-
Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services, Release 12.3
-
Introduction
-
IP Addressing and Services Commands: A through C
-
IP Addressing and Services Commands: D through H
-
IP Addressing and Services Commands: idle through ip local-proxy-arp
-
IP Addressing and Services Commands: ip mask-reply through ip web-cache
-
IP Addressing and Services Commands: L through R
-
IP Addressing and Services Commands: serverfarm through show ip nat
-
IP Addressing and Services Commands: show ip nhrp through synguard
-
IP Addressing and Services Commands: T through W
-
Table Of Contents
show ip tcp header-compression
show ip nhrp
To display Next Hop Resolution Protocol (NHRP) mapping information, use the show ip nhrp command in user EXEC or privileged EXEC mode.
show ip nhrp [dynamic | incomplete | static] [address | interface] [brief | detail] [purge]
Syntax Description
dynamic
(Optional) Displays dynamic (learned) IP-to-nonbroadcast multiaccess address (NBMA) mapping entries. Dynamic NHRP mapping entries are obtained from NHRP resolution/registration exchanges. See Table 23 for types, number ranges, and descriptions.
incomplete
(Optional) Displays information about NHRP mapping entries for which the IP-to-NBMA is not resolved. See Table 23 for types, number ranges, and descriptions.
static
(Optional) Displays static IP-to-NBMA address mapping entries. Static NHRP mapping entries are configured using the ip nhrp map command. See Table 23 for types, number ranges, and descriptions.
address
(Optional) Displays NHRP mapping entries for specified protocol addresses.
interface
(Optional) Displays NHRP mapping entries for the specified interface. See Table 23 for types, number ranges, and descriptions.
brief
(Optional) Displays a short output of the NHRP mapping.
detail
(Optional) Displays detailed information about NHRP mapping.
purge
(Optional) Displays NHRP purge information.
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
Table 23 lists the valid types, number ranges, and descriptions for the optional interface argument.
Note
The valid types can vary according to the platform and interfaces on the platform.
Examples
The following is sample output from the show ip nhrp detail command:
Router# show ip nhrp detail10.1.1.1/8 via 10.2.1.1, Tunnel1 created 00:46:29, never expireType: static, Flags: usedNBMA address: 10.12.1.110.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47Type: dynamic, Flags: authoritative unique nat registered usedNBMA address: 10.12.1.210.1.1.4, Tunnel1 created 00:00:07, expire 00:02:57Type: incomplete, Flags: negativeCache hits: 4Table 24 describes the significant fields shown in the displays.
Related Commands
show ip nhrp nhs
To display Next Hop Resolution Protocol (NHRP) next hop server (NHS) information, use the show ip nhrp nhs command in user EXEC or privileged EXEC mode.
show ip nhrp nhs [interface] [detail]
Syntax Description
interface
(Optional) Displays NHS information currently configured on the interface. See Table 25 for types, number ranges, and descriptions.
detail
(Optional) Displays detailed NHS information.
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
Table 25 lists the valid types, number ranges, and descriptions for the optional interface argument.
Note
Examples
The following is sample output from the show ip nhrp nhs detail command:
Router# show ip nhrp nhs detailLegend:E=Expecting repliesR=RespondingTunnel1:5.1.1.1 E req-sent 128 req-failed 1 repl-recv 0Pending Registration Requests:Registration Request: Reqid 1, Ret 64 NHS 5.1.1.1Table 26 describes the significant field shown in the display.
Table 26 show ip nhrp nhs Field Descriptions
Tunnel1
Interface through which the target network is reached.
Related Commands
show ip nhrp summary
To display Next Hop Resolution Protocol (NHRP) mapping summary information, use the show ip nhrp summary command in user EXEC or privileged EXEC mode.
show ip nhrp summary
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is sample output from the show ip nhrp summary command:
Router# show ip nhrp summaryIP NHRP cache 1 entry, 256 bytes1 static 0 dynamic 0 incompleteTable 27 describes the significant field shown in the display.
Related Commands
show ip nhrp traffic
To display Next Hop Resolution Protocol (NHRP) traffic statistics, use the show ip nhrp traffic EXEC command.
show ip nhrp traffic
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following is sample output from the show ip nhrp traffic command:
Router# show ip nhrp trafficTunnel0request packets sent: 2request packets received: 4reply packets sent: 4reply packets received: 2register packets sent: 0register packets received: 0error packets sent: 0error packets received: 0Table 28 describes the significant fields shown in the display.
show ip redirects
To display the address of a default gateway (router) and the address of hosts for which an Internet Control Message Protocol (ICMP) redirect message has been received, use the show ip redirects command in user EXEC or privileged EXEC mode.
show ip redirects
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
This command displays the default router (gateway) as configured by the ip default-gateway command.
The ip mtu command enables the router to send ICMP redirect messages.
Examples
The following is sample output from the show ip redirects command:
Router# show ip redirectsDefault gateway is 172.89.80.29Host Gateway Last Use Total Uses Interface172.16.1.111 172.16.80.240 0:00 9 Ethernet0172.16.1.4 172.16.80.240 0:00 4 Ethernet0Related Commands
show ip route dhcp
To display the routes added to the routing table by the Cisco IOS Dynamic Host Configuration Protocol (DHCP) server and relay agent, use the show ip route dhcp command in privileged EXEC configuration mode.
show ip route [vrf vrf-name] dhcp [ip-address]
Syntax Description
vrf
(Optional) Specifies VPN routing and forwarding instance.
vrf-name
(Optional) Name of the VRF.
ip-address
(Optional) Address about which routing information should be displayed.
Defaults
No default behavior or values
Command Modes
Privileged EXEC
Command History
Usage Guidelines
To display information about global routes, use the show ip route dhcp command. To display routes in the VRF routing table, use the show ip route vrf vrf-name dhcp command.
Examples
The following is sample output from the show ip route dhcp command when entered without an address. This command lists all routes added by the Cisco IOS DHCP server and relay agent.
Router# show ip route dhcp10.5.5.5.56/32 is directly connected, ATM0.210.5.5.217/32 is directly connected, ATM0.21The following is sample output from the show ip route dhcp command when an address is specified. The output shows the details of the address with the server address (who assigned it) and the lease expiration time.
Router# show ip route dhcp 55.5.5.21710.5.5.217 is directly connected, ATM0.2DHCP Server: 49.9.9.10 Lease expires at Nov 08 2001 01:19 PMThe following is sample output from the show ip route vrf vrf-name dhcp command when entered without an address:
Router# show ip route vrf red dhcp10.5.5.218/32 is directly connected, ATM0.2The following is sample output from the show ip route vrf vrf-name dhcp command when an address is specified. The output shows the details of the address with the server address (who assigned it) and the lease expiration time.
Router# show ip route vrf red dhcp 10.5.5.21810.5.5.218/32 is directly connected, ATM0.2DHCP Server: 10.9.9.10 Lease expires at Nov 08 2001 03:15PMRelated Commands
clear ip route dhcp
Removes routes from the routing table added by the DHCP server and relay agent for the DHCP clients on unnumbered interfaces.
show ip slb conns
To display the active IOS SLB connections, use the show ip slb conns privileged EXEC command.
show ip slb conns [vserver virtserver-name] [client ip-address] [detail]
Syntax Description
Defaults
If no options are specified, the command displays output for all active IOS SLB connections.
Command Modes
Privileged EXEC
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Examples
The following example shows IOS SLB active connection data:
Router# show ip slb connsvserver prot client real state----------------------------------------------------------------------------TEST TCP 10.150.72.183:328 10.80.90.25:80 INITTEST TCP 10.250.167.226:423 10.80.90.26:80 INITTEST TCP 10.234.60.239:317 10.80.90.26:80 ESTABTEST TCP 10.110.233.96:747 10.80.90.26:80 ESTABTEST TCP 10.162.0.201:770 10.80.90.30:80 CLOSINGTEST TCP 10.22.225.219:995 10.80.90.26:80 CLOSINGTEST TCP 10.2.170.148:169 10.80.90.30:80 ZOMBIETable 29 describes the significant fields shown in the display.
show ip slb dfp
To display DFP manager and agent information such as passwords, timeouts, retry counts, and weights, use the show ip slb dfp privileged EXEC command.
show ip slb dfp [agent ip-address port-number | detail | weights]
Syntax Description
Defaults
If no options are specified, the command displays summary information.
Command Modes
Privileged EXEC
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Examples
The following example shows IOS SLB DFP data:
Router# show ip slb dfp detailDFP ManagerCurrent passwd <none> Pending passwd <none>Passwd timeout 0 secUnexpected errors 0% No DFP Agents configuredTable 30 describes the fields shown in the display.
Router# show ip slb dfp weightsReal IP Address 10.0.10.10 Protocol TCP Port 22 Bind_ID 111 Weight 111Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99Real IP Address 10.17.17.17 Protocol TCP Port www Bind_ID 1 Weight 1Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99Real IP Address 10.68.68.68 Protocol TCP Port www Bind_ID 4 Weight 4Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99Real IP Address 10.85.85.85 Protocol TCP Port www Bind_ID 5 Weight 5Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99Table 31 describes the fields shown in the display.
Router# show ip slb dfpDFP Manager:Current passwd:NONE Pending passwd:NONEPasswd timeout:0 secAgent IP Port Timeout Retry Count Interval---------------------------------------------------------------172.16.2.34 61936 0 0 180 (Default)Table 32 describes the significant fields shown in the display.
show ip slb reals
To display information about the real servers, use the show ip slb reals privileged EXEC command.
show ip slb reals [vserver virtserver-name] [detail]
Syntax Description
Defaults
If no options are specified, the command displays information about all real servers.
Command Modes
Privileged EXEC
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Examples
The following example shows IOS SLB real server data:
Router# show ip slb realsreal farm name weight state conns--------------------------------------------------------------------10.80.2.112 FRAG 8 OUTOFSERVICE 010.80.5.232 FRAG 8 OPERATIONAL 010.80.15.124 FRAG 8 OUTOFSERVICE 010.254.2.2 FRAG 8 OUTOFSERVICE 010.80.15.124 LINUX 8 OPERATIONAL 010.80.15.125 LINUX 8 OPERATIONAL 010.80.15.126 LINUX 8 OPERATIONAL 010.80.90.25 SRE 8 OPERATIONAL 22010.80.90.26 SRE 8 OPERATIONAL 21610.80.90.27 SRE 8 OPERATIONAL 21610.80.90.28 SRE 8 TESTING 110.80.90.29 SRE 8 OPERATIONAL 22110.80.90.30 SRE 8 OPERATIONAL 22410.80.30.3 TEST 100 READY_TO_TEST 010.80.30.4 TEST 100 READY_TO_TEST 010.80.30.5 TEST 100 READY_TO_TEST 010.80.30.6 TEST 100 READY_TO_TEST 0Table 33 describes significant fields shown in the display.
show ip slb serverfarms
To display information about the server farms, use the show ip slb serverfarms privileged EXEC command.
show ip slb serverfarms [name serverfarm-name] [detail]
Syntax Description
name
(Optional) Displays information about only a particular server farm.
serverfarm-name
(Optional) Name of the server farm.
detail
(Optional) Displays detailed server farm information.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Examples
The following example shows IOS SLB server farm data:
router# show ip slb serverfarmsserver farm predictor reals bind id-------------------------------------------------FRAG ROUNDROBIN 4 0LINUX ROUNDROBIN 3 0SRE ROUNDROBIN 6 0TEST ROUNDROBIN 4 0Table 34 describes the significant fields shown in the display.
show ip slb stats
To display IOS SLB statistics, use the show ip slb stats privileged EXEC command.
show ip slb stats
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Examples
The following example shows IOS SLB statistics:
router# show ip slb statsPkts via normal switching: 530616Pkts via special switching:1812710Connections Created: 783774Connections Established: 633418Connections Destroyed: 782752Connections Reassigned: 0Zombie Count: 0Table 35 describes the significant fields shown in the display.
show ip slb sticky
To display the entries in the IOS SLB sticky database, use the show ip slb sticky privileged EXEC command.
show ip slb sticky [client ip-address]
Syntax Description
client
(Optional) Displays only those sticky database entries associated with a particular client IP address.
ip-address
(Optional) IP address of the client.
Defaults
If no options are specified, the command displays information about all virtual servers.
Command Modes
Privileged EXEC
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Examples
The following example shows the entries in the IOS SLB sticky database:
router# show ip slb stickyclient group real conns ftp-cntrl--------------------------------------------------------------10.10.2.12 4097 10.10.3.2 1 0Table 36 describes the significant fields shown in the display.
show ip slb vservers
To display information about the virtual servers, use the show ip slb vservers privileged EXEC command.
show ip slb vservers [name virtserver-name] [detail]
Syntax Description
name
(Optional) Displays information about only this virtual server.
virtserver-name
(Optional) Name of the virtual server.
detail
(Optional) Displays detailed virtual server information.
Defaults
If no options are specified, the command displays information about all virtual servers.
Command Modes
Privileged EXEC
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Examples
The following example shows virtual server data:
router# show ip slb vserversslb vserver prot virtual state conns---------------------------------------------------------------------TEST TCP 10.80.254.3:80 OPERATIONAL 1013TEST21 TCP 10.80.254.3:21 OUTOFSERVICE 0TEST23 TCP 10.80.254.3:23 OUTOFSERVICE 0Table 37 describes the significant fields shown in the display.
show ip snat
To display active Stateful Network Address Translation (SNAT) translations, use the show ip snat command in EXEC mode.
show ip snat [distributed [verbose] | peer ip-address]
Syntax Description
Command Modes
EXEC
Command History
Examples
The following is sample output from the show ip snat distributed for stateful NAT connected peers:
Router# show ip snat distributedStateful NAT Connected PeersSNAT: Mode PRIMARY:State READY:Local Address 192.168.123.2:Local NAT id 100:Peer Address 192.168.123.3:Peer NAT id 200:Mapping List 10The following is sample output from the show ip snat distributed verbose command for stateful NAT connected peers:SNAT: Mode PRIMARYStateful NAT Connected Peers:State READY:Local Address 192.168.123.2:Local NAT id 100:Peer Address 192.168.123.3:Peer NAT id 200:Mapping List 10:InMsgs 7, OutMsgs 7, tcb 0x63EBA408, listener 0x0show ip sockets
To display IP socket information, use the show ip sockets command in user EXEC or privileged EXEC mode.
show ip sockets
Syntax Description
This command has no keywords or arguments.
Defaults
No default behavior or values.
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
Use this command to verify that the socket being used is opening correctly. If there is a local and remote endpoint, a connection is established with the ports indicated.
Examples
The following is sample output from the show ip sockets command:
Router# show ip socketsProto Remote Port Local Port In Out Stat TTY OutputIF17 10.0.0.0 0 172.16.186.193 67 0 0 1 017 172.68.191.135 514 172.16.191.129 1811 0 0 0 017 172.16.135.20 514 172.16.191.1 4125 0 0 0 017 172.16.207.163 49 172.16.186.193 49 0 0 9 017 10.0.0.0 123 172.16.186.193 123 0 0 1 088 10.0.0.0 0 172.16.186.193 202 0 0 0 017 172.16.96.59 32856 172.16.191.1 161 0 0 1 017 --listen-- --any-- 496 0 0 1 0Table 38 describes the significant fields shown in the display.
show ip tcp header-compression
To display statistics about TCP header compression, use the show ip tcp header-compression command in user EXEC or privileged EXEC mode.
show ip tcp header-compression
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is sample output from the show ip tcp header-compression command:
Router# show ip tcp header-compressionTCP/IP header compression statistics:Interface Serial1: (passive, compressing)Rcvd: 4060 total, 2891 compressed, 0 errors0 dropped, 1 buffer copies, 0 buffer failuresSent: 4284 total, 3224 compressed,105295 bytes saved, 661973 bytes sent1.15 efficiency improvement factorConnect: 16 slots, 1543 long searches, 2 misses, 99% hit ratioFive minute miss rate 0 misses/sec, 0 max misses/secTable 39 describes significant fields shown in the display.
Related Commands
show ip traffic
To display statistics about IP traffic, use the show ip traffic command in user EXEC or privileged EXEC mode.
show ip traffic
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is sample output from the show ip traffic command:
Router# show ip trafficIP statistics:Rcvd: 2961 total, 2952 local destination0 format errors, 0 checksum errors, 0 bad hop count0 unknown protocol, 9 not a gateway0 security failures, 0 bad options, 0 with optionsOpts: 0 end, 0 nop, 0 basic security, 0 loose source route0 timestamp, 0 extended security, 0 record route0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump0 otherFrags: 0 reassembled, 0 timeouts, 0 couldn't reassemble0 fragmented, 0 fragments, 0 couldn't fragmentBcast: 9 received, 36 sentMcast: 2294 received, 2293 sentSent: 2935 generated, 0 forwardedDrop: 1 encapsulation failed, 0 unresolved, 0 no adjacency0 no route, 0 unicast RPF, 0 forced drop0 options deniedDrop: 0 packets with source IP address zeroDrop: 0 packets with internal loop back IP addressICMP statistics:Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable0 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench0 parameter, 0 timestamp, 0 info request, 0 other0 irdp solicitations, 0 irdp advertisementsSent: 0 redirects, 0 unreachable, 0 echo, 0 echo reply0 mask requests, 0 mask replies, 0 quench, 0 timestamp0 info reply, 0 time exceeded, 0 parameter problem0 irdp solicitations, 0 irdp advertisementsUDP statistics:Rcvd: 0 total, 0 checksum errors, 0 no portSent: 36 total, 0 forwarded broadcastsTCP statistics:Rcvd: 654 total, 0 checksum errors, 0 no portSent: 603 totalBGP statistics:Rcvd: 288 total, 8 opens, 0 notifications, 0 updates280 keepalives, 0 route-refresh, 0 unrecognizedSent: 288 total, 8 opens, 0 notifications, 0 updates280 keepalives, 0 route-refreshOSPF statistics:Rcvd: 0 total, 0 checksum errors0 hello, 0 database desc, 0 link state req0 link state updates, 0 link state acksSent: 0 total0 hello, 0 database desc, 0 link state req0 link state updates, 0 link state acksIP-EIGRP statistics:Rcvd: 2303 totalSent: 2301 totalPIMv2 statistics: Sent/ReceivedTotal: 0/0, 0 checksum errors, 0 format errorsRegisters: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0, Hellos: 0/0Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0Queue drops: 0State-Refresh: 0/0IGMP statistics: Sent/ReceivedTotal: 0/0, Format errors: 0/0, Checksum errors: 0/0Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0DVMRP: 0/0, PIM: 0/0Queue drops: 0ARP statistics:Rcvd: 2 requests, 5 replies, 0 reverse, 0 otherSent: 1 requests, 3 replies (0 proxy), 0 reverseTable 40 describes the significant fields shown in the display.
show ip wccp
To display global statistics related to Web Cache Communication Protocol (WCCP), use the show ip wccp command in privileged EXEC mode.
show ip wccp [service-number | web-cache] [detail | view]
Syntax Description
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Use the clear ip wccp command to reset the counter for the "Packets Redirected" information.
Use the show ip wccp service-number command to provide the "Total Packets Redirected" count. The "Total Packets Redirected" count is the number of flows, or sessions, that are redirected.
Use the show ip wccp service-number detail command to provide the "Packets Redirected" count. The "Packets Redirected" count is the number of flows, or sessions, that are redirected.
Use the show ip wccp web-cache detail command to provide an indication of how many flows, rather than packets, are using Layer 2 redirection.
For cache-engine clusters using Cisco cache engines, the reverse proxy service-number is indicated by a value of 99.
For additional information on the IP WCCP commands, refer to the "Configuring Web Cache Services Using WCCP" section in the Cisco IOS Configuration Fundamentals Configuration Guide.
Examples
This section contains examples and field descriptions for the following forms of this command:
•
•
•
•
•
show ip wccp web-cache
The following is sample output from the show ip wccp web-cache command:
Router# show ip wccp web-cacheGlobal WCCP Information:Service Name: web-cache:Number of Cache Engines: 1Number of Routers: 1Total Packets Redirected: 213Redirect access-list: no_linuxTotal Packets Denied Redirect: 88Total Packets Unassigned: -none-Group access-list: 0Total Messages Denied to Group: 0Total Authentication failures: 0Table 41 describes the significant fields shown in the display.
show ip wccp service-number view
The following is sample output from the show ip wccp 1 view command:
Router# show ip wccp 1 viewWCCP Router Informed of:10.168.88.1010.168.88.20WCCP Cache Engines Visible10.168.88.1110.168.88.12WCCP Cache Engines Not Visible:-none-
Note
If any web cache is displayed under the WCCP Cache Engines Not Visible field, the router needs to be reconfigured to map the web cache that is not visible to it.
Table 42describes the significant fields shown in the display.
show ip wccp service-number detail
The following example displays WCCP client information and WCCP router statistics that include the type of services:
Router# show ip wccp 91 detailWCCP Client information:WCCP Client ID: 10.1.1.14Protocol Version: 2.0State: UsableRedirection: GREPacket Return: GREAssignment: HASHInitial Hash Info: 0000000000000000000000000000000000000000000000000000000000000000Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFHash Allotment: 256 (100.00%)Packets Redirected: 0Connect Time: 00:01:56Bypassed PacketsProcess: 0CEF: 0show ip wccp web-cache detail
The following example displays web-cache engine information and WCCP router statistics for a particular service group:
Router# show ip wccp web-cache detailWCCP Router information:IP Address 10.168.88.10Protocol Version: 2.0WCCP Client InformationIP Address: 10.168.88.11Protocol Version: 2.0State: UsableInitial Hash Info: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAssigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFHash Allotment: 256 (100.00%)Packets Redirected: 21345Connect Time: 00:13:46Table 43 describes the significant fields shown in the display.
show ip wccp web-cache detail (Bypass Counters)
The following example displays web-cache engine information and WCCP router statistics that include the bypass counters:
Router# show ip wccp web-cache detailWCCP Router information:IP Address: 10.168.88.10Protocol Version: 2.0WCCP Client InformationIP Address: 10.168.88.11Protocol Version: 2.0State: UsableInitial Hash Info: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAssigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFHash Allotment: 256 (100.00%)Packets Redirected: 21345Connect Time: 00:13:46Bypassed PacketsProcess: 0Fast: 0CEF: 250Table 44 describes the significant fields shown in the display.
Related Commands
show ip wccp web-caches
The show ip wccp web-caches command has been replaced by the show ip wccp web-cache detail command. See the description of the show ip wccp command in this book for more information.
Command History
11.2P, 11.1CA, 12.0
This command was introduced.
12.1
This command was replaced by the show ip wccp command.
show standby
To display Hot Standby Router Protocol (HSRP) information, use the show standby command in user EXEC or privileged EXEC mode.
show standby [type number [group]] [all | brief]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
10.0
This command was introduced.
12.2(8)T
The output for the command was made clearer and easier to understand.
Usage Guidelines
To specify a group, you must specify an interface type and number.
Examples
The following is sample output from the show standby command:
Router# show standbyEthernet0/1 - Group 1State is Active2 state changes, last state change 00:30:59Virtual IP address is 10.1.0.20Secondary virtual IP address 10.1.0.21Active virtual MAC address is 0004.4d82.7981Local virtual MAC address is 0004.4d82.7981 (bia)Hello time 4 sec, hold time 12 secNext hello sent in 1.412 secsPreemption enabled, min delay 50 sec, sync delay 40 secActive router is localStandby router is 10.1.0.6, priority 75 (expires in 9.184 sec)Priority 95 (configured 120)Tracking 2 objects, 0 upDown Interface Ethernet0/2, pri 15Down Interface Ethernet0/3IP redundancy name is "HSRP1", advertisement interval is 34 secThe following is sample output from the show standby command with the brief keyword specified:
Router# show standby briefInterface Grp Prio P State Active addr Standby addr Group addrEt0 0 120 Init 10.0.0.1 unknown 10.0.0.12Table 45 describes the significant fields shown in the displays.
Related Commands
show standby capability
To display the limitation on how many virtual MAC addresses that some interfaces can listen to, use the show standby capability command in user EXEC or privileged EXEC mode.
show standby capability [type number]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
HSRP allows up to 256 groups to be configured on each interface, but it is possible that the MAC address filter of the interface does not support that many entries. For example, Versatile Interface Processor (VIP) interfaces only support 32 MAC addresses in their MAC address filter. If more HSRP groups are created than there are address filter entries, then it is likely that the router will stop listening to packets sent to the MAC address of an active HSRP group.
Examples
The following is sample output from the show standby capability command:
Router# show standby capability7206VXR * indicates hardware may support HSRP|Interface Type H Potential Max GroupsFastEthernet0/0 18 DEC21140A * 256 (0x60194B00,0x60194BE8)FastEthernet1/0 18 DEC21140A * 256 (0x60194B00,0x60194BE8)Ethernet2/0 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/1 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/2 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/3 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/4 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/5 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/6 61 AmdP2 * 256 (0x601A252C,0x601A25E4)Ethernet2/7 61 AmdP2 * 256 (0x601A252C,0x601A25E4)ATM3/0 74 ENHANCED ATM PA * 256 LAN emulationTokenRing4/0 66 HAWKEYE * 3 HSRP TR functionaladdresses (0x6076A590)TokenRing4/1 66 HAWKEYE * 3 HSRP TR functionaladdresses (0x6076A590)TokenRing4/2 66 HAWKEYE * 3 HSRP TR functionaladdresses (0x6076A590)TokenRing4/3 66 HAWKEYE * 3 HSRP TR functionaladdresses (0x6076A590)Serial5/0 67 M4T -Serial5/1 67 M4T -Serial5/2 67 M4T -Serial5/3 67 M4T -FastEthernet6/0 18 DEC21140A * 256 (0x60194B00,0x60194BE8)VoIP-Null0 102 VoIP-Null -Table 46 describes the significant fields in the display.
show standby delay
To display Hot Standby Router Protocol (HSRP) information about delay periods, use the show standby delay command in user EXEC or privileged EXEC mode.
show standby delay [type number]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is sample output from the show standby delay command:
Router# show standby delayInterface Minimum ReloadEthernet0/3 1 5Related Commands
show standby internal
To display internal flags and conditions, use the show standby internal command in user EXEC or privileged EXEC mode.
show standby internal [type number]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Examples
This example shows a configuration example and the output from the show standby internal command for the configuration:
interface Ethernet2/0ip address 10.0.0.254 255.255.0.0standby use-biastandby version 2standby 1 ip 10.0.0.1standby 1 timers 2 6standby 1 priority 110standby 1 preemptRouter# show standby internalGlobal Confg: 0000Et2/0 If hw AmdP2, State 0x210040Et2/0 If hw Confg: 0001, USEBIAEt2/0 If hw Flags: 0000Et2/0 If sw Confg: 0040, VERSIONEt2/0 If sw Flags: 0001, USEBIAEt2/0 Grp 1 Confg: 0072, IP_PRI, PRIORITY, PREEMPT, TIMERSEt2/0 Grp 1 Flags: 0000The above output shows internal flags and hardware and software information for Ethernet interface 2/0. The output shows that HSRP group 1 is configured for priority, preemption, and the standby timers and standby-use bia commands have been configured.
Related Commands
show standby redirect
To display Internet Control Message Protocol (ICMP) redirect information on interfaces configured with the Hot Standby Router Protocol (HSRP), use the show standby redirect command in user EXEC or privileged EXEC mode.
show standby redirect [ip-address | interface-type interface-number [active | passive | timers]]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is sample output from the show standby redirect command with no optional keywords:
Router# show standby redirectInterface Redirects Unknown Adv HolddownEthernet0/2 enabled enabled 30 180Ethernet0/3 enabled disabled 30 180Active Hits Interface Group Virtual IP Virtual MAC10.19.0.7 0 Ethernet0/2 3 10.19.0.13 0000.0c07.ac03local 0 Ethernet0/3 1 10.20.0.11 0000.0c07.ac01local 0 Ethernet0/3 2 10.20.0.12 0000.0c07.ac02Passive Hits Interface Expires in10.19.0.6 0 Ethernet0/2 151.800Table 47 describes the significant fields in the display.
The following is sample output from the show standby redirect command with a specific interface Ethernet 0/3:
Router# show standby redirect e0/3Interface Redirects Unknown Adv HolddownEthernet0/3 enabled disabled 30 180Active Hits Interface Group Virtual IP Virtual MAClocal 0 Ethernet0/3 1 10.20.0.11 0000.0c07.ac01local 0 Ethernet0/3 2 10.20.0.12 0000.0c07.ac02The following is sample output from the show standby redirect command showing all active routers on interface Ethernet 0/3:
Router# show standby redirect e0/3 activeActive Hits Interface Group Virtual IP Virtual MAClocal 0 Ethernet0/3 1 10.20.0.11 0000.0c07.ac01local 0 Ethernet0/3 2 10.20.0.12 0000.0c07.ac02The following is sample output from the show standby redirect ip-address command, where the IP address is the real IP address of the router:
Router# show standby redirect 10.19.0.7Active Hits Interface Group Virtual IP Virtual MAC10.19.0.7 0 Ethernet0/2 3 10.19.0.13 0000.0c07.ac03Related Commands
show standby
Displays the HSRP information.
standby redirects
Enables ICMP redirect messages to be sent when HSRP is configured on an interface.
show tcp statistics
To display TCP statistics, use the show tcp statistics command in user EXEC or privileged EXEC mode.
show tcp statistics
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is sample output from the show tcp statistics command:
Router# show tcp statisticsRcvd: 210 Total, 0 no port0 checksum error, 0 bad offset, 0 too short132 packets (26640 bytes) in sequence5 dup packets (502 bytes)0 partially dup packets (0 bytes)0 out-of-order packets (0 bytes)0 packets (0 bytes) with data after window0 packets after close0 window probe packets, 0 window update packets0 dup ack packets, 0 ack packets with unsend data69 ack packets (3044 bytes)Sent: 175 Total, 0 urgent packets16 control packets (including 1 retransmitted)69 data packets (3029 bytes)0 data packets (0 bytes) retransmitted73 ack only packets (49 delayed)0 window probe packets, 17 window update packets7 Connections initiated, 1 connections accepted, 8 connections established8 Connections closed (including 0 dropped, 0 embryonic dropped)1 Total rxmt timeout, 0 connections dropped in rxmt timeout0 Keepalive timeout, 0 keepalive probe, 0 Connections dropped in keepaliveTable 48 describes the significant fields shown in the display.
Related Commands
show time-range ipc
To display the statistics about the time-range interprocess communications (IPC) messages between the Route Processor and line card, use the show time-range ipc command in user EXEC or privileged EXEC mode.
show time-range ipc
Syntax Description
This command has no argument or keywords.
Defaults
No default behavior or values.
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
The debug time-range ipc EXEC command must be enabled for the show time-range ipc command to display the time-range IPC message statistics.
Examples
The following is sample output from the show time-range ipc command:
Router# show time-range ipcRP Time range Updates Sent :3RP Time range Deletes Sent :2The display lists the number of time-range updates and time-range deletes sent by the Route Processor.
Related Commands
show track
To display tracking information, use the show track command in user EXEC or privileged EXEC mode.
show track [object-number] [brief | interface | ip | resolution | timers]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
Use this command to display information about objects that are tracked by the tracking process.
Examples
The following example shows information about the state of IP routing on the interface being tracked:
Router# show track 1Track 1Interface Ethernet0/2 ip routingIP routing is Down (no IP addr)1 change, last change 00:01:08Tracked by:HSRP Ethernet0/3 1The following example shows information about the line-protocol state on the interface being tracked:
Router# show track 1Track 1Interface Ethernet0/1 line-protocolLine protocol is Up1 change, last change 00:00:05Tracked by:HSRP Ethernet0/3 1The following example shows information about the reachability of a route being tracked:
Router# show track 1Track 1IP route 10.16.0.0 255.255.0.0 reachablityReachability is Up (RIP)1 change, last change 00:02:04First-hop interface is Ethernet0/1Tracked by:HSRP Ethernet0/3 1The following example shows information about the metric threshold of a route being tracked:
Router# show track 1Track 1IP route 10.16.0.0 255.255.0.0 metric thresholdMetric threshold is Up (RIP/6/102)1 change, last change 00:00:08Metric threshold down 255 up 254First-hop interface is Ethernet0/1Tracked by:HSRP Ethernet0/3 1The following example shows the object type, the interval in which it is polled, and the time until the next poll:
Router# show track timersObject type Poll Interval Time to next pollinterface 1 expiredip route 30 29.364Table 49 describes the significant fields shown in the displays.
Related Commands
show vrrp
To display a brief or detailed status of one or all configured Virtual Router Redundancy Protocol (VRRP) groups on the router, use the show vrrp command in user EXEC or privileged EXEC mode.
show vrrp [brief | group]
Syntax Description
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
If no group is specified, all groups are displayed.
Examples
The following is sample output from the show vrrp command:
Router# show vrrpEthernet1/0 - Group 1State is MasterVirtual IP address is 10.2.0.10Virtual MAC address is 0000.5e00.0101Advertisement interval is 3.000 secPreemption is enabledmin delay is 0.000 secPriority 100Master Router is 10.2.0.1 (local), priority is 100Master Advertisement interval is 3.000 secMaster Down interval is 9.609 secEthernet1/0 - Group 2State is MasterVirtual IP address is 10.0.0.20Virtual MAC address is 0000.5e00.0102Advertisement interval is 1.000 secPreemption is enabledmin delay is 0.000 secPriority 95Master Router is 10.0.0.1 (local), priority is 95Master Advertisement interval is 1.000 secMaster Down interval is 3.628 secTable 50 describes the significant fields shown in the display.
The following is sample output from the show vrrp command with the brief keyword:
Router# show vrrp briefInterface Grp Prio Time Own Pre State Master addr Group addrEthernet1/0 1 100 3609 P Master 1.0.0.4 1.0.0.10Ethernet1/0 2 105 3589 P Master 1.0.0.4 1.0.0.20Table 51 describes the significant fields shown in the display.
Related Commands
vrrp ip
Enables VRRP on an interface and identifies the IP address of the virtual router.
show vrrp interface
To display the Virtual Router Redundancy Protocol (VRRP) groups and their status on a specified interface, use the show vrrp interface command in user EXEC or privileged EXEC mode.
show vrrp interface type number [brief]
Syntax Descriptioninter
type
Interface type.
number
Interface number.
brief
(Optional) Provides a summary view of the group information
Command Modes
User EXEC
Privileged EXECCommand History
Examples
The following is sample output from the show vrrp interface command:
Router# show vrrp interface ethernet 1/0Ethernet1/0 - Group 1State is MasterVirtual IP address is 10.2.0.10Virtual MAC address is 0000.5e00.0101Advertisement interval is 3.000 secPreemption is enabledmin delay is 0.000 secPriority 100Master Router is 10.2.0.1 (local), priority is 100Master Advertisement interval is 3.000 secMaster Down interval is 9.609 secEthernet1/0 - Group 2State is MasterVirtual IP address is 10.0.0.20Virtual MAC address is 0000.5e00.0102Advertisement interval is 1.000 secPreemption is enabledmin delay is 0.000 secPriority 95Master Router is 10.0.0.1 (local), priority is 95Master Advertisement interval is 1.000 secMaster Down interval is 3.628 secRelated Commands
standby authentication
To configure an authentication string for the Hot Standby Router Protocol (HSRP), use the standby authentication command in interface configuration mode. To delete an authentication string, use the no form of this command.
standby [group-number] authentication text string
no standby [group-number] authentication text string
Syntax Description
Defaults
The default group number is 0. The default string is cisco.
Command Modes
Interface configuration
Command History
Usage Guidelines
HSRP ignores unauthenticated HSRP messages.
The authentication string is sent unencrypted in all HSRP messages. The same authentication string must be configured on all routers and access servers on a cable to ensure interoperation. Authentication mismatch prevents a device from learning the designated Hot Standby IP address and the Hot Standby timer values from other routers configured with HSRP.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
Examples
The following example configures "word" as the authentication string required to allow Hot Standby routers in group 1 to interoperate:
interface ethernet 0standby 1 authentication text wordstandby delay minimum reload
To configure the delay period before the initialization of Hot Standby Router Protocol (HSRP) groups, use the standby delay minimum reload command in interface configuration mode. To disable the delay period, use the no form of this command.
standby delay minimum min-delay reload reload-delay
no standby delay minimum min-delay reload reload-delay
Syntax Description
Defaults
The default minimum delay is 1 second.
The default reload delay is 5 seconds.Command Modes
Interface configuration
Command History
Usage Guidelines
If the active router fails or is removed from the network, then the standby router will automatically become the new active router. If the former active router comes back online, you can control whether it takes over as the active router by using the standby preempt command.
However, in some cases, even if the standby preempt command is not configured, the former active router will resume the active role after it reloads and comes back online. Use the standby delay minimum reload command to set a delay period for HSRP group initialization. This command allows time for the packets to get through before the router resumes the active role.
We recommend that you use the standby delay minimum reload command if the standby timers command is configured in milliseconds or if HSRP is configured on a VLAN interface of a switch.
In most configurations, the default values provide sufficient time for the packets to get through and configuring longer delay values is not necessary.
The delay will be cancelled if an HSRP packet is received on an interface.
Examples
The following example sets the minimum delay period to 30 seconds and the delay period after the first reload to 120 seconds:
interface ethernet 0ip address 10.20.0.7 255.255.0.0standby delay minimum 30 reload 120standby 3 ip 10.20.0.21standby 3 timers msec 300 msec 700standby 3 priority 100Related Commands
standby ip
To activate the Hot Standby Router Protocol (HSRP), use the standby ip command in interface configuration mode. To disable HSRP, use the no form of this command.
standby [group-number] ip [ip-address [secondary]]
no standby [group-number] ip [ip-address]
Syntax Description
Defaults
The default group number is 0
HSRP is disabled by default.Command Modes
Interface configuration
Command History
10.0
This command was introduced.
10.3
The group-number argument was added.
11.1
The secondary keyword was added.
Usage Guidelines
The standby ip command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the designated address is learned through the standby function. For HSRP to elect a designated router, at least one router on the cable must have been configured with, or have learned, the designated address. Configuring the designated address on the active router always overrides a designated address that is currently in use.
When the standby ip command is enabled on an interface, the handling of proxy ARP requests is changed (unless proxy ARP was disabled). If the Hot Standby state of the interface is active, proxy ARP requests are answered using the MAC address of the Hot Standby group. If the interface is in a different state, proxy ARP responses are suppressed.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
Examples
The following example activates HSRP for group 1 on Ethernet interface 0. The IP address used by the Hot Standby group will be learned using HSRP.
interface ethernet 0standby 1 ipIn the following example, all three virtual IP addresses appear in the ARP table using the same (single) virtual MAC address. All three virtual IP addresses are using the same HSRP group (group 0).
ip address 1.1.1.1. 255.255.255.0ip address 1.2.2.2. 255.255.255.0 secondaryip address 1.3.3.3. 255.255.255.0 secondaryip address 1.4.4.4. 255.255.255.0 secondarystandby ip 1.1.1.254standby ip 1.2.2.254 secondarystandby ip 1.3.3.254 secondarystandby mac-address
To specify a virtual MAC address for the Hot Standby Router Protocol (HSRP), use the standby mac-address command in interface configuration mode. To revert to the standard virtual MAC address (0000.0C07.ACxy), use the no form of this command.
standby [group-number] mac-address mac-address
no standby [group-number] mac-address
Syntax Description
group-number
(Optional) Group number on the interface for which HSRP is being activated. The default is 0.
mac-address
MAC address.
Defaults
If this command is not configured, and the standby use-bia command is not configured, the standard virtual MAC address is used: 0000.0C07.ACxy, where xy is the group number in hexadecimal. This address is specified in RFC 2281, Cisco Hot Standby Router Protocol (HSRP).
Command Modes
Interface configuration
Command History
Usage Guidelines
This command cannot be used on a Token Ring interface.
HSRP is used to help end stations locate the first-hop gateway for IP routing. The end stations are configured with a default gateway. However, HSRP can provide first-hop redundancy for other protocols. Some protocols, such as Advanced Peer-to-Peer Networking (APPN), use the MAC address to identify the first hop for routing purposes. In this case, it is often necessary to be able to specify the virtual MAC address; the virtual IP address is unimportant for these protocols. Use the standby mac-address command to specify the virtual MAC address.
The MAC address specified is used as the virtual MAC address when the router is active.
This command is intended for certain APPN configurations. The parallel terms are shown in Table 52.
Table 52
Parallel Terms Between APPN and IP
In an APPN network, an end node is typically configured with the MAC address of the adjacent network node. Use the standby mac-address command in the routers to set the virtual MAC address to the value used in the end nodes.
Examples
If the end nodes are configured to use 4000.1000.1060 as the MAC address of the network node, the following example shows the command used to configure HSRP group 1 with the virtual MAC address:
standby 1 mac-address 4000.1000.1060Related Commands
show standby
Displays HSRP information.
standby use-bia
Configures HSRP to use the burned-in address of the interface as its virtual MAC address.
standby mac-refresh
To change the interval at which packets are sent to refresh the MAC cache when the Hot Standby Router Protocol (HSRP) is running over FDDI, use the standby mac-refresh command in interface configuration mode. To restore the default value, use the no form of this command.
standby mac-refresh seconds
no standby mac-refresh
Syntax Description
seconds
Number of seconds in the interval at which a packet is sent to refresh the MAC cache. The maximum value is 255 seconds. The default is 10 seconds.
Defaults
Seconds: 10 seconds.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command applies to HSRP running over FDDI only. Packets are sent every 10 seconds to refresh the MAC cache on learning bridges or switches. By default, the MAC cache entries age out in 300 seconds (5 minutes).
All other routers participating in HSRP on the FDDI ring receive the refresh packets, although the packets are intended only for the learning bridge or switch. Use this command to change the interval. Set the interval to 0 if you want to prevent refresh packets (if you have FDDI but do not have a learning bridge or switch).
Examples
The following example changes the MAC refresh interval to 100 seconds. Therefore, a learning bridge would need to miss three packets before the entry ages out.
standby mac-refresh 100standby name
To configure the name of the standby group, use the standby name command in interface configuration mode. To disable the name, use the no form of this command.
standby name group-name
no standby name group-name
Syntax Description
Defaults
The Hot Standby Router Protocol (HSRP) is disabled.
Command Modes
Interface configuration
Command History
12.0(2)T
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
The name specifies the HSRP group used. The HSRP group name must be unique on the router.
Examples
The following example specifies the standby name as SanJoseHA:
interface ethernet0ip address 10.0.0.1 255.0.0.0standby ip 10.0.0.10standby name SanJoseHAstandby preempt delay sync 100standby priority 110Related Commands
standby preempt
To configure Hot Standby Router Protocol (HSRP) preemption and preemption delay, use the standby preempt command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] preempt [delay{minimum seconds | reload seconds | sync seconds}]
no standby [group-number] preempt [delay{minimum seconds | reload seconds | sync seconds}]
Syntax Description
Defaults
The default group number is 0.
The default delay is 0 seconds; if the router wants to preempt, it will do so immediately.
By default, the router that comes up later becomes the standby.Command Modes
Interface configuration
Command History
Usage Guidelines
When this command is configured, the router is configured to preempt, which means that when the local router has a Hot Standby priority higher than the current active router, the local router should attempt to assume control as the active router. If preemption is not configured, the local router assumes control as the active router only if it receives information indicating no router is in the active state (acting as the designated router).
When a router first comes up, it does not have a complete routing table. If it is configured to preempt, it will become the active router, yet it is unable to provide adequate routing services. Solve this problem by configuring a delay before the preempting router actually preempts the currently active router.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
IP redundancy clients can prevent preemption from taking place. The standby preempt delay sync seconds command specifies a maximum number of seconds to allow IP redundancy clients to prevent preemption. When this expires, then preemption takes place regardless of the state of the IP redundancy clients.
The standby preempt delay reload seconds command allows preemption to occur only after a router reloads. This provides stabilization of the router at startup. After this initial delay at startup, the operation returns to the default behavior.
The no standby preempt delay command will disable the preemption delay but preemption will remain enabled. The no standby preempt delay minimum seconds command will disable the minimum delay but leave any synchronization delay if it was configured.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 preempt delay minimum 300% Warning: This setting has no effect while following another group.Examples
In the following example, the router will wait for 300 seconds (5 minutes) before attempting to become the active router:
interface ethernet 0standby ip 172.19.108.254standby preempt delay minimum 300standby priority
To configure Hot Standby Router Protocol (HSRP) priority, use the standby priority command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] priority priority
no standby [group-number] priority priority
Syntax Description
Defaults
The default group number is 0.
The default priority is 100.Command Modes
Interface configuration
Command History
Usage Guidelines
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
The assigned priority is used to help select the active and standby routers. Assuming that preemption is enabled, the router with the highest priority becomes the designated active router. In case of ties, the primary IP addresses are compared, and the higher IP address has priority.
Note that the priority of the device can change dynamically if an interface is configured with the standby track command and another interface on the router goes down.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 priority 110%Warning: This setting has no effect while following another group.Examples
In the following example, the router has a priority of 120 (higher than the default value):
interface ethernet 0standby ip 172.19.108.254standby priority 120standby preempt delay 300Related Commands
standby track
Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.
standby redirect
To enable Hot Standby Router Protocol (HSRP) filtering of Internet Control Message Protocol (ICMP) redirect messages, use the standby redirect command in interface configuration mode. To disable the HSRP filtering of ICMP redirect messages, use the no form of this command.
standby redirect [enable | disable] [timers advertisement holddown] [unknown]
no standby redirect [unknown]
Syntax Description
Defaults
HSRP filtering of ICMP redirect messages is enabled if HSRP is configured on an interface.
Command Modes
Interface configuration
Command History
12.1(3)T
This command was introduced.
12.2
The following keywords and arguments were added to the command:
•
•
Usage Guidelines
The standby redirect command can be configured globally or on a per-interface basis. When HSRP is first configured on an interface, the setting for that interface will inherit the global value. If the filtering of ICMP redirects is explicitly disabled on an interface, then the global command cannot reenable this functionality.
The no standby redirect command is the same as the standby redirect disable command. However, it is not desirable to save the no form of this command to NVRAM. Because the command is enabled by default, it is preferable to use the standby redirect disable command to disable the functionality.
With the standby redirect command enabled, the real IP address of a router can be replaced with a virtual IP address in the next hop address or gateway field of the redirect packet. HSRP looks up the next hop IP address in its table of real IP addresses versus virtual IP addresses. If HSRP does not find a match, the HSRP router allows the redirect packet to go out unchanged. The host HSRP router is redirected to a router that is unknown, that is, a router with no active HSRP groups. You can specify the no standby redirect unknown command to stop these redirects from being sent.
Examples
The following example allows HSRP to filter ICMP redirect messages on interface Ethernet 0:
Router(config)# interface ethernet 0Router(config-if)# ip address 10.0.0.1 255.0.0.0Router(config-if)# standby redirectRouter(config-if)# standby 1 ip 10.0.0.11The following example shows how to change the HSRP router advertisement interval to 90 seconds and the holddown timer to 270 seconds on interface Ethernet 0:
Router(config)# interface ethernet 0Router(config-if)# ip address 10.0.0.1 255.0.0.0Router(config-if)# standby redirect timers 90 270Router(config-if)# standby 1 ip 10.0.0.11Related Commands
show standby
Displays the HSRP information.
show standby redirect
Displays ICMP redirect information on interfaces configured with the HSRP.
standby timers
To configure the time between hello packets and the time before other routers declare the active Hot Standby or standby router to be down, use the standby timers command in interface configuration mode. To restore the timers to their default values, use the no form of this command.
standby [group-number] timers [msec] hellotime [msec] holdtime
no standby [group-number] timers [msec] hellotime [msec] holdtime
Syntax Description
Defaults
The default group number is 0.
The default hello interval is 3 seconds.
The default hold time is 10 seconds.Command Modes
Interface configuration
Command History
Usage Guidelines
The standby timers command configures the time between standby hello packets and the time before other routers declare the active or standby router to be down. Routers or access servers on which timer values are not configured can learn timer values from the active or standby router. The timers configured on the active router always override any other timer settings. All routers in a Hot Standby group should use the same timer values. Normally, holdtime is greater than or equal to 3 times the value of hellotime. The range of values for holdtime force the holdtime to be greater than the hellotime. If the timer values are specified in milliseconds, the holdtime is required to be at least three times the hellotime value and not less than 50 milliseconds.
Some HSRP state flapping can occasionally occur if the holdtime is set to less than 250 milliseconds, and the processor is busy. It is recommended that holdtime values less than 250 milliseconds be used on Cisco 7200 platforms or better, and on Fast-Ethernet or FDDI interfaces or better. Setting the process-max-time command to a suitable value may also help with flapping.
The value of the standby timer will not be learned through HSRP hellos if it is less than 1 second.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 timers 5 15% Warning: This setting has no effect while following another group.Examples
The following example sets, for group number 1 on Ethernet interface 0, the time between hello packets to 5 seconds, and the time after which a router is considered to be down to 15 seconds:
interface ethernet 0standby 1 ipstandby 1 timers 5 15The following example sets, for the Hot Router interface located at 172.19.10.1 on Ethernet interface 0, the time between hello packets to 300 milliseconds, and the time after which a router is considered to be down to 900 milliseconds:
interface ethernet 0standby ip 172.19.10.1standby timers msec 300 msec 900The following example sets, for the Hot Router interface located at 172.18.10.1 on Ethernet interface 0, the time between hello packets to 15 milliseconds, and the time after which a router is considered to be down to 50 milliseconds. Note that the holdtime is larger than three times the hellotime because the minimum holdtime value in milliseconds is 50.
interface ethernet 0standby ip 172.18.10.1standby timers msec 15 msec 50standby track
To configure the Hot Standby Routing Protocol (HSRP) to track an object and change the Hot Standby priority based on the state of the object, use the standby track command in interface configuration mode. To remove the tracking, use the no form of this command.
Cisco IOS Release 12.2(15)T and Later Releases
standby [group-number] track object-number [decrement priority]
no standby [group-number] track object-number [decrement priority]
Cisco IOS Release 12.2(13)T and Earlier Releases
standby [group-number] track interface-type interface-number [interface-priority]
no standby [group-number] track interface-type interface-number [interface-priority]
Syntax Description
Defaults
group-number: 0
priority: 10
interface-priority: 10Command Modes
Interface configuration
Command History
10.3
This command was introduced.
12.2(15)T
This command was enhanced to allow HSRP to track objects other than the interface line-protocol state.
Usage Guidelines
This command ties the Hot Standby priority of the router to the availability of its tracked objects. Use the track interface or track ip route global configuration command to track an interface object or an IP route object. The HSRP client can register its interest in the tracking process by using the standby track command commands, and take action when the object changes.
When a tracked object goes down, the Hot Standby priority decreases by 10. If an object is not tracked, its state changes do not affect the Hot Standby priority. For each object configured for Hot Standby, you can configure a separate list of objects to be tracked.
The optional priority argument specifies how much to decrement the Hot Standby priority when a tracked object goes down. When the tracked object comes back up, the priority is incremented by the same amount.
When multiple tracked objects are down, the decrements are cumulative, whether configured with priority values or not.
Use the no standby group-number track command to delete all tracking configuration for a group.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
The standby track command syntax prior to Release 12.2(15)T is still supported. Using the older form will cause a tracked object to be created in the new tracking process. This tracking information can be displayed using the show track command.
Examples
In the following example, the tracking process is configured to track the IP routing capability of serial interface 1/0. HSRP on Ethernet interface 0/0 then registers with the tracking process to be informed of any changes to the IP routing state of serial interface 1/0. If the IP state on Serial interface 1/0 goes down, then the priority of the HSRP group is reduced by 10.
If both serial interfaces are operational, then Router A will be the HSRP active router because it has the higher priority.
However, if IP routing on serial interface 1/0 in Router A fails, then the HSRP group priority will be reduced and Router B will take over as the active router, thus maintaining a default virtual gateway service to hosts on the 10.1.0.0 subnet.
Router A Configuration
!track 100 interface serial1/0 ip routing!interface Ethernet0/0ip address 10.1.0.21 255.255.0.0standby 1 ip 10.1.0.1standby 1 priority 105standby 1 track 100 decrement 10Router B Configuration
!track 100 interface serial1/0 ip routing!interface Ethernet0/0ip address 10.1.0.22 255.255.0.0standby 1 ip 10.1.0.1standby 1 priority 100standby 1 track 100 decrement 10Related Commands
standby use-bia
To configure the Hot Standby Router Protocol (HSRP) to use the burned-in address of the interface as its virtual MAC address, instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring), use the standby use-bia command in interface configuration mode. To restore the default virtual MAC address, use the no form of this command.
standby use-bia [scope interface]
no standby use-bia
Syntax Description
scope interface
(Optional) Specifies that this command is configured just for the subinterface on which it was entered, instead of the major interface.
Defaults
HSRP uses the preassigned MAC address on Ethernet and FDDI, or the functional address on Token Ring.
Command Modes
Interface configuration
Command History
11.2
This command was introduced.
12.1
The behavior was modified to allow multiple standby groups to be configured for an interface configured with this command
Usage Guidelines
For an interface with this command configured, multiple standby group can be configured. Hosts on the interface must have a default gateway configured. We recommend that you set the no ip proxy-arp command on the interface. It is desirable to configure the standby use-bia command on a Token Ring interface if there are devices that reject ARP replies with source hardware addresses set to a functional address.
When HSRP runs on a multiple-ring, source-routed bridging environment and the HRSP routers reside on different rings, configuring the standby use-bia command can prevent confusion about the routing information field (RFI).
Without the scope interface keywords, the standby use-bia command applies to all subinterfaces on the major interface. The standby use-bia command may not be configured both with and without the scope interface keywords at the same time.
Examples
In the following example, the burned-in address of Token Ring interface 4/0 will be the virtual MAC address mapped to the virtual IP address:
interface token4/0standby use-biastart-forwarding-agent
To start the forwarding agent, use the start-forwarding-agent command in CASA-port configuration mode.
start-forwarding-agent port-number [password [timeout]]
Syntax Description
Defaults
The default initial number of affinities is 5000.
The default maximum number of affinities is 30,000.Command Modes
CASA-port configuration
Command History
Usage Guidelines
The forwarding agent must be started before you can configure any port information for the forwarding agent.
Examples
The following example specifies that the forwarding agent will listen for wildcard and fixed affinities on port 1637:
start-forwarding-agent 1637Related Commands
forwarding-agent
Specifies the port on which the forwarding agent will listen for wildcard and fixed affinities.
sticky
To assign all connections from a client to the same real server, use the sticky command in virtual server configuration mode. To remove the client/server coupling, use the no form of this command.
sticky duration [group group-id]
no sticky
Syntax Description
Defaults
Sticky connections are not tracked.
Virtual servers are not associated with any groups.
Command Modes
SLB virtual server configuration
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Usage Guidelines
The last real server that was used for a connection from a client is stored for the set duration seconds. If a new connection from the client to the virtual server is initiated during that time, the same real server that was used for the previous connection is chosen for the new connection. If two virtual servers are placed in the same group, coincident connection requests for those services from the same IP address are handled by the same real server.
Examples
The following example specifies that if a subsequent request from a client for a virtual server is made within 60 seconds of the previous request, then the same real server is used for the connection. This example also places the virtual server in group 10.
ip slb vserver VS1sticky 60 group 10Related Commands
subnet prefix-length
To configure a subnet allocation pool and determine the size subnets that are allocated from the pool, use the subnet prefix-length command in DHCP pool configuration mode. To unconfigure subnet pool allocation, use the no form of this command.
subnet prefix-length prefix-length
no subnet prefix-length prefix-length
Syntax Description
prefix-length
Configures the IP subnet prefix length in classless interdomain routing (CIDR) bit count notation. The range is from 1 to 31.
Defaults
No default behavior or values.
Command Modes
DHCP pool configuration
Command History
Usage Guidelines
This command is used to configure a Cisco IOS router as a subnet allocation server for a centralized or remote VPN on-demand address pool (ODAP) manager. This command is configured under a DHCP pool. The prefix-length argument is used to determine the size of the subnets that are allocated from the subnet allocation pool. The values that can be configured for the prefix-length argument follow CIDR bit count notation format.
Configuring Global Subnet Pools
Global subnet pools are created in a centralized network. The ODAP server allocates subnets from the subnet allocation server based on subnet availability. When the ODAP manager allocates a subnet, the subnet allocation server creates a subnet binding. This binding is stored in the DHCP database for as long as the ODAP server requires the address space. The binding is destroyed and the subnet is returned to the subnet pool only when the ODAP server releases the subnet as address space utilization decreases.
Configuring VPN Subnet Pools
A subnet allocation server can be configured to assign subnets from VPN subnet allocation pools for MPLS VPN clients. VPN routes between the ODAP manager and the subnet allocation server are configured based on VRF name or VPN ID configuration. The VRF and VPN ID are configured to maintain routing information that defines customer VPN sites. This customer site is attached to a provider edge (PE) router. A VRF consists of an IP routing table, a derived Cisco Express Forwarding (CEF) table, a set of interfaces that use the forwarding table, and a set of rules and routing protocol parameters that control the information that is included in the routing table.
Configuring VPN Subnet Pools for VPN clients with VPN IDs
A subnet allocation server can also be configured to assign subnets from VPN subnet allocation pools based on the VPN ID of a client. The VPN ID (or Organizational Unique Identifier [OUI]) is a unique identifier assigned by the IEEE. VPN routes between the ODAP manager and the subnet allocation server are enabled by configuring the DHCP pool with a VPN ID that matches the VPN ID that is configured for the VPN client.
Examples
Global Configuration Example
The following example configures a router to be a subnet allocation server and creates a global subnet allocation pool named GLOBAL-POOL from the 10.0.0.0 network. The configuration of the subnet prefix-length command in this example configures each subnet that is allocated from the subnet pool to support 254 host IP addresses.
Router(config)# ip dhcp pool GLOBAL-POOLRouter(dhcp-config)# network 10.0.0.0 255.255.255.0Router(dhcp-config)# subnet prefix-length 24!VPN Configuration Example
The following example configures a router to be a subnet allocation server and creates a VRF subnet allocation pool named VRF-POOL from the 172.16.0.0 network and configures the VPN to match the VRF named RED. The configuration of the subnet prefix-length command in this example configures each subnet that is allocated from the subnet pool to support 62 host IP addresses.
Router(config)# ip dhcp pool VRF-POOLRouter(dhcp-config)# vrf REDRouter(dhcp-config)# network 172.16.0.0 /16Router(dhcp-config)# subnet prefix-length 26!VPN ID Configuration Example
The following example configures a router to be a subnet allocation server and creates a VRF subnet allocation pool named VRF-POOL from the 192.168.0.0 network and configures the VRF named RED. The VPN ID must match the unique identifier that is assigned to the client site. The route target and route distinguisher are configured in the as-number:network number format. The route target and route distinguisher must match. The configuration of the subnet prefix-length command in this example configures each subnet that is allocated from the subnet pool to support 30 host IP addresses.
Router(config)# ip vrf REDRouter(config-vrf)# rd 100:1Router(config-vrf)# route-target both 100:1Router(config-vrf)# vpn id 1234:123456Router(config-vrf)# exitRouter(config)# ip dhcp pool VPN-POOLRouter(dhcp-config)# vrf REDRouter(dhcp-config)# network 192.168.0.0 /24Router(dhcp-config)# subnet prefix-length /27Router(dhcp-config)# exitRelated Commands
synguard
To limit the rate of TCP SYNs handled by a virtual server to prevent an SYN flood Denial-of-Service attack, use the synguard command in virtual server configuration mode. To remove the threshold, use the no form of this command.
synguard syn-count [interval]
no synguard
Syntax Description
Defaults
The default SYN count is 0 (off).
The default interval is 100 ms.
Command Modes
SLB virtual server configuration
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Examples
The following example sets the threshold of unanswered SYNs to 50:
ip slb vserver PUBLIC_HTTPsynguard 50Related Commands
show ip slb vservers
Displays information about the virtual servers.
virtual
Configures the virtual server attributes.
