Table Of Contents

debug ipv6 pim df-election

debug ipv6 pim limit

debug ipv6 policy

debug ipv6 pool

debug ipv6 rip

debug ipv6 routing

debug ipv6 static

debug isis spf-events

debug nhrp

debug nhrp condition

debug nhrp error

debug ntp

default (IPv6 OSPF)

default-information originate (IPv6 IS-IS)

default-information originate (IPv6 OSPF)

default-metric (EIGRP)

default-metric (IPv6)

deny (IPv6)

destination-pattern

dialer-group

dialer-list protocol

dial-peer voice

discard-route (IPv6)

distance (IPv6 EIGRP)

distance (IPv6 Mobile)

distance (IPv6)

distance bgp (IPv6)

distribute-list prefix-list (IPv6 EIGRP)

distribute-list prefix-list (IPv6 RIP)

distribute-list prefix-list (IPv6 OSPF)

dns-server (IPv6)

domain-name (IPv6)

dspfarm profile

eigrp event-log-size

eigrp log-neighbor-changes

eigrp log-neighbor-warnings

eigrp router-id

eigrp stub

enabled

encapsulation

encapsulation frame-relay mfr

encryption (IKE policy)

enrollment terminal (ca-trustpoint)

enrollment url (ca-trustpoint)

eui-interface

evaluate (IPv6)

event-log

explicit-prefix

fingerprint

frame-relay interface-dlci

frame-relay intf-type

frame-relay map ipv6

frame-relay multilink ack

frame-relay multilink bid

frame-relay multilink hello

frame-relay multilink lid

frame-relay switching

glbp ipv6

graceful-restart

graceful-restart helper

group (IKE policy)

hash (IKE policy)

home-address home-network

home-network

host group

hostname

import dns-server

import domain-name

import information refresh

import nis address

import nis domain-name

import nisp address

import nisp domain-name

import sip address

import sip domain-name

import sntp address

information refresh

interface mfr

ip address

ip directed-broadcast

ip-extension

ip http server

debug ipv6 pim df-election

To display debug messages for Protocol Independent Multicast (PIM) bidirectional designated forwarder (DF) election message processing, use the debug ipv6 pim df-election command in privileged EXEC mode. To disable debug messages for PIM bidirectional DF election message processing, use the no form of this command.

debug ipv6 pim df-election [interface type number] [rp rp-name | rp-address]

no debug ipv6 pim df-election [interface type number] [rp rp-name | rp-address]

Syntax Description

interface	(Optional) Specifies that debug messages on a specified interface will be displayed.
type number	(Optional) Interface type and number. For more information, use the question mark (?) online help function.
rp	(Optional) Specifies that debug messages on a specified Route Processor (RP) will be displayed.
rp-name	(Optional) The name of the specified RP.
rp-address	(Optional) The IPv6 address of the specified RP.

Command Default

Debugging for PIM bidirectional DF election message processing is not enabled.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.3(7)T	This command was introduced.
12.2(25)S	This command was integrated into Cisco IOS Release 12.2(25)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Usage Guidelines

Use the debug ipv6 pim df-election command if traffic is not flowing properly when operating in PIM bidirectional mode or if the show ipv6 pim df and show ipv6 pim df winner commands do not display the expected information.

Examples

The following example shows how to enable debugging for PIM bidirectional DF election message processing on Ethernet interface 1/0 and at 200::1:

Route# debug ipv6 pim df-election interface ethernet 1/0 rp 200::1

Related Commands

Command	Description
ipv6 pim rp-address	Configures the address of a PIM RP for a particular group range.
show ipv6 pim df	Displays the DF-election state of each interface for each RP.
show ipv6 pim df winner	Displays the DF-election winner on each interface for each RP.

debug ipv6 pim limit

To enable debugging for Protocol Independent Multicast (PIM) interface limits, use the debug ipv6 pim limit command in privileged EXEC mode. To restore the default value, use the no form of this command.

debug ipv6 pim limit [group]

no debug ipv6 pim limit

Syntax Description

group

(Optional) Specific group to be debugged.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.2(33)SRE	This command was introduced.

Usage Guidelines

Use the debug ipv6 pim limit command to display debugging information for interface limits and costs. Use the optional group argument to specify a particular group to debug.

Examples

The following example enables PIM interface limit debugging:

Router# debug ipv6 pim limit

Related Commands

Command	Description
ipv6 multicast limit	Configures per-interface mroute state limiters in IPv6.
ipv6 multicast limit cost	Applies a cost to mroutes that match per interface mroute state limiters in IPv6.

debug ipv6 policy

To display IPv6 policy routing packet activity, use the debug ipv6 policy command in user EXEC or privileged EXEC mode. To disable debugging output, use the no form of this command.

debug ipv6 policy [access-list-name]

no debug ipv6 policy [access-list-name]

Syntax Description

access-list-name

(Optional) Name of the IPv6 access list for which to clear the match counters. Names cannot contain a space or quotation mark, or begin with a numeric.

Command Default

IPv6 policy routing packet activity is not displayed.

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
12.3(7)T	This command was introduced.
12.2(30)S	This command was integrated into Cisco IOS Release 12.2(30)S.

Usage Guidelines

If no access list is specified using the optional access-list-name argument, information about all policy-matched and policy-routed packets is displayed.

After you configure IPv6 policy routing, use the debug ipv6 policy command to verify that IPv6 policy-based routing (PBR) is policy-routing packets normally. Policy routing looks at various parts of the packet and then routes the packet based on certain user-defined attributes in the packet. The debug ipv6 policy command helps you determine what policy routing is following. It displays information about whether a packet matches the criteria, and if so, the resulting routing information for the packet.

Do not use the debug ipv6 policy command unless you suspect a problem with IPv6 PBR policy routing.

Examples

The following example enables IPv6 policy routing packet activity. The output for this command is self-explanatory:

Router# debug ipv6 policy

00:02:38:IPv6 PBR:Ethernet0/0, matched src 2003::90 dst 2001:1000::1 protocol 58

00:02:38:IPv6 PBR:set nexthop 2003:1::95, interface Ethernet1/0

00:02:38:IPv6 PBR:policy route via Ethernet1/0/2003:1::95

debug ipv6 pool

To enable debugging on IPv6 prefix pools, use the debug ipv6 pool command in privileged EXEC mode. To disable debugging, use the no form of this command.

debug ipv6 pool

no debug ipv6 pool

Syntax Description

This command has no keywords or arguments.

Command Default

No debugging is active.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.2(13)T	This command was introduced.

Examples

The following example enables debugging for IPv6 prefix pools:

Router# debug ipv6 pool

2w4d: IPv6 Pool: Deleting route/prefix 2001:0DB8::/29 to Virtual-Access1 for cisco

2w4d: IPv6 Pool: Returning cached entry 2001:0DB8::/29 for cisco on Virtual-Access1 to 

pool1

2w4d: IPv6 Pool: Installed route/prefix 2001:0DB8::/29 to Virtual-Access1 for cisco

Related Commands

Command	Description
ipv6 local pool	Configures a local IPv6 prefix pool.
show ipv6 interface	Displays the usability status of interfaces configured for IPv6.
show ipv6 local pool	Displays information about defined IPv6 prefix pools.

debug ipv6 rip

To display debug messages for IPv6 Routing Information Protocol (RIP) routing transactions, use the debug ipv6 rip command in privileged EXEC mode. To disable debug messages for IPv6 RIP routing transactions, use the no form of this command.

debug ipv6 rip [interface-type interface-number]

no debug ipv6 rip [interface-type interface-number]

Syntax Description

interface-type	(Optional) The interface type about which to display debug messages.
interface-number	(Optional) The interface number about which to display debug messages.

Command Default

IPv6 RIP debugging is not enabled.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.2(2)T	This command was introduced.
12.0(21)ST	This command was integrated into Cisco IOS Release 12.0(21)ST.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 2.1	This command was introduced on Cisco ASR 1000 Series Routers.

Usage Guidelines

The debug ipv6 rip command is similar to the debug ip rip command, except that it is IPv6-specific.

---

Note By default, the network server sends the output from debug commands and system error messages to the console. To redirect debug output, use the logging command options within global configuration mode. Destinations include the console, virtual terminals, internal buffer, and UNIX hosts running a syslog server. For complete information on debug commands and redirecting debug output, refer to the Cisco IOS Debug Command Reference.

---

Using this command without arguments enables IPv6 RIP debugging for RIP packets that are sent and received on all router interfaces. Using this command with arguments enables IPv6 RIP debugging for RIP packets that are sent and received only on the specified interface.

---

Caution Using this command on busy networks seriously degrades the performance of the router.

---

Examples

The following example shows output for the debug ipv6 rip command:

Router# debug ipv6 rip

13:09:10:RIPng:Sending multicast update on Ethernet1/1 for as1_rip

13:09:10:       src=FE80::203:E4FF:FE12:CC1D

13:09:10:       dst=FF02::9 (Ethernet1/1)

13:09:10:       sport=521, dport=521, length=32

13:09:10:       command=2, version=1, mbz=0, #rte=1

13:09:10:       tag=0, metric=1, prefix=::/0

13:09:28:RIPng:response received from FE80::202:FDFF:FE77:1E42 on Ethernet1/1 for as1_rip

13:09:28:       src=FE80::202:FDFF:FE77:1E42 (Ethernet1/1)

13:09:28:       dst=FF02::9

13:09:28:       sport=521, dport=521, length=32

13:09:28:       command=2, version=1, mbz=0, #rte=1

13:09:28:       tag=0, metric=1, prefix=2000:0:0:1:1::/80

The example shows two RIP packets; both are updates, known as "responses" in RIP terminology and indicated by a "command" value of 2. The first is an update sent by this router, and the second is an update received by this router. Multicast update packets are sent to all neighboring IPv6 RIP routers (all routers that are on the same links as the router sending the update, and that have IPv6 RIP enabled). An IPv6 RIP router advertises the contents of its routing table to its neighbors by periodically sending update packets over those interfaces on which IPv6 RIP is configured. An IPv6 router may also send "triggered" updates immediately following a routing table change. In this case the updates only includes the changes to the routing table. An IPv6 RIP router may solicit the contents of the routing table of a neighboring router by sending a Request (command =1) message to the router. The router will respond by sending an update (Response, command=2) containing its routing table. In the example, the received response packet could be a periodic update from the address FE80::202:FDFF:FE77:1E42 or a response to a RIP request message that was previously sent by the local router.

Table 25 describes the significant fields shown in the display.

Table 25 debug ipv6 rip Field Descriptions 

Field	Description
as1_rip	The name of the RIP process that is sending or receiving the update.
src	The address from which the update was originated.
dst	The destination address for the update.
sport, dport	The source and destination ports for the update. (IPv6 RIP uses port 521, as shown in the display.)
command	The command field within the RIP packet. A value of 2 indicates that the RIP packet is a response (update); a value of 1 indicates that the RIP packet is a request.
version	The version of IPv6 RIP being used. The current version is 1.
mbz	There must be a 0 (mbz) field within the RIP packet.
#rte	Indicates the number of routing table entries (RTEs) the RIP packet contains.
tag metric prefix	The tag, metric, and prefix fields are specific to each RTE contained in the update. The tag field is intended to allow for the flagging of IPv6 RIP "internal" and "external" routes. The metric field is the distance metric from the router (sending this update) to the prefix. The prefix field is the IPv6 prefix of the destination being advertised.

Related Commands

Command	Description
debug ipv6 routing	Displays debug messages for IPv6 routing table updates and route cache updates.

debug ipv6 routing

To display debug messages for IPv6 routing table updates and route cache updates, use the debug ipv6 routing command in privileged EXEC mode. To disable debug messages for IPv6 routing table updates and route cache updates, use the no form of this command.

debug ipv6 routing

no debug ipv6 routing

Syntax Description

This command has no arguments or keywords.

Command Default

Debugging for IPv6 routing table updates and route cache updates is not enabled.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.2(2)T	This command was introduced.
12.0(21)ST	This command was integrated into Cisco IOS Release 12.0(21)ST.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Usage Guidelines

The debug ipv6 routing command is similar to the debug ip routing command, except that it is IPv6-specific.

---

Note By default, the network server sends the output from debug commands and system error messages to the console. To redirect debug output, use the logging command options within global configuration mode. Destinations include the console, virtual terminals, internal buffer, and UNIX hosts running a syslog server. For complete information on debug commands and redirecting debug output, refer to the Cisco IOS Debug Command Reference.

---

Examples

The following example shows output for the debug ipv6 routing command:

Router# debug ipv6 routing

13:18:43:IPv6RT0:Add 2000:0:0:1:1::/80 to table

13:18:43:IPv6RT0:Better next-hop for 2000:0:0:1:1::/80, [120/2]

13:19:09:IPv6RT0:Add 2000:0:0:2::/64 to table

13:19:09:IPv6RT0:Better next-hop for 2000:0:0:2::/64, [20/1]

13:19:09:IPv6RT0:Add 2000:0:0:2:1::/80 to table

13:19:09:IPv6RT0:Better next-hop for 2000:0:0:2:1::/80, [20/1]

13:19:09:IPv6RT0:Add 2000:0:0:4::/64 to table

13:19:09:IPv6RT0:Better next-hop for 2000:0:0:4::/64, [20/1]

13:19:37:IPv6RT0:Add 2000:0:0:6::/64 to table

13:19:37:IPv6RT0:Better next-hop for 2000:0:0:6::/64, [20/2]

The debug ipv6 routing command displays messages whenever the routing table changes. For example, the following message indicates that a route to the prefix 2000:0:0:1:1::/80 was added to the routing table at the time specified in the message.

13:18:43:IPv6RT0:Add 2000:0:0:1:1::/80 to table

The following message indicates that the prefix 2000:0:0:2::/64 was already in the routing table; however, a received advertisement provided a lower cost path to the prefix. Therefore, the routing table was updated with the lower cost path. (The [20/1] in the example is the administrative distance [20] and metric [1] of the better path.)

13:19:09:IPv6RT0:Better next-hop for 2000:0:0:2::/64, [20/1]

Related Commands

Command	Description
debug ipv6 rip	Displays debug messages for IPv6 RIP routing transactions.

debug ipv6 static

To enable Bidirectional Forwarding Detection for IPv6 (BFDv6) debugging, use the debug ipv6 static command in privileged EXEC mode.

debug ipv6 static

Command Default

Debugging is not enabled.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
Cisco IOS XE Release 2.1	This command was introduced.

Usage Guidelines

Use the debug ipv6 static command to monitor BFDv6 operation.

Examples

The following example enables BFDv6 debugging:

Router# debug ipv6 static

Related Commands

Command	Description
monitor event ipv6 static	Monitors the operation of the IPv6 static and IPv6 static BFDv6 neighbors using event trace.
show ipv6 static	Displays the current contents of the IPv6 routing table.

debug isis spf-events

To display a log of significant events during an Intermediate System-to-Intermediate System (IS-IS) shortest-path first (SPF) computation, use the debug isis spf-events command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug isis spf-events

no debug isis spf-events

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release	Modification
12.0	This command was introduced.
12.2(15)T	Support for IPv6 was added.
12.2(18)S	Support for IPv6 was added.
12.0(26)S	Support for IPv6 was added.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 2.4	This command was introduced on Cisco ASR 1000 Series Routers.

Usage Guidelines

This command displays information about significant events that occur during SPF-related processing.

Examples

The following example displays significant events during an IS-IS SPF computation:

Router# debug isis spf-events

ISIS-Spf:  Compute L2 IPv6 SPT

ISIS-Spf: Move 0000.0000.1111.00-00 to PATHS, metric 0

ISIS-Spf: Add 0000.0000.2222.01-00 to TENT, metric 10

ISIS-Spf: Move 0000.0000.2222.01-00 to PATHS, metric 10

ISIS-Spf: considering adj to 0000.0000.2222 (Ethernet3/1) metric 10, level 2, circuit 3, 
adj 3 

ISIS-Spf:   (accepted)

ISIS-Spf: Add 0000.0000.2222.00-00 to TENT, metric 10

ISIS-Spf:   Next hop 0000.0000.2222 (Ethernet3/1)

ISIS-Spf: Move 0000.0000.2222.00-00 to PATHS, metric 10

ISIS-Spf: Add 0000.0000.2222.02-00 to TENT, metric 20

ISIS-Spf:   Next hop 0000.0000.2222 (Ethernet3/1)

ISIS-Spf: Move 0000.0000.2222.02-00 to PATHS, metric 20

ISIS-Spf: Add 0000.0000.3333.00-00 to TENT, metric 20

ISIS-Spf:   Next hop 0000.0000.2222 (Ethernet3/1)

debug nhrp

To enable Next Hop Resolution Protocol (NHRP) debugging, use the debug nhrp command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug nhrp {ipv4 | ipv6} [cache | extension | packet | rate]

no debug nhrp

Syntax Description

ipv4	Specifies the IPv4 overlay address.
ipv6	Specifies the IPv6 overlay address.
cache	(Optional) Specifies NHRP cache operations.
extension	(Optional) Specifies NHRP extension processing.
packet	(Optional) Specifies NHRP activity.
rate	(Optional) Specifies NHRP rate limiting.

(

Command Default

NHRP debugging is not enabled.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.

Examples

The following example shows NHRP debugging output for IPv6:

Router# debug nhrp ipv6

Aug  9 13:13:41.486: NHRP: Attempting to send packet via DEST

			- 2001:0db8:3c4d:0015:0000:0000:1a2f:3d2c/32

Aug  9 13:13:41.486: NHRP: Encapsulation succeeded.  

Aug  9 13:13:41.486: NHRP: Tunnel NBMA addr 11.11.11.99

Aug  9 13:13:41.486: NHRP: Send Registration Request via Tunnel0 vrf 0, packet size: 105

Aug  9 13:13:41.486: src: 2001:0db8:3c4d:0015:0000:0000:1a2f:3d2c/32, 

	         dst: 2001:0db8:3c4d:0015:0000:0000:1a2f:3d2c/32

Aug  9 13:13:41.486: NHRP: 105 bytes out Tunnel0

Aug  9 13:13:41.486: NHRP: Receive Registration Reply via Tunnel0 vrf 0, packet size: 125

The following example shows NHRP debugging output for IPv4:

Router# debug nhrp ipv4

Aug  9 13:13:41.486: NHRP: Attempting to send packet via DEST 10.1.1.99

Aug  9 13:13:41.486: NHRP: Encapsulation succeeded.  Tunnel IP addr 10.11.11.99

Aug  9 13:13:41.486: NHRP: Send Registration Request via Tunnel0 vrf 0, packet size: 105

Aug  9 13:13:41.486:       src: 10.1.1.11, dst: 10.1.1.99

Aug  9 13:13:41.486: NHRP: 105 bytes out Tunnel0

Aug  9 13:13:41.486: NHRP: Receive Registration Reply via Tunnel0 vrf 0, packet size: 125

Aug  9 13:13:41.486: NHRP: netid_in = 0, to_us = 1

Related Commands

Command	Description
debug dmvpn	Displays DMVPN session debugging information.
debug nhrp error	Displays NHRP error level debugging information.

debug nhrp condition

To enable Next Hop Resolution Protocol (NHRP) conditional debugging, use the debug nhrp condition command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug nhrp condition [peer [nbma | tunnel | ip-address | ipv6-address]] | [interface tunnel number] | [vrf vrf-name]

no debug nhrp condition [peer {nbma | tunnel} ip-address | ipv6-address] | [interface tunnel number] | [vrf vrf-name]

Syntax Description

peer	(Optional) Specifies an NHRP peer.
nbma	(Optional) Specifies mapping nonbroadcast access (NBMA).
tunnel	(Optional) Specifies a tunnel.
ip-address	(Optional) The IPv4 address for the NHRP peer.
ipv6-address	(Optional) The IPv6 address for the NHRP peer.
interface	(Optional) Displays NHRP information based on a specific interface.
tunnel number	(Optional) Specifies the tunnel address for the NHRP peer.
vrf vrf-name	(Optional) Specifies debugging information for sessions related to the specified virtual routing and forwarding (VRF) configuration.

Command Default

Conditional NHRP debugging is not enabled.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(9)T	This command was introduced.
12.4(20)T	The ipv6-address argument was added.

Examples

The following example shows how to enable conditional NHRP debugging for a specific tunnel:

Router# debug nhrp condition peer tunnel 192.0.2.1

Related Commands

Command	Description
debug dmvpn	Displays DMVPN session debugging information.
debug nhrp error	Displays NHRP error level debugging information.

debug nhrp error

To display Next Hop Resolution Protocol (NHRP) error level debugging information, use the debug nhrp error command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug nhrp {ipv4 | ipv6} error

no debug nhrp {ipv4 | ipv6} error

Syntax Description

ipv4	Specifies the IPv6 overlay network.
ipv6	Specifies the IPv6 overlay network.

Command Default

Error level NHRP debugging is not enabled.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(9)T	This command was introduced.
12.4(20)T	The ipv4 and ipv6 keywords were added.

Examples

The following example shows how to enable error level debugging for IPv4 NHRP:

Router# debug nhrp ipv4 error 

NHRP errors debugging is on

Related Commands

Command	Description
debug dmvpn	Displays DMVPN session debugging information.
debug nhrp condition	Enables NHRP conditional debugging.

debug ntp

To display debugging messages for Network Time Protocol (NTP) features, use the debug ntp command in prvileged EXEC mode. To disable debugging output, use the no form of this command.

debug ntp {adjust | all | authentication | core | events | loopfilter | packet | params | refclock | select | sync | validity}

no debug ntp {adjust | all | authentication | core | events | loopfilter | packet | params | refclock | select | sync | validity}

Syntax Description

adjust	Displays debugging information on NTP clock adjustments.
all	Displays all debugging information on NTP.
authentication	Displays debugging information on NTP authentication.
core	Displays debugging information on NTP core messages.
events	Displays debugging information on NTP events.
loopfilter	Displays debugging information on NTP loop filters.
packet	Displays debugging information on NTP packets.
params	Displays debugging information on NTP clock parameters.
refclock	Displays debugging information on NTP reference clocks.
select	Displays debugging information on NTP clock selection.
sync	Displays debugging information on NTP clock synchronization.
validity	Displays debugging information on NTP peer clock validity.

Command Default

Debugging is not enabled.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.1	This command was introduced in a release prior to Cisco IOS Release 12.1.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.4(20)T	Support for IPv6 and NTP version 4 was added. The all and core keywords were added. The authentication, loopfilter, params, select, sync and validity keywords were removed. The packets keyword was modified as packet.

Usage Guidelines

Starting from Cisco IOS Release 12.4(20)T, NTP version 4 is supported. In NTP version 4 the debugging options available are adjust, all, core, events, packet, and refclock. In NTP version 3 the debugging options available were events, authentication, loopfilter, packets, params, select, sync and validity.

Examples

The following example shows how to enable all debugging options for NTP:

Router# debug ntp all

NTP events debugging is on

NTP core messages debugging is on

NTP clock adjustments debugging is on

NTP reference clocks debugging is on

NTP packets debugging is on

Related Commands

Command	Description
ntp refclock	Configures an external clock source for use with NTP services.

default (IPv6 OSPF)

To return a parameter to its default value, use the default command in router configuration mode.

default [area | auto-cost | default-information | default-metric | discard-route | distance | distribute-list | ignore | log-adjacency-changes | maximum-paths | passive-interface | redistribute | router-id | summary-prefix | timers]

Syntax Description

area	(Optional) Open Shortest Path First (OSPF) for IPv6 area parameters.
auto-cost	(Optional) OSPF interface cost according to bandwidth.
default-information	(Optional) Distributes default information.
default-metric	(Optional) Metric for a redistributed route.
discard-route	(Optional) Enables or disables discard-route installation.
distance	(Optional) Administrative distance.
distribute-list	(Optional) Filter networks in routing updates.
ignore	(Optional) Ignores a specific event.
log-adjacency-changes	(Optional) Log changes in the adjacency state.
maximum-paths	(Optional) Forwards packets over multiple paths.
passive-interface	(Optional) Suppresses routing updates on an interface.
redistribute	(Optional) Redistributes IPv6 prefixes from another routing protocol.
router-id	(Optional) Router ID for the specified routing process.
summary-prefix	(Optional) OSPF summary prefix.
timers	(Optional) OSPF timers.

Command Default

This command is disabled by default.

Command Modes

Router configuration

Command History

Release	Modification
12.2(15)T	This command was introduced.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.

Usage Guidelines

The command is removed if it is disabled by default.

Examples

In the following example, OSPF for IPv6 area parameters are reset to the default values:

default timers spf

default-information originate (IPv6 IS-IS)

To inject an IPv6 default route into an Intermediate System-to-Intermediate System (IS-IS) IPv6 routing domain, use the default-information originate command in address family configuration mode. To disable this feature, use the no form of this command.

default-information originate [route-map map-name]

no default-information originate [route-map map-name]

Syntax Description

route-map map-name

(Optional) Route map should be used to advertise the default route conditionally. The map-name argument identifies a configured route map.

Command Default

This feature is disabled.

Command Modes

Address family configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.
12.0(21)ST	This command was integrated into Cisco IOS Release 12.0(21)ST.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 2.4	This command was introduced on Cisco ASR 1000 Series Routers.

Usage Guidelines

The default-information originate (IPv6 IS-IS) command is similar to the default-information originate (IS-IS) command, except that it is IPv6-specific.

If a router configured with this command has an IPv6 route to ::/0 in the routing table, IS-IS will originate an advertisement for ::/0 in its link-state packets (LSPs).

Without a route map, the default is advertised only in Level 2 LSPs. For Level 1 routing, there is another mechanism to find the default route, which is for the router to look for the closest Level 1 or Level 2 router. The closest Level 1 or Level 2 router can be found by looking at the attached bit (ATT) in Level 1 LSPs.

A route map can be used for two purposes:

•Make the router generate default in its Level 1 LSPs.

•Advertise ::/0 conditionally.

With a match ipv6 address standard-access-list command, you can specify one or more IPv6 routes that must exist before the router will advertise ::/0.

Examples

The following example shows the IPv6 default route (::/0) being advertised with all other routes in router updates:

Router(config)# router isis area01

Router(config-router)# address-family ipv6

Router(config-router-af)# default-information originate

Related Commands

Command	Description
address-family ipv6 (IS-IS)	Specifies the IPv6 address family and places the router in address family configuration mode.
match ipv6 address	Distributes IPv6 routes that have a prefix permitted by a prefix list.
show isis database	Displays the IS-IS link-state database.

default-information originate (IPv6 OSPF)

To generate a default external route into an Open Shortest Path First (OSPF) for IPv6 routing domain, use the default-information originate command in router configuration mode. To disable this feature, use the no form of this command.

default-information originate [always] metric metric-value [metric-type type-value] [route-map map-name]

no default-information originate [always] metric metric-value [metric-type type-value] [route-map map-name]

Syntax Description

always	(Optional) Always advertises the default route regardless of whether the software has a default route.
metric metric-value	Metric used for generating the default route. If you omit a value and do not specify a value using the default-metric router configuration command, the default metric value is 10. The default metric value range is from 0 to 16777214.
metric-type type-value	(Optional) External link type associated with the default route advertised into the OSPF for IPv6 routing domain. It can be one of the following values: 1—Type 1 external route 2—Type 2 external route The default is type 2 external route.
route-map map-name	(Optional) Routing process will generate the default route if the route map is satisfied.

Command Default

This command is disabled by default.

Command Modes

Router configuration

Command History

Release	Modification
12.2(15)T	This command was introduced.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.

Usage Guidelines

Whenever you use the redistribute or the default-information router configuration command to redistribute routes into an OSPF for IPv6 routing domain, the Cisco IOS software automatically becomes an Autonomous System Boundary Router (ASBR). However, an ASBR does not, by default, generate a default route into the OSPF for IPv6 routing domain. The software still must have a default route for itself before it generates one, except when you have specified the always keyword.

When you use this command for the OSPF for IPv6 process, the default network must reside in the routing table, and you must satisfy the route-map map-name keyword and argument. Use the default-information originate always route-map map-name form of the command when you do not want the dependency on the default network in the routing table.

Examples

The following example specifies a metric of 100 for the default route redistributed into the OSPF for IPv6 routing domain, an external metric type of type 2, and the default route to be always advertised:

default-information originate always metric 100 metric-type 2 

Related Commands

Command	Description
redistribute (IPv6)	Redistributes IPv6 routes from one routing domain into another routing domain.

 

default-metric (EIGRP)

To set metrics for Enhanced Interior Gateway Routing Protocol (EIGRP), use the default-metric command in router configuration mode or address-family topology configuration mode. To remove the metric value and restore the default state, use the no form of this command.

default-metric bandwidth delay reliability loading mtu

no default-metric bandwidth delay reliability loading mtu

Syntax Description

bandwidth	Minimum bandwidth of the route in kilobytes per second. It can be from 1 to 4294967295.
delay	Route delay in tens of microseconds. It can be 1 or any positive number that is a multiple of 39.1 nanoseconds.
reliability	Likelihood of successful packet transmission expressed as a number from 0 through 255. The value 255 means 100 percent reliability; 0 means no reliability.
loading	Effective bandwidth of the route expressed as a number from 1 to 255 (255 is 100 percent loading).
mtu	The smallest allowed value for the maximum transmission unit (MTU), expressed in bytes. It can be from 1 to 65535.

Command Default

Only connected routes can be redistributed without a default metric. The metric of redistributed connected routes is set to 0.

Command Modes

Router configuration (config-router)
Address-family topology configuration (config-router-af-topology)

Command History

Release	Modification
10.0	This command was introduced.
12.0(22)S	Address family support was added.
12.2(15)T	Address family support was added.
12.2(18)S	Address family support was added.
12.4(6)T	Support for IPv6 was added.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRB	This command was integrated into Cisco IOS Release 12.2(33)SRB.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
15.0(1)M	This command was modified. Address-family topology configuration mode was added. This command must be entered in address-family topology configuration mode when EIGRP is configured with a named router configuration.
12.2(33)SRE	This command was modified. Address-family topology configuration mode was added. This command must be entered in address-family topology configuration mode when EIGRP is configured with a named router configuration.
12.2(33)XNE	This command was integrated into Cisco IOS Release 12.2(33)XNE.
Cisco IOS XE Release 2.5	This command was integrated into Cisco IOS XE Release 2.5.

Usage Guidelines

You must use a default metric to redistribute a protocol into EIGRP, unless you use the redistribute command.

Metric defaults have been carefully set to work for a wide variety of networks. Take great care when changing these values.

Default metrics are supported only when you are redistributing from EIGRP or static routes.

Examples

The following example shows how the redistributed Routing Information Protocol (RIP) metrics are translated into EIGRP metrics with values as follows: bandwidth = 1000, delay = 100, reliability = 250, loading = 100, and MTU = 1500:

Router(config)# router eigrp 109

Router(config-router)# network 172.16.0.0

Router(config-router)# redistribute rip

Router(config-router)# default-metric 1000 100 250 100 1500

The following example shows how the redistributed EIGRP service family 6473 metrics are translated into EIGRP metric with values as follows: bandwidth = 1000, delay = 100, reliability = 250, loading = 100, and MTU = 1500.

Router(config)# router eigrp virtual-name

Router(config-router)# address-family ipv4 autonomous-system 4453

Router(config-router-af)# af-interface default

Router(config-router-af-interface)# no shutdown

Router(config-router-af-interface)# exit

Router(config-router-af)# topology base

Router(config-router-af-topology)# redistribute eigrp virtual-name2 6473

Router(config-router-af-topology)# default-metric 1000 100 250 100 1500

Related Commands

Command	Description
address-family (EIGRP)	Enters address-family configuration mode to configure an EIGRP routing instance.
af-interface	Enters address-family interface configuration mode to configure interface-specific EIGRP commands.
ipv6 router eigrp	Configures the EIGRP IPv6 routing process.
redistribute (IP)	Redistributes routes from one routing domain into another routing domain.
redistribute (IPv6)	Redistributes IPv6 routes from one routing domain into another routing domain.
router eigrp	Configures the EIGRP address-family process.
topology (EIGRP)	Configures an EIGRP process to route IP traffic under the specified topology instance and enters router address-family topology configuration mode.

default-metric (IPv6)

To set default metric values for routes redistributed into the Open Shortest Path First (OSPF) for IPv6 routing protocol, use the default-metric command in router configuration mode. To return to the default state, use the no form of this command.

default-metric metric-value

no default-metric metric-value

Syntax Description

metric-value

Default metric value appropriate for the specified routing protocol. The range is from 1 to 4294967295.

Command Default

Built-in, automatic metric translations, as appropriate for each routing protocol.

Command Modes

Router configuration

Command History

Release	Modification
12.2(15)T	This command was introduced.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.

Usage Guidelines

The default-metric command is used in conjunction with the redistribute router configuration command to cause the current routing protocol to use the same metric value for all redistributed routes. A default metric helps solve the problem of redistributing routes with incompatible metrics. Whenever metrics do not convert, using a default metric provides a reasonable substitute and enables the redistribution to proceed.

Finer control over the metrics of reditributed routes can be gained by using the options to the redistribute command, including route maps.

Examples

The following example shows an OSPF for IPv6 routing protocol redistributing routes from the Routing Information Protocol (RIP) process named process1. All the redistributed routes are advertised with a metric of 10.

ipv6 router ospf 100

 default-metric 10

 redistribute rip process1

Related Commands

Command	Description
redistribute (IPv6)	Redistributes IPv6 routes from one routing domain into another routing domain.

 

deny (IPv6)

To set deny conditions for an IPv6 access list, use the deny command in IPv6 access list configuration mode. To remove the deny conditions, use the no form of this command.

deny protocol {source-ipv6-prefix/prefix-length | any | host source-ipv6-address | auth} [operator [port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address | auth} [operator [port-number]] [dest-option-type [doh-number | doh-type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [routing] [routing-type routing-number] [sequence value] [time-range name] [undetermined-transport]

no deny protocol {source-ipv6-prefix/prefix-length | any | host source-ipv6-address | auth} [operator [port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address | auth} [operator [port-number]] [dest-option-type [doh-number | doh-type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [routing] [routing-type routing-number] [sequence value] [time-range name] [undetermined-transport]

Internet Control Message Protocol

deny icmp {source-ipv6-prefix/prefix-length | any | host source-ipv6-address | auth} [operator [port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address | auth} [operator [port-number]] [icmp-type [icmp-code] | icmp-message] [dest-option-type [doh-number | doh-type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [routing] [routing-type routing-number] [sequence value] [time-range name]

Transmission Control Protocol

deny tcp {source-ipv6-prefix/prefix-length | any | host source-ipv6-address | auth} [operator [port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address | auth} [operator [port-number]] [ack] [dest-option-type [doh-number | doh-type]] [dscp value] [established] [fin] [flow-label value] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [neq {port | protocol}] [psh] [range {port | protocol}] [routing] [routing-type routing-number] [rst] [sequence value] [syn] [time-range name] [urg]

User Datagram Protocol

deny udp {source-ipv6-prefix/prefix-length | any | host source-ipv6-address | auth} [operator [port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address | auth} [operator [port-number]] [dest-option-type [doh-number | doh-type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [neq {port | protocol}] [range {port | protocol}] [routing] [routing-type routing-number] [sequence value] [time-range name]

Syntax Description

protocol	Name or number of an Internet protocol. It can be one of the keywords ahp, esp, icmp, ipv6, pcp, sctp, tcp, or udp, or an integer in the range from 0 to 255 representing an IPv6 protocol number.
source-ipv6-prefix/prefix-length	The source IPv6 network or class of networks about which to set deny conditions. This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.
any	An abbreviation for the IPv6 prefix ::/0.
host source-ipv6-address	The source IPv6 host address about which to set deny conditions. This source-ipv6-address argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.
operator [port-number]	(Optional) Specifies an operand that compares the source or destination ports of the specified protocol. Operands are lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range). If the operator is positioned after the source-ipv6-prefix/prefix-length argument, it must match the source port. If the operator is positioned after the destination-ipv6-prefix/prefix-length argument, it must match the destination port. The range operator requires two port numbers. All other operators require one port number. The optional port-number argument is a decimal number or the name of a TCP or UDP port. A port number is a number from 0 to 65535. TCP port names can be used only when filtering TCP. UDP port names can be used only when filtering UDP.
destination-ipv6-prefix/ prefix-length	The destination IPv6 network or class of networks about which to set deny conditions. This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.
host destination-ipv6-address	The destination IPv6 host address about which to set deny conditions. This destination-ipv6-address argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.
auth	Allows matching traffic against the presence of the authentication header in combination with the specified protocol; that is, TCP or UDP.
dest-option-type	(Optional) Matches IPv6 packets against the destination option extension header within each IPv6 packet header.
doh-number	(Optional) Integer in the range from 0 to 255 representing an IPv6 destination option extension header.
doh-type	(Optional) Destination option header types. The possible destination option header type and its corresponding doh-number value are home-address—201.
dscp value	(Optional) Matches a differentiated services code point value against the traffic class value in the Traffic Class field of each IPv6 packet header. The acceptable range is from 0 to 63.
flow-label value	(Optional) Matches a flow label value against the flow label value in the Flow Label field of each IPv6 packet header. The acceptable range is from 0 to 1048575.
fragments	(Optional) Matches non-initial fragmented packets where the fragment extension header contains a non-zero fragment offset. The fragments keyword is an option only if the operator [port-number] arguments are not specified.
log	(Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.) The message includes the access list name and sequence number, whether the packet was denied; the protocol, whether it was TCP, UDP, ICMP, or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches, and then at 5-minute intervals, including the number of packets denied in the prior 5-minute interval.
log-input	(Optional) Provides the same function as the log keyword, except that the logging message also includes the input interface.
mobility	(Optional) Extension header type. Allows matching of any IPv6 packet including a mobility header, regardless of the value of the mobility-header-type field within that header.
mobility-type	(Optional) Mobility header type. Either the mh-number or mh-type argument must be used with this keyword.
mh-number	(Optional) Integer in the range from 0 to 255 representing an IPv6 mobility header type.
mh-type	(Optional) Name of a mobility header type. Possible mobility header types and their corresponding mh-number value are as follows: •0—bind-refresh •1—hoti •2—coti •3—hot •4—cot •5—bind-update •6—bind-acknowledgment •7—bind-error
routing	(Optional) Matches source-routed packets against the routing extension header within each IPv6 packet header.
routing-type	(Optional) Allows routing headers with a value in the type field to be matched independently. The routing-number argument must be used with this keyword.
routing-number	Integer in the range from 0 to 255 representing an IPv6 routing header type. Possible routing header types and their corresponding routing-number value are as follows: •0—Standard IPv6 routing header •2—Mobile IPv6 routing header
sequence value	(Optional) Specifies the sequence number for the access list statement. The acceptable range is from 1 to 4294967295.
time-range name	(Optional) Specifies the time range that applies to the deny statement. The name of the time range and its restrictions are specified by the time-range and absolute or periodic commands, respectively.
undetermined-transport	(Optional) Matches packets from a source for which the Layer 4 protocol cannot be determined. The undetermined-transport keyword is an option only if the operator [port-number] arguments are not specified.
icmp-type	(Optional) Specifies an ICMP message type for filtering ICMP packets. ICMP packets can be filtered by ICMP message type. The ICMP message type can be a number from 0 to 255, some of which include the following predefined strings and their corresponding numeric values: •144—dhaad-request •145—dhaad-reply •146—mpd-solicitation •147—mpd-advertisement
icmp-code	(Optional) Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. The code is a number from 0 to 255.
icmp-message	(Optional) Specifies an ICMP message name for filtering ICMP packets. ICMP packets can be filtered by an ICMP message name or ICMP message type and code. The possible names are listed in the "Usage Guidelines" section.
ack	(Optional) For the TCP protocol only: acknowledgment (ACK) bit set.
established	(Optional) For the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram to form a connection.
fin	(Optional) For the TCP protocol only: Fin bit set; no more data from sender.
neq {port | protocol}	(Optional) Matches only packets that are not on a given port number.
psh	(Optional) For the TCP protocol only: Push function bit set.
range {port | protocol}	(Optional) Matches only packets in the range of port numbers.
rst	(Optional) For the TCP protocol only: Reset bit set.
syn	(Optional) For the TCP protocol only: Synchronize bit set.
urg	(Optional) For the TCP protocol only: Urgent pointer bit set.

Command Default

No IPv6 access list is defined.

Command Modes

IPv6 access list configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.4(2)T	The icmp-type argument was enhanced. The dest-option-type, mobility, mobility-type, and routing-type keywords were added. The doh-number, doh-type, mh-number, mh-type, and routing-number arguments were added.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 2.1	This command was introduced on Cisco ASR 1000 Series Routers.
12.4(20)T	The auth keyword was added.
12.2(33)SRE	This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

The deny (IPv6) command is similar to the deny (IP) command, except that it is IPv6-specific.

Use the deny (IPv6) command following the ipv6 access-list command to define the conditions under which a packet passes the access list or to define the access list as a reflexive access list.

Specifying IPv6 for the protocol argument matches against the IPv6 header of the packet.

By 1default, the first statement in an access list is number 10, and the subsequent statements are numbered in increments of 10.

You can add permit, deny, remark, or evaluate statements to an existing access list without retyping the entire list. To add a new statement anywhere other than at the end of the list, create a new statement with an appropriate entry number that falls between two existing entry numbers to indicate where it belongs.

In Cisco IOS Release 12.2(2)T or later releases, 12.0(21)ST, and 12.0(22)S, IPv6 access control lists (ACLs) are defined and their deny and permit conditions are set by using the ipv6 access-list command with the deny and permit keywords in global configuration mode. In Cisco IOS Release 12.0(23)S or later releases, IPv6 ACLs are defined by using the ipv6 access-list command in global configuration mode and their permit and deny conditions are set by using the deny and permit commands in IPv6 access list configuration mode. Refer to the ipv6 access-list command for more information on defining IPv6 ACLs.

---

Note In Cisco IOS Release 12.0(23)S or later releases, every IPv6 ACL has implicit permit icmp any any nd-na, permit icmp any any nd-ns, and deny ipv6 any any statements as its last match conditions. (The former two match conditions allow for ICMPv6 neighbor discovery.) An IPv6 ACL must contain at least one entry for the implicit deny ipv6 any any statement to take effect.

The IPv6 neighbor discovery process makes use of the IPv6 network layer service; therefore, by default, IPv6 ACLs implicitly allow IPv6 neighbor discovery packets to be sent and received on an interface. In IPv4, the Address Resolution Protocol (ARP), which is equivalent to the IPv6 neighbor discovery process, makes use of a separate data link layer protocol; therefore, by default, IPv4 ACLs implicitly allow ARP packets to be sent and received on an interface.

---

Both the source-ipv6-prefix/prefix-length and destination-ipv6-prefix/prefix-length arguments are used for traffic filtering (the source prefix filters traffic based upon the traffic source; the destination prefix filters traffic based upon the traffic destination).

---

Note IPv6 prefix lists, not access lists, should be used for filtering routing protocol prefixes.

---

The fragments keyword is an option only if the operator [port-number] arguments are not specified.

The undetermined-transport keyword is an option only if the operator [port-number] arguments are not specified.

The following is a list of ICMP message names:

•beyond-scope

•destination-unreachable

•echo-reply

•echo-request

•header

•hop-limit

•mld-query

•mld-reduction

•mld-report

•nd-na

•nd-ns

•next-header

•no-admin

•no-route

•packet-too-big

•parameter-option

•parameter-problem

•port-unreachable

•reassembly-timeout

•renum-command

•renum-result

•renum-seq-number

•router-advertisement

•router-renumbering

•router-solicitation

•time-exceeded

•unreachable

Examples

The following example configures the IPv6 access list named toCISCO and applies the access list to outbound traffic on Ethernet interface 0. Specifically, the first deny entry in the list keeps all packets that have a destination TCP port number greater than 5000 from exiting out of Ethernet interface 0. The second deny entry in the list keeps all packets that have a source UDP port number less than 5000 from exiting out of Ethernet interface 0. The second deny also logs all matches to the console. The first permit entry in the list permits all ICMP packets to exit out of Ethernet interface 0. The second permit entry in the list permits all other traffic to exit out of Ethernet interface 0. The second permit entry is necessary because an implicit deny all condition is at the end of each IPv6 access list.

ipv6 access-list toCISCO

 deny tcp any any gt 5000

 deny ::/0 lt 5000 ::/0 log

 permit icmp any any

 permit any any

interface ethernet 0

 ipv6 traffic-filter toCISCO out

The following example shows how to allow TCP or UDP parsing although an IPsec AH is present:

IPv6 access list example1 

    deny tcp host 2001::1 any log sequence 5 

    permit tcp any any auth sequence 10 

    permit udp any any auth sequence 20 

Related Commands

Command	Description
ipv6 access-list	Defines an IPv6 access list and enters IPv6 access list configuration mode.
ipv6 traffic-filter	Filters incoming or outgoing IPv6 traffic on an interface.
permit (IPv6)	Sets permit conditions for an IPv6 access list.
show ipv6 access-list	Displays the contents of all current IPv6 access lists.

destination-pattern

To specify either the prefix or the full E.164 telephone number to be used for a dial peer, use the destination-pattern command in dial peer configuration mode. To disable the configured prefix or telephone number, use the no form of this command.

destination-pattern [+]string[T]

no destination-pattern [+]string[T]

Syntax Description

+	(Optional) Character that indicates an E.164 standard number.
string	Series of digits that specify a pattern for the E.164 or private dialing plan telephone number. Valid entries are the digits 0 through 9, the letters A through D, and the following special characters: •The asterisk (*) and pound sign (#) that appear on standard touch-tone dial pads. •Comma (,), which inserts a pause between digits. •Period (.), which matches any entered digit (this character is used as a wildcard). •Percent sign (%), which indicates that the preceding digit occurred zero or more times; similar to the wildcard usage. •Plus sign (+), which indicates that the preceding digit occurred one or more times. Note The plus sign used as part of a digit string is different from the plus sign that can be used preceding a digit string to indicate that the string is an E.164 standard number. •Circumflex (^), which indicates a match to the beginning of the string. •Dollar sign ($), which matches the null string at the end of the input string. •Backslash symbol (\), which is followed by a single character, and matches that character. Can be used with a single character with no other significance (matching that character). •Question mark (?), which indicates that the preceding digit occurred zero or one time. •Brackets ([ ]), which indicate a range. A range is a sequence of characters enclosed in the brackets; only numeric characters from 0 to 9 are allowed in the range. •Parentheses (( )), which indicate a pattern and are the same as the regular expression rule.
T	(Optional) Control character that indicates that the destination-pattern value is a variable-length dial string. Using this control character enables the router to wait until all digits are received before routing the call.

Command Default

The command is enabled with a null string.

Command Modes

Dial peer configuration

Command History

Release	Modification
11.3(1)T	This command was introduced on the Cisco 3600 series.
11.3(1)MA	This command was implemented on the Cisco MC3810.
12.0(4)XJ	This command was modified for store-and-forward fax.
12.1(1)	The command was integrated into Cisco IOS Release 12.1(1).
12.0(7)XR	This command was implemented on the Cisco AS5300 and modified to support the plus sign, percent sign, question mark, brackets, and parentheses symbols in the dial string.
12.0(7)XK	This command was modified. Support for the plus sign, percent sign, question mark, brackets, and parentheses in the dial string was added to the Cisco 2600 series, Cisco 3600 series, and Cisco MC3810.
12.1(1)T	This command was integrated into Cisco IOS Release 12.1(1)T and implemented on the Cisco 1750, Cisco 7200 series, and Cisco 7500 series. The modifications for the Cisco MC3810 in Cisco IOS Release12.0(7)XK are not supported in this release.
12.1(2)T	The modifications made in Cisco IOS Release 12.0(7)XK for the Cisco MC3810 were integrated into Cisco IOS Release 12.1(2)T.
12.2(8)T	This command was implemented on the Cisco 1751, Cisco 2600 series and Cisco 3600 series, Cisco 3725, and Cisco 3745.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T and implemented on the Cisco 2600XM, the Cisco ICS7750, and the Cisco VG200.
12.4(22)T	Support for IPv6 was added.

Usage Guidelines

Use the destination-pattern command to define the E.164 telephone number for a dial peer.

The pattern you configure is used to match dialed digits to a dial peer. The dial peer is then used to complete the call. When a router receives voice data, it compares the called number (the full E.164 telephone number) in the packet header with the number configured as the destination pattern for the voice-telephony peer. The router then strips out the left-justified numbers that correspond to the destination pattern. If you have configured a prefix, the prefix is prepended to the remaining numbers, creating a dial string that the router then dials. If all numbers in the destination pattern are stripped out, the user receives a dial tone.

There are areas in the world (for example, certain European countries) where valid telephone numbers can vary in length. Use the optional control character T to indicate that a particular destination-pattern value is a variable-length dial string. In this case, the system does not match the dialed numbers until the interdigit timeout value has expired.

---

Note Cisco IOS software does not verify the validity of the E.164 telephone number; it accepts any series of digits as a valid number.

---

Examples

The following example shows configuration of the E.164 telephone number 555-0179 for a dial peer:

dial-peer voice 10 pots

 destination-pattern +5550179

The following example shows configuration of a destination pattern in which the pattern "43" is repeated multiple times preceding the digits "555":

dial-peer voice 1 voip

 destination-pattern 555(43)+

The following example shows configuration of a destination pattern in which the preceding digit pattern is repeated multiple times:

dial-peer voice 2 voip

 destination-pattern 555%

The following example shows configuration of a destination pattern in which the possible numeric values are between 5550109 and 5550199:

dial-peer voice 3 vofr

 destination-pattern 55501[0-9]9

The following example shows configuration of a destination pattern in which the possible numeric values are between 5550439, 5553439, 5555439, 5557439, and 5559439:

dial-peer voice 4 voatm

 destination-pattern 555[03579]439 

The following example shows configuration of a destination pattern in which the digit-by-digit matching is prevented and the entire string is received:

dial-peer voice 2 voip

 destination-pattern 555T

Related Commands

Command	Description
answer-address	Specifies the full E.164 telephone number to be used to identify the dial peer of an incoming call.
dial-peer terminator	Designates a special character to be used as a terminator for variable-length dialed numbers.
incoming called-number (dial peer)	Specifies a digit string that can be matched by an incoming call to associate that call with a dial peer.
prefix	Specifies the prefix of the dialed digits for a dial peer.
timeouts interdigit	Configures the interdigit timeout value for a specified voice port.

dialer-group

To control access by configuring an interface to belong to a specific dialing group, use the dialer-group command in interface configuration mode. To remove an interface from the specified dialer access group, use the no form of this command.

dialer-group group-number

no dialer-group

Syntax Description

group-number

Number of the dialer access group to which the specific interface belongs. This access group is defined with the dialer-list command. Acceptable values are nonzero, positive integers between 1 and 10.

Defaults

No access is predefined.

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.
12.2(13)T	Support for IPv6 was added.
Cisco IOS XE Release 2.5	This command was updated. It was integrated into Cisco IOS XE Release 2.5.

Usage Guidelines

An interface can be associated with a single dialer access group only; multiple dialer-group assignment is not allowed. A second dialer access group assignment will override the first. A dialer access group is defined with the dialer-group command. The dialer-list command associates an access list with a dialer access group.

Packets that match the dialer group specified trigger a connection request.

Examples

The following example specifies dialer access group number 1.

The destination address of the packet is evaluated against the access list specified in the associated dialer-list command. If it passes, either a call is initiated (if no connection has already been established) or the idle timer is reset (if a call is currently connected).

interface async 1

 dialer-group 1

access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 

access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 

dialer-list 1 protocol ip list 101

Related Commands

Command	Description
dialer-list protocol (Dial)	Defines a DDR dialer list to control dialing by protocol or by a combination of protocol and an access list.

dialer-list protocol

To define a dial-on-demand routing (DDR) dialer list for dialing by protocol or by a combination of a protocol and a previously defined access list, use the dialer-list protocol command in global configuration mode. To delete a dialer list, use the no form of this command.

dialer-list dialer-group protocol protocol-name {permit | deny | list access-list-number | access-group}

no dialer-list dialer-group [protocol protocol-name [list access-list-number | access-group]]

Syntax Description

dialer-group	Number of a dialer access group identified in any dialer-group interface configuration command.
protocol-name	One of the following protocol keywords: appletalk, bridge, clns, clns_es, clns_is, decnet, decnet_router-L1, decnet_router-L2, decnet_node, ip, ipx, ipv6, vines, or xns.
permit	Permits access to an entire protocol.
deny	Denies access to an entire protocol.
list	Specifies that an access list will be used for defining a granularity finer than an entire protocol.
access-list-number	Access list numbers specified in any DECnet, Banyan VINES, IP, Novell IPX, or XNS standard or extended access lists, including Novell IPX extended service access point (SAP) access lists and bridging types, and IPv6 access lists. See Table 26 for the supported access list types and numbers.
access-group	Filter list name used in the clns filter-set and clns access-group commands.

Command Default

No dialer lists are defined.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.
10.3	The following keyword and arguments were added: •list •access-list-number and access-group
12.2(2)T	The ipv6 keyword was added.
12.0(21)ST	This command was integrated into Cisco IOS Release 12.0(21)ST.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 2.5	This command was updated. It was integrated into Cisco IOS XE Release 2.5.

Usage Guidelines

The various no forms of this command have the following effects:

•The no dialer-list 1 command deletes all lists configured with list 1, regardless of the keyword previously used (permit, deny, protocol, or list).

•The no dialer-list 1 protocol protocol-name command deletes all lists configured with list 1 and protocol protocol-name.

•The no dialer-list 1 protocol protocol-name list access-list-number command deletes the specified list.

The dialer-list protocol command permits or denies access to an entire protocol. The dialer-list protocol list command provides a finer permission granularity and also supports protocols that were not previously supported.

The dialer-list protocol list command applies protocol access lists to dialer access groups to control dialing using DDR. The dialer access groups are defined with the dialer-group command.

Table 26 lists the access list types and number range that the dialer-list protocol list command supports. The table does not include International Organization for Standardization (ISO) Connectionless Network Services (CLNS) or IPv6 because those protocols use filter names instead of predefined access list numbers.

Table 26 dialer-list protocol Command Supported Access List Types and Number Range

Access List Type	Access List Number Range (Decimal)
AppleTalk	600 to 699
Banyan VINES (standard)	1 to 100
Banyan VINES (extended)	101 to 200
DECnet	300 to 399
IP (standard)	1 to 99
IP (extended)	100 to 199
Novell IPX (standard)	800 to 899
Novell IPX (extended)	900 to 999
Transparent Bridging	200 to 299
XNS	500 to 599

Examples

Dialing occurs when an interesting packet (one that matches access list specifications) needs to be output on an interface. Using the standard access list method, packets can be classified as interesting or uninteresting. In the following example, Integrated Gateway Routing Protocol (IGRP) TCP/IP routing protocol updates are not classified as interesting and do not initiate calls:

access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 

The following example classifies all other IP packets as interesting and permits them to initiate calls:

access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 

Then the following command places list 101 into dialer access group 1:

dialer-list 1 protocol ip list 101

In the following example, DECnet access lists allow any DECnet packets with source area 10 and destination area 20 to trigger calls:

access-list 301 permit 10.0 0.1023 10.0 0.1023

access-list 301 permit 10.0 0.1023 20.0 0.1023

Then the following command places access list 301 into dialer access group 1:

dialer-list 1 protocol decnet list 301

In the following example, both IP and VINES access lists are defined. The IP access lists define IGRP packets as uninteresting, but permits all other IP packets to trigger calls. The VINES access lists do not allow Routing Table Protocol (RTP) routing updates to trigger calls, but allow any other data packets to trigger calls.

access-list 101 deny igrp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255

!

vines access-list 107 deny RTP 00000000:0000 FFFFFFFF:FFFF 00000000:0000 FFFFFFFF:FFFF

vines access-list 107 permit IP 00000000:0000 FFFFFFFF:FFFF 00000000:0000 FFFFFFFF:FFFF

Then the following two commands place the IP and VINES access lists into dialer access group 1:

dialer-list 1 protocol ip list 101

dialer-list 1 protocol vines list 107

In the following example, a CLNS filter is defined and then the filter is placed in dialer access group 1:

clns filter-set ddrline permit 47.0004.0001....

!

dialer-list 1 protocol clns list ddrline

The following example configures an IPv6 access list named list2 and places the access list in dialer access group 1:

ipv6 access-list list2 deny fec0:0:0:2::/64 any

ipv6 access-list list2 permit any any

!

dialer-list 1 protocol ipv6 list list2 

Related Commands

Command	Description
access-list	Configures the access list mechanism for filtering frames by protocol type or vendor code.
clns filter-set	Builds a list of CLNS address templates with associated permit and deny conditions for use in CLNS filter expressions.
dialer-group	Controls access by configuring an interface to belong to a specific dialing group.
ipv6 access-list	Defines an IPv6 access list and sets deny or permit conditions for the defined access list.
vines access-list	Creates a VINES access list.

dial-peer voice

To define a particular dial peer, to specify the method of voice encapsulation, and to enter dial peer configuration mode, use the dial-peer voice command in global configuration mode. To delete a defined dial peer, use the no form of this command.

Cisco 1750 and Cisco 1751 Modular Access Routers

dial-peer voice tag {pots | vofr | voip}

no dial-peer voice tag {pots | vofr | voip}

Cisco 2600 Series, Cisco 2600XM, Cisco 3600 Series, and Cisco 3700 Series

dial-peer voice tag {pots | voatm | vofr | voip}

no dial-peer voice tag {pots | voatm | vofr | voip}

Cisco 7200 Series

dial-peer voice tag vofr

no dial-peer voice tag vofr

Cisco 7204VXR and Cisco 7206VXR

dial-peer voice tag {pots | voatm | vofr | voip}

no dial-peer voice tag {pots | voatm | vofr | voip}

Cisco AS5300

dial-peer voice tag {mmoip | pots | vofr | voip}

no dial-peer voice tag {mmoip | pots | vofr | voip}

Syntax Description

tag	Digits that define a particular dial peer. Range is from 1 to 2147483647.
pots	Indicates that this is a POTS peer that uses VoIP encapsulation on the IP backbone.
vofr	Specifies that this is a Voice over Frame Relay (VoFR) dial peer that uses FRF.11 encapsulation on the Frame Relay backbone network.
voip	Indicates that this is a VoIP peer that uses voice encapsulation on the POTS network.
voatm	Specifies that this is a Voice over ATM (VoATM) dial peer that uses real-time ATM adaptation layer 5 (AAL5) voice encapsulation on the ATM backbone network.
mmoip	Indicates that this is a multimedia mail peer that uses IP encapsulation on the IP backbone.

Command Default

No dial peer is defined.
No method of voice encapsulation is specified.

Command Modes

Global configuration

Command History

Release	Modification
11.3(1)T	This command was introduced on the Cisco 3600 series.
11.3(1)MA	This command was implemented on the Cisco MC3810, with support for the pots, voatm, vofr, and vohdlc keywords.
12.0(3)T	This command was implemented on the Cisco AS5300, with support for the pots and voip keywords.
12.0(3)XG	The vofr keyword was added for the Cisco 2600 series and Cisco 3600 series.
12.0(4)T	The vofr keyword was added to the Cisco 7200 series.
12.0(4)XJ	The mmoip keyword was added for the Cisco AS5300. The dial-peer voice command was implemented for store-and-forward fax.
12.0(7)XK	The voip keyword was added for the Cisco MC3810, and the voatm keyword was added for the Cisco 3600 series. Support for the vohdlc keyword on the Cisco MC3810 was removed.
12.1(1)	The mmoip keyword addition in Cisco IOS Release 12.0(4)XJ was integrated into Cisco IOS Release 12.1(1). The dial-peer voice implementation for store-and-forward fax was integrated into this mainline release.
12.1(2)T	The keyword changes in Cisco IOS Release 12.0(7)XK were integrated into Cisco IOS Release 12.1(2)T.
12.1(5)T	This command was implemented on the Cisco AS5300 and integrated into Cisco IOS Release 12.1(5)T.
12.2(4)T	This command was implemented on the Cisco 1750.
12.2(2)XN	Support for enhanced Media Gateway Control Protocol (MGCP) voice gateway interoperability was added to Cisco CallManager Version 3.1 for the Cisco 2600 series, Cisco 3600 series, and Cisco VG200.
12.2(8)T	This command was implemented on the Cisco 1751, Cisco 2600 series, Cisco 3600 series, Cisco 3725, and Cisco 3745.
12.2(11)T	This command was integrated into Cisco IOS Release 12.2(11)T and Cisco CallManager Version 3.2. This command was implemented on the Cisco IAD2420 series.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T and implemented on the Cisco 2600XM, Cisco ICS7750, and Cisco VG200.
12.4(22)T	Support for IPv6 was added.

Usage Guidelines

Use the dial-peer voice global configuration command to switch to dial peer configuration mode from global configuration mode and to define a particular dial peer. Use the exit command to exit dial peer configuration mode and return to global configuration mode.

After you have created a dial peer, that dial peer remains defined and active until you delete it. To delete a dial peer, use the no form of this command. To disable a dial peer, use the no shutdown command in dial peer configuration mode.

In store-and-forward fax on the Cisco AS5300, the POTS dial peer defines the inbound faxing line characteristics from the sending fax device to the receiving Cisco AS5300 and the outbound line characteristics from the sending Cisco AS5300 to the receiving fax device. The Multimedia Mail over Internet Protocol (MMoIP) dial peer defines the inbound faxing line characteristics from the Cisco AS5300 to the receiving Simple Mail Transfer Protocol (SMTP) mail server. This command works with both on-ramp and off-ramp store-and-forward fax functions.

---

Note On the Cisco AS5300, MMoIP is available only if you have modem ISDN channel aggregation (MICA) technologies modems.

---

Examples

The following example shows how to access dial peer configuration mode and configure a POTS peer identified as dial peer 10 and an MMoIP dial peer identified as dial peer 20:

dial-peer voice 10 pots

dial-peer voice 20 mmoip

The following example deletes the MMoIP peer identified as dial peer 20:

no dial-peer voice 20 mmoip

The following example shows how the dial-peer voice command is used to configure the extended echo canceller. In this instance, pots indicates that this is a POTS peer using VoIP encapsulation on the IP backbone, and it uses the unique numeric identifier tag 133001.

Router(config)# dial-peer voice 133001 pots

Related Commands

Command	Description
codec (dial-peer)	Specifies the voice coder rate of speech for a VoFR dial peer.
destination-pattern	Specifies the prefix, the full E.164 telephone number, or an ISDN directory number to be used for a dial peer.
dtmf-relay (Voice over Frame Relay)	Enables the generation of FRF.11 Annex A frames for a dial peer.
preference	Indicates the preferred order of a dial peer within a rotary hunt group.
sequence-numbers	Enables the generation of sequence numbers in each frame generated by the DSP for VoFR applications.
session protocol	Establishes a session protocol for calls between the local and remote routers via the packet network.
session target	Specifies a network-specific address for a specified dial peer or destination gatekeeper.
shutdown	Changes the administrative state of the selected dial peer from up to down.

discard-route (IPv6)

To reinstall either an external or internal discard route that was previously removed, use the discard-route command in router configuration mode. To remove either an external or internal discard route, use the no form of this command.

discard-route [external | internal]

no discard-route [external | internal]

Syntax Description

external	(Optional) Reinstalls the discard route entry for redistributed summarized routes on an Autonomous System Boundary Router (ASBR).
internal	(Optional) Reinstalls the discard-route entry for summarized internal routes on the Area Border Router (ABR).

Command Default

External and internal discard route entries are installed.

Command Modes

Router configuration

Command History

Release	Modification
12.2(15)T	This command was introduced.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.

Usage Guidelines

External and internal discard route entries are installed in routing tables by default. During route summarization, routing loops may occur when data is sent to a nonexisting network that appears to be a part of the summary, and the router performing the summarization has a less specific route (pointing back to the sending router) for this network in its routing table. To prevent the routing loop, a discard route entry is installed in the routing table of the ABR or ASBR.

If for any reason you do not want to use the external or internal discard route, remove the discard route by entering the no discard-route command with either the external or internal keyword.

Examples

The following display shows the discard route functionality installed by default. When external or internal routes are summarized, a summary route to Null0 will appear in the router output from the show ipv6 route command. See the router output lines that appear in bold font:

Router# show ipv6 route

IPv6 Routing Table - 7 entries

Codes:C - Connected, L - Local, S - Static, R - RIP, B - BGP

       U - Per-user Static route

       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

O   2001::/32 [110/0]

     via ::, Null0

C   2001:0:11::/64 [0/0]

     via ::, Ethernet0/0

L   2001:0:11:0:A8BB:CCFF:FE00:6600/128 [0/0]

     via ::, Ethernet0/0

C   2001:1:1::/64 [0/0]

     via ::, Ethernet1/0

L   2001:1:1:0:A8BB:CCFF:FE00:6601/128 [0/0]

     via ::, Ethernet1/0

L   FE80::/10 [0/0]

     via ::, Null0

L   FF00::/8 [0/0]

     via ::, Null0

Router# show ipv6 route ospf

IPv6 Routing Table - 7 entries

Codes:C - Connected, L - Local, S - Static, R - RIP, B - BGP

       U - Per-user Static route

       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

O   2001::/32 [110/0]

     via ::, Null0

When the no discard-route command with the internal keyword is entered, notice the following route change, indicated by the router output lines that appear in bold font:

Router# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)# ipv6 router ospf 1

Router(config-router)# no discard-route internal

Router(config-router)# end

Router# show ipv6 route ospf

IPv6 Routing Table - 6 entries

Codes:C - Connected, L - Local, S - Static, R - RIP, B - BGP

       U - Per-user Static route

       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

Next, the no discard-route command with the external keyword is entered to remove the external discard route entry:

Router# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config-router)# no discard-route external

Router(config-router)# end

The following router output from the show running-config command confirms that both the external and internal discard routes have been removed from the routing table. See the router output lines that appear in bold font:

Router# show running-config

Building configuration...

Current configuration :2490 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

logging snmp-authfail

logging buffered 20480 debugging

logging console warnings

!

clock timezone PST -8

clock summer-time PDT recurring

no aaa new-model

ip subnet-zero

no ip domain lookup

!

!

ip audit po max-events 100

ipv6 unicast-routing

no ftp-server write-enable

!

.

.

.

interface Ethernet0/0

 no ip address

 ipv6 address 2001:0:11::/64 eui-64

 ipv6 enable

 ipv6 ospf 1 area 0

 no cdp enable

!

interface Ethernet1/0

 no ip address

 ipv6 address 2001:1:1::/64 eui-64

 ipv6 enable

 ipv6 ospf 1 area 1

 no cdp enable

 .

 .

 .

ipv6 router ospf 1

 router-id 2.0.0.1

 log-adjacency-changes

 no discard-route external

 no discard-route internal

 area 0 range 2001::/32

 redistribute rip 1

!

Related Commands

Command	Description
show ipv6 route	Displays the current contents of the IPv6 routing table.
show running config	Displays the contents of the currently running configuration file or the configuration for a specific interface, or map class information.

 

distance (IPv6 EIGRP)

To allow the use of two administrative distances—internal and external—that could be a better route to a node, use the distance command in router configuration mode. To reset these values to their defaults, use the no form of this command.

distance internal-distance external-distance

no distance

Syntax Description

internal-distance	Administrative distance for Enhanced Internal Gateway Routing Protocol (EIGRP) for IPv6 internal routes. Internal routes are those that are learned from another entity within the same autonomous system. The distance can be a value from 1 to 255.
external-distance	Administrative distance for EIGRP for IPv6 external routes. External routes are those for which the best path is learned from a neighbor external to the autonomous system. The distance can be a value from 1 to 255.

Command Default

internal-distance: 90
external-distance: 170

Command Modes

Router configuration

Command History

Release	Modification
12.4(6)T	This command was introduced.
12.2(33)SRB	This command was integrated into Cisco IOS Release 12.2(33)SRB.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Usage Guidelines

An administrative distance is a rating of the trustworthiness of a routing information source, such as an individual router or a group of routers. Numerically, an administrative distance is an integer from 0 to 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored.

Use the distance command if another protocol is known to be able to provide a better route to a node than was actually learned via external EIGRP for IPv6, or if some internal routes should be preferred by EIGRP for IPv6.

Table 27 lists the default administrative distances.

Table 27 Default Administrative Distances 

Route Source	Default Distance
Connected interface	0
Static route	1
EIGRP summary route	5
External Border Gateway Protocol (BGP)	20
Internal EIGRP	90
Open Shortest Path First (OSPF)	110
Intermediate System-to-Intermediate System (IS-IS)	115
Routing Information Protocol (RIP)	120
Exterior Gateway Protocol (EGP)	140
EIGRP external route	170
Internal BGP	200
Unknown	255

Examples

The following example sets the internal distance to 95 and the external distance to 165:

distance 95 165

distance (IPv6 Mobile)

To define an administrative distance for network mobility (NEMO) routes, use the distance command in router configuration mode. To return the administrative distance to its default distance definition, use the no form of this command.

distance [mobile-distance]

no distance

Syntax Description

mobile-distance

(Optional) Defines the mobile route, which is the default route for IPv6 over the roaming interface. The mobile default distance is 3.

Command Default

If no distances are configured, the default distances are automatically used.

Command Modes

Router configuration (config-router)

Command History

Release	Modification
12.4(20)T	This command was introduced.

Usage Guidelines

The Mobile IPv6 NEMO router maintains the following type of route:

•Mobile route—Default route for IPv6 over the roaming interface

An administrative distance is a rating of the trustworthiness of a routing information source, such as an individual router or a group of routers. Numerically, an administrative distance is an integer from 0 to 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored.

Examples

The following example defines the administrative distance for the mobile route as 10:

Router(config-router)# distance 10

Related Commands

Command	Description
ipv6 router nemo	Enables the NEMO routing process on the home agent and places the router in router configuration mode.

distance (IPv6)

To configure an administrative distance for Intermediate System-to-Intermediate System (IS-IS), Routing Information Protocol (RIP), or Open Shortest Path First (OSPF) IPv6 routes inserted into the IPv6 routing table, use the distance command in address family configuration or router configuration mode. To return the administrative distance to its default setting, use the no form of this command.

distance [ospf {external | inter-area | intra-area}] distance

no distance [ospf {external | inter-area | intra-area}] distance

Syntax Description

ospf	(Optional) Administrative distance for OSPF for IPv6 routes.
external	External type 5 and type 7 routes for OSPF for IPv6 routes.
inter-area	Inter-area routes for OSPF for IPv6 routes.
intra-area	Intra-area routes for OSPF for IPv6 routes.
distance	The administrative distance. An integer from 10 to 254. (The values 0 to 9 are reserved for internal use. Routes with a distance value of 255 are not installed in the routing table.)

Command Default

IS-IS: 115
RIP: 120
OSPF for IPv6: 110

Command Modes

Address family configuration
Router configuration

Command History

Release	Modification
12.2(2)T	This command was introduced.
12.0(21)ST	This command was implemented on the Cisco 12000 series Internet routers, and support for IS-IS was added.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(15)T	OSPF for IPv6 information was added. The external, inter-area, and intra-area keywords were added.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 2.4	This command was introduced on Cisco ASR 1000 Series Routers.

Usage Guidelines

The distance (IPv6) command is similar to the distance (IP) command, except that it is IPv6-specific.

If two processes attempt to insert the same route into the same routing table, the one with the lower administrative distance takes precedence.

An administrative distance is an integer from 10 to 254. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored. Distance values are subjective; there is no quantitative method for choosing the values.

Examples

The following example configures an administrative distance of 190 for the IPv6 IS-IS routing process named area01:

Router(config)# router isis area01

Router(config-router)# address-family ipv6

Router(config-router-af)# distance 190

The following example configures an administrative distance of 200 for the IPv6 RIP routing process named cisco:

Router(config)# ipv6 router rip cisco

Router(config-router)# distance 200

The following example configures an administrative distance of 200 for external type 5 and type 7 routes for OSPF for IPv6:

Router(config)# ipv6 router ospf

Router(config-router)# distance ospf external 200

distance bgp (IPv6)

To allow the use of external, internal, and local administrative distances that could be a better route than other external, internal, or local routes to a node, use the distance bgp command in address family configuration mode. To return to the default values, use the no form of this command

distance bgp external-distance internal-distance local-distance

no distance bgp

Syntax Description

external-distance	Administrative distance for Border Gateway Protocol (BGP) external routes. External routes are routes for which the best path is learned from a neighbor external to the autonomous system. Acceptable values are from 1 to 255. The default is 20. Routes with a distance of 255 are not installed in the routing table.
internal-distance	Administrative distance for BGP internal routes. Internal routes are those routes that are learned from another BGP entity within the same autonomous system. Acceptable values are from 1 to 255. The default is 200. Routes with a distance of 255 are not installed in the routing table.
local-distance	Administrative distance for BGP local routes. Local routes are those networks listed with a network router configuration command, often as back doors, for that router or for networks that are being redistributed from another process. Acceptable values are from 1 to 255. The default is 200. Routes with a distance of 255 are not installed in the routing table.

Command Default

external-distance: 20
internal-distance: 200
local-distance: 200

Command Modes

Address family configuration

Command History

Release	Modification
12.2(13)T	This command was introduced.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
Cisco IOS XE Release 2.1	This command was introduced on Cisco ASR 1000 Series Routers.

Usage Guidelines

The distance bgp (IPv6) command is similar to the distance bgp command, except that it is IPv6-specific. Settings configured by the distance bgp (IPv6) command will override the default IPv6 distance settings. IPv6 BGP is not influenced by the distance settings configured in IPv4 BGP router mode.

An administrative distance is a rating of the trustworthiness of a routing information source, such as an individual router or a group of routers. Numerically, an administrative distance is a positive integer from 1 to 255. In general, the higher the value, the lower the trust rating. An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored. Distance values are subjective; there is no quantitative method for choosing the values.

Use this command if another protocol is known to be able to provide a better route to a node than was actually learned via external BGP (eBGP), or if some internal routes should be preferred by BGP.

For IPv6 multicast BGP (MBGP) distance, the distance assigned is used in reverse path forwarding (RPF) lookup. Use the show ipv6 rpf command to display the distance assigned.

---

Caution Changing the administrative distance of BGP internal routes is considered dangerous to the system and is not recommended. One problem that can arise is the accumulation of routing table inconsistencies, which can break routing.

---

Examples

In the following address family configuration mode example, internal routes are known to be preferable to those learned through Interior Gateway Protocol (IGP), so the IPv6 BGP administrative distance values are set accordingly:

router bgp 65001

 neighbor 2001:0DB8::1 remote-as 65002

 address-family ipv6

 distance bgp 20 20 200

 neighbor 2001:0DB8::1 activate

 exit-address-family

Related Commands

Command	Description
show ipv6 rpf	Displays RPF information for a given unicast host address and prefix.

distribute-list prefix-list (IPv6 EIGRP)

To apply a prefix list to Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 routing updates that are received or sent on an interface, use the distribute-list prefix-list command in router configuration mode. To remove the prefix list, use the no form of this command.

distribute-list prefix-list list-name

no distribute-list prefix-list list-name

Syntax Description

list-name

Name of a prefix list. The list defines which EIGRP for IPv6 networks are to be accepted in incoming routing updates and which networks are to be advertised in outgoing routing updates, based upon matching the network prefix to the prefixes in the list.

Command Default

Prefix lists are not applied to EIGRP for IPv6 routing updates.

Command Modes

Router configuration

Command History

Release	Modification
12.4(6)T	This command was introduced.
12.2(33)SRB	This command was integrated into Cisco IOS Release 12.2(33)SRB.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Usage Guidelines

The prefix list is applied to routing updates received or sent on all interfaces.

Examples

The following example applies prefix list list1 to routes received and sent on all interfaces:

Router(config)# ipv6 router eigrp 1

Router(config-router)# distribute-list prefix-list list1

Related Commands

Command	Description
ipv6 prefix-list	Creates an entry in an IPv6 prefix list.
show ipv6 prefix-list	Displays information about an IPv6 prefix list or prefix list entries.

distribute-list prefix-list (IPv6 RIP)

To apply a prefix list to IPv6 Routing Information Protocol (RIP) routing updates that are received or sent on an interface, use the distribute-list prefix-list command in router configuration mode. To remove the prefix list, use the no form of this command.

distribute-list prefix-list listname {in | out} [interface-type interface-number]

no distribute-list prefix-list listname

Syntax Description

listname	Name of a prefix list. The list defines which IPv6 RIP networks are to be accepted in incoming routing updates and which networks are to be advertised in outgoing routing updates, based upon matching the network prefix to the prefixes in the list.
in	Applies the prefix list to incoming routing updates on the specified interface.
out	Applies the prefix list to outgoing routing updates on the specified interface.
interface-type	(Optional) The specified interface type. For supported interface types, use the question mark (?) online help function.
interface-number	(Optional) The specified interface number.

Command Default

Prefix lists are not applied to IPv6 RIP routing updates.

Command Modes

Router configuration

Command History

Release	Modification
12.2(2)T	This command was introduced.
12.0(21)ST	This command was integrated into Cisco IOS Release 12.0(21)ST.
12.0(22)S	This command was integrated into Cisco IOS Release 12.0(22)S.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG	This command was integrated into Cisco IOS Release 12.2(25)SG.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Usage Guidelines

If no interface is specified, the prefix list is applied to all interfaces.

Examples

The following example applies the prefix list named cisco to IPv6 RIP routing updates that are received on Ethernet interface 0/0:

Router(config)# ipv6 router rip cisco

Router(config-rtr-rip)# distribute-list prefix-list cisco in ethernet 0/0

Related Commands

Command	Description
ipv6 prefix-list	Creates an entry in an IPv6 prefix list.
show ipv6 prefix-list	Displays information about an IPv6 prefix list or prefix list entries.

distribute-list prefix-list (IPv6 OSPF)

To apply a prefix list to Open Shortest Path First (OSPF) for IPv6 routing updates that are received or sent on an interface, use the distribute-list prefix-list command in router configuration mode. To remove the prefix list, use the no form of this command.

distribute-list prefix-list list-name {in [interface-type interface-number] | out routing-process [as-number]}

no distribute-list prefix-list list-name {in [interface-type interface-number] | out routing-process [as-number]}

Syntax Description

list-name	Name of a prefix list. The list defines which OSPF for IPv6 networks are to be accepted in incoming routing updates and which networks are to be advertised in outgoing routing updates, based upon matching the network prefix to the prefixes in the list.
in	Applies the prefix list to incoming routing updates on the specified interface.
interface-type interface-number	(Optional) Interface type and number. For more information, use the question mark (?) online help function.
out	Restricts which prefixes OSPF for IPv6 will identify to the other protocol.
routing-process	Name of a specific routing process.
as-number	(Optional) Autonomous system number, required for use with Border Gateway Protocol (BGP) and Routing Information Protocol (RIP).

Command Default

Prefix lists are not applied to OSPF for IPv6 routing updates.

Command Modes

Router configuration

Command History

Release	Modification
12.2(15)T	This command was introduced.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
Cisco IOS XE Release 2.1	This command was introduced on Cisco ASR 1000 Series Routers.

Usage Guidelines

If no interface is specified when using the in keyword, the prefix list is applied to routing updates received on all interfaces.

Examples

The following example applies prefix list PL1 to routes received on Ethernet interface 0/0, and applies prefix list PL2 to advertised routes that came from process bgp 65.

Router(config)# ipv6 router ospf 1

Router(config-router)# distribute-list prefix-list PL1 in Ethernet0/0

Router(config-router)# distribute-list prefix-list PL2 ospf out bgp 65

Related Commands

Command	Description
ipv6 prefix-list	Creates an entry in an IPv6 prefix list.
show ipv6 prefix-list	Displays information about an IPv6 prefix list or prefix list entries.

dns-server (IPv6)

To specify the Domain Name System (DNS) IPv6 servers available to a Dynamic Host Configuration Protocol (DHCP) for IPv6 client, use the dns-server command in DHCP for IPv6 pool configuration mode. To remove the DNS server list, use the no form of this command.

dns-server ipv6-address

no dns-server ipv6-address

Syntax Description

ipv6-address

The IPv6 address of a DNS server. This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons.

Command Default

When a DHCP for IPv6 pool is first created, no DNS IPv6 servers are configured.

Command Modes

DHCP for IPv6 pool configuration

Command History

Release	Modification
12.3(4)T	This command was introduced.
Cisco IOS XE Release 2.1	This command was integrated into Cisco IOS XE Release 2.1.
12.2(33)SRE	This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.

12.2(33)XNE

This command was modified. It was integrated into Cisco IOS Release 12.2(33)XNE.

Usage Guidelines

Multiple Domain Name System (DNS) server addresses can be configured by issuing this command multiple times. New addresses will not overwrite old addresses.

Examples

The following example specifies the DNS IPv6 servers available:

dns-server 2001:0DB8:3000:3000::42 

Related Commands

Command	Description
domain-name	Configures a domain name for a DHCP for IPv6 client.
ipv6 dhcp pool	Configures a DHCP for IPv6 configuration information pool and enters DHCP for IPv6 pool configuration mode.

domain-name (IPv6)

To configure a domain name for a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) client, use the domain-name command in DHCPv6 pool configuration mode. To return to the default for this command, use the no form of this command.

domain-name domain-name

no domain-name

Syntax Description

domain-name

Default domain name used to complete unqualified hostnames. Note Do not include the initial period that separates an unqualified name from the domain name.

Command Default

No default domain name is defined for the DNS view.

Command Modes

DHCPv6 pool configuration mode (config-dhcp)

Command History

Release	Modification
12.4(9)T	This command was introduced.
Cisco IOS XE Release 2.1	This command was integrated into Cisco IOS XE Release 2.1.
12.2(33)SRE	This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.
12.2(33)XNE	This command was modified. It was integrated into Cisco IOS Release 12.2(33)XNE.

Usage Guidelines

Use the domain-name command in IPv6 configure a domain name for a DHCPv6 client.

Examples

The following example configures a domain name for a DHCPv6 client:

Router(config)# ipv6 dhcp pool pool1

Router(cfg-dns-view)# domain-name domainv6

dspfarm profile

To enter DSP farm profile configuration mode and define a profile for digital signal processor (DSP) farm services, use the dspfarm profile command in global configuration mode. To delete a disabled profile, use the no form of this command.

dspfarm profile profile-identifier {conference | mtp | transcode} [security]

no dspfarm profile profile-identifier

Syntax Description

profile-identifier	Number that uniquely identifies a profile. Range is 1 to 65535. There is no default.
conference	Enables a profile for conferencing.
mtp	Enables a profile for Media Termination Point (MTP).
transcode	Enables a profile for transcoding.
security	Enables a profile for secure DSP farm services.

Command Default

No default behavior or values

Command Modes

Global configuration (config)

Command History

Release	Modification
12.3(8)T	This command was introduced.
12.4(11)XW	The security keyword was added.
12.4(20)T	This command was integrated into Cisco IOS Release 12.4(20)T.
12.4(22)T	Support for IPv6 was added.

Usage Guidelines

Use this command to create a new profile or delete a disabled profile. After you create a new profile in dspfarm profile configuration mode, use the no shutdown command to enable the profile configuration, allocate resources and associate the profile with the application(s). If the profile cannot be enabled due to lack of resources, the system prompts you with a message "Can not enable the profile due to insufficient resources, resources available to support X sessions; please modify the configuration and retry."

If the DSP farm profile is successfully created, you enter the DSP farm profile configuration mode. You can configure multiple profiles for the same service.

Use the no dspfarm profile command to delete a profile from the system. If the profile is active, you cannot delete it; you must first disable it using the shutdown command. To modify a DSP farm profile, use the shutdown command in dspfarm profile configuration mode before you begin configuration.

The profile identifier uniquely identifies a profile. If the service type and profile identifier are not unique, the user is prompted with a message to choose a different profile identifier.

You must use the security keyword in order to enable secure DSP farm services such as secure transcoding.

Examples

The following example enables DSP farm services profile 20 for conferencing:

Router(config)# dspfarm profile 20 conference

Note the response if the profile is already being used:

Router(config)# dspfarm profile 6 conference

Profile id 6 is being used for service TRANSCODING 

 please select a different profile id

Related Commands

Command	Description
dsp service dspfarm	Configures DSP farm services for a specified voice card.
shutdown (DSP farm profile)	Disables a DSP farm profile.
voice-card	Enters voice-card configuration mode.

eigrp event-log-size

To set the size of the Enhanced Interior Gateway Routing Protocol (EIGRP) event log, use the eigrp event-log-size command in router configuration mode or address-family topology configuration mode. To reset the size of the EIGRP event log to its default value, use the no form of this command.

eigrp event-log-size size

no eigrp event-log-size

Syntax Description

size	Size of the EIGRP event log; valid values are from 0 to half of the available memory on the system at the time of configuration. Default value is 500.

Command Default

The EIGRP event log size is 500.

Command Modes

Router configuration (config-router)
Address-family topology configuration (config-router-af-topology)

Command History

Release	Modification
12.2(18)SXF	This command was introduced in Cisco IOS Release 12.2(18)SXF.
15.0(1)M	This command was modified. Address-family topology configuration mode was added.

Usage Guidelines

When the configured size (number of lines) of the event log is exceeded, the last configured number of lines is retained, and the log becomes a rolling number of events with the most recent at the top of the log.

Examples

The following example shows how to set the size of the EIGRP event log to 5000010:

Router# configure terminal

Router(config)# router eigrp 2

Router (config-router)# eigrp event-log-size 5000010

Router (config-router)#

The following example shows how to set the size of the EIGRP event log in an EIGRP named configuration to 10000:

Router(config)# router eigrp virtual-name

Router(config-router)# address-family ipv4 autonomous-system 1

Router(config-router-af)# topology base

Router(config-router-af-topology)# eigrp event-log-size 10000

Related Commands

Command	Description
clear ip eigrp event	Clears the IP EIGRP event log.

eigrp log-neighbor-changes

To enable the logging of changes in Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor adjacencies, use the eigrp log-neighbor-changes command in router configuration mode, address-family configuration mode, or service-family configuration mode. To disable the logging of changes in EIGRP neighbor adjacencies, use the no form of this command.

eigrp log-neighbor-changes

no eigrp log-neighbor-changes

Syntax Description

This command has no arguments or keywords.

Command Default

Adjacency changes are logged.

Command Modes

Router configuration (config-router)
Address-family configuration (config-router-af)
Service-family configuration (config-router-sf)

Command History

Release	Modification
11.2	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
15.0(1)M	This command was modified. Address-family configuration mode and service-family configuration mode were added.

Usage Guidelines

This command enables the logging of neighbor adjacency changes to monitor the stability of the routing system and to help detect problems. Logging is enabled by default. To disable the logging of neighbor adjacency changes, use the no form of this command.

To enable the logging of changes for EIGRP address-family neighbor adjacencies, use the eigrp log-neighbor-changes command in address-family configuration mode.

To enable the logging of changes for EIGRP service-family neighbor adjacencies, use the eigrp log-neighbor-changes command in service-family configuration mode.

Examples

The following configuration disables logging of neighbor changes for EIGRP process 209:

Router(config)# router eigrp 209

Router(config-router)# no eigrp log-neighbor-changes

The following configuration enables logging of neighbor changes for EIGRP process 209:

Router(config)# router eigrp 209

Router(config-router)# eigrp log-neighbor-changes

The following example shows how to disable logging of neighbor changes for EIGRP address-family with autonomous-system 4453:

Router(config)# router eigrp virtual-name

Router(config-router)# address-family ipv4 autonomous-system 4453 

Router(config-router-af)# no eigrp log-neighbor-changes

Router(config-router-af)# exit-address-family

The following configuration enables logging of neighbor changes for EIGRP service-family process 209:

Router(config)# router eigrp 209

Router(config-router)# service-family ipv4 autonomous-system 4453 

Router(config-router-sf)# eigrp log-neighbor-changes

Router(config-router-sf)# exit-service-family

Related Commands

Command	Description
address-family (EIGRP)	Enters address-family configuration mode to configure an EIGRP routing instance.
exit-address-family	Exits address-family configuration mode.
exit-service-family	Exits service-family configuration mode.
router eigrp	Configures the EIGRP routing process.
service-family	Specifies service-family configuration mode.

eigrp log-neighbor-warnings

To enable the logging of Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor warning messages, use the eigrp log-neighbor-warnings command in router configuration mode, address-family configuration mode, or service-family configuration mode. To disable the logging of EIGRP neighbor warning messages, use the no form of this command.

eigrp log-neighbor-warnings [seconds]

no eigrp log-neighbor-warnings

Syntax Description

seconds

(Optional) The time interval (in seconds) between repeated neighbor warning messages. The range is from 1 to 65535. The default is 10.

Command Default

Neighbor warning messages are logged at 10-second intervals.

Command Modes

Router configuration (config-router)
Address-family configuration (config-router-af)
Service-family configuration (config-router-sf)

Command History

Release	Modification
12.0(5)	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
15.0(1)M	This command was modified. Address-family and service-family configuration modes were added.

Usage Guidelines

When neighbor warning messages occur, they are logged by default. With this command, you can disable and enable neighbor warning messages, and you can configure the interval between repeated neighbor warning messages.

To enable the logging of warning messages for an EIGRP address family, use the eigrp log-neighbor-warnings command in address-family configuration mode.

To enable the logging of warning messages for an EIGRP service family, use the eigrp log-neighbor-warnings command in service-family configuration mode.

Examples

The following command will log neighbor warning messages for EIGRP process 209 and repeat the warning messages in 5-minute (300 seconds) intervals:

Router(config)# router eigrp 209

Router(config-router)# eigrp log-neighbor-warnings 300

The following example logs neighbor warning messages for the service family with autonomous system number 4453 and repeats the warning messages in five-minute (300 second) intervals:

Router(config)# router eigrp virtual-name

Router(config-router)# service-family ipv4 autonomous-system 4453

Router(config-router-sf)# eigrp log-neighbor-warnings 300

The following example logs neighbor warning messages for the address family with autonomous system number 4453 and repeats the warning messages in five-minute (300 second) intervals:

Router(config)# router eigrp virtual-name

Router(config-router)# address-family ipv4 autonomous-system 4453

Router(config-router-af)# eigrp log-neighbor-warnings 300

Related Commands

Command	Description
address-family (EIGRP)	Enters address-family configuration mode to configure an EIGRP routing instance.
exit-address-family	Exits address-family configuration mode.
exit-service-family	Exits service-family configuration mode.
router eigrp	Configures the EIGRP routing process.
service-family	Specifies service-family configuration mode.

eigrp router-id

To set the router ID used by Enhanced Interior Gateway Routing Protocol (EIGRP) when communicating with its neighbors, use the eigrp router-id command in router configuration mode, address-family configuration mode, or service-family configuration mode. To remove the configured router ID, use the no form of this command.

eigrp router-id router-id

no eigrp router-id router-id

Syntax Description

router-id

EIGRP router ID in IP address format.

Command Default

EIGRP automatically selects an IP address to use as the router ID when an EIGRP process is started. The highest local IP address is selected and loopback interfaces are preferred. The router ID is not changed unless the EIGRP process is removed with the no router eigrp command or if the router ID is manually configured with the eigrp router-id command.

Command Modes

Router configuration (config-router)
Address-family configuration (config-router-af)
Service-family configuration (config-router-sf)

Command History

Release	Modification
12.1	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
15.0(1)M	This command was modified. Address-family configuration mode and service-family configuration mode were added.

Usage Guidelines

The router ID is used to identify the originating router for external routes. If an external route is received with the local router ID, the route is discarded. The router ID can be configured with any IP address with two exceptions; 0.0.0.0 and 255.255.255.255 are not legal values and cannot be entered. A unique value should be configured for each router.

In EIGRP named IPv4, named IPv6, and Cisco Service Advertisement Framework (SAF) configurations, the router-id is also included for identifying internal routes and loop detection.

Examples

The following example configures 172.16.1.3 as a fixed router ID:

Router(config)# router eigrp 209

Router(config-router)# eigrp router-id 172.16.1.3

The following example configures 172.16.1.3 as a fixed router ID for service-family autonomous-system 4533:

Router(config)# router eigrp 209

Router(config-router)# service-family ipv4 autonomous-system 4453

Router(config-router-sf)# eigrp router-id 172.16.1.3

The following example configures 172.16.1.3 as a fixed router ID for address-family autonomous-system 4533:

Router(config)# router eigrp virtual-name

Router(config-router)# address-family ipv4 autonomous-system 4453

Router(config-router-af)# eigrp router-id 172.16.1.3

Related Commands

Command	Description
address-family (EIGRP)	Enters address-family configuration mode to configure an EIGRP routing instance.
router eigrp	Configures the EIGRP routing process.
service-family	Specifies service-family configuration mode.

eigrp stub

To configure a router as a stub using Enhanced Interior Gateway Routing Protocol (EIGRP), use the eigrp stub command in router configuration mode or address-family configuration mode. To disable the EIGRP stub routing feature, use the no form of this command.

eigrp stub [receive-only] [leak-map name] [connected] [static ] [summary] [redistributed]

no eigrp stub [receive-only] [leak-map name] [connected] [static ] [summary] [redistributed]

Syntax Description

receive-only	(Optional) Sets the router as a receive-only neighbor.
leak-map name	(Optional) Allows dynamic prefixes based on a leak map.
connected	(Optional) Advertises connected routes.
static	(Optional) Advertises static routes.
summary	(Optional) Advertises summary routes.
redistributed	(Optional) Advertises redistributed routes from other protocols and autonomous systems.

Command Default

Stub routing is not enabled by default.

Command Modes

Router configuration (config-router)
Address-family configuration (config-router-af)

Command History

Release	Modification
12.0(7)T	This command was introduced.
12.0(15)S	This command was integrated into Cisco IOS Release 12.0(15)S.
12.2	The redistributed keyword was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
15.0(1)M	This command was modified. Address-family configuration mode was added to support EIGRP named configurations. The leak-map name keyword/argument pair was added. This command replaces the stub command.

Usage Guidelines

Use the eigrp stub command to configure a router as a stub where the router directs all IP traffic to a distribution router, unless stub leaking is configured.

The eigrp stub command can be modified with several options, and these options can be used in any combination except for the receive-only keyword. The receive-only keyword will restrict the router from sharing any of its routes with any other router in that EIGRP autonomous system, and the receive-only keyword will not permit any other option to be specified because it prevents any type of route from being sent. The four other optional keywords (connected, static, summary, leak-map, and redistributed) can be used in any combination but cannot be used with the receive-only keyword.

If any of these five keywords is used with the eigrp stub command, only the route types specified by the particular keyword(s) will be sent. Route types specified by the remaining keywords will not be sent.

The connected keyword permits the EIGRP stub routing feature to send connected routes. If the connected routes are not covered by a network statement, it may be necessary to redistribute connected routes with the redistribute connected command under the EIGRP process. This option is enabled by default.

The static keyword permits the EIGRP stub routing feature to send static routes. Without the configuration of this option, EIGRP will not send any static routes, including internal static routes that normally would be automatically redistributed. It will still be necessary to redistribute static routes with the redistribute static command.

The summary keyword permits the EIGRP stub routing feature to send summary routes. Summary routes can be created manually with the summary address command or automatically at a major network border router with the auto-summary command enabled. This option is enabled by default.

The redistributed keyword permits the EIGRP stub routing feature to send other routing protocols and autonomous systems. Without the configuration of this option, EIGRP will not advertise redistributed routes.

The leak-map keyword permits the EIGRP stub routing feature to reference a leak map that identifies routes that are allowed to be advertised on an EIGRP stub router that would normally have been suppressed.

Examples

In the following example, the eigrp stub command is used to configure the router as a stub that advertises connected and summary routes:

Router(config)# router eigrp 1

Router(config-router)# network 10.0.0.0

Router(config-router)# eigrp stub

In the following named configuration example, the eigrp stub command is used to configure the router as a stub that advertises routes learned from a directly connected client:

Router(config)# router eigrp virtual-name

Router(config-router)# address-family ipv4 autonomous-system 4453

Router(config-router-af)# network 10.0.0.0

Router(config-router-af)# eigrp stub connected

In the following example, the eigrp stub command is issued with the connected and static keywords to configure the router as a stub that advertises connected and static routes (sending summary routes will not be permitted):

Router(config)# router eigrp 1

Router(config-router)# network 10.0.0.0

Router(config-router)# eigrp stub connected static

In the following named configuration example, the eigrp stub command is issued with the connected and static keywords to configure the router as a stub that advertises connected and static routes (sending summary routes will not be permitted):

Router(config)# router eigrp virtual-name

Router(config-router)# address-family ipv4 autonomous-system 4453

Router(config-router-af)# network 10.0.0.0

Router(config-router-af)# eigrp stub connected static

In the following example, the eigrp stub command is issued with the receive-only keyword to configure the router as a receive-only neighbor (connected, summary, and static routes will not be sent):

Router(config)# router eigrp 1

Router(config-router)# network 10.0.0.0 eigrp 

Router(config-router)# eigrp stub receive-only

In the following named configuration example, the eigrp stub command is issued with the receive-only keyword to configure the router as a receive-only neighbor (connected, summary, and static routes will not be sent):

Router(config)# router eigrp virtual-name

Router(config-router)# address-family ipv4 autonomous-system 4453

Router(config-router-af)# network 10.0.0.0

Router(config-router-af)# eigrp stub receive-only

In the following example, the eigrp stub command is issued with the redistributed keyword to configure the router to advertise other protocols and autonomous systems:

Router(config)# router eigrp 1

Router(config-router)# network 10.0.0.0 eigrp 

Router(config-router)# eigrp stub redistributed

In the following named configuration example, the eigrp stub command is issued with the redistributed keyword to configure the router to advertise other protocols and autonomous systems:

Router(config)# router eigrp virtual-name

Router(config-router)# address-family ipv4 autonomous-system 4453

Router(config-router-af)# network 10.0.0.0

Router(config-router-af) eigrp stub redistributed

In the following example, the eigrp stub command is issued with the leak-map name keyword/argument pair to configure the router to reference a leak map that identifies routes that would normally have been suppressed:

Router(config)# router eigrp 

Router(config-router)# network 10.0.0.0

Router(config-router) eigrp stub leak-map map1

In the following named configuration example, the eigrp stub command is issued with the leak-map name keyword/argument pair to configure the router to reference a leak map that identifies routes that would normally have been suppressed:

Router(config)# router eigrp virtual-name

Router(config-router)# address-family ipv4 autonomous-system 4453

Router(config-router-af)# network 10.0.0.0

Router(config-router-af) eigrp stub leak-map map1

Related Commands

Command	Description
address-family (EIGRP)	Enters address-family configuration mode to configure an EIGRP routing instance.
network (EIGRP)	Specifies the network for an EIGRP routing process.
router eigrp	Configures the EIGRP address-family process.

enabled

To enable an aggregation cache, use the enabled command in aggregation cache configuration mode.

enabled

Syntax Description

This command has no arguments or keywords.

Command Default

The cache is disabled.

Command Modes

Aggregation cache configuration

Command History

Release	Modification
12.0(3)T	This command was introduced.
12.3(7)T	This command was modified to support NetFlow Version 9 for IPv6.
12.2(30)S	This command was integrated into Cisco IOS Release 12.2(30)S.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Examples

The following example shows how to use the enabled command:

cache timeout active 30

cache timeout inactive 7

cache entries 100

enabled

Related Commands

Command	Description
ipv6 flow-aggregation cache	Confiugres the aggregation cache configuration scheme for NetFlow Version 9 IPv6 configuration.

encapsulation

To set the encapsulation method used by the interface, use the encapsulation command in interface configuration mode. To remove the encapsulation, use the no form of this command.

encapsulation encapsulation-type

no encapsulation encapsulation-type

Syntax Description

encapsulation-type

Encapsulation type; one of the following keywords: •atm-dxi—ATM Mode-Data Exchange Interface. •bstun—Block Serial Tunnel. •dot1q vlan-id [native]—Enables IEEE 802.1q encapsulation of traffic on a specified subinterface in VLANs. The vlan-id argument is a virtual LAN identifier. The valid range is from 1 to 1000. The optional native keyword sets the PVID value of the port to the vlan-id value. •frame-relay—Frame Relay (for serial interface). •hdlc—High-Level Data Link Control (HDLC) protocol for serial interface. This encapsulation method provides the synchronous framing and error detection functions of HDLC without windowing or retransmission. This is the default for synchronous serial interfaces. •isl vlan-id—Inter-Switch Link (ISL) (for VLANs). •lapb—X.25 Link Access Procedure, Balanced. Data link layer protocol (LAPB) DTE operation (for serial interface). •ppp—PPP (for serial interface). •sde said—IEEE 802.10. The said argument is a security association identifier. This value is used as the VLAN identifier. The valid range is from 0 to 0xFFFFFFFE. •sdlc—IBM serial Systems Network Architecture (SNA). •sdlc-primary—IBM serial SNA (for primary serial interface). •sdlc-secondary—IBM serial SNA (for secondary serial interface). •slip—Specifies Serial Line Internet Protocol (SLIP) encapsulation for an interface configured for dedicated asynchronous mode or dial-on-demand routing (DDR). This is the default for asynchronous interfaces. •smds—Switched Multimegabit Data Services (SMDS) (for serial interface). •ss7—Sets the encapsulation type to SS7 and overrides the serial interface objects high-level data link control (HDLC) default.

Defaults

The default depends on the type of interface. For example, synchronous serial interfaces default to HDLC and asynchronous interfaces default to SLIP.

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.
10.3	The sde keyword was added to support IEEE 802.10
11.1	The isl keyword was added to support the Interswitch Link (ISL) Cisco protocol for interconnecting multiple switches and routers, and for defining virtual LAN (VLAN) topologies.
11.3(4)T	The tr-isl trbrf-vlan keyword was added to support TRISL, a Cisco proprietary protocol for interconnecting multiple routers and switches and maintaining VLAN information as traffic goes between switches.
12.0(1)T	The dot1q keyword was added to support IEEE 8021q standard for encapsulation of traffic on a specified subinterface in VLANs.
12.1(3)T	The native keyword was added.
12.2(11)T	This command was modified to include the ss7 keyword in support of integrated signaling link terminal capabilities.
12.2(13)T	Support for IPv6 was added.
12.3(2)T	The tr-isl trbrf-vlan keyword was removed because support for the TRISL protocol is no longer available in Cisco IOS software.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Cisco IOS XE Release 2.5	This command was updated. It was integrated into Cisco IOS XE Release 2.5.

Usage Guidelines

SLIP and PPP

To use SLIP or PPP, the router or access server must be configured with an IP routing protocol or with the ip host-routing command. This configuration is done automatically if you are using old-style slip address commands. However, you must configure it manually if you configure SLIP or PPP via the interface async command.

On lines configured for interactive use, encapsulation is selected by the user when they establish a connection with the slip or ppp EXEC command.

IP Control Protocol (IPCP) is the part of PPP that brings up and configures IP links. After devices at both ends of a connection communicate and bring up PPP, they bring up the control protocol for each network protocol that they intend to run over the PPP link such as IP or IPX. If you have problems passing IP packets and the show interface command shows that line is up, use the negotiations command to see if and where the negotiations are failing. You might have different versions of software running, or different versions of PPP, in which case you might need to upgrade your software or turn off PPP option negotiations. All IPCP options as listed in RFC 1332, PPP Internet Protocol Control Protocol (IPCP), are supported on asynchronous lines. Only Option 2, TCP/IP header compression, is supported on synchronous interfaces.

PPP echo requests are used as keepalive packets to detect line failure. The no keepalive command can be used to disable echo requests. For more information about the no keepalive command, refer to the chapter "IP Services Commands" in the Cisco IOS IP Command Reference, Volume 1 of 4: Addressing and Services and to the chapter "Configuring IP Services" in the Cisco IOS IP Configuration Guide.

To use SLIP or PPP, the Cisco IOS software must be configured with an IP routing protocol or with the ip host-routing command. This configuration is done automatically if you are using old-style slip address commands. However, you must configure it manually if you configure SLIP or PPP via the interface async command.

---

Note Disable software flow control on SLIP and PPP lines before using the encapsulation command.

---

SS7

The SS7 encapsulation command is new with the Integrated SLT feature and is available only for interface serial objects created by the channel-group command. For network access server (NAS) platforms, the encapsulation for channel group serial interface objects defaults to HDLC. You must explicitly set the encapsulation type to SS7 to override this default.

When encapsulation is set to SS7, the encapsulation command for that object is no longer available. A serial SS7 link is deleted only when its associated dial feature card (DFC) card is removed. As with existing Cisco 26xx-based SLTs, you do not need to specify whether the SS7 link is to be used as an A-link or an F-link.

By itself this command does not select the correct encapsulation type. Therefore, once created, you must set the encapsulation type to the new SS7 value, as well as assign a session channel ID to the link at the serial interface command level. The configuration on a digital SS7 link can be saved (no shutdown) only when its encapsulation is successfully set to SS7 and it has been assigned a channel identifier.

VLANs

Do not configure encapsulation on the native VLAN of an IEEE 802.1q trunk without the native keyword. (Always use the native keyword when the vlan-id is the ID of the IEEE 802.1q native VLAN.)

For detailed information on use of this command with VLANs, refer to the Cisco IOS Switching Services Configuration Guide and the Cisco IOS Switching Services Command Reference.

Examples

The following example shows how to reset HDLC serial encapsulation on serial interface 1:

Router(config)# interface serial 1

Router(config-if)# encapsulation hdlc

The following example shows how to enable PPP encapsulation on serial interface 0:

Router(config)# interface serial 0

Router(config-if)# encapsulation ppp

The following example shows how to configure async interface 1 for PPP encapsulation:

Router(config)# interface async 1

Router(config-if)# encapsulation ppp

To learn more about the virtual serial interface and check SS7 encapsulation, enter the show interfaces serial slot/trunk:channel-group command in privileged EXEC mode, as in the following example:

Router# show interfaces serial 7/3:1

Serial7/3:1 is up, line protocol is down

 Hardware is PowerQUICC Serial

 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

  reliability 255/255, txload 4/255, rxload 1/255

 Encapsulation SS7 MTP2, loopback not set

 Keepalive set (10 sec)

 Last input never, output 00:00:00, output hang never

 Last clearing of "show interface" counters 03:53:40

 Queueing strategy: fifo

  Output queue 0/40, 0 drops; input queue 0/75, 0 drops

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 26000 bits/sec, 836 packets/sec

  0 packets input, 0 bytes, 0 no buffer

  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

  11580159 packets output, 46320636 bytes, 0 underruns

  0 output errors, 0 collisions, 1 interface resets

  0 output buffer failures, 0 output buffers swapped out

  2 carrier transitions

  DCD=up DSR=down DTR=down RTS=down CTS=down

Related Commands

Command	Description
channel-group	Assigns a channel group and selects the DSO time slots desired for SS7 links.
encapsulation x25	Specifies operation of a serial interface as an X.25 device.
keepalive	Sets the keepalive timer for a specific interface.
ppp	Starts an asynchronous connection using PPP.
ppp authentication	Enables CHAP or PAP or both and specifies the order in which CHAP and PAP authentication are selected on the interface.
ppp bap call	Sets PPP BACP call parameters.
slip	Starts a serial connection to a remote host using SLIP.

encapsulation frame-relay mfr

To create a multilink Frame Relay bundle link and to associate the link with a bundle, use the encapsulation frame-relay mfr command in interface configuration mode. To remove the bundle link from the bundle, use the no form of this command.

encapsulation frame-relay mfr number [name]

no encapsulation frame-relay mfr number [name]

Syntax Description

number	Interface number of the multilink Frame Relay bundle with which this bundle link will be associated.
name	(Optional) Bundle link identification (LID) name. The name can be up to 49 characters long. The default is the name of the physical interface.

Command Default

Frame Relay encapsulation is not enabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.0(17)S	This command was introduced on the Cisco 12000 series routers.
12.2(8)T	This command was integrated into Cisco IOS Release 12.2(8)T.
12.0(24)S	This command was implemented on VIP-enabled Cisco 7500 series routers.
12.3(4)T	Support for this command on VIP-enabled Cisco 7500 series routers was integrated into Cisco IOS Release 12.3(4)T.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.0(33)S	Support for IPv6 was added. This command was implemented on the Cisco 12000 series routers.

Usage Guidelines

Use the name argument to assign a LID name to a bundle link. This name will be used to identify the bundle link to peer devices and to enable the devices to determine which bundle links are associated with which bundles. The LID name can also be assigned or changed by using the frame-relay multilink lid command on the bundle link interface. If the LID name is not assigned, the default name is the name of the physical interface.

---

Tips To minimize latency that results from the arrival order of packets, we recommend bundling physical links of the same line speed in one bundle.

---

To remove a bundle link from a bundle, use the no encapsulation frame-relay mfr command or configure a new type of encapsulation on the interface by using the encapsulation command.

Examples

The following example shows serial interface 0 being associated as a bundle link with bundle interface "mfr0." The bundle link identification name is "BL1."

interface mfr0

!

interface serial 0

 encapsulation frame-relay mfr0 BL1

Related Commands

Command	Description
debug frame-relay multilink	Displays debug messages for multilink Frame Relay bundles and bundle links.
encapsulation	Sets the encapsulation method used by the interface.
frame-relay multilink lid	Assigns a LID name to a multilink Frame Relay bundle link.
show frame-relay multilink	Displays configuration information and statistics about multilink Frame Relay bundles and bundle links.

encryption (IKE policy)

To specify the encryption algorithm within an Internet Key Exchange (IKE) policy, use the encryption command in Internet Security Association Key Management Protocol (ISAKMP) policy configuration mode. IKE policies define a set of parameters to be used during IKE negotiation. To reset the encryption algorithm to the default value, use the no form of this command.

encryption {des | 3des | aes | aes 192 | aes 256}

no encryption

Syntax Description

des	56-bit Data Encryption Standard (DES)-CBC as the encryption algorithm.
3des	168-bit DES (3DES) as the encryption algorithm.
aes	128-bit Advanced Encryption Standard (AES) as the encryption algorithim.
aes 192	192-bit AES as the encryption algorithim.
aes 256	256-bit AES as the encryption algorithim.

Command History

The 56-bit DES-CBC encryption algorithm

Command Modes

ISAKMP policy configuration

Command History

Release	Modification
11.3 T	This command was introduced.
12.0(2)T	The 3des option was added.
12.2(13)T	The following keywords were added: aes, aes 192, and aes 256.
12.4(4)T	IPv6 support was added.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Use this command to specify the encryption algorithm to be used in an IKE policy.

If a user enters an IKE encryption method that the hardware does not support, a warning message will be displayed immediately after the encryption command is entered.

Examples

The following example configures an IKE policy with the 3DES encryption algorithm (all other parameters are set to the defaults):

crypto isakmp policy

 encryption 3des

 exit

The following example is a sample warning message that is displayed when a user enters an IKE encryption method that the hardware does not support:

encryption aes 256

WARNING:encryption hardware does not support the configured

encryption method for ISAKMP policy 1

Related Commands

Command	Description
authentication (IKE policy)	Specifies the authentication method within an IKE policy.
crypto isakmp policy	Defines an IKE policy.
group (IKE policy)	Specifies the DH group identifier within an IKE policy.
hash (IKE policy)	Specifies the hash algorithm within an IKE policy.
lifetime (IKE policy)	Specifies the lifetime of an IKE SA.
show crypto isakmp policy	Displays the parameters for each IKE policy.

enrollment terminal (ca-trustpoint)

To specify manual cut-and-paste certificate enrollment, use the enrollment terminal command in ca-trustpoint configuration mode. To delete a current enrollment request, use the no form of this command.

enrollment terminal [pem]

no enrollment terminal [pem]

Syntax Description

pem	(Optional) Adds privacy-enhanced mail (PEM) boundaries to the certificate request.

Command Default

No default behavior or values

Command Modes

Ca-trustpoint configuration

Command History

Release	Modification
12.2(13)T	This command was introduced.
12.3(4)T	The pem keyword was added.
12.2(18)SXD	This command was integrated into Cisco IOS Release 12.2(18)SXD.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.(33)SRA.
12.4(24)T	Support for IPv6 Secure Neighbor Discovery (SeND) was added.

Usage Guidelines

A user may want to manually cut-and-paste certificate requests and certificates when he or she does not have a network connection between the router and certification authority (CA). When this command is enabled, the router displays the certificate request on the console terminal, allowing the user to enter the issued certificate on the terminal.

The pem Keyword

Use the pem keyword to issue certificate requests (via the crypto ca enroll command) or receive issued certificates (via the crypto ca import certificate command) in PEM-formatted files through the console terminal. If the CA server does not support simple certificate enrollment protocol (SCEP), the certificate request can be presented to the CA server manually.

---

Note When generating certificate requests in PEM format, your router does not have to have the CA certificate, which is obtained via the crypto ca authenticate command.

---

Examples

The following example shows how to manually specify certificate enrollment via cut-and-paste. In this example, the CA trustpoint is "MS."

crypto ca trustpoint MS

 enrollment terminal

 crypto ca authenticate MS

!

crypto ca enroll MS

crypto ca import MS certificate

Related Commands

Command	Description
crypto ca authenticate	Authenticates the CA (by getting the certificate of the CA).
crypto ca enroll	Obtains the certificates of your router from the certification authority.
crypto ca import	Imports a certificate manually via TFTP or cut-and-paste at the terminal.
crypto ca trustpoint	Declares the CA that your router should use.

enrollment url (ca-trustpoint)

To specify the enrollment parameters of a certification authority (CA), use the enrollment url command in ca-trustpoint configuration mode. To remove any of the configured parameters, use the no form of this command.

enrollment [mode] [retry period minutes] [retry count number] url url [pem]

no enrollment [mode] [retry period minutes] [retry count number] url url [pem]

Syntax Description

mode	(Optional) Specifies the registration authority (RA) mode, if your CA system provides an RA. By default, RA mode is disabled.
retry period minutes	(Optional) Specifies the period in which the router will wait before sending the CA another certificate request. The default is 1 minute between retries. (Specify from 1 to 60 minutes.)
retry count number	(Optional) Specifies the number of times a router will resend a certificate request when it does not receive a response from the previous request. The default is 10 retries. (Specify from 1 to 100 retries.)
url url	Specifies the URL of the file system where your router should send certificate requests. For enrollment method options, see Table 28.
pem	(Optional) Adds privacy-enhanced mail (PEM) boundaries to the certificate request.

Command Default

Your router does not know the CA URL until you specify it using the url url keyword and argument.

Command Modes

Ca-trustpoint configuration

Command History

Release	Modification
11.3T	This command was introduced as the enrollment url (ca-identity) command.
12.2(8)T	This command replaced the enrollment url (ca-identity) command. The mode, retry period minutes, and retry count number keywords and arguments were added.
12.2(13)T	The url url option was enhanced to support TFTP enrollment.
12.3(4)T	The pem keyword was added, and the url url option was enhanced to support an additional enrollment method—the Cisco IOS File System (IFS).
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(24)T	Support for IPv6 Secure Neighbor Discovery (SeND) was added.

Usage Guidelines

Use the mode keyword to specify the mode supported by the CA. This keyword is required if your CA system provides an RA.

Use the retry period minutes option to change the retry period from the default of 1 minute between retries. After requesting a certificate, the router waits to receive a certificate from the CA. If the router does not receive a certificate within a specified period of time (the retry period), the router will send another certificate request. By default, the router will send a maximum of ten requests until it receives a valid certificate, until the CA returns an enrollment error, or until the configured number of retries (specified via the retry count number option) is exceeded.

Use the pem keyword to issue certificate requests (using the crypto pki enroll command) or receive issued certificates (using the crypto pki import certificate command) in PEM-formatted files.

---

Note When generating certificate requests in PEM format, your router does not have to have the CA certificate, which is obtained using the crypto ca authenticate command.

---

Use the url url option to specify or change the URL of the CA. Table 28 lists the available enrollment methods.

Table 28 Certificate Enrollment Methods 

Enrollment Method	Description
bootflash	Enroll via bootflash: file system
cns	Enroll via Cisco Networking Services (CNS): file system
flash	Enroll via flash: file system
ftp	Enroll via FTP: file system
null	Enroll via null: file system
nvram	Enroll via NVRAM: file system
rcp	Enroll via remote copy protocol (rcp): file system
scp	Enroll via secure copy protocol (scp): file system
SCEP1	Enroll via Simple Certificate Enrollment Protocol (SCEP) (an HTTP URL)
system	Enroll via system: file system
TFTP2	Enroll via TFTP: file system

1 If you are using SCEP for enrollment, the URL must be in the form http://CA_name, where CA_name is the host Domain Name System (DNS) name or IP address of the CA. 2 If you are using TFTP for enrollment, the URL must be in the form tftp://certserver/file_specification. (The file_specification is optional. See the section "TFTP Certificate Enrollment" for additional information.)

TFTP Certificate Enrollment

TFTP enrollment is used to send the enrollment request and retrieve the certificate of the CA and the certificate of the router. If the file_specification is included in the URL, the router will append an extension onto the file specification. When the crypto pki authenticate command is entered, the router will retrieve the certificate of the CA from the specified TFTP server. As appropriate, the router will append the extension ".ca" to the filename or the fully qualified domain name (FQDN). (If the url url option does not include a file specification, the FQDN of the router will be used.)

---

Note The crypto pki trustpoint command replaces the crypto ca identity and crypto ca trusted-root commands and all related commands (all ca-identity and trusted-root configuration mode commands). If you enter a ca-identity or trusted-root command, the configuration mode and command will be written back as pki-trustpoint.

---

Examples

The following example shows how to declare a CA named "trustpoint" and specify the URL of the CA as "http://example:80":

crypto pki trustpoint trustpoint

 enrollment url http://example:80

Related Commands

Command	Description
crypto pki authenticate	Authenticates the CA (by getting the certificate of the CA).
crypto pki enroll	Obtains the certificate or certificates of your router from the CA.
crypto pki trustpoint	Declares the CA that your router should use.

eui-interface

To use the Media Access Control (MAC) address from a specified interface for deriving the IPv6 mobile home address, use the eui-interface command in IPv6 mobile router configuration mode. To disable this function, use the no form of this command.

eui-interface interface-type interface-number

no eui-interface interface-type interface-number

Syntax Description

interface-type interface-number

Interface type and number from which the MAC address is derived.

Command Default

A MAC address is not used to derive the IPv6 mobile home address.

Command Modes

IPv6 mobile router configuration (IPv6-mobile-router)

Command History

Release	Modification
12.4(20)T	This command was introduced.

Usage Guidelines

Use the eui-interface command to physically connect to the MAC to get the EUI-64 interface ID.

Examples

In the following example, the router derives the EUI-64 interface ID from the specified interface:

eui-interface Ethernet 0/0

Related Commands

Command	Description
ipv6 mobile router	Enables IPv6 NEMO functionality on the router and places the router in IPv6 mobile router mode.

evaluate (IPv6)

To nest an IPv6 reflexive access list within an IPv6 access list, use the evaluate (IPv6) command in IPv6 access list configuration mode. To remove the nested IPv6 reflexive access list from the IPv6 access list, use the no form of this command.

evaluate access-list-name [sequence value]

no evaluate access-list-name [sequence value]

Syntax Description

access-list-name	The name of the IPv6 reflexive access list that you want evaluated for IPv6 traffic entering your internal network. This is the name defined in the permit (IPv6) command. Names cannot contain a space or quotation mark, or begin with a numeric.
sequence value	(Optional) Specifies the sequence number for the IPv6 reflexive access list. The acceptable range is from 1 to 4294967295.

Command Default

IPv6 reflexive access lists are not evaluated.

Command Modes

IPv6 access list configuration

Command History

Release	Modification
12.0(23)S	This command was introduced.
12.2(13)T	This command was integrated into Cisco IOS Release 12.2(13)T.
12.2(14)S	This command was integrated into Cisco IOS Release 12.2(14)S.
12.2(28)SB	This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Usage Guidelines

The evaluate (IPv6) command is similar to the evaluate (IPv4) command, except that it is IPv6-specific.

This command is used to achieve IPv6 reflexive filtering, a form of session filtering.

Before this command will work, you must define the IPv6 reflexive access list using the permit (IPv6) command.

This command nests an IPv6 reflexive access list within an IPv6 access control list (ACL).

If you are configuring an IPv6 reflexive access list for an external interface, the IPv6 ACL should be one that is applied to inbound traffic. If you are configuring IPv6 reflexive access lists for an internal interface, the IPv6 ACL should be one that is applied to outbound traffic. (In other words, use the access list opposite of the one used to define the IPv6 reflexive access list.)

This command allows IPv6 traffic entering your internal network to be evaluated against the reflexive access list. Use this command as an entry (condition statement) in the IPv6 ACL; the entry "points" to the IPv6 reflexive access list to be evaluated.

As with all IPv6 ACL entries, the order of entries is important. Normally, when a packet is evaluated against entries in an IPv6 ACL, the entries are evaluated in sequential order, and when a match occurs, no more entries are evaluated. With an IPv6 reflexive access list nested in an IPv6 ACL, the IPv6 ACL entries are evaluated sequentially up to the nested entry, then the IPv6 reflexive access list entries are evaluated sequentially, and then the remaining entries in the IPv6 ACL are evaluated sequentially. As usual, after a packet matches any of these entries, no more entries will be evaluated.

---

Note IPv6 reflexive access lists do not have any implicit deny or implicit permit statements.

---

Examples

The evaluate command in the following example nests the temporary IPv6 reflexive access lists named TCPTRAFFIC and UDPTRAFFIC in the IPv6 ACL named OUTBOUND. The two reflexive access lists are created dynamically (session filtering is "triggered") when incoming TCP or UDP traffic matches the applicable permit entry in the IPv6 ACL named INBOUND. The OUTBOUND IPv6 ACL uses the temporary TCPTRAFFIC or UDPTRAFFIC access list to match (evaluate) outgoing TCP or UDP traffic related to the triggered session. The TCPTRAFFIC and UDPTRAFFIC lists time out automatically when no IPv6 packets match the permit statement that triggered the session (the creation of the temporary reflexive access list).

---

Note The order of IPv6 reflexive access list entries is not important because only permit statements are allowed in IPv6 reflexive access lists and reflexive access lists do not have any implicit conditions. The OUTBOUND IPv6 ACL simply evaluates the UDPTRAFFIC reflexive access list first and, if there were no matches, the TCPTRAFFIC reflexive access list second. Refer to the permit command for more information on configuring IPv6 reflexive access lists.

---

ipv6 access-list INBOUND

  permit tcp any any eq bgp reflect TCPTRAFFIC

  permit tcp any any eq telnet reflect TCPTRAFFIC

  permit udp any any reflect UDPTRAFFIC

ipv6 access-list OUTBOUND

  evaluate UDPTRAFFIC

  evaluate TCPTRAFFIC

Related Commands

Command	Description
ipv6 access-list	Defines an IPv6 access list and enters IPv6 access list configuration mode.
permit (IPv6)	Sets permit conditions for an IPv6 access list.
show ipv6 access-list	Displays the contents of all current IPv6 access lists.

event-log

To enable event logging for applications, use the event-log command in application configuration monitor configuration mode. To disable event logging, use the no form of this command.

event-log [size [number of events]] [one-shot] [pause]

no event-log

Syntax Description

size [number of events]	(Optional) Maximum number of OSPF events in the event log.
one-shot	(Optional) Mode that enables the logging of new events at one specific point in time. The event logging mode is cyclical by default, meaning that all new events are logged as they occur.
pause	(Optional) Enables the user to pause the logging of any new events at any time, while keeping the current events in the log.

Command Default

By default, event logging is not enabled.
When event logging is enabled, it is cyclical by default.

Command Modes

Application configuration monitor configuration mode
OSPF for IPv6 router configuration mode

Command History

Release	Modification
12.3(14)T	This command was introduced to replace the call application event-log command.
12.2(33)SRC	Support for IPv6 was added.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.
Cisco IOS XE Release 2.1	This command was introduced on Cisco ASR 1000 series routers.
15.0(1)M	This command was integrated into Cisco IOS Release 12.5(1)M.
12.2(33)XNE	This command was modified. It was integrated into Cisco IOS Release 12.2(33)XNE.

Usage Guidelines

This command enables event logging globally for all voice applications. To enable or disable event logging for a specific application, use one of the following commands:

param event-log (application parameter configuration mode)

paramspace appcommon event-log (service configuration mode)

---

Note To prevent event logging from adversely impacting system resources for production traffic, the gateway uses a throttling mechanism. When free processor memory drops below 20-percent, the gateway automatically disables all event logging. It resumes event logging when free memory rises above 30 percent. While throttling is occurring, the gateway does not capture any new event logs even if event logging is enabled. You should monitor free memory and enable event logging only when necessary for isolating faults.

---

Examples

The following example shows event logging enabled:

application

 monitor

  event-log

The following example shows OSPF for IPv6 event logging enabled. The router instance is 1, the event-log size is 10,000, and the mode is one-shot.

ipv6 router ospf 1 

 event-log size 10000 one-shot 

Related Commands

Command	Description
call application event-log	Enables event logging for all voice application instances.
event-log dump ftp	Enables the gateway to write the contents of the application event log buffer to an external file.
event-log error-only	Restricts event logging to error events only for application instances.
event-log max-buffer-size	Sets the maximum size of the event log buffer for each application instance.
param event-log	Enables or disables event logging for a package.
paramspace appcommon event-log	Enables or disables event logging for a service (application).

explicit-prefix

To register IPv6 prefixes connected to the IPv6 mobile router, use the explicit-prefix command in IPv6 mobile router configuration mode. To disable this function, use the no form of this command.

explicit-prefix

no explicit-prefix

Syntax Description

This command has no arguments or keywords.

Command Default

No IPv6 prefixes are specified.

Command Modes

IPv6 mobile router configuration (IPv6-mobile-router)

Command History

Release	Modification
12.4(20)T	This command was introduced.

Usage Guidelines

The mobile router presents a list of prefixes to the home agent as part of the binding update procedure. If the home agent determines that the mobile router is authorized to use these prefixes, it sends a bind acknowledgment message.

Examples

The following example shows how to register connected IPv6 prefixes:

Router(IPv6-mobile-router)# explicit-prefix

Related Commands

Command	Description
ipv6 mobile router	Enables IPv6 NEMO functionality on the router and places the router in IPv6 mobile router mode.

fingerprint

To preenter a fingerprint that can be matched against the fingerprint of a certification authority (CA) certificate during authentication, use the fingerprint command in ca-trustpoint configuration mode. To remove the preentered fingerprint, use the no form of this command.

fingerprint ca-fingerprint

no fingerprint ca-fingerprint

Syntax Description

ca-fingerprint

Certificate fingerprint.

Defaults

A fingerprint is not preentered for a trustpoint, and if the authentication request is interactive, you must verify the fingerprint that is displayed during authentication of the CA certificate. If the authentication request is noninteractive, the certificate will be rejected without a preentered fingerprint.

Command Modes

Ca-trustpoint configuration

Command History

Release	Modification
12.3(12)	This command was introduced. This release supports only message digest algorithm 5 (MD5) fingerprints.
12.3(13)T	Support was added for Secure Hash Algorithm 1 (SHA1), but only for Cisco IOS T releases.
12.4(24)T	Support for IPv6 Secure Neighbor Discovery (SeND) was added.

Usage Guidelines

---

Note An authentication request made using the CLI is considered an interactive request. An authentication request made using HTTP or another management tool is considered a noninteractive request.

---

Preenter the fingerprint if you want to avoid responding to the verify question during CA certificate authentication or if you will be requesting authentication noninteractively. The preentered fingerprint may be either the MD5 fingerprint or the SHA1 fingerprint of the CA certificate.

If you are authenticating a CA certificate and the fingerprint was preentered, if the fingerprint matches that of the certificate, the certificate is accepted. If the preentered fingerprint does not match, the certificate is rejected.

If you are requesting authentication noninteractively, the fingerprint must be preentered or the certificate will be rejected. The verify question will not be asked when authentication is requested noninteractively.

If you are requesting authentication interactively without preentering the fingerprint, the fingerprint of the certificate will be displayed, and you will be asked to verify it.

Examples

The following example shows how to preenter an MD5 fingerprint before authenticating a CA certificate:

Router(config)# crypto pki trustpoint myTrustpoint

Router(ca-trustpoint)# fingerprint 6513D537 7AEA61B7 29B7E8CD BBAA510B

Router(ca-trustpoint) exit

Router(config)# crypto pki authenticate myTrustpoint

Certificate has the following attributes:

       Fingerprint MD5: 6513D537 7AEA61B7 29B7E8CD BBAA510B

      Fingerprint SHA1: 998CCFAA 5816ECDE 38FC217F 04C11F1D DA06667E

Trustpoint Fingerprint: 6513D537 7AEA61B7 29B7E8CD BBAA510B

Certificate validated - fingerprints matched.

Trustpoint CA certificate accepted.

Router (config)#

The following is an example for Cisco Release 12.3(12). Note that the SHA1 fingerprint is not displayed because it is not supported by this release.

Router(config)# crypto ca trustpoint myTrustpoint

Router(ca-trustpoint)# fingerprint 6513D537 7AEA61B7 29B7E8CD BBAA510B

Router(ca-trustpoint)# exit

Router(config)# crypto ca authenticate myTrustpoint

Certificate has the following attributes:

           Fingerprint: 6513D537 7AEA61B7 29B7E8CD BBAA510B

Trustpoint Fingerprint: 6513D537 7AEA61B7 29B7E8CD BBAA510B

Certificate validated - fingerprints matched.

Trustpoint CA certificate accepted.

Router(config)#

Related Commands

Command	Description
crypto ca authenticate	Authenticates the CA (by getting the certificate of the CA).
crypto ca trustpoint	Declares the CA that your router should use.

frame-relay interface-dlci

To assign a data-link connection identifier (DLCI) to a specified Frame Relay subinterface on the router or access server, to assign a specific permanent virtual circuit (PVC) to a DLCI, or to apply a virtual template configuration for a PPP session, use the frame-relay interface-dlci command in interface configuration mode. To remove this assignment, use the no form of this command.

frame-relay interface-dlci dlci [ietf | cisco] [voice-cir cir] [ppp virtual-template-name]

no frame-relay interface-dlci dlci [ietf | cisco] [voice-cir cir] [ppp virtual-template-name]

BOOTP Server Only

frame-relay interface-dlci dlci [protocol ip ip-address]

Syntax Description

dl