-
Cisco IOS IPv6 Command Reference
-
Introduction
-
aaa accounting multicast default through clear ipv6 mobile home-agents
-
clear ipv6 mobile traffic through debug bgp vpnv6 unicast
-
debug crypto ipv6 ipsec through debug ipv6 pim
-
debug ipv6 pim df-election through ip http server
-
ip name-server through ipv6 general-prefix
-
ipv6 hello-interval eigrp through ipv6 mld static-group
-
ipv6 mobile home-agent (global configuration) through ipv6 ospf database-filter all out
-
ipv6 ospf dead-interval through ipv6 split-horizon eigrp
-
ipv6 summary-address eigrp through mpls ldp router-id
-
mpls traffic-eng auto-bw timers through route-map
-
router-id (IPv6) through show bgp ipv6 labels
-
show bgp ipv6 neighbors through show crypto isakmp peers
-
show crypto isakmp policy through show ipv6 eigrp neighbors
-
show ipv6 eigrp topology through show ipv6 nat statistics
-
show ipv6 nat translations through show ipv6 protocols
-
show ipv6 rip through snmp-server host
-
snmp-server user through vrf forwarding
-
Table Of Contents
timers pacing lsa-group (IPv6)
timers pacing retransmission (IPv6)
translation-profile (dial peer)
virtual-profile virtual-template
voice-class sip outbound-proxy
snmp-server user
To configure a new user to a Simple Network Management Protocol (SNMP) group, use the snmp-server user command in global configuration mode. To remove a user from an SNMP group, use the no form of this command.
snmp-server user username group-name [remote host [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access [ipv6 nacl] [priv {des | 3des | aes {128 | 192 |256}} privpassword] {acl-number | acl-name}]
no snmp-server user username group-name [remote host [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access [ipv6 nacl] [priv {des | 3des | aes {128 | 192 |256}} privpassword] {acl-number | acl-name}]
Syntax Description
Command Default
See Table 271 in the "Usage Guidelines" section for default behaviors for encryption, passwords, and access lists.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device where the user resides. Also, before you configure remote users for a particular agent, configure the SNMP engine ID, using the snmp-server engineID command with the remote option. The remote agent's SNMP engine ID is needed when computing the authentication and privacy digests from the password. If the remote engine ID is not configured first, the configuration command will fail.
For the privpassword and auth-password arguments, the minimum length is one character; the recommended length is at least eight characters, and should include both letters and numbers.
Table 271 describes the default user characteristics for encryption, passwords, and access lists.
SNMP passwords are localized using the SNMP engine ID of the authoritative SNMP engine. For informs, the authoritative SNMP agent is the remote agent. You need to configure the remote agent's SNMP engine ID in the SNMP database before you can send proxy requests or informs to it.
Working with Passwords and Digests
No default values exist for authentication or privacy algorithms when you configure the command. Also, no default passwords exist. The minimum length for a password is one character, although Cisco recommends using at least eight characters for security. If you forget a password, you cannot recover it and will need to reconfigure the user. You can specify either a plain-text password or a localized message digest 5 (MD5) digest.
If you have the localized MD5 or SHA digest, you can specify that string instead of the plain-text password. The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hex values. Also, the digest should be exactly 16 octets long.
Examples
The following example shows how to add the user abcd to the public SNMP server group. In this example, no access list is specified for the user, so the standard named access list applied to the group applies to the user.
Router(config)# snmp-server user abcd public v2cThe following example shows how to add the user abcd to the public group. In this example, access rules from the standard named access list qrst apply to the user.
Router(config)# snmp-server user abcd public v2c access qrstIn the following example, the plain-text password "cisco123" is configured for the user "abcd" in the SNMPv3 group "public":
Router(config)# snmp-server user abcd public v3 auth md5 cisco123When you enter a show running-config command, a line for this user will be displayed. To learn if this user has been added to the configuration, type the show snmp user command.
If you have the localized MD5 or Secure Hash Algorithm (SHA) digest, you can specify that string instead of the plain-text password. The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hex values. Also, the digest should be exactly 16 octets long.
In the following example, the MD5 digest string is used instead of the plain text password:
Router(config)# snmp-server user abcd public v3 encrypted auth md5 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FFIn the following example, the user "abcd" is removed from the SNMP group "public":
Router(config)# no snmp-server user abcd public v2cIn the following example, the user "abcd" from the SNMP group "public" specifies the use of the 168-bit 3DES algorithm for privacy encryption with "secure3des" as the password.
Router(config)# snmp-server user abcd public priv 3des secure3desRelated Commands
sntp address
To specify the IPv6 Simple Network Time Protocol (SNTP) server address list to be sent to the client, use the sntp address command in DHCP for IPv6 pool configuration mode. To remove the SNTP server address list, use the no form of the command.
sntp address ipv6-address
no sntp address ipv6-address
Syntax Description
Command Default
No SNTP server address is specified.
Command Modes
IPv6 DHCP pool configuration
Command History
12.4(15)T
This command was introduced.
Cisco IOS XE Release 2.5
This command was updated. It was integrated into Cisco IOS XE Release 2.5.
Usage Guidelines
The Dynamic Host Configuration Protocol (DHCP) for IPv6 for stateless configuration allows a DHCP for IPv6 client to export configuration parameters (that is, DHCP for IPv6 options) to a local DHCP for IPv6 server pool. The local DHCP for IPv6 server can then provide the imported configuration parameters to other DHCP for IPv6 clients.
The SNTP server address list option provides a list of one or more IPv6 addresses of SNTP servers available to the client for synchronization. The clients use these SNTP servers to synchronize their system time to that of the standard time servers.
Clients must treat the list of SNTP servers as an ordered list, and the server may list the SNTP servers in decreasing order of preference. The option defined in this document can be used only to configure information about SNTP servers that can be reached using IPv6.
The SNTP server option code is 31. For more information on DHCP options and suboptions, see the "DHCP Options" appendix in the Network Registrar User's Guide, Release 6.2.
Examples
The following example shows how to specify the SNTP server address:
sntp address 300::1Related Commands
spd extended
To configure Selective Packet Discard (SPD) extended headroom, use the spd extended command in global configuration mode. To return to the default value, use the no form of this command.
spd extended size
no spd extended
Syntax Description
Command Default
The SPD extended headroom default is 10.
Command Modes
Global configuration
Command History
12.2(33)SXH
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Usage Guidelines
Because Interior Gateway Protocols (IGPs) and link stability are tenuous and crucial, such packets are given the highest priority and are given extended SPD headroom with a default of 10 packets. These packets are not dropped if the size of the input hold queue is lower than 185 (input queue default size + SPD headroom size + SPD extended headroom).
Examples
The following example configures SPD extended headroom to be 11:
Router(config)# spd extended 11Related Commands
show ipv6 spd
Displays the IPv6 SPD configuration.
spd headroom
Configures SPD headroom.
spd headroom
To configure Selective Packet Discard (SPD) headroom, use the spd headroom command in global configuration mode. To return to the default value, use the no form of this command.
spd headroom size
no spd headroom
Syntax Description
Command Default
The SPD headroom default is 100.
Command Modes
Global configuration
Command History
12.2(33)SXH
This command was introduced.
12.2(33)SRC
This command was integrated into Cisco IOS Release 12.2(33)SRC.
Usage Guidelines
SPD prioritizes IPv6 packets with a precedence of 7 by allowing the software to queue them into the process level input queue above the normal input queue limit. The number of packets allowed in excess of the normal limit is called the SPD headroom, the default being 100, which means that a high precedence packet is not dropped if the size of the input hold queue is lower than 175 (input queue default size + SPD headroom size).
Examples
The following example configures SPD headroom to be 95:
Router(config)# spd headroom 95Related Commands
show ipv6 spd
Displays the IPv6 SPD configuration.
spd extended
Configures SPD extended headroom.
spf-interval (IPv6)
To configure how often Cisco IOS software performs the shortest path first (SPF) calculation, use the spf-interval command in address family configuration mode. To restore the default interval, use the no form of this command.
spf-interval [level-1 | level-2] seconds [initial-wait] [secondary-wait]
no spf-interval seconds
Syntax Description
Command Default
The default is 5 seconds.
Command Modes
Address family configuration
Command History
Usage Guidelines
SPF calculations are performed only when the topology changes. They are not performed when external routes change.
The spf-interval (IPv6) command controls how often Cisco IOS software can perform the SPF calculation. The SPF calculation is processor-intensive. Therefore, it may be useful to limit how often the SPF calculation is performed, especially when the area is large and the topology changes often. Increasing the SPF interval reduces the processor load of the router, but it could slow down the rate of convergence.
If IPv6 and IPv4 are configured on the same interface, they must be running the same Intermediate System-to-Intermediate System (IS-IS) level.
You can use the spf-interval (IPv6) command only when using the IS-IS multitopology support for IPv6 feature.
Examples
The following example sets the SPF calculation interval to 30 seconds:
Router(config)# router isisRouter(config-router)# address-family ipv6Router(config-router-af)# spf-interval 30Related Commands
split-horizon (IPv6 RIP)
To configure split horizon processing of IPv6 Routing Information Protocol (RIP) router updates, use the split-horizon command in router configuration mode. To disable the split horizon processing of IPv6 RIP updates, use the no form of this command.
split-horizon
no split-horizon
Syntax Description
This command has no arguments or keywords.
Command Default
Split horizon is configured.
Command Modes
Router configuration
Command History
Usage Guidelines
The split-horizon (IPv6 RIP) command is similar to the ip split-horizon command, except that it is IPv6-specific.
This command configures split horizon processing of IPv6 RIP router updates. When split horizon is configured, the advertisement of networks out the interfaces from which the networks are learned is suppressed.
If both split horizon and poison reverse are configured, then split horizon behavior is replaced by poison reverse behavior (routes learned via RIP are advertised out the interface over which they were learned, but with an unreachable metric).
Note
In general, changing the state of the default for the split-horizon command is not recommended, unless you are certain that your application requires a change in order to properly advertise routes. If split horizon is disabled on a serial interface (and that interface is attached to a packet-switched network), you must disable split horizon for all routers and access servers in any relevant multicast groups on that network.
Examples
The following example configures split horizon processing for the IPv6 RIP routing process named cisco:
Router(config)# ipv6 router rip ciscoRouter(config-rtr)# split-horizonRelated Commands
neighbor (RIP)
Defines a neighboring router with which to exchange routing information.
ssh
To start an encrypted session with a remote networking device, use the ssh command in privileged EXEC or user EXEC mode.
ssh [-v {1 | 2}] [-c {3des | aes128-cbc | aes192-cbc | aes256-cbc}] [-l userid | -l userid:vrfname number ip-address | -l userid:rotarynumber ip-address] [-m {hmac-md5 | hmac-md5-96 | hmac-sha1 | hmac-sha1-96}] [-o numberofpasswordprompts n] [-p port-num] {ip-addr | hostname} [command] [-vrf]
Syntax Description
Command Default
No encrypted session exists if the command is not used.
Command Modes
User EXEC (>)
Privileged EXEC (#)Command History
Usage Guidelines
The ssh command enables a Cisco router to make a secure, encrypted connection to another Cisco router or device running an SSH Version 1 or Version 2 server. This connection provides functionality that is similar to that of an outbound Telnet connection except that the connection is encrypted. With authentication and encryption, the SSH client allows for a secure communication over an insecure network.
Note
•
•
The following example illustrates the initiation of a secure session between the local router and the remote host HQhost to run the show users command. The result of the show users command is a list of valid users who are logged in to HQhost. The remote host will prompt for the adminHQ password to authenticate the user adminHQ. If the authentication step is successful, the remote host will return the result of the show users command to the local router and will then close the session.
ssh -l adminHQ HQhost "show users"The following example illustrates the initiation of a secure session between the local router and the edge router HQedge to run the show ip route command. In this example, the edge router prompts for the adminHQ password to authenticate the user. If the authentication step is successful, the edge router will return the result of the show ip route command to the local router.
ssh -l adminHQ HQedge "show ip route"The following example shows the SSH client using 3DES to initiate a secure remote command connection with the HQedge router. The SSH server running on HQedge authenticates the session for the admin7 user on the HQedge router using standard authentication methods. The HQedge router must have SSH enabled for authentication to work.
ssh -l admin7 -c 3des -o numberofpasswordprompts 5 HQedgeThe following example shows a secure session between the local router and a remote IPv6 router with the address 3ffe:1111:2222:1044::72 to run the show running-config command. In this example, the remote IPv6 router prompts for the adminHQ password to authenticate the user. If the authentication step is successful, the remote IPv6 router will return the result of the show running-config command to the local router and will then close the session.
ssh -l adminHQ 3ffe:1111:2222:1044::72 "show running-config"
Note
The following example shows a SSH Version 2 session using the crypto algorithm aes256-cbc and an HMAC of hmac-sha1-96. The user ID is user2, and the IP address is 10.76.82.24.
ssh -v 2 -c aes256-cbc -m hmac-sha1-96 -1 user2 10.76.82.24The following example shows that reverse SSH has been configured on the SSH client:
ssh -l lab:1 router.example.comThe following command shows that Reverse SSH will connect to the first free line in the rotary group:
ssh -l lab:rotary1 router.example.comRelated Commands
standby ipv6
To activate the Hot Standby Router Protocol (HSRP) in IPv6, use the standby ipv6 command in interface configuration mode. To disable HSRP, use the no form of this command.
standby [group-number] ipv6 [link-local-address | autoconfig]
no standby [group-number] ipv6 [link-local-address | autoconfig]
Syntax Description
Command Default
The default group number is 0.
HSRP is disabled by default.Command Modes
Interface configuration
Command History
Usage Guidelines
An Ethernet or FDDI type interface must be used for HSRP for IPv6. HSRP version 2 must be enabled on an interface before HSRP IPv6 can be configured.
The standby ipv6 command enables an HSRP group for IPv6 operation. If the autoconfig keyword is used, then a link-local address will be generated from the link-local prefix and a modified EUI-64 format interface identifier, where the EUI-64 interface identifier is created from the relevant HSRP virtual MAC address. If an IPv6 address is used, it must be an IPv6 link-local address, configured using the link-local-address argument.
Examples
The following example enables an HSRP group for IPv6 operation:
Router(config)# standby version 2Router(config)# interface ethernet 0Router(config-if)# standby ipv6 autoconfigRelated Commands
show ipv6 interface
Displays the usability status of interfaces configured for IPv6.
standby preempt
To configure Hot Standby Router Protocol (HSRP) preemption and preemption delay, use the standby preempt command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] preempt [delay {minimum seconds | reload seconds | sync seconds}]
no standby [group-number] preempt [delay {minimum seconds | reload seconds | sync seconds}]
Syntax Description
Command Default
The default group number is 0.
The default delay is 0 seconds; if the router wants to preempt, it will do so immediately.
By default, the router that comes up later becomes the standby.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Note
When the standby preempt command is configured, the router is configured to preempt, which means that when the local router has a Hot Standby priority higher than the current active router, the local router should attempt to assume control as the active router. If preemption is not configured, the local router assumes control as the active router only if it receives information indicating no router is in the active state (acting as the designated router).
This command is separate from the standby delay minimum reload interface configuration command, which delays HSRP groups from initializing for the specified time after the interface comes up.
When a router first comes up, it does not have a complete routing table. If it is configured to preempt, it will become the active router, yet it is unable to provide adequate routing services. Solve this problem by configuring a delay before the preempting router actually preempts the currently active router.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
IP redundancy clients can prevent preemption from taking place. The standby preempt delay sync seconds command specifies a maximum number of seconds to allow IP redundancy clients to prevent preemption. When this expires, then preemption takes place regardless of the state of the IP redundancy clients.
The standby preempt delay reload seconds command allows preemption to occur only after a router reloads. This provides stabilization of the router at startup. After this initial delay at startup, the operation returns to the default behavior.
The no standby preempt delay command will disable the preemption delay but preemption will remain enabled. The no standby preempt delay minimum seconds command will disable the minimum delay but leave any synchronization delay if it was configured.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 preempt delay minimum 300% Warning: This setting has no effect while following another group.Examples
In the following example, the router will wait for 300 seconds (5 minutes) before attempting to become the active router:
interface ethernet 0standby ip 172.19.108.254standby preempt delay minimum 300standby priority
To configure Hot Standby Router Protocol (HSRP) priority, use the standby priority command in interface configuration mode. To restore the default values, use the no form of this command.
standby [group-number] priority priority
no standby [group-number] priority priority
Syntax Description
Command Default
The default group number is 0.
The default priority is 100.Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Note
When group number 0 is used, the number 0 is written to NVRAM, providing backward compatibility.
The assigned priority is used to help select the active and standby routers. Assuming that preemption is enabled, the router with the highest priority becomes the designated active router. In case of ties, the primary IP addresses are compared, and the higher IP address has priority.
Note that the priority of the device can change dynamically if an interface is configured with the standby track command and another interface on the router or a tracked object goes down.
When the standby follow command is used to configure an HSRP group to become an IP redundancy client of another HSRP group, the client group takes its state from the master group it is following. Therefore, the client group does not use its timer, priority, or preemption settings. A warning is displayed if these settings are configured on a client group:
Router(config-if)# standby 1 priority 110%Warning: This setting has no effect while following another group.Examples
In the following example, the router has a priority of 120 (higher than the default value):
interface ethernet 0standby ip 172.19.108.254standby priority 120standby preempt delay 300Related Commands
standby track
Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.
standby version
To change the version of the Hot Standby Router Protocol (HSRP), use the standby version command in interface configuration mode. To change to the default version, use the no form of this command.
standby version {1 | 2}
no standby version
Syntax Description
Command Default
HSRP version 1 is the default HSRP version.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
HSRP version 2 addresses limitations of HSRP version 1 by providing an expanded group number range of 0 to 4095.
HSRP version 2 does not interoperate with HSRP version 1. An interface cannot operate both version 1 and version 2 because both versions are mutually exclusive. However, the different versions can be run on different physical interfaces of the same router. The group number range is from 0 to 255 for HSRP version 1 and from 0 to 4095 for HSRP version 2. You cannot change from version 2 to version 1 if you have configured groups above 255. Use the no standby version command to set the HSRP version to the default version, version 1.
If an HSRP version is changed, each group will reinitialize because it now has a new virtual MAC address.
Examples
The following example shows how to configure HSRP version 2 on an interface with a group number of 500:
!interface vlan500standby version 2standby 500 ip 172.20.100.10standby 500 priority 110standby 500 preemptstandby 500 timers 5 15Related Commands
stub
Note
To configure a router as a stub using Enhanced Interior Gateway Routing Protocol (EIGRP), use the stub command in router configuration mode. To disable the EIGRP stub routing feature, use the no form of this command.
stub [receive-only | connected | static | summary | redistributed]
no stub [receive-only | connected | static | summary | redistributed]
Syntax Description
Command Default
Stub routing is not enabled.
Command Modes
Router configuration (config-router)
Command History
Usage Guidelines
Use the stub command to configure a router as a stub where the router directs all IPv6 traffic to a distribution router.
The stub command can be modified with keywords, and more than one keyword can be used in the same syntax. These options can be used in any combination, except for the receive-only keyword. The receive-only keyword will restrict the router from sharing any of its routes with any other router in that EIGRP autonomous system, and the receive-only keyword will not permit any other option to be specified because it prevents any type of route from being sent. The connected, static, summary, and redistributed keywords can be used in any combination but cannot be used with the receive-only keyword.
If any of these four keywords is used with the stub command, only the route types specified by the particular keywords will be sent. Route types specified by the nonused keywords will not be sent.
The connected keyword permits the EIGRP stub routing feature to send connected routes. If the connected routes are not covered by a network statement, it may be necessary to redistribute connected routes with the redistribute connected command under the EIGRP process. This option is enabled by default.
The static keyword permits the EIGRP stub routing feature to send static routes. Without the configuration of this option, EIGRP will not send any static routes, including internal static routes that normally would be automatically redistributed. It will still be necessary to redistribute static routes with the redistribute static command.
The summary keyword permits the EIGRP stub routing feature to send summary routes. Summary routes can be created manually with the ipv6 summary address eigrp command or automatically at a major network border router with the auto-summary command enabled. This option is enabled by default.
The redistributed keyword permits the EIGRP stub routing feature to send other routing protocols and autonomous systems. Without the configuration of this option, EIGRP will not advertise redistributed routes.
Note
Examples
In the following example, the stub command is used to configure the router as a stub that advertises connected and summary routes:
ipv6 router eigrp 1network 3FEE:12E1:2AC1:EA32::/64stubIn the following example, the stub command is issued with the connected and static keywords to configure the router as a stub that advertises connected and static routes (sending summary routes will not be permitted):
ipv6 router eigrp 1network 3FEE:12E1:2AC1:EA32::/64stub connected staticIn the following example, the stub command is issued with the receive-only keyword to configure the router as a receive-only neighbor (connected, summary, and static routes will not be sent):
ipv6 router eigrp 1network 3FEE:12E1:2AC1:EA32::/64 eigrpstub receive-onlyIn the following example, the stub command is issued with the redistributed keyword to configure the router to advertise other protocols and autonomous systems:
ipv6 router eigrp 1network 3FEE:12E1:2AC1:EA32::/64 eigrpstub redistributedRelated Commands
subject-name
To specify the subject name in the certificate request, use the subject-name command in ca-trustpoint configuration mode. To clear any subject name from the configuration, use the no form of this command.
subject-name [x.500-name]
no subject-name [x.500-name]
Syntax Description
Command Default
If the x-500-name argument is not specified, the fully qualified domain name (FQDN), which is the default subject name, will be used.
Command Modes
Ca-trustpoint configuration
Command History
12.2(8)T
This command was introduced.
12.4(24)T
Support for IPv6 Secure Neighbor Discovery (SeND) was added.
Usage Guidelines
Before you can issue the subject-name command, you must enable the crypto ca trustpoint command, which declares the certification authority (CA) that your router should use and enters ca-trustpoint configuration mode.
The subject-name command is an attribute that can be set for autoenrollment; thus, issuing this command prevents you from being prompted for a subject name during enrollment.
Examples
The following example shows how to specify the subject name for the "frog" certificate:
crypto ca trustpoint frogenrollment url http://frog.phoobin.com/subject-name OU=Spiral Dept., O=tiedye.comip-address ethernet-0auto-enroll regeneratepassword revokmeRelated Commands
summary-prefix (IPv6 IS-IS)
To create aggregate IPv6 prefixes for Intermediate System-to-Intermediate System (IS-IS), use the summary-prefix command in address family configuration mode. To restore the default, use the no form of this command.
summary-prefix ipv6-prefix/prefix-length {level-1 | level-1-2 | level-2}
no summary-prefix ipv6-prefix/prefix-length {level-1 | level-1-2 | level-2}
Syntax Description
Command Default
All redistributed routes are advertised individually.
Command Modes
Address family configuration
Command History
Usage Guidelines
Multiple groups of prefixes can be summarized for a given level. Routes learned from other routing protocols can also be summarized. The metric used to advertise the summary is the smallest metric of all the more specific routes. This command helps reduce the size of the routing updates generated by the router, resulting in smaller routing tables on neighbor routers.
This command also reduces the size of the link-state packets (LSPs) and thus the link-state database (LSDB). It also helps ensure stability because a summary advertisement is depending on many more specific routes. If one more specific route flaps, in most cases this flapping does not cause a flap of the summary advertisement.
The drawback of summary prefixes is that other routes might have less information with which to calculate the most optimal routing table for all individual destinations.
Note
Examples
The following example redistributes Routing Information Protocol (RIP) routes into IS-IS. In
the RIP routing table, there are IPv6 routes for 3FFE:F000:0001:0000::/64, 3FFE:F000:0002:0000::/64, 3FFE:F000:0003:0000::/64, and so on. This example advertises only 3FFE:F000::/24 into IPv6
IS-IS Level 1.Router(config)# router isis area01Router(config-router)# address-family ipv6Router(config-router-af)# redistribute rip level-1 metric 40Router(config-router-af)# summary-prefix 3FFE:F000::/24 level-1summary-prefix (IPv6 OSPF)
To configure an IPv6 summary prefix, use the summary-prefix command in router configuration mode. To restore the default, use the no form of this command.
summary-prefix prefix [not-advertise | tag tag-value]
no summary-prefix prefix [not-advertise | tag tag-value]
Syntax Description
Command Default
No IPv6 summary prefix is defined.
Command Modes
Router configuration
Command History
Usage Guidelines
This command can be used to summarize routers redistributed from other routing protocols. Multiple groups of addresses can be summarized. The metric used to advertise the summary is the smallest metric of all the more specific routes. This command helps reduce the size of the routing table.
Examples
In the following example, the summary prefix FEC0::/24 includes addresses FEC0::/1 through FEC0::/24. Only the address FEC0::/24 is advertised in an external link-state advertisement.
ipv6 router ospf 1router-id 172.16.3.3summary-prefix FEC0::/24redistribute staticsynchronization (IPv6)
To enable the synchronization between IPv6 Border Gateway Protocol (BGP) and your Interior Gateway Protocol (IGP) system, use the synchronization command in address family configuration mode. To enable the Cisco IOS software to advertise a network route without waiting for IGP, use the no form of this command.
synchronization
no synchronization
Syntax Description
This command has no arguments or keywords.
Command Default
BGP advertises network routes without waiting for IGP.
Command Modes
Address family configuration
Command History
Usage Guidelines
Unlike the IPv4 version of the synchronization command, the IPv6 version is disabled by default.
By default, an IPv6 BGP speaker advertises an IPv6 network route without waiting for the IGP. Use the synchronization command in address family configuration mode to synchronize routing advertisements between BGP and your IGP. This feature allows routers and access servers within an autonomous system to have the route before BGP makes it available to other autonomous systems. When synchronization is enabled, IPv6 BGP does not advertise a route to an external neighbor unless that route is local or exists in the IGP.
Use the synchronization command if routers in the autonomous system do not speak BGP.
Examples
The following example enables a router to advertise an IPv6 network route without waiting for an IGP:
router bgp 65000address-family ipv6synchronizationtelnet
To log in to a host that supports Telnet, use the telnet command in user EXEC or privileged EXEC mode.
telnet host [port] [keyword]
Syntax Description
host
A hostname or an IP address.
port
(Optional) A decimal TCP port number, or port name; the default is the Telnet router port (decimal 23) on the host.
keyword
(Optional) One of the keywords listed in Table 272.
Command Modes
User EXEC
Privileged EXECCommand History
Usage Guidelines
Table 272 lists the optional telnet command keywords.
With the Cisco IOS implementation of TCP/IP, you are not required to enter the connect or telnet command to establish a terminal connection. You can enter only the learned hostname—as long as the following conditions are met:
•
•
To display a list of the available hosts, use the show hosts command. To display the status of all TCP connections, use the show tcp command.
The Cisco IOS software assigns a logical name to each connection, and several commands use these names to identify connections. The logical name is the same as the hostname, unless that name is already in use, or you change the connection name with the name-connection EXEC command. If the name is already in use, the Cisco IOS software assigns a null name to the connection.
The Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system-specific functions. To issue a special Telnet command, enter the escape sequence and then a command character. The default escape sequence is Ctrl-^ (press and hold the Ctrl and Shift keys and the 6 key). You can enter the command character as you hold down Ctrl or with Ctrl released; you can use either uppercase or lowercase letters. Table 273 lists the special Telnet escape sequences.
Table 273 Special Telnet Escape Sequences
Ctrl-^ b
Break
Ctrl-^ c
Interrupt Process (IP and IPv6)
Ctrl-^ h
Erase Character (EC)
Ctrl-^ o
Abort Output (AO)
Ctrl-^ t
Are You There? (AYT)
Ctrl-^ u
Erase Line (EL)
1 The caret (^) symbol refers to Shift-6 on your keyboard.
At any time during an active Telnet session, you can list the Telnet commands by pressing the escape sequence keys followed by a question mark at the system prompt:
Ctrl-^ ?
A sample of this list follows. In this sample output, the first caret (^) symbol represents the Ctrl key, and the second caret represents Shift-6 on your keyboard:
router> ^^?[Special telnet escape help]^^B sends telnet BREAK^^C sends telnet IP^^H sends telnet EC^^O sends telnet AO^^T sends telnet AYT^^U sends telnet ELYou can have several concurrent Telnet sessions open and switch among them. To open a subsequent session, first suspend the current connection by pressing the escape sequence (Ctrl-Shift-6 then x [Ctrl^x] by default) to return to the system command prompt. Then open a new connection with the telnet command.
To terminate an active Telnet session, enter any of the following commands at the prompt of the device to which you are connecting:
•
•
•
•
•
Examples
The following example establishes an encrypted Telnet session from a router to a remote host named host1:
router> telnet host1 /encrypt kerberosThe following example routes packets from the source system host1 to example.com, then to 10.1.0.11, and finally back to host1:
router> telnet host1 /route:example.com 10.1.0.11 host1The following example connects to a host with the logical name host1:
router> host1The following example suppresses all onscreen messages from the Cisco IOS software during login and logout:
router> telnet host2 /quietThe following example shows the limited messages displayed when connection is made using the optional /quiet keyword:
login:User2Password:Welcome to OpenVMS VAX version V6.1 on node CRAWLast interactive login on Tuesday, 15-DEC-1998 11:01Last non-interactive login on Sunday, 3-JAN-1999 22:32Server3)logoutUser2 logged out at 16-FEB-2000 09:38:27.85Related Commands
timers (IPv6 RIP)
To configure update, timeout, hold-down, and garbage-collection timers for an IPv6 RIP routing process, use the timers command in router configuration mode. To return the timers to their default values, use the no form of this command.
timers update timeout holddown garbage-collection
no timers
Syntax Description
Command Default
Update timer: 30 seconds
Timeout timer: 180 seconds
Hold-down timer: 0 seconds
Garbage-collection timer: 120 secondsCommand Modes
Router configuration
Command History
Usage Guidelines
The timers (IPv6 RIP) command is similar to the timers basic (RIP) command, except that it is IPv6-specific.
Use the update argument to set the time interval between RIP routing updates. If no route update is received for the time interval specified by the timeout argument, the route is considered unreachable. Use the holddown argument to set a time delay between the route becoming unreachable and the route being considered invalid in the routing table. The use of a hold-down interval is not recommended for RIP because it can introduce long delays in convergence. Use the garbage-collection argument to specify the time interval between a route being considered invalid and the route being purged from the routing table.
The basic timing parameters for IPv6 RIP are adjustable. Because IPv6 RIP is executing a distributed, asynchronous routing algorithm, it is important that these timers be the same for all routers and access servers in the network.
Note
Examples
The following example sets updates to be broadcast every 5 seconds. If a route is not heard from in 15 seconds, the route is declared unusable. Further information is suppressed for an additional 10 seconds. Assuming no updates, the route is flushed from the routing table 20 seconds after the end of the hold-down period.
Router(config)# ipv6 router rip ciscoRouter(config-rtr)# timers 5 15 10 30
Caution
Related Commands
timers active-time
To adjust Enhanced Interior Gateway Routing Protocol (EIGRP) routing wait time, use the timers active-time command in router configuration mode or address-family topology configuration mode. To disable this function, use the no form of the command.
timers active-time [time-limit | disabled]
no timers active-time
Syntax Description
time-limit
(Optional) EIGRP active-time limit (in minutes). Valid range is 1 to 4294967295.
disabled
(Optional) Disables the timers and permits the routing wait time to remain active indefinitely.
Command Default
This command is disabled by default.
Command Modes
Router configuration (config-router)
Address-family topology configuration (config-router-af-topology)Command History
Usage Guidelines
In EIGRP, there are timers that control the time that the router waits (after sending a query) before declaring the route to be in the stuck in active (SIA) state.
Examples
In the following example, the routing wait time is 200 minutes on the specified route:
Router(config)# router eigrp 5Router(config-router)# timers active-time 200In the following example, the routing wait time is 200 minutes on the specified address-family route:
Router(config)# router eigrp virtual-nameRouter(config-router)# address-family ipv4 autonomous-system 4453Router(config-router-af)# network 10.0.0.0Router(config-router-af)# topology baseRouter(config-router-af-topology)# timers active-time 200In the following example, the routing wait time is indefinite if a route becomes active:
Router(config)# router eigrp 5Router(config-router)# timers active-time disabledIn the following example, the routing wait time is indefinite on the specified address-family route:
Router(config)# router eigrp virtual-nameRouter(config-router)# address-family ipv4 autonomous-system 4453Router(config-router-af)# network 10.0.0.0Router(config-router-af)# topology baseRouter(config-router-af-topology)# timers active-time disabledIn the following example, the routing wait time is 100 minutes on the specified route:
Router(config)# ipv6 router eigrp 1Router(config-router)# timers active-time 100In the following example, the routing wait time is 100 minutes on the specified address-family route:
Router(config)# router eigrp virtual-nameRouter(config-router)# address-family ipv6 autonomous-system 4453Router(config-router-af)# topology baseRouter(config-router-af-topology)# timers active-time disabledRelated Commands
timers lsa arrival
To set the minimum interval at which the software accepts the same link-state advertisement (LSA) from Open Shortest Path First (OSPF) neighbors, use the timers lsa arrival command in router configuration mode. To restore the default value, use the no form of this command.
timers lsa arrival milliseconds
no timers lsa arrival
Syntax Description
milliseconds
Minimum delay in milliseconds that must pass between acceptance of the same LSA arriving from neighbors. The range is from 0 to 600,000 milliseconds. The default is 1000 milliseconds.
Defaults
1000 milliseconds
Command Modes
OSPF for IPv6 router configuration (config-rtr)
Router configuration (config-router)Command History
Usage Guidelines
The timers lsa arrival command controls the minimum interval for accepting the same LSA. The "same LSA" is defined as an LSA instance that contains the same LSA ID number, LSA type, and advertising router ID. If an instance of the same LSA arrives sooner than the interval that is set, the LSA is dropped.
We suggest you keep the milliseconds value of the timers lsa arrival command less than or equal to the neighbors' hold-interval value of the timers throttle lsa all command.
Examples
The following example sets the minimum interval for accepting the same LSA at 2000 milliseconds:
router ospf 1log-adjacency-changestimers throttle lsa all 200 10000 45000timers lsa arrival 2000network 10.10.4.0 0.0.0.255 area 24network 10.10.24.0 0.0.0.255 area 24Related Commands
timers pacing flood (IPv6)
To configure link-state advertisement (LSA) flood packet pacing, use the timers pacing flood command in router configuration mode. To restore the default flood packet pacing value, use the no form of this command.
timers pacing flood milliseconds
no timers pacing flood
Syntax Description
Command Default
The default is 33 milliseconds.
Command Modes
Router configuration
Command History
Usage Guidelines
Configuring Open Shortest Path First (OSPF) for IPv6 flood pacing timers allows you to control interpacket spacing between consecutive link-state update packets in the OSPF for IPv6 transmission queue. This command allows you to control the rate at which LSA updates occur to reduce the high CPU or buffer utilization that can occur when an area is flooded with a very large number of LSAs.
The default settings for OSPF for IPv6 packet pacing timers are suitable for the majority of OSPF for IPv6 deployments. Do not change the packet pacing timers unless all other options to meet OSPF for IPv6 packet flooding requirements have been exhausted. Specifically, network operators should prefer summarization, stub area usage, queue tuning, and buffer tuning before changing the default flood timers. Furthermore, there are no guidelines for changing timer values; each OSPF for IPv6 deployment is unique and should be considered on a case-by-case basis.
Note
Examples
The following example configures LSA flood packet-pacing updates to occur in 20-millisecond intervals for OSPF for IPv6 routing process 1:
Router(config)# ipv6 router ospf 1Router(config-router)# timers pacing flood 20Related Commands
timers pacing lsa-group (IPv6)
To change the interval at which Open Shortest Path First (OSPF) for IPv6 link-state advertisements (LSAs) are collected into a group and refreshed, checksummed, or aged, use the timers pacing lsa-group command in router configuration mode. To restore the default value, use the no form of this command.
timers pacing lsa-group seconds
no timers pacing lsa-group
Syntax Description
seconds
Number of seconds in the interval at which LSAs are grouped and refreshed, checksummed, or aged. The range is from 10 to 1800 seconds. The default value is 240 seconds.
Command Default
The default interval for this command is 240 seconds. OSPF for IPv6 LSA group pacing is enabled by default.
Command Modes
Router configuration
Command History
12.2(15)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
This command allows you to control the rate at which LSA updates occur to reduce the high CPU or buffer utilization that can occur when an area is flooded with a very large number of LSAs. The default settings for OSPF for IPv6 packet pacing timers are suitable for the majority of OSPF for IPv6 deployments. Do not change the packet pacing timers unless all other options to meet OSPF for IPv6 packet flooding requirements have been exhausted. Specifically, network operators should prefer summarization, stub area usage, queue tuning, and buffer tuning before changing the default flooding timers. Furthermore, there are no guidelines for changing timer values; each OSPF for IPv6 deployment is unique and should be considered on a case-by-case basis.
Note
Cisco IOS software groups the periodic refresh of LSAs to improve the LSA packing density for the refreshes in large topologies. The group timer controls the interval used for group refreshment of LSAs; however, this timer does not change the frequency that individual LSAs are refreshed (the default refresh rate is every 30 minutes).
The duration of the LSA group pacing is inversely proportional to the number of LSAs the router is handling. For example, if you have about 10,000 LSAs, decreasing the pacing interval would benefit you. If you have a very small database (40 to 100 LSAs), increasing the pacing interval to 10 to 20 minutes might benefit you slightly.
Examples
The following example configures OSPF for IPv6 group packet-pacing updates between LSA groups to occur in 300-second intervals for OSPF for IPv6 routing process 1:
Router(config)# ipv6 router ospf 1Router(config-router)# timers pacing lsa-group 300Related Commands
timers pacing retransmission (IPv6)
To configure link-state advertisement (LSA) retransmission packet pacing, use the timers pacing retransmission command in router configuration mode. To restore the default retransmission packet pacing value, use the no form of this command.
timers pacing retransmission milliseconds
no timers pacing retransmission
Syntax Description
milliseconds
The time (in milliseconds) at which LSAs in the retransmission queue are paced. The configurable range is from 5 milliseconds to 200 milliseconds. The default value is 66 milliseconds.
Command Default
The default is 66 milliseconds.
Command Modes
Router configuration
Command History
12.2(15)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
Configuring Open Shortest Path First (OSPF) for IPv6 retransmission pacing timers allow you to control interpacket spacing between consecutive link-state update packets in the OSPF for IPv6 retransmission queue. This command allows you to control the rate at which LSA updates occur to reduce high CPU or buffer utilization that can occur when an area is flooded with a very large number of LSAs. The default settings for OSPF for IPv6 packet retransmission pacing timers are suitable for the majority of OSPF for IPv6 deployments. Do not change the packet retransmission pacing timers unless all other options to meet OSPF for IPv6 packet flooding requirements have been exhausted. Specifically, network operators should prefer summarization, stub area usage, queue tuning, and buffer tuning before changing the default flooding timers. Furthermore, there are no guidelines for changing timer values; each OSPF for IPv6 deployment is unique and should be considered on a case-by-case basis.
Note
Examples
The following example configures LSA flood pacing updates to occur in 100-millisecond intervals for OSPF for IPv6 routing process 1:
Router(config)# ipv6 router ospf 1Router(config-router)# timers pacing retransmission 100Related Commands
timers register
To set how long the Session Initiation Protocol (SIP) user agent (UA) waits before sending register requests, use the timers register command in SIP user-agent configuration mode. To reset this value to the default, use the no form of this command.
timers register milliseconds
no timers register
Syntax Description
Command Default
500 milliseconds
Command Modes
SIP user-agent configuration
Command History
12.2(15)ZJ
This command was introduced.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
12.4(22)T
Support for IPv6 was added.
Examples
The following example sends register requests every 500 milliseconds:
sip-uaretry invite 9retry register 9timers register 500Related Commands
timers spf (IPv6)
To turn on Open Shortest Path First (OSPF) for IPv6 shortest path first (SPF) throttling, use the timers spf command in router configuration mode. To turn off SPF throttling, use the no form of this command.
timers spf delay holdtime
no timers spf
Syntax Description
Command Default
OSPF for IPv6 throttling is always enabled.
Command Modes
Router configuration
Command History
12.2(15)T
This command was introduced.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
Usage Guidelines
The first wait interval between SPF calculations is the amount of time in milliseconds specified by the delay argument. Each consecutive wait interval is two times the current hold level in milliseconds until the wait time reaches the maximum time in milliseconds as specified by the holdtime argument. Subsequent wait times remain at the maximum until the values are reset or a link-state advertisement (LSA) is received between SPF calculations.
Examples
The following example shows a router configured with the delay and hold-time interval values for the timers spf command set at 40 and 50 milliseconds, respectively.
Router(config)# ipv6 router ospf 1Router(config-router)# timers spf 40 50Related Commands
show ipv6 ospf
Displays general information about OSPF for IPv6 routing processes.
timers throttle lsa
To set rate-limiting values for Open Shortest Path First (OSPF) for IPv6 link-state advertisement (LSA) generation, use the timers throttle lsa command in router configuration mode. To restore the default values, use the no form of this command.
timers throttle lsa start-interval hold-interval max-interval
no timers throttle lsa
Syntax Description
Defaults
start-interval: 0 milliseconds
hold-interval: 5000 milliseconds
max-interval: 5000 millisecondsCommand Modes
OSPF for IPv6 router configuration (config-rtr)
Router configuration (config-router)Command History
Usage Guidelines
The "same LSA" is defined as an LSA instance that contains the same LSA ID number, LSA type, and advertising router ID. We suggest you keep the milliseconds value of the timers lsa arrival command less than or equal to the hold-interval value of the timers throttle lsa command.
Examples
This example customizes OSPF LSA throttling so that the start interval is 200 milliseconds, the hold interval is 10,000 milliseconds, and the maximum interval is 45,000 milliseconds. The minimum interval between instances of receiving the same LSA is 2000 milliseconds.
router ospf 1log-adjacency-changestimers throttle lsa 200 10000 45000timers lsa arrival 2000network 10.10.4.0 0.0.0.255 area 24network 10.10.24.0 0.0.0.255 area 24This example customizes IPv6 OSPF LSA throttling so that the start interval is 500 milliseconds, the hold interval is 1,000 milliseconds, and the maximum interval is 10,000 milliseconds.
ipv6 router ospf 1log-adjacency-changestimers throttle lsa 500 1000 10000Related Commands
timers throttle spf
To turn on Open Shortest Path First (OSPF) shortest path first (SPF) throttling, use the timers throttle spf command in the appropriate configuration mode. To turn off OSPF SPF throttling, use the no form of this command.
timers throttle spf spf-start spf-hold spf-max-wait
no timers throttle spf spf-start spf-hold spf-max-wait
Syntax Description
Command Default
SPF throttling is not set.
Command Modes
Address family configuration (config-router-af)
Router address family topology configuration (config-router-af-topology)
Router configuration (config-router)
OSPF for IPv6 router configuration (config-rtr)Command History
Usage Guidelines
The first wait interval between SPF calculations is the amount of time in milliseconds specified by the spf-start argument. Each consecutive wait interval is two times the current hold level in milliseconds until the wait time reaches the maximum time in milliseconds as specified by the spf-max-wait argument. Subsequent wait times remain at the maximum until the values are reset or a link-state advertisement (LSA) is received between SPF calculations.
Release 12.2(33)SRB
If you plan to configure the Multi-Topology Routing (MTR) feature, you need to enter the timers throttle spf command in router address family topology configuration mode in order to make this OSPF router configuration command become topology-aware.
Examples
The following example shows how to configure a router with the delay, hold, and maximum interval values for the timers throttle spf command set at 5, 1000, and 90,000 milliseconds, respectively.
router ospf 1router-id 10.10.10.2log-adjacency-changestimers throttle spf 5 1000 90000redistribute static subnetsnetwork 10.21.21.0 0.0.0.255 area 0network 10.22.22.0 0.0.0.255 area 00The following example shows how to configure a router using IPv6 with the delay, hold, and maximum interval values for the timers throttle spf command set at 500, 1000, and 10,000 milliseconds, respectively.
ipv6 router ospf 1event-log size 10000 one-shotlog-adjacency-changestimers throttle spf 500 1000 10000traceroute
To discover the routes that packets will actually take when traveling to their destination address, use the traceroute command in user EXEC or privileged EXEC mode.
traceroute [vrf vrf-name | topology topology-name] [protocol] destination
Syntax Description
Command Default
When not specified, the protocol argument is determined by the software examining the format of the destination argument. For example, if the software finds a destination argument in IP format, the protocol value defaults to IP.
Command Modes
User EXEC (>)
Privileged EXEC (#)Command History
Usage Guidelines
The traceroute command works by taking advantage of the error messages generated by routers when a datagram exceeds its hop limit value.
The traceroute command starts by sending probe datagrams with a hop limit of 1. Including a hop limit of 1 with a probe datagram causes the neighboring routers to discard the probe datagram and send back an error message. The traceroute command sends several probes with increasing hop limits and displays the round-trip time for each.
The traceroute command sends out one probe at a time. Each outgoing packet might result in one or more error messages. A time-exceeded error message indicates that an intermediate router has seen and discarded the probe. A destination unreachable error message indicates that the destination node has received and discarded the probe because the hop limit of the packet reached a value of 0. If the timer goes off before a response comes in, the traceroute command prints an asterisk (*).
The traceroute command terminates when the destination responds, when the hop limit is exceeded, or when the user interrupts the trace with the escape sequence. By default, to invoke the escape sequence, type Ctrl-^ X—by simultaneously pressing and releasing the Ctrl, Shift, and 6 keys, and then pressing the X key.
To use nondefault parameters and invoke an extended traceroute test, enter the command without a protocol or destination argument in privileged EXEC mode. You are stepped through a dialog to select the desired parameters. Extended traceroute tests are not supported in user EXEC mode. The user-level traceroute feature provides a basic trace facility for users who do not have system privileges. The destination argument is required in user EXEC mode.
If the system cannot map an address for a hostname, it returns a "%No valid source address for destination" message.
If the vrf vrf-name keyword and argument are used, the topology option is not displayed because only the default VRF is supported. The topology topology-name keyword and argument and the DiffServ Code Point (DSCP) option in the extended traceroute system dialog are displayed only if a topology is configured on the router.
Examples
After you enter the traceroute command in privileged EXEC mode, the system prompts you for a protocol. The default protocol is IP.
If you enter a hostname or address on the same line as the traceroute command, the default action is taken as appropriate for the protocol type of that name or address.
The following example is sample dialog from the traceroute command using default values. The specific dialog varies somewhat from protocol to protocol.
Router# tracerouteProtocol [ip]:Target IP address:Source address:DSCP Value [0]: ! Only displayed if a topology is configured on the router.Numeric display [n]:Timeout in seconds [3]:Probe count [3]:Minimum Time to Live [1]:Maximum Time to Live [30]:Port Number [33434]:Loose, Strict, Record, Timestamp, Verbose [none]:Related Commands
translation-profile (dial peer)
To assign a translation profile to a dial peer, use the translation-profile command in dial peer configuration mode. To delete the translation profile from the dial peer, use the no form of this command.
translation-profile {incoming | outgoing} name
no translation-profile {incoming | outgoing} name
Syntax Description
incoming
Specifies that this translation profile handles incoming calls.
outgoing
Specifies that this translation profile handles outgoing calls.
name
Name of the translation profile.
Command Default
No default behavior or values
Command Modes
Dial peer configuration
Command History
Usage Guidelines
Use the translation-profile command to assign a predefined translation profile to a dial peer.
Examples
The following example assigns the translation profile named "profile1" to handle translation of outgoing calls for a dial peer:
Router(config)# dial-peer voice 111 potsRouter(config-dial-peer)# translation-profile outgoing profile1Related Commands
tunnel destination
To specify the destination for a tunnel interface, use the tunnel destination command in interface configuration mode. To remove the destination, use the no form of this command.
tunnel destination {host-name | ip-address | ipv6-address}
no tunnel destination
Syntax Description
Command Default
No tunnel interface destination is specified.
Command Modes
Interface configuration
Command History
Usage Guidelines
You cannot configure two tunnels to use the same encapsulation mode with exactly the same source and destination address. The workaround is to create a loopback interface and configure the packet source off of the loopback interface. Refer to the Cisco IOS AppleTalk, DECnet, ISO CLNS, and Novell IPX Configuration Guide for more information on AppleTalk Cayman tunneling.
Examples
Tunnel Destination Address for Cayman Tunnel Example
The following example shows how to configure the tunnel destination address for Cayman tunneling:
Router(config)# interface tunnel0Router(config-if)# tunnel source ethernet0Router(config-if)# tunnel destination 10.108.164.19Router(config-if)# tunnel mode caymanTunnel Destination Address for GRE Tunneling Example
The following generic routing encapsulation (GRE) example shows how to configure the tunnel destination address for GRE tunneling:
Router(config)# interface tunnel0Router(config-if)# appletalk cable-range 4160-4160 4160.19Router(config-if)# appletalk zone EngineeringRouter(config-if)# tunnel source ethernet0Router(config-if)# tunnel destination 10.108.164.19Router(config-if)# tunnel mode gre ipTunnel Destination Address for IPv6 Tunnel Example
The following GRE example shows how to configure the tunnel destination address for GRE tunneling of IPv6 packets:
Router(config)# interface Tunnel0Router(config-if)# no ip addressRouter(config-if)# ipv6 router isisRouter(config-if)# tunnel source Ethernet0/0Router(config-if)# tunnel destination 2001:0DB8:1111:2222::1/64Router(config-if)# tunnel mode gre ipv6Router(config-if)# exit!Router(config)# interface Ethernet0/0Router(config-if)# ip address 10.0.0.1 255.255.255.0Router(config-if)# exit!Router(config)# ipv6 unicast-routingRouter(config)# router isisRouter(config)# net 49.0000.0000.000a.00Related Commands
tunnel mode
To set the encapsulation mode for the tunnel interface, use the tunnel mode command in interface configuration mode. To restore the default mode, use the no form of this command.
tunnel mode {aurp | cayman | dvmrp | eon | gre | gre multipoint | gre ipv6 | ipip [decapsulate-any] | ipsec ipv4 | iptalk | ipv6 | ipsec ipv6 | mpls | nos | rbscp}
no tunnel mode
Syntax Description
Command Default
The default is GRE tunneling.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Source and Destination Address
You cannot have two tunnels that use the same encapsulation mode with exactly the same source and destination address. The workaround is to create a loopback interface and source packets off of the loopback interface.
Cayman Tunneling
Designed by Cayman Systems, Cayman tunneling implements tunneling to enable Cisco routers to interoperate with Cayman GatorBoxes. With Cayman tunneling, you can establish tunnels between two routers or between a Cisco router and a GatorBox. When using Cayman tunneling, you must not configure the tunnel with an AppleTalk network address.
DVMRP
Use DVMRP when a router connects to an mrouted (multicast) router to run DVMRP over a tunnel. You must configure Protocol Independent Multicast (PIM) and an IP address on a DVMRP tunnel.
GRE with AppleTalk
GRE tunneling can be done between Cisco routers only. When using GRE tunneling for AppleTalk, you configure the tunnel with an AppleTalk network address. Using the AppleTalk network address, you can ping the other end of the tunnel to check the connection.
Multipoint GRE
After enabling mGRE tunneling, you can enable the tunnel protection command, which allows you to associate the mGRE tunnel with an IPSec profile. Combining mGRE tunnels and IPSec encryption allows a single mGRE interface to support multiple IPSec tunnels, thereby simplifying the size and complexity of the configuration.
Note
RBSCP
RBSCP tunneling is designed for wireless or long-distance delay links with high error rates, such as satellite links. Using tunnels, RBSCP can improve the performance of certain IP protocols, such as TCP and IPSec, over satellite links without breaking the end-to-end model.
IPSec in IPv6 Transport
IPv6 IPSec encapsulation provides site-to-site IPSec protection of IPv6 unicast and multicast traffic. This feature allows IPv6 routers to work as a security gateway, establishes IPSec tunnels between another security gateway router, and provides crypto IPSec protection for traffic from an internal network when being transmitting across the public IPv6 Internet. IPv6 IPSec is very similar to the security gateway model using IPv4 IPsec protection.
Examples
Cayman Tunneling
The following example shows how to enable Cayman tunneling:
Router(config)# interface tunnel 0Router(config-if)# tunnel source ethernet 0Router(config-if)# tunnel destination 10.108.164.19Router(config-if)# tunnel mode caymanGRE Tunneling
The following example shows how to enable GRE tunneling:
Router(config)# interface tunnel 0Router(config-if)# appletalk cable-range 4160-4160 4160.19Router(config-if)# appletalk zone EngineeringRouter(config-if)# tunnel source ethernet0Router(config-if)# tunnel destination 10.108.164.19Router(config-if)# tunnel mode greIPSec in IPv4 Transport
The following example shows how to configure a tunnel using IPSec encapsulation with IPv4 as the transport mechanism:
Router(config)# crypto ipsec profile PROF
Router(config)# set transform tset
Router(config)# interface Tunnel0
Router(config-if)# ip address 10.1.1.1 255.255.255.0
Router(config-if)# tunnel mode ipsec ipv4
Router(config-if)# tunnel source Loopback0
Router(config-if)# tunnel destination 172.16.1.1
Router(config-if)# tunnel protection ipsec profile PROFIPSec in IPv6 Transport
The following example shows how to configure an IPv6 IPSec tunnel interface:
Router(config)# interface tunnel 0Router(config-if)# ipv6 address 2001:0DB8:1111:2222::2/64Router(config-if)# tunnel destination 10.0.0.1Router(config-if)# tunnel source Ethernet 0/0Router(config-if)# tunnel mode ipsec ipv6Router(config-if)# tunnel protection ipsec profile profile1Multipoint GRE Tunneling
The following example shows how to enable mGRE tunneling:
interface Tunnel0bandwidth 1000ip address 10.0.0.1 255.255.255.0! Ensures longer packets are fragmented before they are encrypted; otherwise, the ! receiving router would have to do the reassembly.ip mtu 1416! Turns off split horizon on the mGRE tunnel interface; otherwise, EIGRP will not ! advertise routes that are learned via the mGRE interface back out that interface.no ip split-horizon eigrp 1no ip next-hop-self eigrp 1delay 1000! Sets IPSec peer address to Ethernet interface's public address.tunnel source Ethernet0tunnel mode gre multipoint! The following line must match on all nodes that want to use this mGRE tunnel.tunnel key 100000tunnel protection ipsec profile vpnprofRBSCP Tunneling
The following example shows how to enable RBSCP tunneling:
Router(config)# interface tunnel 0Router(config-if)# tunnel source ethernet 0Router(config-if)# tunnel destination 10.108.164.19Router(config-if)# tunnel mode rbscpRelated Commands
tunnel mode ipv6ip
To configure a static IPv6 tunnel interface, use the tunnel mode ipv6ip command in interface configuration mode. To remove an IPv6 tunnel interface, use the no form of this command.
tunnel mode ipv6ip [6to4 | auto-tunnel | isatap]
no tunnel mode ipv6ip
Syntax Description
Command Default
IPv6 tunnel interfaces are not configured.
Command Modes
Interface configuration
Command History
Usage Guidelines
IPv6 tunneling consists of encapsulating IPv6 packets within IPv4 packets for transmission across an IPv4 routing infrastructure.
Manually Configured Tunnels
Using the tunnel mode ipv6ip command without keywords specifies an IPv6 configured tunnel where a manually configured IPv6 address is configured on a tunnel interface and manually configured IPv4 addresses are configured as the tunnel source and the tunnel destination. The host or router at each end of an IPv6 configured tunnel must support both the IPv4 and IPv6 protocol stacks.
Automatic Determination of Tunnel Source and Destination
Using the tunnel mode ipv6ip command with the auto-tunnel keyword specifies an IPv6 automatic tunnel where the tunnel destination is automatically determined by the IPv4 address in the low-order 32 bits of IPv4-compatible IPv6 addresses. An IPv4-compatible IPv6 address is a 128-bit IPv6 address that contains the IPv6 prefix 0:0:0:0:0:0 in the high-order 96 bits of the address and an IPv4 address in the low-order 32 bits of the address. The host or router at each end of an automatic tunnel must support both the IPv4 and IPv6 protocol stacks.
6to4 Tunnels
Using the tunnel mode ipv6ip command with the 6to4 keyword specifies automatic 6to4 tunneling where the tunnel endpoint is determined by the globally unique IPv4 address embedded in a 6to4 address. A 6to4 address is a combination of the prefix 2002::/16 and a globally unique 32-bit IPv4 address. (IPv4-compatible addresses are not used in 6to4 tunneling.) The unique IPv4 address is used as the network-layer address in the 6to4 address prefix. The border router at each end of a 6to4 tunnel must support both the IPv4 and IPv6 protocol stacks. The 6to4 tunnel must be configured with the tunnel source command to use an interface with an IPv4 address as the source of the tunnel. Additionally, the 6to4 address prefix must be routed over the tunnel using the ipv6 route command.
ISATAP Tunnels
ISATAP tunnels enable transport of IPv6 packets within network boundaries. ISATAP tunnels allow individual IPv4/IPv6 dual-stack hosts within a site to connect to an IPv6 network using the IPv4 infrastructure.
Unlike IPv4-compatible addresses, ISATAP IPv6 addresses can use any initial unicast /64 prefix. The final 64 bits are an interface identifier. Of these, the leading 32 bits are the fixed pattern 0000:5EFE; the last 32 bits carry the tunnel endpoint IPv4 address.
Examples
Manually Configured IPv6 Tunnel Example
The following example configures a manual IPv6 tunnel. In the example, tunnel interface 0 is manually configured with a global IPv6 address. The tunnel source and destination are also manually configured.
Router(config)# interface tunnel 0Router(config-if)# ipv6 address 3ffe:b00:c18:1::3/127Router(config-if)# tunnel source ethernet 0Router(config-if)# tunnel destination 192.168.30.1Router(config-if)# tunnel mode ipv6ipIPv4 Compatible IPv6 Address Tunnel Example
The following example configures an automatic IPv6 tunnel that uses Ethernet interface 0 as the tunnel source. The tunnel destination is automatically determined by the IPv4 address in the low-order 32 bits of an IPv4-compatible IPv6 address.
Router(config)# interface tunnel 0Router(config-if)# no ip addressRouter(config-if)# tunnel source ethernet 0Router(config-if)# tunnel mode ipv6ip auto-tunnel6to4 Tunnel Example
The following example configures a 6to4 tunnel. 6to4 tunnels allows for autoconfiguration where a site-specific 48-bit prefix is dynamically constructed by prepending the prefix 2002 to an IPv4 address assigned to the site. In the example, Ethernet interface 0 is configured with an IPv4 address, and with a 64-bit prefix (/64) which is part of the previously constructed 48-bit prefix (/48). Tunnel interface 0 is configured without an IPv4 or IPv6 address because the IPv4 or IPv6 addresses on Ethernet interface 0 is used to construct a tunnel source address. A tunnel destination address is not specified because the destination address is automatically constructed. An IPv6 static route for network 2002::/16 to tunnel interface 0 is configured (traffic destined for the prefix is routed over tunnel interface 0).
Router(config)# interface ethernet 0Router(config-if)# ip address 192.168.99.1 255.255.255.0Router(config-if)# ipv6 address 2002:c0a8:6301:1::/64 eui-64Router(config-if)# exitRouter(config)# interface tunnel 0Router(config-if)# no ip addressRouter(config-if)# ipv6 unnumbered ethernet 0Router(config-if)# tunnel source ethernet 0Router(config-if)# tunnel mode ipv6ip 6to4Router(config-if)# exitRouter(config)# ipv6 route 2002::/16 tunnel 0Tunnel Interface Configured with the ipv6 unnumbered Command Example
When a tunnel interface is configured using the ipv6 unnumbered command with the tunnel source and tunnel mode ipv6ip commands, the tunnel uses the first IPv6 address configured on the source interface as its IPv6 address. For 6to4 tunnels, the first IPv6 address configured on the source interface must be a 6to4 address. In the following example, the first IPv6 address configured for Ethernet interface 0 (6to4 address 2002:c0a8:6301:1::/64) is used as the IPv6 address of tunnel 0:
Router(config)# interface tunnel 0Router(config-if)# ipv6 unnumbered ethernet 0Router(config-if)# tunnel source ethernet 0Router(config-if)# tunnel mode ipv6ip 6to4Router(config-if)# exitRouter(config)# interface ethernet 0Router(config-if)# ipv6 address 2002:c0a8:6301:1::/64 eui-64Router(config-if)# ipv6 address 3ffe:1234:5678::1/64ISATAP Tunnel Example
The following command shows an ISATAP tunnel configured on interface Ethernet 0. Router advertisements are enabled to allow client autoconfiguration.
Router(config)# interface Ethernet 0Router(config-if)# ip address 10.1.1.1 255.255.255.0Router(config)# interface Tunnel 0Router(config-if)# tunnel source ethernet 0Router(config-if)# tunnel mode ipv6ip isatapRouter(config-if)# ipv6 address 2001:0DB8::/64 eiu-64Router(config-if)# no ipv6 nd suppress-raRelated Commands
tunnel source
To set the source address for a tunnel interface, use the tunnel source command in interface configuration mode. To remove the source address, use the no form of this command.
tunnel source {ip-address | ipv6-address | interface-type interface-number}
no tunnel source
Syntax Description
Command Default
No tunnel interface source address is set.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The source address is either an explicitly defined IP address or the IP address assigned to the specified interface.
You cannot have two tunnels using the same encapsulation mode with exactly the same source and destination address. The workaround is to create a loopback interface and source packets off of the loopback interface.
When using tunnels to Cayman boxes, you must set the tunnel source command to an explicit IP address on the same subnet as the Cayman box, not the tunnel itself.
GRE tunnel encapsulation and deencapsulation for multicast packets are handled by the hardware in PFC3 and 12.2(18)SXF and later releases. Each hardware-assisted tunnel must have a unique source. Hardware-assisted tunnels cannot share a source even if the destinations are different. You should use secondary addresses on loopback interfaces or create multiple loopback interfaces to ensure the hardware-assisted tunnels do not share a source.
Examples
Cayman Tunnel Example
The following example shows how to set a tunnel source address for Cayman tunneling:
Router(config)# interface tunnel0Router(config-if)# tunnel source ethernet0Router(config-if)# tunnel destination 172.32.164.19Router(config-if)# tunnel mode cisco1GRE Tunneling Example
The following example shows how to set a tunnel source address for generic routing encapsulation (GRE) tunneling:
Router(config)# interface tunnel0Router(config-if)# appletalk cable-range 4160-4160 4160.19Router(config-if)# appletalk zone EngineeringRouter(config-if)# tunnel source ethernet0Router(config-if)# tunnel destination 172.32.164.19Router(config-if)# tunnel mode gre ipRelated Commands
variance (EIGRP)
To control load balancing in an internetwork based on the Enhanced Interior Gateway Routing Protocol (EIGRP), use the variance command in router configuration mode or address-family topology configuration mode. To reset the variance to the default value, use the no form of this command.
variance multiplier
no variance
Syntax Description
multiplier
Metric value used for load balancing. It can be a value from 1 to 128. The default is 1, which means equal-cost load balancing.
Command Default
EIGRP uses equal-cost load balancing.
Command Modes
Router configuration (config-router)
Address-family topology configuration (config-router-af-topology)Command History
Usage Guidelines
Setting a variance value enables EIGRP to install multiple loop-free routes with unequal cost in a local routing table. A route learned through EIGRP must meet two criteria to be installed in the local routing table:
•
•
Thus, if the variance is set to 1, only routes with the same metric as the successor are installed in the local routing table. If the variance is set to 2, any EIGRP-learned route with a metric less than 2 times the successor metric will be installed in the local routing table.
Note
Examples
The following example sets a variance value of 4:
Router(config)# router eigrp 109Router(config-router)# variance 4The following example sets a variance value of 4 in address-family topology configuration mode:
Router(config)# router eigrp virtual-nameRouter(config-router)# address-family ipv4 autonomous-system 4453Router(config-router-af)# network 10.0.0.0Router(config-router-af)# topology baseRouter(config-router-af-topology)# variance 4virtual-profile virtual-template
To enable virtual profiles by virtual interface template, use the virtual-profile virtual-template command in global configuration mode. To disable this function, use the no form of this command.
virtual-profile virtual-template number
no virtual-profile virtual-template number
Syntax Description
Defaults
Disabled. No virtual template is defined, and no default virtual template number is used.
Command Modes
Global configuration
Command History
11.2 F
This command was introduced.
12.2(13)T
Support for IPv6 was added.
Cisco IOS XE Release 2.5
This command was updated. It was integrated into Cisco IOS XE Release 2.5.
Usage Guidelines
When virtual profiles are configured by virtual templates only, any interface-specific configuration information that is downloaded from the AAA server is ignored in configuring the virtual access interface for a user.
The interface virtual-template command defines a virtual template to be used for virtual profiles. Because several virtual templates might be defined for different purposes on the router (such as MLP, PPP over ATM, and virtual profiles), it is important to be clear about the virtual template number to use in each case.
Examples
The following example configures virtual profiles by virtual templates only. The number 2 was chosen because virtual template 1 was previously defined for use by Multilink PPP.
virtual-profile virtual-template 2Related Commands
interface virtual-template
Creates a virtual template interface that can be configured and applied dynamically in creating virtual access interfaces.
voice service
To enter voice-service configuration mode and to specify a voice-encapsulation type, use the voice service command in global configuration mode..
voice service {pots | voatm | vofr | voip}
Syntax Description
pots
Telephony voice service.
voatm
Voice over ATM (VoATM) encapsulation.
vofr
Voice over Frame Relay (VoFR) encapsulation.
voip
Voice over IP (VoIP) encapsulation.
Command Default
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
Voice-service configuration mode is used for packet telephony service commands that affect the gateway globally.
Examples
The following example enters voice-service configuration mode for VoATM service commands:
voice service voatmvoice-class sip anat
To enable Alternative Network Address Types (ANAT) on a Session Initiation Protocol (SIP) trunk, use the voice-class sip anat command in SIP configuration or dial peer configuration mode. To disable ANAT on SIP trunks, use the no form of this command.
voice-class sip anat [system]
no voice-class sip anat [system]
Syntax Description
Command Default
ANAT is enabled on SIP trunks.
Command Modes
SIP configuration (conf-serv-sip)
Dial peer configuration (config-dial-peer)Command History
Usage Guidelines
Both the Cisco IOS SIP gateway and Cisco Unified Border Element are required to support the Session Description Protocol (SDP) ANAT semantics. The bind command allows the use of ANAT semantics in outbound SDP. SDP ANAT semantics are intended to address scenarios that involve different network address families (for example, different IPv4 versions). Media lines grouped using ANAT semantics provide alternative network addresses of different families for a single logical media stream. The entity creating a session description with an ANAT group must be ready to receive or send media over any of the grouped "m" lines.
By default, ANAT is enabled on SIP trunks. However, if the SIP gateway is configured in IPv4-only mode or IPv6-only mode, the gateway will not use ANAT semantics in its SDP offer.
The system keyword configures ANAT on all network dial peers, including the local dial peer. Using the voice-class sip anat command without the system keyword enables ANAT only for the local dial peer.
Examples
The following example globally enables ANAT on a SIP trunk:
Router(config-serv-sip)# voice-class sip anat systemThe following example enables ANAT on a specified dial peer:
Router(config-dial-peer)# voice-class sip anatRelated Commands
bind
Binds the source address for signaling and media packets to the IPv4 or IPv6 address of a specific interface.
voice-class sip outbound-proxy
To configure an outbound proxy, use the voice-class sip outbound-proxy command in dial peer configuration mode. To reset the outbound proxy value to its default, use the no form of this command.
voice-class sip outbound-proxy {dhcp | ipv4:ipv4-address | ipv6:[ipv6-address] | dns:host:domain} [:port-number]
no voice-class sip outbound-proxy
Syntax Description
Command Default
An outbound proxy is not configured.
Command Modes
Dial peer configuration (config-dial-peer)
Command History
Usage Guidelines
The voice-class sip outbound-proxy command, in dial peer configuration mode, takes precedence over the command in SIP global configuration mode.
Brackets must be entered around the IPv6 address.
Examples
The following example shows how to configure the voice-class sip outbound-proxy command on a dial peer to generate an IPv4 address (10.1.1.1) as an outbound proxy:
Router> enableRouter# configure terminalRouter(config)# dial-peer voice 111 voipRouter(config-dial-peer)# voice-class sip outbound-proxy ipv4:10.1.1.1The following example shows how to configure the voice-class sip outbound-proxy command on a dial peer to generate a domain (sipproxy:cisco.com) as an outbound proxy:
Router> enableRouter# configure terminalRouter(config)# dial-peer voice 111 voipRouter(config-dial-peer)# voice-class sip outbound-proxy dns:sipproxy:cisco.comThe following example shows how to configure the voice-class sip outbound-proxy command on a dial peer to generate an outbound proxy using DHCP:
Router> enableRouter# configure terminalRouter(config)# dial-peer voice 111 voipRouter(config-dial-peer)# voice-class sip outbound-proxy dhcpRelated Commands
voice-class source interface
To allow a loopback interface to be associated with a VoIP or VoIPv6 dial-peer profile, use the voice-class source interface command in dial peer configuration mode. To disable this association, use the no form of this command.
voice-class source interface loopback interface-id [ipv4-address | ipv6-address]
no voice-class source interface loopback interface-id [ipv4-address | ipv6-address]
Syntax Description
Command Default
No loopback interface is associated with a VoIPv6 dial-peer profile.
Command Modes
Dial peer configuration (config-dial-peer)
Command History
Usage Guidelines
When the voice-class source interface command is configured, the source address of Routing Table Protocol (RTP) generated by the gateway is taken from the address configured under the loopback interface. This command is used for policy-based routing (PBR) of voice packets originated by the gateway. The policy route map is configured under the loopback interface, and then the loopback interface is specified under the VoIP or VoIPv6 dial peer.
Examples
The following example associates a loopback interface with a VoIPv6 dial-peer profile:
Router(config)# dial-peer voice 1 voipRouter (config-dial-peer)# voice-class source interface loopback0Related Commands
dial-peer voice
Defines a particular dial peer, specifies the method of voice encapsulation, and enters dial peer configuration mode.
voice service
To enter voice-service configuration mode and to specify a voice-encapsulation type, use the voice service command in global configuration mode..
voice service {pots | voatm | vofr | voip}
Syntax Description
pots
Telephony voice service.
voatm
Voice over ATM (VoATM) encapsulation.
vofr
Voice over Frame Relay (VoFR) encapsulation.
voip
Voice over IP (VoIP) encapsulation.
Command Default
No default behavior or values.
Command Modes
Global configuration
Command History
Usage Guidelines
Voice-service configuration mode is used for packet telephony service commands that affect the gateway globally.
Examples
The following example enters voice-service configuration mode for VoATM service commands:
voice service voatmvpn
To specify that the source and destination IPv4 addresses of a given virtual private dialup network (VPDN) group belong to a specified Virtual Private Network (VPN) routing and forwarding (VRF) instance, use the vpn command in VPDN group or VPDN template configuration mode. To disassociate all IPv4 addresses in a VPDN group from a VRF, use the no form of this command.
vpn {vrf vrf-name | id vpn-id}
no vpn
Syntax Description
vrf vrf-name
Name of the VRF instance to be associated with the IPv4 addresses of the VPDN group.
id vpn-id
VPN ID of the VRF to be associated with the IPv4 addresses of the VPDN group.
Command Default
VPDN groups are not associated with a VRF.
Command Modes
VPDN group configuration
VPDN template configurationCommand History
Usage Guidelines
Use the vpn command to configure the Cisco IOS software to look up a VPDN source or destination IPv4 address in a specific VPN routing table instead of the global routing table.
Before you can issue the vpn command, a VRF instance must be created using the ip vrf command.
The vpn command can be used with both dial-in and dial-out VPDN scenarios.
Examples
The following example associates the IP addresses configured in the VPDN group named group1 with the VRF named vrf-second:
vpdn-group group1request-dialinprotocol l2tp!vpn vrf vrf-secondsource-ip 172.16.1.9initiate-to ip 172.16.1.1The following example associates the IP addresses configured in the VPDN group named group2 with the VPN ID 11:2222:
vpdn-group group2request-dialinprotocol l2tp!vpn id 11:2222source-ip 172.16.1.9initiate-to ip 172.16.1.1Related Commands
vrf definition
To configure a Virtual Private Network (VPN) routing and forwarding (VRF) routing table instance and enter VRF configuration mode, use the vrf definition command in global configuration mode. To remove a VRF routing table, use the no form of this command.
vrf definition vrf-name
no vrf definition vrf-name
Syntax Description
Command Default
No VRFs are defined.
No import or export lists are associated with a VRF.
No route maps are associated with a VRF.Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use the vrf definition command to give a VRF a name and to enter VRF configuration mode. Once the router is in VRF configuration mode, use the rd command to give the VRF a route distinguisher (RD). The rd command creates the routing and forwarding tables and associates the RD with the VRF instance named in the vrf-name argument.
Users can configure shared route targets (import and export) between IPv4 and IPv6. This feature is useful in a migration scenario, where IPv4 policies already are configured and IPv6 policies should be the same as the IPv4 policies. You can configure separate route-target policies for IPv4 and IPv6 VPNs in address family configuration mode. Enter address family configuration mode from VRF configuration mode.
In VRF configuration mode, you can also associate a Simple Network Management Protocol (SNMP) context with the named VRF and configure or update a VPN ID.
Examples
The following example assigns the name vrf1 to a VRF, enters VRF configuration mode, and configures a route distinguisher, 100:20:
Router(config)# vrf definition vrf1Router(config-vrf)# rd 100:20Related Commands
vrf forwarding
To associate a Virtual Private Network (VPN) routing and forwarding (VRF) instance with an interface or subinterface, use the vrf forwarding command in interface configuration mode. To disassociate a VRF from an interface, use the no form of this command.
vrf forwarding vrf-name
no vrf forwarding vrf-name
Syntax Description
Command Default
The default for an interface is the global routing table.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Use the vrf forwarding command to associate an interface with a VRF. When the interface is bound to a VRF, previously configured IPv4 and IPv6 addresses are removed, and they must be reconfigured.
Examples
The following example shows how to associate a VRF named site1 to serial interface 0/0 and configure an IPv6 and an IPv4 address:
interface Serial0/0vrf forwarding site1ipv6 address 2001:100:1:1000::72b/64ip address 10.11.11.1 255.255.255.0Related Commands
vrf definition
Configures a VRF routing table instance and enters VRF configuration mode.
