Table Of Contents
ip authentication key-chain eigrp
ip rip authentication key-chain
I Commands
This chapter describes the Cisco NX-OS unicast routing commands that begin with the letter I.
ip (GLBP)
To activate the Gateway Load Balancing Protocol (GLBP) for a group, use the ip command. To disable GLBP in the group, use the no form of this command.
ip [ip-address [secondary]]
no ip [ip-address [secondary]]
Syntax Description
Defaults
Disabled
Command Modes
GLBP configuration
Supported User RolesNetwork Administrator
VDC AdministratorCommand History
Usage Guidelines
Use the ip command to activate GLBP on the configured interface. If you configure a virtual IP address, that address is the designated virtual IP address for the entire GLBP group. If you do not configure a virtual IP address, the gateway learns the virtual IP address from another gateway in the same GLBP group. To allow GLBP to elect an active virtual gateway (AVG), you must configure at least one gateway on the LAN with a virtual IP address.
Configuring the virtual IP address on the AVG always overrides a virtual IP address that is in use.
When you configure the ip command on an interface, the handling of proxy Address Resolution Protocol (ARP) requests changes (unless proxy ARP was disabled). Hosts send ARP requests to map an IP address to a MAC address. The GLBP gateway intercepts the ARP requests and replies to the ARP requests on behalf of the connected nodes. If a forwarder in the GLBP group is active, proxy ARP requests are answered using the MAC address of the first active forwarder in the group. If no forwarder is active, proxy ARP responses are suppressed.
Note
You must configure all GLBP options before you use the ip command to assign a virtual IP address and activate the GLBP group.
This command does not require a license.
Examples
The following example shows how to activate GLBP for group 10 on Ethernet interface 1/1. The virtual IP address used by the GLBP group is set to 192.0.2.10.
switch(config)# interface ethernet 1/1switch(config-if)# ip address 192.0.2.32 255.255.255.0switch(config-if)# glbp 10switch(config-glbp)# ip 192.0.2.10The following example shows how to activate GLBP for group 10 on Ethernet interface 2/1. The virtual IP address used by the GLBP group will be learned from another gateway configured to be in the same GLBP group.
switch(config)# interface ethernet 2/1switch(config-if)# glbp 10switch(config-glbp)# ipRelated Commands
glbp
Enters GLBP configuration mode and creates a GLBP group.
show glbp
Displays GLBP information.
ip (HSRP)
To assign a virtual address to an HSRP group, use the ip command. To disable HSRP in the group, use the no form of this command.
ip [ip-address [secondary]]
no ip [ip-address [secondary]]
Syntax Description
Defaults
Disabled
Command Modes
HSRP configuration
Supported User RolesSuperuser
VDC administratorCommand History
Usage Guidelines
Use the ip command to activate HSRP on the configured interface. If you configure a virtual IP address, that address is the designated virtual IP address for the entire HSRP group. If you do not configure a virtual IP address, the gateway learns the virtual IP address from another gateway in the same HSRP group. To allow HSRP to elect an active virtual gateway (AVG), you must configure at least one gateway on the LAN with a virtual IP address.
Configuring the virtual IP address on the AVG always overrides a virtual IP address that is in use.
When you configure the ip command on an interface, the handling of proxy Address Resolution Protocol (ARP) requests changes (unless proxy ARP was disabled). Hosts send ARP requests to map an IP address to a MAC address. The HSRP gateway intercepts the ARP requests and replies to the ARP requests on behalf of the connected nodes. If a forwarder in the HSRP group is active, proxy ARP requests are answered using the MAC address of the first active forwarder in the group. If no forwarder is active, proxy ARP responses are suppressed.
Note
This command does not require a license.
Examples
This example shows how to activate HSRP for group 10 on Ethernet interface 1/1. The virtual IP address used by the HSRP group is set to 192.0.2.10.
switch# config tswitch(config)# interface ethernet 1/1switch(config-if)# ip address 192.0.2.32 255.255.255.0switch(config-if)# hsrp 10switch(config-hsrp)# ip 192.0.2.10This example shows how to activate HSRP for group 10 on Ethernet interface 2/1. The virtual IP address used by the HSRP group will be learned from another gateway configured to be in the same HSRP group.
switch(config)# interface ethernet 2/1switch(config-if)# hsrp 10switch(config-hsrp)# ipThis example shows how to activate HSRP for group 2 on Ethernet interface 1/1 and creates a secondary IP address on the interface:switch# config tswitch(config)# interface ethernet 1/1switch(config-if)# ip address 20.20.20.1 255.255.255.0 secondaryswitch(config-if)# ip address 10.10.10.1 255.255.255.0switch(config-if)# hsrp 2switch(config-if-hsrp)# ip 10.10.10.2switch(config-if-hsrp)# ip 20.20.20.2 secondaryRelated Commands
ip arp gratuitous
To enable gratuitous Address Resolution Protocol (ARP), use the ip arp gratuitous command. To disable gratuitous ARP, use the no form of this command.
ip arp gratuitous {request | update}
no ip arp gratuitous {request | update}
Syntax Description
request
Enables sending gratuitous ARP requests when a duplicate address is detected.
update
Enables ARP cache updates for gratuitous ARP.
Defaults
Enabled.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to disable gratuitous ARP request on interface Ethernet 2/1:
switch(config)# interface ethernet 1/2switch(config-if)# ip arp requestRelated Commands
ip authentication key-chain eigrp
To enable authentication for the Enhanced Interior Gateway Routing Protocol (EIGRP) packets and to specify the set of keys that can be used on an interface, use the ip authentication key-chain eigrp command. To prevent authentication, use the no form of this command.
ip authentication key-chain eigrp instance-tag name-of-chain
no ip authentication key-chain eigrp instance-tag name-of-chain
Syntax Description
instance-tag
Name of EIGRP instance. The instance-tag can be any case-sensitive alphanumeric string up to 64 characters.
name-of-chain
Group of keys that are valid.
Defaults
No authentication is provided for EIGRP packets.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
You must set the authentication mode using the ip authentication mode eigrp command in interface configuration mode. You must separately configure a key chain using the key-chain command to complete the authentication configuration for an interface.
This command requires the Enterprise Services license.
Examples
The following example shows how to configure the interface to accept and send any key that belongs to the key-chain trees:
switch(config)# router eigrp 209switch(config-router)# interface ethernet 1/2switch(config-if)# ip authentication key-chain eigrp 209 treesRelated Commands
ip authentication mode eigrp
Sets the authentication mode for EIGRP on an interface.
key-chain
Creates a set of keys that can be used by an authentication method.
ip as-path access-list
Use the ip as-path access-list command to configure an access-list filter for Border Gateway Protocol (BGP) autonomous system (AS) numbers. To remove the filter, use the no form of this command.
ip as-path access-list name {deny | permit} regexp
no ip as-path access-list name {deny | permit} regexp
Syntax Description
Defaults
None
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip as-path access-list command to configure an autonomous system path filter. You can apply autonomous system path filters to both inbound and outbound BGP paths. Each filter is defined by the regular expression. If the regular expression matches the representation of the autonomous system path of the route as an ASCII string, then the permit or deny condition applies. The autonomous system path should not contain the local autonomous system number.
This command does not require a license.
Examples
This example shows how to configure an AS path filter for BGP to permit AS numbers 55:33 and 20:01 and apply it to a BGP peer for inbound filtering:
switch# configure terminalswitch(config)# ip as-path access-list filter1 permit 55:33,20:01switch(config) router bgp 33:20switch(config-router)# neighbor 192.0.2.1/16 remote-as 99:20switch(config-router-neighbor)# address-family ipv4 unicastswitch(config-router-neighbor-af)# filter-list filter1 inRelated Commands
filter-list
Assigns an AS path filter to a BGP peer.
show ip as-path access-list
Displays information about IP AS path access-lists.
ip authentication mode eigrp
To specify the type of authentication used in the Enhanced Interior Gateway Routing Protocol (EIGRP) packets, use the ip authentication mode eigrp command. To remove authentication, use the no form of this command.
ip authentication mode eigrp instance-tag md5
no ip authentication mode eigrp instance-tag md5
Syntax Description
instance-tag
Name of EIGRP instance. The instance-tag can be any case-sensitive alphanumeric string up to 64 characters.
md5
Specifies Message Digest 5 (MD5) authentication.
Defaults
None
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command requires the Enterprise Services license.
Examples
The following example shows how to configure the interface to use MD5 authentication:
switch(config)# router eigrp 209switch(config-router)# interface ethernet 1/2switch(config-if)# ip authentication mode eigrp 209 md5Related Commands
ip bandwidth eigrp
To configure the bandwidth metric on an Enhanced Interior Gateway Routing Protocol (EIGRP) interface, use the ip bandwidth eigrp command. To restore the default, use the no form of this command.
bandwidth eigrp instance-tag bandwidth
no bandwidth eigrp
Syntax Description
instance-tag
Name of EIGRP instance. The instance-tag can be any case-sensitive alphanumeric string up to 64 characters.
bandwidth
Bandwidth value. The range is from 1 to 10,000,000 kilobits.
Defaults
None
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command requires the Enterprise Services license.
Examples
The following example shows how to configure EIGRP to use a bandwidth metric of 10000 in autonomous system 209:
switch(config)# router eigrp 209switch(config-router)# interface ethernet 2/1switch(config-if)# ip bandwidth eigrp 209 10000Related Commands
ip bandwidth-percent eigrp
Sets the percent of the interface bandwidth that EIGRP can use.
ip bandwidth-percent eigrp
To configure the percentage of bandwidth that may be used by the Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip bandwidth-percent eigrp command. To restore the default, use the no form of this command.
bandwidth-percent eigrp instance-tag percent
no bandwidth-percent eigrp
Syntax Description
instance-tag
Name of EIGRP instance. The instance-tag can be any case-sensitive alphanumeric string up to 64 characters.
percent
Percentage of bandwidth that EIGRP may use.
Defaults
percent: 50
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
EIGRP uses up to 50 percent of the bandwidth of a link, as defined by the ip bandwidth interface configuration command. Use the ip bandwidth-percent command to change this default percent.
This command requires the Enterprise Services license.
Examples
The following example shows how to configure EIGRP to use up to 75 percent of an interface in autonomous system 209:
switch(config)# router eigrp 209switch(config-router)# interface ethernet 2/1switch(config-if)# ip bandwidth-percent eigrp 209 75Related Commands
ip community-list
To create a community list entry, use the ip community-list global configuration command. To remove the entry, use the no form of this command.
ip community-list standard list-name {deny | permit} {aa:nn | internet | local-AS | no-advertise | no-export}
no ip community-list standard list-name
ip community-list expanded list-name {deny | permit} regexp
no ip community-list expanded list-name
Syntax Description
Defaults
Community exchange is not enabled by default.
Command Modes
Global configuration (config)
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The ip community-list command is used to configure BGP community filtering. BGP community values are configured as a 4-byte number. The first two bytes represent the autonomous system number, and the trailing two bytes represent a user-defined network number. Named and numbered community lists are supported. BGP community attribute exchange between BGP peers is enabled when the neighbor send-community command is configured for the specified neighbor. The BGP community attribute is defined in RFC 1997 and RFC 1998.
BGP community exchange is not enabled by default. It is enabled on a per-neighbor basis with the neighbor send-community command. The Internet community is applied to all routes or prefixes by default, until any other community value is configured with this command or the set community command.
Once a permit value has been configured to match a given set of communities, the community list defaults to an implicit deny for all other community values.
Standard Community Lists
Standard community lists are used to configure well-known communities and specific community numbers. You can pick more than one of the optional community keywords.A maximum of 16 communities can be configured in a standard community list. If you attempt to configure more than 16 communities, the trailing communities that exceed the limit are not processed or saved to the running configuration file.
You can configure up to 32 communities.
Expanded Community Lists
Expanded community lists are used to filter communities using a regular expression. Regular expressions are used to configure patterns to match community attributes. The order for matching using the * or + character is longest construct first. Nested constructs are matched from the outside in. Concatenated constructs are matched beginning at the left side. If a regular expression can match two different parts of an input string, it will match the earliest part first.
Community List Processing
When multiple values are configured in the same community list statement, a logical AND condition is created. All community values must match to satisfy an AND condition. When multiple values are configured in separate community list statements, a logical OR condition is created. The first list that matches a condition is processed.
This command does not require a license.
Examples
In the following example, a standard community list is configured that routes with this community are advertised to all peers (internal and external):
switch(config)# ip community-list standard test1 permit internetswitch(config)#In the following example, a standard community list is configured that permits routes from:
•
•
This example shows a logical AND condition; all community values must match in order for the list to be processed:
switch(config)# ip community-list standard test1 permit 65534:40 65412:60 no-exportswitch(config)#In the following example, a standard community list is configured to deny routes that carry communities from network 40 in autonomous system 65534 and from network 60 in autonomous system 65412. This example shows a logical AND condition; all community values must match in order for the list to be processed.
switch(config)# ip community-list standard test2 deny 65534:40 65412:60In the following example, a named standard community list is configured that permits all routes within the local autonomous system or permits routes from network 20 in autonomous system 40000. This example shows a logical OR condition; the first match is processed.
switch(config)# ip community-list standard RED permit local-ASswitch(config)# ip community-list standard RED permit 40000:20switch(config)#In the following example, an expanded community list is configured that will deny routes that carry communities from any private autonomous system:
switch(config)# ip community-list expanded 500 deny _64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_switch(config)#In the following example, a named expanded community list configured that denies routes from network 1 through 99 in autonomous system 50000:
switch(config)# ip community-list list expanded BLUE deny 50000:[0-9][0-9]_switch(config)#ip delay eigrp
To configure the throughput delay for the Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip delay eigrp command. To restore the default, use the no form of this command.
ip delay eigrp instance-tag seconds
no ip delay eigrp instance-tag
Syntax Description
Defaults
100 (10-microsecond units).
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
You configure the throughput delay on an interface in 10-microsecond units. For example, if you set ip delay eigrp command to 100, the throughput delay is 1000 microseconds.
This command requires the Enterprise Services license.
Examples
The following example shows how to set the delay to 400 microseconds for the interface:
switch(config)# router eigrp 1switch(config-router)# interface ethernet 2/1switch(config-if)# ip delay eigrp 1 40Related Commands
ip hello-interval eigrp
Configures the hello interval on an interface for the EIGRP routing process that is designated by an autonomous system number.
ip distribute-list eigrp
To configure a distribution list for the Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip distribute-list eigrp command. To restore the default, use the no form of this command.
ip distribute-list eigrp instance-tag {prefix-list list-name | route-map map-name} {in | out}
no ip distribute-list eigrp instance-tag {prefix-list list-name | route-map map-name} {in | out}
Syntax Description
Defaults
None
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip distribute-list eigrp command to configure a route filter policy on an interface. You must configure the named route map or prefix list to complete this configuration.
This command requires the Enterprise Services license.
Examples
The following example shows how to configure a route map for all EIGRP routes coming into the interface:
switch(config)# router eigrp 209switch(config-router)# interface ethernet 2/1switch(config-if)# ip distribute-list eigrp 209 route-map InputFilter inRelated Commands
ip domain-list
To configure the IP domain list, use the ip domain-list command. To disable the IP domain list, use the no form of the command.
ip domain-list domain-name[use-vrf name]
no ip domain-list domain-name [use-vrf name]
Syntax Description
Defaults
None
Command Modes
Global configuration
VRF context configurationSupported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip domain-list command to configure additional domain names for the device. Use the vrf context command to enter the VRF context mode to configure additional domain names for a particular VRF.
This command does not require a license.
Examples
The following example configures the IP domain list for the default VRF.
switch# config terminalswitch(config)# ip domain-list Mysite.comThe following example configures the IP domain list for the management VRF.
switch# config terminalswitch(config)# vrf context managementswitch(config-vrf)# ip domain-list Mysite.comThe following example configures the IP domain list for the default VRF to use the management VRF as a backup if the domain name cannot be resolved through the default VRF.
switch# config terminalswitch(config)# ip domain-list Mysite.com use-vrf managementRelated Commands
ip domain-lookup
To enable the Domain Name Server (DNS) lookup feature, use the ip domain-lookup command. Use the no form of this command to disable this feature.
ip domain-lookup
no ip domain-lookup
Syntax Description
This command has no arguments or keywords.
Defaults
None
Command Modes
Global configuration mode.
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip domain-lookup command to enable DNS.
This command does not require a license.
Examples
The following example configures a DNS server lookup feature.
switch# config terminalswitch(config)# ip domain-lookupRelated Commands
ip domain-name
To configure a domain name, use the ip domain-name command. To delete a domain name, use the no form of the command.
ip domain-name domain-name [use-vrf name]
no ip domain-name domain-name [use-vrf name]
Syntax Description
Defaults
None
Command Modes
Global configuration
VRF context configurationSupported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip domain-name command to configure the domain nams for the device. Use the vrf context command to enter the VRF context mode to configure the domain namesfor a particular VRF.
This command does not require a license.
Examples
The following example configures the IP domain name for the default VRF.
switch# config terminalswitch(config)# ip domain-name Mysite.comThe following example configures the IP domain name for the management VRF.
switch# config terminalswitch(config)# vrf context managementswitch(config-vrf)# ip domain-name Mysite.comThe following example configures the IP domain name for the default VRF to use the management VRF as a backup if the domain name cannot be resolved through the default VRF.
switch# config terminalswitch(config)# ip domain-name Mysite.com use-vrf managementRelated Commands
ip name-server
To configure a name server, use the ip name-server command. To disable this feature, use the no form of the command.
ip name-server ip-address [use-vrf name
no ip name-server ip-address [use-vrf name
Syntax Description
Defaults
None
Command Modes
Global configuration
VRF context configurationSupported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip name-server command to configure the name server for the device. Use the vrf context command to enter the VRF context mode to configure the domain namesfor a particular VRF.
This command does not require a license.
Examples
The following example configures the IP name server for the default VRF.
switch# config terminalswitch(config)# ip name-server 192.0.2.1The following example configures the the IP name server for the management VRF.
switch# config terminalswitch(config)# vrf context managementswitch(config-vrf)# iip name-server 192.0.2.1The following example configures the the IP name server for the default VRF to use the management VRF as a backup if the the IP name server cannot be reached through the default VRF.
switch# config terminalswitch(config)# ip name-server 192.0.2.1 use-vrf managementRelated Commands
ip eigrp shutdown
To shut down the Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip eigrp shutdown command. To restore the default, use the no form of this command.
ip eigrp instance-tag shutdown
no ip eigrp instance-tag shutdown
Syntax Description
instance-tag
Name of EIGRP instance. The instance-tag can be any case-sensitive alphanumeric string up to 64 characters.
Defaults
None
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command requires the Enterprise Services license.
Examples
The following example shows how to disable EIGRP on an interface:
switch(config)# router eigrp 201switch(config-router)# interface ethernet 2/1switch(config-if)# ip eigrp 201 shutdownRelated Commands
ip hello-interval eigrp
To configure the Enhanced Interior Gateway Routing Protocol (EIGRP) hello interval for an interface, use the ip hello-interval eigrp command. To restore the default, use the no form of this command.
ip hello-interval eigrp instance-tag seconds
no ip hello-interval eigrp instance-tag
Syntax Description
instance-tag
Name of EIGRP instance. The instance-tag can be any case-sensitive alphanumeric string up to 64 characters.
seconds
Hello interval (in seconds). The range is from 1 to 65535.
Defaults
5 seconds
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command requires the Enterprise Services license.
Examples
The following example shows how to set the hello interval to 10 seconds for the interface:
switch(config)# router eigrp 1switch(config-router)# interface ethernet 2/1switch(config-if)# ip hello-interval eigrp 1 10ip hold-time eigrp
To configure the hold time for an Enhanced Interior Gateway Routing Protocol (EIGRP) interface, use the ip hold-time eigrp command. To restore the default, use the no form of this command.
ip hold-time eigrp instance-tag seconds
no ip hold-time eigrp instance-tag
Syntax Description
instance-tag
Name of EIGRP instance. The instance-tag can be any case-sensitive alphanumeric string up to 64 characters.
seconds
Hold time (in seconds). The range is from 1 to 65535.
Defaults
15 seconds
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip hold-time eigrp command to increase the default hold time on very congested and large networks,
We recommend that you configure the hold time to be at least three times the hello interval. If a router does not receive a hello packet within the specified hold time, routes through this router are considered unavailable.
Increasing the hold time delays route convergence across the network.
This command requires the Enterprise Services license.
Examples
The following example shows how to set the hold time to 40 seconds for the interface:
switch(config)# router eigrp 209switch(config-router)# interface ethernet 2/1switch(config-if)# ip hold-time eigrp 209 40Related Commands
ip hello-interval eigrp
Configures the hello interval on an interface for the EIGRP routing process designated by an autonomous system number.
ip load-sharing address
To configure the load-sharing algorithm used by the unicast RIB, use the ip load-sharing address command. To restore the default, use the no form of this command.
ip load-sharing address {destination port destination | source-destination [port source-destination]} [universal-id seed]
no ip load-sharing address {destination port destination | source-destination [port source-destination]} [universal-id seed]
Syntax Description
Defaults
Destination address and port address.
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip load-sharing address command to set the load-sharing algorithm that the unicast RIB uses to select a path from the equal-cost paths in the RIB.
This command does not require license.
Examples
The following example shows how to set the load-sharing algorithm to use source and destination address:
switch(config)# ip load-sharing address source-destinationRelated Commands
show ip load-sharing
Displays the load-sharing algorithm.
show routing hash
Displays the path the RIB selects for a source/destination pair.
ip next-hop-self eigrp
To instruct the Enhanced Interior Gateway Routing Protocol (EIGRP) process to use the local IP address as the next-hop address when advertising these routes, use the next-hop-self eigrp command. To use the received next-hop value, use the no form of this command.
ip next-hop-self eigrp instance-tag
no ip next-hop-self eigrp instance-tag
Syntax Description
instance-tag
Name of EIGRP instance. The instance-tag can be any case-sensitive alphanumeric string up to 64 characters.
Defaults
EIGRP always sets the IP next-hop value to be itself.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
EIGRP, by default, sets the IP next-hop value to be itself for routes that it is advertising, even when advertising those routes on the same interface from which the router learned them. To change this default, you must use the no ip next-hop-self eigrp interface configuration command to instruct EIGRP to use the received next-hop value when advertising these routes.
Examples
The following example shows how to change the default IP next-hop value and instruct EIGRP to use the received next-hop value:
RP/0/RP0/CPU0:switch(config)# router eigrp 209RP/0/RP0/CPU0:switch(config-router)# interface ethernet 2/1RP/0/RP0/CPU0:switch(config-eigrp-af-if)# no ip next-hop-self eigrp 209ip offset-list eigrp
To configure an offset list for the Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip offset-list eigrp command. To restore the default, use the no form of this command.
ip offset-list eigrp instance-tag {prefix-list list-name | route-map map-name} {in | out} offset
no ip offset-list eigrp instance-tag {prefix-list list-name | route-map map-name} {in | out} offset
Syntax Description
Defaults
This command has no defaults.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip offset-list eigrp command to influence which route is advertised on an interface. Cisco NX-OS adds the configured offset value to any routes that match the configure prefix list or route map. You must configure the named route map or prefix list to complete this configuration.
This command requires the Enterprise Services license.
Examples
The following example shows how to configure an offset list filter to add 20 to the metric for EIGRP routes coming into the interface that match the route map OffsetFilter:
switch(config)# router eigrp 209switch(config-router)# interface ethernet 2/1switch(config-if)# ip offset-list eigrp 209 route-map OffsetFilter in 20Related Commands
ip ospf authentication
To specify the authentication type for an Open Shortest Path First (OSPF) interface, use the ip ospf authentication command. To remove the authentication type for an interface, use the no form of this command.
ip ospf authentication [key-chain key-name | message-digest | null]
no ip ospf authentication
Syntax Description
Defaults
No authentication
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf authentication command to configure the authentication mode for an OSPF interface. If you use this command with no keywords, use the ip ospf authentication-key command to configure the password. If you use the message-digest keyword, use the ip ospf message-digest-key command to configure the message-digest key for the interface.
The authentication that you configure on an interface overrides the authentication that you configure for the area.
This command requires the Enterprise Services license.
Examples
The following example shows how to configure message-digest authentication:
switch(config)# interface ethernet 2/1switch(config-if)# ip ospf authentication message-digestswitch(config-if)# ip ospf message-digest-key 33 md5 0 mypasswordRelated Commands
ip ospf authentication-key
To assign a password for simple password authentication to be used by neighboring Open Shortest Path First (OSPF) routers, use the ip ospf authentication-key command. To remove a previously assigned OSPF password, use the no form of this command.
ip ospf authentication-key [0 | 3] password
no ip ospf authentication-key
Syntax Description
0
Configures an unencrypted password.
3
Configure a 3DES encrypted password string.
password
Any continuous string of characters that can be entered from the keyboard up to 8 bytes.
Defaults
Unencrypted password
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf authentication-key command to configure a password for simple password authentication. The password created by this command is used as a key that is inserted directly into the OSPF header when Cisco NX-OS originates routing protocol packets. You can assign a separate password to each network on a per-interface basis. All neighboring routers on the same network must have the same password to be able to exchange OSPF information.
Note
This command requires the Enterprise Services license.
Examples
The following example shows how to configure an unencrypted authentication key with the string yourpass:
switch(config-if)# ip ospf authentication-key yourpassRelated Commands
area authentication
Specifies the authentication type for an OSPF area.
ip ospf authentication
Specifies the authentication type for an interface.
ip ospf cost
To specify the cost of sending a packet on an interface, use the ip ospf cost command. To reset the path cost to the default, use the no form of this command.
ip ospf cost interface-cost
no ip ospf cost interface-cost
Syntax Description
interface-cost
Unsigned integer value expressed as the link-state metric. The range is from 1 to 65535.
Defaults
Calculates the cost based on the reference bandwidth divided by the configured interface bandwidth. You can configure the reference bandwidth or it defaults to 40 Gb/s.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf cost command to configure the cost metric manually for each interface. This command overrides any settings for the reference bandwidth that you set using the reference-bandwidth command in router configuration mode.
If this command is not used, the link cost is calculated using the following formula:
link cost = reference bandwidth / interface bandwidth
This command requires the Enterprise Services license.
Examples
The following example shows how to configure the interface cost value to 65:
switch(config)# interface ethernet 1/2
switch(config-if)# ip ospf cost 65Related Commands
reference-bandwidth
Specifies the reference bandwidth that OSPF uses to calculate the link cost.
ip ospf dead-interval
To set the interval during which at least one hello packet must be received from a neighbor before the router declares that neighbor as down, use the ip ospf dead-interval command. To restore the default, use the no form of this command.
ip ospf dead-interval seconds
no ip ospf dead-interval
Syntax Description
Defaults
The default for seconds is four times the interval set by the ip ospf hello-interval command.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf dead-interval command to set the dead interval that OSPF advertises in hello packets. This value must be the same for all networking devices on a specific network.
Configure a shorter dead interval to detect down neighbors faster and improve convergence. Very short dead intervals could cause routing instability.
Use the show ip ospf interface command to verify the dead interval and hello interval.
This command requires the Enterprise Services license.
Examples
The following example shows how to set the OSPF dead interval to 20 seconds:
switch(config)# interface ethernet 1/2switch(config-if)# ip ospf dead-interval 20Related Commands
ip ospf hello-interval
Interval between hello packets that OSPF sends on the interface.
show ip ospf interface
Displays OSPF-related information.
ip ospf hello-interval
To specify the interval between hello packets that Open Shortest Path First (OSPF) sends on the interface, use the ip ospf hello-interval command. To return to the default, use the no form of this command.
ip ospf hello-interval seconds
no ip ospf hello-interval
Syntax Description
seconds
Specifies the interval (in seconds). The value must be the same for all nodes on a specific network. The range is from 1 to 65535.
Defaults
10 seconds
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf hello-interval command to set the rate at which OSPF advertises hello packets. Shorter hello intervals allow OSPF to detect topological changes faster. This value must be the same for all routers and access servers on a specific network.
This command requires the Enterprise Services license.
Examples
The following example shows how to set the interval between hello packets to 15 seconds:
switch(config)# interface ethernet 1/2switch(config-if)# ip ospf hello-interval 15Related Commands
ip ospf dead-interval
Sets the time period for which hello packets must not have been seen before neighbors declare the router as down.
ip ospf message-digest-key
To enable Open Shortest Path First (OSPF) Message Digest 5 (MD5) authentication, use the ip ospf message-digest-key command. To remove an old MD5 key, use the no form of this command.
ip ospf message-digest-key key-id md5 [0 | 3] key
no ip ospf message-digest-key key-id
Syntax Description
Defaults
Unencrypted
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf message-digest-key command when you configure the MD5 digest authentication mode. All neighbor routers must have the same key value on the network.
This command requires the Enterprise Services license.
Examples
The following example shows how to set key 19 with the password 8ry4222:
switch(config)# interface ethernet 1/2switch(config-if)# ip ospf message-digest-key 19 md5 8ry4222Related Commands
area authentication
Enables authentication for an OSPF area.
ip ospf authentication
Specifies the authentication type for an interface.
ip ospf mtu-ignore
To disable Open Shortest Path First (OSPF) maximum transmission unit (MTU) mismatch detection on received Database Descriptor (DBD) packets, use the ip ospf mtu-ignore command. To return to the default, use the no form of this command.
ip ospf mtu-ignore
no ip ospf mtu-ignore
Syntax Description
This command has no arguments or keywords.
Defaults
OSPF MTU mismatch detection is enabled.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf mtu-ignore command to disable MTU mismatch detection on an interface. By default, OSPF checks whether neighbors are using the same MTU on a common interface. If the receiving MTU is higher than the IP MTU configured on the incoming interface, OSPF does not establish adjacencies. Use the ip ospf mtu-ignore command to disable this check and allow adjacencies when the MTU value differs between OSPF neighbors.
This command requires the Enterprise Services license.
Examples
The following example shows how to disable MTU mismatch detection on received DBD packets:
switch(config)# interface ethernet 1/2switch(config-if)# ip ospf mtu-ignoreip ospf network
To configure the Open Shortest Path First (OSPF) network type to a type other than the default for an interface, use the ip ospf network command. To return to the default, use the no form of this command.
ip ospf network {broadcast | point-to-point}
no ip ospf network
Syntax Description
broadcast
Sets the network type as broadcast.
point-to-point
Sets the network type as point-to-point.
Defaults
Depends on the network type.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The network type influences the behavior of the OSPF interface. OSPF network type is usually broadcast, which uses OSPF multicasting capabilities. Under this network type a designated router and backup designated router are elected. For point-to-point networks there are only two neighbors and multicast is not required. For routers on an interface to become neighbors the network type for all should match.
This command requires the Enterprise Services license.
Examples
The following example shows how to set an OSPF network as a broadcast network:
switch(config)# interface ethernet 1/2switch(config-if)# ip address 192.0.2.33 255.255.255.0switch(config-if)# ip ospf network broadcastip ospf passive-interface
To suppress Open Shortest Path First (OSPF) routing updates on an interface, use the ip ospf passive-interface command. To return to the default, use the no form of this command.
ip ospf passive-interface
no ip ospf passive-interface
Syntax Description
This command has no keywords or arguments.
Defaults
Disabled
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
If an interface is configured as passive-interface it does not participate in the OSPF protocol and will not establish adjacencies or send routing updates. However the interface is announced as part of the routing network.
This command requires the Enterprise Services license.
Examples
The following example shows how to set an interface as passive:
switch(config)# interface ethernet 1/2switch(config-if)# ip ospf passive-interfaceip ospf priority
To set the router priority for an Open Shortest Path First (OSPF) interface, use the ip ospf priority command. To return to the default, use the no form of this command.
ip ospf priority number-value
no ip ospf priority number-value
Syntax Description
Defaults
Priority of 1
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf priority command to set the router priority, which determines the designated router for this network. When two routers are attached to a network, both attempt to become the designated router. The router with the higher router priority takes precedence. If there is a tie, the router with the higher router ID takes precedence. A router with a router priority set to zero cannot become the designated router or backup designated router.
Cisco NX-OS uses this priority value when you configure OSPF for broadcast networks using the neighbor command in router configuration mode.
This command requires the Enterprise Services license.
Examples
The following example shows how to set the router priority value to 4:
switch(config)# interface ethernet 1/2switch(config-if)# ip ospf priority 4Related Commands
ip ospf network
Configures the OSPF network type to a type other than the default for a given medium.
ip ospf retransmit-interval
To specify the time between Open Shortest Path First (OSPF) link-state advertisement (LSA) retransmissions for adjacencies belonging to the interface, use the ip ospf retransmit-interval command. To return to the default, use the no form of this command.
ip ospf retransmit-interval seconds
no ip ospf retransmit-interval
Syntax Description
Defaults
5 seconds
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf retransmit-interval command to set the time between LSA retransmissions. When a router sends an LSA to its neighbor, it keeps the LSA until it receives an acknowledgment message from the neighbor. If the router receives no acknowledgment within the retransmit interval, the local router resends the LSA.
This command requires the Enterprise Services license.
Examples
The following example shows how to set the retransmit interval value to 8 seconds:
switch(config)# interface ethernet 1/2switch(config-if)# ip ospf retransmit-interval 8ip ospf shutdown
To shut down an Open Shortest Path First (OSPF) interface, use the ip ospf shutdown command. To return to the default, use the no form of this command.
ip ospf shutdown
no ip ospf shutdown
Syntax Description
This command has no keywords or arguments.
Defaults
None
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf shutdown command to shut down OSPF on this interface.
This command requires the Enterprise Services license.
Examples
The following example shows how to shut down OSPF on an interface:
switch(config)# interface ethernet 1/2switch(config-if)# ip ospf shutdownip ospf transmit-delay
To set the estimated time required to send an Open Shortest Path First (OSPF) link-state update packet on the interface, use the ip ospf transmit-delay command. To return to the default, use the no form of this command.
ip ospf transmit-delay seconds
no ip ospf transmit-delay
Syntax Description
Defaults
1 second
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip ospf transmit-delay command to set the estimated time needed to send an LSA update packet. OSPF increments the LSA age time by transmit delay amount before transmitting the LSA update. You should take into account the transmission and propagation delays for the interface when you set this value.
This command requires the Enterprise Services license.
Examples
The following example shows how to set the transmit delay value to 8 seconds:
switch(config)# interface ethernet 1/2switch(config-if)# ip ospf transmit-delay 8ip passive-interface eigrp
To suppress all routing updates on an Enhanced Interior Gateway Routing Protocol (EIGRP) interface, use the ip passive-interface eigrp command. To reenable the sending of routing updates, use the no form of this command.
ip passive-interface eigrp instance-tag
no ip passive-interface eigrp instance-tag
Syntax Description
instance-tag
Name of EIGRP instance. The instance-tag can be any case-sensitive alphanumeric string up to 64 characters.
Defaults
Routing updates are sent on the interface.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip passive-interface eigrp command to stop all routing updates on an interface.
This command requires the Enterprise Services license.
Examples
The following example shows how to stop EIGRP routing updates on ethernet 2/1:
switch(config)# router eigrp 201switch(config-router)# interface ethernet 2/1switch(config-if)# ip passive-interface eigrp 201ip policy route-map
To identify a route map to use for policy routing on an interface, use the ip policy route-map command. To remove the route map, use the no form of this command.
ip policy route-map name
no ip policy route-map [name]
Syntax Description
Defaults
None
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip policy route-map command to identify a route map to use for policy routing. Use the route-map command to create the rout map. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing is allowed for the interface, based on the destination IP address of the packet. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ip policy route-map command deletes the pointer to the route map.
You can perform policy-based routing on any match criteria that can be defined in an expanded IP access list when using the match ip address command and referencing an expanded IP access list.
You must enable policy-based routing with the feature pbr command before you can use the ip policy route-map command.
This command requires the Enterprise Services license.
Examples
This example shows how to configure a policy-based route map to an interface:
switch# configure terminalswitch(config)# feature pbrswitch(config)# interface ethernet 2/1switch(config-if)# ip policy route-map policymapRelated Commands
feature pbr
Enabled the policy-based routing feature.
route-map
Creates a route map.
show route-map pbr-statistics
Displays statistics about policy-based route maps
ip prefix-list
Use the ip prefix-list command to create a prefix list to match IP packets or routes against. To remove the prefix-list, use the no form of this command.
ip prefix-list name [seq number] {permit | deny} prefix/length [eq length | [ge length] [le length]]
no prefix-list name [seq number] {permit | deny} prefix/length [eq length | [ge length] [le length]]
Syntax Description
Defaults
None
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip prefix-list command to configure IP prefix filtering. You configure prefix lists with permit or deny keywords to either permit or deny the prefix based on the matching condition. A prefix list consists of an IP address and a bit mask. The bit mask is entered as a number from 1 to 32. An implicit deny is applied to traffic that does not match any prefix-list entry.
You can configure prefix lists to match an exact prefix length or a prefix range. Use the ge and le keywords to specify a range of the prefix lengths to match, providing more flexible configuration than can be configured with just the network/length argument. Cisco NX-OS processes the prefix list using an exact match when you do not configure either the ge nor le keyword. If you configure both the ge ge-length and le le-length keywords and arguments, the allowed prefix length range falls between the values used for the ge-length and le-length arguments. The following formula shows this behavior:
network/length < ge ge-length < le le-length <= 32
If you do not configure a sequence number, Cisco NX-OS applies a a default sequence number of 5 to the prefix list, and subsequent prefix list entries will be increment by 5 (for example, 5, 10, 15, and onwards). If you configure a sequence number for the first prefix list entry but not subsequent entries, then Cisco NX-OS increments the subsequent entries by 5 (For example, if the first configured sequence number is 3, then subsequent entries will be 8, 13, 18, and onwards). Default sequence numbers can be suppressed by entering the no form of this command with the seq keyword.
Cisco NX-OS evaluates prefix lists starting with the lowest sequence number and continues down the list until a match is made. Once a match is made that covers the network the permit or deny statement is applied to that network and the rest of the list is not evaluated.
Tip
The prefix list is applied to inbound or outbound updates for specific peer by entering the prefix-list command in neighbor address-family mode. Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can be reset by entering the clear ip prefix-list command.
This command does not require a license.
Examples
This example shows how to configure a prefix list and apply it to a BGP peer:
switch# config tswitch(config)# ip prefix-list allowprefix 10 permit 192.0.2.0 eq 24switch(config)# ip prefix-list allowprefix 20 permit 209.165.201.0 eq 27switch(config) router bgp 33:20switch(config-router)# neighbor 192.0.2.1/16 remote-as 99:20switch(config-router-neighbor)# address-family ipv4 unicastswitch(config-router-neighbor-af)# prefix-list allowprefix inRelated Commands
clear ip prefix-list
Clears counters for IP prefix lists.
prefix-list
Applies a prefix list to BGP peer.
show ip prefix-list
Displays information about IP prefix lists.
ip prefix-list description
Use the ip prefix-list description command to configure a description string for an IP prefix-list. To revert to default, use the no form of this command.
ip prefix-list name description string
no ip prefix-list name description
Syntax Description
name
Name of prefix list. The name can be any alphanumeric string up to 63 characters.
string
A descriptive string for the prefix list. The string can be any alphanumeric string up to 90 characters.
Defaults
None
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure a description for an IP prefix list:
switch# configure terminalswitch(config)# ip prefix-list test1 description "this is a test"Related Commands
ip prefix-list
Creates an IPv4 prefix list
show ip prefix-list
Displays information about IPv4 prefix lists.
ip rip authentication key-chain
To enable authentication for the Routing Information Protocol (RIP) Version 2 packets and to specify the set of keys that can be used on an interface, use the ip rip authentication key-chain command in interface configuration mode. To prevent authentication, use the no form of this command.
ip rip authentication key-chain name-of-chain
no ip rip authentication key-chain [name-of-chain]
Syntax Description
Defaults
No authentication is provided for RIP packets.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
You must separately configure a key chain using the key-chain command to complete the authentication configuration for an interface.
This command does not require a license.
Examples
The following example shows how to configure the interface to accept and send any key that belongs to the key-chain trees:
switch(config)# interface ethernet 1/2switch(config-if)# ip rip authentication key-chain treesRelated Commands
ip rip authentication mode
To specify the type of authentication used in the Routing Information Protocol (RIP) Version 2 packets, use the ip rip authentication mode command in interface configuration mode. To restore clear text authentication, use the no form of this command.
ip rip authentication mode {text | md5}
no ip rip authentication mode
Syntax Description
Defaults
Clear text authentication is provided for RIP packets if you configured a key chain.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
The following example shows how to configure the interface to use MD5 authentication:
switch(config)# interface ethernet 1/2switch(config-if)# ip rip authentication mode md5Related Commands
ip rip metric-offset
To add an additional value to the incoming IP Routing Information Protocol (RIP) route metric for an interface, use the ip rip metric-offset command in interface configuration mode. To return the metric to its default value, use the no form of this command.
ip rip metric-offset value
no ip rip metric-offset
Syntax Description
value
Value to add to the incoming route metric for an interface. The range is from 1 to 15. The default is 1.
Defaults
value: 1
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip route metric-offset command to influence which routes are used by Cisco NX-OS. This command allows you to add a fixed offset to the route metric of all incoming routes on an interface. For example, if the you set the metric-offset to 5 on an interface and the incoming route metric is 5, then Cisco NX-OS adds the route to the route table with a metric of 10.
This command does not require a license.
Examples
The following example shows how to configure a metric offset of 10 for all incoming RIP routes on Ethernet interface 2/1:
switch(config)# interface ethernet 2/1switch(config-if)# ip rip metric-offset 10Related Commands
ip rip offset-list
To add an offset to incoming and outgoing metrics to routes learned via Routing Information Protocol (RIP), use the ip rip offset-list command in interface configuration mode. To remove an offset list, use the no form of this command.
ip rip offset-list value
no ip rip offset-list
Syntax Description
value
Value to add to the incoming route metric for an interface. The range is from 1 to 15. The default is 1.
Defaults
value: 1
Command Modes
Router address-family configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
The following example shows how to configure an offset of 10 for all incoming RIP routes on Ethernet interface 2/1:
switch(config)# interface ethernet 2/1switch(config-if)# ip rip offset-list 10Related Commands
ip rip passive-interface
To suppress the sending of the Routing Information Protocol (RIP) updates on an interface, use the ip rip passive-interface command in interface configuration mode. To unsuppress updates, use the no form of this command.
ip rip passive-interface
no ip rip passive-interface
Syntax Description
This command has no arguments or keywords.
Defaults
RIP updates are sent on the interface.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
While RIP stops sending routing updates to the multicast (or broadcast) address on a passive interface, RIP continues to receive and process routing updates from its neighbors on that interface.
This command does not require a license.
Examples
The following example shows how to configure Ethernet 1/2 as a passive interface:
switch(config)# interface ethernet 1/2switch(config-if)# ip rip passive-interfaceip rip poison-reverse
To enable poison-reverse processing of the Routing Information Protocol (RIP) router updates, use the ip rip poison-reverse command in interface configuration mode. To disable poison-reverse processing of RIP updates, use the no form of this command.
ip rip poison-reverse
no ip rip poison-reverse
Syntax Description
This command has no arguments or keywords.
Defaults
Split horizon is always enabled. Poison-reverse processing is disabled.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip rip poison-reverse command to enable poison-reverse processing of RIP router updates. By default, Cisco NX-OS does not advertise RIP routes out the interface over which they were learned (split horizon). If you configure both poison reverse and split horizon, then Cisco NX-OS advertises the learned routes as unreachable over the interface on which the route was learned.
This command does not require a license.
Examples
The following example shows how to enable poison-reverse processing for an interface running RIP:
switch(config)# interface ethernet 1/2switch(config-if)# ip rip poison-reverseip rip route-filter
To filter the Routing Information Protocol (RIP) routes coming in or out of an interface, use the route-filter command in interface configuration mode. To remove filtering from an interface, use the no form of this command.
ip rip route filter {prefix-list list-name | route-map map-name} {in | out}
Syntax Description
Defaults
Route filtering is disabled.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip rip route-filter command to filter incoming or outgoing routes on an interface.
This command does not require a license.
Examples
The following example shows how to use a route map to filter routes for a RIP interface:
switch(config)# interface ethernet 1/2switch(config-if)# ip rip route-filter route-map InRipFilter inRelated Commands
ip rip summary-address
To configure a summary aggregate address under an interface for the the Routing Information Protocol (RIP), use the ip rip summary-address command in interface configuration mode. To disable summarization of the specified address or subnet, use the no form of this command.
ip rip summary-address ip-prefix/mask
no ip rip summary-address ip-prefix/mask
Syntax Description
Defaults
Disabled by default.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The ip rip summary-address command summarizes an address or subnet under a specific interface.
This command does not require a license.
Examples
The following example shows that the summary address192.0.2.0 is advertised out Ethernet interface 1/2:
switch(config)# interface ethernet 1/2switch(config-if)# ip summary-address rip 192.0.2.0/24ip route
To configure a static route, use the ip route command. To remove the static route, use the no form of this command.
ip route ip-prefix/mask {[interface] next-hop} [preference] [tag id]
no ip route ip-prefix/mask {[interface] next-hop}} [preference] [tag id]
Syntax Description
Defaults
None
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Static routes have a default administrative distance of 1. If you want a dynamic routing protocol to take precidence over a static route, you must configure the static route preference argument to be greater than the administrative distance of the dynamic routingprotocol. For example, routes derived with Enhanced Interior Gateway Routing Protocol (EIGRP) have a default administrative distance of 100. To have a static route that would be overridden by an EIGRP dynamic route, specify an administrative distance greater than 100.
This command does not require a license.
Examples
This example creates a static route for destinations with the IP address prefix 192.168.1.1/32, reachable through the next-hop address 10.0.0.2:
switch(config)# ip route 192.168.1.1/32 10.0.0.2This example assigns a tag to the previous example so that you can configure a route map that can match on this static route:
switch(config)# ip route 192.168.1.1/32 10.0.0.2 tag 5This example chooses a preference of 110. In this case, packets for prefix 10.0.0.0 will be routed to a router at 172.31.3.4 if dynamic route information with an administrative distance less than 110 is not available.
ip route 10.0.0.0/8 172.31.3.4 110Related Commands
ipv6 route
Configures an IPv6 static route.
match tag
matches the tag value associated with a route.
ip router ospf area
To specify the Open Shortest Path First (OSPF) instance and area for an interface, use the ip router ospf area command. To return to the default, use the no form of this command.
ip router ospf instance-tag area area-id [secondaries none]
no ip router ospf instance-tag area area-id [secondaries none]
Syntax Description
Defaults
10 seconds
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip router ospf area command to specify the area and OSPF instance for the interface.
This command requires the Enterprise Services license.
Examples
The following example shows how to set the interval between hello packets to 15 seconds:
switch(config)# interface ethernet 1/2switch(config-if)# ip router ospf Base area 33ip split-horizon eigrp
To enable split horizon for an Enhanced Interior Gateway Routing Protocol (EIGRP) process, use the ip split-horizon eigrp command. To disable split horizon, use the no form of this command.
ip split-horizon eigrp instance-tag
no ip split-horizon eigrp instance-tag
Syntax Description
instance-tag
Name of EIGRP instance. The instance-tag can be any case-sensitive alphanumeric string up to 64 characters.
Defaults
Enabled
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the no ip split-horizon eigrp command to disable split horizon on an interface.
This command requires the Enterprise Services license.
Examples
The following example shows how to disable split horizon an an Ethernet link:
switch(config)# router eigrp 209switch(config-router)# interface ethernet 2/1switch(config-eigrp-af-if)# no ip split-horizon eigrp 209ip summary-address eigrp
To configure a summary aggregate address for the specified Enhanced Interior Gateway Routing Protocol (EIGRP) interface, use the ip summary-address eigrp command. To disable a configuration, use the no form of this command.
ip summary-address eigrp instance-tag {ip-address /length | ip-address mask} [admin-distance]
no ip summary-address eigrp instance-tag {ip-address /length | ip-address mask}
Syntax Description
Defaults
An administrative distance of 5 is applied to EIGRP summary routes.
No summary addresses are predefined.Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ip summary-address eigrp command to configure interface-level address summarization. EIGRP summary routes are given an administrative distance of 5.
This command requires the Enterprise Services license.
Examples
The following example shows how to configure an administrative distance of 95 on an EIGRP interface for the 192.168.0.0/16 summary address:
switch(config)# router eigrp 209switch(config-router)# interface ethernet 2/1switch(config-if)# ip summary-address eigrp 209 192.168.0.0/16 95ipv6 address
To configure an IPv6 address on an interface, use the ipv6 address command. To remove the address, use the no form of this command.
ipv6 address {addr [eui64] [route-preference preference] [secondary] tag tag-id] | use-link-local-only]
no ipv6 address {addr [eui64] [route-preference preference] [secondary] [tag tag-id] | use-link-local-only
Syntax Description
Defaults
None
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 address command to configure an IPv6 address or secondary address on an interface.
This command does not require a license.
Examples
This example shows how to configure an IPv6 address:
switch# config tswitch(config)# interface ethernet 2/1switch(config-if)# ipv6 address 2001:0DB8::3/48Related Commands
ipv6 prefix-list
Use the ip prefix-list command to create a prefix list to match IPv6 packets or routes against. To remove the prefix-list, use the no form of this command.
ipv6 prefix-list name [seq number] {permit | deny} prefix [eq length | [ge length] [le length]]
no ipv6 prefix-list name [seq number] {permit | deny} prefix [eq length | [ge length] [le length]]
Syntax Description
Defaults
None
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Use the ipv6 prefix-list command to configure IPv6 prefix filtering. You configure prefix lists with permit or deny keywords to either permit or deny the prefix based on the matching condition. A prefix list consists of an IPv6 address and a bit mask. The bit mask is entered as a number from 1 to 128. An implicit deny is applied to traffic that does not match any prefix-list entry.
You can configure prefix lists to match an exact prefix length or a prefix range. Use the ge and le keywords to specify a range of the prefix lengths to match, providing more flexible configuration than can be configured with just the network/length argument. Cisco NX-OS processes the prefix list using an exact match when you do not configure either neither the ge nor le keyword. If you configure both the ge ge-length and le le-length keywords and arguments, the allowed prefix length range falls between the values used for the ge-length and le-length arguments. The following formula shows this behavior:
network/length < ge ge-length < le le-length <= 32
If you do not configure a sequence number, Cisco NX-OS applies a a default sequence number of 5 to the prefix list, and subsequent prefix list entries will be increment by 5 (for example, 5, 10, 15, and onwards). If you configure a sequence number for the first prefix list entry but not subsequent entries, then Cisco NX-OS increments the subsequent entries by 5 (For example, if the first configured sequence number is 3, then subsequent entries will be 8, 13, 18, and onwards). Default sequence numbers can be suppressed by entering the no form of this command with the seq keyword.
Cisco NX-OS evaluates prefix lists starting with the lowest sequence number and continues down the list until a match is made. Once a match is made that covers the network the permit or deny statement is applied to that network and the rest of the list is not evaluated.
Tip
The prefix list is applied to inbound or outbound updates for specific peer by entering the prefix-list command in neighbor address-family mode. Prefix list information and counters are displayed in the output of the show ipv6 prefix-list command. Prefix-list counters can be reset by entering the clear ipv6 prefix-list command.
This command does not require a license.
Examples
This example shows how to configure an IPv6 prefix list and apply it to a BGP peer:
switch# config tswitch(config)# ipv6 prefix-list allowprefix 10 permit 2001:0DB8::/48 eq 24switch(config) router bgp 33:20switch(config-router)# neighbor 2001:0DB8::1/64 remote-as 99:20switch(config-router-neighbor)# address-family ipv6 unicastswitch(config-router-neighbor-af)# prefix-list allowprefix inRelated Commands
clear ip prefix-list
Clears counters for IP prefix lists.
prefix-list
Applies a prefix list to BGP peer.
show ip prefix-list
Displays information about IP prefix lists.
ipv6 prefix-list description
Use the ipv6 prefix-list description command to configure a description string for an IPv6 prefix-list. To revert to default, use the no form of this command.
ipv6 prefix-list name description string
no ipv6 prefix-list name description
Syntax Description
name
Name of prefix list. The name can be any alphanumeric string up to 63 characters.
string
A descriptive string for the prefix list. The string can be any alphanumeric string up to 90 characters.
Defaults
None
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example shows how to configure a description for an IPv6 prefix list:
switch# configure terminalswitch(config)# ipv6 prefix-list test1 description "this is a test"Related Commands
ipv6 prefix-list
Creates an IPv6 prefix list
show ipv6 prefix-list
Displays information about IPv6 prefix lists.
ipv6 route
To configure a static IPv6 route, use the ipv6 route command command. To remove this static route, use the no form of this command.
ipv6 route ipv6-prefix/length {{next-hop-addr | next-hop-prefix} | interface | link-local-addr} [preference] [tag tag-id]
no ipv6 route ipv6-prefix/length
Syntax Description
Defaults
Disabled by default.
Command Modes
Global configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command does not require a license.
Examples
This example creates an IPv6 static rout2:
switch(config)# ipv6 route 2001:0DB8::/48 tunnel 0Related Commands
is-type
To configure the routing level for an instance of the Intermediate System-to-Intermediate System (IS-IS) routing process, use the is-type configuration mode command. To reset the default value, use the no form of this command.
is-type {level-1 | level-1-2 | level-2}
no is-type {level-1 | level-1-2 | level-2}
Syntax Description
Command Default
Routers typically act as both a level-1 (intraarea) and a level-2 (interarea) router by default. In multiarea IS-IS configurations, the first instance of the IS-IS routing process configured is by default a level-1-2 (intraarea and interarea) router. The remaining instances of the IS-IS process configured by default are level-1 routers.
Command Modes
Router configuration
VRF configurationSupported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The routing levels for an instance of the IS-IS routing process are defined as follows:
•
•
•
We recommend that you configure the type of IS-IS routing process. If you are configuring multiarea IS-IS, you must configure the type of the router, or allow it to be configured by default. By default, the first instance of the IS-IS routing process that you configure using the router isis command is a level-1-2 router.
If only one area is in the network, there is no need to run both level-1 and level-2 routing algorithms. If IS-IS is used for IP routing only (and there is only one area), you can run level-2 only everywhere. Areas you add after the level-1-2 area exists are by default level-1 areas.
If the router instance has been configured for level-1-2 (the default for the first instance of the IS-IS routing process in a Cisco device), you can remove level-2 (interarea) routing for the area using the is-type command. You can also use the is-type command to configure level-2 routing for an area, but it must be the only instance of the IS-IS routing process configured for level-2 on the Cisco device.
Examples
The following example specifies an area router:
switch(config)# router isisswitch(config-router)# is-type level-2-onlyRelated Commands
exit
Exits the current configuration mode.
feature isis
Enables IS-IS on the router.
no
Negates a command or sets its defaults.
router isis
Enables IS-IS.
isis authentication key-chain
To enable authentication for Intermediate System-to-Intermediate System (IS-IS) for an individual IS-IS interface, use the isis authentication key-chain interface configuration mode command. To disable such authentication, use the no form of this command.
isis authentication key-chain auth-key {level-1 | level-2}
no isis authentication key-chain auth-key {level-1 | level-2}
Syntax Description
Command Default
No key chain authentication is provided for IS-IS packets at the router level.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
If no key chain is configured with the isis authentication key-chain command, no key chain authentication is performed.
Key chain authentication could apply to clear text authentication or MD5 authentication. The mode is determined by the authentication mode command.
Only one authentication key chain is applied to IS-IS at one time. For example, if you configure a second isis authentication key-chain command, the first authentication key chain is overridden.
You can configure key-chain authentication per IS-IS instance by using the authentication key-chain configuration command.
Examples
The following example configures IS-IS to accept and send any key belonging to the key chain named site1 on a specific interface:
switch(config)# router isis test1switch(config-router)# interface ethernet 2/5switch(config-if)# isis authentication key-chain site1 level-1switch(config-if)#Related Commands
isis authentication-check
To specify for the Intermediate System-to-Intermediate System (IS-IS) instance that authentication is performed only on IS-IS packets being sent (not received) from an interface, use the isis authentication-check interface configuration mode command. To configure for the IS-IS instance that if authentication is configured at the router level, such authentication be performed on packets being sent and received, use the no form of this command.
authentication-check {level-1 | level-2}
no authentication-check
Syntax Description
Command Default
If authentication is configured at the router level, it applies to IS-IS packets being sent and received.
Command Modes
Interface configuration
Usage Guidelines
Enter the isis authentication-check command before configuring the authentication mode and authentication key chain. Entering the isis authentication-check command allows the routers to have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After you enter the authentication-check command on all communicating routers, enable the authentication mode and key chain on each router. Then enter the no isis authentication-check command to disable the command.
This command could apply to clear text authentication or Message Digest 5 (MD5) authentication. The mode is determined by the authentication mode command.
You can specify authentication check per ISIS instance by using the authentication-check configuration mode command.
Examples
The following example configures IS-IS level-1 packets on a specific interface to use clear text authentication on packets being sent (not received):
switch(config)# router isis test1switch(config-router)# interface ethernet 2/5switch(config-if)# isis authentication-check level-1switch(config-if)# isis authentication key-chain site1 level-1switch(config-if)#Related Commands
isis authentication-type
To specify the type of authentication used in Intermediate System-to-Intermediate System (IS-IS) packets on a specific interface, use the isis authentication-type configuration mode command. To restore clear text authentication, use the no form of this command.
isis authentication-type {cleartext | md5} [level-1 | level-2]
no isis authentication-type
Syntax Description
Command Default
No authentication is provided for IS-IS packets at the router level by use of this command.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
If you do not enter the level-1 or level-2 keywords, the mode applies to both levels.
You can specify the authentication type per IS-IS instance by using the authentication-type configuration mode command.
Examples
The following example configures for the IS-IS instance that Message Digest 5 (MD5) authentication is performed on level-1 packets on a specific interface:
switch(config)# router isis test1switch(config-router)# interface ethernet 2/5switch(config-if)# isis authentication-type md5 level-1switch(config-router)#Related Commands
isis circuit-type
To configure the type of adjacency, use the isis circuit-type command in interface configuration mode. To reset the circuit type to Level l and Level 2, use the no form of this command.
isis circuit-type {level-1 | level-1-2 | level-2-only}
no isis circuit-type
Syntax Description
level-1
Configures a router for Level 1 adjacency only.
level-1-2
Configures a router for Level 1 and Level 2 adjacency.
level-2-only
Configures a router for Level 2 adjacency only.
Command Default
A Level 1 and Level 2 adjacency is established.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
You do not have to configure this command. We recommend that you configure a router as a Level 1-only, Level 1-2, or Level 2-only system. Only on routers that are between areas (Level 1-2 routers) should you configure some interfaces to be Level 2-only to prevent wasting bandwidth by sending out unused Level 1 hello packets. Note that on point-to-point interfaces, the Level 1 and Level 2 hellos are in the same packet.
A Level 1 adjacency may be established if there is at least one area address in common between this system and its neighbors. Level 2 adjacencies will never be established over this interface.
A Level 1 and Level 2 adjacency is established if the neighbor is also configured as level-1-2 and there is at least one area in common. If there is no area in common, a Level 2 adjacency is established. This is the default.
Level 2 adjacencies are established if the other routers are Level 2 or Level 1-2 routers and their interfaces are configured for Level 1-2 or Level 2. Level 1 adjacencies will never be established over this interface.
Examples
In the following example, other routers on Ethernet interface 2/5 are in the same area. Other routers on Ethernet interface 1 are in other areas, so the router will stop sending Level 1 hellos.
switch(config)# router isis test1switch(config-router)# interface ethernet 2/5switch(config-if)# isis circuit-type level-2-onlyswitch(config-if)#isis csnp-interval
To configure the Intermediate System-to-Intermediate System (IS-IS) complete sequence number (CSNPs) interval, use the isis csnp-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis csnp-interval seconds {level-1 | level-2}
no isis csnp-interval [level-1 | level-2]
Syntax Description
Command Default
The default settings are as follows:
•
•
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Normally you will not have to change the default value of this command.
This command applies only for the designated router or a specified interface. Only designated routers send CSNP packets in order to maintain database synchronization. The CSNP interval can be configured independently for Level 1 and Level 2.
The isis csnp-interval command on point-to-point subinterfaces should be used only in combination with the IS-IS mesh-group feature.
Examples
The following example configures Ethernet interface 2/5 for sending CSNPs every 30 seconds:
switch(config)# router isis test1switch(config-router)# interface ethernet 2/5switch(config-if)# isis csnp-interval 30 level-1switch(config-if)#Related Commands
isis hello padding
To reenable Intermediate System-to-Intermediate System (IS-IS) hello padding at the interface level, enter the isis hello padding command in interface configuration mode. To disable IS-IS hello padding, use the no form of this command.
isis hello padding
no isis hello padding
Syntax Description
This command has no arguments or keywords.
Command Default
IS-IS hello padding is enabled.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Intermediate System-to-Intermediate System (IS-IS) hellos are padded to the full maximum transmission unit (MTU) size. The benefit of padding IS-IS hellos to the full MTU is that it allows for early detection of errors that result from transmission problems with large frames or errors that result from mismatched MTUs on adjacent interfaces.
You can disable hello padding in order to avoid wasting network bandwidth in case the MTU of both interfaces is the same or, in case of translational bridging. While hello padding is disabled, Cisco routers still send the first five IS-IS hellos padded to the full MTU size, in order to maintain the benefits of discovering MTU mismatches.
To selectively disable hello padding for a specific interface, enter the no isis hello padding command in interface configuration mode. To disable hello padding for all interfaces on a router for the IS-IS routing process, enter the no hello padding command in router configuration mode.
Examples
To turn off hello padding at the interface level for the Ethernet interface 0/0, enter the no isis hello padding command in interface configuration mode:
switch(config)# router isis test1switch(config-router)# interface ethernet 0/0switch(config-if)# no isis hello paddingswitch(config-if)#Related Commands
isis hello-interval
To specify the length of time between hello packets that the Cisco NX-OS software sends, use the isis hello-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis hello-interval seconds {level-1 | level-2}
no isis hello-interval {level-1 | level-2}
Syntax Description
Command Default
The default settings are as follows:
•
•
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The hello interval multiplied by the hello multiplier equals the hold time.
The hello interval can be configured independently for Level 1 and Level 2. The level-1 and level-2 keywords are used on LAN interfaces.
A faster hello interval gives faster convergence, but increases bandwidth and CPU usage. It might also add to instability in the network. A slower hello interval saves bandwidth and CPU usage. Especially when used in combination with a higher hello multiplier, configuration of the slower hello interval may increase overall network stability. When the hello interval is configured on DIS interfaces, only one third of the interval value is used. Therefore, the hold time (hello interval multiplied by the hello multiplier) for DIS interfaces will also be one third the hold time for non-DIS interfaces.
It makes more sense to tune the hello interval and hello multiplier on point-to-point interfaces than on LAN interfaces.
Examples
The following example configures the Ethernet interface 2/3 to advertise hello packets every 5 seconds. The router is configured to act as a station router. This configuration will cause more traffic than the traffic generated by configuring a longer interval, but topological changes will be detected earlier.
switch(config)# router isis test1switch(config-router)# interface ethernet 2/3switch(config-if)# isis hello-interval 5 level-1switch(config-if)#Related Commands
isis hello-multiplier
Specifies the number of IS-IS hello packets that a neighbor must miss before the router should declare the adjacency as down.
isis hello-multiplier
To specify the number of Intermediate System-to-Intermediate System (IS-IS) hello packets a neighbor must miss before the router should declare the adjacency as down, use the isis hello-multiplier command in interface configuration mode. To restore the default value, use the no form of this command.
isis hello-multiplier multiplier {level-1 | level-2}
no isis hello-multiplier {level-1 | level-2}
Syntax Description
Command Default
The default settings are as follows:
•
•
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The "holding time" carried in an IS-IS hello packet determines how long a neighbor waits for another hello packet before declaring the neighbor to be down. This time determines how quickly a failed link or neighbor is detected so that routes can be recalculated. The advertised hold time in IS-IS hello packets will be set to the hello multiplier times the hello interval. Neighbors will declare an adjacency to this router down after not having received any IS-IS hello packets during the advertised hold time. The hold time (and thus the hello multiplier and the hello interval) can be set on a per-interface basis, and can be different between different routers in one area.
Using a smaller hello multiplier will give fast convergence, but can result in more routing instability. Increment the hello multiplier to a larger value to help network stability when needed. Never configure a hello multiplier lower than the default value of 3.
Use the isis hello-multiplier command in circumstances where hello packets are lost frequently and IS-IS adjacencies are failing unnecessarily. You can raise the hello multiplier and lower the hello interval (isis hello-interval command) correspondingly to make the hello protocol more reliable without increasing the time required to detect a link failure.
On point-to-point links, there is only one hello for both Level 1 and Level 2, so different hello multipliers should be configured only for multiaccess networks such as Ethernet and FDDI. Separate Level 1 and Level 2 hello packets are also sent over nonbroadcast multiaccess (NBMA) networks in multipoint mode, such as X.25, Frame Relay, and ATM. However, we recommend that you run IS-IS over point-to-point subinterfaces over WAN NBMA media.
Examples
In the following example, the network administrator wants to increase network stability by making sure an adjacency will go down only when many (ten) hello packets are missed. The total time to detect link failure is 60 seconds. This configuration will ensure that the network remains stable, even when the link is fully congested.
switch(config)# router isis test1switch(config-router)# interface ethernet 2/3switch(config-if)# ip router isisswitch(config-if)# isis hello-interval 6 level-1switch(config-if)# isis hello-multiplier 10 level-1Related Commands
isis hello-interval
Specifies the length of time between hello packets that the Cisco NX-OS software sends.
isis lsp-interval
To configure the time delay between successive Intermediate System-to-Intermediate System (IS-IS) link-state packet (LSP) transmissions, use the isis lsp-interval command in interface configuration mode. To restore the default value, use the no form of this command.
isis lsp-interval milliseconds
no isis lsp-interval
Syntax Description
Command Default
The default time delay is 33 milliseconds.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
In topologies with a large number of IS-IS neighbors and interfaces, a router may have difficulty with the CPU load imposed by LSP transmission and reception. This command allows the LSP transmission rate (and the reception rate of other systems) to be reduced.
Examples
The following example causes the system to send LSPs every 100 milliseconds (10 packets per second) on Ethernet interface 0/0:
switch(config)# router isis test1switch(config-router)# interface ethernet 0/0switch(config-if)# isis lsp-interval 100Related Commands
isis retransmit-interval
Configures the time between retransmission of each LSP (IS-IS link-state PDU) over point-to-point links.
isis mesh-group
To optimize link-state packet (LSP) flooding in nonbroadcast multiaccess (NBMA) networks with highly meshed, point-to-point topologies, use the isis mesh-group command in interface configuration mode. To remove a subinterface from a mesh group, use the no form of this command.
isis mesh-group {number | blocked}
no isis mesh-group {number | blocked}
Syntax Description
number
Number identifying the mesh group of which this interface is a member. Range: 1 to 4294967295.
blocked
Specifies that no LSP flooding take place on this subinterface.
Command Default
The interface performs normal flooding.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
The LSPs that are first received on subinterfaces that are not part of a mesh group are flooded to all other subinterfaces in the usual way.
The LSPs that are first received on subinterfaces that are part of a mesh group are flooded to all interfaces except those in the same mesh group. If you enter the blocked keyword on a subinterface, then a newly received LSP is not flooded out over that interface.
To minimize the possibility of incomplete flooding, you should allow unrestricted flooding over at least a minimal set of links in the mesh. Selecting the smallest set of logical links that covers all physical paths results in very low flooding, but less robustness. Ideally, you should select only enough links to ensure that LSP flooding is not detrimental to scaling performance, but enough links to ensure that under most failure scenarios no router will be logically disconnected from the rest of the network. In other words, blocking flooding on all links permits the best scaling performance, but there is no flooding. Permitting flooding on all links results in very poor scaling performance.
Examples
In the following example six interfaces are configured in three mesh groups. LSPs received are handled as follows:
•
•
•
switch(config)# router isis test1switch(config-router)# interface ethernet 1/0.1switch(config-if)# isis mesh-group 10switch(config)# router isis test1switch(config-router)# interface ethernet 1/0.2switch(config-if)# isis mesh-group 10switch(config)# router isis test1switch(config-router)# interface ethernet 1/1.1switch(config-if)# isis mesh-group 11switch(config)# router isis test1switch(config-router)# interface ethernet 1/1.2switch(config-if)# isis mesh-group 11switch(config)# router isis test1switch(config-router)# interface ethernet 1/2.1switch(config-if)# isis mesh-group blockedswitch(config)# router isis test1switch(config-router)# interface ethernet 1/2.2switch(config-if)# isis mesh-group 12Related Commands
isis metric
To configure the value of an Intermediate System-to-Intermediate System (IS-IS) metric, use the isis metric command in interface configuration or subinterface mode. To restore the default metric value, use the no form of this command.
isis metric metric-value {level-1 | level-2}
no isis metric metric-value {level-1 | level-2}
Syntax Description
Command Default
The default metric value is set to 10.
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Specifying the level-1 or level-2 keyword resets the metric only for Level 1 or Level 2 routing, respectively.
We recommend that you configure metrics on all interfaces. If you do not configure metrics on all interfaces, the IS-IS metrics are similar to hop-count metrics.
We recommend that you use the metric-style wide command to configure IS-IS to use the new-style type, length, value (TLV) because TLVs that are used to advertise IPv4 information in link-state packets (LSPs) are defined to use only expanded metrics. The Cisco NX-OS software provides support of a 24-bit metric field, the 24-bit metric field is called the wide metric. Using the new metric style, link metrics now have a maximum value of 16777215 with a total path metric of 4261412864.
Examples
The following example configures Ethernet interface 3/2 for a link-state metric cost of 15 for Level 1:
switch(config)# router isis test1switch(config-router)# interface ethernet 3/2switch(config-if)# isis metric 15 level-1Related CommandsC
metric-style wide
Configures a router running IS-IS so that it generates and accepts only new-style TLVs.
isis passive
To suppress adjacency forming on the interface, but still advertise the prefix associated with the interface, use the isis passive command in interface configuration mode. To disable suppression, use the no form of this command.
isis passive {level-1 | level-1-2 | level-2-only}
no isis passive {level-1 | level-1-2 | level-2-only}
Syntax Description
level-1
Suppresses Level 1 PDU only.
level-1-2
Suppresses Level 1 and Level 2 PDU.
level-2-only
Suppresses Level 2 PDU only.
Defaults
The default settings are as follows:
•
•
Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
This command requires the Enterprise Services license.
Examples
The following example suppresses adjacency for Ethernet interface 3/2 at Level 1:
switch(config)# router isis test1switch(config-router)# interface ethernet 3/2switch(config-if)# isis passive level-1isis priority
To configure the priority of designated routers, use the isis priority command in interface configuration mode. To reset the default priority, use the no form of this command.
isis priority number-value [level-1 | level-2]
no isis priority [level-1 | level-2]
Syntax Description
Defaults
Priority of 64
Level 1 and Level 2Command Modes
Interface configuration
Supported User Rolesnetwork-admin
vdc-adminCommand History
Usage Guidelines
Priorities can be configured for Level 1 and Level 2 independently. Specifying the level-1 or level-2 keyword resets priority only for Level 1 or Level 2 routing, respectively.
The priority is used to determine which router on a LAN will be the designated router or Designated Intermediate System (DIS). The priorities are advertised in the hello packets. The router with the highest priority will become the DIS.
In Intermediate System-to-Intermediate System (IS-IS), there is no backup designated router. Setting the priority to 0 lowers the chance of this system becoming the DIS, but does not prevent it. If a router with a higher priority comes on line, it will take over the role from the current DIS. In the case of equal priorities, the highest MAC address breaks the tie.
Examples
The following example shows Level 1 routing given priority by setting the priority level to 80. This router is now more likely to become the DIS.
switch(config)# router isis test1switch(config-router)# interface ethernet 3/2switch(config-if)# isis priority 80 level-1
