Quick Reference

aaa accounting

aaa accounting delay-start

aaa accounting gigawords

aaa accounting nested

aaa accounting resource

aaa accounting send stop-record authentication failure

aaa accounting session-duration ntp-adjusted

aaa accounting suppress null-username

aaa accounting update

aaa authentication attempts login

aaa authentication banner

aaa authentication enable default

aaa authentication fail-message

aaa authentication local-override

aaa authentication login

aaa authentication password-prompt

aaa authentication ppp

aaa authentication username-prompt

aaa authorization

aaa authorization config-commands

aaa authorization reverse-access

aaa authorization template

aaa configuration route

aaa group server radius

aaa group server tacacs+

aaa new-model

absolute-timeout

access-class

access-enable

access-list

access-list rate-limit

access-template

activation-character

aggregate-address

alias

area authentication

area default-cost

area nssa

area-password

area range

area stub

area virtual-link

arp (global)

arp (interface)

arp timeout

async-bootp

async default ip address

async default routing

async dynamic address

async dynamic routing

async mode

atm address

atm arp-server

atm esi-address

atm lecs-address

atm lecs-address-default

atm nsap-address

atm pvc

atm-vc

autobaud

autocommand

autodetect encapsulation

autohangup

auto discovery qos

auto qos voip

auto secure

autoselect

auto-summary

backup

bandwidth (interface)

bandwidth (policy-map)

banner exec

banner incoming

banner login

banner motd

bgp always-compare-med

bgp bestpath as-path ignore

bgp bestpath med-confed

bgp bestpath missing-as-worst

bgp client-to-client reflection

bgp cluster-id

bgp confederation identifier

bgp confederation peers

bgp dampening

bgp default local-preference

bgp default route-target filter

bgp deterministic med

bgp fast-external-fallover

bgp log-neighbor-changes

bgp-policy

bridge acquire

bridge address

bridge cmf

bridge crb

bridge forward-time

bridge-group

bridge-group aging-time

bridge-group circuit-group

bridge-group input-address-list

bridge-group input-lsap-list

bridge-group input-pattern

bridge-group input-type-list

bridge-group output-address-list

bridge-group output-lsap-list

bridge-group output-pattern

bridge-group output-type-list

bridge-group path-cost

bridge-group priority

bridge-group spanning-disabled

bridge hello-time

bridge irb

bridge max-age

bridge multicast-source

bridge priority

bridge protocol

bridge route

busy-message

cable helper-address

calendar set

callback forced-wait

cd

cdp advertise-v2

cdp enable

cdp holdtime

cdp run

cdp timer

channel-group (controller)

channel-group (interface)

chat-script

class (frame-relay)

class (MPLS)

class (policy-map)

class-map

clear

client-atm-address name

clock calendar-valid

clock rate

clock read-calendar

clock set

clock summer-time

clock timezone

clock update-calendar

compress

config-register

configure

controller

copy

crc

custom-queue-list

databits

data-character-bits

dce-terminal-timing enable

debug

default-information

default-information originate

default-metric

default-name

delay

delete

description

dialer aaa

dialer callback-secure

dialer callback-server

dialer caller

dialer dtr

dialer enable-timeout

dialer fast-idle

dialer-group

dialer hold-queue

dialer idle-timeout

dialer in-band

dialer isdn

dialer-list

dialer load-threshold

dialer map

dialer map snapshot

dialer max-link

dialer pool

dialer pool-member

dialer priority

dialer remote-name

dialer rotary-group

dialer rotor

dialer string

dialer wait-for-carrier-time

dialer watch-disable

dialer watch-group

dialer watch-list

dir

disable

disconnect

disconnect-character

disconnect ssh

dispatch-character

distance

distance bgp

distance eigrp

distribute-list in

distribute-list out

domain-password

downward-compatible-config

down-when-looped

drop

dte-invert-txc

early-token-release

editing

eigrp log-neighbor-changes

enable

enable last-resort

enable password

enable secret

enable use-tacacs

encapsulation (ATM/MPLS)

encapsulation (interface)

end

erase

escape-character

exception core-file

exception dump

exception memory

exception protocol

exception spurious-interrupt

exec

exec-timeout

exit

fair-queue (policy-map class)

fair-queue (interface)

fair-queue aggregate-limit

fair-queue individual-limit

fair-queue limit

fair-queue qos-group

fair-queue tos

fair-queue weight

fddi burst-count

fddi c-min

fddi cmt-signal-bits

fddi duplicate-address-check

fddi encapsulate

fddi frames-per-token

fddi smt-frames

fddi tb-min

fddi tl-min-time

fddi token-rotation-time

fddi t-out

fddi valid-transmission-time

flowcontrol

format

frame-relay adaptive-shaping

frame-relay [ bc | be]

frame-relay becn-response-enable

frame-relay broadcast-queue

frame-relay cir

frame-relay class

frame-relay custom-queue-list

frame-relay de-group

frame-relay de-list

frame-relay idle-timer

frame-relay interface-dlci

frame-relay intf-type

frame-relay inverse-arp

frame-relay ip rtp header-compression

frame-relay ip tcp header-compression

frame-relay lmi-type

frame-relay local-dlci

frame-relay map

frame-relay map bridge

frame-relay map clns

frame-relay map ip compress

frame-relay map ip rtp header-compression

frame-relay map ip tcp header-compression

frame-relay mincir

frame-relay multicast-dlci

frame-relay payload-compress packet-by-packet

frame-relay priority-dlci-group

frame-relay priority-group

frame-relay route

frame-relay svc

frame-relay switching

frame-relay traffic-rate

frame-relay traffic-shaping

fsck

ftp-server enable

ftp-server topdir

full-duplex

full-help

group-range

half-duplex

half-duplex controlled-carrier

help

history

hold-character

hold-queue

hostname

hssi external-loop-request

hssi internal-clock

hub

ignore-dcd

interface

interface bvi

interface dialer

interface group-async

ip access-group

ip access-list

ip accounting

ip accounting-list

ip accounting-threshold

ip accounting-transits

ip address

ip address negotiated

ip address-pool

ip alias

ip as-path access-list

ip authentication

ip bandwidth-percent eigrp

ip bgp-community new-format

ip bootp server

ip broadcast-address

ip cef

ip cef traffic-statistics

ip cgmp

ip classless

ip community-list

ip default-gateway

ip default-network

ip dhcp-server

ip directed-broadcast

ip domain-list

ip domain-lookup

ip domain-name

ip dvmrp accept-filter

ip dvmrp auto-summary

ip dvmrp default-information

ip dvmrp metric

ip dvmrp metric-offset

ip dvmrp output-report-delay

ip dvmrp reject-non-pruners

ip dvmrp routehog-notification

ip dvmrp route-limit

ip dvmrp summary-address

ip dvmrp unicast-routing

ip forward-protocol

ip ftp passive

ip ftp password

ip ftp source-interface

ip ftp username

ip hello-interval eigrp

ip helper-address

ip hold-time eigrp

ip host

ip http

ip identd

ip igmp access-group

ip igmp explicit-tracking

ip igmp helper-address

ip igmp join-group

ip igmp query-interval

ip igmp query-max-response-time

ip igmp query-timeout

ip igmp static-group

ip igmp version

ip irdp

ip load-sharing

ip local policy route-map

ip local pool

ip mask-reply

ip mroute

ip mroute-cache

ip mtu

ip multicast boundary

ip multicast cache-headers

ip multicast helper-map

ip multicast rate-limit

ip multicast-routing

ip multicast ttl-threshold

ip name-server

ip nat

ip nat inside destination

ip nat inside source

ip nat outside source

ip nat pool

ip nat stateful id

ip nat translation

ip nbar pdlm

ip nbar port-map

ip nbar protocol-discovery

ip netmask-format

ip nhrp authentication

ip nhrp holdtime

ip nhrp interest

ip nhrp map

ip nhrp map multicast

ip nhrp max-send

ip nhrp network-id

ip nhrp nhs

ip nhrp record

ip nhrp responder

ip nhrp server-only

ip nhrp trigger-svc

ip nhrp use

ip ospf authentication

ip ospf authentication-key

ip ospf cost

ip ospf dead-interval

ip ospf demand-circuit

ip ospf hello-interval

ip ospf message-digest-key

ip ospf name-lookup

ip ospf network

ip ospf priority

ip ospf retransmit-interval

ip ospf transmit-delay

ip pim

ip pim accept-rp

ip pim message-interval

ip pim minimum-vc-rate

ip pim multipoint-signalling

ip pim nbma-mode

ip pim neighbor-filter

ip pim query-interval

ip pim rp-address

ip pim rp-announce-filter

ip pim send-rp-announce

ip pim send-rp-discovery

ip pim vc-count

ip pim version

ip policy-list

ip policy route-map

ip proxy-arp

ip radius source-interface

ip rarp-server

ip rcmd rcp-enable

ip rcmd remote-host

ip rcmd remote-username

ip rcmd rsh-enable

ip redirects

ip rip authentication

ip rip receive version

ip rip send version

ip rip triggered

ip rip v2-broadcast

ip route

ip route-cache

ip route-cache policy

ip route priority high

ip route profile

ip router isis

ip routing

ip rtp compression-connections

ip rtp header-compression

ip rtp priority

ip scp server enable

ip source-route

ip split-horizon

ip ssh

ip subnet-zero

ip summary-address eigrp

ip summary-address rip

ip tcp chunk-size

ip tcp compression-connections

ip tcp header-compression

ip tcp mtu-path-discovery

ip tcp queuemax

ip tcp synwait-time

ip tcp window-size

ip telnet source-interface

ip tftp source-interface

ip unnumbered

ip unreachables

isdn answer1, isdn answer2

isdn autodetect

isdn bchan-number-order

isdn busy

isdn caller

isdn call interface

isdn calling-number

isdn conference-code

isdn disconnect interface

isdn fast-rollover-delay

isdn incoming-voice

isdn leased-line bri 128

isdn not-end-to-end

isdn nsf-service

isdn outgoing-voice

isdn overlap-receiving

isdn send-alerting

isdn sending-complete

isdn service

isdn spid1 (spid2)

isdn switch-type

isdn tei

isdn tei-negotiation

isdn transfer-code

isdn twait-disable

isdn voice-priority

isis advertise-prefix

isis authentication key-chain

isis authentication mode

isis authentication send-only

isis circuit-type

isis csnp-interval

isis hello-interval

isis hello-multiplier

isis lsp-interval

isis metric

isis password

isis priority

isis retransmit-interval

isis retransmit-throttle-interval

is-type

keepalive

key

key chain

key config-key

key-string

lane auto-config-atm-address

lane bus-atm-address

lane client

lane client-atm-address

lane config-atm-address

lane config database

lane database

lane fixed-config-atm-address

lane global-lecs-address

lane le-arp

lane server-atm-address

lane server-bus

line

linecode

link-test

location

logging

logging buffered

logging buffered xml

logging console

logging console xml

logging count

logging facility

logging history

logging history size

logging host

logging monitor

logging on

logging source-interface

logging synchronous

logging trap

login

login authentication

logout-warning

loopback

mac-address-table aging-time

mac-address-table dynamic

mac-address-table secure

mac-address-table static

map-class dialer

map-class frame-relay

map-group

map-list

match access-group

match any

match as-path

match class-map

match community-list

match cos

match destination-address mac

match discard-class

match dscp

match fr-dlci

match input-interface

match interface

match ip address

match ip dscp

match ip next-hop

match ip precedence

match ip route-source

match ip rtp

match length

match metric

match mpls experimental

match mpls-label

match not

match packet length

match precedence

match protocol

match qos-group

match route-type

match source-address mac

match tag

maximum-paths

max-reserved-bandwidth

media-type

member

menu

menu command

menu text

menu title

metric holddown

metric maximum-hops

metric weights

mkdir

modem

monitor session

more

motd-banner

mpls atm control-vc

mpls atm cos

mpls atm disable-headend-vc

mpls atm multi-vc

mpls atm vpi

mpls atm vp-tunnel

mpls cos-map

mpls ip

mpls ip default-route

mpls ip encapsulate explicit-null

mpls ip ttl-expiration pop

mpls label protocol

mpls label range

mpls mtu

mpls prefix-map

mpls request-labels for

mrinfo

mstat

mtrace

mtu

name elan-id

name local-seg-id

name preempt

name server-atm-address

neighbor

neighbor advertisement-interval

neighbor database-filter

neighbor default-originate

neighbor description

neighbor distribute-list

neighbor filter-list

neighbor maximum-prefix

neighbor next-hop-self

neighbor password

neighbor peer-group

neighbor prefix-list

neighbor remote-as

neighbor route-map

neighbor route-reflector-client

neighbor send-community

neighbor send-label

neighbor shutdown

neighbor soft-reconfiguration inbound

neighbor ttl-security

neighbor timers

neighbor ttl-security

neighbor update-source

neighbor version

neighbor weight

net

network

network backdoor

network weight

nrzi-encoding

ntp access-group

ntp authenticate

ntp authentication-key

ntp broadcast

ntp broadcast client

ntp broadcastdelay

ntp disable

ntp master

ntp peer

ntp server

ntp source

ntp trusted-key

ntp update-calendar

offset-list

ospf auto-cost reference-bandwidth

ospf log-adj-changes

output-delay

padding

parity

passive-interface

password

peer default ip address

peer neighbor-route

physical-layer

ping

police

policy-map

ppp

ppp authentication

ppp bridge ip

ppp chap

ppp compress

ppp multilink

ppp quality

ppp reliable-link

ppp use-tacacs

priority-group

priority-list

privilege level (global)

privilege level (line)

prompt

pulse-time

pvc

qos pre-classify

queue-limit

queue-list

radius-server

random-detect

random-detect discard-class

random-detect discard-class-based

random-detect dscp

random-detect ecn

random-detect exponential-weighting-constant

random-detect flow

rate-limit

redistribute

refuse-message

reload

rename

ring-speed

rlogin

rmdir

route-map

router

rsh

rxspeed

send

service

service compress-config

service linenumber

service-module 56k

service-module t1

service-policy (interface)

service-policy (policy-map)

service timestamps

session-limit

session-timeout

set as-path

set atm-clp

set automatic-tag

set community

set cos

set default interface

set discard-class

set dscp

set fr-de

set interface

set ip default next-hop

set ip next-hop

set ip precedence

set ip tos

set level

set local-preference

set metric

set metric-type

set metric-type internal

set mpls-label

set origin

set ospf router-id

set-overload-bit

set precedence

set qos-group

set tag

setup

set weight

shape

show

shutdown

smt-queue-threshold

snapshot

snmp-server

snmp-server chassis-id

snmp-server community

snmp-server contact

snmp-server enable traps

snmp-server engine-id

snmp-server group

snmp-server host

snmp-server location

snmp-server packetsize

snmp-server queue-length

snmp-server system-shutdown

snmp-server tftp-server-list

snmp-server trap-source

snmp-server trap-timeout

snmp-server user

snmp-server view

snmp trap link-status

source-address

spanning-tree backbonefast

spanning-tree cost

spanning-tree port-priority

spanning-tree vlan

speed

squeeze

squelch

sscop cc-timer

sscop keepalive-timer

sscop max-cc

sscop poll-timer

sscop rcv-window

sscop send-window

standby authentication

standby ip

standby preempt

standby priority

standby timers

standby track

stopbits

summary-address

synchronization

table-map

tacacs-server attempts

tacacs-server authenticate

tacacs-server directed-request

tacacs-server extended

tacacs-server host

tacacs-server key

tacacs-server last-resort

tacacs-server notify

tacacs-server optional-passwords

tacacs-server retransmit

tacacs-server timeout

tag-switching

terminal editing

terminal escape-character

terminal history

terminal length

terminal monitor

tftp-server

timers basic

timers bgp

timers spf

trace, traceroute

traffic-shape adaptive

traffic-shape fecn-adapt

traffic-shape group

traffic-shape rate

traffic-share

transport

tunnel checksum

tunnel destination

tunnel key

tunnel mode

tunnel sequence-datagrams

tunnel source

txspeed

undebug

undelete

username

vacant-message

validate-update-source

variance

verify

version

vlan

vlan database

vtp client

vtp domain

vtp password

vtp server

vtp transparent

vtp v2-mode

vty-async

vty-async dynamic-routing

vty-async header-compression

vty-async keepalive

vty-async mtu

vty-async ppp authentication

vty-async ppp use-tacacs

width

write

aaa accounting global

aaa accounting {auth-proxy | system | network | exec | connection |
commands level} {default | list-name} [vrf vrf-name] {start-stop |
stop-only | none} [broadcast] group group-name
no aaa accounting {auth-proxy | system | network | exec | connection |
commands level} {default | list-name} [vrf vrf-name] {start-stop |
stop-only | none} [broadcast] group group-name
 

Configures

AAA Accounting

Default

Disabled

Description

This command enables accounting, which can be used for billing and security purposes.

 

auth-proxy

Provides information about all authenticated proxy user events.

 

system

Enables accounting for all system events that are not associated with a user (such as a reload).

 

exec

Enables accounting for EXEC-level commands.

 

connection

Provides information about all outbound connections, such as telnet, LAT, rlogin and SSH.

 

commands level

Enables accounting for the specified privilege level (0 to 15).

 

default

Uses the listed accounting methods that follow this argument as the default list for accounting services

 

list-name

Specifies the AAA accounting protocol to use (radius or tacacs+).

 

vrf vrf-name

Optional. Specifies a virtual route forwarding (VRF) configuration.

 

start-stop

Creates an accounting entry at the start and end of the command.

 

stop-only

Sends an accounting entry only when the command has completed execution.

 

none

Disables accounting services on this line or interface.

 

broadcast

Optional. Enables the sending accounting records to multiple AAA servers.

 

group group-name

Specifies the AAA accounting protocol to use for the specified server group (group radius and group tacacs+).

Example

The following configuration statements enable AAA accounting for commands at level 5. An accounting entry is generated when the command is initiated and when it is terminated; the command doesn't execute until the server has received the message and the TACACS+ protocol is used to send the entries to the accounting server.

aaa new-model
aaa accounting command 5 default group tacacs+

aaa accounting delay-start global

aaa accounting delay-start
no accounting delay-start
 

Configures

Delays accounting start records until the user's IP address is established

Default

Disabled (no delay)

Description

The default behavior is to start accounting as soon as the user connects, even before her IP address has been established. The command delays the accounting until the IP address has been established.

aaa accounting gigawords global

aaa accounting gigawords
no aaa accounting gigawords
 

Configures

Enables 64-bit counters within AAA

Default

Enabled

Description

The command is enabled by default and only shows up in the configuration if the no version is used. The high-capacity counters provide greater counter capacity but use 8 percent of CPU memory for 24,000 sessions running under the ready state. If you do disable this with the no form of the command, you must reload the router to have it take effect.

aaa accounting nested global

aaa accounting nested
no aaa accounting nested
 

Configures

Nesting network records within EXEC start and stop records

Default

Disabled

Description

This commands keeps EXEC start and stop records togetheror nestedfor PPP users who start EXEC terminal sessions. Such nesting can be helpful for certain billing practices.

aaa accounting resource global

aaa accounting resource method-list start-stop [broadcast] group group-name
no accounting resource method-list start-stop [broadcast] group group-name
aaa accounting resource method-list stop-failure [broadcast] group group-name
no accounting resource method-list stop-failure [broadcast] group group-name
 

Configures

Accounting for the starting or stopping of a connection

Default

N/A

Description

The start-stop version of this command enables the accounting of a user's connection at the start of the call and at the end. The stop-failure command enables the generation of a stop record if the user's call is terminated.

 

method-list

Method used for accounting services. You can set this to default or provide a list of accounting methods.

 

broadcast

Optional. Enables the sending of accounting records to multiple AAA servers.

 

group group-name

Specifies the AAA accounting protocol to use (group radius or group tacacs+).

Example

aaa accounting resource default start-stop group radius
aaa accounting resource default stop-failure group radius
aaa accounting send stop-record authentication failure global

aaa accounting send stop-record authentication failure
no aaa accounting send stop-record authentication failure
 

Configures

Stop records for users who fail to authenticate

Default

Disabled

Description

If the user fails a login or session negotiation, this command causes a stop record to be generated for this connection attempt.

aaa accounting session-duration ntp-adjusted global

aaa accounting session-duration ntp-adjusted
no accounting session-duration ntp-adjusted
 

Configures

Use of NTP clock to calculate Radius session time

Default

Disabled

Description

By default, the Radius attribute acct-sess-time is calculated on a 64-bit monotonically increasing counter, which is not Network Time Protocol-adjusted. This command causes the attribute to be calculated based on the NTP clock.

aaa accounting suppress null-username global

aaa accounting suppress null-username
no aaa accounting suppress null-username
 

Configures

Stopping the sending of accounting messages when the username is NULL

Default

Disabled

Description

This command prevents the creation of accounting records with usernames of NULL.

aaa accounting update global

aaa accounting update [newinfo] [periodic minutes [jitter {maximum max-value}]]
no accounting update
 

Configures

Periodic interim accounting records

Default

Disabled

Description

Enables periodic interim accounting records to be sent to the accounting server. If the newinfo option is used, periodic reports are sent only when there is new information to report.

 

newinfo

Optional. Causes periodic information to be sent whenever there is new information about the user.

 

periodic

Optional. Specifies the number of minutes between periodic updates.

 

jitter

Optional. Allows the setting of the maximum jitter value.

 

maximum

Required for the jitter command. Sets the number of seconds for the maximum jitter in a periodic update. A value of 0 disables jitter. The default is 300 seconds.

aaa authentication attempts login global

aaa authentication attempts login number
no aaa authentication attempts login
 

Configures

The maximum number of login failures

Default

Three attempts

Description

This command sets the number of login attempts that will be permitted before the connection is dropped. number is the maximum value, which can be 1 to 25.

aaa authentication banner global

aaa authentication banner delimiter
no aaa authentication banner
 

Configures

A banner to be displayed at user login

Default

None

Description

Like all banner commands, this one takes a delimiter, which marks the end of the following banner string. This banner is displayed to the user at login.

Example

aaa new-model
aaa authentication banner * Welcome to our system. Unauthorized access is
prohibited *
aaa authentication login default group radius

aaa authentication enable default global

aaa authentication enable default method ... method
no aaa authentication enable default method ... method
 

Configures

Authentication for privileged command level

Default

None

Description

This command configures the router to use AAA to determine whether a user can access the privileged command set. The method parameter can be any of the following: enable, line, none, group tacacs+, or group radius. Each method describes where to get the password for authentication. If more than one method is listed, the methods are tried in order until one succeeds or all fail. This command does not work with TACACS or Extended TACACS (XTACACS).

aaa authentication fail-message global

aaa authentication fail-message delimiter
no aaa authentication fail-message
 

Configures

A failed login attempt banner message

Default

Disabled

Description

Like all banner commands, this one takes a delimiter, which marks the end of the following banner string. This banner is displayed to the user at a failed login attempt.

aaa authentication local-override global

aaa authentication local-override
no aaa authentication local-override
 

Configures

The use of local usernames and passwords

Default

Disabled

Description

This command tells the router to check its own username and password database for a match before using any other authentication methods. It is useful if you have a small set of administrators who need access to the router even when the AAA server is down.

aaa authentication login global

aaa authentication login {default | listname} method ... method
no aaa authentication login
 

Configures

AAA authentication method for login

Default

local

Description

This command defines a named list of authentication methods that can be used when a user logs into the device. The listname parameter specifies the name of the list; the login authentication command is used to apply a list. default is a special list name; the default list specifies the authentication methods to be used by default (i.e., in the absence of explicit login authentication commands). method describes where to get the password for authentication. If more than one method is listed, the methods are tried in order until one succeeds or all have failed. The valid methods are: enable, krb5, line, local, local-case, none, group radius, group tacacs+, and krb5-telnet. The local-case option uses case-sensitive local usernames.

Example

The following command defines the default list of login authentication methods. Because this is the default list, it applies to all users, even if there is no login authentication command. The router first attempts to use the tacacs+ method for authentication, then the enable method. Therefore, the enable password is used to authenticate users if the device cannot contact the TACACS+ server.

! Set authentication for login
aaa authentication login default group tacacs+ enable none
aaa authentication password-prompt global

aaa authentication password-prompt string
no aaa authentication password-prompt
 

Configures

Password prompt for logins

Default

Password:

Description

This command sets the text displayed for a user's password prompt to string.

Example

aaa authentication password-prompt "What is your password?"
aaa authentication ppp global

aaa authentication ppp {default | listname} method ... method
no aaa authentication ppp
 

Configures

AAA authentication method for PPP

Default

local

Description

This command defines a named list of authentication methods that can be used when a user starts a PPP session. The listname parameter specifies the name of the list; the login authentication command is used to apply a list. default is a special list name; the default list specifies the authentication methods to be used by default (i.e., in the absence of explicit login authentication commands). method describes where to get the password for authentication. If more than one method is listed, they are tried in order until one succeeds or all fail. The valid methods are enable, krb5, line, local, local-case, none, group radius, group tacacs+, and krb5-telnet.

Example

The following command defines the default list of authentication methods for PPP users. Because this is the default list, it applies to all PPP users, even if there is no login authentication command. The router attempts to use the tacacs+ method for authentication; if the device cannot contact the TACACS+ server, no other authentication is attempted, and the connection is rejected.

! Set authentication for ppp
aaa authentication ppp default tacacs+ none

aaa authentication username-prompt global

aaa authentication username-prompt string
no aaa authentication username-prompt string
 

Configures

Username prompt for AAA authentication

Default

Username:

Description

Like the password-prompt command, this command sets the text used to prompt for a username when using AAA authentication. The prompt is set to string.

aaa authorization global

aaa authorization {network | exec | command level} method ... method
no aaa authorization {network | exec | command level}
 

Configures

Authorization for actions

Default

Disabled

Description

This command sets the authorization method for different command sets.

 

network

Sets the authorization method used for network commands.

 

exec

Sets the authorization method for any EXEC-level command.

 

command level

Sets the authorization method for commands at the given privilege level. Privilege levels range from 0 to 15, inclusive.

 

method ... method

Specifies where the device looks up the authorization information for a user. method describes where to get the password for authentication. If more than one method is listed, the methods are tried in order until one succeeds or all have failed. The valid method types are group tacacs+, if-authenticated, none, local, group radius, and krb5-instance.

Example

The following commands require TACACS+ authentication for users giving commands at level 8.

aaa new-model
aaa authorization command 8 group tacacs+ none

aaa authorization config-commands global

aaa authorization config-commands
no aaa authorization config-commands
 

Configures

Authorization for config level access

Default

Disabled, unless the aaa authorization command has been given, in which case all config-commands require authorization

Description

This command enables authorization of config-commands (i.e., any command that requires you to give the conf terminal command to enter configuration mode). Here's a scenario in which you might use it: if you give the aaa authorization command, AAA authorization will be required for all commands. To disable authorization of config-commands, you can give the command no aaa authorization config-commands.

Example

aaa new-model
aaa authorization command 8 tacacs+ none
no aaa authorization config-commands
aaa authorization reverse-access global

aaa authorization reverse-access {group tacacs+ | group radius}
no aaa authorization reverse-access
 

Configures

Authorization for reverse telnet access

Default

Disabled (no authorization for reverse telnet)

Description

This command enables authorization for a user who is requesting reverse telnet access. If specified, group tacacs+ or group radius is used for authentication.

aaa authorization template global

aaa authorization template
no aaa authorization template
 

Configures

Local or remote customer templates

Default

Disabled

Description

This command enables the use of customer templates for VPN or VPN Routing and Forwarding (VRF).

aaa configuration route global

aaa configuration route username string [password string]
no aaa configuration route username string [password string]
 

Configures

Username and password for downloading static routes from Radius server

Default

Username is hostname and password is cisco

Description

This command allows for the definition of a username and password other than the defaults for downloading static route information from a Radius server.

aaa group server radius global

aaa group server radius group-name
no aaa group server radius group-name
 

Configures

A group of Radius servers

Default

None

Description

This command defines a group of Radius servers. To add a Radius server to the group, use the server command, followed by the IP address of the server. If the auth-port and acct-port are not defined, the default ports of 1645 and 1646 are used.

Example

aaa group server radius myradiusgroup
 server 10.1.1.1
 server 10.1.2.1 auth-port 1700 acct-port 1701

aaa group server tacacs+ global

aaa group server tacacs+ group-name
no aaa group server tacacs+ group-name
 

Configures

A group of TACACS+ servers

Default

None

Description

This command defines a group of TACACS+ servers. To add a TACACS+ server to the group, use the server command, followed by the IP address of the server.

Example

aaa group server tacacs+ mytacacsplusgroup
 server 10.1.1.1
 server 10.1.2.1
aaa new-model global

aaa new-model
no aaa new-model
 

Configures

Enables AAA access control

Default

Disabled

Description

By default, the AAA model is not enabled, and you cannot use the AAA configuration commands. This command enables AAA and allows you to configure it.

absolute-timeout line

absolute-timeout number-of-minutes
no absolute-timeout
 

Configures

Amount of time a connection can be open

Default

None

Description

This command sets the interval before closing a connection to number-of-minutes. Unlike the other timeouts, this command sets a hard limit for the connection time; it is not an idle timeout. The connection will be closed at this time even if the connection is not idle. Use the no form of the command to disable the timeout.

access-class line

access-class access-list [in | out]
no access-class access-list
 

Configures

Applies an access list to a line

Default

None

Description

This command specifies which access list to apply to this line (access-list), and in what direction the list should be applied (in or out). For more information on creating access lists, see Chapter 7.

Example

The following commands apply access list 10 to outgoing traffic on virtual terminals 0-4.

access-list 10 permit host 10.10.1.2
! Apply the access-list to the virtual lines 0-4
line vty 0 4
 access-class 10 out
access-enable command

access-enable [host] [timeout minutes]
 

Configures

Creates an entry in a dynamic access list

Default

None

Description

This command enables the Lock and Key feature . It allows an entry to be made in a dynamic access list for the current session. The host keyword is optional; it tells the access list to allow access only from the host that initiated the session. The timeout option specifies the time in minutes, after which the access list entry is deleted if no traffic matching the entry is seen. In other words, if the connection is idle for the given time, the entry in the access list is deleted and the user must re-authenticate.

access-enable is often used with autocommand to create a dynamic access list for an incoming telnet session.

Example

This example creates a dynamic access list for the host that made the connection. The access list times out after five minutes.

autocommand access-enable host timeout 5
 

To make use of this entry, there must be an extended access list like the following:

access-list 110 dynamic incoming-user timeout 5 permit ip any any
 

This list must be applied to any interfaces that support dial-in users. The permit part of the statement controls the incoming user's access to network resources. The timeout in the access-list command is absolute; the temporary entry exists only for the given number of minutes. It overrides the timeout in the access-enable command.

access-list global

Standard:

access-list number {permit | deny} src-address-spec
 

Extended:

access-list number {permit | deny} protocol src-address-spec [operator port]
 dest-address-spec [operator port] [established] [precedence value]
 [tos value] [log]
 

Named:

ip access-list {standard | extended} name
 

All access list types:

no access-list number
 

Configures

An access list

Default

None

Description

Access lists are an extremely general method for controlling access to the router, the traffic flowing in and out of the router, and even the routes accepted by the router. This command defines an entry in an access list.

 

number

A number that identifies the list and list type. Table 17-1 shows the ranges assigned to each list type. This book covers only standard and extended IP access lists, plus named and reflexive access lists.

Table 17-1. Access list numbers

List type

Numeric range

Standard IP access lists

1-99

Extended IP access lists

100-199

Ethernet type code

200-299

DECnet

300-399

XNS

400-499

Extended XNS

500-599

AppleTalk

600-699

Ethernet address

700-799

Novell

800-899

Extended Novell

900-999

Novell SAP

1000-1099

Additional standard IP access lists

1300-1999

Additional extended IP access lists

2000-2699

Named access lists

None

Reflexive access lists

None

 

permit|deny

Specifies if the line is to permit or deny matched traffic.

 

protocol

Specifies the protocol to which the access list entry applies. For IP access lists, this option can be ip, tcp, udp, igmp, or icmp.

 

src-address-spec dest-address-spec

The source and destination addresses or networks can be expressed in a number of ways: any, a single host address, or an entire network address, as follows:

 

any

Matches any address. This command is shorthand for the IP address and wildcard mask of 0.0.0.0 255.255.255.255. (See Chapter 7 for more information.)

 

host ip-address

Matches a single host, identified by its IP address.

 

ip-address wildcard-mask

Matches any address in the set specified by the IP address and the wildcard mask. For example, 10.10.1.0 0.0.0.255 matches the address range 10.10.1.0 through 10.10.1.255. Wildcards are covered in Chapter 7.

 

operator port

These options, operator and port, allow you to specify services or groups of services. The operator must be one of the following:

 

lt

Less than

 

gt

Greater than

 

eq

Equal

 

neq

Not equal

 

range

The range between two port numbers

Ports can be specified either by number or by the name of a service (smtp, telnet, www, ftp, etc.).

If a port expression follows the source address in an access list, packets must have a source port that matches the expression in order to pass the access list. Likewise, if a port expression follows the destination address, packets must have a destination port that matches the expression to pass the access list.

 

precedence value

Optional. This command allows packets to be filtered on IP precedence level. The value can be 0 to 7.

 

tos value

Optional. TOS stands for Type of Service. Packets can be filtered by the IP Type of Service, with a value of 0 to 15.

 

log

This keyword causes the router to write a log message to the console for packets that match this line. It logs the first packet that matches the line and then repeats only every few minutes, which prevents a flood of log messages. Console logging must be enabled before messages appear.

 

established

This keyword matches TCP packets that have ACK or RST bits set, i.e., packets that belonged to an established connection. It is used to prevent hosts from outside the local network from starting connections to hosts within the network, while allowing packets from an established connection back into the network.

 

icmp-type value

ICMP packets can be filtered based on their type, which is a value from 0 to 255.

 

igmp-type value

IGMP packets can be filtered based on their type, which is a value from 0 to 15.

Many different kinds of statements are used to apply an access list. The most common are ip access-group, which applies an access list to incoming or outgoing traffic on an interface, and access-class, which applies an access list to incoming or outgoing traffic on a line.

Note that the no form of this command deletes the entire access list, not just a single entry.

Named Access Lists (IOS 11.0 and greater)

IOS 11.0 introduced a new method of creating and editing IP access lists, called named access lists. As the name implies, named access lists are assigned a string-based name, rather than a number. Otherwise, they are essentially identical to standard and extended IP access lists but with the added ability to do some basic editing.

To create a named access list, start with the ip access list command:

ip access-list {standard | extended} name
 

The keyword standard indicates that this is a standard IP access list; extended indicates that this is an extended IP access list. name is the name of the list; it must be a unique alphanumeric string. You may then enter a series of permit and deny commands. For standard access lists, these commands have the following syntax:

{permit | deny} src-address-spec
 

For an extended list, the syntax is:

{permit | deny} protocol src-address-spec [operator port] dest-address-spec
[operator port] [established] [precedence value] [tos value] [log]
 

The parameters for the permit and deny commands in named access lists are the same as for extended access lists.

Named access lists cannot always be used in the same places that numbered access lists can, though this is slowly being corrected as IOS evolves.

As of IOS 12.4, you can enter noncontiguous ports on a single line within a named access list. Before, you would write such an access list like this:

ip access-list extended acllist1
 permit tcp any host 192.168.1.1 eq telnet
 permit tcp any host 192.168.1.1 eq www
 permit tcp any host 192.168.1.1 eq smtp
 permit tcp any host 192.168.1.1 eq pop3
 

With noncontiguous port support, you can write it more tersely:

ip access-list extended acllist1
 permit tcp any host 192.168.1.1 eq telnet www smtp pop3
 

Example

Here are examples of several types of access list elements. We assume that these access lists are used to restrict incoming traffic on an interface. First, a standard IP access list that permits traffic from the network 10.0.1.0:

access-list 5 permit 10.0.1.0 0.0.0.255
 

This access list element permits HTTP traffic from any source to reach the server at 10.1.2.3:

access-list 105 permit tcp any host 10.1.2.3 eq http
 

And this element permits TCP traffic to enter the router from any destination, provided that the session was initiated by a host "behind" the router:

access-list 105 permit tcp any any established
 

Remember that all access lists end with an "implicit deny," which rejects all traffic not permitted by a statement in the access list.

access-list rate-limit global

access-list rate-limit access-list {precedence | exp | mac-address |
mask precedence-mask}
no access-list rate-limit access-list
 

Configures

An access list for Committed Access Rate (CAR)

Default

None

Description

This command selects packets for CAR policies based on IP precedence or MAC addresses. There can only be one command per access list. If you need to assign more than one precedence level to a single access list, use the mask keyword. The access list is used to classify packets. For IP, use any number from 1 to 99; for MAC, use any number from 100 to 199; and for the MPLS experimental field, use any number from 200 to 299.

 

precedence

The IP precedence level to apply to the access list.

 

exp

MPLS experimental field. Valid values are number from 0 to 7.

 

mac-address

The MAC address to apply to the access list.

 

mask precedence-mask

The precedence mask to apply to the access list. To calculate the mask, convert the precedence value to an eight-bit mask. A precedence of 0 is encoded as 000000001; a precedence of 1 is 00000010. Then AND all the bit values together to get a single mask. For example, the mask that covers a precedence of 1 through 3 would be 00001110. When you have the binary mask, convert it to a two-digit hexadecimal number; for this example, the mask would be 0E.

Example

! This command assigns a CAR access-list of 10 to packets with an IP
! precedence of 1 through 3.
access-list rate-limit 10 mask 0E

access-template command

access-template [access-list] [temp-list] [source] [destination] [timeout
 minutes]
 

Configures

An entry in a temporary access list

Default

None

Description

This command creates an entry in a temporary access list on the router to which you are connected.

 

access-list

The name or number of the dynamic access list.

 

temp-list

The name of the temporary list within the access list.

 

source

The usual source address specification (the host and any keywords are allowed).

 

destination

The usual destination address specification (the host and any keywords are allowed).

 

timeout minutes

The maximum time, in minutes, that the entry will remain in the list.

For more information about how source and destination addresses are specified, see the description of the access-list command and Chapter 7.

activation-character line

activation-character ascii-number
no activation-character
 

Configures

The activation character for an idle terminal session

Default

Return character (13)

Description

This command specifies which key initiates a session at an idle terminal. ascii-number is the decimal value of the activation character you wish to set. To disable this command and return to the default, use the no form.

Example

These commands set the activation character for a terminal connected to line 2 to ASCII character 13 (Return or Enter):

Router(config)# line 2
Router(config-line)# activation-character 13

aggregate-address router, BGP

aggregate-address address mask [as-set] [summary-only] [suppress-map map]
 [advertise-map map] [attribute-map map]
no aggregate-address address mask [as-set] [summary-only] [suppress-map map]
 [advertise-map map] [attribute-map map]
 

Configures

BGP route aggregation

Default

Disabled

Description

This command configures route aggregation when using BGP. An aggregate route is generated by combining several different routes. The new route covers all the smaller routes with a single route, making the routing table smaller and easier to manage.

 

address

The IP address of the destination network for the aggregate route.

 

mask

The network mask for the aggregate route.

 

as-set

Optional. Generates AS-SET path information.

 

summary-only

Optional. This keyword causes routes that are more specific than the aggregate address to be suppressed.

 

suppress-map map

Optional. The map to use to select routes to be suppressed.

 

advertise-map map

Optional. The map to use to select routes to create AS-SET origin communities.

 

attribute-map map

Optional. The map to use to set the attributes of the aggregate route.

Example

Say that we're configuring a router for the network 10.10.0.0. Instead of advertising all the routes within this network that we know about (10.10.1.0, 10.10.2.0, etc.), we want to advertise an aggregate address for the whole 10.10.0.0 network:

! BGP configuration
router bgp 100
 neighbor 10.1.1.1 remote-as 100
 neighbor 10.2.2.2 remote-as 200
 network 10.10.0.0
 ! Without the summary-only keyword, the router would continue to advertise
 ! the component networks of this summary route.
 aggregrate-address 10.10.0.0 255.255.0.0 summary-only
alias global

alias mode alias-name command
 

Configures

Command aliases

Default

None

Description

This command allows you to configure an alias, or abbreviation, for any IOS command.

 

mode

The mode to which the alias and the command that you are aliasing belong. It can be any of the configuration modes: configuration (for global commands), user, exec, hub, interface, line, map-class, map-list, route-map, router, etc.

 

alias-name

The name to be assigned to the alias.

 

command

The IOS command represented by the alias.

Example

To assign the shorthand t1 to the command telnet 10.1.1.1 2001, use the following command:

alias exec t1 telnet 10.1.1.1 2001
area authentication router, OSPF

area area-id authentication [message-digest]
no area area-id authentication
 

Configures

OSPF authentication

Default

No authentication

Description

This command enables simple password authentication for an OSPF network. All routers within the OSPF area must be configured to use the same password. The authentication password is set by the ip ospf authentication-key command.

 

area-id

The area to which this command applies.

 

message-digest

Enables MD5 authentication for the area.

Example

The following configuration starts an OSPF process using authentication for area 0. The authentication key is letmein.

! Set the OSPF key on interface serial 0 to letmein
interface serial 0
 ip address 10.100.1.1 255.255.2255.0
 ip ospf authentication-key letmein
!
router ospf 99
 network 10.0.0.0 0.255.255.255 area 0
 area 0 authentication
area default-cost router, OSPF

area area-id default-cost cost
no area area-id default-cost
 

Configures

The OSPF cost for a default summary route

Default

1

Description

This command is used only for an Area Border Router (ABR) to a stub area.

 

area-id

The area to which the default-cost applies.

 

cost

The value of the cost. Any 24-bit number can be used.

area nssa router, OSPF

area area-id nssa [no-redistribution] [default-information-originate]
no area area-id nssa
 

Configures

An OSPF NSSA

Default

None

Description

A not-so-stubby area (NSSA) is just like a stub area, but shares routing information with an external network that is using a different routing protocol. In other words, it is a stub area with an ASBR router. The remote network becomes an area to your OSPF network, eliminating the need to implement the different routing protocol within the OSPF network. See the OSPF section in Chapter 9 for more information.

 

area-id

The area to which this command applies.

 

no-redistribution

Optional. Disables redistribution of normal area routes into the NSSA.

 

default-information-originate

Optional. Generates type-7 default routes into the NSSA.

area-password router, IS-IS

area-password password
no area-password
 

Configures

IS-IS area authentication password

Default

No password authentication

Description

This command enables password authentication for an IS-IS area. The password is transmitted in clear text; it thus provides very little security but may help prevent misconfiguration.

area range router, OSPF

area area-id range address mask
no area area-id range address mask
 

Configures

OSPF route summarization

Default

None

Description

This command tells the OSPF routing process to summarize selected routes for an area. A single route to the given address is generated, instead of separate routes for the individual networks.

 

area-id

The area to be summarized.

 

address

The IP address of the network to summarize.

 

mask

The mask for the IP address, showing which routes to include in the summary.

Example

The following OSPF configuration summarizes all routes for area 2 into a single route for network 10.0.0.0/8:

router ospf 99
 network 10.0.0.0 0.255.255.255 area 2
 area 2 range 10.0.0.0 255.0.0.0

area stub router, OSPF

area area-id stub [no-summary]
no area area-id stub
 

Configures

An OSPF stub area

Default

None

Description

This command defines an area to be a stub area. A stub area receives a default summary route from the ABR for destinations outside the autonomous system. The no-summary option makes the area a Totally Stubby network, which restricts LSA Type-3 packets (intra-area summaries) from entering the stubby area.

 

area-id

The area to define as a stub.

 

no-summary

Prevents summary link advertisements from entering the stub area.

area virtual-link router, OSPF

area area-id virtual-link router-id [hello-interval seconds]
[retransmit-interval seconds] [transmit-delay seconds]
[dead-interval seconds] [authentication-key key]
[message-digest-key keyid md5 key]
no area area-id virtual-link router-id
 

Configures

An OSPF virtual link

Default

None

Description

This command establishes a virtual link that connects a broken OSPF backbone; in OSPF, the backbone must be contiguous. It is useful when a contiguous backbone is not possible. Virtual links can also be used to create an area that does not have a direct link to the backbone (area 0).

 

area-id

The ID of the area being crossed by the virtual link.

 

router-id

The ID of the router at the other end of the virtual link.

 

hello-interval seconds

Optional. The time in seconds between transmission of hello messages by the router over the virtual link. The default is 10 seconds. All routers participating in the same area must have the same hello interval.

 

retransmit-interval seconds

Optional. The time in seconds that a router waits before retransmitting a link-state announcement (LSA). The default is five seconds. When setting this value, you need to ensure that the time includes the entire round trip of the packet.

 

transmit-delay seconds

Optional. This is the estimated time, in seconds, that the interface will take to transmit the packet. An LSA's age is decremented by this value before transmission. The default is one second.

 

dead-interval seconds

Optional. A router is considered down if a hello packet isn't received from it within this interval. All routers participating in the area must have the same dead-interval. The default is 40 seconds.

 

authentication-key key

Optional. This is the authentication password used for OSPF routing if authentication is enabled. The key can be up to eight bytes long. If you want to use authentication, all routers in the OSPF network must have authentication enabled, and all neighbor routers must use the same key.

 

message-digest-key keyid md5 key

Optional. This is the authentication key and password to be used by neighboring OSPF routers. The keyid is a number between 1 and 255, and is used to identify this key in subsequent commands. The key is essentially a password; it is a string up to 16 characters long. All neighbor routers must use the same keyid and key.

arp (global) global

arp ip-address mac-address type [alias]
no arp ip-address mac-address type [alias]
 

Configures

Adds a static entry to the ARP table

Default

No static ARP entries are made

Description

This command allows you to place a static entry in the ARP table, which is a dynamic table that maps IP addresses to the corresponding MAC (hardware) addresses. The ip-address and mac-address are simply the IP address and the hardware address for the entry you wish to create. The type argument is the encapsulation type (arpa for Ethernet, smds for SMDS, snap for FDDI and token ring, etc.). The optional alias keyword tells the router to respond to ARP requests as if it were the requested device itself; i.e., the router responds to an ARP request for an aliased device with its own IP address.

arp (interface) interface

arp {arpa | frame-relay | probe | snap}
no arp {arpa | frame-relay | probe | snap}
 

Configures

Interface-specific handling of ARP requests

Default

ARPA (Ethernet)

Description

This command allows you to specify the type of encapsulation to use for ARP packets on this interface. The types are arpa (Ethernet, the default), frame-relay (ARP over Frame Relay encapsulation), probe (HP Probe protocol), and snap (RFC 1042).

arp timeout interface

arp timeout seconds
no arp timeout seconds
 

Configures

The lifetime of an ARP entry in the ARP table

Default

14400 seconds

Description

This command allows you to set the time that an entry will remain in the ARP table. The default is 4 hours.

async-bootp global

async-bootp keyword [:hostname] value
no async-bootp keyword [:hostname] value
 

Configures

BOOTP parameters for async dial-up lines

Default

Disabled

Description

This command assigns a value to a given BOOTP keyword. Table 17-2 shows the BOOTP parameters and their values. Normally, all BOOTP parameters are sent to dial-up hosts requesting BOOTP information. Adding :hostname to a keyword applies the BOOTP variable to a specific requesting host. Other hosts that request BOOTP parameters will not be sent this keyword.

Table 17-2. BOOTP keywords and values

Keyword

Value

Meaning

bootfile

filename

Server boot file to be downloaded

subnet-mask

mask

The subnet mask to be used

time-offset

offset

The offset time in seconds from the Coordinated Universal Time (UTC)

gateway

address

The IP address of the default gateway

time-server

address

The IP address of the time server

nbns-server

address

The IP address of the Windows NT server

dns-server

address

The IP address of the DNS server

log-server

address

The IP address of the MIT-LCS log server

quote-server

address

The IP address of the QOTD (quote of the day) server

lpr-server

address

The IP address of the LPR print server

bootfile-size

size

The size of the bootfile in terms of 512-byte blocks

 

Example

The following commands define the DNS server, subnet mask, and NBNS server to be sent to hosts requesting BOOTP information:

! Configure our bootp items
async-bootp subnet-mask 255.255.255.0
async-bootp dns-server 10.1.1.1
async-bootp nbns-server 10.1.1.2
async default ip address interface

async default ip address address
no async default ip address address
 

Configures

The IP address used by the connecting (remote) system

Default

None

Description

This command is defunct. Use peer default ip address instead.

async default routing interface

async default routing
no async default routing
 

Configures

Routing on async interfaces

Default

Disabled

Description

By default, routing protocols like RIP, IGRP, EIGRP, and OSPF are not enabled on asynchronous interfaces. This command allows all the routing protocols to be enabled on these interfaces. It can be used to route between offices that are linked by traditional analog modems. Use the no form to disable routing on this interface.

Example

The following commands set up default routing for a dedicated async line:

interface async 2
 encapsulation ppp
 async mode dedicated
 async default routing

async dynamic address interface

async dynamic address
no async dynamic address
 

Configures

Dynamic IP addresses on async interfaces

Default

Disabled

Description

Dynamic addressing means that a user connecting to the router for a PPP or SLIP session is allowed to select the interface's IP address using the EXEC mode commands. This feature can be used only when the async mode is interactive.

async dynamic routing interface

async dynamic routing
no async dynamic routing
 

Configures

Dynamic routing on an async interface

Default

Disabled

Description

Dynamic routing means that remote users who connect to this asynchronous interface can enable routing over their PPP or SLIP connections. By default, no dynamic routing is done on an asynchronous interface.

Example

interface async 5
 ip tcp header-compression passive
 async dynamic routing
 async dynamic address

async mode interface

async mode {dedicated | interactive}
no async mode {dedicated | interactive}
 

Configures

The mode the user receives when connecting to an async interface

Default

Disabled

Description

The mode can be either dedicated or interactive.

 

dedicated

The interface is reserved for PPP and SLIP connections. No user prompt ever appears on a dedicated line when a user connects. Instead, the connection parameters are negotiated automatically.

 

interactive

Users are given a prompt when they connect to this interface. It is up to the user to start PPP or SLIP, or to interact directly with the router from the command prompt. The autoselect command can be used to detect PPP packets on an interactive async line and start PPP automatically. autoselect is not needed on dedicated mode async lines.

Example

On the first interface (async1), we set up a dedicated interface, which means that an IOS prompt doesn't appear when a user connects to the router through this interface. We make the second interface interactive, allowing the user to enter IOS commands and requiring her to start PPP or SLIP manually.

interface async1
 peer default ip address 10.10.1.1
 async mode dedicated
 encapsulation ppp
!
interface async2
 peer default ip address 10.10.1.2
 async mode interactive
atm address global

atm address address
no atm address
 

Configures

An ATM address

Default

An automatically generated ATM address is assigned

Description

This command assigns a full (20-byte) ATM address or a partial (13-byte) address. Multiple ATM addresses are allowed. The first address in the list is the active address.

atm arp-server interface

atm arp-server {self [timeout minutes] |nsap nsap-address}
no atm arp-server {self [timeout minutes] | nsap nsap-address}
 

Configures

An ARP server for the network

Default

No ATM ARP server

Description

This command assigns an ARP server for the ATM network. The self keyword identifies the current device as the ARP server. The timeout minutes option specifies the amount of time that an ARP entry is listed before the server tries to verify the entry; the default timeout value is 20 minutes. The nsap nsap-address parameter specifies the NSAP address of the ATM ARP server if the current device isn't acting as the server.

atm esi-address interface

atm esi-address esi.selector
no atm esi-address
 

Configures

End station ID and selector fields of the ATM NSAP address

Default

None

Description

This command specifies the end station ID (ESI) and the selector byte fields of an ATM address. The ESI is 12 hexadecimal characters; the selector byte field is 2 hexadecimal characters.

atm lecs-address interface

atm lecs-address lecs-address[sequence-number]
no atm lecs-address
 

Configures

The LECS address to be advertised

Default

None

Description

This command configures the address of the LAN Emulation Configuration Server (LECS) for the current interface. If this command isn't in the interface's configuration, the LECS defaults to the server given by atm lecs-address-default. The lecs-address is the NSAP address of the server. The sequence-number provides the position in the address in the LECS table.

atm lecs-address-default global

atm lecs-address-default lecs-address[sequence-number]
no atm lecs-address-default lecs-address
 

Configures

The LECS address to be advertised

Default

None

Description

This command configures the address of the LECS. It is a global command; the server specified here is overridden by the interface-specific atm lecs-address command. The lecs-address is the NSAP address of the server. The sequence-number provides the position in the address in the LECS table.

atm nsap-address interface

atm nsap-address address
no atm nsap-address
 

Configures

The NSAP ATM end-system address of the interface

Default

None

Description

This command sets the NSAP address of the interface, which consists of 40 hexadecimal characters.

atm pvc interface

atm pvc vcd vpi vci encap [peak avg [burst]] [inarp [minutes]]
[oam [seconds]] [compress]
no atm pvc vcd vpi vci encap [peak avg [burst]] [inarp [minutes]]
[oam [seconds]] [compress]
 

Configures

Creates an ATM PVC

Default

None

Description

This command creates an ATM Permanent Virtual Circuit (PVC). On recent versions of IOS, it's preferable to use the pvc command, if available. ATM commands are highly hardware-dependent, so the commands available on any particular router vary. For more information on creating PVCs, consult Chapter 6.

 

vcd

A Virtual Circuit Descriptor, which is a unique number used to identify this particular VPI/VCI pair on the router.

 

vpi

The Virtual Path Identifier of the PVC. This identifier is unique only to the interface. The value can be from 0 to 255.

 

vci

The Virtual Channel Identifier of the PVC, which is a value from 0 to 1023. 0 to 31 are typically reserved for specific kinds of management traffic. vpi and vci may not both be 0.

 

encap

The type of encapsulation used on the line. The encapsulation may be aal5mux (a MUX-type virtual connection), aal5snap (the only encapsulation supported for Inverse ARP), aal1 (used for streaming video), aal5voice (used for voice traffic), ilmi, and qsaal.

 

peak

Optional, but required for voice circuits. The maximum capacity of the virtual circuit in Kbps. peak ranges from 56 to 10,000. The default is the link's maximum capacity.

 

avg

Optional, but required for voice circuits. The average rate at which data is sent over the virtual circuit. Legal values are hardware-dependent. The default is the link's maximum capacity.

 

burst

Optional, but required for voice circuits. The maximum number of ATM cells that the circuit can transmit at its peak rate.

 

inarp minutes

Optional. This option generates inverse ARP packets on this virtual circuit. minutes specifies the interval between inverse ARP packets, and ranges from 1 to 60; if omitted, minutes defaults to 15.

 

oam seconds

Optional. This option generates OAM cells on this virtual circuit. seconds specifies the interval at which OAM cells are generated, and ranges from 1 to 600; if omitted, seconds defaults to 10.

 

compress

Optional. This option compresses traffic over the circuit; hardware compression is used if it's available.

Example

The following commands set up a permanent virtual circuit on an ATM interface.

interface atm0.1
 ! assign our interface's IP address
 ip address 10.10.1.1 255.255.255.0
 ! Create pvc 20 with a VPI of 0 and a VCI of 60
 atm pvc 20 0 60 aal5snap

atm-vc map-list

ip address atm-vc vci [class class-name] [broadcast] [aal5mux]
no ip address atm-vc vci [class class-name] [broadcast] [aal5mux]
 

Configures

An ATM PVC

Default

None

Description

This command creates an ATM PVC. The map-list command places you in the map list configuration mode; you must be in this mode to use the atm-vc command.

Note that it is rather bizarre to call this command atm-vc; by normal notions of command naming, it should be called ip. We're following Cisco's usage; in its defense, there are many commands whose names start with ip and have nothing to do with ATM configuration.

 

address

The destination IP address being mapped to this PVC.

 

vci

The Virtual Channel Identifier (VCI).

 

class class-name

Optional. class-name is the name of a table that contains encapsulation-specific parameters.

 

broadcast

Optional. This specifies that this entry should be used when broadcast packets need to be sent.

 

aal5mux

Optional. This specifies AAL5 multiplexing encapsulation. The default is snap encapsulation.

Example

The following commands create an ATM map named atm-map1. It establishes a virtual channel with a VCI of 20, which is mapped to the IP address 10.10.2.1; this virtual channel can be used for broadcast.

map-list atm-map1
 ip 10.10.2.1 atm-vc 20 broadcast
autobaud line

autobaud [fast]
no autobaud
 

Configures

Automatic baud rate detection

Default

Disabled

Description

The autobaud command configures a line to select the incoming baud rate automatically. The baud rate must be between 300 and 115,200. There are two limitations to this command:

  • Autobaud cannot be used on a connection at rates higher than 19,200 baud when the parity bit is set.
  • This command cannot be used on outgoing connections.

The optional fast keyword detects the baud rate with exactly three carriage returns.

Many routers do not support the higher baud rates.

Example

The following commands enable automatic baud rate detection on line 3:

Router(config)#line 3
Router(config-line)#autobaud
 

To disable autobaud and to return to the default, use the no form of this command:

Router(config)#line 3
Router(config-line)#no autobaud
autocommand line

autocommand command-string
no autocommand
 

Configures

Automatic execution of a command upon connection

Default

Disabled

Description

This command forces a specified line command, given by command-string, to be executed automatically when a login session is started. The command string can be any valid command. Use the no form to delete the selected autocommand.

Example

The following code starts PPP automatically after a successful login on line 5:

Router(config)#line tty 5
Router(config-line)#autocommand ppp
autodetect encapsulation interface

autodetect encapsulation {lapb-ta | ppp | v120}
no autodetect encapsulation
 

Configures

Automatic detection of encapsulation types

Default

No autodetect

Description

This command enables automatic detection of the encapsulation type for ISDN or point-to-point serial links. The interface changes its encapsulation type if it detects that the remote system is using a different configuration. The valid types are lapb-ta (Link Access Procedure Balanced for ISDN), ppp, and v120 (for V.120 on ISDN B channels).

autohangup line

autohangup
no autohangup
 

Configures

Automatic line disconnect

Default

Disabled

Description

This command tells the router to hang up the line automatically after the session is closed.

auto discovery qos QoS

auto discovery qos [trust]
no auto discovery qos
 

Configures

Auto QoS Autodiscovery

Default

Disabled

Description

This command enables the disovery and collecting of data for the configuration of AutoQoS. Using NBAR, this command can analyze the traffic on the network in order to produce a more relevant QoS configuration. You should let this command run a few days in order for the data collection to work. Once the system has collected enough data, disable this command with the no auto disovery qos command and then enable AutoQoS with the auto qos command. To view the QoS policy generated by this command, use the show auto qos command. This command was introduced in IOS 12.3(7)T.

 

trust

Optional. When used, this keyword tells AutoQoS that the DSCP (Differentiated Service Code Point) values of a packet can be trusted for packet classification. If the trust keyword is not used, AutoQoS relies solely on NBAR for DSCP values.

auto qos voip interface

auto qos [voip] [trust] [fr-atm]
no auto qos [voip] [trust] [fr-atm]
 

Configures

The AutoQos VoIP feature on an interface

Default

Disabled

Description

This command enables the AutoQoS VoIP feature on an interface.

 

trust

Optional. Indicates that the DSCP markings are to be trusted for classification of voice traffic.

 

fr-atm

Optional. Enables this feature for Frame Relay-to-ATM links.

Example

interface serial3/1.102 point-to-point
 bandwidth 100
 ip address 192.168.1.2 255.255.255.0
 frame-relay interface-dlci 102
 auto qos voip trust fr-dlci

auto secure EXEC command

auto secure [management | forwarding] [no-interact]
 

Configures

The router for security automatically

Default

Disabled

Description

By using this command, you are telling the router to try to automatically secure as many IP services as it can in order to configure the router as much as possible. This command reduces the complexity of securely configuring your router. For more information on this command, see Chapter 15.

 

management

Optional. Configure only the management level of the router.

 

forwarding

Optional. Configure only the packet forwarding part of the router.

 

no-interact

Optional. No user prompts on any configuration items.

autoselect line

autoselect {arap | ppp | slip| during-login}
no autoselect
 

Configures

Automatic selection of session type

Default

ARAP sessions

Description

This command configures a line to start the selected session type automatically. The sessions allowed are arap (AppleTalk remote access), ppp, and slip. during-login means that the username and password prompt are presented without a carriage return, and the user must log in normally before autoselection takes place.

Example

The following commands configure the router to start a PPP session automatically on line 10, but only after the user has successfully logged in:

line 10
 autoselect ppp
 autoselect during-login

auto-summary router

auto-summary
no auto-summary
 

Configures

RIP (Version 2), EIGRP, BGP route summarization

Default

Enabled

Description

By default, subnet routes are summarized to "classful" network routes. If you need to advertise subnets across networks, auto-summary must be disabled. To disable auto-summary, use the no form of this command. For more information, consult Chapter 8.

Example

The following configuration disables auto-summary for an EIGRP routing process:

router eigrp 110
 network 10.0.0.0
 no auto-summary

backup interface

backup interface interface
no backup interface interface

backup delay {enable-time | never} {disable-time | never}
no backup delay {enable-time | never} {disable-time | never}

backup load {enable-load | never} {disable-load | never}
no backup load {enable-load | never} {disable-load | never}
 

Configures

A backup interface

Default

None

Description

This family of commands configures a backup interface for the current interface. The first command, backup interface, specifies the interface to be used as the backup. The backup interface is activated when the primary interface goes down or reaches the load specified by the backup load command.

The backup delay command specifies how long the router should wait before activating (enable-time) or deactivating (disable-time) the backup interface. Both enable-time and disable-time are in seconds. Use of the backup delay command allows you to prevent routing instability if you have an intermittent interface. The keyword never, when used for the enable-time parameter, prevents the backup interface from being activated; when used for the disable-time parameter, it prevents the backup interface from being deactivated once it has been activated.

The backup load command specifies the load on the primary interface at which the backup interface should be activated (enable-load) or deactivated (disable-load). The load is expressed as a percentage of the primary interface's maximum capacity. The keyword never, when used for the enable-load parameter, prevents the backup interface from being activated; when used for the disable-load parameter, it prevents the backup interface from being deactivated once it has been activated.

Example

This example configures serial1 as a backup interface for serial0. If serial0 goes down for more than five seconds, or if the load on serial0 reaches 70%, the backup interface is activated.

interface serial0
 backup interface serial 1
 backup delay 5 20
 backup load 70 20
bandwidth (interface) interface

bandwidth rate
no bandwidth rate
 

Configures

The bandwidth value to be used in computing routing metrics

Default

Depends on the interface

Description

This command describes the bandwidth value to the routing protocols that use the bandwidth in computing routing metrics. It does not actually set the bit-rate on the interface itself. It does not affect the speed at which data is transmitted over the link, but does affect how the router selects routes and, therefore, how the link is used.

Example

A T1 connection would be:

bandwidth 1536
 

A 56K connection would be:

bandwidth 56

bandwidth (policy-map) policy-map

bandwidth {rate | remaining percent value | percent value }

no bandwidth {rate | remaining percent value | percent value }
 

Configures

Specifies or modifies the bandwidth allocated for a policy map

Default

None

Description

This command specifies the bandwidth in Kbps to be assigned to the class in a policy map. Alternatively, a percentage of the available bandwidth can be specified. The amount configured should be large enough to accommodate the Layer-2 overhead.

 

rate

The amount of bandwidth in Kbps.

 

remaining percent

Amount of guaranteed bandwidth, based on a relative percentage of remaining bandwidth. Value can be from 1 to 100.

 

percent

This is the percentage of available bandwidth to be set aside for this class. Value can be from 1 to 100.

Example

policy-map policy1
 class class1
 bandwidth percent 80

banner exec global

banner exec delimiter message delimiter
no banner exec
 

Configures

The banner that is displayed to the user upon successful login

Default

None

Description

This command specifies the message that is displayed after the user has logged in to the router. It is not displayed for reverse-telnet connections. This command defines only the banner message; use the exec-banner command to enable or disable the message. The delimiter marks the beginning and the end of the message; it may be any character that isn't used in the message.

Example

Here's an example of a banner:

Router(config)# banner exec # Welcome to Pyramid #
 

You can also do multiple lines:

Router(config)# banner exec #
Enter TEXT message. End with the character '#'.
Welcome to Pyramid
 Enjoy your stay
#
 

To delete the banner:

Router(config)#no banner exec
 

By default, this banner is automatically active; disabling the banner requires the use of no exec-banner:

Router(config)#no exec-banner
 

Note that disabling the exec-banner also disables the motd-banner.

banner incoming global

banner incoming delimiter message delimiter
no banner incoming
 

Configures

The banner message for all incoming reverse telnet connections

Default

None

Description

This command specifies the message that is displayed to all incoming reverse telnet connections (instead of the exec banner). If you want to disable the message, delete the banner with the no form of this command. The delimiter marks the beginning and the end of the message; it may be any character that isn't used in the message.

Example

Here's how to set a banner:

Router(config)#banner incoming # Welcome to Pyramid #
 

You can also do multiple lines:

Router(config)#banner incoming #
Enter TEXT message. End with the character '#'.
Welcome to Pyramid
 Enjoy your stay
#
 

To disable the message, delete it with the following command:

Router(config)#no banner incoming
banner login global

banner login delimiter message delimiter
no banner login
 

Configures

The login banner message

Default

None

Description

This command specifies the message that is displayed prior to the login prompt for all connections. This message cannot be disabled. If you do not want it displayed, delete it with the no form of this command. The delimiter marks the beginning and the end of the message; it may be any character that isn't used in the message.

Example

Here's an example of a login banner:

Router(config)#banner login # Restricted Access #
 

To disable this message, delete it with the following command:

Router(config)#no banner login

banner motd global

banner motd delimiter message delimiter
no banner motd
 

Configures

The banner that is displayed before the login prompt

Default

None

Description

This command specifies the message that is displayed as the message of the day, the very first message displayed to an incoming connection. This command defines only the message; the motd-banner command enables or disables the display. The delimiter marks the beginning and the end of the message; it may be any character that isn't used in the message.

Example

The following commands create a message-of-the-day banner and enable its display:

Router(config)# banner motd # All routers will be rebooted at Sunday 10AM #
Router(config)# motd-banner
 

The motd-banner command isn't strictly necessary, since the display is enabled by default. To disable the display, use the no motd-banner command:

Router(config)#no banner motd

bgp always-compare-med router, BGP

bgp always-compare-med
no bgp always-compare-med
 

Configures

BGP route selection

Default

Disabled

Description

This command allows the comparison of the multi-exit discriminator (MED) for paths, regardless of which autonomous system the path comes from.

bgp bestpath as-path ignore router, BGP

bgp bestpath as-path ignore
no bgp bestpath as-path ignore
 

Configures

BGP route selection

Default

Disabled

Description

This command prevents the router from considering the autonomous system path (as-path) when selecting routes.

bgp bestpath med-confed router, BGP

bgp bestpath med-confed
no bgp bestpath med-confed
 

Configures

BGP route selection

Default

Disabled

Description

This command enables MED comparison among paths from confederation peers.

bgp bestpath missing-as-worst router, BGP

bgp bestpath missing-as-worst
no bgp bestpath missing-as-worst
 

Configures

BGP route selection

Default

Disabled

Description

By default, routers give a route with a missing MED a value of 1, which causes that route to be considered the best path. This command causes the router to assign a value of infinity to the missing MED, which makes the route the least desirable of all the routes. For more information on MED values, consult Chapter 10.

bgp client-to-client reflection router, BGP

bgp client-to-client reflection
no bgp client-to-client reflection
 

Configures

Route reflection

Default

Enabled

Description

A route reflector automatically reflects routes from one BGP client to another. The no form of this command disables route reflection. Route reflection isn't needed if the clients already have fully meshed IBGP connections, because the clients will learn their routes directly from each other.

bgp cluster-id router, BGP

bgp cluster-id id
no bgp cluster-id id
 

Configures

Cluster ID of a route reflector

Default

Router ID

Description

This command specifies the cluster ID (id) for a BGP router. When you have one route reflector, its cluster ID is normally its router ID. If there is more than one route reflector in a cluster, they must all have the same cluster ID. In this case, you would use the bgp cluster-id command to specify the ID explicitly. A cluster ID is four bytes long.

Example

The following BGP configuration creates a BGP process for autonomous system 10. This router is designated as a route reflector. We set its cluster ID explicitly, because there is presumably more than one route reflector in the cluster.

router bgp 10
 network 10.200.200.1 route-reflector
 bgp cluster-id 10000
bgp confederation identifier router, BGP

bgp confederation identifier as
no bgp confederation identifier as
 

Configures

AS number of the confederation

Default

None

Description

This command specifies the autonomous system (AS) number for a confederation. A confederation is a group of small autonomous systems that appear to the world as a single large autonomous system. The autonomous system number for the confederation is set to as.

bgp confederation peers router, BGP

bgp confederation peers as [as]
no bgp confederation peers as [as]
 

Configures

A BGP confederation

Default

None

Description

This command lets you list the AS numbers that belong to the confederation.

Example

router bgp 1000
 bgp conferation peers 1001 1002 1003 1004
bgp dampening global

bgp dampening [half-life reuse suppress max-suppress-time] [route-map map]
no bgp dampening [half-life reuse suppress max-suppress-time] [route-map map]
 

Configures

BGP dampening settings

Defaults

half-life, 15 min; reuse, 750; suppress, 2000; max-suppress-time, 60 min

Description

This command allows you to specify the route dampening values for BGP. Dampening allows you to control "route flap," which is routing instability that results from a route making repeated transitions.

 

half-life

The time in minutes after which a penalty is decreased by half.

 

reuse

If the penalty for a flapping route increases to this value, the route can be reused.

 

suppress

When the penalty exceeds this limit, the route is suppressed.

 

max-suppress-time

The maximum amount of time a route can be suppressed; this should be about four times the half-life.

 

route-map map

A route map that controls which routes are selected for route dampening.

bgp default local-preference router, BGP

bgp default local-preference value
no bgp default local-preference value
 

Configures

BGP local preference

Default

100

Description

This command allows you to set the local preference to value. The higher the preference, the better the path. Acceptable values range from 0 to 4,294,967,295.

bgp default route-target filter router, BGP

bgp default route-target filter
no bgp default route-target filter
 

Configures

BGP route-target community filtering

Default

Enabled

Description

When the no form of this command is used, all received VPN IPv4 routes are accepted. If the router is an autonomous system border or customer edge router, this is the desired behavior.

bgp deterministic med router, BGP

bgp deterministic med
no bgp deterministic med
 

Configures

BGP route selection

Default

Disabled

Description

By default, the router does not compare the MED values for paths learned from different autonomous systems within the same confederation. This command allows you to enable MED comparison for routes learned from different autonomous systems within the same confederation.

bgp fast-external-fallover router, BGP

bgp fast-external-fallover
no bgp fast-external-fallover
 

Configures

BGP fast failover

Default

Enabled

Description

This command enables the router to reset the BGP sessions of any direct peers immediately if the link that connects the router to the peer goes down.

bgp log-neighbor-changes router, BGP

bgp log-neighbor-changes
no bgp log-neighbor-changes
 

Configures

BGP logging

Default

Disabled prior to IOS 12.1

Description

This command allows you to log changes in the status of BGP neighbors.

bgp-policy interface

bgp-policy {source | destination} {ip-prec-map | ip-qos-map}
no bgp-policy {source | destination} {ip-prec-map | ip-qos-map}
 

Configures

Propagation of policy information via BGP

Default

Disabled

Description

This command allows the propagation of policy information that is based on the IP precedence setting via BGP. To enable this properly, you must also configure a route map to set the IP precedence or QoS (quality of service) group ID by using the set ip precedence or set ip qos-group commands.

 

source

Use the precedence or QoS bit from the source address.

 

destination

Use the precedence or QoS bit from the destination address.

 

ip-prec-map

Use IP precedence as the QoS policy.

 

ip-qos-map

Use the QoS group ID as the QoS policy.

bridge acquire global

bridge bridge-group acquire
no bridge bridge-group acquire
 

Configures

Bridge forwarding

Default

Enabled

Description

By default, the router forwards frames from dynamically learned hosts. The no form of this command allows you to change this behavior so that the router only forwards frames from statically configured stations. To create static bridge hosts, use the bridge address command.

bridge address global

bridge bridge-group address mac {forward | discard} [interface]
no bridge bridge-group address mac
 

Configures

Static bridge hosts

Default

None

Description

This command allows a bridge group to filter packets based on the MAC address.

 

bridge-group

The bridge group to which this command applies. A bridge group can have a value of 1 to 63. On larger routers, the value can be from 1 to 255.

 

mac

The MAC address to be filtered.

 

forward

This keyword tells the router to forward frames from the given MAC address to other interfaces in the bridge group.

 

discard

This keyword tells the router to discard frames from the given MAC address.

 

interface

Optional. The interface on which the MAC address can be found.

bridge cmf global

bridge cmf
no bridge cmf
 

Configures

Constrained Multicast Flooding (CMF)

Default

Disabled

Description

This command enables CMF for all configured bridge groups.

bridge crb global

bridge crb
no bridge crb
 

Configures

Concurrent Routing and Bridging (CRB)

Default

Disabled

Description

This command allows the router to route and bridge a protocol at the same time but on different interfaces. Unlike Integrated Routing and Bridging (IRB), the routed and bridged interfaces cannot communicate with each other.

bridge forward-time global

bridge bridge-group forward-time seconds
no bridge bridge-group forward-time seconds
 

Configures

The forward delay interval

Default

30 seconds

Description

This command sets the bridge forwarding delay interval for the interface to seconds. The value of seconds can be from 10 to 200. (Note: Catalysts use 6-40 seconds.)

bridge-group interface

bridge-group bridge-group
no bridge-group bridge-group
 

Configures

Makes an interface part of a bridge group

Default

None

Description

This command makes the interface a member of the given bridge group. Use the no form of this command to remove the bridge group from the interface.

bridge-group aging-time global

bridge-group bridge-group aging-time seconds
no bridge-group bridge-group aging-time
 

Configures

The time that a dynamic entry remains in the bridge table

Default

300 seconds

Description

This command sets the amount of time in seconds that a dynamic entry can remain in the bridge table. If the entry is updated, the counter starts over. The value can range from 0 to 1,000,000 seconds.

bridge-group circuit-group interface

bridge-group bridge-group circuit-group circuit-group
no bridge-group bridge-group circuit-group circuit-group
 

Configures

Assigns a circuit group to a bridge group for the interface

Default

None

Description

This command assigns a circuit group for a bridge group. It is used only for HDLC encapsulated interfaces.

bridge-group input-address-list interface

bridge-group bridge-group input-address-list access-list
no bridge-group bridge-group input-address-list access-list
 

Configures

Allows an interface to filter based on an access list

Default

None

Description

This command applies an access list to an interface for a bridge group . This access list must filter based on MAC addresses, which means that the access list must be an Ethernet access list with a number between 700 and 799. By applying an access list, you can permit or deny bridging to hosts based on the MAC addresses.

bridge-group input-lsap-list interface

bridge-group bridge-group input-lsap-list access-list
no bridge-group bridge-group input-lsap-list access-list
 

Configures

An access list for filtering IEEE 802.2 packets

Default

Disabled

Description

This command applies an access list to all IEEE 802.2 packets received on the interface.

bridge-group input-pattern interface

bridge-group bridge-group input-pattern access-list
no bridge-group bridge-group input-pattern access-list
 

Configures

An access list for a bridge group

Default

None

Description

This command applies an access list to incoming packets on an interface for a specific bridge group.

bridge-group input-type-list interface

bridge-group bridge-group input-type-list access-list
no bridge-group bridge-group input-type-list access-list
 

Configures

An access list for a bridge group

Default

None

Description

This command applies an access list to all incoming Ethernet and SNAP frames on an interface for a specific bridge group.

bridge-group output-address-list interface

bridge-group bridge-group output-address-list access-list
no bridge-group bridge-group output-address-list access-list
 

Configures

Filtering based on an access list

Default

None

Description

This command allows you to apply an access list to an interface for a bridge group. This access list can filter based on MAC addresses, which means the access list must be an Ethernet access list numbered 700 through 799. With this command, you can permit or deny bridging to hosts based on the MAC addresses.

bridge-group output-lsap-list interface

bridge-group bridge-group output-lsap-listaccess-list
no bridge-group bridge-group output-lsap-list access-list
 

Configures

An access list for outgoing IEEE 802.2

Default

Disabled

Description

This command applies an access list to all IEEE 802.2 packets leaving the interface.

bridge-group output-pattern interface

bridge-group bridge-group output-pattern access-list
no bridge-group bridge-group output-pattern access-list
 

Configures

An access list for a bridge group

Default

None

Description

This command applies an access list to outgoing packets on an interface for a specific bridge group.

bridge-group output-type-list interface

bridge-group bridge-group output-type-list access-list
no bridge-group bridge-group output-type-list access-list
 

Configures

An access list for a bridge group

Default

None

Description

This command applies an access list to all outgoing Ethernet and SNAP frames on an interface for a specific bridge group.

bridge-group path-cost interface

bridge-group bridge-group path-cost value
no bridge-group bridge-group path-cost value
 

Configures

Changes a bridge group's path cost for an interface

Default

Based on the interface's bandwidth setting

Description

This command changes the path cost for an interface, which is usually calculated as 10,000 ÷ bandwidth, where the bandwidth is the value set by the bandwidth command or the default bandwidth for the interface. The value can be from 1 to 65,535. The higher the value, the higher the cost.

bridge-group priority interface

bridge-group bridge-group priority value
no bridge-group bridge-group priority value
 

Configures

Assigns a priority to a bridge group

Default

32,768 for bridges using the IEEE protocol; 128 for bridges using the Digital spanning-tree protocol

Description

This command assigns a priority to an interface within the given bridge-group. value specifies the interface's priority; this must be between 0 and 65,535. A higher priority increases the chance that the interface will be selected as the root bridge.

bridge-group spanning-disabled interface

bridge-group bridge-group spanning-disabled
no bridge-group bridge-group spanning-disabled
 

Configures

Use of the spanning-tree algorithm

Default

Enabled

Description

This command disables the spanning-tree algorithm for the given bridge-group. The spanning algorithm can be disabled safely for bridge groups that have no possible loop paths at layer 2.

Example

interface ethernet 1
 bridge-group 1
 bridge-group 1 spanning-disabled
bridge hello-time global

bridge bridge-group hello-time seconds
no bridge bridge-group hello-time seconds
 

Configures

The interval between hello packets

Default

2 seconds

Description

This command sets the hello interval for the given bridge-group to seconds. The value of seconds can be from 1 to 10.

bridge irb global

bridge irb
no bridge irb
 

Configures

Integrated Routing and Bridging (IRB)

Default

Disabled

Description

Like CRB, IRB allows a router to both route and bridge a single protocol. However, unlike CRB, IRB allows the routed and bridged interfaces to communicate with each other. See also interface bvi.

bridge max-age global

bridgebridge-group max-age seconds
no bridge bridge-group max-age seconds
 

Configures

The time to save Bridge Protocol Data Units (BPDUs)

Default

15 seconds

Description

This command sets the maximum time that the router will wait to hear from the root bridge for the given bridge-group. If the router does not hear from the root bridge within this interval, the spanning tree is recomputed. The value of seconds can be from 6 to 200. (Note: Catalysts use 6-40 seconds.)

bridge multicast-source global

bridge bridge-group multicast-source
no bridge bridge-group multicast-source
 

Configures

Bridging to support the forwarding of multicast packets

Default

Disabled

Description

This command permits the given bridge-group to forward multicast packets.

bridge priority global

bridge bridge-group priority value
no bridge bridge-group priority value
 

Configures

The priority of an individual bridge

Default

32768 for bridges using the IEEE protocol; 128 for bridges using the Digital spanning-tree protocol

Description

This command assigns a priority to an individual bridge within the given bridge-group. value specifies the interface's priority; value must be between 0 and 65535. A higher priority increases the chance that an interface will be selected as the root bridge. To set an interface to a specific priority, use the bridge-group priority command.

bridge protocol global

bridge bridge-group protocol {ieee | dec}
no bridge bridge-group protocol {ieee | dec}
 

Configures

The spanning-tree protocol

Default

None

Description

This command selects the spanning-tree protocol to use for the bridge-group. Possible values are dec, for the Digital spanning-tree protocol, and ieee, for the IEEE spanning-tree protocol. IEEE is the recommend protocol.

bridge route global

bridge bridge-group route protocol {apollo | appletalk | clns | decnet | ip |
ipx | vines | xns}
no bridge bridge-group route protocol {apollo | appletalk | clns | decnet | ip
| ipx | vines | xns}
 

Configures

Routing of a protocol in a bridge group

Default

None

Description

This command enables routing of the given protocol on a specific bridge group. The protocol parameter may be apollo, appletalk, clns, decnet, ip, ipx, vines, or xns.

Example

This example enables routing of both IP and IPX in a CRB environment:

bridge crb
bridge 5 protocol ieee
bridge 5 route ip
bridge 5 ipx
busy-message global

busy-message hostname delimiter message delimiter
no busy-message
 

Configures

The message displayed when a connection fails

Default

None

Description

This command sets the message that is displayed when a telnet connection to a specific host (given by the hostname parameter) fails. The new message replaces the generic "host failed" message. To disable this message, delete it with the no form of this command. This banner is useful when you want to give the user information about the connection failure. The delimiter marks the beginning and end of the message; it may be any character that is not used in the message.

Example

Router(config)#busy-message sunserver2 # server2 is down,
please contact sysadmin at 555-1234 #
cable helper-address interface

cable helper-address ip-address [cable-modem | host ]
no cable helper-address ip-address [cable-modem | host ]
 

Configures

DHCP destination address

Default

Disabled

Description

This command specifies an IP address of a DHCP server to use for UDP broadcasts from cable modems or other hosts. The cable-modem option specifies that only cable modem UDP broadcasts are forwarded while the host option specifies that only host UDP broadcasts are forwarded.

calendar set command

calendar set hh:mm:ss day month year
 

Configures

The system calendar

Description

The calendar is available only on high-end routers. It is an internal clock that continues to run even when the router is powered off. This command allows you to set the calendar to a new time. The month must be a name, for example, june. The year must be a complete four-digit value, for example, 2000.

callback forced-wait global

callback forced-wait seconds
no callback forced-wait seconds
 

Configures

The time the router waits before a callback

Default

None

Description

This command specifies the amount of time in seconds that the router waits before initiating a callback to a remote modem.

cd command

cd [URL]
 

Description

This command changes the current working directory within the router's filesystem. The URL is optional; if not provided, the system defaults to the flash: directory. See the copy command for other valid filesystem URLs.

cdp advertise-v2 global

cdp advertise-v2
no cdp advertise-v2
 

Configures

Cisco Discovery Protocol (CDP )

Default

Enabled

Description

This command enables Version 2 of CDP, which provides added information. CDP is available only on Cisco routers.

cdp enable interface

cdp enable
no cdp enable
 

Configures

Cisco Discovery Protocol (CDP)

Default

Enabled

Description

This command enables CDP on a specific interface. CDP provides information about neighboring Cisco routers. It is a proprietary protocol, and therefore isn't implemented by other router vendors. Use show cdp neighbors to see the output.

Example

interface ethernet0
 cdp enable

cdp holdtime global

cdp holdtime seconds
no cdp holdtime seconds
 

Configures

CDP holdtime

Default

180 seconds

Description

This command sets the amount of time, in seconds, that the router holds CDP packets before discarding them.

cdp run global

cdp run
no cdp run
 

Configures

Globally enables/disables CDP

Default

Enabled

Description

This command enables CDP on all interfaces.

Example

Router(config)#cdp run
cdp timer global

cdp timer seconds
no cdp timer seconds
 

Configures

CDP update broadcast interval

Default

60 seconds

Description

This command sets the interval, in seconds, at which the router transmits CDP updates to its neighbors.

channel-group (controller) controller

channel-group channel-number timeslots range [speed kbps]
no channel-group channel-number timeslots range [speed kbps]
 

Configures

T1 or E1 timeslots

Default

None

Description

This command defines the channel timeslots for a fractional T1 or E1 line. Your service provider determines the timeslots for your lines.

 

channel-number

A number identifying the communication channel you are defining. For T1 lines, the channel number can be from 0 to 23; for E1 lines, 0 to 30.

 

timeslots range

A list of timeslots that make up this communication channel. The list can be a series of comma-separated timeslot numbers, or a pair of timeslots separated by a dash to indicate a range. Timeslot numbers range from 1 to 24 on a T1 line; 1 to 31 for E1. A timeslot cannot belong to more than one channel group.

 

speed kbps

The speed of a single timeslot in Kbps. Allowable values are 48, 56, and 64. 56 is the default for T1; 64 is the default for E1.

Example

When defining the timeslots range, the value can be a single number or a group of ranges separated by commas and hyphens. For example, the following ranges are all valid:

channel-group 3 timeslots 4
channel-group 5 timeslots 4,6-15,24
channel-group 8 timeslots 4-10
channel-group (interface) interface

channel-group channel-number
no channel-group channel-number
 

Configures

A Fast EtherChannel group

Default

None

Description

This command allows a Fast Ethernet interface to be part of a Fast EtherChannel group. A Fast EtherChannel group allows multiple point-to-point Fast Ethernet interfaces to act as one logical interface. At most, four Fast Ethernet interfaces can belong to a channel group.

chat-script global

chat-script name script-string
no chat-script name script-string
 

Configures

A chat script for placing a call over a modem

Default

None

Description

The chat-script command defines the script to use for modem communication when dialing to a remote device. name identifies the chat script for use in other commands; script-string specifies the script itself. The script-string contains a series of expect/send characters that communicate with the modem. Table 17-3 shows special characters and escape codes that can be used in chat scripts . Chat scripts are allowed only on asynchronous interfaces like ASYNC and BRI.

Table 17-3. Special values and escape codes for chat scripts

Character or code

Meaning

" "

Null string

ABORT string

The string following the ABORT indicates why the script failed

TIMEOUT timeout

Set the timeout to wait for a response; default is 5 seconds

EOT

End of transmission character

BREAK

Send a BREAK character

c

Suppress newline at end of string

d

Cause a two-second delay

Send a newline

p

Pause for one-fourth of a second

Send a return character

s

Send a space character

Send a tab character

\

Send a backslash character

T

Replaced with phone number

class (frame-relay) frame-relay

class name
no class name
 

Configures

Association of a map class with a DLCI

Default

None

Description

This command associates the map class given by name with a Data Link Connection Identifier (DLCI).

class (MPLS) CoS map, MPLS

class class [available | standard | premium | control]
no class class
 

Configures

MPLS

Default

Disabled

Description

This command specifies a class that shows how classes map to Label Switched Controlled Virtual Circuits (LVCs ) .

 

class

The precedence of identified traffic to classify (from 0 to 7).

 

available

Optional. Means low precedence.

 

standard

Optional. Means next precedence.

 

premium

Optional. Means high precedence.

 

control

Optional. Means highest precedence.

Example

mpls cos-map 50
 Class 1 premium
class (policy-map) policy-map

class name
no class name
 

Configures

The name of a class within a policy

Default

None

Description

This command identifies the name of the class to change or modify within a policy. The policy-map command must be used to enter the policy map configuration mode before entering this command. The maximum number of classes that can be configured for a router is 64.

Example

policy-map policy1
 class class1
 bandwidth 1000
 queue-limit 50
 class class2
 bandwidth 2000
 random-detect

class-map global

class-map name [ match-all | match-any]
no class-map name [ match-all | match-any]
 

Configures

A class map to be used for matching packets to a specified class

Default

None

Description

This command creates a class map, which is used for matching packets with a defined class. The name is the class's name as defined in the policy-map. match-all means that all of the following criteria must be met before a packet is marked for the class. match-any means that if any of the following criteria matches, the packet is marked for the class.

The class map consists of a set of criteria defined by the match command.

Example

class-map class1 match-all
 match input-interface ethernet0
 match access-group 100
clear command

clear command
 

Description

A clear command erases counters for various statistics or performs a reset action. For example, clear line clears an asynchronous line and drops the connection, while clear cdp counters resets the Cisco Discovery Protocol statistics. Table 17-4 summarizes the many clear commands.

Table 17-4. Clear commands

Command

Subcommand

Action

clear access-list

counters

Clears access list statistical information.

clear access-template

 

Clears the access template.

clear arp-cache

 

Clears the entire ARP cache.

clear bridge

 

Resets bridge forwarding cache.

 

multicast

Resets multicast group state.

clear bstun

 

Clears counters displayed in show bstun.

clear cdp

 

Resets CDP information.

 

counters

Clears CDP counters.

 

table

Clears the CDP table.

clear counters

interface

Clears counters on one or all interfaces.

clear controller

   

clear crypto

 

Resets encryption subsystem.

clear dialer

interface

Clears dialer statistics.

clear frame-relay-inarp

 

Clears inverse ARP entries from the map table.

clear host

*

Deletes all host table entrie.s

 

name

Deletes the given host table entry.

clear hub

ethernet n

Clears (resets) a hub.

 

counters

Clears hub statistics.

clear interface

 

Clears the hardware logic on an interface.

clear ip access-list counters

 

Clears access list statistical information.

clear ip access-template

 

Clears the IP access template.

clear ip accounting

 

Clears the IP accounting database.

clear ip bgp

 

Clears BGP connections (resets all connections).

 

*

Clears all BGP connections.

 

as number

Clears the peer AS number.

 

ip address

Clears the IP address of peer.

 

dampening

Clears route-dampening information.

 

flap-statistics

Clears route-flap statistics.

 

peer-group

Clears connections of a BGP peer group.

clear ip cache

 

Deletes cache table entries.

clear ip cgmp

interface

Resets the Cisco Group Management Protocol (CGMP); if no interface is specified, resets all interfaces.

clear ip drp

 

Clears director responder counters.

clear ip dvmrp

 

Clears DVMRP counters.

clear ip eigrp

 

Clears IP-EIGRP (resets all connections).

 

as number

 
 

neighbors

 

clear ip igmp group

 

Clears IGMP group cache entries.

clear ip mroute

 

Deletes multicast route table entries.

 

*

Deletes all entries.

 

IP-address or name

Deletes entries for the group name or IP address.

clear ip mtag

 

Clears multicast tag information base (TIB) entries (resets all connections).

clear ip nat

 

Clears NAT.

 

statistics

 
 

translation

 

clear ip nhrp

 

Clears the NHRP cache.

clear ip ospf redistribution

 

Clears OSPF redistribution counters.

clear ip pim

auto-rp

Clears the auto-rp table.

 

interface

Clears the PIM packet count for that interface.

clear ip prefix-list

 

Clears the prefix list.

clear ip redirect

 

Clears the redirect cache.

clear ip route

*

Deletes all route table entries.

 

IP-address

Deletes route to IP addresses.

clear ip rsvp

 

Clears RSVP (Resource Reservation Protocol).

 

reservation

 
 

sender

 

clear ip rtp header-compression

 

Clears RTP/UDP/IP header compression statistics.

clear ip sdr

group-ip

Clears the Session Directory (SDPv2) cache.

clear ip trigger-authentication

 

Clears trigger-authentication host table.

clear isis

 

Clears all IS-IS data structures.

clear kerberos creds

 

Clears Kerberos credentials.

clear line

 

Resets a terminal line.

clear logging

 

Clears logging buffer.

clear mac-address-table

 

Removes entries from MAC address table.

clear rif-cache

 

Clears the entire RIF cache.

clear smrp

 

Clears Simple Multicast Routing Protocol (SMRP) statistics.

clear snapshot

 

Clears snapshot timers

clear source-bridge

 

Clears counters displayed in show source-bridge.

clear tarp

 

Resets TID Address Resolution Protocol (TARP) information.

clear tcp

 

Clears a TCP connection or statistics.

 

line

Clears TTY line.

 

local

Clears local host.

 

statistics

Clears TCP protocol statistics.

clear vlan

 

Deletes a VLAN from a management domain.

clear vpdn

 

Clears a VPDN entity.

clear x25

 

Resets X.25 circuits.


client-atm-address name LANE database

client-atm-address atm-address name elan-name
no client-atm-address atm-address
 

Configures

Adds a LANE client address to the database

Default

None

Description

This command adds a LANE client address to the LAN emulation configuration server's database.

 

atm-address

Either a complete ATM address or a template that specifies matching ATM addresses. You can create a template by using wildcard characters: an asterisk (*) to match a single character, or an ellipsis (... ) to match any number of leading, middle, or trailing characters. A full address is 20 bytes (40 hex characters) long, and is similar to (though not the same as) an NSAP address.

 

name elan-name

The name of the emulated LAN. The maximum length of a name is 32 characters.

If you use a template, any name that matches the template is associated with the ELAN. If the given address or template matches addresses that are already in the database, the command has no effect; the database is not changed.

clock calendar-valid global

clock calendar-valid
no clock calendar-valid
 

Configures

Network Time Protocol (NTP)

Default

Disabled

Description

This command tells the router to consider the RTC calendar in hardware to be a valid source of time. This command is valid only on high-end routers (5000, 6000, 7500, 8500, etc.).

clock rate interface

clock rate bps
no clock rate
 

Configures

Clock rate for serial devices

Default

None

Description

By default, no clock rate is configured for any serial devices. This command specifies the bit rate for DCE serial devices in bps. Possible values for bps are 1200, 2400, 4800, 9600, 19200, 38400, 56000, 64000, 72000, 125000, 148000, 500000, 800000, 1000000, 1300000, 2000000, and 4000000.

This command is most useful for connecting routers back-to-back in a lab setting. In this case, the command is required only on the DCE end of the link. You usually don't need this command when connecting to a WAN service because the network provider provides the clockings.

clock read-calendar command

clock read-calendar
 

Configures

Calendar time

Description

This command manually updates the calendar time into the router's system clock. It is not a configuration command and is not stored in the router's configuration. Normally, the system clock is updated from the calendar during system boot-up. This command is available only on high-end routers (5000, 6000, 7500, 8500, etc.).

clock set command

clock set hh:mm:ss day month year
 

Description

This command manually sets the router's internal clock. It is not stored in the router's configuration. The time is specified in terms of a 24-hour clock; the year must be a full four digits (for example, 2001).

clock summer-time global

clock summer-time zone recurring [sweek sday smonth shh:mm eweek eday emonth
ehh:mm][offset]
clock summer-time zone date sday smonth syear shh:mm eday emonth eyear ehh:mm
[offset]
no clock summer-time
 

Configures

daylight savings time behavior

Default

No daylight savings time

Description

This command tells the router to update for daylight savings time. The recurring form of the command specifies that daylight savings time should be observed at the given time every year. The date form of the command specifies a specific start date and end date for daylight savings time. Use the no form of the command to return to the default, in which daylight savings time is not observed.

 

zone

The time zone (EDT, CDT, etc.).

 

sweek, eweek

The week of the month (1, 2, 3, 4, 5, last) on which daylight savings time begins (sweek) or ends (eweek). (This is only used in the recurring form of the command.)

 

sday, eday

The day on which daylight savings time starts (sday) or ends (eday). For the recurring form of the command, use the actual name of the day (Monday, Tuesday, etc.) For the date form of the command, use a numeric date (1-31).

 

smonth, emonth

The month in which daylight savings time starts (smonth) or ends (emonth). Use the actual name of the month (September, October, etc.).

 

syear, eyear

All four digits of the year. syear is the year in which daylight savings time starts; eyear is the year in which it ends (used only in the date form of the command).

 

shh:mm, ehh:mm

The time in hours and minutes at which daylight savings time starts or ends.

 

offset

The number of minutes to add for daylight savings time (optional; the default is 60).

Example

The following command sets the time zone to use U.S. rules in the Eastern time zone:

clock summer-time EDT recurring

clock timezone global

clock timezone zone hours[minutes]
no clock timezone
 

Configures

The router's time zone

Default

Coordinated Universal Time (UTC)

Description

This command sets the router's time zone and the number of hours from the UTC. minutes is optional and is also an offset from the UTC.

 

zone

The time zone (PST, EST, etc.).

 

hours

The offset from the UTC (a positive or negative integer).

 

minutes

Optional. The offset from the UTC in minutes (a positive or negative integer).

clock update-calendar command

clock update-calendar
 

Configures

Updates the calendar

Description

This command manually updates the calendar from the router's system clock. The calendar is a separate internal clock that continuously runs even if the router is powered off. This command is available only on high-end routers (5000, 6000, 7500, 8500, etc.).

compress interface

compress {predictor | stac}
no compress {predictor | stac}
 

Configures

Type of compression used across an interface

Default

None

Description

This command enables compression for the selected interface. Compression can be enabled only for PPP or HDLC encapsulation. Two types of compression are supported:

 

predictor

Can be used on PPP connections; consumes more of the router's CPU and memory, but less bandwidth.

 

stac

Can be used on HDLC or PPP connections; consumes more bandwidth, but requires less CPU power.

Compression should not be activated on lines where link speeds are very high or most of the data is already compressed. If the data is already compressed, the router spends valuable CPU cycles for no reason.

When using compression, monitor the router's CPU usage. If the CPU usage is consistently high (65%), compression might be hindering the router.

The same type of compression must be enabled on both ends of the link.

Example

The following commands enable stac compression for the serial1 interface, which uses HDLC encapsulation.

interface serial1
 encapsulation hdlc
 compress stac

config-register global

config-register value
 

Configures

Sets the configuration register

Default

Depends on the product

Description

This command allows the user to change the configuration register. Setting the configuration register is useful for recovering lost passwords and remedying other situations.

 

value

The value to set in the configuration register. The register is 16 bits wide, so legal values range from 0x0 to 0xFFFF in hexadecimal (0 to 65,535 decimal). Table 17-5 shows the significance of the bits in the configuration register. (There are some differences in bit assignments on different products; check your documentation.)

Table 17-5. Configuration register settings

Bit number

Value

Action

00

0x0000

Remains at the system bootstrap prompt.

01

0x0001

Boots system image on EPROM.

02,03

0x0002-0x000f

Specifies a Netboot filename, where the filename is in the form ciscon-processor_name. The n in the filename is taken from the hexadecimal value of these bits.

06

0x0040

Ignores NVRAM contents.

07

0x0080

Enables OEM bit.

08

0x0100

Breaks disabled. If you enable this bit, the break key can cause the router to go to boot ROM at any time. During the first 60 seconds of bootup, the break key is enabled no matter what this bit field is set to.

10

0x0400

Sets the IP broadcast address to all zeros.

05,11,12

0x0020,0x0800, 0x1000

Sets the console line speed. See next table for more information.

13

0x2000

Boots default ROM software if network boot fails.

14

0x4000

IP broadcasts do not have network numbers.

15

0x8000

Enables diagnostic messages.

 

Since the baud settings are now spread over three different bits (5, 11, and 12), Table 17-6 shows the baud settings for the bits:

Table 17-6. Bit settings for possible baud rates

Speed (bits per second)

Bit 5

Bit 12

Bit 11

115200

1

1

1

57600

1

1

0

38400

1

0

1

19200

1

0

0

9600

0

0

0

4800

0

0

1

2400

0

1

1

1200

0

1

0

configure command

configure {terminal | memory | network | overwrite-network}
 

Configures

Enters global configuration mode

Description

The conf terminal command places you in configuration mode. conf memory executes the commands stored in memory (essentially a reload of the startup config). Note that the commands conf network and conf overwrite-network have been deprecated; it is now preferable to use copy tftp running-config.

Example

The following command places you in configuration mode; from there, you can enter global configuration commands.

Router#configure terminal
Router(config)# ! I can now enter configuration commands!
controller global

controller {t1 | e1} slot/port
controller {t1 | e1} number
 

Configures

T1 or E1 controllers

Default

None

Description

This command places you in the controller mode, allowing you to configure a controller for a T1 or E1 line. slot/port and number identify the controller that you are configuring.

copy command

copy source [destination]
 

Description

This command allows you to copy system images and configuration files. You can copy files within the router's memory (for example, copy running-config startup-config), or you can copy files to or from a TFTP server or an RCP server. Table 17-7 shows possible values for the source and destination parameters. If you omit the destination, the router will prompt you for it.

Table 17-7. Sources and destinations for the copy command

Sources and destinations

Meaning

running-config

The currently running configuration

startup-config

The configuration that will be loaded when the router boots

tftp

An external TFTP server

rcp

An external RCP server

ftp

An external FTP server

flash

The router's flash filesystem

scp

An external SSH server's secure copy protocol

slot0: slot1:

The router's PCMCIA flash memory cards

disk0: disk1:

The router's internal drives (high-end routers)

bootflash

The internal bootstrap flash memory; only on some devices (4500)

 

Newer versions of IOS also permit the use of URLs. The syntax of a URL can look like this:

tftp:[[//hostname]/path]/filename
ftp:[[//[username[:password]@]hostname]/path]/filename
rcp:[[//[username@]hostname]/path]/filename
scp:[[//[username@hostname]/path/filename
 

In each of these URLs, the hostname is simply the hostname or IP address of the end device. TFTP doesn't require a username or password. FTP and RCP can have an optional username and password, which depends on the server configuration.

To use the URL, simply provide the correct hostname and path in the source or destination.

Example

Here are some accepted uses of the copy command:

copy running-config startup-config
copy startup-config tftp
copy running-config tftp
copy flash tftp
copy startup-config rcp
copy running-config rcp
copy flash rcp
copy tftp running-config
copy tftp://ourserver/newconfig running-config
copy ftp://bob:letmein@oursever/newconfig running-config
crc interface

crc length
no crc
 

Configures

The length of the CRC checksum

Default

16 bits

Description

This command sets the length (in bits) of the CRC (Cyclic Redundancy Check) on FSIP (Fast Serial Interface Processor) and HIP (HSSI Interface Processor) interfaces. These interfaces are found only on the 7500 series routers. The length must be 16 or 32 bits.

custom-queue-list interface

custom-queue-list list-number
no custom-queue-list list-number
 

Configures

Applies a custom queue list to an interface

Default

None

Description

This command applies a custom queue to the current interface. The list-number must be between 1 and 16. Custom queue lists are used to implement priority-based queuing; they allow you to configure the bandwidth used by a particular type of traffic. To create a queue list, use the queue-list command. If you're configuring a Frame Relay interface, see the frame-relay custom-queue-list command. Queue lists are discussed in Chapter 11.

databits line

databits {5 | 6 | 7 | 8}
 

Configures

Databits per character

Default

8

Description

This command defines the number of databits per character that are interpreted and generated by the hardware. Possible values are 5, 6, 7, and 8.

Example

The following commands configure TTY 3 for seven databits per character:

Router(config)#line tty3
Router(config-line)#databits 7
data-character-bits line

data-character-bits {7 | 8}
 

Configures

Software databits per character

Default

8

Description

This command defines the number of databits per character that are interpreted and generated by the software. Possible values are 7 and 8.

dce-terminal-timing enable interface

dce-terminal-timing enable
no dce-terminal-timing enable
 

Configures

Interface timing

Default

Off (the DCE provides its own clock)

Description

This command prevents phase-shifting of data on high-speed data lines that span long distances. Phase-shifting is prevented by taking the clock from the DTE to provide timing for the DCE. (The DTE's timing is called SCTE.)

debug global

debug level
undebug level
undebug all
 

Configures

System debugging

Default

Disabled

Description

This command enables debugging at the specified level. Just about every configuration item within the IOS has a debug level associated with it. The debug ? command gives you an extensive list that allows you to find the debug level that meets your needs.

Be careful in selecting your debug level; you can easily crash a busy router with the incorrect selection. For example, debug ip packet might render a busy router useless until debugging is disabled. See Chapter 16 for more information on using debug correctly. If you get in trouble, issue the command undebug all, which disables all debug output.

Example

Here is the output from debug ip ?:

Router#debug ip ?
 bgp BGP information
 cache IP cache operations
 cgmp CGMP protocol activity
 dvmrp DVMRP protocol activity
 egp EGP information
 eigrp IP-EIGRP information
 error IP error debugging
 ftp FTP dialogue
 http HTTP connections
 icmp ICMP transactions
 igmp IGMP protocol activity
 igrp IGRP information
 mcache IP multicast cache operations
 mobile Mobility protocols
 mpacket IP multicast packet debugging
 mrouting IP multicast routing table activity
 ospf OSPF information
 packet General IP debugging and IPSO security transactions
 peer IP peer address activity
 pim PIM protocol activity
 policy Policy routing
 rip RIP protocol transactions
 routing Routing table events
 rsvp RSVP protocol activity
 sd Session Directory (SD)
 security IP security options
 tcp TCP information
 udp UDP based transactions
 

Though there is a debug all command, using it is not recommended. It produces so much output that it will overwhelm you and the router. Use it only as a last resort.

The undebug all command disables all debugging that is currently enabled.

default-information router, EIGRP, IGRP

default-information {in | out} access-list
no default-information {in | out}
 

Configures

Default routing information

Default

EIGRP announces the default route in both incoming and outgoing updates

Description

When redistributing EIGRP into IGRP, you can use this command to allow (or suppress, using the no form of the command) the redistribution of the default routes or exterior routes from EIGRP. By default, all exterior routes (including default routes) are passed between IGRP and EIGRP.

 

in

Allows the protocol to receive the default route via redistribution.

 

out

Allows the protocol to propagate the default route via redistribution.

 

access-list

The number or name of a simple access list that permits or denies the default routes you want to propagate.

Example

The following commands prevent IGRP from receiving exterior or default routes via redistribution from EIGRP.

router igrp 109
 network 10.0.0.0
 redistribute eigrp 100
 no default-information in
 

To disable the default routes in outgoing updates, use the no form of the command.

router eigrp 100
 network 10.0.0.0
 no default-information out

default-information originate router, BGP, OSPF

default-information originate [route-map map]
no default information originate
 

BGP:

default-information originate
no default-information originate
 

OSPF:

default-information originate [always] [metric metric-value] [metric-type type]
[route-map map]
no default-information originate [always] [metric metric-value]
[metric-type type] [route-map map]
 

Configures

Redistribution of the default route

Default

Disabled

Description

This command allows the protocol to propagate the default route (0.0.0.0). The use of a route map, map, tells the router to inject the default route if the route map's conditions are met.

For OSPF, this command tells an Autonomous System Border Router (ASBR) to inject a default route into the OSPF domain. When used with OSPF, this command has the following additional parameters.

 

always

Optional. Specifies to advertise the route even if the software does not have a default route.

 

metric metric-value

Optional. The metric value of the default route. The default metric is 10.

 

metric-type metric-type

Optional. Defines the link type associated with the default route. Possible values are 1 (Type-1 external route) and 2 (Type-2 external route; the default).

 

route-map map

Optional. Defines the route map to use for the default route. The route is advertised only if the route map is successful. This option can be used to set a different default metric depending on the host to which the route is sent.

Example

! BGP
router bgp 150
 default-information orginate
!
! Ospf
router ospf 110
 default-information originate metric 100 metric-type 1
default-metric router

BGP:

default-metric number
no default-metric number
 

RIP:

default-metric number
no default-metric
 

IGRP/EIGRP:

default-metric bandwidth delay reliability loading mtu
no default metric bandwidth delay reliability loading mtu
 

OSPF:

default-metric number
no default-metric number
 

Configures

Default metric for routes learned from a different routing protocol

Default

Depends on the protocol

Description

When redistributing routes from one routing protocol to another, the metrics used by the different protocols are not compatible. This command allows you to set the metric values for routes learned from other protocols.

For RIP and OSPF, this command simply sets the metric value to number.

For BGP, this command sets the value for the multi-exit discriminator (MED) metric to number.

For IGRP and EIGRP, this command sets the default metric for redistributing other protocols into EIGRP. (Note that IGRP and EIGRP have compatible metrics, so the default metric set by this command is not required when distributing routes between these two protocols.) The default metric is computed using the following parameters:

 

bandwidth

The route bandwidth measured in kilobits per second.

 

delay

The route delay in microseconds.

 

reliability

An estimate of the reliability of packet transmission on this link. It must be a value between 0 and 255; 255 indicates 100% reliability and 0 indicates that the link is completely unreliable (no packets are transferred correctly).

 

loading

The effective bandwidth of a route as a fraction of the bandwidth's capacity. This value must be between 0 and 255; 255 indicates 100% loading.

 

mtu

The maximum transmission unit for this route in octets.

Example

The following commands assign metric 10 to all routes redistributed from OSPF into RIP:

router rip
 network 192.168.1.0
 default-metric 10
 redistribute ospf 110
 

The following commands provide various parameters for computing an EIGRP metric to be used when redistributing routes from RIP into EIGRP:

router eigrp 101
 network 10.0.0.0
 redistribute rip
 default-metric 1000 100 250 100 1500

default-name LANE database

default-name elan-name
no default-name
 

Configures

A default ELAN for clients

Default

None

Description

This command sets the default name for the ELAN (Emulated LAN) in the configuration server's database. This name is used for clients who do not have an explicit name set. The name can be up to 32 characters in length and must already be in the configuration server's database. To put a name in the LANE emulation server database, use the commands lane database and name server-atm-address.

delay interface

delay tens-of-milliseconds
no delay
 

Configures

Link delay

Default

Depends on the interface type

Description

This command is used to specify the latency of an interface in tens-of-milliseconds. The value is used as input to route metric calculations; it does not set anything on the interface itself.

delete command

delete URL
 

Description

This command marks a file as deleted in the flash filesystem. The actual behavior of this command depends on the type of filesystem implemented for your router. In a Class-A filesystem, deleted files are only marked for deletion, and can be recovered with the undelete command; the squeeze command permanently deletes the marked files. In a Class-B filesystem, files are deleted immediately, but the space they occupied can't be recovered without erasing the entire filesystem. In a Class-C filesystem, files are deleted immediately, and their space is recovered immediately. Filesystems are described in more detail in Chapter 2.

description interface

description text
no description
 

Configures

A description for the interface

Default

None

Description

This command provides a description for the interface, letting you build some documentation into your IOS configuration. The description is for informational purposes and does not affect the interface's behavior. The description you give appears in the output of some show commands.

Example

interface serial0
 description T1 Connection to Baltimore

dialer aaa interface

dialer aaa
no dialer aaa
 

Configures

AAA for dial-on-demand routing (DDR)

Default

Disabled

Description

This command enables AAA for a dialer interface.

dialer callback-secure interface

dialer callback-secure
no dialer callback-secure
 

Configures

Callback security

Default

Disabled

Description

This command enables secure callback dialing on the interface.

dialer callback-server interface

dialer callback-server [username] [dialstring]
no dialer callback-server
 

Configures

An interface to return calls

Default

Disabled

Description

This command enables an interface to return calls. The username keyword tells the router to identify the caller by looking up the authenticated hostname in the dialer map command; this is the default behavior for this command. The dialstring keyword tells the router to identify the caller during callback negotiation.

dialer caller interface

dialer caller number [callback]
no dialer caller number [callback]
 

Configures

Caller ID screening

Default

Disabled

Description

This command configures a dialer interface to reject calls that do not match the given number. The number can be any phone number; the character x can be used as a wildcard. The callback keyword enables Caller ID callback; in this case, the incoming call is refused, and the router initiates a call to the Caller ID number. This may help you to manage your telephone charges. This feature is available only on certain routers with special dialer interfaces. A switch that supports Caller ID is also required for this operation. If you enable this feature and do not have the required hardware for Caller ID, all calls are denied.

Example

The following command allows any number from 4,105,554,290 through 4,105,554,299:

dialer caller 410555429x
dialer dtr interface

dialer dtr
no dialer dtr
 

Configures

Enables DDR and specifies that the modem handles only DTR signaling

Default

None

Description

Configures interfaces that are connected to modems that require DTR (Data Terminal Ready) , and enables DDR. Interfaces configured with this command cannot receive calls; they can only make them.

dialer enable-timeout interface

dialer enable-timeout seconds
no dialer enable-timeout
 

Configures

The amount of time the interface remains down

Default

15 seconds

Description

Sets the time in seconds that an interface remains down between calls or failed connections.

dialer fast-idle interface, map-class

dialer fast-idle seconds
no dialer fast-idle
 

Configures

The amount of idle time when there is contention for the line

Default

20 seconds

Description

This command can apply to interfaces or map-class configurations. When used on an interface or a map class, it defines the number of seconds that must pass before a line is disconnected when there is contention for the interface, i.e., when there is traffic waiting for a different destination other than the current connection.

When used for a map class, this command defines the number of seconds to wait before placing another call, and defaults to the fast-idle setting for the interface.

For regular idle-timeouts for a DDR interface, see the dialer idle-timeout command.

Example

Interface configuration:

interface async 5
 dialer 
 fast-idle 55
 

Map-class configuration:

map-class dialer office
 dialer fast-idle 55

dialer-group interface

dialer-group number
no dialer-group number
 

Configures

Associates an interface with a dialer group

Default

None

Description

This command adds the interface to the dialer group specified by number. An interface can have only one dialer group associated with it. Each dialer group has an associated access list that defines "interesting" traffic for this interface. If the traffic is permitted by the access list, a call is initiated for the interface if the interface is not already connected.

Example

The following commands add the async1 interface to dialer-group 1. access-list 110 specifies the traffic that causes this interface to initiate a call; in this case, ICMP traffic doesn't bring up the connection, but any other IP traffic does. Note that this access list does not block ICMP traffic once the link is up; it just prevents ICMP traffic from bringing it up in the first place.

! Set the interface as part of the dialer group
interface async 1
 dialer-group 1
!
! Set the dialer group to use access-list 110
dialer-list 1 list 110
!
! Configure the access-list for the dialer group
access-list 110 deny icmp any any
access-list 110 permit ip any any
dialer hold-queue interface

dialer hold-queue packets timeout seconds
no dialer hold-queue packets timeout seconds
 

Configures

A queue that holds packets until a dial-up connection is established

Default

Disabled

Description

Instructs the interface to queue traffic until the dial-up connection is completed. By default, queuing is not enabled and packets are dropped until the connection is established.

 

packets

The number of packets to hold in the queue, waiting for the connection. The value can be set from 0 to 100.

 

timeout seconds

The period of time after which the connection attempt is determined to have failed, and the waiting packets are discarded.

dialer idle-timeout interface, map-class

dialer idle-timeout seconds
no dialer idle-timeout seconds
 

Configures

The amount of idle time before a connection is disconnected

Default

120 seconds

Description

This command can apply to interfaces or map-class configurations. When used on an interface or a map class, it defines the number of seconds an interface must be idle (no traffic) before the connection is closed. When there is contention for a dialer (i.e., traffic for a destination different from the one to which the interface is currently connected), then the fast idle timeout is used. (See dialer fast-idle.)

Example

Interface configuration:

interface async 4
 dialer idle-timeout 300
 

Map-class configuration:

map-class dialer office
 dialer idle-timeout 300
dialer in-band interface

dialer in-band [no-parity | odd-parity]
no dialer in-band
 

Configures

Dial-on-demand routing (DDR)

Default

Disabled; no-parity is the default when the command is issued with no options

Description

This command configures an interface to support DDR.

 

no-parity

Optional. Chat scripts to the modem have no parity.

 

odd-parity

Optional. Chat scripts to the modem have odd parity.

This is not required on BRI interfaces.

dialer isdn map-class, dialer

dialer isdn [speed value] [spc]
no dialer isdn [speed value] [spc]
 

Configures

Bit rate used on the B channel

Default

64

Description

This command is for map-class configurations only. It defines the bit rate for the B channel of an ISDN connection and sets up semipermanent connections for the map class.

 

speed value

Optional. Defines the bit rate in Kbps for the B channel; either 56 or 64. Default is 64.

 

spc

Optional. Requires the use of ISDN semipermanent connections for this map class (Germany only).

Example

map-class dialer office
 dialer isdn speed 64
dialer-list global

dialer-list grouplist access-list
dialer-list group protocol protocol {permit | deny | list} access-list
no dialer-list group
 

Configures

Assigns an access list to a dialer group

Default

None

Description

The first version of this command specifies a group number and applies the given access list to that group. The access list defines "interesting" traffic for the dialer group. If traffic matches the access list, it is deemed interesting, and the DDR interface establishes a connection (if one hasn't been already established).

 

group

The dialer group number.

 

list access-list

The access list that defines interesting traffic for this group.

The second version of this command allows you to specify the traffic that brings up the connection without using an external access list. Its parameters are:

 

group

The dialer group number.

 

protocol protocol

The protocol to allow (or reject): ip, ipx, etc.

 

permit

Permits traffic using this protocol.

 

deny

Denies the entire protocol.

 

list access-list

Applies an access list to the protocol. Used to single out ports within the protocol.

Examples

The following commands define a dialer group, assign an interface to that dialer group, and specify that the interface should be brought up if traffic matching access list 110 appears on the interface.

interface async 5
 dialer-group 10
 !
 ! Define the access-list for group 10
 dialer-list 10 list 110
 !
 ! Define the list ( all IP traffic to 10.10.1.0 network)
 access-list 110 permit ip any 10.10.1.0 0.0.0.255
 

The following commands define a dialer group, assign an interface to that dialer group, and specify that the interface should be brought up for any IP traffic. No access list is used.

interface async 5
 dialer-group 10
 !
 ! Define all ip traffic as interesting
 dialer-list 10 protocol ip permit
dialer load-threshold interface

dialer load-threshold load [{outbound | inbound | either}]
no dialer load-threshold
 

Configures

The threshold for opening an additional connection

Default

None

Description

This command defines the threshold at which the router opens an additional connection to obtain more bandwidth. Another connection can be made only if this interface is part of a rotary group. This command can be used only if the interface belongs to a rotary group.

 

load

The utilization at which another connection to the destination is established. The number can be from 1 to 255 (255 = 100% utilization).

 

outbound

Optional. Load is considered only for outbound traffic.

 

inbound

Optional. Load is considered only for inbound traffic.

 

either

Optional. Default. A new connection is established if the utilization exceeds the given load in either the outbound or inbound direction.

dialer map interface

dialer map protocol destination [name hostname] [class name] [broadcast] [spc]
[speed {56|64}] [modem-script script-name] [system-script script-name]
[dial-string]
no dialer map protocol destination [name hostname] [class name] [broadcast]
[spc] [speed {56|64}] [modem-script script-name] [system-script script-name]
[dial-string]
 

Configures

Any non-DTR dialer interface for PPP callback

Default

None

Description

The dialer map command allows an interface to call one or more different sites by mapping a destination address to connection-specific dial strings and connection scripts.

 

protocol

Names the protocol to use for the connection. Valid values are ip, appletalk, bridge, decnet, ipx, novell, snapshot, vines, and xns.

 

destination

The destination address to use for this map. The next-hop address of a packet is the destination address in map configurations.

 

name hostname

Optional. The name of the remote system for the DDR connection.

 

class name

Optional. Names a map class to use for this mapping. A map class is defined with the map-class command.

 

broadcast

Optional. Allows broadcast packets to be forwarded over this connection.

 

spc

Optional. ISDN only; Germany only. Configures a semipermanent connection between the ISDN device and the exchange.

 

speed speed

Optional. ISDN only. Defines the speed of an ISDN B channel in Kbps. Valid values are 56 and 64. The default value is 64.

 

modem-script script-name

Optional. Names the modem script to use for dialing the connection. Required only if no dialer string is defined for the interface used.

 

system-script script-name

Optional. Names the system script to use for logging into the remote system.

 

dial-string

Optional. This option must be the last entry on the command line. It defines the telephone number to be sent to the dialing device. For multipoint ISDN connections, append the subaddress to the dial string (separated by a colon).

dialer map snapshot interface

dialer map snapshot seq-number dial-string
no dialer map snapshot [seq-number]
 

Configures

Snapshot routing

Default

None

Description

This command configures client snapshot routing on a DDR interface.

 

seq-number

Identifies the dialer map. This number can range from 1 to 254.

 

dial-string

The telephone number to dial for this snapshot connection.

dialer max-link interface

dialer max-link number
no dialer max-link
 

Configures

The maximum number of open links that a dialer profile can have to a destination

Default

255

Description

This command sets the maximum number of links that a dialer profile can have open to a single destination at any time. This command can be used only on dialer interfaces. number can be from 1 to 255.

dialer pool interface

dialer pool pool-number
no dialer pool pool-number
 

Configures

The dialing pool to use to connect to a specific network

Default

None

Description

Specifies the dialer pool to which a dialer interface belongs. Pool numbers range from 1 to 255. For more information on dialer pools, consult Chapter 12.

Example

The following code configures a dialer interface with an IP address and PPP encapsulation, and assigns the interface to dialer pool 5.

interface dialer1
 ip address 10.10.1.0 255.255.255.0
 encapsulation ppp
 dialer pool 5

dialer pool-member interface

dialer pool-member pool-number [priority value] [min-link value] [max-link
value]
no dialer pool-member pool-number
 

Configures

Assigns a physical interface to a dialer pool

Default

Disabled

Description

Any interface can belong to a dialer pool. Dialer pools are configured using the dialer interface. This command assigns an interface to a pool.

 

pool-number

The pool to which the interface is assigned.

 

priority value

Optional. This value is the interface's priority within the pool. The interface with the highest priority is selected first for dialing out. This value can be from 0 to 255; the default is 0.

 

min-link value

Optional. This is for ISDN lines; it specifies the minimum number of B channels that are reserved on this interface. The value can be from to 255; the default is 0.

 

max-link value

Optional. This is for ISDN lines; it specifies the maximum number of B channels that are reserved on this interface. The value can be from to 255; the default is 0.

Example

The following commands assign the ISDN interface BRI1 to dialer pool 1:

interface BRI1
 encapsulation ppp
 dialer pool-member 1 priority 50

dialer priority interface

dialer priority value
no dialer priority value
 

Configures

The priority of an interface in a rotary group

Default

0

Description

This command sets the priority of the interface within a rotary group. value can be from 0 to 255. The highest-priority interface is selected first for dialing.

dialer remote-name interface

dialer remote-name username
no dialer remote-name username
 

Configures

The authentication name for the remote router

Default

None

Description

This command sets the username to use when connecting to a remote system with CHAP or PAP authentication.

dialer rotary-group interface

dialer rotary-group group-number
no dialer rotary-group group-number
 

Configures

Includes the interface as part of a dialer rotary group

Default

None

Description

This command sets the rotary group for an interface to group-number. The number of the rotary group must match the number of the dialer interface for which the rotary group is defined. The group number can range from 0 to 255.

dialer rotor interface

dialer rotor {priority | best}
no dialer rotor {priority | best}
 

Configures

The method for selecting the next interface to use to dial out

Default

Disabled

Description

For rotary groups, this command tells the router whether to select the interface with the highest priority (priority) or the interface with the most recent connection success (best).

dialer string interface

dialer string string [class dialer-map-name]
no dialer string
 

Configures

Legacy DDR phone numbers

Default

None

Description

Specifies the dial string for the interface's modem. Table 17-8 shows the codes that can be used in the dialer string. This command is used only for legacy DDR; on modern routers, it's more flexible to use dialer pools or dialer map statements, which allow more than one destination to be called. The class option names the dialer map associated with this dialer string.

Table 17-8. Codes for use in legacy DDR

Code

Meaning

T

Tone dialing

P

Pulse dialing

&

Flash

:

Wait tone

= ,

Separators 3 and 4 (for international use)


dialer wait-for-carrier-time interface, map-class

dialer wait-for-carrier-time seconds
no dialer wait-for-carrier-time
 

Configures

The amount of time the interface waits for a carrier

Default

30 seconds

Description

This command sets the maximum amount of time in seconds that the router waits for a carrier when bringing up a dialer interface. It can be used on an interface or map-class configuration.

dialer watch-disable interface

dialer watch-disable seconds
no dialer watch-disable
 

Configures

Delay time for the backup interface

Default

Disabled

Description

This command configures the time in seconds to keep the backup link up after the primary link recovers, if the backup link has been brought up by a dialer watch group.

dialer watch-group interface

dialer watch-group group-number
no dialer watch-group group-number
 

Configures

Enables backup DDR for an interface

Default

Disabled

Description

This command is used to configure an interface as a backup DDR link using a watch list. The group-number identifies the watch list that triggers calls on this interface; the interface is brought up if the router doesn't have any routes to the networks listed in the watch list. A watch list is created by the dialer watch-list command; the interface must have a dialer map that corresponds exactly to the networks listed in that command.

dialer watch-list global

dialer watch-list group-number ip address mask
no dialer watch-list group-number ip address mask
 

Configures

A watch group number assigned to an IP address range

Default

None

Description

This command allows you to define a group of routes based on IP address and mask, and assign that group to a group-number. If no routes to these networks are in the routing table, the router dials a backup connection. Note that this connection is dialed regardless of whether there is any traffic for these destinations; dialing depends only on the existence of a route. This command is used in conjunction with dialer watch-group, dialer watch-disable, and dialer map. Valid group numbers are from 1 to 255.

dir command

dir [/all] [filesystem:]
 

Description

This command displays the files in the router's filesystem. If you supply a directory as an argument, the command lists the files in that directory; otherwise, it lists the current working directory. Use the /all keyword to list all files, including those marked for deletion.

disable command

disable [level]
 

Description

This command exits privileged mode and returns the user to user mode. The optional level parameter value ranges from 0 through 15. 0 is the normal user mode; 15 is the privileged user mode. If no level is specified, the user is returned to level 0 (user mode). See the privilege command for more information on setting the level values.

Example

Router# disable
Router

disconnect command

disconnect
 

Description

This command terminates a background telnet session.

disconnect-character line

disconnect-character ascii-number
no disconnect-character
 

Configures

The character to use to disconnect a session

Default

None

Description

This command defines the character that a user types to end an interactive session. As with the activation-character command, the ascii-number is the decimal value of the desired character.

Example

In this example, we set the disconnect character to control-D, which is ASCII number 4, and we inform the users with a banner message.

Router(config)# line 2

Router(config-line)# activation-character 13
Router(config-line)# disconnect-character 4
Router(config-line)# vacant-message #
Router(config-line)# ***** Welcome to Sphinx *****
Router(config-line)# Press the return key to start the connection
Router(config-line)# Disconnect with a control-D key
Router(config-line)# #
disconnect ssh command

disconnect ssh session-id
 

Configures

The character to use to disconnect a session

Description

This command terminates a background SSH session. Run show ip ssh to display the session-id.

dispatch-character line

dispatch-character ascii-number
no dispatch-character
 

Configures

The character that causes a packet to be sent

Default

None

Description

This command defines the character that causes a packet to be sent. Setting the dispatch character causes the router to buffer a group of characters into a packet before sending them to the remote host. ascii-number is the decimal value of the desired character.

Example

The following example sets the Enter key (ASCII 13) as the dispatch character for virtual terminals 1 through 4.

line vty 1 4
 dispatch-character 13

distance router

distance distance [address mask] [access-list]
no distance distance [address mask] [access-list]
 

Configures

Administrative distance

Default

Depends on the protocol

Description

The distance command allows you to change the trustworthiness of a route's source relative to other routing protocols. The lower the distance, the more the route's source is trusted. Routes with a distance of 255 are not added to the route table. Chapter 8 discusses how routing protocols use administrative distances and lists the default value for each protocol.

 

distance

The administrative distance to be assigned to this protocol (or to routes selected by the other arguments to this command). Administrative distance must be a value from 1 to 255.

 

address mask

Optional. If these arguments are present, the administrative distance applies only to routes whose destinations match this address/mask pair.

 

access-list

Optional. If this argument is present, the administrative distance applies only to routes that match the given access list.

distance bgp router, BGP

distance bgp external-distance internal-distance local-distance
no distance bgp
 

Configures

Administrative distance for BGP

Default

External distance, 20; internal distance, 200; local distance, 200

Description

The distance bgp command allows you to change the trustworthiness of a route's source relative to other routing protocols. The lower the distance, the more the route's source is trusted. Routes with a distance of 255 are not added to the route table. external-distance applies to external BGP routes (routes learned from a peer outside your AS); internal-distance applies to internal BGP routes (routes learned from a peer within your AS); local-distance applies to routes added with the network command. It's usually not a good idea to change BGP's routing distances.

Example

The distance bgp command is often used to change the internal distance so that its value is equal to the external distance, as in the following example:

router bgp 101
 distance bgp 20 20 200
distance eigrp router, EIGRP

distance eigrp internal-distance external-distance
no distance eigrp
 

Configures

Administrative distance for EIGRP

Default

External distance, 170; internal distance, 90

Description

This command sets the internal and external administrative distances for the EIGRP protocol. The administrative distance reflects the trustworthiness of a route's source relative to other routing protocols. The internal-distance applies to internal routes, which are routes learned from the current EIGRP routing process (commonly called "autonomous system"). The external-distance applies to routes learned from other EIGRP routing processes. internal-distance and external-distance must be in the range of 1 to 255. Chapter 8 discusses the use of administrative distance and shows the default distances for the different routing protocols.

distribute-list in router

distribute-list access-list in [interface]
no distribute-list access-list in [interface]
 

Configures

An access list to filter incoming routing updates

Default

None

Description

This command allows you to apply an access list to incoming route updates to a routing protocol. If no interface is specified, the access list is applied to all incoming route updates. If an interface is specified, the access list is applied only to route updates received on that interface. The access list should be a standard access list.

Example

The following distribute list applies access list 1 to incoming routes:

route rip
 network 10.0.0.0
 distribute-list 1 in
!
! Deny network 10.1.1.0
access-list 1 deny 10.1.1.0
! Permit everything else
access-list 1 permit 0.0.0.0 255.255.255.255
distribute-list out router

distribute-list access-list out [interface | routing-process]
no distribute-list access-list out [interface | routing-process]
 

Configures

A filter list to be applied to outbound routing updates

Default

None

Description

This command applies the given access list to outbound routing updates. The access list must be a standard IP access list; it defines which networks will be denied or permitted. The interface name applies the list to routing updates going out a specific interface. (This does not apply to OSPF.) The routing-process applies the access list to routes going to another routing process. The connected and static keywords may be used to specify a routing process.

Example

route rip
 network 10.0.0.0
 distribute-list 1 out
!
! Deny network 10.1.1.0
access-list 1 deny 10.1.1.0
! Permit everything else
access-list 1 permit 0.0.0.0 255.255.255.255
domain-password router, IS-IS

domain-password password
no domain-password
 

Configures

Password for IS-IS routing

Default

Disabled

Description

This command assigns a password for exchanging L2 routing information for IS-IS. Like the area-password command, this password is transmitted in clear text and provides very little security.

downward-compatible-config global

downward-compatible-config version
no downward-compatible-config
 

Configures

Configuration

Default

Disabled

Description

This command generates a configuration that is compatible with an earlier IOS version. The version number must be 10.2 or later.

down-when-looped interface

down-when-looped
no down-when-looped
 

Configures

Loopback detection

Default

Disabled

Description

This command tells the interface to go down when a loopback is detected. The default behavior is for the interface to remain up when the device is placed in loopback, so you can place a DCE device such as a CSU/DSU in loopback and ping the interface. This allows you to test the cable between the router and the DCE device.

Use the no form of this command to disable this behavior. If this command is given, the interface shuts down when the DCE device (CSU/DSU) is placed in loopback mode.

drop policy-map

drop
no drop
 

Configures

A traffic class to discard packets for a specific class

Default

Disabled

Description

This command enables packet discarding for a class. Use the no form of the command to disable packet discarding.

Example

policy-map policy1
 class class1
 drop
interface serial1/0
 service-policy output policy1
class-map class1
 match access-group 101

dte-invert-txc interface

dte-invert-txc
no dte-invert-txc
 

Configures

Inverts TXC clock signal

Default

Disabled

Description

This command inverts the TXC clock signal when the interface is operating as the DTE.

early-token-release interface

early-token-release
no early-token-release
 

Configures

Token ring interfaces

Default

Disabled

Description

This command tells the interface to immediately release the token back to the ring after transmitting a packet. Normally, a token ring interface waits for a transmitted packet to return before releasing the token. This command is used only on 16-Mb rings where all devices support it.

editing line

editing
no editing
 

Configures

Enhanced editing mode

Default

Enabled

Description

The no form of this command disables the enhanced editing mode for a line: i.e., the support for control keys such as Ctrl-w, which erases a word. The command-line editing keys are discussed in Chapter 1; they should be familiar to users of Unix and Unix-like operating systems.

eigrp log-neighbor-changes router, EIGRP

eigrp log-neighbor-changes
no eigrp log-neighbor-changes
 

Configures

Logging for EIGRP neighbor states

Default

Disabled

Description

This command enables logging of changes in the status of EIGRP neighbors. Logging provides information to help you detect routing or connectivity problems.

enable command

enable [level]
 

Description

With no arguments, this command takes an interactive session from user EXEC mode to privileged EXEC mode. If the level argument is present, it can be used to enter any of 16 levels, 0 through 15. Level 0 is the normal user mode (user EXEC mode) and 15 is the privileged user mode (privileged EXEC mode). See the privilege command in Chapter 4 for more information on setting the level values.

enable last-resort global

enable last-resort {password | succeed}
no enable last-resort {password | succeed}
 

Configures

The action to take if the TACACS servers do not respond

Default

Disabled

Description

This command tells the router what to do if the TACACS server times out, and you are using TACACS for the enable password. The password keyword tells the router to prompt for the enable password that is in the configuration. The succeed keyword tells the router to go to enable mode without further action. The latter behavior is very insecure.

enable password global

enable password [level level] password
no enable password
 

Configures

The password for the enable mode

Default

None

Description

This command sets the password for the enable mode. It can also be used to establish passwords for other levels. In the router's configuration, the password is stored in the clear and can be viewed by using show running-config and other commands.

You can encrypt this password as well as other passwords with the command service password-encryption. However, because this encryption uses a very simple XOR algorithm, it is easily cracked.

enable secret global

enable secret [level level] password
no enable secret
 

Configures

The password for the enable mode

Default

None

Description

This command sets the password for the enable mode. It can also be used to establish passwords for other levels. In the router's configuration, the password is stored in an encrypted form and is never displayed in the clear.

enable use-tacacs global

enable use-tacacs
no enable use-tacacs
 

Configures

TACACS authentication for the privileged (enable) command level

Default

Disabled

Description

This command requires the use of TACACS for the enable password. If you use this command, be sure that you also use the tacacs-server authenticate enable command.

encapsulation (ATM/MPLS) ATM/MPLS

encapsulation layer-type
no encapsulation
 

Configures

ATM adaptation layer for Any Transport over MPLS (AtoM)

Default

AAL5

Description

This command configures the ATM adaptation layer for Any Transport over MPLS (AtoM) while in the AtoM VC configuration. The layer-type can be aa5 for ATM Adaptation layer 5 or aal0 for ATM adaptation layer 0.

Example

! For AtoM we must use the l2transport command with the pvc command
pvc 1/101 l2transport
 encapsulation aal5
encapsulation (interface) interface

encapsulation type
encapsulation dot1q vlan-id [native]
encapsulation isl vlan-id
no encapsulation
 

Configures

Encapsulation method used by the interface

Default

Depends on interface

Description

This command sets the encapsulation method for this interface. Possible values for the encapsulation type are atm-dxi, bstun (block serial tunnel), dot1q, frame-relay (see Chapter 6), hdlc, isl, lapb, ppp, sde, dlc, and smds.

For Frame Relay interfaces, the options are cisco and ietf. The default is cisco, which is Cisco's proprietary encapsulation method. ietf sets the encapsulation method to the IETF standard, which is used when connecting to another vendor's Frame Relay router or switch.

For interfaces that are compatible, such as Fast Ethernet interfaces, you can enable dot1q to apply a VLAN ID to the interface. native is an optional keyword that sets the VLAN ID value of the port to the value specified by vlan-id. To enable ISL encapsulation on an interface, use the isl keyword followed by the VLAN ID you wish to use. For more information on dot1q and ISL encapsulation, see Chapter 14.

Example

The following code uses hdlc encapsulation on a serial line:

interface serial0
 encapsulation hdlc
 

This code uses PPP on an ISDN line:

interface bri0
 encapsulation ppp
 

This code sets vlan 101 to a subinterface:

interface fastethernet0/1.101
 encapsulation dot1q 101

end any configuration mode

end
 

Description

This command exits the current configuration mode and must be used to mark the end of any configuration file.

Example

! lengthy configuration file omitted
! some commands here
! end of configuration file
end
erase command

erase [startup-config] [flash]
 

Description

This command erases the stored configuration (startup-config) or the flash memory (flash) on the router. Flash memory stores the IOS operating system image; obviously, this command is dangerous.

Example

This command erases your stored configuration:

Router# erase startup-config
 

This one erases your IOS image:

Router# erase flash
escape-character line

escape-character ascii-number
no escape-character
 

Configures

The system escape character

Default

Ctrl-^

Description

This command defines the character that terminates a running command. The default, as specified in the hot-key listing, is Ctrl-^ (Control+Shift+6 on most keyboards). ascii-number must be the decimal value of the character you want to use. The Break key cannot be used as an escape character.

The no form of the instruction returns the escape character to the default.

Example

The following commands set the disconnect character to Ctrl-C, which has a decimal value of 3:

Router(config)# line 2
Router(config-line)# escape-characer 3
Router(config-line)# vacant-message #
Router(config-line)# ***** Welcome to Sphinx *****
Router(config-line)# Escape key is Ctrl-C
Router(config-line)# #
exception core-file global

exception core-file name
no exception core-file name
 

Configures

A core dump filename

Default

routername-core

Description

This command sets the name of the core file that is generated when a router crashes. Use the exception protocol command to set the protocol that the router uses to transmit the core file.

exception dump global

exception dump ip
no exception dump
 

Configures

The exception dump server IP address

Default

None

Description

This command sets the IP address of the server to which the router sends a core dump when the router crashes.

exception memory global

exception memory {fragment size | minimum size}
no exception memory
 

Configures

Memory parameters that cause a core dump

Default

Disabled

Description

This command causes a core dump if certain memory parameters are exceeded. The fragment size is the minimum contiguous block of memory in the free pool in bytes; the minimum size is the lowest allowable size of the free memory pool in bytes. If these parameters are exceeded, a core dump is generated. For example, if you set the minimum size to 100000 and the memory goes below 100,000 bytes, a core file is generated.

exception protocol global

exception protocol {ftp | rcp | tftp}
no exception protocol
 

Configures

Protocol to transmit a core file to a server

Default

tftp

Description

This command sets the protocol to use for transmitting a core file to a server. The protocol can be ftp, rcp, or tftp. Use the exception dump command to set the IP address of the server.

Example

exception protocol tftp
exception dump 192.168.1.1
exception spurious-interrupt global

exception spurious-interrupt [number]
no exception spurious-interrupt
 

Configures

The number of spurious interrupts that generate a core dump

Default

Disabled

Description

This command sets the number of spurious interrupts that will cause the router to generate a core file and reboot. number can be from 1 to 4,294,967,295.

exec line

exec
no exec
 

Configures

Access to the router command interface

Default

Enabled

Description

The no form of this command disables EXEC processes, which are enabled by default. Disabling EXEC processes is useful for lines on which you do not want users to access the router. For example, you may want to disallow login access on a dial-in line.

exec-timeout line

exec-timeout minutes [seconds]
no exec-timeout
 

Configures

The time an EXEC session can be idle

Default

10 minutes

Description

This command sets the amount of time a session waits for user input before timing out and closing the session. minutes specifies the number of minutes in the timeout period; seconds specifies the number of seconds.

Don't set the EXEC timeout to be extremely short; for example, don't give a command like exec-timeout 0 1. You may never get back into your router without doing a configuration recovery.

Example

The following command sets the timeout period to 4 minutes and 59 seconds:

exec-timeout 4 59

exit command

exit
 

Description

This command closes your current connection if you are in user EXEC mode or privileged EXEC mode. If you are in a subconfiguration mode such as the interface or routing configuration mode, this command takes you to the next higher level (e.g., back to EXEC mode from interface configuration mode).

Example

Routerexit
Connection Closed

Routerenable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface serial0
Router(config-if)#exit
Router(config)#
fair-queue (policy-map class) policy-map

fair-queue [queues]
no fair-queue [queues]
 

Configures

The number of dynamic queues to be reserved for the default class

Default

Depends on interface

Description

This command specifies the number of dynamic queues reserved for the default class (class-default) only. It can be used with the queue-limit command and or the random-detect command.

The default number of queues is based on bandwidth: less than 64 Kbps is 16 queues, 64 to 128 Kbps is 32 queues, 128 to 256 Kbps is 64 queues, 256 to 512 Kbps is 128 queues, and more than 512 Kbps is 256 queues.

Example

policy-map policy1
 class class-default
 fair-queue 16
 queue-limit 20

fair-queue (interface) interface

fair-queue [congestive [dynamic [reservable]]]
no fair-queue [congestive [dynamic [reservable]]]
 

Configures

Weighted Fair Queueing

Default

WFQ is enabled for interfaces with bandwidth less than or equal to 2 Mbps; default values are congestive 64, dynamic 256, reservable 0.

Description

This command enables Weighted Fair Queueing on an interface. For Weighted Fair Queueing, the options are:

 

congestive

Optional. The number of messages allowed in each queue past which traffic is discarded. The value can range from 1 to 512.

 

dynamic

Optional. The number of queues for best-effort conversations. Valid values are 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096.

 

reservable

Optional. The number of queues for reserved conversations. The value can be from 0 to 1,000.

fair-queue aggregate-limit interface

fair-queue aggregate-limit packets
no fair-queue aggregate-limit
 

Configures

Maximum number of packets for DWFQ

Default

Based on buffer space in the Versatile Interface Processor (VIP)

Description

This command sets the total number of buffered packets allowed before packets are dropped. This is the sum of all packets in buffers for Distributed Weighted Fair Queuing (DWFQ). If the buffered packets stay below this limit, no packets are dropped.

fair-queue individual-limit interface

fair-queue individual-limit packets
no fair-queue individual-limit
 

Configures

Maximum queue depth for an individual queue

Default

Half of the aggregate queue limit

Description

This command sets the maximum number of packets allowed in an individual queue during periods of congestion.

fair-queue limit interface

fair-queue {qos-group group | tos number} limit class-packet-size
no fair-queue {qos-group group | tos number} limit class-packet-size
 

Configures

Maximum queue depth for a specific DWFQ class

Default

Half the aggregate limit size unless the individual limit is set, in which case that is the default

Description

This command sets the queue size for a specific DWFQ. The qos-group number can be from 1 to 99; it is used to match the value set by the Committed Access Rate (CAR) or the BGP policy propagation. The tos value is used to match the two low-order IP precedence bits in the ToS (Type of Service) field. The class-packet-size is the maximum number of packets allowed in the queue during periods of congestion.

fair-queue qos-group interface

fair-queue qos-group
no fair-queue qos-group
 

Configures

DWFQ based on QoS (Quality of Service) group numbers

Default

Disabled

Description

This command enables DWFQ based on QoS group numbers. The QoS group numbers, which are taken from the CAR or BGP policy propagation, are used to sort traffic into queues. The fair-queue weight and fair-queue limit commands set up the appropriate queues.

fair-queue tos interface

fair-queue tos
no fair-queue tos
 

Configures

DWFQ based on ToS (Type of Service) values

Default

Disabled

Description

This command enables DWFQ based on ToS values. The ToS fields in the packet provide two low-order IP precedence bits, which are used to sort packets into queues. The fair-queue weight and fair-queue limit commands set up the appropriate queues.

fair-queue weight interface

fair-queue {qos-group group | tos number} weight value
no fair-queue {qos-group group | tos number} weight value
 

Configures

Assigns a specific weight for DWFQ

Default

For qos-group, unallocated bandwidth defaults to group 0; for tos, the default class/weight values are 0/10, 1/20, 2/30, and 3/40

Description

This command allocates a specific weight (percentage of the bandwidth) to each QoS group or ToS type. value must be between 0 and 100.

fddi burst-count interface

fddi burst-count size
no fddi burst-count
 

Configures

Buffers to allocate to handle extra FDDI traffic

Default

3

Description

This command enables an FDDI interface to allocate extra buffers ahead of time. These buffers are used to handle possible traffic bursts. The buffer size can be from 1 to 10; the default is 3.

fddi c-min interface

fddi c-min microseconds
no fddi c-min
 

Configures

The C-Min timer

Default

1,600 microseconds

Description

This command sets the C-Min timer on the interface to microseconds.

fddi cmt-signal-bits interface

fddi cmt-signal-bits signal-bits [phy-a | phy-b]
no fddi cmt-signal-bits signal-bits [phy-a | phy-b]
 

Configures

CMT transmission bits

Default

None

Description

This command sets the bits to be transmitted during the signal phase of CMT. Changing these values is not recommended and should be done only to debug specific CMT problems. signal-bits is the hexadecimal value of the bit fields you wish to set. phy-a and phy-b select the physical sublayer, either a or b. Table 17-9 describes the bit fields.

Table 17-9. Bit values for CMT signals

Bit position

Meaning

0

Escape bit

1-2

Physical type

3

Physical compatibility

4-5

Link confidence test duration

6

MAC for link confidence test

7

Link confidence test failed

8

MAC for local loop

9

MAC on physical output

fddi duplicate-address-check interface

fddi duplicate-address-check
no fddi duplicate-address-check
 

Configures

Duplicate address checking during ring initialization

Default

Disabled

Description

This command enables an FDDI interface to detect duplicate addresses on the ring.

fddi encapsulate interface

fddi encapsulate
no fddi encapsulate
 

Configures

Encapsulation mode

Default

Enabled (SNAP)

Description

This command enables the bridge encapsulating mode for this interface, which is used to interface the CSC-FCIT with other FDDI modules. The CSC-FCIT has bridging enabled by default. no fddi encapsulate disables bridging for this interface.

fddi frames-per-token interface

fddi frames-per-token number
no fddi frames-per-token
 

Configures

Number of frames that an interface transmits per token capture

Default

3 frames

Description

This command sets the number of frames that an interface transmits during a token capture. number can be from 1 to 10.

fddi smt-frames interface

fddi smt-frames
no fddi smt-frames
 

Configures

Enables SMT frame processing

Default

Enabled

Description

This command enables the interface to process and generate SMT (FDDI Station Management) frames.

fddi tb-min interface

fddi tb-min milliseconds
no fddi tb-min
 

Configures

TB-min timer

Default

100 milliseconds

Description

This command sets the TB-min timer in the Physical Connection Management (PCM) for this interface.

fddi tl-min-time interface

fddi tl-min-time microseconds
no fddi tl-min-time microseconds
 

Configures

Minimum time to transmit a physical line state

Default

30 microseconds

Description

This command sets the minimum time to transmit a physical line state before transitioning to the PCM state for this interface. Changing this field is not recommended.

fddi token-rotation-time interface

fddi token-rotation-time microseconds
no fddi token-rotation-time microseconds
 

Configures

Ring scheduling

Default

5,000 microseconds

Description

This command sets the time in microseconds for the ring to recover from ring errors. The range can be from 4,000 to 165,000 microseconds.

fddi t-out interface

fddi t-out milliseconds
no fddi t-out
 

Configures

The t-out timer

Default

100 ms

Description

This command sets the t-out timer for the PCM.

fddi valid-transmission-time interface

fddi valid-transmission-time microseconds
no fddi valid-transmission-time microseconds
 

Configures

Time to recover from a transient ring error

Default

2,500 microseconds

Description

This command sets the transmission time for the interface. The range can be from 40 to 1,342,200 microseconds.

flowcontrol line

flowcontrol {none | software [lock] [in | out] | hardware [in | out]}
no flowcontrol {none | software [lock] [in | out] | hardware [in | out]}
 

Configures

Flow control for a line

Default

No flow control

Description

This command defines the serial flow control between the router and the device connected to a serial line.

 

none

No flow control.

 

software

Sets to software flow control.

 

lock

Makes it impossible to turn off flow control.

 

hardware

Sets to hardware flow control.

If neither in nor out are specified, flow control is assumed to be in both directions, i.e., the router accepts and sends flow control.

format command

Class C filesystem:

format filesystem:
 

Class A filesystem:

format [spare number] filesystem:
 

Configures

A Class C or Class A filesystem

Description

This command formats a flash filesystem. Each filesystem name must be followed by a colon; for example, format slot0:.

The spare option is valid only for Class A filesystems, which allow you to reserve a number of spare sectors. number can be from 0 to 16. The default is 0.

frame-relay adaptive-shaping map-class

frame-relay adaptive-shaping {becn | foresight}
no frame-relay adaptive-shaping
 

Configures

The type of backward notification

Default

Disabled

Description

This command selects the type of backward notification to which the Frame Relay interface should respond. It can be set to becn (backwards explicit congestion notification) or foresight.

frame-relay [ bc | be] map-class

frame-relay {bc | be} {in | out} bits
no frame-relay {bc | be} {in | out} bits
 

Configures

The committed and excess burst sizes

Default

7000 bits for both bc and be

Description

This command specifies the incoming (in) or outgoing (out) committed burst size (bc) and the excess burst size (be) for a Frame Relay virtual circuit. The burst size is given in bits.

frame-relay becn-response-enable map-class

frame-relay becn-response-enable
no frame-relay becn-response-enable
 

Configures

The use of BECNs to regulate output traffic

Default

Enabled when frame traffic shaping is in use

Description

This command is enabled when traffic shaping is in use. The use of BECNs (backwards explicit congestion notifications) regulates output traffic. You won't see this command in the configuration when you do a show. Use the no form to disable traffic shaping.

frame-relay broadcast-queue interface

frame-relay broadcast-queue size byte-rate packet-rate
no frame-relay broadcast-queue
 

Configures

Queues for broadcast traffic

Default

Size, 64; byte rate, 256,000 bps; packet rate, 36 packets per second

Description

This command sets the broadcast queue parameters for a Frame Relay interface. A broadcast queue is used for any broadcast packets that have to be replicated for multiple DLCIs on the interface.

 

size

The number of packets to hold in the queue. Normally, you want at least 20 for each DLCI on the interface.

 

byte-rate

The maximum number of bytes to be transmitted per second. This value should be less than:

  • 1/4 the local access rate (in bytes per second)
  • N/4 times the minimum remote access rate, where N is the number of DLCIs to which the broadcast should be replicated
 

packet-rate

The maximum number of packets to be transmitted per second.

frame-relay cir map-class

frame-relay cir {in | out} bps
no frame-relay cir {in | out} bps
 

Configures

Incoming or outgoing CIR

Default

56,000 bps

Description

This command sets the Committed Information Rate (CIR) for a Switched Virtual Circuit (SVC) to bps (bits per second). The CIR is the guaranteed available bandwidth for the circuit, and may be 0. The in and out keywords specify the direction to which the CIR applies.

frame-relay class interface

frame-relay class name
no frame-relay class name
 

Configures

Associates a map class with an interface

Default

None

Description

This command applies the map class given by name to a Frame Relay interface. The map class may be built from Frame Relay commands used in the map-class context.

Example

In this example, we assign a map class called MAP1 to interface serial1.1:

interface serial1.1
 frame-relay class MAP1
!
! Now make the map-class
map-class frame-relay MAP1
 frame-relay cir in 56000
 no frame-relay becn-response-enable

frame-relay custom-queue-list map-class

frame-relay custom-queue-list list
no frame-relay custom-queue-list list
 

Configures

The custom queue list to be used for the interface

Default

None (FIFO)

Description

See the queue-list command for information about creating a custom queue list.

frame-relay de-group interface

frame-relay de-group group-number dlci
no frame-relay de-group
 

Configures

Discard Eligibility (DE)

Default

None

Description

This command applies a DE group to a DLCI. group-number can be from 1 to 10. DE groups are defined with the command frame-relay de-list; they identify traffic that may be discarded if the traffic on the interface exceeds the committed information rate and the Frame Relay switch is congested.

frame-relay de-list global

frame-relay de-list list-number {protocol type | interface type number}
characteristic
no frame-relay de-list list-number {protocol type | interface type number}
characteristic
 

Configures

Discard Eligibility (DE)

Default

None

Description

This command defines packets that are eligible for discard during times of congestion on a Frame Relay switch. Packets matched by this list have the "discard eligible" bit set in the Frame Relay header.

 

list-number

An identifying number. This number identifies the list when it is referenced by other commands, particularly frame-relay de-group. A DE list may be defined by several frame-relay de-list statements with the same number.

 

protocol type

Specifies the protocol of the packets to be selected by this list. Possible values are arp, apollo, appletalk, bridge, clns, clns_es, clns_is, compressedtcp, decnet, ip, ipx, vines, and xns.

 

interface type number

Specifies the interface of packets to be selected for the list; that is, you can specify that all traffic coming through a certain interface should be marked as discard-eligible. The interface must be a serial interface, an Ethernet interface, or the null interface.

 

characteristic

Specifies the characteristics of the packets that are eligible for discard. It must be one of the following: fragments (fragmented packets eligible for discard), tcp port (TCP traffic on the specified port), udp port (UDP traffic on the specified port), list access-list (TRaffic matched by the given access list), gt bytes (packets larger than the given size; make sure to include all headers), or lt bytes (packets less than the given size; again, include all headers).

frame-relay idle-timer map-class

frame-relay idle-timer seconds
no frame-relay idle-timer seconds
 

Configures

Idle timeout for an SVC

Default

120 seconds

Description

This command sets the idle timeout for a Switched Virtual Circuit (SVC) to seconds.

frame-relay interface-dlci interface

frame-relay interface-dlci dlci [broadcast] [ietf | cisco]
no frame-relay interface-dlci dlci [broadcast] [ietf | cisco]
 

Configures

DLCI for a Frame Relay subinterface

Default

No DLCI is set as default

Description

Assigns a Data Link Connection Identifier (DLCI) to a Frame Relay subinterface.

 

dlci

The DLCI number to be used on the current subinterface.

 

broadcast

Allows broadcast packets on this connection.

 

ietf

Specifies IETF encapsulation for this connection.

 

cisco

Specifies CISCO encapsulation for this connection.

frame-relay intf-type interface

frame-relay intf-type [dce | dte | nni]
no frame-relay intf-type
 

Configures

Frame Relay switch type

Default

dte

Description

This command sets the Frame Relay switch type. It is valid only if Frame Relay switching has been enabled with the global frame-relay switching command. The keyword dce causes the router to function as a switch connected to another router; dte is used when the router is connected to a Frame Relay network; nni (Network-to-Network Interface) is used when the router connects to another switch.

frame-relay inverse-arp interface

frame-relay inverse-arp [protocol] [dlci]
no frame-relay inverse-arp [protocol] [dlci]
 

Configures

Inverse ARP for Frame Relay

Default

Enabled

Description

This command configures the use of inverse ARP for associating an IP address with a Frame Relay interface. This command is useful if inverse ARP was globally disabled on the router, but you want to enable inverse ARP for a particular interface or subinterface. To enable or disable inverse ARP for a specific protocol and DLCI pair, use both arguments (protocol and dlci); for all protocols on a DLCI, use only the dlci argument; for all DLCIs, use only the protocol argument.

 

protocol

The protocol to support on this interface. Supported protocols include appletalk, decnet, ip, ipx, vines, and xns.

 

dlci

One of the DLCI numbers for this interface. The value can be from 16 to 1,007.

frame-relay ip rtp header-compression interface

frame-relay ip rtp header-compression [active | passive]
no frame-relay ip rtp header-compression
 

Configures

RTP header compression on the interface

Default

Disabled

Description

This command enables RTP header compression on the interface. The active keyword tells the device to compress all headers; the passive keyword tells it to compress headers only if the incoming packet had its headers compressed. The default is active.

frame-relay ip tcp header-compression interface

frame-relay ip tcp header-compression [passive]
no frame-relay ip tcp header-compression
 

Configures

Compression of TCP/IP packet headers

Default

Enabled

Description

This command configures an interface so that its PVCs compress IP headers.

 

passive

Optional. Performs compression only if the incoming packets are compressed.

frame-relay lmi-type interface

frame-relay lmi-type {ansi | cisco | q933a}
no frame-relay lmi-type {ansi | cisco | q933a]
 

Configures

The LMI

Default

Autosense

Description

This command allows you to set the Local Management Type (LMI) of the Frame Relay switch the router is talking to. Setting the LMI type explicitly deactivates autosensing. Use the keepalive command with this command.

Example

interface serial0
 encapulation frame-relay
 frame-relay lmi-type cisco
 keepalive 20
frame-relay local-dlci interface

frame-relay local-dlci number
no frame-relay local-dlci
 

Configures

The local DLCI

Default

None

Description

This command sets the local DLCI. It is rarely needed because LMI is normally used to set the local DLCI. If you don't use LMI, this command allows you to set the local DLCI explicitly.

frame-relay map interface

frame-relay map protocol protocol-address dlci [broadcast] [ietf | cisco]
 [payload-compress {packet-by-packet | frf9 stac [hardware-options]}]
no frame-relay map protocol protocol-address
 

Configures

Frame Relay connection parameters

Default

None

Description

This command defines a mapping between a protocol-specific destination address and the DLCI to use for connections to that destination.

 

protocol

One of appletalk, decnet, dlsw, ip, ipx, llc2, rsrb, vines, or xns.

 

protocol-address

The destination address.

 

dlci

The DLCI to use.

 

broadcast

Optional. Activates forwarding of broadcasts to this address when multicast is not enabled.

 

ietf

Optional. Use IETF encapsulation on this interface.

 

cisco

Optional. Use Cisco's encapsulation method on this interface. If neither ietf nor cisco is specified, the interface uses the encapsulation specified by the encapsulation frame-relay command.

 

payload-compress packet-by-packet

Optional. Activates packet-by-packet compression using the Stacker method. Packet-by-packet compression is a proprietary Cisco feature and won't interoperate with other vendors' equipment.

 

payload-compress frf9 stac

Optional. Activates FRF.9 compression using the Stacker method.

 

hardware-options

Optional. Can be distributed, software, or csa. distributed causes compression to be performed in a VIP2; software causes compression to occur in the IOS software on the main processor; csa csa-number specifies the CSA to use for a particular interface (available only on 7200 series routers).

frame-relay map bridge interface

frame-relay map bridge dlci[broadcast] [ietf]
no frame-relay map bridge dlci [broadcast] [ietf]
 

Configures

Broadcast forwarding

Default

None

Description

This command specifies that broadcasts are to be forwarded.

 

dlci

The DLCI to use for bridging on this interface.

 

broadcast

Optional. Forwards broadcasts when multicast is not enabled.

 

ietf

Optional. Forces the use of IETF encapsulation, which is used when talking to a non-Cisco device.

frame-relay map clns interface

frame-relay map clns dlci [broadcast]
no frame-relay map clns dlci [broadcast]
 

Configures

Broadcast forwarding for ISO CLNS routing

Default

None

Description

This command causes broadcasts to be forwarded when ISO CLNS is used for routing.

 

dlci

The DLCI to use for CLNS broadcast forwarding.

 

broadcast

Optional. Causes broadcasts to be forwarded when multicast is not enabled.

frame-relay map ip compress interface

frame-relay map ip address dlci [broadcast] compress
frame-relay map ip address dlci [broadcast] nocompress
 

Configures

Compression for both RTP and TCP headers

Default

Disabled

Description

This command enables compression for both RTP and TCP packet headers.

 

address

The IP address of the destination or next hop.

 

dlci

The DLCI number.

 

broadcast

Optional. Forwards broadcasts to the specified IP address.

frame-relay map ip rtp header-compression interface

frame-relay map ip rtp address dlci rtp header-compression [active | passive]
no frame-relay map ip rtp address dlci rtp header-compression [active |
 passive]
 

Configures

Compression for RTP headers per DLCI

Default

Disabled

Description

This command enables RTP compression for a specific dlci on a link. The active keyword means that the router should always compress the RTP headers (this is the default). The passive keyword specifies that the router should compress packets only when the incoming packet was compressed.

frame-relay map ip tcp header-compression interface

frame-relay map ip address dlci [broadcast] [cisco| ietf] [no compress]
tcp header-compression {active | passive}
no frame-relay map ip address dlci [broadcast] [cisco| ietf] [no compress]
tcp header-compression {active | passive}
 

Configures

Compression methods for a map

Default

None

Description

This command maps a Frame Relay DLCI to an IP address, enabling TCP header compression for this connection. It's useful if header compression isn't the default for the interface.

 

address

The IP address.

 

dlci

The DLCI to use.

 

broadcast

Optional. Causes broadcasts to be forwarded.

 

cisco

Optional. Uses Cisco's encapsulation method.

 

ietf

Optional. Uses RFC 1490 encapsulation.

 

no compress

Optional. Disables compression.

 

active

Causes every TCP/IP packet header to be compressed.

 

passive

Compresses packet headers only if the incoming packet was compressed.

frame-relay mincir interface

frame-relay mincir {in | out} bps
no frame-relay mincir {in | out} bps
 

Configures

The CIR

Default

56,000 bps

Description

This command sets the minimum incoming (in) or outgoing (out) committed information rate (CIR) that you are willing to accept, in bits per second (bps).

frame-relay multicast-dlci interface

frame-relay multicast-dlci dlci
no frame-relay multicast-dlci
 

Configures

The DLCI to be used for multicasts

Default

None

Description

This command defines a dlci for multicasts. This command is used for testing Frame Relay configurations and is not required in a production configuration.

frame-relay payload-compress packet-by-packet interface

frame-relay payload-compress packet-by-packet
no frame-relay payload-compress packet-by-packet
 

Configures

Payload compression

Default

Disabled

Description

This command enables compression on the link, using a proprietary compression protocol that will not work with other vendors' equipment.

frame-relay priority-dlci-group interface

frame-relay priority-dlci-group group-number high-dlci medium-dlci normal-
dlci low-dlci
 

Configures

Assigns a priority to different DLCIs

Default

Disabled

Description

This command sets the priority levels for DLCIs in the group specified by group-number. Within a group, there are four priority levels (high, medium, normal, and low); one DLCI is assigned to each priority level (high-dlci to the high-priority level, etc.). If fewer than four DLCIs are given, the last DLCI is assigned to the remaining priority levels.

frame-relay priority-group interface

frame-relay priority-group list-number
no frame-relay priority-group list-number
 

Configures

Applies a priority list to a Frame Relay virtual circuit

Description

This command is similar to the priority-group command for the interface, except that it applies the priority list to a Frame Relay virtual circuit.

 

list-number

The priority list number. Priority lists are defined with the priority-list command.

Example

The following example applies priority-list 1 to the Frame Relay configuration:

interface serial 0
 encapsulation frame-relay
 frame-relay interface-dlci 200
 frame-relay priority-group 1
!
priority-list 1 protocol ip high
frame-relay route interface

frame-relay route in-dlci out-interface out-dlci
no frame-relay route in-dlci out-interface out-dlci
 

Configures

Static routes for PVC switching

Default

None

Description

This command allows you to assign a static route based on DLCIs.

Example

In the following configuration, packets from DLCI 100 received by the serial0 interface are routed out through DLCI 200 on serial1. Likewise, packets received from DLCI 101 on serial0 are routed out through DLCI 201 on serial1.

interface serial0
 frame-relay route 100 interface Serial1 200
 frame-relay route 101 interface Serial1 201

frame-relay svc interface

frame-relay svc
no frame-relay svc
 

Configures

SVC operation on the interface

Default

Disabled

Description

This command enables Switched Virtual Circuit (SVC) processing on the interface and all its subinterfaces.

frame-relay switching global

frame-relay switching
no frame-relay switching
 

Configures

Enables PVC switching

Default

Disabled

Description

This command enables Permanent Virtual Circuit (PVC) switching on the router.

frame-relay traffic-rate map-class

frame-relay traffic-rate average [peak]
no frame-relay traffic-rate average [peak]
 

Configures

Traffic shaping for a virtual circuit

Default

The bandwidth of the line

Description

This command allows you to configure traffic shaping for a virtual circuit. It doesn't provide the granularity of other commands that configure traffic shaping; it lets you specify only average and peak traffic rates.

 

average

The average rate in bits per second, which is the same as the contracted CIR.

 

peak

Optional. The peak rate expected for this interface in bits per second. If this option is omitted, the default value is the line rate calculated from the bandwidth command.

frame-relay traffic-shaping interface

frame-relay traffic-shaping
no frame-relay traffic-shaping
 

Configures

Traffic shaping

Default

Disabled

Description

This command enables traffic shaping for the interface.

fsck command

fsck [/nocrc] filesystem:
 

Configures

Checks and repairs a Class C filesystem

Description

This command checks the given filesystem, which must be a Class C filesystem, and repairs any problems it finds. The /nocrc option forces fsck to skip CRC checks. The filesystem name must be followed by a colon.

ftp-server enable global

ftp-server enable
no ftp-server enable
 

Configures

Enables FTP server

Default

Disabled

Description

This command enables FTP services on the router; the router runs an FTP server that can be used to upload and download files in the router's filesystem. To use this feature, you must also configure the ftp-server topdir command.

ftp-server topdir global

ftp-server topdir directory
no ftp-server topdir
 

Configures

The directory to which FTP clients have read/write access

Default

None (all read and write operations are denied)

Description

This command sets the directory in the router's filesystem that FTP clients are allowed to access. Access is also allowed to subdirectories of this directory. If this command has not been given or if no ftp-server topdir has been given, no access is allowed via FTP.

Example

The following commands enable the router's FTP server and allow it to access the directory disk1:/logs and all its subdirectories.

ftp-server enable
ftp-server topdir disk1:/logs

full-duplex interface

full-duplex
no full-duplex
 

Configures

Full-duplex mode

Default

Half-duplex

Description

This command enables full-duplex mode on interfaces that support it.

full-help line configuration

full-help
no full-help
 

Configures

Full help for a line

Default

Disabled

Description

This command enables full help on a line configuration.

group-range interface

group-range start end
no group-range start end
 

Configures

An interface group

Default

None

Description

This command specifies a range of interfaces that are treated as a group for the purposes of configuration. It is used in conjunction with the interface group-async command. start and end are the beginning and ending numbers of the interfaces that are configured as a group.

Example

The following commands group the async interfaces 1 through 7. Once a group has been defined, specific interfaces can be singled out for special treatment with the member command: for example, specific IP addresses can be applied to each interface.

interface group-async 0
 group-range 1 7
 ip unnumbered ethernet0
 async mode interactive
 member 1 peer default ip 10.10.1.1
 member 2 peer default ip 10.10.1.2
 member 3 peer default ip 10.10.1.3
 member 4 peer default ip 10.10.1.4
 member 5 peer default ip 10.10.1.5
 member 6 peer default ip 10.10.1.6
 member 7 peer default ip 10.10.1.7

half-duplex interface

half-duplex
no half-duplex
 

Configures

An SDLC interface for half-duplex

Default

Disabled

Description

This command configures an SDLC interface for half-duplex mode.

half-duplex controlled-carrier interface

half-duplex controlled-carrier
no half-duplex controlled-carrier
 

Configures

Controlled carrier mode versus constant carrier mode

Default

Constant carrier mode

Description

Low speed serial interfaces use constant carrier mode by default. This command places the interface in controlled carrier mode; it can be used only on interfaces that have been configured for half-duplex.

help command

help
 

Description

Displays a brief listing of user-level commands. To get more verbose help, use the full-help command.

history global

history [number-of-lines]
no history
 

Configures

History buffer size

Default

10 lines

Description

This command enables the user interface's history mechanism. A history is a listing of commands that have been executed in the current session. This command is stored in the router's configuration and applies to all user sessions. number-of-lines is the size of the history buffer and must be in the range of 0-256. If omitted, the buffer size is set to the default value.

Use the no version of this command to disable the history mechanism; use the show history command to view the current history buffer. If you want to activate a history buffer only for your current session, use the command terminal history.

Example

Router# history 255
Router# no history
Router# show history

hold-character line

hold-character ascii-number
no hold-character
 

Configures

The character that suspends output

Default

None

Description

This command sets the character that suspends output to a terminal screen. ascii-number is the value of the character in decimal. Having a pause key benefits users who need to scroll through a lot of text; pressing any character resumes output to the screen.

Example

Router(config)# line 2
Router(config-line)# hold-character 19
Router(config-line)# vacant-message #
Router(config-line)# ***** Welcome to Sphinx *****
Router(config-line)# Press the return key to start the connection
Router(config-line)# Suspend with Ctrl-S
Router(config-line)# #

hold-queue interface

hold-queue packets {in | out}
no hold-queue packets {in | out}
 

Configures

Size of the hold queue

Default

Input queue, 75 packets; output queue, 40 packets

Description

This command specifies the length of the input queue (in) or the output queue (out) in packets. Slower links require smaller queue sizes than faster links.

Example

interface Async4
 ip unnumbered Ethernet0
 hold-queue 20 out
 async default ip address 192.101.187.164
 async mode interactive

hostname global

hostname name-string
no hostname
 

Configures

The hostname of the router

Default

Factory-assigned "Router"

Description

This command sets the hostname of the router.

hssi external-loop-request interface

hssi external-loop-request
no hssi external-loop-request
 

Configures

Support for CSU/DSU

Default

Disabled

Description

This command enables support for CSU/DSUs that provide the LC signal. The LC signal allows the CSU/DSU to request loopback from the router.

hssi internal-clock interface

hssi internal-clock
no hssi internal-clock
 

Configures

Use of the internal clock

Default

Disabled

Description

This command configures an HSSI interface to provide a 45 MHz master clock. It is used when two HSSI interfaces are connected via a null modem cable; one of the two interfaces must provide a clock signal on the link. Both interfaces cannot provide clocks, so use this command only on one side of the link.

hub global

hub ethernet hub-number first-port [last-port]
 

Configures

Hub configuration mode

Default

None

Description

The hub command enters hub configuration mode, in which you can enter commands that configure a hub. It is applicable only to routers that are equipped with hub interfaces. hub-number is the number of the hub that you are configuring. first-port is the beginning of a range of consecutive ports to be configured as part of the hub; last-port is the last port in the range. If you omit last-port, this command adds a single port to the hub.

Example

To configure one port of a hub:

hub ethernet 0 1
 source-address 00:00:0c:ff:d0:04
 

To configure all ports of a hub:

hub ethernet 0 1 7
 no link-test
 auto-polarity
ignore-dcd interface

ignore-dcd
no ignore-dcd
 

Configures

Determination of a link's status

Default

A DTE serial interface monitors the DCD signal

Description

This command tells the interface to ignore the DCD signal and use the DSR signal to determine whether the link is up or down. By default, all DTE serial interfaces monitor the DCD signal for the link's status.

interface global

interface interface.subinterface [{point-to-point | multipoint}]
 

Configures

Allows configuration of a given interface

Default

None

Description

This command enters the interface configuration mode for the given interface and subinterface. The interface most commonly consists of an interface type followed by the number of the particular interface (for example, ethernet0). A space is allowed (and commonly used) between the interface type and the number. Table 17-10 shows the most common interface types. On more complex routers, the interface number can be specified in a number of different ways: as a slot/port combination, as a slot/adapter/port combination, or as a slot/port:channel-group combination. The appropriate form depends on the hardware you're dealing with. The interface specification can include a subinterface number; subinterfaces are most common when using protocols like Frame Relay or ATM, which can package a number of communications channels on a single physical connection. The point-to-point keyword indicates that a subinterface is logically connected to a single remote node; multipoint indicates that it is logically connected to a number of remote nodes. multipoint and point-to-point are most commonly used on Frame Relay and ATM interfaces.

Table 17-10. Common interface types

Type

Description

async

An asynchronous interface (a standard terminal or modem line)

atm

ATM

bri

ISDN BRI (2 B channels)

dialer

Dial-on-demand interface (see the interface dialer command)

ethernet

Ethernet

fastethernet

100-Mbps Ethernet

fddi

FDDI

gigabitethernet

Gigabit Ethernet

group-async

A logical grouping of asynchronous interfaces to which all configuration commands apply (see the interface group-async command)

hssi

High-speed serial interface

lex

LAN extender

loopback

The internal software virtual interface

null

Null interface; packets sent to this interface are discarded

pos

OC-3/SONET

serial

Serial interface (used for leased line, T1, and T3)

tokenring

Token ring

tunnel

A virtual interface for a tunnel configuration


interface bvi global

interface bvi bridge-group-number
no interface bvi bridge-group-number
 

Configures

Bridging

Default

None

Description

The Bridge-Group Virtual Interface (BVI) becomes available on routers when the bridge irb command has been given. This interface allows the router to route and bridge the same protocol over the same interface. The bridge group-number must match the bridge group defined for the bridge.

Example

In this configuration, serial0 and serial1 are bridged, and traffic is routed through those interfaces out through ethernet0:

bridge irb
bridge 1 protocol ieee
!
interface serial0
 bridge-group 1
!
interface serial
 bridge-group 1
!
interface ethernet 0
 ip address 10.11.1.1 255.255.255.0
!
! Configure the virtual bvi interface with a bridge group number of 1
interface bvi 1
 ip address 10.10.3.1 255.255.255.0
!
! Now configure the routing for the bridge
bridge 1 route ip
interface dialer global

interface dialer number
no interface dialer number
 

Configures

A dialer configuration

Default

None

Description

This command allows you to define a virtual dialer configuration that can be applied to a set of physical interfaces. Once you configure this interface, you can make other interfaces use this configuration by using the dialer rotary-group command. number is the virtual interface number, and can be a value from 0 to 9.

Example

interface dialer 0
 encapsulation ppp
 dialer in-band
 dialer map ip 10.1.1.1 name bob 5551111
!
interface async 1
 dialer rotary-group 0
interface group-async global

interface group-async number
no interface group-async number
 

Configures

A group of interfaces that can share configuration parameters

Default

None

Description

This command allows you to create a group of async interfaces to which you can apply commands. Actual interfaces that belong to the group inherit the settings you apply to this virtual interface. The group-range command defines which physical async interfaces are included in the group. A physical interface can belong only to one group.

Example

The following commands define a group-async interface that includes async interfaces 1 through 7. The ip unnumbered and async mode commands apply to all the interfaces in the group.

interface group-async 0
 group-range 1 7
 ip unnumbered ethernet0
 async mode interactive

ip access-group interface

ip access-group access-list [in | out]
no ip access-group access-list [in | out]
 

Configures

Assigns an access list to an interface

Default

No access lists defined

Description

This command applies the given access list to the interface in the direction specified (in or out). Access-list commands are discussed in Chapter 7. Each interface can support only one access list in either direction.

Example

The following commands apply access list 110 to filter incoming packets on the serial1 interface, and access list 111 to filter outgoing packets:

interface serial1
 ip access-group 110 in
 ip access-group 111 out
 

To remove an access list from an interface, use the no form of this command:

interface serial1
 no ip access-group 111 out
 

If you use the no access-list command, your access list will be deleted. Be sure to use no ip access-group when removing lists from interfaces.

ip access-list global

ip access-list {standard | extended} name
 

Configures

Named access lists

Default

None

Description

This command allows you to create a named access list. A named access list is really no different from a numbered access list as defined by the access-list command, except that it is identified by a logical name. A named access list may be either standard or extended. This command is followed by permit and deny commands that specify the access-list rules. For more about access lists, see Chapter 7 and the discussion of the access-list command.

Example

The following commands define a named access list that allows HTTP traffic from any host to the server at 10.1.2.3 and permits all other TCP traffic that has the SYN flag set. Remember that all access lists end with an implicit deny, which rejects all traffic not permitted by a statement in the access list.

ip access-list extended bogus-firewall
 permit tcp any host 10.1.2.3 eq http
 permit tcp any any established
 

As of IOS 12.4, you can enter noncontiguous ports on a single line within a named access list. Before, you would write such an access list like this:

ip access-list extended acllist1
 permit tcp any host 192.168.1.1 eq telnet
 permit tcp any host 192.168.1.1 eq www
 permit tcp any host 192.168.1.1 eq smtp
 permit tcp any host 192.168.1.1 eq pop3
 

With noncontigious port support, you can write it more tersely:

ip access-list extended acllist1
 permit tcp any host 192.168.1.1 eq telnet www smtp pop3
ip accounting interface

ip accounting [access-violations]
no ip accounting [access-violations]
 

Configures

IP accounting for an interface

Default

Disabled

Description

This command enables IP accounting based on the source and destination IP addresses that are passing through this router. Traffic that terminates at the router is not logged. The access-violations option enables logging based on access lists. For an access list to log information, the log keyword must be specified at the end of the access-list command.

Example

The following interface has IP accounting enabled and logs access-list violations:

interface serial 1
 ip address 10.10.2.3 255.255.255.0
 ip access-group 110 in
 ip accounting access-violations
! Deny telnet to the outside and log it when someone tries
access-list 110 deny tcp 10.10.2.0 0.0.0.255 any eq 23 log
access-list 110 permit ip any any

ip accounting-list global

ip accounting-list address mask
no ip accounting-list address mask
 

Configures

An accounting filter

Default

None

Description

This command defines an IP address and wildcard mask for use as an accounting filter. Once a filter has been created, traffic is logged only if it matches the filter. If an IP address fails to match this filter, it is considered a transit IP packet and is logged to a separate table. See ip accounting-transits.

Example

The following command logs traffic to and from the 10.10.0.0 network:

ip accounting-list 10.10.0.0 0.0.255.255
ip accounting-threshold global

ip accounting-threshold log-size
no ip accounting-threshold log-size
 

Configures

The IP accounting log table

Default

512 entries

Description

This command sets the size of the IP accounting table to log-size bytes. Each entry takes up to 26 bytes. Therefore, an accounting table defined at 100 entries could consume up to 2600 bytes of memory. This calculation should be kept in mind when defining new thresholds, as memory usage has adverse affects on the router.

Example

To double the accounting buffer:

ip accounting-threshold 1024

ip accounting-transits global

ip accounting-transits number
no ip accounting-transits
 

Configures

The table used for logging transit IP addresses

Default

None

Description

This command sets the size of the table for transit IP accounting to number entries. A transit IP packet is any packet with a source or destination that does not match the filter defined in the ip accounting-list command. If no accounting filters are defined, there are no transit IP packets.

Example

To set the transit table to 200 entries:

ip accounting-transits 200
ip address interface

ip address address subnet-mask [secondary]
no ip address address subnet-mask [secondary]
 

Configures

The IP address for an interface

Default

No IP address

Description

This command sets the IP address for the interface to address; the network mask used on the network is subnet-mask. The secondary keyword is used to apply a second (or third, or fourth... ) address to an interface. It is allowed only if the interface allows multiple IP addresses.

Example

This command sets the IP address of the ethernet0 interface to 10.10.1.1 and the subnet mask to 255.255.255.0:

interface ethernet0
 ip address 10.10.1.1 255.255.255.0
 

The following commands use the secondary keyword to add a second IP address to the ethernet0 interface:

interface ethernet0
 ip address 10.10.1.1 255.255.255.0
 ip address 10.10.2.1 255.255.255.0 secondary
 

This interface will now answer and provide routing for both the 10.10.1.0/24 and 10.10.2.0/24 subnets.

ip address negotiated interface

ip address negotiated
no ip address negotiated
 

Configures

PPP address negotiation

Default

Disabled

Description

This command configures an interface to obtain its IP address via PPP.

ip address-pool global

ip address-pool [dhcp-proxy-client | local]
no ip address-pool
 

Configures

Default address pooling

Default

Disabled

Description

This command provides an IP address pool to be used on dial-in or ISDN interfaces.

 

dhcp-proxy-client

Optional. The router works as a proxy between the dial-in peers and the DHCP server to provide the address pool.

 

local

Optional. Tells the router to use the local address pool.

ip alias global

ip alias ip-address port
no ip alias ip-address
 

Configures

IP address mapping for reverse telnet

Default

None

Description

This command allows you to provide aliases in the form of IP addresses for various ports on the router. This feature is helpful if you are configuring a communication server with reverse telnet.

 

ip-address

The IP address of the port for which you want to establish an alias.

 

port

The port that you want to use as an alias for the IP address.

Example

Say we have a communication server (router) with three ports to which we allow reverse telnet access: 2001, 2002, and 2003. Instead of requiring users to type the router's IP address and the port every time, we assign (alias) an available IP address to each of our ports. The following commands create three IP address aliases (172.30.1.1, 172.30.1.2, and 172.30.1.3):

ip alias 172.30.1.1 2001
ip alias 172.30.1.2 2002
ip alias 172.30.1.3 2003

ip as-path access-list global

ip as-path access-list access-list {permit | deny} as-regex
no ip as-path access-list access-list {permit | deny} as-regex
 

Configures

A BGP access list

Default

None

Description

This command allows you to build an access list for BGP autonomous system (AS) paths. These lists can be applied to a neighbor with the filter-list option to the neighbor command. access-list is a number that identifies the list; as-regex is a regular expression that matches AS paths. For more information on valid regular expressions for BGP, see Chapter 10.

Example

The following commands create an AS-path access list that denies (blocks) routes that include AS 111. This access list is then applied to routes that are sent to the BGP neighbor 11.1.1.1.

ip as-path access-list 1 deny _111_

router bgp 120
 network 10.1.0.0
 neighbor 11.1.1.1 remote-as 200
 neighbor 11.1.1.1 filter-list 1 out

ip authentication interface

ip authentication key-chain eigrp as-number key-chain
no ip authentication key-chain eigrp as-number key-chain

ip authentication mode eigrp as-number md5
no ip authentication mode eigrp as-number md5
 

Configures

Authentication of EIGRP packets

Default

None

Description

The ip authentication key-chain command defines the key chain to be used for authenticating EIGRP packets. It is used with the ip authentication mode eigrp command, which applies the key chain to the correct EIGRP process. Key chains are defined with the global key chain command.

 

as-number

The EIGRP process to which this key applies.

 

key-chain

The name of an EIGRP key chain.

Example

interface ethernet0
 ip authentication key-chain eigrp 100 key1
 ip authentication mode eigrp 100 md5

ip bandwidth-percent eigrp interface, EIGRP

ip bandwidth-percent eigrp as-number percent-value
 

Configures

The bandwidth that EIGRP is allowed to use

Default

50 percent

Description

This command sets the bandwidth percentage that EIGRP is allowed to consume on a link. It is particularly useful if the link's bandwidth has been set to a fake value for some reason (such as metrics).

 

as-number

The EIGRP process whose bandwidth is being limited.

 

percent-value

The percentage of the interface's total bandwidth that can be used by EIGRP. The interface's bandwidth is defined by the bandwidth command and may not be the same as the actual bandwidth available on the link. Note that percent-value may be greater than 100; this is useful if the bandwidth has been set to an artificially low value and doesn't reflect the actual capacity of the link.

ip bgp-community new-format global

ip bgp-community new-format
no ip bgp-community new-format
 

Configures

Display of the BGP communities

Default

Disabled

Description

This command changes the display of BGP communities from NN:AA to AA:NN.

ip bootp server global

ip bootp server
no ip bootp server
 

Configures

Use of a BOOTP server from the network

Default

Enabled

Description

This command enables or disables the router's BOOTP server. Disabling this feature prevents hosts from accessing the BOOTP service on the router; that is, the router won't act as a BOOTP server.

ip broadcast-address interface

ip broadcast-address address
no ip broadcast-address address
 

Configures

A broadcast address for an interface

Default

Depends on the settings in the config-register

Description

This command specifies the interface's broadcast address. All hosts on the network to which the interface is connected must use the same broadcast address. Broadcast addresses are usually formed by setting the "host address" portion of the IP address to 1, which is the default for the router and most modern computer systems. Some old systems may form the broadcast address by setting the host portion to 0, and may be incapable of using the "1" form. In this case, you must explicitly set the broadcast address of the router interface (and all other hosts on the network) to use the older form.

Example

The following code changes the broadcast IP address for serial 0 to 10.10.10.255:

interface serial 0
 ip broadcast-address 10.10.10.255

ip cef global

ip cef [distributed]
no ip cef
 

Configures

Cisco Express Forwarding (CEF)

Default

Depends on the hardware; usually disabled

Description

This command enables CEF on the router. CEF is a Layer 3 switching technology that increases network performance for certain types of network traffic.

The optional distributed keyword enables distributed CEF (dCEF), which distributes CEF information to line cards on the router.

ip cef traffic-statistics global

ip cef traffic-statistics [load-interval seconds] [update-rate seconds]
no ip cef traffic-statistics
 

Configures

Time intervals that control when NHRP creates or destroys an SVC

Default

load-interval is 30 seconds; update-rate is 10 seconds

Description

This command sets the intervals that NHRP uses when building or tearing down an SVC. The load-interval is used in conjunction with the ip nhrp trigger-svc command; its value can range from 30 to 300 seconds. The update-rate is the frequency, in seconds, at which the port adapter sends statistics to the route processor (RP). When using NHRP in distributed CEF switching mode, the update rate must be set to 5 seconds.

ip cgmp interface

ip cgmp [proxy | router-only]
no ip cgmp
 

Configures

Cisco Group Management Protocol (CGMP)

Default

Disabled

Description

This command enables CGMP on an interface, which is useful when the interface is connected to a Cisco Catalyst family switch.

 

proxy

Optional. Enables CGMP and the CGMP proxy function.

 

router-only

Optional. Enables the router to send only CGMP self-join and CGMP self-leave messages.

ip classless global

ip classless
no ip classless
 

Configures

IP classless routing for the router

Default

Depends on the IOS version

Description

This command enables routing based on "classless" addresses. With classless routing, packets can be routed if the router knows a route for a supernet of the addressee. Without classless addressing, the packet is discarded if it arrives at the router and there is no network route for its destination. Assume that a packet arrives with the destination of 10.10.1.5, but we have routes only for 10.10.2.0/24, 10.10.3.0/24, and 10.10.0.0/16. With IP classless routing enabled, the router forwards the packet to the 10.10.0.0/16 network because 10.10.0.0/16 is the best matching supernet of 10.10.1.5.

ip community-list global

ip community-list number {permit | deny} community
no ip community-list number
 

Configures

A community list for BGP

Default

None

Description

This command defines a community list, which is basically an access list for a BGP community. A community list can be used with the match community command in a route-map configuration.

 

number

A value identifying the community list that this command belongs to. Values can be 1 to 99.

 

permit | deny

Permits or denies the given community.

 

community

The community to permit or deny. This parameter may be a community number between 1 and 99, or one of the default community names (internet, no-export, no-advertise).

Example

ip community-list 1 permit internet
ip default-gateway global

ip default-gateway address
no default-gateway address
 

Configures

The default gateway for the router

Default

None

Description

This command establishes address as the router's default gateway, which is the gateway to which nonlocal packets are forwarded in the absence of a better route. It is useful if the no ip routing command has been issued or if you are running from boot mode, in which IP routing is disabled. This command allows you to forward traffic to the default gateway when routing is disabled. Use the no form of this command to remove the entry from the router's configuration.

ip default-network global

ip default-network network
no ip default-network network
 

Configures

Gateway of last resort

Default

None

Description

This command defines a gateway of last resort. The network argument is a network address; any route to the network becomes the default route. For RIP, this is the 0.0.0.0 route; for OSPF, it is an external route.

ip dhcp-server global

ip dhcp-server address
no ip dhcp-server address
 

Configures

The DHCP server for the router

Default

None

Description

Specifies the address of the DHCP server for this router. You can provide the hostname of the DHCP server instead of its IP address. This DHCP server is then used for creating address pools with the ip address-pool command.

ip directed-broadcast interface

ip directed-broadcast [access-list]
no ip directed-broadcast
 

Configures

Broadcast forwarding

Default

Enabled (disabled for IOS 12.0 and later)

Description

By default, the router automatically translates directed broadcasts to physical broadcasts within your network. In other words, Layer 3 broadcasts to the IP broadcast address (10.10.1.255 for the subnet 10.10.1.0/24) are translated into Layer 2 broadcasts with an address appropriate for the interface (e.g., ff:ff:ff:ff:ff:ff for an Ethernet interface).

While this can be useful, an interface that is configured to the outside world could allow a potential hacker to flood your network by pinging the broadcast address on your interface. It is recommended that directed-broadcast is disabled on your external interfaces to prevent this attack from occurring. Directed broadcast is also the primary mechanism used for the "smurf" attack. It is recommended that you disable directed broadcast on all your interfaces unless you have a very good reason to use it.

Example

To disable directed broadcasts:

interface serial 0
 no ip directed-broadcast
ip domain-list global

ip domain-list domain
no ip domain-list domain
 

Configures

Domain name completion

Default

None

Description

This command allows you to define a series of domain names to be used (in turn) to complete an unqualified domain name. It behaves just like the domain-name command except that it allows you to list a series of domains.

Example

These commands set the domain list to mydomain.com, com.com, and mycom.com:

ip domain-list mydomain.com
ip domain-list com.com
ip domain list mycom.com
 

Use the no form of the command to delete an entry:

no ip domain-list com.com
ip domain-lookup global

ip domain-lookup
no ip domain-lookup
 

Configures

DNS lookups for hostnames

Default

Enabled

Description

This command enables the DNS lookup feature. To disable DNS, use the no form of this command. Disabling this feature is useful because you don't usually want the router trying to perform a DNS lookup on every word that you type at the command prompt. (You can accomplish the same thing by enabling transport preferred none on all lines.) Furthermore, if you are having network problems, you may not be able to reach any DNS servers to perform lookups.

Example

To disable DNS lookups:

no ip domain-lookup

ip domain-name global

ip domain-name domain
no ip domain-name domain
 

Configures

Domain name completion

Default

None

Description

This command sets the domain name that the router will use to complete any unqualified domain names. See also ip domain-list.

Example

Here, all unqualified hostnames are taken to be in the mydomain.com domain:

ip domain-name mydomain.com

ip dvmrp accept-filter interface

ip dvmrp accept-filter access-list [distance] [neighbor-list access-list]
no dvmrp accept-filter access-list
 

Configures

Incoming filter for DVMRP reports

Default

All reports are accepted with a distance of 0

Description

This command applies an access list to incoming DVMRP reports. The lower the distance, the higher the precedence of the route when computing the Reverse Path Forwarding value.

 

access-list

The number of a standard IP access list (0-99). Routes matching the access list are assigned the given administrative distance. If the access list number is 0 (which is not a legal access list number), all reports are accepted with the given administrative distance.

 

distance

Optional. The administrative distance to be assigned to routes matching the filter. Default is 0.

 

neighbor-list list

Optional. The number of a standard IP access list (1-99). DVMRP reports are accepted only from neighbors who match this access list.

ip dvmrp auto-summary interface

ip dvmrp auto-summary
no ip dvmrp auto-summary
 

Configures

DVMRP auto summarization

Default

Enabled

Description

Auto summarization occurs when a route is summarized into a classful network route. Use the no form of this command to disable it, which you will want to do if you are using the ip dvmrp summary-address command.

ip dvmrp default-information interface

ip dvmrp default-information {originate | only}
no dvmrp default-information
 

Configures

Advertises a default route to DVMRP neighbors

Default

Disabled

Description

This command causes the default route (0.0.0.0) to be advertised to DVMRP neighbors.

 

originate

Routes more specific than 0.0.0.0 can be advertised.

 

only

Only the default route is advertised.

ip dvmrp metric interface

ip dvmrp metric metric [list access-list] [[protocol process-id] | [dvmrp]
no ip dvmrp metric
 

Configures

Metrics for DVMRP

Default

1

Description

This command lets you specify a metric to be used with the DVMRP routing protocol. The specified metric is assigned to multicast destinations that match the access list.

 

metric

The metric associated with DVMRP reports; it can range from 0 to 32. means the route is not advertised; 32 means that the route's destination is unreachable.

 

list access-list

Optional. If used, this metric is assigned only to multicast destinations that match the access list.

 

protocol

Optional. bgp, eigrp, igrp, isis, ospf, rip, static, or dvmrp.

 

process-id

Optional. The process ID of the routing protocol, if required.

 

dvmrp

Optional. Allows routes from the DVMRP routing table to be advertised with the configured metric route map.

ip dvmrp metric-offset interface

ip dvmrp metric-offset [in | out] value
no ip dvmrp metric-offset
 

Configures

Metrics of advertised DVMRP routes

Default

in; the default value for in is 1, for out is 0

Description

This command allows you to increment the metric for DVMRP routes. The given value is added to either metrics received (in) or metrics sent (out) by the router.

ip dvmrp output-report-delay interface

ip dvmrp output-report-delay milliseconds [burst-packets]
no ip dvmrp output-report-delay
 

Configures

Interpacket delay of a DVMRP report

Default

100 milliseconds; 2 burst packets

Description

This command sets the number of milliseconds that elapse between packets of a DVMRP report.

 

milliseconds

Number of milliseconds between transmission of packets.

 

burst-packets

Optional. The number of packets in the set being transmitted.

ip dvmrp reject-non-pruners interface

ip dvmrp reject-non-pruners
no ip dvmrp reject-non-pruners
 

Configures

Peering with DVMRP non-pruners

Default

Disabled

Description

When enabled, this feature tells the interface not to peer with DVMRP hosts that do not support pruning. By default, the router will peer with all DVMRP neighbors.

ip dvmrp routehog-notification global

ip dvmrp routehog-notification route-count
no ip dvmrp routehog-notification
 

Configures

Number of routes accepted before a syslog message is generated

Default

10,000

Description

This command sets the number of DVMRP routes that can be accepted within one minute to route-count. If more than this number of routes is accepted within a minute, the router generates a syslog message. This usually helps capture any router that is misconfigured and injecting too many routes.

ip dvmrp route-limit global

ip dvmrp route-limit count
no ip dvmrp route-limit count
 

Configures

Number of advertised DVMRP routes

Default

7,000

Description

This command sets the limit on the number of DVMRP routes that can be advertised over an interface to count.

ip dvmrp summary-address interface

ip dvmrp summary-address address mask [metric value]
no ip dvmrp summary-address address mask
 

Configures

A summary DVMRP route

Default

None

Description

This command configures a summary DVMRP route to be advertised over an interface.

 

address

The IP address of the summary route.

 

mask

The network mask of the summary route.

 

metric value

Optional. The metric to be assigned to the summary address. Default is 1.

ip dvmrp unicast-routing interface

ip dvmrp unicast-routing
no dvmrp unicast-routing
 

Configures

DVMRP unicast routing

Default

Disabled

Description

This command enables DVMRP unicast routing on the interface.

ip forward-protocol global

ip forward-protocol {udp [port] | any-local-broadcast | spanning-tree |
turbo-flood}
no ip forward-protocol
 

Configures

Forwarding of broadcast packets for certain services

Default

Enabled with the ip helper-address command

Description

When the ip helper-address command is configured for an interface, the router "helps" hosts find certain UDP services by forwarding the packets. These services are BOOTP (DHCP), DNS, TFTP, TACACS, TIME, and NetBIOS name and datagram servers. This command allows you to define additional UDP ports that you want forwarded automatically to the helper IP address.

 

port

Optional. Without this parameter, all the default UDP ports listed here are forwarded. This keyword allows you to forward a specific port. You can disable a default port with the no version of this command.

 

any-local-broadcast

Forwards any broadcasts including local subnet broadcasts.

 

spanning-tree

Forwards IP broadcasts that meet the following criteria: First, it must be a MAC level broadcast; second, it must be an IP level broadcast; and third, it must be TFTP, DNS, NetBIOS, ND, TIME, BOOTP, or any other UDP packet specified by an ip forward-protocol udp command.

 

turbo-flood

Speeds up the flooding of UDP datagrams when using the spanning-tree algorithm. This command should be used in conjunction with the ip forward-protocol spanning-tree command.

Example

To forward port 21000 for a specific application:

ip forward-protocol udp 21000

ip ftp passive global

ip ftp passive
no ip ftp passive
 

Configures

Passive FTP mode

Default

Disabled (normal FTP)

Description

This command configures the router to use passive FTP. Passive FTP is often used when connecting through firewalls or access lists that block normal FTP connections. With passive FTP, the file transfer session originates from the client, not the server, which makes firewalls more likely to allow it. You may need to use passive FTP when copying a file or image to an FTP server.

ip ftp password global

ip ftp password [encryption-level] password
no ftp password
 

Configures

The FTP password

Default

username@routername.domain

Description

This command sets the password to be used for FTP connections. The default password is appropriate for anonymous FTP connections. If you do not use anonymous FTP, you must use this command to provide an appropriate secret password. The encryption-level allows you to encrypt the password within the router's configuration, so people who have access to the configuration file won't learn it. The encryption-level may be 0 or 7; 0 does not encrypt the password, while 7 uses a proprietary (but not particularly strong) encryption scheme.

ip ftp source-interface global

ip ftp source-interface interface
no ip ftp source-interface
 

Configures

The FTP source address

Default

The IP address of the interface closest to the destination

Description

This command sets the source address for FTP connections to the IP address of the given interface.

ip ftp username global

ip ftp username username
no ip ftp username
 

Configures

The FTP username

Default

anonymous

Description

This command sets the username for FTP connections. If no username is supplied, the router attempts an anonymous FTP file transfer.

Example

The following commands configure the router to use passive FTP with the username saul and the password pleaseletmein.

ip ftp passive
ip ftp username saul
ip ftp password pleaseletmein
ip hello-interval eigrp interface

ip hello-interval eigrp as-number seconds
no ip hello-interval eigrp as-number seconds
 

Configures

Hello interval for EIGRP

Default

five seconds

Description

This command sets the interval at which EIGRP hello discovery packets are sent out on a link. The default value for the hello interval is 5 seconds. On links where latency is high, changing this value to a higher number can be advantageous.

 

as-number

The EIGRP process number (frequently called an AS number).

 

seconds

The interval between hello discovery packets.

ip helper-address interface

ip helper-address address
no ip helper-address address
 

Configures

IP address to which certain broadcast UDP packets are forwarded

Default

Disabled

Description

This command sets the helper address to address. The helper address should be the address of a host that can answer UDP requests from other hosts. The router sees these requests broadcast on a LAN interface and forwards them to the helper address (generally a unicast address) if one is defined. A helper is particularly useful for DHCP requests; without some kind of forwarding, DHCP requires you to have a separate server on every subnet. By itself, this command forwards packets for the BOOTP (DHCP), DNS, TFTP, TACACS, TIME, and NetBIOS name and datagram services. The ip forward-protocol command can be used to forward additional UDP services.

Example

To configure interface ethernet0 to have a helper address:

interface ethernet0
 ip address 10.10.1.2 255.255.255.0
 ip helper address 10.10.2.5
ip hold-time eigrp interface

ip hold-time eigrp as-number seconds
no ip hold-time eigrp as-number seconds
 

Configures

Hold time for EIGRP networks

Default

15 seconds

Description

This command defines the number of seconds that a route is held before hearing from a neighbor router. If the router doesn't hear from a neighbor within this time, the routes from that neighbor are considered invalid. The default holdtime is three times the hello interval, which is 15 seconds on most links. Slower links might have a holdtime of 180 seconds and a hello interval of 60 seconds.

 

as-number

The EIGRP process number (frequently called an AS number).

 

seconds

The holdtime for this EIGRP process.

ip host global

ip host name [tcp-port] address [address]
no ip host name address
 

Configures

A static hostname that maps to one or more IP addresses

Default

None

Description

This command allows you to define an IP address for a hostname. Each hostname can have up to eight IP addresses associated with it. This is similar to a host file on a workstation (for example, the /etc/hosts file on Unix).

 

name

The name of a host.

 

tcp-port

Optional. The port to connect to on the host when using the telnet command.

 

address

The address assigned to the host.

Example

The following commands define two IP hosts; the second one has two IP addresses:

ip host gateway1 10.10.1.1
ip host gateway2 10.10.1.2 10.10.1.3

ip http global

ip http server
no ip http server

ip http access-class access-list
no ip http access-class access-list

ip http authentication method
no ip http authentication method

ip http port port
no ip http port port
 

Configures

Web IOS interface

Default

Disabled; when enabled, listens on port 80

Description

This command configures support for the Web IOS interface software. This feature enables an HTTP server on the router and allows you to configure the router by pointing any web browser at this server. The access-class option lets you specify an access list that limits access to the HTTP server. The port option lets you specify the port on which the server listens.

The acceptable authentication methods are enable, local, tacacs, and aaa.

Example

The following commands enable the web browser interface and specify a non-default port:

ip http server
ip http port 8008

ip identd global

ip identd
no ip identd
 

Configures

Identification support

Default

Disabled

Description

This command enables the IDENTD identification protocol. To disable IDENTD, use the no form of the command.

ip igmp access-group interface

ip igmp access-group access-list version
no ip igmp access-group access-list version
 

Configures

Controls multicast groups

Default

All groups are enabled; default version is 2

Description

This command allows you to set an access-list that controls which groups are available on the interface for hosts to join. If a host is in the access list, it will be allowed to join multicast groups. The version parameter changes the IGMP version.

ip igmp explicit-tracking interface

ip igmp explicit-tracking
no ip igmp explicit-tracking
 

Configures

Explicit tracking for IGMPv3

Default

Disabled

Description

This command enables explicit tracking of hosts, groups, and channels for IGMP v3. Explicit tracking allows the router to individually track IGMP membership states of all reporting hosts. To view the information, use the show ip igmp membership command.

ip igmp helper-address interface

ip igmp helper-address ip-address
no ip igmp helper-address ip-address
 

Configures

Forwards IGMP messages to another IP address

Default

Disabled

Description

This command causes all IGMP Host Reports and Leave messages to be sent to the host specified by the ip-address parameter.

ip igmp join-group interface

ip igmp join-group group-address
no ip igmp join-group group-address
 

Configures

Has the router join a multicast group

Default

None

Description

This command causes the router to join the multicast group specified by the IP group address on the interface.

ip igmp query-interval interface

ip igmp query-interval seconds
no ip igmp query-interval seconds
 

Configures

Query message interval

Default

60 seconds

Description

This command configures the router to send IGMP host-query messages at the specified interval. Changing this value may affect multicast forwarding.

ip igmp query-max-response-time interface

ip igmp query-max-response-time seconds
no ip igmp query-max-response-time seconds
 

Configures

Response time advertised in IGMP query packets

Default

10 seconds

Description

This command sets the time in seconds that the responder has to respond to a query before the router deletes the group. This command works only with IGMP Version 2.

ip igmp query-timeout interface

ip igmp query-timeout seconds
no ip igmp query-timeout seconds
 

Configures

Query timeout

Default

two times the query interval

Description

This command sets the query timeout period in seconds. This is the time that the router waits after the last querier stops querying, and takes over as the querier.

ip igmp static-group interface

ip igmp static-group group-address
no ip igmp static-group group-address
 

Configures

A static igmp group for the router

Default

Disabled

Description

This command enrolls the router in the multicast group specified by the group-address. Unlike the ip igmp join-group command, this command allows packets to the group to be fast-switched out the interface.

ip igmp version interface

ip igmp version {1 | 2 | 3}
no ip igmp version
 

Configures

The IGMP version type

Default

2

Description

This command sets the version number of IGMP supported by the router (1, 2, or 3). Make sure that your hosts support the same version. Version 3 was introduced in 12.1(5)T.

ip irdp interface

ip irdp [multicast | holdtime seconds | maxadvertinterval seconds |
minadvertinterval seconds | preference value | address ip-address
[preference]]
no ip irdp
 

Configures

IRDP

Default

Disabled

Description

This command enables ICMP Router Discovery Protocol (IRDP) on an interface. Other hosts on the network can use this protocol to negotiate a default router based on the preference parameter.

This command has many options. Instead of writing a single long command, it's often more convenient to issue a number of shorter commands, each setting one option.

 

multicast

Optional. Tells the router to use the multicast address instead of the broadcast address for IRDP.

 

holdtime seconds

Optional. The time in seconds that advertisements are held. By default, this value is three times the maxadvertinterval.

 

maxadvertinterval seconds

Optional. Sets the maximum interval in seconds between advertisements. The default is 600 seconds.

 

minadvertinterval seconds

Optional. Sets the minimum interval in seconds between advertisements. The default is the maximum interval.

 

preference value

Optional. Sets the preference value for this router, which is used by the routers running IRDP to select the default gateway. The default preference is 0. The higher the preference, the more preferred this router is to hosts.

 

address ip-address [ preference]

Optional. Tells the router to generate proxy advertisements for the given ip-address. If you specify a preference, it is associated with the given ip-address. This allows routers that do not run IRDP to participate in router discovery.

Example

interface ethernet0
 ! Enable IRDP on this interface
 ip irdp
 ! make this router preferred
 ip irdp preference 10

ip load-sharing interface

ip load-sharing [per-packet] [per-destination]
no ip load-sharing [per-packet] [per-destination]
 

Configures

Cisco Express Forwarding (CEF)

Default

per-destination

Description

This command enables load sharing for Cisco Express Forwarding (CEF). By default, CEF uses per-destination load sharing, in which all traffic for a given destination is sent through the same interface. The per-packet keyword changes the behavior of CEF so that packets for the same destination may be sent through different interfaces. This approach makes load sharing more effective because it increases the effective bandwidth between the router and the destination. However, packets might arrive at the destination out of order, requiring the destination host to reassemble them.

ip local policy route-map global

ip local policy route-map map
no ip local policy route-map map
 

Configures

Policy routing

Default

None

Description

This command enables local policy routing. In brief, policy routing means using criteria other than the shortest path to the destination (as computed by a routing protocol) for route selection. The map parameter is the name of a route map that specifies the routing policy. Unlike the ip policy command, which applies a routing policy to a single interface, this command applies the policy to traffic originating on the router.

Example

In this example, a route map named map1 states that any traffic that matching access list 101 will be routed to the 10.1.1.1 router. Access list 101 matches all IP traffic destined for network 10.1.5.0/24. The ip local policy command is used to apply this route map, effectively routing all traffic for 10.1.5.0 through 10.1.1.1 regardless of what the routing protocols might tell the router to do. There are many possible reasons for this policyfor example, the traffic for 10.1.5.0 might be highly confidential, and we want to make sure that it passes only through trusted routers.

access-list 101 permit ip 10.1.5.0 0.0.0.255 any
!
ip local policy route-map map1
!
route-map map1
 match ip address 101
 set ip next-hop 10.1.1.1
ip local pool global

ip local pool {default | poolname} low-ip-address [high-ip-address]
no ip local pool {default | poolname}
 

Configures

A pool of IP addresses

Default

None

Description

This command allows you to create a pool of IP addresses that are used when a remote system connects to one of your interfaces. The default pool is the one used if no name is given on the interface.

 

default

Default pool configuration.

 

poolname

The name of the pool you are configuring.

 

low-ip-address

The starting (lowest) IP address in the address pool.

 

high-ip-address

The ending (highest) IP address in the pool. This is optional. If omitted, the only IP address in the pool is the low-ip-address.

Example

! Assign a pool called dialins1 that goes from 172.30.25.10 to 172.30.25.100
ip local pool dialins1 172.30.25.10 172.30.25.100
ip mask-reply interface

ip mask-reply
no mask-reply
 

Configures

Responses to ICMP mask request messages

Default

Disabled

Description

By default, the router does not respond to ICMP mask requests. This command enables responses through the interface.

Example

interface ethernet 1
 ip mask-reply
ip mroute global

ip mroute source mask [protocol as-number] {rpf-address | interface}
[distance]
no ip mroute source mask [protocol as-number] {rpf-address | interface}
[distance]
 

Configures

A multicast static route

Default

None

Description

This command adds a static multicast route.

 

source

The source IP address.

 

mask

Network mask for the source address.

 

protocol as-number

Optional. The unicast routing protocol you are using, followed by the protocol's process number or autonomous system number, if applicable.

 

rpf-address

The address of the incoming interface for the multicast route. This address can be a host address or a network address.

 

interface

The incoming interface for the route (e.g., serial0).

 

distance

Optional. This value is used to decide if a unicast, DVMRP, or static route should be used for RPF lookup.

ip mroute-cache interface

ip mroute-cache
no ip mroute-cache
 

Configures

IP multicast fast switching

Default

Enabled

Description

This command enables fast switching for multicast routing , which is analogous to the route cache for unicast routing. If disabled with the no form of the command, every packet is switched at the process level.

ip mtu interface

ip mtu bytes
no ip mtu bytes
 

Configures

Maximum Transmission Unit (MTU) for the interface

Default

Depends on the interface's media type

Description

This command sets the MTU for the interface to bytes. The MTU is the largest packet size that can be sent over the interface. The default MTU depends on the media type; Table 17-11 shows default MTU values for some common media. This command allows you to modify the MTU for any interface. Larger MTU values are more efficient with highly reliable networks; lower MTU values can help if an interface is unreliable, or in situations where protocols do not support fragmentation.

Table 17-11. Default MTU values

Interface type

Default MTU

Ethernet/Serial

1500

HSSI/ATM/FDDI

4470

 

Example

interface ethernet 0
 ip mtu 1250

ip multicast boundary interface

ip multicast boundary access-list
no ip multicast boundary
 

Configures

A multicast boundary

Default

None

Description

The access-list defines the multicast boundary, which is used to keep multicast packets from being forwarded out the interface.

ip multicast cache-headers global

ip multicast cache-headers
no ip multicast cache-headers
 

Configures

Buffers multicast packet headers

Default

Disabled

Description

This command enables the router to cache IP multicast packet headers. These headers can be viewed with the show ip mpacket command.

ip multicast helper-map interface

ip multicast helper-map group-address broadcast-address access-list
no ip multicast helper-map group-address broadcast-address access-list

ip multicast helper-map broadcast multicast-address access-list
no ip multicast helper-map broadcast multicast-address access-list
 

Configures

Multicast tunneling

Default

None

Description

Use this command to send broadcast packets through a multicast network that connects two or more broadcast-capable networks. At one multicast network, you convert the multicast packets to broadcast packets and send them through the broadcast network, which converts them back to multicast packets at the other end.

 

group-address

Multicast group whose traffic is to be converted to broadcast traffic.

 

broadcast

Specifies that the traffic is going to be converted from broadcast to multicast.

 

broadcast-address

When using the group-address parameter, this parameter specifies the IP address to which to send the broadcast traffic.

 

multicast-address

When using the broadcast option, this variable specifies the multicast address to which converted traffic is sent.

 

access-list

An extended access list that uses the UDP port number to control which broadcast packets will be converted.

Example

The following configuration converts multicast traffic for the multicast group 224.1.1.2 to broadcast traffic using the broadcast address 10.1.1.255 and UDP port 5000:

interface ethernet 0
 ip multicast helper-map 224.1.1.2 10.1.1.255 101
 ip pim dense-mode
!
! Convert to UDP port 5000
access-list 101 permit any any udp 5000
access-list 101 deny any any udp
!
! Forward UDP port 5000
ip forward-protocol udp 5000
 

The next configuration is the other end of the tunnel. It converts broadcast traffic on UDP port 5000 to multicast traffic:

interface ethernet 0
 ip multicast helper-map broadcast 224.1.1.2 101
 ip pim dense-mode
!
! Use access list to convert traffic to UDP
! port 5000
access-list 101 permit any any udp 5000
access-list 101 deny any any udp
!
! Forward udp port 5000
ip forward-protocol udp 5000

ip multicast rate-limit interface

ip multicast rate-limit {in | out} [video | whiteboard] [group-list access-
list] [source-list access-list] kbps
no ip multicast rate-limit {in | out} [video | whiteboard]
[group-list access-list] [source-list access-list] kbps
 

Configures

The rate at which a sender can send to a multicast group

Default

No rate limit

Description

This command controls the rate at which hosts matching a source list can send multicast packets to a multicast group.

 

in

The limit applies only to incoming packets.

 

out

The limit applies only to outgoing packets.

 

video

Optional. Rate limit applies only to video traffic.

 

whiteboard

Optional. Rate limit applies only to whiteboard traffic.

 

group-list access-list

Optional. The rate limit applies only to multicast groups that match the access list.

 

source-list access-list

Optional. The rate limit applies only to hosts sending multicast traffic that match the access list.

 

kbps

The total bandwidth, in Kbps, that is used for multicast traffic that matches the preceding parameters. Traffic in excess of this rate is discarded. If the rate is set to 0, no traffic is permitted.

ip multicast-routing global

ip multicast-routing
no ip multicast-routing
 

Configures

IP multicast routing

Default

Disabled

Description

By default, the router does not forward multicast packets. This command enables multicast routing.

ip multicast ttl-threshold interface

ip multicast ttl-threshold ttl
no ip multicast ttl-threshold
 

Configures

TTL threshold of forwarded packets

Default

0

Description

This command configures the TTL threshold for packets that are being forwarded out the interface. Only packets with TTL values greater than the threshold are forwarded. The default value is 0, which means all packets are forwarded. The value of ttl can be from 0 to 255.

ip name-server global

ip name-server address [address]
no ip name-server address
 

Configures

DNS server name

Default

None

Description

This command sets the name servers that the router uses for DNS queries. You can specify the addresses of up to 6 different DNS servers on one command line. Because you are configuring domain name service, be sure to use an IP address and not a hostname for the server!

Example

The first line configures one name server; the second line configures six name servers:

ip name-server 10.10.2.5
ip name-server 10.10.1.5 10.10.2.5 10.10.3.5 10.10.4.5 10.10.5.5 10.10.6.5

ip nat interface

ip nat {inside | outside} [log {translations syslog}]
no ip nat {inside | outside} [log {translations syslog}]
 

Configures

IP Network Address Translation (NAT)

Default

Disabled

Description

This command configures an interface for NAT. The translation can occur for inside or outside addresses.

Example

In the following configuration, ethernet0 is our internal network with the internal IP address; serial0 is our external interface to the Internet. The NAT translation should be inside on ethernet0 and outside on serial0. The optional log command enables NAT logging. translations enables NAT logging translation. The syslog keyword enables syslog logging for NAT.

interface ethernet0
 ip address 10.10.1.1 255.255.255.0
 ip nat inside
interface serial0
 ip address 192.168.1.1 255.255.255.0
 ip nat outside
ip nat inside destination global

ip nat inside destination [list access-list] pool pool-name
no ip nat inside destination [list access-list] pool pool-name

ip nat inside destination [list access-list] static global-ip local-ip
no ip nat inside destination [list access-list] static global-ip local-ip
 

Configures

Enables NAT for inside destination IP addresses

Default

Disabled

Description

This command enables the mapping of internal (inside) destination addresses to global destination addresses.

 

list access-list

Optional. Defines an access list for the translation. If an address is not blocked by the access list, it is translated.

 

pool pool-name

The name of the address pool for allocating global IP addresses.

 

static global-ip local-ip

A static mapping of a global IP address to a local IP address.

ip nat inside source global

ip nat inside source {list access-list | route-map name}
{interface interface-name | pool pool-name} [overload]
no ip inside source {list access-list] pool pool-name [overload]

ip nat inside source static local-ip global-ip
no ip nat inside source static local-ip global-ip
 

Configures

Enables NAT for inside source IP addresses

Default

None

Description

This command enables the mapping of internal (inside) source addresses to global addresses.

 

list access-list

Optional. Defines an access list for the translation. If an address is not blocked by the access list, it is translated. You can use an access list number or name.

 

route-map name

Specifies a named route map.

 

interface interface-name

Specifies the name of an interface to be used for selecting the global IP address.

 

pool pool-name

The name of an address pool to be used for selecting global IP addresses.

 

overload

Optional. Allows many local IP addresses to share a few global IP addresses by multiplexing the ports.

 

static local-ip global-ip

A static mapping of a local IP address to a global IP address.

ip nat outside source global

ip nat outside source {list access-list | route-map name} pool pool-name
no ip nat outside source {list access-list} pool pool-name

ip nat outside source {list access-list}static global-ip local-ip
no ip nat outside source {list access-list} static global-ip local-ip
 

Configures

Enables NAT for outside source IP addresses

Default

None

Description

This command enables the mapping of external (outside) source addresses to internal addresses.

 

list access-list

Optional. Defines an access list for the translation. If an address is not blocked by the access list, it is translated. You can use an access list number or name.

 

pool pool-name

The name of the address pool for allocating global IP addresses.

 

route-map name

Specifies a named route map.

 

static global-ip local-ip

A static mapping of a global IP address to a local IP address.

ip nat pool global

ip nat pool name starting-address ending-address [netmask value |
prefix-length length] [type rotary]
no ip nat pool name starting-address ending-address [netmask value |
prefix-length length] [type rotary]
 

Configures

The IP address pool to be used in the NAT configuration

Default

None

Description

This command defines a sequential range of IP addresses to use with NAT configurations.

 

name

Name of the address pool.

 

starting-address

The beginning of the pool's IP address range.

 

ending-address

The last IP address in the pool.

 

netmask value

Specifies the netmask for the pool address range.

 

prefix-length length

Specifies the number of ones in the bitmask.

 

type rotary

Optional. Specifies that the range of IP addresses corresponds to real hosts for which load distribution should occur. This means that the pool is defined as a round-robin set of address for load balancing. As new TCP connections are made, a new address is selected from the pool. Non-TCP traffic passes through without translation.

ip nat stateful id global

ip nat stateful id id-number {redundancy name | {{primary ip-primary |
backup ip-backup} peer ip-peer} mapping-id map-number}
no ip nat stateful id id-number {redundancy name | {{ primary ip-primary |
backup ip-backup} peer ip-peer} mapping-id map-number}
 

Configures

Stateful Network Address Translation (SNAT)

Default

None

Description

This command enables Stateful NAT, providing failover capabilities. For a complete explanation, see the NAT section in Chapter 13.

 

id-number

A unique number given to the stateful translation group.

 

redundancy name

Establishes HSRP as the method for redundancy.

 

primary ip-primary

Manually sets the IP address of the primary router.

 

backup ip-backup

Manually sets the IP address of the backup router.

 

peer ip-peer

Manually sets the IP address of the peer router in the translation group.

 

mapping-id map-number

Specifies whether the local stateful NAT translation router will distribute a set of locally created entries to the peer SNAT router.

ip nat translation global

ip nat translation [max-entries number] {timeout | udp-timeout | dns-timeout |
tcp-timeout | finrst-timeout | icmp-timeout | pptp-timeout | syn-timeout |
port-timeout} seconds
no ip nat translation [max-entries number] {timeout | udp-timeout | dns-timeout |
tcp-timeout | finrst-timeout | icmp-timeout | pptp-timeout | syn-timeout |
port-timeout} seconds
 

Configures

None

Default

See description

Description

This command specifies different timeouts for NAT translations.

 

max-entries number

Optional. Specifies the maximum number of NAT entries. Default is unlimited.

 

timeout seconds

The timeout on all translations except overloads. Default is 86,400 seconds.

 

udp-timeout seconds

The timeout on UDP port translations. Default is 300 seconds.

 

dns-timeout seconds

The timeout on DNS (Domain Name Service). Default is 60 seconds.

 

tcp-timeout seconds

The timeout on TCP ports. Default is 86400 seconds.

 

finrst-timeout seconds

The timeout on Finish and Reset TCP packets. Default is 60 seconds.

 

icmp-timeout seconds

The timeout for ICMP flows. Default is 60 seconds.

 

pptp-timeout seconds

The timeout for NAT Point-to-Point Protocol flows. Default is 86,400 seconds.

 

syn-timeout seconds

The timeout for TCP flows immediately after a SYN (synchronous transmission) message. The default is 60 seconds.

 

port-timeout seconds

The timeout that applies to TCP/UDP ports. The default is 0 (never).

ip nbar pdlm global

ip nbar pdlm name
no ip nbar pdlm name
 

Configures

Network-Based Application Recognition (NBAR)

Default

None

Description

This command specifies a Packet Description Language Module (PDLM) file, which the router uses to extend its NBAR capabilities. The PDLM is a collection of items used by NBAR to identify protocols. A list of PDLM files is on Cisco's web site (http://www.cisco.com/pcgi-bin/tablebuild.pl/pdlm; note that this URL is available only to those with a Cisco service agreement).

Example

ip nbar pdm flash://somefilename.pdlm
ip nbar port-map global

ip nbar port-map name [tcp | udp] port-number
no ip nbar port-map name [tcp | udp] port-number
 

Configures

Network-Based Application Recognition (NBAR)

Default

None

Description

This command configures NBAR to look for a protocol on a specified port other than the well-known port. port-number can be a value from 0 to 65,535 and up to 16 ports can be listed on one line.

Example

! we run our ssh on different ports
ip nbar port-map ssh tcp 6000 60002

ip nbar protocol-discovery interface

ip nbar protocol-discovery
no ip nbar protocol-discovery
 

Configures

Network-Based Application Recognition (NBAR)

Default

None

Description

This command enables traffic statistics for an interface using all protocols known to NBAR. Use the show ip nbar protocol-discovery command to view the statistics.

Example

interface ethernet 1/1
 ip nbar protocol-discovery
ip netmask-format line

ip netmask-format [bitcount | decimal | hexadecimal]
no ip netmask-format [bitcount | decimal | hexadecimal]
 

Configures

How subnets are displayed by the show command

Default

Decimal format (255.255.255.0)

Description

This command determines the format that the show commands use for displaying subnet masks. Table 17-12 shows the possibilities.

Table 17-12. Netmask formats

Format name

Example

decimal

255.255.255.0

bitcount

10.10.1.0/24

hexadecimal

0xffffff00

ip nhrp authentication interface

ip nhrp authentication string
no ip nhrp authentication
 

Configures

Authentication for NHRP

Default

Disabled

Description

This command sets an authentication string for Next-Hop Resolution Protocol (NHRP ). By default, no authentication is performed. The string can be up to eight characters in length. All routers within the NBMA (Non-Broadcast Multi-Access) must use the same authentication string.

ip nhrp holdtime interface

ip nhrp holdtime seconds
no ip nhrp holdtime
 

Configures

NHRP holdtime

Default

7200 seconds

Description

This command sets the number of seconds to advertise to other routers that they should keep NHRP information.

ip nhrp interest interface

ip nhrp interest access-list
no ip nhrp interest
 

Configures

Which packets should trigger NHRP requests

Default

All non-NHRP packets trigger NHRP requests

Description

This command specifies an access-list that the router uses to select which packets should generate NHRP traffic.

ip nhrp map interface

ip nhrp map ip-address nbma-address
no ip nhrp map ip-address nbma-address
 

Configures

A static NBMA-to-IP address mapping

Default

None

Description

This command allows you to define a static ip-address to nbma-address mapping. The NBMA address can be a MAC address for Ethernet or an NSAP address for ATM. For NHRP, you usually need to configure one static mapping to get to the next-hop server.

ip nhrp map multicast interface

ip nhrp map multicast
no ip nhrp map multicast
 

Configures

An NBMA address for broadcast or multicast packets

Default

None

Description

This command defines a nonbroadcast multi-access (NBMA) address to which to send broadcast or multicast traffic. An NBMA address is a MAC address for Ethernet networks or an NSAP address for ATM networks. A configuration may include several of these commands, each defining another NBMA address. This command allows you to send multicast traffic through a tunnel that crosses networks that do not support IP multicasting. It may be used only on tunnel interfaces.

ip nhrp max-send interface

ip nhrp max-send packet-count every interval
no ip nhrp max-send
 

Configures

Frequency of NHRP packets

Default

packet-count is 5; interval is 10 seconds

Description

This command controls the rate at which NHRP packets can be sent. At most, packet-count packets can be sent every interval seconds. packet-count can be from 1 to 65,535; interval can be from 10 to 65,535. NHRP traffic cannot exceed this rate. Both locally generated and forwarded traffic count toward the total.

ip nhrp network-id interface

ip nhrp network-id id
no ip nhrp network-id id
 

Configures

Enables NHRP

Default

Disabled

Description

This command enables NHRP on an interface by assigning a unique identifier for the network. All hosts participating in NHRP on a logical NBMA network must use the same network ID. id can be from 1 to 4,294,967,295.

ip nhrp nhs interface

ip nhrp nhs ip-address [network mask]
no ip nhrp nhs ip-address [network mask]
 

Configures

The NHS address

Default

None

Description

This command configures the ip-address of the next-hop server (NHS). Optionally, you can provide a network address and mask that specify the network that the NHS serves. To specify multiple networks for a single NHS, enter this command multiple times with different network and mask parameters.

When NHS servers are configured, they override the normal NHRP forwarding table.

ip nhrp record interface

ip nhrp record
no ip nhrp record
 

Configures

The use of forward and reverse record options in NHRP packets

Default

Enabled

Description

The no form of this command disables the forward and reverse record options in NHRP request and reply packets. These options provide loop detection.

ip nhrp responder interface

ip nhrp responder interface
no ip nhrp responder interface
 

Configures

The IP address to use as the source of NHRP reply packets

Default

The IP address of the interface that received the NHRP request

Description

This command specifies the interface whose IP address is used as the source for NHRP reply packets. Normally, the IP address of the interface that received the NHRP packet is used. This command is useful on next-hop servers because it allows a form of loop detection: the server can look for its own unique IP address.

ip nhrp server-only interface

ip nhrp server-only [non-caching]
no ip nhrp server-only
 

Configures

NHRP on an interface acting in server mode only

Default

Disabled

Description

This command enables NHRP on an interface in server mode only. In server mode, an interface does not originate NHRP requests. The optional non-caching keyword disables the cache of NHRP information.

ip nhrp trigger-svc interface

ip nhrp trigger-svc trigger-threshold teardown-threshold
no ip nhrp trigger-svc
 

Configures

The thresholds for building an SVC based on traffic rates

Default

Trigger threshold, 1 Kbps; teardown threshold, 0 Kbps

Description

This command sets the thresholds for traffic rates that define when an SVC is built or destroyed. The trigger-threshold is the average traffic rate at (or above) which NHRP will create an SVC for a destination. The teardown-threshold is the traffic rate at (or below) which NHRP will tear down an SVC. Both parameters are in Kbps; they are calculated during the load interval.

The load interval is the length of time over which the router calculates the interface's throughput for comparison with the trigger and teardown thresholds. It is always a multiple of 30 seconds and is set by the ip cef traffic-statistics command.

ip nhrp use interface

ip nhrp use count
no ip nhrp use
 

Configures

A usage count that defers NHRP requests for some number of packets

Default

1

Description

By default, when the router has a packet that is eligible for NHRP address resolution, the router sends the NHRP request immediately. This command allows you to defer the NHRP request until count packets have been sent to the destination. The packet count can be from 1 to 65,535.

The packet count is destination-based. If the count was set to 3 and the router received five packets, two for destination 1 and three for destination 2, the router would generate an NHRP request only for destination 2.

ip ospf authentication interface

ip ospf authentication [message-digest | null]
no ip ospf authentication
 

Configures

OSPF authentication

Default

No authentication

Description

This command enables OSPF authentication for an interface, to be used if the area authentication command is not enabled. If you enable this command with no options, specify the password with the ip ospf authentiation-key command. If you use the message-digest option, specify the password with the ip ospf message-digest-key command. The null option can be used to disable authentication for this interface if authentication of the entire area has already been configured.

ip ospf authentication-key interface

ip ospf authentication-key password
no ip ospf authentication-key
 

Configures

A password to authenticate OSPF neighbors

Default

None

Description

This command assigns a password for communicating with neighboring routers to this interface. All adjacent routers should be configured with the same authentication key. The password can be from 1 to 8 bytes in length.

ip ospf cost interface

ip ospf cost value
no ip ospf cost value
 

Configures

A default OSPF cost for packets sent out on this interface

Default

108 / bandwidth

Description

This command sets the cost of sending an OSPF packet on an interface to value. By default, Cisco routers use the bandwidth to determine the link's cost; high-speed links have a lower cost and are therefore more preferred. Other vendors may have alternative methods for cost calculation. This command can be used as needed to set the cost appropriately in a multivendor environment, or to change the preference of two links of the same type. By default, OSPF attempts load balancing across links of the same type; this command changes that behavior by modifying the cost associated with each link.

Example

In this example, there are two FDDI links. The second link has a higher cost, causing the router to prefer the first.

interface fddi0
 ip ospf cost 2
interface fddi1
 ip ospf cost 5
ip ospf dead-interval interface

ip ospf dead-interval seconds
no ip ospf dead-interval
 

Configures

The interval that can pass between hello packets

Default

four times the hello interval

Description

This command specifies the length of time in seconds that must pass before receiving a hello packet. If the time passes without a hello packet from a neighbor router, the router is marked down.

ip ospf demand-circuit interface

ip ospf demand-circuit
no ip ospf demand-circuit
 

Configures

Dial-on-demand behavior

Default

Disabled

Description

This command tells OSPF that this interface is a demand circuit (i.e., an interface configured for dial-on-demand routing). OSPF will suppress verbose traffic (such as periodic hello packets), thus preventing the circuit from being kept up all the time.

Example

This example configures an ISDN interface as a DDR link for OSPF:

interface bri0
 ip address 10.12.1.5 255.255.255.0
 encapsulation ppp
 ip ospf demand-circuit

ip ospf hello-interval interface

ip ospf hello-interval seconds
no ip ospf hello-interval
 

Configures

The interval between hello packets

Default

10 seconds

Description

This command sets the number of seconds between hello packets on a given interface. All nodes on a network must have the same hello interval. If you change the interval on one router, you must change it on all routers within the area.

ip ospf message-digest-key interface

ip ospf message-digest-key keyid md5 key
no ip ospf message-digest-key keyid md5 key
 

Configures

MD5 authentication

Default

Disabled

Description

This command enables MD5 password authentication for the interface. The keyid can be from 1 to 255; the key can be up to 16 bytes in length.

ip ospf name-lookup global

ip ospf name-lookup
no ip ospf name-lookup
 

Configures

DNS lookups for OSPF show commands

Default

Disabled

Description

This command enables DNS name lookups for all OSPF show commands. By default, show commands display IP addresses in numeric form.

ip ospf network interface

ip ospf network {broadcast | non-broadcast | point-to-multipoint |
point-to-point}
no ip ospf network
 

Configures

The type of OSPF network

Default

Depends on the interface type

Description

Given the interface's type, the OSPF process selects a default network type. This command allows the default network type to be changed.

 

broadcast

The interface is connected to a broadcast network.

 

non-broadcast

The interface is connected to a nonbroadcast network, i.e., a network with no effective way of dealing with broadcast packets. One example is a point-to-point network.

 

point-to-multipoint

The interface is connected to a point-to-multipoint network.

 

point-to-point

The interface is connected to a point-to-point network.

Example

By default, a serial interface is point-to-point. The following commands configure a serial subinterface as part of a broadcast network:

interface serial0.1
 ip ospf network broadcast
ip ospf priority interface

ip ospf priority priority
no ip ospf priority priority
 

Configures

OSPF priority

Default

1

Description

This command sets the priority for the router within the OSPF area to which the interface is connected. The priority determines which routers are selected as the area's DR and BDR, and can range from 0 to 255. Routers with a priority of 0 are excluded from the selection process; the router with the highest priority is selected.

Example

interface serial0
 ip ospf priority 10
ip ospf retransmit-interval interface

ip ospf retransmit-interval seconds
no ip ospf retransmit-interval seconds
 

Configures

The interval between LSAs

Default

5 seconds

Description

This command sets the interval (in seconds) at which link-state advertisements (LSAs) are sent to adjacent routers via the interface. The interval can range from 1 to 65,535 seconds.

Example

interface serial0
 ip ospf retransmit-interface 3

ip ospf transmit-delay interface

ip ospf transmit-delay seconds
no ip ospf transmit-delay seconds
 

Configures

Estimated time to send a link update on the interface

Default

1 second

Description

This command lets you estimate the number of seconds required to transmit a link-state advertisement through this interface. It's most useful on slow interfaces where it may take a significant amount of time to transmit the announcement. The estimate is used in computing the packet's age; its value can range from 1 to 65,535 seconds.

Example

interface serial0
 ip ospf transmit-delay 3
ip pim interface

ip pim {sparse-mode | dense-mode | sparse-dense-mode}
no ip pim
 

Configures

IP multicast routing on the interface

Default

Disabled

Description

This command enables PIM (Protocol-Independent Multicast) and IGMP on the interface.

 

sparse-mode

In this mode, the router forwards multicast packets only if it has received a join message from a downstream router or if it has group members directly connected to this interface.

 

dense-mode

In this mode, the router forwards multicast packets until it can determine whether there are group members or downstream routers. Unlike sparse-mode, it doesn't wait for a join message to begin sending multicast packets.

 

sparse-dense-mode

This mode allows the router to operate in both sparse-mode and dense-mode, depending on what the other routers in the multicast group are using.

ip pim accept-rp global

ip pim accept-rp {address | auto-rp} [access-list]
no ip pim accept-rp {address | auto-rp} [access-list]
 

Configures

Processing of multicast join and prune messages

Default

Disabled

Description

By default, all join and prune messages are processed. This command lets you tell the router to process join and prune messages destined for a specific Rendezvous Point (RP) or a specific list of groups.

 

address

The RP allowed to send messages to the multicast groups specified by the group access list.

 

auto-rp

Accepts only messages from RPs in the auto-rp cache.

 

access-list

Optional. An access list that defines the multicast groups for which we want to process join and accept messages.

ip pim message-interval global

ip pim message-interval seconds
no ip pim message-interval seconds
 

Configures

Interval for join/prune messages

Default

60 seconds

Description

In sparse-mode operation, this command allows you to control the interval in seconds for sending join and prune PIM messages. A router is pruned if it is not heard from in three times this interval. The interval's value can be from 1 to 65,535 seconds.

ip pim minimum-vc-rate interface

ip pim minimum-vc-rate packets-per-second
no ip pim minimum-vc-rate
 

Configures

Which VCs are eligible for idling

Default

0 (all VCs)

Description

This command sets the packet rate at which ATM virtual circuits (VCs) can be idled. A VC is idled if its traffic rate falls below packets-per-second, which can range from 0 to 4,294,967,295. This command applies only to ATM interfaces in PIM sparse mode.

ip pim multipoint-signalling interface

ip pim multipoint-signalling
no ip pim multipoint-signalling
 

Configures

PIM's ability to open ATM SVCs for multicast groups

Default

Disabled

Description

This command enables an ATM interface to open multipoint SVCs for each PIM multicast group that it joins.

ip pim nbma-mode interface

ip pim nbma-mode
no ip pim nbma-mode
 

Configures

NBMA mode

Default

Disabled

Description

This command sets the interface for nonbroadcast multi-access (NBMA) mode and is used on nonmulticast interfaces such as Frame Relay and ATM. Use this command only with ip pim sparse-mode.

ip pim neighbor-filter interface

ip pim neighbor-filter access-list
no ip pim neighbor-filter access-list
 

Configures

A method to filter (deny) PIM packets from other routers

Default

None

Description

This command allows you to specify a standard IP access-list to control which routers receive PIM packets. The standard access list denies PIM packets from the source, preventing the router from joining PIM.

ip pim query-interval interface

ip pim query-interval seconds
no ip pim query-interval
 

Configures

The frequency of PIM query messages

Default

30 seconds

Description

This command sets the query interval to seconds. The query message is used to determine which router on the subnet will be the designated router. The designated router sends IGMP messages to the rest of the routers on the LAN; it also sends messages to the rendezvous point when operating in sparse-mode. The query interval defaults to 30 seconds and can be set to a value between 1 and 65,535 seconds.

ip pim rp-address global

ip pim rp-address ip-address [group-access-list] [override]
no ip pim rp-address ip-address
 

Configures

Defines the RP for a group

Default

None

Description

This command specifies the Rendezvous Point (RP) for a particular multicast group.

 

ip-address

IP address of the PIM rendezvous point.

 

group-access-list

Optional. Defines the multicast groups for which this RP address should be used. If there is no access list, the RP address is used for all groups.

 

override

Optional. If the rendezvous point address defined by this command conflicts with the rp-cache, the override option causes this command to override the auto-rp cache.

ip pim rp-announce-filter global

ip pim rp-announce-filter rp-list access-list group-list access-list
no ip pim rp-announce-filter rp-list access-list group-list access-list
 

Configures

A filter for incoming RP announcements

Default

All announcements are accepted

Description

RP routers periodically send out auto-rp announcement messages. This command controls which of these messages are accepted.

 

rp-list access-list

A standard access list that defines the list of allowable RP addresses for the group list.

 

group-list access-list

A standard access list that defines the multicast groups that the RPs serve.

ip pim send-rp-announce global

ip pim send-rp-announce interface scope ttl group-list access-list
no ip pim send-rp-announce interface scope ttl group-list access-list
 

Configures

The auto-rp cache

Default

Disabled

Description

This command tells the router to use the auto-rp cache to define the multicast groups for which the router is willing to become the RP. You normally use this command in the router that you wish to become the RP.

 

interface

The interface that identifies the RP address.

 

scope ttl

Time-to-Live value for announcements. TTL is roughly equivalent to a hop count.

 

group-list access-list

An access list that defines the groups for which this router should be the RP.

ip pim send-rp-discovery global

ip pim send-rp-discovery scope ttl
no ip pim send-rp-discovery scope ttl
 

Configures

The router to be the RP mapping agent

Default

Disabled

Description

This command configures the router to be the RP mapping agent for the PIM domain. The time-to-live value (ttl) should be large enough to cover the entire domain.

ip pim vc-count interface

ip pim vc-count number
no ip pim vc-count
 

Configures

The number of VCs that PIM can open

Default

200 VCs per ATM interface or subinterface

Description

This command sets the maximum number of virtual circuits (VCs) that PIM can open. number must be between 1 and 65,535.

ip pim version interface

ip pim version {1 | 2}
no ip pim version
 

Configures

PIM version to use on an interface

Default

2

Description

This command sets the PIM version to use for an interface. The version can be 1 or 2.

ip policy-list policy map mode

ip policy-list name { permit | deny }
no ip policy-list name
 

Configures

A policy list for use in a route map

Default

None

Description

This command allows you to create a policy list for use in a BGP route map. The name is the name of the policy map. permit and deny establish what to do with traffic that matches the policy list conditions.

Example

ip policy-list out-policy permit
 match as-path 10
 match metric 12
ip policy route-map interface

ip policy route-map map
no ip policy route-map map
 

Configures

Policy routing

Default

None

Description

This command enables policy routing for an interface. In brief, policy routing means using criteria other than the shortest path (as computed by a routing protocol) for route selection. The map parameter is the name of a route map that specifies the routing policy. The map applies only to traffic arriving on the interface.

Example

The following configuration applies the route map map1 to packets arriving on the serial1 interface. This route map selects packets that match access list 101 and sends them to the router at 10.1.1.1 for further routing, regardless of other information in the routing table.

access-list 101 permit ip 10.1.5.0 0.0.0.255 any
!
interface serial 1
 ip policy route-map map1
!
route-map map1
 match ip address 101
 set ip next-hop 10.1.1.1

ip proxy-arp interface

ip proxy-arp
no ip proxy-arp
 

Configures

The proxy-arp feature for an interface

Default

Enabled

Description

ARP allows machines to find hardware addresses (MAC addresses) using the corresponding IP addresses. The router's proxy-arp feature helps the machines find each other across subnets. When a host sends an ARP packet requesting information about a host that can't receive the ARP broadcast, the router helps out by responding to the ARP packet on behalf of the requested host.

While proxy-arp is often useful, it can be a burden on the router in large networks. Disabling proxy-arp and relying on proper subnetting is a better solution than relying on proxy-arp to solve subnetting problems.

Example

The following commands disable proxy-arp on ethernet0. All hosts on this subnet must have the proper subnet mask because proxy-arp isn't there to help them.

interface ethernet0
 ip address 10.10.1.64 255.255.255.224
 no ip proxy-arp
ip radius source-interface global

ip radius source-interface interface
no ip radius source-interface interface
 

Configures

Radius

Default

Disabled

Description

This command configures the device to send all outgoing Radius packets using the IP address of the named interface.

ip rarp-server interface

ip rarp-server address
no ip rarp-server address
 

Configures

RARP

Default

Disabled

Description

This command enables a router's interface to act as a Reverse Address Resolution Protocol (RARP) server. The address parameter is the address to be used in responses to RARP queries.

ip rcmd rcp-enable global

ip rcmd rcp-enable
no ip rcmd rcp-enable
 

Configures

RCP to the router

Default

Disabled

Description

This command allows remote users to use the Remote Copy Protocol (RCP) to transfer files to and from the router, and RSH to access the router. For security reasons, RCP is disabled by default.

ip rcmd remote-host global

ip rcmd remote-host local-username {ip-address | hostname} remote-username
[enable [level]]
no ip rcmd remote-host local-username {ip-address | hostname} remote-username
[enable [level]]
 

Configures

Which users can access the router via RSH and RCP

Default

None

Description

This command defines a local and remote username pair that allows remote users to perform remote shell tasks (RSH and RCP).

 

local-username

A locally defined username or the router's hostname. The user must provide a local username to perform an operation via RSH or RCP.

 

ip-address or hostname

The remote host from which the router accepts remote shell commands.

 

remote-username

The username on the remote host from which the router accepts remote shell commands.

 

enable level

Optional. Provides the remote user the ability to execute privileged commands via the remote shell. level specifies a privilege level; the user may execute commands up to and including that level. For more information about privilege levels, see Chapter 4 and the privilege level command.

ip rcmd remote-username global

ip rcmd remote-username username
no ip rcmd remote-username username
 

Configures

The username to use when performing remote copy commands

Default

The username for the session or the router's hostname

Description

This command sets the username that the router uses when connecting to remote hosts to execute remote copy commands. By default, the router uses the username of the current session. If that username isn't valid, the router uses the router's hostname.

ip rcmd rsh-enable global

ip rcmd rsh-enable
no ip rcmd rsh-enable
 

Configures

Remote shell access by remote users

Default

Disabled

Description

This command enables remote shell access to the router via the rsh command. For security reasons, remote shell access is disabled by default.

ip redirects interface

ip redirects
no ip redirects
 

Configures

ICMP redirects for interfaces

Default

Enabled

Description

An ICMP redirect packet is generated by a router to inform a host of a better route to some specific destination. The recipient of an ICMP redirect overrides its route table with the information given in the redirect packet. This command configures the sending of ICMP redirects for an interface. The router never processes received ICMP redirects while IP routing is enabled.

Redirects are enabled by default on all interfaces unless Hot Standby Routing Protocol (HSRP) is configured.

Example

To avoid sending ICMP redirect packets out the ethernet0 interface:

interface ethernet 0
 no ip redirects
ip rip authentication interface

ip rip authentication key-chain name
no ip rip authentication key-chain name

ip rip authentication mode {md5 | text}
no ip rip authentication mode {md5 | text}
 

Configures

RIP route authentication

Default

Default mode is clear text

Description

This command specifies a key chain to be used for authentication of RIP routing updates. name is the name of the key chain to be used. Once the key chain is applied, the interface expects to authenticate any incoming RIPv2 routes. The key chain must be defined separately with the key command.

The mode version of this command specifies the authentication mode for an interface: either text (clear text) or md5.

Example

The following commands specify that RIP routes should be authenticated using MD5 encryption with the key chain defined in group1:

interface ethernet 1
 ip rip authentication key-chain group1
 ip rip authentication mode md5
!
key chain group1
 key 1
 key-string authme1
 key 2
 key-string authme2
ip rip receive version interface

ip rip receive version {1 | 2 | 1 2}
no ip rip receive version
 

Configures

Version of RIP to receive on an interface

Default

The version in the router configuration

Description

This command tells an interface which RIP version to listen for. This version can be 1, 2, or both (1 2). By default, the router listens for the version specified by the version command in the router configuration.

Example

This configuration accepts only Version 2 packets on ethernet0:

interface ethernet0
 ip rip receive version 2

ip rip send version interface

ip rip send version {1 | 2 | 1 2}
no ip rip send version
 

Configures

The version of RIP to send

Default

The version in the router configuration, or 1 if no version specified

Description

This command tells an interface which RIP version to use when sending RIP packets. This version can be 1, 2, or both (1 2). By default, the router uses the version specified by the version command in the router configuration.

Example

This configuration sends only Version 2 packets on ethernet0:

interface ethernet0
 ip rip send version 2
ip rip triggered interface

ip rip triggered
no ip rip triggered
 

Configures

RIP routing

Default

Disabled

Description

This command enables triggered extensions to RIP, which causes routing updates to be sent on a WAN link only if one of the following conditions is met:

  • A specific request for a routing update is received by the router.
  • Routing information from another interface modifies the routing database.
  • The interface comes up or down.
  • The router first powers on or resets.
ip rip v2-broadcast interface

ip rip v2-broadcast
no ip v2-broadcast
 

Configures

RIP routing

Default

Disabled

Description

This command enables RIPv2 update packets to be sent as broadcast packets (255.255.255.255). Normally, RIPv2 update packets are multicast (244.0.0.9).

ip route global

ip route network mask {next-hop-address|interface} [distance] [permanent]
[track number] [tag tag]
no ip route network mask {next-hop-address|interface} [distance] [permanent]
[track number] [tag tag]
 

Configures

A static route for a network

Default

None

Description

This command defines a static route to the destination network specified by its network address and mask. next-hop-address is the IP address of the router to which traffic for this destination network should be sent. Instead of the next-hop-address, you can specify the interface that can be used to reach the network. distance is an optional administrative distance that allows you change the way the static route behaves. If the distance is high enough, it can be overwritten by dynamic protocols. See Chapter 8 for more information about administrative distances. The permanent keyword tells the router to keep the route in the route table even if the interface goes down. The router normally removes static routes that are invalid because the interface is down.

The track keyword is optional. It associates a track object with this route. Valid values for the track number are 1 to 500.

The tag keyword applies a value that can be used to match the route in route maps, which is useful for controlling redistribution.

Example

The following commands create two static routes. The first route sends traffic for the 192.168.1.0/24 network to 10.1.1.1; the second route sends traffic for the 192.168.2.0/24 network to 10.2.2.2.

ip route 192.168.1.0 255.255.255.0 10.1.1.1
ip route 192.168.2.0 255.255.255.0 10.2.2.2
 

Here is another example of using an interface instead of a next-hop-address:

ip route 192.168.3.0 255.255.255.0 serial0

ip route-cache interface

ip route-cache [cbus] [flow] [same-interface] [cef] [distributed]
no ip route-cache
 

Configures

The route cache for an interface

Default

Enabled for most interfaces

Description

A route cache stores a route in a temporary table for the duration of a network session. When the session is completed or the session times out, the routing entry is removed from the route cache. The no form of this command disables the route cache, which causes the router to look up the route for each packet of the network session. In some applications, this can be the desired behavior; see Chapter 8.

 

cbus

Optional. Enables fast switching and autonomous switching.

 

flow

Optional. Enables the Route Switch Processor to perform flow switching.

 

same-interface

Optional. Enables fast switching packets back out the interface on which they arrived.

 

cef

Optional. Enables Cisco Express Forwarding on an interface after it has been disabled globally.

 

distributed

Optional. Enables VIP distributed switching.

Example

The route cache can be disabled with the no form of this command.

interface serial 0
 no ip route-cache
ip route-cache policy interface

ip route-cache policy
no ip route-cache policy
 

Configures

Fast-switch Policy Based Routing (PBR)

Default

Disabled

Description

This command enables fast-switch policy-based routing (PBR). If Cisco Express Forwarding (CEF) is enabled, this command is not required because PBR packets are CEF-switched by default. Also, before you can enable this, PBR must be configured. To enable PBR, use the ip policy route-map command.

ip route priority high router

ip route priority high tag-value
no ip route priority high tag-value
 

Configures

IS-IS routing

Default

None

Description

This command assigns a high priority to an IS-IS prefix, which means routes with the specified tag are marked for faster processing and installation into the global routing table. This provides faster convergence for applications like Voice over IP. The tag is the same as that specified in the isis tag command.

Example

interface serial1
 ip router isis
 isis tag 101
!
router isis
 ip route priority high tag 101

ip route profile global

ip route profile
no ip route profile
 

Configures

IP routing table statistics

Default

Disabled

Description

This command enables IP routing table statistics collection, which helps you to monitor route flapping. To view the collected data, use the show ip route profile command.

ip router isis interface

ip router isis [tag]
no ip router isis [tag]
 

Configures

An interface for IS-IS routing

Default

Disabled

Description

This command identifies an interface to be used for IS-IS routing. The optional tag allows you to identify the IS-IS routing process if the process has a tag.

Example

interface ethernet 0
 ip router isis

ip routing global

ip routing
no ip routing
 

Configures

IP routing

Default

Enabled

Description

This command enables or disables routing.

ip rtp compression-connections interface

ip rtp compression-connections number
no ip rtp compression-connections number
 

Configures

Real-time Transport Protocol (RTP)

Default

32 connections

Description

This command configures the number of RTP compression connections that can exist on an interface, from 3 to 1,000.

ip rtp header-compression interface

ip rtp header-compression [passive]
no ip rtp header-compression [passive]
 

Configures

Real-time Transport Protocol (RTP)

Default

Disabled

Description

This command enables RTP header-compression on the interface. If you use this command without the passive option, all RTP traffic is compressed.

ip rtp priority interface

ip rtp priority starting-rtp-port port-number-range bandwidth
no ip rtp priority
 

Configures

Real-time Transport Protocol (RTP)

Default

Disabled

Description

This command reserves a strict priority queue for a set of RTP packet flows belonging to a range of UDP destination ports. This command is most useful for VoIP traffic.

 

starting-rtp-port

This option is the starting RTP port for our defined range and can be from 2,000 to 65,535.

 

port-number-range

This value is added to the starting-rtp-port value to get the ending port for the range. This value can be from 0 to 16,383.

 

bandwidth

This option is the maximum allowed bandwidth in Kbps, which can be from 0 to 2,000.

ip scp server enable global

ip scp server enable
no ip scp server enable
 

Configures

SCP server-side functionality

Default

Disabled

Description

This command enables a router to support SCP functionality, which allows a user to use SCP to copy a file (image or configuration) to or from the router.

ip source-route global

ip source-route
no ip source-route
 

Configures

Routing of source-routed packets

Default

Enabled

Description

This command allows the router to route packets that contain source-routing options. (Source routing is an IP option that allows the packet to specify the route it should take to its destination.) Source routing is a potential security problem, so it is best to disable this feature unless required.

Example

To disable IP source routing:

no ip source-route

ip split-horizon interface

ip split-horizon [as-number]
no ip split-horizon [as-number]
 

Configures

Split horizon for the interface

Default

Varies with the interface type; usually enabled

Description

When split horizon is enabled, any route learned from an interface is not advertised back out the same interface. This rule is intended to stop routing loops with distance-vector protocols. To enable split-horizon for EIGRP, specify the EIGRP as-number.

With most interfaces, split horizon is enabled. However, with multipoint interfacessuch as a multipoint Frame Relay interfacesplit horizon is disabled. See Chapter 8 for more information on split horizon.

ip ssh global

ip ssh { [timeout seconds] | [authentication-retries value] }
no ip ssh { [timeout seconds] | [authentication-retries value] }
 

Configures

SSH values

Default

120 seconds timeout, 3 authentication retries

Description

When SSH is enabled on your router, this command allows you to modify the SSH control parameters. The timeout is the interval that the router waits for the SSH client to respond. The maximum timeout is 120 seconds. authentication-retries is the number of attempts that can be made from the SSH client before it is denied access. The maximum is 5 retries.

ip subnet-zero global

ip subnet-zero
no ip subnet-zero
 

Configures

The zero subnet

Default

Enabled in recent versions of IOS (12.X)

Description

When subnetting a network, the 0 subnet (the subnet whose subnet bits are all 0) is normally not allowed because of potential confusion between the subnet address and the network address. In practice, this confusion is rarely an issue. This command allows the router to use the all-zeros subnet.

Example

The following command enables the zero subnet:

ip subnet-zero

ip summary-address eigrp interface

ip summary-address eigrp as-number network-address subnet-mask [admin-
distance]
no ip summary-address eigrp as-number network-address subnet-mask [admin-distance]
 

Configures

A summary aggregate address for an interface.

Default

None

Description

This command configures a summary address for the interface with the supplied network address and subnet mask. Normally, summary addresses are given the administrative distance of 5. However, you can modify this setting with the optional admin-distance value, which can be from 0 to 255.

Example

interface ethernet1
 ip summary-address eigrp 101 192.168.0.0 255.255.0.0 100

ip summary-address rip interface

ip summary-address rip
no ip summary-address rip
 

Configures

A summary aggregate address for the interface

Default

None

Description

This command configures a RIP summary aggregate address for the interface.

Example

interface ethernet1
 ip address 192.168.1.1 255.255.255.0
 ip summary-address rip 192.168.0.0 255.255.0.0

ip tcp chunk-size global

ip tcp chunk-size size
no ip tcp chunk-size
 

Configures

The number of bytes that a telnet or rlogin session can read at once

Default

0 (the largest size possible)

Description

This command sets the maximum number of bytes (size) that a telnet or rlogin session can read at the same time. A value of 0 means the largest size possible for that connection.

ip tcp compression-connections interface

ip tcp compression-connections number
no ip tcp compress-connections number
 

Configures

The maximum number of TCP connections that can use header compression

Default

16

Description

This command sets the number of connections through an interface that can use TCP header compression. The number of connections can be from 3 to 256. A buffer is allocated for each connection that can be compressed. Both sides of a serial link must have the same number of buffers defined.

ip tcp header-compression interface

ip tcp header-compression [passive]
no ip tcp header-compression [passive]
 

Configures

TCP header compression for an interface

Default

Disabled

Description

This command enables TCP header compression on the interface. The passive keyword tells the interface to compress headers only when the incoming packets are compressed.

Example

interface serial 0
 ip tcp header-compression passive
ip tcp mtu-path-discovery interface

ip tcp mtu-path-discovery [age-timer minutes] [infinite]
no ip tcp mtu-path discovery
 

Configures

Path MTU discovery

Default

Disabled for most interfaces; special interfaces use 10 minutes

Description

This command enables or disables path MTU discovery on new TCP connections.

 

age-timer minutes

Optional. minutes specifies the interval after which the router recalculates the MTU; its value must be between 1 and 30.

 

infinite

Disables the age timer.

ip tcp queuemax global

ip tcp queuemax packets
no ip tcp queuemax packets
 

Configures

The queue for outgoing TCP packets

Default

5 for TTY (async and console) interfaces; 20 for others

Description

This command sets the size of the outgoing TCP queue to packets. The queue is maintained per-connection; i.e., every connection has its own queue.

Example

interface serial 0
 ip tcp queuemax 15
ip tcp synwait-time global

ip tcp synwait-time seconds
no ip tcp synwait-time seconds
 

Configures

The time the router waits for a TCP connection to open

Default

30 seconds

Description

This command sets the number of seconds that the router waits for a TCP connection to open, before it times out. The value must be between 3 to 300. A longer synwait-time can be useful for dial-on-demand connections where you have to wait for the line to be dialed before a connection can open. This setting applies only to traffic originating within the router, not traffic coming through the router.

Example

If you are telneting from the router to a remote site through a DDR connection, you might want to increase the synwait-time to more reasonable level so that telnet does not time out:

ip tcp synwait-time 100

ip tcp window-size global

ip tcp window-size bytes
no ip tcp window-size bytes
 

Configures

The window size of a TCP connection

Default

2,144 bytes

Description

This command sets the size of the TCP window to bytes. Changing the size of the TCP window modifies the size and number of packets that can fit within that window. With the default window of 2,144 bytes, you could buffer two 1,000-byte packets, or 21 100-byte packets. Regardless of the window's size, the number of packets within the window is restricted to the values set by the ip tcp queuemax command; they default to 5 for TTY interfaces (async and console interfaces) and 20 for other interfaces. The maximum size of the window is 65,536 bytes.

Example

ip tcp window-size 4000
ip telnet source-interface global

ip telnet source-interface interface
no ip telnet source-interface
 

Configures

The source address for telnet connections

Default

None

Description

This command sets the address used as the source address for outgoing telnet connections to the address of the given interface.

ip tftp source-interface global

ip tftp source-interface interface
no ip tftp source-interface
 

Configures

The source IP address for TFTP traffic

Default

The IP address of the interface closest to the destination

Description

This command sets the interface from which the router takes the source IP address for all TFTP traffic.

ip unnumbered interface

ip unnumbered interface
no ip unnumbered interface
 

Configures

Interface IP address

Default

None

Description

Normally, creating point-to-point links requires dedicating a subnet specifically for the link. This works well if all your equipment supports variable-length subnet masks (VLSM), but can be very wasteful if your equipment doesn't support VLSM. This forces you to assign relatively large subnets to your point-to-point links.

The ip unnumbered command tells the router to use the IP address of the selected interface as the address for this link. In other words, the router "borrows" the IP address of the named interface and uses that as the link's address.

Example

Assume that older equipment in our network forces us to use a subnet mask of 255.255.255.0. This means that assigning a subnet to a point-to-point link would use 254 addresses, of which only two are actually doing something. Instead of wasting 252 addresses, we can use the ip unnumbered command to borrow the address of another interface for use on the serial link:

interface serial0
 ip unnumbered ethernet0
 encapsulation ppp
 clockrate 1300000
 

Borrowing the address of the loopback interface for an unnumbered interface is often a good idea because the loopback interface is always up. The following configuration uses the loopback interface to provide the IP address for interface async2:

interface loopback 0
 ip address 10.10.1.4 255.255.255.0
interface async2
 ip unnumbered loopback0

ip unreachables interface

ip unreachables
no ip unreachables
 

Configures

Sending of ICMP unreachable messages for an interface

Default

Enabled

Description

ICMP unreachable messages are generated when something about an incoming packet is unknown to the router. For example, an "ICMP host unreachable" message is generated if the router cannot deliver a package to its final destination. There are many different types of ICMP unreachable messages, and they all mean that the packet can't be delivered for some reason. Disabling these messages can improve security because the messages can be used to discover information about your network.

Example

The following commands prevent the router from sending IP unreachable messages through the serial0 interface:

interface serial0
 no ip unreachables
isdn answer1, isdn answer2 interface

isdn answer1 [called-party-number][:sub-address]
no isdn answer1 [called-party-number][:sub-address]

isdn answer2 [called-party-number][:sub-address]
no isdn answer2 [called-party-number][:sub-address]
 

Configures

Verification of the called party

Default

None

Description

This command configures the interface to verify that the telephone number being called (which is reported by the ISDN switch as part of call setup) matches the telephone number of the router. By default, calls are processed without verification. If this command is configured, the router verifies the incoming called-party-number before allowing the connection. Using this command can reduce the potential for confusion when several ISDN devices share the same ISDN local loop. Use isdn answer2 to verify a second called-party number.

To list a called-party-number or a sub-address, use any number of digits up to 50; an x specifies a wildcard. You must specify either the called-party-number or the sub-address, but you are not required to specify both. If you specify only one, the other is taken as a wildcard.

isdn autodetect interface

isdn autodetect
no isdn autodetect
 

Configures

Automatic detection of ISDN SPIDs and switch types

Default

Disabled

Description

This command enables the automatic detection of ISDN SPIDs and switch types on an interface. It works in North America only.

isdn bchan-number-order interface

isdn bchan-number-order {ascending | descending}
no isdn bchan-number-order
 

Configures

ISDN PRI

Default

descending

Description

This command sets the order (ascending or descending) of outgoing B channels. It is for PRI configurations only.

isdn busy interface

isdn busy dsl number b_channel number
no isdn busy dsl number b_channel number
 

Configures

A false busy signal on an ISDN B channel

Default

Disabled

Description

This command sets a false busy signal on an ISDN B channel; that is, the ISDN interface reports to the switch that the channel is busy even if it isn't.

 

dsl number

The digital subscriber loop (DSL) number.

 

b_channel number

The range of B channels to be set to a busy signal. number can range from 0 to 24 on a PRI interface (it isn't clear whether this command applies to BRI interfaces); 0 indicates the entire interface.

isdn caller interface

isdn caller phone-number [callback]
no isdn caller phone-number [callback]
 

Configures

ISDN caller ID screening

Default

Disabled

Description

If your ISDN switch supports caller ID, this command lets you specify a phone-number from which incoming connections are allowed. If the inbound call does not originate from this number, it will be rejected. You may use the letter x in the phone number as a wildcard character; for example, 458-xxxx means "any number in the 458 exchange." The callback keyword causes the router to reject the call and initiate a callback to the caller's number; this feature may help you manage phone costs.

isdn call interface command

isdn call interface interface telephone-number [speed {56 | 64}]
 

Description

This command initiates an ISDN call from the IOS command line in privileged EXEC mode. To make the call, supply the interface to use, the telephone-number to call, and optionally the line speed (56 or 64 Kbps). The line speed defaults to 64 Kbps.

Example

Router# isdn call interface bri0 4105551212
isdn calling-number interface

isdn calling-number phone-number
no isdn calling-number phone-number
 

Configures

The phone number of the device making the outgoing call

Default

None

Description

This command sets the phone-number of the ISDN device making an outgoing call. The router presents this number to the switch when placing a call.

isdn conference-code interface

isdn conference-code code
no isdn conference-code
 

Configures

Three-way calling

Default

60

Description

This command configures a conference code. Conference codes can be used if you have ordered three-way calling as part of your service.

isdn disconnect interface command

isdn disconnect interface interface channel
 

Configures

Disconnects an ISDN call

Default

None

Description

This command disconnects an ISDN call on the given interface without bringing down the interface. The channel may be b1 for the first B channel, b2 for the second, or all for both B channels.

isdn fast-rollover-delay interface

isdn fast-rollover-delay seconds
no isdn fast-rollover-delay seconds
 

Configures

Time delay between consecutive dial attempts

Default

Disabled (0 seconds)

Description

If more than one dialer map is provided for an ISDN interface, this command provides the time to wait (in seconds) after the first map fails before placing a call using the second map.

isdn incoming-voice interface

isdn incoming-voice {56 | 64}
no isdn incoming-voice {56 | 64}
 

Configures

Accepts calls on the voice lines

Default

Disabled

Description

By default, incoming voice calls on data lines are not answered. This command allows you to use voice lines to transfer data by configuring the router to answer voice calls, which can result in significant savings in some areas. The call speed can be either 56 or 64; if no speed is specified, the speed is set to the incoming call's speed.

isdn leased-line bri 128 global

isdn leased-line bri number 128
no isdn leased-line bri number 128
 

Configures

ISDN interface for leased-line service at 128 Kbps

Default

Disabled

Description

This command configures ISDN access over a leased line. There are no phone numbers; both of the line's B channels are combined to provide a single line with a capacity of 128 Kbps. number is the number of the BRI interface.

isdn not-end-to-end interface

isdn not-end-to-end {56 | 64}
no isdn not-end-to-end {56 | 64}
 

Configures

Overrides the speed the network reported it will use

Default

64 Kbps

Description

This command forces the speed of an incoming connection. Sometimes, when ISDN ports don't belong to the same network, incorrect speed selection by the router causes the ISDN connection to fail. This command lets you set the speed manually for incoming connections. Valid speeds are 56 and 64 Kbps.

isdn nsf-service interface

isdn nsf-service {megacom | sdn}
no isdn nsf-service
 

Configures

Network-specific facilities (NSF)

Default

Disabled

Description

This command enables NSF on an ISDN PRI for outgoing voice calls. megacom is for AT&T Megacom NSF, and sdn is for AT&T SDN NSF.

isdn outgoing-voice interface

isdn outgoing-voice {info-transfer-capability {3.1kHz-audio | speech}}
no isdn outgoing-voice
 

Configures

Information transfer capability set for outgoing voice calls

Default

None

Description

This command sets the information transfer capability for outgoing voice calls through an interface. It isn't clear what the optional keywords mean; presumably they request different kinds of signal processing adapted for general audio or speech.

isdn overlap-receiving interface

isdn overlap-receiving
no isdn overlap-receiving
 

Configures

ISDN overlap receiving

Default

Disabled

Description

This command enables ISDN overlap receiving for an interface. In this mode, the interface waits for additional information from the switch before establishing the call. This command can be useful when carrying voice traffic through the router.

isdn send-alerting interface

isdn send-alerting
no isdn send-alerting
 

Configures

Sending an Alerting message

Default

Disabled

Description

This command enables the sending of an Alerting message before a Connect message when making ISDN calls. Some types of switches want to receive an Alerting message before a Connect message.

isdn sending-complete interface

isdn sending-complete
no isdn sending-complete
 

Configures

The sending of a Sending Complete element in the Setup message

Default

Disabled

Description

This command configures the router to include the Sending Complete element in the Setup message. Some switches require this message, which tells the switch that it has all the information for the call in the Setup message.

isdn service interface

isdn service dsl number b_channel number state value
no isdn service dsl number b_channel number state value
 

Configures

A B channel range to a specified state

Default

Disabled

Description

This command sets a range of B channels or an entire PRI interface to "in service," "maintenance," or "out of service."

 

dsl number

The digital subscriber loop number.

 

b_channel number

The B channel or range of B channels to which the command applies. number can range from 0-24, where 0 means the entire PRI interface. A range of consecutive channels is indicated by n-m, where n and m can range from 1-24.

 

state value

The state to which you wish to set the channels. The state is indicated by a number between 0 and 2; 0 is for "in service," 1 is for "maintenance," and 2 is for "out of service."

isdn spid1 (spid2) interface

isdn {spid1 | spid2} spid [local-directory-number]
no isdn {spid1 | spid2} spid [local-directory-number]
 

Configures

ISDN SPIDs

Default

None

Description

This command provides the service profile identifier (SPID) for the B1 channel (spid1) or the B2 channel (spid2). You can also use this command to specify the local-directory-number (optional). Your ISDN carrier (i.e., your phone company) provides the SPIDs and the local directory number. Some carriers and switch types do not require SPIDs (for example, if they are not used in Europe).

isdn switch-type global

isdn switch-type type
no isdn switch-type type
 

Configures

ISDN switch type

Default

None

Description

There are many different types of ISDN switches in use. The router must be configured with the appropriate switch type in order to interact with the telephone network. While there are exceptions, your geographic location is the best clue to the type of switch in use. Table 17-13 lists common switch types.

Table 17-13. Common ISDN switch types

IOS type

Switch

basic-5ess

AT&T switches (North America)

basic-dms100

Northern Telecom (North America)

basic-ni1

National ISDN-1 (North America)

basic-ts013

Australian

basic-ltr6

German

basic-nwnet3

Net3 switches (Norway)

basic-net3

Net3 switches (Europe/Taiwan)

basic-nznet3

Net3 switches (New Zealand)

vn2

VN2 (French)

vn3

VN3 (French)

ntt

NTT (Japan)

isdn tei global

isdn tei [first-call | powerup]
no isdn tei
 

Configures

ISDN endpoint negotiation

Default

powerup

Description

TEI stands for Terminal Endpoint Identifier. This command enables TEI negotiation on the ISDN interface. TEI negotiation occurs at powerup or when it places its first call (first-call).

isdn tei-negotiation global, interface

isdn tei-negotiation {first-call | powerup}
no isdn tei-negotiation
 

Configures

When TEI negotiation occurs

Default

powerup

Description

This command sets when TEI negotiation occurs. By default, negotiation takes place when the router is first turned on (powerup). The first-call option states that negotiation should occur when the first ISDN call is placed or received.

isdn transfer-code interface

isdn transfer-code code
no isdn transfer-code
 

Configures

Call transferring

Default

61

Description

This command enables call transferring. This feature is available only if your service provider supports it. code is supplied by your service provider.

isdn twait-disable interface

isdn twait-disable
no isdn twait-disable
 

Configures

Time to wait on startup

Default

Enabled

Description

After a power failure, ISDN interfaces wait a random period of time (1 to 300 seconds) before starting up. This command prevents the interfaces from coming back online at the same time when power is restored and the ISDN devices are restarting. This feature can be disabled with the no form of this command.

isdn voice-priority interface

isdn voice-priority ISDN-directory-number {in | out} {always | conditional |
off}
no isdn voice-priority ISDN-directory-number
 

Configures

The priority of data and voice calls

Default

A data call is never bumped

Description

This command allows you to set the priority of a data call relative to a voice call. ISDN-directory-number is the directory number assigned by your telephone company. in and out specify whether the command applies to incoming or outgoing voice calls. always means always bump a data call for a voice call. conditional means bump a data call if there is more than one call to the same destination. off means never bump a data call for a voice call.

isis advertise-prefix interface

isis advertise-prefix
no isis advertise-prefix
 

Configures

Advertising of IP prefixes for IS-IS routing

Default

Enabled

Description

By default, IP prefixes of connected networks are advertised in LSP advertisements for IS-IS interfaces. To disable the advertisement of connected networks, use the no form of this command.

isis authentication key-chain interface

isis authentication key-chain name [level-1 | level-2]
no isis authentication key-chain name [level-1 | level-2]
 

Configures

Authentication for IS-IS routing

Default

None

Description

This command enables authentication for IS-IS routing on an interface. The name of the key-chain specifies the group of valid keys. The optional keywords level-1 and level-2 specify that packets from level-1 or level-2 routers must be authenticated.

isis authentication mode interface

isis authentication mode {md5 | text} [level-1 | level-2 ]
no isis authentication mode {md5 | text} [level-1 | level-2]
 

Configures

Authentication for IS-IS routing

Default

Disabled

Description

This command configures the type of authentication for IS-IS routing on a interface. The type can be md5 (Message Digest 5) or text (clear text). The optional keywords level-1 and level-2 specify that packets from level-1 or level-2 routers must be authenticated.

isis authentication send-only interface

isis authentication send-only [level-1 | level-2]
no isis authentication send-only [level-1 | level-2]
 

Configures

Authentication for IS-IS routing

Default

Disabled

Description

This command tells the interface that only outgoing IS-IS packets are authenticated. Normally, when authentication is configured for IS-IS, both incoming and outgoing packets are authenticated. The keywords level-1 and level-2 specify that only packets sent from level-1 or level-2 routers must be authenticated.

isis circuit-type interface

isis circuit-type {level-1 | level-1-2 | level-2-only}
no isis circuit-type
 

Configures

Type of IS-IS routing on an interface

Default

level-1-2

Description

This command sets the type of IS-IS routing used on an interface. It is rarely used except for border routers (routers that lie between areas).

isis csnp-interval interface

isis csnp-interval seconds [{level-1 | level-2}]
no isis csnp-interval
 

Configures

CSNP interval

Default

10 seconds

Description

This command sets the interval (in seconds) for CSNP packets on border routers. CSNP packets are broadcast at the specified interval to ensure that the routing database is synchronized. This command can be used only in multiaccess interfaces. The level-1 and level-2 keywords are optional; they specify that the interval applies only to the given level of router.

isis hello-interval interface

isis hello-interval seconds [{level-1 | level-2}]
no isis hello-interval
 

Configures

IS-IS hello interval for an interface

Default

10 seconds

Description

This command sets the hello interval for IS-IS routing to seconds. By default, the hello interval is the advertised holdtime multiplied by the hello multiplier, which has a default of 3. The optional level-1 and level-2 keywords allow you to apply this command to an individual level; otherwise the interval is applied to both levels.

isis hello-multiplier interface

isis hello-multiplier value [{level-1 |level-2}]
no isis hello-multiplier
 

Configures

The holdtime value multiplier

Default

3

Description

For IS-IS , the holdtime is calculated by taking the hello interval and multiplying it by the hello multiplier. This command sets the hello multiplier to value. By changing the hello multiplier, you effectively change the holdtime. The optional level-1 and level-2 keywords allow you to apply this command to an individual level; otherwise the interval is applied to both levels.

Example

The following commands configure IS-IS routing for the interface ethernet 1. The hello interval is set to 5 seconds (for level 1) and the multiplier is set to 5, yielding a holdtime of 25 seconds.

interface ethernet 1
 ip router isis
 isis hello-interval 5 level-1
 isis hello-multiplier 5 level-1

isis lsp-interval interface

isis lsp-interval milliseconds
no isis lsp-interval
 

Configures

Time delay between LSPs for IS-IS routing

Default

33 milliseconds

Description

This command sets the number of milliseconds between IS-IS link state packets (LSPs). If a router has many IS-IS interfaces, it might have trouble sending all the LSPs. This command lets you increase the time between the packets, which should reduce the load on the router's CPU.

isis metric interface

isis metric value [{level-1 | level-2}]
no isis metric
 

Configures

The default IS-IS metric for the interface

Default

10

Description

This command sets the default metric for the interface to value. By using the keywords level-1 or level-2, you can specify a metric for a specific routing level. If no level is specified, level-1 is used.

isis password interface

isis password password [{level-1 | level-2}]
no isis password
 

Configures

The authentication password for IS-IS routing

Default

None

Description

This command sets the authentication password for IS-IS routing for the interface. All IS-IS communication to other routers through this interface must be authenticated with this password. However, like other password settings for IS-IS, this password is sent out in clear-text, providing little security. The level-1 and level-2 keywords are optional; they allow separate passwords to be applied to each level. If no level is specified, level-1 is used.

isis priority interface

isis priority priority [{level-1 | level-2}]
no isis priority
 

Configures

A priority value for the interface for IS-IS routing

Default

64

Description

This command allows you to set the router's priority in an IS-IS network. The priority is used to determine which routers become the designated router (DR) and the backup designated router (BDR). The priority can range from 0 to 127; 127 is the highest. The optional keywords level-1 and level-2 allow you to set a different priority for each level; otherwise the priority value applies to both levels.

isis retransmit-interval interface

isis retransmit-interval seconds
no isis retransmit-interval
 

Configures

The time between link state packet (LSP) retransmissions

Default

5 seconds

Description

This command sets the time (in seconds) between LSP retransmissions. It should be used only on point-to-point links.

isis retransmit-throttle-interval interface

isis retransmit-throttle-interval milliseconds
no isis retransmit-throttle-interval
 

Configures

Time between retransmissions of LSPs

Default

Calculated from the isis lsp-interval command

Description

This command sets the interval in milliseconds between retransmissions of IS-IS LSPs.

is-type router

is-type {level-1 | level-1-2 | level-2-only}
no is-type {level-1 | level-1-2 | level-2-only}
 

Configures

The level at which the IS-IS routing protocol will operate

Default

level-1-2

Description

This command sets the level at which the IS-IS routing protocol operates, which also defines the type of IS-IS router it is (station or area). By default, the router operates at both levels, which means it is both a station router and an area router.

 

level-1

The router performs only as a station router.

 

level-1-2

The router performs as both a station and an area router.

 

level-2-only

The router performs only as an area router.

Example

router isis
 is-type level-2-only
keepalive interface

keepalive seconds
no keepalive
 

Configures

The keepalive interval

Default

10 seconds

Description

The keepalive command specifies the interval (in seconds) that the router waits before sending a message on the interface to test the link and determine whether it is up or down. On Ethernet interfaces, the router sends the message to itself. On serial interfaces, the message is sent to the router on the other end of the link.

Keepalive settings can be very sensitive. If the keepalive interval is too low, the keepalive packets might be delayed by other traffic. If the interval is set too high, the router will take longer to update the interface's status, which slows route convergence.

On Frame Relay interfaces, the keepalive value should match (or be less than) the LMI interval configured on the carrier's switch.

Example

interface ethernet 1
 keepalive 5

key key chain configuration mode

key number
no key number
 

Configures

An identification number of a key on a key chain

Default

None

Description

This command applies an identification number to an authentication key on a key chain. ID numbers can range from 0 to 2,147,483,647. See the key chain command for more information.

key chain global

key chain name
no key chain name
 

Configures

Enters the key chain configuration mode

Default

None

Description

This command enters the key chain configuration mode, which allows you to create authentication keys for routing protocols and other uses. Each key chain must have at least one key defined with the key command. A key chain may have as many as 2,147,483,647 keys.

Example

! Create a key chain called "ExampleKeyChain" with two keys
key chain ExampleKeyChain
 key 1
 key-string MyKey1
 key 2
 key-string MyKey2

key config-key global

key config-key 1 string
 

Configures

A private DES key for the router

Default

None

Description

This command defines a private DES key for the router. This key can be used to encrypt various parts of the router's configuration with DES. The key itself does not appear in the configuration. If you lose the key, it can't be recovered. The string can be from one to eight alphanumeric characters long.

key-string key chain configuration mode

key-string string
no key-string string
 

Configures

An authentication string for a key

Default

None

Description

This command sets the actual authentication string for a key. string can be from 1 to 80 alphanumeric characters in length; the first character cannot be a number. See the key chain command for more information.

lane auto-config-atm-address interface

lane [config] auto-config-atm-address
no lane [config] auto-config-atm-address
 

Configures

Automatic configuration of the configuration server's ATM address

Default

No ATM address

Description

This command specifies that the configuration server address and the client's address should be automatically computed. When the optional config keyword is used, the command applies only to the LANE Configuration Server (LECS).

lane bus-atm-address interface

lane-bus-atm-address atm-address
no lane-bus-atm-address
 

Configures

The ATM address of the BUS

Default

Automatic ATM address assignment

Description

This command specifies the ATM address of the broadcast and unknown server (BUS). The atm-address can be a complete ATM address or an ATM template. A template may use * as a wildcard to represent any single character, or ... to represent any group of consecutive characters.

lane client interface

lane client {ethernet | tokenring} [elan-name]
no lane client {ethernet | tokenring}
 

Configures

Activates a LANE client

Default

None

Description

This command activates a LANE client for the interface. The ethernet and tokenring keywords specify the type of Emulated LAN (ELAN) that the interface is connected to. elan-name is optional; it defines which ELAN the client belongs to. If you do not include an elan-name, the client contacts the LAN emulation configuration server to find out which ELAN to join.

lane client-atm-address interface

lane client-atm-address atm-address
no lane client-atm-address atm-address
 

Configures

The ATM address for the LANE client on the interface

Default

Automatic ATM address

Description

This command specifies the ATM address for the LANE client on the interface. The atm-address can be a complete ATM address or an ATM address template.

lane config-atm-address interface

lane [config] config-atm-address atm-address
no lane [config] config-atm-address atm-address
 

Configures

The ATM address for the configuration server

Default

None

Description

This command sets the ATM address for the LANE server and the LANE client. If the optional config keyword is used, the ATM address applies only to the configuration server. The atm-address can be a complete ATM address or an ATM address template.

lane config database interface (major only; no subinterface)

lane config database name
no lane config database
 

Configures

The LANE database for the LANE configuration server

Default

None

Description

This command specifies the name of the LANE database for the current interface. The database must exist before you give this command. There can be only one LANE database per interface. The LANE database is created with the lane database command.

lane database global

lane database name
no lane database name
 

Configures

A named configuration database

Default

None

Description

This command creates a named configuration database (a LANE database) that is associated with a configuration server.

Example

The following commands create a database named elandatabase1. The lane database command sets up the name and enters the LANE database configuration mode. The remaining commands set up the database by mapping an ELAN name to a LANE emulation server address, and then setting up a default ELAN name.

! Define the ELAN database named elandatabase1
lane database elandatabase1
 name elan1 server-atm-address 47.00918100000000613E5D0301.00603E0DE841.01
 ! We set a default lane for LECs that don't know the ELAN they should join
 default-name elan1
lane fixed-config-atm-address interface

lane [config] fixed-config-atm-address
no lane [config] fixed-config-atm-address
 

Configures

The LECS used by the ATM address assigned by the ATM forum

Default

No address set

Description

This command sets the address of the ATM server to the default address assigned by the ATM Forum. The NSAP address is 47.007900000000000000000000.00A03E000001.00. The optional config keyword specifies that the address applies to the configuration server only.

lane global-lecs-address interface

lane global-lecs-address address
no lane global-lecs-address address
 

Configures

A list of LECS addresses to use

Default

None

Description

This command specifies a LECS address to use when the ILMI cannot be used. Normally, the router obtains the LECS address from the ILMI. This command can be used as many times as necessary to create a list of LECS addresses.

lane le-arp interface

lane le-arp {mac-address | route-desc segment segment-number bridge bridge-
number} atm-address
no lane le-arp {mac-address | route-desc segment segment-number bridge
bridge-number} atm-address
 

Configures

Assigns a static MAC address to an ATM address

Default

None

Description

This command adds a mapping between a static MAC address and an ATM address to the ARP database. You may either specify the MAC address explicitly, or specify a route description using the route-desc keyword. In this case, you must specify a segment-number (1-4,095) and bridge-number (1-15) instead. ARP entries created by this command do not expire. To remove them from the table, use the no form of this command.

lane server-atm-address interface

lane server-atm-address atm-address
no lane server-atm-address atm-address
 

Configures

LANE server ATM address

Default

The server's ATM address is provided by the configuration server

Description

This command sets the ATM address of the configuration server, overriding the address provided by the configuration server itself. The atm-address can be a complete ATM address or an ATM address template.

lane server-bus interface

lane server-bus {ethernet | tokenring} elan-name
no lane server-bus {ethernet | tokenring} elan-name
 

Configures

Enables a LANE server and a BUS on a subinterface

Default

None

Description

This command enables a LANE server and a BUS on the subinterface. The ethernet and tokenring keywords specify the type of Emulated LAN attached to the interface. The elan-name is the name of the ELAN, and can be up to 32 characters in length.

line global

line [line-type] line-number [end-line-number]
 

Description

This command enters the line configuration mode. Valid line-types are aux, console, tty, or vty. If no line-type is given, the line-number is treated as an absolute line number. (See the results of a show line command to see absolute line numbers.)

The line-number is the number of the first line you want to configure. The end-line-number is the last line you want to configure. If you want to configure only a single line, omit end-line-number.

Example

The following commands set the password on lines 0 through 4, inclusive, and then set the connection speed on line 5.

! change the password on vty 0 4 to vtyin
line vty 0 4
 password vtyin
! Change the speed on tty 5
line tty 5
 speed 38400

linecode controller

linecode {ami | b8zs | hdb3}
no linecode {ami | b8zs | hdb3}
 

Configures

The line encoding used on a T1/E1 line

Default

ami for T1 lines; hdb3 for E1 lines

Description

This command specifies the line encoding for a T1 or E1 line. ami can be applied to either T1 or E1; b8zs can be used only for T1 lines, and hdb3 only for E1 lines. The encodings used must match at both ends of the line; in practice, this means that the encoding is defined by your carrier.

link-test interface (hub)

link-test
no link-test
 

Configures

Link-test functionality on a hub interface

Default

Enabled

Description

This command is specific to Cisco devices with built-in hub interfaces. It enables the port's link-test function. Use the no form to disable the link test.

Example

hub ethernet 0 1
 no link-test
location line

location text
no location
 

Configures

The location description for a line

Default

None

Description

This command has no effect on the line's configuration; it simply lets you document the location of the equipment connected to a particular line. This information can be displayed to the user at login by placing the service linenumber command in the configuration.

Example

line tty3
 location Router-Room11,port 34
 service linenumber

logging global

logging syslog-server
no logging syslog-server
 

Configures

A server for logging messages

Default

None

Description

This command specifies the hostname or IP address of the log server (syslog-server) to which the router sends log messages. These messages use the standard Unix/Linux syslog facility; there are implementations of this facility for other operating systems (notably Windows NT and Windows 2000).

For syslog configuration on a Unix box, see the /etc/syslog.conf file and the syslogd manpage.

logging buffered global

logging buffered [size] [level]
no logging buffered
 

Configures

Messages logged to the internal buffer

Default

Depends on the platform; usually enabled

Description

This command enables logging to an internal buffer.

 

size

Optional. The size of the internal buffer, in bytes. The default size depends on the platform; you can give a buffer size from 4,096 to 4,294,967,295. If you set the buffer size too high, the router will run out of memory for routing tasks.

 

level

Optional. A numeric severity level or the name of a severity level. Any message at this severity or higher are logged to the internal buffer. Severity levels are: emergencies (0), alerts (1), critical (2), errors (3), warnings (4), notifications (5), informational (6), and debugging (7). Note that the numeric levels are the opposite of what you'd expect: a lower number indicates a higher severity.

logging buffered xml global

logging buffered xml [size]
no logging buffered
 

Configures

Messages logged to the internal buffer

Default

Depends on the platform; usually enabled

Description

This command enables logging to an internal buffer using XML-formatted messages.

 

size

Optional. The size of the internal buffer in bytes. The default size depends on the platform; you can give a buffer size from 4,096 to 4,294,967,295. If you set the buffer size too high, the router will run out of memory for routing tasks.

logging console global

logging console level
no logging console
 

Configures

Logging of messages to the console

Default

Debugging (7)

Description

This command enables logging to the console screen, thus setting the severity level of messages that will be displayed. All messages at the given level (either a level name or a level number) are logged. By default, all messages are logged.

logging console xml global

logging console xml [level]
no logging console
 

Configures

Logging of messages to the console

Default

Debugging (7)

Description

This command enables logging to the console screen using XML-formatted messages.

logging count global

logging count
no logging count
 

Configures

Error log count capability

Default

Disabled

Description

This command enables error log count capability. You can view the counter and statistics with the command show logging count.

logging facility global

logging facility facility
no logging facility
 

Configures

The syslog facility to which the messages are sent

Default

local7

Description

A syslog server separates messages according to their facility type. This command states the facility to which messages generated by the router belong. Valid facilities are auth, cron, daemon, kern, lpr, mail, news, syslog, local0 through local7, sys9 through sys14, user, and uucp.

Example

The following command configures the router to send syslog messages to the local7 facility:

#logging facility local7
 

The behavior of the syslog server depends on its own configuration. With the following line in syslog.conf, the server saves local7 messages with a debugging severity to the file /var/log/debug-logfile:

local7.debug /var/log/debug-logfile
logging history global

logging history level
no logging history
 

Configures

The severity levels to be logged

Default

Warnings (4)

Description

This command sets the type of syslog messages that are entered into the syslog history table. These messages are also set to an SNMP management station, if one is configured; all messages at the given level or higher are logged.

Example

The following command logs messages with a severity of errors (3) or greater, i.e., critical (2), alerts (1), and emergencies (0):

logging history errors
logging history size global

logging history size number
no logging history size
 

Configures

The size of the history table

Default

1

Description

This command sets the size of the history table. number is the number of messages saved in the table; the value can be from 1 to 500.

logging host global

logging host machine-name [xml]
no logging host machine-name [xml]
 

Configures

The logging syslog server

Default

Not enabled

Description

This command sets the hostname of the syslog server to which the router should send its system messages. The machine-name can be a hostname or IP address of the server. The optional xml keyword specifies that the log messages be sent in XML format.

logging monitor global

logging monitor level
no logging monitor
 

Configures

Messages logged to terminal lines (monitors)

Default

Debugging (7)

Description

This command controls which messages are sent to the console and other terminal lines. level can be either the name of a severity level or a number. Messages at the given level and higher are sent to the terminal lines. The default level sends all messages to the terminal lines because debugging is the lowest severity level.

logging on global

logging on
no logging on
 

Configures

Controls all logging

Default

Enabled

Description

This command allows you to enable or disable all logging. Use it with caution, as the router often waits for error messages to be displayed on a console before continuing.

logging source-interface global

logging source-interface interface
no logging source-interface
 

Configures

The interface from which syslog packets are sent

Default

The router uses the interface "closest" to the destination

Description

This command sets the interface that the router uses to send syslog packets, and therefore sets the source IP address for syslog packets that originate from the router. Specifying the source interface allows you to control the path that logging packets take from the router to the network management station, which can be an important security consideration. By default, packets originate from the interface closest to the destination.

logging synchronous line

logging synchronous [level severity | all] [limit number-of-messages]
no logging synchronous
 

Configures

Display of log messages

Default

Disabled; when enabled, default severity level is 2 and buffer message limit is 20

Description

This command controls the printing of log messages to a user's terminal. By default, messages are printed at any time, possibly disrupting the user's current command. This command tells the router to wait until the user's current command and its output are completed before displaying any logging messages.

 

level severity

The severity level that this command affects. All messages with a severity at or below (i.e., with a higher number than) the given level are sent synchronously (i.e., after waiting for the user to complete the current command and the router to generate the requested output).

 

all

Equivalent to level emergencies; all messages are sent synchronously.

 

limit number-of-messages

Specifies the number of messages that will be queued waiting for delivery.

Example

The following commands specify that on terminal lines 0 through 8, log messages at levels 6 and 7 (informational and debugging) will be delivered synchronously.

line 0 8
 logging synchronous level 6

logging trap global

logging trap level
no logging trap
 

Configures

Messages sent to syslog servers

Default

Disabled

Description

This command limits the type of messages that are sent to the syslog servers. Only messages of the given severity level and higher are sent to the server.

login line

login [local | tacacs]
no login [login | tacacs]
 

Configures

The login authentication method for connections

Default

No authentication

Description

This command tells the line to authenticate the user before allowing access. If you give this command without any arguments, you must use the password command to specify a password for this line. The local keyword tells the router to maintain its own database of users, created using the username command. The tacacs keyword tells the router to authenticate users by contacting a TACACS server.

When using login local, make sure you have at least one username configured before you log out. Otherwise, you will be locked out of the specified lines.

Example

To enable simple authentication using a single password for all access through this line:

line vty 0 4
 login
 password letmein
 

These commands enable authentication using a local database of usernames and user-specific passwords; users Bob, Ann, and John are the only ones able to log into this line.

username bob password letmein
username ann password letmein2
username john password letmein3
line vty 0 4
 login local
login authentication line

login authentication {default | list-name}
no login authentication {default | list-name}
 

Configures

TACACS+ authentication for logins

Default

No authentication

Description

This command configures the login authentication method. The methods used to perform authentication can be taken either from the default list or a named list.

 

default

Uses the default list created with the aaa authentication login command.

 

list-name

Specifies a list created with the aaa authentication login command.

logout-warning line

logout-warning seconds
no logout-warning
 

Configures

A warning message before an automatic logout

Default

None

Description

This command activates the logout warning message. This message warns users that a forced logout is about to occur. The seconds parameter specifies how much warning time is given; that is, the time that will elapse before the session closes after the warning is issued.

loopback interface

loopback [options]
no loopback
 

Configures

Loopback mode

Default

Disabled

Description

The loopback command sets the equipment at some point between a router interface and the other end of the line to reflect all data back to the router. Loopbacks are extremely useful for troubleshooting. With no options, loopback tests the local interface: all packets sent to the interface are immediately reflected back to the router without being sent to the destination. The various options and parameters allow you to place the loopback point farther down the line:

 

applique

Sets the internal loopback for an HSSI interface.

 

dte

Sets the loopback at the CSU/DSU, which tests the cable between the router (the DTE) and the CSU/DSU. The CSU/DSU must support this option.

 

line [payload]

Sets the loopback at the "far end" of the CSU/DSU, which sends the packets completely through the CSU/DSU and back to the router. The CSU/DSU must support this option. On routers with built-in CSU/DSUs (2524 or 2525) you can add the payload keyword, which creates the loopback at the DSU.

 

remote option

Sets the loopback at the remote CSU/DSU, which sends packets all the way to the remote end of the connection before reflecting them back to the router. This command tests the entire communications link between the router and the far end of the line. The remote CSU/DSU must be configured for remote loopback. Additional options give you more control over the behavior of remote loopback.

The following options are applicable to the loopback remote command:

 

full

Places the loopback at the remote CSU.

 

payload

Places the loopback on the DSU side of the remote device and transmits a payload request.

 

smart-jack

Places the loopback at the remote smart-jack connection.

 

0in1

Transmits an all-zeros test pattern for verifying a B8ZS-encoded line.

 

1in1

Transmits an all-ones test pattern.

 

1in2

Transmits alternating test patterns of all ones and all zeros.

 

1in5

Transmits the standard test pattern for testing lines.

 

1in8

Transmits a stress-test pattern for testing repeaters and their timing recovery.

 

3in24

Transmits a test pattern for testing AMI lines.

 

qrw

Transmits a quasi-random word pattern test to simulate real-world data patterns.

 

user-pattern value

Transmits a pattern defined by the value parameter. This pattern is a binary string and can be as long as 24 bits.

 

511

Transmits a random test pattern that repeats every 511 bits.

 

2047

Transmits a random test pattern that repeats every 2,047 bits.

Example

The following commands place the remote device in loopback mode and send the qrw test pattern:

interface serial 0
 loopback remote full qrw
 

In response, the router produces the following output, reporting that it has changed the line's state to down (because it can't be used for data while it is in loopback mode) and has succeeded in placing the remote CSU/DSU in loopback mode:

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
%LINK-3-UPDOWN: Interface Serial0, changed state to down
%SERVICE_MODULE-5-LOOPUPREMOTE: Unit 0 - Remote unit placed in loopback
mac-address-table aging-time global

mac-address-table aging-time seconds
no mac-address-table aging-time seconds
 

Configures

Aging time for MAC address es

Default

300 seconds

Description

This command configures the aging time for MAC addresses in the MAC address table. Valid times are 0 or from 10 to 1,000,000 seconds. A setting of 0 (zero) disables the aging time.

mac-address-table dynamic global

mac-address-table dynamic mac-address interface {fa | gi} vlan vlan-id
no mac-address-table dynamic mac-address interface {fa | gi} vlan vlan-id
 

Configures

Insertion of dynamic MAC address into the MAC address table

Default

Dynamic addresses are not added to the table

Description

This command adds dynamic MAC addresses to the MAC address table.

 

mac-address

The MAC address to be added to (or removed from) the table.

 

interface

The interface to which packets for the MAC address are forwarded.

 

fa

Specifies FastEthernet.

 

gi

Specifies GigabitEthernet.

 

vlan vlan-id

The vlan parameter specifies where to forward packets for the MAC address.

mac-address-table secure global

mac-address-table secure mac-address interface {fa | gi} vlan vlan-id
no mac-address-table secure mac-address interface {fa | gi} vlan vlan-id
 

Configures

Insertion of secure MAC addresses into the MAC address table

Default

Secure addresses are not added to the table

Description

This command adds secure MAC addresses to the MAC address table.

 

mac-address

The MAC address to be added to (or removed from) the table.

 

interface

The interface to which packets for the MAC address are forwarded.

 

fa

Specifies FastEthernet.

 

gi

Specifies GigabitEthernet.

 

vlan vlan-id

The vlan parameter specifies where to forward packets for the MAC address.

mac-address-table static global

mac-address-table static mac-address {interface int-type} {vlan vlan-id}
no mac-address-table static mac-address {interface int-type} {vlan vlan-id}
 

Configures

Insertion of static MAC addresses into the MAC address table

Default

Static addresses are not added to the table

Description

This command adds static MAC addresses to the MAC address table.

 

mac-address

The MAC address to be added to (or removed from) the table.

 

interface int-type

The interface to which packets for the MAC address are forwarded.

 

vlan vlan-id

The vlan parameter specifies where to forward packets for the MAC address.

map-class dialer global

map-class dialer name
no map-class dialer name
 

Configures

A map class for configuring DDR

Default

None

Description

Defines a map class that can be used in dialer map commands. The name of the map class is an alphanumeric string. After you give the map-class command, the router enters the map-class context, in which you can enter commands that configure the map class.

Example

The following code configures a map class named myclass. This map class is used within a dialer command to specify the properties of the telephone line used for the dial-on-demand connection.

! Define the map class and its commands
map-class dialer myclass
 dialer isdn speed 64
!
! Configure ISDN interface
interface bri 0
 encapsulation ppp
 dialer map ip 10.10.1.5 name office2 class myclass 014105551234001
map-class frame-relay global

map-class frame-relay name
no map-class frame-relay name
 

Configures

A map class to define QoS attributes for an SVC or PVC

Default

None

Description

This command creates a special kind of map class used to define QoS attributes for a Frame Relay SVC or PVC. The following frame-relay commands can be applied to the map class:

 

frame-relay custom-queue-list list

Specifies a custom queue list for the map.

 

frame-relay priority-group list

Specifies a priority queue for the map.

 

frame-relay adaptive-shaping [becn | foresight]

Enables the type of BECN (backwards explicit congestion notification) information that will throttle the transmission rate.

 

frame-relay cir [in | out] bps

The inbound or outbound committed information rate. If neither in nor out is specified, the command applies to both directions.

 

frame-relay mincir [in | out] bps

The minimum incoming or outgoing committed information rate. If neither in nor out is specified, the command applies to both directions.

 

frame-relay bc [in | out] bits

The incoming or outgoing committed burst size. If neither in nor out is specified, the command applies to both directions.

 

frame-relay be [in | out] bits

The incoming or outgoing excess burst size. If neither in nor out is specified, the command applies to both directions.

 

frame-relay idle-time duration

The idle timeout interval for the map.

Example

The following code defines a Frame Relay map that specifies an incoming and outgoing committed information rate of 56 Kbps:

map-class frame-relay map1
 frame-relay cir 56000
map-group interface

map-group name
no map-group name
 

Configures

Applies a map list to an interface

Default

None

Description

This command applies a map list to an interface. See the map-list command for an example.

map-list global

map-list map-name src-addr {e164 | x121} source-address dest-addr {e164 | x121}
destination-address
no map-list map-name src-addr {e164 | x121} source-address dest-addr
{e164 | x121} destination-address
 

Configures

A map list for a Frame Relay SVC

Default

None

Description

Use this command to define a map list for a Frame Relay SVC.

 

map-name

The name of the map.

 

src-addr {e164 | x121}

Type of source address; it may be either e164 or x121.

 

source-address

The actual source address.

 

dest-addr {e164 | x121}

Type of destination address; it may be either e164 or x121.

 

destination-address

The actual destination address.

Example

The following commands set up a map list that brings up a Frame Relay SVC in response to IP or AppleTalk traffic. The map list, named map1, is applied to the serial0 interface using a map-group command. The map list itself consists of two statements that specify the protocol and address we're interested in, followed by a map class that specifies the quality of service parameters to be used by the circuit.

interface serial0
 ip address 172.30.8.1
 encapsulation frame-relay
 map-group map1
!
map-list map1 source-addr E164 112233 dest-addr E164 445566
 ip 10.1.1.1 class some-map-class
 appletalk 2000.2 class some-map-class
!
map-class frame-relay some-map-class
 frame-relay be out 9000
match access-group class-map

match access-group access-list
no match access-group access-list
 

Configures

QoS class map match line

Default

None

Description

This command creates an entry in a class map that applies an access list as the match criteria. The access-list can be a numbered or named access list.

Example

class-map class1
 match access-group 101
match any class-map

match any
no match any
 

Configures

QoS class map match line

Default

None

Description

This command creates an entry in the class map that causes all packets to match.

match as-path route-map

match as-path path-list-number
no match as-path path-list-number
 

Configures

BGP route filtering

Default

None

Description

This command allows you to require that any route in a route map pass an AS path access list. Routes that are permitted by the list undergo further processing. You might use this command to create a route map that modifies routing metrics or changes the routes in some way, depending on the routes' AS path. These modifications are applied only to routes matching the AS path access list.

Example

The following code filters all routes to be sent to the neighboring router 10.10.1.1 through the AS path list 1. The AS path list is applied in the route map test-as-path, which adds our AS number (300) to all routes that match this list.

route-map test-as-path
 match as-path 1
 set as-path prepend 300
!
ip as-path access-list 1 permit .*
!
router bgp 300
 neighbor 10.10.1.1 route-map set-as-path out
match class-map class-map

match class-map class-map-name
no class-map class-map-name
 

Configures

QoS class map match line

Default

None

Description

This command tells the current class map to use an entirely different class map as a matching criteria. By using this command, you can nest class maps.

Example

In this example, you can see that class1 uses class2 with this command.

class-map match-any class2
 match protocol ip
 match access-group 101
!
class-map match-all class1
 match class-map class2
 match access-group 102
match community-list route-map

match community-list community-list-number [exact]
no match community-list community-list-number [exact]
 

Configures

BGP route filtering

Default

None

Description

This command lets you build a route map that requires a match to a BGP community list. If the route's community string matches the named list, the set commands of the route map are applied. The exact keyword states that all the communities within the community list must be present for the route. Without the exact keyword, only one match is required.

match cos class-map

match cos value [value2 value3 value4]
no match cos value [value2 value3 value4]
 

Configures

QoS class map match line

Default

None

Description

This command configures a match line in a class map that matches a packet's Class of Service (CoS) value. The IEEE 802.1Q/ISL CoS value can be a value from 0 to 7. And you can specify from 1 to 4 values on a single line.

Example

class-map voice
 match cos 7
match destination-address mac class-map

match destination-address mac address
no match destination-address mac address
 

Configures

QoS class map match line

Default

None

Description

This command configures a class-map match statement that causes the packet's MAC address to be compared to the supplied address.

match discard-class class-map

match discard-class value
no match discard-class value
 

Configures

QoS class map match line

Default

Packets not classified as expected

Description

This command configures a class-map match statement that matches the packet's discard class value. The value is a number from 0 to 7.

match dscp class-map

match [ip] dscp value
no match [ip] dscp value
 

Configures

QoS class map match line

Default

None

Description

This command tells a class map to match a packet's Differentiated Service Code Point (DSCP). The ip command is optional; it tells the match to work only for IPv4 packets. If you leave ip out, both IPv4 and IPv6 packets are matched. The value can be from 0 to 63.

match fr-dlci class-map

match fr-dlci dlci-number
no match fr-dlci dlci-number
 

Configures

QoS class map match line

Default

None

Description

This command specifies a Frame Relay DLCI value to use in a class map. The dlci-number is matched against the packet's DLCI number.

match input-interface class-map

match input-interface interface-name
no match input-interface interface-name
 

Configures

QoS class map match line

Default

None

Description

This command specifies an input interface to match a packet against. If the packet's input interface matches the interface-name, the line matches.

match interface route-map

match interface interface [... interface]
no match interface interface [... interface]
 

Configures

Route filtering

Default

None

Description

This command lets you build a route map that selects routes according to the interfaces they use. For the route to match, its next hop must be through one of the interfaces listed. Routes that match are processed according to the other statements in the route map.

Example

In the following route map, all routes must have a next hop through the serial0 or serial1 interface for the route to match.

route-map example1
 match interface serial0 serial1

match ip address route-map

match ip address access-list
no match ip address access-list
 

Configures

Route filtering

Default

None

Description

This command is used to match the IP address of the route's destination. If the destination matches the specified access list, the route is included in the map and processed according to the other statements in the route map. With this command, you can use extended access lists to implement routing policies.

match ip dscp class-map

match ip dscp
no match ip dscp
 

Configures

QoS class map match line

Default

None

Description

This command has been replaced with the match dcsp command.

match ip next-hop route-map

match ip next-hop access-list [... access-list]
no match ip next-hop access-list [... access-list]
 

Configures

Route filtering

Default

None

Description

This command lets you specify that a route's next hop IP address must match the specified access list (or lists) to be included in the map. If a route passes any of the access lists, it is processed according to the other statements in the route map.

match ip precedence class-map

match ip precedence
no match ip precedence
 

Configures

QoS class map match line

Default

None

Description

This command has been replaced with the match precedence command.

match ip route-source route-map

match ip route-source access-list [... access-list]
no match ip route-source access-list [... access-list]
 

Configures

Route filtering

Default

None

Description

This command lets you specify that a route's source address (i.e., the router that originally advertised the route) must match the given access lists to be included in the map. If a route passes any of the access lists, it is processed according to the other statements in the route map.

match ip rtp class-map

match ip rtp starting-port-number end-port-range
no match ip rtp starting-port-number end-port-range
 

Configures

QoS class map match line

Default

None

Description

This command configures a range of ports to match a packet using the Real-Time Protocol (RTP). Any RTP packets that fall within the specified starting-port-number and end-port-range are matched. The starting-port-number can be from 2,000 to 65,535. The RTP end-port-range can be from 0 to 16,383.

match length route-map

match length min max
no match length min max
 

Configures

Route filtering

Default

None

Description

This command lets you build a route map that selects packets whose size is between min and max. If a packet's size falls in this range, it is processed according to the other statements in the route map. This command is used with policy routing.

Example

In this example, we want to match packets that are between 10 to 100 bytes long. We then send matching packets out through the serial0 interface.

interface ethernet1
 ip policy route-map example1
!
route-map example1
 match length 10 100
 set interface serial0

match metric route-map

match metric value
no match metric value
 

Configures

Route filtering

Default

None

Description

This command lets you build a route map that selects routes with a certain metric, given by value. The metric value can be from 0 to 4,294,967,295. If a route's metric matches the given value, it is processed according to the other statements in the route map.

match mpls experimental class-map

match mpls experimental value
no match mpls experimental value
match mpls experimental topmost value
no match mpls experimental topmost value
 

Configures

QoS class map match line

Default

None

Description

This command specifies an MPLS experimental value against which to match packets. The value is the experimental MPLS value to match against. Values can be from 0 to 7.The topmost command checks the MPLS packet's topmost field for the value.

match mpls-label route-map

match mpls-label
no match mpls-label
 

Configures

Route map

Default

Routes with MPLS labels are not redistributed

Description

This command allows routes with MPLS labels to be redistributed in a route map.

Example

route-map mymap permit 1
 match ip address 101
 match mpls-label

match not class-map

match not match-command
no match not match-command
 

Configures

QoS class map match line

Default

None

Description

This command specifies the not version of a match-command. For example, if you wanted to match all protocols except IP, you could use the match protocol command combined with a not.

Example

class-map all-but-ip
 match not protocol ip
match packet length class-map

match packet length max value min value
no match packet length max value min value
 

Configures

QoS class map match line

Default

None

Description

This command tells the class-map to match the layer 3 packet length in the IP header of the packet. You can specify a min value, a max value, or both. If a minimum value is supplied, only packets with a value greater than the minimum are matched. If only a maximum value is supplied, only packets less than the maximum are matched. If both a minimum and maximum are supplied, packets must be within that range in order to be matched.

Valid values for both minimum and maximum are from 1 to 2,000.

match precedence class-map

match precedence value
no match precedence value
 

Configures

QoS class map match line

Default

None

Description

This command supplies an IP precedence value to use as match criteria for a map-class. The value can be a precedence value of 0 to 7.

match protocol class-map

match protocol name
no match protocol name
 

Configures

QoS class map match line

Default

None

Description

This command supplies a protocol name to use as match criteria for a map class. The protocol name can be any protocol such as aarp, arp, bridge, bstun, cdp, clns, vmns, compressedtcp, decnet, ip, ipv6, ipx, llc2, pad, qllc, rsrb, snapshot, and stun.

Two other protocols, citrix and http, take additional parameters.

Example

Citrix uses an option called app to identify packets:

! match citrix application called application1
match protocol citrix app application1
 

http has optional url, host, and mime modifiers:

match protocol http host cisco*
match protocol http url index.html*
match qos-group class-map

match qos-group value
no match qos-group value
 

Configures

QoS class map match line

Default

None

Description

This command specifies a packet's QoS tag to use as a match criterion in a class map. The qos-group value can be from 0 to 99. The command is often used with the set qos-group command, which sets a packet's QoS tag (usually done on another device).

match route-type route-map

match route-type {local | internal | external [type-1 | type-2] | level-1 |
level-2}
no match route-type {local | internal | external [type-1 | type-2] | level-1 |
level-2}
 

Configures

Route filtering

Default

None

Description

This command lets you build route maps that match routes of a certain type. The types you can match are:

 

local

BGP internal routes.

 

internal

EIGRP internal routes or OSPF inter-area and intra-area.

 

external

EIGRP and OSPF external routes. type-1 and type-2 will only match OSPF type-1 and type-2 routes, respectively.

 

level-1

Level 1 IS-IS routes.

 

level-2

Level 2 IS-IS routes.

match source-address mac class-map

match source-address mac address
no match source-address mac address
 

Configures

QoS class map match line

Default

None

Description

This command specifies a packet's source MAC address to use as a class map match criterion.

match tag route-map

match tag tag-value [... tag-value]
no match tag tag-value [... tag-value]
 

Configures

BGP route filtering

Default

None

Description

This command lets you build route maps that match routes with certain tag values. If a route has a tag that matches any given tag-value, it is processed according to the other statements in the route map. The tag-value parameters can have values from to 4,294,967,295.

maximum-paths router

maximum-paths number
no maximum-paths number
 

Configures

The maximum number of paths with equal metrics

Default

1 for BGP; 4 for other protocols

Description

This command lets you set the number of paths with equal metrics that the router will maintain in its routing table. number can range from 1 to 6.

For BGP, the meaning of this command is slightly different, since BGP doesn't have a simple routing metric. For BGP, this command allows you to increase the number of parallel equal-length paths that the router maintains in its tables.

max-reserved-bandwidth interface

max-reserved-bandwidth percent-value
no max-reserved-bandwidth
 

Configures

QoS class map match line

Default

75 percent

Description

This command configures the percentage of bandwidth allocated for a given QoS technique, such as CBWFQ or LLC.

media-type interface

media-type type
no media-type type
 

Configures

The type of media for specific interfaces

Default

Depends on the interface type

Description

Certain interface types can be associated with several types of ports. For example, the Ethernet module on a 4000 series or an FEIP (Fast Ethernet interface processor) on a 7000/7500 series can be associated with an AUI, 10BaseT, or 100BaseT port. The type depends on the actual interface you are configuring; the possible types are shown in Table 17-14.

Table 17-14. Media types

Type

Meaning

aui

15-pin AUI port

10baset

10BaseT RJ45 port

100baset

100BaseT RJ45 port

mii

Media-independent interface

 

Example

interface fastethernet0/1
 media-type 100baset
member interface

member number command
no member number command
 

Configures

Applies a configuration to one async interface of a group

Default

None

Description

This command is used in conjunction with the group-range command. It allows a certain command to be applied to one specific interface of a given range. The number specifies the group member to which the given command should be applied. Only two commands can be applied to an interface using the member command: peer default ip and description. For examples, see the group-range command.

menu global

menu name [clear-screen | line-mode | single-space | status-line]
no menu name
 

Configures

Menu display options

Default

None

Description

This command displays the menu with the given name and allows you to specify menu display options. Menus can be used to provide simple configuration commands for users connecting to the router through telnet or reverse telnet; the menu itself is defined using the menu command. The available options are:

 

clear-screen

Forces a clear screen before displaying the menu.

 

line-mode

Allows the user to backspace over a selected item and press Enter to execute a command.

 

single-space

Displays the menu single-spaced instead of double-spaced.

 

status-line

Displays a status line about the current user.

Menus are constructed using the commands menu command , menu text, and menu title.

menu command global

menu name command number command
 

Configures

Commands for user interface menus

Default

None

Description

This command lets you build arbitrary menus for executing configuration commands. The menus are accessible from the router's command-line prompt.

 

name

The name of the menu. Names cannot be more than 20 characters long.

 

number

The selection number associated with the menu entry.

 

command

The command to be executed when the given number is selected.

menu text global

menu name text number text
 

Configures

Descriptive text for menus

Default

None

Description

This command lets you provide descriptive text to associate with menu items. The menus are accessible from the router's command-line prompt using the menu command, followed by the menu name.

 

name

The name of the menu. Names cannot be more than 20 characters long.

 

number

The selection number associated with the menu entry.

 

text

The text to be displayed for the given menu selection.

Example

The following commands set up a menu called incoming with several selections. If a user types 1, the command telnet 10.1.1.1 is executed; if she types 2, the command telnet 10.1.1.2 is executed; if she types 3, the menu exits.

menu incoming command 1 telnet 10.1.1.1
menu incoming text 1 Telnet to New York router (10.1.1.1)
menu incoming command 2 telnet 10.1.1.2
menu incoming text 2 Telnet to San Francisco router (10.1.1.2)
menu incoming command 3 menu-exit
menu incoming text 3 Exit
menu title global

menu name title delimiter text delimiter
 

Configures

A title for a user interface menu

Default

None

Description

This command allows you to assign a title to the user interface menu identified by name. The text is the menu's title; the delimiter can be any character that does not appear within the text that serves to mark the beginning and end of the text.

metric holddown router, IGRP

metric holddown
no metric holddown
 

Configures

Keeps a route from being used for a given amount of time

Default

Disabled

Description

This command tells IGRP to wait a specific time before implementing new routes. It helps you to avoid routing loops in networks that converge slowly by delaying routing updates. Routing loops are still possible, however, if all routers within the same IGRP domain are not configured the same way. Using this command can result in very slow convergence.

metric maximum-hops router, IGRP, EIGRP

metric maximum-hops hops
no metric maximum-hops hops
 

Configures

The maximum number of hops that a route can take

Default

100

Description

This command allows you to change the maximum hop count for EIGRP and IGRP. Routes that exceed the given limit are considered unreachable. The maximum number of hops is 255.

Example

The following commands configure the router to mark routes as unreachable if they require more than 180 hops:

router igrp 101
 network 10.10.0.0
 metric maximum-hops 180
metric weights router

metric weights tos k1 k2 k3 k4 k5
no metric weights
 

Configures

EIGRP and IGRP metric calculation

Default

tos=0; k1=1; k2=0; k3=1; k4=0; k5=0

Description

This command allows you to tune the routing metric for EIGRP and IGRP. The metric is calculated as follows:

If k5 greater than zero, the calculation continues:

The tos (Type of Service) parameter is currently unused. It should be set to 0 when you use this command.

Example

The following commands modify the values of k4 and k5 and set the other values to their defaults:

router igrp 100
 network 10.10.0.0
 metric weights 0 1 0 1 2 2
mkdir command

mkdir directory
 

Description

This command allows you to create a directory on a Class C filesystem.

modem  

This family of commands is used to configure modems on TTY lines. The discussion is limited to commands that are available for all routers. Terminal servers with manageable modems, such as the AS5200, AS5300, and CS3600 series products, have additional commands.

 

modem answer-timeout time

Sets the amount of time the router waits for the carrier signal after answering an incoming RING.

 

modem autoconfigure discovery

The router automatically tries to discover the modem type.

 

modem autoconfigure type type

Sets the modem to the type known by the router. To view a list of known modems, use the command modem autoconfigure type ?.

 

modem callin

Enables support of modems that use DTR to control hook-status.

 

modem callout

Enables reverse connections. (See Chapter 4.)

 

modem chat-script script-name

Specifies which chat script to use when the modem is automatically dialing. See Chapter 12 for more information.

 

modem cts-required

Configures a line to require the CTS (clear to send) signal.

 

modem dialin

Configures a modem to accept incoming calls only.

 

modem dtr-active

Configures the modem line to leave the DTR signal low unless there is an active connection.

 

modem inout

Allows both incoming and outgoing connections to the modem. This command enables reverse telnet, so be sure this what you want to do.

monitor session global

monitor session session-number {source {interface interface-name}}
[range | rx | tx | both]
no monitor session session-number {source {interface interface-name}}
[range | rx | tx | both]
monitor session session-number {destination {interface interface-name}} [range]
no monitor session session-number {destination {interface interface-name}}
[range]
monitor session session-number
no monitor session session-number
 

Configures

Switched Port Analyzer (SPAN)

Default

None

Description

This command enables the Switched Port Analyzer or SPAN, which allows a port to "monitor" traffic that's sent or received on another port or VLAN. For more information, see Chapter 14. Use the command show monitor to display the SPAN session information.

 

session-number

The SPAN session number. Valid values are 1 and 2.

 

source

Specifies the SPAN source.

 

destination

Specifies the SPAN destination.

 

interface-name

Optional. The interface type and number.

 

range

Optional. Specifies a list of VLANs to use for SPAN. It can be a list or a range. For example, "100,200,205,305" or "100-300". Valid values are 1 to 1,005.

 

rx

Optional. Restricts monitor to received traffic only.

 

tx

Optional. Restricts monitor to transmitted traffic only.

 

both

Optional. Monitor for both received and transmitted traffic.

more EXEC

more [/ascii | /binary | /ebcdic] file-url
 

Configures

Displays a file's contents

Default

N/A

Description

This command allows you to view a file on the router where the file-url can be a file stored in flash or a system URL. See Table 2-6 in Chapter 2 for a list of valid URL prefixes.

Example

To view the startup configuration, you would use this command:

more nvram:startup-config

motd-banner line

motd-banner
no motd-banner
 

Configures

Suppresses the message of the day

Default

Enabled

Description

By default, the motd (message-of-the-day) banner is enabled on all lines. This command allows you to suppress the banner on selected lines.

Example

! Don't display the motd on lines 5 through 10
line 5 10
 no motd-banner

mpls atm control-vc interface

mpls atm control-vc vpi vci
no mpls control-vc vpi vci
 

Configures

MPLS

Default

VPI, 3; VCI, 32

Description

This command specifies the VPI (Virtual Path Identifier) and the VCI (Virtual Circuit Identifier) for the initial link to a MPLS peer.

Example

interface atm1/0.1 mpls
 mpls ip
 mpls atm control-vc 1 32

mpls atm cos global

mpls atm cos { available | standard | premium | control } weight
no mpls atm cos { available | standard | premium | control } weight
 

Configures

MPLS

Default

available 50%; control 50%

Description

This command changes the configured bandwidth allocation for CoS (Class of Service). You choose a class (available, standard, premium, or control) and then assign a weight, which is a value from 1 to 100.

mpls atm disable-headend-vc global

mpls atm disable-headend-vc
no mpls atm disable-headend-vc
 

Configures

MPLS

Default

Enabled

Description

This command stops the LSC from initiating headend LVCs (label switched controlled virtual circuits), which reduces the number of LVCs in the network.

mpls atm multi-vc ATM subinterface

mpls atm multi-vc
no mpls atm multi-vc
 

Configures

MPLS

Default

N/A

Description

This command allows an ATM MPLS subinterface to create one or more label switched controlled virtual circuits over which packets of different classes can be transmitted.

mpls atm vpi interface

mpls atm vpi lowvpi [- highvpi] [vci-range lowvci - highvci]
no mpls atm vpi lowvpi [- highvpi] [vci-range lowvci - highvci]
 

Configures

MPLS

Default

VPI is 1 to 1, VCI is 33-65,535

Description

This command configures the range of values to use in the VPI field for label switched controlled virtual circuits.

 

lowvpi

Virtual Path Identifier, low end of range (0 to 4,095)

 

highvpi

Optional. Virtual Path Identifier, high end of range (0 to 4,095)

 

vci-range

Optional. Range of Virtual Channel Identifiers the subinterface can use.

mpls atm vp-tunnel interface

mpls atm vp-tunnel vpi [vci-range lowvci - highvci]
no mpls atm vp-tunnel vpi [vci-range lowvci - highvci]
 

Configures

MPLS

Default

Disabled

Description

This command configures an interface as a Virtual Path tunnel.

 

vpi

The Virtual Path Identifier value for the local end of the tunnel.

 

vci-range

Optional. Range of Virtual Channel Identifiers the subinterface can use.

mpls cos-map global

mpls cos-map map
no mpls cos-map map
 

Configures

MPLS

Default

None

Description

This command creates a class map that specifies how classes correspond to Virtual Circuits.

Example

mpls cos-map 10
 class 1 premium

mpls ip interface, global

mpls ip
no mpls ip
 

Configures

MPLS

Default

Disabled

Description

This command enables label switching of IPv4 packets. The command must be applied globally and to the interface.

Example

mpls ip
interface ethernet 1/1
 mpls ip
mpls ip default-route global

mpls ip default-route
no mpls ip default-route
 

Configures

MPLS

Default

Disabled

Description

This command enables distribution of labels associated with the default route.

Example

mpls ip
mpls ip default-route
mpls ip encapsulate explicit-null interface

mpls ip encapsulate explicit-null
no mpls ip encapsulate explicit-null
 

Configures

MPLS

Default

Disabled

Description

This command enables all packets sent out an interface or subinterface with an explicit NULL label header. To be used on a customer edge router.

mpls ip ttl-expiration pop global

mpls ip ttl-expiration pop labels
no mpls ip ttl-expiration pop labels
 

Configures

MPLS

Default

Packets are forwarded by the original label stack

Description

This command specifies how to forward a packet with an expired time-to-live (TTL) value.

mpls label protocol global, interface

mpls label protocol { ldp | tdp }
no mpls label protocol
 

Configures

MPLS

Default

TDP

Description

This command specifies the label distribution protocol to use for the platform or interface. ldp specifies the Label Distribution Protocol while tdp specifies the Tag Distribution Protocol.

For the interface version of this command, you can specify both, which allows both LDP and TDP. This is useful on interfaces where different peers might use different protocols.

Example

mpls label protocol ldp
!
interface ethernet 1/1
 mpls label protocol both

mpls label range global

mpls label range min max
no mpls label range
 

Configures

MPLS

Default

Minimum 16, Maximum 1,048,575

Description

This command configures the range of local labels available for MPLS.

mpls mtu interface

mpls mtu bytes
no mpls mtu bytes
 

Configures

MPLS

Default

The interface's default MTU

Description

This command sets the per-interface maximum transmission unit (MTU) for labeled packets.

mpls prefix-map interface

mpls prefix-map map access-list acl cos-map map
no mpls prefix-map map access-list acl cos-map map
 

Configures

MPLS

Default

Disabled

Description

This command applies a QoS map when a label distribution prefix matches the specified access-list (acl).

mpls request-labels for global

mpls request-labels for access-list
no mpls request-labels for
 

Configures

MPLS

Default

Disabled

Description

This command applies an access list to restrict the creation of LSPs (Label Switched Paths) on the Label Switch Controller (LSC) or Label Edge Router (LER).

mrinfo command

mrinfo [host] [source-interface]
 

Configures

Queries a multicast router

Description

This command allows you to query a multicast router. If you provide no arguments to this command, the router queries itself.

 

host

Optional. Specifies the IP address or name of the host to query.

 

source-interface

Optional. Specifies the IP address or name of the interface to use as the source of the request.

mstat command

mstat source [destination] [group]
 

Configures

Displays multicast statistics

Description

This command displays multicast statistics, including the packet rate and the number of packets lost. If you do not provide arguments to this command, the router prompts you for them.

 

source

Specifies the IP address or name of the multicast source.

 

destination

Optional. Specifies the IP address or name of the destination. If not provided, the router uses itself as the destination.

 

group

Optional. Specifies the IP address or name of the group to display. The default is 224.2.0.1.

mtrace command

mtrace source [destination] [group]
 

Description

This command provides a trace from the source to the destination for a multicast distribution tree.

 

source

Specifies the IP address or name of the multicast source.

 

destination

Optional. Specifies the IP address or name of the destination. If not provided, the router uses itself as the destination.

 

group

Optional. Specifies the IP address or name of the group to display. The default is 224.2.0.1.

mtu interface

mtu bytes
no mtu bytes
 

Configures

Maximum transmission unit (MTU)

Default

Depends on media type (defaults for some common media are listed in Table 17-11, under the ip mtu command)

Description

This command allows you to modify the MTU for any interface. The default MTU depends on the media you are using (FDDI, Ethernet, etc.); for example, Ethernet has an MTU of 1,500.

Performance considerations may lead you to modify this value; a smaller MTU might give better performance on a lossy or noisy line.

Example

interface ethernet0
 mtu 1250
name elan-id LANE database configuration (ATM)

name name elan-id id
no name name elan-id id
 

Configures

ELAN ID of an ELAN in the LECS database

Default

None

Description

This command sets the name and id number for an Emulated LAN (ELAN) in the LECS database.

name local-seg-id LANE database

name elan-name local-seg-id segment-number
no name elan-name local-seg-id segment-number
 

Configures

The token ring number of an ELAN

Default

None

Description

This command sets the token ring's ring number of an ELAN. The segment-number is the number to be assigned, which can be from 1 to 4,095.

name preempt LANE database configuration (ATM)

name name preempt
no name name preempt
 

Configures

Preempt for the ELAN

Default

Disabled

Description

This command allows you to enable preempting of an ELAN. This is useful when a LAN Emulation Server (LES) of a higher priority fails and then comes back online; it allows the higher-priority LES to preempt the lower-priority LES, avoiding network flapping and instability.

name server-atm-address LANE database

name elan-name server-atm-address atm-address [restricted | un-restricted]
[index value]
no name elan-name server-atm-address atm-address
 

Configures

The LANE server's ATM address for the ELAN

Default

None

Description

This command sets the ATM address of the LANE server for the ELAN.

 

elan-name

The name of the ELAN.

 

atm-address

The LANE server's ATM address.

 

restricted | un-restricted

Optional. If restricted, only LANE clients defined in the ELAN's configuration server can be members of the ELAN.

 

index value

Optional. This keyword sets a priority for the LANE server. (You can assign multiple LANE servers for fault tolerance.) 0 is the highest priority.

neighbor router

RIP/IGRP/EIGRP:

neighbor address
no neighbor address
 

OSPF:

neighbor address [priority value] [poll-interval seconds] [cost number]
[database-filter all]
no neighbor address [priority value] [poll-interval seconds] [cost number]
[database-filter all]
 

Configures

A routing neighbor

Default

No neighbors defined

Description

The behavior and syntax of this command depend on the routing protocol you are using.

For RIP, this command specifies a RIP neighbor. This is useful when you have routers that cannot receive RIP broadcasts. In this situation, use the neighbor command to specify the IP addresses of routers that should receive RIP packets directly. If you use this command, RIP packets are not broadcast; they are sent only to the specified neighbors. The neighbor command is frequently used with the passive-interface command, which specifies that the interface should only listen for routing updates.

For IGRP, the command specifies an IGRP neighbor for the router to communicate with. It is often used with the passive-interface command. As with RIP, you can use the neighbor command together with passive-interface to send updates to one or more routers without sending updates to other routers on the network. Multiple neighbor commands are allowed.

For EIGRP, the neighbor command is accepted by the parser but has no effect on the EIGRP process. It is accepted for backward compatibility with IGRP configurations.

For OSPF, you use the command to define a router's OSPF neighbors explicitly. The OSPF version of this command has the following parameters:

 

address

The IP address of the neighbor.

 

priority value

Optional. The priority of the neighbor, from 0 to 255. The default is 0.

 

poll-interval seconds

Optional. The frequency at which the neighbor is polled. The default is 120 seconds.

 

cost number

Optional. Assigns a cost to the neighbor. The cost can be from 1 to 65,535. Neighbors that aren't configured with a specific cost assume the cost of the interface based on the ip ospf cost command.

 

database-filter

Optional. Filters outgoing link-state advertisements (LSAs) to the neighbor.

Example

In the following configuration, we have an IGRP routing process that we have told not to advertise (broadcast) IGRP updates out interface ethernet0. We use the neighbor command to explicitly tell the routing process to communicate with the router at 10.10.1.5, which happens to be reachable through the ethernet0 interface. We are thus using the neighbor command to control which routers receive IGRP information:

router igrp 100
 network 10.0.0.0
 passive-interface ethernet0
 neighbor 10.10.1.5
 

The following commands set up a similar routing configuration using RIP. As in the previous example, we use passive-interface to suppress routing broadcasts out ethernet0, and the neighbor command to list explicitly the routers with which we want to communicate:

router rip
 network 10.0.0.0
 passive-interface ethernet0
 neighbor 10.10.1.5
 

In the following example, we create an OSPF routing process and list a priority 1 neighbor explicitly:

! OSPF neighbor with a priority of 1
!
router ospf 99
 neighbor 192.168.1.2 priority 1
neighbor advertisement-interval router, BGP

neighbor {address | peer-group} advertisement-interval seconds
no neighbor {address | peer-group} advertisement-interval seconds
 

Configures

Minimum interval between BGP routing updates

Default

5 seconds for internal peers; 30 seconds for external peers

Description

This command sets the BGP routing update interval. seconds can be from 0 to 600. You must specify either the address or peer-group of a particular peer.

neighbor database-filter router, OSPF

neighbor address database-filter all out
no neighbor address database-filter all out
 

Configures

Filter LSAs to a certain OSPF neighbor

Default

Disabled

Description

Normally, all outgoing LSAs are flooded to all neighbors. This command allows you to disable flooding to a specific neighbor in point-to-multipoint networks. In broadcast, nonbroadcast, and point-to-point networks, you can disable flooding by using the ospf database-filter command.

neighbor default-originate router, BGP

neighbor {address | peer-group} default-originate [route-map map]
no neighbor {address | peer-group} default-originate [route-map map]
 

Configures

Sends the default route to a BGP neighbor

Default

Disabled

Description

This command tells the router to send the default route to a neighbor, identified either by address or by peer-group. By default, no default route is sent. The use of the route map map allows you to place conditions on the sending of the route.

neighbor description router, BGP

neighbor {address | peer-group} description text
no neighbor {address | peer-group} description
 

Configures

A text description of a BGP neighbor or peer group

Default

None

Description

This command allows you to give a text description for a neighbor, identified either by address or by peer-group. The text can be up to 80 characters. The description is purely for documentation and doesn't affect the router's behavior.

Example

router bgp 200
 neighbor 10.200.200.1 description Peer in the pasadena office

neighbor distribute-list router, BGP

neighbor {address | peer-group} distribute-list {access-list | prefix-list
name} {in | out}
no neighbor {address | peer-group} distribute-list {access-list | prefix-list
name} {in | out}
 

Configures

Applies a distribute list to a neighbor or peer group

Default

None

Description

This command applies an access list or a prefix list to filter incoming (in) or outgoing (out) routes exchanged with the given neighbor (specified by address or peer-group).

neighbor filter-list router, BGP

neighbor {address | peer-group} filter-list access-list {in | out}
no neighbor {address | peer-group} filter-list access-list {in | out}
 

Configures

A filter for BGP

Default

None

Description

This command sets up an AS path access list that filters BGP routes sent to or received from a specific neighbor. Routes that match the access list are discarded.

 

address or peer-group

The address or peer group of the neighbor.

 

filter-list access-list

The name of an AS path access list defined by the ip as-path access-list command.

 

in

The filter applies to incoming routes.

 

out

The filter applies to outgoing routes.

neighbor maximum-prefix router, BGP

neighbor {address | peer-group maximum-prefix max [threshold] [warning-only]
no neighbor {address | peer-group maximum-prefix max [threshold] [warning-only]
 

Configures

The number of prefixes that can be received from a neighbor

Default

No limit

Description

This command allows you to set a limit on the number of prefixes that the router can receive from the neighbor.

 

address or peer-group

The address or peer group of the neighbor.

 

maximum-prefix max

The maximum number of prefixes you are willing to accept.

 

threshold

Optional. The percentage of the maximum number of prefixes at which the router will start generating warning messages. The default is 75%.

 

warning-only

Tells the router to generate a warning message about reaching the maximum value, but not to take any other action.

neighbor next-hop-self router, BGP

neighbor {address | peer-group} next-hop-self
no neighbor {address | peer-group} next-hop-self
 

Configures

Next-hop processing of the neighbor router

Default

Disabled

Description

This command forces the router to advertise itself as the next hop to the neighbor. The neighbor router is identified by its IP address or peer-group.

neighbor password router, BGP

neighbor {address | peer-group} password word
no neighbor {address | peer-group} password word
 

Configures

MD5 authentication between BGP peers

Default

Disabled

Description

This command requires authentication between BGP peers (identified by address or by peer-group). The MD5 algorithm is used for authentication. The password, word, can be any alphanumeric string up to 80 characters long; spaces are allowed, but the first character cannot be a number.

neighbor peer-group router, BGP

neighbor address peer-group peer-group
no neighbor address peer-group peer-group
 

Configures

Assigns a neighbor to a peer group

Default

None

Description

When configuring BGP, you often want to apply the same set of configuration items to a number of BGP neighbors. Peer groups let you simplify the router configuration by making a neighbor a peer group member. Once you have created a peer group, all configuration items for that group apply to all the members of the group. address is the IP address of the neighbor to be added to the peer group; peer-group is the name of the peer group.

Example

In this example, we create a peer group called group1 and place all our neighbors into this peer group (179.69.232.53, 54, and 55). Having created the peer group, we can apply neighbor filter-list commands to the group as a whole, rather than to the individual neighbors. We still have to configure the unique features (such as remote AS numbers) of the neighbors individually.

router bgp 200
 neighbor group1 peer-group
 neighbor group1 filter-list 100 in
 neighbor group1 filter-list 102 out
 neighbor 171.69.232.53 remote-as 300
 neighbor 171.69.232.53 peer-group group1
 neighbor 171.69.232.54 remote-as 400
 neighbor 171.69.232.54 peer-group group1
 neighbor 171.69.232.55 remote-as 500
 neighbor 171.69.232.55 peer-group group1
neighbor prefix-list router, BGP

neighbor {address | peer-group} prefix-list prefix-list-name {in | out}
no neighbor {address | peer-group} prefix-list prefix-list-name {in | out}
 

Configures

Assigns a prefix list to a BGP neighbor

Default

None

Description

This command lets you filter BGP routes by assigning a prefix list to a neighbor instead of using an AS path filter.

 

address or peer-group

The address or peer group of the neighbor.

 

prefix-list prefix-list-name

The name of the prefix list defined by the ip as-path access-list command.

 

in

The filter applies to incoming routes.

 

out

The filter applies to outgoing routes.

neighbor remote-as router, BGP

neighbor {address | peer-group} remote-as as-number
no neighbor {address | peer-group} remote-as as-number
 

Configures

The remote AS number of a BGP neighbor

Default

None

Description

This command specifies a neighbor's AS number. This number is used to determine whether the neighbor is an internal or external BGP router. If the neighbor's AS number is the same as the AS number in the current BGP configuration, the neighbor is an internal BGP router; likewise, if the AS numbers are different, the neighbor is an external BGP router.

 

address or peer-group

The address or peer group of the neighbor.

 

as-number

The AS number of the neighbor router (or the routers in the peer group).

Example

In this example, the neighbor (10.200.200.3) is an internal BGP router because its AS number is the same as the local AS number:

router bgp 100
 neighbor 10.200.200.3 remote-as 100
 

In the following example, the neighbor (10.200.200.4) is an external BGP router:

router bgp 100
 neighbor 10.200.200.4 remote-as 200
neighbor route-map router, BGP

neighbor {address | peer-group} route-map map {in | out}
no neighbor {address | peer-group} route-map map {in | out}
 

Configures

Assigns a route map to a BGP neighbor

Default

None

Description

This command assigns a route map to a BGP neighbor. The route map is used to filter or otherwise modify routes that are sent to or received from the neighbor.

 

address or peer-group

The address or peer group of the neighbor.

 

map

The number of the map used to filter the routes.

 

in

The map is applied only to incoming routes.

 

out

The map is applied only to outgoing routes.

neighbor route-reflector-client router, BGP

neighbor address route-reflector-client
no neighbor address route-reflector-client
 

Configures

BGP route reflector

Default

None

Description

This command configures the local router as a route reflector; the neighbor at the specified address is a client of the route reflector. Route reflectors allow you to get around the rule that all internal BGP speakers (peers) must be fully meshed. A route reflector passes iBGP routes from one router to another without modification.

neighbor send-community router, BGP

neighbor {address | peer-group} send-community
no neighbor {address | peer-group} send-community
 

Configures

Community attribute

Default

None

Description

This command tells the router to send the COMMUNITIES attribute to BGP neighbors. The neighbors that receive this attribute are identified either by address or by peer-group.

neighbor send-label router, BGP

neighbor {address | peer-group} send-label
no neighbor {address | peer-group} send-label
 

Configures

BGP to send MPLS label

Default

None

Description

This command tells the device to send MPLS labels with BGP routes to the specified BGP neighbor.

neighbor shutdown router, BGP

neighbor {address | peer-group} shutdown
no neighbor {address | peer-group} shutdown
 

Configures

Removes a BGP neighbor from the BGP configuration

Default

None

Description

This command disables the neighbor (specified by address or peer-group) so that it no longer takes part in the BGP routing protocol or exchanges BGP routing information and tables. Use the no form to reenable the BGP neighbor.

neighbor soft-reconfiguration inbound router, BGP

neighbor {address | peer-group} soft-reconfiguration inbound
no neighbor {address | peer-group} soft-reconfiguration inbound
 

Configures

Storage of received updates

Default

None

Description

This command enables the storage of received updates, which is required for an inbound soft reconfiguration.

neighbor ttl-security · BGP

neighbor ip ttl-security hops hop-count
no neighbor ip ttl-security hops hop-count
 

Configures

Maximum TTL count for eBGP peers

Default

Disabled

Description

This command enables BGP TTL checking for neighbors. This command is only used on external BGP (eBGP) neighbors. It provides a simple security mechanism for protecting your eBGP routers from possible hijacking attempts. By enabling this feature, only packets with TTL counts that are equal to or higher than the given value are accepted as valid packets. (It is generally considered impossible to forge TTL counts without access to the source or destination network.) If the packet's TTL value is less than this value, the router discards the packet without generating any ICMP messages. The idea is that we don't want to generate any error messages that might be sent back to a possible hacker.

neighbor timers router, BGP

neighbor {address | peer-group} timers keepalive holdtime
no neighbor {address | peer-group} timers keepalive holdtime
 

Configures

Timer values for BGP routing information

Default

keepalive is 60 seconds; holdtime is 180 seconds

Description

This command allows you to set the timer information for BGP routes. The keepalive parameter specifies the frequency (in seconds) that keepalive messages are sent to the specified neighbor (as identified by address or peer-group). The holdtime parameter specifies the interval (in seconds) within which the router expects to hear a keepalive message from the given neighbor or peer group before declaring the peer dead.

neighbor ttl-security BGP

neighbor ip ttl-security hops hop-count
no neighbor ip ttl-security hops hop-count
 

Configures

Maximum TTL count for eBGP peers

Default

Disabled

Description

This command enables BGP TTL checking for neighbors. This command is only used on external BGP (eBGP) neighbors. It provides a simple security mechanism for protecting your eBGP routers from possible hijacking attempts. By enabling this feature, only packets with TTL counts that are equal to or higher than the given value are accepted as valid packets. (It is generally considered impossible to forge TTL counts without access to the source or destination network.) If the packet's TTL value is less than this value, the router discards the packet without generating any ICMP messages. The idea is that we don't want to generate any error messages that might be sent back to a possible hacker.

neighbor update-source router, BGP

neighbor {address | peer-group} update-source interface
no neighbor {address | peer-group} update-source interface
 

Configures

Best interface to reach a neighbor

Default

The closest interface (sometimes called the best local address)

Description

This command tells the router to use a certain interface for a neighbor (as specified by address or peer-group) rather than the default. Use this command when other routers are peering to your loopback address.

neighbor version router, BGP

neighbor {address | peer-group} version value
no neighbor {address | peer-group} version value
 

Configures

The BGP version to use for the neighbor

Default

Version 4

Description

This command lets you specify which BGP version to use when talking to the given neighbor (as specified by address or peer-group). The version number must be 2, 3, or 4. Although Version 4 is the default, the router should dynamically negotiate down to Version 2 if the neighbor doesn't support Version 4.

neighbor weight router, BGP

neighbor {address | peer-group} weight value
no neighbor {address | peer-group} weight value
 

Configures

The weight metric for a BGP neighbor

Default

Routes learned from the local router have a weight of 32,768; routes learned from other BGP peers have a weight of 0

Description

This command lets you assign a weight to routes learned from the given neighbor (as specified by address or peer-group). Routes with a higher weight are chosen first. You can use this command to tell BGP to prefer routes learned from a given neighbor. This is a Cisco proprietary attribute.

Example

In the following configuration, we assign a weight of 100 to routes learned from the neighbor 10.200.200.3. This weighting causes the router to prefer routes learned from 10.200.200.3 to routes learned from other BGP peers.

router bgp 200
 neighbor 10.200.200.3 weight 100
net router, IS-IS

net value
no net value
 

Configures

The NET for an IS-IS routing process

Default

None

Description

In order to configure an IS-IS routing process, you need to define a Network Entity Title (NET). Essentially, a NET serves as the area number and the system ID for the routing process. The NET is an NSAP whose last byte is 0.

Example

Let's assume that we have an IS-IS system ID of 0000.0000.0004 and an area ID of 04.0002. This gives us a NET of 04.0002.0000.0000.0004.00, which is the area ID followed by the system ID followed by the ending zero. The following configuration shows how the net command is used to assign the appropriate value:

router isis
 net 04.0002.0000.0000.0004.00
 is-type level-1
!
interface ethernet 0
 ip router isis
 ip address 10.1.1.1 255.255.255.0

network router

BGP:

network network-number [mask network-mask]
no network network-number [mask network-mask]
 

IGRP/EIGRP/RIP:

network network-address
no network network-address
 

OSPF:

network network-address wildcard-mask area area-id
no network network-address wildcard-mask area area-id
 

Configures

The network for which the routing process is responsible

Default

None

Description

The network command provides a way to tell the routing process what networks it is responsible for. With IGRP, EIGRP, RIP, and, to a degree, BGP, all you need to do is list the network addresses (one per line) for the routing process. To remove a network from the routing process, use the no form of the command.

In OSPF, the network command requires three parameters: a network-address, a wildcard-mask, and an area-id. You must include the area ID. The wildcard mask specifies the portion of an IP address that isn't part of the network address; for example, a 24-bit mask subnet would use the wildcard mask 0.0.0.255. An interface can be attached only to a single OSPF area. If the address ranges (i.e., address/mask combinations) of two network commands overlap, the OSPF process takes the first match and ignores the rest.

For BGP, the network address is specified using a subnet mask, not a wildcard mask; for example, an 8-bit subnet would use the subnet mask 255.255.255.0. The mask is optional. If it is omitted, a mask of 255.255.255.0 is assumed.

Example

The following commands define a network for RIP and EIGRP routing processes:

router rip
 network 10.0.0.0
!
router eigrp
 network 11.0.0.0
 

The following commands configure OSPF with a process ID of 99 and two areas:

router ospf 99
 network 10.10.1.0 0.0.0.255 area 0
 network 10.10.2.0 0.0.0.255 area 1
network backdoor router, BGP

network address backdoor
no network address backdoor
 

Configures

A backdoor route to a BGP border router

Default

None

Description

This command allows you to give a backdoor route to a BGP router. This route acts like a local network but is not advertised.

network weight router, BGP

network address mask weight weight [route-map map]
no network address mask weight weight [route-map map]
 

Configures

An absolute weight to a BGP network

Default

None

Description

This command sets the weight for routes to the given network, overriding any weight value learned by other means (redistribution, etc.).

 

address mask

The address of a network, specified as an IP address followed by a subnet mask.

 

weight weight

The weight to be assigned to these routes. It can have any value from to 65,535.

 

route-map map

A route map to be applied to these routes.

nrzi-encoding interface

nrzi-encoding
no nrzi-encoding
 

Configures

T1 encoding type

Default

Disabled (i.e., B8ZS)

Description

This command enables "Nonreturn to Zero Inverted" encoding on T1 lines. The default encoding for T1 lines is B8ZS.

Example

interface serial1
 nrzi-encoding

ntp access-group global

ntp access-group [condition] access-list
no ntp access-group [condition] access-list
 

Configures

Network Time Protocol (NTP) service

Default

None

Description

This command applies an access list to the router's NTP service.

 

condition

Optional. Specifies the type of NTP queries to which the access list applies. Valid values are query-only, serve-only, serve, and peer. query-only allows NTP control requests only; serve-only allows time requests only; serve allows time requests and NTP control requests, but does not allow the router to synchronize its time with another NTP peer; peer allows time requests, NTP control requests, and time synchronization with other NTP peers. If this keyword is omitted, the access list applies to all queries.

 

access-list

A standard access list to be applied to NTP connections.

ntp authenticate global

ntp authenticate
no ntp authenticate
 

Configures

Network Time Protocol (NTP) service

Default

No authentication

Description

This command enables NTP authentication on the router.

ntp authentication-key global

ntp authentication-key number md5 value
no ntp authentication-key number
 

Configures

Network Time Protocol (NTP) service

Default

None

Description

This command defines the authentication key to be used for NTP. Use the no form of this command to delete this key.

 

number

A value that identifies this key (1 to 4,294,967,295).

 

md5 value

The actual key value.

ntp broadcast interface

ntp broadcast
no ntp broadcast
 

Configures

Network Time Protocol (NTP) service

Default

Disabled

Description

This command tells the router to transmit NTP broadcast packets through the interface.

ntp broadcast client interface

ntp broadcast client
no ntp broadcast client
 

Configures

Network Time Protocol (NTP) service

Default

Disabled

Description

This command tells the router to receive NTP broadcast packets through the interface.

ntp broadcastdelay global

ntp broadcastdelay microseconds
no ntp broadcastdelay
 

Configures

Network Time Protocol (NTP) service

Default

None

Description

This command sets the estimated round-trip delay for NTP broadcast packets in microseconds.

ntp disable interface

ntp disable
no ntp disable
 

Configures

Network Time Protocol (NTP) service

Default

Enabled on all interfaces if NTP is configured

Description

This command disables the interface's ability to receive NTP packets.

ntp master global

ntp master stratum
no ntp master stratum
 

Configures

Network Time Protocol (NTP) service

Default

The router is not a master

Description

This command configures the router as the master NTP server from which other NTP peers can receive their NTP time. (See the ntp peer command for setting peer values.) This command should be used with extreme caution, as it can declare the router's clock to be stratum 1 (most accurate) without any safeguards about how accurate the clock really is.

 

stratum

The NTP stratum number for this server. The value can be 1 through 15.

ntp peer global

ntp peer address [version value] [key keyid] [source interface] [prefer]
no ntp peer address
 

Configures

Network Time Protocol (NTP) service

Default

None

Description

This command defines the address of an NTP peer. The router synchronizes its time with the peer's time and attempts to update the peer's time. Notice how a peer is different from a server. If you specify an NTP server with the ntp server command, the router gets its time from the server but does not attempt to update the server's time.

 

address

The IP address of the NTP peer.

 

version value

The NTP version (1 through 3). The default is 3.

 

key keyid

Authentication key to use for this peer. The ntp authentication-key command defines the keys and their key IDs.

 

source interface

The interface the router should use to communicate with this peer.

 

prefer

Makes this peer preferred over others.

Example

The following command sets an NTP peer at 10.11.1.2, which is available via the ethernet0 interface.

ntp peer 10.11.1.2 version 2 source ethernet0

ntp server global

ntp server address [version value] [key keyid] [source interface]
no ntp server address
 

Configures

Network Time Protocol (NTP) service

Default

None

Description

This command tells the router which NTP server to use. The router derives its time from the server but does not try to update the server's time.

 

address

The IP address of the NTP peer.

 

version value

The NTP version (1 through 3). The default is 3.

 

key keyid

Authentication key to use for this peer. The ntp authentication-key command defines the keys and their key IDs.

 

source interface

The interface the router should use to communicate with this server.

Example

The following command sets our NTP server to 10.11.1.5:

ntp server 10.11.1.5 version 2
ntp source global

ntp source interface
no ntp source interface
 

Configures

NTP source interface

Default

The closest interface to the destination

Description

This command allows you to define the interface to be used as the source interface for generating NTP traffic. By default, the router normally uses the interface closest to the destination as the source interface.

ntp trusted-key global

ntp trusted-key keyid
no ntp trusted-key keyid
 

Configures

Network Time Protocol (NTP) service

Default

None

Description

This command sets the authentication key to use to synchronize with the NTP server.

 

keyid

The authentication key to use. The ntp authentication-key command defines the keys and their key IDs.

ntp update-calendar global

ntp update-calendar
no ntp update-calendar
 

Configures

Network Time Protocol (NTP) service

Default

Disabled

Description

On high-end routers (7500, 5000, 6000, 1010, 8500, etc.), this command tells the router to update the calendar using NTP. Normally, the calendar is not updated through NTP; only the system clock is updated.

offset-list router

offset-list access-list {in | out} value [interface]
no offset-list access-list {in | out} value [interface]
 

Configures

Adds an offset value to incoming or outgoing routing metrics

Default

None

Description

This command allows you to apply an offset to the metric of incoming or outgoing routes.

 

access-list

The offset is applied to routes matching this access list (name or number). 0 means all routes.

 

in or out

The direction in which to apply the metric offset. in applies the offset to incoming routes; out applies the offset to outgoing routes.

 

value

The amount by which route metrics will be increased. The value must be positive; the acceptable range depends on the routing protocol.

 

interface

Optional. The offset will be applied only to routes traveling through the given interface.

Example

The following configuration adds an offset of 10 to routes that match access list 1 (i.e., routes with the destination 10.10.1.0) traveling out through the ethernet0 interface:

access-list 1 permit 10.10.1.0 0.0.0.255
!
router eigrp 100
 offset-list 1 out 10 ethernet0
 network 10.10.0.0

ospf auto-cost reference-bandwidth router

ospf auto-cost reference-bandwidth value
no ospf auto-cost reference-bandwidth value
 

Configures

How OSPF calculates default metrics

Default

100 Mb

Description

The default OSPF metric is calculated by dividing the reference bandwidth by the bandwidth of the interface. The default value of the reference bandwidth is 10^8 or 100,000,000. Using this formula, the OSPF cost for a T1 is 65 (100,000,000/1,544,000). This number is also convenient because it causes the cost of an FDDI link or Fast Ethernet to be 1. This command allows you to modify the reference bandwidth to support interfaces that are faster than 100 Mbps.

ospf log-adj-changes router

ospf log-adj-changes
no ospf log-adj-changes
 

Configures

OSPF state change logging

Default

None

Description

This command enables syslog logging of changes in the state of neighbor routers.

output-delay router

output-delay value
no output-delay value
 

Configures

Delay between packets in a multipacket route update

Default

0 (no delay)

Description

This command modifies the interpacket delay during RIP updates. value specifies the delay in milliseconds between consecutive packets in a multipacket update. A delay is useful when a fast router needs to communicate with a slower one, as it allows the slower router to catch up.

Example

This example sets the output delay of multipacket router updates to 5 milliseconds:

router rip
 network 10.10.0.0
 output-delay 5
padding line

padding ascii-number count
no padding ascii-number
 

Configures

Pads a specific character with NULLs

Default

No padding

Description

This command pads a specific output character with NULL characters. It supports older terminals that require padding after certain characters, such as the Return key. Unless you are using a terminal that requires padding, you will never need this command.

 

ascii-number

The decimal value of the character that needs padding.

 

count

The number of NULL bytes to send after this character.

parity line

parity {none | even | odd | space | mark}
no parity
 

Configures

Parity

Default

None

Description

This command defines the parity bit for an asynchronous serial line. Its value may be none, even, odd, space, or mark.

Example

Router(config)#line tty 2
Router(config)#parity none

passive-interface router

passive-interface interface
no passive-interface interface
 

Configures

Disables a routing protocol on a specific interface either partially (RIP, IGRP) or completely (EIGRP, OSPF, etc.)

Default

None

Description

For RIP and IGRP, this command causes the specified interface to listen for routing updates but prevents it from sending them. For OSPF, EIGRP, or other "hello-based" routing protocols, this command effectively disables the protocol on that interface (both sending and receiving). These protocols cannot operate without exchanging hello messages.

Example

router igrp 100
 network 10.0.0.0
 ! Suppress routing advertisements on serial 1
 passive-interface serial 1

password line

password value
no password value
 

Configures

A login password for the line

Default

No password

Description

This command allows you to assign a password to any available line. Most lines must also be configured with the login command.

Example

The following example sets the login password to cisco for the console and the five VTY lines.

! First the console
line con 0
 password cisco
 login
! And the five virtual terminals (for incoming telnets)
line vty 0 5
 password cisco
 login
peer default ip address interface

peer default ip {address address | dhcp | pool pool}
no peer default ip {address address | dhcp | pool pool}
 

Configures

Address assignment for PPP or SLIP peers

Default

pool

Description

This command allows you to assign an IP address to peers that connect to this interface using PPP or SLIP. There are three ways in which an address can be assigned: you can specify a single address to be used whenever a peer connects to this interface; you can specify an address pool from which an address is taken; or you can specify that the router should obtain an address for the peer through dhcp. This command overrides the global setting for the default IP address selection.

async-bootp can also be used to provided addresses to dial-up clients.

peer neighbor-route interface

peer neighbor-route
no peer neighbor-route
 

Configures

Generation of neighbor routes for incoming PPP connections

Default

Enabled

Description

The generation of a neighbor route for a new PPP connection is enabled by default. The no form of this command disables that behavior.

physical-layer interface

physical-layer {sync | async}
no physical-layer {sync | async}
 

Configures

Whether the interface is synchronous or asynchronous

Default

sync

Description

This command lets you specify whether a serial interface is synchronous or asynchronous. It is available on low-speed serial interfaces.

ping command

ping
ping host
 

Description

The ping command sends a sequence of ICMP echo request packets to the specified host. It is one of the simplest and most commonly used troubleshooting tools. If you omit the host from the command line and are in privileged EXEC mode, the router prompts you for the rest of the information.

Ping prints a special character for each packet indicating whether the router received the corresponding echo reply. Table 17-15 shows what these special characters mean. Ping also summarizes the success rate and the round-trip times.

Table 17-15. Ping success codes

Character

Meaning

!

Ping successful

.

Timed out waiting for reply

?

Unknown packet

&

TTL of packet was exceeded

A

Access list denied packet

C

Network congestion

I

User interrupt (if you hit CTRL+^)

U

Destination unreachable

 

Example

Router# ping 10.10.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

police policy-map

police bps [burst-normal] [burst-max] conform-action action exceed-action
action [violate-action action]
no police bps [burst-normal] [burst-max] conform-action action exceed-action
action [violate-action action]
 

Configures

Traffic policing

Default

Disabled

Description

This command configures traffic policing within a map class. By defining the average bit rate (bps) and a normal and maximum burst rates, you can define actions for packets that conform to, exceed, or violate those rates.

 

bps

Defines the average rate in bits per second (bps). The value must be defined in increments of 8 Kbps. The value can be from 8,000 to 2,000,000,000.

 

burst-normal

Normal burst size in bytes. This value can be from 1,000 to 512,000,000. Default normal burst size is 1,500 bytes.

 

burst-max

Excess burst-size in bytes. This value can be from 1,000 to 512,000,000.

 

conform-action

The action to take on packets that conform to the rate limit (see Table 17-16).

 

exceed-action

The action to take on packets that exceed the rate limit (see Table 17-16).

 

violate-action

Optional. The action to take on packets that violate the normal and maximum burst sizes (see Table 17-16).

Table 17-16. Traffic policing actions

Action

Meaning

drop

Drop the packet

set-discard-class-transmit

Set the DSCP discard class value and transmit the packet

set-dscp-transmit

Set the DSCP value and transmit the packet

set-frde-transmit

Set the Frame Relay Discard Eligibility bit and transmit the packet

set-mpls-exp-imposition-transmit

Set the MPLS experimental bits and transmit the packet

set-mpls-exp-topmost-transmit

Set the MPLS experimental bits and transmit the packet

set-prec-transmit

Set the IP precedence (0 to 7) and transmit the packet

set-qos-transmit

Set the QoS group ID (1 to 99) and transmit the packet

transmit

Transmit the packet

 

See Chapter 11 for more details.

policy-map global

policy-map name
no policy-map name
 

Configures

A policy map for QoS

Default

None

Description

This command allows you to create a policy map that can be attached to one or more interfaces. See Chapter 11 for examples of using and creating policy maps.

ppp command

ppp
 

Description

This command is given by a user who wants to establish a PPP session after connecting to one of the router's interfaces (for example, a dial-up serial interface) and logging in using some kind of terminal emulation. Giving this command at the user EXEC command prompt establishes the PPP connection.

ppp authentication interface

ppp authentication {chap | pap} [if-needed] [list] [callin]
no ppp authentication
 

Configures

Enables CHAP or PAP authentication

Default

No authentication

Description

This command enables CHAP or PAP authentication on interfaces. In addition to the type of authentication, this command may have the following parameters:

 

if-needed

Optional. Prevents reauthorization if the user has already been authorized at some other point during the session.

 

list

Optional. Provides a list of AAA authorization methods. To set up an authorization list, use the command aaa authentication ppp.

 

callin

Optional. Tells the interface to authorize incoming (dial-in) connections only.

ppp bridge ip interface

ppp bridge ip
no ppp bridge ip
 

Configures

Bridging a PPP connection

Default

Disabled

Description

This command enables half-bridging of IP packets across a serial or ISDN interface.

ppp chap interface

ppp chap password password
no ppp chap password password
 

Configures

CHAP authentication

Default

Disabled

Description

This command configures a single password for PPP authentication using the CHAP protocol.

ppp compress interface

ppp compress {predictor | stac}
no ppp compress {predictor | stac}
 

Configures

Compression

Default

None

Description

This command enables compression for the PPP connection. For compression to work, both ends of the PPP connection must be configured to use the same type of compression.

ppp multilink interface

ppp multilink
no ppp multilink
 

Configures

Multilink PPP (MLP) over multiple interfaces

Default

Disabled

Description

If you have two or more communications links between the router and the destination, you can use multilink PPP to send traffic over several interfaces in parallel to get higher throughput. Asynchronous serial interfaces, ISDN BRI interfaces, and ISDN PRI interfaces can make use of multilink PPP. Multilink PPP works best on digital lines such as ISDN; it is less effective on low-speed analog connections.

ppp quality interface

ppp quality percentage
no ppp quality percentage
 

Configures

Quality monitoring

Default

Disabled

Description

This command enables link quality monitoring. Once enabled, the PPP link is shut down if the quality degrades below a certain value. The value, commonly thought of as a percentage, is expressed as a number between 1 and 100, with 100 indicating the highest quality.

ppp reliable-link interface

ppp reliable-link
no ppp reliable-link
 

Configures

LAPB numbered mode negotiation

Default

Disabled

Description

This command enables LAPB numbered mode negotiation, which means that the router will try to negotiate a reliable link, not necessarily build a reliable link. This command is not available on asynchronous interfaces and doesn't work with multilink.

ppp use-tacacs interface

ppp use-tacacs
no ppp use-tacacs
 

Configures

TACACS authentication for PPP

Default

Disabled

Description

This command enables the use of TACACS for PPP authentication.

priority-group interface

priority-group list
no priority-group
 

Configures

A priority list for the interface

Default

None

Description

This command applies a priority list to an interface. See the priority-list command for information on constructing priority lists.

Example

The following commands apply priority list 1 to the serial0 interface:

interface serial0
 priority-group 1

priority-list global

priority-list number default level
no priority-list number default level

priority-list number protocol value level port-type port
no priority-list number protocol value level port-type port

priority-list number queue-limit high-limit medium-limit normal-limit low-limit
no priority-list number queue-limit
 

Configures

Priority lists for priority traffic queuing

Default

None

Description

The priority-list command is a set of three related commands that are used to construct a list. A priority list is a set of four queues, one for each of four priority levels: high, medium, normal, and low. Each queue has its own capacity (in packets); the queue sizes are set using priority-list queue-limit, although I recommend that you don't modify the default queue sizes. The priority-list protocol version of the command assigns packets to a queue based on their protocols and, optionally, their ports. The priority-queue default command assigns a queue to all packets that aren't explicitly assigned to a queue (i.e., all packets not associated with a protocol and port specified with the priority-list protocol command).

Once you have created a priority list, use the priority-group command to apply a priority list to an interface. The queues in the list are then used for all traffic going out the interface. The parameters for these commands are:

 

number

The number of the priority list you are configuring; it can be a value from 1 to 10.

 

protocol value

The protocol to prioritize. In mixed-protocol environments, the protocol can be ip, ipx, etc. The examples here all use IP.

 

level

The queue you are configuring: low, medium, normal, or high.

 

port-type

Either tcp or udp.

 

port

A port number.

 

high-limit, medium-limit, normal-limit, low-limit

When configuring queue sizes, the number of packets in the high, medium, normal, and low priority queues. The default number of packets for each queue is given in Table 17-17.

Table 17-17. Default sizes for queues in a priority list

Queue

Default size

low

80 packets

normal

60 packets

medium

40 packets

high

20 packets

 

Example

The following example creates priority list 1, which sends all IP packets to the medium priority queue. Next, all telnet packets (TCP packets with a destination port of 23) are assigned to the high priority queue. Finally, all other traffic (non-IP traffic) is assigned to the normal priority queue:

priority-list 1 protocol ip medium
priority-list 1 protocol ip high tcp 23
priority-list 1 default normal
 

The next example changes the size of the queues in the priority list:

priority-list 1 queue-list 30 20 15 10
privilege level (global) global

privilege mode level level command
no privilege mode level level command
 

Configures

Privilege level information

Default

Level 1 consists of all user EXEC commands; Level 15 consists of all enable commands

Description

The privilege level commands allow you to control access to a set of commands. The first of these commands, where you supply a mode and a command name, is used to set up a privilege level: a group of commands protected by a password. This is a global commandit is used outside of any context. Passwords for privilege levels are defined with the enable password command.

 

mode

The configuration mode to which the command belongs. exec is most common; configuration, controller, hub, interface, ipx-router, line, map-class, map-list, route-map, and router are also used.

 

level

A number from 0 to 15 indicating the level to which you're assigning the command. Each level is a superset of the previous levels; for example, level 13 automatically includes all the commands for levels 0 through 12.

 

command

The command that you are assigning to a level.

Example

The first command in the following configuration assigns the clear command to privilege level 14. The password guessme is assigned to privilege level 14, requiring users to give this password before they can execute any of the clear commands. Since the other enable commands are assigned to level 15, users who know this password are not necessarily allowed to make general changes to the router's configuration; without the enable password, they can give only the clear commands (and any other commands that belong to level 14).

Next, we make privilege level 14 the default privilege level for the aux 0 port. This means that anyone who can access the aux 0 port and knows the password guessme can give the clear command and any other level 14 commands defined.

! assign the clear command to level 14
privilege exec level 14 clear
! set the password for level 14 to guessme
enable password level 14 guessme
!
! configure the default level for the aux port
line aux 0
 privilege level 14
privilege level (line) line

privilege level level
no privilege level
 

Configures

Privilege level information

Default

Level 1 consists of all user EXEC commands; Level 15 consists of all enable commands

Description

This form of the privilege command applies a privilege level to a line, and therefore must be used in the context of line configuration. Applying a privilege level to a line means that the given privilege level becomes the default level for the line; anyone who can access the line can run the commands in the default privilege level without giving the enable password. See also privilege level (global).

 

level

A number from 1 to 15 indicating the level to which you're assigning the command. Each level is a superset of the previous levels; for example, level 13 automatically includes all the commands for levels 1 through 12.

prompt global

prompt string
no prompt string
 

Configures

The router prompt

Default

%h%p

Description

This command sets the prompt to the specified string. The string can have any combination of characters and escape sequences. The special characters are listed in Table 17-18. Use the no form of this command to set the system prompt to the default value.

Table 17-18. Escape sequences for the router prompt

Escape sequence

Meaning

%%

Percent character

%h

Hostname of the router

%n

TTY number for this EXEC session

%p

The prompt character; either > for user level or # for privileged level

%s

Space character

%t

Tab character


pulse-time interface

pulse-time seconds
no pulse-time seconds
 

Configures

The DTR signal pulse intervals

Default

0 seconds

Description

This command sets the interval between the DTR pulsing signals, in seconds. When a line goes down, the DTR is held inactive for the duration of the pulse-time.

pvc interface

pvc [name] vpi/vci [encap]
no pvc [name] vpi/vci [encap]
 

Configures

ATM PVC

Default

None

Description

This command configures a Permanent Virtual Circuit (PVC) on an ATM interface. It isn't supported on all ATM hardware; more sophisticated ATM hardware tends to use the atm pvc command.

 

name

Optional. A name to be assigned to this PVC.

 

vpi/vci

The Virtual Path Identifier and the Virtual Channel Identifier, separated by a slash. If you omit the slash and the vci, it defaults to 0. If vci is 0, vpi cannot be 0, and vice versa.

 

encap

Optional. The type of encapsulation to use on the channel. Possible values are ilmi, qsaal, and smds. ilmi is used to set up a connection for the Integrated Local Management Interface, and is normally used with the VPI/VCI pair 0/16. qsaal sets up a PVC used for setting up and tearing down SVCs (switched virtual circuits), and is normally used with the VPI/VCI pair 0/5. smds is used only for SMDS networks.

qos pre-classify interface

qos pre-classify
no qos pre-classify
 

Configures

QoS

Default

Disabled

Description

This command enables QoS (Quality of Service) preclassification and is restricted to tunnel interfaces, virtual templates, and crypto maps. Applies only to IP packets.

queue-limit policy-map class

queue-limit size-in-packets
no queue-limit size-in-packets
 

Configures

The DTR signal pulse intervals

Default

64 packets on most platforms

Description

This command allows you to override the default queue size for a class. In WFQ (Weighted Fair Queuing), a queue is created for every class that is defined. If a queue is filled, tail-drop is used for further incoming packets unless WRED is configured (Weighted Random Early Detection). The default of 64 applies on all platforms except those with Versatile Interface Processors (VIPs), where the default is a calculation of bandwidth and buffer memory available.

queue-list global

queue-list number protocol value queue-number [port-type port-number]
queue-list number protocol value queue-number [list list-number]
queue-list number interface interface queue-number
queue-list number queue-number byte-count size-in-bytes
queue-list number queue queue-number limit size-in-packets
queue-list number default queue-number
no queue-list number
 

Configures

Custom queuing

Default

None

Description

The queue-list commands define a custom queue list, which is a group of queues that can be used to configure the amount of bandwidth used by specific types of traffic. A custom queue is different from a priority queue in that a priority queue only allows you to set the relative priority of different traffic types. The queue-list byte-count command creates queues within the list and assigns each queue a transmission size. The default transmission size is 1,500 bytes. The queue-list queue command specifies the absolute size of a queue, in packets. The queue-list protocol command assigns traffic for a given protocol and port to one of the queues in a queue list; instead of specifying a protocol and port, you can specify an IP access list. The queue-list interface command assigns traffic arriving for a given interface to one of the queues; and the queue-list default command assigns all otherwise unassigned traffic to one of the queues.

To use a queue list, it must be applied to an interface using the custom-queue-list command.

When sending traffic out an interface, the router works through the queues in order, emptying each queue before moving to the next. Therefore, increasing the size of a queue increases the bandwidth that can be used by the traffic assigned to the queue.

When assigning traffic to a queue, the router processes the queue-list statements in order.

 

number

A number identifying the queue list; it can be from 1 to 10.

 

protocol value

Specifies the protocol to be assigned to the queue. Valid protocols are ip, ipx, dlsw, etc.

 

interface interface

Used for establishing queuing priorities based on incoming interface for the packet.

 

queue-number

The queue within this list that is being described.

 

port-type port-number

A port type (tcp or udp) and port number; traffic for this port is assigned to a particular queue within the list. You can specify either a port number, or the name of a well-known port.

 

list list-number

An access list of an appropriate type for the given protocol. Traffic matching this access list is assigned to the specified queue.

 

byte-count size-in-bytes

Specifies the queue's transmission size, in bytes. The router works through the list of queues in order, taking size-in-bytes bytes of traffic from each queue before proceeding to the next. Therefore, a larger queue size assigns more bandwidth to the protocols that are routed through this queue.

 

limit size-in-packets

An absolute maximum for the number of packets that can be waiting in the queue. Packets in excess of this limit are discarded. The default limit is 20 packets.

Example

The following commands create a custom queue list (list 5) and apply that queue list to the serial0 interface, where it is used to prioritize the traffic sent out that interface. The queue list consists of four queues with transmission sizes of 1,000, 4,000, 5,000, and 4,000 bytes. Therefore, queue 3 within the list is the highest priority and is allocated the most bandwidth; queue 1 is the lowest priority. Traffic is assigned to the queues as follows:

  • Telnet traffic is assigned to queue 1 (low priority)
  • Traffic that matches access list 10 (not shown) is assigned to queue 2 (moderate priority)
  • Traffic arriving on the interface tunnel1 is assigned to queue 3 (high priority)
  • Otherwise-unassigned IP traffic is assigned to queue 4 (moderate priority)
  • All remaining traffic (i.e., non-IP traffic) is assigned to queue 4 (moderate priority)

Note that the queue list is processed in order. Therefore, adding another traffic assignment statement after the queue-list default statement has no effect.

The effect of this queue is to transmit 1,000 bytes from queue 1, then 4,000 from queue 2, then 5,000 from queue 3, then 4,000 from queue 4, and so on, in round-robin fashion. Even though queue 1 has the lowest priority, it is guaranteed some bandwidth during each queue-processing cycle. In this respect, a custom queue is unlike a priority queue, which always sends the highest-priority packets first and may therefore starve low-priority traffic.

interface serial0
 ! apply the custom queue list
 custom-queue-list 5
!
! Define the custom queue list
queue-list 5 protocol ip 1 tcp telnet
queue-list 5 protocol ip 2 list 10
queue-list 5 interface tunnel1 3
queue-list 5 protocol ip 4
queue-list 5 default 4
queue-list 5 queue 1 byte-count 1000
queue-list 5 queue 2 byte-count 4000
queue-list 5 queue 3 byte-count 5000
queue-list 5 queue 4 byte-count 4000
radius-server global

radius-server host {hostname | ip-address}
no radius-server host {hostname | ip-address}

radius-server key string
no radius-server key string

radius-server retransmit retries
no radius-server retransmit retries

radius-server timeout seconds
no radius-server timeout seconds
 

Configures

Radius server

Default

None

Description

This set of commands is used to specify a radius server that the router will use for authentication. The radius-server host command allows you to specify which radius server to use, either by hostname or IP address. You can define more than one radius server; the router attempts to contact the servers in the order that you specify.

The radius-server key command specifies the encryption string to be used for communication with the radius server. Obviously, this string must match the setting on the radius server. If you use multiple servers, they must all share the same key.

The retransmit and timeout forms of this command specify the number of times the router searches the list of radius servers before giving up, and the amount of time that it will wait for any given server to reply before retrying.

random-detect interface

random-detect [dscp-based | prec-based]
no random-detect number
 

Configures

Weighted Random Early Detection (WRED)

Default

Disabled

Description

This command enables WRED on an interface. The options dscp-based and prec-based tell WRED which packet characteristic to use to calculate drop probability. If you don't select either one, the default is used (IP precedence).

 

dscp-based

Optional. Tells WRED to use the packet's DSCP value to calculate drop probability.

 

prec-based

Optional/Default. Tells WRED to use the packet's IP precedence value to calculate drop probability.

random-detect discard-class policy-map

random-detect discard-class class-value min-threshold max-threshold mark-
denominator
no random-detect discard-class class-value min-threshold max-threshold
mark-denominator
 

Configures

Weighted Random Early Detection (WRED)

Default

None

Description

This command defines the packet thresholds based on the discard class value of a packet.

 

class-value

The discard class value, from 0 to 7.

 

min-threshold

The minimum threshold in number of packets, from 1 to 4,096. If the minimum threshold is reached, WRED randomly drops some packets with the specified IP precedence.

 

max-threshold

The maximum threshold in number of packets, from 1 to 4,096. When the threshold is reached, WRED drops all packets with the specified IP precedence.

 

mark-denominator

Denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. The default is 10, which means that 1 out of every 10 packets is dropped at the maximum threshold.

random-detect discard-class-based policy-map

random-detect discard-class-based
no random-detect discard-class-based
 

Configures

Weighted Random Early Detection (WRED)

Default

None

Description

This command configures WRED to work based on the discard class of packets.

random-detect dscp policy-map

random-detect dscp dscp-value min-threshold max-threshold mark-denominator
no random-detect dscp dscp-value min-threshold max-threshold mark-denominator
 

Configures

Weighted Random Early Detection (WRED)

Default

None

Description

This command defines the packet thresholds based on the distributed services code point (DSCP) class value of a packet.

 

dscp-value

The DSCP value, from 0 to 7.

 

min-threshold

The minimum threshold in number of packets, from 1 to 4,096. If the minimum threshold is reached, WRED randomly drops some packets with the specified IP precedence.

 

max-threshold

The maximum threshold in number of packets, from 1 to 4,096. When the threshold is reached, WRED drops all packets with the specified IP precedence.

 

mark-denominator

Denominator for the fraction of packets dropped when the average queue depth is at the maximum threshold. The default is 10, which means that 1 out of every 10 packets is dropped at the maximum threshold.

random-detect ecn policy-map

random-detect ecn
no random-detect ecn
 

Configures

Weighted Random Early Detection (WRED)

Default

Disabled

Description

This command enables explicit congestion notification (ECN).

random-detect exponential-weighting-constant interface

random-detect exponential-weighting-constant value
no random-detect exponential-weighting-constant
 

Configures

Weighted Random Early Detection (WRED)

Default

9

Description

This command allows you to change the value of the exponential weight factor, which is used in the average queue size calculation, from 1 to 16.

random-detect flow interface

random-detect flow
no random-detect flow
random-detect flow average-depth-factor scaling-factor
no random-detect flow average-depth-factor scaling-factor
random-detect flow count number
no random-detect flow count number
 

Configures

Weighted Random Early Detection (WRED)

Default

Disabled

Description

The command random-detect flow enables flow-based WRED on an interface. To configure the characteristics of flow-based WRED, use the average-depth-factor and flow-count commands.

random-detect flow average-depth-factor configures the multiplier used in determining the average depth factor for flow-based WRED. The scaling-factor can be a value from 1 to 16. The default is 4.

random-detect flow count configures the flow count for flow-based WRED. The number can be from 16 to 32,768. The default is 256.

rate-limit interface

rate-limit {input | output} { bps | access-group acl | [rate-limit]
rate-limit-acl] dscp dscp-value | qos-group qos-group-number} burst-normal
burst-max conform-action action exceed-action action
no rate-limit {input | output} { bps | access-group acl | [rate-limit]
rate-limit-acl] dscp dscp-value | qos-group qos-group-number} burst-normal
burst-max conform-action action exceed-action action
 

Configures

Committed Access Rate (CAR)

Default

Disabled

Description

This command configures a CAR (Committed Access Rate) policy on an interface. Multiple policies can be implemented on a single interface by repeating this command.

 

input

Applies the CAR policy to incoming packets on this interface.

 

output

Applies the CAR policy to outgoing packets on this interface.

 

bps

Defines the average rate in bits per second (bps). The value must be defined in increments of 8 Kbps and can be from 8,000 to 2,000,000,000.

 

access-group

Optional. Applies this CAR policy to the specified access list. Value can be 1 to 2,699.

 

rate-limit

Optional. Sets the access-list as a rate-limit access-list. The value can be from 0 to 99.

 

dscp

Optional. Applies the rate limit to packets that match this DSCP value. The value can be from 0 to 63.

 

qos-group

Optional. Applies the rate limit to any packet that matches the qos-group number. The value can be from 0 to 99.

 

burst-normal

Normal burst size in bytes. The minimum is the bps value divided by 2,000. This value can be from 1,000 to 512,000,000.

 

burst-max

Excess burst size in bytes. The number can be from 2,000 to 1,024,000,000. Cisco recommends a value of twice the normal burst.

 

conform-action

The action to take on packets that conform to the rate limit (see Table 17-19 for valid actions).

 

exceed-action

The action to take on packets that exceed the rate limit (see Table 17-19).

Table 17-19. Rate limit actions

Action

Meaning

continue

Evaluate the next rate-limit command on this interface

drop

Drop the packet

set-dscp-continue

Set the DSCP value and evaluate the next rate-limit command

set-dscp-transmit

Set the DSCP value and transmit the packet

set-mpls-exp-imposition-continue

Set the MPLS experimental bits and evaluate the next rate-limit command on the interface

set-mpls-exp-imposition-transmit

Set the MPLS experimental bits and transmit the packet

set-prec-continue

Set the IP precedence (0 to 7) and evaluate next rate-limit command on the interface

set-prec-transmit

Set the IP precedence (0 to 7) and transmit the packet

set-qos-continue

Set the QoS group ID (1 to 99) and evaluate next rate-limit command on the interface

set-qos-transmit

Set the QoS group ID (1 to 99) and transmit the packet

transmit

Transmit the packet

 

See Chapter 11 for more details.

redistribute router

redistribute {protocol | static} [metric value] [metric-type type] [route-map
map] [weight weight] [subnets]
no redistribute protocol
 

Configures

Redistribution of routes between protocols

Default

Disabled

Description

This command allows you to redistribute routes from one routing protocol to another. It also allows you to redistribute static routes into a routing protocol. Some protocols require you to specify a default metric that will be assigned to external routes. See the default-metric command and Chapters 8 and 9 for more information.

 

protocol

This is the protocol from which routes are redistributed. If a process ID or local AS is required for the protocol, you must provide that as well. Possible values are bgp, igrp, eigrp, isis, ospf, and rip. You can also redistribute static routes.

 

metric value

Optional. This keyword sets the metric value for the redistributed route. If you don't have a value defined here, the router uses the default metric as defined in the default-metric command. For most redistribution, you must define a default metric. Exceptions to this rule are static routes and IGRP to EIGRP redistribution.

 

metric-type type

Optional. This keyword applies to OSPF and IS-IS only. For OSPF, this allows you to assign two possible metric type values: 1 (Type 1 external route) and 2 (Type 2 external route). The default type for OSPF is Type 2. For IS-IS, the options are internal (the metric is less than 63) and external (the metric is greater than 63 but less than 128). The default metric type for IS-IS is internal.

 

route-map map

Optional. This keyword allows you to apply a route-map filter to the routes before they are redistributed into the protocol.

 

weight weight

Optional. This keyword is for BGP only; it allows you to assign a BGP weight to the redistributed route.

 

subnets

Optional. Used for redistributing routes into OSPF. When this keyword is used, it causes OSPF to accept all subnet routes. Without this keyword, OSPF only redistributes routes that are not subnets.

Example

The following example shows redistribution into OSPF of both EIGRP and RIP routes. For EIGRP, we are redistributing routes from eigrp 1001 and assigning a metric of 100. The subnets keyword tells OSPF to redistribute all subnet routes. As for RIP, we are assigning a much higher metric of 200 to its routes.

router ospf 1000
 redistribute eigrp 1001 metric 100 subnets
 redistribute rip metric 200 subnets
 

When you don't use the metric command in the redistribute line, you must have a default-metric statement defined (except for static route redistribution).

router rip
 redistribute eigrp 1002
 default-metric 10

refuse-message line

refuse-message delimiter message delimiter
no refuse-message
 

Configures

The message the user receives when a connection is busy.

Default

None

Description

This command defines the message that is displayed when the user attempts to connect a line that is already in use. delimiter is a character that marks the beginning and end of the message; it must not appear within the message itself.

Example

In this example, the user is told that the line is busy and to try another one:

line 1
 refuse-message # This line is currently busy, please try lines 2-8 #
 

To disable this message, delete it with the no form of this command:

line 1
 no refuse-message
reload command

reload [warm] [in hh:mm] [at hh:mm [month day] [cancel] [text]
show reload
 

Description

This command causes the router to reload the IOS operating system and reboot. You can specify a time for the reload to occur by using the in and at options. The show version of the command gives you the status of any pending reloads.

 

text

The reason for the reload; this reason is stored in memory and is used for a show reload command, sending warning messages, or sending messages to syslog servers.

 

in hh:mm

Tells the router to reload some time from now. For example, to start a reload in two hours, enter in 2:00.

 

at hh:mm month day

Tells the router to reload at a specific time (hh:mm). Optionally, you can specify a month and a day of the month, but the reboot must occur within 24 days.

 

cancel

Cancels a scheduled reload.

 

warm

This keyword was added in IOS 12.3(2). It allows the user to reload the router without reloading the IOS images. Since the image software is not reloaded, boot time is significantly decreased.

This command can be helpful when you are configuring a router remotely. One problem with working remotely is that if you make a mistake, you can kill your connection to the router, which may leave the router in a state that doesn't allow you to reconnect. Use this command before executing "dangerous" configuration commands remotely. If you make a mistake and haven't saved the configuration, the router will reboot and return to the previous configuration. If you don't make a mistake and your changes work, you can simply cancel the impending reload.

Example

Router#reload in 2:00 "IOS upgrade"
Router#reload cancel
Router#show reload
No reload is scheduled.

rename command

rename current-name new-name
 

Description

This command allows you to rename a file from current-name to new-name in a Class C filesystem.

ring-speed interface

ring-speed {4 | 16}
no ring-speed {4 | 16}
 

Configures

Token ring interface default speed

Default

16 Mbps

Description

This command sets the speed for a token ring interface to either 4 or 16 Mbps. The default speed is 16 Mbps. Be sure to set the correct speed; specifying an incorrect speed on a token ring interface will cause the ring to go down.

rlogin command

rlogin hostname
 

Description

This command allows you to log into the remote machine given by hostname. You can specify either a hostname or an IP address. rlogin stands for remote login, which follows the remote shell rules. If this command doesn't work, try telnet.

rmdir command

rmdir directory
 

Description

This command allows you to remove a directory from a Class C filesystem.

route-map global

route-map tag-name [permit | deny] [sequence-number]
no route-map tag-name [permit | deny] [sequence-number]
 

Configures

A route map for route redistribution or policy routing

Default

None

Description

A route map is a very flexible mechanism for specifying what to do with routes. A route map lets you match certain routes and set various parameters of the matching routes. The route-map command merely defines the list; the match command specifies which routes the map should match (something like an access list); and a number of set commands specify what to do with the matching routes.

A route map is identified by a name (tag-name); any number of route-map commands can share the same name. route-map commands with the same name are processed in the order given by the sequence-number. Although most route processing is specified by the set commands associated with the map, the permit and deny keywords can be used to specify some very simple processing. permit is the default; it means that normal route processing (as specified by the set commands) takes place for all routes that match the map.

Processing continues with other route maps that share the same sequence number. The deny keyword specifies that if a match occurs, the route is not distributed and no further processing of other route maps takes place.

To delete a route map, use the no form of the command. Note that if you omit the sequence-number, this command deletes all maps matching the given tag-name.

 

tag-name

An identifying name.

 

permit

Optional. Specifies that normal route processing should occur when a route matches the map.

 

deny

Optional. Specifies that routes matching the map should not be propagated and that no further processing should occur.

 

sequence-number

A sequence number that indicates the order in which route maps sharing the same name are processed.

Example

The following commands define a route map named check with a sequence number of 10. The match command selects the routes that match the map; it refers to community list 1, which specifies routes that include community 100. The set command sets the weight of any route matching this community list to 10.

route-map check permit 10
 match community 1
 set weight 10
ip community-list 1 permit 100

router global

RIP:

router rip
no router rip
 

BGP:

router bgp as-number
no router bgp as-number
 

EIGRP:

router eigrp as-system
no router eigrp as-system
 

IGRP:

router igrp as-system
no router igrp as-system
 

IS-IS:

router isis [tag]
no router isis [tag]
 

OSPF:

router ospf as-system
no router ospf as-system
 

Configures

Enters the routing configuration mode

Default

None

Description

This command starts the configuration of a routing process: it identifies the routing protocol you want to run and other parameters necessary for the routing protocol. The RIP protocol doesn't require additional parameters; BGP requires an AS number; EIGRP, IGRP, and OSPF require process numbers (commonly called AS numbers); and IS-IS can optionally have a tag that defines a name for the routing process.

Example

! Configure our rip process
router rip
 network 10.0.0.0
rsh command

rsh host [/user username] command-to-execute
 

Description

This command executes a command on a remote host via a remote shell.

 

host

The hostname of the machine on which to execute the command.

 

/user username

The username to use when executing the command.

 

command-to-execute

The command to be executed.

Example

The following command executes the command ls on a machine named sun-machine as user bob.

rsh sun-machine /user bob ls

rxspeed line

rxspeed speed
no rxspeed
 

Configures

Receive speed

Default

9,600 bps

Description

This command sets the receive speed for this line to speed, in bits per second.

send command

send {line-number | * | aux n | console n | tty n | vty n} message
 

Description

This command sends a message immediately to one or more terminals. It is not stored in the router's configuration.

 

line-number

The line number to which to send the message.

 

*

Sends the message to all TTY lines.

 

aux n

The AUX port to which to send the message.

 

tty n

The TTY port to which to send the message.

 

vty n

The VTY port to which to send the message.

 

console n

The console line to which to send the message.

 

message

The message you wish to send. It may span multiple lines, and must be terminated with Ctrl-Z on a line by itself.

Example

The following commands send a message to all TTY lines:

Routersend *
Enter message, end with CTRL/Z; abort with CTRL/C:
REBOOTING Router in ten minutes for an emergency repair!
^Z
Send message? [confirm]y
Router
***
***
*** Message from tty19 to all terminals:
***
REBOOTING router in ten minutes for an emergency repair!

service global

service service
no service service
 

Configures

Service level items

Default

Depends on the service

Description

The service command disables or enables certain router features. These features range from minor TCP/IP servers to the router's callback behavior. The services controlled by this command are:

 

config

Enables autoloading configuration files from a server. This command is required for boot network commands to work.

 

exec-callback

Enables the callback feature for clients. A callback tells the router to authenticate a dial-in user, disconnect, and then call the user back at a prearranged number. See Chapter 12 for more information.

 

exec-wait

Delays the display of the prompt.

 

finger

Allows finger requests to be made to the router (i.e., enables a finger server). For IOS 12.0 and later, this has been superseded by ip finger.

 

hide-telnet-address

Hides the IP address of the destination host when a telnet command is issued. When a user executes a telnet command at the EXEC prompt, the IP address of the destination machine is usually displayed with a message like "Trying machinename (10.10.1.4)."

 

nagle

Enables the Nagle congestion control algorithm.

 

password-encryption

Enables password encryption. By default, password encryption is enabled.

 

prompt config

Enables the display of the (config) prompt when in the configuration mode.

 

tcp-keepalives-in

Enables TCP keepalives on incoming connections (connections initiated by remote hosts).

 

tcp-keepalives-out

Enables TCP keepalives on outgoing connections (connections initiated by the router).

 

tcp-small-servers

Enables servers for the so-called "small TCP services" (the echo, discard, chargen, and daytime protocols). By default, these services are disabled as of IOS 11.2 and later.

 

telnet-zeroidle

When enabled, this feature tells the router to set the packet window to zero when a telnet connection is idle.

 

udp-small-servers

Enables servers for the small UDP services (echo, discard, and chargen). By default, these services are disabled as of IOS 11.2 and later.

service compress-config global

service compress-config
no service compress-config
 

Configures

Compression of configurations in memory

Default

Disabled

Description

This command lets you compress the configuration file; this feature is available only on high-end routers (5000, 6000, and 7500 series). To disable compression, use the no form of the command.

service linenumber line

service linenumber
no service linenumber
 

Configures

Line number display

Default

Disabled

Description

This command configures the router to display the line number, line location, and hostname after the incoming banner.

service-module 56k interface

service-module 56k parameters
no service-module 56k parameters
 

Configures

Internal 56k (DS0) CSU/DSU

Default

Depends on the command

Description

The service-module commands are for routers that have 56k CSU/DSU modules built into them. These commands set various options on the internal CSU/DSU. The parameters that can be configured are:

 

clock rate speed

Configures the line speed for a four-wire 56k line. The valid speeds are 2.4, 4.8, 9.6, 19.2, 38.4, 56, and 64. The default is 56.

 

clock source {line | internal}

By default, the clock source is the line, which is provided by the carrier. This command allows you to switch to the internal clock source on the module.

 

data-coding {normal | scrambled}

normal data coding is the default behavior for service modules. scrambled data coding should be used only on lines configured for 64 Kbps. Both ends of the link must use the same data coding.

 

network-type {dds | switched}

Determines whether the line is configured for DDS (unswitched) or switched service. dds is the default for four-wire service; switched is the default for two-wire service.

 

remote-loopback

By default, the service module accepts remote-loopback commands from the remote CSU/DSU. To disable remote loopback, use the no form.

 

switched-carrier {att | sprint | other}

The switched-carrier setting must be appropriate for your 56k provider. att is the default on four-wire CSU/DSUs; sprint is the default on two-wire CSU/DSUs. This command can be used only if the network-type is set to switched.

service-module t1 interface

service-module t1 parameters
no service-module t1 parameters
 

Configures

Internal T1 CSU/DSU

Default

Depends on the command

Description

The service-module commands are for routers that have T1 CSU/DSU modules built into them. These commands set various options on the internal CSU/DSU. The parameters that can be configured are:

 

clock source {internal | line}

By default, the clock source for a T1 CSU/DSU is the line, which is provided by the carrier. This command allows you to switch to the internal clock source on the module.

 

data-coding {inverted | normal}

By default, the data coding is set to normal. Setting the data coding to inverted instructs the module to convert all 1s to 0s and all 0s to 1s. If the data coding is inverted on one end of the line, the other end must also be inverted or the connection will fail.

 

framing {esf | sf}

This command sets the framing type for the T1 module, which can be esf (Extended Superframe) or sf (Superframe). The default framing type for a T1 module is ESF.

 

lbo {-15 db | -7.5 db | none}

This command sets the line build-out value. -15 db decreases the outgoing signal by 15 decibels; -7.5 db decreases it by 7.5 decibels. Your provider will know what the build-out should be for your link. The default is no build-out (none) on the outgoing signal.

 

linecode {ami | b8zs}

By default, the line encoding is set to b8zs. It can be changed to ami with this command. Your service carrier provides the T1 linecode type.

 

remote-alarm-enable

This command allows the generation and detection of remote alarms on the T1 line. All alarms are disabled by default.

 

remote-loopback {full | payload}

By default, the service module accepts full and payload remote-loopback commands from the remote CSU/DSU. The no form of this command allows you to disable this behavior.

 

timeslots {all | range} [speed 56|64]

This command defines the timeslots that make up a fractional T1 line. The keyword all includes all the timeslots; to specify a subset of the available timeslots (i.e., fractional T1), use a range of numbers between 1 and 24 (for example, 1-3,7 for timeslots 1, 2, 3, and 7). The optional speed parameter defines the timeslot speed, which can be 56 or 64. The default is all timeslots operating at 64 Kbps.

service-policy (interface) interface

service-policy {input | output} policy-map-name
no service-policy {input | output} policy-map-name
 

Configures

policymap

Default

None

Description

This command attaches a policy map to an interface or Virtual Circuit (VC). Use the input or output keyword to apply the policy map to the input or output traffic on an interface.

Example

interface serial 1/1
 service-policy output policy1
service-policy (policy-map) policy-map

policy-map-name
no service-policy policy-map-name
 

Configures

policy map

Default

None

Description

This command attaches a policy map directly to a class.

Example

policy-map classes-def
 class gold
 bandwidth percent 50
 class silver
 bandwidth percent 30
 class bronze
 bandwidth percent 10
!
policy-map map1
 class customer1
 shape average 38400
 service-policy classes-def

service timestamps global

service timestamps {log | debug} [uptime]
service timestamps {log | debug} datetime [msec] [localtime] [show-timezone]
no service timestamps {log | debug}
 

Configures

Timestamps on log messages

Default

No timestamps

Description

This command forces timestamps on logging or debugging messages. uptime is the default if no options are specified.

 

log

Applies timestamps to logging messages.

 

debug

Applies timestamps to debugging messages.

 

uptime

Optional. The time is calculated since the router was started.

 

datetime

Uses the actual clock time.

 

msec

Optional. Displays the millisecond value in the timestamp.

 

localtime

Optional. Timestamps are relative to the local time zone.

 

show-timezone

Optional. Displays the time zone value in the timestamp.

session-limit line

session-limit number
no session-limit
 

Configures

Maximum sessions per line

Default

Depends on the hardware; show terminal shows you the default for your device

Description

This command sets the maximum number of terminal sessions per line.

session-timeout line

session-timeout minutes [output]
no session-timeout
 

Configures

Minutes before a session on the line times out

Default

0 (never times out)

Description

This command sets the interval that the router waits for traffic before closing the connection, i.e., the amount of time the line can be idle. The timeout period is specified in minutes. The output keyword tells the router to use both input and output traffic to reset the counters. If you omit this keyword, only the input traffic on the line causes a counter reset.

set as-path route-map

set as-path {tag | prepend as-path-string}
no set as-path {tag | prepend as-path-srting}
 

Configures

Properties of routes matching a route map

Default

None

Description

Route maps let you select routes based on certain criteria and modify the properties of those routes using one or more set commands. This command allows you to modify the autonomous system path for BGP routes that match the route map's criteria. (To define a route map, use the route-map command; to specify a route map's matching criteria, use the match command.) The set as-path command has the following arguments:

 

tag

When redistributing routes into BGP, converts the tag of the route directly into an autonomous system (AS) path.

 

prepend as-path-string

Adds the as-path-string to the beginning of any AS path.

Example

In this example, we create a route map called test-as-path. Inside the map, we match any AS path list with the number 1. We then use the set as-path command to prepend our local autonomous system (300) to all routes advertised to our neighbor (10.10.1.1).

route-map test-as-path
 match as-path 1
 set as-path prepend 300
!
ip as-path access-list 1 permit .*
!
router bgp 300
 neighbor 10.10.1.1 route-map test-as-path out

set atm-clp policy-map

set atm-clp
no set atm-clp
 

Configures

QoS setting within a policy map class

Default

CLP is 0

Description

This command sets the cell loss priority (CLP) bit within a policy map class.

Example

class-map ip-precedence-is-zero
 match ip precedence 0
!
policy-map set-atm-clp
 class ip-precedence-is-zero
 set atm-clp
set automatic-tag route-map

set automatic-tag
no set automatic-tag
 

Configures

Properties of routes matching a route map

Default

None

Description

This command causes automatic tag calculation for a learned route that is matched by a route map.

set community route-map

set community {community-number [additive]} | none
no set community {community-number [additive]} | none
 

Configures

Properties of routes matching a route map

Default

None

Description

This command sets the BGP community for a route matched by the route map.

 

community-number

The community number to use; its value can be a number from 1 to 4,294,967,200, or the predefined communities of no-export or no-advertise.

 

additive

Optional. Causes the new community to be added to any communities that the route already belongs to.

 

none

Optional. Removes all community attributes from the route.

set cos policy-map

set cos cos-value
no set cos cos-value
 

Configures

QoS setting within a policy map class

Default

None

Description

This command sets the layer-2 class of service (CoS) value of a packet within a policy map class.

 

cos-value

The CoS value to use, from 0 to 7.

Example

policy-map map1
 class voice
 set cos 1
set default interface route-map

set default interface interface [... interface]
no set default interface interface [... interface]
 

Configures

Properties of routes matching a route map

Default

None

Description

This command sets the output interface for destinations that match the criteria in the route map if there is no explicit route to the destination. In other words, if the route is matched by this route map and has no explicit destination, this command can tell it which interface to use as a default route. This allows you to have different default routes for different hosts or networks.

You may list any number of interfaces; if the first interface in the list is down, the next is tried, and so on. This command should be used in conjunction with the ip policy route-map command.

Example

The following commands establish a route map named policy-one for policy-based routing. This map takes all packets for the destinations matched by access list 1 (i.e., all destinations that match 10.1.0.0/16) and sends them out through interface serial0.

interface ethernet0
 ip policy route-map policy-one
 ip address 10.1.1.1 255.255.255.0
!
! this access-list is for the match ip command below
access-list 1 permit 10.1.0.0 0.0.255.255
!
route-map policy-one
 match ip address 1
 set default interface serial0
set discard-class policy-map

set discard-class value
no set discard-class value
 

Configures

QoS setting within a policy map class

Default

0

Description

This command marks a packet with the specified discard value within a policy map class. The value can be a number from 0 to 7.

Example

policy-map map1
 class voice
 set discard-class 2
set dscp policy-map

set dscp value
no set dscp value
 

Configures

QoS setting within a policy map class

Default

None

Description

This command marks a packet with the DSCP (differentiated services code point) value within a policy map class. The value can be from 0 to 63.

Example

policy-map map1
 class class1
 set dscp 15

set fr-de policy-map

set fr-de
no set fr-de
 

Configures

QoS setting within a policy map class

Default

Bit is set to zero (0)

Description

This command sets the discard eligible (DE) bit for a frame relay packet within a policy map class.

Example

policy-map map1
 class class1
 set fr-de

set interface route-map

set interface interface [... interface]
no set interface interface [... interface]
 

Configures

Properties of routes matching a route map

Default

None

Description

This command is similar to the set default interface command. It differs in that the interface specified in this command is always used regardless of any other routing information: it can't be overridden by an explicit route to the destination. This command should be used in conjunction with the ip policy route-map command.

set ip default next-hop route-map

set ip default next-hop ip-address [... ip-address]
no set ip default next-hop ip-address [... ip-address]
 

Configures

Properties of routes matching a route map

Default

None

Description

This command sets the next-hop address for an incoming packet if there is no explicit route for the packet already. This command should be used in conjunction with the ip policy route-map command. The IP address does not have to be an address that is adjacent to the router.

set ip next-hop route-map

set ip next-hop ip address [... ip address]
no set ip next-hop ip address [... ip address]
 

Configures

Properties of routes matching a route map

Default

None

Description

This command sets the next-hop address for an incoming packet regardless of any explicit route for the packet. It is similar to the set ip default next-hop command except that a next-hop address specified with this command cannot be overridden by an explicit route. This command should be used in conjunction with the ip policy route-map command. The IP address does not have to be an address that is adjacent to the router.

set ip precedence route-map

set ip precedence qos
no set ip precedence
 

Configures

The precedence bits in the IP header

Default

Disabled

Description

This command sets the Quality of Service bits in the IP header. The Quality of Service value, qos, can be specified either by number or by name. Table 17-20 lists the valid number and names that can be used.

Table 17-20. QoS numbers and names

QoS number

QoS name

0

routine

1

priority

2

immediate

3

flash

4

flash-override

5

critical

6

internet

7

network

set ip tos route-map

set ip tos [value]
no set ip tos
 

Configures

Properties of routes matching a route map

Default

Disabled

Description

This command sets the Type of Service (ToS) for a packet that matches the route map. The value is a number from 0 to 15.

set level route-map

set level {level-1 | level-2 | level-1-2 | stub-area | backbone}
no set level {level-1 | level-2 | level-1-2 | stub-area | backbone}
 

Configures

Properties of routes matching a route map

Default

backbone for OSPF; level-2 for IS-IS

Description

This command sets the level into which routes that match the route map are imported.

 

level-1

Imports into level-1 area.

 

level-2

Imports into level-2 subdomain.

 

level-1-2

Imports into both level-1 and level-2.

 

stub-area

Imports into the OSPF NSSA area.

 

backbone

Imports into the OSPF backbone area.

set local-preference route-map

set local-preference value
no set local-preference value
 

Configures

Properties of routes matching a route map

Default

100

Description

This command sets the preference value for routes that match the map. In BGP, the preference influences route selection.

set metric route-map

set metric metric-value
no set metric metric-value

set metric bandwidth delay reliability loading mtu
no set metric bandwidth delay reliability loading mtu
 

Configures

Properties of routes matching a route map

Default

The default metric for the routing protocol

Description

This command sets the metric value for a matching route. The first form of the command (with a single metric-value parameter) is used for most routing protocols; the metric value must be appropriate for the protocol's routing metric. For IGRP and EIGRP, you must use the second form of the command with five parameters:

 

bandwidth

The bandwidth of the route in kilobits per second. The value can be from 0 to 4,294,967,295.

 

delay

The route delay in tens of microseconds. The value can be from 0 to 4,294,967,295.

 

reliability

A value from 0 to 255. 0 indicates total unreliability; 255 indicates complete reliability.

 

loading

A value from 0 to 255. 0 means no load; 255 means 100% loaded.

 

mtu

The smallest MTU for any link in the route, in bytes. The value can be from 0 to 4,294,967,295.

set metric-type route-map

set metric-type {internal | external | type-1 | type-2}
no set metric-type {internal | external | type-1 | type-2}
 

Configures

Properties of routes matching a route map

Default

Disabled

Description

This command sets the metric type used for routes that match the map. The metric type is used by the OSPF and IS-IS protocols.

 

internal

IS-IS internal metric.

 

external

IS-IS external metric.

 

type-1

OSPF external type 1 metric.

 

type-2

OSPF external type 2 metric.

set metric-type internal route-map

set metric-type internal
no set metric-type internal
 

Configures

Properties of routes matching a route map

Default

Disabled

Description

This command is for BGP routing. It causes the MED value for all advertised routes that match the route map to be set to the corresponding interior routing protocol metric of the next hop.

set mpls-label route-map

set mpls-label
no set mpls-label
 

Configures

Properties of a route map

Default

Disabled

Description

This command enables a route to be distributed with an MPLS label if it matches the conditions in the route map.

set origin route-map

set origin {igp | egp as-system | incomplete}
no set origin {igp | egp as-system | incomplete}
 

Configures

Properties of routes matching a route map

Default

The default origin value

Description

This command sets the BGP origin code for the matched route. The possible origins are:

 

igp

The route was learned from an interior routing protocol.

 

egp as-system

The route was learned from an exterior routing protocol with the given autonomous system number.

 

incomplete

The origin of the route is unknown.

set ospf router-id route-map

set ospf router-id
no set ospf router-id
 

Configures

Properties of a route map

Default

Disabled

Description

This command allows the router to set a separate OSPF ID for each interface on a provider edge.

set-overload-bit router, IS-IS

set-overload-bit
no set-overload-bit
 

Configures

The overload bit for IS-IS routing

Default

Disabled

Description

This command sets the overload bit, which tells other routers not to use it as the intermediate hop in the shortest path first (SPF) calculation.

set precedence policy-map

set precedence value
no set precedence value
 

Configures

QoS setting within a policy map class

Default

Disabled

Description

This command sets the precedence value, from 0 to 7, of packets that match the policy map class.

Example

policy-map map1
 class class1
 set precedence 7

set qos-group policy-map

set qos-group group-id
no set qos-group group-id
 

Configures

QoS setting within a policy map class

Default

None

Description

This command sets the quality of service group identifier of packets that match the policy map class. The group-id can be any number from 0 to 99.

Example

policy-map map1
 class class1
 set qos-group 1
set tag route-map

set tag value
no set tag value
 

Configures

Properties of routes matching a route map

Default

The route's tag is passed directly into the new routing protocol

Description

This command sets the matched route's tag value. The value can be from 0 through 4,294,967,295.

setup command

setup
 

Description

This command places the router in setup configuration mode. In this mode, the router asks a series of questions; the answers allow the router to build a basic configuration. You must be in enable mode to run this command.

Example

Here is the beginning of the system configuration dialog:

ROUTER#setup

 --- System Configuration Dialog ---

Continue with configuration dialog? [yes/no]: yes

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.

First, would you like to see the current interface summary? [yes]: n

Configuring global parameters:

 Enter host name [ROUTER]: myrouter

 The enable secret is a password used to protect access to
 privileged EXEC and configuration modes. This password, after
 entered, becomes encrypted in the configuration.
 Enter enable secret:
set weight route-map

set weight value

no set weight value
 

Configures

Properties of routes matching a route map

Default

The default weight value

Description

This command sets the BGP weight value for a matched route. The weight value can be 0 through 65,535.

shape policy-map

shape {average | peak} cir [burst-committed burst-excess]
no shape {average | peak} cir [burst-committed burst-excess]

shape {average | peak} percent percent-value [burst-committed burst-excess]
no shape {average | peak} percent percent-value [burst-committed burst-excess]
 

Configures

traffic shaping

Default

None

Description

This command allows you to configure traffic shaping for a policy-map class. You can specify either the committed information rate (CIR) in bits per second or you can specify a percentage of the available bandwidth.

 

average

Specifies the average rate shaping.

 

peak

Specifies the peak rate shaping.

 

cir

Specifies the CIR in bits per second.

 

percent

Specifies the percentage of bandwidth to use. The value can be from 1 to 100.

 

burst-committed

Optional. Specifies the committed burst (bc) size in milliseconds. This value can be from 10 to 2,000.

 

burst-excess

Optional. Specifies the exceeded burst (be) size in milliseconds. This value can be from 10 to 2,000.

Example

This example configures traffic shaping using an average of the available bandwidth. We set the average rate to have a CIR of 50 percent, a committed burst (bc) of 400 milliseconds, and an exceeded burst (be) of 600 milliseconds.

policy-map map1
 class class1
 shape average percent 50 400 600

show command

show parameters
 

Description

The show commands are extremely helpful when configuring or debugging a router. Just about anything you want to know about the router's configuration or state can be found with a show command. Table 17-21 summarizes the common show commands.

<

Table 17-21. Common show commands

Command

Subcommand

Displays

show access-lists [acl]

 

All access lists. If you give an access list number, this command displays that particular list.

show accounting

 

All the accounting information on the system.

show adjacency

 

CEF adjacency table.

show aliases [mode]

 

All aliases that have been defined for commands. If you provide the name of a mode, this command only displays the aliases for that mode. Use ? to see the list of acceptable modes. Aliases are created with the alias command.

show arp

 

The router's ARP table.

show async

bootp

BOOTP parameters for an asynchronous interface.

 

status

Status of the asynchronous interfaces.

show atm

accounting

ATM accounting information.

 

addresses

Active ATM addresses.

 

arp-server

ATM ARP server table.

 

bundle

Attributes assigned to each bundle's virtual circuit.

 

connection-traffic-table

ATM connection traffic parameters.

 

filter-expr

ATM filter expressions.

 

filter-set

ATM filter sets.

 

ilmi-configuration

ILMI configuration information.

 

ilmi-status

ILMI status information.

 

interface

ATM information relative to an interface.

 

map

ATM static maps to remote hosts.

 

qos-defaults

Default ATM QoS configuration.

 

resource

ATM global resource manager configuration.

 

rmon

Status of the ATM RMON MIB.

 

route

ATM routing table.

 

signalling

ATM signaling information.

 

snoop

ATM port snooping configuration.

 

snoop-vc

ATM port snooping configuration per virtual connection.

 

snoop-vp

ATM port snooping configuration per virtual path.

 

status

Current ATM status for the router.

 

traffic

ATM traffic layer information.

 

vc

Information about ATM virtual connections.

 

vp

Information about ATM virtual paths.

show auto secure

 

AutoSecure configuration.

show auto qos

 

Displays configurations created by AutoQoS.

show bridge

 

Entries in the bridge forwarding database.

 

circuit-group

Status of the interfaces in a circuit group.

 

group [verbose]

Status of all bridge groups.

 

multicast

Transparent bridging multicast state information.

 

vlan

Virtual LAN subinterfaces.

show bootflash:

 

Information about the router's bootflash.

show bootvar

 

Contents of the bootvar variable.

show buffers

 

Buffers and buffer statistics.

show calendar

 

Calendar hardware setting.

show caller

 

Incoming caller information on access servers.

show cef

 

Cisco Express Forwarding information.

 

interface

CEF interface level statistics.

show cdp

 

Global CDP information.

 

entry

Information about an entry in the CDP table.

 

interface

Interfaces for which CDP is enabled.

 

neighbors [detail]

Information about CDP neighbors.

 

TRaffic

Traffic information from the CDP table.

show cef

 

Information about Cisco Express Forwarding.

show class-map

 

Class maps and their matching criteria.

show clock [detail]

 

Current clock information;

show compress

 

Compression statistics.

show configuration

 

Initial startup configuration. This command has been replaced with show startup-config.

show controllers [controller]

 

Information about the physical port. By default, you get all the controller information. Use the controller parameter to name a specific controller.

show cops servers

 

Policy server.,

show crypto cisco

 

Cisco encryption policies.

 

algorithms

Supported cryptographic algorithms.