The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco Nexus 1000V commands that begin with the letter I.
To add the inherited configuration to the new port profile as a default configuration, use the inherit port-profile command. To remove the inherited policies, use the no form of this command.
inherit port-profile name
no inherit port-profile
name |
Port profile name whose policies are inherited. The name has a maximum length of 80, case-sensitive, alphanumeric characters and must be unique for each port profile on the Cisco Nexus 1000V. |
None
Port profile configuration (config-port-prof)
network-admin
Any inherited setting, except the port profile type, can be changed using the command-line interface (CLI).
When you use the no form of this command, the port profile settings are returned to the defaults, except for the port profile type and any settings that were explicitly configured independent of those inherited.
This example shows how to designate AllAccess1 as the port profile whose policies will be inherited:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# port-profile type vethernet AllAccess2
n1000v(config-port-prof)# inherit port-profile AllAccess1
This example shows how to remove the inherited policies:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# port-profile type vethernet AllAccess2
n1000v(config-port-prof)#
no port-profile inherit
|
|
---|---|
port-profile |
Places you into port profile configuration mode and defines the port profile. |
show port-profile |
Displays the port profile inherited by the current port profile. |
To install a license file(s) on a Virtual Supervisor Module (VSM), use the install license bootflash: command.
install license bootflash: filename
filename |
(Optional) License file name. If you do not specify a name, then the license is installed using the default name. The filename is alphanumeric, case-sensitive and can be up to 28 characters. |
None
Any
network-admin
network-operator
Follow these guidelines:
•You must first uninstall an evaluation license if one is present on your Virtual Supervisor Module (VSM). For more information, see the Cisco Nexus 1000V License Configuration Guide, Release 4.2(1)SV1(5.1).
•You must be logged in to the active VSM console port.
•This command installs the license file using the name, license_file.lic. You can specify a different name.
•If you are installing multiple licenses for the same VSM, also called license stacking, make sure that each license key filename is unique.
•Repeat this procedure for each additional license file you are installing, or stacking, on the VSM.
This example shows how to install a license to bootflash on a VSM and then display the installed file:
n1000v# install license bootflash:license_file.lic
Installing license ..done
n1000v# show license file license.lic
SERVER this_host ANY
VENDOR cisco
INCREMENT NEXUS1000V_LAN_SERVICES_PKG cisco 1.0 permanent 1 \
HOSTID=VDH=1575337335122974806 \
NOTICE="<LicFileID>license.lic</LicFileID><LicLineID>0</LicLineID> \
<PAK>PAK12345678</PAK>" SIGN=3AF5C2D26E1A
n1000v#
To configure the control interface and enter interface configuration mode, use the interface control0 command.
interface control0
This command has no arguments or keywords.
None
Global configuration (config)
Interface configuration (config-if)
network-admin
This example shows how to enter interface configuration mode to configure the control interface:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
interface control0
n1000v(config-if)#
|
|
---|---|
show interface control0 |
Displays information about the traffic on the control interface. |
To configure an Ethernet interface, use the interface ethernet command.
interface ethernet slot/port
None
Global configuration (config)
Interface configuration (config-if)
network-admin
This example shows how to access interface command mode for configuring the Ethernet interface on slot 2, port 1:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet 2/1
n1000v(config-if)#
|
|
---|---|
show interface ethernet |
Displays information about the Ethernet interface. |
To configure the management interface and enter interface configuration mode, use the interface mgmt0 command.
interface mgmt0
This command has no arguments or keywords.
None
Global configuration (config)
Interface configuration (config-if)
network-admin
This example shows how to enter interface configuration mode to configure the management interface:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
interface mgmt0
n1000v(config-if)#
|
|
---|---|
show interface mgmt0 |
Displays information about the traffic on the management interface. |
To create a port channel interface and enter interface configuration mode, use the interface port-channel command. To remove a logical port channel interface or subinterface, use the no form of this command.
interface port-channel channel-number
no interface port-channel channel-number
channel-number |
Channel number that is assigned to this port channel logical interface. The range is from 1 to 4096. |
None
Global configuration (config)
Interface configuration (config-if)
network-admin
Use the interface port-channel command to create or delete port channel groups and to enter interface configuration mode for the port channel.
A port can belong to only one channel group.
When you use the interface port-channel command, follow these guidelines:
•If you are using the Cisco Discovery Protocol (CDP), you must configure it only on the physical interface and not on the port channel interface.
•If you do not assign a static MAC address on the port channel interface, a MAC address is automatically assigned. If you assign a static MAC address and then later remove it, the MAC address is automatically assigned.
•The MAC address of the port channel is the address of the first operational port added to the channel group. If this first-added port is removed from the channel, the MAC address comes from the next operational port added, if there is one.
This example shows how to create a port channel group interface with channel group number 50:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
interface port-channel 50
n1000v(config-if)#
|
|
---|---|
show interface port-channel |
Displays information on traffic on the specified port channel interface. |
show port-channel summary |
Displays information about the port channels. |
To create a virtual Ethernet interface and enter interface configuration mode, use the interface vethernet command. To remove a virtual Ethernet interface, use the no form of this command.
interface vethernet number
no interface vethernet number
number |
Interface number. The range is from 1 to 1048575. |
None
Global configuration (config)
Interface configuration (config-if)
network-admin
Use the interface vethernet command to create a virtual Ethernet interface.
This example shows how to create a virtual Ethernet interface:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)#
interface vethernet 50
n1000v(config-if)#
|
|
---|---|
show interface vethernet |
Displays information about the traffic on the specified virtual Ethernet interface. |
To create an IP access group for the mgmt0 interface, use the ip access-group command. To remove the access group, use the no form of this command.
ip access-group name {in | out}
no ip access-group name {in | out}
None
Interface configuration (config-if)
network-admin
This example shows how to configure an IP access group named Telnet for incoming traffic to the mgmt0 interface:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface mgmt0
n1000v(config-if)# ip access-group telnet in
n1000v(config-if)#
|
|
---|---|
show ip access-lists |
Displays the ACL configuration. |
To create an access list, use the ip access-list command. To remove an access list, use the no form of this command.
ip access-list {name | match-local-traffic}
no ip access-list {name | match-local-traffic}
name |
List name. The list name is alphanumeric, case-sensitive and can be up to 28 characters. |
match-local-traffic |
Enables access list matching for locally generated traffic. |
No access list exists.
Global configuration (config)
network-admin
This example shows how to create an access list:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
ip access-list acl1
n1000v(
config)#
|
|
---|---|
show access-lists |
Displays access lists. |
To create an IP route, use the ip route command. To remove an IP route, use the no form of this command.
ip route {address mask | prefix} {next-hop | next-hop-prefix | interface-type interface-number} [tag tag-value | preference]
no ip route {address mask | prefix} {next-hop | next-hop-prefix | interface-type interface-number} [secondary | tag tag-value | preference]
None
Global configuration (config)
network-admin
This example shows how to create an IP address:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
ip route 10.1.1.0 255.255.255.0 10.1.1.10
n1000v(
config)#
|
|
---|---|
show ip interface A.B.C.D. |
Displays interfaces for local IP addresses. |
To set the rate limit of the Address Resolution Protocol (ARP) requests and responses, use the ip arp inspection limit command. To remove this setting, use the no form of this command. To set the rate limit to its default, use the default form of this command.
ip arp inspection limit {rate pps [burst interval bint] | none}
no ip arp inspection limit {rate pps [burst interval bint] | none}
default ip arp inspection limit {rate pps [burst interval bint] | none}
rate pps |
Specifies the rate limit in packets per second. |
burst interval bint |
(Optional) Specifies the burst interval. (Optional) Burst interval in seconds. |
none |
Specifies that there is no limit. |
None
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
This example shows how to set the rate limit of ARP requests to 20 pps:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
ip arp inspection limit rate 20
This example shows how to remove the configuration:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no arp inspection limit rate 20
|
|
---|---|
show ip arp inspection interface |
Displays the trust state and the ARP packet rate for a specified interface. |
To configure a Layer 2 interface as a trusted Address Resolution Protocol (ARP) interface, use the ip arp inspection trust command. To configure a Layer 2 interface as an untrusted ARP interface, use the no form of this command. To return a Layer 2 interface to its default, use the default form of this command.
ip arp inspection trust
no ip arp inspection trust
default ip arp inspection trust
This command has no arguments or keywords.
By default, all interfaces are untrusted ARP interfaces.
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
You can configure only Layer 2 virtual Ethernet interfaces as trusted ARP interfaces.
This example shows how to configure a Layer 2 interface as a trusted ARP interface:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface vethernet 2
n1000v(config-if)# ip arp inspection trust
n1000v(config-if)#
|
|
---|---|
show ip arp inspection interface |
Displays the trust state and the ARP packet rate for a specified interface. |
To enable additional Dynamic Address Resolution Protocol (ARP) Inspection (DAI) validation, use the ip arp inspection validate command. To disable additional DAIs, use the no form of this command.
ip arp inspection validate {dst-mac [ip] [src-mac] | ip [dst-mac] [src-mac] | src-mac [dst-mac] [ip]}
no ip arp inspection validate {dst-mac [ip] [src-mac] | ip [dst-mac] [src-mac] | src-mac [dst-mac] [ip]}
None
Global configuration (config)
network-admin
You must specify at least one keyword. If you specify more than one keyword, the order is irrelevant.
This example shows how to enable additional DAI validation:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# ip arp inspection validate src-mac dst-mac ip
n1000v(config)#
|
|
---|---|
show ip arp inspection statistics |
Displays the DAI configuration status. |
To enable dynamic Address Resolution Protocol (ARP) inspection (DAI) for a list of VLANs, use the ip arp inspection vlan command. To disable DAI for a list of VLANs, use the no form of this command.
ip arp inspection vlan vlan-list
no ip arp inspection vlan vlan-list
None
Global configuration (config)
network-admin
By default, the device does not log packets inspected by DAI.
This example shows how to enable DAI on VLANs 13, 15, and 17 through 23:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# ip arp inspection vlan 13,15,17-23
n1000v(config)#
|
|
---|---|
ip arp inspection validate |
Enables additional DAI validation. |
show ip arp inspection vlan |
Displays the DAI status for a specified list of VLANs. |
To globally enable Dynamic Host Configuration Protocol (DHCP) snooping, use the ip dhcp snooping command. To globally disable DHCP snooping, use the no form of this command.
ip dhcp snooping
no ip dhcp snooping
This command has no arguments or keywords.
By default, DHCP snooping is globally disabled.
Global configuration (config)
network-admin
To use this command, you must enable the DHCP snooping feature (see the feature dhcp command).
The device preserves the DHCP snooping configuration when you disable DHCP snooping with the no ip dhcp snooping command.
This example shows how to globally enable DHCP snooping:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# ip dhcp snooping
n1000v(config)#
To relay the Virtual Supervisor Module (VSM) MAC address and virtual Ethernet port information in Dynamic Host Configuration Protocol (DHCP) packets, use the ip dhcp snooping information option command. To remove the configuration, use the no form of this command.
ip dhcp snooping information option
no ip dhcp snooping information option
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
This example shows how to globally relay the VSM MAC address and virtual Ethernet port information in DHCP packets:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# ip dhcp snooping information option
n1000v(config)#
This example shows how to remove global relaying of the VSM MAC address and virtual Ethernet port information in DHCP packets:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no ip dhcp snooping information option
n1000v(config)#
To configure a rate limit for Dynamic Host Configuration Protocol (DHCP) packets that are received on a port, use the ip dhcp snooping limit rate command. To remove the rate limit for DHCP packets that are received on each port, use the no form of this command. To restore the default setting, use the default form of this command.
ip dhcp snooping limit rate rate
no ip dhcp snooping limit rate
default ip dhcp snooping limit rate
rate |
DHCP packets per second. The range is from 1 to 2048. |
None
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
This example shows how to limit the rate of DHCP packets to 30 packets per-second on virtual Ethernet interface 3:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
interface vethernet 3
n1000v(
config-if)#
ip dhcp snooping limit rate 30
To configure an interface as a trusted source of Dynamic Host Configuration Protocol (DHCP) messages, use the ip dhcp snooping trust command. To configure an interface as an untrusted source of DHCP messages, use the no form of this command. To restore the default setting, use the default form of this command.
ip dhcp snooping trust
no ip dhcp snooping trust
default ip dhcp snooping trust
This command has no arguments or keywords.
By default, no interface is a trusted source of DHCP messages.
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
You can configure DHCP trust on the following types of interfaces:
•Layer 2 virtual Ethernet interfaces
•Private VLAN interfaces
This example shows how to configure an interface as a trusted source of DHCP messages:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface vethernet 2
n1000v(config-if)# ip dhcp snooping trust
n1000v(config-if)#
To enable Dynamic Host Configuration Protocol (DHCP) snooping for MAC address verification, use the ip dhcp snooping verify mac-address command. To disable MAC address verification, use the no form of this command.
ip dhcp snooping verify mac-address
no ip dhcp snooping verify mac-address
This command has no arguments or keywords.
None
Global configuration (config)
network-admin
This example shows how to enable DHCP snooping for MAC address verification:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# ip dhcp snooping verify mac-address
n1000v(config)#
This example shows how to disable DHCP snooping for MAC address verification:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# no ip dhcp snooping verify mac-address
n1000v(config)#
To enable Dynamic Host Configuration Protocol (DHCP) snooping on one or more VLANs, use the ip dhcp snooping vlan command. To disable DHCP snooping on one or more VLANs, use the no form of this command.
ip dhcp snooping vlan vlan-list
no ip dhcp snooping vlan vlan-list
By default, DHCP snooping is not enabled on any VLAN.
Global configuration (config)
network-admin
This example shows how to enable DHCP snooping on VLANs 100, 200, and 250 through 252:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# ip dhcp snooping vlan 100,200,250-252
n1000v(config)#
To enable IP directed broadcast, use the ip directed-broadcast command. To disable IP directed broadcast, use the no form of this command.
ip directed-broadcast
no ip directed-broadcast
This command has no arguments or keywords.
None
Interface configuration (config-if)
network-admin
This example shows how to enable IP directed broadcast:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
interface mgmt 0
n1000v(
config-if)#
ip directed-broadcast
n1000v(
config-if)#
|
|
---|---|
show ip interface |
Displays IP interface information. |
To specify the IP Differentiated Services Code Point (DSCP) value for the packets in the Encapsulated Remote Switch Port Analyzer (ERSPAN) traffic and save it in the running configuration, use the ip dscp command.
ip dscp dscp_value
dscp_value |
DSCP value, in seconds, for ERSPAN traffic packets. The range is from 0 to 63. |
The default DSCP value is 0.
Command-line interface (CLI) ERSPAN source configuration (config-erspan-src)
network-admin
This example shows how to specify the DSCP value of 25 for packets in the ERSPAN traffic:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# monitor session 3 type erspan
n1000v(config-erspan-src)# ip dscp 25
n1000v(config-erspan-src)#
To enable a Flexible NetFlow flow monitor for traffic that the router is receiving or forwarding, use the ip flow monitor command. To disable a Flexible NetFlow flow monitor, use the no form of this command.
ip flow monitor monitor-name {input | output}
no ip flow monitor monitor-name {input | output}
Disabled.
Interface configuration (config-if)
network-admin
You must have already created a flow monitor by using the flow monitor command before you can apply the flow monitor to an interface with the ip flow monitor command to enable traffic monitoring with Flexible NetFlow.
This example shows how to enable a flow monitor for monitoring input traffic:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet0/0
n1000v(config-if)# ip flow monitor FLOW-MONITOR-1 input
This example shows how to enable a flow monitor for monitoring output traffic:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet0/0
n1000v(config-if)# ip flow monitor FLOW-MONITOR-1 output
This example shows how to enable the same flow monitor on the same interface for monitoring input and output traffic:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet0/0
n1000v(config-if)# ip flow monitor FLOW-MONITOR-1 input
n1000v(config-if)# ip flow monitor FLOW-MONITOR-1 output
This example shows how to enable two different flow monitors on the same interface for monitoring input and output traffic:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet0/0
n1000v(config-if)# ip flow monitor FLOW-MONITOR-1 input
n1000v(config-if)# ip flow monitor FLOW-MONITOR-2 output
This example shows how to enable the same flow monitor on two different interfaces for monitoring input and output traffic:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet0/0
n1000v(config-if)# ip flow monitor FLOW-MONITOR-1 input
n1000v(config)# interface ethernet1/0
n1000v(config-if)# ip flow monitor FLOW-MONITOR-1 output
This example shows how to enable two different flow monitors on two different interfaces for monitoring input and output traffic:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface ethernet0/0
n1000v(config-if)# ip flow monitor FLOW-MONITOR-1 input
n1000v(config)# interface ethernet1/0
n1000v(config-if)# ip flow monitor FLOW-MONITOR-2 output
|
|
---|---|
flow exporter |
Creates a flow exporter. |
flow monitor |
Creates a flow monitor. |
flow record |
Creates a flow record. |
To enable Internet Group Management Protocol (IGMP) snooping, use the ip igmp snooping command. To disable IGMP snooping, use the no form of this command.
ip igmp snooping
no ip igmp snooping
This command has no arguments or keywords.
Enabled
Global configuration (config)
network-admin
If the global configuration of IGMP snooping is disabled, all VLANs are treated as disabled, whether they are enabled or not.
This example shows how to enable IGMP snooping:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
ip igmp snooping
n1000v(
config)#
This example shows how to disable IGMP snooping:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no ip igmp snooping
n1000v(
config)#
|
|
---|---|
show ip igmp snooping |
Displays IGMP snooping information. |
To enable Internet Group Management Protocol (IGMP) snooping on a VLAN interface, use the ip igmp snooping command. To disable IGMP snooping on the interface, use the no form of this command.
ip igmp snooping
no ip igmp snooping
This command has no arguments or keywords.
Enabled
VLAN configuration (config-vlan)
network-admin
If the global configuration of IGMP snooping is disabled, all VLANs are treated as disabled, whether they are enabled or not.
This example shows how to enable IGMP snooping on a VLAN interface:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
ip igmp snooping
n1000v(
config-vlan)#
This example shows how to disable IGMP snooping on a VLAN interface:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
no ip igmp snooping
n1000v(
config-vlan)#
|
|
---|---|
show ip igmp snooping |
Displays IGMP snooping information. |
To enable tracking of Internet Group Management Protocol Version 3 (IGMPv3) membership reports from individual hosts for each port on a per-VLAN basis, use the ip igmp snooping explicit-tracking command. To disable tracking, use the no form of this command.
ip igmp snooping explicit-tracking
no ip igmp snooping explicit-tracking
This command has no arguments or keywords.
Enabled
VLAN feature configuration (config-vlan-config)
network-admin
This example shows how to enable tracking of IGMPv3 membership reports on a VLAN interface:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 1
n1000v(
config-vlan-config)#
ip igmp snooping explicit-tracking
n1000v(
config-vlan-config)#
This example shows how to disable IGMP snooping on a VLAN interface:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 1
n1000v(
config-vlan-config)#
no ip igmp snooping explicit-tracking
n1000v(
config-vlan-config)#
|
|
---|---|
show ip igmp snooping |
Displays IGMP snooping information. |
To enable support of Internet Group Management Protocol Version 2 (IGMPv2) hosts that cannot be explicitly tracked because of the host report suppression mechanism of the IGMPv2 protocol, use the ip igmp snooping fast-leave command. To disable support of IGMPv2 hosts, use the no form of this command.
ip igmp snooping fast-leave
no ip igmp snooping fast-leave
This command has no arguments or keywords.
Disabled
VLAN configuration (config-vlan)
network-admin
When you enable fast leave, the IGMP software assumes that only one host is present on each VLAN port.
This example shows how to enable support of IGMPv2 hosts:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
ip igmp snooping fast-leave
n1000v(
config-vlan)#
This example shows how to disable support of IGMPv2 hosts:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
no ip igmp snooping fast-leave
n1000v(
config-vlan)#
|
|
---|---|
show ip igmp snooping |
Displays IGMP snooping information. |
To configure a query interval in which the software removes a group, use the ip igmp snooping last-member-query-interval command. To reset the query interval to the default, use the no form of this command.
ip igmp snooping last-member-query-interval interval
no ip igmp snooping last-member-query-interval [interval]
interval |
Query interval in seconds. The range is from 1 to 25. The default is 1. |
The query interval is 1.
VLAN configuration (config-vlan)
network-admin
This example shows how to configure a query interval in which the software removes a group:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
ip igmp snooping last-member-query-interval 3
n1000v(
config-vlan)#
This example shows how to reset a query interval to the default:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
no ip igmp snooping last-member-query-interval
n1000v(
config-vlan)#
|
|
---|---|
show ip igmp snooping |
Displays IGMP snooping information. |
To suppress snooping on link-local group IP addresses use the ip igmp snooping link-local-groups-suppression command. To allow unlimited snooping, use the no form of this command.
ip igmp snooping link-local-groups-suppression
no ip igmp snooping link-local-groups-suppression
This command has no arguments or keywords.
Enabled
VLAN configuration (config-vlan)
network-admin
You can apply link-local groups suppression to all interfaces in the Virtual Supervisor Module (VSM) by entering this command in global configuration mode.
This example shows how to limit Internet Group Management Protocol (IGMP) traffic sent from VLAN 342:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
ip igmp snooping link-local-groups-suppression
This example shows how to resume IGMP traffic sent from VLAN 342:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan vlan2
n1000v(
config-vlan)#
no ip igmp snooping link-local-groups-suppression
n1000v(
config-vlan)#
|
|
---|---|
ip igmp snooping |
Enables IGMP snooping on a VLAN. |
show ip igmp snooping |
Displays IGMP snooping information. |
To suppress snooping on link-local group IP addresses, use the ip igmp snooping link-local-groups-suppression command. To allow unlimited snooping, use the no form of this command.
ip igmp snooping link-local-groups-suppression
no ip igmp snooping link-local-groups-suppression
This command has no arguments or keywords.
Enabled
Global configuration (config)
network-admin
You can apply link-local groups suppression to a single VLAN by entering this command in VLAN configuration mode.
This example shows how to limit Internet Group Management Protocol (IGMP) traffic sent from all interfaces in the Virtual Supervisor Module (VSM):
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
ip igmp snooping link-local-groups-suppression
n1000v(
config)#
This example shows how to resume sending unlimited IGMP traffic from all interfaces in the VSM:
n1000v#
configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no ip igmp snooping link-local-groups-suppression
n1000v(
config)#
|
|
---|---|
ip igmp snooping |
Enables IGMP snooping on a VLAN. |
show ip igmp snooping |
Displays IGMP snooping information. |
To configure a static connection to a multicast router, use the ip igmp snooping mrouter interface command. To remove the static connection, use the no form of this command.
ip igmp snooping mrouter interface if-type if-number
no ip igmp snooping mrouter interface if-type if-number
None
VLAN configuration (config-vlan)
network-admin
The interface to the router must be in the selected VLAN.
This example shows how to configure a static connection to a multicast router:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
ip igmp snooping mrouter interface ethernet 2/1
n1000v(
config-vlan)#
This example shows how to remove a static connection to a multicast router:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
no ip igmp snooping mrouter interface ethernet 2/1
n1000v(
config-vlan)#
|
|
---|---|
show ip igmp snooping |
Displays Internet Group Management Protocol (IGMP) snooping information. |
To configure Internet Group Management Protocol Version 1 (IGMPv1) or IGMPv2 report suppression for VLANs, use the ip igmp snooping report-suppression command. To remove IGMPv1 or IGMPv2 report suppression, use the no form of this command.
ip igmp snooping report-suppression
no ip igmp snooping report-suppression
This command has no arguments or keywords.
Enabled
Global configuration (config)
network-admin
This example shows how to configure IGMPv1 or IGMPv2 report suppression for VLANs:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
ip igmp snooping report-suppression
This example shows how to remove IGMPv1 or IGMPv2 report suppression:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no ip igmp snooping report-suppression
|
|
---|---|
show ip igmp snooping |
Displays IGMP snooping information. |
To configure Internet Group Management Protocol Version 1 (IGMPv1) or IGMPv2 report suppression for VLANs, use the ip igmp snooping report-suppression command. To remove IGMPv1 or IGMPv2 report suppression, use the no form of this command.
ip igmp snooping report-suppression
no ip igmp snooping report-suppression
This command has no arguments or keywords.
Enabled
VLAN configuration (config-vlan)
network-admin
This example shows how to configure IGMPv1 or IGMPv2 report suppression for VLAN 342:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# vlan configuration 342
n1000v(config-vlan)# ip igmp snooping report-suppression
n1000v(config-vlan)#
This example shows how to remove IGMPv1 or IGMPv2 report suppression from VLAN 342:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# vlan configuration 342
n1000v(config-vlan)# no ip igmp snooping report-suppression
n1000v(config-vlan)#
|
|
---|---|
show ip igmp snooping |
Displays IGMP snooping information. |
To configure a Layer 2 port of a VLAN as a static member of a multicast group, use the ip igmp snooping static-group command. To remove the static member, use the no form of this command.
ip igmp snooping static-group group interface if-type if-number
no ip igmp snooping static-group group interface if-type if-number
None
VLAN configuration (config-vlan)
network-admin
You can specify the interface by the type and the number, such as ethernet slot/port.
This example shows how to configure a static member of a multicast group:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
ip igmp snooping static-group 230.0.0.1 interface ethernet 2/1
n1000v(
config-vlan)#
This example shows how to remove a static member of a multicast group:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
vlan configuration 342
n1000v(
config-vlan)#
no ip igmp snooping static-group 230.0.0.1 interface ethernet 2/1
n1000v(
config-vlan)#
|
|
---|---|
show ip igmp snooping |
Displays IGMP snooping information. |
To configure Internet Group Management Protocol Version 3 (IGMPv3) report suppression and proxy reporting, use the ip igmp snooping v3-report-suppression command. To remove IGMPv3 report suppression and proxy reporting, use the no form of this command.
ip igmp snooping v3-report-suppression
no ip igmp snooping v3-report-suppression
This command has no arguments or keywords.
Disabled
Global Configuration (config)
network-admin
This example shows how to configure IGMPv3 report suppression and proxy reporting:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
ip igmp snooping v3-report-suppression
This example shows how to remove IGMPv3 report suppression and proxy reporting:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(
config)#
no ip igmp snooping v3-report-suppression
|
|
---|---|
show ip igmp snooping |
Displays IGMP snooping information. |
To configure Internet Group Management Protocol Version 3 (IGMPv3) report suppression and proxy reporting for a VLAN, use the ip igmp snooping v3-report-suppression command. To remove IGMPv3 report suppression, use the no form of this command.
ip igmp snooping v3-report-suppression
no ip igmp snooping v3-report-suppression
This command has no arguments or keywords.
Disabled
VLAN configuration (config-vlan)
network-admin
This example shows how to configure IGMPv3 report suppression and proxy reporting for VLAN 342:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# vlan configuration 342
n1000v(config-vlan)# ip igmp snooping v3-report-suppression
n1000v(config-vlan)#
This example shows how to remove IGMPv3 report suppression and proxy reporting for VLAN 342:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# vlan configuration 342
n1000v(config-vlan)# no ip igmp snooping v3-report-suppression
n1000v(config-vlan)#
|
|
---|---|
show ip igmp snooping |
Displays IGMP snooping information. |
To create an access group, use the ip port access-group command. To remove access control, use the no form of this command.
ip port access-group name {in | out}
no ip port access-group name {in | out}
name |
Access group name. The range is from 1 to 64, case-sensitive, alphanumeric characters. |
in |
Specifies inbound traffic. |
out |
Specifies outbound traffic. |
No access group exists.
Port profile configuration (config-port-prof)
network-admin
You create an access group to specify in an access control list (ACL) the access control of packets.
This example shows how to create an access group:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# port-profile 1
n1000v(config-port-prof)# ip port access-group group1 in
n1000v(config-port-prof)#
|
|
---|---|
show access-lists |
Displays access lists. |
show port-profile |
Displays port profile information. |
To specify the IP precedence value for the packets in the Encapsulated Remote Switch Port Analyzer (ERSPAN) traffic and save it in the running configuration, use the ip prec command.
ip prec precedence_value
precedence_value |
IP precedence value for the ERSPAN traffic packets. The range is from 0 to 7. |
None
Command-line interface (CLI) ERSPAN source configuration (config-monitor-erspan-src)
network-admin
This example shows how to specify the IP precedence value as 1 for the packets in the ERSPAN traffic and save it in the running configuration:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# monitor session 3 type erspa
n1000v(config-erspan-src)# destination ip 10.54.54.1
n1000v(config-monitor-erspan-src)# ip prec 1
n1000v(config-monitor-erspan-src)#
To create a static IP source entry for a Layer 2 virtual Ethernet interface, use the ip source binding command. To disable the static IP source entry, use the no form of this command.
ip source binding IP-address MAC-address vlan vlan-id interface vethernet interface-number
no ip source binding IP-address MAC-address vlan vlan-id interface vethernet interface-number
None
Global configuration (config)
network-admin
By default, there are no static IP source entries.
This example shows how to create a static IP source entry that is associated with VLAN 100 on virtual Ethernet interface 3:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# ip source binding 10.5.22.7 001f.28bd.0013 vlan 100 interface vethernet 3
n1000v(config)#
|
|
---|---|
ip verify source dhcp-snooping-vlan |
Enables IP Source Guard on an interface. |
show ip verify source |
Displays IP-to-MAC address bindings. |
To specify the IP time-to-live value for the packets in the Encapsulated Remote Switch Port Analyzer (ERSPAN) traffic and save it in the running configuration, use the ip ttl command.
ip ttl ttl_value
ttl_value |
Time-to-live value, in seconds. The range is from 1 to 255. |
None
Command-line interface (CLI) ERSPAN source configuration (config-monitor-erspan-src)
network-admin
This example shows how to specify the time-to-live value of 64 seconds for packets in the ERSPAN traffic:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# monitor session 3 type erspa
n1000v(config-erspan-src)# destination ip 10.54.54.1
nn1000v(config-erspan-src)# ip ttl 64
n1000v(config-erspan-src)#
To enable IP Source Guard on a Layer 2 virtual Ethernet interface, use the ip verify source dhcp-snooping-vlan command. To disable IP Source Guard (SG) on an interface, use the no form of this command. To restore the default setting, use the default form of this command.
ip verify source dhcp-snooping-vlan
no ip verify source dhcp-snooping-vlan
default ip verify source dhcp-snooping-vlan
This command has no arguments or keywords.
None
Interface configuration (config-if)
Port profile configuration (config-port-prof)
network-admin
By default, IP Source Guard is not enabled on any interface.
This example shows how to enable IP SG on an interface:
n1000v# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
n1000v(config)# interface vethernet 2
n1000v(config-if)# ip verify source dhcp-snooping-vlan
n1000v(config-if)#
|
|
---|---|
ip source binding |
Creates a static IP source entry for the specified virtual Ethernet interface. |
show ip verify source |
Displays IP-to-MAC address bindings. |