Cisco DistributedDirector 4700-M Install and Config Guide
Command Summary and Reference
Downloads: This chapterpdf (PDF - 426.0KB) | Feedback

Command Summary and Reference

Table Of Contents

Command Summary and Reference

access-list (standard)

clear ip director cache

clear ip director counters

clear ip director servers

clear ip drp

debug ip director

debug ip director parse

debug ip director queries

debug ip director sort

debug ip drp

enable

enable secret

interface

interface fastethernet

ip director access-group

ip director access-list

ip director cache

ip director cache-time

ip director default-weights

ip director host

ip director host connect

ip director host priority

ip director host weights

ip director ip-address

ip director server drp-association

ip director server preference

ip director ttl

ip dns primary

ip drp access-group

ip drp authentication key-chain

ip drp server

ip host

ip name-server

key

key chain

key-string

show ip director

show ip director access-list

show ip director cache

show ip director default-weights

show ip director hosts

show ip director servers

show ip drp

Summary of Additional Cisco IOS Commands


Command Summary and Reference


This chapter lists and describes the commands that can be configured in the Cisco DistributedDirector. Summary information for Cisco IOS commands mentioned in appendixes of this guide is provided at the end of this chapter.


Note   Some of the commands contained in the "Related Command(s)" section at the end of each command reference page are documented in the Cisco IOS command references.


contains a summary of commands and record formats for the Director system.

Table 10-1 Director Commands and Records  

Command or Record
Description
Configuring the DRP Server Agent
 

ip drp server

Turn on the DRP agent. The no form of this command turns off the DRP agent.

ip drp access-group access-list-number

Enable an access list for DRP. The no form of this command disables the access list.

ip drp authentication key-chain key-chain-name

Enable the DRP authentication key chain. The no form of this command disables the key chain.

show ip drp

Show configuration information.

Configuring the Director (DNS caching name server mode)

ip name-server DNS-server-IP-address

Specify the private DNS server that the Director should send requests to. The no form of this command stops the Director from sending requests to this DNS server.

ip director default-weights {[drp-int n] [drp-ext n] [drp-ser n] [random n] [admin n]}

Configure default weight metrics. The no form of this command removes default weight information for one or more metrics.

ip director server {hostname | host-ip-address} preference [cost]

Specify a simple preference of one server over another (called the administrative metric). Zero for cost means the host will never be selected, so you can use the command to take a host out-of-service. The no form of this command cancels any server preference.

ip director ttl seconds

Specify a time-to-live (TTL) value, in seconds, to be placed on all A DNS resource record replies that are sorted by the Director. The default is 0. The TTL tells clients how long to keep this information before requesting from the Director again.

ip director cache

Enable the Director cache (the default). The no form of this command disables the cache. The Director caches the servers it has sorted so it can respond to queries faster.

ip drp access-group access-list-number

Enable an access list for DRP. The no form of this command disables an access list

ip director access-list access-list-number [permit | deny] expression

Define an access list which specifies the host names that the Director should sort. The no form of this command removes the definition of that access list.

ip director access-group access-list-number

Tell the Director to use the specified access list. The no form of this command tells the Director to not use the access list.

ip drp authentication key-chain key-chain-name

Enable the DRP authentication key chain. The no form of this command disables the key chain.

Configuring the Director (HTTP session redirector mode)

ip director ip-address Director-virtual-IP-address

Specify an IP address that the Director will receive HTTP requests on. The no form of this command cancels the reception of HTTP requests on this IP address.

ip name-server DNS-server-IP-address

Specify the DNS server that the Director should send requests to. The no form of this command tells the Director to not send requests to this DNS server.

ip director default-weights {[drp-int n] [drp-ext n] [drp-ser n] [random n] [admin n]}

Configure default weight metrics.

ip director server {hostname | host-ip-address} drp-association [name | ip-address]

Used to associate a distributed server with its DRP server agent. If you intend to configure any DRP metrics, you must associate each distributed server with its DRP server agent.

ip director server {hostname | host-ip-address} preference [cost]

Specify a simple preference of one server over another (called the administrative metric). Zero for cost means the host will never be selected, so you can use the command to take a host out-of-service. The no form of this command cancels any server preference.

ip director ttl seconds

Specify a time-to-live (TTL) value, in seconds, to be placed on all A DNS resource record replies that are sorted by the Director. The default is zero. The TTL tells clients how long to keep this information before requesting it from the Director again.

ip director cache

Enable the Director cache (the default). The no form of this command disables the cache. The Director caches the servers it has sorted so it can respond to queries faster.

ip director cache-time [seconds]

The length of time the Director will retain request and response information to DNS queries. The no form of this command returns this time to the default value, 60 seconds.

ip drp access-group access-list-number

Enable an access list for DRP. The no form of this command disables an access list.

ip director access-list access-list-number [permit | deny] expression

Define an access list which specifies the host names that the Director should sort. The no form of this command removes the definition of that access-list.

ip director access-group access-list-number

Tell the Director to use the specified access list. The no form of this command tells the Director to not use the access list.

ip drp authentication key-chain key-chain-name

Enable the DRP authentication key chain. The no form of this command disables the key chain.

Configuring the Primary DNS Server (ciscoDD TXT records)

DNS-name in txt "ciscoDD: drp-assoc distr-server-addr DRP-agent-addr [port mins]"

Add a textual information resource record for every distributed server to associate it with its DRP server agent. This information is used for DRP internal and external metrics, and the optional information for server connection tests (a port number for making connections and interval in minutes for checking).

DNS-name in txt "ciscoDD: server distr-server-IP-addr port-number minutes"

Specify information for server connection tests.

DNS-name in txt "ciscoDD: weights {[drp-int n] [drp-ext n] [drp-ser n] [random n] [admin n]}"

Specify host-specific weights.

DNS-name in txt "ciscoDD: priority {[drp-int n] [drp-ext n] [drp-ser n] [random n] [admin n]}"

Specify priority.

Showing Information about the Director

show ip drp

Show DRP status.

show ip director

Show Director status.

show ip director access-list [number]

Show Director access lists.

show ip director cache

Show Director cache information.

show ip director default-weights

Show Director default weights.

show ip director hosts [host]

Show Director host(s) information

show ip director servers [name | ip-address]

Show Director server information.

Taking a Host Out-of-Service

ip director server {hostname | host-ip-address} preference [cost]

Zero for cost means the host will never be selected, so you can use the command to take a host out-of-service. The no form of this command cancels any host preference.

Clearing Director Information

clear ip drp

Clear DRP counters.

clear ip director cache

Clear Director cache entries.

clear ip director counters

Clear Director counters.

clear ip director servers [name | ip-address]

Clear Director server connection information.

Debugging

debug ip drp

Show debugging information for the DRP protocol.

debug ip director

Show debugging information for the Director.

debug ip director parse

Show debugging information for Director parsing of TXT information.

debug ip director queries

Show debugging information for DRP queries the Director sends out.

debug ip director sort

Show debugging information for Director IP address sorting.


access-list (standard)

To define a standard IP access list, use the standard version of the access-list global configuration command. To remove a standard access lists, use the no form of this command.

access-list access-list-number {deny | permit} source [source-wildcard]
no access-list access-list-number


Note   To define an access list for the Director, use the ip director access-list command.


Syntax Description

access-list-number

Number of an access list. This is a decimal number from 1 through 99.

deny

Denies access if the conditions are matched.

permit

Permits access if the conditions are matched.

source

Number of the network or host from which the packet is being sent. There are two alternative ways to specify the source:

Use a 32-bit quantity in four-part dotted-decimal format.

Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

source-wildcard

(Optional) Wildcard bits to be applied to the source. There are two alternative ways to specify the source wildcard:

Use a 32-bit quantity in four-part dotted-decimal format. Place ones in the bit positions you want to ignore.

Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.


Default

The access list defaults to an implicit deny statement for everything. The access list is always terminated by an implicit deny statement for everything.

Command Mode

Global configuration

Usage Guidelines

Plan your access conditions carefully and be aware of the implicit deny statement at the end of the access list.

You can use access lists to control the transmission of packets on an interface, control virtual terminal line access, and restrict the contents of routing updates.

Use the show access-lists EXEC command to display the contents of all access lists.

Use the show ip access-list EXEC command to display the contents of one access list.

Examples

The following example of a standard access list allows access for only those hosts on the three specified networks. The wildcard bits apply to the host portions of the network addresses. Any host with a source address that does not match the access list statements will be rejected.

access-list 1 permit 192.5.34.0  0.0.0.255
access-list 1 permit 128.88.0.0  0.0.255.255
access-list 1 permit 36.0.0.0  0.255.255.255
! (Note: all other access implicitly denied) 

To specify a large number of individual addresses more easily, you can omit the wildcard if it is all zeros. Thus, the following two configuration commands are identical in effect:

access-list 2 permit 36.48.0.3
access-list 2 permit 36.48.0.3  0.0.0.0

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

access-class
access-list (extended)†
distribute-list in †
distribute-list out †
ip access-group†
priority-list †
queue-list †
show access-lists†
show ip access-list†

clear ip director cache

To clear the Director cache, use the clear ip director cache EXEC command:

clear ip director cache

Syntax Description

This command has no keywords or arguments.

Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Use this command to clear the Director cache, which contains information about previous sorting decisions. You can use this command when you want to force the Director to redefine the sorting decision for a client.

Example

Following is an example of this command:

DD# clear ip director cache

Related Commands

clear ip director counters
clear ip director servers
clear ip drp
show ip director cache

clear ip director counters

To clear Director counters, use the clear ip director counters EXEC command:

clear ip director counters

Syntax Description

This command has no keywords or arguments.

Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Use this command to reset all statistics information related to the Director.

Example

Following is an example of this command:

DD# clear ip director counters

Related Commands

clear ip director cache
clear ip director servers
clear ip drp
show ip director

clear ip director servers

To clear Director server connection information, use the clear ip director servers EXEC command:

clear ip director servers [name | ip-address]

Syntax Description

name

(Optional) Sever name.

ip-address

(Optional) Server IP address.


Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

This command clears the server hit counts, last hit times, server status information (whether the server is available or not), and server drp-ser metric. If no server name or IP address is specified, information for all servers is cleared.

Example

Following is an example of this command:

DD# clear ip director servers

Related Commands

clear ip director cache
clear ip director counters
clear ip drp
show ip director server

clear ip drp

To clear DRP counters, use the clear ip drp EXEC command:

clear ip drp

Syntax Description

This command has no keywords or arguments.

Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

This command clears the DRP counters for number of requests received, number of successful replies sent, and number of failures.

Example

Following is an example of this command:

DD# clear ip drp

Related Commands

clear ip director cache
clear ip director counters
clear ip director servers
show ip drp

debug ip director

To show debugging information for the Director, use the debug ip director EXEC command:

[no] debug ip director

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Sample Display

The following sample shows the output for one DRP server. The output fields are repeated for additional DRP servers.

DD# debug ip director
DIRECTOR: interesting query for "www.hacks.org"
DIRECTOR: default random weight is 0
DIRECTOR: default DRP route lookup external to AS weight is 0
DIRECTOR: default administrative preference weight is 0
DIRECTOR: default DRP route lookup internal to AS weight is 0
DIRECTOR: default DRP distance to associated server weight is 0
DIRECTOR_DRP: querying drp-s distance router 172.19.169.13 and server 
172.19.169.99
DIRECTOR_DRP: New DRP req. struct for router 172.19.169.13, max queries=10
DIRECTOR_DRP: appended client 172.19.169.99 query for 172.19.169.13, 
total is now 1
DIRECTOR: 172.19.169.99 querying administrative preference
DIRECTOR: 172.19.169.99 querying DRP route lookup internal to AS
DIRECTOR_DRP: appended client 172.19.169.15 query for 172.19.169.13, 
total is now 2
DIRECTOR: 172.19.169.99 querying DRP distance to associated server
DIRECTOR_DRP: 2 requests sent to 172.19.169.13
DIRECTOR_DRP: reply from agent 172.19.169.13
DIRECTOR_DRP: reply for client 172.19.169.99 from agent 172.19.169.13
Gathering distance DRP (172.19.169.13) <-> Server (172.19.169.99)
DIRECTOR_DRP: saving metric info (i=0, e=0) for server index# 0 server 
172.19.169.99, rank 0, priority 101
    random incomplete: 0
    DRP route lookup external to AS complete: 0
    administrative preference complete: 0
    DRP route lookup internal to AS complete: 0
    DRP distance to associated server complete: 18465
DIRECTOR: 172.19.169.15 request complete (best=0, outstanding=0)

describes the fields shown in the display.

Table 10-2 Debug IP Director Field Descriptions

Field
Description

interesting query for

The host name contained in the incoming DNS request.

default random weight is

The default weight setting for the random metric.

default DRP route lookup external to AS weight is

The default weight setting for the external (drp-ext) metric.

default administrative preference weight is

The default weight setting for the administrative (admin) metric.

default DRP route lookup internal to AS weight is

The default weight setting for the internal (drp-int) metric.

default DRP distance to associated server weight is

The default weights configured for the DPR server agent

querying drp-s distance router ... and server ...

The Director is preparing to send a query for server distance.

New DRP req. struct for router ..., max queries=

Putting the query into the queue for the associated router.

appended client ... query for ..., total is now

Adding DRP reuest to the Director's outgoing queue.

... querying DRP distance to associated server

Director sending query to the DRP server agent for its associated server (drp-ser) metric.

... requests sent to ...

Number of requests sent to the DRP server agent.

reply from agent ...

Reply received from DRP server agent.

reply for client ... from agent ... Gathering distance DRP (...) <-> Server (...)

Parsing DRP packet, for the number of replies. Collecting metric for the distance from the DRP server agent to its associated server.

saving metric info...for server index...server..., rank..., priority...

Saving metrics to the Director's cache, for the specified server. The Director assigns an index value for each server, used to identify the "best" server, later in the display.

random incomplete

Random metrics is configured or not. Incomplete indicates that the random metric is not configured.

DRP route lookup external to AS complete

External DRP metric configured, but not used in drp-ser query. It is always 0.

administrative preference complete

Admin metric is configured or not. Complete indicates that the admin metric is configured.

DRP route lookup internal to AS complete

Internal metric value for DRP server agent to the configured server (IGP).

DRP distance to associated server complete

This is the raw IGP metric.

... request complete (best=..., outstanding=...)

After all weights and priorities are applied, the smallest value equals the best server. The number that follows "best=" is the Director's index number for that server.


Related Commands

debug ip drp
debug ip director parse
debug ip director queries
debug ip director sort

debug ip director parse

To show debugging information for Director parsing of TXT information, use the debug ip director parse EXEC command:

[no] debug ip director parse

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Sample Display

The following sample shows the output:

DD# debug ip director parse
DIRECTOR: parsing ciscoDD: priority
DIRECTOR: weight/priority for random = 1
DIRECTOR: parsing ciscoDD: weight
DIRECTOR: weight/priority for DRP route lookup internal to AS = 1
DIRECTOR: weight/priority for DRP route lookup external to AS = 80
DIRECTOR: parsing ciscoDD: server
DIRECTOR: service for 171.69.113.50 on port 80, check interval 5

describes the fields shown in the display.

Table 10-3 Debug IP Director Parse Field Descriptions

Field
Description

parsing ciscoDD:

The TXT record that is being parsed.

weight/priority for

The metric and the value to which its weight or priority is being set.

service for

A "server" record was parsed. The values for IP address, port, and connection-interval are shown.


Related Commands

debug ip drp
debug ip director
debug ip director queries
debug ip director sort

debug ip director queries

To show debugging information for DRP queries that the Director sends out, use the debug ip director queries EXEC command:

[no] debug ip director queries

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Sample Display

The following sample shows the output for one DRP server. The output fields are repeated for additional DRP servers.

DD# debug ip director queries
DIRECTOR_DRP: querying drp-s distance router 172.19.169.13 and server 
172.19.169.99
DIRECTOR_DRP: New DRP req. struct for router 172.19.169.13, max queries=10
DIRECTOR_DRP: appended client 172.19.169.99 query for 172.19.169.13, 
total is now 1
DIRECTOR: 172.19.169.99 querying administrative preference
DIRECTOR: 172.19.169.99 querying DRP route lookup internal to AS
DIRECTOR_DRP: appended client 172.19.169.15 query for 172.19.169.13, 
total is now 2
DIRECTOR: 172.19.169.99 querying DRP distance to associated server
DIRECTOR_DRP: 2 requests sent to 172.19.169.13
DIRECTOR_DRP: reply from agent 172.19.169.13
DIRECTOR_DRP: reply for client 172.19.169.99 from agent 172.19.169.13
Gathering distance DRP (172.19.169.13) <-> Server (172.19.169.99)
DIRECTOR_DRP: reply for client 172.19.169.15 from agent 172.19.169.13
DIRECTOR_DRP: saving metric info (i=0, e=0) for server index# 0 server 
172.19.169.99, rank 0, priority 101
    random incomplete: 0
    DRP route lookup external to AS complete: 0
    administrative preference complete: 0
    DRP route lookup internal to AS complete: 0
    DRP distance to associated server complete: 18465
DIRECTOR: 172.19.169.15 request complete (best=0, outstanding=0)

describes the fields shown in the display.

Table 10-4 Debug IP Director Queries Field Descriptions

Field
Description

querying drp-s distance router ... and server ...

The Director is preparing to send a query for server distance.

New DRP req. struct for router ..., max queries=

Putting the query into the queue for the associated router.

appended client ... query for ..., total is now...

Adding DRP reuest to the Director's outgoing queue.

appended client ... query for ..., total is now...

Director sending query to the DRP server for its associated server (drp-ser) metric.

... requests sent to ...

Number of requests sent to the DRP server.

reply from agent ...

Reply received from DRP server.

reply for client ... from agent ... Gathering distance DRP (...) <-> Server (...)

Parsing DRP packet, for the number of replies. Collecting metric for the distance from the DRP server agent to its associated server.

saving metric info...for server index...server..., rank..., priority...

Saving metrics to the Director's cache, for the specified server. The Director assigns an index value for each server, used to identify the "best" server, later in the display.

random incomplete

Random metrics is configured or not. Incomplete indicates that the random metric is not configured.

DRP route lookup external to AS complete

External DRP metric configured, but not used in drp-ser query. It is always 0.

administrative preference complete

Admin metric is configured or not. Complete indicates that the admin metric is configured.

DRP route lookup internal to AS complete

Internal metric value for DRP server agent to the configured server (IGP).

DRP distance to associated server complete

This is the raw IGP metric.

... request complete (best=..., outstanding=...)

After all weights and priorities are applied, the smallest value equals the best server. The number that follows "best=" is the Director's index number for that server.


Related Commands

debug ip drp
debug ip director
debug ip director parse
debug ip director sort

debug ip director sort

To show debugging information for Director IP address sorting, use the debug ip director sort EXEC command:

[no] debug ip director sort

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Sample Display

The following sample shows the output:

DD# debug ip director sort
server 172.19.169.99, rank 0, priority 101
              random incomplete: 0
              DRP route lookup external to AS complete: 0
              administrative preference complete: 0
              DRP route lookup internal to AS complete: 0
              DRP distance to associated server complete: 18465
DIRECTOR: 172.19.169.15 request complete (best=0, outstanding=0)

describes the fields shown in the display.

Table 10-5 Debug IP Director Sort Field Descriptions

Field
Description

server ..., rank ..., priority...

Server IP address. The Director assigns an index value for each server, used to identify the "best" server, later in the display. Priority 101 indicates that no priorities have been specified.

random incomplete

Random metrics is configured or not. Incomplete indicates that the random metric is not configured.

DRP route lookup external to AS complete

External DRP metric configured, but not used in drp-ser query. It is always 0.

administrative preference complete

Admin metric is configured or not. Complete indicates that the admin metric is configured.

DRP route lookup internal to AS complete

Internal metric value for DRP server agent to the configured server (IGP).

DRP distance to associated server complete

This is the raw IGP metric.

... request complete (best=0, outstanding=0)

After all weights and priorities are applied, the smallest value equals the best server. The number that follows "best=" is the Director's index number for that server.


Related Commands

debug ip drp
debug ip director
debug ip director parse
debug ip director queries

debug ip drp

Use the debug ip drp EXEC command to display Director Response Protocol (DRP) information. The no form of this command disables debugging output.

[no] debug ip drp

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

The debug ip drp command is used to debug the director response agent used by the Cisco DistributedDirector product. The Director can be used to dynamically respond to Domain Name System (DNS) queries with the IP address of the "best" host based on various criteria.

This command can be used on the Director and on the router configured to be a DRP server agent.

Sample Display

The following sample shows the output from a Director.

DD# debug ip drp
DIRECTOR: DRP: received v1 packet from 171.69.232.8, via Ethernet0
DIRECTOR: DRP: RTQUERY for 171.69.58.94 returned internal=0,external=0

describes the fields shown in the display.

Table 10-6 Debug IP DRP Field Descriptions

Field
Description

received v1 packet

Version 1 packet, server that sent it, and interface on which the packet was received.

internal

If nonzero, the metric for the internal distance of the route that the Director uses to send packets in the direction of the client. The internal distance is the distance within the Director's autonomous system.

external

If nonzero, the metric for the Border Gateway Protocol (BGP) or external distance used to send packets to the client. The external distance is the distance outside the Director's autonomous system.


Related Commands

debug ip director
debug ip director parse
debug ip director queries
debug ip director sort

enable

To enter privileged EXEC mode, use the enable EXEC command.

enable [level]

Syntax Description

level

(Optional) Privileged level on which to log in.


Command Mode

EXEC

Usage Guidelines

Because many of the privileged commands set operating parameters, privileged access should be password-protected to prevent unauthorized use. If the system administrator has set a password with the enable password global configuration command, you are prompted to enter it before being allowed access to privileged EXEC mode. The password is case sensitive.

If an enable password has not been set, enable mode only can be accessed from the router console. If a level is not specified, it defaults to the privileged EXEC mode, which is level 15.

Example

In the following example, the user enters the enable command and is prompted to enter a password. The password is not displayed on the screen. After the user enters the correct password, the system enters privileged command mode as indicated by the pound sign (#).

Router> enable
Password:
Router#

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

disable
enable password†

enable secret

Use the enable secret global configuration command to specify an additional layer of security over the enable password command. Use the no form of the command to turn off the enable secret function.

enable secret [level level] {password | encryption-type encrypted-password}
no enable secret [level level]

Syntax Description

level level

(Optional) Level for which the password applies. You can specify up to 16 privilege levels, using numbers 0 through 15. Level 1 is normal EXEC-mode user privileges. If this argument is not specified, the privilege level defaults to 15 (traditional enable privileges). The same holds true for the no form of the command.

password

Password as users will type it when entering enable mode. This password should be different from the password created with the enable password command. If service password-encryption is set, the encrypted form of the password you create here is displayed when a show startup-config command is entered.

encryption-type

(Optional) Cisco-proprietary algorithm used to encrypt the password. Current the only encryption type available for this command is 5. If you specify encryption-type, the next argument you supply must be an encrypted password (a password encrypted by a Cisco router).

encrypted-password

An encrypted password you enter, copied from another router configuration.


Default

No password is defined. The default is 15.

Command Mode

Global configuration

Usage Guidelines

You will not ordinarily enter an encryption type. Typically you enter an encryption type only if you paste back into this command an encrypted password that you copied from a router configuration file.


Caution   
If you specify encryption-type and then enter a clear-text password, you will not be able to re-enter enable mode. You cannot recover a lost password that has been encrypted by any method.

The enable secret command is used in conjunction with the enable password command to provide an additional layer of security over the enable password. This scheme provides better security by storing the enable secret using a non-reversible cryptographic function.

This added layer of security is useful in environments where the password crosses the network or is stored on a TFTP server.

If you use the same password for enable password and enable secret, you receive an error message warning that this practice is not recommended but the password will be accepted. By using the same password, however, you undermine the additional security the enable secret command provides.


Note   After you set a password using enable secret, a password set using the enable password command will no longer work unless enable secret is disabled or an older version of Cisco IOS software is being used, such as when running an older rxboot image. Additionally, you cannot recover a lost password that has been encrypted by any method.


Examples

The following example specifies the enable secret password of gobbledegook:

enable secret gobbledegook

After specifying an enable secret password, users must enter this password to gain access. Any passwords set through enable password will no longer work.

Password: gobbledegook

In the following example the encrypted password $1$FaD0$Xyti5Rkls3LoyxzS8t98j2, which has been copied from a router configuration file, is enabled for privilege level 2 using encryption type 5:

enable password level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8t98j2

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

enable
enable password

interface

To configure an interface type and enter interface configuration mode, use the interface global configuration command.

interface type number

Syntax Description

type

Type of interface to be configured. See .

number

Port, connector, or interface card number. On a Cisco DistributedDirector 4700-M, specifies the NIM or NPM number. The numbers are assigned at the factory at the time of installation or when added to a system, and can be displayed with the show interfaces command.


Default

None

Command Mode

Global configuration

Usage Guidelines

There is no correlation between the number of the physical serial interface and the number of the logical LAN Extender interface. These interfaces can have the same or different numbers.

Table 10-7 Interface Type Keywords

Keyword
Interface Type

ethernet

Ethernet IEEE 802.3 interface.

fddi

Fiber Distributed Data Interface (FDDI).

null

Null interface.

tokenring

Token Ring interface.


Example

In the following example, Ethernet interface 0 is configured with ARPA encapsulation:

interface ethernet 0

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

controller
show interfaces†

interface fastethernet

To select a particular Fast Ethernet interface for configuration, use the interface fastethernet global configuration command.

interface fastethernet number (Cisco DistributedDirector 4700-M)

Syntax Description

number

Port, connector, or interface card number. On a Cisco DistributedDirector 4700-M, specifies the NIM or NPM number. The numbers are assigned at the factory at the time of installation or when added to a system.


Default

None

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.2.

Example

The following example configures Fast Ethernet interface 0 for standard Advanced Research Projects Agency (ARPA) encapsulation (the default setting) on a Cisco DistributedDirector 4700-M:

interface fastethernet 0

Related Command

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

show interfaces fastethernet

ip director access-group

To tell the Director to use a specified Director access list in order to select which host names will receive Director sorting, use this ip director access-group global configuration command. The no form of this command tells the Director not to use the access list.

ip director access-group access-list-number
no ip director access-group access-list-number

Syntax Description

access-list-number

Number of a standard IP access list in the range 1 to 199.


Default

No access list is specified.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

The ip director access-group command can only take as an argument the number of an access list which was defined using the ip director access-list command.

This command does not take any regular access lists as an argument.

Before using this command, you must define the access list using the ip director access-list command.

Example

This command tells the Director to use access list 1:

DD(config)# ip director access-group 1 

Related Commands

ip director access-list
ip drp access-group
show ip director access-list

ip director access-list

To define an access list for the Director that specifies which subdomain names and host names should be sorted, use the ip director access-list global configuration command. The no form of this command removes the definition of the list.

ip director access-list access-list-number [permit | deny] expression

Syntax Description

access-list-number

Number of a standard IP access list in the range 1 to 199.

permit

Permit requests specified by the expression.

deny

Deny requests specified by the expression.

expression

Expression to be used as a sorting criterion.


Default

No access list is defined.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Use this command to define an access list that you can use to restrict the names sorted by the Director. If you do not use an access list, all subdomain name and host name address queries are sorted.

Example

This example permits the sorting of names that start with "www." and denies all other DRP requests:

DD(config)# ip director access-list 1 permit ^www.* 
DD(config)# ip director access-list 1 deny 

Related Commands

ip director access-group
ip drp access-group
show ip director access-list

ip director cache

To enable the sorting cache on the Director, use the ip director cache global configuration command. Use the no form of this command to disable the sorting cache.

ip director cache
no ip director cache

Syntax Description

This command has no arguments or keywords.

Default

Enabled

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

The Director caches information used in sorting decisions for each client.

Using the caching mechanism increases performance by reducing the amount of DRP querying to DRP server agents when answering client requests. With the caching functionality, the Director can answer a request from its own local memory instead of asking the DRP server agents for this information.

Example

Following is an example of this command:

DD(config)# ip director cache

Related Commands

ip director access-list
ip director default-weights
ip director server preference
show ip director
show ip director cache

ip director cache-time

To set the amount of time a Director sort cache entry remains in the cache, use the ip director cache-time global configuration command. The no form of this command sets the cache time to the default value.

ip director cache-time [seconds]
no ip director cache-time

Syntax Description

seconds

(Optional) The length of time the Director will retain request and response information to DNS queries.


Default

seconds=60, which means that the default is one minute.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

The cache time is the length of time the Director will retain request and response information to DNS queries. This command is ignored if no ip director cache is configured.

Example

Following is an example of this command:

DD(config)# ip director cache-time

Related Command

ip director cache

ip director default-weights

To configure default weight metrics for the Director, use the ip director default-weights global configuration command.

ip director default-weights {[drp-int n] [drp-ext n] [drp-ser n] [random n]
[
admin n]}
no ip director default-weights

Syntax Description

Not all of the following metrics need to be configured, However, at least one metric must be configured when this command is used.

drp-int n

DRP internal metric. Range is 1 to 100.

Sends a DRP request to all DRP server agents, asking them for the distance from themselves to the edge of their BGP autonomous system in the direction of the client originating the DNS query. This distance can be used along with the DRP-external metric to help determine the distance between the router and the client originating the DNS query.

If the client and the DRP server agent are in the same autonomous system, this metric returns the IGP cost metric between the client and the DRP server agent.

drp-ext n

DRP external metric. Range is 1 to 100.

Sends a DRP request to all DRP server agents, asking them for the BGP distance between them and the client originating the DNS query. This distance represents the number of BGP hops between the autonomous system of the DRP server agent and the autonomous system of the client originating the DNS query. Because this is BGP information, the DRP server agents need to have access to full Internet BGP information for this to be useful.

drp-ser n

DRP to server metric. Range is 1 to 100.

Sends a DRP request to all DRP server agents, asking them for the IGP route metric between them and the distributed server(s) that they support. This distance can be used with the DRP-internal metric (drp-int) in order to get a finer distance calculation between the distributed servers and edge of the BGP autonomous system in the direction of the client originating the DistributedDirector query.

If a true BGP border router is used as a DRP server agent, the DRP-server metric will return the IGP route metric between the distributed server and the BGP border router (autonomous system edge). Because DRP-server metrics should not change frequently, DistributedDirector issues DRP-server queries (and caches the results) every 10 minutes.

random n

Random metric. Range is 1 to 100.

Selects a random number for each distributed server and defines the "best" server as the one with the smallest random number assignment. Using this metric alone results in random redirection of clients to the distributed servers. Because this metric requires no routing table information, it does not trigger DRP requests to the DRP server agents.

admin n

Administrative metric. Range is 1 to 100.

Specifies a simple preference of one server over another. If the administrative metric has been explicitly set to zero, the Director will not consider the server, so the server is taken out-of-service.


Default

No default weight are specified.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Default weights are used for all host names sorted by the Director. To override default weights for a certain host, you would specify host-specific weights in the private DNS server configuration.

When the associated metric is referenced in the sorting decision, it will always be multiplied by the appropriate metric weight. In this way, you can specify that some metrics should be weighted more than others. You may determine the weights you want to use through experimentation. The weights given do not need to add up to 100.

Example

The following command configures default weight metrics:

DD(config)# ip director default-weights drp-int 10 drp-ext 90

Related Commands

debug ip director parse
debug ip director sort
ip director access-list
ip director cache
ip director server preference
show ip director default-weights
show ip director server

ip director host

To define the virtual host name to be used for the distributed servers, use the ip director host global configuration command. Use the no form of this command to remove the virtual host name.

ip director host name
no ip director host name

Syntax Description

name

The name of the virtual host. Do not use an IP address.


Default

No virtual host name is defined.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Example

Following is an example of this command:

DD(config)# ip director host www.sleet.com

Related Command

ip host

ip director host connect

To enable the Director to verify that a server is available, use the ip director host connect global configuration command. The Director redirects clients only to servers that respond. Use the no form of this command to turn off connection parameters.

ip director host name connect port connection-interval
no ip director host name

Syntax Description

name

The name of the host that maps to one or more IP addresses. Do not use an IP address.

port

The port number to which the distributed servers are configured.

connection-interval

The time, in minutes, that elapses between availability checks.


Default

No connection parameter is set.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

When this parameter is configured, the Director will attempt to create a TCP connection to each of the distributed servers on a configured port (for example, port 80 for HTTP servers) over the configured time interval. Servers that yield unsuccessful TCP connection attempts will be marked as unavailable. Following a failed TCP connection, the Director uses a linear backoff algorithm to create subsequent TCP connections to the server to determine when it is again available. This algorithm is used to smoothly handle changes in server or network availability.

The initial connection trial to a server that is labeled as "up" is done three times in rapid succession. If no connection is successful, the percentage confidence that the server is down is set to 10 percent. The retry interval is calculated as the configured interval multiplied by the confidence percentage with a minimum of one minute. Each successive connection attempt is done once and each time the attempt is unsuccessful the confidence percentage is incremented by 10 percent until it reaches 100 percent.


Note   Note that although TCP connection state information may take up to 4 minutes to be cleared, TCP connection timeouts usually occur within about 30 seconds. As a result, the minimum configurable TCP connection time interval on the Director is 1 minute. The minimum retry interval in the Director's linear-backoff algorithm is also 1 minute.


Example

The following example sets the connect interval to 5 minutes to the distributed servers on port 80:

DD(config)# ip director host www.sleet.com connect 80 5

Related Command

ip director host priority

ip director host priority

To configure the order in which the Director considers metrics when picking a server, use the ip director host priority global configuration command. To turn off metric priorities, use the no form of this command.

ip director host name priority {[drp-ser n] [drp-int n] [drp-ext n] [random n]
[
admin n]}
no ip director host name priority [drp-ser] [drp-int] [drp-ext] [random] [admin]

Syntax Description

name

The name of the host that maps to one or more IP addresses. Do not use an IP address.

drp-ser n

DRP server metric. Range is 1 to 100.

Sends a DRP request to all DRP server agents, asking them for the IGP route metric between them and the distributed server(s) that they support. This distance can be used with the DRP-internal metric (drp-int) in order to get a finer distance calculation between the distributed servers and edge of the BGP autonomous system in the direction of the client originating the DistributedDirector query.

If a true BGP border router is used as a DRP server agent, the DRP-server metric will return the IGP route metric between the distributed server and the BGP border router (autonomous system edge). Because DRP-server metrics should not change frequently, DistributedDirector issues DRP-server queries (and caches the results) every 10 minutes.

drp-int n

DRP internal metric. Range is 1 to 100.

Sends a DRP request to all DRP server agents, asking them for the distance from themselves to the edge of their BGP autonomous system in the direction of the client originating the DNS query. This distance can be used along with the DRP-external metric to help determine the distance between the router and the client originating the DNS query.

If the client and the DRP server agent are in the same autonomous system, this metric returns the IGP cost metric between the client and the DRP server agent.

drp-ext n

DRP to external metric. Range is 1 to 100.

Sends a DRP request to all DRP server agents, asking them for the BGP distance between them and the client originating the DNS query. This distance represents the number of BGP hops between the autonomous system of the DRP server agent and the autonomous system of the client originating the DNS query. Because this is BGP information, the DRP server agents need to have access to full Internet BGP information for this to be useful.

random n

Random metric. Range is 1 to 100.

Selects a random number for each distributed server and defines the "best" server as the one with the smallest random number assignment. Using this metric alone results in random redirection of clients to the distributed servers. Because this metric requires no routing table information, it does not trigger DRP requests to the DRP server agents.

admin n

Administrative metric. Range is 1 to 100.

Specifies a simple preference of one server over another. If the administrative metric has been explicitly set to zero, the Director will not consider the server, so the server is taken out-of-service.


Default

No priority parameter is set.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

If multiple servers end up with the same metric value, the next metric is considered to determine the "best" server. If multiple metrics have the same priority value, the metrics are added to obtain a composite metric. For example, if two metrics have the same priority value, they are first multiplied by their weight values (if specified) and then added together to form the composite metric.

If you do not specify weights for a group of distributed servers, there are no default weights for the Director, and you have specified priority values, the weight values are set to 1.

Any metrics that have a nonzero weight and are assigned no priority value are set to a priority value of 101. They are considered after all other metrics that have priority values. As a result, if no priority values are specified for any metrics, metrics are treated additively to form one composite metric.

If you do not use priority and multiple servers have the same metric value, the server whose last IP address was looked at will be returned as the "best" server. If you want to return a random IP address in the case of a tie, use metric priority with the ran metric as the last criterion.

To turn off all priorities on all metrics associated with this host name, use the command no ip director host name priority. You can turn off the priority for a specific metric or metrics using the no ip director host name priority [drp-ser] [drp-int] [drp-ext] [random] [admin] command.

Example

Following example sets the external metric as the first priority and the administrative priority as the second:

DD(config)# ip director host www.sleet.com priority drp-ext 1 admin 2

Related Command

ip director host connect

ip director host weights

To set host-specific weights for the metrics the Director used to determine the best server within a specific virtual host name, use the ip director host weights global configuration command. Use the no form of this command to turn off weights for a host.

ip director host name weights {[drp-ser n] [drp-int n] [drp-ext n] [random n]
[
admin n]}
no ip director host name weights [drp-ser] [drp-int] [drp-ext] [random] [admin]

Syntax Description

name

The name of the host that maps to one or more IP addresses. Do not use an IP address.

drp-ser n

DRP server metric. Range is 1 to 100.

Sends a DRP request to all DRP server agents, asking them for the IGP route metric between them and the distributed server(s) that they support. This distance can be used with the DRP-internal metric (drp-int) in order to get a finer distance calculation between the distributed servers and edge of the BGP autonomous system in the direction of the client originating the DistributedDirector query.

If a true BGP border router is used as a DRP server agent, the DRP-server metric (drp-ser) will return the IGP route metric between the distributed server and the BGP border router (autonomous system edge). Because DRP-server metrics should not change frequently, DistributedDirector issues DRP-server queries (and caches the results) every 10 minutes.

drp-int n

DRP internal metric. Range is 1 to 100.

Sends a DRP request to all DRP server agents, asking them for the distance from themselves to the edge of their BGP autonomous system in the direction of the client originating the DNS query. This distance can be used along with the DRP-external metric to help determine the distance between the router and the client originating the DNS query.

If the client and the DRP server agent are in the same autonomous system, this metric returns the IGP cost metric between the client and the DRP server agent.

drp-ext n

DRP to external metric. Range is 1 to 100.

Sends a DRP request to all DRP server agents, asking them for the BGP distance between them and the client originating the DNS query. This distance represents the number of BGP hops between the autonomous system of the DRP server agent and the autonomous system of the client originating the DNS query. Because this metric is BGP information, the DRP server agents need to have access to full Internet BGP information for this metric to be useful.

random n

Random metric. Range is 1 to 100.

Selects a random number for each distributed server and defines the "best" server as the one with the smallest random number assignment. Using this metric alone results in random redirection of clients to the distributed servers. Because this metric requires no routing table information, it does not trigger DRP requests to the DRP server agents.

admin n

Administrative metric. Range is 1 to 100.

Specifies a simple preference of one server over another. If the administrative metric has been explicitly set to zero, the Director will not consider the server, so the server is taken out-of-service.


Default

No host weights are set. If ip director default-weights are configured, then those weights are the default.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Use host-specific weights when you want to use different metric weights for different virtual host names (for example, www.sleet.com and ftp.sleet.com).

If desired, host-specific weights can instead be configured on the Director's default DNS server.

For example, you could configure host-specific weights with the following DNS TXT record:

hostname in txt "ciscoDD: weights {[drp-int n] [drp-ext n] [drp-ser n] 
[random n] [admin n]}"

To use the default weights for all metrics associated with this host name, use the command no ip director host name weights. To use the default weights for a specific metric or metrics use the no ip director host name weights [drp-ser] [drp-int] [drp-ext] [random] [admin] command.

Example

Following is an example of this command:

DD(config)# ip director host www.sleet.com weights drp-int 4

Related Commands

ip director default-weights
show ip director host

ip director ip-address

To specify a virtual address for HTTP session redirector mode, use the ip director ip-address global configuration command. Use the no form of the command to cancel the use of this virtual address.

ip director ip-address Director-virtual-IP-address
no ip director ip-address Director-virtual-IP-address

Syntax Description

Director-virtual-IP-address

The virtual IP address the Director will receive HTTP requests on.


Default

No virtual address is defined.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

The Director must listen for HTTP requests to port 80 on a virtual web-server IP address. To specify the virtual IP address that the Director will receive HTTP requests on, use the ip director ip-address command.

You can specify multiple IP addresses with separate commands. The IP address must be a valid and unused address on the subnet the Director is connected to. (A good choice is the next host number after the Director interface address.)

Example

Following is an example of this command:

DD(config)# ip director ip-address 34.34.34.34

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

show ip aliases
show ip director

ip director server drp-association

To associate a distributed server with its DRP server agent, use the ip director server drp-association global configuration command. Use the no form of this command to cancel a server DRP association.

ip director server {hostname | host-ip-address} drp-association {name | ip-address}
no ip director server {hostname | host-ip-address} drp-association

Syntax Description

hostname

Host name of a distributed server.

host-ip-address

IP address of a distributed server.

name

Name of the distributed server's DRP server agent.

ip-address

IP address of the distributed server's DRP server agent.


Default

No distributed servers are associated with any DRP server agents.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

If you intend to configure any DRP metrics, you must associate each distributed server with its DRP server agent.

Example

The following is an example of this command:

DD(config)# ip director server 11.0.0.2 drp-association 11.0.0.3

Related Command

show ip director servers

ip director server preference

To specify Director preference of one server over others or to take a server out-of-service, use the ip director server preference global configuration command. The no form of the command cancels any server preference value.

ip director server {hostname | host-ip-address} preference [cost]
no ip director server {hostname | host-ip-address} preference

Syntax Description

hostname

Host name of a server.

host-ip-address

IP address of a serve.

cost

(Optional) An integer in the range 0 to 100. Specifies the preference of one server over another (the larger the number, the lower the preference). Zero takes a server out-of-service.


Default

No preference

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

This command sets the administrative metric for a server. If the metric is set to zero, the server is not considered when sorting addresses, which takes the server out-of-service.

This command overrides any other value for the administrative metric for this host.

Example

The following example sets the preference of a web server to 60:

DD(config)# ip director server 10.0.0.2 preference 60 

Related Commands

ip director access-list
ip director cache
ip director default-weights
show ip director servers

ip director ttl

To specify a time-to-live (TTL) value, use the ip director ttl global configuration command. Use the no form of this command to return the TTL value to the default.

ip director ttl seconds
no ip director ttl [seconds]

Syntax Description

seconds

Time, in seconds, that the end-user client will keep DNS A records received from the Director. It can be number in the range 0 to 2147483647. The default is 0.


Default

Zero

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

This command tells the end-user clients how long to keep DNS A records received from the Director. In most situations, the default value (0) is appropriate. If you increase the value, clients can cache a name-to-address pairing longer, which reduces the need to get new information from the Director.

Example

The following example sets the TTL value to 100 seconds:

DD(config)# ip director ttl 100

Related Command

show ip director

ip dns primary

To identify the Director as the primary DNS name server for a domain and identify the Director as the Start of Authority (SOA) record source, use the ip dns primary global configuration command. Use the no form of this command to remove the Director as the primary DNS name server.

ip dns primary domain soa primary contact [refresh [retry [expire [minimum]]]]
no ip dns primary domain

Syntax Description

domain

The domain or subdomain name.

primary

The DNS host name of the Director.

contact

The host name of the administrative contact for this DNS zone.

refresh

(Optional) The time interval in seconds that must elapse between each poll of the primary by the secondary name server. You may specify a refresh value alone, or you may also specify the retry, expire, or minimum values, in that order. The default is 21600 seconds (6 hours).

retry

(Optional) The time interval in seconds between successive connection attempts by the secondary name server to reach the primary name server in the event that the first attempt fails. When you specify a retry value you must first specify the refresh value. The default is 900 seconds (15 minutes).

expire

(Optional) The time in seconds after which the secondary name server's data expires (TTL) if it cannot reach the primary name server. When you specify an expire value you must first specify the refresh and retry values, in that order. The default is 7776000 seconds (90 days).

minimum

(Optional) The time in seconds that other servers should cache data (TTL) from the name server. When you specify a minimum value, you must first specify the refresh, retry, and expire values, in that order. The default is 86400 seconds (24 hours).


Default

The Director is not defined as the primary DNS name server.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Although the Director can be configured as an authoritative DNS name server, it does not support zone transfers.

Example

The following example makes the private DNS server dd.sleet.com authoritative for the www.sleet.com subdomain and sets the administrative contact for the zone as sysadmin@sleet.com:

DD(config)# ip dns primary www.sleet.com soa dd.sleet.com sysadmim.sleet.com

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

debug domain
ip host
show hosts†

ip drp access-group

To enable an access list for DRP on the Director or a Cisco router, use the ip drp access-group global configuration command. To remove the list, use the no form of the command.

ip drp access-group access-list-number
no ip drp access-group access-list-number

Syntax Description

access-list-number

Number of a standard IP access list in the range 1 to 99.


Default

Answer all queries.

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

This command applies an access list to DRP, thereby controlling what incoming DRP packets are acted on. If both a key chain and an access group have been specified, both security measures must permit access before a request is processed.

Example

The following command ensures that only incoming DRP packets matching access list 1 are passed to the DRP agent for processing. All others are ignored:

DD(config)# ip drp access-group 1

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

ip director access-list
ip drp authentication key-chain
ip drp server
show access-lists

show ip drp

ip drp authentication key-chain

To configure MD5 authentication for DRP on the Director or a Cisco router, use the ip drp authentication key-chain global configuration command. To remove the key chain, use the no form of this command.

ip drp authentication key-chain key-chain-name
no ip drp authentication key-chain key-chain-name

Syntax Description

key-chain-name

Name of the key chain containing one or more authentication keys. The key chain is a string of characters without spaces.


Default

No MD5 authentication for DRP

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.2.

When a key chain and a key are configured, the key is used to authenticate all DRP requests and responses. The key on the response agent must match the key on the primary agent. Use the key, key chain, and key-string commands to configure the key.

Example

The following example configures a key chain named tg817wrn:

DD(config)# ip drp authentication key-chain tg817wrn

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

ip director access-list
ip drp access-group
ip drp server
key
key chain
key-string
show ip drp
show key chain

ip drp server

To enable DRP on a Cisco router, use the ip drp server global configuration command. The no form of this command disables DRP.

ip drp server
no ip drp server

Syntax Description

This command has no arguments or keywords.

Default

Not enabled

Command Mode

Global configuration

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

DRP is normally disabled. Use this command to enable it on your DRP server agents.

Example

The following command turns on the DRP server agent:

DD(config)# ip drp server

Related Commands

ip director access-list
ip drp access-group
ip drp authentication key-chain
show ip drp

ip host

To define a static host name-to-address mapping in the host cache, use the ip host global configuration command. To remove the name-to-address mapping, use the no form of this command.

ip host name [tcp-port-number] address1 [address2...address8]
no ip host name address

Syntax Description

name

Name of the host. The first character can be either a letter or a number. If you use a number, the operations you can perform are limited.

tcp-port-number

(Optional) TCP port number to connect to when using the defined host name in conjunction with an EXEC connect or Telnet command. The default is Telnet (port 23).

address1

Associated IP address.

address2...address8

(Optional) Additional associated IP address. You can bind up to eight addresses to a host name.


Default

Disabled

Command Mode

Global configuration

Usage Guidelines

The first character can be either a letter or a number. If you use a number, the operations you can perform (such as ping) are limited.

Example

The following example defines three distributed servers as members of the www.sleet.com domain:

ip host www.sleet.com 10.0.0.2 11.0.0.2 12.0.0.2

ip name-server

To specify the address of one or more name servers to use for name and address resolution, use the ip name-server global configuration command. To remove the addresses specified, use the no form of this command.

ip name-server DNS-server-IP-address
no ip name-server DNS-server-IP-address

Syntax Description

DNS-server-IP-address

The IP address of the DNS server. For DNS caching name server mode, the IP address is for the private DNS server. For HTTP session redirector mode, the IP address is for the primary DNS server.


Default

No server is specified.

Command Mode

Global configuration

Usage Guidelines

The Director requests DNS information from the specified DNS server. For DNS caching name server mode, the DNS server is the private DNS server; for HTTP session redirector mode, the DNS server is the primary DNS server. The DNS server must be configured to provide the correct information to the Director.

Example

Following is an example of this command:

DD(config)# ip name-server 10.11.12.13

Related Command

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

show host

key

To identify an authentication key on a key chain, use the key key chain configuration command. To remove the key from the key chain, use the no form of this command.

key number
no key number

Syntax Description

number

Identification number of an authentication key on a key chain. The range of keys is 0 to 2147483647. The key identification numbers need not be consecutive.


Default

No key exists on the key chain.

Command Mode

Key chain configuration

Usage Guidelines

Currently, only RIP Version 2 and DRP use authentication keys. It is useful to have multiple keys on a key chain so that the software can sequence through the keys as they become invalid after time, based on the accept-lifetime and send-lifetime settings.

To remove all keys, remove the key chain by using the no key chain command.

If authentication is enabled, the software sends a RIP or DRP packet for every active key on the key chain. Therefore, if two keys on the key chain happen to be active based on the send-lifetime values, the software sends two RIP or DRP packets every 30 seconds (one authenticated with each key).

Example

The following example configures a key chain called trees. In this example, the software will always accept and send willow as a valid key. The key chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The overlap allows for migration of keys or a discrepancy in the router's set time. Likewise, the key birch immediately follows chestnut, and there is a half hour leeway on each side to handle time-of-day differences.

interface ethernet 0
  ip rip authentication key-chain trees
  ip rip authentication mode md5
!
router rip
  network 172.19.0.0
  version 2
!
key chain trees
  key 1
     key-string willow
  key 2
     key-string chestnut
     accept-lifetime 13:30:00 Jan 25 1996 duration 7200
     send-lifetime 14:00:00 Jan 25 1996 duration 3600
  key 3
     key-string birch
     accept-lifetime 14:30:00 Jan 25 1996 duration 7200
     send-lifetime 15:00:00 Jan 25 1996 duration 3600

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

accept-lifetime
key chain
key-string
send-lifetime†
show key chain†

key chain

To enable authentication for routing protocols, identify a group of authentication keys by using the key chain global configuration command. To remove the key chain, use the no form of this command.

key chain name-of-chain
no key chain name-of-chain

Syntax Description

name-of-chain

Name of a key chain. A key chain must have at least one key, and can have up to 2147483647 keys.


Default

No key chain exists.

Command Mode

Global configuration

Usage Guidelines

Currently only RIP Version 2 and DRP use authentication keys. You must configure a key chain with keys to enable authentication on RIP and DRP packets.

You can identify multiple key chains, but it makes sense to use one key chain per interface per routing protocol. Upon specifying the key chain command, you enter key chain mode.

Example

The following example configures a key chain called trees. In this example, the software will always accept and send willow as a valid key. The key chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The overlap allows for migration of keys or a discrepancy in the router's set time. Likewise, the key birch immediately follows chestnut, and there is a half hour leeway on each side to handle time-of-day differences.

interface ethernet 0
  ip rip authentication key-chain trees
  ip rip authentication mode md5
!
router rip
  network 172.19.0.0
  version 2
!
key chain trees
  key 1
     key-string willow
  key 2
     key-string chestnut
     accept-lifetime 13:30:00 Jan 25 1996 duration 7200
     send-lifetime 14:00:00 Jan 25 1996 duration 3600
  key 3
     key-string birch
     accept-lifetime 14:30:00 Jan 25 1996 duration 7200
     send-lifetime 15:00:00 Jan 25 1996 duration 3600

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

accept-lifetime
ip rip authentication key-chain†
key
key-string
send-lifetime†
show key chain†

key-string

To specify the authentication string for a key, use the key-string key chain key configuration command. To remove the authentication string, use the no form of this command.

key-string text
no key-string [text]

Syntax Description

text

Authentication string that must be sent and received in the packets using the routing protocol being authenticated. The string can contain from 1 to 80 uppercase and lowercase alphanumeric characters, except that the first character cannot be a number.


Default

No key exists.

Command Mode

Key chain key configuration

Usage Guidelines

Currently only RIP Version 2 and DRP use authentication keys. Each key can have only one key string.

If password encryption is configured (with the service password-encryption command), the software saves the key string as encrypted text. When you write to the terminal with the show running-config command, the software displays key-string 7 encrypted text.

Example

The following example configures a key chain called trees. In this example, the software will always accept and send willow as a valid key. The key chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The overlap allows for migration of keys or a discrepancy in the router's set time. Likewise, the key birch immediately follows chestnut, and there is a half hour leeway on each side to handle time-of-day differences.

interface ethernet 0
  ip rip authentication key-chain trees
  ip rip authentication mode md5
!
router rip
  network 172.19.0.0
  version 2
!
key chain trees
  key 1
     key-string willow
  key 2
     key-string chestnut
     accept-lifetime 13:30:00 Jan 25 1996 duration 7200
     send-lifetime 14:00:00 Jan 25 1996 duration 3600
  key 3
     key-string birch
     accept-lifetime 14:30:00 Jan 25 1996 duration 7200
     send-lifetime 15:00:00 Jan 25 1996 duration 3600

Related Commands

A dagger (†) indicates that the command is documented in the Cisco IOS command reference publications.

accept-lifetime
key
key chain
send-lifetime†
service password-encryption †
show key chain†

show ip director

To show the Director status, use the show ip director EXEC command.

show ip director

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

The show ip director command reports various types of information about the settings of Director parameters. You can use this information to troubleshoot operational and configuration problems, such as:

How many queries the Director has processed. This can indicate if the Director's access lists are working.

How long queries have awaited Director metric information (for example, via DRP). This can help diagnose DRP-related problems.

How many Director sort cache entries have been used. This can tell you how useful the sort cache is in your environment.

How many DRP queries have been received and how many were sent. This can help diagnose DRP problems.

The MD5 authentication key chain in effect, if any.

Sample Display

Following is sample output:

DD> show ip director
Distributed Director status:
Queries received: 102
Queries replied: 102
TTL for reply A RRs when sorted by DD: 0 secs
Queries awaiting processing by DD: 0
Queries awaiting metric info = 0
Metric info. wait time min/avg/max = 0.000/0.504/0.504 secs
Director cache is on
Cache time for sort cache entries: 60 secs
Director sort cache hits = 7
Director Response Protocol:
  34 requests, 34 replies, 0 bad replies
  Authentication key-chain "not defined"
  Output queue length = 0

describes the fields shown in the display.

Table 10-8 Show IP Director Field Descriptions

Field
Description
Distributed Director status:

Queries received

The number of requests for information the Director has received.

Queries replied

The number of requests for information the Director has processed.

TTL for reply A RRs when sorted by DD

The time-to-live value for DNS "A" resource record replies, when sorted by the Director.

Queries awaiting processing by DD

The number of queries in the queue to be processed. This number is usually between 0 and 10.

Queries awaiting metric info

The number of outstanding requests being held until metric information (for example drp-int and drp-ext metrics) arrives.

Metric info. wait time min/avg/max

The minimum, average, and maximum time queries are held before DRP replies are received and the metric information processed by the Director.

Director cache is on

Indicates if the Director's cache is on or off.

Cache time for sort cache entries

When the Director's cache is on, the length of time the Director keeps sorted metric values. This time is configurable using the ip director cache-time command. (Not shown if the cache is off.)

Director sort cache hits

When the Director's cache is on, the number of times requests were satisfied with contents of the cache. (Not shown if the cache is off.)

Director Response Protocol:

requests

The number of requests the DRP has received.

replies

The number of replies the DRP has sent.

bad replies

The number of DRP replies received that were not correctly formatted or whose version number was not within an acceptable range.

Authentication key-chain

Indicates whether an MD5 authentication key chain was configured for the Director.

Output queue length

The number of requests that have been made by the Director for the DRP server(s) and are waiting in the Director's output queue because they have not yet been sent to the appropriate DRP server.


Related Commands

show ip director access-list
show ip director cache
show ip director default-weights
show ip director server
show ip drp

show ip director access-list

To show the Director access lists, use the show ip director access-list EXEC command.

show ip director access-list [number]

Syntax Description

number

(Optional) An access list number. If unspecified, all access lists are shown.


Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

This command lets you view your access list definitions on the Director.

Sample Display

Following is sample output, which shows the number of the defined access list and what the address restrictions are for that list:

DD> show ip director access-list 1
Director Agent Names access list 1
permit ^ftp.*
deny .*

Related Commands

show ip director
show ip director cache
show ip director default-weights
show ip director server
show ip drp

show ip director cache

To show Director cache information, use the show ip director cache EXEC command.

show ip director cache

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

The show ip director cache command can help in troubleshooting problems related to the manner in which the Director sorts addresses for clients. It reports the final rank and priority of each address, along with the values of all metrics involved. Furthermore, it indicates which metrics actually have valid values.

Sample Display

Following is sample output:

DD# show ip director cache
Director cache is on
Cache time for sort cache entries: 60 secs
Director sort cache hits = 7
Entries:
www.hacks.org: for client 172.19.169.15, used 0 times, valid for: 00:00:30 
server 172.19.169.99, rank 63, priority 101
  random incomplete: 0
  DRP route lookup external to AS complete: 0 
  administrative preference complete: 60
  DRP route lookup internal to AS complete: 3 
  DRP distance to associated server incomplete: 0
server 130.21.34.10, rank 42, priority 101, best 
  random incomplete: 0
  DRP route lookup external to AS complete: 0 
  administrative preference complete: 40
  DRP route lookup internal to AS complete: 2 
  DRP distance to associated server incomplete: 0

describes the fields shown in the display.

Table 10-9 Show IP Director Cache Field Descriptions

Field
Description

Director cache

Indicates whether Director caching is enabled or disabled

Cache time for sort cache entries

The length of time the Director keeps sorted metric values. This time is configurable using the ip director cache-time command.

Director sort cache hits

The number of times requests were satisfied with contents of the cache.

Entries:
 

DNS-name: for client

An end-user client that accessed the DNS name.

used n times

The number of times a client accessed the DNS name.

valid for or
expired

Either expired or valid. If valid, indicates the time and the values that are cached. If expired, then the DRP server agents are queried again.

server

The distributed server to which the client was sent.

rank

Together with priority, determines the sorting of the addresses. Priority is considered first. All addresses with the lowest priority are taken in order of ran, lowest to highest. The addresses with the next highest priority are then taken in order of their rank, lowest to highest, etc. The "best" address in a list is the one with the lowest rank among addresses with the lowest priority.

priority

Indicates a priority metric weight is set for this metric. If no priority is set for the metric, the priority is shown as 101.

best

The address which was determined to be the "best" one for this client, and which was returned. The "best" address in a list is the one with the lowest rank among addresses with the lowest priority.

random incomplete

Value of the random metric.

DRP route lookup external to AS complete

Value of the drp-ext metric.

administrative preference complete

Value of the admin metric.

DRP route lookup internal to AS complete

Value of the drp-int metric.

DRP distance to associated server incomplete

Value of the drp-ser metric.


Related Commands

show ip director
show ip director access-list
show ip director default-weights
show ip director server
show ip drp

show ip director default-weights

To show the Director default weights, use the show ip director default-weights EXEC command.

show ip director default-weights

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

Use the show ip director default-weights command to view the default weights which are in use. This information is used during address sorting for any host names that do not have associated host-specific metric weight information. This information can be very useful in diagnosing problems related to incorrect or inconsistent address sorting in the Director.

Sample Display

Following is sample output:

DD> sh ip dir def
Director default metric weights:
random weight = 0
DRP route lookup external to AS weight = 0 
administrative preference weight = 1
DRP route lookup internal to AS weight = 1 

describes the fields shown in the display.

Table 10-10 Show IP Director Default-Weights Field Descriptions

Field
Description

random weight

Random metric weight value.

DRP route lookup external to AS weight

DRP external metric weight value.

administrative preference weight

Administrative metric weight value.

DRP route lookup internal to AS weight

DRP internal metric weight value.


Related Commands

show ip director
show ip director access-list
show ip director cache
show ip director server
show ip drp

show ip director hosts

To display the Director host information, use the show ip director hosts EXEC command.

show ip director hosts [host]

Syntax Description

host

(Optional) The IP address or host name of a distributed server.


Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

The show ip director hosts command can help with troubleshooting problems related to correct operation of the Director, including the correct sorting of addresses in several ways. Key elements of the command output and their uses are shown below:

The IP address of the associated DRP router for each server. This can help to diagnose DRP-related sorting problems.

The number of times a particular server's address has been selected and returned to a client. This might help in diagnosing sorting problems.

If the ip director host connect command has been configured, the output will indicate the current state (up or down) of the host, and the length of time for which this information has been valid. This might help in diagnosing problems with a host not being selected.

The servers associated with a particular Director hostname. You can verify the servers you expect to see in this list.

The current configured connection interval and port for this Director host name. This information can be useful in diagnosing problems related to a server never being selected.

Host-specific weights and priorities (if configured in the Director). This may help in diagnosing Director sorting problems.

Sample Display

Following is sample output:

DD> show ip director hosts 133.22.33.11
Server www.hacks.org (133.22.33.11)
  Advertised 0 times, last at never, preference none
  Corresponding DRP agent is 133.22.33.2

describes the fields shown in the display.

Table 10-11 Show IP Director Hosts Field Descriptions

Field
Description

Server

The host name and IP address of the distributed server.

Advertised n times

The number of times this distributed server's address has been returned to clients as the "best" one for them.

last at

The time at which this distributed server's address was last "advertised."

preference

The value of the administrative preference metric for this distributed server.

Corresponding DRP agent is

The IP address of the distributed server's DRP server agent.


Related Commands

ip director host priority
ip director host weights

show ip director servers

To display the Director server preference information, use the show ip director servers EXEC command.

show ip director servers [name | ip-address]

Syntax Description

name

(Optional) The host name of a distributed server

ip-address

(Optional) The IP address of a distributed server.


Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

If a name or ip-address is not specified, all distributed servers are shown.

The show ip director servers command can help with troubleshooting problems related to correct operation of the Director, including the correct sorting of addresses in several ways. Key elements of the command output and their uses are shown below:

The IP address of the associated DRP router for each server. This can help to diagnose DRP-related sorting problems.

The number of times a particular server's address has been selected and returned to a client. This might help in diagnosing sorting problems.

If the ip director host connect command has been configured, the output will indicate the current state (up or down) of the host, and the length of time for which this information has been valid. This might help in diagnosing problems with a host not being selected.

Sample Display

Following is sample output:

DD> show ip director servers
Server www.hacks.org (172.19.169.99)
  Advertised 12 times, last at 00:15:08, preference none
  Default portion: 3
  Corresponding DRP agent is 172.19.169.13
  Distance to associated DRP router: 0 
  Port 23:
    Connection interval: 2 minutes, Status: Up, Next retry in: 00:01:07

describes the fields shown in the display.

Table 10-12 Show IP Director Servers Field Descriptions

Field
Description

Server

The DNS name (host or domain name) or IP address (or both), that the Director associates with this distributed server.

Advertised

The number times the web server address was advertised as the IP address for the subdomain or host name.

last at

The last time the web server address was advertised as the subdomain name or host name.

preference

The web server's preference setting.

Default portion

The portion metric for this server.

Corresponding DRP agent

The IP address of the Director Response Protocol (DRP) server agent that supports the distributed server.

Distance to associated DRP router

The internal routing protocol distance between the web server and its associated DRP router.

Connection interval

This server's TCP connection interval.


Related Commands

show ip director
show ip director access-list
show ip director cache
show ip director default-weights
show ip director server
show ip drp

show ip drp

To display DRP statistics on the Director or a DRP server agent, use the show ip drp EXEC command.

show ip drp

Syntax Description

This command has no arguments or keywords.

Command Mode

EXEC

Usage Guidelines

This command first appeared in Cisco IOS Release 11.1 IA.

The show ip drp command can help diagnose problems with the DRP protocol. This command can be used on the Director and on a DRP server agent-enabled router.

Sample Display

Following is sample output:

DD> show ip drp
Director Responder Protocol Agent is enabled
183 director requests
183 successful route table lookups
0 successful measured lookups
0 no route in table
0 nortt
0 DRP packet failures returned
Authentication is enabled, using "DD" key-chain

describes significant fields shown in the display.

Table 10-13 Show IP DRP Field Descriptions

Field
Description

Director Responder Protocol Agent is

The Director Responder Protocol (DRP) agent is enabled to receive requests from and respond to the DistributedDirector, or it is disabled.

director requests

The number of requests the Director sent to this DRP agent.

successful route table lookups

Of the number of requests, the number that were looked up successfully. That is, the information requested was looked up or obtained successfully.

no route

Of the number of requests, the number that did not receive responses.

A large number of no route responses might indicate that one or more of the DRP routers does not have complete enough routing information.

failures

Of the number of requests, the number that were not looked up successfully. A failure occurs when either the authentication of the query received from the Director fails or the DRP version of this DRP agent is incompatible with the version that appears in the query packet from the Director.

A large number of failures might indicate that there is a problem with MD5 encryption keys.


Related Commands

show ip director
show ip director access-list
show ip director cache
show ip director default-weights
show ip director server

Summary of Additional Cisco IOS Commands

This section contains syntax summaries of commands mentioned in the appendixes of this guide. Refer to the Cisco IOS configuration guides and command references for additional information about these commands.

configure {terminal | memory | network}

To enter global configuration mode, use the configure privileged EXEC command. You must be in global configuration mode to enter global configuration commands.

terminal

Executes configuration commands from the terminal.

memory

Executes the commands stored in NVRAM.

network

The copy rcp running-config or copy tftp running-config command replaces the configure network command. If you use rcp, see the copy rcp command for more information on copy rcp running-config. If you use TFTP, see the copy tftp command for more information on copy tftp running-config.


copy running-config {rcp | startup-config | tftp}

To copy the router's running configuration file to another destination, use one of the listed copy running-config EXEC commands. The copy running-config startup-config command replaces the write memory command. The copy running-config rcp or copy running-config tftp command replaces the write network command.

rcp

Specifies a copy operation to a network server using rcp.

startup-config

Specifies the configuration used for initialization as the destination of the copy operation.

tftp

Specifies a TFTP server as the destination of the copy operation.


show controllers e1 [slot/port]

Use the show controllers e1 privileged EXEC command to display information about the E1 links supported by the Network Processor Module (NPM) (Cisco DistributedDirector 4700-M)

slot

(Optional) Specifies the backplane slot number and can be 0, 1, 2, 3, or 4.

port

(Optional) Specifies the port number of the controller and can be 0 or 1.


show controllers ethernet number

Use the show controllers ethernet EXEC command to display information on the Cisco DistributedDirector 2501.

number

Interface number of the Ethernet interface.


show running-config

To display the configuration information currently running on the terminal, use the show running-config EXEC command. This command replaces the write terminal command.

show startup-config

To display the contents of NVRAM (if present and valid) or to show the configuration file pointed to by the CONFIG_FILE environment variable, use the show startup-config EXEC command. This command replaces the show configuration command.

show version

Use the show version EXEC command to display the configuration of the system hardware, the software version, the names and sources of configuration files, and the boot images.

write memory

The copy running-config startup-config command replaces this command. Refer to the description of the copy running-config command for more information on copy running-config startup-config.