-
Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3
-
Introduction
-
IP Routing Protocol Commands: A through B
-
IP Routing Protocols Commands: C through H
-
IP Routing Protocols Commands: I
-
IP Routing Protocols Commands: K through M
-
IP Routing Protocols Commands: N
-
IP Routing Protocols Commands: O through R
-
IP Routing Protocols Commands: send-lifetime through set-overload-bit
-
IP Routing Protocols Commands: show bgp nsap through show ip local policy
-
IP Routing Protocols Commands: show ip ospf through version
-
Table Of Contents
ip authentication key-chain eigrp
ip ospf database-filter all out
ip prefix-list sequence-number
ip rip authentication key-chain
isis retransmit-throttle-interval
ignore lsa mospf
To suppress the sending of syslog messages when the router receives link-state advertisement (LSA) Type 6 Multicast OSPF (MOSPF) packets, which are unsupported, use the ignore lsa mospf command in router configuration mode. To restore the sending of syslog messages, use the no form of this command.
ignore lsa mospf
no ignore lsa mospf
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default. Each MOSPF packet causes the router to send a syslog message.
Command Modes
Router configuration
Command History
Usage Guidelines
Cisco routers do not support LSA Type 6 MOSPF packets, and they generate syslog messages if they receive such packets. If the router is receiving many MOSPF packets, you might want to configure the router to ignore the packets and thus prevent a large number of syslog messages.
Examples
The following example configures the router to suppress the sending of syslog messages when it receives MOSPF packets:
router ospf 109ignore lsa mospfinput-queue
The input-queue command defines the number of received, but not yet processed RIP update packets contained in the Routing Information Protocol (RIP) input queue. Use the input-queue command in router configuration mode. To remove the configured depth and restore the default depth, use the no form of this command.
input-queue depth
no input-queue
Syntax Description
Defaults
A depth of 50.
Command Modes
Router configuration
Command History
11.0
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
Consider using the input-queue command if you have a high-end router that is sending at high speed to a low-speed router that might not be able to receive at the high speed. Configuring this command will help prevent the routing table from losing information.
Another way to prevent the routing table from losing information is to use the output-delay command to change the interpacket delay for RIP updates.
Examples
The following example sets the depth of the RIP input queue to 100:
router ripinput-queue 100Related Commands
ip as-path access-list
To define a BGP autonomous system path access list, use the ip as-path access-list global configuration command. To disable use of the access list, use the no form of this command.
ip as-path access-list access-list-number {permit | deny} as-regexp
no ip as-path access-list access-list-number
Syntax Description
Defaults
No access lists are defined.
Command Modes
Global configuration
Command History
Usage Guidelines
You can specify an access list filter on both inbound and outbound BGP routes. Each filter is an access list based on regular expressions. If the regular expression matches the representation of the autonomous system path of the route as an ASCII string, then the permit or deny condition applies. The autonomous system path does not contain the local autonomous system number. Use the ip as-path access-list global configuration command to define a BGP access list and the neighbor router configuration command to apply a specific access list.
Examples
The following example creates autonomous-system path access list (number 500) that specifies that the BGP neighbor with IP address 10.125.1.1 is not to be sent advertisements about any path through or from the adjacent autonomous system 123:
ip as-path access-list 500 deny _123_ip as-path access-list 500 deny ^123$router bgp 109network 10.108.0.0neighbor 10.140.6.6 remote-as 123neighbor 10.125.1.1 remote-as 47neighbor 10.125.1.1 filter-list 1 outRelated Commands
neighbor distribute-list
Distributes BGP neighbor information as specified in an access list.
neighbor filter-list
Sets up a BGP filter.
ip authentication key-chain eigrp
To enable authentication of Enhanced Interior Gateway Routing Protocol (EIGRP) packets, use the ip authentication key-chain eigrp command in interface configuration mode. To disable such authentication, use the no form of this command.
ip authentication key-chain eigrp as-number key-chain
no ip authentication key-chain eigrp as-number key-chain
Syntax Description
as-number
Autonomous system number to which the authentication applies.
key-chain
Name of the authentication key chain.
Defaults
No authentication is provided for EIGRP packets.
Command Modes
Interface configuration
Command History
Examples
The following example applies authentication to autonomous system 2 and identifies a key chain named SPORTS:
ip authentication key-chain eigrp 2 SPORTSRelated Commands
ip authentication mode eigrp
To specify the type of authentication used in Enhanced Interior Gateway Routing Protocol (EIGRP) packets, use the ip authentication mode eigrp command in interface configuration mode. To disable that type of authentication, use the no form of this command.
ip authentication mode eigrp as-number md5
no ip authentication mode eigrp as-number md5
Syntax Description
Defaults
No authentication is provided for EIGRP packets.
Command Modes
Interface configuration
Command History
Usage Guidelines
Configure authentication to prevent unapproved sources from introducing unauthorized or false routing messages. When authentication is configured, an MD5 keyed digest is added to each EIGRP packet in the specified autonomous system.
Examples
The following example configures the interface to use MD5 authentication in EIGRP packets in autonomous system 10:
ip authentication mode eigrp 10 md5Related Commands
ip bandwidth-percent eigrp
To configure the percentage of bandwidth that may be used by Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip bandwidth-percent eigrp command in interface configuration mode. To restore the default value, use the no form of this command.
ip bandwidth-percent eigrp as-number percent
no ip bandwidth-percent eigrp as-number percent
Syntax Description
Defaults
50 percent
Command Modes
Interface configuration
Command History
Usage Guidelines
EIGRP will use up to 50 percent of the bandwidth of a link, as defined by the bandwidth interface configuration command. This command may be used if some other fraction of the bandwidth is desired. Note that values greater than 100 percent may be configured. The configuration option may be useful if the bandwidth is set artificially low for other reasons.
Examples
The following example allows EIGRP to use up to 75 percent (42 kbps) of a 56-kbps serial link in autonomous system 209:
interface serial 0bandwidth 56ip bandwidth-percent eigrp 209 75Related Commands
ip bgp-community new-format
To display BGP communities in the format AA:NN (autonomous system-community number/2-byte number), use the ip bgp-community new-format command in global configuration mode. To reenable the previous display format for BGP communities (one 32-bit number), use the no form of this command.
ip bgp-community new-format
no ip bgp-community new-format
Syntax Description
This command has no argument or keywords.
Defaults
BGP communities are displayed in the Cisco default format, one 32-bit number.
Command Modes
Global configuration
Command History
Usage Guidelines
RFC 1997, BGP Communities Attribute, specifies that a BGP community is made up of two parts that are 2 bytes long. The first part is the autonomous system number and the second part is a 2-byte number. In the most recent version of the RFC, a community is of the form AA:NN. The Cisco default community format is one 32-bit number. The ip bgp-community new-format command changes the community format to AA:NN to conform to RFC 1997.
Examples
The following example upgrades a router that uses the 32-bit number community format to the AA:NN format:
Router(config)# ip bgp-community new-formatThe following example shows how BGP community numbers are displayed when the ip bgp-community new-format command is enabled:
Router# show ip bgp 10.0.0.0BGP routing table entry for 10.0.0.0/8, version 4Paths: (2 available, best #2, table Default-IP-Routing-Table)Advertised to non peer-group peers:10.0.33.353510.0.33.35 from 10.0.33.35 (192.168.3.3)Origin incomplete, metric 10, localpref 100, valid, externalCommunity: 1:1Local0.0.0.0 from 0.0.0.0 (10.0.33.34)Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, bestRelated Commands
ip bgp fast-external-fallover
To enable per-interface fast external fallover, enter the ip bgp fast-external-fallover command in interface configuration mode. To revert back to the current behavior, use the no format of this command.
ip bgp fast-external-fallover [permit | deny]
no ip bgp fast-external-fallover [permit | deny]
Syntax Description
permit
Allows per-interface fast external fallover.
deny
Prevents per-interface fast external fallover.
Defaults
Global fast external fallover.
Command Modes
Interface configuration
Command History
12.0ST
This command was introduced.
12.1
This command was integrated into Cisco IOS Release 12.1.
Usage Guidelines
When you specify the ip bgp fast-external-fallover command with the permit or deny keyword, it overrides the global setting. If you enter the no format of the command, the global setting is in effect for this interface.
Examples
The following example enables per-interface fast-external-fallover on interface Ethernet 0/0:
Router(config)# interface ethernet 0/0Router(config-if)# ip bgp fast-external-fallover permitip community-list
To create or configure a Border Gateway Protocol (BGP) community list and to control access to it, use the ip community-list command in global configuration command. To delete the community list, use the no form of this command.
ip community-list {standard | standard list-name {deny | permit} [community-number] [AA:NN] [internet] [local-AS] [no-advertise] [no-export]} | {expanded | expanded list-name {deny | permit} regexp}
no ip community-list standard | expanded | {expanded | standard} list-name
Syntax Description
Defaults
BGP community exchange is not enabled by default. It is enabled on a per-neighbor basis with the neighbor send-community command.
The Internet community is applied to all routes or prefixes by default, until any other community value is configured with this command or the set community command.
Once a permit value has been configured to match a given set of communities, the community list defaults to an implicit deny for all other community values.
Community values entered in the new format (AA:NN) are converted to 32-bit numbers if the ip bgp-community new-format command is not enabled on the local router.
Defaults
Global configuration
Command History
Usage Guidelines
The ip community-list command is used to configure BGP community filtering. BGP community values are configured as a 32-bit number (old format) or as a 4-byte number (new format). The new community format is enabled when the ip bgp-community new-format command is entered in global configuration mode. The new community format consists of a 4-byte value. The first two bytes represent the autonomous system number, and the trailing two bytes represent a user-defined network number. Named and numbered community lists are supported. BGP community attribute exchange between BGP peers is enabled when the neighbor send-community command is configured for the specified neighbor. The BGP community attribute is defined in RFC-1997 and RFC-1998.
Standard Community Lists
Standard community lists are used to configure well-known communities and specific community numbers. A maximum of 16 communities can be configured in a standard community list. If you attempt to configure more than 16 communities, the trailing communities that exceed the limit are not processed or saved to the running configuration file.
Expanded Community Lists
Expanded community lists are used to filter communities using a regular expression. Regular expressions are used to configure patterns to match community attributes. The order for matching using the * or + character is longest construct first. Nested constructs are matched from the outside in. Concatenated constructs are matched beginning at the left side. If a regular expression can match two different parts of an input string, it will match the earliest part first. For more information about configuring regular expressions, see the Regular Expressions appendix of the Cisco IOS Terminal Services Configuration Guide.
Community List Processing
When multiple values are configured in the same community list statement, a logical AND condition is created. All community values must match to satisfy an AND condition. When multiple values are configured in separate community list statements, a logical OR condition is created. The first list that matches a condition is processed.
Examples
In the following example, a standard community list is configured that permits routes that from network 10 in autonomous system 50000:
Router(config)# ip community-list 1 permit 50000:10In the following example, a standard community list is configured that permits only routes from peers in the same autonomous system or from subautonomous system peers in the same confederation:
Router(config)# ip community-list 1 permit no-exportIn the following example, a standard community list is configured to deny routes that carry communities from network 40 in autonomous system 65534 and from network 60 in autonomous system 65412. This example shows a logical AND condition; all community values must match in order for the list to be processed.
Router(config)# ip community-list 2 deny 65534:40 65412:60In the following example, a named standard community list is configured that permits all routes within the local autonomous system or permits routes from network 20 in autonomous system 40000. This example shows a logical OR condition; the first match is processed.
Router(config)# ip community-list standard RED permit local-ASRouter(config)# ip community-list standard RED permit 40000:20In the following example, an expanded community list is configured that will deny routes that carry communities from any private autonomous system:
Router(config)# ip community-list 500 deny _64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_In the following example, a named expanded community list configured that denies routes from network 1 through 99 in autonomous system 50000:
Router(config)# ip community-list expanded BLUE deny 50000:[0-9][0-9]_Related Commands
ip default-network
To select a network as a candidate route for computing the gateway of last resort, use the ip default-network command in global configuration mode. To remove a route, use the no form of this command.
ip default-network network-number
no ip default-network network-number
Syntax Description
Defaults
If the router has a directly connected interface onto the specified network, the dynamic routing protocols running on that router will generate (or source) a default route. For Router Information Protocol (RIP), this is flagged as the pseudonetwork 0.0.0.0; for Interior Gateway Routing Protocol (IGRP), it is the network itself, flagged as an exterior route.
Command Modes
Global configuration
Command History
Usage Guidelines
The Cisco IOS software uses both administrative distance and metric information to determine the default route. Multiple ip default-network commands can be given. All candidate default routes, both static (that is, flagged by the ip default-network command) and dynamic, appear in the routing table preceded by an asterisk.
If the IP routing table indicates that the specified network number is subnetted and a nonzero subnet number is specified, then the system will automatically configure a static summary route. This static summary route is configured instead of a default network. The effect of the static summary route is to cause traffic destined for subnets that are not explicitly listed in the IP routing table to be routed using the specified subnet.
Examples
The following example defines a static route to network 10.0.0.0 as the static default route:
ip route 10.0.0.0 255.0.0.0 10.108.3.4ip default-network 10.0.0.0If the following command was issued on a router not connected to network 10.140.0.0, the software might choose the path to that network as a default route when the network appeared in the routing table:
ip default-network 10.140.0.0Related Commands
ip dvmrp metric
To configure the metric associated with a set of destinations for Distance Vector Multicast Routing Protocol (DVMRP) reports, use the ip dvmrp metric command in interface configuration mode. (Note that this command has two different syntax possibilities.) To disable this function, use the no form of this command.
ip dvmrp metric metric [route-map map-name] [mbgp] [list access-list-number] [[protocol process-id] | dvmrp]
no ip dvmrp metric metric [route-map map-name] [mbgp] [list access-list-number] [[protocol process-id] | dvmrp]
Syntax Description
Defaults
No metric is preconfigured. Only directly connected subnets and networks are advertised to neighboring DVMRP routers.
Command Modes
Interface configuration
Command History
10.2
This command was introduced.
11.1
The route-map keyword was added.
11.1(20)CC
This mbgp keyword was added.
12.0(7)T
This mbgp keyword was added.
Usage Guidelines
When Protocol Independent Multicast (PIM) is configured on an interface and DVMRP neighbors are discovered, the Cisco IOS software sends DVMRP report messages for directly connected networks. The ip dvmrp metric command enables DVMRP report messages for multicast destinations that match the access list. Usually, the metric for these routes is 1. Under certain circumstances, you might want to tailor the metric used for various unicast routes. This command lets you configure the metric associated with a set of destinations for report messages sent out this interface.
You can use the access-list-number argument in conjunction with the protocol and process-id arguments to selectively list the destinations learned from a given routing protocol.
To display DVMRP activity, use the debug ip dvmrp command.
Examples
The following example connects a PIM cloud to a DVMRP cloud. Access list 1 permits the sending of DVMRP reports to the DVMRP routers advertising all sources in the 172.16.35.0 network with a metric of 1. Access list 2 permits all other destinations, but the metric of 0 means that no DVMRP reports are sent for these destinations.
access-list 1 permit 172.16.35.0 0.0.0.255access-list 1 deny 0.0.0.0 255.255.255.255access-list 2 permit 0.0.0.0 255.255.255.255interface tunnel 0ip dvmrp metric 1 list 1ip dvmrp metric 0 list 2The following example redistributes IP Version 4 multicast routes into DVMRP neighbors with a metric of 1:
interface tunnel 0ip dvmrp metric 1 mbgpRelated Commands
debug ip dvmrp
Displays information on DVMRP packets received and sent.
ip dvmrp accept-filter
Configures an acceptance filter for incoming DVMRP reports.
ip extcommunity-list
To create an extended community access list and control access to it, use the ip extcommunity-list command in global configuration mode. To delete the community list, use the no form of this command.
ip extcommunity-list standard-list-number expanded-list-number {permit | deny} [regular-expression] [rt | soo extended-community-value]
no ip extcommunity-list
Syntax Description
Defaults
Once you permit a value for the community number, the community list defaults to an implicit deny for everything else that has not been permitted.
Command Modes
Global configuration
Command History
Usage Guidelines
Extended community attributes are used to configure, filter, and identify routes for virtual routing and forwarding instances (VRFs) and Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs).
The ip extcommunity-list command is used to configure extended community lists. All of the standard rules of access lists apply to the configuration of extended community lists. Regular expressions are supported by the expanded range of extended community list numbers. All regular expression configuration options are supported.
The route target (RT) extended community attribute is configured with the rt keyword. This attribute is used to identify a set of sites and VRFs that may receive routes that are tagged with the configured route target. Configuring the route target extended attribute with a route allows that route to be placed in the per-site forwarding tables that are used for routing traffic that is received from corresponding sites.
The site of origin (SOO) extended community attribute is configured with the soo keyword. This attribute uniquely identifies the site from which the Provider Edge (PE) router learned the route. All routes learned from a particular site must be assigned the same site of origin extended community attribute, regardless if a site is connected to a single PE router or multiple PE routers. Configuring this attribute prevents routing loops from occurring when a site is multihomed. The SOO extended community attribute is configured on the interface and is propagated into BGP through redistribution. The SOO can be applied to routes that are learned from VRFs. The SOO should not be configured for stub sites or sites that are not multihomed.
Examples
The following example configures an extended community list that will permit routes from route target 901:10 and site of origin 802:20 and deny routes from route target 703:30 and site of origin 604:40:
Router(config)# ip extcommunity-list 1 permit rt 901:10Router(config)# ip extcommunity-list 1 permit soo 802:20Router(config)# ip extcommunity-list 1 deny rt 703:30 soo 604:40The following example configures an extended community list (in the expanded range) that specifies that the BGP neighbor with IP address 192.168.1.1 is not sent advertisements about any path through or from autonomous system 123:
Router(config)# ip extcommunity-list 500 deny _123_Router(config)# ip extcommunity-list 500 deny ^123 .*Router(config)# router bgp 101Router(config-router)# network 172.16.0.0Router(config-router)# neighbor 10.140.6.6 remote-as 123Router(config-router)# neighbor 192.168.1.1 remote-as 47Router(config-router)# neighbor 10.125.1.1 filter-list 1 outThe following example configures an extended community list (in the expanded range) that permits routes from autonomous system 123 and denies all other routes:
Router(config)# ip extcommunity-list 500 permit (1-3)*Router(config)# ip extcommunity-list 500 deny (^0-9)*The following example configures an expanded extended community list that permits advertisements that contain a route target extended community attribute beginning with the pattern 100:.
Router(config)# ip extcommunity-list 101 permit RT:100:+
Note
For information about regular expressions and how to use them, see Regular Expressions.
Related Commands
ip fast-convergence
To reduce packet loss when the metric of a path is changed, or to fast-flood Intermediate System-to-Intermediate System (IS-IS) link-state packets (LSPs), use the ip fast-convergence command in router configuration mode. To disable packet loss reduction or fast-flooding, use the no version of this command.
ip fast-convergence
no ip fast-convergence
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Router configuration
Command History
12.2(8)T
This command was introduced to reduce packet loss.
12.2(10)T
This command was modified to enable fast-flooding.
Usage Guidelines
To reduce packet loss when the metric of a path is changed, use the ip fast-convergence command. Entering the ip fast-convergence command is especially helpful when Multiprotocol Label Switching (MPLS) traffic engineering with Fast Reroute (FFR) is deployed.
If you are running Cisco IOS Release 12.2(11)T or a later release, you can enter the ip fast-convergence command to configure the router to flood the first five LSPs that invoke SPF before running SPF. When you speed up the LSP flooding process, you improve overall network convergence time. We recommend that you enable the fast-flooding of LSPs before the router runs the SPF computation, in order to achieve a faster convergence time.
Examples
In the following example, the ip fast-convergence command is entered to configure the router to flood the first five LSPs that invoke SPF, before the SPF computation is started. When the show running-configuration command is entered, the output confirms that fast-flooding has been enabled on the router.
Router> enableRouter# configure terminalRouter(config)# router isisRouter(config-router)# ip fast-convergenceRouter(config-router)# endRouter# show running-configurationfast-floodRelated Commands
ip hello-interval eigrp
To configure the hello interval for the Enhanced Interior Gateway Routing Protocol (EIGRP) routing process designated by an autonomous system number, use the ip hello-interval eigrp command in interface configuration mode. To restore the default value, use the no form of this command.
ip hello-interval eigrp as-number seconds
no ip hello-interval eigrp as-number seconds
Syntax Description
as-number
Autonomous system number.
seconds
Hello interval (in seconds). The range is from 1 to 65535.
Defaults
For low-speed, nonbroadcast multiaccess (NBMA) networks: 60 seconds
For all other networks: 5 seconds
Command Modes
Interface configuration
Command History
Usage Guidelines
The default of 60 seconds applies only to low-speed, NBMA media. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command. Note that for the purposes of EIGRP, Frame Relay and Switched Multimegabit Data Service (SMDS) networks may be considered to be NBMA. These networks are considered NBMA if the interface has not been configured to use physical multicasting; otherwise, they are considered not to be NBMA.
Examples
The following example sets the hello interval for Ethernet interface 0 to 10 seconds:
interface ethernet 0ip hello-interval eigrp 109 10Related Commands
ip hold-time eigrp
To configure the hold time for a particular Enhanced Interior Gateway Routing Protocol (EIGRP) routing process designated by the autonomous system number, use the ip hold-time eigrp command in interface configuration mode. To restore the default value, use the no form of this command.
ip hold-time eigrp as-number seconds
no ip hold-time eigrp as-number seconds
Syntax Description
Defaults
For low-speed, nonbroadcast multiaccess (NBMA) networks: 180 seconds
For all other networks: 15 seconds
Command Modes
Interface configuration
Command History
Usage Guidelines
On very congested and large networks, the default hold time might not be sufficient time for all routers and access servers to receive hello packets from their neighbors. In this case, you may want to increase the hold time.
We recommend that the hold time be at least three times the hello interval. If a router does not receive a hello packet within the specified hold time, routes through this router are considered unavailable.
Increasing the hold time delays route convergence across the network.
The default of 180 seconds hold time and 60 seconds hello interval apply only to low-speed, NBMA media. Low speed is considered to be a rate of T1 or slower, as specified with the bandwidth interface configuration command.
Examples
The following example sets the hold time for Ethernet interface 0 to 40 seconds:
interface ethernet 0ip hold-time eigrp 109 40Related Commands
ip local policy route-map
To identify a route map to use for local policy routing, use the ip local policy route-map command in global configuration mode. To disable local policy routing, use the no form of this command.
ip local policy route-map map-tag
no ip local policy route-map map-tag
Syntax Description
map-tag
Name of the route map to use for local policy routing. The name must match a map-tag value specified by a route-map command.
Defaults
Packets that are generated by the router are not policy routed.
Command Modes
Global configuration
Command History
Usage Guidelines
Packets that are generated by the router are not normally policy routed. However, you can use this command to policy route such packets. You might enable local policy routing if you want packets originated at the router to take a route other than the obvious shortest path.
The ip local policy route-map command identifies a route map to use for local policy routing. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which packets should be policy routed. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ip local policy route-map command deletes the reference to the route map and disables local policy routing.
Examples
The following example sends packets with a destination IP address matching that allowed by extended access list 131 to the router at IP address 172.130.3.20:
ip local policy route-map xyz!route-map xyzmatch ip address 131set ip next-hop 172.130.3.20Related Commands
ip multicast cache-headers
To allocate a circular buffer to store IP Version 4 multicast packet headers that the router receives, use the ip multicast cache-headers global configuration command. To disable the buffer, use the no form of this command.
ip multicast cache-headers [rtp]
no ip multicast cache-headers
Syntax Description
Defaults
This command is disabled by default.
Command Modes
Global configuration
Command History
11.1
This command was introduced.
11.1(20)CC
The rtp keyword was added.
12.0(7)T
The rtp keyword was added.
Usage Guidelines
You can store IP Version 4 multicast packet headers in a cache and then display them to determine the following information:
•
•
•
•
•
•
•
Note
Use the show ip mpacket command to display the buffer.
Examples
The following example allocates a buffer to store IP Version 4 multicast packet headers:
ip multicast cache-headers
Related Commands
ip next-hop-self eigrp
To instruct EIGRP that the IP next hop is itself, use the ip next-hop-self eigrp command in interface configuration mode. To instruct EIGRP to use the received next hop rather than itself, use the no form of this command.
ip next-hop-self eigrp autonomous-system-number
no ip next-hop-self eigrp autonomous-system-number
Syntax Description
Defaults
EIGRP always sets the IP next-hop value to be itself.
Command Modes
Interface configuration
Command History
Usage Guidelines
EIGRP will, by default, set the IP next-hop value to be itself for routes that it is advertising, even when advertising those routes back out the same interface where it learned them. To change this default, you must use the no ip next-hop-self eigrp interface configuration command to instruct EIGRP to use the received next hop value when advertising these routes. Some exceptions to this guideline follow:
•
•
Examples
The following example changes the default IP next hop value and instructs EIGRP to use the received next hop value:
interface serial 0no ip next-hop-self eigrp 101ip ospf authentication
To specify the authentication type for an interface, use the ip ospf authentication command in interface configuration mode. To remove the authentication type for an interface, use the no form of this command.
ip ospf authentication [message-digest | null]
no ip ospf authentication
Syntax Description
Defaults
The area default is no authentication (null authentication).
Command Modes
Interface configuration
Command History
Usage Guidelines
Before using the ip ospf authentication command, configure a password for the interface using the ip ospf authentication-key command. If you use the ip ospf authentication message-digest command, configure the message-digest key for the interface with the ip ospf message-digest-key command.
For backward compatibility, authentication type for an area is still supported. If the authentication type is not specified for an interface, the authentication type for the area will be used (the area default is null authentication).
Examples
The following example enables message-digest authentication:
ip ospf authentication message-digestRelated Commands
ip ospf authentication-key
To assign a password to be used by neighboring routers that are using the OSPF simple password authentication, use the ip ospf authentication-key command in interface configuration mode. To remove a previously assigned OSPF password, use the no form of this command.
ip ospf authentication-key password
no ip ospf authentication-key
Syntax Description
password
Any continuous string of characters that can be entered from the keyboard up to 8 bytes in length.
Defaults
No password is specified.
Command Modes
Interface configuration
Command History
Usage Guidelines
The password created by this command is used as a "key" that is inserted directly into the OSPF header when the Cisco IOS software originates routing protocol packets. A separate password can be assigned to each network on a per-interface basis. All neighboring routers on the same network must have the same password to be able to exchange OSPF information.
Note
Examples
The following example enables the authentication key with the string yourpass:
ip ospf authentication-key yourpassRelated Commands
area authentication
Enables authentication for an OSPF area.
ip ospf authentication
Specifies authentication type for an interface.
ip ospf cost
To explicitly specify the cost of sending a packet on an interface, use the ip ospf cost command in interface configuration mode. To reset the path cost to the default value, use the no form of this command.
ip ospf cost interface-cost
no ip ospf cost interface-cost
Syntax Description
interface-cost
Unsigned integer value expressed as the link-state metric. It can be a value in the range from 1 to 65535.
Defaults
No default cost is predefined.
Command Modes
Interface configuration
Command History
Usage Guidelines
You can set the metric manually using this command, if you need to change the default. Using the bandwidth command changes the link cost as long as this command is not used.
The link-state metric is advertised as the link cost in the router link advertisement. We do not support type of service (ToS), so you can assign only one cost per interface.
In general, the path cost is calculated using the following formula:
108 / bandwidth
Using this formula, the default path costs were calculated as noted in the following list. If these values do not suit your network, you can use your own method of calculating path costs.
•
•
•
•
•
•
•
•
•
•
•
Examples
The following example sets the interface cost value to 65:
ip ospf cost 65ip ospf database-filter all out
To filter outgoing link-state advertisements (LSAs) to an OSPF interface, use the ip ospf database-filter all out command in interface configuration mode. To restore the forwarding of LSAs to the interface, use the no form of this command.
ip ospf database-filter all out
no ip ospf database-filter all out
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default. All outgoing LSAs are flooded to the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command performs the same function that the neighbor database-filter command performs on a neighbor basis.
Examples
The following example prevents flooding of OSPF LSAs to broadcast, nonbroadcast, or point-to-point networks reachable through Ethernet interface 0:
interface ethernet 0ip ospf database-filter all outRelated Commands
ip ospf dead-interval
To set the interval during which at least one hello packet must be received from a neighbor before the router declares that neighbor down, use the ip ospf dead-interval command in interface configuration mode. To restore the default value, use the no form of this command.
ip ospf dead-interval {seconds | minimal hello-multiplier multiplier}
no ip ospf dead-interval
Syntax Description
Defaults
seconds: Four times the interval set by the ip ospf hello-interval command.
Command Modes
Interface configuration
Command History
10.0
This command was introduced.
12.0(23)S
The minimal keyword, hello-multiplier keyword and multiplier argument were added to allow OSPF Support for Fast Hello Packets.
Usage Guidelines
The dead interval is advertised in OSPF hello packets. This value must be the same for all networking devices on a specific network.
Specifying a smaller dead interval (seconds) will give faster detection of a neighbor being down and improve convergence, but might cause more routing instability.
OSPF Support for Fast Hello Packets
By specifying the minimal and hello-multiplier keywords with a multiplier argument, you are enabling OSPF fast hello packets. The minimal keyword sets the dead interval to 1 second, and the hello-multiplier value sets the number of hello packets sent during that 1 second, thus providing subsecond or "fast" hello packets.
When fast hello packets are configured on the interface, the hello interval advertised in the hello packets that are sent out this interface is set to 0. The hello interval in the hello packets received over this interface is ignored.
The dead interval must be consistent on a segment, whether it is set to 1 second (for fast hello packets) or set to any other value. The hello multiplier need not be the same for the entire segment as long as at least one hello packet is sent within the dead interval.
Use the show ip ospf interface command to verify the dead interval and fast hello interval.
Examples
The following example sets the OSPF dead interval to 20 seconds:
interface ethernet 1ip ospf dead-interval 20The following example configures OSPF fast hello packets; the dead interval is 1 second and there are 5 hello packets sent every second:
interface ethernet 1ip ospf dead-interval minimal hello-multiplier 5Related Commands
ip ospf hello-interval
Interval between hello packets that the Cisco IOS software sends on the interface.
show ip ospf interface
Displays OSPF-related information.
ip ospf demand-circuit
To configure OSPF to treat the interface as an OSPF demand circuit, use the ip ospf demand-circuit command in interface configuration mode. To remove the demand circuit designation from the interface, use the no form of this command.
ip ospf demand-circuit
no ip ospf demand-circuit
Syntax Description
This command has no arguments or keywords.
Defaults
The circuit is not a demand circuit.
Command Modes
Interface configuration
Command History
Usage Guidelines
On point-to-point interfaces, only one end of the demand circuit must be configured with this command. Periodic hello messages are suppressed and periodic refreshes of link-state advertisements (LSAs) do not flood the demand circuit. This command allows the underlying data link layer to be closed when the topology is stable. In point-to-multipoint topology, only the multipoint end must configured with this command.
Examples
The following example sets the configuration for an ISDN on-demand circuit:
router ospf 1network 10.0.3.0 255.255.255.0 area 0interface BRI0ip ospf demand-circuitip ospf flood-reduction
To suppress the unnecessary flooding of link-state advertisements (LSAs) in stable topologies, use the ip ospf flood-reduction command in interface configuration mode. To disable this feature, use the no form of this command.
ip ospf flood-reduction
no ip ospf flood-reduction
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
All routers supporting the OSPF demand circuit are compatible and can interact with routers supporting flooding reduction.
Examples
The following example reduces the flooding of unnecessary LSAs on serial interface 0:
interface serial 0ip ospf flood-reductionRelated Commands
show ip ospf interface
Displays OSPF-related interface information.
show ip ospf neighbor
Displays OSPF-neighbor information on a per-interface basis.
ip ospf hello-interval
To specify the interval between hello packets that the Cisco IOS software sends on the interface, use the ip ospf hello-interval command in interface configuration mode. To return to the default time, use the no form of this command.
ip ospf hello-interval seconds
no ip ospf hello-interval
Syntax Description
seconds
Specifies the interval (in seconds). The value must be the same for all nodes on a specific network. The range is from 1 to 65535.
Defaults
10 seconds (Ethernet)
30 seconds (nonbroadcast)
Command Modes
Interface configuration
Command History
Usage Guidelines
This value is advertised in the hello packets. The smaller the hello interval, the faster topological changes will be detected, but more routing traffic will ensue. This value must be the same for all routers and access servers on a specific network.
Examples
The following example sets the interval between hello packets to 15 seconds:
interface ethernet 1ip ospf hello-interval 15Related Commands
ip ospf dead-interval
Sets the time period for which hello packets must not have been seen before neighbors declare the router down.
ip ospf message-digest-key
To enable OSPF Message Digest 5 (MD5) authentication, use the ip ospf message-digest-key command in interface configuration mode. To remove an old MD5 key, use the no form of this command.
ip ospf message-digest-key key-id md5 encryption-type key
no ip ospf message-digest-key key-id
Syntax Description
Defaults
OSPF MD5 authentication is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
Usually, one key per interface is used to generate authentication information when sending packets and to authenticate incoming packets. The same key identifier on the neighbor router must have the same key value.
The process of changing keys is as follows. Suppose the current configuration is as follows:
interface ethernet 1ip ospf message-digest-key 100 md5 OLDYou change the configuration to the following:
interface ethernet 1ip ospf message-digest-key 101 md5 NEWThe system assumes its neighbors do not have the new key yet, so it begins a rollover process. It sends multiple copies of the same packet, each authenticated by different keys. In this example, the system sends out two copies of the same packet—the first one authenticated by key 100 and the second one authenticated by key 101.
Rollover allows neighboring routers to continue communication while the network administrator is updating them with the new key. Rollover stops once the local system finds that all its neighbors know the new key. The system detects that a neighbor has the new key when it receives packets from the neighbor authenticated by the new key.
After all neighbors have been updated with the new key, the old key should be removed. In this example, you would enter the following:
interface ethernet 1no ip ospf message-digest-key 100Then, only key 101 is used for authentication on Ethernet interface 1.
We recommend that you not keep more than one key per interface. Every time you add a new key, you should remove the old key to prevent the local system from continuing to communicate with a hostile system that knows the old key. Removing the old key also reduces overhead during rollover.
Note
Examples
The following example sets a new key 19 with the password 8ry4222:
interface ethernet 1ip ospf message-digest-key 10 md5 xvv560qleip ospf message-digest-key 19 md5 8ry4222Related Commands
ip ospf mtu-ignore
To disable OSPF MTU mismatch detection on receiving DBD packets, use the ip ospf mtu-ignore command in interface configuration mode. To reset to default, use the no form of this command.
ip ospf mtu-ignore
no ip ospf mtu-ignore
Syntax Description
This command has no keywords or arguments.
Defaults
OSPF MTU mismatch detection is enabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
OSPF checks whether neighbors are using the same MTU on a common interface. This check is performed when neighbors exchange Database Descriptor (DBD) packets. If the receiving MTU in the DBD packet is higher than the IP MTU configured on the incoming interface, OSPF adjacency will not be established.
Examples
The following example disables MTU mismatch detection on receiving DBD packets:
interface serial 0/0ip ospf mtu-ignoreip ospf name-lookup
To configure OSPF to look up Domain Name System (DNS) names for use in all OSPF show EXEC command displays, use the ip ospf name-lookup command in global configuration mode. To disable this function, use the no form of this command.
ip ospf name-lookup
no ip ospf name-lookup
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default.
Command Modes
Global configuration
Command History
Usage Guidelines
This command makes it easier to identify a router because the router is displayed by name rather than by its router ID or neighbor ID.
Examples
The following example configures OSPF to look up DNS names for use in all OSPF show EXEC command displays:
ip ospf name-lookupip ospf network
To configure the OSPF network type to a type other than the default for a given medium, use the ip ospf network command in interface configuration mode. To return to the default value, use the no form of this command.
ip ospf network {broadcast | non-broadcast | {point-to-multipoint [non-broadcast] | point-to-point}}
no ip ospf network
Syntax Description
Defaults
Depends on the network type.
Command Modes
Interface configuration
Command History
10.0
This command was introduced.
10.3
The point-to-multipoint keyword was added.
11.3 AA
The non-broadcast keyword used with the point-to-multipoint keyword was added.
Usage Guidelines
Using this feature, you can configure broadcast networks as NBMA networks when, for example, routers in your network do not support multicast addressing. You can also configure nonbroadcast multiaccess networks (such as X.25, Frame Relay, and Switched Multimegabit Data Service (SMDS)) as broadcast networks. This feature saves you from needing to configure neighbors.
Configuring NBMA networks as either broadcast or nonbroadcast assumes that there are virtual circuits from every router to every router or fully meshed networks. However, there are other configurations where this assumption is not true. For example, a partially meshed network. In these cases, you can configure the OSPF network type as a point-to-multipoint network. Routing between two routers that are not directly connected will go through the router that has virtual circuits to both routers. You need not configure neighbors when using this feature.
If this command is issued on an interface that does not allow it, this command will be ignored.
OSPF has two features related to point-to-multipoint networks. One feature applies to broadcast networks; the other feature applies to nonbroadcast networks:
•
•
Examples
The following example sets your OSPF network as a broadcast network:
interface serial 0ip address 192.168.77.17 255.255.255.0ip ospf network broadcastencapsulation frame-relayThe following example illustrates a point-to-multipoint network with broadcast:
interface serial 0ip address 10.0.1.1 255.255.255.0encapsulation frame-relayip ospf cost 100ip ospf network point-to-multipointframe-relay map ip 10.0.1.3 202 broadcastframe-relay map ip 10.0.1.4 203 broadcastframe-relay map ip 10.0.1.5 204 broadcastframe-relay local-dlci 200!router ospf 1network 10.0.1.0 0.0.0.255 area 0neighbor 10.0.1.5 cost 5neighbor 10.0.1.4 cost 10Related Commands
ip ospf priority
To set the router priority, which helps determine the designated router for this network, use the ip ospf priority command in interface configuration mode. To return to the default value, use the no form of this command.
ip ospf priority number-value
no ip ospf priority number-value
Syntax Description
Defaults
Priority of 1
Command Modes
Interface configuration
Command History
Usage Guidelines
When two routers attached to a network both attempt to become the designated router, the one with the higher router priority takes precedence. If there is a tie, the router with the higher router ID takes precedence. A router with a router priority set to zero is ineligible to become the designated router or backup designated router. Router priority is configured only for interfaces to multiaccess networks (in other words, not to point-to-point networks).
This priority value is used when you configure OSPF for nonbroadcast networks using the neighbor router configuration command for OSPF.
Examples
The following example sets the router priority value to 4:
interface ethernet 0ip ospf priority 4Related Commands
ip ospf resync-timeout
To configure how long the router will wait before taking a neighbor adjacency down if the out-of-band resynchronization (oob-resync) has not taken place since the time a restart signal (OSPF Hello packet with RS-bit set) was received from the neighbor, use the ip ospf resync-timeout command in interface configuration mode. To restore the default value, use the no form of this command.
ip ospf resync-timeout seconds
no ip ospf resync-timeout
Syntax Description
Defaults
The default value is 40 seconds or the value set for the interface's OSPF dead interval, whichever is greater.
Command Modes
Interface configuration
Command History
Usage Guidelines
When an OSPF nonstop forwarding (NSF) router performs a route processor (RP) switchover, it notifies its neighbors, via a special Hello packet, of such action and requests that each neighbor help resynchronize the Link State Database.
When a neighbor (that is NSF-aware) receives the special Hello packet from the NSF-capable router, it starts a resync timeout timer and waits to synchronize its database with the NSF-capable router. If the NSF-capable router does not initiate the database resynchronization process before the resync-timeout timer expires, the NSF-aware neighbor will take down the adjacency with the NSF-capable router.
By default, the resync-timeout timer is set to 40 seconds or the dead interval of the interface, whichever is greater. (By default, the dead interval is 4 times the hello interval; the hello interval defaults to 10 seconds for Ethernet or 30 seconds for nonbroadcast.) The ip ospf resync-timeout command allows the resync-timeout to be changed and independent of the dead interval or default value.
Examples
This example sets the OSPF resync-timeout interval to 50 seconds:
interface GigabitEthernet 6/0/0ip ospf resync-timeout 50Related Commands
ip ospf retransmit-interval
To specify the time between link-state advertisement (LSA) retransmissions for adjacencies belonging to the interface, use the ip ospf retransmit-interval command in interface configuration mode. To return to the default value, use the no form of this command.
ip ospf retransmit-interval seconds
no ip ospf retransmit-interval
Syntax Description
Defaults
5 seconds
Command Modes
Interface configuration
Command History
Usage Guidelines
When a router sends an LSA to its neighbor, it keeps the LSA until it receives back the acknowledgment message. If the router receives no acknowledgment, it will resend the LSA.
The setting of this parameter should be conservative, or needless retransmission will result. The value should be larger for serial lines and virtual links.
Examples
The following example sets the retransmit interval value to 8 seconds:
interface ethernet 2ip ospf retransmit-interval 8ip ospf transmit-delay
To set the estimated time required to send a link-state update packet on the interface, use the ip ospf transmit-delay command in interface configuration mode. To return to the default value, use the no form of this command.
ip ospf transmit-delay seconds
no ip ospf transmit-delay
Syntax Description
seconds
Time (in seconds) required to send a link-state update. The range is from 1 to 65535 seconds. The default is 1 second.
Defaults
1 second
Command Modes
Interface configuration
Command History
Usage Guidelines
Link-state advertisements (LSAs) in the update packet must have their ages incremented by the amount specified in the seconds argument before transmission. The value assigned should take into account the transmission and propagation delays for the interface.
If the delay is not added before transmission over a link, the time in which the LSA propagates over the link is not considered. This setting has more significance on very low-speed links.
Examples
The following example sets the retransmit delay value to 3 seconds:
interface ethernet 0ip ospf transmit-delay 3ip policy route-map
To identify a route map to use for policy routing on an interface, use the ip policy route-map command in interface configuration mode. To disable policy routing on the interface, use the no form of this command.
ip policy route-map map-tag
no ip policy route-map map-tag
Syntax Description
map-tag
Name of the route map to use for policy routing. The name must match a map-tag value specified by a route-map command.
Defaults
No policy routing occurs on the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
You might enable policy routing if you want your packets to take a route other than the obvious shortest path.
The ip policy route-map command identifies a route map to use for policy routing. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing is allowed for the interface, based on the destination IP address of the packet. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ip policy route-map command deletes the pointer to the route map.
Policy routing can be performed on any match criteria that can be defined in an extended IP access list when using the match ip address command and referencing an extended IP access list.
Examples
The following example sends packets with the destination IP address of 172.120.16.18 to a router at IP address 172.130.3.20:
interface serial 0ip policy route-map wethersfield!route-map wethersfieldmatch ip address 172.120.16.18set ip next-hop 172.130.3.20Related Commands
ip policy-list
To create a Border Gateway Protocol (BGP) policy list, use the ip policy-list command in policy-map configuration mode. To remove a policy list, use the no form of this command.
ip policy-list policy-list-name {permit | deny}
no ip policy-list policy-list-name
Syntax Description
policy-list-name
Name of the configured policy list.
permit
Permits access for matching conditions.
deny
Denies access to matching conditions.
Defaults
This command is not enabled by default.
Command Modes
Policy-map configuration mode
Command History
12.0(22)S
This command was introduced.
12.2(15)T
This command was integrated into 12.2(15)T.
Usage Guidelines
When a policy list is referenced within a route map, all the match statements within the policy list are evaluated and processed.
Two or more policy lists can be configured with a route map. Policy- lists can be configured within a route map to be evaluated with AND semantics or OR semantics.
Policy lists can also coexist with any other preexisting match and set statements that are configured within the same route map but outside of the policy lists.
When multiple policy lists perform matching within a route map entry, all policy lists match on the incoming attribute only.
Examples
The following configuration example creates a BGP policy list that permits matches on the autonomous system path and Multi Exit Discriminator (MED) of a router:
Router(config)# ip policy-list POLICY-LIST-NAME-1 permitRouter(config-policy-list)# match as-path 1Router(config-policy-list)# match metric 10Router(config-policy-list)# endThe following configuration example creates a BGP policy list that permits matches on the specified BGP community using a regular expression and the next hop of a router:
Router(config)# ip policy-list POLICY-LIST-NAME-2 permitRouter(config-policy-list)# match community 20Router(config-policy-list)# match metric 10Router(config-policy-list)# ip community-list 20 permit 20:1Router(config-policy-list)# endThe following configuration example creates a BGP policy list that denies matches on the specified BGP community using a regular expression and the next hop of a router:
Router(config)# ip policy-list POLICY-LIST-NAME-3 denyRouter(config-policy-list)# match community 20Router(config-policy-list)# match metric 10Router(config-policy-list)# endRelated Commands
ip prefix-list
To create a prefix list or add a prefix-list entry, use the ip prefix-list command in global configuration mode. To delete a prefix-list entry, use the no form of this command.
ip prefix-list {list-name | list-number} [seq number] {deny network/length | permit network/length} [ge ge-length] [le le-length]
no ip prefix-list {list-name | list-number} [seq number] {deny network/length | permit network/length} [ge ge-length] [le le-length]
Syntax Description
Defaults
No prefix lists are created.
Command Modes
Global configuration
Command History
Usage Guidelines
The ip prefix-list command is used to configure IP prefix filtering. Prefix lists are configured with permit or deny keywords to either permit or deny the prefix based on the matching condition. A prefix list consists of an IP address and a bit mask. The IP address can be a classful network, a subnet, or a single host route. The bit mask is entered as a number from 1 to 32. An implicit deny is applied to traffic that does match any prefix-list entry.
Prefix lists are configured to match an exact prefix length or a prefix range. The ge and le keywords are used to specify a range of the prefix lengths to match, providing more flexible configuration than can be configured with just the network/length argument. The prefix list is processed using an exact match when neither the ge nor le keyword is entered. If only the ge value is entered, the range is the value entered for the ge ge-length argument to a full 32-bit length. If only the le value is entered, the range is from value entered for the network/length argument to the le le-length argument. If both the ge ge-length and le le-length keywords and arguments are entered, the range falls between the values used for the ge-length and le-length arguments. The following formula shows this behavior:
network/length < ge ge-length < le le-length <= 32
A prefix list is configured with a name and/or sequence number. One or the other must be entered when configuring this command. If a sequence number is not entered, a default sequence number of 5 is applied to the prefix list, and subsequent prefix list entries will be increment by 5 (for example, 5, 10, 15, and onwards). If a sequence number is entered for the first prefix list entry but not subsequent entries, then the subsequent entries will also be incremented by 5 (For example, if the first configured sequence number is 3, then subsequent entries will be 8, 13, 18, and onwards). Default sequence numbers can be suppressed by entering the no form of this command with the seq keyword.
Prefix lists are evaluated starting with the lowest sequence number and continues down the list until a match is made. Once a match is made that covers the network the permit or deny statement is applied to that network and the rest of the list is not evaluated.
Tips
The prefix list is applied to inbound or outbound updates for specific peer by entering the neighbor prefix-list command. Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can be reset by entering the clear ip prefix-list command.
Examples
The following examples show how a prefix list can be used.
To deny the default route 0.0.0.0/0:
ip prefix-list abc deny 0.0.0.0/0To permit the prefix10.0.0.0/8:
ip prefix-list abc permit 10.0.0.0/8The following examples show how to specify a group of prefixes.
To accept a mask length of up to 24 bits in routes with the prefix 192/16:
ip prefix-list abc permit 192.168.0.0/16 le 24To deny mask lengths greater than 25 bits in routes with the prefix 192/16:
ip prefix-list abc deny 192.168.0.0/16 ge 25To permit mask lengths from 8 to 24 bits in all address space:
ip prefix-list abc permit 0.0.0.0/0 ge 8 le 24To deny mask lengths greater than 25 bits in all address space:
ip prefix-list abc deny 0.0.0.0/0 ge 25To deny all routes with a prefix of 10/8:
ip prefix-list abc deny 10.0.0.0/8 le 32To deny all masks with a length greater than 25 bits routes with a prefix of 192.168.1/24:
ip prefix-list abc deny 192.168.1.0/24 ge 25To permit all routes with a prefix of 0/0:
ip prefix-list abc permit 0.0.0.0/0 le 32Related Commands
ip prefix-list description
To add a text description of a prefix list, use the ip prefix-list description command in global configuration mode. To remove the text description, use the no form of this command.
ip prefix-list list-name sequence-number description text
no ip prefix-list list-name sequence-number description text
Syntax Description
list name
Prefix list name.
sequence-number
Sequence number of the prefix list.
text
Text description of te prefix list.
Defaults
There is no text description.
Command Modes
Global configuration
Command History
10.0
This command was introduced.
11.2
The access-list-name, type, and number arguments were added.
12.0
The prefix-list argument was added.
Usage Guidelines
This command is not supported in the Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF) protocols.
To suppress networks from being advertised in updates, use the distribute-list out (IP) command.
Examples
The following example shows a prefix list description that indicates which routes are permitted by the prefix list:
ip prefix-list customerA description Permit routes from customer ARelated Commands
ip prefix-list sequence-number
To enable the generation of sequence numbers for entries in a prefix list, use the ip prefix-list sequence-number command in global configuration mode. To disable this function, use the no form of this command.
ip prefix-list sequence-number
no ip prefix-list sequence-number
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default behavior.
Command Modes
Global configuration
Command History
Examples
The following example disables the default automatic generation of sequence numbers for prefix list entries:
no ip prefix-list sequence-numberRelated Commands
ip rip authentication key-chain
To enable authentication for Routing Information Protocol (RIP) Version 2 packets and to specify the set of keys that can be used on an interface, use the ip rip authentication key-chain command in interface configuration mode. To prevent authentication, use the no form of this command.
ip rip authentication key-chain name-of-chain
no ip rip authentication key-chain [name-of-chain]
Syntax Description
Defaults
No authentication is provided for RIP packets.
Command Modes
Interface configuration
Command History
Usage Guidelines
If no key chain is configured with the key-chain command, no authentication is performed on the interface (not even the default authentication).
Examples
The following example configures the interface to accept and send any key belonging to the key chain named trees:
ip rip authentication key-chain treesRelated Commands
ip rip authentication mode
To specify the type of authentication used in Routing Information Protocol (RIP) Version 2 packets, use the ip rip authentication mode command in interface configuration mode. To restore clear text authentication, use the no form of this command.
ip rip authentication mode {text | md5}
no ip rip authentication mode
Syntax Description
Defaults
Clear text authentication is provided for RIP packets.
Command Modes
Interface configuration
Command History
Usage Guidelines
RIP Version 1 does not support authentication.
Examples
The following example configures the interface to use MD5 authentication:
ip rip authentication mode md5Related Commands
ip rip receive version
To specify a Routing Information Protocol (RIP) version to receive on an interface basis, use the ip rip receive version command in interface configuration mode. To follow the global version rules, use the no form of this command.
ip rip receive version [1] [2]
no ip rip receive version
Syntax Description
1
(Optional) Accepts only RIP Version 1 packets on the interface.
2
(Optional) Accepts only RIP Version 2 packets on the interface.
Defaults
This command is disabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command to override the default behavior of RIP as specified by the version command. This command applies only to the interface being configured. You can configure the interface to accept both RIP versions.
Examples
The following example configures the interface to receive both RIP Version 1 and Version 2 packets:
ip rip receive version 1 2The following example configures the interface to receive only RIP Version 1 packets:
ip rip receive version 1Related Commands
ip rip send version
To specify a Routing Information Protocol (RIP) version to send on an interface basis, use the ip rip send version command in interface configuration mode. To follow the global version rules, use the no form of this command.
ip rip send version [1] [2]
no ip rip send version
Syntax Description
1
(Optional) Sends only RIP Version 1 packets out the interface.
2
(Optional) Sends only RIP Version 2 packets out the interface.
Defaults
This command is disabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command to override the default behavior of RIP as specified by the version command. This command applies only to the interface being configured.
Examples
The following example configures the interface to send both RIP Version 1 and Version 2 packets out the interface:
ip rip send version 1 2The following example configures the interface to send only RIP Version 2 packets out the interface:
ip rip send version 2Related Commands
ip rip receive version
Specifies a RIP version to receive on an interface basis.
version
Specifies a RIP version used globally by the router.
ip rip triggered
To enable triggered extensions to Routing Information Protocol (RIP), use the ip rip triggered command in interface configuration mode. To disable triggered extensions to RIP, use the no form of this command.
ip rip triggered
no ip rip triggered
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
When triggered extensions to RIP are enabled, routing updates are sent on the WAN only if one of the following events occurs:
•
•
•
•
You might want to enable this feature if you are using an on-demand circuit and you are charged for usage time. Fewer routing updates will incur lower usage costs.
Entries in the routing database can be either temporary or semipermanent. Entries learned from broadcasts on LANs are temporary; they will expire if not periodically refreshed by more broadcasts.
Entries learned from a triggered response on the WAN are semipermanent; they do not time out like other entries. Certain events can cause these routes to time out, such as the interface going down, or if the outgoing interface is the same as the incoming interface. Neighbor updates of the routes with a metric of 16 (infinity) mean the route is unreachable, and those routes are eventually removed from the routing table.
Examples
The following example enables triggered extensions to RIP:
interface serial 0ip rip triggeredRelated Commands
show ip rip database
Displays the contents of the RIP private database when triggered extensions to RIP are enabled.
ip rip v2-broadcast
To allow Routing Information Protocol (RIP) Version 2 update packets to be sent as broadcast packets instead of multicast packets, use the rip v2-broadcast command in interface configuration mode. To disable the broadcast of IP RIP Version 2 update packets that are sent as broadcast packets, use the no form of this command.
ip rip v2-broadcast
no ip rip v2-broadcast
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled by default. Unless the ip rip v2-broadcast commend is entered, RIP Version 2 update packets are sent as multicast packets.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use the ip rip v2-broadcast command to broadcast RIP Version 2 broadcast updates to hosts that do not listen to multicast broadcasts. Version 2 updates (requests and responses) will be sent to the IP broadcast address 255.255.255.255 instead of the IP multicast address 244.0.0.9.
In order to reduce unnecessary load on those hosts that are not listening to RIP Version 2 broadcasts, the system uses an IP multicast address for periodic broadcasts. The IP multicast address is 244.0.0.9.
Note
Examples
The following example configures Version 2 IP broadcast updates on RIP Ethernet interface 3/1:
Router(config) interface ethernet3/1Router(config-if) ip address 172.1.1.1 255.255.255.0Router(config-if) ip rip v2-broadcast...Router(config-if) router ripRouter(config-if) version 2Router(config-if) network 172.0.0.0Enter debug ip rip command to verify that RIP Version 2 IP broadcast updates are being sent to the IP broadcast address 255.255.255 instead of IP multicast address 244.0.0.9:
Router# debug ip rip14:41:59: RIP: sending v2 update to 255.255.255.255 via Ethernet3/1 (172.1.1.1)If the ip rip v2-broadcast command has not been entered, the output from the debug ip rip command verifies that the RIP Version 2 IP broadcast updates are being sent to the IP multicast address 244.0.0.9:
Router# debug ip rip15:45:16: RIP: sending v2 update to 244.0.0.9 via Ethernet3.1 (172.1.1.1)Related Commands
ip route
To establish static routes, use the ip route command in global configuration mode. To remove static routes, use the no form of this command.
ip route prefix mask {ip-address | interface-type interface-number [ip-address]} [distance] [name] [permanent] [tag tag]
no ip route prefix mask
Syntax Description
Defaults
No static routes are established.
Command Modes
Global configuration
Command History
Usage Guidelines
The establishment of a static route is appropriate when the Cisco IOS software cannot dynamically build a route to the destination.
If you specify an administrative distance, you are flagging a static route that can be overridden by dynamic information. For example, IGRP-derived routes have a default administrative distance of 100. To have a static route that would be overridden by an IGRP dynamic route, specify an administrative distance greater than 100. Static routes have a default administrative distance of 1.
Static routes that point to an interface on a connected router will be advertised by way of Routing Information Protocol (RIP), Interior Gateway Routing Protocol (IGRP), and Enhanced Interior Gateway Routing Protocol (EIGRP) regardless of whether redistribute static commands were specified for those routing protocols. This situation occurs because static routes that point to an interface are considered in the routing table to be connected and hence lose their static nature. Also, the target of the static route should be included in the network command. If this condition is not met, no dynamic routing protocol will advertise the route unless a redistribute static command is specified for these protocols. With the following configuration:
rtr1 (serial 172.16..188.1/30)--------------> rtr2(Fast Ethernet 172.31.1.1/30) ------>router [rip | eigrp | igrp]net 172.16..188.0net 172.31.0.0•
ip route 172.16..188.252 255.255.255.252 FastEthernet0/0RIP and IGRP do not redistribute the route with the following ip route command because of the split horizon algorithm:
ip route 172.16..188.252 255.255.255.252 s2/1•
ip route 172.16..188.252 255.255.255.252 FastEthernet0/0ip route 172.16..188.252 255.255.255.252 s2/1With Open Shortest Path First (OSPF), static routes that point to an interface are not advertised unless a redistribute static command is specified.
Adding a static route to an Ethernet or other broadcast interface (for example, ip route 0.0.0.0 0.0.0.0 Ethernet 1/2) will cause the route to be inserted into the routing table only when the interface is up. This configuration is not generally recommended. When the next hop of a static route points to an interface, the router considers each of the hosts within the range of the route to be directly connected through that interface, and therefore it will send ARP requests to any destination addresses that route through the static route.
The practical implication of configuring "ip route 0.0.0.0 0.0.0.0 Ethernet 1/2" is that the router will consider all of the destinations that the router does not know how to reach through some other route as directly connected to Ethernet 1/2. So the router will send an ARP request for each host for which it receives packets on this network segment. This configuration can cause high processor utilization and a very large ARP cache (along with attendant memory allocation failures). Configuring a default route or other static route that directs the router to forward packets for a large range of destinations to a connected broadcast network segment can cause your router to reload.
Specifying a numerical next hop that is on a directly connected interface will prevent the router from using Proxy ARP. However, if the interface with the next hop goes down and the numerical next hop can be reached through a recursive route, you may specify both the next hop and interface (for example "ip route 0.0.0.0 0.0.0.0 Ethernet1/2 10.1.2.3") with a static route to prevent routes from passing through an unintended interface.
Examples
The following example chooses an administrative distance of 110. In this case, packets for network 10.0.0.0 will be routed through to a router at 172.31.3.4 if dynamic information with administrative distance less than 110 is not available.
ip route 10.0.0.0 255.0.0.0 172.31.3.4 110
Note
The following example routes packets for network 172.31.0.0 to a router at 172.31.6.6:
ip route 172.31.0.0 255.255.0.0 172.31.6.6The following example routes packets for network 192.168.1.0 directly to the next hop at 10.1.2.3. If the interface goes down, this route is removed from the routing table and will not be restored unless the interface comes back up.
ip route 192.168.1.0 255.255.0.0 Ethernet0 10.1.2.3ip route profile
To enable IP routing table statistics collection, use the ip route profile command in global configuration mode. To disable collection of routing table statistics, use the no form of the command.
ip route profile
no ip route profile
Syntax Description
This command has no arguments or keywords.
Defaults
The time interval for each sample, or sampling interval, is a fixed value and is set at 5 seconds.
Command Modes
Global configuration
Command History
Usage Guidelines
The ip route profile command helps you to monitor routing table fluctuations that can occur as the result of route flapping, network failure, or network restoration.
This command identifies route flapping over brief time intervals. The time interval for each sample, or sampling interval, is a fixed value and is set at 5 seconds.
Two sets of statistics are collected. The per-interval statistics are collected over a sampling interval, while the routing table change statistics are the result of aggregating the per-interval statistics. The per-interval statistics are collected as a single set of counters, with one counter tracking one event. All counters are initialized at the beginning of each sampling interval; counters are incremented as corresponding events occur anywhere in the routing table.
At the end of a sampling interval, the per-interval statistics for that sampling interval are integrated with the routing table change statistics collected from the previous sampling intervals. The counters holding the per-interval statistics are reset and the process is repeated.
Routing table statistics are collected for the following events:
•
•
•
•
•
Use the show ip route profile command to display the routing table change statistics.
Examples
The following example enables the collection of routing table statistics:
ip route profileRelated Commands
ip router isis
To configure an IS-IS routing process for IP on an interface and to attach an area designator to the routing process, use the ip router isis command in interface configuration mode. To disable IS-IS for IP, use the no form of the command.
ip router isis area-tag
no ip router isis area-tag
Syntax Description
Defaults
No routing processes are specified.
Command Modes
Interface configuration
Command History
10.0
This command was introduced.
12.0(5)T
Multiarea functionality was added, changing the way the tag argument (now area-tag) is used.
Usage Guidelines
Before the IS-IS routing process is useful, a network entity title (NET) must be assigned with the net command and some interfaces must have IS-IS enabled.
If you have IS-IS running and at least one International Organization for Standardization Interior Gateway Routing Protocol (ISO-IGRP) process, the IS-IS process and the ISO-IGRP process cannot both be configured without an area tag. The null tag can be used by only one process. If you run ISO-IGRP and IS-IS, a null tag can be used for IS-IS, but not for ISO-IGRP at the same time. However, each area in an IS-IS multiarea configuration should have a nonnull area tag to facilitate identification of the area.
You can configure only one process to perform Level 2 (interarea) routing. If Level 2 routing is configured on any process, all additional processes are automatically configured as Level 1. You can configure this process to perform intra-area (Level 1) routing at the same time. You can configure up to 29 additional processes as Level 1-only processes. Use the is-type command to remove Level 2 routing from a router instance. You can then use the is-type command to enable Level 2 routing on some other IS-IS router instance.
An interface cannot be part of more than one area, except in the case where the associated routing process is performing both Level 1 and Level 2 routing. On media such as WAN media where subinterfaces are supported, different subinterfaces could be configured for different areas.
Examples
The following example specifies IS-IS as an IP routing protocol for a process named Finance, and specifies that the Finance process will be routed on Ethernet interface 0 and serial interface 0:
router isis Financenet 49.0001.aaaa.aaaa.aaaa.00interface Ethernet 0ip router isis Financeinterface serial 0ip router isis FinanceThe following example shows an IS-IS configuration with two Level 1 areas and one Level 1-2 area:
ip routing...interface Tunnel529ip address 10.0.0.5 255.255.255.0ip router isis BBinterface Ethernet1ip address 10.1.1.5 255.255.255.0ip router isis A3253-011!interface Ethernet2ip address 10.2.2.5 255.255.255.0ip router isis A3253-02...! Defaults to "is-type level-1-2"router isis BBnet 49.2222.0000.0000.0005.00!router isis A3253-01net 49.0553.0001.0000.0000.0005.00is-type level-1!router isis A3253-02net 49.0553.0002.0000.0000.0005.00is-type level-1Related Commands
Configures the routing level for an IS-IS routing process.
net
Configures an IS-IS NET for a CLNS routing process.
router isis
Enables the IS-IS routing protocol.
ip split-horizon (RIP)
To enable the split horizon mechanism, use the ip split-horizon command in interface configuration mode. To disable the split horizon mechanism, use the no form of this command.
ip split-horizon
no ip split-horizon
Syntax Description
This command has no arguments or keywords.
Defaults
Default behavior varies with media type.
Command Modes
Interface configuration
Command History
Usage Guidelines
For all interfaces except those for which either Frame Relay or Switched Multimegabit Data Service (SMDS) encapsulation is enabled, the default condition for this command is ip split-horizon; in other words, the split horizon feature is active. If the interface configuration includes either the encapsulation frame-relay or encapsulation smds command, then the default is for split horizon to be disabled. Split horizon is not disabled by default for interfaces using any of the X.25 encapsulations.
Note
Note
Note
Examples
The following simple example disables split horizon on a serial link. The serial link is connected to an X.25 network.
interface serial 0encapsulation x25no ip split-horizonRelated Commands
neighbor (RIP)
Defines a neighboring router with which to exchange routing information.
ip split-horizon eigrp
To enable Enhanced Interior Gateway Routing Protocol (EIGRP) split horizon, use the ip split-horizon eigrp command in interface configuration mode. To disable split horizon, use the no form of this command.
ip split-horizon eigrp as-number
no ip split-horizon eigrp as-number
Syntax Description
Defaults
The behavior of this command is enabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
For networks that include links over X.25 packet-switched networks (PSNs), you can use the neighbor router configuration command to defeat the split horizon feature. As an alternative, you can explicitly specify the no ip split-horizon eigrp command in your configuration. However, if you do so, you must similarly disable split horizon for all routers and access servers in any relevant multicast groups on that network.
Note
Examples
The following example disables split horizon on a serial link connected to an X.25 network:
interface serial 0encapsulation x25no ip split-horizon eigrp 101Related Commands
ip split-horizon eigrp
Enables the split horizon mechanism.
neighbor (EIGRP)
Defines a neighboring router with which to exchange routing information.
ip summary-address eigrp
To configure a summary aggregate address for a specified interface, use the ip summary-address eigrp command in interface configuration mode. To disable a configuration, use the no form of this command.
ip summary-address eigrp as-number network-address subnet-mask [admin-distance]
no ip summary-address eigrp as-number network-address subnet-mask [admin-distance]
Syntax Description
Defaults
No summary aggregate addresses are predefined. The default administrative distance metric for EIGRP is 90.
Command Modes
Interface configuration
Command History
10.0
This command was introduced.
12.0(7)T
The admin-distance argument was added.
Usage Guidelines
EIGRP summary routes are given an administrative distance value of 5. The administrative distance metric is used to advertise a summary without installing it in the routing table.
Examples
The following example sets the IP summary aggregate address for Ethernet interface 0 with an administrative distance of 95:
interface ethernet 0ip summary-address eigrp 109 192.168.0.0 255.255.0.0 95Related Commands
auto-summary (EIGRP)
Restores the default behavior of automatic summarization of subnet routes into network-level routes.
ip summary-address rip
To configure a summary aggregrate address under an interface for the Routing Information Protocol (RIP), use the ip summary-address rip command in interface configuration mode. To disable summarization of the specified address or subnet, use the no form of this command.
ip summary-address rip ip-address ip-network-mask
no ip summary-address rip ip-address ip-network-mask
Syntax Description
ip-address
IP address to be summarized.
ip-network-mask
IP network mask that drives route summarization for the specified IP address.
Defaults
RIP automatically summarizes to classful network boundaries.
Command Modes
Interface configuration
Command History
Usage Guidelines
The ip summary-address rip command is used to summarize an address or subnet under a specific interface. RIP automatically summarizes to classful network boundaries. Only one summary address can be configured for each classful subnet.
Examples
In the following example the major network is 10.0.0.0. The summary address 10.2.0.0 overrides the autosummary address of 10.0.0.0, so that 10.2.0.0 is advertised out Ethernet interface 1 and 10.0.0.0 is not advertised.
Note
interface Ethernet1ip address 10.1.1.1 255.255.255.0ip summary-address rip 10.2.0.0 255.255.0exitrouter ripnetwork 10.0.0.0endRelated Commands
auto-summary (RIP)
Restores the default behavior of automatic summarization of subnet routes into network-level routes.
ip split-horizon (RIP)
Enables the split horizon mechanism.
isis authentication key-chain
To enable authentication for an IS-IS interface, use the isis authentication key-chain command in interface configuration mode. To disable such authentication, use the no form of this command.
isis authentication key-chain name-of-chain [level-1 | level-2]
no isis authentication key-chain name-of-chain [level-1 | level-2]
Syntax Description
Defaults
No key chain authentication is configured for a specific IS-IS interface, although it might be configured at the IS-IS instance level.
Command Modes
Interface configuration
Command History
Usage Guidelines
If no key chain is configured with the key chain command, no key chain authentication is performed.
Only one authentication key chain is applied to an IS-IS interface at one time. That is, if you configure a second isis authentication key-chain command, the first is overridden.
If neither the level-1 nor level-2 keyword is configured, the chain applies to both levels.
You can specify authentication for an entire instance of IS-IS instead of at the interface level by using the authentication key-chain command.
Examples
The following example configures Ethernet interface 0 to accept and send any key belonging to the key chain named trees:
interface Ethernet0ip address 10.1.1.1 255.255.255.252ip router isis real_secure_networkisis authentication mode md5 level-1isis authentication key-chain trees level-1Related Commands
authentication key-chain
Enables authentication for IS-IS at the instance level.
key chain
Enables authentication for routing protocols.
isis authentication mode
To specify the type of authentication used for an IS-IS interface, use the isis authentication mode command in interface configuration mode. To restore clear text authentication, use the no form of this command.
isis authentication mode {md5 | text} [level-1 | level-2]
no isis authentication mode
Syntax Description
Defaults
No authentication is provided for IS-IS packets on an interface level, although authentication could be provided at the IS-IS instance level by several means.
Command Modes
Interface configuration
Command History
Usage Guidelines
If neither the level-1 nor level-2 keyword is configured, the mode applies to both levels.
If you had clear text authentication configured by using the area-password or domain-password command, the authentication mode command overrides both of those commands.
If you configure the isis authentication mode command and subsequently try to configure the area-password or domain-password command, you will not be allowed to do so. If you truly want to configure clear text authentication using the area-password or domain-password command, you must use the no isis authentication mode command first.
You can specify the type of authentication and the level to which it applies for the entire IS-IS instance, rather than per interface, by using the authentication mode command.
Examples
The following example configures IS-IS Level 2 packets to use MD5 authentication on Ethernet interface 0:
interface Ethernet0ip address 10.1.1.1 255.255.255.252ip router isis real_secure_networkisis authentication mode md5 level-2isis authentication key-chain cisco level-2Related Commands
isis authentication send-only
To specify that authentication is performed only on packets being sent (not received) on a specified IS-IS interface, use the isis authentication send-only command in interface configuration mode. To restore the default value, use the no form of this command.
isis authentication send-only [level-1 | level-2]
no isis authentication send-only
Syntax Description
Defaults
If MD5 authentication is configured at the interface level, it applies to IS-IS packets being sent and received over all interfaces.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command before configuring the authentication mode and authentication key chain so that the implementation of authentication goes smoothly. That is, the routers will have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After all of the routers that must communicate are configured with this command, enable the authentication mode and key chain on each router. Then specify the no isis authentication send-only command to disable the send-only feature.
If neither the level-1 nor level-2 keyword is configured, the send-only feature applies to both levels.
Examples
The following example configures IS-IS Level-1 packets to use MD5 authentication on packets being sent (not received) on Ethernet interface 0:
interface Ethernet0ip address 10.1.1.1 255.255.255.252ip router isis real_secure_networkisis authentication send-only level-1isis authentication mode md5 level-1isis authentication key-chain cisco level-1Related Commands
isis circuit-type
To configure the type of adjacency, use the isis circuit-type command in interface configuration mode. To reset the circuit type to Level l and Level 2, use the no form of this command.
isis circuit-type [level-1 | level-1-2 | level-2-only]
no isis circuit-type
Syntax Description
Defaults
A Level 1 and Level 2 adjacency is established.
Command Modes
Interface configuration
Command History
Usage Guidelines
Normally, this command need not be configured. The proper way is to configure a router as a Level 1-only, Level 1-2, or Level 2-only system. Only on routers that are between areas (Level 1-2 routers) should you configure some interfaces to be Level 2-only to prevent wasting bandwidth by sending out unused Level 1 hello packets. Note that on point-to-point interfaces, the Level 1 and Level 2 hellos are in the same packet.
A Level 1 adjacency may be established if there is at least one area address in common between this system and its neighbors. Level 2 adjacencies will never be established over this interface.
A Level 1 and Level 2 adjacency is established if the neighbor is also configured as level-1-2 and there is at least one area in common. If there is no area in common, a Level 2 adjacency is established. This is the default.
Level 2 adjacencies are established if the other routers are Level 2 or Level 1-2 routers and their interfaces are configured for Level 1-2 or Level 2. Level 1 adjacencies will never be established over this interface.
Examples
In the following example, other routers on Ethernet interface 0 are in the same area. Other routers on Ethernet interface 1 are in other areas, so the router will stop sending Level 1 hellos.
interface ethernet 0ip router isisinterface ethernet 1isis circuit-type level-2-onlyisis csnp-interval
To configure the IS-IS complete sequence number PDUs (CSNPs) interval, use the isis csnp-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis csnp-interval seconds [level-1 | level-2]
no isis csnp-interval [level-1 | level-2]
Syntax Description
Defaults
10 seconds
Level 1 and Level 2Command Modes
Interface configuration
Command History
Usage Guidelines
It is very unlikely you will need to change the default value of this command.
This command applies only for the designated router (DR) for a specified interface. Only DRs send CSNP packets in order to maintain database synchronization. The CSNP interval can be configured independently for Level 1 and Level 2. Configuring the CSNP interval does not apply to serial point-to-point interfaces. It does apply to WAN connections if the WAN is viewed as a multiaccess meshed network.
For multiaccess WAN interfaces such as ATM, Frame Relay, and X.25, we highly recommend that you configure the nonbroadcast multiaccess (NBMA) cloud as multiple point-to-point subinterfaces. Doing so will make routing much more robust if one or more permanent virtual circuits (PVCs) fails.
The isis csnp-interval command on point-to-point subinterfaces should be used only in combination with the IS-IS mesh-group feature.
Examples
The following example configures Ethernet interface 0 for sending CSNPs every 30 seconds:
interface ethernet 0isis csnp-interval 30 level-1isis display delimiter
To make output from multiarea displays easier to read by specifying the delimiter to use to separate displays of information, use the isis display delimiter command in global configuration mode. To disable this output format, use the no form of the command.
isis display delimiter [return count | character count]
no isis display delimiter [return count | character count]
Syntax Description
Defaults
The isis display delimiter command is disabled by default.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to customize display output when the IS-IS multiarea feature is used. The isis display delimiter command displays the output from different areas as a string or additional white space.
Examples
The following command causes different areas in multiarea displays (such as show command output) to be delimited by a string of dashes (-):
isis display delimiter - 14With three IS-IS neighbors configured, this command displays the following output from the show clns neighbors command:
Router# show clns neighbors--------------Area L2BB:System Id Interface SNPA State Holdtime Type Protocol0000.0000.0009 Tu529 172.21.39.9 Up 25 L1L2 IS-IS--------------Area A3253-01:System Id Interface SNPA State Holdtime Type Protocol0000.0000.0053 Et1 0060.3e58.ccdb Up 22 L1 IS-IS0000.0000.0003 Et1 0000.0c03.6944 Up 20 L1 IS-IS--------------Area A3253-02:System Id Interface SNPA State Holdtime Type Protocol0000.0000.0002 Et2 0000.0c03.6bc5 Up 27 L1 IS-IS0000.0000.0053 Et2 0060.3e58.ccde Up 24 L1 IS-ISRelated Commands
isis hello padding
To reenable IS-IS hello padding at the interface level, enter the isis hello padding command in interface configuration mode. To disable IS-IS hello padding, use the no form of this command.
isis hello padding
no isis hello padding
Syntax Description
This command has no arguments or keywords.
Defaults
IS-IS hello padding is enabled.
Command Modes
Interface configuration
Command History
12.0(5)T
This command was introduced.
12.0(5)S
This command was integrated into Cisco IOS Release 12.0(5)S.
Usage Guidelines
Intermediate System-to-Intermediate System (IS-IS) hellos are padded to the full maximum transmission unit (MTU) size. The benefit of padding IS-IS hellos to the full MTU is that it allows for early detection of errors that result from transmission problems with large frames or errors that result from mismatched MTUs on adjacent interfaces.
You can disable hello padding in order to avoid wasting network bandwidth in case the MTU of both interfaces is the same or, in case of translational bridging. While hello padding is disabled, Cisco routers still send the first five IS-IS hellos padded to the full MTU size, in order to maintain the benefits of discovering MTU mismatches.
To selectively disable hello padding for a specific interface, enter the no isis hello padding command in interface configuration mode. To disable hello padding for all interfaces on a router for the IS-IS routing process, enter the no hello padding command in router configuration mode.
Examples
To turn off hello padding at the interface level for the Ethernet interface 0/0, enter the no isis hello padding command in interface configuration mode:
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# interface e0/0Router(config-if)# no isis hello paddingRouter(config-if)# endWhen the show clns neighbor command is entered for Ethernet interface 0/0, the output confirms that hello padding has been turned off for both Level 1 and Level 2 circuit types:
Router_A# show clns interface e0/0Ethernet0/0 is up, line protocol is upChecksums enabled, MTU 1497, Encapsulation SAPERPDUs enabled, min. interval 10 msec.CLNS fast switching enabledCLNS SSE switching disabledDEC compatibility mode OFF for this interfaceNext ESH/ISH in 47 secondsRouting Protocol: IS-ISCircuit Type: level-1-2Interface number 0x0, local circuit ID 0x1Level-1 Metric: 10, Priority: 64, Circuit ID: Router_B.01Level-1 IPv6 Metric: 10Number of active level-1 adjacencies: 1Level-2 Metric: 10, Priority: 64, Circuit ID: Router_B.01Level-2 IPv6 Metric: 10Number of active level-2 adjacencies: 1Next IS-IS LAN Level-1 Hello in 2 seconds! No hello paddingNext IS-IS LAN Level-2 Hello in 2 seconds! No hello paddingWhen the debug isis adj packets command is entered, the output will show the IS-IS hello protocol data unit (PDU) length when a hello packet has been sent to or received from an IS-IS adjacency. In the following example the IS-IS hello PDU length is 1497:
Router# debug isis adj packets e0/0IS-IS Adjacency related packets debugging is onRouter#*Oct 11 18:04:17.455: ISIS-Adj: Sending L1 LAN IIH on Ethernet0/0, length 55*Oct 11 18:04:19.075: ISIS-Adj: Rec L2 IIH from aabb.cc00.6600 (Ethernet0/0), cir type L1L2, cir id 0000.0000.000B.01, length 1497Related Commands
isis hello-interval
To specify the length of time between hello packets that the Cisco IOS software sends, use the isis hello-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis hello-interval {seconds | minimal} [level-1 | level-2]
no isis hello-interval [level-1 | level-2]
Syntax Description
Command Default
The hello interval is 10 seconds for non-DIS interfaces, and 3.333 seconds for DIS interfaces.
The hello interval is configured for both Level 1 and Level 2.Command Modes
Interface configuration
Command History
10.0
This command was introduced.
12.0(5)T
The minimal keyword was added.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
Usage Guidelines
The hello interval multiplied by the hello multiplier equals the hold time. If the minimal keyword is specified, the hold time is 1 second and the system computes the hello interval based on the hello multiplier.
The hello interval can be configured independently for Level 1 and Level 2, except on serial point-to-point interfaces. (Because only a single type of hello packet is sent on serial links, it is independent of Level 1 or Level 2.) The level-1 and level-2 keywords are used on X.25, SMDS, and Frame Relay multiaccess networks or on LAN interfaces.
A faster hello interval gives faster convergence, but increases bandwidth and CPU usage. It might also add to instability in the network. A slower hello interval saves bandwidth and CPU usage. Especially when used in combination with a higher hello multiplier, configuration of the slower hello interval may increase overall network stability. When the hello interval is configured on DIS interfaces, only one third of the interval value is used. Therefore, the hold time (hello interval multiplied by the hello multiplier) for DIS interfaces will also be one third the hold time for non-DIS interfaces.
It makes more sense to tune the hello interval and hello multiplier on point-to-point interfaces than on LAN interfaces.
Examples
The following example configures serial interface 0 to advertise hello packets every 5 seconds. The router is configured to act as a station router. This configuration will cause more traffic than the traffic generated by configuring a longer interval, but topological changes will be detected earlier.
interface serial 0isis hello-interval 5 level-1Related Commands
isis hello-multiplier
Specifies the number of IS-IS hello packets that a neighbor must miss before the router should declare the adjacency as down.
isis hello-multiplier
To specify the number of IS-IS hello packets a neighbor must miss before the router should declare the adjacency as down, use the isis hello-multiplier command in interface configuration mode. To restore the default value, use the no form of this command.
isis hello-multiplier multiplier [level-1 | level-2]
no isis hello-multiplier [level-1 | level-2]
Syntax Description
Defaults
multiplier: 3
Level 1 and Level 2Command Modes
Interface configuration
Command History
Usage Guidelines
The "holding time" carried in an IS-IS hello packet determines how long a neighbor waits for another hello packet before declaring the neighbor to be down. This time determines how quickly a failed link or neighbor is detected so that routes can be recalculated.
Use the isis hello-multiplier command in circumstances where hello packets are lost frequently and IS-IS adjacencies are failing unnecessarily. You can raise the hello multiplier and lower the hello interval (isis hello-interval command) correspondingly to make the hello protocol more reliable without increasing the time required to detect a link failure.
On point-to-point links, there is only one hello for both Level 1 and Level 2, so different hello multipliers should be configured only for multiaccess networks such as Ethernet and FDDI. Separate Level 1 and Level 2 hello packets are also sent over nonbroadcast multiaccess (NBMA) networks in multipoint mode, such as X.25, Frame Relay, and ATM. However, we recommend that you run IS-IS over point-to-point subinterfaces over WAN NBMA media.
Examples
In the following example, the network administrator wants to increase network stability by making sure an adjacency will go down only when many (ten) hello packets are missed. The total time to detect link failure is 60 seconds. This configuration will ensure that the network remains stable, even when the link is fully congested.
interface serial 1ip router isisisis hello-interval 6 level-1isis hello-multiplier 10 level-1Related Commands
isis hello padding
Specifies the length of time between hello packets that the Cisco IOS software sends.
isis lsp-interval
To configure the time delay between successive IS-IS link-state packet (LSP) transmissions, use the isis lsp-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis lsp-interval milliseconds
no isis lsp-interval
Syntax Description
Defaults
The default time delay is 33 milliseconds.
Command Modes
Interface configuration
Command History
Usage Guidelines
In topologies with a large number of IS-IS neighbors and interfaces, a router may have difficulty with the CPU load imposed by LSP transmission and reception. This command allows the LSP transmission rate (and by implication the reception rate of other systems) to be reduced.
Examples
The following example causes the system to send LSPs every 100 milliseconds (10 packets per second) on serial interface 0:
interface serial 0isis lsp-interval 100Related Commands
isis retransmit-interval
Configures the time between retransmission of each LSP (IS-IS link-state PDU) over point-to-point links.
isis mesh-group
To optimize link-state packet (LSP) flooding in nonbroadcast multiaccess (NBMA) networks with highly meshed, point-to-point topologies, use the isis mesh-group command in interface configuration mode. To remove a subinterface from a mesh group, use the no form of this command.
isis mesh-group [number | blocked]
no isis mesh-group [number | blocked]
Syntax Description
number
(Optional) A number identifying the mesh group of which this interface is a member.
blocked
(Optional) Specifies that no LSP flooding will take place on this subinterface.
Defaults
The interface performs normal flooding.
Command Modes
Interface configuration
Command History
Usage Guidelines
LSPs that are first received on subinterfaces that are not part of a mesh group are flooded to all other subinterfaces in the usual way.
LSPs that are first received on subinterfaces that are part of a mesh group are flooded to all interfaces except those in the same mesh group. If the blocked keyword is configured on a subinterface, then a newly received LSP is not flooded out over that interface.
To minimize the possibility of incomplete flooding, you should allow unrestricted flooding over at least a minimal set of links in the mesh. Selecting the smallest set of logical links that covers all physical paths results in very low flooding, but less robustness. Ideally, you should select only enough links to ensure that LSP flooding is not detrimental to scaling performance, but enough links to ensure that under most failure scenarios no router will be logically disconnected from the rest of the network. In other words, blocking flooding on all links permits the best scaling performance, but there is no flooding. Permitting flooding on all links results in very poor scaling performance.
Examples
In the following example six interfaces are configured in three mesh groups. LSPs received are handled as follows:
•
•
•
interface atm 1/0.1 ip router isis isis mesh-group 10interface atm 1/0.2ip router isis isis mesh-group 10interface atm 1/1.1 ip router isis isis mesh-group 11interface atm 1/1.2 ip router isis isis mesh-group 11interface atm 1/2.1 ip router isisisis mesh-group blockedinterface atm 1/2.2 ip router isisRelated Commands
isis metric
To configure the value of an Intermediate System-to-Intermediate System (IS-IS) metric, use the isis metric command in interface configuration or subinterface mode. To restore the default metric value, use the no form of this command.
isis metric {metric-value | maximum} [level-1 | level-2]
no isis metric {metric-value | maximum} [level-1 | level-2]
Syntax Description
Command Default
The default metric value is set to 10.
Command Modes
Interface configuration
Subinterface configurationCommand History
Usage Guidelines
Specifying the level-1 or level-2 keyword resets the metric only for Level 1 or Level 2 routing, respectively.
We highly recommend that you configure metrics on all interfaces. If you do not do so, the IS-IS metrics are similar to hop-count metrics.
It is strongly recommended to use the metric-style wide command to configure IS-IS to use the new-style type, length, value (TLV) because TLVs that are used to advertise IPv4 information in link-state packets (LSPs) are defined to use only extended metrics. Cisco IOS software provides support of a 24-bit metric field, the so-called "wide metric." Using the new metric style, link metrics now have a maximum value of 16777214 with a total path metric of 4261412864.
Cisco IOS Release 12.4(13) and 12.4(13)T
Entering the maximum keyword will exclude the link from the SPF calculation. If a link is advertised with the maximum link metric, the link will not be considered during the normal SPF calculation. When the link is excluded from the SPF, it will not be advertised for calculating the normal SPF. An example would be a link that is available for traffic engineering, but not for hop-by-hop routing. If a link, such as one that is used for traffic engineering, should not be included in the SPF calculation, enter the isis metric command with the maximum keyword.
Note
Examples
The following example configures serial interface 0 for a link-state metric cost of 15 for Level 1:
Router(config)# interface serial 0Router(config-if)# isis metric 15 level-1The following example sets the IS-IS metric for the link to maximum. SPF will ignore the link for both Level 1 and Level 2 routing because neither the level-1 keyword nor the level-2 keyword was entered.
Router(config)# interface fastethernet 0/0Router(config-if)# isis metric maximumCisco IOS Release 12.4(13) and 12.4(13)T
The following example configures the isis metric maximum command on Ethernet subinterface 1/1.9.
Router(config)# interface Ethernet 1/1.9Router(config-subif)# isis metric maximumRelated Commands
metric-style wide
Configures a router running IS-IS so that it generates and accepts only new-style TLVs.
isis network point-to-point
To configure a network of only two networking devices that use broadcast media and the integrated IS-IS routing protocol to function as a point-to-point link instead of a broadcast link, use the isis network point-to-point command in interface configuration mode. To disable the point-to-point usage, use the no form of this command.
isis network point-to-point
no isis network point-to-point
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command only on broadcast media in a network of only two networking devices. The command will cause the system to issue packets point-to-point rather than as broadcasts. Configure the command on both networking devices in the network.
Examples
The following example configures a Fast Ethernet interface to act as a point-to-point interface:
interface fastethernet 1/0isis network point-to-pointisis password
To configure the authentication password for an interface, use the isis password command in interface configuration mode. To disable authentication for IS-IS, use the no form of this command.
isis password password [level-1 | level-2]
no isis password [level-1 | level-2]
Syntax Description
Defaults
This command is disabled by default.
If no keyword is specified, the default is level-1-2.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command enables you to prevent unauthorized routers from forming adjacencies with this router, and thus protects the network from intruders.
The password is exchanged as plain text and thus provides only limited security.
Different passwords can be assigned for different routing levels using the level-1 and level-2 kewords.
Specifying the level-1 or level-2 keyword disables the password only for Level 1 or Level 2 routing, respectively.
Examples
The following example configures a password for Ethernet interface 0 at Level 1:
interface ethernet 0isis password frank level-1isis priority
To configure the priority of designated routers, use the isis priority command in interface configuration mode. To reset the default priority, use the no form of this command.
isis priority number-value [level-1 | level-2]
no isis priority [level-1 | level-2]
Syntax Description
Defaults
Priority of 64
Level 1 and Level 2Command Modes
Interface configuration
Command History
Usage Guidelines
Priorities can be configured for Level 1 and Level 2 independently. Specifying the level-1 or level-2 keyword resets priority only for Level 1 or Level 2 routing, respectively.
The priority is used to determine which router on a LAN will be the designated router or Designated Intermediate System (DIS). The priorities are advertised in the hello packets. The router with the highest priority will become the DIS.
In IS-IS, there is no backup designated router. Setting the priority to 0 lowers the chance of this system becoming the DIS, but does not prevent it. If a router with a higher priority comes on line, it will take over the role from the current DIS. In the case of equal priorities, the highest MAC address breaks the tie.
Examples
The following example shows Level 1 routing given priority by setting the priority level to 80. This router is now more likely to become the DIS.
interface ethernet 0isis priority 80 level-1isis retransmit-interval
To configure the amount of time between retransmission of each IS-IS link-state packet (LSP) on a point-to-point link, use the isis retransmit-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis retransmit-interval seconds
no isis retransmit-interval seconds
Syntax Description
Defaults
5 seconds
Command Modes
Interface configuration
Command History
Usage Guidelines
The setting of the seconds argument should be conservative, or needless retransmission will result.
This command has no effect on LAN (multipoint) interfaces. On point-to-point links, the value can be increased to enhance network stability.
Retransmissions occur only when LSPs are dropped. So setting the seconds argument to a higher value has little effect on reconvergence. The more neighbors routers have, and the more paths over which LSPs can be flooded, the higher this value can be made.
The value should be higher for serial lines.
Examples
The following example configures serial interface 0 for retransmission of IS-IS LSP, every 60 seconds for a large serial line:
interface serial 0isis retransmit-interval 60Related Commands
isis retransmit-throttle-interval
To configure the amount of time between retransmissions on each IS-IS link-state packet (LSP) on a point-to-point interface, use the isis retransmit-throttle-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis retransmit-throttle-interval milliseconds
no isis retransmit-throttle-interval
Syntax Description
Defaults
The delay is determined by the isis lsp-interval command.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command may be useful in very large networks with many LSPs and many interfaces as a way of controlling LSP retransmission traffic. This command controls the rate at which LSPs can be re-sent on the interface.
The isis retransmit-throttle-interval command is distinct from the rate at which LSPs are sent on the interface (controlled by the isis lsp-interval command) and the period between retransmissions of a single LSP (controlled by the isis retransmit-interval command). These commands may all be used in combination to control the offered load of routing traffic from one router to its neighbors.
Examples
The following example configures serial interface 0 to limit the rate of LSP retransmissions to one every 300 milliseconds:
interface serial 0isis retransmit-throttle-interval 300Related Commands
is-type
To configure the routing level for an instance of the IS-IS routing process, use the is-type command in router configuration mode. To reset the default value, use the no form of this command.
is-type [level-1 | level-1-2 | level-2-only]
no is-type [level-1 | level-1-2 | level-2-only]
Syntax Description
Defaults
In conventional IS-IS configurations, the router acts as both a Level 1 (intra-area) and a Level 2 (interarea) router.
In multiarea IS-IS configurations, the first instance of the IS-IS routing process configured is by default a Level 1-2 (intra-area and interarea) router. The remaining instances of the IS-IS process configured by default are Level 1 routers.
Command Modes
Router configuration
Command History
10.3
This command was introduced.
12.0(5)T
This command was modified to include multiarea IS-IS routing.
Usage Guidelines
We highly recommend that you configure the type of IS-IS routing process. If you are configuring multiarea IS-IS, you must configure the type of the router, or allow it to be configured by default. By default, the first instance of the IS-IS routing process that you configure using the router isis command is a Level 1-2 router.
If only one area is in the network, there is no need to run both Level 1 and Level 2 routing algorithms. If IS-IS is used for Connectionless Network Service (CLNS) routing (and there is only one area), Level 1 only must be used everywhere. If IS-IS is used for IP routing only (and there is only one area), you can run Level 2 only everywhere. Areas you add after the Level 1-2 area exists are by default Level 1 areas.
If the router instance has been configured for Level 1-2 (the default for the first instance of the IS-IS routing process in a Cisco device), you can remove Level 2 (interarea) routing for the area using the is-type command. You can also use the is-type command to configure Level 2 routing for an area, but it must be the only instance of the IS-IS routing process configured for Level 2 on the Cisco device.
Examples
The following example specifies an area router:
router isisis-type level-2-onlyRelated Commands
