Table Of Contents

show ip nhrp

show ip nhrp traffic

show ip redirects

show ip route dhcp

show ip slb conns

show ip slb dfp

show ip slb reals

show ip slb serverfarms

show ip slb stats

show ip slb sticky

show ip slb vservers

show ip snat

show ip sockets

show ip traffic

show ip wccp

show ip wccp web-caches

show standby

show standby delay

show standby redirect

show tcp statistics

show time-range ipc

show track

show vrrp

show vrrp interface

standby authentication

standby delay minimum reload

standby ip

standby mac-address

standby mac-refresh

standby name

standby preempt

standby priority

standby redirects

standby sso

standby timers

standby track

standby use-bia

standby version

start-forwarding-agent

sticky (virtual server)

subnet prefix-length

synguard (virtual server)

show ip nhrp

To display the Next Hop Resolution Protocol (NHRP) cache, use the show ip nhrp EXEC command.

show ip nhrp [detail | purge] | [type number [detail]] | [dynamic | incomplete | nhs | static [type number] [detail]]

Syntax Description

detail	(Optional) Displays detailed information about NHRP cache.
purge	(Optional) Displays NHRP cache purge information.
type number	(Optional) Displays the interface type and number in the NHRP cache. See Table 26 for types, number ranges, and descriptions.
dynamic	(Optional) Displays only the dynamic (learned) IP-to-nonbroadcast multiaccess address (NBMA) cache entries. See Table 26 for types, number ranges, and descriptions.
incomplete	(Optional) Displays information about an incomplete cache. See Table 26 for types, number ranges, and descriptions.
nhs	(Optional) Displays information about the next-hop server (NHS). See Table 26 for types, number ranges, and descriptions.
static	(Optional) Displays only the static IP-to-NBMA address entries in the cache (configured using the ip nhrp map command). See Table 26 for types, number ranges, and descriptions.

Command Modes

EXEC

Command History

Release	Modification
10.3	This command was introduced.

Usage Guidelines

Table 26 lists the valid types, number ranges, and descriptions for the type and number optional arguments.

---

Note The valid types can vary according to the platform and interfaces on the platform.

---

Table 26 Valid Types, Number Ranges, and Interface Descriptions 

Valid Types	Number Ranges	Interface Descriptions
async	1	Async
atm	0 to 6	ATM
bvi	1 to 255	Bridge-Group Virtual Interface
cdma-ix	1	CDMA Ix
ctunnel	0 to 2147483647	C-Tunnel
dialer	0 to 20049	Dialer
fastethernet	0 to 6	FastEthernet IEEE 802.3
lex	0 to 2147483647	Lex
loopback	0 to 2147483647	Loopback
mfr	0 to 2147483647	Multilink Frame Relay bundle
multilink	0 to 2147483647	Multilink-group
null	0	Null
port-channel	1 to 64	Port channel
tunnel	0 to 2147483647	Tunnel
vif	1	PGM multicast host
virtual-ppp	0 to 2147483647	Virtual PPP
virtual-template	1 to 1000	Virtual template
virtual-tokenring	0 to 2147483647	Virtual Token Ring
xtagatm	0 to 2147483647	Extended tag ATM

Examples

The following is sample output from the show ip nhrp command:

Router# show ip nhrp 

10.0.0.2 255.255.255.255, ATM0/0 created 0:00:43 expire 1:59:16

 Type: dynamic Flags: authoritative 

 NBMA address: 11.1111.1111.1111.1111.1111.1111.1111.1111.1111.11 

10.0.0.1 255.255.255.255, Tunnel0 created 0:10:03 expire 1:49:56

 Type: static Flags: authoritative 

 NBMA address: 11.1.1.2 

Table 27 describes the significant fields shown in the display.

Table 27 show ip nhrp Field Descriptions 

Field	Description
10.0.0.2 255.255.255.255	IP address and its network mask in the IP-to-NBMA address cache. The mask is currently always 255.255.255.255 because we do not support aggregation of NBMA information through NHRP.
ATM0/0 created 0:00:43	Interface type and number (in this case, ATM slot and port numbers) and how long ago it was created (hours:minutes:seconds).
expire 1:59:16	Time in which the positive and negative authoritative NBMA address will expire (hours:minutes:seconds). This value is based on the ip nhrp holdtime command.
Type	•dynamic—NBMA address was obtained from NHRP Request packet. •static—NBMA address was statically configured.
Flags	•authoritative—Indicates that the NHRP information was obtained from the Next Hop Server or router that maintains the NBMA-to-IP address mapping for a particular destination. •implicit—Indicates that the information was learned not from an NHRP request generated from the local router, but from an NHRP packet being forwarded or from an NHRP request being received by the local router. •negative—For negative caching; indicates that the requested NBMA mapping could not be obtained.
NBMA address	Nonbroadcast multiaccess address. The address format is appropriate for the type of network being used (for example, ATM, Ethernet, Switched Multimegabit Data Service (SMDS), or multipoint tunnel).

Related Commands

Command	Description
ip nhrp map	Statically configures the IP-to-NBMA address mapping of IP destinations connected to an NBMA network.
show ip nhrp traffic	Displays NHRP traffic statistics.

show ip nhrp traffic

To display Next Hop Resolution Protocol (NHRP) traffic statistics, use the show ip nhrp traffic EXEC command.

show ip nhrp traffic

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release	Modification
10.3	This command was introduced.

Examples

The following is sample output from the show ip nhrp traffic command:

Router# show ip nhrp traffic

Tunnel0

  request packets sent: 2

  request packets received: 4

  reply packets sent: 4

  reply packets received: 2

  register packets sent: 0

  register packets received: 0

  error packets sent: 0

  error packets received: 0

Table 28 describes the significant fields shown in the display.

Table 28 show ip nhrp traffic Field Descriptions 

Field	Description
Tunnel 0	Interface type and number.
request packets sent	Number of NHRP request packets originated from this station.
request packets received	Number of NHRP request packets received by this station.
reply packets sent	Number of NHRP reply packets originated from this station.
reply packets received	Number of NHRP reply packets received by this station.
register packets sent	Number of NHRP register packets originated from this station. Currently, our routers and access servers do not send register packets, so this value is 0.
register packets received	Number of NHRP register packets received by this station. Currently, our routers or access servers do not send register packets, so this value is 0.
error packets sent	Number of NHRP error packets originated by this station.
error packets received	Number of NHRP error packets received by this station.

show ip redirects

To display the address of a default gateway (router) and the address of hosts for which an Internet Control Message Protocol (ICMP) redirect message has been received, use the show ip redirects command in user EXEC or privileged EXEC mode.

show ip redirects

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

This command displays the default router (gateway) as configured by the ip default-gateway command.

The ip mtu command enables the router to send ICMP redirect messages.

Examples

The following is sample output from the show ip redirects command:

Router# show ip redirects

Default gateway is 172.89.80.29

Host               Gateway           Last Use    Total Uses  Interface

172.16.1.111      172.16.80.240         0:00             9  Ethernet0

172.16.1.4        172.16.80.240         0:00             4  Ethernet0

Related Commands

Command	Description
ip default-gateway	Defines a default gateway (router) when IP routing is disabled.
ip mtu	Enables the sending of ICMP redirect messages if the Cisco IOS software is forced to resend a packet through the same interface on which it was received.

show ip route dhcp

To display the routes added to the routing table by the Cisco IOS Dynamic Host Configuration Protocol (DHCP) server and relay agent, use the show ip route dhcp command in privileged EXEC configuration mode.

show ip route [vrf vrf-name] dhcp [ip-address]

Syntax Description

vrf	(Optional) Specifies VPN routing and forwarding instance.
vrf-name	(Optional) Name of the VRF.
ip-address	(Optional) Address about which routing information should be displayed.

Defaults

No default behavior or values

Command Modes

Privileged EXEC

Command History

Release	Modification
12.2	This command was introduced.

Usage Guidelines

To display information about global routes, use the show ip route dhcp command. To display routes in the VRF routing table, use the show ip route vrf vrf-name dhcp command.

Examples

The following is sample output from the show ip route dhcp command when entered without an address. This command lists all routes added by the Cisco IOS DHCP server and relay agent.

Router# show ip route dhcp 

  10.5.5.56/32 is directly connected, ATM0.2

  10.5.5.217/32 is directly connected, ATM0.2

The following is sample output from the show ip route dhcp command when an address is specified. The output shows the details of the address with the server address (who assigned it) and the lease expiration time.

Router# show ip route dhcp 55.5.5.217 

  10.5.5.217 is directly connected, ATM0.2

    DHCP Server: 10.9.9.10   Lease expires at Nov 08 2001 01:19 PM

The following is sample output from the show ip route vrf vrf-name dhcp command when entered without an address:

Router# show ip route vrf red dhcp

  10.5.5.218/32 is directly connected, ATM0.2

The following is sample output from the show ip route vrf vrf-name dhcp command when an address is specified. The output shows the details of the address with the server address (who assigned it) and the lease expiration time.

Router# show ip route vrf red dhcp 55.5.5.218

  10.5.5.218/32 is directly connected, ATM0.2

    DHCP Server: 10.9.9.10   Lease expires at Nov 08 2001 03:15PM

Related Commands

Command	Description
clear ip route dhcp	Removes routes from the routing table added by the DHCP server and relay agent for the DHCP clients on unnumbered interfaces.

show ip slb conns

To display the active IOS SLB connections, use the show ip slb conns privileged EXEC command.

show ip slb conns [vserver virtserver-name] [client ip-address] [detail]

Syntax Description

vserver	(Optional) Displays only those connections associated with a particular virtual server.
virtserver-name	(Optional) Name of the virtual server to be monitored.
client	(Optional) Displays only those connections associated with a particular client IP address.
ip-address	(Optional) IP address of the client to be monitored.
detail	(Optional) Displays detailed connection information.

Defaults

If no options are specified, the command displays output for all active IOS SLB connections.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.

Examples

The following example shows IOS SLB active connection data:

Router# show ip slb conns

vserver          prot   client                real                  state

----------------------------------------------------------------------------

TEST             TCP    10.150.72.183:328      10.80.90.25:80        INIT 

TEST             TCP    10.250.167.226:423     10.80.90.26:80        INIT 

TEST             TCP    10.234.60.239:317      10.80.90.26:80        ESTAB 

TEST             TCP    10.110.233.96:747      10.80.90.26:80        ESTAB 

TEST             TCP    10.162.0.201:770       10.80.90.30:80        CLOSING 

TEST             TCP    10.22.225.219:995      10.80.90.26:80        CLOSING 

TEST             TCP    10.2.170.148:169       10.80.90.30:80        ZOMBIE 

Table 29 describes the significant fields shown in the display.

Table 29 show ip slb conns Field Descriptions 

Field	Description
vserver	Name of the virtual server whose connections are being monitored and displayed. Information about each connection is displayed on a separate line.
prot	Protocol being used by the connection.
client	Client IP address being used by the connection.
real	Real IP address of the connection.
state	Current state of the connection: •CLOSING—IOS SLB TCP connection deactivated (awaiting a delay timeout before cleaning up the connection). •ESTAB—IOS SLB TCP connection processed a SYN-SYN/ACK exchange between the client and server. •FINCLIENT—IOS SLB TCP connection processed a FIN from the client. •FINSERVER—IOS SLB TCP connection processed a FIN from the server. •INIT—Initial state of the IOS SLB TCP connection. •SYNBOTH—IOS SLB TCP connection processed one or more TCP SYNs from both the client and the server. •SYNCLIENT—IOS SLB TCP connection processed one or more client TCP SYNs. •SYNSERVER—IOS SLB TCP connection processed one or more server 1 TCP SYNs. •ZOMBIE—Destruction of the IOS SLB TCP connection failed, possibly because of bound flows. Destruction will proceed when the flows are unbound.

show ip slb dfp

To display DFP manager and agent information such as passwords, timeouts, retry counts, and weights, use the show ip slb dfp privileged EXEC command.

show ip slb dfp [agent ip-address port-number | detail | weights]

Syntax Description

agent	(Optional) Displays information about an agent.
ip-address	(Optional) Agent IP address.
port-number	(Optional) Agent port number.
detail	(Optional) Displays all data available.
weights	(Optional) Displays information about weights assigned to real servers for load balancing.

Defaults

If no options are specified, the command displays summary information.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.

Examples

The following example shows IOS SLB DFP data:

router# show ip slb dfp detail

DFP Manager:

      Current passwd:NONE Pending passwd:NONE

      Passwd timeout:0 sec 

      Uned errors:0

DFP Agent 172.16.2.34:61936 Connection state:Connected

   Timeout = 0      Retry Count = 0      Interval = 180   (Default)

   Security errors = 0

   Last message received:10:20:26 UTC 11/02/99

   Last reported Real weights for Protocol TCP, Port www

      Host 10.17.17.17 1      Weight 1

      Host 10.68.68.68   Bind ID 4      Weight 4

      Host 10.85.85.85   Bind ID 5      Weight 5

   Last reported Real weights for Protocol TCP, Port 22

      Host 10.17.17.17   Bind ID 111    Weight 111

router# show ip slb dfp weights

Real IP Address 10.17.17.17 Protocol TCP Port 22 Bind_ID 111 Weight 111

      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99

Real IP Address 10.17.17.17 Protocol TCP Port www Bind_ID 1 Weight 1

      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99

Real IP Address 10.68.68.68 Protocol TCP Port www Bind_ID 4 Weight 4

      Set by Agent 172.44.2.3458490 at 132241 UTC 12/03/99

Real IP Address 10.85.85.85 Protocol TCP Port www Bind_ID 5 Weight 5

      Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99

router# show ip slb dfp

DFP Manager:

      Current passwd:NONE Pending passwd:NONE

      Passwd timeout:0 sec 

Agent IP          Port    Timeout   Retry Count   Interval

---------------------------------------------------------------

172.16.2.34       61936   0         0             180 (Default)

Table 30 describes the significant fields shown in the display.

Table 30 show ip slb dfp Field Descriptions

Field	Description
Agent IP	IP address of the agent about which information is being displayed.
Port	Port number of the agent.
Timeout	Time period (in seconds) during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout.
Retry Count	Number of times the DFP manager attempts to establish the TCP connection to the DFP agent. A value of 0 means there are infinite retries.
Interval	Interval (in seconds) between retries.

show ip slb reals

To display information about the real servers, use the show ip slb reals command in privileged EXEC mode.

show ip slb reals [sfarm server-farm] [detail]

Syntax Description

sfarm server-farm	(Optional) Displays information about those real servers associated with the specified server farm or firewall farm.
detail	(Optional) Displays detailed information.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.
12.2	This command was integrated into Cisco IOS Release 12.2.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.

Usage Guidelines

If no options are specified, the command displays information about all real servers.

Examples

The following is sample output from the show ip slb reals command:

Router# show ip slb reals

real             farm name        weight   state           conns

--------------------------------------------------------------------

10.80.2.112      FRAG             8        OUTOFSERVICE    0        

10.80.5.232      FRAG             8        OPERATIONAL     0        

10.80.15.124     FRAG             8        OUTOFSERVICE    0        

10.254.2.2       FRAG             8        OUTOFSERVICE    0        

10.80.15.124     LINUX            8        OPERATIONAL     0        

10.80.15.125     LINUX            8        OPERATIONAL     0        

10.80.15.126     LINUX            8        OPERATIONAL     0        

10.80.90.25      SRE              8        OPERATIONAL     220      

10.80.90.26      SRE              8        OPERATIONAL     216      

10.80.90.27      SRE              8        OPERATIONAL     216      

10.80.90.28      SRE              8        TESTING         1        

10.80.90.29      SRE              8        OPERATIONAL     221      

10.80.90.30      SRE              8        OPERATIONAL     224      

10.80.30.3       TEST             100      READY_TO_TEST   0        

10.80.30.4       TEST             100      READY_TO_TEST   0        

10.80.30.5       TEST             100      READY_TO_TEST   0        

10.80.30.6       TEST             100      READY_TO_TEST   0        

Table 31 describes the fields shown in the display.

Table 31 show ip slb reals Field Descriptions 

Field	Description
real	IP address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line.
farm name	Name of the server farm or firewall farm with which the real server is associated.
weight	Weight assigned to the real server. The weight identifies the real server's capacity, relative to other real servers in the server farm.
state	Current state of the real server. •DFP_THROTTLED—The Dynamic Feedback Protocol (DFP) agent sent a weight of 0 for this real server (send no further connections to this real server). •FAILED—The real server has failed as a result of either no response or reset (RST) responses to client traffic. (See the faildetect (real server) command for more information about controlling tolerance for no responses and RSTs.) The real server has been removed from use by the predictor algorithms. The retry timer has started. •MAXCONNS_THROTTLE—The number of connections on the real server exceeds the configured maximum number of simultaneous active connections (maxconns). •OPERATIONAL—The real server is functioning properly and is being used for load-balancing. •OPER_WAIT—The real server is waiting to become operational (waiting for a timeout or some other condition to be met). •OUTOFSERVICE—The real server was configured with no inservice and has been removed from the load-balancing predictor lists. •PROBE_FAILED—The probe has succeeded in the past but has currently failed. This failure might occur at the same time user connections fail, or it might not. •PROBE_TESTING—The probe has never succeeded, due to no response. The initial probe timed out waiting for a success. •READY_TO_TEST—The real server is queued for testing after being in FAILED state until the retry timer expired. •TESTING—The real server is queued for assignment. When a single user connection is assigned to a real server that is in READY_TO_TEST state, the real server is placed in TESTING state. If the test succeeds, the real server is placed back in OPERATIONAL state. •TEST_WAIT—The real server is waiting to begin testing (waiting for a timeout or some other condition to be met).
conns	Number of connections associated with the real server. In general packet radio service (GPRS) load balancing, number of sessions associated with the real server. In per-packet server load balancing, number of request packets that have been load balanced to each real server, using the connection count.

The following is sample output from the show ip slb reals detail command for a real server in a server farm:

Router# show ip slb reals detail

10.10.1.7, S, state = OPERATIONAL, type = server

  conns = 0, dummy_conns = 0, maxconns = 4294967295

  weight = 8, weight(admin) = 8, metric = 0, remainder = 0

  reassign = 3, retry = 60

  failconn threshold = 8, failconn count = 0

  failclient threshold = 2, failclient count = 0

  total conns established = 0, total conn failures = 0

  server failures = 0

The following is sample output from the show ip slb reals detail command for a real server in a firewall farm:

Router# show ip slb reals detail

10.10.3.2, F, state = OPERATIONAL, type = firewall

  conns = 0, dummy_conns = 0, maxconns = 4294967295

  weight = 8, weight(admin) = 8, metric = 0, remainder = 0

  total conns established = 8377, hash count = 0

  server failures = 0

  interface FastEthernet1/0, MAC 0000.0c41.1063

Table 32 describes the fields shown in the above detail displays.

Table 32 show ip slb reals detail Field Descriptions 

Field	Description
IP address	IP address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line.
farm name	Name of the server farm or firewall farm with which the real server is associated.
state	Current state of the real server. •DFP_THROTTLED—The Dynamic Feedback Protocol (DFP) agent sent a weight of 0 for this real server (send no further connections to this real server). •FAILED—The real server has failed as a result of either no response or reset (RST) responses to client traffic. (See the faildetect (real server) command for more information about controlling tolerance for no responses and RSTs.) The real server has been removed from use by the predictor algorithms. The retry timer has started. •MAXCONNS_THROTTLE—The number of connections on the real server exceeds the configured maximum number of simultaneous active connections (maxconns). •OPERATIONAL—The real server is functioning properly and is being used for load-balancing. •OPER_WAIT—The real server is waiting to become operational (waiting for a timeout or some other condition to be met). •OUTOFSERVICE—The real server was configured with no inservice and has been removed from the load-balancing predictor lists. •PROBE_FAILED—The probe has succeeded in the past but has currently failed. This failure might occur at the same time user connections fail, or it might not. •PROBE_TESTING—The probe has never succeeded, due to no response. The initial probe timed out waiting for a success. •READY_TO_TEST—The real server is queued for testing after being in FAILED state until the retry timer expired. •TESTING—The real server is queued for assignment. When a single user connection is assigned to a real server that is in READY_TO_TEST state, the real server is placed in TESTING state. If the test succeeds, the real server is placed back in OPERATIONAL state. •TEST_WAIT—The real server is waiting to begin testing (waiting for a timeout or some other condition to be met).
type	Indicates whether the real server is associated with a server farm (server) or firewall farm (firewall).
conns	Number of connections associated with the real server. In general packet radio service (GPRS) load balancing, number of sessions associated with the real server. In per-packet server load balancing, number of request packets that have been load balanced to each real server, using the connection count.
dummy_conns	Internal counter used in debugging.
maxconns	Maximum number of active connections allowed on the real server at one time.
weight	Weight assigned to the real server. The weight identifies the real server's capacity, relative to other real servers in the server farm. This value could be changed by DFP.
weight(admin)	Configured (or default) weight assigned to the real server.
metric	Internal counter used in debugging.
remainder	Internal counter used in debugging.
reassign	Total number of consecutive unacknowledged SYNchronize sequence numbers (SYNs) or Create Packet Data Protocol (PDP) requests since the last time the clear ip slb counters command was issued.
retry	Interval, in seconds, to wait between the detection of a failure on the real server and the next attempt to connect to the server.
failconn threshold	Maximum number of consecutive connection failures allowed before the real server is considered to have failed.
failconn count	Total number of consecutive connection failures since the last time the clear ip slb counters command was issued.
failclient threshold	Maximum number of unique client connection failures allowed before the real server is considered to have failed.
failclient count	Total number of unique client connection failures since the last time the clear ip slb counters command was issued.
total conns established	Total number of successful connection assignments since the last time the clear ip slb counters command was issued.
total conn failures	Total number of unsuccessful connection assignments since the last time the clear ip slb counters command was issued.
server failures	Total number of times this real server has been marked failed.
hash count	Total number of times the hash algorithm has been called.
interface	Type of interface.
MAC	MAC address of the firewall.

show ip slb serverfarms

To display information about the server farms, use the show ip slb serverfarms privileged EXEC command.

show ip slb serverfarms [name serverfarm-name] [detail]

Syntax Description

name	(Optional) Displays information about only a particular server farm.
serverfarm-name	(Optional) Name of the server farm.
detail	(Optional) Displays detailed server farm information.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.

Examples

The following example shows IOS SLB server farm data:

router# show ip slb serverfarms

server farm      predictor     reals   bind id

-------------------------------------------------

FRAG             ROUNDROBIN    4       0       

LINUX            ROUNDROBIN    3       0       

SRE              ROUNDROBIN    6       0       

TEST             ROUNDROBIN    4       0       

Table 33 describes the significant fields shown in the display.

Table 33 show ip slb serverfarms Field Descriptions

Field	Description
server farm	Name of the server farm about which information is being displayed. Information about each server farm is displayed on a separate line.
predictor	Type of load-balancing algorithm (ROUNDROBIN or LEASTCONNS) used by the server farm.
reals	Number of real servers configured in the server farm.
bind id	Bind ID configured on the server farm.

show ip slb stats

To display IOS SLB statistics, use the show ip slb stats privileged EXEC command.

show ip slb stats

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.

Examples

The following example shows IOS SLB statistics:

router# show ip slb stats

Pkts via normal switching: 530616

Pkts via special switching:1812710

Connections Created:       783774

Connections Established:   633418

Connections Destroyed:     782752

Connections Reassigned:    0

Zombie Count:              0

Table 34 describes the significant fields shown in the display.

Table 34 show ip slb stats Field Descriptions 

Field	Description
Pkts via normal switching	Number of packets handled by the IOS SLB feature via normal switching since the last time counters were cleared.
Pkts via special switching	Number of packets handled by the IOS SLB feature via special switching since the last time counters were cleared.
Connections Created	Number of connections created since the last time counters were cleared.
Connections Established	Number of connections created that have become established since the last time counters were cleared.
Connections Destroyed	Number of connections destroyed since the last time counters were cleared.
Connections Reassigned	Number of connections reassigned to a different real server since the last time counters were cleared.
Zombie Count	Number of connections currently pending destruction, awaiting a timeout or some other condition to be met.

show ip slb sticky

To display the entries in the IOS SLB sticky database, use the show ip slb sticky privileged EXEC command.

show ip slb sticky [client ip-address]

Syntax Description

client	(Optional) Displays only those sticky database entries associated with a particular client IP address.
ip-address	(Optional) IP address of the client.

Defaults

If no options are specified, the command displays information about all virtual servers.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.

Examples

The following example shows the entries in the IOS SLB sticky database:

Router# show ip slb sticky

client            group   real              conns     ftp-cntrl

--------------------------------------------------------------

10.10.2.12        4097      10.10.3.2         1         0 

Table 35 describes the significant fields shown in the display.

Table 35 show ip slb sticky Field Descriptions

Field	Description
client	Client IP address that is bound to this sticky assignment.
group	Group ID for this sticky assignment.
real	Real server used by all clients connecting with the client IP address detailed on this line.
conns	Number of connections currently sharing this sticky assignment.
ftp-cntrl	Number of FTP control connections currently using this sticky assignment.

show ip slb vservers

To display information about the virtual servers, use the show ip slb vservers privileged EXEC command.

show ip slb vservers [name virtserver-name] [detail]

Syntax Description

name	(Optional) Displays information about only this virtual server.
virtserver-name	(Optional) Name of the virtual server.
detail	(Optional) Displays detailed virtual server information.

Defaults

If no options are specified, the command displays information about all virtual servers.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.

Examples

The following example shows virtual server data:

router# show ip slb vservers

slb vserver      prot   virtual               state          conns   

---------------------------------------------------------------------

TEST             TCP     10.80.254.3:80        OPERATIONAL    1013    

TEST21           TCP     10.80.254.3:21        OUTOFSERVICE   0       

TEST23           TCP     10.80.254.3:23        OUTOFSERVICE   0       

Table 36 describes the significant fields shown in the display.

Table 36 show ip slb vservers Field Descriptions

Field	Description
slb vserver	Name of the virtual server about which information is being displayed. Information about each virtual server is displayed on a separate line.
prot	Protocol being used by the virtual server detailed on a given line.
virtual	Virtual IP address of the virtual server detailed on a given line.
state	Current state of the virtual server detailed on a given line.
conns	Number of connections associated with the virtual server detailed on a given line.

show ip snat

To display active Stateful Network Address Translation (SNAT) translations, use the show ip snat command in EXEC mode.

show ip snat [distributed [verbose] | peer ip-address]

Syntax Description

distributed	(Optional) Displays information about the distributed NAT, including its peers and status.
verbose	(Optional) Displays additional information for each translation table entry, including how long ago the entry was created and used.
peer ip-address	(Optional) Displays TCP connection information between peer routers.

Command Modes

EXEC

Command History

Release	Modification
12.2(13)T	This command was introduced.

Examples

The following is sample output from the show ip snat distributed command for stateful NAT connected peers:

Router# show ip snat distributed

Stateful NAT Connected Peers

SNAT: Mode PRIMARY

:State READY

:Local Address 192.168.123.2

:Local NAT id 100

:Peer Address 192.168.123.3

:Peer NAT id 200

:Mapping List 10

The following is sample output from the show ip snat distributed verbose command for stateful NAT connected peers:

Router# show ip snat distributed verbose

SNAT: Mode PRIMARY

Stateful NAT Connected Peers

:State READY

:Local Address 192.168.123.2

:Local NAT id 100

:Peer Address 192.168.123.3

:Peer NAT id 200

:Mapping List 10

:InMsgs 7, OutMsgs 7, tcb 0x63EBA408, listener 0x0

show ip sockets

To display IP socket information, use the show ip sockets command in user EXEC or privileged EXEC mode.

show ip sockets

Syntax Description

This command has no keywords or arguments.

Defaults

No default behavior or values.

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
10.0 T	This command was introduced.

Usage Guidelines

Use this command to verify that the socket being used is opening correctly. If there is a local and remote endpoint, a connection is established with the ports indicated.

Examples

The following is sample output from the show ip sockets command:

Router# show ip sockets

Proto    Remote         Port      Local           Port  In Out Stat TTY OutputIF

 17      10.0.0.0         0       172.16.186.193  67    0   0    1   0

 17      172.68.191.135   514     172.16.191.129  1811  0   0    0   0

 17      172.16.135.20    514     172.16.191.1    4125  0   0    0   0

 17      172.16.207.163   49      172.16.186.193  49    0   0    9   0

 17      10.0.0.0         123     172.16.186.193  123   0   0    1   0

 88      10.0.0.0         0       172.16.186.193  202   0   0    0   0

 17      172.16.96.59     32856   172.16.191.1    161   0   0    1   0

 17     --listen--             --any--        496  0    0   1    0

Table 37 describes the significant fields shown in the display.

Table 37 show ip sockets Field Descriptions 

Field	Description
Proto	Protocol type, for example, User Datagram Protocol (UDP) or TCP.
Remote	Remote address connected to this networking device. If the remote address is considered illegal, "--listen--" is displayed.
Port	Remote port. If the remote address is considered illegal, "--listen--" is displayed.
Local	Local address. If the local address is considered illegal or is the address 0.0.0.0, "--any--" displays.
Port	Local port.
In	Input queue size.
Out	Output queue size.
Stat	Various statistics for a socket.
TTY	The tty number for the creator of this socket.
OutputIF	Output IF string, if one exists.

show ip traffic

To display statistics about IP traffic, use the show ip traffic command in user EXEC or privileged EXEC mode.

show ip traffic

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
10.0	This command was introduced.
12.2	The output was enhanced to displays the number of keepalive, open, update, route-refresh request, and notification messages that have been received and sent by a Border Gateway Protocol (BGP) routing process.

Examples

The following is sample output from the show ip traffic command:

Router# show ip traffic 

IP statistics:

  Rcvd:  2961 total, 2952 local destination

         0 format errors, 0 checksum errors, 0 bad hop count

         0 unknown protocol, 9 not a gateway

         0 security failures, 0 bad options, 0 with options

  Opts:  0 end, 0 nop, 0 basic security, 0 loose source route

         0 timestamp, 0 extended security, 0 record route

         0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump

         0 other

  Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble

         0 fragmented, 0 fragments, 0 couldn't fragment

  Bcast: 9 received, 36 sent

  Mcast: 2294 received, 2293 sent

  Sent:  2935 generated, 0 forwarded

  Drop:  1 encapsulation failed, 0 unresolved, 0 no adjacency

         0 no route, 0 unicast RPF, 0 forced drop

         0 options denied

  Drop:  0 packets with source IP address zero

  Drop:  0 packets with internal loop back IP address

ICMP statistics:

  Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable

        0 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench

        0 parameter, 0 timestamp, 0 info request, 0 other

        0 irdp solicitations, 0 irdp advertisements

  Sent: 0 redirects, 0 unreachable, 0 echo, 0 echo reply

        0 mask requests, 0 mask replies, 0 quench, 0 timestamp

        0 info reply, 0 time exceeded, 0 parameter problem

        0 irdp solicitations, 0 irdp advertisements

UDP statistics:

  Rcvd: 0 total, 0 checksum errors, 0 no port

  Sent: 36 total, 0 forwarded broadcasts

TCP statistics:

  Rcvd: 654 total, 0 checksum errors, 0 no port

  Sent: 603 total

BGP statistics:

  Rcvd: 288 total, 8 opens, 0 notifications, 0 updates

        280 keepalives, 0 route-refresh, 0 unrecognized

  Sent: 288 total, 8 opens, 0 notifications, 0 updates

        280 keepalives, 0 route-refresh

OSPF statistics:

  Rcvd: 0 total, 0 checksum errors

        0 hello, 0 database desc, 0 link state req

        0 link state updates, 0 link state acks

  Sent: 0 total

        0 hello, 0 database desc, 0 link state req

        0 link state updates, 0 link state acks

IP-EIGRP statistics:

  Rcvd: 2303 total

  Sent: 2301 total

PIMv2 statistics: Sent/Received

  Total: 0/0, 0 checksum errors, 0 format errors

  Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0,  Hellos: 0/0

  Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0

  Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0

  Queue drops: 0

  State-Refresh: 0/0

IGMP statistics: Sent/Received

  Total: 0/0, Format errors: 0/0, Checksum errors: 0/0

  Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0 

  DVMRP: 0/0, PIM: 0/0

  Queue drops: 0

ARP statistics:

  Rcvd: 2 requests, 5 replies, 0 reverse, 0 other

  Sent: 1 requests, 3 replies (0 proxy), 0 reverse

Table 38 describes the significant fields shown in the display.

Table 38 show ip traffic Field Descriptions 

Field	Description
IP statistics	Heading for IP statistics fields.
Total	Total number of packets.
Rcvd	Total received, and total destined for this device.
format errors	Indicates a gross error in the packet format, such as an impossible Internet header length.
checksum errors	Indicates that the packet has a bad checksum value in the header.
bad hop count	Occurs when a packet is discarded because its time-to-live (TTL) field was decremented to zero.
unknown protocol	Indicates that the packet contains an unknown protocol value or type.
not a gateway	Non-routed packet.
security failures	Packets that with incorrect security values in the IP packet header.
bad options	Packets with incorrect options in the IP packet header.
with options	Packets with options configured in the IP packet header.
Opts	Field for IP packet options.
Frags	Field for packet fragmentation statistics.
Bcast	Field for broadcast packet statistics.
Mcast	Field for multicast packet statistics.
Sent	Field for transmitted packet statistics.
Drop	Field for dropped packet statistics.
encapsulation failed	Usually indicates that the router had no ARP request entry and therefore did not send a datagram.
no route	Counted when the Cisco IOS software discards a datagram it did not know how to route.
ICMP statistics	Heading for ICMP statistics.
UDP statistics	Field for UDP packet statistics.
TCP	Field for TCP packet statistics.
BGP	Field for BGP packet statistics.
OSPF	Field for OSPF packet statistics.
IP-EIGRP	Field for EIGRP packet statistics.
PIMv2	Field for PIM statistics.
IGMP	Field for IGMP statistics.
ARP	Field for ARP statistics.

show ip wccp

To display global statistics related to Web Cache Communication Protocol (WCCP), use the show ip wccp command in privileged EXEC mode.

show ip wccp [service-number | web-cache] [detail | view]

Syntax Description

service-number	(Optional) Identification number of the web-cache service group being controlled by the cache. The number can be from 0 to 256. For web caches using Cisco Cache Engines, the reverse proxy service is indicated by a value of 99.
web-cache	(Optional) Statistics for the web-cache service.
detail	(Optional) Information about the router and all web caches.
view	(Optional) Other members of a particular service group have or have not been detected.

Command Modes

Privileged EXEC

Command History

Release	Modification
11.1CA	This command was introduced for Cisco 7200 and 7500 platforms.
11.2P	Support for this command was added to a variety of Cisco platforms.
12.0(3)T	The detail and view keywords were added.
12.3(7)T	The output was enhanced to display the bypass counters (process, fast, and Cisco Express Forwarding) when WCCP is enabled.
12.2(14)SX	Support for this command was introduced on the Supervisor Engine 720.
12.2(17d)SXB	Support for this command on the Supervisor Engine 2 was extended to Cisco IOS Release 12.2(17d)SXB.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.
12.3(14)T	The output was enhanced to display the maximum number of service groups.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Use the clear ip wccp command to reset the counter for the "Packets Redirected" information.

Use the show ip wccp service-number command to provide the "Total Packets Redirected" count. The "Total Packets Redirected" count is the number of flows, or sessions, that are redirected.

Use the show ip wccp service-number detail command to provide the "Packets Redirected" count. The "Packets Redirected" count is the number of flows, or sessions, that are redirected.

Use the show ip wccp web-cache detail command to provide an indication of how many flows, rather than packets, are using Layer 2 redirection.

For cache-engine clusters using Cisco cache engines, the reverse proxy service-number is indicated by a value of 99.

For additional information on the IP WCCP commands, refer to the "Configuring Web Cache Services Using WCCP" section in the Cisco IOS Configuration Fundamentals Configuration Guide.

Examples

This section contains examples and field descriptions for the following forms of this command:

•show ip wccp web-cache

•show ip wccp service-number view

•show ip wccp service-number detail

•show ip wccp web-cache detail

•show ip wccp web-cache detail (bypass counters displayed)

show ip wccp web-cache

The following is sample output from the show ip wccp web-cache command:

Router# show ip wccp web-cache

Global WCCP Information:

 Service Name: web-cache:

 Number of Cache Engines:	1

 Number of Routers:	1

 Total Packets Redirected:	213

 Redirect access-list:	no_linux

 Total Packets Denied Redirect:	88

 Total Packets Unassigned:	-none-

 Group access-list:	0

 Total Messages Denied to Group:	0

 Total Authentication failures:	0

Table 39 describes the significant fields shown in the display.

Table 39 show ip wccp web-cache Field Descriptions 

Field	Description
Service Name	Indicates which service is detailed.
Number of Cache Engines	Number of Cisco cache engines using the router as their home router.
Number of Routers	The number of routers in the service group.
Total Packets Redirected	Total number of packets redirected by the router.
Redirect access-list	The name or number of the access list that determines which packets will be redirected.
Total Packets Denied Redirect	Total number of packets that were not redirected because they did not match the access list.
Total Packets Unassigned	Number of packets that were not redirected because they were not assigned to any cache engine. Packets may not be assigned during initial discovery of cache engines or when a cache is dropped from a cluster.
Group access-list	Indicates which cache engine is allowed to connect to the router.
Total Messages Denied to Group	Indicates the number of packets denied by the group-list access list.
Total Authentication failures	The number of instances where a password did not match.

show ip wccp service-number view

The following is sample output from the show ip wccp 1 view command:

Router# show ip wccp 1 view

WCCP Router Informed of:

 10.168.88.10

 10.168.88.20

WCCP Cache Engines Visible

 10.168.88.11

 10.168.88.12

WCCP Cache Engines Not Visible:

 -none-

---

Note The number of maximum service groups that can be configured is 256.

---

If any web cache is displayed under the WCCP Cache Engines Not Visible field, the router needs to be reconfigured to map the web cache that is not visible to it.

Table 40 describes the significant fields shown in the display.

Table 40 show ip wccp service-number view Field Descriptions

Field	Description
WCCP Router Informed of	A list of routers detected by the current router.
WCCP Clients Visible	A list of clients that are visible to the router and other clients in the service group.
WCCP Clients Not Visible	A list of clients in the service group that are not visible to the router and other clients in the service group.

show ip wccp service-number detail

The following example displays WCCP client information and WCCP router statistics that include the type of services:

Router# show ip wccp 91 detail

WCCP Client information:

 WCCP Client ID: 10.1.1.14

 Protocol Version: 2.0

 State: Usable

 Redirection: GRE

 Packet Return: GRE

 Assignment: HASH

 Initial Hash Info: 0000000000000000000000000000000000000000000000000000000000000000

 Assigned Hash Info: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

 Hash Allotment: 256 (100.00%)

 Packets Redirected: 0

 Connect Time: 00:01:56

 Bypassed Packets

 Process: 0

 CEF: 0

show ip wccp web-cache detail

The following example displays web-cache engine information and WCCP router statistics for a particular service group:

Router# show ip wccp web-cache detail

WCCP Router information:

 IP Address	10.168.88.10

 Protocol Version:	2.0

WCCP Client Information

 IP Address:	10.168.88.11

 Protocol Version:	2.0

 State:	Usable

 Initial Hash Info:	AAAAAAAAAAAAAAAAAAAAAAAAAA

	AAAAAAAAAAAAAAAAAAAAAAAAAA

 Assigned Hash Info:	FFFFFFFFFFFFFFFFFFFFFFFFFF

	FFFFFFFFFFFFFFFFFFFFFFFFFF

 Hash Allotment:	256 (100.00%)

 Packets Redirected:	21345

 Connect Time:	00:13:46

Table 41 describes the significant fields shown in the display.

Table 41 show ip wccp web-cache detail Field Descriptions 

Field	Description
WCCP Router information	The header for the area that contains fields for the IP address and version of WCCP associated with the router connected to the cache engine in the service group.
IP Address	The IP address of the router connected to the cache engine in the service group.
Protocol Version	The version of WCCP being used by the router in the service group.
WCCP Client Information	The header for the area that contains fields for information on clients.
IP Address	The IP address of the cache engine in the service group.
Protocol Version	The version of WCCP being used by the cache engine in the service group.
State	Indicates whether the cache engine is operating properly and can be contacted by a router and other cache engines in the service group.
Initial Hash Info	The initial state of the hash bucket assignment. The values show the state of each of the 256 hash buckets. Hexadecimal digits are used as shorthand for binary numbers with F representing 1111, four bits set to one. If a set of four bits is F, then that hash bucket is allocated to the client with the displayed ID. If a set of bits is 0, then it is not allocated to the client with the displayed ID.
Assigned Hash Info	The current state of the hash bucket assignment. The values show the state of each of the 256 hash buckets. If F is displayed, then that hash bucket is allocated to the client with the displayed ID. If a bit is 0 then it is not allocated to the client with the displayed ID. In this output all the bits in the assigned field are F, indicating that all traffic goes to that client. All 1's in the assigned field indicates there is only one client in the service group. If there were two clients in the group, half of the bits would have a value of F and the other half would have a value of 0 for each client, indicating that redirected traffic is divided equally between the two clients.
Hash Allotment	The percent of buckets assigned to the current cache engine. Both a value and a percent figure are displayed.
Packets Redirected	The number of packets that have been redirected to the cache engine.
Connect Time	The amount of time the cache engine has been connected to the router.

show ip wccp web-cache detail (Bypass Counters)

The following example displays web-cache engine information and WCCP router statistics that include the bypass counters:

Router# show ip wccp web-cache detail

WCCP Router information:

 IP Address:	10.168.88.10

 Protocol Version:	2.0

WCCP Client Information

 IP Address:	10.168.88.11

 Protocol Version:	2.0

 State:	Usable

 Initial Hash Info:	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

 Assigned Hash Info:	FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

 Hash Allotment:	256 (100.00%)

 Packets Redirected:	21345

 Connect Time:	00:13:46

Bypassed Packets

 Process:             0

 Fast:                0

 CEF:                 250

Table 42 describes the significant fields shown in the display.

Table 42 show ip wccp web-cache detail Field Descriptions 

Field	Description
WCCP Router information	The header for the area that contains fields for the IP address and the version of WCCP associated with the router connected to the cache engine in the service group.
IP Address	The IP address of the router connected to the cache engine in the service group.
Protocol Version	The version of WCCP that is being used by the router in the service group.
WCCP Client Information	The header for the area that contains fields for information on clients.
IP Address	The IP address of the cache engine in the service group.
Protocol Version	The version of WCCP that is being used by the cache engine in the service group.
State	Indicates whether the cache engine is operating properly and can be contacted by a router and other cache engines in the service group.
Initial Hash Info	The initial state of the hash bucket assignment.
Assigned Hash Info	The current state of the hash bucket assignment.
Hash Allotment	The percent of buckets assigned to the current cache engine. Both a value and a percent figure are displayed.
Packets Redirected	The number of packets that have been redirected to the cache engine.
Connect Time	The amount of time the cache engine has been connected to the router.
Bypassed Packets	The number of packets that have been bypassed. Process, fast, and Cisco Express Forwarding (CEF) are switching paths within Cisco IOS software.

Related Commands

Command	Description
clear ip wccp	Clears the counter for packets redirected using WCCP.
ip wccp	Enables WCCP on a router and specifies the type of services to be used.
ip wccp redirect	Enables packet redirection on an outbound or inbound interface using WCCP.
ip wccp web-cache accelerated	Enables the hardware acceleration for WCCP version 1.
show ip interface	Lists a summary of the IP information and status of an interface.

show ip wccp web-caches

The show ip wccp web-caches command has been replaced by the show ip wccp web-cache detail command. See the description of the show ip wccp command in this book for more information.

Command History

Release	Modification
11.2P, 11.1CA, 12.0	This command was introduced.
12.1	This command was replaced by the show ip wccp command.

show standby

To display Hot Standby Router Protocol (HSRP) information, use the show standby command in user EXEC or privileged EXEC mode.

show standby [type number [group-number]] [active | init | listen | standby] [brief]

Syntax Description

type number	(Optional) Interface type and number for which output is displayed.
group-number	(Optional) Group number on the interface for which output is displayed.
active	(Optional) Displays HSRP groups in the active state.
init	(Optional) Displays HSRP groups in the initial state.
listen	(Optional) Displays HSRP groups in the listen or learn state.
standby	(Optional) Displays HSRP groups in the standby or speak state.
brief	(Optional) Summarizes each standby group in a single line of output .

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
10.0	This command was introduced.
12.1(3)T	The following keywords were added: •active •init •listen •standby
12.2(8)T	The output for this command was made clearer and easier to understand.
12.3(2)T	The output was enhanced to display information about Message Digest 5 (MD5) authentication.
12.3(4)T	The output was enhanced to display information about HSRP version 2.

Examples

The following is sample output from the show standby command when HSRP version 1 is configured:

Router# show standby

Ethernet0/1 - Group 1

  State is Active

    2 state changes, last state change 00:30:59

  Virtual IP address is 10.1.0.20

    Secondary virtual IP address 10.1.0.21

  Active virtual MAC address is 0004.4d82.7981

    Local virtual MAC address is 0004.4d82.7981 (bia)

  Hello time 4 sec, hold time 12 sec

    Next hello sent in 1.412 secs

  Preemption enabled, min delay 50 sec, sync delay 40 sec

  Active router is local

  Standby router is 10.1.0.6, priority 75 (expires in 9.184 sec)

  Priority 95 (configured 120)

    Tracking 2 objects, 0 up

      Down Interface Ethernet0/2, pri 15

      Down Interface Ethernet0/3

  IP redundancy name is "HSRP1", advertisement interval is 34 sec

The following is sample output from the show standby command with an interface and the brief and init keywords specified:

Router# show standby ethernet0/1 1 init brief

Interface   Grp Prio P State    Active addr     Standby addr    Group addr     

Et0         1 120    Init     10.0.0.1        unknown         10.0.0.12 

The following is sample output from the show standby command when HSRP MD5 authentication is configured:

Router# show standby

Ethernet0/1 - Group 1

  State is Active

    5 state changes, last state change 00:17:27

  Virtual IP address is 10.21.0.10

  Active virtual MAC address is 0000.0c07.ac01

    Local virtual MAC address is 0000.0c07.ac01 (default)

  Hello time 3 sec, hold time 10 sec

    Next hello sent in 2.276 secs

  Authentication MD5, key-string "f33r45", timeout 30 secs

  Preemption enabled

  Active router is local

  Standby router is unknown

  Priority 110 (configured 110)

  IP redundancy name is "hsrp-Et0/1-1" (default)

The following is sample output from the show standby command when HSRP version 2 is configured:

Router# show standby

Ethernet0/1 - Group 1 (version 2)

  State is Speak

  Virtual IP address is 10.21.0.10

  Active virtual MAC address is unknown

   Local virtual MAC address is 0000.0c9f.f001 (v2 default)

  Hello time 3 sec, hold time 10 sec

   Next hello sent in 1.804 secs

  Preemption enabled

  Active router is unknown

  Standby router is unknown

  Priority 20 (configured 20)

  IP redundancy name is "hsrp-Et0/1-1" (default)

Ethernet0/2 - Group 1

  State is Speak

  Virtual IP address is 10.22.0.10

  Active virtual MAC address is unknown

    Local virtual MAC address is 0000.0c07.ac01 (v1 default)

  Hello time 3 sec, hold time 10 sec

    Next hello sent in 1.804 secs

  Preemption disabled

  Active router is unknown

  Standby router is unknown

  Priority 90 (default 100)

    Track interface Serial2/0 state Down decrement 10

  IP redundancy name is "hsrp-Et0/2-1" (default)

Table 43 describes the significant fields shown in the displays.

Table 43 show standby Field Descriptions 

Field	Description
Ethernet - Group	Interface type and number and Hot Standby group number for the interface. If HSRP version 2 is configured, the version number is shown in parentheses.
State is	State of the local router; can be one of the following: •Active—Indicates the current Hot Standby router. •Standby—Indicates the router next in line to be the Hot Standby router. •Speak—Router is sending packets to claim the active or standby role. •Listen—Router is not in the active nor standby state, but if no messages are received from the active or standby router, it will start to speak. •Init or Disabled—Router is not yet ready or able to participate in HSRP, possibly because the associated interface is not up. HSRP groups configured on other routers on the network that are learned via snooping are displayed as being in the Init state. Locally configured groups with an interface that is down or groups without a specified interface IP address appear in the Init state. For these cases, the Active addr and Standby addr fields will show "unknown." The state is listed as disabled in the fields when the standby ip command has not been specified.
Virtual IP address is, Secondary virtual IP address	All secondary virtual IP addresses are listed on separate lines. If one of the virtual IP addresses is a duplicate of an address configured for another device, it will be marked as "duplicate." A duplicate address indicates that the router has failed to defend its Address Resolution Protocol (ARP) cache entry.
Active virtual MAC address is	Virtual MAC address being used by the current active router.
Local virtual MAC address is	Virtual MAC address that would be used if this router became the active router. The origin of this address (displayed in parentheses) can be "default," "bia," (burned-in address) or "confgd" (configured).
Hello time, hold time	The hello time is the time between hello packets (in seconds) based on the standby timers command. The hold time is the time (in seconds) before other routers declare the active or standby router to be down, based on the standby timers command. All routers in an HSRP group use the hello-time and hold-time values of the current active router. If the locally configured values are different, the variance appears in parentheses after the hello-time and hold-time values.
Next hello sent in	Time at which the Cisco IOS software will send the next hello packet (in hours:minutes:seconds).
Authentication	Authentication type configured based on the standby authentication command.
key-string	Key string used for authentication. Key chains are displayed if configured.
timeout	Duration (in seconds) for which HSRP will accept message digests based on both the old and new keys.
Preemption enabled, sync delay	Indicates whether preemption is enabled. If enabled, the minimum delay is the time a higher-priority nonactive router will wait before preempting the lower-priority active router. The sync delay is the maximum time (in seconds) a group will wait to synchronize with the IP redundancy clients.
Active router is	Value can be "local," "unknown," or an IP address. Address (and the expiration date of the address) of the current active Hot Standby router.
Standby router is	Value can be "local," "unknown," or an IP address. Address (and the expiration date of the address) of the "standby" router (the router that is next in line to be the Hot Standby router).
expires in	Time (in hours:minutes:seconds) in which the standby router will no longer be the standby router if the local router receives no hello packets from it.
Tracking	List of interfaces that are being tracked and their corresponding states. Based on the standby track command.
IP redundancy name is	Name of the IP redundancy service. The default name is derived from the interface and group number.

Related Commands

Command	Description
standby authentication	Configures an authentication string for HSRP.
standby ip	Activates HSRP.
standby mac-address	Specifies the virtual MAC address for the virtual router.
standby mac-refresh	Refreshes the MAC cache on the switch by periodically sending packets from the virtual MAC address.
standby preempt	Configures HSRP preemption and preemption delay.
standby priority	Configures Hot Standby priority of potential standby routers.
standby timers	Configures the time between hello messages and the time before other routers declare the active Hot Standby or standby router to be down.
standby track	Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.
standby use-bia	Configures HSRP to use the BIA of the interface as its virtual MAC address, instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring).

show standby delay

To display Hot Standby Router Protocol (HSRP) information about delay periods, use the show standby delay command in user EXEC or privileged EXEC mode.

show standby delay [type number]

Syntax Description

type number

(Optional) Interface type and number for which output is displayed.

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
12.2	This command was introduced.

Examples

The following is sample output from the show standby delay command:

Router# show standby delay

 Interface          Minimum Reload 

 Ethernet0/3        1       5 

Related Commands

Command	Description
standby delay minimum reload	Delays the initialization of HSRP groups.

show standby redirect

To display Internet Control Message Protocol (ICMP) redirect information on interfaces configured with the Hot Standby Router Protocol (HSRP), use the show standby redirect command in user EXEC or privileged EXEC mode.

show standby redirect [ip-address] [interface-type interface-number] [active] [passive] [timers]

Syntax Description

ip-address	(Optional) Router IP address.
interface-type interface-number	(Optional) Interface type and number for which output is displayed.
active	(Optional) Active HSRP routers on the subnet.
passive	(Optional) Passive HSRP routers on the subnet.
timers	(Optional) HSRP ICMP redirect timers.

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
12.2	This command was introduced.

Examples

The following is sample output from the show standby direct command with no optional keywords:

Router# show standby redirect 

Interface          Redirects Unknown   Adv      Holddown

Ethernet0/2        enabled   enabled   30       180     

Ethernet0/3        enabled   disabled  30       180     

Active          Hits   Interface          Group Virtual IP      Virtual MAC   

10.19.0.7       0      Ethernet0/2        3     10.19.0.13      0000.0c07.ac03

local           0      Ethernet0/3        1     10.20.0.11      0000.0c07.ac01

local           0      Ethernet0/3        2     10.20.0.12      0000.0c07.ac02

Passive         Hits   Interface          Expires in

10.19.0.6       0      Ethernet0/2        151.800   

Table 44 describes the significant fields in the display.

Table 44 show standby redirect Field Descriptions 

Field	Description
Interface	Interface type and number for the interface.
Redirects	Indicates whether redirects are enabled or disabled on the interface.
Unknown	Indicates whether redirects to an unknown router are enabled or disabled on the interface.
Adv	Number indicating the passive router advertisement interval in seconds.
Holddown	Number indicating the passive router hold interval in seconds.
Active	Active HSRP routers on the subnet.
Hits	Number of address translations required for ICMP information.
Interface	Interface type and number for the interface on the active router.
Group	Hot standby group number.
Virtual IP	Virtual IP address of the active HSRP router.
Virtual MAC	Virtual MAC address of the active HSRP router.
Passive	Passive HSRP routers on the subnet.
Hits	Number of address translations required for ICMP information.
Interface	Interface type and number for the interface on the passive router.
Expires in	Time in seconds for a virtual IP to expire and the holddown time to apply for filtering routes to the standby router.

The following is sample output from the show standby direct command with a specific interface Ethernet 0/3:

Router# show standby redirect e0/3

Interface          Redirects Unknown   Adv      Holddown

Ethernet0/3        enabled   disabled  30       180     

Active          Hits   Interface          Group Virtual IP      Virtual MAC   

local           0      Ethernet0/3        1     10.20.0.11      0000.0c07.ac01

local           0      Ethernet0/3        2     10.20.0.12      0000.0c07.ac02

The following is sample output from the show standby direct command showing all active routers on interface Ethernet 0/3:

Router# show standby redirect e0/3 active 

Active          Hits   Interface          Group Virtual IP      Virtual MAC   

local           0      Ethernet0/3        1     10.20.0.11      0000.0c07.ac01

local           0      Ethernet0/3        2     10.20.0.12      0000.0c07.ac02

The following is sample output from the show standby direct ip-address command, where the IP address is the real IP address of the router:

Router# show standby redirect 10.19.0.7 

Active          Hits   Interface          Group Virtual IP      Virtual MAC   

10.19.0.7       0      Ethernet0/2        3     10.19.0.13      0000.0c07.ac03

Related Commands

Command	Description
show standby	Displays the HSRP information.
standby redirects	Enables ICMP redirect messages to be sent when HSRP is configured on an interface.

show tcp statistics

To display TCP statistics, use the show tcp statistics command in user EXEC or privileged EXEC mode.

show tcp statistics

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
11.3	This command was introduced.

Examples

The following is sample output from the show tcp statistics command:

Router# show tcp statistics

Rcvd: 210 Total, 0 no port

      0 checksum error, 0 bad offset, 0 too short

      132 packets (26640 bytes) in sequence

      5 dup packets (502 bytes)

      0 partially dup packets (0 bytes)

      0 out-of-order packets (0 bytes)

      0 packets (0 bytes) with data after window

      0 packets after close

      0 window probe packets, 0 window update packets

      0 dup ack packets, 0 ack packets with unsend data

      69 ack packets (3044 bytes)

Sent: 175 Total, 0 urgent packets

      16 control packets (including 1 retransmitted)

      69 data packets (3029 bytes)

      0 data packets (0 bytes) retransmitted

      73 ack only packets (49 delayed)

      0 window probe packets, 17 window update packets

7 Connections initiated, 1 connections accepted, 8 connections established

8 Connections closed (including 0 dropped, 0 embryonic dropped)

1 Total rxmt timeout, 0 connections dropped in rxmt timeout

0 Keepalive timeout, 0 keepalive probe, 0 Connections dropped in keepalive

Table 45 describes the significant fields shown in the display.

Table 45 show tcp statistics Field Descriptions 

Field	Description
Rcvd:	Statistics in this section refer to packets received by the router.
Total	Total number of TCP packets received.
no port	Number of packets received with no port.
checksum error	Number of packets received with checksum error.
bad offset	Number of packets received with bad offset to data.
too short	Number of packets received that were too short.
packets in sequence	Number of data packets received in sequence.
dup packets	Number of duplicate packets received.
partially dup packets	Number of packets received with partially duplicated data.
out-of-order packets	Number of packets received out of order.
packets with data after window	Number of packets received with data that exceeded the window size of the receiver.
packets after close	Number of packets received after the connection was closed.
window probe packets	Number of window probe packets received.
window update packets	Number of window update packets received.
dup ack packets	Number of duplicate acknowledgment packets received.
ack packets with unsend data	Number of acknowledgment packets received with unsent data.
ack packets	Number of acknowledgment packets received.
Sent:	Statistics in this section refer to packets sent by the router.
Total	Total number of TCP packets sent.
urgent packets	Number of urgent packets sent.
control packets	Number of control packets (SYN, FIN, or RST) sent.
data packets	Number of data packets sent.
data packets retransmitted	Number of data packets re-sent.
ack only packets	Number of packets sent that are acknowledgments only.
window probe packets	Number of window probe packets sent.
window update packets	Number of window update packets sent.
Connections initiated	Number of connections initiated.
connections accepted	Number of connections accepted.
connections established	Number of connections established.
Connections closed	Number of connections closed.
Total rxmt timeout	Number of times the router tried to resend, but timed out.
connections dropped in rxmit timeout	Number of connections dropped in the resend timeout.
Keepalive timeout	Number of keepalive packets in the timeout.
keepalive probe	Number of keepalive probes.
Connections dropped in keepalive	Number of connections dropped in the keepalive.

Related Commands

Command	Description
clear tcp statistics	Clears TCP statistics.

show time-range ipc

To display the statistics about the time-range interprocess communications (IPC) messages between the Route Processor and line card, use the show time-range ipc command in user EXEC or privileged EXEC mode.

show time-range ipc

Syntax Description

This command has no argument or keywords.

Defaults

No default behavior or values.

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
12.2(2)T	This command was introduced.

Usage Guidelines

The debug time-range ipc EXEC command must be enabled for the show time-range ipc command to display the time-range IPC message statistics.

Examples

The following is sample output from the show time-range ipc command:

Router# show time-range ipc

RP Time range Updates Sent  :3

RP Time range Deletes Sent  :2 

The display lists the number of time-range updates and time-range deletes sent by the Route Processor.

Related Commands

Command	Description
clear time-range ipc	Clears the time-range IPC message statistics and counters between the Route Processor and the line card.
debug time-range ipc	Enables debugging output for monitoring the time-range IPC messages between the Route Processor and the line card.

show track

To display tracking information, use the show track command in privileged EXEC mode.

show track [[object-number | brief] | [interface [brief] | ip route [brief] | resolution | timers]

Syntax Description

object-number	(Optional) Object number that represents the object to be tracked. Range is from 1 to 500.
brief	(Optional) Displays a single line of output.
interface	(Optional) Displays tracked interface objects. The brief keyword is optional and displays a single line of interface information.
ip route	(Optional) Displays tracked IP-route objects. The brief keyword is optional and displays a single line of route information. Range is from 1 to 500.
resolution	(Optional) Displays resolution of tracked parameters.
timers	(Optional) Displays polling interval timers.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.2(15)T	This command was introduced.
12.3(8)T	The output was enhanced to include the track-list objects.

Usage Guidelines

Use this command to display information about objects that are tracked by the tracking process. When no keywords are specified, information for all objects is displayed.

Examples

The following example shows information about the state of IP routing on the interface that is being tracked:

Router# show track 1

Track 1

 Interface Ethernet0/2 ip routing

 IP routing is Down (no IP addr)

  1 change, last change 00:01:08

 Tracked by:

  HSRP Ethernet0/3 1

The following example shows information about the line-protocol state on the interface that is being tracked:

Router# show track 1

Track 1

 Interface Ethernet0/1 line-protocol

 Line protocol is Up

  1 change, last change 00:00:05

 Tracked by:

  HSRP Ethernet0/3 1

The following example shows information about the reachability of a route that is being tracked:

Router# show track 1

Track 1

 IP route 10.16.0.0 255.255.0.0 reachability

 Reachability is Up (RIP)

  1 change, last change 00:02:04

 First-hop interface is Ethernet0/1

 Tracked by:

  HSRP Ethernet0/3 1

The following example shows information about the threshold metric of a route that is being tracked:

Router# show track 1

Track 1

 IP route 10.16.0.0 255.255.0.0 metric threshold

 Metric threshold is Up (RIP/6/102)

  1 change, last change 00:00:08

 Metric threshold down 255 up 254

 First-hop interface is Ethernet0/1

 Tracked by:

  HSRP Ethernet0/3 1

The following example shows the object type, the interval in which it is polled, and the time until the next poll:

Router# show track timers

 Object type   Poll Interval  Time to next poll

 interface     1              expired

 ip route      30             29.364

Table 2 describes the significant fields shown in the displays.

Table 46 show track Field Descriptions 

Field	Description
Track	Object number that is tracked.
Interface Ethernet0/2 ip routing	Interface type, number, and object that is tracked.
IP routing is	State value of the object, displayed as Up or Down. If the object is down, the reason is displayed.
1 change, last change	Number of times the state of a tracked object has changed and the time (in hh:mm:ss) since the last change.
Tracked by	Client process that is tracking the object.
First-hop interface is	Displays the first-hop interface.
Object type	Object type that is being tracked.
Poll Interval	Interval (in seconds) in which the tracking process polls the object.
Time to next poll	Period of time until the next polling of the object.

The following output shows that there are two objects. Object 1 has been configured with a weight of 10 "down," and object 2 has been configured with a weight of 20 "up." Object 1 is down (expressed as 0/10) and object 2 is up. The total weight of the tracked list is 20 with a maximum of 30 (expressed as 20/30). The "up" threshold is 20, so the list is "up."

Router# show track

 Track 6

 List threshold weight

  Threshold weight is Up (20/30)

   1 change, last change 00:00:08

   object 1 Down (0/10)

   object 2 weight 20 Up (20/30)

  Threshold weight down 10 up 20

   Tracked by:

    HSRP Ethernet0/3 1

The following example shows information about the Boolean configuration:

Router# show track

 Track 3

 List boolean and 

 Boolean AND is Down

  1 change, last change 00:00:08

   object 1 not Up

   object 2 Down

 Tracked by:

  HSRP Ethernet0/3 1

Table 47 describes the significant fields shown in the displays.

Table 47 show track Field Descriptions 

Field	Description
Track	Object number that is tracked.
Boolean AND is Down
1 change, last change	Number of times the state of a tracked object has changed and the time (in hh:mm:ss) since the last change.
Tracked by	Client process that is tracking the object; in this case, HSRP.

Related Commands

Command	Description
track interface	Configures an interface to be tracked and enters tracking configuration mode.
track ip route	Tracks the state of an IP route and enters tracking configuration mode.

show vrrp

To display a brief or detailed status of one or all configured Virtual Router Redundancy Protocol (VRRP) groups on the router, use the show vrrp command in privileged EXEC mode.

show vrrp [brief | group]

Syntax Description

brief	(Optional) Provides a summary view of the group information.
group	(Optional) Virtual router group number of the group for which information is to be displayed. The group number is configured with the vrrp ip command.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.0(18)ST	This command was introduced.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.3(2)T	This command was enhanced to display the state of a tracked object.
12.3(14)T	This command was enhanced to display MD5 authentication for a VRRP using text strings, key chains or key strings.

Usage Guidelines

If no group is specified, all groups are displayed.

Examples

The following is sample output from the show vrrp command:

Router# show vrrp

Ethernet1/0 - Group 1 

State is Master 

Virtual IP address is 10.2.0.10 

Virtual MAC address is 0000.5e00.0101 

Advertisement interval is 3.000 sec 

Preemption is enabled 

 min delay is 0.000 sec 

Priority 100 

 Track object 1 state down decrement 15

Master Router is 10.2.0.1 (local), priority is 100 

Master Advertisement interval is 3.000 sec 

Master Down interval is 9.609 sec

Ethernet1/0 - Group 2 

State is Master 

Virtual IP address is 10.0.0.20 

Virtual MAC address is 0000.5e00.0102 

Advertisement interval is 1.000 sec 

Preemption is enabled 

 min delay is 0.000 sec 

Priority 95 

Master Router is 10.0.0.1 (local), priority is 95 

Master Advertisement interval is 1.000 sec 

Master Down interval is 3.628 sec

Table 48 describes the significant fields shown in the display.

Table 48 show vrrp Field Descriptions

Field	Description
Ethernet1/0 - Group	Interface type and number, and VRRP group number.
State is	Role this interface plays within VRRP (master or backup).
Virtual IP address is	Virtual IP address for this group.
Virtual MAC address is	Virtual MAC address for this group.
Advertisement interval is	Interval at which the router will send VRRP advertisements when it is the master virtual router. This value is configured with the vrrp timers advertise command.
Preemption is	Preemption is either enabled or disabled.
Track object	Object number representing the object to be tracked.
state	State value (up or down) of the object being tracked.
decrement	Amount by which the priority of the router is decremented (or incremented) when the tracked object goes down (or comes back up).
Priority	Priority of the interface.
Master Router is	IP address of the current master virtual router.
priority is	Priority of the current master virtual router.
Master Advertisement interval is	Advertisement interval of the master virtual router.
Master Down interval is	Calculated time that the master virtual router can be down before the backup virtual router takes over.

The following is sample output from the show vrrp command with the brief keyword:

Router# show vrrp brief

Interface	     Grp  Prio   Time   Own  Pre  State    Master addr    Group addr

Ethernet1/0    1   100    3609          P  Master   1.0.0.4        1.0.0.10

Ethernet1/0    2   105    3589          P  Master   1.0.0.4        1.0.0.20

Table 49 describes the fields shown in the display.

Table 49 show vrrp brief Field Descriptions 

Field	Description
Interface	Interface type and number.
Grp	VRRP group to which this interface belongs.
Prio	VRRP priority number for this group.
Time	Calculated time that the master virtual router can be down before the backup virtual router takes over.
Own	IP address owner.
Pre	Preemption status. P indicates that preemption is enabled. If this field is empty, preemption is disabled.
State	Role this interface plays within VRRP (master or backup).
Master addr	IP address of the master virtual router.
Group addr	IP address of the virtual router.

The following sample output shows the MD5 authentication for a VRRP group using a key string:

Router# show vrrp

Ethernet0/1 - Group 1

State is Master

Virtual IP address is 10.21.0.10

Virtual MAC address is 0000.5e00.0101

Advertisement interval is 1.000 sec

Preemption is enabled

 min delay is 0.000 sec

Priority is 100

Authentication MD5, key-string "f00b4r"

Master Router is 10.21.0.1 (local), priority is 100

Master Advertisement interval is 1.000 sec

Master Down interval is 3.609 sec

See Table 48 for descriptions of the significant fields in the output.

Related Commands

Command	Description
vrrp ip	Enables VRRP on an interface and identifies the IP address of the virtual router.

show vrrp interface

To display the Virtual Router Redundancy Protocol (VRRP) groups and their status on a specified interface, use the show vrrp interface command in user EXEC or privileged EXEC mode.

show vrrp interface type number [brief]

Syntax Descriptioninter

type	Interface type.
number	Interface number.
brief	(Optional) Provides a summary view of the group information

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
12.0(18)ST	This command was introduced.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.

Examples

The following is sample output from the show vrrp interface command:

Router# show vrrp interface ethernet 1/0

Ethernet1/0 - Group 1 

State is Master 

Virtual IP address is 10.2.0.10 

Virtual MAC address is 0000.5e00.0101 

Advertisement interval is 3.000 sec 

Preemption is enabled 

min delay is 0.000 sec 

Priority 100 

Master Router is 10.2.0.1 (local), priority is 100 

Master Advertisement interval is 3.000 sec 

Master Down interval is 9.609 sec

Ethernet1/0 - Group 2 

State is Master 

Virtual IP address is 10.0.0.20 

Virtual MAC address is 0000.5e00.0102 

Advertisement interval is 1.000 sec 

Preemption is enabled 

min delay is 0.000 sec 

Priority 95 

Master Router is 10.0.0.1 (local), priority is 95 

Master Advertisement interval is 1.000 sec 

Master Down interval is 3.628 sec

Related Commands

Command	Description
vrrp ip	Enables VRRP and identifies the IP address of the virtual router.

standby authentication

To configure an authentication string for the Hot Standby Router Protocol (HSRP), use the standby authentication command in interface configuration mode. To delete an authentication string, use the no form of this command.

standby [group-number] authentication {text string | md5 {key-string [0 | 7] key [timeout seconds] | key-chain name-of-chain}} 

no standby [group-number] authentication {text string | md5 {key-string [0 | 7] key [timeout seconds] | key-chain name-of-chain}}

Syntax Description

group-number	(Optional) Group number on the interface to which this authentication string applies.
text string	Authentication string. It can be up to eight characters long. The default string is cisco.
md5	Message Digest 5 (MD5) authentication.
key-string key	Specifies the secret key for MD5 authentication. The key can contain up to 64 characters. We recommend using at least 16 characters.
0	(Optional) Unencrypted key. If no prefix is specified, the text also is unencrypted.
7	(Optional) Encrypted key.
timeout seconds	(Optional) Duration in seconds that HSRP will accept message digests based on both the old and new keys.
key-chain name-of-chain	Identifies a group of authentication keys.

Defaults

The default group number is 0. The default text authentication string is cisco.

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.
12.1	The text keyword was added.
12.3(2)T	The md5 keyword and associated parameters were added.

Usage Guidelines

The authentication string is sent unencrypted in all HSRP messages when using the standby authentication text string option. The same authentication string must be configured on all routers and access servers on a cable to ensure interoperation. Authentication mismatch prevents a device from learning the designated Hot Standby IP address and the Hot Standby timer values from other routers configured with HSRP.

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

If password encryption is configured with the service password-encryption command, the software saves the key string as encrypted text.

The timeout seconds is the duration that the HSRP group will accept message digests based on both the old and new keys. This allows time for configuration of all routers in a group with the new key. HSRP route flapping can be minimized by changing the keys on all the routers, provided that the active router is changed last. The active router should have its key string changed no later than one holdtime period, specified by the standby timers interface configuration command, after the non-active routers. This procedure ensures that the non-active routers do not time out the active router.

Examples

The following example configures "company1" as the authentication string required to allow Hot Standby routers in group 1 to interoperate:

interface ethernet 0

 standby 1 authentication text company1

The following example configures MD5 authentication using a key string named "345890":

!

interface Ethernet0/1

 standby 1 ip 10.21.0.12

 standby 1 priority 110

 standby 1 preempt

 standby 1 authentication md5 key-string 345890 timeout 30

The following example configures MD5 authentication using a key chain. HSRP queries the key chain "hsrp1" to obtain the current live key and key ID for the specified key chain:

key chain hsrp1

 key 1

  key-string 543210

interface Ethernet0/1

 standby 1 ip 10.21.0.10

 standby 1 priority 110

 standby 1 preempt

 standby 1 authentication md5 key-chain hsrp1

Related Commands

Command	Description
service password-encryption	Encrypts passwords.
standby timers	Configures the time between hello packets and the time before other routers declare the active Hot Standby or standby router to be down.

standby delay minimum reload

To configure the delay period before the initialization of Hot Standby Router Protocol (HSRP) groups, use the standby delay minimum reload command in interface configuration mode. To disable the delay period, use the no form of this command.

standby delay minimum min-delay reload reload-delay

no standby delay minimum min-delay reload reload-delay

Syntax Description

min-delay	Minimum time (in seconds) to delay HSRP group initialization after an interface comes up. This minimum delay period applies to all subsequent interface events.
reload-delay	Time (in seconds) to delay after the router has reloaded. This delay period applies only to the first interface-up event after the router has reloaded.

Defaults

The default minimum delay is 1 second.
The default reload delay is 5 seconds.

Command Modes

Interface configuration

Command History

Release	Modification
12.2	This command was introduced.

Usage Guidelines

If the active router fails or is removed from the network, then the standby router will automatically become the new active router. If the former active router comes back online, you can control whether it takes over as the active router by using the standby preempt command.

However, in some cases, even if the standby preempt command is not configured, the former active router will resume the active role after it reloads and comes back online. Use the standby delay minimum reload command to set a delay period for HSRP group initialization. This command allows time for the packets to get through before the router resumes the active role.

We recommend that you use the standby delay minimum reload command if the standby timers command is configured in milliseconds or if HSRP is configured on a VLAN interface of a switch.

In most configurations, the default values provide sufficient time for the packets to get through and configuring longer delay values is not necessary.

The delay will be cancelled if an HSRP packet is received on an interface.

Examples

The following example sets the minimum delay period to 30 seconds and the delay period after the first reload to 120 seconds:

interface ethernet 0

 ip address 10.20.0.7 255.255.0.0

 standby delay minimum 30 reload 120

 standby 3 ip 10.20.0.21

 standby 3 timers msec 300 msec 700

 standby 3 priority 100

Related Commands

Command	Description
show standby delay	Displays HSRP information about delay periods.
standby preempt	Configures the HSRP preemption and preemption delay.
standby timers	Configures the time between hello packets and the time before other routers declare the active HSRP or standby router to be down.

standby ip

To activate the Hot Standby Router Protocol (HSRP), use the standby ip command in interface configuration mode. To disable HSRP, use the no form of this command.

standby [group-number] ip [ip-address [secondary]]

no standby [group-number] ip [ip-address]

Syntax Description

group-number	(Optional) Group number on the interface for which HSRP is being activated. The default is 0. The group number range is from 0 to 255 for HSRP version 1 and from 0 to 4095 for HSRP version 2.
ip-address	(Optional) IP address of the Hot Standby router interface.
secondary	(Optional) Indicates the IP address is a secondary Hot Standby router interface. Useful on interfaces with primary and secondary addresses; you can configure primary and secondary HSRP addresses.

Defaults

The default group number is 0.
HSRP is disabled by default.

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.
10.3	The group-number argument was added.
11.1	The secondary keyword was added.
12.3(4)T	The group number range was expanded for HSRP version 2.

Usage Guidelines

The standby ip command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the designated address is learned through the standby function. For HSRP to elect a designated router, at least one router on the cable must have been configured with, or have learned, the designated address. Configuration of the designated address on the active router always overrides a designated address that is currently in use.

When the standby ip command is enabled on an interface, the handling of proxy Address Resolution Protocol (ARP) requests is changed (unless proxy ARP was disabled). If the Hot Standby state of the interface is active, proxy ARP requests are answered using the MAC address of the Hot Standby group. If the interface is in a different state, proxy ARP responses are suppressed.

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

HSRP version 2 permits an expanded group number range from 0 to 4095. The increased group number range does not imply that an interface can, or should, support that many HSRP groups. The expanded group number range was changed to allow the group number to match the VLAN number on subinterfaces.

Examples

The following example activates HSRP for group 1 on Ethernet interface 0. The IP address used by the Hot Standby group will be learned using HSRP.

interface ethernet 0

 standby 1 ip

In the following example, all three virtual IP addresses appear in the ARP table using the same (single) virtual MAC address. All three virtual IP addresses are using the same HSRP group (group 0).

ip address 10.1.1.1. 255.255.255.0

ip address 10.2.2.2. 255.255.255.0 secondary

ip address 10.3.3.3. 255.255.255.0 secondary

ip address 10.4.4.4. 255.255.255.0 secondary

standby ip 10.1.1.254

standby ip 10.2.2.254 secondary

standby ip 10.3.3.254 secondary

standby mac-address

To specify a virtual MAC address for the Hot Standby Router Protocol (HSRP), use the standby mac-address command in interface configuration mode. To revert to the standard virtual MAC address (0000.0C07.ACxy), use the no form of this command.

standby [group-number] mac-address mac-address

no standby [group-number] mac-address

Syntax Description

group-number	(Optional) Group number on the interface for which HSRP is being activated. The default is 0.
mac-address	MAC address.

Defaults

If this command is not configured, and the standby use-bia command is not configured, the standard virtual MAC address is used: 0000.0C07.ACxy, where xy is the group number in hexadecimal. This address is specified in RFC 2281, Cisco Hot Standby Router Protocol (HSRP).

Command Modes

Interface configuration

Command History

Release	Modification
11.2	This command was introduced.

Usage Guidelines

This command cannot be used on a Token Ring interface.

HSRP is used to help end stations locate the first-hop gateway for IP routing. The end stations are configured with a default gateway. However, HSRP can provide first-hop redundancy for other protocols. Some protocols, such as Advanced Peer-to-Peer Networking (APPN), use the MAC address to identify the first hop for routing purposes. In this case, it is often necessary to be able to specify the virtual MAC address; the virtual IP address is unimportant for these protocols. Use the standby mac-address command to specify the virtual MAC address.

The MAC address specified is used as the virtual MAC address when the router is active.

This command is intended for certain APPN configurations. The parallel terms are shown in Table 50.

Table 50

APPN	IP
End node	Host
Network node	Router or gateway

Parallel Terms Between APPN and IP

In an APPN network, an end node is typically configured with the MAC address of the adjacent network node. Use the standby mac-address command in the routers to set the virtual MAC address to the value used in the end nodes.

Examples

If the end nodes are configured to use 4000.1000.1060 as the MAC address of the network node, the following example shows the command used to configure HSRP group 1 with the virtual MAC address:

standby 1 mac-address 4000.1000.1060

Related Commands

Command	Description
show standby	Displays HSRP information.
standby use-bia	Configures HSRP to use the burned-in address of the interface as its virtual MAC address.

standby mac-refresh

To change the interval at which packets are sent to refresh the MAC cache when the Hot Standby Router Protocol (HSRP) is running over FDDI, use the standby mac-refresh command in interface configuration mode. To restore the default value, use the no form of this command.

standby mac-refresh seconds

no standby mac-refresh

Syntax Description

seconds

Number of seconds in the interval at which a packet is sent to refresh the MAC cache. The maximum value is 255 seconds. The default is 10 seconds.

Defaults

Seconds: 10 seconds.

Command Modes

Interface configuration

Command History

Release	Modification
12.0	This command was introduced.

Usage Guidelines

This command applies to HSRP running over FDDI only. Packets are sent every 10 seconds to refresh the MAC cache on learning bridges or switches. By default, the MAC cache entries age out in 300 seconds (5 minutes).

All other routers participating in HSRP on the FDDI ring receive the refresh packets, although the packets are intended only for the learning bridge or switch. Use this command to change the interval. Set the interval to 0 if you want to prevent refresh packets (if you have FDDI but do not have a learning bridge or switch).

Examples

The following example changes the MAC refresh interval to 100 seconds. Therefore, a learning bridge would need to miss three packets before the entry ages out.

standby mac-refresh 100

standby name

To configure the name of the standby group, use the standby name command in interface configuration mode. To disable the name, use the no form of this command.

standby name group-name

no standby name group-name

Syntax Description

group-name

Specifies the name of the standby group.

Defaults

The Hot Standby Router Protocol (HSRP) is disabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.0(2)T	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

The name specifies the HSRP group used. The HSRP group name must be unique on the router.

Examples

The following example specifies the standby name as SanJoseHA:

interface ethernet0

 ip address 10.0.0.1 255.0.0.0

 standby ip 10.0.0.10

 standby name SanJoseHA

 standby preempt delay sync 100

 standby priority 110

Related Commands

Command	Description
ip mobile home-agent redundancy	Configures the home agent for redundancy.

standby preempt

To configure Hot Standby Router Protocol (HSRP) preemption and preemption delay, use the standby preempt command in interface configuration mode. To restore the default values, use the no form of this command.

standby [group-number] preempt [delay{minimum seconds | reload seconds | sync seconds}]

no standby [group-number] preempt [delay{minimum seconds | reload seconds | sync seconds}]

Syntax Description

group-number	(Optional) Group number on the interface to which the other arguments in this command apply.
delay	(Optional) Required if either the minimum, reload, or sync keywords are specified.
minimum seconds	(Optional) Specifies the minimum delay period in seconds. The seconds argument causes the local router to postpone taking over the active role for a minimum number of seconds since that router was last restarted. The range is from 0 to 3600 seconds (1 hour). The default is 0 seconds (no delay).
reload seconds	(Optional) Specifies the preemption delay, in seconds, after a reload only. This delay period applies only to the first interface-up event after the router has reloaded.
sync seconds	(Optional) Specifies the maximum synchronization period for IP redundancy clients in seconds.

Defaults

The default group number is 0.
The default delay is 0 seconds; if the router wants to preempt, it will do so immediately.
By default, the router that comes up later becomes the standby.

Command Modes

Interface configuration

Command History

Release	Modification
11.3	This command was introduced.
12.0(2)T	The minimum and sync keywords were added.
12.2	The behavior of the command changed such that standby preempt and standby priority must be entered as separate commands.
12.2	The reload keyword was added.
12.4(4)T	Support for IPv6 was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(31)SB2	This command was integrated into Cisco IOS Release 12.2(31)SB2.

Usage Guidelines

When this command is configured, the router is configured to preempt, which means that when the local router has a Hot Standby priority higher than the current active router, the local router should attempt to assume control as the active router. If preemption is not configured, the local router assumes control as the active router only if it receives information indicating no router is in the active state (acting as the designated router).

When a router first comes up, it does not have a complete routing table. If it is configured to preempt, it will become the active router, yet it is unable to provide adequate routing services. Solve this problem by configuring a delay before the preempting router actually preempts the currently active router.

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

IP redundancy clients can prevent preemption from taking place. The standby preempt delay sync seconds command specifies a maximum number of seconds to allow IP redundancy clients to prevent preemption. When this expires, then preemption takes place regardless of the state of the IP redundancy clients.

The standby preempt delay reload seconds command allows preemption to occur only after a router reloads. This provides stabilization of the router at startup. After this initial delay at startup, the operation returns to the default behavior.

The no standby preempt delay command will disable the preemption delay but preemption will remain enabled. The no standby preempt delay minimum seconds command will disable the minimum delay but leave any synchronization delay if it was configured.

When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:

Router(config-if)# standby 1 preempt delay minimum 300

    % Warning: This setting has no effect while following another group.

Examples

In the following example, the router will wait for 300 seconds (5 minutes) before attempting to become the active router:

interface ethernet 0

 standby ip 172.19.108.254

 standby preempt delay minimum 300 

standby priority

To configure Hot Standby Router Protocol (HSRP) priority, use the standby priority command in interface configuration mode. To restore the default values, use the no form of this command.

standby [group-number] priority priority

no standby [group-number] priority priority

Syntax Description

group-number	(Optional) Group number on the interface to which the other arguments in this command apply. The default group number is 0.
priority	Priority value that prioritizes a potential Hot Standby router. The range is from 1 to 255, where 1 denotes the lowest priority and 255 denotes the highest priority. The default priority value is 100. The router in the HSRP group with the highest priority value becomes the active router.

Defaults

The default group number is 0.
The default priority is 100.

Command Modes

Interface configuration

Command History

Release	Modification
11.3	This command was introduced.
12.2	The behavior of the command changed such that standby preempt and standby priority must be entered as separate commands.
12.4(4)T	Support for IPv6 was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(31)SB2	This command was integrated into Cisco IOS Release 12.2(31)SB2.

Usage Guidelines

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

The assigned priority is used to help select the active and standby routers. Assuming that preemption is enabled, the router with the highest priority becomes the designated active router. In case of ties, the primary IP addresses are compared, and the higher IP address has priority.

Note that the priority of the device can change dynamically if an interface is configured with the standby track command and another interface on the router goes down.

When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:

Router(config-if)# standby 1 priority 110

%Warning: This setting has no effect while following another group.

Examples

In the following example, the router has a priority of 120 (higher than the default value):

interface ethernet 0

 standby ip 172.19.108.254

 standby priority 120 

 standby preempt delay 300

Related Commands

Command	Description
standby track	Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.

standby redirects

To enable Hot Standby Router Protocol (HSRP) filtering of Internet Control Message Protocol (ICMP) redirect messages, use the standby redirects command in interface configuration mode. To disable the HSRP filtering of ICMP redirect messages, use the no form of this command.

standby redirects [enable | disable] [timers advertisement holddown] [unknown]

no standby redirects [unknown]

Syntax Description

enable	(Optional) Allows the filtering of ICMP redirect messages on interfaces configured with HSRP, where the next hop IP address may be changed to an HSRP virtual IP address.
disable	(Optional) Disables the filtering of ICMP redirect messages on interfaces configured with HSRP.
timers	(Optional) Adjusts HSRP router advertisement timers.
advertisement	(Optional) HSRP Router advertisement interval in seconds. This is an integer from 10 to 180. The default is 60 seconds.
holddown	(Optional) HSRP router holddown interval in seconds. This is an integer from 61 to 3600. The default is 180 seconds.
unknown	(Optional) Allows sending of ICMP packets when the next hop IP address contained in the packet is unknown in the HSRP table of real IP addresses and active virtual IP addresses. The no standby redirect unknown command stops the redirects from being sent.

Defaults

HSRP filtering of ICMP redirect messages is enabled if HSRP is configured on an interface.

Command Modes

Interface configuration

Command History

Release	Modification
12.1(3)T	This command was introduced.
12.2	The following keywords and arguments were added to the command: •timers advertisement holdtime •unknown

Usage Guidelines

The standby redirects command can be configured globally or on a per-interface basis. When HSRP is first configured on an interface, the setting for that interface will inherit the global value. If the filtering of ICMP redirects is explicitly disabled on an interface, then the global command cannot reenable this functionality.

The no standby redirects command is the same as the standby redirects disable command. However, it is not desirable to save the no form of this command to NVRAM. Because the command is enabled by default, it is preferable to use the standby redirects disable command to disable the functionality.

With the standby redirects command enabled, the real IP address of a router can be replaced with a virtual IP address in the next hop address or gateway field of the redirect packet. HSRP looks up the next hop IP address in its table of real IP addresses versus virtual IP addresses. If HSRP does not find a match, the HSRP router allows the redirect packet to go out unchanged. The host HSRP router is redirected to a router that is unknown, that is, a router with no active HSRP groups. You can specify the no standby redirects unknown command to stop these redirects from being sent.

Examples

The following example shows how to allow HSRP to filter ICMP redirect messages on interface Ethernet 0:

Router(config)# interface ethernet 0

Router(config-if)# ip address 10.0.0.1 255.0.0.0

Router(config-if)# standby redirects

Router(config-if)# standby 1 ip 10.0.0.11

The following example shows how to change the HSRP router advertisement interval to 90 seconds and the holddown timer to 270 seconds on interface Ethernet 0:

Router(config)# interface ethernet 0

Router(config-if)# ip address 10.0.0.1 255.0.0.0

Router(config-if)# standby redirects timers 90 270

Router(config-if)# standby 1 ip 10.0.0.11

Related Commands

Command	Description
show standby	Displays the HSRP information.
show standby redirect	Displays ICMP redirect information on interfaces configured with the HSRP.

standby sso

To enable the Hot Standby Router Protocol (HSRP) Stateful Switchover (SSO), use the standby sso command in global configuration mode. To disable HSRP SSO, use the no form of this command.

standby sso

no standby sso

Syntax Description

This command has no arguments or keywords.

Defaults

This command is enabled.

Command Modes

Global configuration

Command History

Release	Modification
12.2(25)S	This command was introduced.

Usage Guidelines

Use the standby sso command to enable HSRP SSO. This is the default when redundancy mode SSO is configured. When standby SSO is enabled, traffic sent using an HSRP virtual IP address continues through the HSRP group member using the current path while a Route Processor (RP) switchover occurs. The HSRP state is maintained and kept synchronized across the redundant RPs within the chassis.

If you want the traffic to switch to a redundant device (another chassis) even though the redundant RP is capable of taking over, then the feature can be disabled by using the no form of the command. If the command is disabled and if the primary HSRP router fails, the HSRP state is not maintained across RP switchover and traffic targeted to the HSRP virtual IP address is handled by the standby HSRP router.

Examples

The following example shows how to reenable standby SSO for HSRP if it has been disabled:

standby sso

Related Commands

Command	Description
debug standby events	Displays standby events related to HSRP.
show standby	Displays HSRP information.

standby timers

To configure the time between hello packets and the time before other routers declare the active Hot Standby or standby router to be down, use the standby timers command in interface configuration mode. To restore the timers to their default values, use the no form of this command.

standby [group-number] timers [msec] hellotime [msec] holdtime

no standby [group-number] timers [msec] hellotime [msec] holdtime

Syntax Description

group-number	(Optional) Group number on the interface to which the timers apply. The default is 0.
msec	(Optional) Interval in milliseconds. Millisecond timers allow for faster failover.
hellotime	Hello interval (in seconds). This is an integer from 1 to 254. The default is 3 seconds. If the msec option is specified, hello interval is in milliseconds. This is an integer from 15 to 999.
holdtime	Time (in seconds) before the active or standby router is declared to be down. This is an integer from x to 255. The default is 10 seconds. If the msec option is specified, holdtime is in milliseconds. This is an integer from y to 3000. Where: •x is the hellotime + 50 milliseconds, then rounded up to the nearest 1 second • y is greater than or equal to 3 times the hellotime and is not less than 50 milliseconds.

Defaults

The default group number is 0.
The default hello interval is 3 seconds.
The default hold time is 10 seconds.

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.
11.2	The msec keyword was added.
12.2	The minimum values of hellotime and holdtime in milliseconds changed.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(31)SB2	This command was integrated into Cisco IOS Release 12.2(31)SB2.

Usage Guidelines

The standby timers command configures the time between standby hello packets and the time before other routers declare the active or standby router to be down. Routers or access servers on which timer values are not configured can learn timer values from the active or standby router. The timers configured on the active router always override any other timer settings. All routers in a Hot Standby group should use the same timer values. Normally, holdtime is greater than or equal to 3 times the value of hellotime. The range of values for holdtime force the holdtime to be greater than the hellotime. If the timer values are specified in milliseconds, the holdtime is required to be at least three times the hellotime value and not less than 50 milliseconds.

Some HSRP state flapping can occasionally occur if the holdtime is set to less than 250 milliseconds, and the processor is busy. It is recommended that holdtime values less than 250 milliseconds be used on Cisco 7200 platforms or better, and on Fast-Ethernet or FDDI interfaces or better. Setting the process-max-time command to a suitable value may also help with flapping.

The value of the standby timer will not be learned through HSRP hellos if it is less than 1 second.

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:

Router(config-if)# standby 1 timers 5 15

    % Warning: This setting has no effect while following another group.

Examples

The following example sets, for group number 1 on Ethernet interface 0, the time between hello packets to 5 seconds, and the time after which a router is considered to be down to 15 seconds:

interface ethernet 0

 standby 1 ip 

 standby 1 timers 5 15 

The following example sets, for the Hot Router interface located at 172.19.10.1 on Ethernet interface 0, the time between hello packets to 300 milliseconds, and the time after which a router is considered to be down to 900 milliseconds:

interface ethernet 0

 standby ip 172.19.10.1 

 standby timers msec 300 msec 900 

The following example sets, for the Hot Router interface located at 172.18.10.1 on Ethernet interface 0, the time between hello packets to 15 milliseconds, and the time after which a router is considered to be down to 50 milliseconds. Note that the holdtime is larger than three times the hellotime because the minimum holdtime value in milliseconds is 50.

interface ethernet 0

 standby ip 172.18.10.1 

 standby timers msec 15 msec 50 

standby track

To configure the Hot Standby Router Protocol (HSRP) to track an object and change the Hot Standby priority on the basis of the state of the object, use the standby track command in interface configuration mode. To remove the tracking, use the no form of this command.

Cisco IOS Release 12.2(15)T and Later Releases

standby [group-number] track object-number [decrement priority-decrement]

no standby [group-number] track object-number [decrement priority-decrement]

Cisco IOS Release 12.2(13)T and Earlier Releases

standby [group-number] track interface-type interface-number [interface-priority]

no standby [group-number] track interface-type interface-number [interface-priority]

Syntax Description

group-number	(Optional) Group number to which the tracking applies.
object-number	Object number that represents the object to be tracked. Range is from 1 to 500. Default is 1.
decrement priority-decrement	(Optional) Amount by which the Hot Standby priority for the router is decremented (or incremented) when the tracked object goes down (or comes back up). Range is from 1 to 255. Default is 10.
interface-type	Interface type (combined with interface number) that will be tracked.
interface-number	Interface number (combined with interface type) that will be tracked.
interface-priority	(Optional) Amount by which the Hot Standby priority for the router is decremented (or incremented) when the interface goes down (or comes back up). Range is from 0 to 255. Default is 10.

Defaults

There is no tracking.

Command Modes

Interface configuration

Command History

Release	Modification
10.3	This command was introduced.
12.2(15)T	This command was enhanced to allow HSRP to track objects other than the interface line-protocol state.

Usage Guidelines

This command ties the Hot Standby priority of the router to the availability of its tracked objects. Use the track interface or track ip route global configuration commands to track an interface object or an IP-route object. The HSRP client can register its interest in the tracking process by using the standby track command and take action when the object changes.

When a tracked object goes down, the Hot Standby priority decreases by 10. If an object is not tracked, its state changes do not affect the Hot Standby priority. For each object configured for Hot Standby, you can configure a separate list of objects to be tracked.

The optional priority argument specifies how much to decrement the Hot Standby priority when a tracked object goes down. When the tracked object comes back up, the priority is incremented by the same amount.

When multiple tracked objects are down, the decrements are cumulative, whether configured with priority values or not.

Use the no standby group-number track command to delete all tracking configuration for a group.

When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.

The standby track command syntax prior to Cisco IOS Release 12.2(15)T is still supported. Using the older form of the command syntax will cause a tracked object to be created in the new tracking process. This tracking information can be displayed using the show track command.

Examples

In the following example, the tracking process is configured to track the IP-routing capability of serial interface 1/0. HSRP on Ethernet interface 0/0 then registers with the tracking process to be informed of any changes to the IP-routing state of serial interface 1/0. If the IP state on serial interface 1/0 goes down, the priority of the HSRP group is reduced by 10.

If both serial interfaces are operational, Router A will be the HSRP active router because it has the higher priority. However, if IP routing on serial interface 1/0 in Router A fails, the HSRP group priority will be reduced and Router B will take over as the active router, thus maintaining a default virtual gateway service to hosts on the 10.1.0.0 subnet.

Router A Configuration

track 100 interface serial1/0 ip routing

!

interface Ethernet0/0

 ip address 10.1.0.21 255.255.0.0

 standby 1 preempt

 standby 1 ip 10.1.0.1

 standby 1 priority 105

 standby 1 track 100 decrement 10

Router B Configuration

track 100 interface serial1/0 ip routing

!

interface Ethernet0/0

 ip address 10.1.0.22 255.255.0.0

 standby 1 preempt

 standby 1 ip 10.1.0.1

 standby 1 priority 11

 standby 1 track 100 decrement 10

Related Commands

Command	Description
show track	Displays HSRP information.
standby preempt	Configures HSRP preemption and preemption delay.
standby priority	Configures Hot Standby priority of potential standby routers.
track interface	Configures an interface to be tracked and enters tracking configuration mode.
track ip route	Tracks the state of an IP route and enters tracking configuration mode.

standby use-bia

To configure the Hot Standby Router Protocol (HSRP) to use the burned-in address of the interface as its virtual MAC address, instead of the preassigned MAC address (on Ethernet and FDDI) or the functional address (on Token Ring), use the standby use-bia command in interface configuration mode. To restore the default virtual MAC address, use the no form of this command.

standby use-bia [scope interface]

no standby use-bia

Syntax Description

scope interface

(Optional) Specifies that this command is configured just for the subinterface on which it was entered, instead of the major interface.

Defaults

HSRP uses the preassigned MAC address on Ethernet and FDDI, or the functional address on Token Ring.

Command Modes

Interface configuration

Command History

Release	Modification
11.2	This command was introduced.
12.1	The behavior was modified to allow multiple standby groups to be configured for an interface configured with this command

Usage Guidelines

For an interface with this command configured, multiple standby group can be configured. Hosts on the interface must have a default gateway configured. We recommend that you set the no ip proxy-arp command on the interface. It is desirable to configure the standby use-bia command on a Token Ring interface if there are devices that reject ARP replies with source hardware addresses set to a functional address.

When HSRP runs on a multiple-ring, source-routed bridging environment and the HRSP routers reside on different rings, configuring the standby use-bia command can prevent confusion about the routing information field (RFI).

Without the scope interface keywords, the standby use-bia command applies to all subinterfaces on the major interface. The standby use-bia command may not be configured both with and without the scope interface keywords at the same time.

Examples

In the following example, the burned-in address of Token Ring interface 4/0 will be the virtual MAC address mapped to the virtual IP address:

interface token4/0

 standby use-bia

standby version

To change the version of the Hot Standby Router Protocol (HSRP), use the standby version command in interface configuration mode. To change to the default version, use the no form of this command.

standby version {1 | 2}

no standby version

Syntax Description

1	Specifies HSRP version 1.
2	Specifies HSRP version 2.

Defaults

HSRP version 1 is the default HSRP version.

Command Modes

Interface configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.

Usage Guidelines

HSRP version 2 addresses limitations of HSRP version 1 by providing an expanded group number range of 0 to 4095.

HSRP version 2 does not interoperate with HSRP version 1. An interface cannot operate both version 1 and version 2 because both versions are mutually exclusive. However, the different versions can be run on different physical interfaces of the same router. The group number range is from 0 to 255 for HSRP version 1 and from 0 to 4095 for HSRP version 2. You cannot change from version 2 to version 1 if you have configured groups above 255. Use the no standby version command to set the HSRP version to the default version, version 1.

If an HSRP version is changed, each group will reinitialize because it now has a new virtual MAC address.

Examples

The following example shows how to configure HSRP version 2 on an interface with a group number of 500:

! 

interface vlan500

 standby version 2

 standby 500 ip 172.20.100.10 

 standby 500 priority 110 

 standby 500 preempt 

 standby 500 timers 5 15

Related Commands

Command	Description
show standby	Displays HSRP information.

start-forwarding-agent

To start the forwarding agent, use the start-forwarding-agent command in CASA-port configuration mode.

start-forwarding-agent port-number [password [timeout]]

Syntax Description

port-number	Port numbers on which the Forwarding Agent will listen for wildcards broadcast from the services manager. This must match the port number defined on the services manager.
password	(Optional) Text password used for generating the MD5 digest.
timeout	(Optional) Duration (in seconds) during which the Forwarding Agent will accept the new and old password. Valid range is from 0 to 3600 seconds. The default is 180 seconds.

Defaults

The default initial number of affinities is 5000.
The default maximum number of affinities is 30,000.

Command Modes

CASA-port configuration

Command History

Release	Modification
12.0(5)T	This command was introduced.

Usage Guidelines

The forwarding agent must be started before you can configure any port information for the forwarding agent.

Examples

The following example specifies that the forwarding agent will listen for wildcard and fixed affinities on port 1637:

start-forwarding-agent 1637

Related Commands

Command	Description
forwarding-agent	Specifies the port on which the forwarding agent will listen for wildcard and fixed affinities.

sticky (virtual server)

To assign all connections from a client to the same real server, use the sticky command in virtual server configuration mode. To remove the client/server coupling, use the no form of this command.

sticky duration [group group-id]

no sticky

Syntax Description

duration	Sticky timer duration (in seconds). Valid values range from 0 to 65535.
group	(Optional) Places the virtual server in a sticky group, for coupling of services.
group-id	(Optional) Number identifying the sticky group to which the virtual server belongs. Valid values range from 0 to 255.

Defaults

Sticky connections are not tracked.

Virtual servers are not associated with any groups.

Command Modes

SLB virtual server configuration

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.

Usage Guidelines

The last real server that was used for a connection from a client is stored for the set duration seconds. If a new connection from the client to the virtual server is initiated during that time, the same real server that was used for the previous connection is chosen for the new connection. If two virtual servers are placed in the same group, coincident connection requests for those services from the same IP address are handled by the same real server.

Examples

The following example specifies that if a subsequent request from a client for a virtual server is made within 60 seconds of the previous request, then the same real server is used for the connection. This example also places the virtual server in group 10.

ip slb vserver VS1

sticky 60 group 10

Related Commands

Command	Description
show ip slb sticky	Displays information about the virtual server or firewall farm sticky configuration.
show ip slb vservers	Displays information about the virtual servers.
virtual	Configures the virtual server attributes.

subnet prefix-length

To configure a subnet allocation pool and determine the size subnets that are allocated from the pool, use the subnet prefix-length command in DHCP pool configuration mode. To unconfigure subnet pool allocation, use the no form of this command.

subnet prefix-length prefix-length

no subnet prefix-length prefix-length

Syntax Description

prefix-length

Configures the IP subnet prefix length in classless interdomain routing (CIDR) bit count notation. The range is from 1 to 31.

Defaults

No default behavior or values.

Command Modes

DHCP pool configuration

Command History

Release	Modification
12.2(15)T	This command was introduced.

Usage Guidelines

This command is used to configure a Cisco IOS router as a subnet allocation server for a centralized or remote VPN on-demand address pool (ODAP) manager. This command is configured under a DHCP pool. The prefix-length argument is used to determine the size of the subnets that are allocated from the subnet allocation pool. The values that can be configured for the prefix-length argument follow CIDR bit count notation format.

Configuring Global Subnet Pools

Global subnet pools are created in a centralized network. The ODAP server allocates subnets from the subnet allocation server based on subnet availability. When the ODAP manager allocates a subnet, the subnet allocation server creates a subnet binding. This binding is stored in the DHCP database for as long as the ODAP server requires the address space. The binding is destroyed and the subnet is returned to the subnet pool only when the ODAP server releases the subnet as address space utilization decreases.

Configuring VPN Subnet Pools

A subnet allocation server can be configured to assign subnets from VPN subnet allocation pools for MPLS VPN clients. VPN routes between the ODAP manager and the subnet allocation server are configured based on VRF name or VPN ID configuration. The VRF and VPN ID are configured to maintain routing information that defines customer VPN sites. This customer site is attached to a provider edge (PE) router. A VRF consists of an IP routing table, a derived Cisco Express Forwarding (CEF) table, a set of interfaces that use the forwarding table, and a set of rules and routing protocol parameters that control the information that is included in the routing table.

Configuring VPN Subnet Pools for VPN clients with VPN IDs

A subnet allocation server can also be configured to assign subnets from VPN subnet allocation pools based on the VPN ID of a client. The VPN ID (or Organizational Unique Identifier [OUI]) is a unique identifier assigned by the IEEE. VPN routes between the ODAP manager and the subnet allocation server are enabled by configuring the DHCP pool with a VPN ID that matches the VPN ID that is configured for the VPN client.

Examples

Global Configuration Example

The following example configures a router to be a subnet allocation server and creates a global subnet allocation pool named GLOBAL-POOL from the 10.0.0.0 network. The configuration of the subnet prefix-length command in this example configures each subnet that is allocated from the subnet pool to support 254 host IP addresses.

Router(config)# ip dhcp pool GLOBAL-POOL

Router(dhcp-config)# network 10.0.0.0 255.255.255.0

Router(dhcp-config)# subnet prefix-length 24

!

VPN Configuration Example

The following example configures a router to be a subnet allocation server and creates a VRF subnet allocation pool named VRF-POOL from the 172.16.0.0 network and configures the VPN to match the VRF named RED. The configuration of the subnet prefix-length command in this example configures each subnet that is allocated from the subnet pool to support 62 host IP addresses.

Router(config)# ip dhcp pool VRF-POOL 

Router(dhcp-config)# vrf RED

Router(dhcp-config)# network 172.16.0.0 /16

Router(dhcp-config)# subnet prefix-length 26

!

VPN ID Configuration Example

The following example configures a router to be a subnet allocation server and creates a VRF subnet allocation pool named VRF-POOL from the 192.168.0.0 network and configures the VRF named RED. The VPN ID must match the unique identifier that is assigned to the client site. The route target and route distinguisher are configured in the as-number:network number format. The route target and route distinguisher must match. The configuration of the subnet prefix-length command in this example configures each subnet that is allocated from the subnet pool to support 30 host IP addresses.

Router(config)# ip vrf RED

Router(config-vrf)# rd 100:1

Router(config-vrf)# route-target both 100:1 

Router(config-vrf)# vpn id 1234:123456

Router(config-vrf)# exit

Router(config)# ip dhcp pool VPN-POOL

Router(dhcp-config)# vrf RED

Router(dhcp-config)# network 192.168.0.0 /24

Router(dhcp-config)# subnet prefix-length /27

Router(dhcp-config)# exit

Related Commands

Command	Description
ip dhcp database	Configures a Cisco IOS DHCP server to save automatic bindings on a remote host called a database agent.
ip dhcp pool	Enables the IP address of an interface to be automatically configured when a DHCP pool is populated with a subnet from IPCP negotiation.
network (DHCP)	Configures the subnet number and mask for a DHCP address pool on a Cisco IOS DHCP server.
show ip dhcp pool	Displays information about the DHCP pools.

synguard (virtual server)

To limit the rate of TCP SYNs handled by a virtual server to prevent an SYN flood Denial-of-Service attack, use the synguard command in virtual server configuration mode. To remove the threshold, use the no form of this command.

synguard syn-count [interval]

no synguard

Syntax Description

syn-count	Number of unanswered SYNs that are allowed to be outstanding to a virtual server. Valid values range from 0 (off) to 4294967295. The default is 0.
interval	(Optional) Interval (in milliseconds) for SYN threshold monitoring. Valid values range from 50 to 5000. The default is 100 ms.

Defaults

The default SYN count is 0 (off).

The default interval is 100 ms.

Command Modes

SLB virtual server configuration

Command History

Release	Modification
12.0(7)XE	This command was introduced.
12.1(5)T	This command was integrated into Cisco IOS Release 12.1(5)T.

Examples

The following example sets the threshold of unanswered SYNs to 50:

ip slb vserver PUBLIC_HTTP

synguard 50

Related Commands

Command	Description
show ip slb vservers	Displays information about the virtual servers.
virtual	Configures the virtual server attributes.