Table Of Contents

router-id (IPv6)

route-target

self-identity

send-lifetime

service pad

service password-encryption

service timestamps

set aggressive-mode client-endpoint

set default interface

set dscp

set extcommunity

set interface

set ipv6 default next-hop

set ipv6 next-hop (BGP)

set ipv6 next-hop (PBR)

set ipv6 precedence

set mpls-label

set precedence

set transform-set

show adjacency

show atm map

show bgp ipv6

show bgp ipv6 community

show bgp ipv6 community-list

show bgp ipv6 dampened-paths

show bgp ipv6 filter-list

show bgp ipv6 flap-statistics

show bgp ipv6 inconsistent-as

show bgp ipv6 labels

router-id (IPv6)

To use a fixed router ID, use the router-id command in router configuration mode. To force Open Shortest Path First (OSPF) for IPv6 to use the previous OSPF for IPv6 router ID behavior, use the no form of this command.

router-id {ip-address | ipv6-address}

no router-id {ip-address | ipv6-address}

Syntax Description

ip-address	Router ID in IP address format.
ipv6-address	Router ID in IPv6 address format.

Command Default

The router ID is chosen automatically from among the set of IPv4 or IPv6 addresses configured on the router.

Command Modes

Router configuration

Command History

Release	Modification
12.2(15)T	This command was introduced.
12.4(6)T	Support for Enhanced Internal Gateway Routing Protocol (EIGRP) IPv6 was added.
12.2(33)SRB	This command was integrated into Cisco IOS Release 12.2(33)SRB.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.

Usage Guidelines

You can configure an arbitrary value in the IP or IPv6 address format for each router. However, each router ID must be unique.

If this command is used on an OSPF for IPv6 router process that is already active (has neighbors), the new router ID is used at the next reload or at a manual OSPF for IPv6 process restart. To manually restart the OSPF for IPv6 process, use the clear ipv6 ospf process command.

Examples

The following example specifies a fixed router ID:

Router(config-rtr)# router-id 10.1.1.1

Related Commands

Command	Description
clear ipv6 ospf	Clears the OSPF for IPv6 state based on the OSPF routing process ID.
ipv6 router eigrp	Configures the EIGRP IPv6 routing process.
ipv6 router ospf	Enables OSPF for IPv6 router configuration mode.

route-target

To create a route-target extended community for a Virtual Private Network (VPN) routing and forwarding (VRF) instance, use the route-target command in VRF configuration submode. To disable the configuration of a route-target community option, use the no form of this command.

route-target {import | export | both} route-target-ext-community

no route-target {import | export | both} route-target-ext-community

Syntax Description

import	Imports routing information from the target VPN extended community.
export	Exports routing information to the target VPN extended community.
both	Imports both import and export routing information to the target VPN extended community.
route-target-ext-community	Adds the route-target extended community attributes to the VRF's list of import, export, or both (import and export) route-target extended communities.

Command Default

A VRF has no route-target extended community attributes associated with it until specified by the route-target command.

Command Modes

VRF configuration submode

Command History

Release	Modification
12.0(5)T	This command was introduced.
12.0(21)ST	This command was integrated into Cisco IOS 12.0(21)ST.
12.0(22)S	This command was integrated into Cisco IOS 12.0(22)S.
12.2(13)T	This command was integrated into Cisco IOS 12.2(13)T.
12.2(14)S	This command was integrated into Cisco IOS 12.2(14)S.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(31)SB2	This command was integrated into Cisco IOS Release 12.2(31)SB2.
12.2(33)SRB	Support for IPv6 was added.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.

Usage Guidelines

The route-target command creates lists of import and export route target extended communities for the specified VRF. Enter the command one time for each target community. Learned routes that carry a specific route-target extended community are imported into all VRFs configured with that extended community as an import route target. Routes learned from a VRF site (for example, by Border Gateway Protocol (BGP), Routing Information Protocol (RIP), or static route configuration) contain export route targets for extended communities configured for the VRF added as route attributes to control the VRFs into which the route is imported.

The route target specifies a target VPN extended community. Like a route-distinguisher, an extended community is composed of either an autonomous system number and an arbitrary number or an IP address and an arbitrary number. You can enter the numbers in either of these formats:

16-bit autonomous-system-number:your 32-bit number
For example, 101:3.

32-bit IP address:your 16-bit number
For example, 192.168.122.15:1.

Examples

The following example shows how to configure route-target extended community attributes for a VRF in IPv4. The result of the command sequence is that VRF named vrf1 has two export extended communities (1000:1 and 1000:2) and two import extended communities (1000:1 and 10.27.0.130:200):

Router(config)# ip vrf vrf1

Router(config-vrf)# route-target both 1000:1

Router(config-vrf)# route-target export 1000:2

Router(config-vrf)# route-target import 10.27.0.130:200

The following example shows how to configure route-target extended community attributes for a VRF that includes IPv4 and IPv6 address families:

vrf definition site1 

rd 1000:1

address-family ipv4

 route-target export 100:1

 route-target import 100:1

address-family ipv6

 route-target export 200:1

 route-target import 200:1

Related Commands

Command	Description
import map	Configures an import route map for a VRF.
ip vrf	Configures a VRF routing table.
vrf definition	Configures a VRF routing table and enters VRF configuration mode.

self-identity

To define the identity that the local Internet Key Exchange (IKE) uses to identify itself to the remote peer, use the self-identity command in ISAKMP profile configuration mode. To remove the Internet Security Association and Key Management Protocol (ISAKMP) identity that was defined for the IKE, use the no form of this command.

self-identity {address | address ipv6] | fqdn | user-fqdn user-fqdn}

no self-identity {address | address ipv6] | fqdn | user-fqdn user-fqdn}

Syntax Description

address	The IP address of the local endpoint.
address ipv6	The IPv6 address of the local endpoint.
fqdn	The fully qualified domain name (FQDN) of the host.
user-fqdn user-fqdn	The user FQDN that is sent to the remote endpoint.

Command Default

If no ISAKMP identity is defined in the ISAKMP profile configuration, global configuration is the default.

Command Modes

ISAKMP profile configuration

Command History

Release	Modification
12.2(15)T	This command was introduced.
12.4(4)T	The address ipv6 keyword was added.

Examples

The following example shows that the IKE identity is the user FQDN "user@vpn.com":

crypto isakmp profile vpnprofile

 self-identity user-fqdn user@vpn.com

Related Commands

Command	Description
crypto isakmp profile	Defines an ISAKMP profile and audits IPSec user sessions.

send-lifetime

To set the time period during which an authentication key on a key chain is valid to be sent, use the send-lifetime command in key chain key configuration mode. To revert to the default value, use the no form of this command.

send-lifetime start-time {infinite | end-time | duration seconds}

no send-lifetime [start-time {infinite | end-time | duration seconds}]

Syntax Description

start-time	Beginning time that the key specified by the key command is valid to be sent. The syntax can be either of the following:         hh:mm:ss Month date year         hh:mm:ss date Month year hh—hours mm—minutes ss—seconds Month—first three letters of the month date—date (1-31) year—year (four digits) The default start time and the earliest acceptable date is January 1, 1993.
infinite	Key is valid to be sent from the start-time value on.
end-time	Key is valid to be sent from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.
duration seconds	Length of time (in seconds) that the key is valid to be sent.

Defaults

Forever (the starting time is January 1, 1993, and the ending time is infinite)

Command Modes

Key chain key configuration

Command History

Release	Modification
11.1	This command was introduced.
12.4(6)T	Support for IPv6 was added.

12.2(33)SRB	This command was integrated into Cisco IOS Release 12.2(33)SRB.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Specify a start-time value and one of the following values: infinite, end-time, or duration seconds.

We recommend running Network Time Protocol (NTP) or some other time synchronization method if you intend to set lifetimes on keys.

If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.

Examples

The following example configures a key chain called chain1. The key named key1 will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named key2 will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or discrepancies in the set time of the router. There is a 30-minute leeway on each side to handle time differences.

interface ethernet 0

 ip rip authentication key-chain chain1

 ip rip authentication mode md5

!

router rip

 network 172.19.0.0

 version 2

!

key chain chain1

 key 1

 key-string key1

 accept-lifetime 13:30:00 Jan 25 1996 duration 7200

 send-lifetime 14:00:00 Jan 25 1996 duration 3600

 key 2

 key-string key2

 accept-lifetime 14:30:00 Jan 25 1996 duration 7200

 send-lifetime 15:00:00 Jan 25 1996 duration 3600

Related Commands

Command	Description
accept-lifetime	Sets the time period during which the authentication key on a key chain is received as valid.
key	Identifies an authentication key on a key chain.
key chain	Enables authentication for routing protocols.
key-string (authentication)	Specifies the authentication string for a key.
show key chain	Displays authentication key information.

service pad

To enable all packet assembler/disassembler (PAD) commands and connections between PAD devices and access servers, use the service pad command in global configuration mode. To disable this service, use the no form of this command.

service pad [cmns] [from-xot] [to-xot]

no service pad [cmns] [from-xot] [to-xot]

Syntax Description

cmns	(Optional) Specifies sending and receiving PAD calls over CMNS.
from-xot	(Optional) Accepts XOT to PAD connections.
to-xot	(Optional) Allows outgoing PAD calls over XOT.

Command Default

All PAD commands and associated connections are enabled. PAD services over XOT or CMNS are not enabled.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.
11.3	The cmns keyword was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.

Usage Guidelines

The keywords from-xot and to-xot enable PAD calls to destinations that are not reachable over physical X.25 interfaces, but instead over TCP tunnels. This feature is known as PAD over XOT (X.25 over TCP).

Examples

If the service pad command is disabled, the pad EXEC command and all PAD related configurations, such as X.29, are unrecognized, as shown in the following example:

Router(config)# no service pad

Router(config)# x29 ?

% Unrecognized command

Router(config)# exit 

Router# pad ?

% Unrecognized command

If the service pad command is enabled, the pad EXEC command and access to an X.29 configuration are granted as shown in the following example:

Router# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# service pad

Router(config)# x29 ?

access-list       Define an X.29 access list

inviteclear-time  Wait for response to X.29 Invite Clear message

profile           Create an X.3 profile

Router# pad ?

WORD   X121 address or name of a remote system

In the following example, PAD services over CMNS are enabled:

! Enable CMNS on a nonserial interface

interface ethernet0

 cmns enable

!

!Enable inbound and outbound PAD over CMNS service

service pad cmns

!

! Specify an X.25 route entry pointing to an interface's CMNS destination MAC address

x25 route ^2193330 interface Ethernet0 mac 00e0.b0e3.0d62

Router# show x25 vc

SVC 1,  State: D1,  Interface: Ethernet0

     Started 00:00:08, last input 00:00:08, output 00:00:08

     Line: 0   con 0    Location: console Host: 2193330

      connected to 2193330 PAD <--> CMNS Ethernet0 00e0.b0e3.0d62

     Window size input: 2, output: 2

     Packet size input: 128, output: 128

     PS: 2  PR: 3  ACK: 3  Remote PR: 2  RCNT: 0  RNR: no

     P/D state timeouts: 0  timer (secs): 0

     data bytes 54/19 packets 2/3 Resets 0/0 RNRs 0/0 REJs 0/0 INTs 0/0

Related Commands

Command	Description
cmns enable	Enables the CMNS on a nonserial interface.
show x25 vc	Displays information about active SVCs and PVCs.
x29 access-list	Limits access to the access server from certain X.25 hosts.
x29 profile	Creates a PAD profile script for use by the translate command.

service password-encryption

To encrypt passwords, use the service password-encryption command in global configuration mode. To restore the default, use the no form of this command.

service password-encryption

no service password-encryption

Syntax Description

This command has no arguments or keywords.

Command Default

No passwords are encrypted.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.

Usage Guidelines

The actual encryption process occurs when the current configuration is written or when a password is configured. Password encryption is applied to all passwords, including username passwords, authentication key passwords, the privileged command password, console and virtual terminal line access passwords, and Border Gateway Protocol neighbor passwords. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.

When password encryption is enabled, the encrypted form of the passwords is displayed when a more system:running-config command is entered.

---

Caution This command does not provide a high level of network security. If you use this command, you should also take additional network security measures.

---

---

Note You cannot recover a lost encrypted password. You must clear NVRAM and set a new password.

---

Examples

The following example causes password encryption to take place:

service password-encryption

Related Commands

Command	Description
enable password	Sets a local password to control access to various privilege levels.
key-string (authentication)	Specifies the authentication string for a key.
neighbor password	Enables MD5 authentication on a TCP connection between two BGP peers.

service timestamps

To configure the system to apply a time stamp to debugging messages or system logging messages, use the service timestamps command in global configuration mode. To disable this service, use the no form of this command.

service timestamps [debug | log] [uptime | datetime [msec]] [localtime] [show-timezone] [year]

no service timestamps [debug | log]

Syntax Description

debug	(Optional) Indicates time-stamping for debugging messages.
log	(Optional) Indicates time-stamping for system logging messages.
uptime	(Optional) Specifies that the time stamp should consist of the time since the system was last rebooted. For example "4w6d" (time since last reboot is 4 weeks and 6 days). •This is the default time-stamp format for both debugging messages and logging messages. •The format for uptime varies depending on how much time has elapsed: –HHHH:MM:SS (HHHH hours: MM minutes: SS seconds) for the first 24 hours –DdHHh (D days HH hours) after the first day –WwDd (W weeks D days) after the first week
datetime	(Optional) Specifies that the time stamp should consist of the date and time. •The time-stamp format for datetime is MMM DD HH:MM:SS, where MMM is the month, DD is the date, HH is the hour (in 24-hour notation), MM is the minute, and SS is the second. •If the datetime keyword is specified, you can optionally add the msec localtime, show-timezone, or year keywords. •If the service timestamps datetime command is used without addtional keywords, time stamps will be shown using UTC, without the year, without milliseconds, and without a time zone name.
msec	(Optional) Includes milliseconds in the time stamp, in the format HH:DD:MM:SS.mmm, where .mmm is milliseconds
localtime	(Optional) Time stamp relative to the local time zone.
year	(Optional) Include the year in the date-time format.
show-timezone	(Optional) Include the time zone name in the time stamp. Note If the localtime keyword option is not used (or if the local time zone has not been configured using the clock timezone command), time will be displayed in Coordinated Universal Time (UTC).

Command Default

Time stamps are applied to debug and logging messages.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
11.3(5)	Service time stamps are enabled by default.
12.3(1)	The year keyword was added.
12.3(2)T	This command was integrated into Cisco IOS Release 12.3(2)T.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH	This command was integrated into Cisco IOS Release 12.2(33)SXH.
12.2(33)SB	This command was integrated into Cisco IOS Release 12.2(33)SB.

Usage Guidelines

Time stamps can be added to either debugging messages (service timestamp debug) or logging messages (service timestamp log) independently.

If the service timestamps command is specified with no arguments or keywords, the default is service timestamps debug uptime.

The no service timestamps command by itself disables time stamps for both debug and log messages.

The uptime form of the command adds time stamps (such as "2w3d") that indicating the time since the system was rebooted. The datetime form of the command adds time stamps (such as "Sep 5 2002 07:28:20") that indicate the date and time according to the system clock.

Entering the service timestamps {debug | log} command a second time will overwrite any previously configured service timestamp {debug | log} commands and associated options.

To set the local time zone, use the clock timezone zone hours-offset command in global configuration mode.

The time stamp will be preceeded by an asterisk or period if the time is potentially inaccurate. Table 44 describes the symbols that proceed the time stamp.

Table 44 Time-Stamping Symbols for syslog Messages

Symbol	Description	Example
(blank)	Time is authoritative: the software clock is in sync or has just been set manually	15:29:03.158 UTC Tue Feb 25 2003:
*	Time is not authoritative: the software clock has not been set, or is not in sync with configured Network Time Protocol (NTP) servers.	*15:29:03.158 UTC Tue Feb 25 2003:
.	Time is authoritative, but the NTP is not synchronized: the software clock was in sync, but has since lost contact with all configured NTP servers.	.15:29:03.158 UTC Tue Feb 25 2003:

Examples

In the following example, the router begins with time-stamping disabled. Then, the default time-stamping is enabled (uptime time stamps applied to debug output). Then, the default time-stamping for logging is enabled (uptime time stamps applied to logging output).

Router# show running-config | include time 

no service timestamps debug uptime

no service timestamps log uptime

Router# config terminal 

Router(config)# service timestamps 

! issue the show running-config command in config mode using do 

Router(config)# do show running-config | inc time 

! shows that debug timestamping is enabled, log timestamping is disabled 

service timestamps debug uptime

no service timestamps log uptime

! enable timestamps for logging messages 

Router(config)# service timestamps log 

Router(config)# do show run | inc time 

service timestamps debug uptime

service timestamps log uptime

Router(config)# service sequence-numbers 

Router(config)# end 

000075: 5w0d: %SYS-5-CONFIG_I: Configured from console by console

! The following is a level 5 system logging message 

! The leading number comes from the service sequence-numbers command. 

! 4w6d indicates the timestamp of 4 weeks, 6 days

000075: 4w6d: %SYS-5-CONFIG_I: Configured from console by console

In the following example, the user enables time-stamping on logging messages using the current time and date in Coordinated Universal Time/Greenwich Mean Time (UTC/GMT), and enables the year to be shown.

Router(config)#

! The following line shows the timestamp with uptime (1 week 0 days) 

1w0d: %SYS-5-CONFIG_I: Configured from console by console

Router(config)# service timestamps log datetime show-timezone year 

Router(config)# end

! The following line shows the timestamp with datetime (11:13 PM March 22nd) 

.Mar 22 2004 23:13:25 UTC: %SYS-5-CONFIG_I: Configured from console by console

The following example shows the change from UTC to local time:

Router# configure terminal 

! Logging output can be quite long; first changing line width to show full 

! logging message 

Router(config)# line 0 

Router(config-line)# width 180 

Router(config-line)# logging synchronous 

Router(config-line)# end 

! Timestamping already enabled for logging messages; time shown in UTC. 

Oct 13 23:20:05 UTC: %SYS-5-CONFIG_I: Configured from console by console

Router# show clock 

23:20:53.919 UTC Wed Oct 13 2004

Router# configure terminal 

Enter configuration commands, one per line.  End with the end command. 

! Timezone set as Pacific Standard Time, with an 8 hour offset from UTC 

Router(config)# clock timezone PST -8 

Router(config)# 

Oct 13 23:21:27 UTC: %SYS-6-CLOCKUPDATE:  
System clock has been updated from 23:21:27 UTC Wed Oct 13 2004  
to 15:21:27 PST Wed Oct 13 2004, configured from console by console.

Router(config)# 

! Pacific Daylight Time (PDT) configured to start in April and end in October. 

! Default offset is +1 hour. 

Router(config)# clock summer-time PDT recurring first Sunday April 2:00 last Sunday 
October 2:00 

Router(config)#

! Time changed from 3:22 P.M. Pacific Standard Time (15:22 PST) 

! to 4:22 P.M. Pacific Daylight (16:22 PDT) 

Oct 13 23:22:09 UTC: %SYS-6-CLOCKUPDATE:  
System clock has been updated from 15:22:09 PST Wed Oct 13 2004  
to 16:22:09 PDT Wed Oct 13 2004, configured from console by console.

! Change the timestamp to show the local time and timezone. 

Router(config)# service timestamps log datetime localtime show-timezone 

Router(config)# end 

Oct 13 16:23:19 PDT: %SYS-5-CONFIG_I: Configured from console by console 

Router# show clock 

16:23:58.747 PDT Wed Oct 13 2004 

Router# config t 

Enter configuration commands, one per line.  End with the end command. 

Router(config)# service sequence-numbers 

Router(config)# end 

Router#

In the following example, the service timestamps log datetime command is used to change previously configured options for the date-time time stamp.

Router(config)# service timestamps log datetime localtime show-timezone 

Router(config)# end 

! The year is not displayed. 

Oct 13 15:44:46 PDT: %SYS-5-CONFIG_I: Configured from console by console 

Router# config t 

Enter configuration commands, one per line.  End with the end command.

Router(config)# service timestamps log datetime show-timezone year 

Router(config)# end 

! note: because the localtime option was not specified again, that option is 

! removed from the output, and time is displayed in UTC (the default) 

Oct 13 2004 22:45:31 UTC: %SYS-5-CONFIG_I: Configured from console by console

Related Commands

Command	Description
clock set	Manually sets the system clock.
ntp	Controls access to the system's NTP services.
service sequence-numbers	Stamps system logging messages with a sequence number.

set aggressive-mode client-endpoint

To specify the Tunnel-Client-Endpoint attribute within an Internet Security Association Key Management Protocol (ISAKMP) peer configuration, use the set aggressive-mode client-endpoint command in ISAKMP policy configuration mode. To remove this attribute from your configuration, use the no form of this command.

set aggressive-mode client-endpoint client-endpoint

no set aggressive-mode client-endpoint client-endpoint

Syntax Description

client-endpoint

One of the following identification types of the initiator end of the tunnel: •ID_IPV4 (IPV4 address) •ID_FQDN (fully qualified domain name, for example "green.cisco.com") •ID_USER_FQDN (e-mail address) The ID type is translated to the corresponding ID type in Internet Key Exchange (IKE).

Command Default

The Tunnel-Client-Endpoint attribute is not defined.

Command Modes

ISAKMP policy configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.
12.2(18)SXD	This command was integrated into Cisco IOS Release 12.2(18)SXD.
12.4(4)T	Support for IPv6 was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Before you can use this command, you must enable the crypto isakmp peer command.

To initiate an IKE aggressive mode negotiation and specify the RADIUS Tunnel-Client-Endpoint attribute, the set aggressive-mode client-endpoint command, along with the set aggressive-mode password command, must be configured in the ISAKMP peer policy. The Tunnel-Client-Endpoint attribute will be communicated to the server by encoding it in the appropriate IKE identity payload.

Examples

The following example shows how to initiate aggressive mode using RADIUS tunnel attributes:

crypto isakmp peer address 10.4.4.1

 set aggressive-mode client-endpoint user-fqdn user@cisco.com

 set aggressive-mode password cisco123

Related Commands

Command	Description
crypto isakmp peer	Enables an IPSec peer for IKE querying of AAA for tunnel attributes in aggressive mode.
set aggressive-mode password	Specifies the Tunnel-Password attribute within an ISAKMP peer configuration.

set default interface

To indicate where to output packets that pass a match clause of a route map for policy routing and have no explicit route to the destination, use the set default interface command in route-map configuration mode. To delete an entry, use the no form of this command.

set default interface type number [...type number]

no set default interface type number [...type number]

Syntax Description

type	Interface type, used with the interface number, to which packets are output.
number	Interface number, used with the interface type, to which packets are output.

Command Default

This command is disabled by default.

Command Modes

Route-map configuration

Command History

Release	Modification
11.0	This command was introduced.
12.3(7)T	This command was updated for use in configuring IPv6 policy-based routing (PBR).
12.2(30)S	This command was integrated into Cisco IOS Release 12.2(30)S.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the type and number arguments.

Use this command to provide certain users a different default route. If the Cisco IOS software has no explicit route for the destination, then it routes the packet to this interface. The first interface specified with the set default interface command that is up is used. The optionally specified interfaces are tried in turn.

Use the ip policy route-map interface configuration command, the route-map global configuration command, and the match and set route-map configuration commands to define the conditions for policy routing packets. The ip policy route-map command identifies a route map by name. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing occurs. The set commands specify the set actions—the particular routing actions to perform if the criteria enforced by the match commands are met.

In PBR for IPv6, use the ipv6 policy route-map or ipv6 local policy route-map command with match and set route map configuration commands to define conditions for policy routing packets.

The set clauses can be used in conjunction with one another. They are evaluated in the following order:

1. set ip next-hop

2. set interface

3. set ip default next-hop

4. set default interface

Examples

In the following example, packets that have a Level 3 length of 3 to 50 bytes and for which the software has no explicit route to the destination are output to Ethernet interface 0:

interface serial 0

 ip policy route-map brighton

!

route-map brighton

 match length 3 50

 set default interface ethernet 0

Related Commands

Command	Description
ip policy route-map	Identifies a route map to use for policy routing on an interface.
ipv6 local policy route-map	Identifies a route map to use for local IPv6 PBR.
ipv6 policy route-map	Configures IPv6 PBR on an interface.
match ip address	Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on packets.
match ipv6 address	Specifies an IPv6 access list to use to match packets for PBR for IPv6.
match length	Bases policy routing on the Level 3 length of a packet.
route-map	Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing.
set default interface	Indicates where to output packets that pass a match clause of a route map for policy routing and have no explicit route to the destination.
set interface	Indicates where to output packets that pass a match clause of route map for policy routing.
set ip default next-hop verify-availability	Indicates where to output packets that pass a match clause of a route map for policy routing and for which the Cisco IOS software has no explicit route to a destination.
set ipv6 default next-hop	Specifies an IPv6 default next hop to which matching packets will be forwarded.
set ip next-hop	Indicates where to output packets that pass a match clause of a route map for policy routing.
set ipv6 next-hop (PBR)	Indicates where to output IPv6 packets that pass a match clause of a route map for policy routing.
set ipv6 precedence	Sets the precedence value in the IPv6 packet header.

set dscp

To mark a packet by setting the differentiated services code point (DSCP) value in the type of service (ToS) byte, use the set dscp command in policy-map class configuration mode. To remove a previously set DSCP value, use the no form of this command.

set [ip] dscp {dscp-value | from-field [table table-map-name]}

no set [ip] dscp {dscp-value | from-field [table table-map-name]

Syntax Description

ip	(Optional) Specifies that the match is for IPv4 packets only. If not used, the match is on both IPv4 and IPv6 packets.
dscp-value	A number from 0 to 63 that sets the DSCP value. The following reserved keywords can be specified instead of numeric values: •EF (expedited forwarding) •AF11 (assured forwarding class AF11) •AF12 (assured forwarding class AF12)
from-field	Specific packet-marking category to be used to set the DSCP value of the packet. If you are using a table map for mapping and converting packet-marking values, this establishes the "map from" packet-marking category. Packet-marking category keywords are as follows: •cos •qos-group
table	(Optional) Used in conjunction with the from-field argument. Indicates that the values set in a specified table map will be used to set the DSCP value.
table-map-name	(Optional) Used in conjunction with the table keyword. Name of the table map used to specify the DSCP value. The name can be a maximum of 64 alphanumeric characters.

Command Default

This command is disabled.

Command Modes

Policy-map class configuration

Command History

Release	Modification
12.2(13)T	This command was introduced. It replaces the set ip dscp command.
12.0(28)S	Support for this command in IPv6 was added on the in Cisco IOS Release 12.0(28)S

Usage Guidelines

Once the DSCP bit is set, other quality of service (QoS) features can then operate on the bit settings.

DSCP and Precedence Values Are Mutually Exclusive

The set dscp command cannot be used with the set precedence command to mark the same packet. The two values, DSCP and precedence, are mutually exclusive. A packet can have one value or the other, but not both.

Precedence Value and Queueing

The network gives priority (or some type of expedited handling) to marked traffic. Typically, you set the precedence value at the edge of the network (or administrative domain); data then is queued according to the precedence. Weighted fair queueing (WFQ) can speed up handling for high-precedence traffic at congestion points. Weighted Random Early Detection (WRED) ensures that high-precedence traffic has lower loss rates than other traffic during times of congestion.

Use of the "from-field" Packet-marking Category

If you are using this command as part of the Enhanced Packet Marking feature, you can use this command to specify the "from-field" packet-marking category to be used for mapping and setting the DSCP value. The "from-field" packet-marking categories are as follows:

•Class of service (CoS)

•QoS group

If you specify a "from-field" category but do not specify the table keyword and the applicable table-map-name argument, the default action will be to copy the value associated with the "from-field" category as the DSCP value. For instance, if you configure the set dscp cos command, the CoS value will be copied and used as the DSCP value.

---

Note The CoS field is a three-bit field, and the DSCP field is a six-bit field. If you configure the set dscp cos command, only the three bits of the CoS field will be used.

---

If you configure the set dscp qos-group command, the QoS group value will be copied and used as the DSCP value.

The valid value range for the DSCP is a number from 0 to 63. The valid value range for the QoS group is a number from 0 to 99. Therefore, when configuring the set dscp qos-group command, note the following points:

•If a QoS group value falls within both value ranges (for example, 44), the packet-marking value will be copied and the packets will be marked.

•If QoS group value exceeds the DSCP range (for example, 77), the packet-marking value will not be copied and the packet will not be marked. No action is taken.

Set DSCP Values in IPv6 Environments

When this command is used in IPv6 environments, the default match occurs on both IP and IPv6 packets. However, the actual packets set by this function are only those which meet the match criteria of the class-map containing this function.

Set DSCP Values for IPv6 Packets Only

To set DSCP values for IPv6 values only, the match protocol ipv6 command must also be used. Without that command, the precedence match defaults to match both IPv4 and IPv6 packets.

Set DSCP Values for IPv4 Packets Only

To set DSCP values for IPv4 packets only, use the ip keyword. Without the ip keyword, the match occurs on both IPv4 and IPv6 packets.

Examples

Packet-marking Values and Table Map

In the following example, the policy map called "policy1" is created to use the packet-marking values defined in a table map called "table-map1". The table map was created earlier with the table-map (value mapping) command. For more information about the table-map (value mapping) command, see the table-map (value mapping) command page.

In this example, the DSCP value will be set according to the CoS value defined in the table map called "table-map1".

Router(config)# policy-map policy1 
Router(config-pmap)# class