Table Of Contents

Cisco IOS IPv6 Commands

aaa accounting multicast default

aaa authorization multicast default

aaa new-model

accept-lifetime

address (Mobile IPv6)

address-family ipv4 (BGP)

address-family ipv6

address-family ipv6 (IS-IS)

address-family vpnv6

adjacency-check

aggregate-address

area authentication (IPv6)

area encryption

area range

area virtual-link

area virtual-link authentication

area virtual-link encryption

arp (interface)

atm route-bridged

authentication (IKE policy)

authentication (Mobile IPv6)

auto-cost (IPv6)

bandwidth (interface)

bfd all-interfaces

bgp graceful-restart

bgp log-neighbor-changes

binding

cache

cdma pdsn ipv6

cef table consistency-check

clear bgp ipv6

clear bgp ipv6 dampening

clear bgp ipv6 external

clear bgp ipv6 flap-statistics

clear bgp ipv6 peer-group

clear cef table

clear dmvpn session

clear frame-relay-inarp

clear ipv6 access-list

clear ipv6 dhcp binding

clear ipv6 dhcp client

clear ipv6 eigrp

clear ipv6 flow stats

clear ipv6 inspect

clear ipv6 mfib counters

clear ipv6 mld counters

clear ipv6 mld traffic

clear ipv6 mobile binding

clear ipv6 mobile home-agents

Cisco IOS IPv6 Commands

---

aaa accounting multicast default

To enable authentication, authorization, and accounting (AAA) accounting of IPv6 multicast services for billing or security purposes when you use RADIUS, use the aaa accounting multicast default command in global configuration mode. To disable AAA accounting for IPv6 multicast services, use the no form of this command.

aaa accounting multicast default [start-stop | stop-only] [broadcast] [method1] [method2] [method3] [method4]

no aaa accounting multicast default [start-stop | stop-only] [broadcast] [method1] [method2] [method3] [method4]

Syntax Description

start-stop	(Optional) Sends a "start" accounting notice at the beginning of a process and a "stop" accounting notice at the end of a process. The "start" accounting record is sent in the background. The requested user process begins regardless of whether the "start" accounting notice was received by the accounting server.
stop-only	(Optional) Sends a "stop" accounting notice at the end of the requested user process.
broadcast	(Optional) Enables sending accounting records to multiple AAA servers. Simultaneously sends accounting records to the first server in each group. If the first server is unavailable, failover occurs using the backup servers defined within that group.
method1, method2, method3, method4	(Optional) Method lists that specify an accounting method or multiple accounting methods to be used for accounting.

Command Default

AAA accounting for multicast is not enabled.

Command Modes

Global configuration

Command History

Release	Modification
12.4(4)T	This command was introduced.

Usage Guidelines

---

Note Including information about IPv6 addresses in accounting and authorization records transmitted between the router and the RADIUS or TACACS+ server is supported. However, there is no support for using IPv6 to communicate with that server. The server must have an IPv4 address.

---

Use the aaa accounting multicast default command to enable AAA accounting for multicast. The network access server reports user activity to the RADIUS security server in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the security server.

Method lists for accounting define the way accounting will be performed. Named accounting method lists enable you to designate a particular security protocol to be used on specific lines or interfaces for particular types of accounting services. When using the aaa accounting multicast default command, you have the option of choosing one or all four existing named access lists, each of which specifies a RADIUS host or server group.

If the aaa accounting multicast default command for a particular accounting type is issued without a named method list specified, the default method list is automatically applied to all interfaces or lines (where this accounting type applies) except those that have a named method list explicitly defined. (A defined method list overrides the default method list.) If no default method list is defined, then no accounting takes place.

For minimal accounting, include the stop-only keyword to send a "stop" record accounting notice at the end of the requested user process. For more accounting, you can include the start-stop keyword, so that RADIUS sends a "start" accounting notice at the beginning of the requested process and a "stop" accounting notice at the end of the process. Accounting is stored only on the RADIUS.

When AAA accounting is activated, the network access server monitors RADIUS accounting attributes pertinent to the connection. The network access server reports these attributes as accounting records, which are then stored in an accounting log on the security server. For a list of supported RADIUS accounting attributes, refer to the appendix "RADIUS Attributes" in the Cisco IOS Security Configuration Guide.

Examples

The following example enables AAA accounting of IPv6 multicast services for billing or security purposes when RADIUS is used:

Router(config)# aaa accounting multicast default 

Related Commands

Command	Description
aaa authorization multicast default	Sets parameters that restrict user access to an IPv6 network.

aaa authorization multicast default

To enable authentication, authorization, and accounting (AAA) authorization and set parameters that restrict user access to an IPv6 multicast network, use the aaa authorization multicast default command in global configuration mode. To disable authorization for a function, use the no form of this command.

aaa authorization multicast default [method]

no aaa authorization multicast default [method]

Syntax Description

method3, method4

(Optional) Specifies one or two authorization methods that can be used for authorization. A method may be any one of the keywords listed in Table 8.

Command Default

Authorization is disabled for all actions.

Command Modes

Global configuration

Command History

Release	Modification
12.4(4)T	This command was introduced.

Usage Guidelines

---

Note Including information about IPv6 addresses in accounting and authorization records transmitted between the router and the RADIUS or TACACS+ server is supported. However, there is no support for using IPv6 to communicate with that server. The server must have an IPv4 address.

---

Use the aaa authorization multicast default command to enable authorization. Method lists for authorization define the ways authorization will be performed and the sequence in which these methods will be performed. A method list is a named list describing the authorization methods to be used, in sequence. Method lists enable you to designate one or more security protocols to be used for authorization, thus ensuring a backup system in case the initial method fails. Cisco IOS IPv6 software uses the first method listed to authorize users for specific network services; if that method fails to respond, the Cisco IOS IPv6 software selects the next method listed in the method list. This process continues until there is successful communication with a listed authorization method, or all methods defined are exhausted.

---

Note The Cisco IOS IPv6 software attempts authorization with the next listed method only when there is no response from the previous method. If authorization fails at any point in this cycle—meaning that the security server or local username database responds by denying the user services—the authorization process stops, and no other authorization methods are attempted.

---

If the aaa authorization multicast default command for a particular authorization type is issued without a named method list specified, the default method list is automatically applied to all lines or interfaces (where this authorization type applies) except those that have a named method list explicitly defined. (A defined method list overrides the default method list.) If no default method list is defined, then no authorization takes place.

---

Note In Table 8, the group radius and group group-name methods refer to a set of previously defined RADIUS servers. Use the radius-server host command to configure the host servers. Use the aaa group server radius command to create a named group of servers.

---

Method keywords are described in Table 8.

Table 8 aaa authorization Methods 

Keyword	Description
group radius	Uses the list of all RADIUS servers for authentication as defined by the aaa group server radius command.
group group-name	Uses a subset of RADIUS servers for accounting as defined by the server group group-name command.
if-authenticated	Allows the user to access the requested function if the user is authenticated.
local	Uses the local database for authorization.
none	No authorization is performed.

Cisco IOS IPv6 software supports the following methods for authorization:

•RADIUS—The network access server requests authorization information from the RADIUS security server group. RADIUS authorization defines specific rights for users by associating attributes, which are stored in a database on the RADIUS server, with the appropriate user.

•If-Authenticated—The user is allowed to access the requested function provided the user has been authenticated successfully.

•None—The network access server does not request authorization information; authorization is not performed over this line or interface.

•Local—The router or access server consults its local database, as defined by the username command, to authorize specific rights for users. Only a limited set of functions can be controlled via the local database.

Method lists are specific to the type of authorization being requested. AAA supports the following different types of authorization:

•Network—Applies to network connections. This can include a PPP, Serial Line Internet Protocol (SLIP), or AppleTalk Remote Access (ARA) connection.

•EXEC—Applies to the attributes associated with a user EXEC terminal session.

•Commands—Applies to the EXEC mode commands and user issues. Command authorization attempts authorization for all EXEC mode commands, including global configuration commands, associated with a specific privilege level.

•Reverse Access—Applies to reverse Telnet sessions.

•Configuration—Applies to the configuration downloaded from the AAA server.

The authorization command causes a request packet containing a series of AV pairs to be sent to the RADIUS daemon as part of the authorization process. The daemon can do one of the following:

•Accept the request as is.

•Make changes to the request.

•Refuse the request and refuse authorization.

For a list of supported RADIUS attributes, refer to the appendix "RADIUS Attributes" in the Cisco IOS Security Configuration Guide.

Examples

The following example enables AAA authorization and sets default parameters that restrict user access to an IPv6 multicast network:

Router(config)# aaa authorization multicast default

Related Commands

Command	Description
aaa accounting multicast default	Enables AAA accounting of IPv6 multicast services for billing or security purposes when you use RADIUS.
aaa group server radius	Groups different RADIUS server hosts into distinct lists and distinct methods.
radius-server host	Specifies a RADIUS server host.
username	Establishes a username-based authentication system.

aaa new-model

To enable the authentication, authorization, and accounting (AAA) access control model, issue the aaa new-model command in global configuration mode. To disable the AAA access control model, use the no form of this command.

aaa new-model

no aaa new-model

Syntax Description

This command has no arguments or keywords.

Command Default

AAA is not enabled.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.
12.4(4)T	Support for IPv6 was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

This command enables the AAA access control system.

Examples

The following example initializes AAA:

aaa new-model

Related Commands

Command	Description
aaa accounting	Enables AAA accounting of requested services for billing or security purposes.
aaa authentication arap	Enables an AAA authentication method for ARAP using TACACS+.
aaa authentication enable default	Enables AAA authentication to determine if a user can access the privileged command level.
aaa authentication login	Sets AAA authentication at login.
aaa authentication ppp	Specifies one or more AAA authentication method for use on serial interfaces running PPP.
aaa authorization	Sets parameters that restrict user access to a network.

accept-lifetime

To set the time period during which the authentication key on a key chain is received as valid, use the accept-lifetime command in key chain key configuration mode. To revert to the default value, use the no form of this command.

accept-lifetime start-time {infinite | end-time | duration seconds}

no accept-lifetime [start-time {infinite | end-time | duration seconds}]

Syntax Description

start-time	Beginning time that the key specified by the key command is valid to be received. The syntax can be either of the following:         hh:mm:ss Month date year         hh:mm:ss date Month year •hh—hours •mm—minutes •ss—seconds •Month—first three letters of the month •date—date (1-31) •year—year (four digits) The default start time and the earliest acceptable date is January 1, 1993.
infinite	Key is valid to be received from the start-time value on.
end-time	Key is valid to be received from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.
duration seconds	Length of time (in seconds) that the key is valid to be received. The range is from 1 to 2147483646.

Command Default

Forever (the starting time is January 1, 1993, and the ending time is infinite)

Command Modes

Key chain key configuration

Command History

Release	Modification
11.1	This command was introduced.
12.4(6)T	Support for IPv6 was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Only DRP Agent, Enhanced Interior Gateway Routing Protocol (EIGRP), and Routing Information Protocol (RIP) Version 2 use key chains.

Specify a start-time value and one of the following values: infinite, end-time, or duration seconds.

We recommend running Network Time Protocol (NTP) or some other time synchronization method if you assign a lifetime to a key.

If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.

Examples

The following example configures a key chain called keychain1. The key named string1 will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named string2 will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

interface ethernet 0

 ip rip authentication key-chain keychain1

 ip rip authentication mode md5

!

router rip

 network 172.19.0.0

 version 2

!

key chain keychain1

 key 1

 key-string string1

 accept-lifetime 13:30:00 Jan 25 1996 duration 7200

 send-lifetime 14:00:00 Jan 25 1996 duration 3600

 key 2

 key-string string2

 accept-lifetime 14:30:00 Jan 25 1996 duration 7200

 send-lifetime 15:00:00 Jan 25 1996 duration 3600

Related Commands

Command	Description
key	Identifies an authentication key on a key chain.
key chain	Enables authentication for routing protocols.
key-string (authentication)	Specifies the authentication string for a key.
send-lifetime	Sets the time period during which an authentication key on a key chain is valid to be sent.
show key chain	Displays authentication key information.

address (Mobile IPv6)

To specify the home address of the IPv6 mobile node, use the address command in home-agent configuration mode or IPv6 mobile router host configuration mode. To remove a host configuration, use the no form of this command.

address {ipv6-address | autoconfig}

no address

Syntax Description

ipv6-address	Specifies a home address for the mobile node. This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.
autoconfig	Allows any IPv6 address to be used.

Command Default

No home address is specified for the mobile router.

Command Modes

Home-agent configuration (config-ha)
IPv6 mobile router host configuration

Command History

Release	Modification
12.4(11)T	This command was introduced.
12.4(20)T	IPv6 network mobility (NEMO) functionality was added.

Usage Guidelines

The address command in IPv6 home-agent configuration mode specifies the home address of the mobile node. The ipv6-address argument can be used to configure a specific IPv6 address, or the autoconfig keyword can be used to allow any IPv6 address as the home address of the IPv6 mobile node.

Do not configure two separate groups with the same IPv6 address. For example, host group group1 and host group group2 cannot both have the same home address of baba::1.

When the address command is configured with a specific IPv6 address, the nai command, which configures the network address identifier (NAI), cannot be configured using the @realm argument. For example, the following nai command configuration would not be valid because the address command is configured with the specific address baba::1:

host group engineering

  nai  @cisco.com

  address baba::1

Examples

In the following example, the user enters home agent configuration mode, creates a host group named group1, and configures any IPv6 address to be used for the mobile node:

Router(config)# ipv6 mobile home-agent

Router(config-ha)# host group group1

Router(config-ha)# address autoconfig

Related Commands

Command	Description
host group	Creates a host configuration in IPv6 Mobile.
ipv6 mobile home-agent (global configuration)	Enters home agent configuration mode.
nai	Specifies the NAI for the IPv6 mobile node.

address-family ipv4 (BGP)

To enter address family or router scope address family configuration mode to configure a routing session using standard IP Version 4 address prefixes, use the address-family ipv4 command in router configuration or router scope configuration mode. To exit address family configuration mode and remove the IPv4 address family configuration from the running configuration, use the no form of this command.

Syntax Available Under Router Configuration Mode

address-family ipv4 [mdt | multicast | tunnel | unicast [vrf vrf-name] | vrf vrf-name]

no address-family ipv4 [mdt | multicast | tunnel | unicast [vrf vrf-name] | vrf vrf-name]

Syntax Available Under Router Scope Configuration Mode

address-family ipv4 [mdt | multicast | unicast]

no address-family ipv4 [mdt | multicast | unicast]

Syntax Description

mdt	(Optional) Specifies an IPv4 multicast distribution tree (MDT) address family session.
multicast	(Optional) Specifies IP Version 4 multicast address prefixes.
tunnel	(Optional) Specifies an IPv4 routing session for multipoint tunneling.
unicast	(Optional) Specifies IP Version 4 unicast address prefixes. This is the default.
vrf vrf-name	(Optional) Specifies the name of the VPN routing and forwarding (VRF) instance to associate with subsequent IP Version 4 address family configuration mode commands.

Command Default

IP Version 4 address prefixes are not enabled.

Command Modes

Router configuration (config-router)
Router scope configuration (config-router-scope)

Command History

Release	Modification
12.0(5)T	This command was introduced. This command replaced the match nlri and set nlri commands.
12.0(28)S	This command was integrated into Cisco IOS Release 12.0(28)S, and the tunnel keyword was added.
12.0(29)S	The mdt keyword was added.
12.0(30)S	Support for the Cisco 12000 series Internet router was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(31)SB2	This command was integrated into Cisco IOS Release 12.2(31)SB2.
12.2(33)SRB	Support for the router scope configuration mode was added.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.
12.4(20)T	The mdt keyword was added.

Usage Guidelines

The address-family ipv4 command replaces the match nlri and set nlri commands. The address-family ipv4 command places the router in address family configuration mode (prompt: config-router-af), from which you can configure routing sessions that use standard IP Version 4 address prefixes. To leave address family configuration mode and return to router configuration mode, type exit.

---

Note Routing information for address family IPv4 is advertised by default for each BGP routing session configured with the neighbor remote-as command unless you enter the no bgp default ipv4-unicast command before configuring the neighbor remote-as command.

---

The tunnel keyword is used to enable the tunnel subaddress family identifier (SAFI) under the IPv4 address family identifier. This SAFI is used to advertise the tunnel endpoints and the SAFI-specific attributes (which contain the tunnel type and tunnel capabilities). Redistribution of tunnel endpoints into the BGP IPv4 tunnel SAFI table occurs automatically when the tunnel address family is configured. However, peers need to be activated under the tunnel address family before the sessions can exchange tunnel information.

The mdt keyword is used to enable the MDT SAFI under the IPv4 address family identifier. This SAFI is used to advertise tunnel endpoints for inter-AS multicast VPN peering sessions.

In Cisco IOS Release 12.2(33)SRB and later releases, the ability to use address family configuration under the router scope configuration mode was introduced. The scope hierarchy can be defined for BGP routing sessions and is required to support Multi-Topology Routing (MTR). To enter the router scope configuration mode, use the scope command, which can apply globally or for a specific VRF. When using the scope for a specific VRF, only the unicast keyword is available.

Examples

The following example places the router in address family configuration mode for the IP Version 4 address family:

Router(config)# router bgp 50000

Router(config-router)# address-family ipv4

Router(config-router-af)#

Multicast Example

The following example places the router in address family configuration mode and specifies only multicast address prefixes for the IP Version 4 address family:

Router(config)# router bgp 50000

Router(config-router)# address-family ipv4 multicast

Router(config-router-af)#

Unicast Example

The following example places the router in address family configuration mode and specifies unicast address prefixes for the IP Version 4 address family:

Router(config)# router bgp 50000

Router(config-router)# address-family ipv4 unicast

Router(config-router-af)#

VRF Example

The following example places the router in address family configuration mode and specifies cisco as the name of the VRF instance to associate with subsequent IP Version 4 address family configuration mode commands:

Router(config)# router bgp 50000

Router(config-router)# address-family ipv4 vrf cisco

Router(config-router-af)#

---

Note Use this form of the command, which specifies a VRF, only to configure routing exchanges between provider edge (PE) and customer edge (CE) devices.

---

Tunnel Example

The following example places the router in tunnel address family configuration mode:

Router(config)# router bgp 100

Router(config-router)# address-family ipv4 tunnel

Router(config-router-af)#

MDT Example

The following example shows how to configure a router to support an IPv4 MDT address-family session:

Router(config)# router bgp 45000

Router(config-router)# address-family ipv4 mdt

Router(config-router-af)#

Router Scope Configuration Mode Example

The following example shows how to configure the IPv4 address family under router scope configuration mode. In this example, the scope hierarchy is enabled globally. The router enters router scope address family configuration mode, and only multicast address prefixes for the IP Version 4 address family are specified:

Router(config)# router bgp 50000

Router(config-router)# scope global

Router(config-router-scope)# address-family ipv4 multicast

Router(config-router-scope-af)#

Related Commands

Command	Description
address-family ipv6	Places the router in address family configuration mode for configuring routing sessions, such as BGP, that use standard IPv6 address prefixes.
address-family vpnv4	Places the router in address family configuration mode for configuring routing sessions such as BGP, RIP, or static routing sessions that use standard VPN Version 4 address prefixes.
bgp default ipv4-unicast	Enables the IPv4 unicast address family on all neighbors.
neighbor activate	Enables the exchange of information with a BGP neighboring router.
neighbor remote-as	Adds an entry to the BGP or multiprotocol BGP neighbor table.
scope	Defines the scope for a BGP routing session and enters router scope configuration mode.

address-family ipv6

To enter address family configuration mode for configuring routing sessions such as Border Gateway Protocol (BGP) that use standard IPv6 address prefixes, use the address-family ipv6 command in router configuration mode. To disable address family configuration mode, use the no form of this command.

address-family ipv6 [vrf vrf-name] [unicast | multicast | vpnv6]

no address-family ipv6 [vrf vrf-name] [unicast | multicast | vpnv6]

Syntax Description

vrf	Specifies all virtual private network (VPN) routing and forwarding (VRF) instance tables or a specific VRF table for IPv6 address.
vrf-name	Names a specific VRF table for an IPv6 address.
unicast	(Optional) Specifies IPv6 unicast address prefixes.
multicast	(Optional) Specifies IPv6 multicast address prefixes.
vpnv6	(Optional) Specifies VPN Version 6 address prefixes.

Command Default

IPv6 address prefixes are not enabled. Unicast address prefixes are the default when IPv6 address prefixes are configured.

---

Note Routing information for address family IPv4 is advertised by default for each BGP routing session configured with the neighbor remote-as command unless you configure the no bgp default ipv4-unicast command before configuring the neighbor remote-as command.

---

Command Modes

Router configuration

Command History

Release	Modification
12.2(2)T	This command was introduced.
12.0(21)ST	This command was integrated into Cisco IOS Release 12.0(21)ST.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.0(26)S	The multicast keyword was added to Cisco IOS Release 12.0(26)S.
12.3(4)T	The multicast keyword was added to Cisco IOS Release 12.3(4)T.
12.2(25)S	The multicast keyword was added to Cisco IOS Release 12.2(25)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRB	The vrf keyword and vrf-name argument were added to Cisco IOS Release 12.2(33)SRB.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.
Cisco IOS XE Release 2.1	The vpnv6 keyword was added.
12.2(33)SXI	This command was integrated into Cisco IOS Release 12.2(33)SXI.

Usage Guidelines

The address-family ipv6 command places the router in address family configuration mode (prompt: config-router-af), from which you can configure routing sessions that use standard IPv6 address prefixes.

Within address family configuration mode, use the question mark (?) online help function to display supported commands. The BGP commands supported in address family configuration mode configure the same functionality as the BGP commands supported in router configuration mode; however, the BGP commands in router configuration mode configure functionality only for the IPv4 unicast address prefix. To configure BGP commands and functionality for other address family prefixes (for example, the IPv4 multicast or IPv6 unicast address prefixes), you must enter address family configuration mode for those address prefixes using the address-family ipv4 command or the address-family ipv6 command.

Use the multicast keyword to specify an administrative distance for multicast BGP routes to be used in reverse path forwarding (RPF) lookups.

Examples

The following example places the router in address family configuration mode and specifies unicast address prefixes for the IPv6 address family:

Router(config)# router bgp 100

Router(config-router)# address-family ipv6 unicast

The following example places the router in address family configuration mode and specifies multicast address prefixes for the IPv6 address family:

Router(config)# router bgp 100

Router(config-router)# address-family ipv6 multicast

Related Commands

Command	Description
address-family ipv4	Places the router in address family configuration mode for configuring routing sessions, such as BGP, that use standard IPv4 address prefixes.
address-family vpnv4	Places the router in address family configuration mode for configuring routing sessions, such as BGP, that use standard VPNv4 address prefixes.
address-family vpnv6	Enters address family configuration mode for configuring routing sessions, such as BGP, that use standard VPNv6 address prefixes
bgp default ipv4-unicast	Enables the IPv4 unicast address family on all neighbors.
neighbor activate	Enables the exchange of information with a BGP neighboring router.

address-family ipv6 (IS-IS)

To enter address family configuration mode for configuring Intermediate System-to-Intermediate System (IS-IS) routing sessions that use standard IPv6 address prefixes, use the address-family ipv6 command in router configuration mode. To reset all IPv6-specific global configuration values to their default values, use the no form of this command.

address-family ipv6 [unicast]

no address-family ipv6 [unicast]

Syntax Description

unicast

(Optional) Specifies IPv6 unicast address prefixes.

Command Default

IPv6 address prefixes are not enabled. Unicast address prefixes are the default when IPv6 address prefixes are configured.

Command Modes

Router configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.
12.0(21)ST	This command was integrated into Cisco IOS Release 12.0(21)ST.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Usage Guidelines

The address-family ipv6 command places the router in address family configuration mode (prompt: config-router-af), from which you can configure IPv6-specific settings. To leave address family configuration mode and return to router configuration mode, enter the exit-address-family command.

Within address family configuration mode, use the question mark (?) online help function to display supported commands. Many of the IS-IS commands supported in address family configuration mode are identical in syntax to IS-IS commands supported in router configuration mode. Note that commands issued in address family configuration mode apply to IPv6 only, while the matching commands in router configuration mode are IPv4-specific.

Examples

The following example places the router in address family configuration mode for IS-IS and specifies unicast address prefixes for the IPv6 address family:

Router(config)# router isis area01

Router(config-router)# address-family ipv6 unicast

address-family vpnv6

To place the router in address family configuration mode for configuring routing sessions, such as Border Gateway Protocol (BGP), that use standard VPNv6 address prefixes, use the address-family vpnv6 command in router BGP configuration mode. To disable address family configuration mode, use the no form of this command.

address-family vpnv6 [unicast]

no address-family vpnv6 [unicast]

Syntax Description

unicast

(Optional) Specifies VPN Version 6 unicast address prefixes.

Command Default

VPN Version 6 address prefixes are not enabled. Unicast address prefixes are the default when VPN Version 6 address prefixes are configured.

Command Modes

Router BGP configuration

Command History

Release	Modification
12.2(33)SRB	This command was introduced.
Cisco IOS XE Release 2.1	This command was introduced on Cisco ASR 1000 Series Routers.
12.2(33)SXI	This command was integrated into Cisco IOS Release 12.2(33)SXI.

Usage Guidelines

The address-family vpnv6 command places the router in address family configuration mode, from which you can configure routing sessions that use VPN Version 6 address prefixes. An address family must be configured for each VPN routing/forwarding (VRF) on a provider edge (PE) router. Furthermore, a separate address family must be configured for carrying VPN-IPv6 routes between PE routers.

Examples

The following example places the router in address family configuration mode for the VPN Version 6 address family:

Router(config)# router bgp 100

Router(config-router)# address-family vpnv6

Related Commands

Command	Description
address-family ipv6	Enters address family configuration mode for configuring routing sessions such as BGP that use standard IPv6 address prefixes.
neighbor activate	Enables the exchange of information with a BGP neighbor.

adjacency-check

To allow Intermediate System-to-Intermediate System (IS-IS) IPv6 or IPv4 protocol-support consistency checks performed on hello packets, use the adjacency-check command in address family configuration or router configuration mode. To disable consistency checks on hello packets, use the no form of this command.

adjacency-check

no adjacency-check

Syntax Description

This command has no arguments or keywords.

Command Default

The feature is enabled.

Command Modes

Address family configuration
Router configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.
12.0(21)ST	This command was integrated into Cisco IOS Release 12.0(21)ST.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(15)T	Support was added for router configuration mode.
12.2(18)S	Support was added for router configuration mode.
12.0(26)S	Support was added for router configuration mode.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Usage Guidelines

IS-IS performs consistency checks on hello packets and will form an adjacency only with a neighboring router that supports the same set of protocols. A router running IS-IS for both IPv4 and IPv6 will not form an adjacency with a router running IS-IS for IPv4 only.

Use the no adjacency-check command in address-family configuration mode to suppress the consistency checks for IPv6 IS-IS and allow an IPv4 IS-IS router to form an adjacency with a router running IPv4 IS-IS and IPv6. IS-IS will never form an adjacency between a router running IPv4 IS-IS only and a router running IPv6 only.

Use the no adjacency-check command in router configuration mode to suppress the IPv4 subnet consistency check and allow IS-IS to form an adjacency with other routers regardless of whether or not they have an IPv4 subnet in common. By default, IS-IS makes checks in hello packets for IPv4 address subnet matching with a neighbor. In multitopology mode, the IPv4 subnet consistency check is automatically suppressed.

---

Tip Use the debug isis adjacency packets command in privileged EXEC mode to check for adjacency errors. Error messages in the output may indicate where routers are failing to establish adjacencies.

---

Examples

In the following example, the network administrator wants to introduce IPv6 into an existing IPv4 IS-IS network. To ensure that the checking of hello packet checks from adjacent neighbors is disabled until all the neighbor routers are configured to use IPv6, the network administrator enters the no adjacency-check command.

Router(config)# router isis

Router(config-router)# address-family ipv6

Router(config-router-af)# no adjacency-check

In IPv4, the following example shows that the network administrator wants to introduce IPv6 into an existing IPv4 IS-IS network. To ensure that the checking of hello packet checks from adjacent neighbors is disabled until all the neighbor routers are configured to use IPv6, the network administrator enters the no adjacency-check command.

Router(config)# router isis

Router(config-router-af)# no adjacency-check

aggregate-address

To create an aggregate entry in a Border Gateway Protocol (BGP) database, use the aggregate-address command in address family or router configuration mode. To disable this function, use the no form of this command.

aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

no aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

Syntax Description

address	Aggregate address.
mask	Aggregate mask.
as-set	(Optional) Generates autonomous system set path information.
summary-only	(Optional) Filters all more-specific routes from updates.
suppress-map map-name	(Optional) Name of the route map used to select the routes to be suppressed.
advertise-map map-name	(Optional) Name of the route map used to select the routes to create AS_SET origin communities.
attribute-map map-name	(Optional) Name of the route map used to set the attribute of the aggregate route.

Command Default

The atomic aggregate attribute is set automatically when an aggregate route is created with this command unless the as-set keyword is specified.

Command Modes

Address family configuration
Router configuration

Command History

Release	Modification
10.0	This command was introduced.
11.1(20)CC	The nlri unicast, nlri multicast, and nlri unicast multicast keywords were added.
12.0(2)S	The nlri unicast, nlri multicast, and nlri unicast multicast keywords were added.
12.0(7)T	The nlri unicast, nlri multicast, and nlri unicast multicast keywords were removed. Address family configuration mode support was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SRB	Support for IPv6 was added.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.
12.2(33)SXI	This command was integrated into Cisco IOS Release 12.2(33)SXI.

Usage Guidelines

You can implement aggregate routing in BGP and mBGP either by redistributing an aggregate route into BGP or mBGP, or by using the conditional aggregate routing feature.

Using the aggregate-address command with no keywords will create an aggregate entry in the BGP or mBGP routing table if any more-specific BGP or mBGP routes are available that fall within the specified range. (A longer prefix which matches the aggregate must exist in the RIB.) The aggregate route will be advertised as coming from your autonomous system and will have the atomic aggregate attribute set to show that information might be missing. (By default, the atomic aggregate attribute is set unless you specify the as-set keyword.)

Using the as-set keyword creates an aggregate entry using the same rules that the command follows without this keyword, but the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Do not use this form of the aggregate-address command when aggregating many paths, because this route must be continually withdrawn and updated as autonomous system path reachability information for the summarized routes changes.

Using the summary-only keyword not only creates the aggregate route (for example, 192.*.*.*) but also suppresses advertisements of more-specific routes to all neighbors. If you want to suppress only advertisements to certain neighbors, you may use the neighbor distribute-list command, with caution. If a more-specific route leaks out, all BGP or mBGP routers will prefer that route over the less-specific aggregate you are generating (using longest-match routing).

Using the suppress-map keyword creates the aggregate route but suppresses advertisement of specified routes. You can use the match clauses of route maps to selectively suppress some more-specific routes of the aggregate and leave others unsuppressed. IP access lists and autonomous system path access lists match clauses are supported.

Using the advertise-map keyword selects specific routes that will be used to build different components of the aggregate route, such as AS_SET or community. This form of the aggregate-address command is useful when the components of an aggregate are in separate autonomous systems and you want to create an aggregate with AS_SET, and advertise it back to some of the same autonomous systems. You must remember to omit the specific autonomous system numbers from the AS_SET to prevent the aggregate from being dropped by the BGP loop detection mechanism at the receiving router. IP access lists and autonomous system path access lists match clauses are supported.

Using the attribute-map keyword allows attributes of the aggregate route to be changed. This form of the aggregate-address command is useful when one of the routes forming the AS_SET is configured with an attribute such as the community no-export attribute, which would prevent the aggregate route from being exported. An attribute map route map can be created to change the aggregate attributes.

Examples

AS-Set Example

In the following example, an aggregate BGP address is created in router configuration mode. The path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized.

Router(config)# router bgp 50000 

Router(config-router)# aggregate-address 10.0.0.0 255.0.0.0 as-set 

Summary-Only Example

In the following example, an aggregate BGP address is created in address family configuration mode and applied to the multicast database (SAFI) under the IP Version 4 address family. Because the summary-only keyword is configured, more-specific routes are filtered from updates.

Router(config)# router bgp 50000 

Router(config-router)# address-family ipv4 multicast 

Router(config-router-af)#