Cisco 700 Series Router Command Reference (4.4)
IP Commands
Download this chapter
IP CommandsIP Commands
give_us_feedback

Table Of Contents

IP Commands

reset dhcp address

reset ip filter

reset ip route

reset ip pat porthandler

set dhcp

set dhcp address

set dhcp dns

set dhcp domain

set dhcp gateway

set dhcp leasetime

set dhcp netbiosscope

set dhcp netmask

set dhcp wins

set gateway

set ip address

set ip cost

set ip filter

set ip framing

set ip multicast

set netbios name spoofing

set ip netmask

set ip pat

set ip pat porthandler

set ip pat tcptimeout

set ip pat udptimeout

set ip propagate

set ip rip receive

set ip rip snapshot client

set ip rip snapshot server

set ip rip summarization

set ip rip time

set ip rip update

set ip rip version

set ip route

set ip routing

set subnet

show dhcp config

show ip configuration

show ip filter

show ip pat

show ip rip snapshot

show ip rip time

show ip route

show netbios name


IP Commands

This chapter describes the commands used to configure Internet Protocol (IP) routing, such as IP static routes, Routing Information Protocol (RIP), and IP filters.

RIP sends information about your router to other routers. Each entry in a RIP routing table provides a variety of information, including the ultimate destination, the next hop on the way to that destination, and a metric.

You can use filters in data collection, display, and analysis.

reset dhcp address

To reset a Dynamic Host Configuration Protocol (DHCP) address, use the reset dhcp address command.

REset DHcp ADdress [ipaddress | ALl]

Syntax Description

ipaddress

Clears the leased time with this IP address, which was assigned by the router when the DHCP client requested it. The database mapping table is reset. However, the client can ask for the same IP address. The same IP address is assigned if it is not already assigned to another device.

ALl

All lease lines are cleared.


Default

None

Command Mode

System mode or profile mode

Examples

The following example resets a specific DHCP address: 

Host:2503> reset dhcp address 10.0.0.3

The following example resets all DHCP addresses: 

Host:2503> reset dhcp address all

Related Commands

set dhcp
set dhcp address
set dhcp dns
set dhcp gateway
set dhcp netmask
set dhcp wins
show dhcp config

reset ip filter

To delete an IP filter entered with the set ip filter command, use the reset ip filter command.

REset IP FIlter filterid | ALl

Syntax Description

filterid

Clears the IP filter with this identification number, which was assigned by the router when the filter was created.

ALl

Clears all IP filters.


Default

None

Command Mode

Profile mode

Examples

The following example deletes an IP filter with identification number 8 for profile 2503: 

Host:2503> reset ip filter 8

The following example deletes all IP filters for profile 2503: 

Host:2503> reset ip filter all

Related Command

set ip filter

reset ip route

To delete an IP static route, use the reset ip route command.

REset IP ROUTE ALl | DEstination | network [/bits] [GAteway nexthop]

Syntax Description

ALl

Deletes all static routes.

DEstination

IP address in four-part dotted decimal format of the network or host to which the packet is being sent.

/bits

Number of network bits in the destination network IP address, counting from the left.

GAteway nexthop

IP address of the static route default gateway in four-part dotted decimal format.


Default

None

Command Mode

Profile mode

Example

The following example deletes a static route for profile 2503: 

Host:2503> reset ip route destination 250.250.250.1 gateway 
150.150.150.1

Related Command

set ip route

reset ip pat porthandler

To disable a Port Address Translation (PAT) porthandler, use the reset ip pat porthandler command.

REset IP PAt POrthandler port_number | ALl

Syntax Description

port_number

A decimal port number.

ALl

Disables all assigned porthandlers.


Default

None

Command Mode

System mode

Usage Guidelines

Use this command to remove a specific porthandler or all porthandlers.

Example

The following example disables all PAT porthandlers: 

Host:2503> reset ip pat po all

Related Command

set ip pat porthandler

set dhcp

To enable the Dynamic Host Configuration Protocol (DHCP) server or DHCP relay agent, use the set dhcp command.

SEt DHcp [SErver | RElay ipaddress | OFf]

Syntax Description

SErver

Serves the DHCP requests from the client directly.

RElay

Relays the DHCP request to the specified DHCP server.

ipaddress

IP address of a DHCP server, where Cisco 700 series routers relay sending and receiving packets.

OFf

Disables the DHCP server and relay agent.


Default

Off

Command Mode

System mode

Usage Guidelines

A limited DHCP server implementation is provided. When this server function is enabled and configured, it assigns and manages IP addresses from a specified address pool to DHCP clients. The options supported by this server are sufficient for Windows 95 clients. If more IP addresses or options are required, a commercial DHCP server (such as Windows NT) should be used.

The router relays DHCP requests and responses between DHCP clients and a specified DHCP server. Use the set dhcp relay ipaddress command, where the IP address is the address of the server to which DHCP requests are forwarded.

The set dhcp server command enables the DHCP server with the following options:

set dhcp address start_addr count

The range of address to be assigned to DHCP clients, where start_addr is the starting IP address and count is the number of addresses (from 1 to 256) to be assigned. (The default starting address is 10.0.0.2, with 10.0.0.1 assigned to the router.)

set dhcp netmask nnn.nnn.nnn.nnn

The subnet mask of the DHCP clients.

set dhcp gateway primary | secondary ip_address

The default gateway for the DHCP clients.

set dhcp dns primary | secondary ip_address

The Domain Name System (DNS) for the DHCP clients.

set dhcp wins primary | secondary ip_address

The WINS servers for the DHCP clients.

reset dhcp domain string

The domain string for the DHCP clients.

set dhcp address ip_address | all

Removes the lease of an IP address. If all is specified, all the leases are cleared.

show dhcp config

The current DHCP Server or Relay Agent configuration details.


If the DHCP server is enabled and there are no DHCP parameters configured, a default IP address x is chosen. This is the LAN or Internal profile IP address if the default IP address is not zero, or 10.0.0.1 if it is zero.

The following parameters are set:

DHCP primary gateway = x

DHCP netmask = native mask from x

DHCP address pool: start-addr = x+1, count = 128 or a value limited by subnet mask and x

IP routing is turned on for the LAN profile.

Example

The following example turns on the DHCP server: 

Host> set dhcp server

Related Commands

reset dhcp
set dhcp address
set dhcp dns
set dhcp gateway
set dhcp netmask
set dhcp wins
show dhcp config

set dhcp address

To set the range of addresses (or address pool) to be used by the DHCP server for DHCP clients, use the set dhcp address command.

SEt DHcp ADdress ipaddress count | ALl

Syntax Description

ipaddress

The starting address of the pool. To delete the address pool, use 0.0.0.0. for the ipaddress.

count

The number of IP addresses in the pool. The maximum number of IP addresses is 254 or the number of hosts available in the specified subnet. If the subnet exceeds 254, the table ranges from the start address to the first 254 addresses on the subnet.

ALl

Removes all the leases of the IP addresses.


Default

Dependent on the DHCP parameters configured.

Command Mode

System mode

Usage Guidelines

If the DHCP server is enabled and there are no DHCP parameters configured, a default address pool with starting ipaddress as the LAN or Internal profile's IP (if not zero) + 1 or 10.0.0.2. will be set. The count will be the minimum of 128 or the value limited by the IP and netmask.

To reset this value to the default value, enter: 

Host> set dhcp address 0.0.0.0 128

Example

The following is an example of a DHCP address pool. The DHCP address is 192.165.2.1. The count is 10. 

Host> set dhcp address 192.165.2.1 10

Related Commands

reset dhcp
set dhcp
set dhcp dns
set dhcp gateway
set dhcp netmask
set dhcp wins
show dhcp config

set dhcp dns

To set the Domain Name System (DNS) server address for DHCP clients, use the set dhcp dns command.

SEt DHcp DNs PRimary | SEcondary serveraddrress

Syntax Description

PRimary

Primary DNS server address.

SEcondary

Secondary DNS server address.

serveraddress

DNS server address in four-part dotted decimal format.


Default

None

Command Mode

System mode

Usage Guidelines

To delete the DHCP DNS address, use 0.0.0.0 as the server address. The primary or secondary DNS can be set using the set dhcp dns command.

Example

The following example configures the DHCP DNS server address: 

Host> set dhcp DNS primary 150.150.10.47 

Host> set dhcp DNS secondary 150.150.10.17

Related Commands

reset dhcp
set dhcp
set dhcp address
set dhcp dns
set dhcp gateway
set dhcp netmask
set dhcp wins
show dhcp config

set dhcp domain

To specify the domain string for DHCP clients, use the set dhcp domain command.

SEt DHcp DOmain [string]

Syntax Description

string

Domain string. To delete the domain name, use the null string () or leave the field blank.


Default

None

Command Mode

System mode

Example

The following is an example of a DHCP domain string: 

Host> set dhcp domain cisco.com

Related Commands

reset dhcp
set dhcp
set dhcp address
set dhcp dns
set dhcp gateway
set dhcp netmask
set dhcp wins
show dhcp config

set dhcp gateway

To specify the default gateway address for DHCP clients, use the set dhcp gateway command.

SEt DHcp GAteway PRimary | SEcondary ipaddress

Syntax Description

PRimary

Primary DNS server address.

SEcondary

Secondary DNS server address.

ipaddress

Primary or secondary gateway address. To delete the gateway, use 0.0.0.0. for the IP address.


Default

If the DHCP server is enabled and there are no DHCP parameters configured, a default value of the LAN or Internal profile's IP (if non-zero) or 10.0.0.1 will be set.

Command Mode

System mode

Usage Guidelines

Make sure the primary gateway address matches with the IP address of the LAN or Internal profile (whichever is configured) for proper operation.

Example

The following example configures a DHCP gateway: 

Host> set dhcp gateway primary 140.140.11.17

Host> set dhcp gateway secondary 140.140.11.18

Related Commands

reset dhcp
set dhcp
set dhcp address
set dhcp dns
set dhcp netmask
set dhcp wins
show dhcp config

set dhcp leasetime

To set the IP address lease time, use the set dhcp leasetime command.

SEt DHcp LEasetime minutes

Syntax Description

minutes

A range from 60 to 71000 minutes (approximately 50 days) or 0 (infinite).


Default

0 minutes (a lease time of infinity)

Command Mode

System mode

Usage Guidelines

With software Release 4.2(2), the lease-time value can be set to 0 or from 60 to 71000 minutes. When the least time is set to 0, the lease time is infinite (the default value). (The system time must be set accurately for the lease time feature to function properly.)

When a DHCP client needs an IP address, it sends a DHCP request packet to the network. The request packet can include the duration (lease time) during which the client would use the IP address. The router, acting as a DHCP server, allocates IP addresses from its pool (depending on availability). The lease time allocated to the client in the response packet depends on the lease time set on the router.

For example, a router with a lease time set to infinite (default) responds to a DHCP client request as follows:

Requests for lease time of 50 minutes get a lease time of infinity.

Requests for a lease time of 75000 minutes get a lease time of infinity.

Requests for a lease time of 1000 minutes get a lease time of 1000 minutes.

Requests without a specified lease time get a lease time of infinity.

A router with a lease time set to a value of 100 minutes responds to a DHCP client request as follows:

Requests for a lease time of 50 get a lease time of 100 minutes.

Requests for a lease time of 75000 minutes gets a lease time of 100 minutes.

Requests for a lease time of 1000 get a lease time of 1000 minutes.

Requests without a specified lease time get a lease time of 100 minutes.

Example

The following example sets the lease time to 60 minutes: 

Host> set dhcp leasetime 60

Related Command

show dhcp config

set dhcp netbiosscope

To add a character string value to the NetBIOS name, use the set dhcp netbios_scope command.

SEt DHcp NETBIOS_Scope [scopeid]

Syntax Description

scopeid

A character string to be appended to the NetBIOS name.


Default

None

Command Mode

System mode

Usage Guidelines

NetBIOS Scope, also known as TCP/IP Scope, adds a second element to the single-element NetBIOS computer name. The scope ID is a character string value appended to the NetBIOS name and is used for all NBT (NetBIOS over TCP/IP) communications from that computer. The character string can be multipart, and it is a limited method of creating isolated subnets based on NetBIOS names, using an extension to the name.

Example

The following example adds a character string to the NetBIOS computer name: 

Host> set dhcp netbios_scope cntrl

Related Command

show dhcp config

set dhcp netmask

To set the subnet mask for DHCP clients, use the set dhcp netmask command.

SEt DHcp NEtmask nnn.nnn.nnn.nnn

Syntax Description

nnn.nnn.nnn.nnn

Subnet mask for the DHCP clients. Use a 32-bit quantity in four-part dotted decimal format.


Default

If the DHCP server is enabled and there are no DHCP parameters configured, a default value of the LAN or Internal profile's netmask or 255.0.0.0 is set.

Command Mode

System mode

Usage Guidelines

Make sure the DHCP subnet mask matches the LAN or Internal profiles (whichever is configured) for proper operation.

Example

The following example configures a DHCP subnet mask: 

Host> set dhcp netmask 255.255.255.0

Related Commands

reset dhcp
set dhcp
set dhcp address
set dhcp dns
set dhcp gateway
set dhcp wins
show dhcp config

set dhcp wins

To specify the WINS server for DHCP clients, use the set dhcp wins command.

SEt DHcp WIns PRimary | SEcondary serveraddress

Syntax Description

PRimary

Primary DHCP WINS server address.

SEcondary

Secondary DHCP WINS server address.

serveraddress

IP address of the primary or secondary WINS server. To delete the WINS server, use 0.0.0.0 for the IP address.


Default

None

Command Mode

System mode

Example

The following example specifies a WINS server for a DHCP client: 

host> set dhcp wins primary 140.10.6.5

host> set dhcp wins secondary 140.10.6.6

Related Commands

reset dhcp
set dhcp
set dhcp address
set dhcp dns
set dhcp gateway
set dhcp netmask
show dhcp config

set gateway

To set a static default route pointing at the router profile's connection interface, use the set gateway command.

SEt GAteway ipaddress

Syntax Description

ipaddress

IP address of the profile's interface in four-part dotted decimal format.


Default

0.0.0.0

Command Mode

System mode

Example

The following example configures a default static route to the Internal profile's connection: 

Host> set gateway 150.150.10.10

set ip address

To set the IP address for any interface, use the set ip address command.

SEt IP ADdress ipaddress

Syntax Description

ipaddress

IP address for the interface in four-part dotted decimal format. To delete the IP address of an interface, use this command with 0.0.0.0 as the IP address.


Default

0.0.0.0

Command Mode

Profile mode

Example

The following example configures the user-defined profile 2503 connection with an IP address: 

Host:2503> set ip address 150.150.10.17

set ip cost

To set the cost metric to the next destination, use the set ip cost command.

SEt IP COst value

Syntax Description

value

Number of routers between this router and the destination network.


Default

The default cost value is 1.

Command Mode

System or profile mode

Usage Guidelines

Entering this command while in profile mode applies the cost to that profile connection. Entering this command in system mode applies the cost to the Internal profile.

Example

The following example configures profile 2503 with a cost parameter of 2: 

Host:2503> set ip cost 2

set ip filter

To create an IP filter, use the set ip filter command.

SEt IP FIlter [[type] IN | OUt [SOurce = [NOT] address] [DEstination= [NOT] address]] | [IN | OUt [patternname]^8] [BLock | ACcept | DEmand | IGnore]

Syntax Description

type

One of the following keywords corresponding to an IP packet type:

icmp—Internet Control Message Protocol (ICMP) packets.

icmpxrd—ICMP packets, except redirect packets.

icmprd—ICMP redirect packets.

tcp—Transmission Control Protocol (TCP) packets.

tcpsyn—TCP SYN (connection establishment) packets.

tcpxsyn—TCP packets, except SYN.

udp—User Datagram Packets.

If no packet type is specified, the filter is applied to all IP packets.

IN

Filters on incoming packets to a profile.

OUt

Filters on outgoing packets to a profile.

SOurce address

Applies filters only to packets sourced from this address.

Using the source not address keyword applies the filter to any packet that is not from the IP address specified in the command.

DEstination address

Applies filters to all packets destined for this address.

Using the destination not address keyword applies the filter to any packet that is not destined for the IP address specified in the command.

address

IP address is entered in the following format:

ipaddress [/bits] [:loport] [+ | -] [hiport]

ipaddress—The source or destination IP address. Use a 32-bit quantity in four-part dotted decimal format, for example 10.1.1.0.

/bits—The number of significant bits in the IP address, counting from the left, for example, Class C = 24 bits or 255.255.255.0.

low-port—The lowest port number matched by the filter.

If followed by a plus sign (+), all ports greater than this port are matched by the filter.

If followed by a minus (-), all ports between this port and the high port are matched by the filter.

hiport—The highest port number matched by the filter.

Low port and high port arguments can only be used if the packet type is set to tcp or udp.

patternname

The pattern value is 6 bytes, a maximum of 8 patterns are allowed, and the patterns should be set by the set pattern command before using this command. When defining a pattern filter with the set pattern command, the reference points of each pattern should be iphdr, tcphdr, udphdr, tcpdata, or udpdata. Using this field excludes the source and destination fields.

BLock

Prevents the packets defined in the filter from being sent on to the connection.

ACcept

Allows the packets defined in the filter to be sent on to the connection.

DEmand

Packets that match the filter are counted in the threshold values that keep the WAN connected or bring it up if it is down.

IGnore

Packets matching the filter are not counted in the threshold values that keep the WAN connected. If the WAN is not up when the ignored packet is received, the packet is dropped; otherwise the packet is forwarded.


Default

No IP filters are configured.

Command Mode

Profile mode

Usage Guidelines

IP filters can be created based on the source address, destination address, or existing byte patterns set by the set pattern command. Entering this command while in profile mode applies the IP filter to that profile connection. Entering this command in system mode applies the IP filter to the Internal profile.

When IP filter is set with type TCP and port 21 (FTP), the FTP session fails because any TCP packet with a destination port other than 21 is filtered.

To ensure the FTP session is successful, do not specify the FTP port; for example: 

host> set ip filter TCP out destination a.b.c.d/32:21 accept

Refer to the "" appendix for further information.

The maximum offset a byte pattern can have is 255 bytes from the reference point.

The maximum number of patterns that can be specified is 20.

Packets that do not match any filters are processed as follows:

If any one of the filters is set to accept, a packet that does not match at least one of the filters is blocked.

If all the filters are set to block, a packet that does not match any filter is accepted.

If any one of the filters is set to demand, a packet that does not match a demand filter is ignored.

If any one of the filters is set to ignore, a packet that does not match an ignore filter is treated as demand.

Examples

An incoming packet addressed to TCP port 25 is accepted: 

Host:2503> set ip filter tcp in source=198.95.216.125:25 accept

An incoming TCP packet, where the TCP data portion is the start width of the pattern defined by tcppat1, is blocked: 

Host:2503> set ip filter in tcppat1 block

An outgoing TCP packet addressed to port 23 is blocked: 

Host:2503> set pat1 pattern 00 17 offset 2 from TCPHDR

Host:2503> set ip filter out pat1 block

The following example demonstrates the packet filtering process. A packet is compared with filter statements until it matches a filter or until all the filters have been tested. 

system:2503> set ip filter out tcppat1 accept

system:2503> set ip filter out udppat1 block

system:2503> set ip filter out udppat2 accept

If the packet matches the first filter, it is accepted and forwarded (bringing up the WAN if necessary). If it matches the second filter, the packet is blocked. If it matches the third filter, it is accepted and forwarded. If the packet does not match any of the filters, it is blocked.

In the following example, if an outgoing packet matches the first filter, it is counted in the threshold values and forwarded (bringing up the WAN if necessary). If it matches the second filter, the packet is ignored with regards to the threshold values. If a packet matches the third filter, it is demanded, the WAN is brought up, the packet is forwarded, and the threshold value increments. If the packet does not match any of the filters, it is ignored. 

system:2503> set ip filter out tcppat1 demand

system:2503> set ip filter out udppat1 ignore

system:2503> set ip filter out udppat2 demand

In the following example, an outgoing packet is compared with each filter. If the packet does not match any of the filters, it is blocked and ignored because an accept filter is defined. 

system:2503> set ip filter out tcppat1 accept

system:2503> set ip filter out udppat1 block

system:2503> set ip filter out udppat2 demand

system:2503> set ip filter out tcppat2 ignore

In the following example, an outgoing packet that does not match any of the filters is accepted and ignored because there is one demand filter defined. 

system:2503> set ip filter out tcppat1 block

system:2503> set ip filter out udppat1 demand

system:2503> set ip filter out udppat2 ignore

Related Commands

reset ip filter
set pattern
show filter
show pattern

set ip framing

To set the type of encapsulation used for IP packets, use the set ip framing command.

SEt IP FRaming EThernet_II | NOne

Default

Ethernet_II for 3.x
None for 4.x user-defined profiles
Ethernet_II for 4.x LAN and Internal profiles

Command Mode

Profile mode

Syntax Description

EThernet_II

Sets packet framing to the standard IEEE Ethernet_II frame encapsulation.

NOne

Sets packet framing to Internet Protocol Control Protocol (IPCP). Use this keyword when using Point-to-Point Protocol (PPP).


Usage Guidelines

The router can be assigned an IP address from the remote device using Internet Protocol Control Protocol (IPCP) address negotiation. It supports IPCP options 1 and 3. (It does not support option 2, TCP/IP Header Compression.) IP unnumbered is supported. IPCP address negotiation is on by default in any profile configured for IP routing. This feature does not support assigning addresses to remote devices.

Example

The following example configures profile 2503 for Ethernet II packet framing: 

Host:2503> set ip framing ethernet

set ip multicast

To enable IP multicast forwarding, use the set ip multicast command.

SEt IP MUlticast ON | OFf

Syntax Description

ON

Enable multicast.

OFf

Disable multicast.


Default

Multicast forwarding will be turned off.

Command Mode

Profile mode

Usage Guidelines

Entering this command while in a particular profile enables the forwarding of multicast packets received from that interface to all the other interfaces that have IP multicast turned on.

For IP multicast, the Cisco IOS-700 software does not support IGMP (Internet Group Membership Protocol), PIM (Protocol Independence Multicast), or DVMRP (Distance Vector Multicast Routing Protocol) protocols. It recognizes only the multicast packets and forwards them to all active interfaces. However, as a router, the Cisco IOS-700 software decrements the TTL (time to live) of multicast packets. Most IP multicast packets have a TTL of 1, which results in dropping these packets before they are forwarded to other active interfaces.

To overcome this limitation, it is recommended that the Multicast application generate packets with TTL values greater than 1. When the Cisco IOS-700 software decrements the TTL, it remains a positive value to be forwarded to other interfaces.

set netbios name spoofing

To enable or disable spoofing for NetBIOS, use the set netbios name spoofing command. Spoofing prevents unnecessary NetBIOS name query request packets from being transmitted across the ISDN line.

SEt NETBIos Name Spoofing minutes | OFf

Syntax Description

minutes

Sets NetBIOS name spoofing for an ISDN connection for a specified number of minutes. The range is 1 to 32,000 minutes. For an idle ISDN connection, if spoofing is already turned on, the spoofing time is reset to the number of minutes specified. If spoofing is turned off, spoofing does not start until the ISDN line is brought up.

OFf

Disables NetBIOS name spoofing.


Default

Off

Command Mode

Profile mode

Usage Guidelines

When a user turns on NetBIOS name spoofing on the outgoing user profile for the WINS server, and a local WINS client sends a NetBIOS name query request packet, if the router has the answer to the query, it replies by sending a response packet. If the router does not have the answer to the query, the request is forwarded to the remote WINS server. When the answer comes back from the WINS server, it forwards the response to the local WINS client.

The router keeps a database of up to 100 NetBIOS name entries and has an aging scheme for out-of-date name entries. The aging timeout is 4 hours for each entry.

Example

The following example enables NetBIOS name spoofing for 1 hour on the profile 2503: 

Host:2503> set netbios name spoofing 60

Related Commands

set ip config
show netbios name spoofing

set ip netmask

To set the subnet mask for an interface, use the set ip netmask command. To delete the subnet mask for an interface, enter this command with 0.0.0.0 as the subnet node.

SEt IP NEtmask mask

Syntax Description

mask

Subnet mask for the profile interface. Use a 32-bit quantity in four-part dotted decimal format.


Default

0.0.0.0

Command Mode

System or profile mode

Usage Guidelines

Entering this command while in profile mode applies the IP netmask to the connection created for that user. Entering this command in system mode applies the IP netmask to the Internal profile.

Example

The following example configures the subnet mask for profile 2503: 

Host:2503> set ip netmask 255.255.255.0

Related Command

set subnet mask

set ip pat

To enable or disable IP Port Address Translation (PAT), use the set ip pat command.

SEt IP PAt ON | OFf

Syntax Description

ON

PAT is enabled and will reset and flush the PAT internal tables.

OFf

PAT is disabled.


Default

Off

Command Mode

Profile mode

Usage Guidelines

The set ip pat command turns IP update off and propagate on. PAT cannot be turned on at an internal, standard, or LAN profile for software Release 4.0(1). When PAT is turned on, the maximum number of user profiles is two.

Example

The following example disables PAT: 

Host:2503> set ip pat off

Related Command

show ip pat

set ip pat porthandler

To set up the PAT port handler for a decimal port number, use the set ip pat porthandler command.

SEt IP PAt POrthandler DEfault | TElnet | FTp | SMtp | WIns | HTtp | portnumber ipaddress | OFf

Syntax Description

DEfault

The IP addresses specified are the default handlers for all ports, except ports specifically assigned a handler. Use the show ip pat command to show the current assignments.

TElnet

Telnet protocol port 23.

FTp

File Transport Protocol (FTP) protocol port 21.

SMtp

Simple Mail Transfer Protocol (SMTP) protocol port 25.

WIns

NetBIOS session service port 139.

HTtp

World Wide Web - HTTP and secure HTTP port 80,443.

portnumber

The TCP/UDP port numbers in decimal.

ipaddress

Local unregistered IP address.



Default

None

Command Mode

System mode

Usage Guidelines

The port handler maps a public port to a private IP address. When a packet is received from the outside, Port Address Translation (PAT) compares the port number with an internally configured port handler list (15 entries, maximum), and if there is a port handler defined for this port, it routes the packet to the appropriate port handler. If there is a default port handler defined, it routes the packet there. If it fails to find entries for the above two cases, the router itself handles the packet.

The PAT feature enables local hosts with designated private IP addresses to communicate with the outside world. The router translates the source address of the IP header with a single, global, unique IP address before the packet is forwarded to the outside world. Likewise, IP packets on the return path go through address translations to the designated private IP addresses. When PAT is enabled, the transmission of RIP packets is automatically disabled to prevent leaking private IP addresses to the outside world.

This system mode command sets up a port handler for one of the IP applications defined by the mnemonics or for a decimal port number defined by port_number. For example, to define the port 21 (decimal) service handler (for private IP address 10.1.3.1), use set ip pat porthandler 21 10.1.3.1.

To undefine the port handler, use set ip pat porthandler 10.1.3.1 off.

There is a limit of 15 entries for this command.

Since PAT takes away the end-to-end significance of an IP address, there are limitations when PAT is enabled:

PING from an outside host to a host in the private network ends at the router and is not forwarded to the inside host.

Telnet from an outside host to a host in the private network also ends at the router if there is no telnet port handler defined.

Only one inside or private WWW server is supported. WWW linkages with other inside hosts or servers are not translated.

Only one FTP server, Telnet server and so forth is supported in the inside network.

Packets destined for the router itself, such as DHCP, SNMP, PING, and TFTP, are not subject to the PAT.

A maximum of 12 PCs can simultaneously boot in the inside network. If more than 12 PCs try to boot up simultaneously, one or more can get the error message about not being able to access the server.

400 PAT entries are allocated for sharing among the inside machines. If TCP connections are set up, and TCP timeouts are set to keep alive, no more than 400 machines can get to the outside world.

The Cisco 700 PAT feature does not handle fragmented FTP packets.

Multidestination with unnumbered links does not work for PAT and is not recommended.

Some well-known ports cannot have port handlers defined. They include the DHCP client port, used by the router in getting DHCP server responses, and the WINS netbios ports, used by Inside Windows 95 PCs to get WINS information.

Example

The following example is the PAT configuration used to translate traffic to and from an FTP server with IP address 10.0.0.3 and a Web server with IP address 10.0.0.5 that reside on the private LAN: 

(System Level)

Host> set system 760

Host> set user remote


(User Profile)

760:remote> set active remote

760:remote> set ip routing on

760:remote> set ip pat on

760:remote> cd


(System Level)

Host> set ip pat porthandler ftp 10.0.0.3 

Host> set ip pat porthandler http 10.0.0.5

Related Commands

show ip pat
set ip pat

set ip pat tcptimeout

To set the timeout value for port usage over Transmission Control Protocol (TCP), use the set ip pat tcptimeout command.

SEt IP PAt TCptimeout minutes

Syntax Description

minutes

Timeout value for TCP port usage. If the port is idle for the time selected, the connection is terminated. If there is activity on the port before the end of the timeout, the clock is reset to zero and restarts.


Default

30 minutes

Command Mode

System mode

Example

The following example sets the TCP timeout for 60 minutes: 

Host:2503> set ip pat tcptimeout 60

Related Command

show ip pat

set ip pat udptimeout

To set the timeout value for the port usage over User Datagram Protocol (UDP), use the set ip pat udptimeout command.

SEt IP PAt UDPTimeout minutes

Syntax Description

minutes

The timeout value for the UDP port usage. If the port is idle for the time selected, the connection is terminated. If there is activity on the port before the end of the timeout, the clock is reset to zero and restarts.


Default

5 minutes

Command Mode

System mode

Example

The following example sets the UDP timeout for 10 minutes: 

Host:2503> set ip pat udptimeout 10

Related Command

show ip pat

set ip propagate

To set whether a route over the Ethernet interface is propagated in Routing Information Protocol (RIP) broadcast messages, use the set ip propagate command.

SEt IP PROpagate ON | OFf

Syntax Description

ON

Routes over the profile interface are propagated in RIP broadcast messages whenever the connection is active.

OFf

Routes over the profile interface are not be propagated in RIP broadcast messages.


Default

On

Command Mode

System or profile mode

Usage Guidelines

Entering this command in profile mode applies the IP propagate parameters to that profile's connection. Entering this command in system mode applies the IP propagate parameters to the Internal profile.

Example

The following example configures any route over the profile 2503 connection to be propagated in RIP broadcast messages: 

Host:2503> set ip propagate on

set ip rip receive

To set whether Routing Information Protocol (RIP) packets are received, use the set ip rip receive command.

SEt IP RIp REceive BOth | V1 | V2 | OFf

Syntax Description

BOth

Both versions 1 and 2 packets will be received.

V1

RIP version 1 packet will be received.

V2

RIP version 2 packet will be received.

OFf

RIP packets will not be received on the profile's interface.


Default

Off

Command Mode

System or profile mode

Usage Guidelines

Entering this command in profile mode applies the RIP receive parameters to that profile's connection. Entering this command in system mode applies the RIP receive parameters to the Internal profile.

Example

The following example configures the connection for profile 2503 to block RIP packets: 

Host:2503> set ip rip receive off

set ip rip snapshot client

To set up the snapshot client parameters for a given profile, use the set ip rip snapshot client command.

SEt IP RIp SNapshot Client ACtive minutes QUiet minutes UPdate ON | OFf

Syntax Description

ACtive minutes

The duration in minutes for the active period when routing information is exchanged or the quiet period when no routing information is exchanged. Range is from 1 to 70,000 minutes.

UPdate ON

Configures the client to send routing information as soon as it enters