. |
frame-relay payload-compress packet-by-packet no frame-relay payload-compress packet-by-packet Configures Payload compression Default Disabled Description This command enables compression on the link, using a proprietary compression protocol that will not work with other vendors' equipment. |
frame-relay priority-dlci-group group-number high-dlci medium-dlci normal- dlci low-dlci Configures Assigns a priority to different DLCIs Default Disabled Description This command sets the priority levels for DLCIs in the group specified by group-number. Within a group, there are four priority levels (high, medium, normal, and low); one DLCI is assigned to each priority level (high-dlci to the high-priority level, etc.). If fewer than four DLCIs are given, the last DLCI is assigned to the remaining priority levels. |
frame-relay priority-group list-number no frame-relay priority-group list-number Configures Applies a priority list to a Frame Relay virtual circuit Description This command is similar to the priority-group command for the interface, except that it applies the priority list to a Frame Relay virtual circuit. list-number The priority list number. Priority lists are defined with the priority-list command. Example The following example applies priority-list 1 to the Frame Relay configuration: interface serial 0 encapsulation frame-relay frame-relay interface-dlci 200 frame-relay priority-group 1 ! priority-list 1 protocol ip high |
frame-relay route in-dlci out-interface out-dlci no frame-relay route in-dlci out-interface out-dlci Configures Static routes for PVC switching Default None Description This command allows you to assign a static route based on DLCIs. Example In the following configuration, packets from DLCI 100 received by the serial0 interface are routed out through DLCI 200 on serial1. Likewise, packets received from DLCI 101 on serial0 are routed out through DLCI 201 on serial1. interface serial0 frame-relay route 100 interface Serial1 200 frame-relay route 101 interface Serial1 201 |
frame-relay svc no frame-relay svc Configures SVC operation on the interface Default Disabled Description This command enables Switched Virtual Circuit (SVC) processing on the interface and all its subinterfaces. |
frame-relay switching no frame-relay switching Configures Enables PVC switching Default Disabled Description This command enables Permanent Virtual Circuit (PVC) switching on the router. |
frame-relay traffic-rate average [peak] no frame-relay traffic-rate average [peak] Configures Traffic shaping for a virtual circuit Default The bandwidth of the line Description This command allows you to configure traffic shaping for a virtual circuit. It doesn't provide the granularity of other commands that configure traffic shaping; it lets you specify only average and peak traffic rates. average The average rate in bits per second, which is the same as the contracted CIR. peak Optional. The peak rate expected for this interface in bits per second. If this option is omitted, the default value is the line rate calculated from the bandwidth command. |
frame-relay traffic-shaping no frame-relay traffic-shaping Configures Traffic shaping Default Disabled Description This command enables traffic shaping for the interface. |
fsck [/nocrc] filesystem: Configures Checks and repairs a Class C filesystem Description This command checks the given filesystem, which must be a Class C filesystem, and repairs any problems it finds. The /nocrc option forces fsck to skip CRC checks. The filesystem name must be followed by a colon. |
ftp-server enable no ftp-server enable Configures Enables FTP server Default Disabled Description This command enables FTP services on the router; the router runs an FTP server that can be used to upload and download files in the router's filesystem. To use this feature, you must also configure the ftp-server topdir command. |
ftp-server topdir directory no ftp-server topdir Configures The directory to which FTP clients have read/write access Default None (all read and write operations are denied) Description This command sets the directory in the router's filesystem that FTP clients are allowed to access. Access is also allowed to subdirectories of this directory. If this command has not been given or if no ftp-server topdir has been given, no access is allowed via FTP. Example The following commands enable the router's FTP server and allow it to access the directory disk1:/logs and all its subdirectories. ftp-server enable ftp-server topdir disk1:/logs |
full-duplex no full-duplex Configures Full-duplex mode Default Half-duplex Description This command enables full-duplex mode on interfaces that support it. |
full-help no full-help Configures Full help for a line Default Disabled Description This command enables full help on a line configuration. |
group-range start end no group-range start end Configures An interface group Default None Description This command specifies a range of interfaces that are treated as a group for the purposes of configuration. It is used in conjunction with the interface group-async command. start and end are the beginning and ending numbers of the interfaces that are configured as a group. Example The following commands group the async interfaces 1 through 7. Once a group has been defined, specific interfaces can be singled out for special treatment with the member command: for example, specific IP addresses can be applied to each interface. interface group-async 0 group-range 1 7 ip unnumbered ethernet0 async mode interactive member 1 peer default ip 10.10.1.1 member 2 peer default ip 10.10.1.2 member 3 peer default ip 10.10.1.3 member 4 peer default ip 10.10.1.4 member 5 peer default ip 10.10.1.5 member 6 peer default ip 10.10.1.6 member 7 peer default ip 10.10.1.7 |
half-duplex no half-duplex Configures An SDLC interface for half-duplex Default Disabled Description This command configures an SDLC interface for half-duplex mode. |
half-duplex controlled-carrier no half-duplex controlled-carrier Configures Controlled carrier mode versus constant carrier mode Default Constant carrier mode Description Low speed serial interfaces use constant carrier mode by default. This command places the interface in controlled carrier mode; it can be used only on interfaces that have been configured for half-duplex. |
help Description Displays a brief listing of user-level commands. To get more verbose help, use the full-help command. |
history [number-of-lines] no history Configures History buffer size Default 10 lines Description This command enables the user interface's history mechanism. A history is a listing of commands that have been executed in the current session. This command is stored in the router's configuration and applies to all user sessions. number-of-lines is the size of the history buffer and must be in the range of 0-256. If omitted, the buffer size is set to the default value. Use the no version of this command to disable the history mechanism; use the show history command to view the current history buffer. If you want to activate a history buffer only for your current session, use the command terminal history. Example Router# history 255 Router# no history Router# show history |
hold-character ascii-number no hold-character Configures The character that suspends output Default None Description This command sets the character that suspends output to a terminal screen. ascii-number is the value of the character in decimal. Having a pause key benefits users who need to scroll through a lot of text; pressing any character resumes output to the screen. Example Router(config)# line 2 Router(config-line)# hold-character 19 Router(config-line)# vacant-message # Router(config-line)# ***** Welcome to Sphinx ***** Router(config-line)# Press the return key to start the connection Router(config-line)# Suspend with Ctrl-S Router(config-line)# # |
hold-queue packets {in | out} no hold-queue packets {in | out} Configures Size of the hold queue Default Input queue, 75 packets; output queue, 40 packets Description This command specifies the length of the input queue (in) or the output queue (out) in packets. Slower links require smaller queue sizes than faster links. Example interface Async4 ip unnumbered Ethernet0 hold-queue 20 out async default ip address 192.101.187.164 async mode interactive |
hostname name-string no hostname Configures The hostname of the router Default Factory-assigned "Router" Description This command sets the hostname of the router. |
hssi external-loop-request no hssi external-loop-request Configures Support for CSU/DSU Default Disabled Description This command enables support for CSU/DSUs that provide the LC signal. The LC signal allows the CSU/DSU to request loopback from the router. |
hssi internal-clock no hssi internal-clock Configures Use of the internal clock Default Disabled Description This command configures an HSSI interface to provide a 45 MHz master clock. It is used when two HSSI interfaces are connected via a null modem cable; one of the two interfaces must provide a clock signal on the link. Both interfaces cannot provide clocks, so use this command only on one side of the link. |
hub ethernet hub-number first-port [last-port] Configures Hub configuration mode Default None Description The hub command enters hub configuration mode, in which you can enter commands that configure a hub. It is applicable only to routers that are equipped with hub interfaces. hub-number is the number of the hub that you are configuring. first-port is the beginning of a range of consecutive ports to be configured as part of the hub; last-port is the last port in the range. If you omit last-port, this command adds a single port to the hub. Example To configure one port of a hub: hub ethernet 0 1 source-address 00:00:0c:ff:d0:04 To configure all ports of a hub: hub ethernet 0 1 7 no link-test auto-polarity |
ignore-dcd no ignore-dcd Configures Determination of a link's status Default A DTE serial interface monitors the DCD signal Description This command tells the interface to ignore the DCD signal and use the DSR signal to determine whether the link is up or down. By default, all DTE serial interfaces monitor the DCD signal for the link's status. |
interface interface.subinterface [{point-to-point | multipoint}] Configures Allows configuration of a given interface Default None Description This command enters the interface configuration mode for the given interface and subinterface. The interface most commonly consists of an interface type followed by the number of the particular interface (for example, ethernet0). A space is allowed (and commonly used) between the interface type and the number. Table 17-10 shows the most common interface types. On more complex routers, the interface number can be specified in a number of different ways: as a slot/port combination, as a slot/adapter/port combination, or as a slot/port:channel-group combination. The appropriate form depends on the hardware you're dealing with. The interface specification can include a subinterface number; subinterfaces are most common when using protocols like Frame Relay or ATM, which can package a number of communications channels on a single physical connection. The point-to-point keyword indicates that a subinterface is logically connected to a single remote node; multipoint indicates that it is logically connected to a number of remote nodes. multipoint and point-to-point are most commonly used on Frame Relay and ATM interfaces.
|
interface bvi bridge-group-number no interface bvi bridge-group-number Configures Bridging Default None Description The Bridge-Group Virtual Interface (BVI) becomes available on routers when the bridge irb command has been given. This interface allows the router to route and bridge the same protocol over the same interface. The bridge group-number must match the bridge group defined for the bridge. Example In this configuration, serial0 and serial1 are bridged, and traffic is routed through those interfaces out through ethernet0: bridge irb bridge 1 protocol ieee ! interface serial0 bridge-group 1 ! interface serial bridge-group 1 ! interface ethernet 0 ip address 10.11.1.1 255.255.255.0 ! ! Configure the virtual bvi interface with a bridge group number of 1 interface bvi 1 ip address 10.10.3.1 255.255.255.0 ! ! Now configure the routing for the bridge bridge 1 route ip |
interface dialer number no interface dialer number Configures A dialer configuration Default None Description This command allows you to define a virtual dialer configuration that can be applied to a set of physical interfaces. Once you configure this interface, you can make other interfaces use this configuration by using the dialer rotary-group command. number is the virtual interface number, and can be a value from 0 to 9. Example interface dialer 0 encapsulation ppp dialer in-band dialer map ip 10.1.1.1 name bob 5551111 ! interface async 1 dialer rotary-group 0 |
interface group-async number no interface group-async number Configures A group of interfaces that can share configuration parameters Default None Description This command allows you to create a group of async interfaces to which you can apply commands. Actual interfaces that belong to the group inherit the settings you apply to this virtual interface. The group-range command defines which physical async interfaces are included in the group. A physical interface can belong only to one group. Example The following commands define a group-async interface that includes async interfaces 1 through 7. The ip unnumbered and async mode commands apply to all the interfaces in the group. interface group-async 0 group-range 1 7 ip unnumbered ethernet0 async mode interactive |
ip access-group access-list [in | out] no ip access-group access-list [in | out] Configures Assigns an access list to an interface Default No access lists defined Description This command applies the given access list to the interface in the direction specified (in or out). Access-list commands are discussed in Chapter 7. Each interface can support only one access list in either direction. Example The following commands apply access list 110 to filter incoming packets on the serial1 interface, and access list 111 to filter outgoing packets: interface serial1 ip access-group 110 in ip access-group 111 out To remove an access list from an interface, use the no form of this command: interface serial1 no ip access-group 111 out If you use the no access-list command, your access list will be deleted. Be sure to use no ip access-group when removing lists from interfaces. |
ip access-list {standard | extended} name Configures Named access lists Default None Description This command allows you to create a named access list. A named access list is really no different from a numbered access list as defined by the access-list command, except that it is identified by a logical name. A named access list may be either standard or extended. This command is followed by permit and deny commands that specify the access-list rules. For more about access lists, see Chapter 7 and the discussion of the access-list command. Example The following commands define a named access list that allows HTTP traffic from any host to the server at 10.1.2.3 and permits all other TCP traffic that has the SYN flag set. Remember that all access lists end with an implicit deny, which rejects all traffic not permitted by a statement in the access list. ip access-list extended bogus-firewall permit tcp any host 10.1.2.3 eq http permit tcp any any established As of IOS 12.4, you can enter noncontiguous ports on a single line within a named access list. Before, you would write such an access list like this: ip access-list extended acllist1 permit tcp any host 192.168.1.1 eq telnet permit tcp any host 192.168.1.1 eq www permit tcp any host 192.168.1.1 eq smtp permit tcp any host 192.168.1.1 eq pop3 With noncontigious port support, you can write it more tersely: ip access-list extended acllist1 permit tcp any host 192.168.1.1 eq telnet www smtp pop3 |
ip accounting [access-violations] no ip accounting [access-violations] Configures IP accounting for an interface Default Disabled Description This command enables IP accounting based on the source and destination IP addresses that are passing through this router. Traffic that terminates at the router is not logged. The access-violations option enables logging based on access lists. For an access list to log information, the log keyword must be specified at the end of the access-list command. Example The following interface has IP accounting enabled and logs access-list violations: interface serial 1 ip address 10.10.2.3 255.255.255.0 ip access-group 110 in ip accounting access-violations ! Deny telnet to the outside and log it when someone tries access-list 110 deny tcp 10.10.2.0 0.0.0.255 any eq 23 log access-list 110 permit ip any any |
ip accounting-list address mask no ip accounting-list address mask Configures An accounting filter Default None Description This command defines an IP address and wildcard mask for use as an accounting filter. Once a filter has been created, traffic is logged only if it matches the filter. If an IP address fails to match this filter, it is considered a transit IP packet and is logged to a separate table. See ip accounting-transits. Example The following command logs traffic to and from the 10.10.0.0 network: ip accounting-list 10.10.0.0 0.0.255.255 |
ip accounting-threshold log-size no ip accounting-threshold log-size Configures The IP accounting log table Default 512 entries Description This command sets the size of the IP accounting table to log-size bytes. Each entry takes up to 26 bytes. Therefore, an accounting table defined at 100 entries could consume up to 2600 bytes of memory. This calculation should be kept in mind when defining new thresholds, as memory usage has adverse affects on the router. Example To double the accounting buffer: ip accounting-threshold 1024 |
ip accounting-transits number no ip accounting-transits Configures The table used for logging transit IP addresses Default None Description This command sets the size of the table for transit IP accounting to number entries. A transit IP packet is any packet with a source or destination that does not match the filter defined in the ip accounting-list command. If no accounting filters are defined, there are no transit IP packets. Example To set the transit table to 200 entries: ip accounting-transits 200 |
ip address address subnet-mask [secondary] no ip address address subnet-mask [secondary] Configures The IP address for an interface Default No IP address Description This command sets the IP address for the interface to address; the network mask used on the network is subnet-mask. The secondary keyword is used to apply a second (or third, or fourth... ) address to an interface. It is allowed only if the interface allows multiple IP addresses. Example This command sets the IP address of the ethernet0 interface to 10.10.1.1 and the subnet mask to 255.255.255.0: interface ethernet0 ip address 10.10.1.1 255.255.255.0 The following commands use the secondary keyword to add a second IP address to the ethernet0 interface: interface ethernet0 ip address 10.10.1.1 255.255.255.0 ip address 10.10.2.1 255.255.255.0 secondary This interface will now answer and provide routing for both the 10.10.1.0/24 and 10.10.2.0/24 subnets. |
ip address negotiated no ip address negotiated Configures PPP address negotiation Default Disabled Description This command configures an interface to obtain its IP address via PPP. |
ip address-pool [dhcp-proxy-client | local] no ip address-pool Configures Default address pooling Default Disabled Description This command provides an IP address pool to be used on dial-in or ISDN interfaces. dhcp-proxy-client Optional. The router works as a proxy between the dial-in peers and the DHCP server to provide the address pool. local Optional. Tells the router to use the local address pool. |
ip alias ip-address port no ip alias ip-address Configures IP address mapping for reverse telnet Default None Description This command allows you to provide aliases in the form of IP addresses for various ports on the router. This feature is helpful if you are configuring a communication server with reverse telnet. ip-address The IP address of the port for which you want to establish an alias. port The port that you want to use as an alias for the IP address. Example Say we have a communication server (router) with three ports to which we allow reverse telnet access: 2001, 2002, and 2003. Instead of requiring users to type the router's IP address and the port every time, we assign (alias) an available IP address to each of our ports. The following commands create three IP address aliases (172.30.1.1, 172.30.1.2, and 172.30.1.3): ip alias 172.30.1.1 2001 ip alias 172.30.1.2 2002 ip alias 172.30.1.3 2003 |
ip as-path access-list access-list {permit | deny} as-regex no ip as-path access-list access-list {permit | deny} as-regex Configures A BGP access list Default None Description This command allows you to build an access list for BGP autonomous system (AS) paths. These lists can be applied to a neighbor with the filter-list option to the neighbor command. access-list is a number that identifies the list; as-regex is a regular expression that matches AS paths. For more information on valid regular expressions for BGP, see Chapter 10. Example The following commands create an AS-path access list that denies (blocks) routes that include AS 111. This access list is then applied to routes that are sent to the BGP neighbor 11.1.1.1. ip as-path access-list 1 deny _111_ router bgp 120 network 10.1.0.0 neighbor 11.1.1.1 remote-as 200 neighbor 11.1.1.1 filter-list 1 out |
ip authentication key-chain eigrp as-number key-chain no ip authentication key-chain eigrp as-number key-chain ip authentication mode eigrp as-number md5 no ip authentication mode eigrp as-number md5 Configures Authentication of EIGRP packets Default None Description The ip authentication key-chain command defines the key chain to be used for authenticating EIGRP packets. It is used with the ip authentication mode eigrp command, which applies the key chain to the correct EIGRP process. Key chains are defined with the global key chain command. as-number The EIGRP process to which this key applies. key-chain The name of an EIGRP key chain. Example interface ethernet0 ip authentication key-chain eigrp 100 key1 ip authentication mode eigrp 100 md5 |
ip bandwidth-percent eigrp as-number percent-value Configures The bandwidth that EIGRP is allowed to use Default 50 percent Description This command sets the bandwidth percentage that EIGRP is allowed to consume on a link. It is particularly useful if the link's bandwidth has been set to a fake value for some reason (such as metrics). as-number The EIGRP process whose bandwidth is being limited. percent-value The percentage of the interface's total bandwidth that can be used by EIGRP. The interface's bandwidth is defined by the bandwidth command and may not be the same as the actual bandwidth available on the link. Note that percent-value may be greater than 100; this is useful if the bandwidth has been set to an artificially low value and doesn't reflect the actual capacity of the link. |
ip bgp-community new-format no ip bgp-community new-format Configures Display of the BGP communities Default Disabled Description This command changes the display of BGP communities from NN:AA to AA:NN. |
ip bootp server no ip bootp server Configures Use of a BOOTP server from the network Default Enabled Description This command enables or disables the router's BOOTP server. Disabling this feature prevents hosts from accessing the BOOTP service on the router; that is, the router won't act as a BOOTP server. |
ip broadcast-address address no ip broadcast-address address Configures A broadcast address for an interface Default Depends on the settings in the config-register Description This command specifies the interface's broadcast address. All hosts on the network to which the interface is connected must use the same broadcast address. Broadcast addresses are usually formed by setting the "host address" portion of the IP address to 1, which is the default for the router and most modern computer systems. Some old systems may form the broadcast address by setting the host portion to 0, and may be incapable of using the "1" form. In this case, you must explicitly set the broadcast address of the router interface (and all other hosts on the network) to use the older form. Example The following code changes the broadcast IP address for serial 0 to 10.10.10.255: interface serial 0 ip broadcast-address 10.10.10.255 |
ip cef [distributed] no ip cef Configures Cisco Express Forwarding (CEF) Default Depends on the hardware; usually disabled Description This command enables CEF on the router. CEF is a Layer 3 switching technology that increases network performance for certain types of network traffic. The optional distributed keyword enables distributed CEF (dCEF), which distributes CEF information to line cards on the router. |
ip cef traffic-statistics [load-interval seconds] [update-rate seconds] no ip cef traffic-statistics Configures Time intervals that control when NHRP creates or destroys an SVC Default load-interval is 30 seconds; update-rate is 10 seconds Description This command sets the intervals that NHRP uses when building or tearing down an SVC. The load-interval is used in conjunction with the ip nhrp trigger-svc command; its value can range from 30 to 300 seconds. The update-rate is the frequency, in seconds, at which the port adapter sends statistics to the route processor (RP). When using NHRP in distributed CEF switching mode, the update rate must be set to 5 seconds. |
ip cgmp [proxy | router-only] no ip cgmp Configures Cisco Group Management Protocol (CGMP) Default Disabled Description This command enables CGMP on an interface, which is useful when the interface is connected to a Cisco Catalyst family switch. proxy Optional. Enables CGMP and the CGMP proxy function. router-only Optional. Enables the router to send only CGMP self-join and CGMP self-leave messages. |
ip classless no ip classless Configures IP classless routing for the router Default Depends on the IOS version Description This command enables routing based on "classless" addresses. With classless routing, packets can be routed if the router knows a route for a supernet of the addressee. Without classless addressing, the packet is discarded if it arrives at the router and there is no network route for its destination. Assume that a packet arrives with the destination of 10.10.1.5, but we have routes only for 10.10.2.0/24, 10.10.3.0/24, and 10.10.0.0/16. With IP classless routing enabled, the router forwards the packet to the 10.10.0.0/16 network because 10.10.0.0/16 is the best matching supernet of 10.10.1.5. |
ip community-list number {permit | deny} community no ip community-list number Configures A community list for BGP Default None Description This command defines a community list, which is basically an access list for a BGP community. A community list can be used with the match community command in a route-map configuration. number A value identifying the community list that this command belongs to. Values can be 1 to 99. permit | deny Permits or denies the given community. community The community to permit or deny. This parameter may be a community number between 1 and 99, or one of the default community names (internet, no-export, no-advertise). Example ip community-list 1 permit internet |
ip default-gateway address no default-gateway address Configures The default gateway for the router Default None Description This command establishes address as the router's default gateway, which is the gateway to which nonlocal packets are forwarded in the absence of a better route. It is useful if the no ip routing command has been issued or if you are running from boot mode, in which IP routing is disabled. This command allows you to forward traffic to the default gateway when routing is disabled. Use the no form of this command to remove the entry from the router's configuration. |
ip default-network network no ip default-network network Configures Gateway of last resort Default None Description This command defines a gateway of last resort. The network argument is a network address; any route to the network becomes the default route. For RIP, this is the 0.0.0.0 route; for OSPF, it is an external route. |
ip dhcp-server address no ip dhcp-server address Configures The DHCP server for the router Default None Description Specifies the address of the DHCP server for this router. You can provide the hostname of the DHCP server instead of its IP address. This DHCP server is then used for creating address pools with the ip address-pool command. |
ip directed-broadcast [access-list] no ip directed-broadcast Configures Broadcast forwarding Default Enabled (disabled for IOS 12.0 and later) Description By default, the router automatically translates directed broadcasts to physical broadcasts within your network. In other words, Layer 3 broadcasts to the IP broadcast address (10.10.1.255 for the subnet 10.10.1.0/24) are translated into Layer 2 broadcasts with an address appropriate for the interface (e.g., ff:ff:ff:ff:ff:ff for an Ethernet interface). While this can be useful, an interface that is configured to the outside world could allow a potential hacker to flood your network by pinging the broadcast address on your interface. It is recommended that directed-broadcast is disabled on your external interfaces to prevent this attack from occurring. Directed broadcast is also the primary mechanism used for the "smurf" attack. It is recommended that you disable directed broadcast on all your interfaces unless you have a very good reason to use it. Example To disable directed broadcasts: interface serial 0 no ip directed-broadcast |
ip domain-list domain no ip domain-list domain Configures Domain name completion Default None Description This command allows you to define a series of domain names to be used (in turn) to complete an unqualified domain name. It behaves just like the domain-name command except that it allows you to list a series of domains. Example These commands set the domain list to mydomain.com, com.com, and mycom.com: ip domain-list mydomain.com ip domain-list com.com ip domain list mycom.com Use the no form of the command to delete an entry: no ip domain-list com.com |
ip domain-lookup no ip domain-lookup Configures DNS lookups for hostnames Default Enabled Description This command enables the DNS lookup feature. To disable DNS, use the no form of this command. Disabling this feature is useful because you don't usually want the router trying to perform a DNS lookup on every word that you type at the command prompt. (You can accomplish the same thing by enabling transport preferred none on all lines.) Furthermore, if you are having network problems, you may not be able to reach any DNS servers to perform lookups. Example To disable DNS lookups: no ip domain-lookup |
ip domain-name domain no ip domain-name domain Configures Domain name completion Default None Description This command sets the domain name that the router will use to complete any unqualified domain names. See also ip domain-list. Example Here, all unqualified hostnames are taken to be in the mydomain.com domain: ip domain-name mydomain.com |
ip dvmrp accept-filter access-list [distance] [neighbor-list access-list] no dvmrp accept-filter access-list Configures Incoming filter for DVMRP reports Default All reports are accepted with a distance of 0 Description This command applies an access list to incoming DVMRP reports. The lower the distance, the higher the precedence of the route when computing the Reverse Path Forwarding value. access-list The number of a standard IP access list (0-99). Routes matching the access list are assigned the given administrative distance. If the access list number is 0 (which is not a legal access list number), all reports are accepted with the given administrative distance. distance Optional. The administrative distance to be assigned to routes matching the filter. Default is 0. neighbor-list list Optional. The number of a standard IP access list (1-99). DVMRP reports are accepted only from neighbors who match this access list. |
ip dvmrp auto-summary no ip dvmrp auto-summary Configures DVMRP auto summarization Default Enabled Description Auto summarization occurs when a route is summarized into a classful network route. Use the no form of this command to disable it, which you will want to do if you are using the ip dvmrp summary-address command. |
ip dvmrp default-information {originate | only} no dvmrp default-information Configures Advertises a default route to DVMRP neighbors Default Disabled Description This command causes the default route (0.0.0.0) to be advertised to DVMRP neighbors. originate Routes more specific than 0.0.0.0 can be advertised. only Only the default route is advertised. |
ip dvmrp metric metric [list access-list] [[protocol process-id] | [dvmrp] no ip dvmrp metric Configures Metrics for DVMRP Default 1 Description This command lets you specify a metric to be used with the DVMRP routing protocol. The specified metric is assigned to multicast destinations that match the access list. metric The metric associated with DVMRP reports; it can range from 0 to 32. means the route is not advertised; 32 means that the route's destination is unreachable. list access-list Optional. If used, this metric is assigned only to multicast destinations that match the access list. protocol Optional. bgp, eigrp, igrp, isis, ospf, rip, static, or dvmrp. process-id Optional. The process ID of the routing protocol, if required. dvmrp Optional. Allows routes from the DVMRP routing table to be advertised with the configured metric route map. |
ip dvmrp metric-offset [in | out] value no ip dvmrp metric-offset Configures Metrics of advertised DVMRP routes Default in; the default value for in is 1, for out is 0 Description This command allows you to increment the metric for DVMRP routes. The given value is added to either metrics received (in) or metrics sent (out) by the router. |
ip dvmrp output-report-delay milliseconds [burst-packets] no ip dvmrp output-report-delay Configures Interpacket delay of a DVMRP report Default 100 milliseconds; 2 burst packets Description This command sets the number of milliseconds that elapse between packets of a DVMRP report. milliseconds Number of milliseconds between transmission of packets. burst-packets Optional. The number of packets in the set being transmitted. |
ip dvmrp reject-non-pruners no ip dvmrp reject-non-pruners Configures Peering with DVMRP non-pruners Default Disabled Description When enabled, this feature tells the interface not to peer with DVMRP hosts that do not support pruning. By default, the router will peer with all DVMRP neighbors. |
ip dvmrp routehog-notification route-count no ip dvmrp routehog-notification Configures Number of routes accepted before a syslog message is generated Default 10,000 Description This command sets the number of DVMRP routes that can be accepted within one minute to route-count. If more than this number of routes is accepted within a minute, the router generates a syslog message. This usually helps capture any router that is misconfigured and injecting too many routes. |
ip dvmrp route-limit count no ip dvmrp route-limit count Configures Number of advertised DVMRP routes Default 7,000 Description This command sets the limit on the number of DVMRP routes that can be advertised over an interface to count. |
ip dvmrp summary-address address mask [metric value] no ip dvmrp summary-address address mask Configures A summary DVMRP route Default None Description This command configures a summary DVMRP route to be advertised over an interface. address The IP address of the summary route. mask The network mask of the summary route. metric value Optional. The metric to be assigned to the summary address. Default is 1. |
ip dvmrp unicast-routing no dvmrp unicast-routing Configures DVMRP unicast routing Default Disabled Description This command enables DVMRP unicast routing on the interface. |
ip forward-protocol {udp [port] | any-local-broadcast | spanning-tree | turbo-flood} no ip forward-protocol Configures Forwarding of broadcast packets for certain services Default Enabled with the ip helper-address command Description When the ip helper-address command is configured for an interface, the router "helps" hosts find certain UDP services by forwarding the packets. These services are BOOTP (DHCP), DNS, TFTP, TACACS, TIME, and NetBIOS name and datagram servers. This command allows you to define additional UDP ports that you want forwarded automatically to the helper IP address. port Optional. Without this parameter, all the default UDP ports listed here are forwarded. This keyword allows you to forward a specific port. You can disable a default port with the no version of this command. any-local-broadcast Forwards any broadcasts including local subnet broadcasts. spanning-tree Forwards IP broadcasts that meet the following criteria: First, it must be a MAC level broadcast; second, it must be an IP level broadcast; and third, it must be TFTP, DNS, NetBIOS, ND, TIME, BOOTP, or any other UDP packet specified by an ip forward-protocol udp command. turbo-flood Speeds up the flooding of UDP datagrams when using the spanning-tree algorithm. This command should be used in conjunction with the ip forward-protocol spanning-tree command. Example To forward port 21000 for a specific application: ip forward-protocol udp 21000 |
ip ftp passive no ip ftp passive Configures Passive FTP mode Default Disabled (normal FTP) Description This command configures the router to use passive FTP. Passive FTP is often used when connecting through firewalls or access lists that block normal FTP connections. With passive FTP, the file transfer session originates from the client, not the server, which makes firewalls more likely to allow it. You may need to use passive FTP when copying a file or image to an FTP server. |
ip ftp password [encryption-level] password no ftp password Configures The FTP password Default username@routername.domain Description This command sets the password to be used for FTP connections. The default password is appropriate for anonymous FTP connections. If you do not use anonymous FTP, you must use this command to provide an appropriate secret password. The encryption-level allows you to encrypt the password within the router's configuration, so people who have access to the configuration file won't learn it. The encryption-level may be 0 or 7; 0 does not encrypt the password, while 7 uses a proprietary (but not particularly strong) encryption scheme. |
ip ftp source-interface interface no ip ftp source-interface Configures The FTP source address Default The IP address of the interface closest to the destination Description This command sets the source address for FTP connections to the IP address of the given interface. |
ip ftp username username no ip ftp username Configures The FTP username Default anonymous Description This command sets the username for FTP connections. If no username is supplied, the router attempts an anonymous FTP file transfer. Example The following commands configure the router to use passive FTP with the username saul and the password pleaseletmein. ip ftp passive ip ftp username saul ip ftp password pleaseletmein |
ip hello-interval eigrp as-number seconds no ip hello-interval eigrp as-number seconds Configures Hello interval for EIGRP Default five seconds Description This command sets the interval at which EIGRP hello discovery packets are sent out on a link. The default value for the hello interval is 5 seconds. On links where latency is high, changing this value to a higher number can be advantageous. as-number The EIGRP process number (frequently called an AS number). seconds The interval between hello discovery packets. |
ip helper-address address no ip helper-address address Configures IP address to which certain broadcast UDP packets are forwarded Default Disabled Description This command sets the helper address to address. The helper address should be the address of a host that can answer UDP requests from other hosts. The router sees these requests broadcast on a LAN interface and forwards them to the helper address (generally a unicast address) if one is defined. A helper is particularly useful for DHCP requests; without some kind of forwarding, DHCP requires you to have a separate server on every subnet. By itself, this command forwards packets for the BOOTP (DHCP), DNS, TFTP, TACACS, TIME, and NetBIOS name and datagram services. The ip forward-protocol command can be used to forward additional UDP services. Example To configure interface ethernet0 to have a helper address: interface ethernet0 ip address 10.10.1.2 255.255.255.0 ip helper address 10.10.2.5 |
ip hold-time eigrp as-number seconds no ip hold-time eigrp as-number seconds Configures Hold time for EIGRP networks Default 15 seconds Description This command defines the number of seconds that a route is held before hearing from a neighbor router. If the router doesn't hear from a neighbor within this time, the routes from that neighbor are considered invalid. The default holdtime is three times the hello interval, which is 15 seconds on most links. Slower links might have a holdtime of 180 seconds and a hello interval of 60 seconds. as-number The EIGRP process number (frequently called an AS number). seconds The holdtime for this EIGRP process. |
ip host name [tcp-port] address [address] no ip host name address Configures A static hostname that maps to one or more IP addresses Default None Description This command allows you to define an IP address for a hostname. Each hostname can have up to eight IP addresses associated with it. This is similar to a host file on a workstation (for example, the /etc/hosts file on Unix). name The name of a host. tcp-port Optional. The port to connect to on the host when using the telnet command. address The address assigned to the host. Example The following commands define two IP hosts; the second one has two IP addresses: ip host gateway1 10.10.1.1 ip host gateway2 10.10.1.2 10.10.1.3 |
ip http server no ip http server ip http access-class access-list no ip http access-class access-list ip http authentication method no ip http authentication method ip http port port no ip http port port Configures Web IOS interface Default Disabled; when enabled, listens on port 80 Description This command configures support for the Web IOS interface software. This feature enables an HTTP server on the router and allows you to configure the router by pointing any web browser at this server. The access-class option lets you specify an access list that limits access to the HTTP server. The port option lets you specify the port on which the server listens. The acceptable authentication methods are enable, local, tacacs, and aaa. Example The following commands enable the web browser interface and specify a non-default port: ip http server ip http port 8008 |
ip identd no ip identd Configures Identification support Default Disabled Description This command enables the IDENTD identification protocol. To disable IDENTD, use the no form of the command. |
ip igmp access-group access-list version no ip igmp access-group access-list version Configures Controls multicast groups Default All groups are enabled; default version is 2 Description This command allows you to set an access-list that controls which groups are available on the interface for hosts to join. If a host is in the access list, it will be allowed to join multicast groups. The version parameter changes the IGMP version. |
ip igmp explicit-tracking no ip igmp explicit-tracking Configures Explicit tracking for IGMPv3 Default Disabled Description This command enables explicit tracking of hosts, groups, and channels for IGMP v3. Explicit tracking allows the router to individually track IGMP membership states of all reporting hosts. To view the information, use the show ip igmp membership command. |
ip igmp helper-address ip-address no ip igmp helper-address ip-address Configures Forwards IGMP messages to another IP address Default Disabled Description This command causes all IGMP Host Reports and Leave messages to be sent to the host specified by the ip-address parameter. |
ip igmp join-group group-address no ip igmp join-group group-address Configures Has the router join a multicast group Default None Description This command causes the router to join the multicast group specified by the IP group address on the interface. |
ip igmp query-interval seconds no ip igmp query-interval seconds Configures Query message interval Default 60 seconds Description This command configures the router to send IGMP host-query messages at the specified interval. Changing this value may affect multicast forwarding. |
ip igmp query-max-response-time seconds no ip igmp query-max-response-time seconds Configures Response time advertised in IGMP query packets Default 10 seconds Description This command sets the time in seconds that the responder has to respond to a query before the router deletes the group. This command works only with IGMP Version 2. |
ip igmp query-timeout seconds no ip igmp query-timeout seconds Configures Query timeout Default two times the query interval Description This command sets the query timeout period in seconds. This is the time that the router waits after the last querier stops querying, and takes over as the querier. |
ip igmp static-group group-address no ip igmp static-group group-address Configures A static igmp group for the router Default Disabled Description This command enrolls the router in the multicast group specified by the group-address. Unlike the ip igmp join-group command, this command allows packets to the group to be fast-switched out the interface. |
ip igmp version {1 | 2 | 3} no ip igmp version Configures The IGMP version type Default 2 Description This command sets the version number of IGMP supported by the router (1, 2, or 3). Make sure that your hosts support the same version. Version 3 was introduced in 12.1(5)T. |
ip irdp [multicast | holdtime seconds | maxadvertinterval seconds | minadvertinterval seconds | preference value | address ip-address [preference]] no ip irdp Configures IRDP Default Disabled Description This command enables ICMP Router Discovery Protocol (IRDP) on an interface. Other hosts on the network can use this protocol to negotiate a default router based on the preference parameter. This command has many options. Instead of writing a single long command, it's often more convenient to issue a number of shorter commands, each setting one option. multicast Optional. Tells the router to use the multicast address instead of the broadcast address for IRDP. holdtime seconds Optional. The time in seconds that advertisements are held. By default, this value is three times the maxadvertinterval. maxadvertinterval seconds Optional. Sets the maximum interval in seconds between advertisements. The default is 600 seconds. minadvertinterval seconds Optional. Sets the minimum interval in seconds between advertisements. The default is the maximum interval. preference value Optional. Sets the preference value for this router, which is used by the routers running IRDP to select the default gateway. The default preference is 0. The higher the preference, the more preferred this router is to hosts. address ip-address [ preference] Optional. Tells the router to generate proxy advertisements for the given ip-address. If you specify a preference, it is associated with the given ip-address. This allows routers that do not run IRDP to participate in router discovery. Example interface ethernet0 ! Enable IRDP on this interface ip irdp ! make this router preferred ip irdp preference 10 |
ip load-sharing [per-packet] [per-destination] no ip load-sharing [per-packet] [per-destination] Configures Cisco Express Forwarding (CEF) Default per-destination Description This command enables load sharing for Cisco Express Forwarding (CEF). By default, CEF uses per-destination load sharing, in which all traffic for a given destination is sent through the same interface. The per-packet keyword changes the behavior of CEF so that packets for the same destination may be sent through different interfaces. This approach makes load sharing more effective because it increases the effective bandwidth between the router and the destination. However, packets might arrive at the destination out of order, requiring the destination host to reassemble them. |
ip local policy route-map map no ip local policy route-map map Configures Policy routing Default None Description This command enables local policy routing. In brief, policy routing means using criteria other than the shortest path to the destination (as computed by a routing protocol) for route selection. The map parameter is the name of a route map that specifies the routing policy. Unlike the ip policy command, which applies a routing policy to a single interface, this command applies the policy to traffic originating on the router. Example In this example, a route map named map1 states that any traffic that matching access list 101 will be routed to the 10.1.1.1 router. Access list 101 matches all IP traffic destined for network 10.1.5.0/24. The ip local policy command is used to apply this route map, effectively routing all traffic for 10.1.5.0 through 10.1.1.1 regardless of what the routing protocols might tell the router to do. There are many possible reasons for this policyfor example, the traffic for 10.1.5.0 might be highly confidential, and we want to make sure that it passes only through trusted routers. access-list 101 permit ip 10.1.5.0 0.0.0.255 any ! ip local policy route-map map1 ! route-map map1 match ip address 101 set ip next-hop 10.1.1.1 |
ip local pool {default | poolname} low-ip-address [high-ip-address] no ip local pool {default | poolname} Configures A pool of IP addresses Default None Description This command allows you to create a pool of IP addresses that are used when a remote system connects to one of your interfaces. The default pool is the one used if no name is given on the interface. default Default pool configuration. poolname The name of the pool you are configuring. low-ip-address The starting (lowest) IP address in the address pool. high-ip-address The ending (highest) IP address in the pool. This is optional. If omitted, the only IP address in the pool is the low-ip-address. Example ! Assign a pool called dialins1 that goes from 172.30.25.10 to 172.30.25.100 ip local pool dialins1 172.30.25.10 172.30.25.100 |
ip mask-reply no mask-reply Configures Responses to ICMP mask request messages Default Disabled Description By default, the router does not respond to ICMP mask requests. This command enables responses through the interface. Example interface ethernet 1 ip mask-reply |
ip mroute source mask [protocol as-number] {rpf-address | interface} [distance] no ip mroute source mask [protocol as-number] {rpf-address | interface} [distance] Configures A multicast static route Default None Description This command adds a static multicast route. source The source IP address. mask Network mask for the source address. protocol as-number Optional. The unicast routing protocol you are using, followed by the protocol's process number or autonomous system number, if applicable. rpf-address The address of the incoming interface for the multicast route. This address can be a host address or a network address. interface The incoming interface for the route (e.g., serial0). distance Optional. This value is used to decide if a unicast, DVMRP, or static route should be used for RPF lookup. |
ip mroute-cache no ip mroute-cache Configures IP multicast fast switching Default Enabled Description This command enables fast switching for multicast routing , which is analogous to the route cache for unicast routing. If disabled with the no form of the command, every packet is switched at the process level. |
ip mtu bytes no ip mtu bytes Configures Maximum Transmission Unit (MTU) for the interface Default Depends on the interface's media type Description This command sets the MTU for the interface to bytes. The MTU is the largest packet size that can be sent over the interface. The default MTU depends on the media type; Table 17-11 shows default MTU values for some common media. This command allows you to modify the MTU for any interface. Larger MTU values are more efficient with highly reliable networks; lower MTU values can help if an interface is unreliable, or in situations where protocols do not support fragmentation.
Example interface ethernet 0 ip mtu 1250 |
ip multicast boundary access-list no ip multicast boundary Configures A multicast boundary Default None Description The access-list defines the multicast boundary, which is used to keep multicast packets from being forwarded out the interface. |
ip multicast cache-headers no ip multicast cache-headers Configures Buffers multicast packet headers Default Disabled Description This command enables the router to cache IP multicast packet headers. These headers can be viewed with the show ip mpacket command. |
ip multicast helper-map group-address broadcast-address access-list no ip multicast helper-map group-address broadcast-address access-list ip multicast helper-map broadcast multicast-address access-list no ip multicast helper-map broadcast multicast-address access-list Configures Multicast tunneling Default None Description Use this command to send broadcast packets through a multicast network that connects two or more broadcast-capable networks. At one multicast network, you convert the multicast packets to broadcast packets and send them through the broadcast network, which converts them back to multicast packets at the other end. group-address Multicast group whose traffic is to be converted to broadcast traffic. broadcast Specifies that the traffic is going to be converted from broadcast to multicast. broadcast-address When using the group-address parameter, this parameter specifies the IP address to which to send the broadcast traffic. multicast-address When using the broadcast option, this variable specifies the multicast address to which converted traffic is sent. access-list An extended access list that uses the UDP port number to control which broadcast packets will be converted. Example The following configuration converts multicast traffic for the multicast group 224.1.1.2 to broadcast traffic using the broadcast address 10.1.1.255 and UDP port 5000: interface ethernet 0 ip multicast helper-map 224.1.1.2 10.1.1.255 101 ip pim dense-mode ! ! Convert to UDP port 5000 access-list 101 permit any any udp 5000 access-list 101 deny any any udp ! ! Forward UDP port 5000 ip forward-protocol udp 5000 The next configuration is the other end of the tunnel. It converts broadcast traffic on UDP port 5000 to multicast traffic: interface ethernet 0 ip multicast helper-map broadcast 224.1.1.2 101 ip pim dense-mode ! ! Use access list to convert traffic to UDP ! port 5000 access-list 101 permit any any udp 5000 access-list 101 deny any any udp ! ! Forward udp port 5000 ip forward-protocol udp 5000 |
ip multicast rate-limit {in | out} [video | whiteboard] [group-list access- list] [source-list access-list] kbps no ip multicast rate-limit {in | out} [video | whiteboard] [group-list access-list] [source-list access-list] kbps Configures The rate at which a sender can send to a multicast group Default No rate limit Description This command controls the rate at which hosts matching a source list can send multicast packets to a multicast group. in The limit applies only to incoming packets. out The limit applies only to outgoing packets. video Optional. Rate limit applies only to video traffic. whiteboard Optional. Rate limit applies only to whiteboard traffic. group-list access-list Optional. The rate limit applies only to multicast groups that match the access list. source-list access-list Optional. The rate limit applies only to hosts sending multicast traffic that match the access list. kbps The total bandwidth, in Kbps, that is used for multicast traffic that matches the preceding parameters. Traffic in excess of this rate is discarded. If the rate is set to 0, no traffic is permitted. |
ip multicast-routing no ip multicast-routing Configures IP multicast routing Default Disabled Description By default, the router does not forward multicast packets. This command enables multicast routing. |
ip multicast ttl-threshold ttl no ip multicast ttl-threshold Configures TTL threshold of forwarded packets Default 0 Description This command configures the TTL threshold for packets that are being forwarded out the interface. Only packets with TTL values greater than the threshold are forwarded. The default value is 0, which means all packets are forwarded. The value of ttl can be from 0 to 255. |
ip name-server address [address] no ip name-server address Configures DNS server name Default None Description This command sets the name servers that the router uses for DNS queries. You can specify the addresses of up to 6 different DNS servers on one command line. Because you are configuring domain name service, be sure to use an IP address and not a hostname for the server! Example The first line configures one name server; the second line configures six name servers: ip name-server 10.10.2.5 ip name-server 10.10.1.5 10.10.2.5 10.10.3.5 10.10.4.5 10.10.5.5 10.10.6.5 |
ip nat {inside | outside} [log {translations syslog}] no ip nat {inside | outside} [log {translations syslog}] Configures IP Network Address Translation (NAT) Default Disabled Description This command configures an interface for NAT. The translation can occur for inside or outside addresses. Example In the following configuration, ethernet0 is our internal network with the internal IP address; serial0 is our external interface to the Internet. The NAT translation should be inside on ethernet0 and outside on serial0. The optional log command enables NAT logging. translations enables NAT logging translation. The syslog keyword enables syslog logging for NAT. interface ethernet0 ip address 10.10.1.1 255.255.255.0 ip nat inside interface serial0 ip address 192.168.1.1 255.255.255.0 ip nat outside |
ip nat inside destination [list access-list] pool pool-name no ip nat inside destination [list access-list] pool pool-name ip nat inside destination [list access-list] static global-ip local-ip no ip nat inside destination [list access-list] static global-ip local-ip Configures Enables NAT for inside destination IP addresses Default Disabled Description This command enables the mapping of internal (inside) destination addresses to global destination addresses. list access-list Optional. Defines an access list for the translation. If an address is not blocked by the access list, it is translated. pool pool-name The name of the address pool for allocating global IP addresses. static global-ip local-ip A static mapping of a global IP address to a local IP address. |
ip nat inside source {list access-list | route-map name} {interface interface-name | pool pool-name} [overload] no ip inside source {list access-list] pool pool-name [overload] ip nat inside source static local-ip global-ip no ip nat inside source static local-ip global-ip Configures Enables NAT for inside source IP addresses Default None Description This command enables the mapping of internal (inside) source addresses to global addresses. list access-list Optional. Defines an access list for the translation. If an address is not blocked by the access list, it is translated. You can use an access list number or name. route-map name Specifies a named route map. interface interface-name Specifies the name of an interface to be used for selecting the global IP address. pool pool-name The name of an address pool to be used for selecting global IP addresses. overload Optional. Allows many local IP addresses to share a few global IP addresses by multiplexing the ports. static local-ip global-ip A static mapping of a local IP address to a global IP address. |
ip nat outside source {list access-list | route-map name} pool pool-name no ip nat outside source {list access-list} pool pool-name ip nat outside source {list access-list}static global-ip local-ip no ip nat outside source {list access-list} static global-ip local-ip Configures Enables NAT for outside source IP addresses Default None Description This command enables the mapping of external (outside) source addresses to internal addresses. list access-list Optional. Defines an access list for the translation. If an address is not blocked by the access list, it is translated. You can use an access list number or name. pool pool-name The name of the address pool for allocating global IP addresses. route-map name Specifies a named route map. static global-ip local-ip A static mapping of a global IP address to a local IP address. |
ip nat pool name starting-address ending-address [netmask value | prefix-length length] [type rotary] no ip nat pool name starting-address ending-address [netmask value | prefix-length length] [type rotary] Configures The IP address pool to be used in the NAT configuration Default None Description This command defines a sequential range of IP addresses to use with NAT configurations. name Name of the address pool. starting-address The beginning of the pool's IP address range. ending-address The last IP address in the pool. netmask value Specifies the netmask for the pool address range. prefix-length length Specifies the number of ones in the bitmask. type rotary Optional. Specifies that the range of IP addresses corresponds to real hosts for which load distribution should occur. This means that the pool is defined as a round-robin set of address for load balancing. As new TCP connections are made, a new address is selected from the pool. Non-TCP traffic passes through without translation. |
ip nat stateful id id-number {redundancy name | {{primary ip-primary | backup ip-backup} peer ip-peer} mapping-id map-number} no ip nat stateful id id-number {redundancy name | {{ primary ip-primary | backup ip-backup} peer ip-peer} mapping-id map-number} Configures Stateful Network Address Translation (SNAT) Default None Description This command enables Stateful NAT, providing failover capabilities. For a complete explanation, see the NAT section in Chapter 13. id-number A unique number given to the stateful translation group. redundancy name Establishes HSRP as the method for redundancy. primary ip-primary Manually sets the IP address of the primary router. backup ip-backup Manually sets the IP address of the backup router. peer ip-peer Manually sets the IP address of the peer router in the translation group. mapping-id map-number Specifies whether the local stateful NAT translation router will distribute a set of locally created entries to the peer SNAT router. |
ip nat translation [max-entries number] {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout | icmp-timeout | pptp-timeout | syn-timeout | port-timeout} seconds no ip nat translation [max-entries number] {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout | icmp-timeout | pptp-timeout | syn-timeout | port-timeout} seconds Configures None Default See description Description This command specifies different timeouts for NAT translations. max-entries number Optional. Specifies the maximum number of NAT entries. Default is unlimited. timeout seconds The timeout on all translations except overloads. Default is 86,400 seconds. udp-timeout seconds The timeout on UDP port translations. Default is 300 seconds. dns-timeout seconds The timeout on DNS (Domain Name Service). Default is 60 seconds. tcp-timeout seconds The timeout on TCP ports. Default is 86400 seconds. finrst-timeout seconds The timeout on Finish and Reset TCP packets. Default is 60 seconds. icmp-timeout seconds The timeout for ICMP flows. Default is 60 seconds. pptp-timeout seconds The timeout for NAT Point-to-Point Protocol flows. Default is 86,400 seconds. syn-timeout seconds The timeout for TCP flows immediately after a SYN (synchronous transmission) message. The default is 60 seconds. port-timeout seconds The timeout that applies to TCP/UDP ports. The default is 0 (never). |
ip nbar pdlm name no ip nbar pdlm name Configures Network-Based Application Recognition (NBAR) Default None Description This command specifies a Packet Description Language Module (PDLM) file, which the router uses to extend its NBAR capabilities. The PDLM is a collection of items used by NBAR to identify protocols. A list of PDLM files is on Cisco's web site (http://www.cisco.com/pcgi-bin/tablebuild.pl/pdlm; note that this URL is available only to those with a Cisco service agreement). Example ip nbar pdm flash://somefilename.pdlm |
ip nbar port-map name [tcp | udp] port-number no ip nbar port-map name [tcp | udp] port-number Configures Network-Based Application Recognition (NBAR) Default None Description This command configures NBAR to look for a protocol on a specified port other than the well-known port. port-number can be a value from 0 to 65,535 and up to 16 ports can be listed on one line. Example ! we run our ssh on different ports ip nbar port-map ssh tcp 6000 60002 |
ip nbar protocol-discovery no ip nbar protocol-discovery Configures Network-Based Application Recognition (NBAR) Default None Description This command enables traffic statistics for an interface using all protocols known to NBAR. Use the show ip nbar protocol-discovery command to view the statistics. Example interface ethernet 1/1 ip nbar protocol-discovery |
ip netmask-format [bitcount | decimal | hexadecimal] no ip netmask-format [bitcount | decimal | hexadecimal] Configures How subnets are displayed by the show command Default Decimal format (255.255.255.0) Description This command determines the format that the show commands use for displaying subnet masks. Table 17-12 shows the possibilities.
|
ip nhrp authentication string no ip nhrp authentication Configures Authentication for NHRP Default Disabled Description This command sets an authentication string for Next-Hop Resolution Protocol (NHRP ). By default, no authentication is performed. The string can be up to eight characters in length. All routers within the NBMA (Non-Broadcast Multi-Access) must use the same authentication string. |
ip nhrp holdtime seconds no ip nhrp holdtime Configures NHRP holdtime Default 7200 seconds Description This command sets the number of seconds to advertise to other routers that they should keep NHRP information. |
ip nhrp interest access-list no ip nhrp interest Configures Which packets should trigger NHRP requests Default All non-NHRP packets trigger NHRP requests Description This command specifies an access-list that the router uses to select which packets should generate NHRP traffic. |
ip nhrp map ip-address nbma-address no ip nhrp map ip-address nbma-address Configures A static NBMA-to-IP address mapping Default None Description This command allows you to define a static ip-address to nbma-address mapping. The NBMA address can be a MAC address for Ethernet or an NSAP address for ATM. For NHRP, you usually need to configure one static mapping to get to the next-hop server. |
ip nhrp map multicast no ip nhrp map multicast Configures An NBMA address for broadcast or multicast packets Default None Description This command defines a nonbroadcast multi-access (NBMA) address to which to send broadcast or multicast traffic. An NBMA address is a MAC address for Ethernet networks or an NSAP address for ATM networks. A configuration may include several of these commands, each defining another NBMA address. This command allows you to send multicast traffic through a tunnel that crosses networks that do not support IP multicasting. It may be used only on tunnel interfaces. |
ip nhrp max-send packet-count every interval no ip nhrp max-send Configures Frequency of NHRP packets Default packet-count is 5; interval is 10 seconds Description This command controls the rate at which NHRP packets can be sent. At most, packet-count packets can be sent every interval seconds. packet-count can be from 1 to 65,535; interval can be from 10 to 65,535. NHRP traffic cannot exceed this rate. Both locally generated and forwarded traffic count toward the total. |
ip nhrp network-id id no ip nhrp network-id id Configures Enables NHRP Default Disabled Description This command enables NHRP on an interface by assigning a unique identifier for the network. All hosts participating in NHRP on a logical NBMA network must use the same network ID. id can be from 1 to 4,294,967,295. |
ip nhrp nhs ip-address [network mask] no ip nhrp nhs ip-address [network mask] Configures The NHS address Default None Description This command configures the ip-address of the next-hop server (NHS). Optionally, you can provide a network address and mask that specify the network that the NHS serves. To specify multiple networks for a single NHS, enter this command multiple times with different network and mask parameters. When NHS servers are configured, they override the normal NHRP forwarding table. |
ip nhrp record no ip nhrp record Configures The use of forward and reverse record options in NHRP packets Default Enabled Description The no form of this command disables the forward and reverse record options in NHRP request and reply packets. These options provide loop detection. |
ip nhrp responder interface no ip nhrp responder interface Configures The IP address to use as the source of NHRP reply packets Default The IP address of the interface that received the NHRP request Description This command specifies the interface whose IP address is used as the source for NHRP reply packets. Normally, the IP address of the interface that received the NHRP packet is used. This command is useful on next-hop servers because it allows a form of loop detection: the server can look for its own unique IP address. |
ip nhrp server-only [non-caching] no ip nhrp server-only Configures NHRP on an interface acting in server mode only Default Disabled Description This command enables NHRP on an interface in server mode only. In server mode, an interface does not originate NHRP requests. The optional non-caching keyword disables the cache of NHRP information. |
ip nhrp trigger-svc trigger-threshold teardown-threshold no ip nhrp trigger-svc Configures The thresholds for building an SVC based on traffic rates Default Trigger threshold, 1 Kbps; teardown threshold, 0 Kbps Description This command sets the thresholds for traffic rates that define when an SVC is built or destroyed. The trigger-threshold is the average traffic rate at (or above) which NHRP will create an SVC for a destination. The teardown-threshold is the traffic rate at (or below) which NHRP will tear down an SVC. Both parameters are in Kbps; they are calculated during the load interval. The load interval is the length of time over which the router calculates the interface's throughput for comparison with the trigger and teardown thresholds. It is always a multiple of 30 seconds and is set by the ip cef traffic-statistics command. |
ip nhrp use count no ip nhrp use Configures A usage count that defers NHRP requests for some number of packets Default 1 Description By default, when the router has a packet that is eligible for NHRP address resolution, the router sends the NHRP request immediately. This command allows you to defer the NHRP request until count packets have been sent to the destination. The packet count can be from 1 to 65,535. The packet count is destination-based. If the count was set to 3 and the router received five packets, two for destination 1 and three for destination 2, the router would generate an NHRP request only for destination 2. |
ip ospf authentication [message-digest | null] no ip ospf authentication Configures OSPF authentication Default No authentication Description This command enables OSPF authentication for an interface, to be used if the area authentication command is not enabled. If you enable this command with no options, specify the password with the ip ospf authentiation-key command. If you use the message-digest option, specify the password with the ip ospf message-digest-key command. The null option can be used to disable authentication for this interface if authentication of the entire area has already been configured. |
ip ospf authentication-key password no ip ospf authentication-key Configures A password to authenticate OSPF neighbors Default None Description This command assigns a password for communicating with neighboring routers to this interface. All adjacent routers should be configured with the same authentication key. The password can be from 1 to 8 bytes in length. |
ip ospf cost value no ip ospf cost value Configures A default OSPF cost for packets sent out on this interface Default 108 / bandwidth Description This command sets the cost of sending an OSPF packet on an interface to value. By default, Cisco routers use the bandwidth to determine the link's cost; high-speed links have a lower cost and are therefore more preferred. Other vendors may have alternative methods for cost calculation. This command can be used as needed to set the cost appropriately in a multivendor environment, or to change the preference of two links of the same type. By default, OSPF attempts load balancing across links of the same type; this command changes that behavior by modifying the cost associated with each link. Example In this example, there are two FDDI links. The second link has a higher cost, causing the router to prefer the first. interface fddi0 ip ospf cost 2 interface fddi1 ip ospf cost 5 |
ip ospf dead-interval seconds no ip ospf dead-interval Configures The interval that can pass between hello packets Default four times the hello interval Description This command specifies the length of time in seconds that must pass before receiving a hello packet. If the time passes without a hello packet from a neighbor router, the router is marked down. |
ip ospf demand-circuit no ip ospf demand-circuit Configures Dial-on-demand behavior Default Disabled Description This command tells OSPF that this interface is a demand circuit (i.e., an interface configured for dial-on-demand routing). OSPF will suppress verbose traffic (such as periodic hello packets), thus preventing the circuit from being kept up all the time. Example This example configures an ISDN interface as a DDR link for OSPF: interface bri0 ip address 10.12.1.5 255.255.255.0 encapsulation ppp ip ospf demand-circuit |
ip ospf hello-interval seconds no ip ospf hello-interval Configures The interval between hello packets Default 10 seconds Description This command sets the number of seconds between hello packets on a given interface. All nodes on a network must have the same hello interval. If you change the interval on one router, you must change it on all routers within the area. |
ip ospf message-digest-key keyid md5 key no ip ospf message-digest-key keyid md5 key Configures MD5 authentication Default Disabled Description This command enables MD5 password authentication for the interface. The keyid can be from 1 to 255; the key can be up to 16 bytes in length. |
ip ospf name-lookup no ip ospf name-lookup Configures DNS lookups for OSPF show commands Default Disabled Description This command enables DNS name lookups for all OSPF show commands. By default, show commands display IP addresses in numeric form. |
ip ospf network {broadcast | non-broadcast | point-to-multipoint | point-to-point} no ip ospf network Configures The type of OSPF network Default Depends on the interface type Description Given the interface's type, the OSPF process selects a default network type. This command allows the default network type to be changed. broadcast The interface is connected to a broadcast network. non-broadcast The interface is connected to a nonbroadcast network, i.e., a network with no effective way of dealing with broadcast packets. One example is a point-to-point network. point-to-multipoint The interface is connected to a point-to-multipoint network. point-to-point The interface is connected to a point-to-point network. Example By default, a serial interface is point-to-point. The following commands configure a serial subinterface as part of a broadcast network: interface serial0.1 ip ospf network broadcast |
ip ospf priority priority no ip ospf priority priority Configures OSPF priority Default 1 Description This command sets the priority for the router within the OSPF area to which the interface is connected. The priority determines which routers are selected as the area's DR and BDR, and can range from 0 to 255. Routers with a priority of 0 are excluded from the selection process; the router with the highest priority is selected. Example interface serial0 ip ospf priority 10 |
ip ospf retransmit-interval seconds no ip ospf retransmit-interval seconds Configures The interval between LSAs Default 5 seconds Description This command sets the interval (in seconds) at which link-state advertisements (LSAs) are sent to adjacent routers via the interface. The interval can range from 1 to 65,535 seconds. Example interface serial0 ip ospf retransmit-interface 3 |
ip ospf transmit-delay seconds no ip ospf transmit-delay seconds Configures Estimated time to send a link update on the interface Default 1 second Description This command lets you estimate the number of seconds required to transmit a link-state advertisement through this interface. It's most useful on slow interfaces where it may take a significant amount of time to transmit the announcement. The estimate is used in computing the packet's age; its value can range from 1 to 65,535 seconds. Example interface serial0 ip ospf transmit-delay 3 |
ip pim {sparse-mode | dense-mode | sparse-dense-mode} no ip pim Configures IP multicast routing on the interface Default Disabled Description This command enables PIM (Protocol-Independent Multicast) and IGMP on the interface. sparse-mode In this mode, the router forwards multicast packets only if it has received a join message from a downstream router or if it has group members directly connected to this interface. dense-mode In this mode, the router forwards multicast packets until it can determine whether there are group members or downstream routers. Unlike sparse-mode, it doesn't wait for a join message to begin sending multicast packets. sparse-dense-mode This mode allows the router to operate in both sparse-mode and dense-mode, depending on what the other routers in the multicast group are using. |
ip pim accept-rp {address | auto-rp} [access-list] no ip pim accept-rp {address | auto-rp} [access-list] Configures Processing of multicast join and prune messages Default Disabled Description By default, all join and prune messages are processed. This command lets you tell the router to process join and prune messages destined for a specific Rendezvous Point (RP) or a specific list of groups. address The RP allowed to send messages to the multicast groups specified by the group access list. auto-rp Accepts only messages from RPs in the auto-rp cache. access-list Optional. An access list that defines the multicast groups for which we want to process join and accept messages. |
ip pim message-interval seconds no ip pim message-interval seconds Configures Interval for join/prune messages Default 60 seconds Description In sparse-mode operation, this command allows you to control the interval in seconds for sending join and prune PIM messages. A router is pruned if it is not heard from in three times this interval. The interval's value can be from 1 to 65,535 seconds. |
ip pim minimum-vc-rate packets-per-second no ip pim minimum-vc-rate Configures Which VCs are eligible for idling Default 0 (all VCs) Description This command sets the packet rate at which ATM virtual circuits (VCs) can be idled. A VC is idled if its traffic rate falls below packets-per-second, which can range from 0 to 4,294,967,295. This command applies only to ATM interfaces in PIM sparse mode. |
ip pim multipoint-signalling no ip pim multipoint-signalling Configures PIM's ability to open ATM SVCs for multicast groups Default Disabled Description This command enables an ATM interface to open multipoint SVCs for each PIM multicast group that it joins. |
ip pim nbma-mode no ip pim nbma-mode Configures NBMA mode Default Disabled Description This command sets the interface for nonbroadcast multi-access (NBMA) mode and is used on nonmulticast interfaces such as Frame Relay and ATM. Use this command only with ip pim sparse-mode. |
ip pim neighbor-filter access-list no ip pim neighbor-filter access-list Configures A method to filter (deny) PIM packets from other routers Default None Description This command allows you to specify a standard IP access-list to control which routers receive PIM packets. The standard access list denies PIM packets from the source, preventing the router from joining PIM. |
ip pim query-interval seconds no ip pim query-interval Configures The frequency of PIM query messages Default 30 seconds Description This command sets the query interval to seconds. The query message is used to determine which router on the subnet will be the designated router. The designated router sends IGMP messages to the rest of the routers on the LAN; it also sends messages to the rendezvous point when operating in sparse-mode. The query interval defaults to 30 seconds and can be set to a value between 1 and 65,535 seconds. |
ip pim rp-address ip-address [group-access-list] [override] no ip pim rp-address ip-address Configures Defines the RP for a group Default None Description This command specifies the Rendezvous Point (RP) for a particular multicast group. ip-address IP address of the PIM rendezvous point. group-access-list Optional. Defines the multicast groups for which this RP address should be used. If there is no access list, the RP address is used for all groups. override Optional. If the rendezvous point address defined by this command conflicts with the rp-cache, the override option causes this command to override the auto-rp cache. |
ip pim rp-announce-filter rp-list access-list group-list access-list no ip pim rp-announce-filter rp-list access-list group-list access-list Configures A filter for incoming RP announcements Default All announcements are accepted Description RP routers periodically send out auto-rp announcement messages. This command controls which of these messages are accepted. rp-list access-list A standard access list that defines the list of allowable RP addresses for the group list. group-list access-list A standard access list that defines the multicast groups that the RPs serve. |
ip pim send-rp-announce interface scope ttl group-list access-list no ip pim send-rp-announce interface scope ttl group-list access-list Configures The auto-rp cache Default Disabled Description This command tells the router to use the auto-rp cache to define the multicast groups for which the router is willing to become the RP. You normally use this command in the router that you wish to become the RP. interface The interface that identifies the RP address. scope ttl Time-to-Live value for announcements. TTL is roughly equivalent to a hop count. group-list access-list An access list that defines the groups for which this router should be the RP. |
ip pim send-rp-discovery scope ttl no ip pim send-rp-discovery scope ttl Configures The router to be the RP mapping agent Default Disabled Description This command configures the router to be the RP mapping agent for the PIM domain. The time-to-live value (ttl) should be large enough to cover the entire domain. |
ip pim vc-count number no ip pim vc-count Configures The number of VCs that PIM can open Default 200 VCs per ATM interface or subinterface Description This command sets the maximum number of virtual circuits (VCs) that PIM can open. number must be between 1 and 65,535. |
ip pim version {1 | 2} no ip pim version Configures PIM version to use on an interface Default 2 Description This command sets the PIM version to use for an interface. The version can be 1 or 2. |
ip policy-list name { permit | deny } no ip policy-list name Configures A policy list for use in a route map Default None Description This command allows you to create a policy list for use in a BGP route map. The name is the name of the policy map. permit and deny establish what to do with traffic that matches the policy list conditions. Example ip policy-list out-policy permit match as-path 10 match metric 12 |
ip policy route-map map no ip policy route-map map Configures Policy routing Default None Description This command enables policy routing for an interface. In brief, policy routing means using criteria other than the shortest path (as computed by a routing protocol) for route selection. The map parameter is the name of a route map that specifies the routing policy. The map applies only to traffic arriving on the interface. Example The following configuration applies the route map map1 to packets arriving on the serial1 interface. This route map selects packets that match access list 101 and sends them to the router at 10.1.1.1 for further routing, regardless of other information in the routing table. access-list 101 permit ip 10.1.5.0 0.0.0.255 any ! interface serial 1 ip policy route-map map1 ! route-map map1 match ip address 101 set ip next-hop 10.1.1.1 |
ip proxy-arp no ip proxy-arp Configures The proxy-arp feature for an interface Default Enabled Description ARP allows machines to find hardware addresses (MAC addresses) using the corresponding IP addresses. The router's proxy-arp feature helps the machines find each other across subnets. When a host sends an ARP packet requesting information about a host that can't receive the ARP broadcast, the router helps out by responding to the ARP packet on behalf of the requested host. While proxy-arp is often useful, it can be a burden on the router in large networks. Disabling proxy-arp and relying on proper subnetting is a better solution than relying on proxy-arp to solve subnetting problems. Example The following commands disable proxy-arp on ethernet0. All hosts on this subnet must have the proper subnet mask because proxy-arp isn't there to help them. interface ethernet0 ip address 10.10.1.64 255.255.255.224 no ip proxy-arp |
ip radius source-interface interface no ip radius source-interface interface Configures Radius Default Disabled Description This command configures the device to send all outgoing Radius packets using the IP address of the named interface. |
ip rarp-server address no ip rarp-server address Configures RARP Default Disabled Description This command enables a router's interface to act as a Reverse Address Resolution Protocol (RARP) server. The address parameter is the address to be used in responses to RARP queries. |
ip rcmd rcp-enable no ip rcmd rcp-enable Configures RCP to the router Default Disabled Description This command allows remote users to use the Remote Copy Protocol (RCP) to transfer files to and from the router, and RSH to access the router. For security reasons, RCP is disabled by default. |
ip rcmd remote-host local-username {ip-address | hostname} remote-username [enable [level]] no ip rcmd remote-host local-username {ip-address | hostname} remote-username [enable [level]] Configures Which users can access the router via RSH and RCP Default None Description This command defines a local and remote username pair that allows remote users to perform remote shell tasks (RSH and RCP). local-username A locally defined username or the router's hostname. The user must provide a local username to perform an operation via RSH or RCP. ip-address or hostname The remote host from which the router accepts remote shell commands. remote-username The username on the remote host from which the router accepts remote shell commands. enable level Optional. Provides the remote user the ability to execute privileged commands via the remote shell. level specifies a privilege level; the user may execute commands up to and including that level. For more information about privilege levels, see Chapter 4 and the privilege level command. |
ip rcmd remote-username username no ip rcmd remote-username username Configures The username to use when performing remote copy commands Default The username for the session or the router's hostname Description This command sets the username that the router uses when connecting to remote hosts to execute remote copy commands. By default, the router uses the username of the current session. If that username isn't valid, the router uses the router's hostname. |
ip rcmd rsh-enable no ip rcmd rsh-enable Configures Remote shell access by remote users Default Disabled Description This command enables remote shell access to the router via the rsh command. For security reasons, remote shell access is disabled by default. |
ip redirects no ip redirects Configures ICMP redirects for interfaces Default Enabled Description An ICMP redirect packet is generated by a router to inform a host of a better route to some specific destination. The recipient of an ICMP redirect overrides its route table with the information given in the redirect packet. This command configures the sending of ICMP redirects for an interface. The router never processes received ICMP redirects while IP routing is enabled. Redirects are enabled by default on all interfaces unless Hot Standby Routing Protocol (HSRP) is configured. Example To avoid sending ICMP redirect packets out the ethernet0 interface: interface ethernet 0 no ip redirects |
ip rip authentication key-chain name no ip rip authentication key-chain name ip rip authentication mode {md5 | text} no ip rip authentication mode {md5 | text} Configures RIP route authentication Default Default mode is clear text Description This command specifies a key chain to be used for authentication of RIP routing updates. name is the name of the key chain to be used. Once the key chain is applied, the interface expects to authenticate any incoming RIPv2 routes. The key chain must be defined separately with the key command. The mode version of this command specifies the authentication mode for an interface: either text (clear text) or md5. Example The following commands specify that RIP routes should be authenticated using MD5 encryption with the key chain defined in group1: interface ethernet 1 ip rip authentication key-chain group1 ip rip authentication mode md5 ! key chain group1 key 1 key-string authme1 key 2 key-string authme2 |
ip rip receive version {1 | 2 | 1 2} no ip rip receive version Configures Version of RIP to receive on an interface Default The version in the router configuration Description This command tells an interface which RIP version to listen for. This version can be 1, 2, or both (1 2). By default, the router listens for the version specified by the version command in the router configuration. Example This configuration accepts only Version 2 packets on ethernet0: interface ethernet0 ip rip receive version 2 |
ip rip send version {1 | 2 | 1 2} no ip rip send version Configures The version of RIP to send Default The version in the router configuration, or 1 if no version specified Description This command tells an interface which RIP version to use when sending RIP packets. This version can be 1, 2, or both (1 2). By default, the router uses the version specified by the version command in the router configuration. Example This configuration sends only Version 2 packets on ethernet0: interface ethernet0 ip rip send version 2 |
ip rip triggered no ip rip triggered Configures RIP routing Default Disabled Description This command enables triggered extensions to RIP, which causes routing updates to be sent on a WAN link only if one of the following conditions is met:
|
ip rip v2-broadcast no ip v2-broadcast Configures RIP routing Default Disabled Description This command enables RIPv2 update packets to be sent as broadcast packets (255.255.255.255). Normally, RIPv2 update packets are multicast (244.0.0.9). |
ip route network mask {next-hop-address|interface} [distance] [permanent] [track number] [tag tag] no ip route network mask {next-hop-address|interface} [distance] [permanent] [track number] [tag tag] Configures A static route for a network Default None Description This command defines a static route to the destination network specified by its network address and mask. next-hop-address is the IP address of the router to which traffic for this destination network should be sent. Instead of the next-hop-address, you can specify the interface that can be used to reach the network. distance is an optional administrative distance that allows you change the way the static route behaves. If the distance is high enough, it can be overwritten by dynamic protocols. See Chapter 8 for more information about administrative distances. The permanent keyword tells the router to keep the route in the route table even if the interface goes down. The router normally removes static routes that are invalid because the interface is down. The track keyword is optional. It associates a track object with this route. Valid values for the track number are 1 to 500. The tag keyword applies a value that can be used to match the route in route maps, which is useful for controlling redistribution. Example The following commands create two static routes. The first route sends traffic for the 192.168.1.0/24 network to 10.1.1.1; the second route sends traffic for the 192.168.2.0/24 network to 10.2.2.2. ip route 192.168.1.0 255.255.255.0 10.1.1.1 ip route 192.168.2.0 255.255.255.0 10.2.2.2 Here is another example of using an interface instead of a next-hop-address: ip route 192.168.3.0 255.255.255.0 serial0 |
ip route-cache [cbus] [flow] [same-interface] [cef] [distributed] no ip route-cache Configures The route cache for an interface Default Enabled for most interfaces Description A route cache stores a route in a temporary table for the duration of a network session. When the session is completed or the session times out, the routing entry is removed from the route cache. The no form of this command disables the route cache, which causes the router to look up the route for each packet of the network session. In some applications, this can be the desired behavior; see Chapter 8. cbus Optional. Enables fast switching and autonomous switching. flow Optional. Enables the Route Switch Processor to perform flow switching. same-interface Optional. Enables fast switching packets back out the interface on which they arrived. cef Optional. Enables Cisco Express Forwarding on an interface after it has been disabled globally. distributed Optional. Enables VIP distributed switching. Example The route cache can be disabled with the no form of this command. interface serial 0 no ip route-cache |
ip route-cache policy no ip route-cache policy Configures Fast-switch Policy Based Routing (PBR) Default Disabled Description This command enables fast-switch policy-based routing (PBR). If Cisco Express Forwarding (CEF) is enabled, this command is not required because PBR packets are CEF-switched by default. Also, before you can enable this, PBR must be configured. To enable PBR, use the ip policy route-map command. |
ip route priority high tag-value no ip route priority high tag-value Configures IS-IS routing Default None Description This command assigns a high priority to an IS-IS prefix, which means routes with the specified tag are marked for faster processing and installation into the global routing table. This provides faster convergence for applications like Voice over IP. The tag is the same as that specified in the isis tag command. Example interface serial1 ip router isis isis tag 101 ! router isis ip route priority high tag 101 |
ip route profile no ip route profile Configures IP routing table statistics Default Disabled Description This command enables IP routing table statistics collection, which helps you to monitor route flapping. To view the collected data, use the show ip route profile command. |
ip router isis [tag] no ip router isis [tag] Configures An interface for IS-IS routing Default Disabled Description This command identifies an interface to be used for IS-IS routing. The optional tag allows you to identify the IS-IS routing process if the process has a tag. Example interface ethernet 0 ip router isis |
ip routing no ip routing Configures IP routing Default Enabled Description This command enables or disables routing. |
ip rtp compression-connections number no ip rtp compression-connections number Configures Real-time Transport Protocol (RTP) Default 32 connections Description This command configures the number of RTP compression connections that can exist on an interface, from 3 to 1,000. |
ip rtp header-compression [passive] no ip rtp header-compression [passive] Configures Real-time Transport Protocol (RTP) Default Disabled Description This command enables RTP header-compression on the interface. If you use this command without the passive option, all RTP traffic is compressed. |
ip rtp priority starting-rtp-port port-number-range bandwidth no ip rtp priority Configures Real-time Transport Protocol (RTP) Default Disabled Description This command reserves a strict priority queue for a set of RTP packet flows belonging to a range of UDP destination ports. This command is most useful for VoIP traffic. starting-rtp-port This option is the starting RTP port for our defined range and can be from 2,000 to 65,535. port-number-range This value is added to the starting-rtp-port value to get the ending port for the range. This value can be from 0 to 16,383. bandwidth This option is the maximum allowed bandwidth in Kbps, which can be from 0 to 2,000. |
ip scp server enable no ip scp server enable Configures SCP server-side functionality Default Disabled Description This command enables a router to support SCP functionality, which allows a user to use SCP to copy a file (image or configuration) to or from the router. |
ip source-route no ip source-route Configures Routing of source-routed packets Default Enabled Description This command allows the router to route packets that contain source-routing options. (Source routing is an IP option that allows the packet to specify the route it should take to its destination.) Source routing is a potential security problem, so it is best to disable this feature unless required. Example To disable IP source routing: no ip source-route |
ip split-horizon [as-number] no ip split-horizon [as-number] Configures Split horizon for the interface Default Varies with the interface type; usually enabled Description When split horizon is enabled, any route learned from an interface is not advertised back out the same interface. This rule is intended to stop routing loops with distance-vector protocols. To enable split-horizon for EIGRP, specify the EIGRP as-number. With most interfaces, split horizon is enabled. However, with multipoint interfacessuch as a multipoint Frame Relay interfacesplit horizon is disabled. See Chapter 8 for more information on split horizon. |
ip ssh { [timeout seconds] | [authentication-retries value] } no ip ssh { [timeout seconds] | [authentication-retries value] } Configures SSH values Default 120 seconds timeout, 3 authentication retries Description When SSH is enabled on your router, this command allows you to modify the SSH control parameters. The timeout is the interval that the router waits for the SSH client to respond. The maximum timeout is 120 seconds. authentication-retries is the number of attempts that can be made from the SSH client before it is denied access. The maximum is 5 retries. |
ip subnet-zero no ip subnet-zero Configures The zero subnet Default Enabled in recent versions of IOS (12.X) Description When subnetting a network, the 0 subnet (the subnet whose subnet bits are all 0) is normally not allowed because of potential confusion between the subnet address and the network address. In practice, this confusion is rarely an issue. This command allows the router to use the all-zeros subnet. Example The following command enables the zero subnet: ip subnet-zero |
ip summary-address eigrp as-number network-address subnet-mask [admin- distance] no ip summary-address eigrp as-number network-address subnet-mask [admin-distance] Configures A summary aggregate address for an interface. Default None Description This command configures a summary address for the interface with the supplied network address and subnet mask. Normally, summary addresses are given the administrative distance of 5. However, you can modify this setting with the optional admin-distance value, which can be from 0 to 255. Example interface ethernet1 ip summary-address eigrp 101 192.168.0.0 255.255.0.0 100 |
ip summary-address rip no ip summary-address rip Configures A summary aggregate address for the interface Default None Description This command configures a RIP summary aggregate address for the interface. Example interface ethernet1 ip address 192.168.1.1 255.255.255.0 ip summary-address rip 192.168.0.0 255.255.0.0 |
ip tcp chunk-size size no ip tcp chunk-size Configures The number of bytes that a telnet or rlogin session can read at once Default 0 (the largest size possible) Description This command sets the maximum number of bytes (size) that a telnet or rlogin session can read at the same time. A value of 0 means the largest size possible for that connection. |
ip tcp compression-connections number no ip tcp compress-connections number Configures The maximum number of TCP connections that can use header compression Default 16 Description This command sets the number of connections through an interface that can use TCP header compression. The number of connections can be from 3 to 256. A buffer is allocated for each connection that can be compressed. Both sides of a serial link must have the same number of buffers defined. |
ip tcp header-compression [passive] no ip tcp header-compression [passive] Configures TCP header compression for an interface Default Disabled Description This command enables TCP header compression on the interface. The passive keyword tells the interface to compress headers only when the incoming packets are compressed. Example interface serial 0 ip tcp header-compression passive |
ip tcp mtu-path-discovery [age-timer minutes] [infinite] no ip tcp mtu-path discovery Configures Path MTU discovery Default Disabled for most interfaces; special interfaces use 10 minutes Description This command enables or disables path MTU discovery on new TCP connections. age-timer minutes Optional. minutes specifies the interval after which the router recalculates the MTU; its value must be between 1 and 30. infinite Disables the age timer. |
ip tcp queuemax packets no ip tcp queuemax packets Configures The queue for outgoing TCP packets Default 5 for TTY (async and console) interfaces; 20 for others Description This command sets the size of the outgoing TCP queue to packets. The queue is maintained per-connection; i.e., every connection has its own queue. Example interface serial 0 ip tcp queuemax 15 |
ip tcp synwait-time seconds no ip tcp synwait-time seconds Configures The time the router waits for a TCP connection to open Default 30 seconds Description This command sets the number of seconds that the router waits for a TCP connection to open, before it times out. The value must be between 3 to 300. A longer synwait-time can be useful for dial-on-demand connections where you have to wait for the line to be dialed before a connection can open. This setting applies only to traffic originating within the router, not traffic coming through the router. Example If you are telneting from the router to a remote site through a DDR connection, you might want to increase the synwait-time to more reasonable level so that telnet does not time out: ip tcp synwait-time 100 |
ip tcp window-size bytes no ip tcp window-size bytes Configures The window size of a TCP connection Default 2,144 bytes Description This command sets the size of the TCP window to bytes. Changing the size of the TCP window modifies the size and number of packets that can fit within that window. With the default window of 2,144 bytes, you could buffer two 1,000-byte packets, or 21 100-byte packets. Regardless of the window's size, the number of packets within the window is restricted to the values set by the ip tcp queuemax command; they default to 5 for TTY interfaces (async and console interfaces) and 20 for other interfaces. The maximum size of the window is 65,536 bytes. Example ip tcp window-size 4000 |
ip telnet source-interface interface no ip telnet source-interface Configures The source address for telnet connections Default None Description This command sets the address used as the source address for outgoing telnet connections to the address of the given interface. |
ip tftp source-interface interface no ip tftp source-interface Configures The source IP address for TFTP traffic Default The IP address of the interface closest to the destination Description This command sets the interface from which the router takes the source IP address for all TFTP traffic. |
ip unnumbered interface no ip unnumbered interface Configures Interface IP address Default None Description Normally, creating point-to-point links requires dedicating a subnet specifically for the link. This works well if all your equipment supports variable-length subnet masks (VLSM), but can be very wasteful if your equipment doesn't support VLSM. This forces you to assign relatively large subnets to your point-to-point links. The ip unnumbered command tells the router to use the IP address of the selected interface as the address for this link. In other words, the router "borrows" the IP address of the named interface and uses that as the link's address. Example Assume that older equipment in our network forces us to use a subnet mask of 255.255.255.0. This means that assigning a subnet to a point-to-point link would use 254 addresses, of which only two are actually doing something. Instead of wasting 252 addresses, we can use the ip unnumbered command to borrow the address of another interface for use on the serial link: interface serial0 ip unnumbered ethernet0 encapsulation ppp clockrate 1300000 Borrowing the address of the loopback interface for an unnumbered interface is often a good idea because the loopback interface is always up. The following configuration uses the loopback interface to provide the IP address for interface async2: interface loopback 0 ip address 10.10.1.4 255.255.255.0 interface async2 ip unnumbered loopback0 |
ip unreachables no ip unreachables Configures Sending of ICMP unreachable messages for an interface Default Enabled Description ICMP unreachable messages are generated when something about an incoming packet is unknown to the router. For example, an "ICMP host unreachable" message is generated if the router cannot deliver a package to its final destination. There are many different types of ICMP unreachable messages, and they all mean that the packet can't be delivered for some reason. Disabling these messages can improve security because the messages can be used to discover information about your network. Example The following commands prevent the router from sending IP unreachable messages through the serial0 interface: interface serial0 no ip unreachables |
isdn answer1 [called-party-number][:sub-address] no isdn answer1 [called-party-number][:sub-address] isdn answer2 [called-party-number][:sub-address] no isdn answer2 [called-party-number][:sub-address] Configures Verification of the called party Default None Description This command configures the interface to verify that the telephone number being called (which is reported by the ISDN switch as part of call setup) matches the telephone number of the router. By default, calls are processed without verification. If this command is configured, the router verifies the incoming called-party-number before allowing the connection. Using this command can reduce the potential for confusion when several ISDN devices share the same ISDN local loop. Use isdn answer2 to verify a second called-party number. To list a called-party-number or a sub-address, use any number of digits up to 50; an x specifies a wildcard. You must specify either the called-party-number or the sub-address, but you are not required to specify both. If you specify only one, the other is taken as a wildcard. |
isdn autodetect no isdn autodetect Configures Automatic detection of ISDN SPIDs and switch types Default Disabled Description This command enables the automatic detection of ISDN SPIDs and switch types on an interface. It works in North America only. |
isdn bchan-number-order {ascending | descending} no isdn bchan-number-order Configures ISDN PRI Default descending Description This command sets the order (ascending or descending) of outgoing B channels. It is for PRI configurations only. |
isdn busy dsl number b_channel number no isdn busy dsl number b_channel number Configures A false busy signal on an ISDN B channel Default Disabled Description This command sets a false busy signal on an ISDN B channel; that is, the ISDN interface reports to the switch that the channel is busy even if it isn't. dsl number The digital subscriber loop (DSL) number. b_channel number The range of B channels to be set to a busy signal. number can range from 0 to 24 on a PRI interface (it isn't clear whether this command applies to BRI interfaces); 0 indicates the entire interface. |
isdn caller phone-number [callback] no isdn caller phone-number [callback] Configures ISDN caller ID screening Default Disabled Description If your ISDN switch supports caller ID, this command lets you specify a phone-number from which incoming connections are allowed. If the inbound call does not originate from this number, it will be rejected. You may use the letter x in the phone number as a wildcard character; for example, 458-xxxx means "any number in the 458 exchange." The callback keyword causes the router to reject the call and initiate a callback to the caller's number; this feature may help you manage phone costs. |
isdn call interface interface telephone-number [speed {56 | 64}] Description This command initiates an ISDN call from the IOS command line in privileged EXEC mode. To make the call, supply the interface to use, the telephone-number to call, and optionally the line speed (56 or 64 Kbps). The line speed defaults to 64 Kbps. Example Router# isdn call interface bri0 4105551212 |
isdn calling-number phone-number no isdn calling-number phone-number Configures The phone number of the device making the outgoing call Default None Description This command sets the phone-number of the ISDN device making an outgoing call. The router presents this number to the switch when placing a call. |
isdn conference-code code no isdn conference-code Configures Three-way calling Default 60 Description This command configures a conference code. Conference codes can be used if you have ordered three-way calling as part of your service. |
isdn disconnect interface interface channel Configures Disconnects an ISDN call Default None Description This command disconnects an ISDN call on the given interface without bringing down the interface. The channel may be b1 for the first B channel, b2 for the second, or all for both B channels. |
isdn fast-rollover-delay seconds no isdn fast-rollover-delay seconds Configures Time delay between consecutive dial attempts Default Disabled (0 seconds) Description If more than one dialer map is provided for an ISDN interface, this command provides the time to wait (in seconds) after the first map fails before placing a call using the second map. |
isdn incoming-voice {56 | 64} no isdn incoming-voice {56 | 64} Configures Accepts calls on the voice lines Default Disabled Description By default, incoming voice calls on data lines are not answered. This command allows you to use voice lines to transfer data by configuring the router to answer voice calls, which can result in significant savings in some areas. The call speed can be either 56 or 64; if no speed is specified, the speed is set to the incoming call's speed. |
isdn leased-line bri number 128 no isdn leased-line bri number 128 Configures ISDN interface for leased-line service at 128 Kbps Default Disabled Description This command configures ISDN access over a leased line. There are no phone numbers; both of the line's B channels are combined to provide a single line with a capacity of 128 Kbps. number is the number of the BRI interface. |
isdn not-end-to-end {56 | 64} no isdn not-end-to-end {56 | 64} Configures Overrides the speed the network reported it will use Default 64 Kbps Description This command forces the speed of an incoming connection. Sometimes, when ISDN ports don't belong to the same network, incorrect speed selection by the router causes the ISDN connection to fail. This command lets you set the speed manually for incoming connections. Valid speeds are 56 and 64 Kbps. |
isdn nsf-service {megacom | sdn} no isdn nsf-service Configures Network-specific facilities (NSF) Default Disabled Description This command enables NSF on an ISDN PRI for outgoing voice calls. megacom is for AT&T Megacom NSF, and sdn is for AT&T SDN NSF. |
isdn outgoing-voice {info-transfer-capability {3.1kHz-audio | speech}} no isdn outgoing-voice Configures Information transfer capability set for outgoing voice calls Default None Description This command sets the information transfer capability for outgoing voice calls through an interface. It isn't clear what the optional keywords mean; presumably they request different kinds of signal processing adapted for general audio or speech. |
isdn overlap-receiving no isdn overlap-receiving Configures ISDN overlap receiving Default Disabled Description This command enables ISDN overlap receiving for an interface. In this mode, the interface waits for additional information from the switch before establishing the call. This command can be useful when carrying voice traffic through the router. |
isdn send-alerting no isdn send-alerting Configures Sending an Alerting message Default Disabled Description This command enables the sending of an Alerting message before a Connect message when making ISDN calls. Some types of switches want to receive an Alerting message before a Connect message. |
isdn sending-complete no isdn sending-complete Configures The sending of a Sending Complete element in the Setup message Default Disabled Description This command configures the router to include the Sending Complete element in the Setup message. Some switches require this message, which tells the switch that it has all the information for the call in the Setup message. |
isdn service dsl number b_channel number state value no isdn service dsl number b_channel number state value Configures A B channel range to a specified state Default Disabled Description This command sets a range of B channels or an entire PRI interface to "in service," "maintenance," or "out of service." dsl number The digital subscriber loop number. b_channel number The B channel or range of B channels to which the command applies. number can range from 0-24, where 0 means the entire PRI interface. A range of consecutive channels is indicated by n-m, where n and m can range from 1-24. state value The state to which you wish to set the channels. The state is indicated by a number between 0 and 2; 0 is for "in service," 1 is for "maintenance," and 2 is for "out of service." |
isdn {spid1 | spid2} spid [local-directory-number] no isdn {spid1 | spid2} spid [local-directory-number] Configures ISDN SPIDs Default None Description This command provides the service profile identifier (SPID) for the B1 channel (spid1) or the B2 channel (spid2). You can also use this command to specify the local-directory-number (optional). Your ISDN carrier (i.e., your phone company) provides the SPIDs and the local directory number. Some carriers and switch types do not require SPIDs (for example, if they are not used in Europe). |
isdn switch-type type no isdn switch-type type Configures ISDN switch type Default None Description There are many different types of ISDN switches in use. The router must be configured with the appropriate switch type in order to interact with the telephone network. While there are exceptions, your geographic location is the best clue to the type of switch in use. Table 17-13 lists common switch types.
|
isdn tei [first-call | powerup] no isdn tei Configures ISDN endpoint negotiation Default powerup Description TEI stands for Terminal Endpoint Identifier. This command enables TEI negotiation on the ISDN interface. TEI negotiation occurs at powerup or when it places its first call (first-call). |
isdn tei-negotiation {first-call | powerup} no isdn tei-negotiation Configures When TEI negotiation occurs Default powerup Description This command sets when TEI negotiation occurs. By default, negotiation takes place when the router is first turned on (powerup). The first-call option states that negotiation should occur when the first ISDN call is placed or received. |
isdn transfer-code code no isdn transfer-code Configures Call transferring Default 61 Description This command enables call transferring. This feature is available only if your service provider supports it. code is supplied by your service provider. |
isdn twait-disable no isdn twait-disable Configures Time to wait on startup Default Enabled Description After a power failure, ISDN interfaces wait a random period of time (1 to 300 seconds) before starting up. This command prevents the interfaces from coming back online at the same time when power is restored and the ISDN devices are restarting. This feature can be disabled with the no form of this command. |
isdn voice-priority ISDN-directory-number {in | out} {always | conditional | off} no isdn voice-priority ISDN-directory-number Configures The priority of data and voice calls Default A data call is never bumped Description This command allows you to set the priority of a data call relative to a voice call. ISDN-directory-number is the directory number assigned by your telephone company. in and out specify whether the command applies to incoming or outgoing voice calls. always means always bump a data call for a voice call. conditional means bump a data call if there is more than one call to the same destination. off means never bump a data call for a voice call. |
isis advertise-prefix no isis advertise-prefix Configures Advertising of IP prefixes for IS-IS routing Default Enabled Description By default, IP prefixes of connected networks are advertised in LSP advertisements for IS-IS interfaces. To disable the advertisement of connected networks, use the no form of this command. |
isis authentication key-chain name [level-1 | level-2] no isis authentication key-chain name [level-1 | level-2] Configures Authentication for IS-IS routing Default None Description This command enables authentication for IS-IS routing on an interface. The name of the key-chain specifies the group of valid keys. The optional keywords level-1 and level-2 specify that packets from level-1 or level-2 routers must be authenticated. |
isis authentication mode {md5 | text} [level-1 | level-2 ] no isis authentication mode {md5 | text} [level-1 | level-2] Configures Authentication for IS-IS routing Default Disabled Description This command configures the type of authentication for IS-IS routing on a interface. The type can be md5 (Message Digest 5) or text (clear text). The optional keywords level-1 and level-2 specify that packets from level-1 or level-2 routers must be authenticated. |
isis authentication send-only [level-1 | level-2] no isis authentication send-only [level-1 | level-2] Configures Authentication for IS-IS routing Default Disabled Description This command tells the interface that only outgoing IS-IS packets are authenticated. Normally, when authentication is configured for IS-IS, both incoming and outgoing packets are authenticated. The keywords level-1 and level-2 specify that only packets sent from level-1 or level-2 routers must be authenticated. |
isis circuit-type {level-1 | level-1-2 | level-2-only} no isis circuit-type Configures Type of IS-IS routing on an interface Default level-1-2 Description This command sets the type of IS-IS routing used on an interface. It is rarely used except for border routers (routers that lie between areas). |
isis csnp-interval seconds [{level-1 | level-2}] no isis csnp-interval Configures CSNP interval Default 10 seconds Description This command sets the interval (in seconds) for CSNP packets on border routers. CSNP packets are broadcast at the specified interval to ensure that the routing database is synchronized. This command can be used only in multiaccess interfaces. The level-1 and level-2 keywords are optional; they specify that the interval applies only to the given level of router. |
isis hello-interval seconds [{level-1 | level-2}] no isis hello-interval Configures IS-IS hello interval for an interface Default 10 seconds Description This command sets the hello interval for IS-IS routing to seconds. By default, the hello interval is the advertised holdtime multiplied by the hello multiplier, which has a default of 3. The optional level-1 and level-2 keywords allow you to apply this command to an individual level; otherwise the interval is applied to both levels. |
isis hello-multiplier value [{level-1 |level-2}] no isis hello-multiplier Configures The holdtime value multiplier Default 3 Description For IS-IS , the holdtime is calculated by taking the hello interval and multiplying it by the hello multiplier. This command sets the hello multiplier to value. By changing the hello multiplier, you effectively change the holdtime. The optional level-1 and level-2 keywords allow you to apply this command to an individual level; otherwise the interval is applied to both levels. Example The following commands configure IS-IS routing for the interface ethernet 1. The hello interval is set to 5 seconds (for level 1) and the multiplier is set to 5, yielding a holdtime of 25 seconds. interface ethernet 1 ip router isis isis hello-interval 5 level-1 isis hello-multiplier 5 level-1 |
isis lsp-interval milliseconds no isis lsp-interval Configures Time delay between LSPs for IS-IS routing Default 33 milliseconds Description This command sets the number of milliseconds between IS-IS link state packets (LSPs). If a router has many IS-IS interfaces, it might have trouble sending all the LSPs. This command lets you increase the time between the packets, which should reduce the load on the router's CPU. |
isis metric value [{level-1 | level-2}] no isis metric Configures The default IS-IS metric for the interface Default 10 Description This command sets the default metric for the interface to value. By using the keywords level-1 or level-2, you can specify a metric for a specific routing level. If no level is specified, level-1 is used. |
isis password password [{level-1 | level-2}] no isis password Configures The authentication password for IS-IS routing Default None Description This command sets the authentication password for IS-IS routing for the interface. All IS-IS communication to other routers through this interface must be authenticated with this password. However, like other password settings for IS-IS, this password is sent out in clear-text, providing little security. The level-1 and level-2 keywords are optional; they allow separate passwords to be applied to each level. If no level is specified, level-1 is used. |
isis priority priority [{level-1 | level-2}] no isis priority Configures A priority value for the interface for IS-IS routing Default 64 Description This command allows you to set the router's priority in an IS-IS network. The priority is used to determine which routers become the designated router (DR) and the backup designated router (BDR). The priority can range from 0 to 127; 127 is the highest. The optional keywords level-1 and level-2 allow you to set a different priority for each level; otherwise the priority value applies to both levels. |
isis retransmit-interval seconds no isis retransmit-interval Configures The time between link state packet (LSP) retransmissions Default 5 seconds Description This command sets the time (in seconds) between LSP retransmissions. It should be used only on point-to-point links. |
isis retransmit-throttle-interval milliseconds no isis retransmit-throttle-interval Configures Time between retransmissions of LSPs Default Calculated from the isis lsp-interval command Description This command sets the interval in milliseconds between retransmissions of IS-IS LSPs. |
is-type {level-1 | level-1-2 | level-2-only} no is-type {level-1 | level-1-2 | level-2-only} Configures The level at which the IS-IS routing protocol will operate Default level-1-2 Description This command sets the level at which the IS-IS routing protocol operates, which also defines the type of IS-IS router it is (station or area). By default, the router operates at both levels, which means it is both a station router and an area router. level-1 The router performs only as a station router. level-1-2 The router performs as both a station and an area router. level-2-only The router performs only as an area router. Example router isis is-type level-2-only |
keepalive seconds no keepalive Configures The keepalive interval Default 10 seconds Description The keepalive command specifies the interval (in seconds) that the router waits before sending a message on the interface to test the link and determine whether it is up or down. On Ethernet interfaces, the router sends the message to itself. On serial interfaces, the message is sent to the router on the other end of the link. Keepalive settings can be very sensitive. If the keepalive interval is too low, the keepalive packets might be delayed by other traffic. If the interval is set too high, the router will take longer to update the interface's status, which slows route convergence. On Frame Relay interfaces, the keepalive value should match (or be less than) the LMI interval configured on the carrier's switch. Example interface ethernet 1 keepalive 5 |
key number no key number Configures An identification number of a key on a key chain Default None Description This command applies an identification number to an authentication key on a key chain. ID numbers can range from 0 to 2,147,483,647. See the key chain command for more information. |
key chain name no key chain name Configures Enters the key chain configuration mode Default None Description This command enters the key chain configuration mode, which allows you to create authentication keys for routing protocols and other uses. Each key chain must have at least one key defined with the key command. A key chain may have as many as 2,147,483,647 keys. Example ! Create a key chain called "ExampleKeyChain" with two keys key chain ExampleKeyChain key 1 key-string MyKey1 key 2 key-string MyKey2 |
key config-key 1 string Configures A private DES key for the router Default None Description This command defines a private DES key for the router. This key can be used to encrypt various parts of the router's configuration with DES. The key itself does not appear in the configuration. If you lose the key, it can't be recovered. The string can be from one to eight alphanumeric characters long. |
key-string string no key-string string Configures An authentication string for a key Default None Description This command sets the actual authentication string for a key. string can be from 1 to 80 alphanumeric characters in length; the first character cannot be a number. See the key chain command for more information. |
lane [config] auto-config-atm-address no lane [config] auto-config-atm-address Configures Automatic configuration of the configuration server's ATM address Default No ATM address Description This command specifies that the configuration server address and the client's address should be automatically computed. When the optional config keyword is used, the command applies only to the LANE Configuration Server (LECS). |
lane-bus-atm-address atm-address no lane-bus-atm-address Configures The ATM address of the BUS Default Automatic ATM address assignment Description This command specifies the ATM address of the broadcast and unknown server (BUS). The atm-address can be a complete ATM address or an ATM template. A template may use * as a wildcard to represent any single character, or ... to represent any group of consecutive characters. |
lane client {ethernet | tokenring} [elan-name] no lane client {ethernet | tokenring} Configures Activates a LANE client Default None Description This command activates a LANE client for the interface. The ethernet and tokenring keywords specify the type of Emulated LAN (ELAN) that the interface is connected to. elan-name is optional; it defines which ELAN the client belongs to. If you do not include an elan-name, the client contacts the LAN emulation configuration server to find out which ELAN to join. |
lane client-atm-address atm-address no lane client-atm-address atm-address Configures The ATM address for the LANE client on the interface Default Automatic ATM address Description This command specifies the ATM address for the LANE client on the interface. The atm-address can be a complete ATM address or an ATM address template. |
lane [config] config-atm-address atm-address no lane [config] config-atm-address atm-address Configures The ATM address for the configuration server Default None Description This command sets the ATM address for the LANE server and the LANE client. If the optional config keyword is used, the ATM address applies only to the configuration server. The atm-address can be a complete ATM address or an ATM address template. |
lane config database name no lane config database Configures The LANE database for the LANE configuration server Default None Description This command specifies the name of the LANE database for the current interface. The database must exist before you give this command. There can be only one LANE database per interface. The LANE database is created with the lane database command. |
lane database name no lane database name Configures A named configuration database Default None Description This command creates a named configuration database (a LANE database) that is associated with a configuration server. Example The following commands create a database named elandatabase1. The lane database command sets up the name and enters the LANE database configuration mode. The remaining commands set up the database by mapping an ELAN name to a LANE emulation server address, and then setting up a default ELAN name. ! Define the ELAN database named elandatabase1 lane database elandatabase1 name elan1 server-atm-address 47.00918100000000613E5D0301.00603E0DE841.01 ! We set a default lane for LECs that don't know the ELAN they should join default-name elan1 |
lane [config] fixed-config-atm-address no lane [config] fixed-config-atm-address Configures The LECS used by the ATM address assigned by the ATM forum Default No address set Description This command sets the address of the ATM server to the default address assigned by the ATM Forum. The NSAP address is 47.007900000000000000000000.00A03E000001.00. The optional config keyword specifies that the address applies to the configuration server only. |
lane global-lecs-address address no lane global-lecs-address address Configures A list of LECS addresses to use Default None Description This command specifies a LECS address to use when the ILMI cannot be used. Normally, the router obtains the LECS address from the ILMI. This command can be used as many times as necessary to create a list of LECS addresses. |
lane le-arp {mac-address | route-desc segment segment-number bridge bridge- number} atm-address no lane le-arp {mac-address | route-desc segment segment-number bridge bridge-number} atm-address Configures Assigns a static MAC address to an ATM address Default None Description This command adds a mapping between a static MAC address and an ATM address to the ARP database. You may either specify the MAC address explicitly, or specify a route description using the route-desc keyword. In this case, you must specify a segment-number (1-4,095) and bridge-number (1-15) instead. ARP entries created by this command do not expire. To remove them from the table, use the no form of this command. |
lane server-atm-address atm-address no lane server-atm-address atm-address Configures LANE server ATM address Default The server's ATM address is provided by the configuration server Description This command sets the ATM address of the configuration server, overriding the address provided by the configuration server itself. The atm-address can be a complete ATM address or an ATM address template. |
lane server-bus {ethernet | tokenring} elan-name no lane server-bus {ethernet | tokenring} elan-name Configures Enables a LANE server and a BUS on a subinterface Default None Description This command enables a LANE server and a BUS on the subinterface. The ethernet and tokenring keywords specify the type of Emulated LAN attached to the interface. The elan-name is the name of the ELAN, and can be up to 32 characters in length. |
line [line-type] line-number [end-line-number] Description This command enters the line configuration mode. Valid line-types are aux, console, tty, or vty. If no line-type is given, the line-number is treated as an absolute line number. (See the results of a show line command to see absolute line numbers.) The line-number is the number of the first line you want to configure. The end-line-number is the last line you want to configure. If you want to configure only a single line, omit end-line-number. Example The following commands set the password on lines 0 through 4, inclusive, and then set the connection speed on line 5. ! change the password on vty 0 4 to vtyin line vty 0 4 password vtyin ! Change the speed on tty 5 line tty 5 speed 38400 |
linecode {ami | b8zs | hdb3} no linecode {ami | b8zs | hdb3} Configures The line encoding used on a T1/E1 line Default ami for T1 lines; hdb3 for E1 lines Description This command specifies the line encoding for a T1 or E1 line. ami can be applied to either T1 or E1; b8zs can be used only for T1 lines, and hdb3 only for E1 lines. The encodings used must match at both ends of the line; in practice, this means that the encoding is defined by your carrier. |
link-test no link-test Configures Link-test functionality on a hub interface Default Enabled Description This command is specific to Cisco devices with built-in hub interfaces. It enables the port's link-test function. Use the no form to disable the link test. Example hub ethernet 0 1 no link-test |
location text no location Configures The location description for a line Default None Description This command has no effect on the line's configuration; it simply lets you document the location of the equipment connected to a particular line. This information can be displayed to the user at login by placing the service linenumber command in the configuration. Example line tty3 location Router-Room11,port 34 service linenumber |
logging syslog-server no logging syslog-server Configures A server for logging messages Default None Description This command specifies the hostname or IP address of the log server (syslog-server) to which the router sends log messages. These messages use the standard Unix/Linux syslog facility; there are implementations of this facility for other operating systems (notably Windows NT and Windows 2000). For syslog configuration on a Unix box, see the /etc/syslog.conf file and the syslogd manpage. |
logging buffered [size] [level] no logging buffered Configures Messages logged to the internal buffer Default Depends on the platform; usually enabled Description This command enables logging to an internal buffer. size Optional. The size of the internal buffer, in bytes. The default size depends on the platform; you can give a buffer size from 4,096 to 4,294,967,295. If you set the buffer size too high, the router will run out of memory for routing tasks. level Optional. A numeric severity level or the name of a severity level. Any message at this severity or higher are logged to the internal buffer. Severity levels are: emergencies (0), alerts (1), critical (2), errors (3), warnings (4), notifications (5), informational (6), and debugging (7). Note that the numeric levels are the opposite of what you'd expect: a lower number indicates a higher severity. |
logging buffered xml [size] no logging buffered Configures Messages logged to the internal buffer Default Depends on the platform; usually enabled Description This command enables logging to an internal buffer using XML-formatted messages. size Optional. The size of the internal buffer in bytes. The default size depends on the platform; you can give a buffer size from 4,096 to 4,294,967,295. If you set the buffer size too high, the router will run out of memory for routing tasks. |
logging console level no logging console Configures Logging of messages to the console Default Debugging (7) Description This command enables logging to the console screen, thus setting the severity level of messages that will be displayed. All messages at the given level (either a level name or a level number) are logged. By default, all messages are logged. |
logging console xml [level] no logging console Configures Logging of messages to the console Default Debugging (7) Description This command enables logging to the console screen using XML-formatted messages. |
logging count no logging count Configures Error log count capability Default Disabled Description This command enables error log count capability. You can view the counter and statistics with the command show logging count. |
logging facility facility no logging facility Configures The syslog facility to which the messages are sent Default local7 Description A syslog server separates messages according to their facility type. This command states the facility to which messages generated by the router belong. Valid facilities are auth, cron, daemon, kern, lpr, mail, news, syslog, local0 through local7, sys9 through sys14, user, and uucp. Example The following command configures the router to send syslog messages to the local7 facility: #logging facility local7 The behavior of the syslog server depends on its own configuration. With the following line in syslog.conf, the server saves local7 messages with a debugging severity to the file /var/log/debug-logfile: local7.debug /var/log/debug-logfile |
logging history level no logging history Configures The severity levels to be logged Default Warnings (4) Description This command sets the type of syslog messages that are entered into the syslog history table. These messages are also set to an SNMP management station, if one is configured; all messages at the given level or higher are logged. Example The following command logs messages with a severity of errors (3) or greater, i.e., critical (2), alerts (1), and emergencies (0): logging history errors |
logging history size number no logging history size Configures The size of the history table Default 1 Description This command sets the size of the history table. number is the number of messages saved in the table; the value can be from 1 to 500. |
logging host machine-name [xml] no logging host machine-name [xml] Configures The logging syslog server Default Not enabled Description This command sets the hostname of the syslog server to which the router should send its system messages. The machine-name can be a hostname or IP address of the server. The optional xml keyword specifies that the log messages be sent in XML format. |
logging monitor level no logging monitor Configures Messages logged to terminal lines (monitors) Default Debugging (7) Description This command controls which messages are sent to the console and other terminal lines. level can be either the name of a severity level or a number. Messages at the given level and higher are sent to the terminal lines. The default level sends all messages to the terminal lines because debugging is the lowest severity level. |
logging on no logging on Configures Controls all logging Default Enabled Description This command allows you to enable or disable all logging. Use it with caution, as the router often waits for error messages to be displayed on a console before continuing. |
logging source-interface interface no logging source-interface Configures The interface from which syslog packets are sent Default The router uses the interface "closest" to the destination Description This command sets the interface that the router uses to send syslog packets, and therefore sets the source IP address for syslog packets that originate from the router. Specifying the source interface allows you to control the path that logging packets take from the router to the network management station, which can be an important security consideration. By default, packets originate from the interface closest to the destination. |
logging synchronous [level severity | all] [limit number-of-messages] no logging synchronous Configures Display of log messages Default Disabled; when enabled, default severity level is 2 and buffer message limit is 20 Description This command controls the printing of log messages to a user's terminal. By default, messages are printed at any time, possibly disrupting the user's current command. This command tells the router to wait until the user's current command and its output are completed before displaying any logging messages. level severity The severity level that this command affects. All messages with a severity at or below (i.e., with a higher number than) the given level are sent synchronously (i.e., after waiting for the user to complete the current command and the router to generate the requested output). all Equivalent to level emergencies; all messages are sent synchronously. limit number-of-messages Specifies the number of messages that will be queued waiting for delivery. Example The following commands specify that on terminal lines 0 through 8, log messages at levels 6 and 7 (informational and debugging) will be delivered synchronously. line 0 8 logging synchronous level 6 |
logging trap level no logging trap Configures Messages sent to syslog servers Default Disabled Description This command limits the type of messages that are sent to the syslog servers. Only messages of the given severity level and higher are sent to the server. |
login [local | tacacs] no login [login | tacacs] Configures The login authentication method for connections Default No authentication Description This command tells the line to authenticate the user before allowing access. If you give this command without any arguments, you must use the password command to specify a password for this line. The local keyword tells the router to maintain its own database of users, created using the username command. The tacacs keyword tells the router to authenticate users by contacting a TACACS server. When using login local, make sure you have at least one username configured before you log out. Otherwise, you will be locked out of the specified lines. Example To enable simple authentication using a single password for all access through this line: line vty 0 4 login password letmein These commands enable authentication using a local database of usernames and user-specific passwords; users Bob, Ann, and John are the only ones able to log into this line. username bob password letmein username ann password letmein2 username john password letmein3 line vty 0 4 login local |
login authentication {default | list-name} no login authentication {default | list-name} Configures TACACS+ authentication for logins Default No authentication Description This command configures the login authentication method. The methods used to perform authentication can be taken either from the default list or a named list. default Uses the default list created with the aaa authentication login command. list-name Specifies a list created with the aaa authentication login command. |
logout-warning seconds no logout-warning Configures A warning message before an automatic logout Default None Description This command activates the logout warning message. This message warns users that a forced logout is about to occur. The seconds parameter specifies how much warning time is given; that is, the time that will elapse before the session closes after the warning is issued. |
loopback [options] no loopback Configures Loopback mode Default Disabled Description The loopback command sets the equipment at some point between a router interface and the other end of the line to reflect all data back to the router. Loopbacks are extremely useful for troubleshooting. With no options, loopback tests the local interface: all packets sent to the interface are immediately reflected back to the router without being sent to the destination. The various options and parameters allow you to place the loopback point farther down the line: applique Sets the internal loopback for an HSSI interface. dte Sets the loopback at the CSU/DSU, which tests the cable between the router (the DTE) and the CSU/DSU. The CSU/DSU must support this option. line [payload] Sets the loopback at the "far end" of the CSU/DSU, which sends the packets completely through the CSU/DSU and back to the router. The CSU/DSU must support this option. On routers with built-in CSU/DSUs (2524 or 2525) you can add the payload keyword, which creates the loopback at the DSU. remote option Sets the loopback at the remote CSU/DSU, which sends packets all the way to the remote end of the connection before reflecting them back to the router. This command tests the entire communications link between the router and the far end of the line. The remote CSU/DSU must be configured for remote loopback. Additional options give you more control over the behavior of remote loopback. The following options are applicable to the loopback remote command: full Places the loopback at the remote CSU. payload Places the loopback on the DSU side of the remote device and transmits a payload request. smart-jack Places the loopback at the remote smart-jack connection. 0in1 Transmits an all-zeros test pattern for verifying a B8ZS-encoded line. 1in1 Transmits an all-ones test pattern. 1in2 Transmits alternating test patterns of all ones and all zeros. 1in5 Transmits the standard test pattern for testing lines. 1in8 Transmits a stress-test pattern for testing repeaters and their timing recovery. 3in24 Transmits a test pattern for testing AMI lines. qrw Transmits a quasi-random word pattern test to simulate real-world data patterns. user-pattern value Transmits a pattern defined by the value parameter. This pattern is a binary string and can be as long as 24 bits. 511 Transmits a random test pattern that repeats every 511 bits. 2047 Transmits a random test pattern that repeats every 2,047 bits. Example The following commands place the remote device in loopback mode and send the qrw test pattern: interface serial 0 loopback remote full qrw In response, the router produces the following output, reporting that it has changed the line's state to down (because it can't be used for data while it is in loopback mode) and has succeeded in placing the remote CSU/DSU in loopback mode: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down %LINK-3-UPDOWN: Interface Serial0, changed state to down %SERVICE_MODULE-5-LOOPUPREMOTE: Unit 0 - Remote unit placed in loopback |
mac-address-table aging-time seconds no mac-address-table aging-time seconds Configures Aging time for MAC address es Default 300 seconds Description This command configures the aging time for MAC addresses in the MAC address table. Valid times are 0 or from 10 to 1,000,000 seconds. A setting of 0 (zero) disables the aging time. |
mac-address-table dynamic mac-address interface {fa | gi} vlan vlan-id no mac-address-table dynamic mac-address interface {fa | gi} vlan vlan-id Configures Insertion of dynamic MAC address into the MAC address table Default Dynamic addresses are not added to the table Description This command adds dynamic MAC addresses to the MAC address table. mac-address The MAC address to be added to (or removed from) the table. interface The interface to which packets for the MAC address are forwarded. fa Specifies FastEthernet. gi Specifies GigabitEthernet. vlan vlan-id The vlan parameter specifies where to forward packets for the MAC address. |
mac-address-table secure mac-address interface {fa | gi} vlan vlan-id no mac-address-table secure mac-address interface {fa | gi} vlan vlan-id Configures Insertion of secure MAC addresses into the MAC address table Default Secure addresses are not added to the table Description This command adds secure MAC addresses to the MAC address table. mac-address The MAC address to be added to (or removed from) the table. interface The interface to which packets for the MAC address are forwarded. fa Specifies FastEthernet. gi Specifies GigabitEthernet. vlan vlan-id The vlan parameter specifies where to forward packets for the MAC address. |
mac-address-table static mac-address {interface int-type} {vlan vlan-id} no mac-address-table static mac-address {interface int-type} {vlan vlan-id} Configures Insertion of static MAC addresses into the MAC address table Default Static addresses are not added to the table Description This command adds static MAC addresses to the MAC address table. mac-address The MAC address to be added to (or removed from) the table. interface int-type The interface to which packets for the MAC address are forwarded. vlan vlan-id The vlan parameter specifies where to forward packets for the MAC address. |
map-class dialer name no map-class dialer name Configures A map class for configuring DDR Default None Description Defines a map class that can be used in dialer map commands. The name of the map class is an alphanumeric string. After you give the map-class command, the router enters the map-class context, in which you can enter commands that configure the map class. Example The following code configures a map class named myclass. This map class is used within a dialer command to specify the properties of the telephone line used for the dial-on-demand connection. ! Define the map class and its commands map-class dialer myclass dialer isdn speed 64 ! ! Configure ISDN interface interface bri 0 encapsulation ppp dialer map ip 10.10.1.5 name office2 class myclass 014105551234001 |
map-class frame-relay name no map-class frame-relay name Configures A map class to define QoS attributes for an SVC or PVC Default None Description This command creates a special kind of map class used to define QoS attributes for a Frame Relay SVC or PVC. The following frame-relay commands can be applied to the map class: frame-relay custom-queue-list list Specifies a custom queue list for the map. frame-relay priority-group list Specifies a priority queue for the map. frame-relay adaptive-shaping [becn | foresight] Enables the type of BECN (backwards explicit congestion notification) information that will throttle the transmission rate. frame-relay cir [in | out] bps The inbound or outbound committed information rate. If neither in nor out is specified, the command applies to both directions. frame-relay mincir [in | out] bps The minimum incoming or outgoing committed information rate. If neither in nor out is specified, the command applies to both directions. frame-relay bc [in | out] bits The incoming or outgoing committed burst size. If neither in nor out is specified, the command applies to both directions. frame-relay be [in | out] bits The incoming or outgoing excess burst size. If neither in nor out is specified, the command applies to both directions. frame-relay idle-time duration The idle timeout interval for the map. Example The following code defines a Frame Relay map that specifies an incoming and outgoing committed information rate of 56 Kbps: map-class frame-relay map1 frame-relay cir 56000 |
map-group name no map-group name Configures Applies a map list to an interface Default None Description This command applies a map list to an interface. See the map-list command for an example. |
map-list map-name src-addr {e164 | x121} source-address dest-addr {e164 | x121} destination-address no map-list map-name src-addr {e164 | x121} source-address dest-addr {e164 | x121} destination-address Configures A map list for a Frame Relay SVC Default None Description Use this command to define a map list for a Frame Relay SVC. map-name The name of the map. src-addr {e164 | x121} Type of source address; it may be either e164 or x121. source-address The actual source address. dest-addr {e164 | x121} Type of destination address; it may be either e164 or x121. destination-address The actual destination address. Example The following commands set up a map list that brings up a Frame Relay SVC in response to IP or AppleTalk traffic. The map list, named map1, is applied to the serial0 interface using a map-group command. The map list itself consists of two statements that specify the protocol and address we're interested in, followed by a map class that specifies the quality of service parameters to be used by the circuit. interface serial0 ip address 172.30.8.1 encapsulation frame-relay map-group map1 ! map-list map1 source-addr E164 112233 dest-addr E164 445566 ip 10.1.1.1 class some-map-class appletalk 2000.2 class some-map-class ! map-class frame-relay some-map-class frame-relay be out 9000 |
match access-group access-list no match access-group access-list Configures QoS class map match line Default None Description This command creates an entry in a class map that applies an access list as the match criteria. The access-list can be a numbered or named access list. Example class-map class1 match access-group 101 |
match any no match any Configures QoS class map match line Default None Description This command creates an entry in the class map that causes all packets to match. |
match as-path path-list-number no match as-path path-list-number Configures BGP route filtering Default None Description This command allows you to require that any route in a route map pass an AS path access list. Routes that are permitted by the list undergo further processing. You might use this command to create a route map that modifies routing metrics or changes the routes in some way, depending on the routes' AS path. These modifications are applied only to routes matching the AS path access list. Example The following code filters all routes to be sent to the neighboring router 10.10.1.1 through the AS path list 1. The AS path list is applied in the route map test-as-path, which adds our AS number (300) to all routes that match this list. route-map test-as-path match as-path 1 set as-path prepend 300 ! ip as-path access-list 1 permit .* ! router bgp 300 neighbor 10.10.1.1 route-map set-as-path out |
match class-map class-map-name no class-map class-map-name Configures QoS class map match line Default None Description This command tells the current class map to use an entirely different class map as a matching criteria. By using this command, you can nest class maps. Example In this example, you can see that class1 uses class2 with this command. class-map match-any class2 match protocol ip match access-group 101 ! class-map match-all class1 match class-map class2 match access-group 102 |
match community-list community-list-number [exact] no match community-list community-list-number [exact] Configures BGP route filtering Default None Description This command lets you build a route map that requires a match to a BGP community list. If the route's community string matches the named list, the set commands of the route map are applied. The exact keyword states that all the communities within the community list must be present for the route. Without the exact keyword, only one match is required. |
match cos value [value2 value3 value4] no match cos value [value2 value3 value4] Configures QoS class map match line Default None Description This command configures a match line in a class map that matches a packet's Class of Service (CoS) value. The IEEE 802.1Q/ISL CoS value can be a value from 0 to 7. And you can specify from 1 to 4 values on a single line. Example class-map voice match cos 7 |
match destination-address mac address no match destination-address mac address Configures QoS class map match line Default None Description This command configures a class-map match statement that causes the packet's MAC address to be compared to the supplied address. |
match discard-class value no match discard-class value Configures QoS class map match line Default Packets not classified as expected Description This command configures a class-map match statement that matches the packet's discard class value. The value is a number from 0 to 7. |
match [ip] dscp value no match [ip] dscp value Configures QoS class map match line Default None Description This command tells a class map to match a packet's Differentiated Service Code Point (DSCP). The ip command is optional; it tells the match to work only for IPv4 packets. If you leave ip out, both IPv4 and IPv6 packets are matched. The value can be from 0 to 63. |
match fr-dlci dlci-number no match fr-dlci dlci-number Configures QoS class map match line Default None Description This command specifies a Frame Relay DLCI value to use in a class map. The dlci-number is matched against the packet's DLCI number. |
match input-interface interface-name no match input-interface interface-name Configures QoS class map match line Default None Description This command specifies an input interface to match a packet against. If the packet's input interface matches the interface-name, the line matches. |
match interface interface [... interface] no match interface interface [... interface] Configures Route filtering Default None Description This command lets you build a route map that selects routes according to the interfaces they use. For the route to match, its next hop must be through one of the interfaces listed. Routes that match are processed according to the other statements in the route map. Example In the following route map, all routes must have a next hop through the serial0 or serial1 interface for the route to match. route-map example1 match interface serial0 serial1 |
match ip address access-list no match ip address access-list Configures Route filtering Default None Description This command is used to match the IP address of the route's destination. If the destination matches the specified access list, the route is included in the map and processed according to the other statements in the route map. With this command, you can use extended access lists to implement routing policies. |
match ip dscp no match ip dscp Configures QoS class map match line Default None Description This command has been replaced with the match dcsp command. |
match ip next-hop access-list [... access-list] no match ip next-hop access-list [... access-list] Configures Route filtering Default None Description This command lets you specify that a route's next hop IP address must match the specified access list (or lists) to be included in the map. If a route passes any of the access lists, it is processed according to the other statements in the route map. |
match ip precedence no match ip precedence Configures QoS class map match line Default None Description This command has been replaced with the match precedence command. |
match ip route-source access-list [... access-list] no match ip route-source access-list [... access-list] Configures Route filtering Default None Description This command lets you specify that a route's source address (i.e., the router that originally advertised the route) must match the given access lists to be included in the map. If a route passes any of the access lists, it is processed according to the other statements in the route map. |
match ip rtp starting-port-number end-port-range no match ip rtp starting-port-number end-port-range Configures QoS class map match line Default None Description This command configures a range of ports to match a packet using the Real-Time Protocol (RTP). Any RTP packets that fall within the specified starting-port-number and end-port-range are matched. The starting-port-number can be from 2,000 to 65,535. The RTP end-port-range can be from 0 to 16,383. |
match length min max no match length min max Configures Route filtering Default None Description This command lets you build a route map that selects packets whose size is between min and max. If a packet's size falls in this range, it is processed according to the other statements in the route map. This command is used with policy routing. Example In this example, we want to match packets that are between 10 to 100 bytes long. We then send matching packets out through the serial0 interface. interface ethernet1 ip policy route-map example1 ! route-map example1 match length 10 100 set interface serial0 |
match metric value no match metric value Configures Route filtering Default None Description This command lets you build a route map that selects routes with a certain metric, given by value. The metric value can be from 0 to 4,294,967,295. If a route's metric matches the given value, it is processed according to the other statements in the route map. |
match mpls experimental value no match mpls experimental value match mpls experimental topmost value no match mpls experimental topmost value Configures QoS class map match line Default None Description This command specifies an MPLS experimental value against which to match packets. The value is the experimental MPLS value to match against. Values can be from 0 to 7.The topmost command checks the MPLS packet's topmost field for the value. |
match mpls-label no match mpls-label Configures Route map Default Routes with MPLS labels are not redistributed Description This command allows routes with MPLS labels to be redistributed in a route map. Example route-map mymap permit 1 match ip address 101 match mpls-label |
match not match-command no match not match-command Configures QoS class map match line Default None Description This command specifies the not version of a match-command. For example, if you wanted to match all protocols except IP, you could use the match protocol command combined with a not. Example class-map all-but-ip match not protocol ip |
match packet length max value min value no match packet length max value min value Configures QoS class map match line Default None Description This command tells the class-map to match the layer 3 packet length in the IP header of the packet. You can specify a min value, a max value, or both. If a minimum value is supplied, only packets with a value greater than the minimum are matched. If only a maximum value is supplied, only packets less than the maximum are matched. If both a minimum and maximum are supplied, packets must be within that range in order to be matched. Valid values for both minimum and maximum are from 1 to 2,000. |
match precedence value no match precedence value Configures QoS class map match line Default None Description This command supplies an IP precedence value to use as match criteria for a map-class. The value can be a precedence value of 0 to 7. |
match protocol name no match protocol name Configures QoS class map match line Default None Description This command supplies a protocol name to use as match criteria for a map class. The protocol name can be any protocol such as aarp, arp, bridge, bstun, cdp, clns, vmns, compressedtcp, decnet, ip, ipv6, ipx, llc2, pad, qllc, rsrb, snapshot, and stun. Two other protocols, citrix and http, take additional parameters. Example Citrix uses an option called app to identify packets: ! match citrix application called application1 match protocol citrix app application1 http has optional url, host, and mime modifiers: match protocol http host cisco* match protocol http url index.html* |
match qos-group value no match qos-group value Configures QoS class map match line Default None Description This command specifies a packet's QoS tag to use as a match criterion in a class map. The qos-group value can be from 0 to 99. The command is often used with the set qos-group command, which sets a packet's QoS tag (usually done on another device). |
match route-type {local | internal | external [type-1 | type-2] | level-1 | level-2} no match route-type {local | internal | external [type-1 | type-2] | level-1 | level-2} Configures Route filtering Default None Description This command lets you build route maps that match routes of a certain type. The types you can match are: local BGP internal routes. internal EIGRP internal routes or OSPF inter-area and intra-area. external EIGRP and OSPF external routes. type-1 and type-2 will only match OSPF type-1 and type-2 routes, respectively. level-1 Level 1 IS-IS routes. level-2 Level 2 IS-IS routes. |
match source-address mac address no match source-address mac address Configures QoS class map match line Default None Description This command specifies a packet's source MAC address to use as a class map match criterion. |
match tag tag-value [... tag-value] no match tag tag-value [... tag-value] Configures BGP route filtering Default None Description This command lets you build route maps that match routes with certain tag values. If a route has a tag that matches any given tag-value, it is processed according to the other statements in the route map. The tag-value parameters can have values from to 4,294,967,295. |
maximum-paths number no maximum-paths number Configures The maximum number of paths with equal metrics Default 1 for BGP; 4 for other protocols Description This command lets you set the number of paths with equal metrics that the router will maintain in its routing table. number can range from 1 to 6. For BGP, the meaning of this command is slightly different, since BGP doesn't have a simple routing metric. For BGP, this command allows you to increase the number of parallel equal-length paths that the router maintains in its tables. |
max-reserved-bandwidth percent-value no max-reserved-bandwidth Configures QoS class map match line Default 75 percent Description This command configures the percentage of bandwidth allocated for a given QoS technique, such as CBWFQ or LLC. |
media-type type no media-type type Configures The type of media for specific interfaces Default Depends on the interface type Description Certain interface types can be associated with several types of ports. For example, the Ethernet module on a 4000 series or an FEIP (Fast Ethernet interface processor) on a 7000/7500 series can be associated with an AUI, 10BaseT, or 100BaseT port. The type depends on the actual interface you are configuring; the possible types are shown in Table 17-14.
Example interface fastethernet0/1 media-type 100baset |
member number command no member number command Configures Applies a configuration to one async interface of a group Default None Description This command is used in conjunction with the group-range command. It allows a certain command to be applied to one specific interface of a given range. The number specifies the group member to which the given command should be applied. Only two commands can be applied to an interface using the member command: peer default ip and description. For examples, see the group-range command. |
menu name [clear-screen | line-mode | single-space | status-line] no menu name Configures Menu display options Default None Description This command displays the menu with the given name and allows you to specify menu display options. Menus can be used to provide simple configuration commands for users connecting to the router through telnet or reverse telnet; the menu itself is defined using the menu command. The available options are: clear-screen Forces a clear screen before displaying the menu. line-mode Allows the user to backspace over a selected item and press Enter to execute a command. single-space Displays the menu single-spaced instead of double-spaced. status-line Displays a status line about the current user. Menus are constructed using the commands menu command , menu text, and menu title. |
menu name command number command Configures Commands for user interface menus Default None Description This command lets you build arbitrary menus for executing configuration commands. The menus are accessible from the router's command-line prompt. name The name of the menu. Names cannot be more than 20 characters long. number The selection number associated with the menu entry. command The command to be executed when the given number is selected. |
menu name text number text Configures Descriptive text for menus Default None Description This command lets you provide descriptive text to associate with menu items. The menus are accessible from the router's command-line prompt using the menu command, followed by the menu name. name The name of the menu. Names cannot be more than 20 characters long. number The selection number associated with the menu entry. text The text to be displayed for the given menu selection. Example The following commands set up a menu called incoming with several selections. If a user types 1, the command telnet 10.1.1.1 is executed; if she types 2, the command telnet 10.1.1.2 is executed; if she types 3, the menu exits. menu incoming command 1 telnet 10.1.1.1 menu incoming text 1 Telnet to New York router (10.1.1.1) menu incoming command 2 telnet 10.1.1.2 menu incoming text 2 Telnet to San Francisco router (10.1.1.2) menu incoming command 3 menu-exit menu incoming text 3 Exit |
menu name title delimiter text delimiter Configures A title for a user interface menu Default None Description This command allows you to assign a title to the user interface menu identified by name. The text is the menu's title; the delimiter can be any character that does not appear within the text that serves to mark the beginning and end of the text. |
metric holddown no metric holddown Configures Keeps a route from being used for a given amount of time Default Disabled Description This command tells IGRP to wait a specific time before implementing new routes. It helps you to avoid routing loops in networks that converge slowly by delaying routing updates. Routing loops are still possible, however, if all routers within the same IGRP domain are not configured the same way. Using this command can result in very slow convergence. |
metric maximum-hops hops no metric maximum-hops hops Configures The maximum number of hops that a route can take Default 100 Description This command allows you to change the maximum hop count for EIGRP and IGRP. Routes that exceed the given limit are considered unreachable. The maximum number of hops is 255. Example The following commands configure the router to mark routes as unreachable if they require more than 180 hops: router igrp 101 network 10.10.0.0 metric maximum-hops 180 |
metric weights tos k1 k2 k3 k4 k5 no metric weights Configures EIGRP and IGRP metric calculation Default tos=0; k1=1; k2=0; k3=1; k4=0; k5=0 Description This command allows you to tune the routing metric for EIGRP and IGRP. The metric is calculated as follows: If k5 greater than zero, the calculation continues: The tos (Type of Service) parameter is currently unused. It should be set to 0 when you use this command. Example The following commands modify the values of k4 and k5 and set the other values to their defaults: router igrp 100 network 10.10.0.0 metric weights 0 1 0 1 2 2 |
mkdir directory Description This command allows you to create a directory on a Class C filesystem. |
This family of commands is used to configure modems on TTY lines. The discussion is limited to commands that are available for all routers. Terminal servers with manageable modems, such as the AS5200, AS5300, and CS3600 series products, have additional commands. modem answer-timeout time Sets the amount of time the router waits for the carrier signal after answering an incoming RING. modem autoconfigure discovery The router automatically tries to discover the modem type. modem autoconfigure type type Sets the modem to the type known by the router. To view a list of known modems, use the command modem autoconfigure type ?. modem callin Enables support of modems that use DTR to control hook-status. modem callout Enables reverse connections. (See Chapter 4.) modem chat-script script-name Specifies which chat script to use when the modem is automatically dialing. See Chapter 12 for more information. modem cts-required Configures a line to require the CTS (clear to send) signal. modem dialin Configures a modem to accept incoming calls only. modem dtr-active Configures the modem line to leave the DTR signal low unless there is an active connection. modem inout Allows both incoming and outgoing connections to the modem. This command enables reverse telnet, so be sure this what you want to do. |
monitor session session-number {source {interface interface-name}} [range | rx | tx | both] no monitor session session-number {source {interface interface-name}} [range | rx | tx | both] monitor session session-number {destination {interface interface-name}} [range] no monitor session session-number {destination {interface interface-name}} [range] monitor session session-number no monitor session session-number Configures Switched Port Analyzer (SPAN) Default None Description This command enables the Switched Port Analyzer or SPAN, which allows a port to "monitor" traffic that's sent or received on another port or VLAN. For more information, see Chapter 14. Use the command show monitor to display the SPAN session information. session-number The SPAN session number. Valid values are 1 and 2. source Specifies the SPAN source. destination Specifies the SPAN destination. interface-name Optional. The interface type and number. range Optional. Specifies a list of VLANs to use for SPAN. It can be a list or a range. For example, "100,200,205,305" or "100-300". Valid values are 1 to 1,005. rx Optional. Restricts monitor to received traffic only. tx Optional. Restricts monitor to transmitted traffic only. both Optional. Monitor for both received and transmitted traffic. |
more [/ascii | /binary | /ebcdic] file-url Configures Displays a file's contents Default N/A Description This command allows you to view a file on the router where the file-url can be a file stored in flash or a system URL. See Table 2-6 in Chapter 2 for a list of valid URL prefixes. Example To view the startup configuration, you would use this command: more nvram:startup-config |
motd-banner no motd-banner Configures Suppresses the message of the day Default Enabled Description By default, the motd (message-of-the-day) banner is enabled on all lines. This command allows you to suppress the banner on selected lines. Example ! Don't display the motd on lines 5 through 10 line 5 10 no motd-banner |
mpls atm control-vc vpi vci no mpls control-vc vpi vci Configures MPLS Default VPI, 3; VCI, 32 Description This command specifies the VPI (Virtual Path Identifier) and the VCI (Virtual Circuit Identifier) for the initial link to a MPLS peer. Example interface atm1/0.1 mpls mpls ip mpls atm control-vc 1 32 |
mpls atm cos { available | standard | premium | control } weight no mpls atm cos { available | standard | premium | control } weight Configures MPLS Default available 50%; control 50% Description This command changes the configured bandwidth allocation for CoS (Class of Service). You choose a class (available, standard, premium, or control) and then assign a weight, which is a value from 1 to 100. |
mpls atm disable-headend-vc no mpls atm disable-headend-vc Configures MPLS Default Enabled Description This command stops the LSC from initiating headend LVCs (label switched controlled virtual circuits), which reduces the number of LVCs in the network. |
mpls atm multi-vc no mpls atm multi-vc Configures MPLS Default N/A Description This command allows an ATM MPLS subinterface to create one or more label switched controlled virtual circuits over which packets of different classes can be transmitted. |
mpls atm vpi lowvpi [- highvpi] [vci-range lowvci - highvci] no mpls atm vpi lowvpi [- highvpi] [vci-range lowvci - highvci] Configures MPLS Default VPI is 1 to 1, VCI is 33-65,535 Description This command configures the range of values to use in the VPI field for label switched controlled virtual circuits. lowvpi Virtual Path Identifier, low end of range (0 to 4,095) highvpi Optional. Virtual Path Identifier, high end of range (0 to 4,095) vci-range Optional. Range of Virtual Channel Identifiers the subinterface can use. |
mpls atm vp-tunnel vpi [vci-range lowvci - highvci] no mpls atm vp-tunnel vpi [vci-range lowvci - highvci] Configures MPLS Default Disabled Description This command configures an interface as a Virtual Path tunnel. vpi The Virtual Path Identifier value for the local end of the tunnel. vci-range Optional. Range of Virtual Channel Identifiers the subinterface can use. |
mpls cos-map map no mpls cos-map map Configures MPLS Default None Description This command creates a class map that specifies how classes correspond to Virtual Circuits. Example mpls cos-map 10 class 1 premium |
mpls ip no mpls ip Configures MPLS Default Disabled Description This command enables label switching of IPv4 packets. The command must be applied globally and to the interface. Example mpls ip interface ethernet 1/1 mpls ip |
mpls ip default-route no mpls ip default-route Configures MPLS Default Disabled Description This command enables distribution of labels associated with the default route. Example mpls ip mpls ip default-route |
mpls ip encapsulate explicit-null no mpls ip encapsulate explicit-null Configures MPLS Default Disabled Description This command enables all packets sent out an interface or subinterface with an explicit NULL label header. To be used on a customer edge router. |
mpls ip ttl-expiration pop labels no mpls ip ttl-expiration pop labels Configures MPLS Default Packets are forwarded by the original label stack Description This command specifies how to forward a packet with an expired time-to-live (TTL) value. |
mpls label protocol { ldp | tdp } no mpls label protocol Configures MPLS Default TDP Description This command specifies the label distribution protocol to use for the platform or interface. ldp specifies the Label Distribution Protocol while tdp specifies the Tag Distribution Protocol. For the interface version of this command, you can specify both, which allows both LDP and TDP. This is useful on interfaces where different peers might use different protocols. Example mpls label protocol ldp ! interface ethernet 1/1 mpls label protocol both |
mpls label range min max no mpls label range Configures MPLS Default Minimum 16, Maximum 1,048,575 Description This command configures the range of local labels available for MPLS. |
mpls mtu bytes no mpls mtu bytes Configures MPLS Default The interface's default MTU Description This command sets the per-interface maximum transmission unit (MTU) for labeled packets. |
mpls prefix-map map access-list acl cos-map map no mpls prefix-map map access-list acl cos-map map Configures MPLS Default Disabled Description This command applies a QoS map when a label distribution prefix matches the specified access-list (acl). |
mpls request-labels for access-list no mpls request-labels for Configures MPLS Default Disabled Description This command applies an access list to restrict the creation of LSPs (Label Switched Paths) on the Label Switch Controller (LSC) or Label Edge Router (LER). |
mrinfo [host] [source-interface] Configures Queries a multicast router Description This command allows you to query a multicast router. If you provide no arguments to this command, the router queries itself. host Optional. Specifies the IP address or name of the host to query. source-interface Optional. Specifies the IP address or name of the interface to use as the source of the request. |
mstat source [destination] [group] Configures Displays multicast statistics Description This command displays multicast statistics, including the packet rate and the number of packets lost. If you do not provide arguments to this command, the router prompts you for them. source Specifies the IP address or name of the multicast source. destination Optional. Specifies the IP address or name of the destination. If not provided, the router uses itself as the destination. group Optional. Specifies the IP address or name of the group to display. The default is 224.2.0.1. |
mtrace source [destination] [group] Description This command provides a trace from the source to the destination for a multicast distribution tree. source Specifies the IP address or name of the multicast source. destination Optional. Specifies the IP address or name of the destination. If not provided, the router uses itself as the destination. group Optional. Specifies the IP address or name of the group to display. The default is 224.2.0.1. |
mtu bytes no mtu bytes Configures Maximum transmission unit (MTU) Default Depends on media type (defaults for some common media are listed in Table 17-11, under the ip mtu command) Description This command allows you to modify the MTU for any interface. The default MTU depends on the media you are using (FDDI, Ethernet, etc.); for example, Ethernet has an MTU of 1,500. Performance considerations may lead you to modify this value; a smaller MTU might give better performance on a lossy or noisy line. Example interface ethernet0 mtu 1250 |
name name elan-id id no name name elan-id id Configures ELAN ID of an ELAN in the LECS database Default None Description This command sets the name and id number for an Emulated LAN (ELAN) in the LECS database. |
name elan-name local-seg-id segment-number no name elan-name local-seg-id segment-number Configures The token ring number of an ELAN Default None Description This command sets the token ring's ring number of an ELAN. The segment-number is the number to be assigned, which can be from 1 to 4,095. |
name name preempt no name name preempt Configures Preempt for the ELAN Default Disabled Description This command allows you to enable preempting of an ELAN. This is useful when a LAN Emulation Server (LES) of a higher priority fails and then comes back online; it allows the higher-priority LES to preempt the lower-priority LES, avoiding network flapping and instability. |
name elan-name server-atm-address atm-address [restricted | un-restricted] [index value] no name elan-name server-atm-address atm-address Configures The LANE server's ATM address for the ELAN Default None Description This command sets the ATM address of the LANE server for the ELAN. elan-name The name of the ELAN. atm-address The LANE server's ATM address. restricted | un-restricted Optional. If restricted, only LANE clients defined in the ELAN's configuration server can be members of the ELAN. index value Optional. This keyword sets a priority for the LANE server. (You can assign multiple LANE servers for fault tolerance.) 0 is the highest priority. |
RIP/IGRP/EIGRP: neighbor address no neighbor address OSPF: neighbor address [priority value] [poll-interval seconds] [cost number] [database-filter all] no neighbor address [priority value] [poll-interval seconds] [cost number] [database-filter all] Configures A routing neighbor Default No neighbors defined Description The behavior and syntax of this command depend on the routing protocol you are using. For RIP, this command specifies a RIP neighbor. This is useful when you have routers that cannot receive RIP broadcasts. In this situation, use the neighbor command to specify the IP addresses of routers that should receive RIP packets directly. If you use this command, RIP packets are not broadcast; they are sent only to the specified neighbors. The neighbor command is frequently used with the passive-interface command, which specifies that the interface should only listen for routing updates. For IGRP, the command specifies an IGRP neighbor for the router to communicate with. It is often used with the passive-interface command. As with RIP, you can use the neighbor command together with passive-interface to send updates to one or more routers without sending updates to other routers on the network. Multiple neighbor commands are allowed. For EIGRP, the neighbor command is accepted by the parser but has no effect on the EIGRP process. It is accepted for backward compatibility with IGRP configurations. For OSPF, you use the command to define a router's OSPF neighbors explicitly. The OSPF version of this command has the following parameters: address The IP address of the neighbor. priority value Optional. The priority of the neighbor, from 0 to 255. The default is 0. poll-interval seconds Optional. The frequency at which the neighbor is polled. The default is 120 seconds. cost number Optional. Assigns a cost to the neighbor. The cost can be from 1 to 65,535. Neighbors that aren't configured with a specific cost assume the cost of the interface based on the ip ospf cost command. database-filter Optional. Filters outgoing link-state advertisements (LSAs) to the neighbor. Example In the following configuration, we have an IGRP routing process that we have told not to advertise (broadcast) IGRP updates out interface ethernet0. We use the neighbor command to explicitly tell the routing process to communicate with the router at 10.10.1.5, which happens to be reachable through the ethernet0 interface. We are thus using the neighbor command to control which routers receive IGRP information: router igrp 100 network 10.0.0.0 passive-interface ethernet0 neighbor 10.10.1.5 The following commands set up a similar routing configuration using RIP. As in the previous example, we use passive-interface to suppress routing broadcasts out ethernet0, and the neighbor command to list explicitly the routers with which we want to communicate: router rip network 10.0.0.0 passive-interface ethernet0 neighbor 10.10.1.5 In the following example, we create an OSPF routing process and list a priority 1 neighbor explicitly: ! OSPF neighbor with a priority of 1 ! router ospf 99 neighbor 192.168.1.2 priority 1 |
neighbor {address | peer-group} advertisement-interval seconds no neighbor {address | peer-group} advertisement-interval seconds Configures Minimum interval between BGP routing updates Default 5 seconds for internal peers; 30 seconds for external peers Description This command sets the BGP routing update interval. seconds can be from 0 to 600. You must specify either the address or peer-group of a particular peer. |
neighbor address database-filter all out no neighbor address database-filter all out Configures Filter LSAs to a certain OSPF neighbor Default Disabled Description Normally, all outgoing LSAs are flooded to all neighbors. This command allows you to disable flooding to a specific neighbor in point-to-multipoint networks. In broadcast, nonbroadcast, and point-to-point networks, you can disable flooding by using the ospf database-filter command. |
neighbor {address | peer-group} default-originate [route-map map] no neighbor {address | peer-group} default-originate [route-map map] Configures Sends the default route to a BGP neighbor Default Disabled Description This command tells the router to send the default route to a neighbor, identified either by address or by peer-group. By default, no default route is sent. The use of the route map map allows you to place conditions on the sending of the route. |
neighbor {address | peer-group} description text no neighbor {address | peer-group} description Configures A text description of a BGP neighbor or peer group Default None Description This command allows you to give a text description for a neighbor, identified either by address or by peer-group. The text can be up to 80 characters. The description is purely for documentation and doesn't affect the router's behavior. Example router bgp 200 neighbor 10.200.200.1 description Peer in the pasadena office |
neighbor {address | peer-group} distribute-list {access-list | prefix-list name} {in | out} no neighbor {address | peer-group} distribute-list {access-list | prefix-list name} {in | out} Configures Applies a distribute list to a neighbor or peer group Default None Description This command applies an access list or a prefix list to filter incoming (in) or outgoing (out) routes exchanged with the given neighbor (specified by address or peer-group). |
neighbor {address | peer-group} filter-list access-list {in | out} no neighbor {address | peer-group} filter-list access-list {in | out} Configures A filter for BGP Default None Description This command sets up an AS path access list that filters BGP routes sent to or received from a specific neighbor. Routes that match the access list are discarded. address or peer-group The address or peer group of the neighbor. filter-list access-list The name of an AS path access list defined by the ip as-path access-list command. in The filter applies to incoming routes. out The filter applies to outgoing routes. |
neighbor {address | peer-group maximum-prefix max [threshold] [warning-only] no neighbor {address | peer-group maximum-prefix max [threshold] [warning-only] Configures The number of prefixes that can be received from a neighbor Default No limit Description This command allows you to set a limit on the number of prefixes that the router can receive from the neighbor. address or peer-group The address or peer group of the neighbor. maximum-prefix max The maximum number of prefixes you are willing to accept. threshold Optional. The percentage of the maximum number of prefixes at which the router will start generating warning messages. The default is 75%. warning-only Tells the router to generate a warning message about reaching the maximum value, but not to take any other action. |
neighbor {address | peer-group} next-hop-self no neighbor {address | peer-group} next-hop-self Configures Next-hop processing of the neighbor router Default Disabled Description This command forces the router to advertise itself as the next hop to the neighbor. The neighbor router is identified by its IP address or peer-group. |
neighbor {address | peer-group} password word no neighbor {address | peer-group} password word Configures MD5 authentication between BGP peers Default Disabled Description This command requires authentication between BGP peers (identified by address or by peer-group). The MD5 algorithm is used for authentication. The password, word, can be any alphanumeric string up to 80 characters long; spaces are allowed, but the first character cannot be a number. |
neighbor address peer-group peer-group no neighbor address peer-group peer-group Configures Assigns a neighbor to a peer group Default None Description When configuring BGP, you often want to apply the same set of configuration items to a number of BGP neighbors. Peer groups let you simplify the router configuration by making a neighbor a peer group member. Once you have created a peer group, all configuration items for that group apply to all the members of the group. address is the IP address of the neighbor to be added to the peer group; peer-group is the name of the peer group. Example In this example, we create a peer group called group1 and place all our neighbors into this peer group (179.69.232.53, 54, and 55). Having created the peer group, we can apply neighbor filter-list commands to the group as a whole, rather than to the individual neighbors. We still have to configure the unique features (such as remote AS numbers) of the neighbors individually. router bgp 200 neighbor group1 peer-group neighbor group1 filter-list 100 in neighbor group1 filter-list 102 out neighbor 171.69.232.53 remote-as 300 neighbor 171.69.232.53 peer-group group1 neighbor 171.69.232.54 remote-as 400 neighbor 171.69.232.54 peer-group group1 neighbor 171.69.232.55 remote-as 500 neighbor 171.69.232.55 peer-group group1 |
neighbor {address | peer-group} prefix-list prefix-list-name {in | out} no neighbor {address | peer-group} prefix-list prefix-list-name {in | out} Configures Assigns a prefix list to a BGP neighbor Default None Description This command lets you filter BGP routes by assigning a prefix list to a neighbor instead of using an AS path filter. address or peer-group The address or peer group of the neighbor. prefix-list prefix-list-name The name of the prefix list defined by the ip as-path access-list command. in The filter applies to incoming routes. out The filter applies to outgoing routes. |
neighbor {address | peer-group} remote-as as-number no neighbor {address | peer-group} remote-as as-number Configures The remote AS number of a BGP neighbor Default None Description This command specifies a neighbor's AS number. This number is used to determine whether the neighbor is an internal or external BGP router. If the neighbor's AS number is the same as the AS number in the current BGP configuration, the neighbor is an internal BGP router; likewise, if the AS numbers are different, the neighbor is an external BGP router. address or peer-group The address or peer group of the neighbor. as-number The AS number of the neighbor router (or the routers in the peer group). Example In this example, the neighbor (10.200.200.3) is an internal BGP router because its AS number is the same as the local AS number: router bgp 100 neighbor 10.200.200.3 remote-as 100 In the following example, the neighbor (10.200.200.4) is an external BGP router: router bgp 100 neighbor 10.200.200.4 remote-as 200 |
neighbor {address | peer-group} route-map map {in | out} no neighbor {address | peer-group} route-map map {in | out} Configures Assigns a route map to a BGP neighbor Default None Description This command assigns a route map to a BGP neighbor. The route map is used to filter or otherwise modify routes that are sent to or received from the neighbor. address or peer-group The address or peer group of the neighbor. map The number of the map used to filter the routes. in The map is applied only to incoming routes. out The map is applied only to outgoing routes. |
neighbor address route-reflector-client no neighbor address route-reflector-client Configures BGP route reflector Default None Description This command configures the local router as a route reflector; the neighbor at the specified address is a client of the route reflector. Route reflectors allow you to get around the rule that all internal BGP speakers (peers) must be fully meshed. A route reflector passes iBGP routes from one router to another without modification. |
neighbor {address | peer-group} send-community no neighbor {address | peer-group} send-community Configures Community attribute Default None Description This command tells the router to send the COMMUNITIES attribute to BGP neighbors. The neighbors that receive this attribute are identified either by address or by peer-group. |
neighbor {address | peer-group} send-label no neighbor {address | peer-group} send-label Configures BGP to send MPLS label Default None Description This command tells the device to send MPLS labels with BGP routes to the specified BGP neighbor. |
neighbor {address | peer-group} shutdown no neighbor {address | peer-group} shutdown Configures Removes a BGP neighbor from the BGP configuration Default None Description This command disables the neighbor (specified by address or peer-group) so that it no longer takes part in the BGP routing protocol or exchanges BGP routing information and tables. Use the no form to reenable the BGP neighbor. |
neighbor {address | peer-group} soft-reconfiguration inbound no neighbor {address | peer-group} soft-reconfiguration inbound Configures Storage of received updates Default None Description This command enables the storage of received updates, which is required for an inbound soft reconfiguration. |
neighbor ip ttl-security hops hop-count no neighbor ip ttl-security hops hop-count Configures Maximum TTL count for eBGP peers Default Disabled Description This command enables BGP TTL checking for neighbors. This command is only used on external BGP (eBGP) neighbors. It provides a simple security mechanism for protecting your eBGP routers from possible hijacking attempts. By enabling this feature, only packets with TTL counts that are equal to or higher than the given value are accepted as valid packets. (It is generally considered impossible to forge TTL counts without access to the source or destination network.) If the packet's TTL value is less than this value, the router discards the packet without generating any ICMP messages. The idea is that we don't want to generate any error messages that might be sent back to a possible hacker. |
neighbor {address | peer-group} timers keepalive holdtime no neighbor {address | peer-group} timers keepalive holdtime Configures Timer values for BGP routing information Default keepalive is 60 seconds; holdtime is 180 seconds Description This command allows you to set the timer information for BGP routes. The keepalive parameter specifies the frequency (in seconds) that keepalive messages are sent to the specified neighbor (as identified by address or peer-group). The holdtime parameter specifies the interval (in seconds) within which the router expects to hear a keepalive message from the given neighbor or peer group before declaring the peer dead. |
neighbor ip ttl-security hops hop-count no neighbor ip ttl-security hops hop-count Configures Maximum TTL count for eBGP peers Default Disabled Description This command enables BGP TTL checking for neighbors. This command is only used on external BGP (eBGP) neighbors. It provides a simple security mechanism for protecting your eBGP routers from possible hijacking attempts. By enabling this feature, only packets with TTL counts that are equal to or higher than the given value are accepted as valid packets. (It is generally considered impossible to forge TTL counts without access to the source or destination network.) If the packet's TTL value is less than this value, the router discards the packet without generating any ICMP messages. The idea is that we don't want to generate any error messages that might be sent back to a possible hacker. |
neighbor {address | peer-group} update-source interface no neighbor {address | peer-group} update-source interface Configures Best interface to reach a neighbor Default The closest interface (sometimes called the best local address) Description This command tells the router to use a certain interface for a neighbor (as specified by address or peer-group) rather than the default. Use this command when other routers are peering to your loopback address. |
neighbor {address | peer-group} version value no neighbor {address | peer-group} version value Configures The BGP version to use for the neighbor Default Version 4 Description This command lets you specify which BGP version to use when talking to the given neighbor (as specified by address or peer-group). The version number must be 2, 3, or 4. Although Version 4 is the default, the router should dynamically negotiate down to Version 2 if the neighbor doesn't support Version 4. |
neighbor {address | peer-group} weight value no neighbor {address | peer-group} weight value Configures The weight metric for a BGP neighbor Default Routes learned from the local router have a weight of 32,768; routes learned from other BGP peers have a weight of 0 Description This command lets you assign a weight to routes learned from the given neighbor (as specified by address or peer-group). Routes with a higher weight are chosen first. You can use this command to tell BGP to prefer routes learned from a given neighbor. This is a Cisco proprietary attribute. Example In the following configuration, we assign a weight of 100 to routes learned from the neighbor 10.200.200.3. This weighting causes the router to prefer routes learned from 10.200.200.3 to routes learned from other BGP peers. router bgp 200 neighbor 10.200.200.3 weight 100 |
net value no net value Configures The NET for an IS-IS routing process Default None Description In order to configure an IS-IS routing process, you need to define a Network Entity Title (NET). Essentially, a NET serves as the area number and the system ID for the routing process. The NET is an NSAP whose last byte is 0. Example Let's assume that we have an IS-IS system ID of 0000.0000.0004 and an area ID of 04.0002. This gives us a NET of 04.0002.0000.0000.0004.00, which is the area ID followed by the system ID followed by the ending zero. The following configuration shows how the net command is used to assign the appropriate value: router isis net 04.0002.0000.0000.0004.00 is-type level-1 ! interface ethernet 0 ip router isis ip address 10.1.1.1 255.255.255.0 |
BGP: network network-number [mask network-mask] no network network-number [mask network-mask] IGRP/EIGRP/RIP: network network-address no network network-address OSPF: network network-address wildcard-mask area area-id no network network-address wildcard-mask area area-id Configures The network for which the routing process is responsible Default None Description The network command provides a way to tell the routing process what networks it is responsible for. With IGRP, EIGRP, RIP, and, to a degree, BGP, all you need to do is list the network addresses (one per line) for the routing process. To remove a network from the routing process, use the no form of the command. In OSPF, the network command requires three parameters: a network-address, a wildcard-mask, and an area-id. You must include the area ID. The wildcard mask specifies the portion of an IP address that isn't part of the network address; for example, a 24-bit mask subnet would use the wildcard mask 0.0.0.255. An interface can be attached only to a single OSPF area. If the address ranges (i.e., address/mask combinations) of two network commands overlap, the OSPF process takes the first match and ignores the rest. For BGP, the network address is specified using a subnet mask, not a wildcard mask; for example, an 8-bit subnet would use the subnet mask 255.255.255.0. The mask is optional. If it is omitted, a mask of 255.255.255.0 is assumed. Example The following commands define a network for RIP and EIGRP routing processes: router rip network 10.0.0.0 ! router eigrp network 11.0.0.0 The following commands configure OSPF with a process ID of 99 and two areas: router ospf 99 network 10.10.1.0 0.0.0.255 area 0 network 10.10.2.0 0.0.0.255 area 1 |
network address backdoor no network address backdoor Configures A backdoor route to a BGP border router Default None Description This command allows you to give a backdoor route to a BGP router. This route acts like a local network but is not advertised. |
network address mask weight weight [route-map map] no network address mask weight weight [route-map map] Configures An absolute weight to a BGP network Default None Description This command sets the weight for routes to the given network, overriding any weight value learned by other means (redistribution, etc.). address mask The address of a network, specified as an IP address followed by a subnet mask. weight weight The weight to be assigned to these routes. It can have any value from to 65,535. route-map map A route map to be applied to these routes. |
nrzi-encoding no nrzi-encoding Configures T1 encoding type Default Disabled (i.e., B8ZS) Description This command enables "Nonreturn to Zero Inverted" encoding on T1 lines. The default encoding for T1 lines is B8ZS. Example interface serial1 nrzi-encoding |
ntp access-group [condition] access-list no ntp access-group [condition] access-list Configures Network Time Protocol (NTP) service Default None Description This command applies an access list to the router's NTP service. condition Optional. Specifies the type of NTP queries to which the access list applies. Valid values are query-only, serve-only, serve, and peer. query-only allows NTP control requests only; serve-only allows time requests only; serve allows time requests and NTP control requests, but does not allow the router to synchronize its time with another NTP peer; peer allows time requests, NTP control requests, and time synchronization with other NTP peers. If this keyword is omitted, the access list applies to all queries. access-list A standard access list to be applied to NTP connections. |
ntp authenticate no ntp authenticate Configures Network Time Protocol (NTP) service Default No authentication Description This command enables NTP authentication on the router. |
ntp authentication-key number md5 value no ntp authentication-key number Configures Network Time Protocol (NTP) service Default None Description This command defines the authentication key to be used for NTP. Use the no form of this command to delete this key. number A value that identifies this key (1 to 4,294,967,295). md5 value The actual key value. |
ntp broadcast no ntp broadcast Configures Network Time Protocol (NTP) service Default Disabled Description This command tells the router to transmit NTP broadcast packets through the interface. |
ntp broadcast client no ntp broadcast client Configures Network Time Protocol (NTP) service Default Disabled Description This command tells the router to receive NTP broadcast packets through the interface. |
ntp broadcastdelay microseconds no ntp broadcastdelay Configures Network Time Protocol (NTP) service Default None Description This command sets the estimated round-trip delay for NTP broadcast packets in microseconds. |
ntp disable no ntp disable Configures Network Time Protocol (NTP) service Default Enabled on all interfaces if NTP is configured Description This command disables the interface's ability to receive NTP packets. |
ntp master stratum no ntp master stratum Configures Network Time Protocol (NTP) service Default The router is not a master Description This command configures the router as the master NTP server from which other NTP peers can receive their NTP time. (See the ntp peer command for setting peer values.) This command should be used with extreme caution, as it can declare the router's clock to be stratum 1 (most accurate) without any safeguards about how accurate the clock really is. stratum The NTP stratum number for this server. The value can be 1 through 15. |
ntp peer address [version value] [key keyid] [source interface] [prefer] no ntp peer address Configures Network Time Protocol (NTP) service Default None Description This command defines the address of an NTP peer. The router synchronizes its time with the peer's time and attempts to update the peer's time. Notice how a peer is different from a server. If you specify an NTP server with the ntp server command, the router gets its time from the server but does not attempt to update the server's time. address The IP address of the NTP peer. version value The NTP version (1 through 3). The default is 3. key keyid Authentication key to use for this peer. The ntp authentication-key command defines the keys and their key IDs. source interface The interface the router should use to communicate with this peer. prefer Makes this peer preferred over others. Example The following command sets an NTP peer at 10.11.1.2, which is available via the ethernet0 interface. ntp peer 10.11.1.2 version 2 source ethernet0 |
ntp server address [version value] [key keyid] [source interface] no ntp server address Configures Network Time Protocol (NTP) service Default None Description This command tells the router which NTP server to use. The router derives its time from the server but does not try to update the server's time. address The IP address of the NTP peer. version value The NTP version (1 through 3). The default is 3. key keyid Authentication key to use for this peer. The ntp authentication-key command defines the keys and their key IDs. source interface The interface the router should use to communicate with this server. Example The following command sets our NTP server to 10.11.1.5: ntp server 10.11.1.5 version 2 |
ntp source interface no ntp source interface Configures NTP source interface Default The closest interface to the destination Description This command allows you to define the interface to be used as the source interface for generating NTP traffic. By default, the router normally uses the interface closest to the destination as the source interface. |
ntp trusted-key keyid no ntp trusted-key keyid Configures Network Time Protocol (NTP) service Default None Description This command sets the authentication key to use to synchronize with the NTP server. keyid The authentication key to use. The ntp authentication-key command defines the keys and their key IDs. |
ntp update-calendar no ntp update-calendar Configures Network Time Protocol (NTP) service Default Disabled Description On high-end routers (7500, 5000, 6000, 1010, 8500, etc.), this command tells the router to update the calendar using NTP. Normally, the calendar is not updated through NTP; only the system clock is updated. |
offset-list access-list {in | out} value [interface] no offset-list access-list {in | out} value [interface] Configures Adds an offset value to incoming or outgoing routing metrics Default None Description This command allows you to apply an offset to the metric of incoming or outgoing routes. access-list The offset is applied to routes matching this access list (name or number). 0 means all routes. in or out The direction in which to apply the metric offset. in applies the offset to incoming routes; out applies the offset to outgoing routes. value The amount by which route metrics will be increased. The value must be positive; the acceptable range depends on the routing protocol. interface Optional. The offset will be applied only to routes traveling through the given interface. Example The following configuration adds an offset of 10 to routes that match access list 1 (i.e., routes with the destination 10.10.1.0) traveling out through the ethernet0 interface: access-list 1 permit 10.10.1.0 0.0.0.255 ! router eigrp 100 offset-list 1 out 10 ethernet0 network 10.10.0.0 |
ospf auto-cost reference-bandwidth value no ospf auto-cost reference-bandwidth value Configures How OSPF calculates default metrics Default 100 Mb Description The default OSPF metric is calculated by dividing the reference bandwidth by the bandwidth of the interface. The default value of the reference bandwidth is 10^8 or 100,000,000. Using this formula, the OSPF cost for a T1 is 65 (100,000,000/1,544,000). This number is also convenient because it causes the cost of an FDDI link or Fast Ethernet to be 1. This command allows you to modify the reference bandwidth to support interfaces that are faster than 100 Mbps. |
ospf log-adj-changes no ospf log-adj-changes Configures OSPF state change logging Default None Description This command enables syslog logging of changes in the state of neighbor routers. |
output-delay value no output-delay value Configures Delay between packets in a multipacket route update Default 0 (no delay) Description This command modifies the interpacket delay during RIP updates. value specifies the delay in milliseconds between consecutive packets in a multipacket update. A delay is useful when a fast router needs to communicate with a slower one, as it allows the slower router to catch up. Example This example sets the output delay of multipacket router updates to 5 milliseconds: router rip network 10.10.0.0 output-delay 5 |
padding ascii-number count no padding ascii-number Configures Pads a specific character with NULLs Default No padding Description This command pads a specific output character with NULL characters. It supports older terminals that require padding after certain characters, such as the Return key. Unless you are using a terminal that requires padding, you will never need this command. ascii-number The decimal value of the character that needs padding. count The number of NULL bytes to send after this character. |
parity {none | even | odd | space | mark} no parity Configures Parity Default None Description This command defines the parity bit for an asynchronous serial line. Its value may be none, even, odd, space, or mark. Example Router(config)#line tty 2 Router(config)#parity none |
passive-interface interface no passive-interface interface Configures Disables a routing protocol on a specific interface either partially (RIP, IGRP) or completely (EIGRP, OSPF, etc.) Default None Description For RIP and IGRP, this command causes the specified interface to listen for routing updates but prevents it from sending them. For OSPF, EIGRP, or other "hello-based" routing protocols, this command effectively disables the protocol on that interface (both sending and receiving). These protocols cannot operate without exchanging hello messages. Example router igrp 100 network 10.0.0.0 ! Suppress routing advertisements on serial 1 passive-interface serial 1 |
password value no password value Configures A login password for the line Default No password Description This command allows you to assign a password to any available line. Most lines must also be configured with the login command. Example The following example sets the login password to cisco for the console and the five VTY lines. ! First the console line con 0 password cisco login ! And the five virtual terminals (for incoming telnets) line vty 0 5 password cisco login |
peer default ip {address address | dhcp | pool pool} no peer default ip {address address | dhcp | pool pool} Configures Address assignment for PPP or SLIP peers Default pool Description This command allows you to assign an IP address to peers that connect to this interface using PPP or SLIP. There are three ways in which an address can be assigned: you can specify a single address to be used whenever a peer connects to this interface; you can specify an address pool from which an address is taken; or you can specify that the router should obtain an address for the peer through dhcp. This command overrides the global setting for the default IP address selection. async-bootp can also be used to provided addresses to dial-up clients. |
peer neighbor-route no peer neighbor-route Configures Generation of neighbor routes for incoming PPP connections Default Enabled Description The generation of a neighbor route for a new PPP connection is enabled by default. The no form of this command disables that behavior. |
physical-layer {sync | async} no physical-layer {sync | async} Configures Whether the interface is synchronous or asynchronous Default sync Description This command lets you specify whether a serial interface is synchronous or asynchronous. It is available on low-speed serial interfaces. |
ping ping host Description The ping command sends a sequence of ICMP echo request packets to the specified host. It is one of the simplest and most commonly used troubleshooting tools. If you omit the host from the command line and are in privileged EXEC mode, the router prompts you for the rest of the information. Ping prints a special character for each packet indicating whether the router received the corresponding echo reply. Table 17-15 shows what these special characters mean. Ping also summarizes the success rate and the round-trip times.
Example Router# ping 10.10.1.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.1.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms |
police bps [burst-normal] [burst-max] conform-action action exceed-action action [violate-action action] no police bps [burst-normal] [burst-max] conform-action action exceed-action action [violate-action action] Configures Traffic policing Default Disabled Description This command configures traffic policing within a map class. By defining the average bit rate (bps) and a normal and maximum burst rates, you can define actions for packets that conform to, exceed, or violate those rates. bps Defines the average rate in bits per second (bps). The value must be defined in increments of 8 Kbps. The value can be from 8,000 to 2,000,000,000. burst-normal Normal burst size in bytes. This value can be from 1,000 to 512,000,000. Default normal burst size is 1,500 bytes. burst-max Excess burst-size in bytes. This value can be from 1,000 to 512,000,000. conform-action The action to take on packets that conform to the rate limit (see Table 17-16). exceed-action The action to take on packets that exceed the rate limit (see Table 17-16). violate-action Optional. The action to take on packets that violate the normal and maximum burst sizes (see Table 17-16).
See Chapter 11 for more details. |
policy-map name no policy-map name Configures A policy map for QoS Default None Description This command allows you to create a policy map that can be attached to one or more interfaces. See Chapter 11 for examples of using and creating policy maps. |
ppp Description This command is given by a user who wants to establish a PPP session after connecting to one of the router's interfaces (for example, a dial-up serial interface) and logging in using some kind of terminal emulation. Giving this command at the user EXEC command prompt establishes the PPP connection. |
ppp authentication {chap | pap} [if-needed] [list] [callin] no ppp authentication Configures Enables CHAP or PAP authentication Default No authentication Description This command enables CHAP or PAP authentication on interfaces. In addition to the type of authentication, this command may have the following parameters: if-needed Optional. Prevents reauthorization if the user has already been authorized at some other point during the session. list Optional. Provides a list of AAA authorization methods. To set up an authorization list, use the command aaa authentication ppp. callin Optional. Tells the interface to authorize incoming (dial-in) connections only. |
ppp bridge ip no ppp bridge ip Configures Bridging a PPP connection Default Disabled Description This command enables half-bridging of IP packets across a serial or ISDN interface. |
ppp chap password password no ppp chap password password Configures CHAP authentication Default Disabled Description This command configures a single password for PPP authentication using the CHAP protocol. |
ppp compress {predictor | stac} no ppp compress {predictor | stac} Configures Compression Default None Description This command enables compression for the PPP connection. For compression to work, both ends of the PPP connection must be configured to use the same type of compression. |
ppp multilink no ppp multilink Configures Multilink PPP (MLP) over multiple interfaces Default Disabled Description If you have two or more communications links between the router and the destination, you can use multilink PPP to send traffic over several interfaces in parallel to get higher throughput. Asynchronous serial interfaces, ISDN BRI interfaces, and ISDN PRI interfaces can make use of multilink PPP. Multilink PPP works best on digital lines such as ISDN; it is less effective on low-speed analog connections. |
ppp quality percentage no ppp quality percentage Configures Quality monitoring Default Disabled Description This command enables link quality monitoring. Once enabled, the PPP link is shut down if the quality degrades below a certain value. The value, commonly thought of as a percentage, is expressed as a number between 1 and 100, with 100 indicating the highest quality. |
ppp reliable-link no ppp reliable-link Configures LAPB numbered mode negotiation Default Disabled Description This command enables LAPB numbered mode negotiation, which means that the router will try to negotiate a reliable link, not necessarily build a reliable link. This command is not available on asynchronous interfaces and doesn't work with multilink. |
ppp use-tacacs no ppp use-tacacs Configures TACACS authentication for PPP Default Disabled Description This command enables the use of TACACS for PPP authentication. |
priority-group list no priority-group Configures A priority list for the interface Default None Description This command applies a priority list to an interface. See the priority-list command for information on constructing priority lists. Example The following commands apply priority list 1 to the serial0 interface: interface serial0 priority-group 1 |
priority-list number default level no priority-list number default level priority-list number protocol value level port-type port no priority-list number protocol value level port-type port priority-list number queue-limit high-limit medium-limit normal-limit low-limit no priority-list number queue-limit Configures Priority lists for priority traffic queuing Default None Description The priority-list command is a set of three related commands that are used to construct a list. A priority list is a set of four queues, one for each of four priority levels: high, medium, normal, and low. Each queue has its own capacity (in packets); the queue sizes are set using priority-list queue-limit, although I recommend that you don't modify the default queue sizes. The priority-list protocol version of the command assigns packets to a queue based on their protocols and, optionally, their ports. The priority-queue default command assigns a queue to all packets that aren't explicitly assigned to a queue (i.e., all packets not associated with a protocol and port specified with the priority-list protocol command). Once you have created a priority list, use the priority-group command to apply a priority list to an interface. The queues in the list are then used for all traffic going out the interface. The parameters for these commands are: number The number of the priority list you are configuring; it can be a value from 1 to 10. protocol value The protocol to prioritize. In mixed-protocol environments, the protocol can be ip, ipx, etc. The examples here all use IP. level The queue you are configuring: low, medium, normal, or high. port-type Either tcp or udp. port A port number. high-limit, medium-limit, normal-limit, low-limit When configuring queue sizes, the number of packets in the high, medium, normal, and low priority queues. The default number of packets for each queue is given in Table 17-17.
Example The following example creates priority list 1, which sends all IP packets to the medium priority queue. Next, all telnet packets (TCP packets with a destination port of 23) are assigned to the high priority queue. Finally, all other traffic (non-IP traffic) is assigned to the normal priority queue: priority-list 1 protocol ip medium priority-list 1 protocol ip high tcp 23 priority-list 1 default normal The next example changes the size of the queues in the priority list: priority-list 1 queue-list 30 20 15 10 |
privilege mode level level command no privilege mode level level command Configures Privilege level information Default Level 1 consists of all user EXEC commands; Level 15 consists of all enable commands Description The privilege level commands allow you to control access to a set of commands. The first of these commands, where you supply a mode and a command name, is used to set up a privilege level: a group of commands protected by a password. This is a global commandit is used outside of any context. Passwords for privilege levels are defined with the enable password command. mode The configuration mode to which the command belongs. exec is most common; configuration, controller, hub, interface, ipx-router, line, map-class, map-list, route-map, and router are also used. level A number from 0 to 15 indicating the level to which you're assigning the command. Each level is a superset of the previous levels; for example, level 13 automatically includes all the commands for levels 0 through 12. command The command that you are assigning to a level. Example The first command in the following configuration assigns the clear command to privilege level 14. The password guessme is assigned to privilege level 14, requiring users to give this password before they can execute any of the clear commands. Since the other enable commands are assigned to level 15, users who know this password are not necessarily allowed to make general changes to the router's configuration; without the enable password, they can give only the clear commands (and any other commands that belong to level 14). Next, we make privilege level 14 the default privilege level for the aux 0 port. This means that anyone who can access the aux 0 port and knows the password guessme can give the clear command and any other level 14 commands defined. ! assign the clear command to level 14 privilege exec level 14 clear ! set the password for level 14 to guessme enable password level 14 guessme ! ! configure the default level for the aux port line aux 0 privilege level 14 |
privilege level level no privilege level Configures Privilege level information Default Level 1 consists of all user EXEC commands; Level 15 consists of all enable commands Description This form of the privilege command applies a privilege level to a line, and therefore must be used in the context of line configuration. Applying a privilege level to a line means that the given privilege level becomes the default level for the line; anyone who can access the line can run the commands in the default privilege level without giving the enable password. See also privilege level (global). level A number from 1 to 15 indicating the level to which you're assigning the command. Each level is a superset of the previous levels; for example, level 13 automatically includes all the commands for levels 1 through 12. |
prompt string no prompt string Configures The router prompt Default %h%p Description This command sets the prompt to the specified string. The string can have any combination of characters and escape sequences. The special characters are listed in Table 17-18. Use the no form of this command to set the system prompt to the default value.
|
pulse-time seconds no pulse-time seconds Configures The DTR signal pulse intervals Default 0 seconds Description This command sets the interval between the DTR pulsing signals, in seconds. When a line goes down, the DTR is held inactive for the duration of the pulse-time. |
pvc [name] vpi/vci [encap] no pvc [name] vpi/vci [encap] Configures ATM PVC Default None Description This command configures a Permanent Virtual Circuit (PVC) on an ATM interface. It isn't supported on all ATM hardware; more sophisticated ATM hardware tends to use the atm pvc command. name Optional. A name to be assigned to this PVC. vpi/vci The Virtual Path Identifier and the Virtual Channel Identifier, separated by a slash. If you omit the slash and the vci, it defaults to 0. If vci is 0, vpi cannot be 0, and vice versa. encap Optional. The type of encapsulation to use on the channel. Possible values are ilmi, qsaal, and smds. ilmi is used to set up a connection for the Integrated Local Management Interface, and is normally used with the VPI/VCI pair 0/16. qsaal sets up a PVC used for setting up and tearing down SVCs (switched virtual circuits), and is normally used with the VPI/VCI pair 0/5. smds is used only for SMDS networks. |
qos pre-classify no qos pre-classify Configures QoS Default Disabled Description This command enables QoS (Quality of Service) preclassification and is restricted to tunnel interfaces, virtual templates, and crypto maps. Applies only to IP packets. |
queue-limit size-in-packets no queue-limit size-in-packets Configures The DTR signal pulse intervals Default 64 packets on most platforms Description This command allows you to override the default queue size for a class. In WFQ (Weighted Fair Queuing), a queue is created for every class that is defined. If a queue is filled, tail-drop is used for further incoming packets unless WRED is configured (Weighted Random Early Detection). The default of 64 applies on all platforms except those with Versatile Interface Processors (VIPs), where the default is a calculation of bandwidth and buffer memory available. |
queue-list number protocol value queue-number [port-type port-number] queue-list number protocol value queue-number [list list-number] queue-list number interface interface queue-number queue-list number queue-number byte-count size-in-bytes queue-list number queue queue-number limit size-in-packets queue-list number default queue-number no queue-list number Configures Custom queuing Default None Description The queue-list commands define a custom queue list, which is a group of queues that can be used to configure the amount of bandwidth used by specific types of traffic. A custom queue is different from a priority queue in that a priority queue only allows you to set the relative priority of different traffic types. The queue-list byte-count command creates queues within the list and assigns each queue a transmission size. The default transmission size is 1,500 bytes. The queue-list queue command specifies the absolute size of a queue, in packets. The queue-list protocol command assigns traffic for a given protocol and port to one of the queues in a queue list; instead of specifying a protocol and port, you can specify an IP access list. The queue-list interface command assigns traffic arriving for a given interface to one of the queues; and the queue-list default command assigns all otherwise unassigned traffic to one of the queues. To use a queue list, it must be applied to an interface using the custom-queue-list command. When sending traffic out an interface, the router works through the queues in order, emptying each queue before moving to the next. Therefore, increasing the size of a queue increases the bandwidth that can be used by the traffic assigned to the queue. When assigning traffic to a queue, the router processes the queue-list statements in order. number A number identifying the queue list; it can be from 1 to 10. protocol value Specifies the protocol to be assigned to the queue. Valid protocols are ip, ipx, dlsw, etc. interface interface Used for establishing queuing priorities based on incoming interface for the packet. queue-number The queue within this list that is being described. port-type port-number A port type (tcp or udp) and port number; traffic for this port is assigned to a particular queue within the list. You can specify either a port number, or the name of a well-known port. list list-number An access list of an appropriate type for the given protocol. Traffic matching this access list is assigned to the specified queue. byte-count size-in-bytes Specifies the queue's transmission size, in bytes. The router works through the list of queues in order, taking size-in-bytes bytes of traffic from each queue before proceeding to the next. Therefore, a larger queue size assigns more bandwidth to the protocols that are routed through this queue. limit size-in-packets An absolute maximum for the number of packets that can be waiting in the queue. Packets in excess of this limit are discarded. The default limit is 20 packets. Example The following commands create a custom queue list (list 5) and apply that queue list to the serial0 interface, where it is used to prioritize the traffic sent out that interface. The queue list consists of four queues with transmission sizes of 1,000, 4,000, 5,000, and 4,000 bytes. Therefore, queue 3 within the list is the highest priority and is allocated the most bandwidth; queue 1 is the lowest priority. Traffic is assigned to the queues as follows:
Note that the queue list is processed in order. Therefore, adding another traffic assignment statement after the queue-list default statement has no effect. The effect of this queue is to transmit 1,000 bytes from queue 1, then 4,000 from queue 2, then 5,000 from queue 3, then 4,000 from queue 4, and so on, in round-robin fashion. Even though queue 1 has the lowest priority, it is guaranteed some bandwidth during each queue-processing cycle. In this respect, a custom queue is unlike a priority queue, which always sends the highest-priority packets first and may therefore starve low-priority traffic. interface serial0 ! apply the custom queue list custom-queue-list 5 ! ! Define the custom queue list queue-list 5 protocol ip 1 tcp telnet queue-list 5 protocol ip 2 list 10 queue-list 5 interface tunnel1 3 queue-list 5 protocol ip 4 queue-list 5 default 4 queue-list 5 queue 1 byte-count 1000 queue-list 5 queue 2 byte-count 4000 queue-list 5 queue 3 byte-count 5000 queue-list 5 queue 4 byte-count 4000 |
radius-server host {hostname | ip-address} no radius-server host {hostname | ip-address} radius-server key string no radius-server key string radius-server retransmit retries no radius-server retransmit retries radius-server timeout seconds no radius-server timeout seconds Configures Radius server Default None Description This set of commands is used to specify a radius server that the router will use for authentication. The radius-server host command allows you to specify which radius server to use, either by hostname or IP address. You can define more than one radius server; the router attempts to contact the servers in the order that you specify. The radius-server key command specifies the encryption string to be used for communication with the radius server. Obviously, this string must match the setting on the radius server. If you use multiple servers, they must all share the same key. The retransmit and timeout forms of this command specify the number of times the router searches the list of radius servers before giving up, and the amount of time that it will wait for any given server to reply before retrying. |
random-detect [dscp-based | prec-based] no random-detect number Configures Weighted Random Early Detection (WRED) Default Disabled Description This command enables WRED on an interface. The options dscp-based and prec-based tell WRED which packet characteristic to use to calculate drop probability. If you don't select either one, the default is used (IP precedence). dscp-based Optional. Tells WRED to use the packet's DSCP value to calculate drop probability. prec-based Optional/Default. Tells WRED to use the packet's IP precedence value to calculate drop probability. |
random-detect discard-class class-value min-threshold max-threshold mark- denominator no random-detect discard-class class-value min-threshold max-threshold mark-denominator Configures Weighted Random Early Detection (WRED) Default None Description This command defines the packet thresholds based on the discard class value of a packet. class-value The discard class value, from 0 to 7. min-threshold The minimum threshold in number of packets, from 1 to 4,096. If the minimum threshold is reached, WRED randomly drops some packets with the specified IP precedence. max-threshold The maximum threshold in number of packets, from 1 to 4,096. When the threshold is reached, WRED drops all packets with the specified IP precedence. mark-denominator Denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. The default is 10, which means that 1 out of every 10 packets is dropped at the maximum threshold. |
random-detect discard-class-based no random-detect discard-class-based Configures Weighted Random Early Detection (WRED) Default None Description This command configures WRED to work based on the discard class of packets. |
random-detect dscp dscp-value min-threshold max-threshold mark-denominator no random-detect dscp dscp-value min-threshold max-threshold mark-denominator Configures Weighted Random Early Detection (WRED) Default None Description This command defines the packet thresholds based on the distributed services code point (DSCP) class value of a packet. dscp-value The DSCP value, from 0 to 7. min-threshold The minimum threshold in number of packets, from 1 to 4,096. If the minimum threshold is reached, WRED randomly drops some packets with the specified IP precedence. max-threshold The maximum threshold in number of packets, from 1 to 4,096. When the threshold is reached, WRED drops all packets with the specified IP precedence. mark-denominator Denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. The default is 10, which means that 1 out of every 10 packets is dropped at the maximum threshold. |
random-detect ecn no random-detect ecn Configures Weighted Random Early Detection (WRED) Default Disabled Description This command enables explicit congestion notification (ECN). |
random-detect exponential-weighting-constant value no random-detect exponential-weighting-constant Configures Weighted Random Early Detection (WRED) Default 9 Description This command allows you to change the value of the exponential weight factor, which is used in the average queue size calculation, from 1 to 16. |
random-detect flow no random-detect flow random-detect flow average-depth-factor scaling-factor no random-detect flow average-depth-factor scaling-factor random-detect flow count number no random-detect flow count number Configures Weighted Random Early Detection (WRED) Default Disabled Description The command random-detect flow enables flow-based WRED on an interface. To configure the characteristics of flow-based WRED, use the average-depth-factor and flow-count commands. random-detect flow average-depth-factor configures the multiplier used in determining the average depth factor for flow-based WRED. The scaling-factor can be a value from 1 to 16. The default is 4. random-detect flow count configures the flow count for flow-based WRED. The number can be from 16 to 32,768. The default is 256. |
rate-limit {input | output} { bps | access-group acl | [rate-limit] rate-limit-acl] dscp dscp-value | qos-group qos-group-number} burst-normal burst-max conform-action action exceed-action action no rate-limit {input | output} { bps | access-group acl | [rate-limit] rate-limit-acl] dscp dscp-value | qos-group qos-group-number} burst-normal burst-max conform-action action exceed-action action Configures Committed Access Rate (CAR) Default Disabled Description This command configures a CAR (Committed Access Rate) policy on an interface. Multiple policies can be implemented on a single interface by repeating this command. input Applies the CAR policy to incoming packets on this interface. output Applies the CAR policy to outgoing packets on this interface. bps Defines the average rate in bits per second (bps). The value must be defined in increments of 8 Kbps and can be from 8,000 to 2,000,000,000. access-group Optional. Applies this CAR policy to the specified access list. Value can be 1 to 2,699. rate-limit Optional. Sets the access-list as a rate-limit access-list. The value can be from 0 to 99. dscp Optional. Applies the rate limit to packets that match this DSCP value. The value can be from 0 to 63. qos-group Optional. Applies the rate limit to any packet that matches the qos-group number. The value can be from 0 to 99. burst-normal Normal burst size in bytes. The minimum is the bps value divided by 2,000. This value can be from 1,000 to 512,000,000. burst-max Excess burst size in bytes. The number can be from 2,000 to 1,024,000,000. Cisco recommends a value of twice the normal burst. conform-action The action to take on packets that conform to the rate limit (see Table 17-19 for valid actions). exceed-action The action to take on packets that exceed the rate limit (see Table 17-19).
See Chapter 11 for more details. |
redistribute {protocol | static} [metric value] [metric-type type] [route-map map] [weight weight] [subnets] no redistribute protocol Configures Redistribution of routes between protocols Default Disabled Description This command allows you to redistribute routes from one routing protocol to another. It also allows you to redistribute static routes into a routing protocol. Some protocols require you to specify a default metric that will be assigned to external routes. See the default-metric command and Chapters 8 and 9 for more information. protocol This is the protocol from which routes are redistributed. If a process ID or local AS is required for the protocol, you must provide that as well. Possible values are bgp, igrp, eigrp, isis, ospf, and rip. You can also redistribute static routes. metric value Optional. This keyword sets the metric value for the redistributed route. If you don't have a value defined here, the router uses the default metric as defined in the default-metric command. For most redistribution, you must define a default metric. Exceptions to this rule are static routes and IGRP to EIGRP redistribution. metric-type type Optional. This keyword applies to OSPF and IS-IS only. For OSPF, this allows you to assign two possible metric type values: 1 (Type 1 external route) and 2 (Type 2 external route). The default type for OSPF is Type 2. For IS-IS, the options are internal (the metric is less than 63) and external (the metric is greater than 63 but less than 128). The default metric type for IS-IS is internal. route-map map Optional. This keyword allows you to apply a route-map filter to the routes before they are redistributed into the protocol. weight weight Optional. This keyword is for BGP only; it allows you to assign a BGP weight to the redistributed route. subnets Optional. Used for redistributing routes into OSPF. When this keyword is used, it causes OSPF to accept all subnet routes. Without this keyword, OSPF only redistributes routes that are not subnets. Example The following example shows redistribution into OSPF of both EIGRP and RIP routes. For EIGRP, we are redistributing routes from eigrp 1001 and assigning a metric of 100. The subnets keyword tells OSPF to redistribute all subnet routes. As for RIP, we are assigning a much higher metric of 200 to its routes. router ospf 1000 redistribute eigrp 1001 metric 100 subnets redistribute rip metric 200 subnets When you don't use the metric command in the redistribute line, you must have a default-metric statement defined (except for static route redistribution). router rip redistribute eigrp 1002 default-metric 10 |
refuse-message delimiter message delimiter no refuse-message Configures The message the user receives when a connection is busy. Default None Description This command defines the message that is displayed when the user attempts to connect a line that is already in use. delimiter is a character that marks the beginning and end of the message; it must not appear within the message itself. Example In this example, the user is told that the line is busy and to try another one: line 1 refuse-message # This line is currently busy, please try lines 2-8 # To disable this message, delete it with the no form of this command: line 1 no refuse-message |
reload [warm] [in hh:mm] [at hh:mm [month day] [cancel] [text] show reload Description This command causes the router to reload the IOS operating system and reboot. You can specify a time for the reload to occur by using the in and at options. The show version of the command gives you the status of any pending reloads. text The reason for the reload; this reason is stored in memory and is used for a show reload command, sending warning messages, or sending messages to syslog servers. in hh:mm Tells the router to reload some time from now. For example, to start a reload in two hours, enter in 2:00. at hh:mm month day Tells the router to reload at a specific time (hh:mm). Optionally, you can specify a month and a day of the month, but the reboot must occur within 24 days. cancel Cancels a scheduled reload. warm This keyword was added in IOS 12.3(2). It allows the user to reload the router without reloading the IOS images. Since the image software is not reloaded, boot time is significantly decreased. This command can be helpful when you are configuring a router remotely. One problem with working remotely is that if you make a mistake, you can kill your connection to the router, which may leave the router in a state that doesn't allow you to reconnect. Use this command before executing "dangerous" configuration commands remotely. If you make a mistake and haven't saved the configuration, the router will reboot and return to the previous configuration. If you don't make a mistake and your changes work, you can simply cancel the impending reload. Example Router#reload in 2:00 "IOS upgrade" Router#reload cancel Router#show reload No reload is scheduled. |
rename current-name new-name Description This command allows you to rename a file from current-name to new-name in a Class C filesystem. |
ring-speed {4 | 16} no ring-speed {4 | 16} Configures Token ring interface default speed Default 16 Mbps Description This command sets the speed for a token ring interface to either 4 or 16 Mbps. The default speed is 16 Mbps. Be sure to set the correct speed; specifying an incorrect speed on a token ring interface will cause the ring to go down. |
rlogin hostname Description This command allows you to log into the remote machine given by hostname. You can specify either a hostname or an IP address. rlogin stands for remote login, which follows the remote shell rules. If this command doesn't work, try telnet. |
rmdir directory Description This command allows you to remove a directory from a Class C filesystem. |
route-map tag-name [permit | deny] [sequence-number] no route-map tag-name [permit | deny] [sequence-number] Configures A route map for route redistribution or policy routing Default None Description A route map is a very flexible mechanism for specifying what to do with routes. A route map lets you match certain routes and set various parameters of the matching routes. The route-map command merely defines the list; the match command specifies which routes the map should match (something like an access list); and a number of set commands specify what to do with the matching routes. A route map is identified by a name (tag-name); any number of route-map commands can share the same name. route-map commands with the same name are processed in the order given by the sequence-number. Although most route processing is specified by the set commands associated with the map, the permit and deny keywords can be used to specify some very simple processing. permit is the default; it means that normal route processing (as specified by the set commands) takes place for all routes that match the map. Processing continues with other route maps that share the same sequence number. The deny keyword specifies that if a match occurs, the route is not distributed and no further processing of other route maps takes place. To delete a route map, use the no form of the command. Note that if you omit the sequence-number, this command deletes all maps matching the given tag-name. tag-name An identifying name. permit Optional. Specifies that normal route processing should occur when a route matches the map. deny Optional. Specifies that routes matching the map should not be propagated and that no further processing should occur. sequence-number A sequence number that indicates the order in which route maps sharing the same name are processed. Example The following commands define a route map named check with a sequence number of 10. The match command selects the routes that match the map; it refers to community list 1, which specifies routes that include community 100. The set command sets the weight of any route matching this community list to 10. route-map check permit 10 match community 1 set weight 10 ip community-list 1 permit 100 |
RIP: router rip no router rip BGP: router bgp as-number no router bgp as-number EIGRP: router eigrp as-system no router eigrp as-system IGRP: router igrp as-system no router igrp as-system IS-IS: router isis [tag] no router isis [tag] OSPF: router ospf as-system no router ospf as-system Configures Enters the routing configuration mode Default None Description This command starts the configuration of a routing process: it identifies the routing protocol you want to run and other parameters necessary for the routing protocol. The RIP protocol doesn't require additional parameters; BGP requires an AS number; EIGRP, IGRP, and OSPF require process numbers (commonly called AS numbers); and IS-IS can optionally have a tag that defines a name for the routing process. Example ! Configure our rip process router rip network 10.0.0.0 |
rsh host [/user username] command-to-execute Description This command executes a command on a remote host via a remote shell. host The hostname of the machine on which to execute the command. /user username The username to use when executing the command. command-to-execute The command to be executed. Example The following command executes the command ls on a machine named sun-machine as user bob. rsh sun-machine /user bob ls |
rxspeed speed no rxspeed Configures Receive speed Default 9,600 bps Description This command sets the receive speed for this line to speed, in bits per second. |
send {line-number | * | aux n | console n | tty n | vty n} message Description This command sends a message immediately to one or more terminals. It is not stored in the router's configuration. line-number The line number to which to send the message. * Sends the message to all TTY lines. aux n The AUX port to which to send the message. tty n The TTY port to which to send the message. vty n The VTY port to which to send the message. console n The console line to which to send the message. message The message you wish to send. It may span multiple lines, and must be terminated with Ctrl-Z on a line by itself. Example The following commands send a message to all TTY lines: Routersend * Enter message, end with CTRL/Z; abort with CTRL/C: REBOOTING Router in ten minutes for an emergency repair! ^Z Send message? [confirm]y Router *** *** *** Message from tty19 to all terminals: *** REBOOTING router in ten minutes for an emergency repair! |
service service no service service Configures Service level items Default Depends on the service Description The service command disables or enables certain router features. These features range from minor TCP/IP servers to the router's callback behavior. The services controlled by this command are: config Enables autoloading configuration files from a server. This command is required for boot network commands to work. exec-callback Enables the callback feature for clients. A callback tells the router to authenticate a dial-in user, disconnect, and then call the user back at a prearranged number. See Chapter 12 for more information. exec-wait Delays the display of the prompt. finger Allows finger requests to be made to the router (i.e., enables a finger server). For IOS 12.0 and later, this has been superseded by ip finger. hide-telnet-address Hides the IP address of the destination host when a telnet command is issued. When a user executes a telnet command at the EXEC prompt, the IP address of the destination machine is usually displayed with a message like "Trying machinename (10.10.1.4)." nagle Enables the Nagle congestion control algorithm. password-encryption Enables password encryption. By default, password encryption is enabled. prompt config Enables the display of the (config) prompt when in the configuration mode. tcp-keepalives-in Enables TCP keepalives on incoming connections (connections initiated by remote hosts). tcp-keepalives-out Enables TCP keepalives on outgoing connections (connections initiated by the router). tcp-small-servers Enables servers for the so-called "small TCP services" (the echo, discard, chargen, and daytime protocols). By default, these services are disabled as of IOS 11.2 and later. telnet-zeroidle When enabled, this feature tells the router to set the packet window to zero when a telnet connection is idle. udp-small-servers Enables servers for the small UDP services (echo, discard, and chargen). By default, these services are disabled as of IOS 11.2 and later. |
service compress-config no service compress-config Configures Compression of configurations in memory Default Disabled Description This command lets you compress the configuration file; this feature is available only on high-end routers (5000, 6000, and 7500 series). To disable compression, use the no form of the command. |
service linenumber no service linenumber Configures Line number display Default Disabled Description This command configures the router to display the line number, line location, and hostname after the incoming banner. |
service-module 56k parameters no service-module 56k parameters Configures Internal 56k (DS0) CSU/DSU Default Depends on the command Description The service-module commands are for routers that have 56k CSU/DSU modules built into them. These commands set various options on the internal CSU/DSU. The parameters that can be configured are: clock rate speed Configures the line speed for a four-wire 56k line. The valid speeds are 2.4, 4.8, 9.6, 19.2, 38.4, 56, and 64. The default is 56. clock source {line | internal} By default, the clock source is the line, which is provided by the carrier. This command allows you to switch to the internal clock source on the module. data-coding {normal | scrambled} normal data coding is the default behavior for service modules. scrambled data coding should be used only on lines configured for 64 Kbps. Both ends of the link must use the same data coding. network-type {dds | switched} Determines whether the line is configured for DDS (unswitched) or switched service. dds is the default for four-wire service; switched is the default for two-wire service. remote-loopback By default, the service module accepts remote-loopback commands from the remote CSU/DSU. To disable remote loopback, use the no form. switched-carrier {att | sprint | other} The switched-carrier setting must be appropriate for your 56k provider. att is the default on four-wire CSU/DSUs; sprint is the default on two-wire CSU/DSUs. This command can be used only if the network-type is set to switched. |
service-module t1 parameters no service-module t1 parameters Configures Internal T1 CSU/DSU Default Depends on the command Description The service-module commands are for routers that have T1 CSU/DSU modules built into them. These commands set various options on the internal CSU/DSU. The parameters that can be configured are: clock source {internal | line} By default, the clock source for a T1 CSU/DSU is the line, which is provided by the carrier. This command allows you to switch to the internal clock source on the module. data-coding {inverted | normal} By default, the data coding is set to normal. Setting the data coding to inverted instructs the module to convert all 1s to 0s and all 0s to 1s. If the data coding is inverted on one end of the line, the other end must also be inverted or the connection will fail. framing {esf | sf} This command sets the framing type for the T1 module, which can be esf (Extended Superframe) or sf (Superframe). The default framing type for a T1 module is ESF. lbo {-15 db | -7.5 db | none} This command sets the line build-out value. -15 db decreases the outgoing signal by 15 decibels; -7.5 db decreases it by 7.5 decibels. Your provider will know what the build-out should be for your link. The default is no build-out (none) on the outgoing signal. linecode {ami | b8zs} By default, the line encoding is set to b8zs. It can be changed to ami with this command. Your service carrier provides the T1 linecode type. remote-alarm-enable This command allows the generation and detection of remote alarms on the T1 line. All alarms are disabled by default. remote-loopback {full | payload} By default, the service module accepts full and payload remote-loopback commands from the remote CSU/DSU. The no form of this command allows you to disable this behavior. timeslots {all | range} [speed 56|64] This command defines the timeslots that make up a fractional T1 line. The keyword all includes all the timeslots; to specify a subset of the available timeslots (i.e., fractional T1), use a range of numbers between 1 and 24 (for example, 1-3,7 for timeslots 1, 2, 3, and 7). The optional speed parameter defines the timeslot speed, which can be 56 or 64. The default is all timeslots operating at 64 Kbps. |
service-policy {input | output} policy-map-name no service-policy {input | output} policy-map-name Configures policymap Default None Description This command attaches a policy map to an interface or Virtual Circuit (VC). Use the input or output keyword to apply the policy map to the input or output traffic on an interface. Example interface serial 1/1 service-policy output policy1 |
policy-map-name no service-policy policy-map-name Configures policy map Default None Description This command attaches a policy map directly to a class. Example policy-map classes-def class gold bandwidth percent 50 class silver bandwidth percent 30 class bronze bandwidth percent 10 ! policy-map map1 class customer1 shape average 38400 service-policy classes-def |
service timestamps {log | debug} [uptime] service timestamps {log | debug} datetime [msec] [localtime] [show-timezone] no service timestamps {log | debug} Configures Timestamps on log messages Default No timestamps Description This command forces timestamps on logging or debugging messages. uptime is the default if no options are specified. log Applies timestamps to logging messages. debug Applies timestamps to debugging messages. uptime Optional. The time is calculated since the router was started. datetime Uses the actual clock time. msec Optional. Displays the millisecond value in the timestamp. localtime Optional. Timestamps are relative to the local time zone. show-timezone Optional. Displays the time zone value in the timestamp. |
session-limit number no session-limit Configures Maximum sessions per line Default Depends on the hardware; show terminal shows you the default for your device Description This command sets the maximum number of terminal sessions per line. |
session-timeout minutes [output] no session-timeout Configures Minutes before a session on the line times out Default 0 (never times out) Description This command sets the interval that the router waits for traffic before closing the connection, i.e., the amount of time the line can be idle. The timeout period is specified in minutes. The output keyword tells the router to use both input and output traffic to reset the counters. If you omit this keyword, only the input traffic on the line causes a counter reset. |
set as-path {tag | prepend as-path-string} no set as-path {tag | prepend as-path-srting} Configures Properties of routes matching a route map Default None Description Route maps let you select routes based on certain criteria and modify the properties of those routes using one or more set commands. This command allows you to modify the autonomous system path for BGP routes that match the route map's criteria. (To define a route map, use the route-map command; to specify a route map's matching criteria, use the match command.) The set as-path command has the following arguments: tag When redistributing routes into BGP, converts the tag of the route directly into an autonomous system (AS) path. prepend as-path-string Adds the as-path-string to the beginning of any AS path. Example In this example, we create a route map called test-as-path. Inside the map, we match any AS path list with the number 1. We then use the set as-path command to prepend our local autonomous system (300) to all routes advertised to our neighbor (10.10.1.1). route-map test-as-path match as-path 1 set as-path prepend 300 ! ip as-path access-list 1 permit .* ! router bgp 300 neighbor 10.10.1.1 route-map test-as-path out |
set atm-clp no set atm-clp Configures QoS setting within a policy map class Default CLP is 0 Description This command sets the cell loss priority (CLP) bit within a policy map class. Example class-map ip-precedence-is-zero match ip precedence 0 ! policy-map set-atm-clp class ip-precedence-is-zero set atm-clp |
set automatic-tag no set automatic-tag Configures Properties of routes matching a route map Default None Description This command causes automatic tag calculation for a learned route that is matched by a route map. |
set community {community-number [additive]} | none no set community {community-number [additive]} | none Configures Properties of routes matching a route map Default None Description This command sets the BGP community for a route matched by the route map. community-number The community number to use; its value can be a number from 1 to 4,294,967,200, or the predefined communities of no-export or no-advertise. additive Optional. Causes the new community to be added to any communities that the route already belongs to. none Optional. Removes all community attributes from the route. |
set cos cos-value no set cos cos-value Configures QoS setting within a policy map class Default None Description This command sets the layer-2 class of service (CoS) value of a packet within a policy map class. cos-value The CoS value to use, from 0 to 7. Example policy-map map1 class voice set cos 1 |
set default interface interface [... interface] no set default interface interface [... interface] Configures Properties of routes matching a route map Default None Description This command sets the output interface for destinations that match the criteria in the route map if there is no explicit route to the destination. In other words, if the route is matched by this route map and has no explicit destination, this command can tell it which interface to use as a default route. This allows you to have different default routes for different hosts or networks. You may list any number of interfaces; if the first interface in the list is down, the next is tried, and so on. This command should be used in conjunction with the ip policy route-map command. Example The following commands establish a route map named policy-one for policy-based routing. This map takes all packets for the destinations matched by access list 1 (i.e., all destinations that match 10.1.0.0/16) and sends them out through interface serial0. interface ethernet0 ip policy route-map policy-one ip address 10.1.1.1 255.255.255.0 ! ! this access-list is for the match ip command below access-list 1 permit 10.1.0.0 0.0.255.255 ! route-map policy-one match ip address 1 set default interface serial0 |
set discard-class value no set discard-class value Configures QoS setting within a policy map class Default 0 Description This command marks a packet with the specified discard value within a policy map class. The value can be a number from 0 to 7. Example policy-map map1 class voice set discard-class 2 |
set dscp value no set dscp value Configures QoS setting within a policy map class Default None Description This command marks a packet with the DSCP (differentiated services code point) value within a policy map class. The value can be from 0 to 63. Example policy-map map1 class class1 set dscp 15 |
set fr-de no set fr-de Configures QoS setting within a policy map class Default Bit is set to zero (0) Description This command sets the discard eligible (DE) bit for a frame relay packet within a policy map class. Example policy-map map1 class class1 set fr-de |
set interface interface [... interface] no set interface interface [... interface] Configures Properties of routes matching a route map Default None Description This command is similar to the set default interface command. It differs in that the interface specified in this command is always used regardless of any other routing information: it can't be overridden by an explicit route to the destination. This command should be used in conjunction with the ip policy route-map command. |
set ip default next-hop ip-address [... ip-address] no set ip default next-hop ip-address [... ip-address] Configures Properties of routes matching a route map Default None Description This command sets the next-hop address for an incoming packet if there is no explicit route for the packet already. This command should be used in conjunction with the ip policy route-map command. The IP address does not have to be an address that is adjacent to the router. |
set ip next-hop ip address [... ip address] no set ip next-hop ip address [... ip address] Configures Properties of routes matching a route map Default None Description This command sets the next-hop address for an incoming packet regardless of any explicit route for the packet. It is similar to the set ip default next-hop command except that a next-hop address specified with this command cannot be overridden by an explicit route. This command should be used in conjunction with the ip policy route-map command. The IP address does not have to be an address that is adjacent to the router. |
set ip precedence qos no set ip precedence Configures The precedence bits in the IP header Default Disabled Description This command sets the Quality of Service bits in the IP header. The Quality of Service value, qos, can be specified either by number or by name. Table 17-20 lists the valid number and names that can be used.
|
set ip tos [value] no set ip tos Configures Properties of routes matching a route map Default Disabled Description This command sets the Type of Service (ToS) for a packet that matches the route map. The value is a number from 0 to 15. |
set level {level-1 | level-2 | level-1-2 | stub-area | backbone} no set level {level-1 | level-2 | level-1-2 | stub-area | backbone} Configures Properties of routes matching a route map Default backbone for OSPF; level-2 for IS-IS Description This command sets the level into which routes that match the route map are imported. level-1 Imports into level-1 area. level-2 Imports into level-2 subdomain. level-1-2 Imports into both level-1 and level-2. stub-area Imports into the OSPF NSSA area. backbone Imports into the OSPF backbone area. |
set local-preference value no set local-preference value Configures Properties of routes matching a route map Default 100 Description This command sets the preference value for routes that match the map. In BGP, the preference influences route selection. |
set metric metric-value no set metric metric-value set metric bandwidth delay reliability loading mtu no set metric bandwidth delay reliability loading mtu Configures Properties of routes matching a route map Default The default metric for the routing protocol Description This command sets the metric value for a matching route. The first form of the command (with a single metric-value parameter) is used for most routing protocols; the metric value must be appropriate for the protocol's routing metric. For IGRP and EIGRP, you must use the second form of the command with five parameters: bandwidth The bandwidth of the route in kilobits per second. The value can be from 0 to 4,294,967,295. delay The route delay in tens of microseconds. The value can be from 0 to 4,294,967,295. reliability A value from 0 to 255. 0 indicates total unreliability; 255 indicates complete reliability. loading A value from 0 to 255. 0 means no load; 255 means 100% loaded. mtu The smallest MTU for any link in the route, in bytes. The value can be from 0 to 4,294,967,295. |
set metric-type {internal | external | type-1 | type-2} no set metric-type {internal | external | type-1 | type-2} Configures Properties of routes matching a route map Default Disabled Description This command sets the metric type used for routes that match the map. The metric type is used by the OSPF and IS-IS protocols. internal IS-IS internal metric. external IS-IS external metric. type-1 OSPF external type 1 metric. type-2 OSPF external type 2 metric. |
set metric-type internal no set metric-type internal Configures Properties of routes matching a route map Default Disabled Description This command is for BGP routing. It causes the MED value for all advertised routes that match the route map to be set to the corresponding interior routing protocol metric of the next hop. |
set mpls-label no set mpls-label Configures Properties of a route map Default Disabled Description This command enables a route to be distributed with an MPLS label if it matches the conditions in the route map. |
set origin {igp | egp as-system | incomplete} no set origin {igp | egp as-system | incomplete} Configures Properties of routes matching a route map Default The default origin value Description This command sets the BGP origin code for the matched route. The possible origins are: igp The route was learned from an interior routing protocol. egp as-system The route was learned from an exterior routing protocol with the given autonomous system number. incomplete The origin of the route is unknown. |
set ospf router-id no set ospf router-id Configures Properties of a route map Default Disabled Description This command allows the router to set a separate OSPF ID for each interface on a provider edge. |
set-overload-bit no set-overload-bit Configures The overload bit for IS-IS routing Default Disabled Description This command sets the overload bit, which tells other routers not to use it as the intermediate hop in the shortest path first (SPF) calculation. |
set precedence value no set precedence value Configures QoS setting within a policy map class Default Disabled Description This command sets the precedence value, from 0 to 7, of packets that match the policy map class. Example policy-map map1 class class1 set precedence 7 |
set qos-group group-id no set qos-group group-id Configures QoS setting within a policy map class Default None Description This command sets the quality of service group identifier of packets that match the policy map class. The group-id can be any number from 0 to 99. Example policy-map map1 class class1 set qos-group 1 |
set tag value no set tag value Configures Properties of routes matching a route map Default The route's tag is passed directly into the new routing protocol Description This command sets the matched route's tag value. The value can be from 0 through 4,294,967,295. |
setup Description This command places the router in setup configuration mode. In this mode, the router asks a series of questions; the answers allow the router to build a basic configuration. You must be in enable mode to run this command. Example Here is the beginning of the system configuration dialog: ROUTER#setup --- System Configuration Dialog --- Continue with configuration dialog? [yes/no]: yes At any point you may enter a question mark '?' for help. Use ctrl-c to abort configuration dialog at any prompt. Default settings are in square brackets '[]'. First, would you like to see the current interface summary? [yes]: n Configuring global parameters: Enter host name [ROUTER]: myrouter The enable secret is a password used to protect access to privileged EXEC and configuration modes. This password, after entered, becomes encrypted in the configuration. Enter enable secret: |
set weight value no set weight value Configures Properties of routes matching a route map Default The default weight value Description This command sets the BGP weight value for a matched route. The weight value can be 0 through 65,535. |
shape {average | peak} cir [burst-committed burst-excess] no shape {average | peak} cir [burst-committed burst-excess] shape {average | peak} percent percent-value [burst-committed burst-excess] no shape {average | peak} percent percent-value [burst-committed burst-excess] Configures traffic shaping Default None Description This command allows you to configure traffic shaping for a policy-map class. You can specify either the committed information rate (CIR) in bits per second or you can specify a percentage of the available bandwidth. average Specifies the average rate shaping. peak Specifies the peak rate shaping. cir Specifies the CIR in bits per second. percent Specifies the percentage of bandwidth to use. The value can be from 1 to 100. burst-committed Optional. Specifies the committed burst (bc) size in milliseconds. This value can be from 10 to 2,000. burst-excess Optional. Specifies the exceeded burst (be) size in milliseconds. This value can be from 10 to 2,000. Example This example configures traffic shaping using an average of the available bandwidth. We set the average rate to have a CIR of 50 percent, a committed burst (bc) of 400 milliseconds, and an exceeded burst (be) of 600 milliseconds. policy-map map1 class class1 shape average percent 50 400 600 |
show parameters Description The show commands are extremely helpful when configuring or debugging a router. Just about anything you want to know about the router's configuration or state can be found with a show command. Table 17-21 summarizes the common show commands.
|
shutdown no shutdown Description This command shuts down the interface: no packets will be routed to it and all routing protocols will be notified that the interface is unavailable. It is a common mistake for new users to configure the interface and forget to do a no shutdown. Example Use the following sequence of commands to reset an interface: Router(config)#interface serial0 Router(config)#shutdown Router(config)#no shutdown |
smt-queue-threshold number no smt-queue-threshold number Configures FDDI queue size Default The number of FDDI interfaces on the router Description This command sets the queue size for unprocessed FDDI station management frames (SMT) to number frames. |
snapshot client active-time quiet-time [suppress-statechange-updates] [dialer] no snapshot client active-time quiet-time [suppress-statechange-updates] [dialer] snapshot server active-time [dialer] no snapshot server active-time [dialer] Configures Snapshot routing Default Disabled Description Configures a client or a server router for snapshot routing. Snapshot routing is useful for dial-on-demand connections where you don't want routing updates to bring up the link but you still want to use a dynamic routing protocol (as opposed to static routes). When performing snapshot routing, the router alternates between active periods, when it contacts all the route servers and builds a snapshot route table, and quiet periods, when the snapshot route table is used and no route updates are performed. active-time Time in minutes during which routing updates are exchanged between client and server. The value can be from 5 to 100. quiet-time Time in minutes for which routing updates are suppressed after an active period. suppress-statechange-updates Optional. Disables routing updates during interface state changes. dialer Optional. Tells the router that it needs to dial the remote router. Example To configure a client for snapshot routing: interface dialer 1 snapshot client 2 100 suppress-statechange-updates dialer To configure a server for snapshot routing: interface dialer 1 snapshot server 2 |
no snmp-server Configures Disables SNMP Default Enabled Description This command, which is not part of the router's configuration, disables the router's SNMP agent. It exists only in the negative form. |
snmp-server chassis-id string no snmp-server chassis-id Configures A number to identify the device Default Certain high-end routers use their serial number as the default; otherwise, no default Description This command sets the value of the router's serial number to string. The chassis ID can be obtained via SNMP. This number is assigned by the user, and is not necessarily the serial number of the router. Example snmp-server chassis-id 123456789 |
snmp-server community string [view view-name] {ro | rw} [access-list] no snmp-server community string Configures SNMP community access strings Default Read-only access; community string public Description This command sets the community string for SNMPv1 protocol access. string The password for the SNMP access. view view-name Optional. view-name is the name of a view defined with the snmp-server view command. view defines which SNMP objects can be viewed with this SNMP community string. ro Defines the community string for read-only access. rw Defines the community string for read/write access. access-list Optional. The number of a standard access list. The community string defined with this command is usable only by hosts whose IP addresses match this access list. Example The following command defines the community string mystring, which allows read-only access from any IP address. snmp-server community mystring RO |
snmp-server contact text no snmp-server contact Configures SNMP agent Default None Description This command sets the value of the SNMP contact string (system.sysContact). It has no effect on the router's behavior. You can provide any text, but by convention, you should include contact information for the person responsible for administering the router. |
snmp-server enable traps [type] [option] no snmp-server enable traps [type] [option] Configures SNMP agent; trap behavior Default Disabled; with no arguments, this command enables all traps Description This command enables SNMP traps. Traps are unsolicited messages from the router to the management stations. Usually, traps notify the management station of an event or error. At least one trap recipient must be defined (using the snmp-server host command) before any traps are generated. type Optional. This command allows you to enable or disable a specific trap type. Valid trap types are shown in Table 17-22. option Any options that are valid for the trap type. Most trap types do not have any options; the exceptions are atm pvc, envmon, isdn, and repeater. Table 17-22, the list of trap types, is a puzzle. Cisco's documentation shows similar but different lists of trap types for this command and snmp-server host. Since the commands are used together, there's no reason why the two trap lists should be different. It would be easy to write this off as mistaken documentation, but a check on some routers reveals that the built-in help for these commands also shows different trap lists. Table 17-22 lists all the traps, regardless of which command accepts them as arguments; it indicates whether a trap is documented for snmp-server enable traps, snmp-server host, or both. Use it in good health. Fortunately, the traps for which there is disagreement correspond to fairly exotic features that aren't on all routers.
|
snmp-server engine-id local string no snmp-server engine-id Configures SNMP Version 3 Default None Description This command sets the ID of the router's SNMP engine to string. The engine ID is used by SNMP Version 3 when it computes various cryptographic keys. This book doesn't cover SNMPv3 configuration, so there isn't a lot to say about the engine ID. However, if you have configured SNMPv3, it is important to know that changing the engine ID has many side effects, including invalidating the authentication information for all SNMP users. The ID string is 24 characters long. If you do not specify the entire 24 characters, it will be padded with zeros on the right. |
snmp-server group [name access] [mode view] [access access-list] no snmp-server group Configures SNMP Default No groups defined Description This command allows you to associate one or more views (defined by the snmp-server view command) in a group for the purpose of controlling access to the data objects included in the view. name access The name of the group, followed by the type of access allowed to the group. The name is any string; possible values for access are listed in Table 17-23.
mode view The mode in which access is granted, followed by the name of the view to which the privileges apply. mode may be either read (read-only access), write (write-only access), or notify (access to traps and notifications). Cisco recommends against using the notify option; use the snmp-server host command to control trap destinations. In one command, you can specify a read view, a write view, and a notify view. If you don't specify any views, the router generates a group that contains a read-only view of the entire Internet (1.3.6.1) object tree. access access-list An access list that controls access to the group. If you're using SNMPv3, you must also use the snmp-server user command to define users and their cryptographic keys. |
snmp-server host hostname [version {1 | 2c}] community [udp-port port] trap- type no snmp-server host hostname Configures SNMP agent; trap behavior Default Disabled Description This command defines which host should receive SNMP traps. hostname The hostname or IP address of the host that should receive traps. version n The version of SNMP to use (1 or 2c). community The SNMP community string to use when sending traps to this host. udp-port port The UDP port to use. Default is 162. trap-type Optional. Specifies which types of traps are sent to this host. If no trap type is specified, all traps are sent to this host. Possible values are listed in Table 17-22, under the command snmp-server enable traps. Example snmp-server enable traps snmp-server host myhost.xyz.com public |
snmp-server location text no snmp-server location Configures SNMP agent Default None Description This command sets the SNMP location string (system.sysLocation). It has no effect on the router's behavior. This can be any text, but it should represent the router's physical location. |
snmp-server packetsize size no snmp-server packetsize size Configures SNMP agent Default 1,500 bytes Description This command controls the maximum packet size for SNMP. The size can be 484 to 8,192 bytes. |
snmp-server queue-length length no snmp-server queue-length length Configures SNMP message queue length Default 10 traps Description This command specifies the number of SNMP trap packets that can be held for each trap destination before the queue is cleared. |
snmp-server system-shutdown no snmp-server system-shutdown Configures SNMP agent Default Disabled Description This command enables or disables the SNMP remote reload feature, which allows a remote host with the SNMP read/write community string to reboot the router. The no form of this command disables this feature. |
snmp-server tftp-server-list access-list no snmp-server tftp-server-list Configures SNMP agent Default Disabled Description This command allows an access list to be applied to SNMP TFTP server tasks, which include loading and saving of configuration files. |
snmp-server trap-source interface no snmp-server trap-source Configures SNMP agent; trap behavior Default The router uses the closest interface to the destination Description This command specifies the interface (and consequently the IP address) that should be used to send SNMP traps. If you have a separate network for management tasks (a good idea), you can use this command to ensure that traps are sent only over the management network. Example The following command tells the router that all SNMP traps should be sent via the ethernet0 interface: snmp-server trap -source ethernet0 |
snmp-server trap-timeout seconds no snmp-server trap-timeout seconds Configures Time to keep an SNMP trap in the queue Default 30 seconds Description If the device wants to send a trap to a host that is unavailable, the device puts the trap in a queue. This command states how long the packet will remain in the queue before timing out and being retransmitted. |
snmp-server user name group version [encrypted] [auth hash auth-pwd [priv des56 priv-pwd]] [access access-list] no snmp-server user name Configures SNMP users Default None Description This command defines SNMP users, associates them with a group (which in turn defines the information they're allowed to view), and specifies encryption requirements together with the appropriate passwords. name The name of the user you are defining. group The SNMP group the user is associated with. version The version of SNMP that is in use. Possible values are v1, v2c, and v3; v3 is the only version that supports encryption. encrypted If this keyword is present, the auth-pwd and priv-pwd passwords are present as an MD5 hash rather than in plain text. auth hash auth-pwd SNMPv3 only. Configures an authentication key for the user. hash is the name of the hashing algorithm used to create the key; possibilities are md5 and sha. auth-pwd is the actual password assigned to the user. The router stores this password in encrypted form. priv des56 priv-pwd SNMPv3 only. Configures an encryption key for the user, using the des56 algorithm. (Currently, des56 is the only algorithm supported.) priv-pwd is the actual password assigned to the user. The router stores this password in encrypted form. access access-list Optional. An access list that restricts the hosts from which the user can access the group. The encryption of the password and the authentication key depend on the router's SNMP engine ID. This ID is set with the command snmp-server engineid. Changing the engine ID therefore invalidates all users that are currently defined. |
snmp-server view view-name oid-tree {excluded | included} no snmp-server view Configures An SNMP view Default None Description This command defines an SNMP view that can be used in the snmp-server community command. A view is a list of SNMP object trees. By default, the entire SNMP object tree is available for access. A view restricts access to some subset of the entire tree. Different views can be made available to different SNMP communities. view view-name A unique name that identifies this SNMP view. oid-tree An SNMP object ID (in either numeric or human-readable form). All nodes underneath the given object belong to the tree. Asterisks can be used as wildcards when specifying the object ID. excluded or included Specifies whether the given oid-tree is included in or excluded from the view. Example Say that you want to give some group SNMP access to the ifEntry table for interface 2. (Perhaps this group is connected to the router through interface 2. Note that the interface number here is an index into the SNMP interface table, not an IOS interface name.) To achieve this, define a view: snmp-server view subset2 ifEntry.*.2 included Then set the community string for this view: snmp-server community sub2in view subset2 RO Now users can use the community string sub2in to access the ifEntry table for interface 2, but aren't allowed to access other SNMP objects. |
snmp trap link-status no snmp trap link-status Configures SNMP agent; trap behavior Default Enabled Description This command allows you to enable or disable the sending of SNMP traps when an interface goes up and down. This command is useful on interfaces that you expect to change state frequently (for example, dial-on-demand interfaces). You may not want to send an SNMP trap to your network management stations whenever these interfaces change state. |
source-address mac-address no source-address mac-address Configures Hub behavior Default All addresses are allowed Description The source-address command allows you to specify a MAC address that will be the only traffic source for a specific port. In other words, only network traffic from the specified mac-address will be allowed on the port. By default, traffic from all MAC addresses is accepted on all hub ports. Example The following commands restrict the traffic forwarded to port 0 of hub 4 to traffic with the source Ethernet address of 00:00:0c:ff:d0:04. hub ethernet 0 4 source-address 0000.0cff.d004 |
spanning-tree backbonefast no spanning-tree backbonefast Configures BackboneFast feature Default Disabled Description The command enables the BackboneFast feature, which should be enabled on all routers that contain an Ethernet switch network module. BackboneFast provides quicker convergence on the network backbone after a spanning-tree topology change by enabling the switch to detect an indirect link failure and to start the spanning-tree calculation faster than the normal spanning-tree rules would allow. |
spanning-tree cost value no spanning-tree cost value Configures Path cost for the interface for spanning-tree calculations Default Depends on the bandwidth of the interface Description The command specifies a spanning tree path cost for an interface. Valid values are 1 to 200,000,000 for IOS releases 12.1(3a)E and later. For earlier releases, the valid values are 1 to 65,535. Defaults vary by the bandwidth of the interface: Ethernet, 100; FDDI, 10; ATM, 6; GigibitEthernet, 1; and HSSI, 647. |
spanning-tree priority value no spanning-tree priority value Configures The port priority value for spanning-tree calculations Default 128 Description The command specifies a spanning-tree path priority value for an interface, which is used when two bridges tie for position as the root-bridge. The priority value breaks the tie. Valid values are from 2 to 255, with a default of 128. |
spanning-tree vlan vlan-id [forward-time seconds | hello-time seconds | max-age seconds | priority priority | protocol protocol | [root { primary | secondary} [ diameter diameter [hello-time seconds]]]] no spanning-tree vlan vlan-id Configures The port priority value for spanning-tree calculations Default Varies by option (details below) Description The command configures Spanning-Tree Protocol (STP) settings for each VLAN. vlan-id The ID of the VLAN, from 1 to 1,005. forward-time Optional. Sets the STP forward delay time, which can be from 4 to 30 seconds. Default is 15 seconds. hello-time Optional. Sets the interval between configuration messages from the root bridge; can be from 1 to 10 seconds. Default is 2 seconds. max-age Optional. Sets the maximum number of seconds that a BDPU packet is valid, which can be from 6 to 40 seconds. Default is 20 seconds. priority Optional. Sets the STP bridge priority, which can be from 0 to 65,535. Default is 128 (with the ieee protocol, default is 3,278). protocol Optional. Sets the STP protocol. Valid choices are dec, ibm, ieee, and vlan-bridge. ieee is the default. root primary Optional. Forces this device to be the root bridge. root secondary Optional. Forces this device to act as a secondary switch, which means it becomes the root switch if the primary root fails. diameter Optional. Set the maximum number of switches between any two end stations. Value can be from 2 to 7. Example ! Enable spanning-tree on vlan 100 spanning-tree vlan 100 |
speed bits-per-second no speed Configures Transmit and receive speeds for a line Default 9,600 bps Description This command sets the transmit and receive speeds for this line to bits-per-second. Use the no form of this command to remove the command from the configuration and return to the default setting. |
squeeze filesystem: Description This command cleans the filesystem by permanently deleting files that have been marked for deletion. It works only for Class-A filesystems; it is ignored on other filesystem types. |
squelch {normal | reduced} no squelch {normal | reduced} Configures Allows certain interfaces to extend the 10baseT limit of 100 meter cables Default Normal Description This command allows a 10baseT segment to exceed the 100-meter cable length limitation. Currently, this option is available only on the Cisco 4000 series router. normal The default setting for a 10baseT Ethernet segment. reduced Allows 10baseT cables beyond the 100-meter length. |
sscop cc-timer seconds no sscop cc-timer Configures ATM Default 10 seconds Description This command sets the SSCOP connection control timer value to seconds. This value determines the transmission times between SSCOP BGN, END, or RS PDUs. |
sscop keepalive-timer seconds no sscop keepalive-timer Configures The ATM SSCOP keepalive timer Default 30 seconds Description This command sets the keepalive timer to seconds. This value determines the number of seconds between polling PDUs when no other traffic is transmitted. |
sscop max-cc retries no sscop maxcc Configures Maximum number of transmits of control messages for SSCOP Default 10 retries Description This command sets the maximum number of times that SSCOP sends control messages until an acknowledgment is received. The value of retries can range from 1 to 1,600. |
sscop poll-timer seconds no sscop poll-timer Configures ATM SSCOP poll timer Default 10 seconds Description This command sets the number of seconds between SSCOP poll PDUs. |
sscop rcv-window packets no sscop rcv-window Configures ATM SSCOP receive window in packets Default 7 packets Description This command sets the size of the receive window in packets. This value determines the number of packets the interface receives before sending an acknowledgment. The value of packets can range from 1 to 6,000. |
sscop send-window packets no sscop send-window packets Configures ATM SSCOP send window in packets Default 7 packets Description This command sets the size of the send window in packets. This value determines the number of packets the interface transmits before expecting an acknowledgment. The value of packets can range from 1 to 6,000. |
standby [group] authentication string no standby [group] authentication string Configures HSRP authentication string Default Group, 0; authentication string, "cisco" Description This command enables authentication for a hot standby group. group specifies the hot standby group number, and string sets the authentication string (essentially a password). All HSRP routers must use the same authentication string in order to communicate. string can be from 1 to 8 characters long. Example interface serial 0 ip address 10.1.2.1 255.255.255.0 standby 1 authentication letmein |
standby [group] ip address [secondary] no standby [group] ip address [secondary] Configures Hot Standby Routing Protocol (HSRP ) Default None; group defaults to 0 Description This command enables the specified IP address to be used as the HSRP address. The optional secondary keyword is useful if the interface has a secondary IP address applied to it. (See Chapter 5 for a discussion of secondary IP addresses.) |
standby [group] preempt no standby [group] preempt Configures Hot Standby Routing Protocol (HSRP) Default Disabled; group defaults to 0 Description This command instructs the interface to become the active HSRP interface if no other HSRP router within the given group has a higher priority. In other words, if this interface becomes active and has the standby preempt command, it interrupts any other HSRP interface and becomes the active HSRP interface. The default group number is 0. |
standby [group] priority value no standby [group] priority value Configures Hot Standby Routing Protocol (HSRP) Default Group, 0; priority value, 100 Description This command defines the interface's HSRP priority within the given group. The priority value can be from 0 to 255. |
standby [group] timers hello-seconds hold-seconds no standby [group] timers hello-seconds hold-seconds Configures Hot Standby Routing Protocol (HSRP) Default Group, 0; hello seconds, 3; hold seconds, 10 Description This command allows you to change the hello and hold intervals for HSRP . If this router doesn't hear from another router in this HSRP group for a period of hello-seconds, the other router is considered "down." Once a router is declared "down," it is considered down for a period of at least hold-seconds. |
standby [group] track interface [interface-priority] no standby [group] track interface [interface-priority] Configures Hot Standby Routing Protocol (HSRP) Default Group, 0; interface priority, 10 Description This command configures the HSRP interface to track another interface. If the other interface goes down, the HSRP interface's standby priority decreases by the value interface-priority. The rationale for this behavior is that if the tracked interface is down, this router is less desirable as a standby router. The standby track command must be used in combination with the preempt command. Example In this example, ethernet0 is the HSRP interface tracking interface serial0. If serial0 goes down, ethernet0's priority is decreased by 20. When serial0 comes back up, ethernet0's priority is increased by 20 (i.e., returned to its original value). interface ethernet0 standby 1 ip 10.10.1.1 standby 1 preempt standby 1 track serial0 20 |
stopbits {1 | 1.5 | 2} no stopbits Configures The stop bits transmitted per byte Default 2 Description This command sets the stop bits transmitted per byte for the specified line. The settings are limited to 1, 1.5, or 2 stop bits. |
BGP: summary-address address subnet-mask no summary-address address subnet-mask OSPF: summary-address address subnet-mask [not-advertise] [tag tag-value] no summary-address address subnet-mask IS-IS: summary-address address subnet-mask {level-1 | level-2 | level-1-2} no summary-address address subnet-mask {level-1 | level-2 | level-1-2} Configures Route summarization Default Disabled Description This command allows you to create a single route that covers a set of smaller routes, thus reducing the number of routes in the routing table. Use the no form of the command to return to the default, where the router does not summarize routes. address The destination address for the summarized route. subnet-mask A subnet mask that indicates which addresses should be included in the summarized route. level-1, level-2, level-1-2 IS-IS only. The router summarizes only routes that are being redistributed into the given level. not-advertise Optional. OSPF only. Routes are not advertised when translating a type 7 link state announcement from OSPF. tag tag-value Optional. OSPF only. Used as a match value for route maps. Example Assume that we know routes for 10.10.1.0, 10.10.2.0, 10.10.3.0, and so on. Instead of advertising separate routes, we can summarize by combining these routes into a single route for 10.10.0.0: summary-address 10.10.0.0 255.255.0.0 |
synchronization no synchronization Configures Synchronization between a BGP and an IGP protocol Default Enabled Description The no form of this command causes the router to advertise a network route without waiting for the other routing protocol. The rule of synchronization says that an IBGP router cannot advertise a route until the route is known via an IGP routing protocol. See Chapter 10 for more information about the synchronization command. |
table-map route-map no table-map route-map Configures Behavior of BGP routes Default None Description This command allows you to specify a route map that modifies metric and tag values when the routing table is updated with routes learned from BGP. The given route-map is called whenever the routing table is updated with BGP routes. This command can also be used to filter routes from entering the routing table without preventing them from being maintained and propagated by BGP. |
tacacs-server attempts count no tacacs-server attempts count Configures Number of user login attempts Default 3 Description This command sets the maximum number of times the router allows a user to attempt to login (via TACACS) before closing the session. In other words, the user has this number of failed login attempts before the session is closed. |
tacacs-server authenticate connection [always] tacacs-server authenticate enable tacacs-server authenticate slip [always] [access-lists] no tacacs-server authenticate Configures User authentication with TACACS and extended TACACS Default Disabled Description This command causes the router to contact the TACACS server and authenticate the user under the following conditions: connection When the user makes a TCP connection. enable When the user enters the enable command. slip When the user starts a SLIP or PPP connection. For authenticating TCP or SLIP connections, the always keyword indicates that the router should always perform authentication even if the user is not logged in. Note that it is possible for a SLIP or PPP user to be connected, but not yet logged in. For authenticating SLIP connections, the access-lists keyword tells the router to check with the TACACS server to see if an access list needs to be installed for the user. If you are using TACACS+, use the aaa authorization command instead of the tacacs-server authenticate command. |
tacacs-server directed-request no tacacs-server directed-request Configures Which TACACS server is contacted Default Enabled Description This command causes the router to split each username into two parts, separated by the @ symbol. The first part is the actual username used for authentication; the second part is the name of the TACACS server to send the request to. Disabling this feature causes the TACACS servers to be queried in order; the entire username string is used for authentication. |
tacacs-server extended no tacacs-server extended Configures Extended TACACS Default Disabled Description If you have an extended TACACS server, this command enables the extended TACACS protocol. |
tacacs-server host hostname [single-connection] [port number] [timeout seconds] [key string] no tacacs-server host hostname Configures The hostname of a TACACS server Default None Description This command allows you to list the TACACS servers you have available. If you list more than one hostname, the router attempts to contact them in the order they are listed. hostname The hostname of a TACACS, extended TACACS, or TACACS+ server. single-connection Optional. This keyword specifies that the router maintains a single connection to the TACACS server. In other words, after making a request, the router waits on the same connection for the server to respond. This feature works only with the TACACS+ protocol and CiscoSecure. port number Optional. Use this option to run your TACACS server on a different port than the default (port 49). timeout seconds Optional. This option allows you to specify a timeout value for this server in seconds. It overrides the default or the global setting configured by the tacacs-server timeout command. key string Optional. This option allows you to specify an encryption key for this server. It overrides the global setting configured by the tacacs-server key command. |
tacacs-server key key-string no tacacs-server key Configures TACACS encryption key Default None Description This command sets the encryption key for the TACACS server. |
tacacs-server last-resort {password | succeed} no tacacs-server last-resort {password | succeed} Configures Behavior if the TACACS server doesn't respond Default The request is denied Description This command sets the router's behavior when the TACACS servers you have configured don't respond to a request. For security reasons, the default behavior is to deny the request. The password keyword challenges the user for the enable password before authorizing the action. The succeed keyword simply allows the action, and is discouraged because it blindly allows the user to do what they want without authorization. |
tacacs-server notify {connection [always] | enable | logout [always] | slip [always]} no tacacs-server notify Configures Sends messages to the TACACS server Default None Description This command tells the router to send messages to the TACACS server for accounting. It does not work with TACACS+; for that protocol, use the aaa accounting command. The following keywords specify when messages are sent: connection When a connection is made by a user. always Optional. A message is sent even if the user is not logged in. Note that it is possible for a SLIP or PPP user to be connected but not yet logged in. enable When a user uses the enable command. logout When a user logs out. slip When a user starts a SLIP or PPP connection. |
tacacs-server optional-passwords no tacacs-server optional-passwords Configures Password authentication Default Disabled Description This command makes the user's password optional, depending on the TACACS server's configuration. When this feature is enabled, the router tries to authenticate the user with the username only. If that fails, the router tries again with both the username and password. This command is for TACACS and extended TACACS only; it does not work with TACACS+. |
tacacs-server retransmit number-of-times no tacacs-server retransmit Configures Number of times to try a TACACS server before giving up Default 2 Description This command sets the number of times the router should try to contact a TACACS, extended TACACS, or TACACS+ server before giving up and moving on to the next server. |
tacacs-server timeout seconds no tacacs-server timeout Configures The amount of time to wait for a response from a TACACS server Default 5 seconds Description This command sets the maximum amount of time that the router should wait to receive a response from a TACACS, extended TACACS, or TACACS+ server. If the router doesn't receive a response within this time, it retries the connection attempt. The number of retries is set by the tacacs-server retransmit command. |
tag-switching no tag-switching Configures MPLS Default None Description The tag-switching commands have been replaced with the newer mpls command. Table 17-24 shows a few examples.
|
terminal editing terminal no editing Configures Advanced editing keys for the terminal session Default Enabled Description This command is enabled by default, allowing you to use control keys for advanced editing capabilities. These key sequences are listed in Chapter 1. Use the no form of the command to disable the advanced editing keys. |
terminal escape-character ASCII-value Configures The escape character for the terminal line Default Ctrl-^ (Control+Shift-6) Description This command sets the value for the escape terminal character to ASCII-value, which is the ASCII value for the desired character. The escape character is used to escape certain processes in a router. For example, if you are pinging a device that isn't responding, you can cancel the ping by typing the escape character. |
terminal history [size number] terminal no history Configures Terminal history for the current session Default Enabled; 10 lines Description This command enables history logging for the current session; it can also be used to change the size of the history buffer for that session. To enable history logging, use the terminal history command, which takes the last-used size as the buffer size. To change the size of the current history buffer, use the size keyword followed by the number of lines you want to save in the buffer. The buffer's size can be from 1 to 256 lines. Use Ctrl-P or the up arrow to go up in the history list; use Ctrl-N or the down arrow to return to more recent commands in the list. To see the entire list, use show history. Example This example changes the history size to 100: router# terminal history size 100 |
terminal length number-of-lines Configures Window page size Default 24 lines Description This command sets the size of the window for the current user session to number-of-lines. If output from any command exceeds your window size, the router suspends output and prompts you for a keystroke (More). This command is useful if you are using a terminal or terminal emulator with a viewing area that is not 24 lines long. Set number-of-lines to 0 to disable the More prompt. Warning: Setting the length to 0, which disables paging, can be useful, but it can present a problem on long output. Example To set the window size to 10: Router#terminal length 10 To disable the More prompt: Router#terminal length 0 |
terminal monitor terminal no monitor Configures Debug and system error messages for the current terminal and session Default Disabled Description This command enables the display of debugging messages and system error messages for the current terminal (i.e., VTY or asynchronous line) session. It does not apply to the console itself; to disable console logging, use the command no logging console. |
tftp-server flash [flash-partition-number:]filename [alias filename] [access- list] tftp-server rom alias filename [access-list] no tftp-server {flash | rom} Configures TFTP server Default Disabled Description The tftp-server flash command allows the router to act as a TFTP server that serves files from its flash filesystem. The flash-partition-number is the number of the specified partition number within the flash filesystem. If no partition is specified, the first partition is used. The filename is the name of the file that the TFTP service uses in answering read requests. The alias keyword allows you to provide an alternate name for the file. The tftp-server rom command configures the router to serve the contents of its ROM using TFTP. The alias keyword, which is required for this form of the command, provides a name to be used to access the ROM contents. Either form of the command allows you to specify an access-list that limits the hosts allowed to make incoming TFTP requests. |
timers basic update-value invalid-value holddown-value flush-value [sleeptime- value] no timers basic Configures Routing protocol timers Default The default timer values are shown in Table 17-25.
Description This command allows you to adjust the routing timers. All values expect for sleeptime are in seconds. update-value The interval at which routing updates are sent. invalid-value The interval after which a route is considered invalid if an update does not arrive. holddown-value The time that the router waits after deciding that a route is invalid before accepting further information about it. For example, if a router decides that a certain route has become invalid, it waits for the hold-down period to pass before believing any other information stating that the route is valid. This procedure helps to maintain routing stability. flush-value The interval after which invalid routes are purged from the routing table. sleeptime-value Optional. This timer's value is the interval in milliseconds to wait after a flash update. This value should be less than the update value. Sleeptime is not applicable to RIP. |
timers bgp keepalive holdtime no timers bgp Configures BGP timers Default keepalive, 60 seconds; holdtime, 180 seconds Description This command allows you to configure the keepalive and holdtime timers for BGP. keepalive specifies the interval in seconds between the keepalive message that a router sends to its peer routers. holdtime is the time in seconds after which a peer is considered unreachable because a keepalive message wasn't received. |
timers spf delay-time hold-time no timers spf delay-time hold-time Configures OSPF timers Default Delay time, 5 seconds; hold time, 10 seconds Description This command sets the two types of timers that are important to the OSPF protocol. delay-time is the interval in seconds between the arrival of a topology change and the time OSPF starts the shortest path first (SPF) calculation. hold-time is the minimum interval between two consecutive SPF calculations. Both timers must be in the range 0 to 65,535. Reducing these values may cause the router to switch to a different path more quickly, but this may be a detriment to performance; the SPF calculation is CPU-intensive. |
trace [host] traceroute [ host] Description This command allows you to determine the most likely path to a specified host. It is often useful in troubleshooting, and is similar to the traceroute command on Unix systems or the tracert command on Windows systems. If you omit the hostname, you'll be prompted for the necessary information. As with the ping command, the prompts differ depending on the mode you are in. The output from the trace command uses the special characters shown in Table 17-26.
Example This example shows what happens when you use the trace command without supplying a hostname. Note that you're prompted for many values that can't be specified on the command line. Omitting the hostname therefore gives you more control over the command's behavior than you would otherwise have. Router#trace Protocol [ip]: Protocol Target IP address: 10.10.1.2 Can be hostname or network address Source address: The IP address of the interface to use Numeric display [n]: y Numeric display is not the default Timeout in seconds [3]: Seconds to wait for each probe Probe count [3]: Number of probes to execute at each TTL. Minimum Time to Live [1]: The first TTL level to begin the trace Maximum Time to Live [30]: The TTL level to stop the trace Port Number [33434]: The UDP port number to probe Loose, Strict, Record, Timestamp, Verbose[none]: Header Options Type escape sequence to abort. Tracing the route to 10.10.1.2 1 10.10.1.2 0 msec 4 msec 0 msec |
traffic-shape adaptive [bit-rate] no traffic-shape adaptive Configures Traffic shaping on a Frame Relay subinterface Default Disabled Description This command enables traffic shaping on a Frame Relay subinterface. Traffic shaping means that the interface estimates the available bandwidth on the link when it receives BECNs (backwards explicit congestion notifications). The bit-rate parameter is optional and specifies the lowest bit rate (in Kbps) at which traffic is shaped. |
traffic-shape fecn-adapt no traffic-shape fecn-adapt Configures Traffic shaping on a frame relay subinterface Default Disabled Description This command enables the interface to reflect FECN bits as BECN bits, which notifies the sending DTE that it is transmitting at a rate too fast to handle. Example This configuration sets up traffic shaping with an upper limit of 128 Kbps and a lower limit of 64 Kbps. With the fecn-adapt command, our router reflects FECN packets as BECN packets. interface serial 1 encapsulation frame-relay interface serial 1.1 traffic-shape rate 128000 traffic-shape adaptive 64000 traffic-shape fecn-adapt |
traffic-shape group access-list bit-rate [burst-size [excess-burst-size]] no traffic-shape group access-list Configures Traffic shaping for general outbound traffic Default Disabled Description This command allows you to specify an access list that selects the packets to which traffic shaping applies. access-list Traffic shaping is applied to packets that match this access list. bit-rate The access bit rate in your service contract with your Frame Relay service provider. burst-size Optional. The sustained number of bits that can be transmitted per interval, defined in your service contract with your Frame Relay service provider. Default is the bit-rate divided by 8. excess-burst-size Optional. The maximum number of bits that can exceed the burst size during a congestion event. The default is the burst-size. |
traffic-shape rate bit-rate [burst-size [excess-burst-size]] no traffic-shape rate Configures Traffic shaping for all outbound traffic Default Disabled Description This command applies the traffic shaping to all outbound traffic. It is similar to traffic-shape group, but does not use an access list to select traffic. bit-rate The access bit rate in your service contract with your Frame Relay service provider. burst-size Optional. The sustained number of bits that can be transmitted per interval, as defined in your service contract with your Frame Relay service provider. Default is the bit-rate divided by 8. excess-burst-size Optional. The maximum number of bits that can exceed the burst size during a congestion event. The default is the burst-size. |
traffic-share {balanced | min} no traffic-share {balanced | min} Configures How traffic is distributed when multiple routes exist for the same destination Default balanced Description This command defines the way multiple routes are handled when they have different costs. balanced Traffic is distributed based on the metric ratios. min All traffic is sent using the route with the minimum cost. |
transport input protocol transport output protocol transport preferred protocol Configures The transport protocol Default Output and preferred, telnet; input, none Description This command specifies the transport protocol the router should use. input specifies the protocol to use for incoming connections on a line; output is for output connections on a line; and preferred is the transport protocol to use when the user does not specify one. Using the command TRansport preferred none helps to prevent typos at the command line from causing a bogus DNS lookup. (With the default output setting, a mistyped command is frequently interpreted as a hostname for the telnet, initializing a DNS lookup.) The protocol parameter specifies which protocol to use; possible values are given in Table 17-27.
Example Routers do not allow incoming network connections to a TTY by default, so you must use the transport input command to enable this feature: line tty 2 transport input all |
tunnel checksum no tunnel checksum Configures The checksumming of packets on a tunnel interface Default Disabled Description This command enables packet checksumming on a tunnel interface. It applies to GRE tunnels only. When enabled, the router drops packets that fail the checksum test. |
tunnel destination destination no tunnel destination destination Configures The IP address or hostname of the tunnel's destination Default None Description This command specifies the tunnel's destination IP address or hostname. Example The following commands set up a tunnel interface called tunnel0. The source address for the tunnel is the address of the serial0 interface; the destination of the tunnel is 172.25.1.1. The tunnel uses the GRE protocol. interface tunnel0 tunnel source serial0 tunnel destination 172.25.1.1 tunnel mode gre ip |
tunnel key key no tunnel key key Configures A key identifier for a tunnel Default None Description This command assigns a key to a tunnel. In this case, the key is just an integer that serves as a tunnel ID; it is not a cryptographic key. As such, it provides at best very weak security. The range for key is 0 to 4,294,967,295. |
tunnel mode type no tunnel mode type Configures The type of tunnel Default General Routing Encapsulation (GRE) Description This command sets the encapsulation mode for a tunnel. Values for type are given in Table 17-28. Both ends of the tunnel must use the same encapsulation type.
|
tunnel sequence-datagrams no tunnel sequence-datagrams Configures The tunnel interface Default Disabled Description This command tells the tunnel interface to drop any tunnel packets that arrive out of sequence. |
tunnel source source no tunnel source source Configures The source IP address of the tunnel Default None Description This command specifies the tunnel's source IP address. Example The following commands set up a tunnel that uses the address of the serial0 interface as its source address. The destination of the tunnel is 172.25.1.1. interface tunnel0 tunnel source serial0 tunnel destination 172.25.1.1 tunnel mode gre ip |
txspeed bits-per-second no txspeed Configures Transmit speed Default 9600 baud Description This command sets the transmit speed. Use the no form to remove the command from the configuration. Example The following example sets the transmit speed on line 1 to 1,200: line 1 txspeed 1200 |
undebug {debug-level | all} Description This command turns off debugging at the selected debug-level. Use the all keyword to turn off all currently active debugging. Example If you enabled debug with: #debug ip eigrp You can disable it with: #undebug ip eigrp or #undebug all |
undelete file-number [device:] Description This command allows you to recover deleted files on Class A and B filesystems. The file-number is the index of the file in the directory. The device field is optional and specifies the flash device you wish to undelete from: bootflash, slot0, or slot1. This command cannot recover files after they have been purged by the squeeze command. |
username name [nopassword | password password] [access-class access-list- number] [autocommand command] [callback-dialstring phone-number] [callback-rotary rotary-group-number] [callback-line [tty] line-number [ending-line-number]] [nocallback-verify] [noescape] [nohangup] [privilege level] Configures Username information for authentication Default None Description The username command provides authentication information for a user. It is used to build a username database on the router itself (as opposed to on an external server, like a RADIUS server). Many different types of information can be provided, using the following options: nopassword No password is required for the user; this option is useful when combined with autocommand. password password Specifies a password for the user. access-class access-list-number Specifies an outgoing access list for the user, overriding the access list specified in the access-class command in the line configuration. autocommand command Causes the specified command to be issued automatically when the user connects. This is commonly used to start PPP sessions. callback-dialstring phone-number Specifies the phone number to pass to the modem for asynchronous callback. callback-rotary rotary-group-number Specifies the rotary group to use for asynchronous callback. callback-line tty line-number ending-line-number Specifies which lines can be used for asynchronous callback. The optional tty keyword restricts the callback to TTY lines. nocallback-verify Callback not required for this user. noescape Prevents the user from using an escape character. nohangup Prevents the communication server from disconnecting. The user gets another login prompt when he attempts to disconnect. privilege level Sets the privilege level for the user. Example The following commands create two users. An access list is applied to the user Bob for the duration of his sessions. The router automatically starts PPP when the user Jane logs in. username bob password letmein access-class 10 username jane password thisisme autocommand ppp |
vacant-message delimiter message text delimiter no vacant-message Configures A message displayed to an idle line Default None Description This command sets the message that is displayed when a terminal is idle and waiting to begin a session. It is often used at terminals that are connected to routers or access servers for generic network access. The message is specific to a particular line; you must specify the message explicitly for every line. delimiter marks the beginning and end of the message; it can be any single character that is not used in the message itself. To disable this message, use the no form of this command. Example Router(config)#line 2 Router(config-line)#vacant-message # Welcome to the Network, Press return to begin! # |
validate-update-source no validate-update-source Configures Validation of routing sources Default Enabled Description The validate-update-source command checks to make sure that the source IP address of incoming routing updates is on the same network as the interface receiving the update. This feature gives some protection against spoofing attacks. Example To disable this feature, use the no form of this command: router rip network 10.10.0.0 no validate-update-source |
variance multipler-value no variance multipler-value Configures Multiplier value for load balancing Default 1 (equal-cost load balancing) Description This command lets you specify a multiplier-value for use in load balancing with IGRP and EIGRP. The multiplier-value can be from 1 to 128. Routes within a factor of multiplier-value of the best routes are used to carry traffic. Normally, all traffic is sent over the route with the best metric; if two or more routes share the same metric, load balancing takes place between those routes. Example Assume that your router has three routes to the same destination. The routes have metrics of 10, 30, and 50. With the default variance of 1 (equal-cost load balancing), all traffic is sent using the route with the metric of 10. For load balancing to take place, another route with a metric of 10 must appear in the routing table. To force the router to use multiple paths in this situation, you can change the variance (unequal-cost load balancing). If you increase the variance to 3, routes with a metric within a factor of 3 of the best route are used. In this situation, the routes with metrics of 10 and 30 will be used to carry traffic, and the route with a metric of 50 will not. router eigrp 100 variance 5 |
verify {flash | bootflash} Description This command verifies the flash checksum value with the stored flash image. Example Router#verify flash System flash directory: File Length Name/status 1 6070088 igs-j-l.110-3 [6070152 bytes used, 2318456 available, 8388608 total] Name of file to verify? igs-j-l.110-3 Verifying checksum for 'igs-j-l.110-3' (file # 1)... OK |
version {1 | 2} no version Configures Version of RIP protocol to use Default Accepts both versions but transmits only Version 1 Description This command specifies which version of the RIP protocol to use. The ip rip command can also be used to select the RIP protocol version. Example The following commands configure the router to communicate only with RIPv2. router rip network 10.10.0.0 version 2 |
vlan vlan-id [are hops] [ backupcrf mode ] [ bridge type | number] [ media type ] [mtu mtu-size] [name vlan-name] [parent parent-vlan-id] [ring ring-number] [said sa-id-value] [state {suspend | active}] [stp type type] [tb-vlan1 id] [tb-vlan2 id] no vlan vlan-id Configures A specific VLAN Default None Description This command configures a VLAN while in the VLAN configuration mode. vlan-id The VLAN number, from 2 to 1,001. are hops Optional. Specifies the maximum number of All Route Explorer hops for this VLAN, from 0 to 13. If not defined, 0 is the default. backupcrf mode Optional. Enables or disables the backup concentrator relay function (CRF). Valid values are enable or disable. bridge Optional. Sets the bridging characteristics of the VLAN. Valid values for the type are srb or srt. Valid values for the bridge-number are 0 to 15. No default. media type Optional. Specifies the media type of the VLAN. Values can be ethernet, fd-net, fddi, trcrf, and TRbrf. Default is ethernet. mtu mtu-size Optional. Specifies the MTU (Maximum Transmission Unit) for the VLAN. Valid values are 576 to 18,190. Defaults are dependent on the VLAN type but it is usually 1,500. name vlan-name Optional. Specifies a text string to identify the VLAN. The name can be from 1 to 32 characters in length. Default is vlanXXXX where XXXX represents the VLAN ID number. parent parent-vlan-id Optional. Specifies the ID number for parent VLANs for FDDI or Token Ring networks. Can be a value from 2 to 1,001. No default. ring ring-number Optional. Specifies the ring number of VLAN for FDDI or Token Ring networks. Can be a value from 2 to 1,001. No default. said sa-id-value Optional. Specifies the security association identifier. Can be from 1 to 4,294,967,294. Default is 100,000 plus the VLAN ID number. state Optional. Sets the state of the VLAN, which can be active or suspended. A suspended VLAN does not process packets. Default is active. stp type Optional. Sets the Spanning Tree Protocol type, which can be ieee, ibm, or auto. No type is specified as default. tb-vlan1 Optional. Specifies the ID number of the first translational VLAN for this VLAN. Can be from 2 to 1,001, and zero is the default, which means none defined. tb-vlan2 Optional. Specifies the ID number of the second translational VLAN for this vlan. Can be from 2 to 1,001, and zero is the default, which means none defined. |
vlan database Configures Enters VLAN configuration mode. Default N/A Description This command enters the VLAN configuration mode. In this mode, you can use the following commands: abort Exits the VLAN configuration mode without saving the changes you have made. apply Saves and applies the current VLAN changes. exit Saves and applies the current VLAN changes then exits the VLAN configuration mode. reset Abandons any changes and reloads the saved VLAN information. show Displays the current VLAN database information. vlan Edit VLAN information. See the separate vlan command listing for more information. vtp Edits VLAN trunking protocol (VTP) information. See the separate vtp command listing for more information. Example This example shows entering the VLAN database and creating VLAN 100. Router# vlan database Router(vlan)#vlan 100 Router(vlan)#exit |
vtp client no vtp client Configures VLAN Trunking Protocol (VTP) Default Server mode Description This command places the device into VTP client mode. When a device is in VTP client mode, it changes its configuration to duplicate the configuration of the VTP server. |
vtp domain name no vtp domain name Configures VLAN Trunking Protocol (VTP) Default None Description This command configures the VTP administrative domain name for the device. This name is case-sensitive. A device will not transmit any VTP advertisements until a domain name is configured. |
vtp password string no vtp password Configures VLAN Trunking Protocol (VTP) Default None Description This command configures a VTP domain password, which is an ASCII string from 1 to 32 characters. |
vtp server Configures VLAN Trunking Protocol (VTP) Default Server mode Description This command sets the device into VTP server mode, which is the default. You use the command if you have previously configured the device as a client. Also, this command is the equivalent of using no vtp client. |
vtp transparent no vtp transparent Configures VLAN Trunking Protocol (VTP) Default Server mode Description This command places the device into VTP transparent mode, which disables VTP from the local device but does not remove the device from the VTP domain. |
vtp v2-mode no vtp v2-mode Configures VLAN Trunking Protocol (VTP) Default Disabled Description This command places the device into VTP version 2 mode. All devices within a VTP domain must run the same version of VTP. You can simply configure this on one device (like the server VTP switch) and all devices will be reconfigured to version 2 via VTP, provided that all devices are v2-mode capable. |
vty-async no vty-async Configures VTY line features Default Disabled Description This command configures all virtual terminal lines to support asynchronous protocol features. |
vty-async dynamic-routing no vty-async dynamic-routing Configures VTY line features Default Disabled Description This command enables dynamic routing on all VTY asynchronous lines. |
vty-async header-compression [passive] no vty-async header-compression Configures VTY line features Default Disabled Description This command enables header compression on all VTY asynchronous lines. The passive keyword is optional. It tells the router to compress headers only if headers on the incoming packets on the same line are compressed as well. |
vty-async keepalive seconds no vty-async keepalive seconds Configures VTY line features Default 10 seconds Description This command specifies the keepalive frequency on VTY asynchronous lines. The value can be from 1 to 32,767. |
vty-async mtu bytes no vty-async mtu Configures VTY line features Default 1,500 bytes Description This command specifies the MTU of IP packets sent over this line. The value can be from 64 to 1,000,000 bytes. |
vty-async ppp authentication {chap | pap} no vty-async ppp authentication {chap | pap} Configures VTY line features Default Disabled Description This command enables PPP authentication on the VTY asynchronous lines. |
vty-async ppp use-tacacs no vty-async ppp use-tacacs Configures VTY line features Default Disabled Description This command tells PPP sessions using VTY lines to use TACACS for authentication. |
width characters no width Configures The terminal width for a line Default 80 characters Description This command sets the width, in characters, of a terminal line. Setting this value correctly helps deal with lines that are too long to be displayed on your terminal window or screen. |
write erase write memory write network write terminal Description The write commands are used to work with the current configuration. They are obsolete and have been replaced by the copy, show, and erase commands. Table 17-29 shows the correspondence between the two sets of commands.
|
Getting Started
IOS Images and Configuration Files
Basic Router Configuration
Line Commands
Interface Commands
Networking Technologies
Access Lists
IP Routing Topics
Interior Routing Protocols
Border Gateway Protocol
Quality of Service
Dial-on-Demand Routing
Specialized Networking Topics
Switches and VLANs
Router Security
Troubleshooting and Logging
Quick Reference
Appendix A Network Basics
Index