secondary-address sec_ip_addrApplies the crypto map to the secondary address for this interface that is specified by sec_ip_addr. sec_ip_addr must be specified using the standard IPv4/IPv6 notation.In order for ISAKMP and/or manual crypto maps to work, they must be applied to a specific interface using this command. Dynamic crypto maps should not be applied to interfaces.crypto-map cmap1descriptiontextSpecifies the descriptive text to use. text must be 0 to 79 alpha and/or numeric characters with no spaces or a quoted string of printable charactersdescription sampleInterfaceDescriptiveTextip { access-group acl_name { in | out } [ priority-value ] | address ip_address ip_mask [ secondary | srp-activate ] | arp { arpa | timeout seconds } }acl_name specifies the access control list to be added/removed from the group. The ACL rules must be configured in the same context as the interface.In Release 8.1 and later, acl_name must be an alpha and/or numeric string of 1 through 47 characters in length.In Release 8.0 and earlier, acl_name must be an alpha and/or numeric string of 1 through 79 characters in length.The direction must also be specified as either inbound or outbound using the keywords in and out, respectively.priority-value: Default: 0. If more than one ACL is applied, priority-value specifies the priority in which they will be compared against the packet. If not specified, the priority is set to 0. priority-value must be an integer from 0 through 4294967295. If access groups in the list have the same priority, the last one entered is used first.Important: Up to 8 ACLs can be applied to a group provided that the number of rules configured within the ACL(s) does not exceed the 128 rule limit for the interface.
Configures the IP address for the interface specifying the networking mask as well. ip_address and ip_mask must be specified using the standard IPv4/IPv6 notation.The secondary keyword is used to configure a secondary IP address on the interface. This is referred to as multi-homing of the interface.The srp-activate Activates the IP address for Interchassis Session Redundancy.Important: These keywords have been replaced by the R_arp command in the Global Configuration Mode. For backwards compatibility, however, these keywords are accepted as valid.
ip mtumtu-sizeno ip mtumtu-sizeip mtu 1500password auth_keyThe password to use for authentication. authentication_key is a string variable, from 1 through 16 alphanumeric characters, that denotes the authentication password. This variable is entered in clear text format.ipospfcostvalueip ospf cost 20ip ospf { dead-intervalvalue | hello-intervalvalue | retransmit-intervalvalue | transmit-delayvalue }dead-interval valueThe interval, in seconds, that the router should wait, during which time no packets are received and after the router considers a neighboring router to be off-line. value must be an integer from 1 through 65535.hello-interval valueThe interval, in seconds between sending hello packets. value must be an integer from 1 through 65535.retransmit-interval valueThe interval, in seconds, between LSA (Link State Advertisement) retransmissions. value must be an integer from 1 through 65535.transmit-delay valueThe interval, in seconds, that the router should wait before transmitting a packet. value must be an integer from 1 through 65535.password authentication_keyThe password to use for authentication. authentication_key is a string variable, from 1 through 16 alphanumeric characters, that denotes the authentication password. This variable is entered in clear text format.ipospfpriorityvalueno ipospfpriorityvalueImportant: Up to 8 ACLs can be applied to a group provided that the number of rules configured within the ACL(s) does not exceed the 128 rule limit for the interface.
ipv6 address ip_addressicmp unreachable next-hop ip addressSpecifies routing of Internet Control Message Protocol (icmp) unreachable is required in overlapping pool configuration. ip address must be an IP address expressed in IPv4/IPv6 notation.unconnected-address next-system ip addressip address must be an IP address expressed in IPv4/IPv6 notation.policy-forward unconnected-address next-system ip addresspolicy-forward icmp unreachable next-hop ip addressprimary addressOn the secondary system, define the IP address of an interface on the primary system that has identical IP pools configured for use with the IP pool sharing protocol. address must be an IP address expressed in IP v4 dotted decimal notation.secondary addressOn the primary system, define the IP address of an interface on the secondary system that has identical IP pools configured for use with the IP pool sharing protocol. address must be an IP address expressed in IP v4 dotted decimal notation.active: Activates the IP pool sharing protocol mode.inactive: Inactivates the IP pool sharing protocol mode.check-config: Verify the IP pool sharing protocol configuration.Important: For information on configuring and using IPSP refer to the System Administration and Configuration Guide.
Important: To reserve free addresses on primary HA for this command use reserved-free-percentage command in IPSP Configuration Mode Commands of this guide.
pool-share-protocol secondary 192.168.100.10pool-share-protocol secondary 192.168.100.10 mode inactiveport-switch-on-L3-failaddress { ip_address | ipv6_address } [ minimum-switchover-periodswitch_time ] [ intervalint_time ] [ timeouttime_out ] [ num-retrynumber ]minimum-switchover-period switch_timeAfter a switchover occurs, another switchover cannot occur until the amount of time specified has elapsed. switch_time must be an integer in the range from 1 to 3600.interval int_timeThis specifies how often, in seconds, monitoring packets are sent to the IP address being monitored. int_time must be an integer in the range from 1 to 3600.timeout time_outThis specifies how long to wait without a reply before resending monitoring packets to the IP address being monitored. time_out must be an integer in the range from 1 to 10.num-retry numberThis value specifies how many times to retry sending monitor packets to the IP address being monitored before performing the switchover operation. number must be an integer in the range from 1 to 100.port-switch-on-L3-fail address 192.168.10.100This command sets a single next-hop IP address so that multiple vlans can use a single next-hop gateway. vlan-map is associated with a specific interface.vlan-map next-hop ip_addressnext-hop ip_addressip_address: Can be either an IPv4 or IPv6 address in standard format.vlan-map next-hop 123.123.123.1
![]() |
Cisco Systems Inc. |
Tel: 408-526-4000 |
Fax: 408-527-0883 |