[an error occurred while processing this directive]

Support

H Commands

Hierarchical Navigation

Downloads

 Feedback

Table Of Contents

H Commands

hardware forwarding dynamic-allocation

hardware ip verify

hardware ip verify address

hardware ip verify length

hardware ipv6 verify

hello-interval (OSPF virtual link)

hello-interval (OSPFv3 virtual link)

hostname dynamic

hsrp

hsrp timers extended-hold


H Commands

This chapter describes the Cisco NX-OS unicast routing commands that begin with the letter H.

hardware forwarding dynamic-allocation

To enable or disable dynamic TCAM block allocation in the Forwarding Information Base (FIB), use the hardware forwarding dynamic-allocation command.

hardware forwarding dynamic-allocation {enable | disable}

Syntax Description

enable

Enables dynamic TCAM allocation.

disable

Disables dynamic TCAM allocation.


Defaults

Enabled

Command Modes

Any command mode

Supported User Roles

network-admin
network-operator
vdc-admin
vdc-operator

Command History

Release
Modification

4.2(1)

This command was introduced.


Usage Guidelines

Use the hardware forwarding dynamic-allocation enable command to reallocate unused blocks in the FIB.

Use the hardware forwarding dynamic-allocation disable command to disable the dynamic TCAM allocation. This command returns the TCAM to the default allocation if there are no routes in the reallocated blocks.

This command does not require a license.

Examples

The following example shows how to enable dynamic TCAM allocation: 

switch(config)# hardware forwarding dynamic-allocation enable

Related Commands

Command
Description

show hardware forwarding dynamic-allocation

Displays information about dynamic TCAM allocation for each module.


hardware ip verify

To configure IP packet verification, use the hardware ip verify command. To disable IP packet verification, use the no form of this command.

hardware ip verify {checksum | fragment | protocol | tcp tiny-frag | version}

no hardware ip verify {checksum | fragment}

Syntax Description

checksum

Drops IPv4 or IPv6 packets if the checksum is invalid

fragment

Drops IPv4 or IPv6 packets if the packet fragment has a nonzero offset and the DF bit is active.

protocol

Drops IPv4 or IPv6 packets if the packet fragment has an invalid IP protocol number.

tcp tiny-frag

Drops IPv4 packets if the IP fragment offset is 1, or if the IP fragment offset is 0 and the IP payload length is less than 16.

version

Drops IPv4 packets if the ethertype is not set to 4 (IPv4).


Defaults

All address tests enabled.

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.1(3)

This command was introduced.

4.2(2)

Added protocol keyword.


Usage Guidelines

Use the hardware ip verify command to configure packet verification tests on IPv4 and IPv6 packets based on checksum or fragments.

This command replaces the platform ip verify command.

This command does not require a license.

Examples

This example shows how to drop fragmented IPv4 or IPv6 packets: 

switch(config)# hardware ip verify fragment

Related Commands

Command
Description

hardware ip verify address

Configures IPv4 and IPv6 packet verification checks based on addresses.

hardware ip verify length

Configures IPv4 packet verification checks based on length.

hardware ipv6 verify

Configures IPv6 packet verification.

show hardware forwarding ip verify

Displays information about IP packet verification checks.


hardware ip verify address

To enable packet verification tests on IP addresses, use the hardware ip verify address command. To disable packet verification tests, use the no form of this command.

hardware ip verify address {destination zero | identical | reserved | source {broadcast | multicast}}

no hardware ip verify address {destination zero | identical | reserved | source {broadcast | multicast}}

Syntax Description

destination zero

Drops IP packets if the destination IPv4 address is 0.0.0.0 or if the IPv6 address is ::..

identical

Drops IP packets if the source IPv4 or IPv6 address is identical to the destination IPv4 or IPv6 address.

reserved

Drops IP packets if the IPv4 address is in the 127.x.x.x range or if the IPv6 address is in the ::1 range.

source

Drops IP packets based on the IP source address

broadcast

Drops IP packets if the IP source address is 255.255.255.255

multicast

Drops IP packets if the IPv4 source address is in the 224.x.x.x range or if the IPv6 source address is in the FF00::/8 range.


Defaults

All address tests enabled.

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.1(3)

This command was introduced.


Usage Guidelines

Use the hardware ip verify address command to configure packet verification tests on IPv4 and IPv6 packets based on addresses.

This command replaces the platform ip verify address command

This command does not require a license.

Examples

This example shows how to drop broadcast IPv4 packets: 

switch(config)# hardware ip verify address source broadcast

Related Commands

Command
Description

hardware ip verify

Configures IPv4 and IPv6 packet verification checks based on checksum or fragments.

hardware ip verify length

Configures IPv4 packet verification checks based on length.

hardware ipv6 verify

Configures IPv6 packet verification.

show hardware forwarding ip verify

Displays information about IP packet verification checks.


hardware ip verify length

To configure IPv4 packet verification tests based on packet length, use the hardware ip verify length command. To disable the tests, use the no form of this command.

hardware ip verify length {consistent | maximum {max-frag | max-tcp | udp} | minimum}

no hardware ip verify length {consistent | maximum {max-frag | max-tcp | udp} | minimum}

Syntax Description

consistent

Drops IPv4 packets where the Ethernet frame size is greater than or equal to the IP packet length plus the Ethernet header.

maximum {max-frag | max-tcp | udp}

Drops IPv4 packets based on the following:

max-frag—Drops IP packets if the maximum fragment offset is greater than 65536.

max-tcp—Drops IP packets if the TCP length is greater than the IP payload length.

udp—Drops IP packets if the IP payload length is less than the UDP packet length.

minimum

Drops IP packets if the Ethernet frame length is less than the IP packet length plus four octets (the CRC length).


Defaults

All address tests enabled.

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.1(3)

This command was introduced.


Usage Guidelines

Use the hardware ip verify length command to configure packet verification tests on IPv4 and IPv6 packets based on packet length

This command replaces the platform ip verify length command.

This command does not require a license.

Examples

This example shows how to drop minimum-length IPv4 packets: 

switch(config)# hardware ip verify length minimum

Related Commands

Command
Description

hardware ip verify

Configures IPv4 packet verification checks based on checksum or fragments.

hardware ip verify address

Configures IPv4 and IPv6 packet verification checks based on addresses.

hardware ipv6 verify

Configures IPv6 packet verification.

show hardware forwarding ip verify

Displays information about IP packet verification checks.


hardware ipv6 verify

To configure IPv6 packet verification tests, use the hardware ipv6 verify command. To disable the tests, use the no form of this command.

hardware ipv6 verify {length {consistent | maximum {max-frag | max-tcp | udp} | tcp tiny-frag | version}

no hardware ip verify {checksum | fragment}

Syntax Description

length

Drops IPv6 packets based on length.

consistent

Drops IPv6 packets where the Ethernet frame size is greater than or equal to the IPv6 packet length plus the Ethernet header.

maximum {max-frag | max-tcp | udp}

Drops IPv6 packets based on the following:

max-frag—Drops IPv6 packets if the formula (IPv6 Payload Length - IPv6 Extension Header Bytes) + (Fragment Offset * 8) is greater than 65536.

max-tcp—Drops IPv6 packets if the TCP length is greater than the IP payload length.

udp—Drops IPv6 packets if the IP payload length is less than the UDP packet length.

tcp tiny-frag

Drops IPv6 packets if the IP fragment offset is 1, or if the IPv6 fragment offset is 0 and the IPv6 payload length is less than 16.

version

Drops IPv6packets if the ethertype is not set to 6 (IPv6).


Defaults

All address tests enabled.

Command Modes

Global configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.1(3)

This command was introduced.


Usage Guidelines

Use the hardware ipv6 verify command to configure packet verification tests on IPv6 packets.

This command replaces the platform ipv6 verify command.

This command does not require a license.

Examples

This example shows how to drop all IPv4 packets: 

switch(config)# hardware ipv6 verify version

Related Commands

Command
Description

hardware ip verify address

Configures IPv4 and IPv6 packet verification checks based on addresses.

hardware ip verify length

Configures IPv4 packet verification checks based on length.

show hardware forwarding ip verify

Displays information about IP packet verification checks.


hello-interval (OSPF virtual link)

To specify the interval between hello packets that Cisco NX-OS sends on an Open Shortest Path First (OSPF) virtual link, use the hello-interval command. To return to the default, use the no form of this command.

hello-interval seconds

no hello-interval

Syntax Description

seconds

The hello interval (in seconds). The value must be the same for all nodes on a specific virtual link. The range is from 1 to 65535.


Defaults

10 second.

Command Modes

Virtual link configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

Use the hello-interval command in virtual link configuration mode to set the hello interval for OSPF across a virtual link. A shorter hello interval detects topological changes faster but causes more routing traffic. The hello interval must be the same for all devices on a virtual link.

This command requires the Enterprise Services license.

Examples

The following example shows how to configure the hello interval to 15 seconds: 

switch(config)# router ospf 202

switch(config-router)# ip ospf area 99 virtual-link 192.0.2.4

switch(config-router-vlink)# hello-interval 15

Related Commands

Command
Description

dead-interval (virtual link)

Sets the time period to declare a neighbor as down if the local device receives no hello packets.


hello-interval (OSPFv3 virtual link)

To specify the interval between hello packets that Cisco NX-OS sends on an Open Shortest Path First version 3 (OSPFv3) virtual link, use the hello-interval command. To return to the default, use the no form of this command.

hello-interval seconds

no hello-interval

Syntax Description

seconds

The hello interval (in seconds). The value must be the same for all nodes on a specific virtual link. The range is from 1 to 65535.


Defaults

10 second.

Command Modes

Virtual link configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

Use the hello-interval command in virtual link configuration mode to set the hello interval for OSPFv3 across a virtual link. A shorter hello interval detects topological changes faster but causes more routing traffic. The hello interval must be the same for all devices on a virtual link.

This command requires the Enterprise Services license.

Examples

This example shows how to configure the hello interval to 15 seconds: 

switch(config)# router ospfv3 202

switch(config-router)# ipv6 ospfv3 area 99 virtual-link 192.0.2.4

switch(config-router-vlink)# hello-interval 15

Related Commands

Command
Description

dead-interval (OSPFv3 virtual link)

Sets the time period to declare a neighbor as down if the local device receives no hello packets.


hostname dynamic

To enable the exchange of the dynamic host name for IS-IS, use the hostname dynamic configuration mode command. To disable the exchange of the dynamic host name for IS-IS, use the no form of this command

hostname name

no hostname name

Syntax Description

This command has no arguments or keywords.

Command Default

Dynamic host name is disabled by default.

Command Modes

Router configuration
VRF configuration

Supported User Roles

network-admin
vdc-admin

Command History

Release
Modification

4.0(1)

This command was introduced.


Usage Guidelines

The hostname dynamic command allows you to enable the IS-IS routers to flood their host name to system ID mapping information across the IS-IS network.

This command requires the Enterprise Services license.

Examples

The following example shows how to enable the exchange of the dynamic host name for IS-IS: 

switch(config-router)# hostname dynamic

switch(config-router)#

The following example shows how to disable the exchange of the dynamic host name for IS-IS: 

switch(config-router)# no hostname dynamic

switch(config-router)#

Related Commands

Command
Description

exit

Exits the current configuration mode.

feature isis

Enables IS-IS on the router.

no

Negates a command or sets its defaults.

router isis

Enables IS-IS.

show isis hostname

Displays the IS-IS dynamic host name exchange information


hsrp

To enter Hot Standby Router Protocol (HSRP) configuration mode and create an HSRP group, use the hsrp command. To disable HSRP, use the no form of this command.

hsrp group-number [ipv4]

no hsrp group-number [ipv4]

Syntax Description

group-number

The number of HSRP groups that can be configured on a Gigabit Ethernet port, including the main interfaces and subinterfaces. The range is from 1 to 255. The default value is 0.

ipv4

Sets the HSRP group for IPv4.


Defaults

Disabled

Command Modes

Interface configuration

Supported User Roles

network-admin
VDC administrator

Command History

Release
Modification

4.0(1)

This command was introduced.

4.1(2)

Added the IPv4 keyword.


Usage Guidelines

You must globally enable HSRP before you can configure any HSRP options or create an HSRP group.

This command does not require a license.

Examples

This example shows how to create and activate an HSRP group: 

switch# configure t

switch(config)# interface ethernet 0

switch(config-if)# ip address 172.16.6.5 255.255.255.0

switch(config-if)# hsrp 1

switch(config-if-hsrp)#

Related Commands

Command
Description

feature hsrp

Enables HSRP configuration.

show hsrp

Displays HSRP information.

ip address

Creates a virtual IP address for the HSRP group. The IP address must be in the same subnet as the interface IP address


hsrp timers extended-hold

To enabled extended hold timers for the Hot Standby Router Protocol (HSRP), use the hsrp timers extended-hold command. To revert to default, use the no form of this command.

hsrp timers extended-hold [timer]

no hsrp timers extended-hold

Syntax Description

timer

(Optional) Extended hold time, in seconds. The range is from 10 to 255.


Defaults

10 seconds

Command Modes

Global configuration

Supported User Roles

Network Administrator
VDC Administrator

Command History

Release
Modification

4.2(1)

This command was introduced.


Usage Guidelines

Use the hsrp timers extended-hold command to configure extended Non-stop Forwarding (NSF) support for HSRP.

Note You must configure extended hold timers on all HSRP routers if you configure non-default extended hold timers. You can configure different extended holdtimer values on each HSRP routers, based on the expected system switchover delays.

This command does not require a license.

Examples

The following example shows how to configure the extended hold time for HSRP: 

switch(config)# hsrp timers extended-hold 30

Related Commands

Command
Description

feature hsrp

Enables the HSRP feature.

show hsrp

Displays HSRP information.


[an error occurred while processing this directive]