-
Cisco IOS IPv6 Command Reference
-
Introduction
-
aaa accounting multicast default through clear ipv6 mobile home-agents
-
clear ipv6 mobile traffic through debug bgp vpnv6 unicast
-
debug crypto ipv6 ipsec through debug ipv6 pim
-
debug ipv6 pim df-election through ip http server
-
ip name-server through ipv6 general-prefix
-
ipv6 hello-interval eigrp through ipv6 mld static-group
-
ipv6 mobile home-agent (global configuration) through ipv6 ospf database-filter all out
-
ipv6 ospf dead-interval through ipv6 split-horizon eigrp
-
ipv6 summary-address eigrp through mpls ldp router-id
-
mpls traffic-eng auto-bw timers through route-map
-
router-id (IPv6) through show bgp ipv6 labels
-
show bgp ipv6 neighbors through show crypto isakmp peers
-
show crypto isakmp policy through show ipv6 eigrp neighbors
-
show ipv6 eigrp topology through show ipv6 nat statistics
-
show ipv6 nat translations through show ipv6 protocols
-
show ipv6 rip through snmp-server host
-
snmp-server user through vrf forwarding
-
Table Of Contents
timers pacing lsa-group (IPv6)
timers pacing retransmission (IPv6)
snmp-server user
To configure a new user to a Simple Network Management Protocol (SNMP) group, use the snmp-server user command in global configuration mode. To remove a user from an SNMP group, use the no form of this command.
snmp-server user username group-name [remote host [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access [ipv6 nacl] [priv {des | 3des | aes {128 | 192 |256}} privpassword] {acl-number | acl-name}]
no snmp-server user username group-name [remote host [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access [ipv6 nacl] [priv {des | 3des | aes {128 | 192 |256}} privpassword] {acl-number | acl-name}]
Syntax Description
Command Default
See Table 204 in the "Usage Guidelines" section for default behaviors for encryption, passwords, and access lists.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device where the user resides. Also, before you configure remote users for a particular agent, configure the SNMP engine ID, using the snmp-server engineID command with the remote option. The remote agent's SNMP engine ID is needed when computing the authentication and privacy digests from the password. If the remote engine ID is not configured first, the configuration command will fail.
For the privpassword and auth-password arguments, the minimum length is one character; the recommended length is at least eight characters, and should include both letters and numbers.
Table 204 describes the default user characteristics for encryption, passwords, and access lists.
SNMP passwords are localized using the SNMP engine ID of the authoritative SNMP engine. For informs, the authoritative SNMP agent is the remote agent. You need to configure the remote agent's SNMP engine ID in the SNMP database before you can send proxy requests or informs to it.
Working with Passwords and Digests
No default values exist for authentication or privacy algorithms when you configure the command. Also, no default passwords exist. The minimum length for a password is one character, although Cisco recommends using at least eight characters for security. If you forget a password, you cannot recover it and will need to reconfigure the user. You can specify either a plain-text password or a localized message digest 5 (MD5) digest.
If you have the localized MD5 or SHA digest, you can specify that string instead of the plain-text password. The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hex values. Also, the digest should be exactly 16 octets long.
Examples
The following example shows how to add the user abcd to the public SNMP server group. In this example, no access list is specified for the user, so the standard named access list applied to the group applies to the user.
Router(config)# snmp-server user abcd public v2cThe following example shows how to add the user abcd to the public group. In this example, access rules from the standard named access list qrst apply to the user.
Router(config)# snmp-server user abcd public v2c access qrstIn the following example, the plain-text password "cisco123" is configured for the user "abcd" in the SNMPv3 group "public":
Router(config)# snmp-server user abcd public v3 auth md5 cisco123When you enter a show running-config command, a line for this user will be displayed. To learn if this user has been added to the configuration, type the show snmp user command.
If you have the localized MD5 or Secure Hash Algorithm (SHA) digest, you can specify that string instead of the plain-text password. The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hex values. Also, the digest should be exactly 16 octets long.
In the following example, the MD5 digest string is used instead of the plain text password:
Router(config)# snmp-server user abcd public v3 encrypted auth md5 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FFIn the following example, the user "abcd" is removed from the SNMP group "public":
Router(config)# no snmp-server user abcd public v2cIn the following example, the user "abcd" from the SNMP group "public" specifies the use of the 168-bit 3DES algorithm for privacy encryption with "secure3des" as the password.
Router(config)# snmp-server user abcd public priv 3des secure3desRelated Commands
sntp address
To specify the IPv6 Simple Network Time Protocol (SNTP) server address list to be sent to the client, use the sntp address command in DHCP for IPv6 pool configuration mode. To remove the SNTP server address list, use the no form of the command.
sntp address ipv6-address
no sntp address ipv6-address
Syntax Description
Command Default
No SNTP server address is specified.
Command Modes
IPv6 DHCP pool configuration
Command History
Usage Guidelines
The Dynamic Host Configuration Protocol (DHCP) for IPv6 for stateless configuration allows a DHCP for IPv6 client to export configuration parameters (that is, DHCP for IPv6 options) to a local DHCP for IPv6 server pool. The local DHCP for IPv6 server can then provide the imported configuration parameters to other DHCP for IPv6 clients.
The SNTP server address list option provides a list of one or more IPv6 addresses of SNTP servers available to the client for synchronization. The clients use these SNTP servers to synchronize their system time to that of the standard time servers.
Clients must treat the list of SNTP servers as an ordered list, and the server may list the SNTP servers in decreasing order of preference. The option defined in this document can be used only to configure information about SNTP servers that can be reached using IPv6.
The SNTP server option code is 31. For more information on DHCP options and suboptions, see the "DHCP Options" appendix in the Network Registrar User's Guide, Release 6.2.
Examples
The following example shows how to specify the SNTP server address:
sntp address 300::1Related Commands
spf-interval (IPv6)
To configure how often Cisco IOS software performs the shortest path first (SPF) calculation, use the spf-interval command in address family configuration mode. To restore the default interval, use the no form of this command.
spf-interval [level-1 | level-2] seconds [initial-wait] [secondary-wait]
no spf-interval seconds
Syntax Description
Command Default
The default is 5 seconds.
Command Modes
Address family configuration
Command History
Usage Guidelines
SPF calculations are performed only when the topology changes. They are not performed when external routes change.
The spf-interval (IPv6) command controls how often Cisco IOS software can perform the SPF calculation. The SPF calculation is processor-intensive. Therefore, it may be useful to limit how often the SPF calculation is performed, especially when the area is large and the topology changes often. Increasing the SPF interval reduces the processor load of the router, but it could slow down the rate of convergence.
If IPv6 and IPv4 are configured on the same interface, they must be running the same Intermediate System-to-Intermediate System (IS-IS) level.
You can use the spf-interval (IPv6) command only when using the IS-IS multitopology support for IPv6 feature.
Examples
The following example sets the SPF calculation interval to 30 seconds:
Router(config)# router isisRouter(config-router)# address-family ipv6Router(config-router-af)# spf-interval 30Related Commands
split-horizon (IPv6 RIP)
To configure split horizon processing of IPv6 Routing Information Protocol (RIP) router updates, use the split-horizon command in router configuration mode. To disable the split horizon processing of IPv6 RIP updates, use the no form of this command.
split-horizon
no split-horizon
Syntax Description
This command has no arguments or keywords.
Command Default
Split horizon is configured.
Command Modes
Router configuration
Command History
Usage Guidelines
The split-horizon (IPv6 RIP) command is similar to the ip split-horizon command, except that it is IPv6-specific.
This command configures split horizon processing of IPv6 RIP router updates. When split horizon is configured, the advertisement of networks out the interfaces from which the networks are learned is suppressed.
If both split horizon and poison reverse are configured, then split horizon behavior is replaced by poison reverse behavior (routes learned via RIP are advertised out the interface over which they were learned, but with an unreachable metric).
Note
In general, changing the state of the default for the split-horizon command is not recommended, unless you are certain that your application requires a change in order to properly advertise routes. If split horizon is disabled on a serial interface (and that interface is attached to a packet-switched network), you must disable split horizon for all routers and access servers in any relevant multicast groups on that network.
Examples
The following example configures split horizon processing for the IPv6 RIP routing process named cisco:
Router(config)# ipv6 router rip ciscoRouter(config-rtr)# split-horizonRelated Commands
neighbor (RIP)
Defines a neighboring router with which to exchange routing information.
ssh
To start an encrypted session with a remote networking device, use the ssh command in privileged EXEC or user EXEC mode.
ssh [-v {1 | 2}] [-c {3des | aes128-cbc | aes192-cbc | aes256-cbc}] [-l userid | -l userid:vrfname number ip-address | -l userid:rotarynumber ip-address] [-m {hmac-md5 | hmac-md5-96 | hmac-sha1 | hmac-sha1-96}] [-o numberofpasswordprompts n] [-p port-num] {ip-addr | hostname} [command] [-vrf]
Syntax Description
Command Default
Disabled
Command Modes
User EXEC (>)
Privileged EXEC (#)Command History
Usage Guidelines
The ssh command enables a Cisco router to make a secure, encrypted connection to another Cisco router or device running an SSH Version 1 or Version 2 server. This connection provides functionality that is similar to that of an outbound Telnet connection except that the connection is encrypted. With authentication and encryption, the SSH client allows for a secure communication over an insecure network.
Note
•
•
Examples
The following example illustrates the initiation of a secure session between the local router and the remote host HQhost to run the show users command. The result of the show users command is a list of valid users who are logged in to HQhost. The remote host will prompt for the adminHQ password to authenticate the user adminHQ. If the authentication step is successful, the remote host will return the result of the show users command to the local router and will then close the session.
ssh -l adminHQ HQhost "show users"The following example illustrates the initiation of a secure session between the local router and the edge router HQedge to run the show ip route command. In this example, the edge router prompts for the adminHQ password to authenticate the user. If the authentication step is successful, the edge router will return the result of the show ip route command to the local router.
ssh -l adminHQ HQedge "show ip route"The following example shows the SSH client using 3DES to initiate a secure remote command connection with the HQedge router. The SSH server running on HQedge authenticates the session for the admin7 user on the HQedge router using standard authentication methods. The HQedge router must have SSH enabled for authentication to work.
ssh -l admin7 -c 3des -o numberofpasswordprompts 5 HQedgeThe following example shows a secure session between the local router and a remote IPv6 router with the address 3ffe:1111:2222:1044::72 to run the show running-config command. In this example, the remote IPv6 router prompts for the adminHQ password to authenticate the user. If the authentication step is successful, the remote IPv6 router will return the result of the show running-config command to the local router and will then close the session.
ssh -l adminHQ 3ffe:1111:2222:1044::72 "show running-config"
Note
The following example shows a SSH Version 2 session using the crypto algorithm aes256-cbc and an HMAC of hmac-sha1-96. The user ID is user2, and the IP address is 10.76.82.24.
ssh -v 2 -c aes256-cbc -m hmac-sha1-96 -1 user2 10.76.82.24The following example shows that reverse SSH has been configured on the SSH client:
ssh -l lab:1 router.example.comThe following command shows that Reverse SSH will connect to the first free line in the rotary group:
ssh -l lab:rotary1 router.example.comRelated Commands
standby ipv6
To activate the Hot Standby Router Protocol (HSRP) in IPv6, use the standby ipv6 command in interface configuration mode. To disable HSRP, use the no form of this command.
standby [group-number] ipv6 [link-local-address | autoconfig]
no standby [group-number] ipv6 [link-local-address | autoconfig]
Syntax Description
Command Default
The default group number is 0.
HSRP is disabled by default.Command Modes
Interface configuration
Command History
Usage Guidelines
The standby ipv6 command activates HSRP on the configured interface. If an IPv6 address is specified, that address is used as the designated address for the Hot Standby group. If no IP address is specified, the designated address is learned through the standby function. For HSRP to elect a designated router, at least one router on the cable must have been configured with, or have learned, the designated address. Configuration of the designated address on the active router always overrides a designated address that is currently in use.
When the standby ipv6 command is enabled on an interface, the handling of proxy Address Resolution Protocol (ARP) requests is changed (unless proxy ARP was disabled). If the Hot Standby state of the interface is active, proxy ARP requests are answered using the MAC address of the Hot Standby group. If the interface is in a different state, proxy ARP responses are suppressed.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
HSRP version 2 permits an expanded group number range from 0 to 4095. The increased group number range does not imply that an interface can, or should, support that many HSRP groups. The expanded group number range was changed to allow the group number to match the VLAN number on subinterfaces.
Examples
The following example activates HSRP for group 1 on Ethernet interface 0. The IPv6 address used by the Hot Standby group will be learned using HSRP.
interface ethernet 0standby 1 ipv6Router# show standbyEthernet0/0 - Group 1 (version 2)State is Active2 state changes, last state change 00:01:59Virtual IPv6 address is FE80::205:73FF:FEA0:1Active virtual MAC address is 0005.73a0.0002Local virtual MAC address is 0005.73a0.0002 (v2 IPv6 default)Hello time 3 sec, hold time 10 secNext hello sent in 1.600 secsPreemption disabledActive router is localStandby router is FE80:2::1, priority 100 (expires in 8.092 sec)Priority 100 (default 100)IPv6 redundancy name is "hsrp-Et0/0-2" (default)Related Commands
show ipv6 interface
Displays the usability status of interfaces configured for IPv6.
show standby
Displays HSRP information.
standby preempt
To configure Hot Standby Router Protocol (HSRP) preemption and preemption delay, use the standby preempt command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] preempt [delay {minimum seconds | reload seconds | sync seconds}]
no standby [group-number] preempt [delay {minimum seconds | reload seconds | sync seconds}]
Syntax Description
Defaults
The default group number is 0.
The default delay is 0 seconds; if the router wants to preempt, it will do so immediately.
By default, the router that comes up later becomes the standby.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
When this command is configured, the router is configured to preempt, which means that when the local router has a Hot Standby priority higher than the current active router, the local router should attempt to assume control as the active router. If preemption is not configured, the local router assumes control as the active router only if it receives information indicating no router is in the active state (acting as the designated router).
When a router first comes up, it does not have a complete routing table. If it is configured to preempt, it will become the active router, yet it is unable to provide adequate routing services. Solve this problem by configuring a delay before the preempting router actually preempts the currently active router.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
IP redundancy clients can prevent preemption from taking place. The standby preempt delay sync seconds command specifies a maximum number of seconds to allow IP redundancy clients to prevent preemption. When this expires, then preemption takes place regardless of the state of the IP redundancy clients.
The standby preempt delay reload seconds command allows preemption to occur only after a router reloads. This provides stabilization of the router at startup. After this initial delay at startup, the operation returns to the default behavior.
The no standby preempt delay command will disable the preemption delay but preemption will remain enabled. The no standby preempt delay minimum seconds command will disable the minimum delay but leave any synchronization delay if it was configured.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 preempt delay minimum 300% Warning: This setting has no effect while following another group.Examples
In the following example, the router will wait for 300 seconds (5 minutes) before attempting to become the active router:
interface ethernet 0standby ip 172.19.108.254standby preempt delay minimum 300standby priority
To configure Hot Standby Router Protocol (HSRP) priority, use the standby priority command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] priority priority
no standby [group-number] priority priority
Syntax Description
Defaults
The default group number is 0.
The default priority is 100.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
The assigned priority is used to help select the active and standby routers. Assuming that preemption is enabled, the router with the highest priority becomes the designated active router. In case of ties, the primary IP addresses are compared, and the higher IP address has priority.
Note that the priority of the device can change dynamically if an interface is configured with the standby track command and another interface on the router goes down.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 priority 110%Warning: This setting has no effect while following another group.Examples
In the following example, the router has a priority of 120 (higher than the default value):
interface ethernet 0standby ip 172.19.108.254standby priority 120standby preempt delay 300Related Commands
standby track
Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.
standby version
To change the version of the Hot Standby Router Protocol (HSRP), use the standby version command in interface configuration mode. To change to the default version, use the no form of this command.
standby version {1 | 2}
no standby version
Syntax Description
Defaults
HSRP version 1 is the default HSRP version.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
HSRP version 2 addresses limitations of HSRP version 1 by providing an expanded group number range of 0 to 4095.
HSRP version 2 does not interoperate with HSRP version 1. An interface cannot operate both version 1 and version 2 because both versions are mutually exclusive. However, the different versions can be run on different physical interfaces of the same router. The group number range is from 0 to 255 for HSRP version 1 and from 0 to 4095 for HSRP version 2. You cannot change from version 2 to version 1 if you have configured groups above 255. Use the no standby version command to set the HSRP version to the default version, version 1.
If an HSRP version is changed, each group will reinitialize because it now has a new virtual MAC address.
Examples
The following example shows how to configure HSRP version 2 on an interface with a group number of 500:
!interface vlan500standby version 2standby 500 ip 172.20.100.10standby 500 priority 110standby 500 preemptstandby 500 timers 5 15Related Commands
stub
To configure a router as a stub using Enhanced Internal Gateway Routing Protocol (EIGRP), use the stub command in router configuration mode. To disable the EIGRP stub routing feature, use the no form of this command.
stub [receive-only | connected | static | summary | redistributed]
no stub [receive-only | connected | static | summary | redistributed]
Syntax Description
Command Default
Stub routing is not enabled.
Command Modes
Router configuration
Command History
Usage Guidelines
Use the stub command to configure a router as a stub where the router directs all IPv6 traffic to a distribution router.
The stub command can be modified with keywords, and more than one keyword can be used in the same syntax. These options can be used in any combination, except for the receive-only keyword. The receive-only keyword will restrict the router from sharing any of its routes with any other router in that EIGRP autonomous system, and the receive-only keyword will not permit any other option to be specified because it prevents any type of route from being sent. The connected, static, summary, and redistributed keywords can be used in any combination but cannot be used with the receive-only keyword.
If any of these four keywords is used with the stub command, only the route types specified by the particular keywords will be sent. Route types specified by the nonused keywords will not be sent.
The connected keyword permits the EIGRP stub routing feature to send connected routes. If the connected routes are not covered by a network statement, it may be necessary to redistribute connected routes with the redistribute connected command under the EIGRP process. This option is enabled by default.
The static keyword permits the EIGRP stub routing feature to send static routes. Without the configuration of this option, EIGRP will not send any static routes, including internal static routes that normally would be automatically redistributed. It will still be necessary to redistribute static routes with the redistribute static command.
The summary keyword permits the EIGRP stub routing feature to send summary routes. Summary routes can be created manually with the ipv6 summary address eigrp command or automatically at a major network border router with the auto-summary command enabled. This option is enabled by default.
The redistributed keyword permits the EIGRP stub routing feature to send other routing protocols and autonomous systems. Without the configuration of this option, EIGRP will not advertise redistributed routes.
Note
Examples
In the following example, the stub command is used to configure the router as a stub that advertises connected and summary routes:
ipv6 router eigrp 1network 3FEE:12E1:2AC1:EA32::/64stubIn the following example, the stub command is issued with the connected and static keywords to configure the router as a stub that advertises connected and static routes (sending summary routes will not be permitted):
ipv6 router eigrp 1network 3FEE:12E1:2AC1:EA32::/64stub connected staticIn the following example, the stub command is issued with the receive-only keyword to configure the router as a receive-only neighbor (connected, summary, and static routes will not be sent):
ipv6 router eigrp 1network 3FEE:12E1:2AC1:EA32::/64 eigrpstub receive-onlyIn the following example, the stub command is issued with the redistributed keyword to configure the router to advertise other protocols and autonomous systems:
ipv6 router eigrp 1network 3FEE
