Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services, Release 12.3
IP Addressing and Services Commands: show ip nhrp through synguard

Table Of Contents

show ip nhrp

show ip nhrp nhs

show ip nhrp summary

show ip nhrp traffic

show ip redirects

show ip route dhcp

show ip slb conns

show ip slb dfp

show ip slb reals

show ip slb serverfarms

show ip slb stats

show ip slb sticky

show ip slb vservers

show ip snat

show ip sockets

show ip tcp header-compression

show ip traffic

show ip wccp

show ip wccp web-caches

show standby

show standby capability

show standby delay

show standby internal

show standby redirect

show tcp statistics

show time-range ipc

show track

show vrrp

show vrrp interface

standby authentication

standby delay minimum reload

standby ip

standby mac-address

standby mac-refresh

standby name

standby preempt

standby priority

standby redirect

standby timers

standby track

standby use-bia

start-forwarding-agent

sticky

subnet prefix-length

synguard


show ip nhrp

To display Next Hop Resolution Protocol (NHRP) mapping information, use the show ip nhrp command in user EXEC or privileged EXEC mode.

show ip nhrp [dynamic | incomplete | static] [address | interface] [brief | detail] [purge]

Syntax Description

dynamic

(Optional) Displays dynamic (learned) IP-to-nonbroadcast multiaccess address (NBMA) mapping entries. Dynamic NHRP mapping entries are obtained from NHRP resolution/registration exchanges. See Table 23 for types, number ranges, and descriptions.

incomplete

(Optional) Displays information about NHRP mapping entries for which the IP-to-NBMA is not resolved. See Table 23 for types, number ranges, and descriptions.

static

(Optional) Displays static IP-to-NBMA address mapping entries. Static NHRP mapping entries are configured using the ip nhrp map command. See Table 23 for types, number ranges, and descriptions.

address

(Optional) Displays NHRP mapping entries for specified protocol addresses.

interface

(Optional) Displays NHRP mapping entries for the specified interface. See Table 23 for types, number ranges, and descriptions.

brief

(Optional) Displays a short output of the NHRP mapping.

detail

(Optional) Displays detailed information about NHRP mapping.

purge

(Optional) Displays NHRP purge information.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

Table 23 lists the valid types, number ranges, and descriptions for the optional interface argument.


Note The valid types can vary according to the platform and interfaces on the platform.


Table 23 Valid Types, Number Ranges, and Interface Description 

Valid Types
Number Ranges
Interface Descriptions

async

1

Async

atm

0 to 6

ATM

bvi

1 to 255

Bridge-Group Virtual Interface

cdma-ix

1

CDMA Ix

ctunnel

0 to 2147483647

C-Tunnel

dialer

0 to 20049

Dialer

ethernet

0 to 4294967295

Ethernet

fastethernet

0 to 6

FastEthernet IEEE 802.3

lex

0 to 2147483647

Lex

loopback

0 to 2147483647

Loopback

mfr

0 to 2147483647

Multilink Frame Relay bundle

multilink

0 to 2147483647

Multilink-group

null

0

Null

port-channel

1 to 64

Port channel

tunnel

0 to 2147483647

Tunnel

vif

1

PGM multicast host

virtual-ppp

0 to 2147483647

Virtual PPP

virtual-template

1 to 1000

Virtual template

virtual-tokenring

0 to 2147483647

Virtual Token Ring

xtagatm

0 to 2147483647

Extended tag ATM


Examples

The following is sample output from the show ip nhrp detail command:

Router# show ip nhrp detail

10.1.1.1/8 via 10.2.1.1, Tunnel1 created 00:46:29, never expire
  Type: static, Flags: used
  NBMA address: 10.12.1.1
10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47
  Type: dynamic, Flags: authoritative unique nat registered used
  NBMA address: 10.12.1.2
10.1.1.4, Tunnel1 created 00:00:07, expire 00:02:57
  Type: incomplete, Flags: negative
  Cache hits: 4

Table 24 describes the significant fields shown in the displays.

Table 24 show ip nhrp Field Descriptions 

Field
Description

10.1.1.1/8

Target network.

via 10.2.1.1

Next Hop to reach the target network.

Tunnel1

Interface through which the target network is reached.

created 00:00:12

Length of time since the entry was created (hours:minutes:seconds).

expire 01:59:47

Time remaining until the entry expires (hours:minutes:seconds).

never expire

Indicates that static entries never expire.

Type

dynamic—NHRP mapping is obtained dynamically. The mapping entry is created using information from the NHRP resolution and registrations.

static—NHRP mapping is configured statically. Entries configured by the ip nhrp map command are marked static.

incomplete—The NBMA address is not known for the target network.

NBMA address

Nonbroadcast multiaccess address of the next hop. The address format is appropriate for the type of network being used: ATM, Ethernet, Switched Multimegabit Data Service (SMDS), or multipoint tunnel.

Flags

authoritative—Indicates that the NHRP information was obtained from the Next Hop Server or router that maintains the NBMA-to-IP address mapping for a particular destination.

implicit—Indicates that the local node learned about the NHRP mapping entries through the source NHRP mapping information from an NHRP resolution request or reply.

local—Indicates NHRP mapping entries that are for networks local to this router (that is, serviced by this router). These flag entries are created when this router answers an NHRP resolution request that has this information and is used to store the tunnel IP address of all the other NHRP nodes to which it has sent this information. If for some reason this router loses access to this local network (that is, it can no longer service this network), it sends an NHRP purge message to all remote NHRP nodes that are listed in the "local" entry (in show ip nhrp detail command output) to tell the remote nodes to clear this information from their NHRP mapping tables. This local mapping entry times out of the local NHRP mapping database at the same time that this information (from the NHRP resolution reply) would time out of the NHRP mapping database on the remote NHRP nodes.

nat—Indicates that the remote node (NHS client) supports the new NHRP NAT extension for dynamic spoke-spoke tunnels to/from spokes behind a NAT router. This marking does not indicate that the spoke (NHS client) is behind a NAT router.

Flags (continued)

negative—For negative caching, indicates that the requested NBMA mapping could not be obtained.

(no socket)—Indicates that the NHRP mapping entries will not trigger IPsec to set up encryption because data traffic does not need to use this tunnel. Later, if data traffic needs to use this tunnel, the flag will change from a "(no socket)" to a "(socket)" entry and IPsec will be triggered to set up the encryption for this tunnel. Local and implicit NHRP mapping entries are always initially marked as "(no socket)."

registered—Indicates that the mapping entry was created in response to an NHRP registration request. Although registered mapping entries are dynamic entries, they may not be refreshed through the "used" mechanism. Instead, these entries are refreshed by another NHRP registration request with the same Tunnel IP to NBMA IP address mapping. The Next Hop Client (NHC) regularly sends NHRP registration requests to keep these mappings from expiring.

router—Indicates that NHRP mapping entries for a remote router (that is accessing a network or host behind the remote router) are marked with the router flag.

unique—Indicates that an NHRP mapping entry cannot be overwritten by a mapping entry that has the same IP address and a different NBMA address. This prohibition is necessary because the spoke'soutside IP (NBMA) address may change at any time. If the unique flag is set, the spoke has to wait for the mapping entry on the hub to time out before it can register its new (NBMA) mapping. The NHRP registration request packet has the unique flag set by default.

used—Indicates that the mapping entry is being used. The mapping database is checked every 60 seconds. If the used flag is set and more than 120 seconds remain until expire time, the used flag is cleared. If fewer than 120 seconds are left, this mapping entry is refreshed by the transmission of another NHRP resolution request.


Related Commands

Command
Description

ip nhrp map

Statically configures the IP-to-NBMA address mapping of IP destinations connected to an NBMA network.

show ip nhrp multicast

Displays NHRP multicast mapping information.

show ip nhrp nhs

Displays NHRP Next Hop Server information.

show ip nhrp summary

Displays NHRP mapping summary information.

show ip nhrp traffic

Displays NHRP traffic statistics.


show ip nhrp nhs

To display Next Hop Resolution Protocol (NHRP) next hop server (NHS) information, use the show ip nhrp nhs command in user EXEC or privileged EXEC mode.

show ip nhrp nhs [interface] [detail]

Syntax Description

interface

(Optional) Displays NHS information currently configured on the interface. See Table 25 for types, number ranges, and descriptions.

detail

(Optional) Displays detailed NHS information.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

10.3

This command was introduced.


Usage Guidelines

Table 25 lists the valid types, number ranges, and descriptions for the optional interface argument.


Note The valid types can vary according to the platform and interfaces on the platform.


Table 25 Valid Types, Number Ranges, and Interface Descriptions 

Valid Types
Number Ranges
Interface Descriptions

async

1

Async

atm

0 to 6

ATM

bvi

1 to 255

Bridge-Group Virtual Interface

cdma-ix

1

CDMA Ix

ctunnel

0 to 2147483647

C-Tunnel

dialer

0 to 20049

Dialer

ethernet

0 to 4294967295

Ethernet

fastethernet

0 to 6

FastEthernet IEEE 802.3

lex

0 to 2147483647

Lex

loopback

0 to 2147483647

Loopback

mfr

0 to 2147483647

Multilink Frame Relay bundle

multilink

0 to 2147483647

Multilink-group

null

0

Null

port-channel

1 to 64

Port channel

tunnel

0 to 2147483647

Tunnel

vif

1

PGM multicast host

virtual-ppp

0 to 2147483647

Virtual PPP

virtual-template

1 to 1000

Virtual template

virtual-tokenring

0 to 2147483647

Virtual Token Ring

xtagatm

0 to 2147483647

Extended tag ATM


Examples

The following is sample output from the show ip nhrp nhs detail command:

Router# show ip nhrp nhs detail

Legend:
  E=Expecting replies
  R=Responding

Tunnel1:
  5.1.1.1           E  req-sent 128  req-failed 1  repl-recv 0

Pending Registration Requests:
Registration Request: Reqid 1, Ret 64  NHS 5.1.1.1

Table 26 describes the significant field shown in the display.

Table 26 show ip nhrp nhs Field Descriptions 

Field
Description

Tunnel1

Interface through which the target network is reached.


Related Commands

Command
Description

ip nhrp map

Statically configures the IP-to-NBMA address mapping of IP destinations connected to an NBMA network.

show ip nhrp

Displays NHRP mapping information.

show ip nhrp summary

Displays NHRP mapping summary information.

show ip nhrp traffic

Displays NHRP traffic statistics.


show ip nhrp summary

To display Next Hop Resolution Protocol (NHRP) mapping summary information, use the show ip nhrp summary command in user EXEC or privileged EXEC mode.

show ip nhrp summary

Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

10.3

This command was introduced.


Examples

The following is sample output from the show ip nhrp summary command:

Router# show ip nhrp summary

IP NHRP cache 1 entry, 256 bytes
    1 static  0 dynamic  0 incomplete

Table 27 describes the significant field shown in the display.

Table 27 show ip nhrp summary Field Descriptions 

Field Output
Description

dynamic

NHRP mapping is obtained dynamically. The mapping entry is created using information from the NHRP resolution and registrations

static

NHRP mapping is configured statically. Entries configured by the ip nhrp map command are marked static.

incomplete

NBMA address is not known for the target network.


Related Commands

Command
Description

ip nhrp map

Statically configures the IP-to-NBMA address mapping of IP destinations connected to an NBMA network.

show ip nhrp

Displays NHRP mapping information.

show ip nhrp nhs

Displays NHRP Next Hop Server information.

show ip nhrp traffic

Displays NHRP traffic statistics.


show ip nhrp traffic

To display Next Hop Resolution Protocol (NHRP) traffic statistics, use the show ip nhrp traffic EXEC command.

show ip nhrp traffic

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release
Modification

10.3

This command was introduced.


Examples

The following is sample output from the show ip nhrp traffic command:

Router# show ip nhrp traffic

Tunnel0
  request packets sent: 2
  request packets received: 4
  reply packets sent: 4
  reply packets received: 2
  register packets sent: 0
  register packets received: 0
  error packets sent: 0
  error packets received: 0

Table 28 describes the significant fields shown in the display.

Table 28 show ip nhrp traffic Field Descriptions 

Field
Description

Tunnel 0

Interface type and number.

request packets sent

Number of NHRP request packets originated from this station.

request packets received

Number of NHRP request packets received by this station.

reply packets sent

Number of NHRP reply packets originated from this station.

reply packets received

Number of NHRP reply packets received by this station.

register packets sent

Number of NHRP register packets originated from this station. Currently, our routers and access servers do not send register packets, so this value is 0.

register packets received

Number of NHRP register packets received by this station. Currently, our routers or access servers do not send register packets, so this value is 0.

error packets sent

Number of NHRP error packets originated by this station.

error packets received

Number of NHRP error packets received by this station.


show ip redirects

To display the address of a default gateway (router) and the address of hosts for which an Internet Control Message Protocol (ICMP) redirect message has been received, use the show ip redirects command in user EXEC or privileged EXEC mode.

show ip redirects

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

10.0

This command was introduced.


Usage Guidelines

This command displays the default router (gateway) as configured by the ip default-gateway command.

The ip mtu command enables the router to send ICMP redirect messages.

Examples

The following is sample output from the show ip redirects command:

Router# show ip redirects

Default gateway is 172.89.80.29

Host               Gateway           Last Use    Total Uses  Interface
172.16.1.111      172.16.80.240         0:00             9  Ethernet0
172.16.1.4        172.16.80.240         0:00             4  Ethernet0

Related Commands

Command
Description

ip default-gateway

Defines a default gateway (router) when IP routing is disabled.

ip mtu

Enables the sending of ICMP redirect messages if the Cisco IOS software is forced to resend a packet through the same interface on which it was received.


show ip route dhcp

To display the routes added to the routing table by the Cisco IOS Dynamic Host Configuration Protocol (DHCP) server and relay agent, use the show ip route dhcp command in privileged EXEC configuration mode.

show ip route [vrf vrf-name] dhcp [ip-address]

Syntax Description

vrf

(Optional) Specifies VPN routing and forwarding instance.

vrf-name

(Optional) Name of the VRF.

ip-address

(Optional) Address about which routing information should be displayed.


Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Release
Modification

12.2

This command was introduced.


Usage Guidelines

To display information about global routes, use the show ip route dhcp command. To display routes in the VRF routing table, use the show ip route vrf vrf-name dhcp command.

Examples

The following is sample output from the show ip route dhcp command when entered without an address. This command lists all routes added by the Cisco IOS DHCP server and relay agent.

Router# show ip route dhcp 
  10.5.5.5.56/32 is directly connected, ATM0.2
  10.5.5.217/32 is directly connected, ATM0.21

The following is sample output from the show ip route dhcp command when an address is specified. The output shows the details of the address with the server address (who assigned it) and the lease expiration time.

Router# show ip route dhcp 55.5.5.217 
  10.5.5.217  is directly connected, ATM0.2
    DHCP Server: 49.9.9.10   Lease expires at Nov 08 2001 01:19 PM

The following is sample output from the show ip route vrf vrf-name dhcp command when entered without an address:

Router# show ip route vrf red dhcp
  10.5.5.218/32 is directly connected, ATM0.2

The following is sample output from the show ip route vrf vrf-name dhcp command when an address is specified. The output shows the details of the address with the server address (who assigned it) and the lease expiration time.

Router# show ip route vrf red dhcp 10.5.5.218
  10.5.5.218/32 is directly connected, ATM0.2
    DHCP Server: 10.9.9.10   Lease expires at Nov 08 2001 03:15PM

Related Commands

Command
Description

clear ip route dhcp

Removes routes from the routing table added by the DHCP server and relay agent for the DHCP clients on unnumbered interfaces.


show ip slb conns

To display the active IOS SLB connections, use the show ip slb conns privileged EXEC command.

show ip slb conns [vserver virtserver-name] [client ip-address] [detail]

Syntax Description

vserver

(Optional) Displays only those connections associated with a particular virtual server.

virtserver-name

(Optional) Name of the virtual server to be monitored.

client

(Optional) Displays only those connections associated with a particular client IP address.

ip-address

(Optional) IP address of the client to be monitored.

detail

(Optional) Displays detailed connection information.


Defaults

If no options are specified, the command displays output for all active IOS SLB connections.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.


Examples

The following example shows IOS SLB active connection data:

Router# show ip slb conns

vserver          prot   client                real                  state
----------------------------------------------------------------------------
TEST             TCP    10.150.72.183:328   10.80.90.25:80        INIT 
TEST             TCP    10.250.167.226:423    10.80.90.26:80        INIT 
TEST             TCP    10.234.60.239:317     10.80.90.26:80        ESTAB 
TEST             TCP    10.110.233.96:747      10.80.90.26:80        ESTAB 
TEST             TCP    10.162.0.201:770       10.80.90.30:80        CLOSING 
TEST             TCP    10.22.225.219:995      10.80.90.26:80        CLOSING 
TEST             TCP    10.2.170.148:169       10.80.90.30:80        ZOMBIE 

Table 29 describes the significant fields shown in the display.

Table 29 show ip slb conns Field Descriptions 

Field
Description

vserver

Name of the virtual server whose connections are being monitored and displayed. Information about each connection is displayed on a separate line.

prot

Protocol being used by the connection.

client

Client IP address being used by the connection.

real

Real IP address of the connection.

state

Current state of the connection:

CLOSING—IOS SLB TCP connection deactivated (awaiting a delay timeout before cleaning up the connection).

ESTAB—IOS SLB TCP connection processed a SYN-SYN/ACK exchange between the client and server.

FINCLIENT—IOS SLB TCP connection processed a FIN from the client.

FINSERVER—IOS SLB TCP connection processed a FIN from the server.

INIT—Initial state of the IOS SLB TCP connection.

SYNBOTH—IOS SLB TCP connection processed one or more TCP SYNs from both the client and the server.

SYNCLIENT—IOS SLB TCP connection processed one or more client TCP SYNs.

SYNSERVER—IOS SLB TCP connection processed one or more server 1 TCP SYNs.

ZOMBIE—Destruction of the IOS SLB TCP connection failed, possibly because of bound flows. Destruction will proceed when the flows are unbound.


show ip slb dfp

To display DFP manager and agent information such as passwords, timeouts, retry counts, and weights, use the show ip slb dfp privileged EXEC command.

show ip slb dfp [agent ip-address port-number | detail | weights]

Syntax Description

agent

(Optional) Displays information about an agent.

ip-address

(Optional) Agent IP address.

port-number

(Optional) Agent port number.

detail

(Optional) Displays all data available.

weights

(Optional) Displays information about weights assigned to real servers for load balancing.


Defaults

If no options are specified, the command displays summary information.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.


Examples

The following example shows IOS SLB DFP data:

Router# show ip slb dfp detail
DFP Manager
      Current passwd <none> Pending passwd <none>
      Passwd timeout 0 sec
      Unexpected errors 0
% No DFP Agents configured

Table 30 describes the fields shown in the display.

Table 30 show ip slb dfp detail Field Descriptions 

Field
Description

DFP Manager

Indicates that the following information applies to the DFP manager.

Current passwd

Current DFP password for MD5 authentication.

Pending passwd

Pending new DFP password for MD5 authentication.

Passwd timeout

Delay period, in seconds, during which both the current password and the pending password are accepted.

Unexpected errors

Number of unexpected errors encountered by th DFP manager.

No DFP Agents configured

Indicates that there are no DFP agents associated with th DFP manager.


Router# show ip slb dfp weights
Real IP Address 10.0.10.10 Protocol TCP Port 22 Bind_ID 111 Weight 111
      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.17.17.17 Protocol TCP Port www Bind_ID 1 Weight 1
      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.68.68.68 Protocol TCP Port www Bind_ID 4 Weight 4
      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.85.85.85 Protocol TCP Port www Bind_ID 5 Weight 5
      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99

Table 31 describes the fields shown in the display.

Table 31 show ip slb dfp weights Field Descriptions 

Field
Description

Real IP Address

IP address of the real server for which weight is reported.

Protocol

Protocol used for the port.

Port

Port for which the following bind ID is being reported.

Bind_ID

Bind ID of this instance of the real server.

Weight

Weight calculated for the real IP address.

Set by Agent

Agent that set the weight, and the date and time the weight was set.


Router# show ip slb dfp
DFP Manager:
      Current passwd:NONE Pending passwd:NONE
      Passwd timeout:0 sec 

Agent IP          Port    Timeout   Retry Count   Interval
---------------------------------------------------------------
172.16.2.34       61936   0         0             180 (Default)

Table 32 describes the significant fields shown in the display.

Table 32 show ip slb dfp Field Descriptions

Field
Description

Agent IP

IP address of the agent about which information is being displayed.

Port

Port number of the agent.

Timeout

Time period (in seconds) during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout.

Retry Count

Number of times the DFP manager attempts to establish the TCP connection to the DFP agent. A value of 0 means there are infinite retries.

Interval

Interval (in seconds) between retries.


show ip slb reals

To display information about the real servers, use the show ip slb reals privileged EXEC command.

show ip slb reals [vserver virtserver-name] [detail]

Syntax Description

vserver

(Optional) Displays information about only those real servers associated with a particular virtual server.

virtserver-name

(Optional) Name of the virtual server.

detail

(Optional) Displays detailed information.


Defaults

If no options are specified, the command displays information about all real servers.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.


Examples

The following example shows IOS SLB real server data:

Router# show ip slb reals

real             farm name        weight   state           conns
--------------------------------------------------------------------
10.80.2.112      FRAG             8        OUTOFSERVICE    0        
10.80.5.232      FRAG             8        OPERATIONAL     0        
10.80.15.124     FRAG             8        OUTOFSERVICE    0        
10.254.2.2       FRAG             8        OUTOFSERVICE    0        
10.80.15.124     LINUX            8        OPERATIONAL     0        
10.80.15.125     LINUX            8        OPERATIONAL     0        
10.80.15.126     LINUX            8        OPERATIONAL     0        
10.80.90.25      SRE              8        OPERATIONAL     220      
10.80.90.26      SRE              8        OPERATIONAL     216      
10.80.90.27      SRE              8        OPERATIONAL     216      
10.80.90.28      SRE              8        TESTING         1        
10.80.90.29      SRE              8        OPERATIONAL     221      
10.80.90.30      SRE              8        OPERATIONAL     224      
10.80.30.3       TEST             100      READY_TO_TEST   0        
10.80.30.4       TEST             100      READY_TO_TEST   0        
10.80.30.5       TEST             100      READY_TO_TEST   0        
10.80.30.6       TEST             100      READY_TO_TEST   0        

Table 33 describes significant fields shown in the display.

Table 33 show ip slb reals Field Descriptions

Field
Description

real

IP address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line.

server farm

Name of the server farm to which the real server is associated.

weight

Weight assigned to the real server. The weight identifies the capacity of the real server, relative to other real servers in the server farm.

state

Current state of the real server:

DFP_THROTTLED—DFP agent sent a weight of 0 for this real server (send no further connections to this real server).

FAILED—Removed from use by the predictor algorithms; retry timer started.

MAXCONNS—Maximum number of simultaneous active connections reached.

OPERATIONAL—Functioning properly.

OUTOFSERVICE—Removed from the load-balancing predictor lists.

READY_TO_TEST—Queued for testing.

TESTING—Queued for assignment.


show ip slb serverfarms

To display information about the server farms, use the show ip slb serverfarms privileged EXEC command.

show ip slb serverfarms [name serverfarm-name] [detail]

Syntax Description

name

(Optional) Displays information about only a particular server farm.

serverfarm-name

(Optional) Name of the server farm.

detail

(Optional) Displays detailed server farm information.


Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.


Examples

The following example shows IOS SLB server farm data:


router# show ip slb serverfarms

server farm      predictor     reals   bind id
-------------------------------------------------
FRAG             ROUNDROBIN    4       0       
LINUX            ROUNDROBIN    3       0       
SRE              ROUNDROBIN    6       0       
TEST             ROUNDROBIN    4       0       

Table 34 describes the significant fields shown in the display.

Table 34 show ip slb serverfarms Field Descriptions

Field
Description

server farm

Name of the server farm about which information is being displayed. Information about each server farm is displayed on a separate line.

predictor

Type of load-balancing algorithm (ROUNDROBIN or LEASTCONNS) used by the server farm.

reals

Number of real servers configured in the server farm.

bind id

Bind ID configured on the server farm.


show ip slb stats

To display IOS SLB statistics, use the show ip slb stats privileged EXEC command.

show ip slb stats

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.


Examples

The following example shows IOS SLB statistics:

router# show ip slb stats

Pkts via normal switching: 530616
Pkts via special switching:1812710
Connections Created:       783774
Connections Established:   633418
Connections Destroyed:     782752
Connections Reassigned:    0
Zombie Count:              0

Table 35 describes the significant fields shown in the display.

Table 35 show ip slb stats Field Descriptions 

Field
Description

Pkts via normal switching

Number of packets handled by the IOS SLB feature via normal switching since the last time counters were cleared.

Pkts via special switching

Number of packets handled by the IOS SLB feature via special switching since the last time counters were cleared.

Connections Created

Number of connections created since the last time counters were cleared.

Connections Established

Number of connections created that have become established since the last time counters were cleared.

Connections Destroyed

Number of connections destroyed since the last time counters were cleared.

Connections Reassigned

Number of connections reassigned to a different real server since the last time counters were cleared.

Zombie Count

Number of connections currently pending destruction, awaiting a timeout or some other condition to be met.


show ip slb sticky

To display the entries in the IOS SLB sticky database, use the show ip slb sticky privileged EXEC command.

show ip slb sticky [client ip-address]

Syntax Description

client

(Optional) Displays only those sticky database entries associated with a particular client IP address.

ip-address

(Optional) IP address of the client.


Defaults

If no options are specified, the command displays information about all virtual servers.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.


Examples

The following example shows the entries in the IOS SLB sticky database:

router# show ip slb sticky

client            group   real              conns     ftp-cntrl
--------------------------------------------------------------
10.10.2.12        4097      10.10.3.2         1         0 

Table 36 describes the significant fields shown in the display.

Table 36 show ip slb sticky Field Descriptions

Field
Description

client

Client IP address that is bound to this sticky assignment.

group

Group ID for this sticky assignment.

real

Real server used by all clients connecting with the client IP address detailed on this line.

conns

Number of connections currently sharing this sticky assignment.

ftp-cntrl

Number of FTP control connections currently using this sticky assignment.


show ip slb vservers

To display information about the virtual servers, use the show ip slb vservers privileged EXEC command.

show ip slb vservers [name virtserver-name] [detail]

Syntax Description

name

(Optional) Displays information about only this virtual server.

virtserver-name

(Optional) Name of the virtual server.

detail

(Optional) Displays detailed virtual server information.


Defaults

If no options are specified, the command displays information about all virtual servers.

Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.


Examples

The following example shows virtual server data:

router# show ip slb vservers

slb vserver      prot   virtual               state          conns   
---------------------------------------------------------------------
TEST             TCP    10.80.254.3:80        OPERATIONAL    1013    
TEST21           TCP    10.80.254.3:21        OUTOFSERVICE   0       
TEST23           TCP    10.80.254.3:23        OUTOFSERVICE   0       

Table 37 describes the significant fields shown in the display.

Table 37 show ip slb vservers Field Descriptions

Field
Description

slb vserver

Name of the virtual server about which information is being displayed. Information about each virtual server is displayed on a separate line.

prot

Protocol being used by the virtual server detailed on a given line.

virtual

Virtual IP address of the virtual server detailed on a given line.

state

Current state of the virtual server detailed on a given line.

conns

Number of connections associated with the virtual server detailed on a given line.


show ip snat

To display active Stateful Network Address Translation (SNAT) translations, use the show ip snat command in EXEC mode.

show ip snat [distributed [verbose] | peer ip-address]

Syntax Description

distributed

(Optional) Displays information about the distributed NAT, including its peers and status.

verbose

(Optional) Displays additional information for each translation table entry, including how long ago the entry was created and used.

peer ip-address

(Optional) Displays TCP connection information between peer routers.


Command Modes

EXEC

Command History

Release
Modification

12.2(13)T

This command was introduced.


Examples

The following is sample output from the show ip snat distributed for stateful NAT connected peers:

Router# show ip snat distributed

Stateful NAT Connected Peers

SNAT: Mode PRIMARY
:State READY
:Local Address 192.168.123.2
:Local NAT id 100
:Peer Address 192.168.123.3
:Peer NAT id 200
:Mapping List 10


The following is sample output from the show ip snat distributed verbose command for 
stateful NAT connected peers:

SNAT: Mode PRIMARY
Stateful NAT Connected Peers

:State READY
:Local Address 192.168.123.2
:Local NAT id 100
:Peer Address 192.168.123.3
:Peer NAT id 200
:Mapping List 10
:InMsgs 7, OutMsgs 7, tcb 0x63EBA408, listener 0x0

show ip sockets

To display IP socket information, use the show ip sockets command in user EXEC or privileged EXEC mode.

show ip sockets

Syntax Description

This command has no keywords or arguments.

Defaults

No default behavior or values.

Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

10.0 T

This command was introduced.


Usage Guidelines

Use this command to verify that the socket being used is opening correctly. If there is a local and remote endpoint, a connection is established with the ports indicated.

Examples

The following is sample output from the show ip sockets command:

Router# show ip sockets

Proto    Remote         Port      Local           Port  In Out Stat TTY OutputIF
 17      10.0.0.0         0       172.16.186.193  67    0   0    1   0
 17      172.68.191.135   514     172.16.191.129  1811  0   0    0   0
 17      172.16.135.20    514     172.16.191.1    4125  0   0    0   0
 17      172.16.207.163   49      172.16.186.193  49    0   0    9   0
 17      10.0.0.0         123     172.16.186.193  123   0   0    1   0
 88      10.0.0.0         0       172.16.186.193  202   0   0    0   0
 17      172.16.96.59     32856   172.16.191.1    161   0   0    1   0
 17     --listen--             --any--        496  0    0   1    0

Table 38 describes the significant fields shown in the display.

Table 38 show ip sockets Field Descriptions 

Field
Description

Proto

Protocol number. For example, 17 is UDP, and 88 is EIGRP.

Remote

Remote address connected to this networking device. If the remote address is considered illegal, "--listen--" is displayed.

Port

Remote port. If the remote address is considered illegal, "--listen--" is displayed.

Local

Local address. If the local address is considered illegal or is the address 0.0.0.0, "--any--" displays.

Port

Local port.

In

Input queue size.

Out

Output queue size.

Stat

Various statistics for a socket.

TTY

The tty number for the creator of this socket.

OutputIF

Output IF string, if one exists.


show ip tcp header-compression

To display statistics about TCP header compression, use the show ip tcp header-compression command in user EXEC or privileged EXEC mode.

show ip tcp header-compression

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

10.0

This command was introduced.


Examples

The following is sample output from the show ip tcp header-compression command:

Router# show ip tcp header-compression

TCP/IP header compression statistics:
  Interface Serial1: (passive, compressing)
    Rcvd:	    4060 total, 2891 compressed, 0 errors
             	0 dropped, 1 buffer copies, 0 buffer failures
    Sent:	    4284 total, 3224 compressed,
	             105295 bytes saved, 661973 bytes sent
             	1.15 efficiency improvement factor
    Connect:	 16 slots, 1543 long searches, 2 misses, 99% hit ratio
             	Five minute miss rate 0 misses/sec, 0 max misses/sec

Table 39 describes significant fields shown in the display.

Table 39 show ip tcp header-compression Field Descriptions 

Field
Description
Rcvd:
 

 total

Total number of TCP packets received.

 compressed

Total number of TCP packets compressed.

 errors

Unknown packets.

 dropped

Number of packets dropped due to invalid compression.

 buffer copies

Number of packets that needed to be copied into bigger buffers for decompression.

 buffer failures

Number of packets dropped due to a lack of buffers.

Sent:
 

 total

Total number of TCP packets sent.

 compressed

Total number of TCP packets compressed.

 bytes saved

Number of bytes reduced.

 bytes sent

Number of bytes sent.

 efficiency improvement  factor

Improvement in line efficiency because of TCP header compression.

Connect:

 

 slots

Size of the cache.

 long searches

Indicates the number of times the software needed to look to find a match.

 misses

Indicates the number of times a match could not be made. If your output shows a large miss rate, then the number of allowable simultaneous compression connections may be too low.

 hit ratio

Percentage of times the software found a match and was able to compress the header.

 Five minute miss rate

Calculates the miss rate over the previous 5 minutes for a longer-term (and more accurate) look at miss rate trends.

max misses/sec

Maximum value of the previous field.


Related Commands

Command
Description

ip tcp header-compression

Enables TCP header compression.


show ip traffic

To display statistics about IP traffic, use the show ip traffic command in user EXEC or privileged EXEC mode.

show ip traffic

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

10.0

This command was introduced.

12.2

The output was enhanced to displays the number of keepalive, open, update, route-refresh request, and notification messages that have been received and sent by a Border Gateway Protocol (BGP) routing process.


Examples

The following is sample output from the show ip traffic command:

Router# show ip traffic 

IP statistics:
  Rcvd:  2961 total, 2952 local destination
         0 format errors, 0 checksum errors, 0 bad hop count
         0 unknown protocol, 9 not a gateway
         0 security failures, 0 bad options, 0 with options
  Opts:  0 end, 0 nop, 0 basic security, 0 loose source route
         0 timestamp, 0 extended security, 0 record route
         0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump
         0 other
  Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble
         0 fragmented, 0 fragments, 0 couldn't fragment
  Bcast: 9 received, 36 sent
  Mcast: 2294 received, 2293 sent
  Sent:  2935 generated, 0 forwarded
  Drop:  1 encapsulation failed, 0 unresolved, 0 no adjacency
         0 no route, 0 unicast RPF, 0 forced drop
         0 options denied
  Drop:  0 packets with source IP address zero
  Drop:  0 packets with internal loop back IP address

ICMP statistics:
  Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable
        0 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench
        0 parameter, 0 timestamp, 0 info request, 0 other
        0 irdp solicitations, 0 irdp advertisements
  Sent: 0 redirects, 0 unreachable, 0 echo, 0 echo reply
        0 mask requests, 0 mask replies, 0 quench, 0 timestamp
        0 info reply, 0 time exceeded, 0 parameter problem
        0 irdp solicitations, 0 irdp advertisements

UDP statistics:
  Rcvd: 0 total, 0 checksum errors, 0 no port
  Sent: 36 total, 0 forwarded broadcasts

TCP statistics:
  Rcvd: 654 total, 0 checksum errors, 0 no port
  Sent: 603 total

BGP statistics:
  Rcvd: 288 total, 8 opens, 0 notifications, 0 updates
        280 keepalives, 0 route-refresh, 0 unrecognized
  Sent: 288 total, 8 opens, 0 notifications, 0 updates
        280 keepalives, 0 route-refresh

OSPF statistics:
  Rcvd: 0 total, 0 checksum errors
        0 hello, 0 database desc, 0 link state req
        0 link state updates, 0 link state acks

  Sent: 0 total
        0 hello, 0 database desc, 0 link state req
        0 link state updates, 0 link state acks

IP-EIGRP statistics:
  Rcvd: 2303 total
  Sent: 2301 total

PIMv2 statistics: Sent/Received
  Total: 0/0, 0 checksum errors, 0 format errors
  Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0,  Hellos: 0/0
  Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0
  Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0
  Queue drops: 0
  State-Refresh: 0/0

IGMP statistics: Sent/Received
  Total: 0/0, Format errors: 0/0, Checksum errors: 0/0
  Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0 
  DVMRP: 0/0, PIM: 0/0
  Queue drops: 0

ARP statistics:
  Rcvd: 2 requests, 5 replies, 0 reverse, 0 other
  Sent: 1 requests, 3 replies (0 proxy), 0 reverse

Table 40 describes the significant fields shown in the display.

Table 40 show ip traffic Field Descriptions 

Field
Description

IP statistics

Heading for IP statistics fields.

Total

Total number of packets.

Rcvd

Total received, and total destined for this device.

format errors

Indicates a gross error in the packet format, such as an impossible Internet header length.

checksum errors

Indicates that the packet has a bad checksum value in the header.

bad hop count

Occurs when a packet is discarded because its time-to-live (TTL) field was decremented to zero.

unknown protocol

Indicates that the packet contains an unknown protocol value or type.

not a gateway

Non-routed packet.

security failures

Packets that with incorrect security values in the IP packet header.

bad options

Packets with incorrect options in the IP packet header.

with options

Packets with options configured in the IP packet header.

Opts

Field for IP packet options.

Frags

Field for packet fragmentation statistics.

Bcast

Field for broadcast packet statistics.

Mcast

Field for multicast packet statistics.

Sent

Field for transmitted packet statistics.

Drop

Field for dropped packet statistics.

encapsulation failed

Usually indicates that the router had no ARP request entry and therefore did not send a datagram.

no route

Counted when the Cisco IOS software discards a datagram it did not know how to route.

ICMP statistics

Heading for ICMP statistics.

UDP statistics

Field for UDP packet statistics.

TCP

Field for TCP packet statistics.

BGP

Field for BGP packet statistics.

OSPF

Field for OSPF packet statistics.

IP-EIGRP

Field for EIGRP packet statistics.

PIMv2

Field for PIM statistics.

IGMP

Field for IGMP statistics.

ARP

Field for ARP statistics.


show ip wccp

To display global statistics related to Web Cache Communication Protocol (WCCP), use the show ip wccp command in privileged EXEC mode.

show ip wccp [service-number | web-cache] [detail | view]

Syntax Description

service-number

(Optional) Identification number of the web-cache service group being controlled by the cache. The number can be from 0 to 256. For web caches using Cisco Cache Engines, the reverse proxy service is indicated by a value of 99.

web-cache

(Optional) Statistics for the web-cache service.

detail

(Optional) Information about the router and all web caches.

view

(Optional) Other members of a particular service group have or have not been detected.


Command Modes

Privileged EXEC

Command History

Release
Modification

11.1CA

This command was introduced for Cisco 7200 and 7500 platforms.

11.2P

Support for this command was added to a variety of Cisco platforms.

12.0(3)T

The detail and view keywords were added.

12.3(7)T

The output was enhanced to display the bypass counters (process, fast, and Cisco Express Forwarding) when WCCP is enabled.

12.2(14)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2(17d)SXB

Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.3(14)T

The output was enhanced to display the maximum number of service groups.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.


Usage Guidelines

Use the clear ip wccp command to reset the counter for the "Packets Redirected" information.

Use the show ip wccp service-number command to provide the "Total Packets Redirected" count. The "Total Packets Redirected" count is the number of flows, or sessions, that are redirected.

Use the show ip wccp service-number detail command to provide the "Packets Redirected" count. The "Packets Redirected" count is the number of flows, or sessions, that are redirected.

Use the show ip wccp web-cache detail command to provide an indication of how many flows, rather than packets, are using Layer 2 redirection.

For cache-engine clusters using Cisco cache engines, the reverse proxy service-number is indicated by a value of 99.

For additional information on the IP WCCP commands, refer to the "Configuring Web Cache Services Using WCCP" section in the Cisco IOS Configuration Fundamentals Configuration Guide.

Examples

This section contains examples and field descriptions for the following forms of this command:

show ip wccp web-cache

show ip wccp service-number view

show ip wccp service-number detail

show ip wccp web-cache detail

show ip wccp web-cache detail (bypass counters displayed)

show ip wccp web-cache

The following is sample output from the show ip wccp web-cache command:

Router# show ip wccp web-cache

Global WCCP Information:
 Service Name: web-cache:
 Number of Cache Engines:	1
 Number of Routers:	1
 Total Packets Redirected:	213
 Redirect access-list:	no_linux
 Total Packets Denied Redirect:	88
 Total Packets Unassigned:	-none-
 Group access-list:	0
 Total Messages Denied to Group:	0
 Total Authentication failures:	0

Table 41 describes the significant fields shown in the display.

Table 41 show ip wccp web-cache Field Descriptions 

Field
Description

Service Name

Indicates which service is detailed.

Number of Cache Engines

Number of Cisco cache engines using the router as their home router.

Number of Routers

The number of routers in the service group.

Total Packets Redirected

Total number of packets redirected by the router.

Redirect access-list

The name or number of the access list that determines which packets will be redirected.

Total Packets Denied Redirect

Total number of packets that were not redirected because they did not match the access list.

Total Packets Unassigned

Number of packets that were not redirected because they were not assigned to any cache engine. Packets may not be assigned during initial discovery of cache engines or when a cache is dropped from a cluster.

Group access-list

Indicates which cache engine is allowed to connect to the router.

Total Messages Denied to Group

Indicates the number of packets denied by the group-list access list.

Total Authentication failures

The number of instances where a password did not match.


show ip wccp service-number view

The following is sample output from the show ip wccp 1 view command:

Router# show ip wccp 1 view

WCCP Router Informed of:
 10.168.88.10
 10.168.88.20

WCCP Cache Engines Visible
 10.168.88.11
 10.168.88.12

WCCP Cache Engines Not Visible:
 -none-

Note The number of maximum service groups that can be configured is 256.


If any web cache is displayed under the WCCP Cache Engines Not Visible field, the router needs to be reconfigured to map the web cache that is not visible to it.

Table 42describes the significant fields shown in the display.

Table 42 show ip wccp service-number view Field Descriptions

Field
Description

WCCP Router Informed of

A list of routers detected by the current router.

WCCP Clients Visible

A list of clients that are visible to the router and other clients in the service group.

WCCP Clients Not Visible

A list of clients in the service group that are not visible to the router and other clients in the service group.


show ip wccp service-number detail

The following example displays WCCP client information and WCCP router statistics that include the type of services:

Router# show ip wccp 91 detail

WCCP Client information:
 WCCP Client ID: 10.1.1.14
 Protocol Version: 2.0
 State: Usable
 Redirection: GRE
 Packet Return: GRE
 Assignment: HASH
 Initial Hash Info: 0000000000000000000000000000000000000000000000000000000000000000
 Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
 Hash Allotment: 256 (100.00%)
 Packets Redirected: 0
 Connect Time: 00:01:56
 Bypassed Packets
 Process: 0
 CEF: 0

show ip wccp web-cache detail

The following example displays web-cache engine information and WCCP router statistics for a particular service group:

Router# show ip wccp web-cache detail

WCCP Router information:
 IP Address	10.168.88.10
 Protocol Version:	2.0

WCCP Client Information
 IP Address:	10.168.88.11
 Protocol Version:	2.0
 State:	Usable
 Initial Hash Info:	AAAAAAAAAAAAAAAAAAAAAAAAAA
	AAAAAAAAAAAAAAAAAAAAAAAAAA
 Assigned Hash Info:	FFFFFFFFFFFFFFFFFFFFFFFFFF
	FFFFFFFFFFFFFFFFFFFFFFFFFF
 Hash Allotment:	256 (100.00%)
 Packets Redirected:	21345
 Connect Time:	00:13:46

Table 43 describes the significant fields shown in the display.

Table 43 show ip wccp web-cache detail Field Descriptions 

Field
Description

WCCP Router information

The header for the area that contains fields for the IP address and version of WCCP associated with the router connected to the cache engine in the service group.

IP Address

The IP address of the router connected to the cache engine in the service group.

Protocol Version

The version of WCCP being used by the router in the service group.

WCCP Client Information

The header for the area that contains fields for information on clients.

IP Address

The IP address of the cache engine in the service group.

Protocol Version

The version of WCCP being used by the cache engine in the service group.

State

Indicates whether the cache engine is operating properly and can be contacted by a router and other cache engines in the service group.

Initial Hash Info

The initial state of the hash bucket assignment. The values show the state of each of the 256 hash buckets. Hexadecimal digits are used as shorthand for binary numbers with F representing 1111, four bits set to one. If a set of four bits is F, then that hash bucket is allocated to the client with the displayed ID. If a set of bits is 0, then it is not allocated to the client with the displayed ID.

Assigned Hash Info

The current state of the hash bucket assignment. The values show the state of each of the 256 hash buckets. If F is displayed, then that hash bucket is allocated to the client with the displayed ID. If a bit is 0 then it is not allocated to the client with the displayed ID. In this output all the bits in the assigned field are F, indicating that all traffic goes to that client. All 1's in the assigned field indicates there is only one client in the service group. If there were two clients in the group, half of the bits would have a value of F and the other half would have a value of 0 for each client, indicating that redirected traffic is divided equally between the two clients.

Hash Allotment

The percent of buckets assigned to the current cache engine. Both a value and a percent figure are displayed.

Packets Redirected

The number of packets that have been redirected to the cache engine.

Connect Time

The amount of time the cache engine has been connected to the router.


show ip wccp web-cache detail (Bypass Counters)

The following example displays web-cache engine information and WCCP router statistics that include the bypass counters:

Router# show ip wccp web-cache detail

WCCP Router information:
 IP Address:	10.168.88.10
 Protocol Version:	2.0

WCCP Client Information
 IP Address:	10.168.88.11
 Protocol Version:	2.0
 State:	Usable
 Initial Hash Info:	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 Assigned Hash Info:	FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
 Hash Allotment:	256 (100.00%)
 Packets Redirected:	21345
 Connect Time:	00:13:46
Bypassed Packets
 Process:             0
 Fast:                0
 CEF:                 250

Table 44 describes the significant fields shown in the display.

Table 44 show ip wccp web-cache detail Field Descriptions 

Field
Description

WCCP Router information

The header for the area that contains fields for the IP address and the version of WCCP associated with the router connected to the cache engine in the service group.

IP Address

The IP address of the router connected to the cache engine in the service group.

Protocol Version

The version of WCCP that is being used by the router in the service group.

WCCP Client Information

The header for the area that contains fields for information on clients.

IP Address

The IP address of the cache engine in the service group.

Protocol Version

The version of WCCP that is being used by the cache engine in the service group.

State

Indicates whether the cache engine is operating properly and can be contacted by a router and other cache engines in the service group.

Initial Hash Info

The initial state of the hash bucket assignment.

Assigned Hash Info

The current state of the hash bucket assignment.

Hash Allotment

The percent of buckets assigned to the current cache engine. Both a value and a percent figure are displayed.

Packets Redirected

The number of packets that have been redirected to the cache engine.

Connect Time

The amount of time the cache engine has been connected to the router.

Bypassed Packets

The number of packets that have been bypassed. Process, fast, and Cisco Express Forwarding (CEF) are switching paths within Cisco IOS software.


Related Commands

Command
Description

clear ip wccp

Clears the counter for packets redirected using WCCP.

ip wccp

Enables WCCP on a router and specifies the type of services to be used.

ip wccp redirect

Enables packet redirection on an outbound or inbound interface using WCCP.

ip wccp web-cache accelerated

Enables the hardware acceleration for WCCP version 1.

show ip interface

Lists a summary of the IP information and status of an interface.


show ip wccp web-caches

The show ip wccp web-caches command has been replaced by the show ip wccp web-cache detail command. See the description of the show ip wccp command in this book for more information.

Command History

Release
Modification

11.2P, 11.1CA, 12.0

This command was introduced.

12.1

This command was replaced by the show ip wccp command.


show standby

To display Hot Standby Router Protocol (HSRP) information, use the show standby command in user EXEC or privileged EXEC mode.

show standby [type number [group]] [all | brief]

Syntax Description

type number

(Optional) Interface type and number for which output is displayed.

group

(Optional) Group number on the interface for which output is displayed.

all

(Optional) Displays information for groups that are learned or who do not have the standby ip command configured.

brief

(Optional) A single line of output summarizes each standby group.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

10.0

This command was introduced.

12.2(8)T

The output for the command was made clearer and easier to understand.


Usage Guidelines

To specify a group, you must specify an interface type and number.

Examples

The following is sample output from the show standby command:

Router# show standby

Ethernet0/1 - Group 1
  State is Active
    2 state changes, last state change 00:30:59
  Virtual IP address is 10.1.0.20
    Secondary virtual IP address 10.1.0.21
  Active virtual MAC address is 0004.4d82.7981
    Local virtual MAC address is 0004.4d82.7981 (bia)
  Hello time 4 sec, hold time 12 sec
    Next hello sent in 1.412 secs
  Preemption enabled, min delay 50 sec, sync delay 40 sec
  Active router is local
  Standby router is 10.1.0.6, priority 75 (expires in 9.184 sec)
  Priority 95 (configured 120)
    Tracking 2 objects, 0 up
      Down Interface Ethernet0/2, pri 15
      Down Interface Ethernet0/3
  IP redundancy name is "HSRP1", advertisement interval is 34 sec

The following is sample output from the show standby command with the brief keyword specified:

Router# show standby brief

Interface   Grp Prio P State    Active addr     Standby addr    Group addr     
Et0         0   120    Init     10.0.0.1        unknown         10.0.0.12 

Table 45 describes the significant fields shown in the displays.

Table 45 show standby Field Descriptions 

Field
Description

Ethernet - Group

Interface type and number and Hot Standby group number for the interface.

State is

State of local router; can be one of the following:

Active—Indicates the current Hot Standby router.

Standby—Indicates the router next in line to be the Hot Standby router.

Speak—Router is sending packets to claim the active or standby role.

Listen—Router is neither in the active nor standby state, but if no messages are received from the active or standby router, it will start to speak.

Init or Disabled—Router is not yet ready or able to participate in HSRP, possibly because the associated interface is not up. HSRP groups configured on other routers on the network that are learned via snooping are displayed as being in the Init state. Locally configured groups with an interface that is down or groups without a specified interface IP address appear in the Init state. For these cases, the Active addr and Standby addr fields will show "unknown." The state is listed as disabled in the fields when the standby ip command has not been specified.

Virtual IP address is, secondary virtual IP addresses

All secondary virtual IP addresses are listed on separate lines. If one of the virtual IP addresses is a duplicate of an address configured for another device, it will be marked as "duplicate." A duplicate address indicates that the router has failed to defend its ARP (Address Resolution Protocol) cache entry.

Active virtual MAC address

Virtual MAC address being used by the current active router.

Local virtual MAC address

Virtual MAC address that would be used if this router became the active router. The origin of this address (displayed in parentheses) can be "default," "bia," (burned-in address) or "confgd" (configured).

Hello time, hold time

The hello time is the time between hello packets (in seconds) based on the command. The holdtime is the time (in seconds) before other routers declare the active or standby router to be down, based on the standby timers command. All routers in an HSRP group use the hello and hold- time values of the current active router. If the locally configured values are different, the variance appears in parentheses after the hello time and hold-time values.

Next hello sent in ...

Time in which the Cisco IOS software will send the next hello packet (in hours:minutes:seconds).

Preemption enabled, sync delay

Indicates whether preemption is enabled. If enabled, the minimum delay is the time a higher-priority nonactive router will wait before preempting the lower-priority active router. The sync delay is the maximum time a group will wait to synchronize with the IP redundancy clients.

Active router is

Value can be "local," "unknown," or an IP address. Address (and the expiration date of the address) of the current active Hot Standby router.

Standby router is

Value can be "local," "unknown," or an IP address. Address (and the expiration date of the address) of the "standby" router (the router that is next in line to be the Hot Standby router).

expires in

Time (in hours:minutes:seconds) in which the standby router will no longer be the standby router if the local router receives no hello packets from it.

Tracking

List of interfaces that are being tracked and their corresponding states. Based on the standby track command.

IP redundancy name is

The name of the HSRP group.

P

Indicates that the router is configured to preempt.


Related Commands

Command
Description

standby authentication

Configures an authentication string for the HSRP.

standby ip

Activates the HSRP.

standby mac-address

Specifies the virtual MAC address for the virtual router.

standby mac-refresh

Refreshes the MAC cache on the switch by periodically sending packets from the virtual MAC address.

standby preempt

Configures HSRP preemption and preemption delay.

standby priority

Configures Hot Standby priority of potential standby routers.

standby timers

Configures the time between hello messages and the time before other routers declare the active Hot Standby or standby router to be down.

standby track

Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.

standby use-bias

Configures HSRP to use the BIA of the interface as its virtual MAC address, instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring).


show standby capability

To display the limitation on how many virtual MAC addresses that some interfaces can listen to, use the show standby capability command in user EXEC or privileged EXEC mode.

show standby capability [type number]

Syntax Description

type number

(Optional) Interface type and number for which output is displayed.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

12.2

This command was introduced.


Usage Guidelines

HSRP allows up to 256 groups to be configured on each interface, but it is possible that the MAC address filter of the interface does not support that many entries. For example, Versatile Interface Processor (VIP) interfaces only support 32 MAC addresses in their MAC address filter. If more HSRP groups are created than there are address filter entries, then it is likely that the router will stop listening to packets sent to the MAC address of an active HSRP group.

Examples

The following is sample output from the show standby capability command:

Router# show standby capability
7206VXR * indicates hardware may support HSRP
                                               |
Interface          Type                       H  Potential Max Groups
FastEthernet0/0    18  DEC21140A              *  256  (0x60194B00, 
0x60194BE8)
FastEthernet1/0    18  DEC21140A              *  256  (0x60194B00, 
0x60194BE8)
Ethernet2/0        61  AmdP2                  *  256  (0x601A252C, 
0x601A25E4)
Ethernet2/1        61  AmdP2                  *  256  (0x601A252C, 
0x601A25E4)
Ethernet2/2        61  AmdP2                  *  256  (0x601A252C, 
0x601A25E4)
Ethernet2/3        61  AmdP2                  *  256  (0x601A252C, 
0x601A25E4)
Ethernet2/4        61  AmdP2                  *  256  (0x601A252C, 
0x601A25E4)
Ethernet2/5        61  AmdP2                  *  256  (0x601A252C, 
0x601A25E4)
Ethernet2/6        61  AmdP2                  *  256  (0x601A252C, 
0x601A25E4)
Ethernet2/7        61  AmdP2                  *  256  (0x601A252C, 
0x601A25E4)
ATM3/0             74  ENHANCED ATM PA        *  256  LAN emulation
TokenRing4/0       66  HAWKEYE                *  3    HSRP TR functional 
addresses (0x6076A590)
TokenRing4/1       66  HAWKEYE                *  3    HSRP TR functional 
addresses (0x6076A590)
TokenRing4/2       66  HAWKEYE                *  3    HSRP TR functional 
addresses (0x6076A590)
TokenRing4/3       66  HAWKEYE                *  3    HSRP TR functional 
addresses (0x6076A590)
Serial5/0          67  M4T                       -
Serial5/1          67  M4T                       -
Serial5/2          67  M4T                       -
Serial5/3          67  M4T                       -
FastEthernet6/0    18  DEC21140A              *  256  (0x60194B00, 
0x60194BE8)
VoIP-Null0	         102 VoIP-Null                 -

Table 46 describes the significant fields in the display.

Table 46 show standby capability Field Descriptions

Field
Description

Interface

Interface type and number for the interface.

Type

Hardware type.

*

Indicates hardware may support HSRP.

Potential Max Groups

An estimate of the number of HSRP groups that a MAC address filter can process for an interface.


show standby delay

To display Hot Standby Router Protocol (HSRP) information about delay periods, use the show standby delay command in user EXEC or privileged EXEC mode.

show standby delay [type number]

Syntax Description

type number

(Optional) Interface type and number for which output is displayed.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

12.2

This command was introduced.


Examples

The following is sample output from the show standby delay command:

Router# show standby delay

 Interface          Minimum Reload 
 Ethernet0/3        1       5 

Related Commands

Command
Description

standby delay minimum reload

Delays the initialization of HSRP groups.


show standby internal

To display internal flags and conditions, use the show standby internal command in user EXEC or privileged EXEC mode.

show standby internal [type number]

Syntax Description

type number

(Optional) Interface type and number for which output is displayed.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

12.2

This command was introduced.


Examples

This example shows a configuration example and the output from the show standby internal command for the configuration:

interface Ethernet2/0
 ip address 10.0.0.254 255.255.0.0
 standby use-bia
 standby version 2
 standby 1 ip 10.0.0.1
 standby 1 timers 2 6
 standby 1 priority 110
 standby 1 preempt

Router# show standby internal

Global           Confg: 0000
Et2/0 If hw      AmdP2, State 0x210040
Et2/0 If hw      Confg: 0001, USEBIA
Et2/0 If hw      Flags: 0000
Et2/0 If sw      Confg: 0040, VERSION
Et2/0 If sw      Flags: 0001, USEBIA
Et2/0 Grp 1      Confg: 0072, IP_PRI, PRIORITY, PREEMPT, TIMERS
Et2/0 Grp 1      Flags: 0000

The above output shows internal flags and hardware and software information for Ethernet interface 2/0. The output shows that HSRP group 1 is configured for priority, preemption, and the standby timers and standby-use bia commands have been configured.

Related Commands

Command
Description

show standby

Displays HSRP information.


show standby redirect

To display Internet Control Message Protocol (ICMP) redirect information on interfaces configured with the Hot Standby Router Protocol (HSRP), use the show standby redirect command in user EXEC or privileged EXEC mode.

show standby redirect [ip-address | interface-type interface-number [active | passive | timers]]

Syntax Description

ip-address

(Optional) Router IP address.

interface-type interface-number

(Optional) Interface type and number for which output is displayed.

active

(Optional) Active HSRP routers on the subnet.

passive

(Optional) Passive HSRP routers on the subnet.

timers

(Optional) HSRP ICMP redirect timers.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

12.2

This command was introduced.


Examples

The following is sample output from the show standby redirect command with no optional keywords:

Router# show standby redirect 

Interface          Redirects Unknown   Adv      Holddown
Ethernet0/2        enabled   enabled   30       180     
Ethernet0/3        enabled   disabled  30       180     

Active          Hits   Interface          Group Virtual IP      Virtual MAC   
10.19.0.7       0      Ethernet0/2        3     10.19.0.13      0000.0c07.ac03
local           0      Ethernet0/3        1     10.20.0.11      0000.0c07.ac01
local           0      Ethernet0/3        2     10.20.0.12      0000.0c07.ac02

Passive         Hits   Interface          Expires in
10.19.0.6       0      Ethernet0/2        151.800   

Table 47 describes the significant fields in the display.

Table 47 show standby redirect Field Descriptions

Field
Description

Interface

Interface type and number for the interface.

Redirects

Indicates whether redirects are enabled or disabled on the interface.

Unknown

Indicates whether redirects to an unknown router are enabled or disabled on the interface.

Adv

Number indicating the passive router advertisement interval in seconds.

Holddown

Number indicating the passive router hold interval in seconds.

Active

Active HSRP routers on the subnet.

Hits

Number of address translations required for ICMP information.

Interface

Interface type and number for the interface on the active router.

Group

Hot standby group number.

Virtual IP

Virtual IP address of the active HSRP router.

Virtual MAC

Virtual MAC address of the active HSRP router.

Passive

Passive HSRP routers on the subnet.

Hits

Number of address translations required for ICMP information.

Interface

Interface type and number for the interface on the passive router.

Expires in

Time in seconds for a virtual IP to expire and the holddown time to apply for filtering routes to the standby router.


The following is sample output from the show standby redirect command with a specific interface Ethernet 0/3:

Router# show standby redirect e0/3

Interface          Redirects Unknown   Adv      Holddown
Ethernet0/3        enabled   disabled  30       180     

Active          Hits   Interface          Group Virtual IP      Virtual MAC   
local           0      Ethernet0/3        1     10.20.0.11      0000.0c07.ac01
local           0      Ethernet0/3        2     10.20.0.12      0000.0c07.ac02

The following is sample output from the show standby redirect command showing all active routers on interface Ethernet 0/3:

Router# show standby redirect e0/3 active 

Active          Hits   Interface          Group Virtual IP      Virtual MAC   
local           0      Ethernet0/3        1     10.20.0.11      0000.0c07.ac01
local           0      Ethernet0/3        2     10.20.0.12      0000.0c07.ac02


The following is sample output from the show standby redirect ip-address command, where the IP address is the real IP address of the router:

Router# show standby redirect 10.19.0.7 

Active          Hits   Interface          Group Virtual IP      Virtual MAC   
10.19.0.7       0      Ethernet0/2        3     10.19.0.13      0000.0c07.ac03

Related Commands

Command
Description

show standby

Displays the HSRP information.

standby redirects

Enables ICMP redirect messages to be sent when HSRP is configured on an interface.


show tcp statistics

To display TCP statistics, use the show tcp statistics command in user EXEC or privileged EXEC mode.

show tcp statistics

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

11.3

This command was introduced.


Examples

The following is sample output from the show tcp statistics command:

Router# show tcp statistics

Rcvd: 210 Total, 0 no port
      0 checksum error, 0 bad offset, 0 too short
      132 packets (26640 bytes) in sequence
      5 dup packets (502 bytes)
      0 partially dup packets (0 bytes)
      0 out-of-order packets (0 bytes)
      0 packets (0 bytes) with data after window
      0 packets after close
      0 window probe packets, 0 window update packets
      0 dup ack packets, 0 ack packets with unsend data
      69 ack packets (3044 bytes)
Sent: 175 Total, 0 urgent packets
      16 control packets (including 1 retransmitted)
      69 data packets (3029 bytes)
      0 data packets (0 bytes) retransmitted
      73 ack only packets (49 delayed)
      0 window probe packets, 17 window update packets
7 Connections initiated, 1 connections accepted, 8 connections established
8 Connections closed (including 0 dropped, 0 embryonic dropped)
1 Total rxmt timeout, 0 connections dropped in rxmt timeout
0 Keepalive timeout, 0 keepalive probe, 0 Connections dropped in keepalive

Table 48 describes the significant fields shown in the display.

Table 48 show tcp statistics Field Descriptions 

Field
Description

Rcvd:

Statistics in this section refer to packets received by the router.

  Total

Total number of TCP packets received.

  no port

Number of packets received with no port.

  checksum error

Number of packets received with checksum error.

  bad offset

Number of packets received with bad offset to data.

  too short

Number of packets received that were too short.

  packets in sequence

Number of data packets received in sequence.

  dup packets

Number of duplicate packets received.

  partially dup packets

Number of packets received with partially duplicated data.

  out-of-order packets

Number of packets received out of order.

  packets with data after window

Number of packets received with data that exceeded the window size of the receiver.

  packets after close

Number of packets received after the connection was closed.

  window probe packets

Number of window probe packets received.

  window update packets

Number of window update packets received.

  dup ack packets

Number of duplicate acknowledgment packets received.

  ack packets with unsend data

Number of acknowledgment packets received with unsent data.

  ack packets

Number of acknowledgment packets received.

Sent:

Statistics in this section refer to packets sent by the router.

  Total

Total number of TCP packets sent.

  urgent packets

Number of urgent packets sent.

  control packets

Number of control packets (SYN, FIN, or RST) sent.

  data packets

Number of data packets sent.

  data packets retransmitted

Number of data packets re-sent.

  ack only packets

Number of packets sent that are acknowledgments only.

  window probe packets

Number of window probe packets sent.

  window update packets

Number of window update packets sent.

Connections initiated

Number of connections initiated.

connections accepted

Number of connections accepted.

connections established

Number of connections established.

Connections closed

Number of connections closed.

Total rxmt timeout

Number of times the router tried to resend, but timed out.

connections dropped in rxmit timeout

Number of connections dropped in the resend timeout.

Keepalive timeout

Number of keepalive packets in the timeout.

keepalive probe

Number of keepalive probes.

Connections dropped in keepalive

Number of connections dropped in the keepalive.


Related Commands

Command
Description

clear tcp statistics

Clears TCP statistics.


show time-range ipc

To display the statistics about the time-range interprocess communications (IPC) messages between the Route Processor and line card, use the show time-range ipc command in user EXEC or privileged EXEC mode.

show time-range ipc

Syntax Description

This command has no argument or keywords.

Defaults

No default behavior or values.

Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

12.2(2)T

This command was introduced.


Usage Guidelines

The debug time-range ipc EXEC command must be enabled for the show time-range ipc command to display the time-range IPC message statistics.

Examples

The following is sample output from the show time-range ipc command:

Router# show time-range ipc

RP Time range Updates Sent  :3
RP Time range Deletes Sent  :2 

The display lists the number of time-range updates and time-range deletes sent by the Route Processor.

Related Commands

Command
Description

clear time-range ipc

Clears the time-range IPC message statistics and counters between the Route Processor and the line card.

debug time-range ipc

Enables debugging output for monitoring the time-range IPC messages between the Route Processor and the line card.


show track

To display tracking information, use the show track command in user EXEC or privileged EXEC mode.

show track [object-number] [brief | interface | ip | resolution | timers]

Syntax Description

object-number

(Optional) Object number in the range from 1 to 500 representing the object to be tracked.

brief

(Optional) Displays a single line of brief output.

interface

(Optional) Displays tracked interface objects.

ip

(Optional) Displays tracked IP route objects.

resolution

(Optional) Displays resolution of tracked parameters.

timers

(Optional) Displays polling interval timers.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

12.2(15)T

This command was introduced.


Usage Guidelines

Use this command to display information about objects that are tracked by the tracking process.

Examples

The following example shows information about the state of IP routing on the interface being tracked:

Router# show track 1

Track 1
   Interface Ethernet0/2 ip routing
   IP routing is Down (no IP addr)
   1 change, last change 00:01:08
   Tracked by:
     HSRP Ethernet0/3 1

The following example shows information about the line-protocol state on the interface being tracked:

Router# show track 1

Track 1
   Interface Ethernet0/1 line-protocol
   Line protocol is Up
   1 change, last change 00:00:05
   Tracked by:
     HSRP Ethernet0/3 1

The following example shows information about the reachability of a route being tracked:

Router# show track 1

Track 1
   IP route 10.16.0.0 255.255.0.0 reachablity
   Reachability is Up (RIP)
   1 change, last change 00:02:04
   First-hop interface is Ethernet0/1
   Tracked by:
     HSRP Ethernet0/3 1

The following example shows information about the metric threshold of a route being tracked:

Router# show track 1

Track 1
   IP route 10.16.0.0 255.255.0.0 metric threshold
   Metric threshold is Up (RIP/6/102)
     1 change, last change 00:00:08
   Metric threshold down 255 up 254
   First-hop interface is Ethernet0/1
   Tracked by:
     HSRP Ethernet0/3 1

The following example shows the object type, the interval in which it is polled, and the time until the next poll:

Router# show track timers

   Object type   Poll Interval  Time to next poll
   interface     1              expired          
   ip route      30             29.364 


Table 49 describes the significant fields shown in the displays.

Table 49 show track Field Descriptions 

Field
Description

Track 1

Object number that is tracked.

Interface Ethernet0/2 ip routing

Interface type, number, and object that is tracked.

IP routing is Down

State value of the object, displayed as Up or Down. If the object is down, the reason is displayed.

1 change, last change

Number of times the state of a tracked object has changed and the time (in hh:mm:ss) since the last change.

Tracked by

Client process that is tracking the object.

First-hop interface

Displays the first hop interface.

Object type

Object type that is being tracked.

Poll interval

Interval (in seconds) in which the tracking process polls the object.

Time to next poll

Period of time until the next polling of the object.


Related Commands

Command
Description

track interface

Configures an interface to be tracked and enters tracking configuration mode.

track ip route

Tracks the state of an IP route and enters tracking configuration mode.

track timer

Specifies the interval in which the tracking process polls the tracked object.


show vrrp

To display a brief or detailed status of one or all configured Virtual Router Redundancy Protocol (VRRP) groups on the router, use the show vrrp command in user EXEC or privileged EXEC mode.

show vrrp [brief | group]

Syntax Description

brief

(Optional) Provides a summary view of the group information.

group

(Optional) Virtual router group number of the group for which information is to be displayed. The group number is configured with the vrrp ip command.


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

12.0(18)ST

This command was introduced.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.


Usage Guidelines

If no group is specified, all groups are displayed.

Examples

The following is sample output from the show vrrp command:

Router# show vrrp

Ethernet1/0 - Group 1 
State is Master 
Virtual IP address is 10.2.0.10 
Virtual MAC address is 0000.5e00.0101 
Advertisement interval is 3.000 sec 
Preemption is enabled 
min delay is 0.000 sec 
Priority 100 
Master Router is 10.2.0.1 (local), priority is 100 
Master Advertisement interval is 3.000 sec 
Master Down interval is 9.609 sec

Ethernet1/0 - Group 2 
State is Master 
Virtual IP address is 10.0.0.20 
Virtual MAC address is 0000.5e00.0102 
Advertisement interval is 1.000 sec 
Preemption is enabled 
min delay is 0.000 sec 
Priority 95 
Master Router is 10.0.0.1 (local), priority is 95 
Master Advertisement interval is 1.000 sec 
Master Down interval is 3.628 sec

Table 50 describes the significant fields shown in the display.

Table 50 show vrrp Field Descriptions

Field
Description

Ethernet1/0 - Group

Interface type and number, and VRRP group number.

State is

Role this interface plays within VRRP (master or backup).

Virtual IP address is

Virtual IP address for this interface.

Virtual MAC address is

Virtual MAC address for this interface.

Advertisement interval is

Interval (in seconds) at which the router will send VRRP advertisements when it is the master virtual router. This value is configured with the vrrp timers advertise command.

Preemption is

Indication of whether preemption is enabled or disabled.

Priority

Priority of the interface.

Master Router is

IP address of the current master virtual router.

priority is

Priority of the current master virtual router.

Master Advertisement interval is

Advertisement interval (in seconds) of the master virtual router.

Master Down interval is

Calculated time (in seconds) that the master virtual router can be down before the backup virtual router takes over.


The following is sample output from the show vrrp command with the brief keyword:

Router# show vrrp brief

Interface	     Grp  Prio   Time   Own  Pre  State    Master addr    Group addr
Ethernet1/0    1   100    3609          P  Master   1.0.0.4        1.0.0.10
Ethernet1/0    2   105    3589          P  Master   1.0.0.4        1.0.0.20

Table 51 describes the significant fields shown in the display.

Table 51 show vrrp brief Field Descriptions

Field
Description

Interface

Interface type and number.

Grp

VRRP group to which this interface belongs.

Prio

VRRP priority number for this interface.

Time

Calculated time that the master virtual router can be down before the backup virtual router takes over.

Own

IP address owner.

Pre

Preemption. P indicates that preemption is enabled. If this field is empty, preemption is disabled.

State

Role this interface plays within VRRP (master or backup).

Master addr

IP address of the master virtual router.

Group addr

IP address of the virtual router.


Related Commands

Command
Description

vrrp ip

Enables VRRP on an interface and identifies the IP address of the virtual router.


show vrrp interface

To display the Virtual Router Redundancy Protocol (VRRP) groups and their status on a specified interface, use the show vrrp interface command in user EXEC or privileged EXEC mode.

show vrrp interface type number [brief]

Syntax Descriptioninter

type

Interface type.

number

Interface number.

brief

(Optional) Provides a summary view of the group information


Command Modes

User EXEC
Privileged EXEC

Command History

Release
Modification

12.0(18)ST

This command was introduced.

12.0(22)S

This command was integrated into Cisco IOS Release 12.0(22)S.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.


Examples

The following is sample output from the show vrrp interface command:

Router# show vrrp interface ethernet 1/0

Ethernet1/0 - Group 1 
State is Master 
Virtual IP address is 10.2.0.10 
Virtual MAC address is 0000.5e00.0101 
Advertisement interval is 3.000 sec 
Preemption is enabled 
min delay is 0.000 sec 
Priority 100 
Master Router is 10.2.0.1 (local), priority is 100 
Master Advertisement interval is 3.000 sec 
Master Down interval is 9.609 sec

Ethernet1/0 - Group 2 
State is Master 
Virtual IP address is 10.0.0.20 
Virtual MAC address is 0000.5e00.0102 
Advertisement interval is 1.000 sec 
Preemption is enabled 
min delay is 0.000 sec 
Priority 95 
Master Router is 10.0.0.1 (local), priority is 95 
Master Advertisement interval is 1.000 sec 
Master Down interval is 3.628 sec

Related Commands

Command
Description

vrrp ip

Enables VRRP and identifies the IP address of the virtual router.


standby authentication

To configure an authentication string for the Hot Standby Router Protocol (HSRP), use the standby authentication command in interface configuration mode. To delete an authentication string, use the no form of this command.

standby [group-number] authentication text string

no standby [group-number] authentication text string

Syntax Description

group-number

(Optional) Group number on the interface to which this authentication string applies.

text string

Authentication string. It can be up to eight characters long. The default string is cisco.


Defaults

The default group number is 0. The default string is cisco.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.

12.1

The text keyword was added.


Usage Guidelines

HSRP ignores unauthenticated HSRP messages.

The authentication string is sent unencrypted in all HSRP messages. The same authentication string must be configured on all routers and access servers on a cable to ensure interoperation. Authentication mismatch prevents a device from learning the designated Hot Standby IP address and the Hot Standby timer values from other routers configured with HSRP.

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

Examples

The following example configures "word" as the authentication string required to allow Hot Standby routers in group 1 to interoperate:

interface ethernet 0
 standby 1 authentication text word

standby delay minimum reload

To configure the delay period before the initialization of Hot Standby Router Protocol (HSRP) groups, use the standby delay minimum reload command in interface configuration mode. To disable the delay period, use the no form of this command.

standby delay minimum min-delay reload reload-delay

no standby delay minimum min-delay reload reload-delay

Syntax Description

min-delay

Minimum time (in seconds) to delay HSRP group initialization after an interface comes up. This minimum delay period applies to all subsequent interface events.

reload-delay

Time (in seconds) to delay after the router has reloaded. This delay period applies only to the first interface-up event after the router has reloaded.


Defaults

The default minimum delay is 1 second.
The default reload delay is 5 seconds.

Command Modes

Interface configuration

Command History

Release
Modification

12.2

This command was introduced.


Usage Guidelines

If the active router fails or is removed from the network, then the standby router will automatically become the new active router. If the former active router comes back online, you can control whether it takes over as the active router by using the standby preempt command.

However, in some cases, even if the standby preempt command is not configured, the former active router will resume the active role after it reloads and comes back online. Use the standby delay minimum reload command to set a delay period for HSRP group initialization. This command allows time for the packets to get through before the router resumes the active role.

We recommend that you use the standby delay minimum reload command if the standby timers command is configured in milliseconds or if HSRP is configured on a VLAN interface of a switch.

In most configurations, the default values provide sufficient time for the packets to get through and configuring longer delay values is not necessary.

The delay will be cancelled if an HSRP packet is received on an interface.

Examples

The following example sets the minimum delay period to 30 seconds and the delay period after the first reload to 120 seconds:

interface ethernet 0
 ip address 10.20.0.7 255.255.0.0
 standby delay minimum 30 reload 120
 standby 3 ip 10.20.0.21
 standby 3 timers msec 300 msec 700
 standby 3 priority 100

Related Commands

Command
Description

show standby delay

Displays HSRP information about delay periods.

standby preempt

Configures the HSRP preemption and preemption delay.

standby timers

Configures the time between hello packets and the time before other routers declare the active HSRP or standby router to be down.


standby ip

To activate the Hot Standby Router Protocol (HSRP), use the standby ip command in interface configuration mode. To disable HSRP, use the no form of this command.

standby [group-number] ip [ip-address [secondary]]

no standby [group-number] ip [ip-address]

Syntax Description

group-number

(Optional) Group number on the interface for which HSRP is being activated. The default is 0.

ip-address

(Optional) IP address of the Hot Standby router interface.

secondary

(Optional) Indicates the IP address is a secondary Hot Standby router interface. Useful on interfaces with primary and secondary addresses; you can configure primary and secondary HSRP addresses.


Defaults

The default group number is 0
HSRP is disabled by default.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.

10.3

The group-number argument was added.

11.1

The secondary keyword was added.


Usage Guidelines

The standby ip command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the designated address is learned through the standby function. For HSRP to elect a designated router, at least one router on the cable must have been configured with, or have learned, the designated address. Configuring the designated address on the active router always overrides a designated address that is currently in use.

When the standby ip command is enabled on an interface, the handling of proxy ARP requests is changed (unless proxy ARP was disabled). If the Hot Standby state of the interface is active, proxy ARP requests are answered using the MAC address of the Hot Standby group. If the interface is in a different state, proxy ARP responses are suppressed.

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

Examples

The following example activates HSRP for group 1 on Ethernet interface 0. The IP address used by the Hot Standby group will be learned using HSRP.

interface ethernet 0
 standby 1 ip

In the following example, all three virtual IP addresses appear in the ARP table using the same (single) virtual MAC address. All three virtual IP addresses are using the same HSRP group (group 0).

ip address 1.1.1.1. 255.255.255.0
ip address 1.2.2.2. 255.255.255.0 secondary
ip address 1.3.3.3. 255.255.255.0 secondary
ip address 1.4.4.4. 255.255.255.0 secondary
standby ip 1.1.1.254
standby ip 1.2.2.254 secondary
standby ip 1.3.3.254 secondary

standby mac-address

To specify a virtual MAC address for the Hot Standby Router Protocol (HSRP), use the standby mac-address command in interface configuration mode. To revert to the standard virtual MAC address (0000.0C07.ACxy), use the no form of this command.

standby [group-number] mac-address mac-address

no standby [group-number] mac-address

Syntax Description

group-number

(Optional) Group number on the interface for which HSRP is being activated. The default is 0.

mac-address

MAC address.


Defaults

If this command is not configured, and the standby use-bia command is not configured, the standard virtual MAC address is used: 0000.0C07.ACxy, where xy is the group number in hexadecimal. This address is specified in RFC 2281, Cisco Hot Standby Router Protocol (HSRP).

Command Modes

Interface configuration

Command History

Release
Modification

11.2

This command was introduced.


Usage Guidelines

This command cannot be used on a Token Ring interface.

HSRP is used to help end stations locate the first-hop gateway for IP routing. The end stations are configured with a default gateway. However, HSRP can provide first-hop redundancy for other protocols. Some protocols, such as Advanced Peer-to-Peer Networking (APPN), use the MAC address to identify the first hop for routing purposes. In this case, it is often necessary to be able to specify the virtual MAC address; the virtual IP address is unimportant for these protocols. Use the standby mac-address command to specify the virtual MAC address.

The MAC address specified is used as the virtual MAC address when the router is active.

This command is intended for certain APPN configurations. The parallel terms are shown in Table 52.

Table 52

APPN
IP

End node

Host

Network node

Router or gateway


Parallel Terms Between APPN and IP

In an APPN network, an end node is typically configured with the MAC address of the adjacent network node. Use the standby mac-address command in the routers to set the virtual MAC address to the value used in the end nodes.

Examples

If the end nodes are configured to use 4000.1000.1060 as the MAC address of the network node, the following example shows the command used to configure HSRP group 1 with the virtual MAC address:

standby 1 mac-address 4000.1000.1060

Related Commands

Command
Description

show standby

Displays HSRP information.

standby use-bia

Configures HSRP to use the burned-in address of the interface as its virtual MAC address.


standby mac-refresh

To change the interval at which packets are sent to refresh the MAC cache when the Hot Standby Router Protocol (HSRP) is running over FDDI, use the standby mac-refresh command in interface configuration mode. To restore the default value, use the no form of this command.

standby mac-refresh seconds

no standby mac-refresh

Syntax Description

seconds

Number of seconds in the interval at which a packet is sent to refresh the MAC cache. The maximum value is 255 seconds. The default is 10 seconds.


Defaults

Seconds: 10 seconds.

Command Modes

Interface configuration

Command History

Release
Modification

12.0

This command was introduced.


Usage Guidelines

This command applies to HSRP running over FDDI only. Packets are sent every 10 seconds to refresh the MAC cache on learning bridges or switches. By default, the MAC cache entries age out in 300 seconds (5 minutes).

All other routers participating in HSRP on the FDDI ring receive the refresh packets, although the packets are intended only for the learning bridge or switch. Use this command to change the interval. Set the interval to 0 if you want to prevent refresh packets (if you have FDDI but do not have a learning bridge or switch).

Examples

The following example changes the MAC refresh interval to 100 seconds. Therefore, a learning bridge would need to miss three packets before the entry ages out.

standby mac-refresh 100

standby name

To configure the name of the standby group, use the standby name command in interface configuration mode. To disable the name, use the no form of this command.

standby name group-name

no standby name group-name

Syntax Description

group-name

Specifies the name of the standby group.


Defaults

The Hot Standby Router Protocol (HSRP) is disabled.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(2)T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.


Usage Guidelines

The name specifies the HSRP group used. The HSRP group name must be unique on the router.

Examples

The following example specifies the standby name as SanJoseHA:

interface ethernet0
 ip address 10.0.0.1 255.0.0.0
 standby ip 10.0.0.10
 standby name SanJoseHA
 standby preempt delay sync 100
 standby priority 110

Related Commands

Command
Description

ip mobile home-agent redundancy

Configures the home agent for redundancy.


standby preempt

To configure Hot Standby Router Protocol (HSRP) preemption and preemption delay, use the standby preempt command in interface configuration mode. To restore the default values, use the no form of this command.

standby [group-number] preempt [delay{minimum seconds | reload seconds | sync seconds}]

no standby [group-number] preempt [delay{minimum seconds | reload seconds | sync seconds}]

Syntax Description

group-number

(Optional) Group number on the interface to which the other arguments in this command apply.

delay

(Optional) Required if either the minimum, reload, or sync keywords are specified.

minimum seconds

(Optional) Specifies the minimum delay period in seconds. The seconds argument causes the local router to postpone taking over the active role for a minimum number of seconds since that router was last restarted. The range is from 0 to 3600 seconds (1 hour). The default is 0 seconds (no delay).

reload seconds

(Optional) Specifies the preemption delay, in seconds, after a reload only. This delay period applies only to the first interface-up event after the router has reloaded.

sync seconds

(Optional) Specifies the maximum synchronization period for IP redundancy clients in seconds.


Defaults

The default group number is 0.
The default delay is 0 seconds; if the router wants to preempt, it will do so immediately.
By default, the router that comes up later becomes the standby.

Command Modes

Interface configuration

Command History

Release
Modification

11.3

This command was introduced.

12.0(2)T

The minimum and sync keywords were added.

12.2

The behavior of the command changed such that standby preempt and standby priority must be entered as separate commands.

12.2

The reload keyword was added.

12.4(4)T

Support for IPv6 was added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.


Usage Guidelines

When this command is configured, the router is configured to preempt, which means that when the local router has a Hot Standby priority higher than the current active router, the local router should attempt to assume control as the active router. If preemption is not configured, the local router assumes control as the active router only if it receives information indicating no router is in the active state (acting as the designated router).

When a router first comes up, it does not have a complete routing table. If it is configured to preempt, it will become the active router, yet it is unable to provide adequate routing services. Solve this problem by configuring a delay before the preempting router actually preempts the currently active router.

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

IP redundancy clients can prevent preemption from taking place. The standby preempt delay sync seconds command specifies a maximum number of seconds to allow IP redundancy clients to prevent preemption. When this expires, then preemption takes place regardless of the state of the IP redundancy clients.

The standby preempt delay reload seconds command allows preemption to occur only after a router reloads. This provides stabilization of the router at startup. After this initial delay at startup, the operation returns to the default behavior.

The no standby preempt delay command will disable the preemption delay but preemption will remain enabled. The no standby preempt delay minimum seconds command will disable the minimum delay but leave any synchronization delay if it was configured.

When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:

Router(config-if)# standby 1 preempt delay minimum 300
    % Warning: This setting has no effect while following another group.

Examples

In the following example, the router will wait for 300 seconds (5 minutes) before attempting to become the active router:

interface ethernet 0
 standby ip 172.19.108.254
 standby preempt delay minimum 300 

standby priority

To configure Hot Standby Router Protocol (HSRP) priority, use the standby priority command in interface configuration mode. To restore the default values, use the no form of this command.

standby [group-number] priority priority

no standby [group-number] priority priority

Syntax Description

group-number

(Optional) Group number on the interface to which the other arguments in this command apply. The default group number is 0.

priority

Priority value that prioritizes a potential Hot Standby router. The range is from 1 to 255, where 1 denotes the lowest priority and 255 denotes the highest priority. The default priority value is 100. The router in the HSRP group with the highest priority value becomes the active router.


Defaults

The default group number is 0.
The default priority is 100.

Command Modes

Interface configuration

Command History

Release
Modification

11.3

This command was introduced.

12.2

The behavior of the command changed such that standby preempt and standby priority must be entered as separate commands.

12.4(4)T

Support for IPv6 was added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.


Usage Guidelines

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

The assigned priority is used to help select the active and standby routers. Assuming that preemption is enabled, the router with the highest priority becomes the designated active router. In case of ties, the primary IP addresses are compared, and the higher IP address has priority.

Note that the priority of the device can change dynamically if an interface is configured with the standby track command and another interface on the router goes down.

When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:

Router(config-if)# standby 1 priority 110
%Warning: This setting has no effect while following another group.

Examples

In the following example, the router has a priority of 120 (higher than the default value):

interface ethernet 0
 standby ip 172.19.108.254
 standby priority 120 
 standby preempt delay 300

Related Commands

Command
Description

standby track

Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.


standby redirect

To enable Hot Standby Router Protocol (HSRP) filtering of Internet Control Message Protocol (ICMP) redirect messages, use the standby redirect command in interface configuration mode. To disable the HSRP filtering of ICMP redirect messages, use the no form of this command.

standby redirect [enable | disable] [timers advertisement holddown] [unknown]

no standby redirect [unknown]

Syntax Description

enable

(Optional) Allows the filtering of ICMP redirect messages on interfaces configured with HSRP, where the next hop IP address may be changed to an HSRP virtual IP address.

disable

(Optional) Disables the filtering of ICMP redirect messages on interfaces configured with HSRP.

timers

(Optional) Adjusts HSRP router advertisement timers.

advertisement

(Optional) HSRP Router advertisement interval in seconds. This is an integer from 10 to 180. The default is 60 seconds.

holddown

(Optional) HSRP router holddown interval in seconds. This is an integer from 61 to 3600. The default is 180 seconds.

unknown

(Optional) Allows sending of ICMP packets when the next hop IP address contained in the packet is unknown in the HSRP table of real IP addresses and active virtual IP addresses. The no standby redirect unknown command stops the redirects from being sent.


Defaults

HSRP filtering of ICMP redirect messages is enabled if HSRP is configured on an interface.

Command Modes

Interface configuration

Command History

Release
Modification

12.1(3)T

This command was introduced.

12.2

The following keywords and arguments were added to the command:

timers advertisement holdtime

unknown


Usage Guidelines

The standby redirect command can be configured globally or on a per-interface basis. When HSRP is first configured on an interface, the setting for that interface will inherit the global value. If the filtering of ICMP redirects is explicitly disabled on an interface, then the global command cannot reenable this functionality.

The no standby redirect command is the same as the standby redirect disable command. However, it is not desirable to save the no form of this command to NVRAM. Because the command is enabled by default, it is preferable to use the standby redirect disable command to disable the functionality.

With the standby redirect command enabled, the real IP address of a router can be replaced with a virtual IP address in the next hop address or gateway field of the redirect packet. HSRP looks up the next hop IP address in its table of real IP addresses versus virtual IP addresses. If HSRP does not find a match, the HSRP router allows the redirect packet to go out unchanged. The host HSRP router is redirected to a router that is unknown, that is, a router with no active HSRP groups. You can specify the no standby redirect unknown command to stop these redirects from being sent.

Examples

The following example allows HSRP to filter ICMP redirect messages on interface Ethernet 0:

Router(config)# interface ethernet 0
Router(config-if)# ip address 10.0.0.1 255.0.0.0
Router(config-if)# standby redirect
Router(config-if)# standby 1 ip 10.0.0.11

The following example shows how to change the HSRP router advertisement interval to 90 seconds and the holddown timer to 270 seconds on interface Ethernet 0:

Router(config)# interface ethernet 0
Router(config-if)# ip address 10.0.0.1 255.0.0.0
Router(config-if)# standby redirect timers 90 270
Router(config-if)# standby 1 ip 10.0.0.11

Related Commands

Command
Description

show standby

Displays the HSRP information.

show standby redirect

Displays ICMP redirect information on interfaces configured with the HSRP.


standby timers

To configure the time between hello packets and the time before other routers declare the active Hot Standby or standby router to be down, use the standby timers command in interface configuration mode. To restore the timers to their default values, use the no form of this command.

standby [group-number] timers [msec] hellotime [msec] holdtime

no standby [group-number] timers [msec] hellotime [msec] holdtime

Syntax Description

group-number

(Optional) Group number on the interface to which the timers apply. The default is 0.

msec

(Optional) Interval in milliseconds. Millisecond timers allow for faster failover.

hellotime

Hello interval (in seconds). This is an integer from 1 to 254. The default is 3 seconds. If the msec option is specified, hello interval is in milliseconds. This is an integer from 15 to 999.

holdtime

Time (in seconds) before the active or standby router is declared to be down. This is an integer from x to 255. The default is 10 seconds. If the msec option is specified, holdtime is in milliseconds. This is an integer from y to 3000.

Where:

x is the hellotime + 50 milliseconds, then rounded up to the nearest
1 second

y is greater than or equal to 3 times the hellotime and is not less than
50 milliseconds.


Defaults

The default group number is 0.
The default hello interval is 3 seconds.
The default hold time is 10 seconds.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

This command was introduced.

11.2

The msec keyword was added.

12.2

The minimum values of hellotime and holdtime in milliseconds changed.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.


Usage Guidelines

The standby timers command configures the time between standby hello packets and the time before other routers declare the active or standby router to be down. Routers or access servers on which timer values are not configured can learn timer values from the active or standby router. The timers configured on the active router always override any other timer settings. All routers in a Hot Standby group should use the same timer values. Normally, holdtime is greater than or equal to 3 times the value of hellotime. The range of values for holdtime force the holdtime to be greater than the hellotime. If the timer values are specified in milliseconds, the holdtime is required to be at least three times the hellotime value and not less than 50 milliseconds.

Some HSRP state flapping can occasionally occur if the holdtime is set to less than 250 milliseconds, and the processor is busy. It is recommended that holdtime values less than 250 milliseconds be used on Cisco 7200 platforms or better, and on Fast-Ethernet or FDDI interfaces or better. Setting the process-max-time command to a suitable value may also help with flapping.

The value of the standby timer will not be learned through HSRP hellos if it is less than 1 second.

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:

Router(config-if)# standby 1 timers 5 15
    % Warning: This setting has no effect while following another group.

Examples

The following example sets, for group number 1 on Ethernet interface 0, the time between hello packets to 5 seconds, and the time after which a router is considered to be down to 15 seconds:

interface ethernet 0
 standby 1 ip 
 standby 1 timers 5 15 

The following example sets, for the Hot Router interface located at 172.19.10.1 on Ethernet interface 0, the time between hello packets to 300 milliseconds, and the time after which a router is considered to be down to 900 milliseconds:

interface ethernet 0
 standby ip 172.19.10.1 
 standby timers msec 300 msec 900 

The following example sets, for the Hot Router interface located at 172.18.10.1 on Ethernet interface 0, the time between hello packets to 15 milliseconds, and the time after which a router is considered to be down to 50 milliseconds. Note that the holdtime is larger than three times the hellotime because the minimum holdtime value in milliseconds is 50.

interface ethernet 0
 standby ip 172.18.10.1 
 standby timers msec 15 msec 50 

standby track

To configure the Hot Standby Routing Protocol (HSRP) to track an object and change the Hot Standby priority based on the state of the object, use the standby track command in interface configuration mode. To remove the tracking, use the no form of this command.

Cisco IOS Release 12.2(15)T and Later Releases

standby [group-number] track object-number [decrement priority]

no standby [group-number] track object-number [decrement priority]

Cisco IOS Release 12.2(13)T and Earlier Releases

standby [group-number] track interface-type interface-number [interface-priority]

no standby [group-number] track interface-type interface-number [interface-priority]

Syntax Description

group-number

(Optional) Group number to which the tracking applies.

object-number

Object number in the range from 1 to 500 representing the object to be tracked.

decrement priority

(Optional) Amount by which the Hot Standby priority for the router is decremented (or incremented) when the tracked object goes down (or comes back up). The default value is 10.

group-number

(Optional) Group number on the interface to which the tracking applies.

interface-type

Interface type (combined with interface number) that will be tracked.

interface-number

Interface number (combined with interface type) that will be tracked.

interface-priority

(Optional) Amount by which the Hot Standby priority for the router is decremented (or incremented) when the interface goes down (or comes back up). The default value is 10.


Defaults

group-number: 0
priority: 10
interface-priority: 10

Command Modes

Interface configuration

Command History

Release
Modification

10.3

This command was introduced.

12.2(15)T

This command was enhanced to allow HSRP to track objects other than the interface line-protocol state.


Usage Guidelines

This command ties the Hot Standby priority of the router to the availability of its tracked objects. Use the track interface or track ip route global configuration command to track an interface object or an IP route object. The HSRP client can register its interest in the tracking process by using the standby track command commands, and take action when the object changes.

When a tracked object goes down, the Hot Standby priority decreases by 10. If an object is not tracked, its state changes do not affect the Hot Standby priority. For each object configured for Hot Standby, you can configure a separate list of objects to be tracked.

The optional priority argument specifies how much to decrement the Hot Standby priority when a tracked object goes down. When the tracked object comes back up, the priority is incremented by the same amount.

When multiple tracked objects are down, the decrements are cumulative, whether configured with priority values or not.

Use the no standby group-number track command to delete all tracking configuration for a group.

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

The standby track command syntax prior to Release 12.2(15)T is still supported. Using the older form will cause a tracked object to be created in the new tracking process. This tracking information can be displayed using the show track command.

Examples

In the following example, the tracking process is configured to track the IP routing capability of serial interface 1/0. HSRP on Ethernet interface 0/0 then registers with the tracking process to be informed of any changes to the IP routing state of serial interface 1/0. If the IP state on Serial interface 1/0 goes down, then the priority of the HSRP group is reduced by 10.

If both serial interfaces are operational, then Router A will be the HSRP active router because it has the higher priority.

However, if IP routing on serial interface 1/0 in Router A fails, then the HSRP group priority will be reduced and Router B will take over as the active router, thus maintaining a default virtual gateway service to hosts on the 10.1.0.0 subnet.

Router A Configuration

!
track 100 interface serial1/0 ip routing
!
interface Ethernet0/0
  ip address 10.1.0.21 255.255.0.0
  standby 1 ip 10.1.0.1
  standby 1 priority 105
  standby 1 track 100 decrement 10

Router B Configuration

!
track 100 interface serial1/0 ip routing
!
interface Ethernet0/0
  ip address 10.1.0.22 255.255.0.0
  standby 1 ip 10.1.0.1
  standby 1 priority 100
  standby 1 track 100 decrement 10

Related Commands

Command
Description

show standby

Displays HSRP information.

standby preempt

Configures HSRP preemption and preemption delay.

standby priority

Configures Hot Standby priority of potential standby routers.

track interface

Configures an interface to be tracked and enters tracking configuration mode.

track ip route

Tracks the state of an IP route and enters tracking configuration mode.


standby use-bia

To configure the Hot Standby Router Protocol (HSRP) to use the burned-in address of the interface as its virtual MAC address, instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring), use the standby use-bia command in interface configuration mode. To restore the default virtual MAC address, use the no form of this command.

standby use-bia [scope interface]

no standby use-bia

Syntax Description

scope interface

(Optional) Specifies that this command is configured just for the subinterface on which it was entered, instead of the major interface.


Defaults

HSRP uses the preassigned MAC address on Ethernet and FDDI, or the functional address on Token Ring.

Command Modes

Interface configuration

Command History

Release
Modification

11.2

This command was introduced.

12.1

The behavior was modified to allow multiple standby groups to be configured for an interface configured with this command


Usage Guidelines

For an interface with this command configured, multiple standby group can be configured. Hosts on the interface must have a default gateway configured. We recommend that you set the no ip proxy-arp command on the interface. It is desirable to configure the standby use-bia command on a Token Ring interface if there are devices that reject ARP replies with source hardware addresses set to a functional address.

When HSRP runs on a multiple-ring, source-routed bridging environment and the HRSP routers reside on different rings, configuring the standby use-bia command can prevent confusion about the routing information field (RFI).

Without the scope interface keywords, the standby use-bia command applies to all subinterfaces on the major interface. The standby use-bia command may not be configured both with and without the scope interface keywords at the same time.

Examples

In the following example, the burned-in address of Token Ring interface 4/0 will be the virtual MAC address mapped to the virtual IP address:

interface token4/0
 standby use-bia

start-forwarding-agent

To start the forwarding agent, use the start-forwarding-agent command in CASA-port configuration mode.

start-forwarding-agent port-number [password [timeout]]

Syntax Description

port-number

Port numbers on which the Forwarding Agent will listen for wildcards broadcast from the services manager. This must match the port number defined on the services manager.

password

(Optional) Text password used for generating the MD5 digest.

timeout

(Optional) Duration (in seconds) during which the Forwarding Agent will accept the new and old password. Valid range is from 0 to 3600 seconds. The default is 180 seconds.


Defaults

The default initial number of affinities is 5000.
The default maximum number of affinities is 30,000.

Command Modes

CASA-port configuration

Command History

Release
Modification

12.0(5)T

This command was introduced.


Usage Guidelines

The forwarding agent must be started before you can configure any port information for the forwarding agent.

Examples

The following example specifies that the forwarding agent will listen for wildcard and fixed affinities on port 1637:

start-forwarding-agent 1637

Related Commands

Command
Description

forwarding-agent

Specifies the port on which the forwarding agent will listen for wildcard and fixed affinities.


sticky

To assign all connections from a client to the same real server, use the sticky command in virtual server configuration mode. To remove the client/server coupling, use the no form of this command.

sticky duration [group group-id]

no sticky

Syntax Description

duration

Sticky timer duration (in seconds). Valid values range from 0 to 65535.

group

(Optional) Places the virtual server in a sticky group, for coupling of services.

group-id

(Optional) Number identifying the sticky group to which the virtual server belongs. Valid values range from 0 to 255.


Defaults

Sticky connections are not tracked.

Virtual servers are not associated with any groups.

Command Modes

SLB virtual server configuration

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.


Usage Guidelines

The last real server that was used for a connection from a client is stored for the set duration seconds. If a new connection from the client to the virtual server is initiated during that time, the same real server that was used for the previous connection is chosen for the new connection. If two virtual servers are placed in the same group, coincident connection requests for those services from the same IP address are handled by the same real server.

Examples

The following example specifies that if a subsequent request from a client for a virtual server is made within 60 seconds of the previous request, then the same real server is used for the connection. This example also places the virtual server in group 10.

ip slb vserver VS1
sticky 60 group 10

Related Commands

Command
Description

show ip slb sticky

Displays information about the virtual server or firewall farm sticky configuration.

show ip slb vservers

Displays information about the virtual servers.

virtual

Configures the virtual server attributes.


subnet prefix-length

To configure a subnet allocation pool and determine the size subnets that are allocated from the pool, use the subnet prefix-length command in DHCP pool configuration mode. To unconfigure subnet pool allocation, use the no form of this command.

subnet prefix-length prefix-length

no subnet prefix-length prefix-length

Syntax Description

prefix-length

Configures the IP subnet prefix length in classless interdomain routing (CIDR) bit count notation. The range is from 1 to 31.


Defaults

No default behavior or values.

Command Modes

DHCP pool configuration

Command History

Release
Modification

12.2(15)T

This command was introduced.


Usage Guidelines

This command is used to configure a Cisco IOS router as a subnet allocation server for a centralized or remote VPN on-demand address pool (ODAP) manager. This command is configured under a DHCP pool. The prefix-length argument is used to determine the size of the subnets that are allocated from the subnet allocation pool. The values that can be configured for the prefix-length argument follow CIDR bit count notation format.

Configuring Global Subnet Pools

Global subnet pools are created in a centralized network. The ODAP server allocates subnets from the subnet allocation server based on subnet availability. When the ODAP manager allocates a subnet, the subnet allocation server creates a subnet binding. This binding is stored in the DHCP database for as long as the ODAP server requires the address space. The binding is destroyed and the subnet is returned to the subnet pool only when the ODAP server releases the subnet as address space utilization decreases.

Configuring VPN Subnet Pools

A subnet allocation server can be configured to assign subnets from VPN subnet allocation pools for MPLS VPN clients. VPN routes between the ODAP manager and the subnet allocation server are configured based on VRF name or VPN ID configuration. The VRF and VPN ID are configured to maintain routing information that defines customer VPN sites. This customer site is attached to a provider edge (PE) router. A VRF consists of an IP routing table, a derived Cisco Express Forwarding (CEF) table, a set of interfaces that use the forwarding table, and a set of rules and routing protocol parameters that control the information that is included in the routing table.

Configuring VPN Subnet Pools for VPN clients with VPN IDs

A subnet allocation server can also be configured to assign subnets from VPN subnet allocation pools based on the VPN ID of a client. The VPN ID (or Organizational Unique Identifier [OUI]) is a unique identifier assigned by the IEEE. VPN routes between the ODAP manager and the subnet allocation server are enabled by configuring the DHCP pool with a VPN ID that matches the VPN ID that is configured for the VPN client.

Examples

Global Configuration Example

The following example configures a router to be a subnet allocation server and creates a global subnet allocation pool named GLOBAL-POOL from the 10.0.0.0 network. The configuration of the subnet prefix-length command in this example configures each subnet that is allocated from the subnet pool to support 254 host IP addresses.

Router(config)# ip dhcp pool GLOBAL-POOL
Router(dhcp-config)# network 10.0.0.0 255.255.255.0
Router(dhcp-config)# subnet prefix-length 24
!

VPN Configuration Example

The following example configures a router to be a subnet allocation server and creates a VRF subnet allocation pool named VRF-POOL from the 172.16.0.0 network and configures the VPN to match the VRF named RED. The configuration of the subnet prefix-length command in this example configures each subnet that is allocated from the subnet pool to support 62 host IP addresses.

Router(config)# ip dhcp pool VRF-POOL 
Router(dhcp-config)# vrf RED
Router(dhcp-config)# network 172.16.0.0 /16
Router(dhcp-config)# subnet prefix-length 26
!

VPN ID Configuration Example

The following example configures a router to be a subnet allocation server and creates a VRF subnet allocation pool named VRF-POOL from the 192.168.0.0 network and configures the VRF named RED. The VPN ID must match the unique identifier that is assigned to the client site. The route target and route distinguisher are configured in the as-number:network number format. The route target and route distinguisher must match. The configuration of the subnet prefix-length command in this example configures each subnet that is allocated from the subnet pool to support 30 host IP addresses.

Router(config)# ip vrf RED
Router(config-vrf)# rd 100:1
Router(config-vrf)# route-target both 100:1 
Router(config-vrf)# vpn id 1234:123456
Router(config-vrf)# exit
Router(config)# ip dhcp pool VPN-POOL
Router(dhcp-config)# vrf RED
Router(dhcp-config)# network 192.168.0.0 /24
Router(dhcp-config)# subnet prefix-length /27
Router(dhcp-config)# exit

Related Commands

Command
Description

ip dhcp database

Configures a Cisco IOS DHCP server to save automatic bindings on a remote host called a database agent.

ip dhcp pool

Enables the IP address of an interface to be automatically configured when a DHCP pool is populated with a subnet from IPCP negotiation.

network (DHCP)

Configures the subnet number and mask for a DHCP address pool on a Cisco IOS DHCP server.

show ip dhcp pool

Displays information about the DHCP pools.


synguard

To limit the rate of TCP SYNs handled by a virtual server to prevent an SYN flood Denial-of-Service attack, use the synguard command in virtual server configuration mode. To remove the threshold, use the no form of this command.

synguard syn-count [interval]

no synguard

Syntax Description

syn-count

Number of unanswered SYNs that are allowed to be outstanding to a virtual server. Valid values range from 0 (off) to 4294967295. The default is 0.

interval

(Optional) Interval (in milliseconds) for SYN threshold monitoring. Valid values range from 50 to 5000. The default is 100 ms.


Defaults

The default SYN count is 0 (off).

The default interval is 100 ms.

Command Modes

SLB virtual server configuration

Command History

Release
Modification

12.0(7)XE

This command was introduced.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.


Examples

The following example sets the threshold of unanswered SYNs to 50:

ip slb vserver PUBLIC_HTTP
synguard 50

Related Commands

Command
Description

show ip slb vservers

Displays information about the virtual servers.

virtual

Configures the virtual server attributes.