Table Of Contents

IP Routing Protocol-Independent Commands

accept-lifetime

bfd

bfd all-interfaces

bfd echo

bfd interface

bfd slow-timer

dampening

distance (IP)

distribute-list in (IP)

distribute-list out (IP)

ip default-network

ip local policy route-map

ip policy route-map

ip route

ip route profile

ip route static adjust-time

ip route static bfd

ip routing protocol purge interface

key

key chain

key-string (authentication)

match interface (IP)

match ip address

match ip next-hop

match ip route-source

match length

match metric (IP)

match route-type (IP)

match tag

maximum-paths

nsf

passive-interface

redistribute (IP)

route-map

routing dynamic

IP Routing Protocol-Independent Commands

---

accept-lifetime

To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime command in key chain key configuration mode. To revert to the default value, use the no form of this command.

accept-lifetime start-time {infinite | end-time | duration seconds}

no accept-lifetime [start-time {infinite | end-time | duration seconds}]

Syntax Description

start-time	Beginning time that the key specified by the key command is valid to be received. The syntax can be either of the following:         hh:mm:ss Month date year         hh:mm:ss date Month year hh—hours mm—minutes ss—seconds Month—first three letters of the month date—date (1-31) year—year (four digits) The default start time and the earliest acceptable date is January 1, 1993.
infinite	Key is valid to be received from the start-time value on.
end-time	Key is valid to be received from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.
duration seconds	Length of time (in seconds) that the key is valid to be received. The range is from 1 to 2147483646.

Command Default

Forever (the starting time is January 1, 1993, and the ending time is infinite)

Command Modes

Key chain key configuration

Command History

Release	Modification
11.1	This command was introduced.
12.4(6)T	Support for IPv6 was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains.

Specify a start-time value and one of the following values: infinite, end-time, or duration seconds.

We recommend running Network Time Protocol (NTP) or some other time synchronization method if you assign a lifetime to a key.

If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.

Examples

The following example configures a key chain called keychain1. The key named string1 will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named string2 will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

interface ethernet 0

 ip rip authentication key-chain keychain1

 ip rip authentication mode md5

!

router rip

 network 172.19.0.0

 version 2

!

key chain keychain1

 key 1

 key-string string1

 accept-lifetime 13:30:00 Jan 25 1996 duration 7200

 send-lifetime 14:00:00 Jan 25 1996 duration 3600

 key 2

 key-string string2

 accept-lifetime 14:30:00 Jan 25 1996 duration 7200

 send-lifetime 15:00:00 Jan 25 1996 duration 3600

Related Commands

Command	Description
key	Identifies an authentication key on a key chain.
key chain	Enables authentication for routing protocols.
key-string (authentication)	Specifies the authentication string for a key.
send-lifetime	Sets the time period during which an authentication key on a key chain is valid to be sent.
show key chain	Displays authentication key information.

bfd

To set the baseline Bidirectional Forwarding Detection (BFD) session parameters on an interface, use the bfd command in interface configuration mode. To remove the baseline BFD session parameters, use the no form of this command.

bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

no bfd interval milliseconds min_rx milliseconds multiplier multiplier-value

Syntax Description

interval milliseconds	Specifies the rate at which BFD control packets will be sent to BFD peers. The configurable time period for the milliseconds argument is from 50 to 999 milliseconds (ms).
min_rx milliseconds	Specifies the rate at which BFD control packets will be expected to be received from BFD peers. The configurable time period for the milliseconds argument is from 1 to 999 milliseconds (ms).
multiplier multiplier-value	Specifies the number of consecutive BFD control packets that must be missed from a BFD peer before BFD declares that the peer is unavailable and the Layer 3 BFD peer is informed of the failure. The configurable value range for the multiplier-value argument is from 3 to 50.

Command Default

No baseline BFD session parameters are set.

Command Modes

Interface configuration (config-if)

Command History

Release	Modification
12.2(18)SXE	This command was introduced.
12.0(31)S	This command was integrated into Cisco IOS Release 12.0(31)S.
12.4(4)T	This command was integrated into Cisco IOS Release 12.4(4)T.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.

Examples

The following example shows the BFD session parameters set for FastEthernet interface 3/0:

Router> enable

Router# configure terminal

Router(config)# interface fastethernet 3/0

Router(config-if)# bfd interval 50 min_rx 2 multiplier 3

Router(config-if)# end

Related Commands

Command	Description
bfd all-interfaces	Enables BFD for all interfaces for a BFD peer.
bfd interface	Enables BFD on a per-interface basis for a BFD peer.
clear bfd	Clears BFD session parameters.
ip ospf bfd	Enables BFD on a specific interface configured for OSPF.

bfd all-interfaces

To enable Bidirectional Forwarding Detection (BFD) for all interfaces participating in the routing process, use the bfd all-interfaces command in router configuration mode. To disable BFD for all interfaces, use the no form of this command.

bfd all-interfaces

no bfd all-interfaces

Syntax Description

This command has no arguments or keywords.

Command Default

BFD is not enabled on the interfaces participating in the routing process.

Command Modes

Router configuration

Command History

Release	Modification
12.2(18)SXE	This command was introduced.
12.0(31)S	This command was integrated into Cisco IOS Release 12.0(31)S.
12.4(4)T	This command was integrated into Cisco IOS Release 12.4(4)T.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.

Usage Guidelines

There are two methods to configure routing protocols to use BFD for failure detection. To enable BFD for all neighbors of a routing protocol, enter the bfd all-interfaces command in router configuration mode. If you do not want to enable BFD on all interfaces, enter the bfd interface command in router configuration mode.

Examples

The following example shows BFD enabled for all Enhanced Interior Gateway Routing Protocol (EIGRP) neighbors:

Router> enable

Router# configure terminal

Router(config)# router eigrp 123

Router(config-router)# bfd all-interfaces

Router(config-router)# end

The following example shows BFD enabled for all Intermediate System-to-Intermediate System (IS-IS) neighbors:

Router> enable

Router# configure terminal

Router(config)# router isis tag1

Router(config-router)# bfd all-interfaces

Router(config-router)# end

The following example shows BFD enabled for all Open Shortest Path First (OSPF) neighbors:

Router> enable

Router# configure terminal

Router(config)# router ospf 123

Router(config-router)# bfd all-interfaces

Router(config-router)# end

Related Commands

Command	Description
bfd	Sets the baseline BFD session parameters on an interface.
bfd interface	Enables BFD on a per-interface basis for a BFD peer.

bfd echo

To enable Bidirectional Forwarding Detection (BFD) echo mode, use the bfd echo command in interface configuration mode. To disable BFD echo mode, use the no form of this command.

bfd echo

no bfd echo

Syntax Description

This command has no arguments or keywords.

Command Default

BFD echo mode is enabled by default.

Command Modes

Interface configuration

Command History

Release	Modification
12.4(9)T	This command was introduced.
12.2(33)SRB	This command was integrated into Cisco IOS Release 12.2(33)SRB.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.

Usage Guidelines

Echo mode is enabled by default. Entering the no bfd echo command without any keywords turns off the sending of echo packets and signifies that the router is unwilling to forward echo packets received from BFD neighbor routers.

When echo mode is enabled, the desired minimum echo transmit interval and required minimum transmit interval values are taken from the bfd interval milliseconds min_rx milliseconds parameters, respectively.

---

Note If the no ip route-cache same-interface command is configured, the bfd echo accept command will not be accepted.

---

---

Note Before using BFD echo mode, you must disable the sending of Internet Control Message Protocol (ICMP) redirect messages by entering the no ip redirects command, in order to avoid high CPU utilization.

---

Echo Mode Without Asymmetry

Echo mode is described as without asymmetry when it is running on both sides (both BFD neighbors are running echo mode).

Examples

The following example configures echo mode between BFD neighbors.

Router> enable

Router# configure terminal

Router(config)# interface Ethernet 0/1

Router(config-if)# bfd echo

The following output from the show bfd neighbors details command shows that the BFD session neighbor is up and using BFD echo mode. The relevant command output is shown in bold in the output.

Router# show bfd neighbors details

OurAddr       NeighAddr      LD/RD  RH/RS    Holdown(mult)State    Int

172.16.1.2    172.16.1.1     1/6    Up       0    (3 )    Up       Fa0/1       

Session state is UP and using echo function with 50 ms interval.

Local Diag: 0, Demand mode: 0, Poll bit: 0

MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3

Received MinRxInt: 1000000, Received Multiplier: 3

Holdown (hits): 3000(0), Hello (hits): 1000(337)

Rx Count: 341, Rx Interval (ms) min/max/avg: 1/1008/882 last: 364 ms ago

Tx Count: 339, Tx Interval (ms) min/max/avg: 1/1016/886 last: 632 ms ago

Registered protocols: EIGRP

Uptime: 00:05:00

Last packet: Version: 1            - Diagnostic: 0

             State bit: Up         - Demand bit: 0

             Poll bit: 0           - Final bit: 0

             Multiplier: 3         - Length: 24

             My Discr.: 6          - Your Discr.: 1

             Min tx interval: 1000000    - Min rx interval: 1000000

             Min Echo interval: 50000

Related Commands

Command	Description
bfd	Sets the baseline BFD session parameters on the interface.
ip redirects	Enables the sending of ICMP redirect messages if the Cisco IOS software is forced to resend a packet through the same interface on which it was received.
ip route-cache	Controls the use of switching methods for forwarding IP packets.

bfd interface

To enable Bidirectional Forwarding Detection (BFD) on a per-interface basis for a BFD peer, use the bfd interface command in router configuration mode. To disable BFD on a per-interface basis, use the no form of this command.

bfd interface type number

no bfd interface type number

Syntax Description

type	Interface type for the interface to be enabled for BFD.
number	Interface number for the interface to be enabled for BFD.

Command Default

BFD is not enabled on the interface.

Command Modes

Router configuration

Command History

Release	Modification
12.2(18)SXE	This command was introduced.
12.0(31)S	This command was integrated into Cisco IOS Release 12.0(31)S.
12.4(4)T	This command was integrated into Cisco IOS Release 12.4(4)T.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

There are two methods to configure routing protocols to use BFD for failure detection. To enable BFD for all neighbors of a routing protocol, enter the bfd all-interfaces command in router configuration mode. If you do not want to enable BFD on all interfaces, enter the bfd interface command in router configuration mode.

Examples

The following example shows BFD enabled for the Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor Fast Ethernet interface 3/0:

Router> enable

Router# configure terminal

Router(config)# router eigrp 123

Router(config-router)# bfd interface fastethernet 3/0

Router(config-if)# end

Related Commands

Command	Description
bfd	Sets the baseline BFD session parameters on an interface.
bfd all-interfaces	Enables BFD for all interfaces for a BFD peer.

bfd slow-timer

To configure the Bidirectional Forwarding Detection (BFD) slow timer value, use the bfd slow-timer command in global configuration mode. This command does not have a no form.

bfd slow-timer [milliseconds]

Syntax Description

milliseconds

(Optional) BFD slow timer value, in milliseconds. Range is from 1000 to 30000. If unspecified, the default is 1000.

Command Default

The BFD slow timer value is 1000 milliseconds.

Command Modes

Global configuration

Command History

Release	Modification
12.4(9)T	This command was introduced.
12.2(33)SRB	This command was integrated into Cisco IOS Release 12.2(33)SRB.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

In the following example, the BFD slow timer value is configured to 14,000 milliseconds.

Router(config)# bfd slow-timer 14000

The following output from the show bfd neighbors details command shows that the BFD slow timer value of 14,000 milliseconds has been implemented. The values for the MinTxInt and MinRxInt will correspond to the configured value for the BFD slow timer. The relevant command output is shown in bold.

Router# show bfd neighbors details

OurAddr       NeighAddr     LD/RD  RH/RS   Holdown(mult)  State     Int

172.16.10.1   172.16.10.2   1/1    Up      0    (3 )      Up        Et2/0

Session state is UP and using echo function with 50 ms interval.

Local Diag: 0, Demand mode: 0, Poll bit: 0

MinTxInt: 14000, MinRxInt: 14000, Multiplier: 3

Received MinRxInt: 10000, Received Multiplier: 3

Holdown (hits): 3600(0), Hello (hits): 1200(418)

Rx Count: 422, Rx Interval (ms) min/max/avg: 1/1480/1087 last: 112 ms ago

Tx Count: 420, Tx Interval (ms) min/max/avg: 1/2088/1090 last: 872 ms ago

Registered protocols: OSPF

Uptime: 00:07:37

Last packet: Version: 1            - Diagnostic: 0

             State bit: Up         - Demand bit: 0

             Poll bit: 0           - Final bit: 0

             Multiplier: 3         - Length: 24

             My Discr.: 1          - Your Discr.: 1

             Min tx interval: 14000 - Min rx interval: 14000

             Min Echo interval: 4000

Related Commands

Command	Description
bfd echo	Reenables echo mode if the no bfd echo command had been entered.

dampening

To configure a router to automatically dampen a flapping interface, use the dampening command in interface configuration mode. To disable automatic route dampening, use the no form of this command.

dampening [half-life-period reuse-threshold] [suppress-threshold max-suppress-time [restart-penalty]]

no dampening

Syntax Description

half-life-period	(optional) Time (in seconds) after which a penalty is decreased. Once the route has been assigned a penalty, the penalty is decreased by half after the half-life period expires. The range of the half-life period is from 1 to 30 seconds. The default time is 5 seconds.
reuse-threshold	(optional) Reuse value based on the number of penalties. When the accumulated penalty decreases enough to fall below this value, the route is unsuppressed. The range of the reuse value is from 1 to 20000; the default is 1000.
suppress-threshold	(optional) Value of the accumulated penalty that triggers the router to dampen a flapping interface.A route is suppressed when its penalty exceeds this limit. The range is from 1 to 20000; the default is 2000.
max-suppress-time	(optional) Maximum time (in seconds) a route can be suppressed. The range is from 1 to 20000; the default is four times the half-life-period value. If the half-life-period value is allowed to default, the maximum suppress time defaults to 20 seconds.
restart-penalty	(optional) Penalty to applied to the interface when it comes up for the first time after the router reloads. The configurable range is from 1 to 20000 penalties. The default is 2000 penalties. This argument is not required for any other configurations.

Defaults

This command is disabled by default. To manually configure the timer for the restart-penalty argument, the value for all arguments must be manually entered.

Command Modes

Interface configuration

Command History

Release	Modification
12.0(22)S	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.
12.2(18)SXD	This command was integrated into Cisco IOS Release 12.2(18)SXD.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(31)SB2	This command was integrated into Cisco IOS Release 12.2(31)SB2.

Usage Guidelines

The IP Event Dampening feature will function on a subinterface but cannot be configured on only the subinterface. Only the primary interface can be configured with this feature. Primary interface configuration is applied to all subinterfaces by default.

When an interface is dampened, the interface is dampened to both IP and Connectionless Network Services (CLNS) routing equally. The interface is dampened to both IP and CLNS because integrated routing protocols such as Intermediate System-to-Intermediate System (IS-IS), IP, and CLNS routing protocols are closely interconnected, so it is impossible to apply dampening separately.

Copying a dampening configuration from virtual templates to virtual access interfaces is not supported because dampening has limited usefulness to existing applications using virtual templates. Virtual access interfaces are released when an interface flaps, and new connections and virtual access interfaces are acquired when the interface comes up and is made available to the network. Because dampening states are attached to the interface, the dampening states would not survive an interface flap.

If the dampening command is applied to an interface that already has dampening configured, all dampening states are reset and the accumulated penalty will be set to 0. If the interface has been dampened, the accumulated penalty will fall into the reuse threshold range, and the dampened interface will be made available to the network. The flap counts, however, are retained.

Examples

The following example sets the half life to 30 seconds, the reuse threshold to 1500, the suppress threshold to 10000, and the maximum suppress time to 120 seconds:

interface Ethernet 0/0

 dampening 30 1500 10000 120

The following example configures the router to apply a penalty of 500 on Ethernet interface 0/0 when the interface comes up for the first time after the router is reloaded:

interface Ethernet 0/0

 dampening 5 500 1000 20 500 

Related Commands

Command	Description
clear counters	Clears the interface counters.
show dampening interface	Displays a summary of interface dampening.
show interface dampening	Displays a summary of the dampening parameters and status.

distance (IP)

To define an administrative distance for routes that are inserted into the routing table, use the distance command in router configuration mode. To return the administrative distance to its default distance definition, use the no form of this command.

distance distance ip-address wildcard-mask [ip-standard-acl | ip-extended-acl | access-list-name]

no distance distance ip-address wildcard-mask [ip-standard-acl | ip-extended-acl | access-list-name]

Syntax Description

distance	Administrative distance. An integer from 10 to 255. (The values 0 to 9 are reserved for internal use. Routes with a distance value of 255 are not installed in the routing table.)
ip-address wildcard-mask	(Optional) IP address in four-part, dotted decimal notation. Wildcard mask in four-part, dotted decimal notation. A bit set to 1 in the wildcard-mask argument instructs the software to ignore the corresponding bit in the address value.
ip-standard-acl	(Optional) Standard IP access list (ACL) number to be applied to incoming routing updates.
ip-extended-acl	(Optional) Extended IP access list to be applied to incoming routing updates.
access-list-name	(Optional) Named access list to be applied to incoming routing updates.

Command Default

For more information on default administrative distances, see the Usage Guidelines section.

Command Modes

Router configuration

Command History

Release	Modification
10.0	This command was introduced.
11.2	The access-list-number | name argument was added.
11.3	The access-list-number | name argument was removed. The ip keyword was removed.
12.0	The ip-standard-acl and ip-extended-acl arguments were added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Table 116 lists default administrative distances.

Table 116 Default Administrative Distances 

Route Source	Default Distance
Connected interface	0
Static route	1
Enhanced Interior Gateway Routing Protocol (EIGRP) summary route	5
External Border Gateway Protocol (eBGP)	20
Internal EIGRP	90
Open Shortest Path First (OSPF)	110
Intermediate System-to-Intermediate System (IS-IS)	115
Routing Information Protocol (RIP)	120
EIGRP external route	170
Internal BGP	200
Unknown	255

An administrative distance is a rating of the trustworthiness of a routing information source, such as an individual router or a group of routers. Numerically, an administrative distance is an integer from 0 to 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored.

When the optional access list name or number is used with this command, it is applied when a network is being inserted into the routing table. This behavior allows filtering of networks according to the IP address of the router that supplies the routing information. This option could be used, for example, to filter possibly incorrect routing information from routers that are not under your administrative control.

The order in which you enter distance commands can affect the assigned administrative distances in unexpected ways (see the "Examples" section for further clarification).

For BGP, the distance command sets the administrative distance of the External BGP (eBGP) route.

The show ip protocols EXEC command displays the default administrative distance for the active routing processes.

Always set the administrative distance from the least to the most specific network.

---

Note The weight of a route can no longer be set with the distance command. To set the weight for a route,
use a route map.

---

Examples

In the following example, the router eigrp global configuration command sets up EIGRP routing in autonomous system number 109. The network router configuration commands specify EIGRP routing on networks 192.168.7.0 and 172.16.0.0. The first distance command sets the administrative distance to 90 for all routers on the Class C network 192.168.7.0. The second distance command sets the administrative distance to 120 for the router with the address 172.16.1.3.

router eigrp 109

 network 192.168.7.0

 network 172.16.0.0

 distance 90 192.168.7.0 0.0.0.255

 distance 120 172.16.1.3 0.0.0.255

In the following example, the set distance is from the least to the most specific network:

distance 22 10.0.0.0 0.0.0.255

distance 33 10.11.0.0 0.0.0.255

distance 44 10.11.12.0 0.0.0.255

end

---

Note In this example, adding distance 255 to the end of the list would override the distance values for all networks within the range specified in the example. The result would be that the distance values are set to 255.

---

Entering the show ip protocols command displays the default administrative distance for the active routing processes, as well as the user-configured administrative distances:

Router# show ip protocols

.

.

.

Routing Protocol is "isis tag1"

  Invalid after 0 seconds, hold down 0, flushed after 0

  Outgoing update filter list for all interfaces is not set

  Incoming update filter list for all interfaces is not set

  Redistributing: isis

  Address Summarization:

    None

  Maximum path: 4

  Routing for Networks:

  Routing Information Sources:

    Gateway         Distance      Last Update

  Distance: (default is 115)

    Address         Wild mask       Distance  List

    10.11.0.0             0.0.0.255       45

    10.0.0.0              0.0.0.255       22

    Address         Wild mask       Distance  List

    10.11.0.0             0.0.0.255       33

    10.11.12.0            0.0.0.255       44

Related Commands

Command	Description
distance (IPv6)	Configures an administrative distance for IS-IS, RIP, or OSPF IPv6 routes inserted into the IPv6 routing table.
distance (ISO CLNS)	Configures the administrative distance for CLNS routes learned.
distance bgp	Allows the use of external, internal, and local administrative distances that could be a better route to a node.
distance bgp (IPv6)	Allows the use of external, internal, and local administrative distances that could be a better route than other external, internal, or local routes to a node.
distance eigrp	Allows the use of two administrative distances—internal and external—that could be a better route to a node.
distance ospf	Defines OSPF route administrative distances based on route type.
show ip protocols	Displays the parameters and current state of the active routing protocol process.

distribute-list in (IP)

To filter networks received in updates, use the distribute-list in command in the appropriate configuration mode. To change or cancel the filter, use the no form of this command.

distribute-list [[access-list-number | name] | [route-map map-tag]] in [interface-type | interface-number]

no distribute-list [[access-list-number | name] | [route-map map-tag]] in [interface-type | interface-number]

Syntax Description

access-list-number | name	(Optional) Standard IP access list number or name. The list defines which networks are to be received and which are to be suppressed in routing updates.
route-map map-tag	(Optional) Name of the route map that defines which networks are to be installed in the routing table and which are to be filtered from the routing table. This argument is supported by OSPF and EIGRP.
in	Applies the access list to incoming routing updates.
interface-type	(Optional) Interface type. The interface-type argument cannot be used in address family configuration mode.
interface-number	(Optional) Interface number on which the access list should be applied to incoming updates. If no interface is specified, the access list will be applied to all incoming updates. The interface type and number arguments can apply if you specify an access list, not a route map. The interface-number argument cannot be used in address family configuration mode.

Defaults

This command is disabled by default.

Command Modes

Address family configuration (config-af)
Router address family topology configuration (config-router-af-topology)
Router configuration (config-router)

Command History

Release	Modification
10.0	This command was introduced.
11.2	The access-list-name, type, and number arguments were added.
12.0(7)T	Address family configuration mode was added.
12.0(24)S	The route-map map-tag keyword and argument were added.
12.2(27)SBC	This command was integrated into Cisco IOS Release 12.2(27)SBC.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRB	This command was made available in router address family topology configuration mode.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

This command must specify either an access list or a map-tag name of a route map. The route map is supported for OSPF and EIGRP filtering.

The interface-type and interface-number arguments cannot be used in address family configuration mode.

OSPF routes cannot be filtered from entering the OSPF database. If you use this command for OSPF, it only filters routes from the routing table; it does not prevent link-state packets from being propagated.

If a route map is specified, the route map can be based on the following match options:

•match interface

•match ip address

•match ip next-hop

•match ip route-source

•match metric

•match route-type

•match tag

Configure the route map before specifying it in the distribute-list in command.

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the distribute-list in command in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

In the following example, EIGRP process 1 is configured to accept two networks—network 0.0.0.0 and network 10.108.0.0:

access-list 1 permit 0.0.0.0

access-list 1 permit 10.108.0.0

access-list 1 deny 0.0.0.0 255.255.255.255

router eigrp 1 

 network 10.108.0.0

 distribute-list 1 in

In the following example, OSPF external LSAs have a tag. The value of the tag is examined before the prefix is installed in the routing table. All OSPF external prefixes that have the tag value of 777 are filtered (prevented from being installed in the routing table). The permit statement with sequence number 20 has no match conditions, and there are no other route-map statements after sequence number 20, so all other conditions are permitted.

route-map tag-filter deny 10

 match tag 777

route-map tag-filter permit 20

!

router ospf 1

 router-id 10.0.0.2

 log-adjacency-changes

 network 172.16.2.1 0.0.0.255 area 0

 distribute-list route-map tag-filter in

Related Commands

Command	Description
access-list (IP extended)	Defines an extended IP access list.
access-list (IP standard)	Defines a standard IP access list.
distribute-list out (IP)	Suppresses networks from being advertised in updates.
redistribute (IP)	Redistributes routes from one routing domain into another routing domain.

distribute-list out (IP)

To suppress networks from being advertised in updates, use the distribute-list out command in the appropriate configuration mode. To cancel this function, use the no form of this command.

distribute-list {access-list-number | access-list-name} out [interface-name | routing-process | as-number]

no distribute-list {access-list-number | access-list-name} out [interface-name | routing-process | as-number]

Syntax Description

access-list-number | access-list-name	Standard IP access list number or name. The list defines which networks are to be sent and which are to be suppressed in routing updates.
out	Applies the access list to outgoing routing updates.
interface-name	(Optional) Name of a particular interface. The interface-name argument cannot be used in address family configuration mode.
routing-process	(Optional) Name of a particular routing process, or the static or connected keyword.
as-number	(Optional) Autonomous system number.

Defaults

This command is disabled by default. Networks are advertised in updates.

Command Modes

Address family configuration (config-af)
Router address family topology configuration (config-router-af-topology)
Router configuration (config-router)

Command History

Release	Modification
10.0	This command was introduced.
11.2	The access-list-name argument was added.
12.0(7)T	Address family configuration mode was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRB	This command was made available in router address family topology configuration mode.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

When networks are redistributed, a routing process name can be specified as an optional trailing argument to the distribute-list command. Specifying this option causes the access list to be applied to only those routes derived from the specified routing process. After the process-specific access list is applied, any access list specified by a distribute-list command without a process name argument will be applied. Addresses not specified in the distribute-list command will not be advertised in outgoing routing updates.

The interface-name argument cannot be used in address family configuration mode.

---

Note To filter networks received in updates, use the distribute-list in command.

---

Release 12.2(33)SRB

If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the distribute-list out command in router address family topology configuration mode in order for this OSPF router configuration command to become topology-aware.

Examples

The following example would cause only one network to be advertised by a RIP routing process, network 10.108.0.0:

access-list 1 permit 10.108.0.0

access-list 1 deny 0.0.0.0 255.255.255.255

router rip

 network 10.108.0.0

 distribute-list 1 out

The following example applies access list 1 to outgoing routing updates. Only network 10.10.101.0 will be advertised in outgoing EIGRP routing updates.

router eigrp 100

 distribute-list 1 out

access-list 1 permit 10.10.101.0 0.0.0.255

Related Commands

Command	Description
access-list (IP extended)	Defines an extended IP access list.
access-list (IP standard)	Defines a standard IP access list.
distribute-list in (IP)	Filters networks received in updates.
redistribute (IP)	Redistributes routes from one routing domain into another routing domain.

ip default-network

To select a network as a candidate route for computing the gateway of last resort, use the ip default-network command in global configuration mode. To remove a route, use the no form of this command.

ip default-network network-number

no ip default-network network-number

Syntax Description

network-number

Number of the network.

Command Default

If the router has a directly connected interface onto the specified network, the dynamic routing protocols running on that router will generate (or source) a default route. For Router Information Protocol (RIP), this is flagged as the pseudonetwork 0.0.0.0.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

The Cisco IOS software uses both administrative distance and metric information to determine the default route. Multiple ip default-network commands can be given. All candidate default routes, both static (that is, flagged by the ip default-network command) and dynamic, appear in the routing table preceded by an asterisk.

If the IP routing table indicates that the specified network number is subnetted and a nonzero subnet number is specified, then the system will automatically configure a static summary route. This static summary route is configured instead of a default network. The effect of the static summary route is to cause traffic destined for subnets that are not explicitly listed in the IP routing table to be routed using the specified subnet.

Examples

The following example defines a static route to network 10.0.0.0 as the static default route:

ip route 10.0.0.0 255.0.0.0 10.108.3.4

ip default-network 10.0.0.0

If the following command was issued on a router not connected to network 10.140.0.0, the software might choose the path to that network as a default route when the network appeared in the routing table:

ip default-network 10.140.0.0

Related Commands

Command	Description
show ip route	Displays the current state of the routing table.

ip local policy route-map

To identify a route map to use for local policy routing, use the ip local policy route-map command in global configuration mode. To disable local policy routing, use the no form of this command.

ip local policy route-map map-tag

no ip local policy route-map map-tag

Syntax Description

map-tag

Name of the route map to use for local policy routing. The name must match a map-tag value specified by a route-map command.

Defaults

Packets that are generated by the router are not policy routed.

Command Modes

Global configuration

Command History

Release	Modification
11.1	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Packets that are generated by the router are not normally policy routed. However, you can use this command to policy route such packets. You might enable local policy routing if you want packets originated at the router to take a route other than the obvious shortest path.

The ip local policy route-map command identifies a route map to use for local policy routing. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which packets should be policy routed. The set comma