Table Of Contents
sctp
serverfarm
service-module ip redundancy
show debugging
show fm slb counters
show glbp
show interface mac
show interface precedence
show ip accounting
show ip casa affinities
show ip casa oper
show ip casa stats
show ip casa wildcard
show ip dfp
show ip icmp rate-limit
show ip redirects
show ip sctp association list
show ip sctp association parameters
show ip sctp association statistics
show ip sctp errors
show ip sctp instances
show ip sctp statistics
show ip slb conns
show ip slb dfp
show ip slb firewallfarm
show ip slb fragments
show ip slb gtp
show ip slb map
show ip slb natpool
show ip slb probe
show ip slb reals
show ip slb replicate
show ip slb serverfarms
show ip slb sessions
show ip slb static
show ip slb stats
show ip slb sticky
show ip slb vservers
sctp
To enter the Stream Control Transmission Protocol (SCTP) configuration, use the sctp command in IDSN User Adaptation Layer (IUA) configuration mode. To disable, use the no form of this command.
sctp [[t1-init milliseconds] [t3-rtx-min seconds] [t3-rtx-max milliseconds] [startup-rtx number]
[assoc-rtx number] [path-rtx number]]
no sctp
Syntax Description
t1-init milliseconds
|
Timer T1 initiation value in milliseconds. Valid values are from 1000 to 60000. The t1-init configurable option applies only during the creation of an SCTP instance.
|
t3-rtx-min seconds
|
Timer T3 retransmission minimum timeout in seconds. Valid values are from 1 to 300.
|
t3-rtx-max milliseconds
|
Timer T3 retransmission maximum timeout in milliseconds. Valid values are from 1000 to 60000.
|
startup-rtx number
|
Maximum startup retransmissions. The startup-rtx configurable option applies only during the creation of an SCTP instance. Valid values are from 2 to 20.
|
assoc-rtx number
|
Maximum association retransmissions. Valid values are from 2 to 20.
|
path-rtx number
|
Maximum path retransmissions. Valid values are from 2 to 20.
|
Command Default
No default behavior or values.
Command Modes
IUA configuration (config-iua)
Command History
Release
|
Modification
|
12.2(15)T
|
This command was introduced on the Cisco 2420, Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series; and Cisco AS5300, Cisco AS5350, Cisco AS5400, and Cisco AS5850 network access server (NAS) platforms.
|
12.4(15)T
|
This command was moved to the Cisco IOS IP Application Services Command Reference.
|
Usage Guidelines
To enter SCTP configuration commands, you must first enter IUA configuration mode and then enter sctp at the Router(config-iua)# prompt to enter SCTP configuration mode.
Examples
The following example shows how to enter IUA configuration mode:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
The following is an example of how to set failover time (in milliseconds) between 1 and 10 seconds as part of SCTP configuration of the T1 initiation timer. This example uses the lowest failover timer value allowed (1 second):
Router(config-iua)# as as5400-3 fail-over 1000
The following is an example of how to set SCTP maximum startup retransmission interval. This example uses the maximum startup retransmission interval value allowed:
Router(config-iua)# as as5400-3 sctp-startup 20
The following is an example of how to configure the number of SCTP streams for this AS. This example uses the maximum SCTP streams allowed:
Router(config-iua)# as as5400-3 sctp-streams 57
The following is an example of how to configure the SCTP T1 initiation timer (in milliseconds). This example uses the maximum timer value allowed:
Router(config-iua)# as as5400-3 sctp-t1init 60000
Related Commands
Command
|
Description
|
pri-group (pri-slt)
|
Specifies an ISDN PRI on a channelized T1 or E1 controller.
|
serverfarm
To associate a real server farm with a virtual server, and optionally configure a backup server farm and specify that sticky connections are to be used in the backup server farm, use the serverfarm command in SLB virtual server configuration mode. To remove the server farm association from the virtual server configuration, use the no form of this command.
serverfarm primary-farm [backup backup-farm [sticky]] [map map-id priority priority]
no serverfarm primary-farm [backup backup-farm [sticky]] [map map-id priority priority]
Syntax Description
primary-farm
|
Name of a server farm that has already been defined using the ip slb serverfarm command.
|
backup backup-farm
|
(Optional) Specifies the name of a backup server farm that has already been defined using the ip slb serverfarm command.
|
sticky
|
(Optional) Specifies that sticky connections are to be used in the backup server farm.
|
map map-id priority priority
|
(Optional) Associates an IOS SLB GPRS Tunneling Protocol (GTP) or RADIUS map with the server farm for general packet radio service (GPRS) or RADIUS load balancing.
The map ID identifies a specific map that has already been defined using the ip slb map command.
The priority specifies the order of preference of the specified map. A lower number indicates a higher priority. The range of priorities is 1 to 255.
Priorities for different maps do not have to be contiguous. That is, you can have three maps with priorities 1, 5, and 10, respectively.
When IOS SLB searches for a match, it does so on the basis of both the map ID and the map priority. Each map ID and each map priority must be unique across all server farms associated with the virtual server. That is, you cannot configure more than one map with the same ID or priority.
|
Command Default
No real server farm is associated with a virtual server.
Command Modes
SLB virtual server configuration (config-slb-vserver)
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced.
|
12.1(5)T
|
This command was integrated into Cisco IOS Release 12.1(5)T.
|
12.2
|
This command was integrated into Cisco IOS Release 12.2.
|
12.1(8a)E
|
The backup and sticky keywords and the backup-farm argument were added.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRB
|
The map and priority keywords and the map-id and priority arguments were added.
|
Usage Guidelines
RADIUS load balancing and the Home Agent Director do not support the sticky keyword.
If backup backup-farm is not specified, no backup server farm is configured.
If a backup server farm is configured but the sticky keyword is not specified, sticky connections are not used in the backup server farm.
You can associate more than one server farm with a given virtual server by configuring more than one serverfarm command, each with a unique map ID and a unique priority. (That is, each map ID and each map priority must be unique across all server farms associated with the virtual server.)
For GPRS load balancing, if a real server is defined in two or more server farms, each server farm must be associated with a different virtual server.
If you associate a primary server farm with a backup server farm, then all of the server farm maps that use that primary server farm must also be configured to use that same backup serverfarm. You cannot configure a server farm map that uses that primary server farm and no backup server farm. For example, if you configure primary server farm SF1 with backup server farm SF2, then all of the server farm maps that are configured with SF1 as the primary serverfarm must also be configured with SF2 as the backup serverfarm, as follows:
virtual 2.2.2.2 udp 0 service radius
serverfarm SF1 backup SF2 map 1 priority 1
serverfarm SF1 backup SF2
You cannot configure a server farm map to use SF1 as the primary server farm and no backup server farm. That is, the following is not allowed:
virtual 2.2.2.2 udp 0 service radius
serverfarm SF1 map 1 priority 1
serverfarm SF1 backup SF2
The backup server farm associated with an IOS SLB protocol map cannot be associated as a backup server farm with any other map in a given virtual server.
Examples
The following example shows how the ip slb vserver, virtual, and serverfarm commands are used to associate the real server farm named PUBLIC with the virtual server named PUBLIC_HTTP.
Router(config)# ip slb vserver PUBLIC_HTTP
Router(config-slb-vserver)# virtual 10.0.0.1 tcp www
Router(config-slb-vserver)# serverfarm PUBLIC
Related Commands
Command
|
Description
|
ip slb serverfarm
|
Identifies a server farm and enters server farm configuration mode.
|
show ip slb vservers
|
Displays information about the virtual servers defined to IOS Server Load Balancing (IOS SLB).
|
virtual
|
Configures the virtual server attributes.
|
service-module ip redundancy
To link the primary HSRP interface status to that of the satellite interface, use the service-module ip redundancy command in satellite interface configuration mode. To remove the link between the primary HSRP interface status and the satellite interface status, use the no form of this command.
service-module ip redundancy group-name
no service-module ip redundancy group-name
Syntax Description
group-name
|
Name of the hot standby group. This name must match the hot standby group name configured for the primary HSRP interface, which is typically an Ethernet interface.
|
Defaults
HSRP is disabled.
Command Modes
Satellite interface configuration (config-if)
Command History
Release
|
Modification
|
12.3(14)T
|
This command was introduced.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2SX
|
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
|
Usage Guidelines
Use the service-module ip redundancy command only when you have two Cisco IP VSAT satellite WAN network modules (NM-1VSAT-GILAT) on separate HSRP-redundant routers that connect to the same outdoor unit (ODU).
This command enables the satellite interface to spoof the line protocol UP state.
Examples
The following example shows how to link the primary HSRP interface status to that of the satellite interface:
service-module ip redundancy grp-hsrp
Related Commands
Command
|
Description
|
standby ip
|
Activates HSRP.
|
standby name
|
Configures the name of the hot standby group.
|
standby preempt
|
Enables preemption on the router and optionally configures a preemption delay.
|
standby track
|
Configures an interface so that the hot standby priority changes based on the availability of other interfaces.
|
show debugging
To display information about the types of debugging that are enabled for your router, use the show debugging command in privileged EXEC mode.
show debugging
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
11.1
|
This command was introduced.
|
12.3(7)T
|
The output of this command was enhanced to show TCP Explicit Congestion Notification (ECN) configuration.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2(31)SB2
|
This command was integrated into Cisco IOS Release 12.2(31)SB2.
|
12.2SX
|
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
|
12.4(20)T
|
The output of this command was enhanced to show the user-group debugging configuration.
|
Examples
The following is sample output from the show debugging command. In this example, the remote host is not configured or connected.
TCP Packet debugging is on
Router# telnet 10.1.25.234
00:02:48: 10.1.25.31:11001 <---> 10.1.25.234:23 out ECN-setup SYN
00:02:48: tcp0: O CLOSED 10.1.25.234:11001 10.1.25.31:23 seq 1922220018
OPTS 4 ECE CWR SYN WIN 4128
00:02:50: 10.1.25.31:11001 <---> 10.1.25.234:23 congestion window changes
00:02:50: cwnd from 1460 to 1460, ssthresh from 65535 to 2920
00:02:50: tcp0: R SYNSENT 10.1.25.234:11001 10.1.25.31:23 seq 1922220018
OPTS 4 ECE CWR SYN WIN 4128
00:02:54: 10.1.25.31:11001 <---> 10.1.25.234:23 congestion window changes
00:02:54: cwnd from 1460 to 1460, ssthresh from 2920 to 2920
00:02:54: tcp0: R SYNSENT 10.1.25.234:11001 10.1.25.31:23 seq 1922220018
OPTS 4 ECE CWR SYN WIN 4128
00:03:02: 10.1.25.31:11001 <---> 10.1.25.234:23 congestion window changes
00:03:02: cwnd from 1460 to 1460, ssthresh from 2920 to 2920
00:03:02: tcp0: R SYNSENT 10.1.25.234:11001 10.1.25.31:23 seq 1922220018
OPTS 4 ECE CWR SYN WIN 4128
00:03:18: 10.1.25.31:11001 <---> 10.1.25.234:23 SYN with ECN disabled
00:03:18: 10.1.25.31:11001 <---> 10.1.25.234:23 congestion window changes
00:03:18: cwnd from 1460 to 1460, ssthresh from 2920 to 2920
00:03:18: tcp0: O SYNSENT 10.1.25.234:11001 10.1.25.31:23 seq 1922220018
00:03:20: 10.1.25.31:11001 <---> 10.1.25.234:23 congestion window changes
00:03:20: cwnd from 1460 to 1460, ssthresh from 2920 to 2920
00:03:20: tcp0: R SYNSENT 10.1.25.234:11001 10.1.25.31:23 seq 1922220018
00:03:24: 10.1.25.31:11001 <---> 10.1.25.234:23 congestion window changes
00:03:24: cwnd from 1460 to 1460, ssthresh from 2920 to 2920
00:03:24: tcp0: R SYNSENT 10.1.25.234:11001 10.1.25.31:23 seq 1922220018
00:03:32: 10.1.25.31:11001 <---> 10.1.25.234:23 congestion window changes
00:03:32: cwnd from 1460 to 1460, ssthresh from 2920 to 2920
00:03:32: tcp0: R SYNSENT 10.1.25.234:11001 10.1.25.31:23 seq 1922220018
!Connection timed out; remote host not responding
The following is sample output from the show debugging command when user-group debugging is configured:
Usergroup Deletions debugging is on
Usergroup Additions debugging is on
Usergroup Database debugging is on
Usergroup API debugging is on
!
Table 9 describes the significant fields in the output.
Table 9 show debugging Field Descriptions
Field
|
Description
|
OPTS 4
|
Bytes of TCP expressed as a number. In this case, the bytes are 4.
|
ECE
|
Echo congestion experience.
|
CWR
|
Congestion window reduced.
|
SYN
|
Synchronize connections—Request to synchronize sequence numbers, used when a TCP connection is being opened.
|
WIN 4128
|
Advertised window size, in bytes. In this case, the bytes are 4128.
|
cwnd
|
Congestion window (cwnd)—Indicates that the window size has changed.
|
ssthresh
|
Slow-start threshold (ssthresh)—Variable used by TCP to determine whether or not to use slow-start or congestion avoidance.
|
usergroup
|
Statically defined usergroup to which source IP addresses are associated.
|
show fm slb counters
To display information about the Feature Manager (FM) IOS Server Load Balancing (IOS SLB) counters, use the show fm slb counters command in privileged EXEC mode.
show fm slb counters
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.2(18)SXF5
|
This command was introduced.
|
Examples
The following sample output from the show fm slb counters command shows counter information for virtual server 10.11.11.11:
Router# show fm slb counters
FM SLB Netflow Install Counters
[Slot 6 ] Install Request Sent 3
Table 10 describes the fields shown in the display.
Table 10 show fm slb counters Field Descriptions
Field
|
Description
|
Global Purges
|
Number of global purges sent by FM IOS SLB.
|
TCP Purges
|
Number of TCP purges sent by FM IOS SLB.
|
UDP Purges
|
Number of UDP purges sent by FM IOS SLB.
|
Virtual Purges
|
Number of virtual purges sent by FM IOS SLB.
|
Flow Purges
|
Number of flow purges sent by FM IOS SLB.
|
Install Request Sent
|
Number of install requests sent by IOS SLB.
|
Related Commands
Command
|
Description
|
clear fm slb counters
|
Clears Feature Manager (FM) IOS Server Load Balancing (IOS SLB) counters.
|
show glbp
To display Gateway Load Balancing Protocol (GLBP) information, use the show glbp command in privileged EXEC mode.
show glbp [capability [interface-type interface-number ]] | [[interface-type interface-number
[group-number] [state] [brief ] [detail] [client-cache [[age number] [forwarder number]] |
[mac-address address] | [summary]]]
Syntax Description
interface-type interface-number
|
(Optional) Interface type and number for which output is displayed.
|
group-number
|
(Optional) GLBP group number in the range from 0 to 1023.
|
state
|
(Optional) State of the GLBP router, one of the following: active, disabled, init, listen, and standby.
|
brief
|
(Optional) Summarizes each virtual gateway or virtual forwarder with a single line of output.
|
detail
|
(Optional) Displays all the status of the GLBP router in detailed format. The available status are: active, disabled, init, listen, speak, and standby.
|
capability
|
(Optional) Displays the GLBP capability interfaces.
|
client-cache
|
(Optional) Displays the GLBP client cache.
|
age number
|
(Optional) Displays the client-cache age in the range from 0 to 1440.
|
forwarder number
|
(Optional) Displays the client forwarder in the range from 1 to 4.
|
mac-address address
|
(Optional) Displays the mac-address of the client.
|
summary
|
(Optional) Displays the summary of the GLBP client caches.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.2(14)S
|
This command was introduced.
|
12.2(15)T
|
This command was integrated into Cisco IOS Release 12.2(15)T. The client-cache keyword was added.
|
12.3(2)T
|
The output was enhanced to display information about Message Digest 5 (MD5) authentication.
|
12.3(7)T
|
The output was enhanced to display information about assigned redundancy names to specified groups.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2(31)SB2
|
This command was enhanced to display information about GLBP support of Stateful Switchover (SSO) mode.
|
12.2(33)SXH
|
This command was integrated into Cisco IOS Release 12.2(33)SXH.
|
Cisco IOS XE Release 2.1
|
This command was integrated into Cisco IOS XE Release 2.1.
|
12.4(15)T
|
This command was modified. The client-cache keyword was added.
|
12.4(24)T
|
This command was modified. The detail keyword was added.
The output was modified to hide configured passwords when MD5 key-string or text authentication is configured.
|
12.2(33)SXI1
|
This command was modified. The client-cache keyword was added.
The output was modified to hide configured passwords when MD5 key-string or text authentication is configured.
|
12.2(33)SRE
|
The output was modified to hide configured passwords when MD5 key-string or text authentication is configured.
|
Usage Guidelines
Use the show glbp command to display information about GLBP groups on a router. The brief keyword displays a single line of information about each virtual gateway or virtual forwarder. The client-cache keyword displays the client cache details and the capability keyword displays all GLBP-capable interfaces.
Examples
The following is sample output from the show glbp command:
FastEthernet0/0 - Group 10
2 state changes, last state change 23:50:33
Virtual IP address is 10.21.8.10
Hello time 5 sec, hold time 18 sec
Next hello sent in 4.300 secs
Redirect time 600 sec, forwarder time-out 7200 sec
Authentication MD5, key-string
Preemption enabled, min delay 60 sec
Priority 254 (configured)
Weighting 105 (configured 110), thresholds: lower 95, upper 105
Track object 2 state Down decrement 5
Load balancing: host-dependent
There is 1 forwarder (1 active)
1 state change, last state change 23:50:15
MAC address is 0007.b400.0101 (default)
Owner ID is 0005.0050.6c08
Preemption enabled, min delay 60 sec
Active is local, weighting 105
The following is sample output from the show glbp command with the brief keyword specified:
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/0 10 - 254 Active 10.21.8.10 local unknown
Fa0/0 10 1 7 Active 0007.b400.0101 local -
The following is sample output from the show glbp command that displays GLBP group 10:
FastEthernet0/0 - Group 10
2 state changes, last state change 23:50:33
Virtual IP address is 10.21.8.10
Hello time 5 sec, hold time 18 sec
Next hello sent in 4.300 secs
Redirect time 600 sec, forwarder time-out 7200 sec
Authentication MD5, key-string
Preemption enabled, min delay 60 sec
Priority 254 (configured)
Weighting 105 (configured 110), thresholds: lower 95, upper 105
Track object 2 state Down decrement 5
Load balancing: host-dependent
There is 1 forwarder (1 active)
1 state change, last state change 23:50:15
MAC address is 0007.b400.0101 (default)
Owner ID is 0005.0050.6c08
Preemption enabled, min delay 60 sec
Active is local, weighting 105
The following output shows that the redundancy name has been assigned to the "glbp1" group:
Router# show glbp ethernet0/1 1
Ethernet0/1 - Group 1
State is Listen
64 state changes, last state change 00:00:54
Virtual IP address is 10.1.0.7
Hello time 50 msec, hold time 200 msec
Next hello sent in 0.030 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Authentication text, string "authword"
Preemption enabled, min delay 0 sec
Active is 10.1.0.2, priority 105 (expires in 0.184 sec)
Standby is 10.1.0.3, priority 100 (expires in 0.176 sec)
Priority 96 (configured)
Weighting 100 (configured 100), thresholds: lower 95, upper 100
Track object 1 state Up decrement 10
Load balancing: round-robin
IP redundancy name is "glbp1"
Group members:
0004.4d83.4801 (10.0.0.0)
0010.7b5a.fa41 (10.0.0.1)
00d0.bbd3.bc21 (10.0.0.2) local
The following output shows GLBP support for SSO mode on an active RP:
1 state change, last state change 00:00:20
Virtual IP address is 172.24.1.254
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.232 secs
Redirect time 600 sec, forwarder time-out 14400 sec
Active is 172.24.1.2, priority 100 (expires in 7.472 sec)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
aabb.cc00.0100 (172.24.1.1) local
aabb.cc00.0200 (172.24.1.2)
There are 2 forwarders (1 active)
MAC address is 0007.b400.0101 (learnt)
Owner ID is aabb.cc00.0200
Time to live: 14397.472 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 172.24.1.2 (primary), weighting 100 (expires in 9.540 sec)
1 state change, last state change 00:00:28
MAC address is 0007.b400.0102 (default)
Owner ID is aabb.cc00.0100
Preemption enabled, min delay 30 sec
Active is local, weighting 100
The following output shows GLBP support for SSO mode on a standby RP:
RouterRP-standby# show glbp
State is Init (standby RP, peer state is Standby)
Virtual IP address is 172.24.1.254
Hello time 3 sec, hold time 10 sec
Redirect time 600 sec, forwarder time-out 14400 sec
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
aabb.cc00.0100 (172.24.1.1) local
aabb.cc00.0200 (172.24.1.2)
There are 2 forwarders (0 active)
State is Init (standby RP, peer state is Listen)
MAC address is 0007.b400.0101 (learnt)
Owner ID is aabb.cc00.0200
Preemption enabled, min delay 30 sec
State is Init (standby RP, peer state is Active)
MAC address is 0007.b400.0102 (default)
Owner ID is aabb.cc00.0100
Preemption enabled, min delay 30 sec
GLBP support for Stateful Switchover (SSO) mode is enabled by default but may be disabled by the no glbp sso command. If GLBP support for SSO mode is disabled, the output of the show glbp command on the standby RP will display a warning:
RouterRP-standby# show glbp
State is Init (GLBP SSO disabled) <------ GLBP SSO is disabled.
Virtual IP address is 172.24.1.254
Hello time 3 sec, hold time 10 sec
Redirect time 600 sec, forwarder time-out 14400 sec
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
aabb.cc00.0100 (172.24.1.1) local
There are 2 forwarders (0 active)
State is Init (GLBP SSO disabled)
MAC address is 0007.b400.0101 (learnt)
Owner ID is aabb.cc00.0200
Preemption enabled, min delay 30 sec
State is Init (GLBP SSO disabled)
MAC address is 0007.b400.0102 (default)
Owner ID is aabb.cc00.0100
Preemption enabled, min delay 30 sec
Table 11 describes the significant fields shown in the displays.
Table 11 show glbp Field Descriptions
Field
|
Description
|
FastEthernet0/0 - Group
|
Interface type and number and GLBP group number for the interface.
|
State is
|
State of the virtual gateway or virtual forwarder. For a virtual gateway, the state can be one of the following:
• Active—The gateway is the active virtual gateway (AVG) and is responsible for responding to Address Resolution Protocol (ARP) requests for the virtual IP address.
• Disabled—The virtual IP address has not been configured or learned yet, but another GLBP configuration exists.
• Initial—The virtual IP address has been configured or learned, but virtual gateway configuration is not complete. An interface must be up and configured to route IP, and an interface IP address must be configured.
• Listen—The virtual gateway is receiving hello packets and is ready to change to the "speak" state if the active or standby virtual gateway becomes unavailable.
• Speak—The virtual gateway is attempting to become the active or standby virtual gateway.
• Standby—The gateway is next in line to be the AVG.
|
| |
For a virtual forwarder, the state can be one of the following:
• Active—The gateway is the active virtual forwarder (AVF) and is responsible for forwarding packets sent to the virtual forwarder MAC address.
• Disabled—The virtual MAC address has not been assigned or learned. This is a transitory state because a virtual forwarder changing to a disabled state is deleted.
• Initial—The virtual MAC address is known, but virtual forwarder configuration is not complete. An interface must be up and configured to route IP, an interface IP address must be configured, and the virtual IP address must be known.
• Listen—The virtual forwarder is receiving hello packets and is ready to change to the "active" state if the AVF becomes unavailable.
|
Virtual IP address is
|
The virtual IP address of the GLBP group. All secondary virtual IP addresses are listed on separate lines. If one of the virtual IP addresses is a duplicate of an address configured for another device, it will be marked as "duplicate." A duplicate address indicates that the router has failed to defend its ARP cache entry.
|
Hello time, hold time
|
The hello time is the time between hello packets (in seconds or milliseconds). The hold time is the time (in seconds or milliseconds) before other routers declare the active router to be down. All routers in a GLBP group use the hello- and hold-time values of the current AVG. If the locally configured values are different, the configured values appear in parentheses after the hello- and hold-time values.
|
Next hello sent in
|
The time until GLBP will send the next hello packet (in seconds or milliseconds).
|
Preemption
|
Whether GLBP gateway preemption is enabled. If enabled, the minimum delay is the time (in seconds) for which a higher-priority nonactive router will wait before preempting the lower-priority active router.
This field is also displayed under the forwarder section where it indicates GLBP forwarder preemption.
|
Active is
|
The active state of the virtual gateway. The value can be "local," "unknown," or an IP address. The address (and the expiration date of the address) is the address of the current AVG.
This field is also displayed under the forwarder section where it indicates the address of the current AVF.
|
Standby is
|
The standby state of the virtual gateway. The value can be "local," "unknown," or an IP address. The address (and the expiration date of the address) is the address of the standby gateway (the gateway that is next in line to be the AVG).
|
Weighting
|
The initial weighting value with lower and upper threshold values.
|
Track object
|
The list of objects that are being tracked and their corresponding states.
|
IP redundancy name is
|
The name of the GLBP group.
|
Related Commands
Command
|
Description
|
glbp ip
|
Enables GLBP.
|
glbp timers
|
Configures the time between hello messages and the time before other routers declare the active GLBP router to be down.
|
glbp weighting track
|
Specifies an object to be tracked that affects the weighting of a GLBP gateway.
|
show interface mac
To display MAC accounting information for interfaces configured for MAC accounting, use the show interface mac command in user EXEC or privileged EXEC mode.
show interface [type number] mac
Syntax Description
type
|
(Optional) Interface type supported on your router.
|
number
|
(Optional) Port number of the interface. The syntax varies depending on the type of router. For example, on a Cisco 7500 series router the syntax is 0/0/0, where 0 represents the slot, port adapter, and port number (the slash marks are required). Refer to the appropriate hardware manual for numbering information.
|
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
|
Modification
|
11.1 CC
|
This command was introduced.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2SX
|
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
|
Usage Guidelines
The show interface mac command displays information for one interface, when specified, or all interfaces configured for MAC accounting.
For incoming packets on the interface, the accounting statistics are gathered before the committed access rate (CAR)/distributed committed access rate (DCAR) functionality is performed on the packet. For outgoing packets on the interface, the accounting statistics are gathered after the CAR output, and before DCAR output or distributed weighted random early detection (DWRED) or distributed weighted fair queuing (DWFQ) functionality is performed on the packet.
Therefore, if DCAR or DWRED is performed on the interface and packets are dropped, the dropped packets are still counted in the show interface mac command.
The maximum number of MAC addresses that can be stored for the input and output addresses is 512 each. After the maximum is reached, subsequent MAC addresses are ignored.
To clear the accounting statistics, use the clear counter EXEC command. To configure an interface for IP accounting based on the MAC address, use the ip accounting mac-address interface configuration command.
Examples
The following is sample output from the show interface mac command:
Router# show interface ethernet 0/1/1 mac
0007.f618.4449(228): 4 packets, 456 bytes, last: 2684ms ago
Total: 4 packets, 456 bytes
0007.f618.4449(228): 4 packets, 456 bytes, last: 2692ms ago
Total: 4 packets, 456 bytes
Table 12 describes the significant fields shown in the display.
Table 12 show interface mac Field Descriptions
Field
|
Description
|
Ethernet0/1/1
|
Interface type and number.
|
Input Output
|
Number of packets received as input or sent as output by this interface.
|
0007.f618.4449(228)
|
MAC address of the interface from or to which this router sends or receives packets.
|
packets
|
Total number of messages that have been transmitted or received by the system.
|
bytes
|
Total number of bytes, including data and MAC encapsulation, that have been transmitted or received by the system.
|
last
|
Time, in milliseconds, since the last IP packet was transmitted or received on the specified interface.
|
Related Commands
Command
|
Description
|
ip accounting mac-address
|
Enables IP accounting on any interface based on the source and destination MAC address.
|
show interface precedence
To display precedence accounting information for interfaces configured for precedence accounting, use the show interface precedence command in user EXEC or privileged EXEC mode.
show interface [type number] precedence
Syntax Description
type
|
(Optional) Interface type supported on your router.
|
number
|
(Optional) Port number of the interface. The syntax varies depending on the type of router. For example, on a Cisco 7500 series router the syntax is 0/0/0, where 0 represents the slot, port adapter, and port number (the slash is required). Refer to the appropriate hardware manual for numbering information.
|
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
|
Modification
|
11.1CC
|
This command was introduced.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2SX
|
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
|
Cisco IOS XE Release 2.1
|
This command was integrated into Cisco IOS XE Release 2.1.
|
Usage Guidelines
The show interface precedence command displays information for one interface, when specified, or all interfaces configured for IP precedence accounting.
For incoming packets on the interface, the accounting statistics are gathered before the committed access rate (CAR)/distributed committed access rate (DCAR) functionality is performed on the packet. For outgoing packets on the interface, the accounting statistics are gathered after the CAR output, and before DCAR output or distributed weighted random early detection (DWRED) or distributed weighted fair queuing (DWFQ) functionality is performed on the packet. Therefore, if DCAR or DWRED is performed on the interface and packets are dropped, the dropped packets are still counted in the show interface mac command.
To clear the accounting statistics, use the clear counter EXEC command.
To configure an interface for IP accounting based on IP precedence, use the ip accounting precedence interface configuration command.
Examples
The following is sample output from the show interface precedence command. In this example, the total packet and byte counts are calculated for the interface that receives (input) or sends (output) IP packets and sorts the results based on IP precedence.
Router# show interface ethernet 0/1/1 precedence
Precedence 0: 4 packets, 456 bytes
Precedence 0: 4 packets, 456 bytes
Table 13 describes the fields shown in the display.
Table 13 show interface precedence Field Descriptions
Field
|
Description
|
Ethernet0/1/1
|
Interface type and number.
|
Input Output
|
An interface that receives or sends IP packets and sorts the results based on IP precedence.
|
Precedence
|
Precedence value for the specified interface.
|
packets
|
Total number of messages that have been transmitted or received by the system.
|
bytes
|
Total number of bytes, including data and MAC encapsulation, that have been transmitted or received by the system.
|
Related Commands
Command
|
Description
|
ip accounting precedence
|
Enables IP accounting on any interface based on IP precedence.
|
show ip accounting
To display the active accounting or checkpointed database or to display access list violations, use the show ip accounting command in user EXEC or privileged EXEC mode.
show ip accounting [checkpoint] [output-packets | access-violations]
Syntax Description
checkpoint
|
(Optional) Indicates that the checkpointed database should be displayed.
|
output-packets
|
(Optional) Indicates that information pertaining to packets that passed access control and were routed should be displayed. If neither the output-packets nor access-violations keyword is specified, output-packets is the default.
|
access-violations
|
(Optional) Indicates that information pertaining to packets that failed access lists and were not routed should be displayed. If neither the output-packets nor access-violations keyword is specified, output-packets is the default.
|
Defaults
If neither the output-packets nor access-violations keyword is specified, the show ip accounting command displays information pertaining to packets that passed access control and were routed.
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
10.3
|
The output-packets and access-violations keywords were added.
|
12.2SX
|
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
|
Usage Guidelines
If you do not specify any keywords, the show ip accounting command displays information about the active accounting database.
To display IP access violations, you must use the access-violations keyword. If you do not specify the keyword, the command defaults to displaying the number of packets that have passed access lists and were routed.
To use this command, you must first enable IP accounting on a per-interface basis.
Examples
The following is sample output from the show ip accounting command:
Router# show ip accounting
Source Destination Packets Bytes
172.16.19.40 192.168.67.20 7 306
172.16.13.55 192.168.67.20 67 2749
172.16.2.50 192.168.33.51 17 1111
172.16.2.50 172.31.2.1 5 319
172.16.2.50 172.31.1.2 463 30991
172.16.19.40 172.16.2.1 4 262
172.16.19.40 172.16.1.2 28 2552
172.16.20.2 172.16.6.100 39 2184
172.16.13.55 172.16.1.2 35 3020
172.16.19.40 192.168.33.51 1986 95091
172.16.2.50 192.168.67.20 233 14908
172.16.13.28 192.168.67.53 390 24817
172.16.13.55 192.168.33.51 214669 9806659
172.16.13.111 172.16.6.23 27739 1126607
172.16.13.44 192.168.33.51 35412 1523980
192.168.7.21 172.163.1.2 11 824
172.16.13.28 192.168.33.2 21 1762
172.16.2.166 192.168.7.130 797 141054
172.16.3.11 192.168.67.53 4 246
192.168.7.21 192.168.33.51 15696 695635
192.168.7.24 192.168.67.20 21 916
172.16.13.111 172.16.10.1 16 1137
accounting threshold exceeded for 7 packets and 433 bytes
The following is sample output from the show ip accounting access-violations command. The output pertains to packets that failed access lists and were not routed:
Router# show ip accounting access-violations
Source Destination Packets Bytes ACL
172.16.19.40 192.168.67.20 7 306 77
172.16.13.55 192.168.67.20 67 2749 185
172.16.2.50 192.168.33.51 17 1111 140
172.16.2.50 172.16.2.1 5 319 140
172.16.19.40 172.16.2.1 4 262 77
Accounting data age is 41
Table 14 describes the significant fields shown in the displays.
Table 14 show ip accounting Field Descriptions
Field
|
Description
|
Source
|
Source address of the packet.
|
Destination
|
Destination address of the packet.
|
Packets
|
Number of packets sent from the source address to the destination address.
With the access-violations keyword, the number of packets sent from the source address to the destination address that violated an access control list (ACL).
|
Bytes
|
Sum of the total number of bytes (IP header and data) of all IP packets sent from the source address to the destination address.
With the access-violations keyword, the total number of bytes sent from the source address to the destination address that violated an ACL.
|
ACL
|
Number of the access list of the last packet sent from the source to the destination that failed an access list filter.
|
accounting threshold exceeded...
|
Data for all packets that could not be entered into the accounting table when the accounting table is full. This data is combined into a single entry.
|
Related Commands
Command
|
Description
|
clear ip accounting
|
Clears the active or checkpointed database when IP accounting is enabled.
|
ip accounting
|
Enables IP accounting on an interface.
|
ip accounting-list
|
Defines filters to control the hosts for which IP accounting information is kept.
|
ip accounting-threshold
|
Sets the maximum number of accounting entries to be created.
|
ip accounting-transits
|
Controls the number of transit records that are stored in the IP accounting database.
|
show ip casa affinities
To display statistics about affinities, use the show ip casa affinities command in user EXEC or privileged EXEC mode.
show ip casa affinities [daddr ip-address | detail | dport destination-port | protocol
protocol-number | saddr ip-address | sport source-port] [detail | internal]
Syntax Description
daddr ip-address
|
(Optional) Displays the destination address of a given TCP connection. The detail keyword displays detailed information about the destination IP address. The internal keyword displays internal forwarding agent (FA) information.
|
detail
|
(Optional) Displays the detailed statistics.
|
dport destination-port
|
(Optional) Displays the destination port of a given TCP connection. The detail keyword displays detailed information about the destination port. The internal keyword displays internal forwarding agent (FA) information.
|
protocol protocol-number
|
(Optional) Displays the protocol of a given TCP connection. The detail keyword displays detailed information about the protocol. The internal keyword displays internal forwarding agent (FA) information.
|
saddr ip-address
|
(Optional) Displays the source address of a given TCP connection. The detail keyword displays detailed information about the source IP address. The internal keyword displays internal forwarding agent (FA) information.
|
sport source-port
|
(Optional) Displays the source port of a given TCP connection. The detail keyword displays detailed information about the source port. The internal keyword displays internal forwarding agent (FA) information.
|
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(5)T
|
This command was introduced.
|
12.2SX
|
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
|
Examples
The following is sample output of the show ip casa affinities command:
Router# show ip casa affinities
Source Address Port Dest Address Port Prot
172.16.36.118 1118 172.16.56.13 19 TCP
172.16.56.13 19 172.16.36.118 1118 TCP
The following is sample output of the show ip casa affinities detail command:
Router# show ip casa affinities detail
Source Address Port Dest Address Port Prot
172.44.36.118 1118 172.16.56.13 19 TCP
Interest Addr: 172.16.56.19 Interest Port: 1638
Interest Packet: 0x0102 SYN FRAG
Interest Tickle: 0x0005 FIN RST
Dispatch (Layer 2): YES Dispatch Address: 172.26.56.33
Source Address Port Dest Address Port Prot
172.16.56.13 19 172.16.36.118 1118 TCP
Interest Addr: 172.16.56.19 Interest Port: 1638
Interest Packet: 0x0104 RST FRAG
Interest Tickle: 0x0003 FIN SYN
Dispatch (Layer 2): NO Dispatch Address: 10.0.0.0
Table 15 describes the significant fields shown in the display.
Table 15 show ip casa affinities Field Descriptions
Field
|
Description
|
Source Address
|
Source address of a given TCP connection.
|
Port
|
Source port of a given TCP connection.
|
Dest Address
|
Destination address of a given TCP connection.
|
Port
|
Destination of a given TCP connection.
|
Prot
|
Protocol of a given TCP connection.
|
Action Details
|
Actions to be taken on a match.
|
Interest Addr
|
Services manager address that is to receive interest packets for this affinity.
|
Interest Port
|
Services manager port to which interest packets are sent.
|
Interest Packet
|
List of TCP packet types of interest to the services manager is interested in.
|
Interest Tickle
|
List of TCP packet types for which the services manager wants the entire packet.
|
Dispatch (Layer 2)
|
Layer 2 destination information will be modified.
|
Dispatch Address
|
Address of the real server.
|
Related Commands
Command
|
Description
|
forwarding-agent
|
Specifies the port on which the forwarding agent will listen for wildcard and fixed affinities.
|
show ip casa oper
|
Displays operational information about the forwarding agent.
|
show ip casa oper
To display operational information about the forwarding agent, use the show ip casa oper command in user EXEC or privileged EXEC mode.
show ip casa oper
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(5)T
|
This command was introduced.
|
12.2SX
|
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
|
Examples
The following is sample output from the show ip casa oper command:
Router# show ip casa oper
Casa control address is 10.10.20.34/32
Casa multicast address is 239.1.1.1
Listening for wildcards on:
Current passwd:NONE Pending passwd:NONE
Passwd timeout:180 sec (Default)
Table 16 describes the significant fields shown in the display.
Table 16 show ip casa oper Field Descriptions
Field
|
Description
|
Casa is Active
|
The forwarding agent is active.
|
Casa control address
|
Unique address for this forwarding agent.
|
Casa multicast address
|
Services manager broadcast address.
|
Listening for wildcards on
|
Port on which the forwarding agent will listen.
|
Port
|
Services manager broadcast port.
|
Current passwd
|
Current password.
|
Pending passwd
|
Password that will override the current password.
|
Passwd timeout
|
Interval after which the pending password becomes the current password.
|
Related Commands
Command
|
Description
|
ip casa oper
|
Configures the router to function as an MNLB forwarding agent.
|
show ip casa stats
To display statistical information about the Forwarding Agent, use the show ip casa stats command in user EXEC or privileged EXEC mode.
show ip casa stats
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(5)T
|
This command was introduced.
|
12.2SX
|
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
|
Examples
The following is sample output of the show ip casa stats command:
Router# show ip casa stats
Wildcards: 6 Max Wildcards: 6
Wildcard Denies: 0 Wildcard Drops: 0
Pkts Throughput: 441 Bytes Throughput: 39120
Affinities: 2 Max Affinities: 2
Cache Hits: 444 Cache Misses: 0
Int Packet: 4 Int Tickle: 0
Casa Denies: 0 Drop Count: 0
Table 17 describes the significant fields shown in the display.
.
Table 17 show ip casa stats Field Descriptions
Field
|
Description
|
Casa is Active
|
The Forwarding Agent is active.
|
Wildcard Stats
|
Wildcard statistics.
|
Wildcards
|
Number of current wildcards.
|
Max Wildcards
|
Maximum number of wildcards since the Forwarding Agent became active.
|
Wildcard Denies
|
Protocol violations.
|
Wildcard Drops
|
Not enough memory to install wildcard.
|
Pkts Throughput
|
Number of packets passed through all wildcards.
|
Bytes Throughput
|
Number of bytes passed through all wildcards.
|
Affinity Stats
|
Affinity statistics.
|
Affinities
|
Current number of affinities.
|
Max Affinities
|
Maximum number of affinities since the forwarding agent became active.
|
Cache Hits
|
Number of packets that match wildcards and fixed affinities.
|
Cache Misses
|
Matched wildcard, missed fix.
|
Affinity Drops
|
Number of times an affinity could not be created.
|
Casa Stats
|
Forwarding agent statistics.
|
Int Packet
|
Interest packets.
|
Int Tickle
|
Interest tickles.
|
Casa Denies
|
Protocol violation.
|
Security Drops
|
Packets dropped due to password or authentication mismatch.
|
Drop Count
|
Number of messages dropped.
|
Related Commands
Command
|
Description
|
show ip casa oper
|
Displays operational information about the Forwarding Agent.
|
show ip casa wildcard
To display information about wildcard blocks, use the show ip casa wildcard command in user EXEC or privileged EXEC mode.
show ip casa wildcard [detail]
Syntax Description
detail
|
(Optional) Displays detailed statistics.
|
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(5)T
|
This command was introduced.
|
12.2SX
|
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
|
Examples
The following is sample output from the show ip casa wildcard command:
Router# show ip casa wildcard
Source Address Source Mask Port Dest Address Dest Mask Port Prot
10.0.0.0 0.0.0.0 0 172.16.56.2 255.255.255.255 0 ICMP
10.0.0.0 0.0.0.0 0 172.16.56.2 255.255.255.255 0 TCP
10.0.0.0 0.0.0.0 0 172.16.56.13 255.255.255.255 0 ICMP
10.0.0.0 0.0.0.0 0 172.16.56.13 255.255.255.255 0 TCP
172.16.56.2 255.255.255.255 0 10.0.0.0 0.0.0.0 0 TCP
172.16.56.13 255.255.255.255 0 10.0.0.0 0.0.0.0 0 TCP
The following is sample output from the show ip casa wildcard detail command:
Router# show ip casa wildcard detail
Source Address Source Mask Port Dest Address Dest Mask Port Prot
10.0.0.0 0.0.0.0 0 172.16.56.2 255.255.255.255 0 ICMP
Manager Addr: 172.16.56.19 Insert Time: 08:21:27 UTC 04/18/96
Affinity Count: 0 Interest Packet Timeouts: 0
Interest Addr: 172.16.56.19 Interest Port: 1638
Interest Packet: 0x8000 ALLPKTS
Interest Tickle: 0x0107 FIN SYN RST FRAG
Dispatch (Layer 2): NO Dispatch Address: 10.0.0.0
Advertise Dest Address: YES Match Fragments: NO
Source Address Source Mask Port Dest Address Dest Mask Port Prot
10.0.0.0 0.0.0.0 0 172.16.56.2 255.255.255.255 0 TCP
Manager Addr: 172.16.56.19 Insert Time: 08:21:27 UTC 04/18/96
Affinity Count: 0 Interest Packet Timeouts: 0
Interest Addr: 172.16.56.19 Interest Port: 1638
Interest Packet: 0x8102 SYN FRAG ALLPKTS
Interest Tickle: 0x0005 FIN RST
Dispatch (Layer 2): NO Dispatch Address: 10.0.0.0
Advertise Dest Address: YES Match Fragments: NO
Note
If a filter is not set, the filter is not active.
Table 18 describes significant fields shown in the display.
Table 18 show ip casa wildcard Field Descriptions
Field
|
Description
|
Source Address
|
Source address of a given TCP connection.
|
Source Mask
|
Mask to apply to source address before matching.
|
Port
|
Source port of a given TCP connection.
|
Dest Address
|
Destination address of a given TCP connection.
|
Dest Mask
|
Mask to apply to destination address before matching.
|
Port
|
Destination port of a given TCP connection.
|
Prot
|
Protocol of a given TCP connection.
|
Service Manager Details
|
Services manager details.
|
Manager Addr
|
Source address of this wildcard.
|
Insert Time
|
System time at which this wildcard was inserted.
|
Affinity Statistics
|
Affinity statistics.
|
Affinity Count
|
Number of affinities created on behalf of this wildcard.
|
Interest Packet Timeouts
|
Number of unanswered interest packets.
|
Packet Statistics
|
Packet statistics.
|
Packets
|
Number of packets that match this wildcard.
|
Bytes
|
Number of bytes that match this wildcard.
|
Action Details
|
Actions to be taken on a match.
|
Interest Addr
|
Services manager that is to receive interest packets for this wildcard.
|
Interest Port
|
Services manager port to which interest packets are sent.
|
Interest Packet
|
List of packet types that the services manager is interested in.
|
Interest Tickle
|
List of packet types for which the services manager wants the entire packet.
|
Dispatch (Layer 2)
|
Layer 2 destination information will be modified.
|
Dispatch Address
|
Address of the real server.
|
Advertise Dest Address
|
Destination address.
|
Match Fragments
|
Indicates whether the wildcard matches fragments based on Boolean logic.
|
Related Commands
Command
|
Description
|
show ip casa oper
|
Displays operational information about the Forwarding Agent.
|
show ip dfp
To display information about Dynamic Feedback Protocol (DFP) agents and their subsystems, use the show ip dfp command in privileged EXEC mode.
show ip dfp [agent subsystem-name] [detail]
Syntax Description
agent subsystem-name
|
(Optional) Displays information about the specified DFP agent, such as slb for IOS SLB.
|
detail
|
(Optional) Displays detailed DFP agent information.
|
Defaults
If no options are specified, the command displays output for all DFP agents identified by ip dfp agent commands, regardless of whether those agents are currently in service (Inservice: yes) or active (AppActive: yes).
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.1(8a)E
|
This command was introduced.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.3(4)T
|
This command was integrated into Cisco IOS Release 12.3(4)T.
|
12.2(18)SXD
|
This command was integrated into Cisco IOS Release 12.2(18)SXD.
|
Usage Guidelines
Detailed output for the show ip dfp command includes information about all DFP agents configured with ip slb agent commands, regardless of whether those agents are currently in service.
Examples
The following example shows basic information for DFP agent slb:
Router# show ip dfp agent slb
DFP Agent for service: SLB
Current passwd: <none> Pending passwd: <none>
Inservice: yes AppActive: yes
Manager IP Address Timeout
------------------ -------
The following example shows detailed information for DFP agent slb:
Router# show ip dfp agent slb detail
DFP Agent for service: SLB
Current passwd: <none> Pending passwd: <none>
Inservice: yes AppActive: yes
Manager IP Address Timeout
------------------ -------
Weight Table Report for Agent SLB
Weights for Port: 80 Protocol: TCP
IP Address Bind ID Weight
--------------- ------- -------
Weights for Port: 0 (wildcard) Protocol: 0 (wildcard)
IP Address Bind ID Weight
--------------- ------- -------
Bind ID Table Report for Agent SLB
Bind IDs for Port: 80 Protocol: TCP
Bind ID Client IP Client Mask
------- --------------- ---------------
Table 19 describes the fields shown in the display.
Table 19 show ip dfp Field Descriptions
Field
|
Description
|
Port
|
TCP port number of the agent.
|
Interval
|
Number of seconds to wait before recalculating weights.
|
Current passwd
|
Current DFP password for Message Digest Algorithm Version 5 (MD5) authentication.
|
Pending passwd
|
Pending new DFP password for MD5 authentication.
|
Passwd timeout
|
Delay period, in seconds, during which both the current password and the new password are accepted.
|
Inservice
|
Indicates whether the DFP agent is enabled for communication with a DFP manager.
|
AppActive
|
Indicates whether the DFP agent is active.
|
Manager IP Address
|
IP address of the manager to which weights are being sent.
|
Timeout
|
Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout.
|
Weights for Port
|
Port for which the following weights are reported. 0 indicates a wildcard value.
|
Protocol
|
Protocol used for the port. 0 indicates a wildcard value.
|
IP Address
|
IP address for which weight is reported.
|
Bind ID
|
Bind ID associated with the IP address.
|
Weight
|
Weight calculated for the IP address.
|
Bind IDs for Port
|
Port for which the following bind IDs are reported.
|
Protocol
|
Protocol used for the port.
|
Bind ID
|
Bind ID of this instance of the real server.
|
Client IP
|
IP address of client using the virtual server.
|
Client Mask
|
IP network mask of client using the virtual server.
|
Related Commands
Command
|
Description
|
agent
|
Identifies a DFP agent to which IOS SLB can connect.
|
ip dfp agent
|
Identifies a DFP agent subsystem and initiates DFP agent configuration mode.
|
ip slb dfp
|
Configures DFP, supplies an optional password, and initiates DFP configuration mode.
|
show ip icmp rate-limit
To display all Internet Control Message Protocol (ICMP) unreachable destination messages or unreachable destination messages for a specified interface including the number of dropped packets, use the show ip icmp rate-limit command in privileged EXEC mode.
show ip icmp rate-limit [interface-type interface-number]
Syntax Description
interface-type
|
(Optional) Interface type. Type of interface to be configured.
Note Refer to the interface command in the Cisco IOS Interface and Hardware Component Command Reference, Release 12.4 for a list of interface types.
|
interface-number
|
(Optional) Port, connector, or interface card number. On Cisco 4700 series routers, specifies the network interface module (NIM) or network processor module (NPM) number. The numbers are assigned at the factory at the time of installation or when added to a system, and can be displayed with the show interfaces command.
|
Defaults
All unreachable statistics for all devices are displayed.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.4(2)T
|
This command was introduced.
|
12.2(31)SB2
|
This command was integrated into Cisco IOS Release 12.2(31)SB2.
|
Examples
The following is sample output when the show ip icmp rate-limit command is entered and unreachable messages are generated:
Router# show ip icmp rate-limit
DF bit unreachables All other unreachables
Interval (millisecond) 500 500
Interface # DF bit unreachables # All other unreachables
--------- --------------------- ------------------------
The greatest number of unreachables on Serial3/0/3 is 19.
The following is sample output when the show ip icmp rate-limit command is entered and the rate-limit interval has been set at 500. The packet threshold has been set at 1 by using the ip icmp rate-limit unreachable command, so the logging will display on the console when the threshold is exceeded. The total suppressed packets since last log message is displayed.
Router# show ip icmp rate-limit
00:04:18: %IP-3-ICMPRATELIMIT: 2 unreachables rate-limited within 60000 milliseconds on
Serial3/0/3. 17 log messages suppressed since last log message displayed on Serial3/0/3
Table 20 describes the significant fields shown in the display.
Table 20 show ip icmp rate-limit Field Descriptions
Field
|
Description
|
ICMPRATELIMIT
|
ICMP packets that are rate limited.
|
suppressed
|
Packets that have been suppressed because the destination is unreachable.
|
Related Commands
Command
|
Description
|
clear icmp rate-limit
|
Clears all ICMP unreachable destination messages or all messages for a specified interface.
|
ip icmp rate-limit unreachable
|
Limits the rate at which ICMP unreachable messages are generated for a destination.
|
show ip redirects
To display the address of a default gateway (router) and the address of hosts for which an Internet Control Message Protocol (ICMP) redirect message has been received, use the show ip redirects command in user EXEC or privileged EXEC mode.
show ip redirects
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2SX
|
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
|
Usage Guidelines
This command displays the default router (gateway) as configured by the ip default-gateway command.
The ip mtu command enables the router to send ICMP redirect messages.
Examples
The following is sample output from the show ip redirects command:
Router# show ip redirects
Default gateway is 172.16.80.29
Host Gateway Last Use Total Uses Interface
172.16.1.111 172.16.80.240 0:00 9 Ethernet0
172.16.1.4 172.16.80.240 0:00 4 Ethernet0
Related Commands
Command
|
Description
|
ip default-gateway
|
Defines a default gateway (router) when IP routing is disabled.
|
ip mtu
|
Enables the sending of ICMP redirect messages if the Cisco IOS software is forced to resend a packet through the same interface on which it was received.
|
show ip sctp association list
Note
Effective with Cisco IOS Release 12.4(11)T, the show ip sctp association list command is replaced by the show sctp association list command. See the show sctp association list command for more information.
To display identifiers and information for current Stream Control Transmission Protocol (SCTP) associations and instances, use the show ip sctp association list command in privileged EXEC mode.
show ip sctp association list
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.2(2)MB
|
This command was introduced as part of the show ip sctp command.
|
12.2(2)T
|
This command was changed to the show ip sctp association list command.
|
12.2(4)T
|
This command was integrated into Cisco IOS Release 12.2(4)T.
|
12.2(8)T
|
This command was implemented on the following platforms: Cisco 2600 series, Cisco 3600 series, and Cisco 7200 series. Support for the Cisco AS5300 is not included in this release.
|
12.2(11)T
|
This command was integrated into Cisco IOS Release 12.2(11)T.
|
12.4(11)T
|
This command was replaced by the show sctp association list command.
|
12.4(15)T
|
This command was moved to the Cisco IOS IP Application Services Command Reference.
|
Usage Guidelines
Use this command to display the current SCTP association and instance identifiers, the current state of SCTP associations, and the local and remote port numbers and addresses that are used in the associations.
Examples
The following is sample output from this command for three association identifiers:
Router# show ip sctp association list
*** SCTP Association List ****
Current state:ESTABLISHED
Local port:8989, Addrs:10.1.0.2 10.2.0.2
Remote port:8989, Addrs:10.6.0.4 10.5.0.4
Current state:ESTABLISHED
Local port:8989, Addrs:10.1.0.2 10.2.0.2
Remote port:8990, Addrs:10.6.0.4 10.5.0.4
Current state:ESTABLISHED
Local port:8989, Addrs:10.1.0.2 10.2.0.2
Remote port:8991, Addrs:10.6.0.4 10.5.0.4
Table 21 describes the significant fields shown in the display.
Table 21 show ip sctp association list Field Descriptions
Field
|
Description
|
Assoc ID
|
SCTP association identifier.
|
Instance ID
|
SCTP association instance identifier.
|
Current state
|
SCTP association state, which can be ESTABLISHED, CLOSED, COOKIE-WAIT, and COOKIE-ECHOED.
|
Local port, Addrs
|
Port and IP address for the local SCTP endpoint.
|
Remote port, Addrs
|
Port and IP address for the remote SCTP endpoint.
|
Related Commands
Command
|
Description
|
clear ip sctp statistics
|
Clears statistics counts for SCTP.
|
debug ip sctp api
|
Reports SCTP diagnostic information and messages.
|
show ip sctp association parameters
|
Displays the parameters configured for the association defined by the association identifier.
|
show ip sctp association statistics
|
Displays the current statistics for the association defined by the association identifier.
|
show ip sctp errors
|
Displays error counts logged by SCTP.
|
show ip sctp instances
|
Displays the currently defined SCTP instances.
|
show ip sctp statistics
|
Displays the overall statistics counts for SCTP.
|
show iua as
|
Displays information about the current condition of an application server.
|
show iua asp
|
Displays information about the current condition of an application server process.
|
show ip sctp association parameters
Note
Effective with Cisco IOS Release 12.4(11)T, the show ip sctp association parameters command is replaced by the show sctp association parameters command. See the show sctp association parameters command for more information.
To display configured and calculated parameters for the specified Stream Control Transmission Protocol (SCTP) association, use the show ip sctp association parameters command in privileged EXEC mode.
show ip sctp association parameters assoc-id
Syntax Description
assoc-id
|
Association identifier. Shows the associated ID statistics for the SCTP association.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.2(2)MB
|
This command was introduced as part of the show ip sctp command.
|
12.2(2)T
|
This command was changed to the show ip sctp association parameters command.
|
12.2(4)T
|
This command was integrated into Cisco IOS Release 12.2(4)T.
|
12.2(8)T
|
Three new output fields were added to this command: Outstanding bytes, per destination address; Round trip time (RTT), per destination address; and Smoothed round trip time (SRTT), per destination address.
|
12.2(11)T
|
This command was integrated into Cisco IOS Release 12.2(11)T and support was added for the Cisco AS5300 and Cisco AS5850.
|
12.2(15)T
|
This command was implemented on the Cisco 2420, Cisco 2600 series, Cisco 3600 series, and Cisco 3700 series; and Cisco AS5300, Cisco AS5350, Cisco AS5400, and Cisco AS5850 network access server (NAS) platforms.
|
12.4(11)T
|
This command was replaced by the show sctp association parameters command.
|
12.4(15)T
|
This command was moved to the Cisco IOS IP Application Services Command Reference.
|
Usage Guidelines
The show ip sctp association parameters command provides information to determine the stability of SCTP associations, dynamically calculated statistics about destinations, and values to assess network congestion. This command also displays parameter values for the specified association.
This command requires an association identifier. Association identifiers can be obtained from the output of the show ip sctp association list command.
Many parameters are defined for each association. Some are configured parameters, and others are calculated. Three main groupings of parameters are displayed by this command:
•
Association configuration parameters
•
Destination address parameters
•
Association boundary parameters
The association configuration section displays information similar to that in the show ip sctp association list command, including association identifiers, state, and local and remote port and address information. The current primary destination is also displayed.
Examples
The following sample output shows the IP SCTP association parameters for association 0:
Router# show ip sctp association parameters 0
** SCTP Association Parameters **
AssocID: 0 Context: 0 InstanceID: 1
Assoc state: ESTABLISHED Uptime: 19:05:57.425
Local addresses: 10.1.0.3 10.2.0.3
Primary dest addr: 10.5.0.4
Effective primary dest addr: 10.5.0.4
Heartbeats: Enabled Timeout: 30000 ms
RTO/RTT/SRTT: 1000/16/38 ms TOS: 0 MTU: 1500
cwnd: 5364 ssthresh: 3000 outstand: 768
Num retrans: 0 Max retrans: 5 Num times failed: 0
Heartbeats: Enabled Timeout: 30000 ms
RTO/RTT/SRTT: 1000/4/7 ms TOS: 0 MTU: 1500
cwnd: 3960 ssthresh: 3000 outstand: 0
Num retrans: 0 Max retrans: 5 Num times failed: 0
Local vertag: 9A245CD4 Remote vertag: 2A08D122
Num inbound streams: 10 outbound streams: 10
Max assoc retrans: 5 Max init retrans: 8
CumSack timeout: 200 ms Bundle timeout: 100 ms
Min RTO: 1000 ms Max RTO: 60000 ms
LocalRwnd: 18000 Low: 13455 RemoteRwnd: 15252 Low: 13161
Congest levels: 0 current level: 0 high mark: 325
Table 22 describes the significant fields shown in the display.
Table 22 show ip sctp association parameters Field Descriptions
Field
|
Description
|
AssocID
|
SCTP association identifier.
|
Context
|
Internal upper-layer handle.
|
InstanceID
|
SCTP association instance identifier.
|
Assoc state
|
SCTP association state, which can be ESTABLISHED, CLOSED, COOKIE-WAIT, and COOKIE-ECHOED.
|
Uptime
|
How long the association has been active.
|
Local port
|
Port number for the local SCTP endpoint.
|
Local addresses
|
IP addresses for the local SCTP endpoint.
|
Remote port
|
Port number for the remote SCTP endpoint.
|
Primary dest addr
|
Primary destination address.
|
Effective primary dest addr
|
Current primary destination address.
|
Heartbeats
|
Status of heartbeats.
|
Timeout
|
Heartbeat timeout.
|
RTO/RTT/SRTT
|
Retransmission timeout, round trip time, and smoothed round trip time, calculated from network feedback.
|
TOS
|
IP precedence setting.
|
MTU
|
Maximum transmission unit size, in bytes, that a particular interface can handle.
|
cwnd
|
Congestion window value calculated from network feedback. This value is the maximum amount of data that can be outstanding in the network for that particular destination.
|
ssthresh
|
Slow-start threshold value calculated from network feedback.
|
outstand
|
Number of outstanding bytes.
|
Num retrans
|
Current number of times that data has been retransmitted to that address.
|
Max retrans
|
Maximum number of times that data has been retransmitted to that address.
|
Num times failed
|
Number of times that the address has been marked as failed.
|
Local vertag, Remote vertag
|
Verification tags (vertags). Tags are chosen during association initialization and do not change.
|
Num inbound streams, Num outbound streams
|
Maximum inbound and outbound streams. This number does not change.
|
Max assoc retrans
|
Maximum association retransmit limit. Number of times that any particular chunk may be retransmitted before a declaration that the association failed, which indicates that the chunk could not be delivered on any address.
|
Max init retrans
|
Maximum initial retransmit limit. Number of times that the chunks for initialization may be retransmitted before a declaration that the attempt to establish the association failed.
|
CumSack timeout
|
Cumulative selective acknowledge (SACK) timeout. The maximum time that a SACK may be delayed while attempting to bundle together with data chunks.
|
Bundle timeout
|
Maximum time that data chunks may be delayed while attempts are made to bundle them with other data chunks.
|
Min RTO, Max RTO
|
Minimum and maximum retransmit timeout values allowed for the association.
|
LocalRwnd, RemoteRwnd
|
Local and remote receive windows.
|
Congest levels: current level, high mark
|
Current congestion level and highest number of packets queued.
|
Related Commands
Command
|
Description
|
clear ip sctp statistics
|
Clears statistics counts for SCTP.
|
debug ip sctp api
|
Reports SCTP diagnostic information and messages.
|
show ip sctp association list
|
Displays a list of all current SCTP associations.
|
show ip sctp association statistics
|
Displays the current statistics for the association defined by the association identifier.
|
show ip sctp errors
|
Displays error counts logged by SCTP.
|
show ip sctp instances
|
Displays all currently defined SCTP instances.
|
show ip sctp statistics
|
Displays overall statistics counts for SCTP.
|
show iua as
|
Displays information about the current condition of an application server.
|
show iua asp
|
Displays information about the current condition of an application server process.
|
show ip sctp association statistics
Note
Effective with Cisco IOS Release 12.4(11)T, the show ip sctp association statistics command is replaced by the show sctp association statistics command. See the show sctp association statistics command for more information.
To display statistics that have accumulated for the specified Stream Control Transmission Protocol (SCTP) association, use the show ip sctp association statistics command in privileged EXEC mode.
show ip sctp association statistics assoc-id
Syntax Description
assoc-id
|
Association identifier, which can be obtained from the output of the show ip sctp association list command.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.2(2)MB
|
This command was introduced as part of the show ip sctp command.
|
12.2(2)T
|
This command was changed to the show ip sctp association statistics command.
|
12.2(4)T
|
This command was integrated into Cisco IOS Release 12.2(4)T.
|
12.2(8)T
|
Two new output fields were added to this command: Number of unordered data chunks sent and Number of unordered data chunks received. Support for the Cisco AS5300, Cisco AS5350, Cisco AS5400, and Cisco AS5850 is not included in this release.
|
12.2(11)T
|
This command was implemented on the Cisco AS5300, Cisco AS5350, Cisco AS5400, and Cisco AS5850.
|
12.4(11)T
|
This command was replaced by the show sctp association statistics command.
|
12.4(15)T
|
This command was moved to the Cisco IOS IP Application Services Command Reference.
|
Usage Guidelines
This command shows only the information that has become available since the last time a clear ip sctp statistics command was executed.
Examples
The following sample output shows the statistics accumulated for SCTP association 0:
Router# show ip sctp association statistics 0
** SCTP Association Statistics **
Current State: ESTABLISHED
Sent: 623874 Rcvd: 660227
Total: 14235644 Retransmitted: 60487
Ordered: 6369678 Unordered: 6371263
Avg bundled: 18 Total Bytes: 640603980
Total: 14496585 Discarded: 1755575
Ordered: 6369741 Unordered: 6371269
Avg bundled: 18 Total Bytes: 652346325
Sent: 12740941 Ready: 12740961 Rcvd: 12740941
Table 23 describes the significant fields shown in the display.
Table 23 show ip sctp association statistics Field Descriptions
Field
|
Description
|
AssocID/InstanceID
|
SCTP association identifier and instance identifier.
|
Current State
|
State of SCTP association.
|
Control Chunks
|
SCTP control chunks sent and received.
|
Data Chunks Sent
|
SCTP data chunks sent, ordered and unordered.
|
Data Chunks Rcvd
|
SCTP data chunks received, ordered and unordered.
|
ULP Dgrams
|
Number of datagrams sent, ready, and received by the Upper-Layer Protocol (ULP).
|
Related Commands
Command
|
Description
|
clear ip sctp statistics
|
Clears statistics counts for SCTP.
|
debug ip sctp api
|
Reports SCTP diagnostic information and messages.
|
show ip sctp association list
|
Displays a list of all current SCTP associations.
|
show ip sctp association parameters
|
Displays the parameters configured for the association defined by the association identifier.
|
show ip sctp errors
|
Displays error counts logged by SCTP.
|
show ip sctp instances
|
Displays all currently defined SCTP instances.
|
show ip sctp statistics
|
Displays overall statistics counts for SCTP.
|
show iua as
|
Displays information about the current condition of an application server.
|
show iua asp
|
Displays information about the current condition of an application server process.
|
show ip sctp errors
Note
Effective with Cisco IOS Release 12.4(11)T, the show ip sctp errors command is replaced by the show sctp errors command. See the show sctp errors command for more information.
To display the error counts logged by the Stream Control Transmission Protocol (SCTP), use the show ip sctp errors command in privileged EXEC mode.
show ip sctp errors
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.2(2)MB
|
This command was introduced as part of the show ip sctp command.
|
12.2(2)T
|
This command was changed to the show ip sctp errors command.
|
12.2(4)T
|
This command was integrated into Cisco IOS Release 12.2(4)T.
|
12.2(8)T
|
This command was integrated into Cisco IOS Release 12.2(8)T. Support for the Cisco AS5300, Cisco AS5350, Cisco AS5400, and Cisco AS5850 is not included in this release.
|
12.2(11)T
|
This command was implemented on the Cisco AS5300, Cisco AS5350, Cisco AS5400, and Cisco AS5850.
|
12.4(11)T
|
This command was replaced by the show sctp errors command.
|
12.4(15)T
|
This command was moved to the Cisco IOS IP Application Services Command Reference.
|
Usage Guidelines
This command displays all errors across all associations that have been logged since the last time that the SCTP statistics were cleared with the clear ip sctp statistics command. If no errors have been logged, this is indicated in the output.
Examples
The following sample output shows a session with no errors:
Router# show ip sctp errors
*** SCTP Error Statistics ****
The following sample output shows a session that has SCTP errors:
Router# show ip sctp errors
** SCTP Error Statistics **
Invalid verification tag: 5
Destination Address Failed: 3
Unknown INIT params rcvd: 16
Invalid cookie signature: 5
Field descriptions are self-explanatory.
Related Commands
Command
|
Description
|
clear ip sctp statistics
|
Clears statistics counts for SCTP.
|
debug ip sctp api
|
Reports SCTP diagnostic information and messages.
|
show ip sctp association list
|
Displays a list of all current SCTP associations.
|
show ip sctp association parameters
|
Displays the parameters configured for the association defined by the association ID.
|
show ip sctp association statistics
|
Displays the current statistics for the association defined by the association ID.
|
show ip sctp instances
|
Displays the currently defined SCTP instances.
|
show ip sctp statistics
|
Displays overall statistics counts for SCTP.
|
show iua as
|
Displays information about the current condition of an AS.
|
show iua asp
|
Displays information about the current condition of an ASP.
|
show ip sctp instances
Note
Effective with Cisco IOS Release 12.4(11)T, the show ip sctp instances command is replaced by the show sctp instances command. For more information, see the show sctp instances command.
To display information for each of the currently configured Stream Control Transmission Protocol (SCTP) instances, use the show ip sctp instances command in privileged EXEC mode.
show ip sctp instances
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.2(2)MB
|
This command was introduced as part of the show ip sctp command.
|
12.2(2)T
|
This command was changed to the show ip sctp instances command.
|
12.2(4)T
|
This command was integrated into Cisco IOS Release 12.2(4)T.
|
12.2(8)T
|
This command was integrated into Cisco IOS Release 12.2(8)T. Support for the Cisco AS5300, Cisco AS5350, Cisco AS5400, and Cisco AS5850 is not included in this release.
|
12.2(11)T
|
This command was implemented on the Cisco AS5300, Cisco AS5350, Cisco AS5400, and Cisco AS5850.
|
12.4(11)T
|
This command was replaced by the show sctp instances command.
|
12.4(15)T
|
This command was moved to the Cisco IOS IP Application Services Command Reference.
|
Usage Guidelines
This command displays information for each of the currently configured instances. The instance number, local port, and address information are displayed. The instance state is either available or deletion pending. An instance enters the deletion pending state when a request is made to delete it but there are currently established associations for that instance. The instance cannot be deleted immediately and instead enters the pending state. No new associations are allowed in this instance, and when the last association is terminated or fails, the instance is deleted.
The default inbound and outbound stream numbers are used for establishing incoming associations, and the maximum number of associations allowed for this instance is shown. Then a snapshot of each existing association is shown, if any exists.
Effective with Cisco IOS Release 12.4(11)T, if you enter the show ip sctp instances command, you must type the complete word instances in the command syntax.
Examples
The following sample output shows available IP SCTP instances. In this example, two current instances are active and available. The first is using local port 8989, and the second is using 9191. Instance identifier 0 has three current associations, and instance identifier 1 has no current associations.
Router# show ip sctp instances
Instance ID:0 Local port:8989
Local addrs:10.1.0.2 10.2.0.2
Default streams inbound:1 outbound:1
Current associations: (max allowed:6)
AssocID:0 State:ESTABLISHED Remote port:8989
Dest addrs:10.6.0.4 10.5.0.4
AssocID:1 State:ESTABLISHED Remote port:8990
Dest addrs:10.6.0.4 10.5.0.4
AssocID:2 State:ESTABLISHED Remote port:8991
Dest addrs:10.6.0.4 10.5.0.4
Instance ID:1 Local port:9191
Local addrs:10.1.0.2 10.2.0.2
Default streams inbound:1 outbound:1
No current associations established for this instance.
Field descriptions are self-explanatory.
Related Commands
Command
|
Description
|
clear ip sctp statistics
|
Clears statistics counts for SCTP.
|
debug ip sctp api
|
Reports SCTP diagnostic information and messages.
|
show ip sctp association list
|
Displays a list of all current SCTP associations.
|
show ip sctp association parameters
|
Displays the parameters configured for the association defined by the association identifier.
|
show ip sctp association statistics
|
Displays the current statistics for the association defined by the association identifier.
|
show ip sctp errors
|
Displays error counts logged by SCTP.
|
show ip sctp statistics
|
Displays the overall statistics counts for SCTP.
|
show iua as
|
Displays information about the current condition of an AS.
|
show iua asp
|
Displays information about the current condition of an ASP.
|
show ip sctp statistics
Note
Effective with Cisco IOS Release 12.4(11)T, the show ip sctp statistics command is replaced by the show sctp statistics command. See the show sctp statistics command for more information.
To display the overall statistics counts for Stream Control Transmission Protocol (SCTP) activity, use the show ip sctp statistics command in privileged EXEC mode.
show ip sctp statistics
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.2(2)MB
|
This command was introduced as part of the show ip sctp command.
|
12.2(2)T
|
This command was changed to the show ip sctp statistics command.
|
12.2(4)T
|
This command was integrated into Cisco IOS Release 12.2(4)T.
|
12.2(8)T
|
This command was integrated into Cisco IOS Release 12.2(8)T. Support for the Cisco AS5300, Cisco AS5350, Cisco AS5400, and Cisco AS5850 is not included in this release.
|
12.2(11)T
|
This command is supported on the Cisco AS5300, Cisco AS5350, Cisco AS5400, and Cisco AS5850 in this release.
|
12.4(11)T
|
This command was replaced by the show sctp statistics command.
|
12.4(15)T
|
This command was moved to the Cisco IP Application Services Command Reference.
|
Usage Guidelines
This command displays the overall SCTP statistics accumulated since the last clear ip sctp statistics command. It includes numbers for all currently established associations, and for any that have been terminated. The statistics indicated are similar to those shown for individual associations.
Examples
The following sample output shows IP SCTP statistics:
Router# show ip sctp statistics
*** SCTP Overall Statistics ****
Data Chunks Rcvd In Seq: 538
Data Chunks Rcvd Out of Seq: 0
Total Data Chunks Sent: 538
Total Data Chunks Rcvd: 538
Total Data Bytes Sent: 53800
Total Data Bytes Rcvd: 53800
Total Data Chunks Discarded: 0
Total Data Chunks Retrans: 0
Total SCTP Dgrams Sent: 1561
Total SCTP Dgrams Rcvd: 2228
Total ULP Dgrams Sent: 538
Total ULP Dgrams Ready: 538
Total ULP Dgrams Rcvd: 538
Field descriptions are self-explanatory.
Related Commands
Command
|
Description
|
clear ip sctp statistics
|
Clears statistics counts for SCTP.
|
debug ip sctp api
|
Reports SCTP diagnostic information and messages.
|
show ip sctp association list
|
Displays a list of all current SCTP associations.
|
show ip sctp association parameters
|
Displays the parameters configured and calculated for the association defined by the association identifier.
|
show ip sctp association statistics
|
Displays the current statistics for the association defined by the association identifier.
|
show ip sctp errors
|
Displays error counts logged by SCTP.
|
show ip sctp instances
|
Displays all currently defined SCTP instances.
|
show iua as
|
Displays information about the current condition of an AS.
|
show iua asp
|
Displays information about the current condition of an ASP.
|
show ip slb conns
To display the active IOS Server Load Balancing (IOS SLB) connections (or sessions, in GPRS load balancing and the Home Agent Director), use the show ip slb conns command in privileged EXEC mode.
show ip slb conns [vserver virtual-server | client ip-address | firewall firewall-farm] [detail]
Syntax Description
vserver virtual-server
|
(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified virtual server.
|
client ip-address
|
(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified client IP address.
|
firewall firewall-farm
|
(Optional) Displays only those connections (or sessions, in GPRS load balancing and the Home Agent Director) associated with the specified firewall farm.
|
detail
|
(Optional) Displays detailed information about the connection (or session, in GPRS load balancing and the Home Agent Director).
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced.
|
12.1(5)T
|
This command was integrated into Cisco IOS Release 12.1(5)T.
|
12.2
|
This command was integrated into Cisco IOS Release 12.2.
|
12.1(7)E
|
The firewall keyword and firewall-farm argument were added.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Usage Guidelines
If no options are specified, the command displays output for all active IOS SLB connections (or sessions, in GPRS load balancing and the Home Agent Director).
Examples
The following is sample output from the show ip slb conns command:
Router# show ip slb conns
vserver prot client real state
----------------------------------------------------------------------------
TEST TCP 10.150.72.183:328 10.80.90.25:80 INIT
TEST TCP 10.250.167.226:423 10.80.90.26:80 INIT
TEST TCP 10.234.60.239:317 10.80.90.26:80 ESTAB
TEST TCP 10.110.233.96:747 10.80.90.26:80 ESTAB
TEST TCP 10.162.0.201:770 10.80.90.30:80 CLOSING
TEST TCP 10.22.225.219:995 10.80.90.26:80 CLOSING
TEST TCP 10.2.170.148:169 10.80.90.30:80 ZOMBIE
Table 24 describes the fields shown in the display.
Table 24 show ip slb conns Field Descriptions
Field
|
Description
|
vserver
|
Name of the virtual server associated with the connection (or session, in GPRS load balancing and the Home Agent Director).
|
prot
|
Protocol being used by the connection (or session, in GPRS load balancing and the Home Agent Director).
|
client
|
Client IP address associated with the connection (or session, in GPRS load balancing and the Home Agent Director).
|
real
|
Real server IP address associated with the connection (or session, in GPRS load balancing and the Home Agent Director).
|
state
|
Current state of the connection (or session, in GPRS load balancing and the Home Agent Director).
• CLOSING—The connection is closing.
• ESTAB—The connection has been established and is operational.
• INIT—The connection is being initialized.
• ZOMBIE—The connection is currently pending destruction (awaiting a timeout or some other condition to be met).
|
show ip slb dfp
To display Dynamic Feedback Protocol (DFP) manager and agent information, such as passwords, timeouts, retry counts, and weights, use the show ip slb dfp command in privileged EXEC mode.
show ip slb dfp [agent agent-ip port | manager manager-ip | detail | weights]
Syntax Description
agent
|
(Optional) Displays information about an agent.
|
agent-ip
|
(Optional) Agent IP address.
|
port
|
(Optional) Agent TCP or User Datagram Protocol (UDP) port number.
|
manager
|
(Optional) Displays information about the specified manager.
|
manager-ip
|
(Optional) Manager IP address.
|
detail
|
(Optional) Displays all data available.
|
weights
|
(Optional) Displays information about weights assigned to real servers for load balancing.
|
Defaults
If no options are specified, the command displays summary information.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced.
|
12.1(5)T
|
This command was integrated into Cisco IOS Release 12.1(5)T.
|
12.2
|
This command was integrated into Cisco IOS Release 12.2.
|
12.1(5a)E
|
The manager keyword and manager-ip argument were added.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Usage Guidelines
If no options are specified, the command displays summary information.
Examples
The following sample output from the show ip slb dfp command displays high-level information about all DFP agents and managers:
Current passwd:NONE Pending passwd:NONE
Agent IP Port Timeout Retry Count Interval
---------------------------------------------------------------
172.16.2.34 61936 0 0 180 (Default)
Table 25 describes the fields shown in the display.
Table 25 show ip slb dfp Field Descriptions
Field
|
Description
|
DFP Manager
|
Indicates that the following information applies to the DFP manager.
|
Current passwd
|
Current password for the DFP manager, if any.
|
Pending passwd
|
Pending password for the DFP manager, if any.
|
Passwd timeout
|
For the DFP manager, delay period, in seconds, during which both the current password and the pending password are accepted.
|
Agent IP
|
IP address of the agent about which information is being displayed.
|
Port
|
TCP or UDP port number of the agent. The valid range is 1 to 65535.
|
Timeout
|
Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout.
|
Retry Count
|
Number of times the DFP manager attempts to establish the TCP connection to the DFP agent. A value of 0 means there are infinite retries.
|
Interval
|
Interval, in seconds, between retries.
|
The following example displays detailed information about DFP agents and managers:
Router# show ip slb dfp detail
Current passwd <none> Pending passwd <none>
% No DFP Agents configured
Table 26 describes the fields shown in the display.
Table 26 show ip slb dfp detail Field Descriptions
Field
|
Description
|
DFP Manager
|
Indicates that the following information applies to the DFP manager.
|
Current passwd
|
Current DFP password for MD5 authentication.
|
Pending passwd
|
Pending new DFP password for MD5 authentication.
|
Passwd timeout
|
Delay period, in seconds, during which both the current password and the pending password are accepted.
|
Unexpected errors
|
Number of unexpected errors encountered by the DFP manager.
|
No DFP Agents configured
|
Indicates that there are no DFP agents associated with the DFP manager.
|
The following example displays detailed information about DFP manager 10.0.0.0:
Router# show ip slb dfp manager 10.0.0.0
DFP Manager 10.0.0.0 Connection state Connected
Last message sent 033537 UTC 01/02/00
Table 27 describes the fields shown in the display.
Table 27 show ip slb dfp manager Field Descriptions
Field
|
Description
|
DFP Manager
|
Indicates that the following information applies to the DFP manager.
|
Connection state
|
Current connection state of the DFP manager.
|
Timeout
|
Time period, in seconds, during which the DFP manager must receive an update from the DFP agent. A value of 0 means there is no timeout.
|
Last message sent
|
Date and time of the last message sent by the DFP manager.
|
The following example displays detailed information about weights assigned to real servers for load balancing:
Router# show ip slb dfp weights
Real IP Address 10.0.10.10 Protocol TCP Port 22 Bind_ID 111 Weight 111
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.17.17.17 Protocol TCP Port www Bind_ID 1 Weight 1
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.68.68.68 Protocol TCP Port www Bind_ID 4 Weight 4
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Real IP Address 10.85.85.85 Protocol TCP Port www Bind_ID 5 Weight 5
Set by Agent 172.16.2.3458490 at 132241 UTC 12/03/99
Table 28 describes the fields shown in the display.
Table 28 show ip slb dfp weights Field Descriptions
Field
|
Description
|
Real IP Address
|
IP address of the real server for which weight is reported.
|
Protocol
|
Protocol used for the port.
|
Port
|
Port for which the following bind ID is being reported.
|
Bind_ID
|
Bind ID of this instance of the real server.
|
Weight
|
Weight calculated for the real IP address.
|
Set by Agent
|
Agent that set the weight, and the date and time the weight was set.
|
show ip slb firewallfarm
To display firewall farm information, use the show ip slb firewallfarm command in privileged EXEC mode.
show ip slb firewallfarm [detail]
Syntax Description
detail
|
(Optional) Displays detailed information.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.1(3a)E
|
This command was introduced.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Examples
The following is sample output from the show ip slb firewallfarm command:
Router# show ip slb firewallfarm
firewall farm hash state reals
------------------------------------------------
FIRE1 IPADDR OPERATIONAL 2
Table 29 describes the fields shown in the display.
Table 29 show ip slb firewallfarm Field Descriptions
Field
|
Description
|
firewall farm
|
Name of the firewall farm.
|
hash
|
Load-balancing algorithm used to select a firewall for the firewall farm:
• IPADDR—Uses the source and destination IP addresses in the algorithm.
• IPADDRPORT—Uses the source and destination TCP or User Datagram Protocol (UDP) port numbers, in addition to the source and destination IP addresses, in the algorithm.
See the predictor hash address (firewall farm) command for more details.
|
state
|
Current state of the firewall farm:
• OPERATIONAL—Functioning properly.
• OUTOFSERVICE—Removed from the load-balancing predictor lists.
• STANDBY—Backup firewall farm, ready to become operational if the active firewall farm fails.
|
reals
|
Number of firewalls that are members of the firewall farm.
|
show ip slb fragments
To display information from the Cisco IOS Server Load Balancing (IOS SLB) fragment database, use the show ip slb fragments command in privileged EXEC mode.
show ip slb fragments
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.1(11b)E
|
This command was introduced.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Examples
The following sample output from the show ip slb fragments command shows fragment information for virtual server 10.11.11.11:
Router# show ip slb fragments
ip src id forward src nat dst nat
---------------------------------------------------------------------
10.11.2.128 12 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 13 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 14 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 15 10.11.2.128 10.11.11.11 10.11.2.128
10.11.2.128 16 10.11.2.128 10.11.11.11 10.11.2.128
Table 10 describes the fields shown in the display.
Table 30 show ip slb fragments Field Descriptions
Field
|
Description
|
ip src
|
Source IP address of the fragment.
|
id
|
IP ID of the fragment, set by the packet originator.
|
forward
|
IP address to which the fragment is being forwarded.
|
src nat
|
If using Network Address Translation (NAT), new source IP address after NAT.
|
dst nat
|
If using NAT, new destination IP address after NAT.
|
show ip slb gtp
To display IOS Server Load Balancing (IOS SLB) general packet radio service (GPRS) Tunneling Protocol (GTP) information, use the show ip slb gtp command in privileged EXEC mode.
show ip slb gtp {gsn [gsn-ip-address] | nsapi [nsapi-key] [detail]}
Syntax Description
gsn
|
(Optional) Displays IOS SLB database information for the specified gateway GPRS support node (GGSN) or serving GPRS support node (SGSN).
|
gsn-ip-address
|
(Optional) IP address of the GGSN or SGSN for which information is to be displayed. If you do not specify a gsn-ip-address, IOS SLB displays information for all GGSNs and SGSNs.
|
nsapi
|
(Optional) Displays IOS SLB database information for the specified Network Service Access Point Identifier (NSAPI).
|
nsapi-key
|
(Optional) Key of the NSAPI for which information is to be displayed. If you do not specify an nsapi-key, IOS SLB displays information for all NSAPIs.
|
detail
|
(Optional) Displays additional, more detailed information.
|
Defaults
If you specify gsn and you do not specify a gsn-ip-address, IOS SLB displays information for all GGSNs and SGSNs.
If you specify nsapi and you do not specify an nsapi-key, IOS SLB displays information for all NSAPIs.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.1(13)E3
|
This command was introduced.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Examples
The following is sample output from the show ip slb gtp gsn command for a specific GGSN or SGSN:
Router# show ip slb gtp gsn 10.0.0.0
type ip recovery-ie purging
------------------------------------------
Table 31 describes the fields shown in the display.
Table 31 show ip slb gtp gsn Field Descriptions
Field
|
Description
|
type
|
Type of GSN (either GGSN or SGSN).
|
ip
|
IP address of the GGSN or SGSN.
|
recovery-ie
|
Last seen recovery IE for this GGSN or SGSN.
|
purging
|
Indicates whether Packet Data Protocol (PDP) contexts belonging to this GGSN or SGSN are being purged as a result of path failure:
• Y (Yes)—PDP contexts are being purged.
• N (No)—PDP contexts are not being purged.
|
The following is sample output from the show ip slb gtp nsapi command:
Router# show ip slb gtp nsapi
nsapi key real nsapi count session count
-----------------------------------------------------------------
11111111111111F1 172.16.0.0 1 1
The following is sample output from the show ip slb gtp nsapi command for a specific NSAPI key:
Router# show ip slb gtp nsapi 11111111111111F1
nsapi key real nsapi count session count
-----------------------------------------------------------------
11111111111111F1 172.16.0.0 1 1
Table 32 describes the fields shown in the display.
Table 32 show ip slb gtp nsapi Field Descriptions
Field
|
Description
|
nsapi key
|
Key for the session. This is the IMSI.
|
real
|
Real server to which the session is assigned.
|
nsapi count
|
Number of NSAPIs bound to the session. This is the number of PDP contexts (mobile sessions) on the GGSN associated with the IMSI.
|
session count
|
Number of sessions to which the NSAPI is currently bound. Normally, the NSAPI is bound to one session, but it is bound to two sessions in transition during an update.
|
The following is sample output from the show ip slb gtp nsapi detail command:
Router# show ip slb gtp nsapi detail
IMSI key = 11111111111111F1, real = 172.16.0.1, nsapi count = 1, session count = 1
no vserver key client state seq
---------------------------------------------------------------------------
5 SERVER1 0009E8810009E881 10.0.0.0:2123 GTP_INIT 0
Table 33 describes the fields shown in the display.
Table 33 show ip slb gtp nsapi detail Field Descriptions
Field
|
Description
|
IMSI key
|
IMSI key for the session.
|
real
|
Real server to which the session is assigned.
|
nsapi count
|
Number of NSAPIs bound to the session. This is the number of PDP contexts (mobile sessions) on the GGSN associated with this IMSI.
|
session count
|
Number of sessions to which the NSAPI is currently bound. Normally, the NSAPI is bound to one session, but it is bound to two sessions in transition during an update.
|
no
|
NSAPI number.
|
vserver
|
Name of the virtual server.
|
key
|
Session key.
|
client
|
SGSN IP address and port number.
|
state
|
State of the session. Possible states are:
• GTP_ESTAB—The session has been established successfully.
• GTP_INIT—The PDP contexts have been deleted as a result of a delete request or a deletion in GGSN, and IOS SLB is waiting to destroy the session after the GTP_TIMEOUT.
• GTPIO_REQ_CLIENT—Waiting for a response from the real server.
|
seq
|
Sequence number in the last delete request.
|
show ip slb map
To display information about IOS SLB protocol maps, use the show ip slb map command in privileged EXEC mode.
show ip slb map [id]
Syntax Description
id
|
(Optional) Displays information about the specified map.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.2(33)SRB
|
This command was introduced.
|
Usage Guidelines
If no ID is specified, the command displays information about all maps.
Examples
The following is sample output from the show ip slb map command:
APN: Cisco.com, yahoo.com
PLMN ID(s): 11122, 444353
PLMN ID(s): 67523, 345222
Calling-station-id: "?919*"
Table 24 describes the fields shown in the display.
Table 34 show ip slb map Field Descriptions
Field
|
Description
|
ID
|
Identifier of the map about which information is being displayed. Information about each map is displayed on a separate line.
|
Service
|
Protocol associated with the map. Valid protocols are:
• GTP—For general packet radio service (GPRS) Tunneling Protocol (GTP) maps
• RADIUS—For RADIUS load balancing maps
|
APN
|
One or more access point names (APNs) associated with the GTP map
|
PLMN ID(s)
|
One or more public land mobile networks (PLMNs) associated with the GTP map.
|
SGSN access list
|
Serving GPRS Support Node (SGSN) access list associated with the GTP map.
|
PDP Type
|
One or more packet data protocol (PDP) types associated with the GTP map.
|
Calling-station-id
|
String to be matched against the calling station ID attribute in the RADIUS payload.
|
Username
|
String to be matched against the username attribute in the RADIUS payload.
|
show ip slb natpool
To display the IP Cisco IOS Server Load Balancing (IOS SLB) Network Address Translation (NAT) configuration, use the show ip slb natpool command in privileged EXEC mode.
show ip slb natpool [name pool] [detail]
Syntax Description
name pool
|
(Optional) Displays the specified NAT pool.
|
detail
|
(Optional) Lists all the interval ranges currently allocated in the client NAT pool.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.1(2)E
|
This command was introduced.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Examples
The following is sample output from the default show ip slb natpool command:
Router# show ip slb natpool
nat client B 209.165.200.225 1.1.1.6 1.1.1.8 Netmask 255.255.255.0
nat client A 10.1.1.1 1.1.1.5 Netmask 255.255.255.0
The following is sample output from the show ip slb natpool command with the detail keyword:
Router# show ip slb natpool detail
nat client A 1.1.1.1 1.1.1.5 Netmask 255.255.255.0
Start NAT Last NAT Count ALLOC/FREE
-------------------------------------------------------
10.1.1.1:11001 10.1.1.1:16333 0005333 ALLOC
10.1.1.1:16334 10.1.1.1:19000 0002667 ALLOC
10.1.1.1:19001 10.1.1.5:65535 0264675 FREE
nat client B 1.1.1.6 1.1.1.8 Netmask 255.255.255.0
Start NAT Last NAT Count ALLOC/FREE
-------------------------------------------------------
10.1.1.6:11001 10.1.1.6:16333 0005333 ALLOC
10.1.1.6:16334 10.1.1.6:19000 0002667 ALLOC
10.1.1.6:19001 10.1.1.8:65535 0155605 FREE
Table 35 describes the fields shown in the display.
Table 35 show ip slb natpool detail Field Descriptions
Field
|
Description
|
Start NAT
|
Starting NAT address in a range of addresses in the client NAT pool.
|
Last NAT
|
Last NAT address in a range of addresses in the client NAT pool.
|
Count
|
Number of NAT addresses in the range.
|
ALLOC/FREE
|
Indicates whether the range of NAT addresses has been allocated or is free.
|
Related Commands
Command
|
Description
|
ip slb natpool
|
Configures the IOS SLB NAT.
|
show ip slb probe
To display information about a Cisco IOS Server Load Balancing (IOS SLB) probe, use the show ip slb probe command in privileged EXEC mode.
show ip slb probe [name probe] [detail]
Syntax Description
name probe
|
(Optional) Displays information about the specified probe.
|
detail
|
(Optional) Displays detailed information, including the SA Agent operation ID, which you can correlate with the output of the show rtr operational-state command.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.1(2)E
|
This command was introduced.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Examples
The following is sample output from the show ip slb probe command:
Router# show ip slb probe
Server:Port State Outages Current Cumulative
----------------------------------------------------------------
10.10.4.1:0 OPERATIONAL 0 never 00:00:00
10.10.5.1:0 FAILED 1 00:00:06 00:00:06
Table 36 describes the fields shown in the display.
Table 36 show ip slb probe Field Descriptions
Field
|
Description
|
Server:Port
|
IP address and port of the real server.
|
State
|
Operational state of the probe:
• FAILED—The probe has succeeded in the past but has currently failed.
• OPERATIONAL—The probe is functioning normally.
• TESTING—The probe has never succeeded, due to no response. IOS SLB keeps no counters or timers for this state.
For a detailed listing of real server states, see the show ip slb reals command.
|
Outages
|
Number of intervals between successful probes.
|
Current
|
Time since the last probe success. That is, the duration (so far) of the current outage.
|
Cumulative
|
Total time the real server has been under test by the probe and has failed the probe test. This value is the sum of the Current time plus the total time of all previous outages.
|
show ip slb reals
To display information about the real servers, use the show ip slb reals command in privileged EXEC mode.
show ip slb reals [sfarm server-farm] [detail]
Syntax Description
sfarm server-farm
|
(Optional) Displays information about those real servers associated with the specified server farm or firewall farm.
|
detail
|
(Optional) Displays detailed information.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced.
|
12.1(5)T
|
This command was integrated into Cisco IOS Release 12.1(5)T.
|
12.2
|
This command was integrated into Cisco IOS Release 12.2.
|
12.1(13)E
|
The vserver keyword and virtual-server argument were replaced with the sfarm keyword and server-farm argument.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2(33)SRC
|
Output for the detail keyword for a real server in a server farm was updated to display the configured maximum number of connections allowed (rate).
|
Usage Guidelines
If no options are specified, the command displays information about all real servers.
In a configuration with stateful backup, if a probe changes state at the same time that the primary IOS SLB device fails over to the backup IOS SLB device, the output from the show ip slb reals command for the backup device displays the state of the probe before the failover, not the actual current state.
Examples
The following is sample output from the show ip slb reals command:
Router# show ip slb reals
real farm name weight state conns
--------------------------------------------------------------------
10.80.2.112 FRAG 8 OUTOFSERVICE 0
10.80.5.232 FRAG 8 OPERATIONAL 0
10.80.15.124 FRAG 8 OUTOFSERVICE 0
10.254.2.2 FRAG 8 OUTOFSERVICE 0
10.80.15.124 LINUX 8 OPERATIONAL 0
10.80.15.125 LINUX 8 OPERATIONAL 0
10.80.15.126 LINUX 8 OPERATIONAL 0
10.80.90.25 SRE 8 OPERATIONAL 220
10.80.90.26 SRE 8 OPERATIONAL 216
10.80.90.27 SRE 8 OPERATIONAL 216
10.80.90.28 SRE 8 TESTING 1
10.80.90.29 SRE 8 OPERATIONAL 221
10.80.90.30 SRE 8 OPERATIONAL 224
10.80.30.3 TEST 100 READY_TO_TEST 0
10.80.30.4 TEST 100 READY_TO_TEST 0
10.80.30.5 TEST 100 READY_TO_TEST 0
10.80.30.6 TEST 100 READY_TO_TEST 0
Table 37 describes the fields shown in the display.
Table 37 show ip slb reals Field Descriptions
Field
|
Description
|
real
|
IP address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line.
|
farm name
|
Name of the server farm or firewall farm with which the real server is associated.
|
weight
|
Weight assigned to the real server. The weight identifies the real server's capacity, relative to other real servers in the server farm.
|
state
|
Current state of the real server.
• DFP_THROTTLED—The Dynamic Feedback Protocol (DFP) agent sent a weight of 0 for this real server (send no further connections to this real server).
• FAILED—The real server has failed as a result of either no response or reset (RST) responses to client traffic. (See the faildetect numconns (real server) command for more information about controlling tolerance for no responses and RSTs.) The real server has been removed from use by the predictor algorithms. The retry timer has started.
• MAXCONNS_THROTTLE—The number of connections on the real server exceeds the configured maximum number of simultaneous active connections (maxconns).
• OPERATIONAL—The real server is functioning properly and is being used for load-balancing.
• OPER_WAIT—The real server is waiting to become operational (waiting for a timeout or some other condition to be met).
• OUTOFSERVICE—The real server was configured with no inservice and has been removed from the load-balancing predictor lists.
• PROBE_FAILED—The probe has succeeded in the past but has currently failed. This failure might occur at the same time user connections fail, or it might not.
• PROBE_TESTING—The probe has never succeeded, due to no response. The initial probe timed out waiting for a success.
|
| |
• READY_TO_TEST—The real server is queued for testing after being in FAILED state until the retry timer expired.
• TESTING—The real server is queued for assignment. When a single user connection is assigned to a real server that is in READY_TO_TEST state, the real server is placed in TESTING state. If the test succeeds, the real server is placed back in OPERATIONAL state.
• TEST_WAIT—The real server is waiting to begin testing (waiting for a timeout or some other condition to be met).
|
conns
|
Number of connections associated with the real server.
In general packet radio service (GPRS) load balancing, number of sessions associated with the real server.
In per-packet server load balancing, number of request packets that have been load balanced to each real server, using the connection count.
|
The following is sample output from the show ip slb reals detail command for a real server in a server farm:
Router# show ip slb reals detail
10.10.1.7, S, state = OPERATIONAL, type = server
conns = 0, dummy_conns = 0, maxconns = 4294967295
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
reassign = 3, retry = 60, rate = 100
failconn threshold = 8, failconn count = 0
failclient threshold = 2, failclient count = 0
total conns established = 0, total conn failures = 0
The following is sample output from the show ip slb reals detail command for a real server in a firewall farm:
Router# show ip slb reals detail
10.10.3.2, F, state = OPERATIONAL, type = firewall
conns = 0, dummy_conns = 0, maxconns = 4294967295
weight = 8, weight(admin) = 8, metric = 0, remainder = 0
total conns established = 8377, hash count = 0
interface FastEthernet1/0, MAC 0000.0c41.1063
Table 38 describes the fields shown in the above detail displays.
Table 38 show ip slb reals detail Field Descriptions
Field
|
Description
|
IP address
|
IP address of the real server about which information is being displayed. Used to identify each real server. Information about each real server is displayed on a separate line.
|
farm name
|
Name of the server farm or firewall farm with which the real server is associated.
|
state
|
Current state of the real server.
• DFP_THROTTLED—The Dynamic Feedback Protocol (DFP) agent sent a weight of 0 for this real server (send no further connections to this real server).
• FAILED—The real server has failed as a result of either no response or reset (RST) responses to client traffic. (See the faildetect numconns (real server) command for more information about controlling tolerance for no responses and RSTs.) The real server has been removed from use by the predictor algorithms. The retry timer has started.
• MAXCONNS_THROTTLE—The number of connections on the real server exceeds the configured maximum number of simultaneous active connections (maxconns).
• OPERATIONAL—The real server is functioning properly and is being used for load-balancing.
• OPER_WAIT—The real server is waiting to become operational (waiting for a timeout or some other condition to be met).
• OUTOFSERVICE—The real server was configured with no inservice and has been removed from the load-balancing predictor lists.
• PROBE_FAILED—The probe has succeeded in the past but has currently failed. This failure might occur at the same time user connections fail, or it might not.
• PROBE_TESTING—The probe has never succeeded, due to no response. The initial probe timed out waiting for a success.
• READY_TO_TEST—The real server is queued for testing after being in FAILED state until the retry timer expired.
• TESTING—The real server is queued for assignment. When a single user connection is assigned to a real server that is in READY_TO_TEST state, the real server is placed in TESTING state. If the test succeeds, the real server is placed back in OPERATIONAL state.
• TEST_WAIT—The real server is waiting to begin testing (waiting for a timeout or some other condition to be met).
|
type
|
Indicates whether the real server is associated with a server farm (server) or firewall farm (firewall).
|
conns
|
Number of connections associated with the real server.
In general packet radio service (GPRS) load balancing, number of sessions associated with the real server.
In per-packet server load balancing, number of request packets that have been load balanced to each real server, using the connection count.
|
dummy_conns
|
Internal counter used in debugging.
|
maxconns
|
Maximum number of active connections allowed on the real server at one time.
|
weight
|
Weight assigned to the real server. The weight identifies the real server's capacity, relative to other real servers in the server farm. This value could be changed by DFP.
|
weight(admin)
|
Configured (or default) weight assigned to the real server.
|
metric
|
Internal counter used in debugging.
|
remainder
|
Internal counter used in debugging.
|
reassign
|
Total number of consecutive unacknowledged SYNchronize sequence numbers (SYNs) or Create Packet Data Protocol (PDP) requests since the last time the clear ip slb counters command was issued.
|
retry
|
Interval, in seconds, to wait between the detection of a failure on the real server and the next attempt to connect to the server.
|
rate
|
Maximum number of connections per second allowed on the real server.
|
failconn threshold
|
Maximum number of consecutive connection failures allowed before the real server is considered to have failed.
|
failconn count
|
Total number of consecutive connection failures since the last time the clear ip slb counters command was issued.
|
failclient threshold
|
Maximum number of unique client connection failures allowed before the real server is considered to have failed.
|
failclient count
|
Total number of unique client connection failures since the last time the clear ip slb counters command was issued.
|
total conns established
|
Total number of successful connection assignments since the last time the clear ip slb counters command was issued.
|
total conn failures
|
Total number of unsuccessful connection assignments since the last time the clear ip slb counters command was issued.
|
server failures
|
Total number of times this real server has been marked failed.
|
hash count
|
Total number of times the hash algorithm has been called.
|
interface
|
Type of interface.
|
MAC
|
MAC address of the firewall.
|
show ip slb replicate
To display the Cisco IOS Server Load Balancing (IOS SLB) replication configuration, use the show ip slb replicate command in privileged EXEC mode.
show ip slb replicate
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.1(2)E
|
This command was introduced.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(14)ZA5
|
This command was modified to support slave replication.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Examples
The following is sample output from the show ip slb replicate command:
Router# show ip slb replicate
VS1, state = NORMAL, interval = 10
Slave Replication: Enabled
Slave Replication statistics:
conn updates transmitted: 0
update messages received: 0
update messages transmitted: 0
local = 10.1.1.1 remote = 10.2.2.2 port = 1024
current password = <none> pending password = <none>
password timeout = 180 sec (Default)
Casa Replication statistics:
conn updates transmitted: 0
update packets received: 0
update packets transmitted: 0
Table 39 describes the fields shown in the display.
Table 39 show ip slb replicate Field Descriptions
Field
|
Description
|
state
|
Current replication state of the virtual server:
• DUMPING—Dumping the connection table to the Hot Standby Router Protocol (HSRP) peer device.
• NORMAL—Functioning properly.
• PREEMPTING—Preparing to preempt the HSRP peer device and assume an active role.
|
interval
|
Replication buffering interval, in seconds.
|
Slave Replication
|
Indicates whether Slave Replication is enabled or disabled.
|
unsent conn updates
|
Number of Slave Replication or CASA Replication connection updates waiting to be sent.
|
conn updates received
|
Number of Slave Replication or CASA Replication connection updates received.
|
conn updates transmitted
|
Number of Slave Replication or CASA Replication connection updates sent.
|
update packets received
|
Number of Slave Replication or CASA Replication connection update packets received.
|
update packets transmitted
|
Number of Slave Replication or CASA Replication connection update packets sent.
|
local
|
Listening IP address for CASA Replication state exchange messages that are advertised.
|
remote
|
Destination IP address for all CASA Replication state exchange signals.
|
port
|
TCP or User Datagram Protocol (UDP) port number or port name for all CASA Replication state exchange signals.
|
current password
|
Current CASA Replication password for Message Digest Algorithm Version 5 (MD5) authentication, if any.
|
pending password
|
Pending CASA Replication password for MD5 authentication, if any.
|
failovers
|
Number of CASA Replication failovers detected.
|
Related Commands
Command
|
Description
|
request (HTTP probe)
|
Configures an HTTP probe to check the status of the real servers.
|
show ip slb serverfarms
To display information about the server farms, use the show ip slb serverfarms command in privileged EXEC mode.
show ip slb serverfarms [name serverfarm-name] [detail]
Syntax Description
name
|
(Optional) Displays information about only a particular server farm.
|
serverfarm-name
|
(Optional) Name of the server farm.
|
detail
|
(Optional) Displays detailed server farm information.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced.
|
12.1(5)T
|
This command was integrated into Cisco IOS Release 12.1(5)T.
|
12.2
|
This command was integrated into Cisco IOS Release 12.2.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2(33)SRC
|
Output for the detail keyword was updated to display RADIUS load balancing enhancements and information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent.
|
Examples
The following is sample output from the show ip slb serverfarms command:
Router# show ip slb serverfarms
server farm predictor reals bind id
-------------------------------------------------
Table 40 describes the fields shown in the display.
Table 40 show ip slb serverfarms Field Descriptions
Field
|
Description
|
server farm
|
Name of the server farm about which information is being displayed. Information about each server farm is displayed on a separate line.
|
predictor
|
Type of load-balancing algorithm (ROUNDROBIN, LEASTCONNS, or ROUTEMAP) used by the server farm.
|
reals
|
Number of real servers configured in the server farm.
|
bind id
|
Bind ID configured on the server farm.
|
The following is sample output from the show ip slb serverfarms detail command, if RADIUS load balancing is configured with the route map predictor:
Router# show ip slb serverfarms detail
FARM1, predictor = ROUTE-MAP, routemap name = rlb-pbr (Not Configured/Valid),
nat = SERVER, interface(s) = <any>
virtuals inservice: 1, reals = 2, bind id = 0
1.1.1.2, weight = 5, OPERATIONAL, conns = 0
1.2.3.4, weight = 8, OPERATIONAL, conns = 0
For RADIUS load balancing with the route map predictor configured, specifying the detail keyword displays:
•
predictor = ROUTE-MAP—Indicates that the route-map keyword is configured on the predictor command in SLB server farm configuration mode.
•
routemap name—Name of the IOS policy-based routing (PBR) route map. If the route map is invalid or is not present, IOS SLB also displays Not Configured/Valid.
The following is sample output from the show ip slb serverfarms detail command, if a KAL-AP request was received for this server farm:
SF, predictor = ROUNDROBIN, nat = SERVER, interface(s) = <any>
virtuals inservice: 1, reals = 2, bind id = 0
KAL-AP tag: "chicago.com", farm weight: 400
For the KAL-AP agent, specifying the detail keyword displays:
•
KAL-AP tag—Domain tag to be used by the KAL-AP agent when searching for a server farm, if configured.
•
farm weight—The weight to be used by the KAL-AP agent when calculating the load value for a server farm.
show ip slb sessions
To display information about sessions handled by Cisco IOS Server Load Balancing (IOS SLB), use the show ip slb sessions command in privileged EXEC mode.
show ip slb sessions [asn r6 | gtp | gtp-inspect | ipmobile | radius] [vserver virtual-server] [client
ip-address netmask] [detail]
Syntax Description
asn r6
|
(Optional) Displays information about set of Access Service Network (ASN) gateways sessions being handled by IOS SLB.
|
gtp
|
(Optional) Displays information about general packet radio service (GPRS) Tunneling Protocol (GTP) sessions being handled by IOS SLB.
|
gtp-inspect
|
(Optional) Displays information about GTP sessions being handled by IOS SLB that have GTP cause code inspection enabled.
|
ipmobile
|
(Optional) Displays information about Mobile IP sessions being handled by IOS SLB.
|
radius
|
(Optional) Displays information about RADIUS sessions being handled by IOS SLB.
|
vserver virtual-server
|
(Optional) Displays information about sessions being handled by the specified virtual server.
|
client ip-address netmask
|
(Optional) Displays information about sessions associated with the specified client IP address or subnet
|
detail
|
(Optional) Displays detailed information.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.1(11b)E
|
This command was introduced.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.1(13)E3
|
The gtp and gtp-inspect keywords were added.
|
12.2(14)ZA2
|
The ipmobile keyword was added.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2(33)SRC1
|
The asn r6 keywords were added.
|
Examples
The following is sample output from the show ip slb sessions command for RADIUS sessions:
Router# show ip slb sessions radius
Addr/Port Addr/Port Id Count Real Vserver
------------------------------------------------------------------------------
10.10.11.1/1645 10.10.11.2/1812 15 1 10.10.10.1 RADIUS_ACCT
Table 41 describes the fields shown in the display.
Table 41 show ip slb sessions radius Field Descriptions
Field
|
Description
|
Source Addr/Port
|
Source IP address and port number for the session.
|
Dest Addr/Port
|
Destination IP address and port number for the session.
|
Id
|
RADIUS identifier for the session.
|
Retry Count
|
Number of times a RADIUS request was sent by a RADIUS client without receiving a response from the RADIUS server (proxy or otherwise).
|
Real
|
IP address of the SSG RADIUS server (proxy or otherwise).
|
Vserver
|
Name of the virtual server whose sessions are being monitored and displayed.
|
The following example shows IOS SLB GTP session data:
Router# show ip slb sessions gtp
vserver key client real state
----------------------------------------------------------------------------------
10.10.10.10 1234567890123456 10.5.5.5 10.10.1.1 GTP_ESTAB
Table 42 describes the fields shown in the display.
Table 42 show ip slb sessions gtp Field Descriptions
Field
|
Description
|
vserver
|
Name of the virtual server whose GTP sessions are being monitored and displayed. Information about each session is displayed on a separate line.
|
key
|
Network Service Access Point Identifier (NSAPI) key being used by the GTP session.
|
client
|
Client IP address being used by the GTP session.
|
real
|
Real IP address of the GTP session.
|
state
|
Current state of the GTP session:
• GTP_ESTAB—The session has been established successfully.
• GTP_INIT—The Packet Data Protocol (PDP) contexts have been deleted as a result of a delete request or a deletion in gateway GPRS support node (GGSN), and IOS SLB is waiting to destroy the session after the GTP_TIMEOUT.
• GTPIO_REQ_CLIENT—Waiting for a response from the real server.
|
The following example shows IOS SLB Mobile IP session data:
Router# show ip slb sessions ipmobile
vserver NAI hash client real retries
---------------------------------------------------------------------------
VIRTUAL_HA 0xFFFF 10.1.1.1/434 10.10.1.1 1
Table 43 describes the fields shown in the display.
Table 43 show ip slb sessions ipmobile Field Descriptions
Field
|
Description
|
vserver
|
Name of the virtual server whose Mobile IP sessions are being monitored and displayed. Information about each session is displayed on a separate line.
|
NAI hash
|
Network access identifier (NAI) in the Registration Request (RRQ), used by Cisco IOS SLB as a unique identifier.
|
client
|
Client IP address being used by the Mobile IP session.
|
real
|
Real IP address of the Mobile IP session.
|
retries
|
Number of foreign agent retries for the Mobile IP session.
|
The following is sample output from the show ip slb sessions asn r6 command for ASN sessions:
Router# show ip slb sessions asn r6
vserver MSID Base Station real state
------------------------------------------------------------------------------
10.10.10.10 001646013fc0 5.5.5.5 10.10.1.1 ASNR6_REQ
Table 44 describes the fields shown in the display.
Table 44 show ip slb sessions asn r6 Field Descriptions
Field
|
Description
|
vserver
|
Name of the virtual server whose ASN sessions are being monitored and displayed. Information about each session is displayed on a separate line.
|
MSID
|
Mobile Station Identifier (MSID), used by Cisco IOS SLB as a unique identifier.
|
Base Station
|
IP address of the base station associated with the ASN session.
|
real
|
Real IP address of the ASN session.
|
state
|
Current state of the ASN session:
• ASNR6_ESTAB—The session has been established successfully.
• ASNR6_INIT—IOS SLB is waiting to destroy the session after timeouts in ASNR6_REQ or ASNR6_ESTAB state. If the base station is configured to send the ACK directly to the ASN gateway, and if no faildetect inband is configured, the session remains in ASNR6_REQ state until it is destroyed.
• ASNR6_REQ—Waiting for a response from the real server.
|
show ip slb static
To display the Cisco IOS Server Load Balancing (IOS SLB) server Network Address Translation (NAT) configuration, use the show ip slb static command in privileged EXEC mode.
show ip slb static
Syntax Description
This command has no arguments or keywords.
Defaults
The default behavior is to display the entire IOS SLB server NAT configuration.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.1(11b)E
|
This command was introduced.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Examples
The following is sample output from the show ip slb static command:
Router# show ip slb static
real action address counter
---------------------------------------------------------------
10.11.3.1 NAT 10.11.11.11 3
10.11.3.2 NAT sticky 10.11.11.12 0
10.11.3.3 NAT per-packet 10.11.11.13 0
Table 45 describes the fields shown in the display.
Table 45 show ip slb static Field Descriptions
Field
|
Description
|
real
|
IP address of the real server.
|
action
|
Action to be taken by the real server:
• drop—The real server is configured to have its packets dropped by IOS SLB, if the packets do not correspond to existing connections.
• NAT—The real server is configured to use server NAT, and to use its own virtual IP address when translating addresses.
• NAT per-packet—The real server is configured to use server NAT and per-packet server load balancing.
• NAT sticky—The real server is configured to use server NAT for sticky connections.
• pass-thru—The real server is not configured to use server NAT.
|
address
|
Virtual IP address used by the real server when translating addresses using server NAT. Address 0.0.0.0 means the real server is not configured for server NAT.
|
counter
|
For actions drop and NAT per-packet, indicates the number of packets processed by the real server.
For actions NAT and NAT sticky, indicates the number of packets received by, but not necessarily processed by, the real server.
|
show ip slb stats
To display IOS Server Load Balancing (IOS SLB) statistics, use the show ip slb stats command in privileged EXEC mode.
show ip slb stats [kal-ap]
Syntax Description
kal-ap
|
(Optional) Displays information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent.
|
Defaults
No default behavior or values.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced.
|
12.1(5)T
|
This command was integrated into Cisco IOS Release 12.1(5)T.
|
12.2
|
This command was integrated into Cisco IOS Release 12.2.
|
12.1(9)E
|
This command was modified to support general packet radio service (GPRS) load balancing.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2(33)SRC
|
The kal-ap keyword was added, and the output for the command was updated to display correlation inject failures for RADIUS load balancing accelerated data plane forwarding.
|
12.2(33)SRC1
|
The output for the command was updated to display packet fragment drops for Access Service Network (ASN) R6 load balancing.
|
Examples
The following is sample output from the show ip slb stats command:
Router# show ip slb stats
Pkts via normal switching: 108247
Pkts via special switching: 4307026
Pkts via slb routing: 1376241
Connections Created: 933131
Connections Established: 350042
Connections Destroyed: 639323
Connections Reassigned: 0
Connection Flowcache Purges: 2665
Failed Connection Allocs: 0
Failed Real Assignments: 0
RADIUS framed-ip Sticky Count: 524288
RADIUS username Sticky Count: 0
RADIUS cstn-id Sticky Count: 0
Route Flows Created: 1691177
Failed Route Flow Allocs: 0
Table 46 describes the fields shown in the display.
Table 46 show ip slb stats Field Descriptions
Field
|
Description
|
Pkts via normal switching
|
Number of packets handled by IOS SLB via normal switching since the last time counters were cleared. Normal switching is when IOS SLB packets are handled on normal IOS switching paths (CEF, fast switching, and process level switching).
|
Pkts via special switching
|
Number of packets handled by IOS SLB via special switching since the last time counters were cleared. Special switching is when IOS SLB packets are handled on hardware-assisted switching paths.
|
Pkts via slb routing
|
Number of packets handled by IOS SLB via SLB routing since the last time counters were cleared.
|
Pkts dropped
|
Number of packets dropped or consumed by IOS SLB since the last time counters were cleared.
The Pkts dropped field can increase for one or more of the following reasons:
• Pings and other Internet Control Message Protocol (ICMP) packets addressed to a virtual IP address are dropped.
• TCP data packets in which the conn entry is not available as a result of an idle timeout, failure of a probe, or failure of a real server, are dropped.
• UDP traceroute packets addressed to a virtual IP address are dropped.
• UDP packets addressed to a virtual IP address with a port number other than the one configured in the virtual server are dropped. If the virtual server uses the any 0 port number, IOS SLB forwards the UDP packets to the real server.
• Fragmented packets that cannot be reassembled are dropped.
|
Connections Created
|
Number of connections (or sessions, in general packet radio service [GPRS] load balancing and the Home Agent Director) created since the last time counters were cleared.
|
Connections Established
|
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) created and that have become established since the last time counters were cleared.
|
Connections Destroyed
|
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) destroyed since the last time counters were cleared.
|
Connections Reassigned
|
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) reassigned to a different real server since the last time counters were cleared.
|
Zombie Count
|
Number of connections (or sessions, in GPRS load balancing and the Home Agent Director) that are currently pending destruction (awaiting a timeout or some other condition to be met).
|
Connections Reused
|
Number of zombie connections (or sessions, in GPRS load balancing and the Home Agent Director) reused since the last time counters were cleared. A zombie connection is reused if it receives a TCP SYNchronize sequence number (SYN) or User Datagram Protocol (UDP) packet and succeeds in connecting to a real server. The zombie connection becomes a real connection and the zombie count is decremented.
|
Connection Flowcache Purges
|
Number of times the connection flow cache was purged since the last time counters were cleared.
|
Failed Connection Allocs
|
Number of times the allocation of a connection (or session, in GPRS load balancing) failed since the last time counters were cleared.
|
Failed Real Assignments
|
Number of times the assignment of a real server failed since the last time counters were cleared.
|
RADIUS framed-ip Sticky Count
|
Number of entries in the RADIUS framed-IP sticky database.
|
RADIUS username Sticky Count
|
Number of entries in the RADIUS username sticky database.
|
RADIUS cstn-id Sticky Count
|
Number of entries in the RADIUS calling-station-ID sticky database.
|
GTP imsi Sticky Count
|
Number of entries in the GTP IMSI sticky database.
|
Route Flows Created
|
Number of route flows created.
|
Failed Route Flows Allocs
|
Number of failed route flow allocations.
|
The following is sample output from the show ip slb kal-ap stats kal-ap command:
Router# show ip slb kal-ap stats kal-ap
KAL-AP Mgr: (default), Socket state: OPEN, Socket retry: 0
KAL-AP Mgr: 2.2.2.2, Socket state: FAILED, Socket retry: 10
UDP Port: 5002, vrf: vrf1
KAL-AP Mgr: 10.77.161.34, Socket state: FAILED, Socket retry: 10
UDP Port: 5002, Secret: test
KAL-AP Packet Statistics:
KAL-AP Manager: 2.2.2.2 Secret: Yes
KAL-AP Manager: 3.3.3.3 Secret: Yes
Pkt Recd: 100 Bytes Recd: 12345
Pkt Sent: 100 Bytes Sent: 12121
MD5 checksum failed: 0 Error packets: 0
show ip slb sticky
To display the IOS Server Load Balancing (IOS SLB) sticky database, use the show ip slb sticky command in privileged EXEC mode.
show ip slb sticky [client ip-address netmask | gtp imsi [id imsi] | radius calling-station-id [id string]
| radius framed-ip [client ip-address netmask] | radius username [name string]]
Syntax Description
client ip-address netmask
|
(Optional) Displays only those sticky database entries associated with the specified client IP address or subnet.
|
gtp imsi
|
(Optional) Displays only entries associated with the IOS SLB general packet radio service (GPRS) Tunneling Protocol (GTP) International Mobile Subscriber ID (IMSI) sticky database, and shows all of the Network Service Access Point Identifiers (NSAPIs) that the user has used as primary Packet Data Protocols (PDPs).
|
id imsi
|
(Optional) Displays only those sticky database entries associated with the specified IMSI.
|
radius calling-station-id
|
(Optional) Displays only entries associated with the IOS SLB RADIUS calling-station-ID sticky database.
|
id string
|
(Optional) Displays only those sticky database entries associated with the specified calling station ID.
|
radius framed-ip
|
(Optional) Displays only entries associated with the IOS SLB RADIUS framed-IP sticky database.
|
radius username
|
(Optional) Displays only entries associated with the IOS SLB RADIUS username sticky database.
|
name string
|
(Optional) Displays only those sticky database entries associated with the specified username.
|
Defaults
If no options are specified, the command displays information about all virtual servers.
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced.
|
12.1(5)T
|
This command was integrated into Cisco IOS Release 12.1(5)T.
|
12.2
|
This command was integrated into Cisco IOS Release 12.2.
|
12.1(11b)E
|
The radius keyword was added.
|
12.1(12c)E
|
The framed-ip, username, name, netmask, and string keywords and arguments were added.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(14)ZA5
|
The calling-station-id and id keywords and the string argument were added.
|
12.2(18)SXE
|
The gtp imsi and id keywords and the imsi argument were added.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
Examples
The following is sample output from the show ip slb sticky command:
Router# show ip slb sticky
client netmask group real conns
-----------------------------------------------------------------------
10.10.2.12 255.255.0.0 4097 10.10.3.2 1
Table 47 describes the fields shown in the display.
Table 47 show ip slb sticky Field Descriptions
Field
|
Description
|
client
|
Client IP address or subnet which is bound to this sticky assignment.
|
netmask
|
Subnet mask for this sticky assignment.
|
group
|
Group ID for this sticky assignment.
|
real
|
Real server used by all clients connecting with the client IP address or subnet detailed on this line.
|
conns
|
Number of connections currently sharing this sticky assignment.
|
The following is sample output from the show ip slb sticky gtp imsi command:
Router# show ip slb sticky gtp imsi
IMSI Real Group ID vs_index refcount nsapi
----------------------------------------------------------------------
11111111111111FF 10.10.10.1 5 10 1 6
11123411111111FF 10.10.10.2 5 10 1 9
Table 48 describes the fields shown in the display.
Table 48 show ip slb sticky gtp imsi Field Descriptions
Field
|
Description
|
IMSI
|
IMSI bound to this sticky assignment in the IOS SLB GTP IMSI sticky database.
|
Real
|
IP address of the GTP IMSI real server.
|
Group ID
|
Group ID for this sticky assignment.
|
vs_index
|
Virtual index, out of a maximum of 500.
|
refcount
|
Number of NSAPIs used as primary PDPs.
|
nsapi
|
NSAPI used as a primary PDP.
|
The following is sample output from the show ip slb sticky radius calling-station-id command:
Router# show ip slb sticky radius calling-station-id
calling-station-id group id server real framed-ips
-----------------------------------------------------
Table 49 describes the fields shown in the display.
Table 49 show ip slb sticky radius calling-station-id Field Descriptions
Field
|
Description
|
calling-station-id
|
Calling station ID bound to an SSG RADIUS proxy in the IOS SLB RADIUS calling-station-ID sticky database.
|
group id
|
Group ID for this sticky assignment.
|
server real
|
IP address of the SSG RADIUS proxy server.
|
framed-ips
|
Number of IP addresses bound to the SSG RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database.
|
The following is sample output from the show ip slb sticky radius framed-ip command:
Router# show ip slb sticky radius framed-ip
framed-ip group id server real route i/f
-----------------------------------------------------
1.1.1.1 15 10.10.10.1 <any>
Table 50 describes the fields shown in the display.
Table 50 show ip slb sticky radius framed-ip Field Descriptions
Field
|
Description
|
framed-ip
|
IP address bound to a Cisco Service Selection Gateway (SSG) RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database.
|
group id
|
Group ID for this sticky assignment.
|
server real
|
IP address of the SSG RADIUS proxy server.
|
route i/f
|
Route interface.
|
The following is sample output from the show ip slb sticky radius username command:
Router# show ip slb sticky radius username
username group id server real framed-ips
-----------------------------------------------------
9198783355 15 10.10.10.1 1
Table 51 describes the fields shown in the display.
Table 51 show ip slb sticky radius username Field Descriptions
Field
|
Description
|
username
|
Username bound to an SSG RADIUS proxy in the IOS SLB RADIUS username sticky database.
|
group id
|
Group ID for this sticky assignment.
|
server real
|
IP address of the SSG RADIUS proxy server.
|
framed-ips
|
Number of IP addresses bound to the SSG RADIUS proxy in the IOS SLB RADIUS framed-IP sticky database.
|
show ip slb vservers
To display information about the virtual servers, use the show ip slb vservers command in privileged EXEC mode.
show ip slb vservers [name virtual-server] [redirect] [detail]
Syntax Description
name virtual-server
|
(Optional) Displays information about the specified virtual server.
|
redirect
|
(Optional) Displays information about redirect virtual servers.
|
detail
|
(Optional) Displays detailed information.
|
Command Modes
Privileged EXEC (#)
Command History
Release
|
Modification
|
12.0(7)XE
|
This command was introduced.
|
12.1(5)T
|
This command was integrated into Cisco IOS Release 12.1(5)T.
|
12.2
|
This command was integrated into Cisco IOS Release 12.2.
|
12.2(14)S
|
This command was integrated into Cisco IOS Release 12.2(14)S.
|
12.2(18)SXE
|
This command was integrated into Cisco IOS Release 12.2(18)SXE.
|
12.2(18)SXF
|
The output for this command was modified to reflect the GTP sticky query option on the idle (virtual server) command.
|
12.2(33)SRA
|
This command was integrated into Cisco IOS Release 12.2(33)SRA.
|
12.2(33)SRC
|
Output for the detail keyword was updated to display information about the IOS SLB KeepAlive Application Protocol (KAL-AP) agent.
|
12.2(33)SRC1
|
Output for the detail keyword was updated to display information about Access Service Network (ASN) virtual servers.
|
Usage Guidelines
If no options are specified, the command displays information about all virtual servers.
Examples
The following is sample output from the show ip slb vservers command:
Router# show ip slb vservers
slb vserver prot virtual state conns
---------------------------------------------------------------------
TEST TCP 10.80.254.3:80 OPERATIONAL 1013
TEST21 TCP 10.80.254.3:21 OUTOFSERVICE 0
TEST23 TCP 10.80.254.3:23 OUTOFSERVICE 0
Table 24 describes the fields shown in the display.
Table 52 show ip slb vservers Field Descriptions
Field
|
Description
|
slb vserver
|
Name of the virtual server about which information is being displayed. Information about each virtual server is displayed on a separate line.
|
prot
|
Protocol being used by the virtual server.
|
virtual
|
Virtual IP address of the virtual server, including the network mask, if configured.
|
state
|
Current state of the virtual server:
• FAILED—Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started.
• OPERATIONAL—Functioning properly.
• OUTOFSERVICE—Removed from the load-balancing predictor lists.
• STANDBY—Backup virtual server, ready to become operational if active virtual server fails.
|
conns
|
Number of connections (or sessions, in general packet radio service [GPRS] load balancing and the Home Agent Director) associated with the virtual server.
|
The following sample output from the show ip slb vservers detail command shows detailed data for a virtual server with route health injection (advertise=TRUE):
Router# show ip slb vservers detail
RH1, state = OPERATIONAL, v_index = 6
virtual = 10.5.5.5/32:80, TCP, service = NONE, advertise = TRUE
server farm = RHSF, delay = 10, idle = 3600
backup server farm = BACKUP, use count = 0, backup sticky = FALSE
sticky timer = 0, sticky subnet = 255.255.255.255
synguard counter = 0, synguard period = 0
conns = 1, total conns = 31484, syns = 0, syn drops = 0
Table 53 describes the fields shown in the display.
Table 53 show ip slb vservers detail Field Descriptions
Field
|
Description
|
RH1
|
Name of the virtual server about which information is being displayed (in this case, RH1). Information about each virtual server is displayed on a separate line.
|
state
|
Current state of the virtual server:
FAILED—Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started.
OPERATIONAL—Functioning properly.
OUTOFSERVICE—Removed from the load-balancing predictor lists.
STANDBY—Backup virtual server, ready to become operational if active virtual server fails.
|
v_index
|
Virtual index, out of a maximum of 500.
|
virtual
|
Virtual IP address of the virtual server, including the network mask, if configured.
|
TCP
|
Protocol being used by the virtual server (in this case, TCP).
|
service
|
Service, such as HTTP or Telnet, associated with the virtual server.
|
advertise
|
Current state of host route advertisement for this virtual server:
TRUE—Host route is being advertised.
FALSE—Host route is not being advertised.
|
kal-ap load
|
Load reported to the KAL-AP manager for this virtual server. A value of none indicates that the KAL-AP manager has never queried this virtual server
|
server farm
|
Name of the server farm associated with the virtual server.
|
delay
|
Delay timer duration, in seconds, for this virtual server.
|
idle
|
Idle connection timer duration, in seconds, for this virtual server.
|
backup server farm
|
Name of the backup server farm associated with the virtual server.
|
use count
|
Number of times the backup server farm has taken over for the primary server farm in this period.
|
backup sticky
|
Indicates whether sticky connections are used in the backup server farm:
• TRUE—Sticky connections are used in the backup server farm.
• FALSE—Sticky connections are not used in the backup server farm.
|
sticky timer
|
Sticky timer duration, in seconds, for this virtual server.
|
sticky subnet
|
Sticky subnet in which this virtual server is placed, for coupling of services.
|
sticky group id
|
Sticky group in which this virtual server is placed, for coupling of services.
|
synguard counter
|
Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server.
|
synguard period
|
Interval, in milliseconds, for SYN threshold monitoring for this virtual server.
|
conns
|
Number of active connections currently associated with the virtual server.
|
total conns
|
Total number of connections that have been associated with the virtual server since coming INSERVICE.
|
syns
|
Number of SYNs handled by the virtual server in this period.
|
syn drops
|
Number of SYNs dropped by the virtual server in this period.
|
standby group
|
Hot Standby Router Protocol (HSRP) group name with which the virtual server is associated.
|
The following sample output from the show ip slb vservers name detail command shows detailed data for virtual server GGSN_SERVER with GTP sticky query enabled:
Router# show ip slb vservers name GGSN_SERVER detail
GGSN_SERVER, state = OPERATIONAL, v_index = 7, interface(s) = <any>
virtual = 10.10.195.1/32:0, UDP, service = GTP, advertise = TRUE
server farm = GGSN, delay = 10, idle = 3600
gtp: request idle = 30, slb notification retry = 2
gtp sticky query: <enabled>, max retries: 3
sticky: group id = 4097 <assigned>
synguard counter = 0, synguard period = 0
conns = 0, total conns = 17192, syns = 0, syn drops = 0
Table 54 describes the fields shown in the display.
Table 54 show ip slb vservers name detail Field Descriptions
Field
|
Description
|
GGSN_SERVER
|
Name of the virtual server about which information is being displayed (in this case, GGSN_SERVER).
|
state
|
Current state of the virtual server:
FAILED—Real server represented by this virtual server has been removed from use by the predictor algorithms; retry timer started.
OPERATIONAL—Functioning properly.
OUTOFSERVICE—Removed from the load-balancing predictor lists.
STANDBY—Backup virtual server, ready to become operational if active virtual server fails.
|
v_index
|
Virtual index, out of a maximum of 500.
|
interface(s)
|
Type of interface.
|
virtual
|
Virtual IP address of the virtual server, including the network mask, if configured.
|
UDP
|
Protocol being used by the virtual server (in this case, UDP).
|
service
|
Service, such as GTP, HTTP, or Telnet, associated with the virtual server (in this case, GTP).
|
advertise
|
Current state of host route advertisement for this virtual server:
TRUE—Host route is being advertised.
FALSE—Host route is not being advertised.
|
server farm
|
Name of the server farm associated with the virtual server.
|
delay
|
Delay timer duration, in seconds, for this virtual server.
|
idle
|
Idle connection timer duration, in seconds, for this virtual server.
|
gtp request idle
|
GTP idle connection timer duration in seconds.
|
slb notification
|
Number of times IOS SLB can reassign a rejected Create PDP Context to a new real Cisco gateway GPRS support node (GGSN).
|
gtp sticky query
|
For GTP IMSI sticky, indicates whether IOS SLB is to query the GGSN before deleting any GTP IMSI sticky objects.
|
max retries
|
Maximum number of queries IOS SLB is to send to the GGSN when there is no response from the GGSN.
|
sticky
|
Indicates whether sticky connections are enabled for this virtual server.
|
sticky group id
|
Sticky group in which this virtual server is placed, for coupling of services.
|
synguard counter
|
Number of unacknowledged SYNchronize sequence numbers (SYNs) that are allowed to be outstanding to this virtual server.
|
synguard period
|
Interval, in milliseconds, for SYN threshold monitoring for this virtual server.
|
conns
|
Number of active connections currently associated with the virtual server.
|
total conns
|
Total number of connections that have been associated with the virtual server since coming INSERVICE.
|
syns
|
|