Table Of Contents
IP Routing Protocol-Independent Commands
IP Routing Protocol-Independent Commands
Use the commands in this chapter to configure and monitor the features that are routing protocol-independent. For configuration information and examples on IP routing protocol-independent features, refer to the "Configuring IP Routing Protocol-Independent Features" chapter of the Network Protocols Configuration Guide, Part 1.
accept-lifetime
To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime key chain key configuration command. To revert to the default value, use the no form of this command.
accept-lifetime start-time {infinite | end-time | duration seconds}
no accept-lifetime [start-time {infinite | end-time | duration seconds}]
Syntax Description
Defaults
Forever (Starting time is January 1, 1993, and ending time is infinite.)
Command Modes
Key chain key configuration
Command History
Usage Guidelines
Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and RIP Version 2 use key chains.
Specify a start-time and one of the following: infinite, end-time, or duration seconds.
We recommend running NTP or some other time synchronization method if you assign a lifetime to a key.
If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.
Examples
In the following example, the key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:40 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the router's set time. There is a half-hour leeway on each side to handle time differences.
interface ethernet 0ip rip authentication key-chain treesip rip authentication mode md5!router ripnetwork 172.19.0.0version 2!key chain treeskey 1key-string chestnutaccept-lifetime 13:30:00 Jan 25 1996 duration 7200send-lifetime 14:00:00 Jan 25 1996 duration 3600key 2key-string birchaccept-lifetime 14:30:00 Jan 25 1996 duration 7200send-lifetime 15:00:00 Jan 25 1996 duration 3600Related Commands
distance (IP)
To define an administrative distance, use the distance command in router configuration mode. To remove a distance definition, use the no form of this command.
distance {ip-address {ip-address mask}} [ip standard list] [ip extended list]
no distance {ip-address {ip-address mask}} [ip standard list] [ip extended list]
Syntax Description
Defaults
Table 50 lists default administrative distances.
Command Modes
Router configuration
Command History
Usage Guidelines
Numerically, an administrative distance is an integer between 0 and 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored.
When the optional access list number is used with this command, it is applied when a network is being inserted into the routing table. This behavior allows filtering of networks according to the IP address of the router supplying the routing information. This could be used, as an example, to filter out possibly incorrect routing information from routers not under your administrative control.
For BGP, the distance command sets the administrative distance of the External BGP route.
The show ip protocols EXEC command displays the default administrative distance for a specified routing process.
Always set the administrative distance from the least to the most specific network.
Note
The weight of a route can no longer be set with the distance command. To set the weight for a route, use a route-map.
Examples
In the following example, the router igrp global configuration command sets up IGRP routing in autonomous system number 109. The network router configuration commands specify IGRP routing on networks 192.168.7.0 and 172.16.0.0. The first distance router configuration command sets the default administrative distance to 255, which instructs the Cisco IOS software to ignore all routing updates from routers for which an explicit distance has not been set. The second distance command sets the administrative distance for all routers on the Class C network 192.168.7.0 to 90. The third distance command sets the administrative distance for the router with the address 172.16.1.3 to 120.
router igrp 109network 192.168.7.0network 172.16.0.0distance 255distance 90 192.168.7.0 0.0.0.255distance 120 172.16.1.3 0.0.0.0
Note
In the following example, the set distance is from the least to the most specific network.
router igrp 100network 10.0.0.0distance 22 10.0.0.0distance 33 10.11.0.0 0.0.255.255distance 44 10.11.12.0 0.0.0.255
Note
Related Commands
distance bgp
Allows the use of external, internal, and local administrative distances that could be a better route to a node.
distribute-list in (IP)
To filter networks received in updates, use the distribute-list in command in router configuration mode. To change or cancel the filter, use the no form of this command.
distribute-list {access-list-number | name} in [type number]
no distribute-list {access-list-number | name} in [type number]
Syntax Description
Defaults
This command is disabled by default.
Command Modes
Router configuration
Command History
10.0
This command was introduced.
11.2
The access-list-name, type, and number arguments were added.
Usage Guidelines
This command is not supported in IS-IS or OSPF. OSPF routes cannot be filtered from entering the OSPF database. If you use this command for OSPF, it only filters routes from the routing table; it does not prevent link-state packets from being propagated. We recommend this command not be used for OSPF.
Examples
In the following example, the EIGRP routing process accepts only two networks—network 0.0.0.0 and network 10.108.0.0:
access-list 1 permit 0.0.0.0access-list 1 permit 10.108.0.0access-list 1 deny 0.0.0.0 255.255.255.255router eigrp 1network 10.108.0.0distribute-list 1 inRelated Commands
distribute-list out (IP)
To suppress networks from being advertised in updates, use the distribute-list out command in router configuration mode. To cancel this function, use the no form of this command.
distribute-list {access-list-number | name} out [interface-name | routing-process |
autonomous-system-number]no distribute-list {access-list-number | name} out [interface-name | routing-process |
autonomous-system-number]Syntax Description
Defaults
This command is disabled by default.
Command Modes
Router configuration
Command History
10.0
This command was introduced.
11.2
The access-list-name argument was added.
Usage Guidelines
When networks are redistributed, a routing process name can be specified as an optional trailing argument to the distribute-list command. This causes the access list to be applied to only those routes derived from the specified routing process. After the process-specific access list is applied, any access list specified by a distribute-list command without a process name argument will be applied. Addresses not specified in the distribute-list command will not be advertised in outgoing routing updates.
Note
Examples
The following example would cause only one network to be advertised by a RIP routing process: network 10.108.0.0.
access-list 1 permit 10.108.0.0access-list 1 deny 0.0.0.0 255.255.255.255router ripnetwork 10.108.0.0distribute-list 1 outThe following example applies access list 1 to outgoing routing updates and enables IS-IS on Ethernet interface 0. Only network 10.10.101.0 will be advertised in outgoing IS-IS routing updates.
router isisredistribute ospf 109distribute-list 1 outinterface Ethernet 0ip router isisaccess-list 1 permit 10.10.101.0 0.0.0.255Related Commands
ip default-network
To select a network as a candidate route for computing the gateway of last resort, use the ip default-network command in global configuration mode. To remove a route, use the no form of this command.
ip default-network network-number
no ip default-network network-number
Syntax Description
Defaults
If the router has a directly connected interface onto the specified network, the dynamic routing protocols running on that router will generate (or source) a default route. For RIP, this is flagged as the pseudonetwork 0.0.0.0; for IGRP, it is the network itself, flagged as an exterior route.
Command Modes
Global configuration
Command History
Usage Guidelines
The Cisco IOS software uses both administrative distance and metric information to determine the default route. Multiple ip default-network commands can be given. All candidate default routes, both static (that is, flagged by ip default-network) and dynamic, appear in the routing table preceded by an asterisk.
If the IP routing table indicates that the specified network number is subnetted and a non-zero subnet number is specified, then the system will automatically configure a static summary route. This static summary route is configured instead of a default network. The effect of the static summary route is to cause traffic destined for subnets that are not explicitly listed in the IP routing table to be routed using the specified subnet.
Examples
The following example defines a static route to network 10.0.0.0 as the static default route:
ip route 10.0.0.0 255.0.0.0 10.108.3.4ip default-network 10.0.0.0If the following command was issued on a router not connected to network 10.140.0.0, the software might choose the path to that network as a default route when the network appeared in the routing table:
ip default-network 10.140.0.0Related Commands
ip local policy route-map
To identify a route map to use for local policy routing, use the ip local policy route-map command in global configuration mode. To disable local policy routing, use the no form of this command.
ip local policy route-map map-tag
no ip local policy route-map map-tag
Syntax Description
map-tag
Name of the route map to use for local policy routing. The name must match a map-tag specified by a route-map command.
Defaults
Packets that are generated by the router are not policy routed.
Command Modes
Global configuration
Command History
Usage Guidelines
Packets that are generated by the router are not normally policy routed. However, you can use this command to policy route such packets. You might enable local policy routing if you want packets originated at the router to take a route other than the obvious shortest path.
The ip local policy route-map command identifies a route map to use for local policy routing. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which packets should be policy routed. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ip local policy route-map command deletes the reference to the route map and disables local policy routing.
Examples
The following example sends packets with a destination IP address matching that allowed by extended access list 131 to the router at IP address 172.130.3.20:
ip local policy route-map xyz!route-map xyzmatch ip address 131set ip next-hop 172.130.3.20Related Commands
ip policy route-map
To identify a route map to use for policy routing on an interface, use the ip policy route-map command in interface configuration mode. To disable policy routing on the interface, use the no form of this command.
ip policy route-map map-tag
no ip policy route-map map-tag
Syntax Description
map-tag
Name of the route map to use for policy routing. Must match a map-tag specified by a route-map command.
Defaults
No policy routing occurs on the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
You might enable policy routing if you want your packets to take a route other than the obvious shortest path.
The ip policy route-map command identifies a route map to use for policy routing. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing is allowed for the interface, based on the destination IP address of the packet. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ip policy route-map command deletes the pointer to the route map.
Examples
The following example sends packets with the destination IP address of 172.120.16.18 to a router at IP address 172.130.3.20:
interface serial 0ip policy route-map wethersfield!route-map wethersfieldmatch ip address 172.120.16.18set ip next-hop 172.130.3.20Related Commands
ip route
To establish static routes, use the ip route command in global configuration mode. To remove static routes, use the no form of this command.
ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]
no ip route prefix mask
Syntax Description
Defaults
No static routes are established.
Command Modes
Global configuration
Command History
Usage Guidelines
A static route is appropriate when the Cisco IOS software cannot dynamically build a route to the destination.
If you specify an administrative distance, you are flagging a static route that can be overridden by dynamic information. For example, IGRP-derived routes have a default administrative distance of 100. To have a static route that would be overridden by an IGRP dynamic route, specify an administrative distance greater than 100. Static routes have a default administrative distance of 1.
Static routes that point to an interface on a connected router will be advertised by way of Routing Information Protocol (RIP), Interior Gateway Routing Protocol (IGRP), and Exterior Gateway Routing Protocol (EIGRP) regardless of whether redistribute static commands were specified for those routing protocols. This situation occurs because static routes that point to an interface are considered in the routing table to be connected and hence lose their static nature. Also, the target of the static route should be included in the network command. If this condition is not met, no dynamic routing protocol will advertise the route unless a redistribute static command is specified for these protocols. With the following configuration:
rtr1 (serial 172.140..188.1/30)--------------> rtr2(Fast Ethernet 172.150.1.1/30) ------>router [rip | eigrp | igrp]net 172.140..188.0net 172.110.0.0•
ip route 172.140..188.252 255.255.255.252 FastEthernet0/0RIP and IGRP do not redistribute the route with the following ip route command because of the split horizon algorithm:
ip route 172.140..188.252 255.255.255.252 s2/1•
ip route 172.140..188.252 255.255.255.252 FastEthernet0/0ip route 172.140..188.252 255.255.255.252 s2/1With Open Shortest Path First (OSPF), static routes that point to an interface are not advertised unless a redistribute static command is specified.
Adding a static route to an Ethernet or other broadcast interface (for example, ip route 0.0.0.0 0.0.0.0 Ethernet 1/2) will cause the route to be inserted into the routing table only when the interface is up. This configuration is not generally recommended. When the next hop of a static route points to an interface, the router considers each of the hosts within the range of the route to be directly connected through that interface, and therefore it will send ARP requests to any destination addresses that route through the static route.
The practical implication of configuring "ip route 0.0.0.0 0.0.0.0 Ethernet 1/2" is that the router will consider all of the destinations that the router does not know how to reach through some other route as directly connected to Ethernet 1/2. So the router will send an ARP request for each host that it receives packets for on this network segment. This configuration can cause high processor utilization and a very large ARP cache (along with attendant memory allocation failures). Configuring a default route or other static route that directs the router to forward packets for a large range of destinations to a connected broadcast network segment can cause your router to reload.
Specifying a numerical next hop that is on a directly connected interface will prevent the router from using Proxy ARP. However, if the interface with the next hop goes down and the numerical next hop can be reached through a recursive route, you may specify both the next hop and interface (for example, "ip route 0.0.0.0 0.0.0.0 Ethernet1/2 10.1.2.3") with a static route to prevent routes from passing through an unintended interface.
Examples
The following example chooses an administrative distance of 110. In this case, packets for network 10.0.0.0 will be routed through to a router at 172.31.3.4 if dynamic information with administrative distance less than 110 is not available.
ip route 10.0.0.0 255.0.0.0 172.31.3.4 110
Note
The following example routes packets for network 172.31.0.0 to a router at 172.31.6.6:
ip route 172.31.0.0 255.255.0.0 172.31.6.6The following example routes packets for network 192.168.1.0 directly to the next hop at 10.1.2.3. If the interface goes down, this route is removed from the routing table and will not be restored unless the interface comes back up.
ip route 192.168.1.0 255.255.0.0 Ethernet0 10.1.2.3ip route profile
To enable IP routing table statistics collection, use the ip route profile command in global configuration mode. To disable collection of routing table statistics, use the no form of the command.
ip route profile
no ip route profile
Syntax Description
This command has no arguments or keywords.
Defaults
The time interval for each sample, or sampling interval, is a fixed value and is set at 5 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
The ip route profile command helps you to monitor routing table fluctuations that can occur as the result of route flapping, network failure, or network restoration.
This command identifies route flapping over brief time intervals. The time interval for each sample, or sampling interval, is a fixed value and is set at 5 seconds.
Two sets of statistics are collected. The per-interval statistics are collected over a sampling interval, while the routing table change statistics are the result of aggregating the per-interval statistics. The per-interval statistics are collected as a single set of counters, with one counter tracking one event. All counters are initialized at the beginning of each sampling interval; counters are incremented as corresponding events occur anywhere in the routing table.
At the end of a sampling interval, the per-interval statistics for that sampling interval are integrated with the routing table change statistics collected from the previous sampling intervals. The counters holding the per-interval statistics are reset and the process is repeated.
Routing table statistics are collected for the following events:
•
•
•
•
•
Use the show ip route profile command to display the routing table change statistics.
Examples
The following example enables the collection of routing table statistics:
ip route profileRelated Commands
key
To identify an authentication key on a key chain, use the key key-chain configuration command. To remove the key from the key chain, use the no form of this command.
key number
no key number
Syntax Description
number
Identification number of an authentication key on a key chain. The range of keys is 0 to 2147483647. The key identification numbers need not be consecutive.
Defaults
No key exists on the key chain.
Command Modes
key-chain configuration
Command History
Usage Guidelines
Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and RIP Version 2 use key chains.
It is useful to have multiple keys on a key chain so that the software can sequence through the keys as they become invalid after time, based on the accept-lifetime and send-lifetime settings.
Each key has its own key identifier, which is stored locally. The combination of the key identifier and the interface associated with the message uniquely identifies the authentication algorithm and MD5 authentication key in use. Only one authentication packet is sent, regardless of the number of valid keys. The software starts looking at the lowest key identifier number and uses the first valid key.
If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.
To remove all keys, remove the key chain by using the no key chain command.
Examples
The following example configures a key chain named trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:40 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the router's set time. There is a half-hour leeway on each side to handle time-of-day differences.
interface ethernet 0ip rip authentication key-chain treesip rip authentication mode md5!router ripnetwork 172.19.0.0version 2!key chain treeskey 1key-string chestnutaccept-lifetime 13:30:00 Jan 25 1996 duration 7200send-lifetime 14:00:00 Jan 25 1996 duration 3600key 2key-string birchaccept-lifetime 14:30:00 Jan 25 1996 duration 7200send-lifetime 15:00:00 Jan 25 1996 duration 3600Related Commands
key chain
To enable authentication for routing protocols, identify a group of authentication keys by using the key chain command in global configuration mode. To remove the key chain, use the no form of this command.
key chain name-of-chain
no key chain name-of-chain
Syntax Description
name-of-chain
Name of a key chain. A key chain must have at least one key and can have up to 2147483647 keys.
Defaults
No key chain exists.
Command Modes
Global configuration
Command History
Usage Guidelines
Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and RIP Version 2 use key chains.
You must configure a key chain with keys to enable authentication.
You can identify multiple key chains, but it makes sense to use one key chain per interface per routing protocol. Upon specifying the key chain command, you enter key chain mode.
Examples
The following example configures a key chain named trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:40 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the router's set time. There is a half-hour leeway on each side to handle time-of-day differences.
interface ethernet 0ip rip authentication key-chain treesip rip authentication mode md5!router ripnetwork 172.19.0.0version 2!key chain treeskey 1key-string chestnutaccept-lifetime 13:30:00 Jan 25 1996 duration 7200send-lifetime 14:00:00 Jan 25 1996 duration 3600key 2key-string birchaccept-lifetime 14:30:00 Jan 25 1996 duration 7200send-lifetime 15:00:00 Jan 25 1996 duration 3600Related Commands
key-string (authentication)
To specify the authentication string for a key, use the key-string key chain key configuration command. To remove the authentication string, use the no form of this command.
key-string text
no key-string [text]
Syntax Description
Defaults
No key exists.
Command Modes
Key chain key configuration
Command History
Usage Guidelines
Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and RIP Version 2 use key chains. Each key can have only one key string.
If password encryption is configured (with the service password-encryption command), the software saves the key string as encrypted text. When you write to the terminal with the more system:running-config command, the software displays key-string 7 encrypted text.
Examples
The following example configures a key chain named trees. The key named chestnut will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named birch will be accepted from 2:30 p.m. to 4:40 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the router's set time. There is a half-hour leeway on each side to handle time-of-day differences.
interface ethernet 0ip rip authentication key-chain treesip rip authentication mode md5!router ripnetwork 172.19.0.0version 2!key chain treeskey 1key-string chestnutaccept-lifetime 13:30:00 Jan 25 1996 duration 7200send-lifetime 14:00:00 Jan 25 1996 duration 3600key 2key-string birchaccept-lifetime 14:30:00 Jan 25 1996 duration 7200send-lifetime 15:00:00 Jan 25 1996 duration 3600Related Commands
match interface (IP)
To distribute any routes that have their next hop out one of the interfaces specified, use the match interface command in route-map configuration mode. To remove the match interface entry, use the no form of this command.
match interface type number [...type number]
no match interface type number [...type number]
Syntax Description
Defaults
No match interfaces are defined.
Command Modes
Route-map configuration
Command History
Usage Guidelines
Use the route-map global configuration command, and the match and set route-map configuration commands, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which redistribution is allowed for the current route-map command. The set commands specify the set actions—the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.
The match route-map configuration command has multiple formats. The match commands may be given in any order, and all match commands must "pass" to cause the route to be redistributed according to the set actions given with the set commands. The no forms of the match commands remove the specified match criteria.
A route map can have several parts. Any route that does not match at least one match clause relating to a route-map command will be ignored; that is, the route will not be advertised for outbound route maps and will not be accepted for inbound route maps. If you want to modify only some data, you must configure a second route-map section with an explicit match specified.
Examples
In the following example, routes that have their next hop out Ethernet interface 0 will be distributed:
route-map namematch interface ethernet 0Related Commands
