-
Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services, Release 12.3 T
-
Introduction
-
IP Addressing and Services Commands: A through C
-
IP Addressing and Services Commands: D through H
-
IP Addressing and Services Commands: idle through ip local-proxy-arp
-
IP Addressing and Services Commands: ip mask-reply through ip web-cache redirect
-
IP Addressing and Services Commands: L through R
-
IP Addressing and Services Commands: serverfarm through show ip nat
-
IP Addressing and Services Commands: show ip nhrp through synguard
-
IP Addressing and Services Commands: T through W
-
Table Of Contents
inservice (server farm real server)
inservice (server farm virtual server)
ip dhcp limit lease per interface
ip dhcp limited-broadcast-address
ip dhcp relay information check
ip dhcp relay information option
ip dhcp relay information option subscriber-id
ip dhcp relay information policy
ip dhcp relay information trust-all
ip dhcp relay information trusted
ip dhcp-client default-router distance
ip dhcp-client network-discovery
ip drp authentication key-chain
ip forward-protocol spanning-tree
ip forward-protocol turbo-flood
ip icmp rate-limit unreachable
idle
To specify the minimum amount of time for which IOS SLB maintains connection information in the absence of packet activity, use the idle command in virtual server configuration mode. To restore the default idle duration value, use the no form of this command.
idle duration
no idle
Syntax Description
duration
Idle connection timer duration (in seconds). Valid values range from 10 to 65535. The default is 3600 seconds (1 hour).
Defaults
The default duration is 3600 seconds.
Command Modes
SLB virtual server configuration
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Usage Guidelines
TCP connections that do not send flows or keepalives before the idle timer expires are assumed to be inactive and are reset (RST).
If you are configuring an idle timer for HTTP flows, choose a low number such as 120 seconds as a starting point. A low number ensures that the IOS SLB connection database maintains a manageable size if problems at the server, client, or network result in a large number of connections. However, do not choose a value under 60 seconds; such a low value can reduce the efficiency of the IOS SLB feature.
Examples
The following example instructs the IOS SLB feature to maintain connection information for an idle connection for 120 seconds:
ip slb vserver PUBLIC_HTTPidle 120Related Commands
show ip slb vservers
Displays information about the virtual servers.
virtual
Configures the virtual server attributes.
import all
To import Dynamic Host Configuration Protocol (DHCP) option parameters into the DHCP Server database, use the import all command in DHCP pool configuration mode. To disable this feature, use the no form of this command.
import all
no import all
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
DHCP pool configuration
Command History
Usage Guidelines
When the no import all command is used, the Cisco IOS DHCP Server deletes all "imported" option parameters that were added to the specified pool in the server database. Manually configured DHCP option parameters override imported DHCP option parameters.
Imported option parameters are not part of the router configuration and are not saved in NVRAM.
Examples
The following example allows the importing of all DHCP options for a pool named pool1:
ip dhcp pool pool1network 172.16.0.0 /16import allRelated Commands
inservice (DFP agent)
To enable the DFP agent for communication with a DFP manager, use the inservice command in DFP agent configuration mode. To remove the DFP agent from service, use the no form of this command.
inservice
no inservice
Syntax Description
This command has no arguments or keywords.
Defaults
The DFP agent is inactive.
Command Modes
DFP agent configuration
Command History
Usage Guidelines
A DFP agent is inactive until both of the following conditions are met:
•
The DFP agent has been enabled.
•
When you use the no form of this command to remove a DFP agent from service, the DFP agent closes all open connections, and no new connections are assigned.
Examples
In the following example, the DFP agent is enabled for communication with a DFP manager:
Router(config)# ip dfp agent slbRouter(config-dfp)# inserviceRelated Commands
inservice (server farm real server)
To enable the real server for use by the IOS SLB feature, use the inservice SLB server farm real server configuration command. To remove the real server from service, use the no form of this command.
inservice
no inservice
Syntax Description
This command has no arguments or keywords.
Defaults
If you do not specify the inservice command, the real server is defined to IOS SLB but is not used.
Command Modes
SLB server farm real server configuration
Command History
12.0(7)XE
This command was introduced.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Examples
The following example enables the real server for use by the IOS SLB feature:
ip slb serverfarm PUBLICreal 10.10.1.1inserviceRelated Commands
real
Identifies a real server.
show ip slb reals
Displays information about the real servers.
show ip slb serverfarms
Displays information about the server farm configuration.
inservice (server farm virtual server)
To enable the virtual server for use by the IOS SLB feature, use the inservice SLB server farm virtual server configuration command. To remove the virtual server from service, use the no form of this command.
inservice [standby group-name]
no inservice [standby group-name]
Syntax Description
standby
(Optional) Configures the Hot Standby Router Protocol (HSRP) standby virtual server.
group-name
(Optional) Specifies the HSRP group name with which the IOS SLB virtual server is associated.
Defaults
If you do not specify the inservice command, the virtual server is defined to IOS SLB but is not used.
Command Modes
SLB server farm virtual server configuration
Command History
12.0(7)XE
This command was introduced.
12.1(1)E
The standby keyword and group-name argument were added.
12.1(5)T
This command was integrated into Cisco IOS Release 12.1(5)T.
Examples
The following example enables the real server for use by the IOS SLB feature:
ip slb vserver PUBLIC_HTTPinserviceRelated Commands
show ip slb vservers
Displays information about the virtual servers.
virtual
Configures the virtual server attributes.
internal (DDNS-update-method)
To specify an update method for Dynamic Domain Name System (DDNS) address (A) and pointer (PTR) Resource Records (RRs) as a Cisco IOS internal cache, use the internal command in DDNS-update-method configuration mode. To disable the internal dynamic updates, use the no form of this command.
internal
no internal
Syntax Description
This command has no arguments or keywords.
Defaults
No internal cache update method is configured.
Command Modes
DDNS-update-method configuration
Command History
12.3(8)YA
This command was introduced.
12.3(14)T
This command was integrated into Cisco IOS Release 12.3(14)T.
Usage Guidelines
This command is useful in conjunction with turning on the internal Cisco IOS DNS name-server. The DNS name-server is enabled by using the ip dns server command. This command enables the name-server to reply to requests for an IP address associated with the hostname that was added to the internal name cache. Not all images have Cisco IOS DNS name-server functionality, so the internal command will not be available. Refer to Feature Navigator at http://www.cisco.com/go/fn to verify the name-server functionality in your image.
When the internal type of update is specified, an entry into the Cisco IOS name cache is added, which is basically the same as entering the ip host abc.com 10.0.0.1 command. The hostname "abc" and the IP address "10.0.0.1" are associated with an interface.
Examples
The following example shows how to configure a server to send DDNS updates to the internal Cisco IOS cache:
ip ddns update method mytestinternalRelated Commands
interval (DFP agent)
To configure a DFP agent weight recalculation interval, use the interval DFP agent configuration command. To restore the default setting, use the no form of this command.
interval seconds
no interval seconds
Syntax Description
seconds
Specifies the number of seconds to wait before recalculating weights for the DFP manager. Valid values range from 5 to 65535 seconds. The default interval is 10 seconds.
Defaults
The default interval value is 10 seconds.
Command Modes
DFP agent configuration
Command History
Usage Guidelines
The DFP agent sends the new weight to the DFP manager only if the new weight is different from the old weight. If the new weight is the same as the old weight, it is not sent to the DFP manager.
Examples
The following example configures the DFP agent to recalculate weights every 11 seconds:
Router(config)# ip dfp agent slbRouter(config-dfp)# interval 11Related Commands
interval maximum
To specify a maximum interval at which Dynamic Domain Name System (DDNS) updates of address (A) and pointer (PTR) Resource Records (RRs) occur, use the interval maximum command in DDNS-update-method configuration mode. To disable the interval, use the no form of this command.
interval maximum days hours minutes seconds
no interval maximum
Syntax Description
Defaults
No interval is configured.
Command Modes
DDNS-update-method configuration
Command History
12.3(8)YA
This command was introduced.
12.3(14)T
This command was integrated into Cisco IOS Release 12.3(14)T.
Examples
The following example shows how to configure the update method, the maximum interval of the updates (globally), and the hostname on the interface:
interface ethernet1ip ddns update hostname abc.dyndns.org
ip ddns update mytestip ddns update method mytesthttp add http://test:test@members.dyndns.org/nic/update?system=dyndns&hostname=myhost&myip=10.10.10.10interval maximum 1 0 0 0Related Commands
ip access-group
To control access to an interface, use the ip access-group command in interface configuration mode. To remove the specified access group, use the no form of this command.
ip access-group {access-list-number | access-list-name}{in | out}
no ip access-group {access-list-number | access-list-name}{in | out}
Syntax Description
Defaults
No access list is applied to the interface.
Command Modes
Interface configuration
Command History
10.0
This command was introduced.
11.2
The access-list-name argument was added.
Usage Guidelines
Access lists are applied on either outbound or inbound interfaces. For standard inbound access lists, after receiving a packet, the Cisco IOS software checks the source address of the packet against the access list. For extended access lists, the router also checks the destination access list. If the access list permits the address, the software continues to process the packet. If the access list rejects the address, the software discards the packet and returns an ICMP host unreachable message.
For standard outbound access lists, after receiving and routing a packet to a controlled interface, the software checks the source address of the packet against the access list. For extended access lists, the router also checks the destination access list. If the access list permits the address, the software sends the packet. If the access list rejects the address, the software discards the packet and returns an ICMP host unreachable message.
If the specified access list does not exist, all packets are passed.
When you enable outbound access lists, you automatically disable autonomous switching for that interface. When you enable input access lists on any CBus or CxBus interface, you automatically disable autonomous switching for all interfaces (with one exception—an SSE configured with simple access lists can still switch packets, on output only).
Examples
The following example applies list 101 on packets outbound from Ethernet interface 0:
interface ethernet 0ip access-group 101 outRelated Commands
ip access-list
To define an IP access list by name, use the ip access-list global configuration command. To remove a named IP access list, use the no form of this command.
ip access-list {standard | extended} access-list-name
no ip access-list {standard | extended} access-list-name
Syntax Description
Defaults
No named IP access list is defined.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to configure a named IP access list as opposed to a numbered IP access list. This command will place the router in access-list configuration mode, where you must define the denied or permitted access conditions with the deny and permit commands.
Specifying the standard or extended keyword with the ip access-list command determines the prompt you get when you enter access-list configuration mode.
Use the ip access-group command to apply the access list to an interface.
Named access lists are not compatible with Cisco IOS releases prior to Release 11.2.
Examples
The following example defines a standard access list named Internetfilter:
ip access-list standard Internetfilterpermit 192.5.34.0 0.0.0.255permit 128.88.0.0 0.0.255.255permit 36.0.0.0 0.255.255.255! (Note: all other access implicitly denied)Related Commands
ip access-list resequence
ip access-list resequence access-list-name starting-sequence-number increment
Syntax Description
Defaults
Disabled
Command Modes
Global configuration
Command History
12.2(14)S
This command was introduced.
12.2(15)T
This command was integrated into Cisco IOS Release 12.2(15)T.
Usage Guidelines
This command allows the permit and deny entries of a specified access list to be resequenced with an initial sequence number value determined by the starting-sequence-number argument, and continuing in increments determined by the increment argument. If the highest sequence number exceeds the maximum possible sequence number, then no sequencing occurs.
For backward compatibility with previous releases, if entries with no sequence numbers are applied, the first entry is assigned a sequence number of 10, and successive entries are incremented by 10. The maximum sequence number is 2147483647. If the generated sequence number exceeds this maximum number, the following message is displayed:
Exceeded maximum sequence number.If the user enters an entry without a sequence number, it is assigned a sequence number that is 10 greater than the last sequence number in that access list and is placed at the end of the list.
If the user enters an entry that matches an already existing entry (except for the sequence number), then no changes are made.
If the user enters a sequence number that is already present, the following error message is generated:
Duplicate sequence number.If a new access list is entered from global configuration mode, then sequence numbers for that access list are generated automatically.
Distributed support is provided so that the sequence numbers of entries in the Route Processor (RP) and line card (LC) are in synchronization at all times.
Sequence numbers are not nvgened. That is, the sequence numbers themselves are not saved. In the event that the system is reloaded, the configured sequence numbers revert to the default sequence starting number and increment.
This command works with named standard and extended IP access lists. Because the name of an access list can be designated as a number, numbers are acceptable as names as long as they are entered in named access list configuration mode.
Examples
The following example resequences an access list named kmd1. The starting sequence number is 100, and the increment value is 5:
Router(config)# ip access-list resequence kmd1 100 5Related Commands
deny (IP)
Sets conditions under which a packet does not pass a named IP access list.
permit (IP)
Sets conditions under which a packet passes a named IP access list.
ip accounting
To enable IP accounting on an interface, use the ip accounting command in interface configuration mode. To disable IP accounting, use the no form of this command.
ip accounting [access-violations] [output-packets]
no ip accounting [access-violations] [output-packets]
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
10.0
This command was introduced.
10.3
The access-violations keyword was added.
Usage Guidelines
The ip accounting command records the number of bytes (IP header and data) and packets switched through the system on a source and destination IP address basis. Only transit IP traffic is measured and only on an outbound basis; traffic generated by the router access server or terminating in this device is not included in the accounting statistics.
If you specify the access-violations keyword, the ip accounting command provides information identifying IP traffic that fails IP access lists. Identifying IP source addresses that violate IP access lists alerts you to possible attempts to breach security. The data might also indicate that you should verify IP access list configurations.
To receive a logging message on the console when an extended access list entry denies a packet access (to log violations), you must include the log keyword in the access-list (IP extended) or access-list (IP standard) command.
Statistics are accurate even if IP fast switching or IP accesd lists are being used on the interface. If the access-violations keyword is specified and any IP access list is being used on an interface, then only process switching can generate accurate statistics (IP fast switching or CEF cannot).
IP accounting disables autonomous switching, SSE switching, and distributed switching (dCEF) on the interface. IP accounting will cause packets to be switched on the Route Switch Processor (RSP) instead of the Versatile Interface Processor (VIP), which can cause performance degradation.
Examples
The following example enables IP accounting on Ethernet interface 0:
interface ethernet 0ip accountingRelated Commands
ip accounting mac-address
To enable IP accounting on a LAN interface based on the source and destination MAC address, use the ip accounting mac-address command in interface configuration mode. To disable IP accounting based on the source and destination MAC address, use the no form of this command.
ip accounting mac-address {input | output]
no ip accounting mac-address {input | output]
Syntax Description
input
Performs accounting based on the source MAC address on received packets.
output
Performs accounting based on the destination MAC address on transmitted packets.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
This feature is supported on Ethernet, Fast Ethernet, and FDDI interfaces.
To display the MAC accounting information, use the show interface mac EXEC command.
MAC address accounting provides accounting information for IP traffic based on the source and destination MAC address on LAN interfaces. This calculates the total packet and byte counts for a LAN interface that receives or sends IP packets to or from a unique MAC address. It also records a timestamp for the last packet received or sent. With MAC address accounting, you can determine how much traffic is being sent to and/or received from various peers at NAPS/peering points.
Examples
The following example enables IP accounting based on the source and destination MAC address for received and transmitted packets:
interface ethernet 4/0/0ip accounting mac-address inputip accounting mac-address outputRelated Commands
show interface mac
Displays MAC accounting information for interfaces configured for MAC accounting.
ip accounting precedence
To enable IP accounting on any interface based on IP precedence, use the ip accounting precedence command in interface configuration mode. To disable IP accounting based on IP precedence, use the no form of this command.
ip accounting precedence {input | output}
no ip accounting precedence {input | output}
Syntax Description
input
Performs accounting based on IP precedence on received packets.
output
Performs accounting based on IP precedence on transmitted packets.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
To display IP precedence accounting information, use the show interface precedence EXEC command.
The precedence accounting feature provides accounting information for IP traffic, summarized by IP precedence values. This feature calculates the total packet and byte counts for an interface that receives or sends IP packets and sorts the results based on IP precedence. This feature is supported on all interfaces and subinterfaces and supports CEF, dCEF, flow, and optimum switching.
Examples
The following example enables IP accounting based on IP precedence for received and transmitted packets:
interface ethernet 4/0/0ip accounting precedence inputip accounting precedence outputRelated Commands
show interface precedence
Displays precedence accounting information for an interface configured for precedence accounting.
ip accounting-list
To define filters to control the hosts for which IP accounting information is kept, use the ip accounting-list command in global configuration mode. To remove a filter definition, use the no form of this command.
ip accounting-list ip-address wildcard
no ip accounting-list ip-address wildcard
Syntax Description
ip-address
IP address in dotted decimal format.
wildcard
Wildcard bits to be applied to the ip-address argument.
Defaults
No filters are defined.
Command Modes
Global configuration
Command History
Usage Guidelines
The wildcard argument is a 32-bit quantity written in dotted-decimal format. Address bits corresponding to wildcard bits set to 1 are ignored in comparisons; address bits corresponding to wildcard bits set to zero are used in comparisons.
Examples
The following example adds all hosts with IP addresses beginning with 192.31 to the list of hosts for which accounting information will be kept:
ip accounting-list 192.31.0.0 0.0.255.255Related Commands
ip accounting-threshold
To set the maximum number of accounting entries to be created, use the ip accounting-threshold command in global configuration mode. To restore the default number of entries, use the no form of this command.
ip accounting-threshold threshold
no ip accounting-threshold threshold
Syntax Description
threshold
Maximum number of entries (source and destination address pairs) that the Cisco IOS software accumulates.
Defaults
The default maximum number of accounting entries is 512 entries.
Command Modes
Global configuration
Command History
Usage Guidelines
The accounting threshold defines the maximum number of entries (source and destination address pairs) that the software accumulates, preventing IP accounting from possibly consuming all available free memory. This level of memory consumption could occur in a router that is switching traffic for many hosts. Overflows will be recorded; see the monitoring commands for display formats.
The default accounting threshold of 512 entries results in a maximum table size of 12,928 bytes. Active and checkpointed tables can reach this size independently.
Examples
The following example sets the IP accounting threshold to 500 entries:
ip accounting-threshold 500Related Commands
ip accounting-transits
To control the number of transit records that are stored in the IP accounting database, use the ip accounting-transits command in global configuration mode. To return to the default number of records, use the no form of this command.
ip accounting-transits count
no ip accounting-transits
Syntax Description
Defaults
The default number of transit records that are stored in the IP accounting database is 0.
Command Modes
Global configuration
Command History
Usage Guidelines
Transit entries are those that do not match any of the filters specified by ip accounting-list global configuration commands. If no filters are defined, no transit entries are possible.
To maintain accurate accounting totals, the Cisco IOS software maintains two accounting databases: an active and a checkpointed database.
Examples
The following example specifies that no more than 100 transit records are stored:
ip accounting-transits 100Related Commands
ip address
To set a primary or secondary IP address for an interface, use the ip address interface configuration command. To remove an IP address or disable IP processing, use the no form of this command.
ip address ip-address mask [secondary]
no ip address ip-address mask [secondary]
Syntax Description
Defaults
No IP address is defined for the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
An interface can have one primary IP address and multiple secondary IP addresses. Packets generated by the Cisco IOS software always use the primary IP address. Therefore, all routers and access servers on a segment should share the same primary network number.
Hosts can determine subnet masks using the Internet Control Message Protocol (ICMP) mask request message. Routers respond to this request with an ICMP mask reply message.
You can disable IP processing on a particular interface by removing its IP address with the no ip address command. If the software detects another host using one of its IP addresses, it will print an error message on the console.
The optional secondary keyword allows you to specify an unlimited number of secondary addresses. Secondary addresses are treated like primary addresses, except the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts and Address Resolution Protocol (ARP) requests are handled properly, as are interface routes in the IP routing table.
Secondary IP addresses can be used in a variety of situations. The following are the most common applications:
•
•
•
Note
