Table Of Contents
Catalyst 6500 Series Switch MSFC Commands
clear ip auth-proxy watch-list
ip auth-proxy max-login-attempts
ip verify unicast source reachable-via
mls ip cef rpf interface-group
mls ip multicast consistency-check
Catalyst 6500 Series Switch MSFC Commands
This chapter contains an alphabetical listing of the Multilayer Switching Feature Card (MSFC) commands that support the Cisco IOS software.
This publication contains only those commands that are unique to the MSFC. For information about Cisco IOS commands that are not contained in this publication, refer to the current Cisco IOS documentation including:
•
Cisco IOS Release 12.2 Configuration Fundamentals Configuration Guide
•
clear ip auth-proxy watch-list
To delete a single watch-list entry or all watch-list entries, use the clear ip auth-proxy watch-list command.
clear ip auth-proxy watch-list {ip-addr | *}
Syntax Description
ip-addr
IP address to be deleted from the watch list.
*
Removes all watch-list entries from the watch list.
Defaults
This command has no default settings.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
If there are entries in the watch list that you suspect are not valid, you can enter the clear ip auth-proxy watch-list command to clear them manually instead of waiting for the watch list expiry-time to expire.
Examples
This example shows how to delete a single watch-list entry:
Router# clear ip auth-proxy watch-list 12.0.0.2Router#This example shows how to delete all watch-list entries:
Router# clear ip auth-proxy watch-list *Router#Related Commands
ip auth-proxy max-login-attempts
ip auth-proxy watch-list
show ip auth-proxy watch-listconfig-register
To change the settings for the configuration register, use the config-register command.
config-register value
Syntax Description
Defaults
Refer to the documentation for your platform for the default configuration-register value. For many newer platforms, the default is 0x2102, which causes the router to boot from Flash memory and the Break key to be ignored.
Command Modes
Global configuration
Command History
Usage Guidelines
This command applies only to platforms that use a software configuration register.
The lowest four bits of the configuration register (bits 3, 2, 1, and 0) form the boot field. The boot field determines if the router boots manually, from ROM, from Flash memory, or from the network.
To change the boot-field value and leave all other bits set to their default values, follow these guidelines:
•
•
•
For more information about the configuration-register bit settings and default filenames, see the appropriate router hardware installation guide.
Examples
This example shows how to set the configuration register to boot the system image from Flash memory:
Router(config)# config-register 0x2102Router(config)#config-sync
To enable configuration synchronization, use the config-sync command. Use the no form of this command to disable configuration synchronization.
config-sync
no config-sync
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
High-availability redundancy submode
Command History
Examples
This example shows how to enable configuration synchronization:
Router(config)# redundancyRouter(config-r)# high-availabilityRouter(config-r-ha)# config-syncRouter(config-r-ha)#This example shows how to disable configuration synchronization:
Router(config)# redundancyRouter(config-r)# high-availabilityRouter(config-r-ha)# no config-syncRouter(config-r-ha)#define interface-range
To create an interface-range macro, use the define interface-range command.
define interface-range macro-name interface-range
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
Usage Guidelines
The macro name is a 32-character maximum character string.
A macro can contain up to five ranges. An interface range cannot span slots. When entering the interface-range, these formats can be used:
•
•
Valid values for card-type are as follows:
•
•
•
Examples
This example shows how to create a multiple-interface macro:
Router(config)# define interface-range macro1 vlan 223, pos 6/1Router(config)#Related Commands
high-availability
To enable high-availability redundancy and enter the high-availability redundancy submode, use the high-availability command.
high-availability
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Redundancy configuration submode
Command History
Usage Guidelines
Once you enter high-availability redundancy configuration submode, these options are available:
•
When you enable the Config Sync RuntimeStatus, the following occurs:
–
–
–
When the Config Sync RuntimeStatus is in disabled mode, the following occurs:
–
–
–
•
•
•
–
When you enable high-availability redundancy, every configuration command that is executed on the designated MSFC is sent to the nondesignated MSFC. In addition, the running configuration synchronization is updated when you enter the copy source running-config command on the designated MSFC.
When you enable high-availability redundancy, the configuration mode is disabled on the nondesignated MSFC; only the EXEC mode is available. For example, in the following example, Router-16 is the nondesignated MSFC; high-availability redundancy and configuration synchronization are enabled:
Console>(enable) session 16Trying Router-16...Connected to Router-16.Escape character is '^]'.Router-16> enableRouter-16# configure terminalConfig mode is disabled on non-designated Router, please configure from designated RouterRouter-16>On the Supervisor Engine 720, SRM is enabled by default. For SRM to run correctly, you must ensure that the startup configuration is the same or is in an empty start-up configuration in the nondesignated route processor.
Examples
This example shows how to enable high-availability redundancy and enter the high-availability redundancy submode:
Router(config)# redundancyRouter(config-r)# high-availabilityRouter(config-r-ha)#Related Commands
redundancy
show redundancy (See the Catalyst 6500 Series Switch Cisco IOS Command Reference)interface range
To execute a command on multiple ports at the same time, use the interface range command.
interface range {port-range | macro name}
Syntax Description
port-range
Port range; for a list of valid values for port-range, see the "Usage Guidelines" section.
macro name
Specifies the name of a macro.
Defaults
This command has no default settings.
Command Modes
Global or interface configuration
Command History
Usage Guidelines
You can use the interface range command on existing VLAN SVIs only. To display VLAN SVIs, enter the show running config command. VLANs that are not displayed cannot be used in the interface range command.
The values that are entered with the interface range command are applied to all existing VLAN SVIs.
Before you can use a macro, you must define a range using the define interface-range command.
All configuration changes made to a port range are saved to NVRAM, but port ranges that are created with the interface range command do not get saved to NVRAM.
You can enter the port range in two ways:
•
•
You can either specify the ports or the name of a port-range macro. A port range must consist of the same port type, and the ports within a range cannot span slots.
You can define up to five port ranges on a single command, with each range separated by a comma.
When you define a range, you must enter a white space between the first port and the hyphen (-):
When you define a range, you must enter a white space before and after the hyphen (-) as follows:
interface range pos 7/1 - 7, pos9/5 - 408When entering the port-range, these formats can be used:
•
•
Valid values for card-type are as follows:
•
•
•
You cannot specify both a macro and an interface range in the same command. After creating a macro, the CLI does not allow you to enter additional ranges. If you have already entered an interface range, the CLI does not allow you to enter a macro.
You can also specify a single interface in port-range.
Examples
This example shows how to execute a command on two port ranges:
Router(config)# interface range pos 7/1 - 7, pos 9/5 - 408Router(config-if)#This example shows how to execute a port-range macro:
Router(config)# interface range macro macro1Router(config-if)#Related Commands
ip address
To set a primary or secondary IP address for an interface, use the ip address command. Use the no form of this command to remove an IP address or disable IP processing.
ip address ip_address mask [secondary]
no ip address ip_address mask [secondary]
Syntax Description
Defaults
No IP address is defined for the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
The alt keyword is used to specify an alternate configuration and is used in the following:
[no] ip address ip-address mask [secondary] alt [no] ip address ip-address mask [secondary]
An interface can have one primary IP address and multiple secondary IP addresses. Packets that are generated by the Cisco IOS software always use the primary IP address. Therefore, all routers and access servers on a segment should share the same primary network number.
Hosts can determine the subnet masks by using the Internet Control Message Protocol (ICMP) Mask Request message. Routers respond to this request with an ICMP Mask Reply message.
You can disable IP processing on a particular interface by removing its IP address with the no ip address command. If the software detects another host using one of its IP addresses, it will print an error message on the console.
The optional keyword secondary allows you to specify an unlimited number of secondary addresses. Secondary addresses are treated like primary addresses, except the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts and ARP requests are handled properly, as are interface routes in the IP routing table.
Secondary IP addresses can be used in a variety of situations. The following are the most common applications:
•
•
•
Note
Note
To transparently bridge IP on an interface, you must do two things:
•
•
To concurrently route and transparently bridge IP on an interface, see the bridge crb command.
Examples
This example shows that 131.108.1.27 is the primary address and that 192.31.7.17 and 192.31.8.17 are the secondary addresses for Ethernet interface 0:
interface ethernet 0ip address 131.108.1.27 255.255.255.0ip address 192.31.7.17 255.255.255.0 secondaryip address 192.31.8.17 255.255.255.0 secondaryRelated Commands
bridge crb (refer to Cisco IOS documentation)
bridge-group (refer to Cisco IOS documentation)ip auth-proxy max-login-attempts
To limit the number of login attempts at a firewall interface, use the ip auth-proxy max-login-attempts command. Use the no form of this command to return to the default setting.
ip auth-proxy max-login-attempts 1-maxint
no ip auth-proxy max-login-attempts
Syntax Description
Defaults
1-maxint is 5.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command is supported on firewall interfaces only.
The functionality for the maximum login attempt is independent of the watch list. If you do not configure the watch list (using the ip access-list hardware permit fragments command) and you configure the maximum login-attempt functionality, the existing authentication proxy behavior occurs but it has a new number that indicates how many retries were attempted. If you configure the watch list, once the configured number of attempts has been reached, the IP address is put in the watch list.
Examples
This example shows how to set a limit to the number of login attempts at a firewall interface:
Router(config-if)# ip auth-proxy max-login-attempts 4Router(config-if)#Related Commands
clear ip auth-proxy watch-list
ip access-list hardware permit fragments (see the Catalyst 6500 Series Switch Cisco IOS Command Reference)
ip auth-proxy watch-list
show ip auth-proxy watch-listip auth-proxy watch-list
To enable and configure the authentication proxy watch list, use the ip auth-proxy watch-list command. See the "Usage Guidelines" section for the no form of this command usage.
ip auth-proxy watch-list {{add-item ip-addr} | enable | {expiry-time minutes}}
no ip auth-proxy watch-list [add-item ip-addr} | expiry-time]
Syntax Description
Defaults
The defaults are as follows:
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
The valid values for minutes are from 0 to the largest 32-bit positive number (0x7FFFFFFF or 2147483647 in decimal). Setting the minutes to 0 places the entries in the list permanently.
This command is supported on firewall interfaces only.
Use the no form of this command to do the following:
•
•
•
The watch-list entry remains in the watch list for the time that is specified by expiry-time minutes.
When you disable the watch list, no entries are put into the watch list, and the sessions are put in the SERVICE_DENIED state. The sessions are deleted after 2 minutes by the timer.
Examples
This example shows how to enable the authentication proxy watch list:
Router(config-if)# ip auth-proxy watch-list enableRouter(config-if)#This example shows how to disable the authentication proxy watch list:
Router(config-if)# no ip auth-proxy watch-listRouter(config-if)#This example shows how to add an IP address to the watch list:
Router(config-if)# ip auth-proxy watch-list add-item 12.0.0.2Router(config-if)#This example shows how to set the duration of time that an entry is in the watch list:
Router(config-if)# ip auth-proxy watch-list expiry-time 29Router(config-if)#Related Commands
clear ip auth-proxy watch-list
ip auth-proxy max-login-attempts
show ip auth-proxy watch-listip local-proxy-arp
To enable local proxy ARP, use the ip local-proxy-arp command. Use the no form of this command to disable the feature.
ip local-proxy-arp
no ip local-proxy-arp
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Local proxy ARP allows the MSFC to respond to ARP requests for IP addresses within a subnet where normally no routing is required. With local proxy ARP enabled, the MSFC responds to all ARP requests for IP addresses within the subnet and forwards all traffic between hosts in the subnet. Use this feature only on subnets where hosts are intentionally prevented from communicating directly to the Catalyst 6500 series switch to which they are connected.
ICMP redirects are disabled on interfaces where local proxy ARP is enabled.
Examples
This example shows how to enable local proxy ARP:
Router(config-if)# ip local-proxy-arpRouter(config-if)#ip multicast rpf backoff
To set the PIM backoff interval, use the ip multicast rpf backoff command. Use the no form of this command to return to the default settings.
ip multicast rpf backoff {{min max} | disable}
no ip multicast rpf backoff
Syntax Description
Defaults
If triggered RPF check is enabled, the defaults are as follows:
•
•
Command Modes
Global configuration
Command History
Usage Guidelines
If you do not enable the triggered RPF check, PIM periodically polls the routing tables for changes (set using the ip multicast rpf interval command). When you enable the triggered RPF check, PIM polls the routing tables when a change in the routing tables occurs. The min argument sets the initial backoff time. Once triggered, PIM waits for additional routing table changes. If the min period expires without further routing table changes, PIM scans for routing changes. If additional routing changes occur during the backoff period, PIM doubles the length of the backoff period. You can set the maximum interval for the doubled backoff period with the max argument.
Use this command in the following situations:
•
•
•
Examples
This example shows how to set the PIM backoff interval in milliseconds:
Router(config)# ip multicast rpf backoff 100Router(config)#Related Commands
ip multicast rpf interval
show ip rpf events (refer to Cisco IOS documentation)ip multicast rpf interval
To set the RPF consistency-check interval, use the ip multicast rpf interval command. Use the no form of this command to return to the default setting.
ip multicast rpf interval interval
no ip multicast rpf interval
Syntax Description
Defaults
10 seconds
Command Modes
Global configuration
Command History
Usage Guidelines
The ip multicast rfp interval command sets the interval PIM and polls the routing tables for changes.
Examples
This example shows how to set the RPF consistency-check interval in seconds:
Router(config)# ip multicast rpf interval 5Router(config)#Related Commands
ip multicast rfp backoff
ip verify unicast source reachable-via
To enable and configure RPF checks, use the ip verify unicast source reachable-via command. Use the no form of this command to disable RPF.
ip verify unicast source reachable-via {rx | any} [allow-default] [allow-self-ping] [list]
no ip verify unicast source reachable-via
Syntax Description
Defaults
Unicast RPF is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
•
•
•
Note
To use Unicast RPF, enable CEF switching or dCEF switching in the router. You do not need to configure the input interface for CEF switching. As long as CEF is running on the router, you can configure individual interfaces with other switching modes.
Note
Do not use Unicast RPF on interfaces that are internal to the network. Internal interfaces are likely to have routing asymmetry, which means that there are multiple routes to the source of a packet. You should apply Unicast RPF only where there is natural or configured symmetry.
Examples
This example shows how to enable Unicast RPF exist-only checking mode:
Router(config-if)# ip verify unicast source reachable-via anyRouter(config-if)#Related Commands
ip cef (refer to Cisco IOS documentation)
ip wccp accelerated
To enable Web Cache Communication Protocol (WCCP) for a cache engine service group, use the ip wccp accelerated command. Use the no form of this command to remove the ability of a router to control support for a service group.
ip wccp {web-cache | service-number} accelerated {[group-address groupaddress] [redirect-list access-list] [group-list access-list] [password password [0 | 7]]}
no ip wccp web-cache accelerated
Syntax Description
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
This command is supported on software releases later than cache engine software Release ACNS 4.2.1.
WCCP services are identified using a number from 0 to 99. If Cisco Cache Engines are being used in your service group, the reverse-proxy service is indicated by a value of 99.
The group-address groupaddress keyword and argument require a multicast address that is used by the router to determine which cache engine should receive redirected messages. This option instructs the router to use the specified multicast IP address to coalesce the "I See You" responses for the "Here I Am" messages that it has received on this group address. In addition, the response is sent to the group address. The default is for no group-address to be configured, so that all "Here I Am" messages are responded to with a unicast reply.
The redirect-list access-list keyword and argument instruct the router to use an access list to control the traffic that is redirected to the cache engines of the service group that is specified by the service name given. The access-list argument specifies either a number from 1 to 99 to represent a standard or extended access-list number or a name to represent a named standard or extended access list. The access list specifies the traffic that is permitted to be redirected. The default is for no redirect-list to be configured (all traffic is redirected).
The group-list access-list keyword and argument instruct the router to use an access list to control the cache engines that are allowed to participate in the specified service group. The access-list argument specifies either a number from 1 to 99 to represent a standard access-list number or a name to represent a named standard access list. The access list specifies which cache engines are permitted to participate in the service group. The default is for no group-list to be configured, so that all cache engines may participate in the service group.
The password password keyword and argument can be up to seven characters. When you designate a password, the messages that are not accepted by the authentication are discarded. The password name is combined with the HMAC MD5 value to create security for the connection between the router and the cache engine.
Examples
This example shows how to enable the hardware acceleration for WCCP version 1:
Router(config)# ip wccp web-cache acceleratedRouter(config)#Related Commands
ip wccp version (refer to Catalyst 6500 Series Switch Cisco IOS Command Reference)
ip wccp
To enable the support for a cache engine service group, use the ip wccp command. Use the no form of this command to remove the ability of a router to control support for a service group.
ip wccp {web-cache | {service-number | service-name}} [redirect-list access-list] [group-list access-list] [password password [0 | 7]]
no ip wccp {web-cache | service-number} [redirect-list access-list] [group-list access-list] [password password [0 | 7]]
Syntax Description
Defaults
WCCP services are not enabled.
Command Modes
Global configuration
Command History
Usage Guidelines
Note
The service-number may be either one of the provided standard keyword definitions or a number representing a cache engine dynamically defined definition. Once the service is enabled, the router can participate in the establishment of a service group.
When you specify the service-number, if Cisco Cache Engines are being used in your service group, you can indicate the reverse-proxy service by entering a value of 99.
The access-list argument can contain a string of no more than 64 characters (name or number) that specifies the access list.
Messages that are not accepted by the authentication are discarded. The password can be up to seven characters in length.
WCCP transparent caching bypasses NAT when fast (CEF) switching is enabled. If this is the case, you can perform the following steps to prevent the NAT bypass:
Step 1
Step 2
Step 3
You can configure WCCP in the incoming direction on the inside interface by specifying the ip wccp redirect exclude in command on the router interface facing the cache. This prevents the redirection of any packets arriving on that interface.
You can also include a redirect list when configuring a service group and the specified redirect list will deny packets with a NAT (source) IP address and prevent redirection.
When you enter the ip wccp command, the router allocates space and enables support of the specified WCCP service for participation in a service group.
When you enter the no ip wccp command, participation in the service group is terminated, space is deallocated if none of the interfaces have the service configured, and the WCCP task is terminated if no other services are configured.
The keywords following the service name are optional and may be specified in any order, but only may be specified once. The following sections outline the specific usage of each of the optional forms of this command.
Examples
This example shows how to run WCCP reverse proxy service using the multicast address of 224.1.1.1:
Router# configure terminalRouter(config)# ip wccp 99 group-address 224.1.1.1Router(config)# interface ethernet 0Router(config-if)# ip wccp web-cache group-listThis example shows how to redirect web-related packets without a destination of 192.168.196.51 to the cache engine:
Router# configure terminalRouter(config)# access-list 100 deny ip any host 192.168.196.51Router(config)# access-list 100 permit ip any anyRouter(config)# ip wccp redirect-list 100Router(config)# interface Ethernet 0Router(config-if)# ip web-cache redirect-listRouter(config-if)# endRouter#Related Commands
ip wccp version
ip wccp group-listen
To enable the reception of IP multicast packets for the WCCP feature, use the ip wccp group-listen command mode. Use the no form of this command to disable the reception of IP multicast packets for the WCCP feature.
ip wccp {web-cache | {service-number | service-name}} group-listen
no ip wccp {web-cache | {service-number | service-name}} group-listen
Syntax Description
web-cache
Directs the router to send packets to the web cache service.
service-number
WCCP service number; valid values are from 0 to 99.
service-name
WCCP service name; the valid value is web-cache.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
The service-number may be either one of the provided standard keyword definitions or a number representing a cache engine dynamically defined definition. Once the service is enabled, the router can participate in the establishment of a service group.
On routers that are to be members of a Service Group when IP multicast is used, the following configuration is required:
•
•
Examples
This example shows how to enable the multicast packets for a web cache with a multicast address of 224.1.1.100:
router# configure terminalrouter(config)# ip wccp web-cache group-address 244.1.1.100router(config)# interface ethernet 0router(config-if)# ip wccp web-cache group listenRelated Commands
ip wccp
ip wccp redirect excludeip wccp redirect
To enable packet redirection on an outbound or inbound interface using the Web Cache Communication Protocol (WCCP), use the ip wccp redirect command. To disable WCCP redirection, use the no form of this command.
ip wccp service redirect {out | in}
no ip wccp service redirect {out | in}
Syntax Description
Defaults
WCCP redirect is disabled.
Command Modes
Interface configuration
Command History
Usage Guidelines
The ip wccp service redirect in command allows you to configure WCCP redirection on an interface receiving inbound network traffic. When the command is applied to an interface, all packets arriving at that interface are compared against the criteria that is defined by the specified WCCP service. If the packets match the criteria, they are redirected.
The ip wccp service redirect out command allows you to configure the WCCP redirection check at an outbound interface.
Caution
Caution
Examples
This example shows how to configure a session in which reverse proxy packets on Ethernet interface 0 are checked for redirection and redirected to a Cisco Cache Engine:
Router# configure terminalRouter(config)# ip wccp 99Router(config)# interface ethernet 0Router(config-if)# ip wccp 99 redirect ?in Redirect to a Cache Engine appropriate inbound packetsout Redirect to a Cache Engine appropriate outbound packetsRouter(config-if)# ip wccp 99 redirect outThis example shows how to configure a session in which HTTP traffic arriving on Ethernet interface 0/1 is redirected to a Cisco Cache Engine:
Router# configure terminalRouter(config)# ip wccp web-cacheRouter(config)# interface ethernet 0/1Router(config-if)# ip wccp web-cache redirect in
Related Commands
ip wccp redirect exclude in (refer to Cisco IOS documentation)
ip wccp redirect exclude
To enable packet redirection on an outbound or inbound interface using WCCP, use the ip wccp redirect exclude command. Use the no form of this command to disable WCCP redirection.
ip wccp {web-cache | service-number} redirect exclude in
no ip wccp {web-cache | service-number} redirect exclude in
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
This command is not supported on Catalyst 6500 series switches that are configured with a Supervisor Engine 720.
If Cisco cache engines are used in the cache cluster, the reverse proxy service is indicated by a service-number value of 99.
The ip wccp redirect exclude in command allows you to configure WCCP redirection on an interface that receives inbound network traffic. When the command is applied to an interface, all packets that arrive at that interface are compared with the criteria that is defined by the specified WCCP service. If the packets match the criteria, they are redirected.
The ip wccp redirect exclude out command allows you to configure the WCCP redirection check at an outbound interface.
Note
For a complete description of the WCCP configuration commands, including a list of commands that have changed since Release 12.0, refer to the "WCCP Commands" chapter in the "Cisco IOS System Management Commands" part of the Release 12.1 Cisco IOS Configuration Fundamentals Command Reference.
Examples
This example shows how to configure a session in which the reverse proxy packets on the Ethernet interface 0 are checked for redirection and are redirected to a Cisco cache engine:
Router# configure terminalRouter(config)# ip wccp 99Router(config)# interface ethernet 0Router(config-if)# ip wccp 99 redirect exclude outThis example shows how to configure a session in which the HTTP traffic that arrives on interface 0/1 is redirected to a Cisco cache engine:
Router# configure terminalRouter(config)# ip wccp web-cacheRouter(config)# interface ethernet 0/1Router(config-if)# ip wccp web-cache redirect exclude in
Related Commands
ip wccp redirect exclude in (refer to Catalyst 6500 Series Switch Cisco IOS Command Reference)
show ip interface (refer to Catalyst 6500 Series Switch Cisco IOS Command Reference)
show ip wccp (refer to Catalyst 6500 Series Switch Cisco IOS Command Reference)ipx network
To enable IPX routing on a particular interface and optionally select the type of encapsulation (framing), use the ipx network command. To disable IPX routing, use the no form of this command.
ipx network network [encapsulation encapsulation-type [secondary]]
no ipx network network [encapsulation encapsulation-type]
Syntax Description
network
Network number.
encapsulation encapsulation-type
(Optional) Type of encapsulation (framing). For a list of possible encapsulation types, see Table 2-1.
secondary
(Optional) Indicates an additional (secondary) network that is configured after the first (primary) network.
Defaults
The defaults are as follows:
•
•
–
–
–
–
If you use NetWare Version 4.0 and Ethernet, you must change the default encapsulation type from novell-ether to sap.
Command Modes
Interface configuration
Command History
Usage Guidelines
The network is an eight-digit hexadecimal number that uniquely identifies a network cable segment. It can be a number in the range from 1 to FFFFFFFD. You do not need to specify leading zeros in the network number. For example, for the network number 000000AA, you can enter AA.
The alt keyword is used to specify an alternate configuration and is used in the following:
[no] ipx network network [encapsulation encapsulation-type [secondary]] [alt [no] ipx network network [encapsulation encapsulation-type [secondary]]]
Table 2-1 describes the types of encapsulation that are available for specific interfaces.
The ipx network command allows you to configure a single logical network on a physical network or more than one logical network on the same physical network (network cable segment). Each network on a given interface must have a different encapsulation type.
Note
The first network that you configure on an interface is considered to be the primary network. Any additional networks are considered to be secondary networks; these additional networks must include the secondary keyword.
Note
NLSP does not support secondary networks. You must use subinterfaces in order to use multiple encapsulations with NLSP.
Note
You can configure an IPX network on any supported interface as long as all the networks on the same physical interface use a distinct encapsulation type. For example, you can configure up to four IPX networks on a single Ethernet cable because Ethernet supports four encapsulation types.
The interface processes only packets with the correct encapsulation and the correct network number. IPX networks using other encapsulations can be present on the physical network. The only effect on the router is that it uses some processing time to examine the packets to determine whether they have the correct encapsulation.
All logical networks on an interface share the same set of configuration parameters. For example, if you change the IPX RIP update time on an interface, you change it for all networks on that interface.
When you define multiple logical networks on the same physical network, IPX treats each encapsulation as if it were a separate physical network. For example, IPX sends RIP updates and SAP updates for each logical network.
The ipx network command is useful when migrating from one type of encapsulation to another. If you are using it for this purpose, you should define the new encapsulation on the primary network.
To delete all networks on an interface, use the following command:
no ipx network
Deleting the primary network with the following command also deletes all networks on that interface. The argument number is the number of the primary network.
no ipx network number
To delete a secondary network on an interface, use one of the following commands. The argument number is the number of a secondary network.
no ipx network number
no ipx network number encapsulation encapsulation-type
Novell's FDDI_RAW encapsulation is common in bridged or switched environments that connect Ethernet-based Novell end hosts through a FDDI backbone. Packets with FDDI_RAW encapsulation are classified as Novell packets and are not automatically bridged when you enable both bridging and IPX routing. Additionally, you cannot configure FDDI_RAW encapsulation on an interface that is configured for IPX autonomous or SSE switching. Similarly, you cannot enable IPX autonomous or SSE switching on an interface that is configured with FDDI_RAW encapsulation.
With FDDI_RAW encapsulation, the platforms that do not use CBUS architecture support fast switching. The platforms that use CBUS architecture support only process switching of novell-fddi packets that are received on a FDDI interface.
Examples
This example uses subinterfaces to create four logical networks on Ethernet interface 0. Each subinterface has a different encapsulation. Any interface configuration parameters that you specify on an individual subinterface are applied to that subinterface only.
ipx routinginterface ethernet 0ipx network 1 encapsulation novell-etherinterface ethernet 0.1ipx network 2 encapsulation snapinterface ethernet 0.2ipx network 3 encapsulation arpainterface ethernet 0ipx network 4 encapsulation sapThis example uses primary and secondary networks to create the same four logical networks as shown previously in this section. Any interface configuration parameters that you specify on this interface are applied to all the logical networks. For example, if you set the routing update timer to 120 seconds, this value is used on all four networks.
ipx routingipx network 1 encapsulation novell-etheripx network 2 encapsulation snap secondaryipx network 3 encapsulation arpa secondaryipx network 4 encapsulation sap secondaryThis example enables IPX routing on FDDI interfaces 0.2 and 0.3. On FDDI interface 0.2, the encapsulation type is SNAP. On FDDI interface 0.3, the encapsulation type is Novell's FDDI_RAW.
ipx routinginterface fddi 0.2 enc sde 2ipx network f02 encapsulation snapinterface fddi 0.3 enc sde 3ipx network f03 encapsulation novell-fddiRelated Commands
ipx routing (refer to Cisco IOS documentation)
maximum-paths
To control the maximum number of parallel routes that an IP routing protocol can support, use the maximum-paths command. Use the no form of this command to restore the default values.
maximum-paths maximum
no maximum-paths
Syntax Description
maximum
Maximum number of parallel routes that an IP routing protocol installs in a routing table; valid values are from 1 to 8.
Defaults
The defaults are as follows:
•
•
Command Modes
Routing protocol configuration
Command History
Examples
This example shows how to allow a maximum of two paths to a destination:
Router(config)# maximum-paths 2Router(config)
mls aclmerge algorithm
To select the type of ACL merge to use, use the mls aclmerge algorithm command.
mls aclmerge algorithm {bdd | odm}
Syntax Description
Defaults
bdd
Command Modes
Global configuration
Command History
Usage Guidelines
The BDD-based ACL merge function uses a method of representing Boolean functions to condense entries into a single merged list of TCAM entries that can be programmed into the TCAM.
The ODM-based ACL merge function uses an order-dependent merge algorithm to process entries that can be programmed into the TCAM.
Note
Note
If you change the algorithm method, the change is not retroactive. For example, ACLs that have had the merge applied are not affected. The merge change applies to future merges only.
Use the show fm summary command to see the status of the current merge method.
Examples
This example shows how to select the BDD-based ACL merge to process ACLs:
Router(config)# mls aclmerge algorithm bddThe algorithm chosen will take effect for new ACLs which are being applied, notfor already applied ACLs.Router(config)This example shows how to select the ODM-based ACL merge to process ACLs:
Router(config)# mls aclmerge algorithm odmThe algorithm chosen will take effect for new ACLs which are being applied, notfor already applied ACLs.Router(config)#Related Commands
mls ip
To enable MLS IP for the internal router on the interface, use the mls ip command. Use the no form of this command to disable MLS IP on the interface.
mls ip
no mls ip
Syntax Description
This command has no arguments or keywords.
Defaults
Multicast is disabled.
Command Modes
Interface configuration
Command History
Examples
This example shows how to enable MLS IP shortcuts:
Router(config-if)# mls ipRouter(config-if)#Related Commands
mls rp ip (interface configuration mode) (refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference)
show mls ip multicast (refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference)mls ip cef load-sharing
To configure the CEF load balancing, use the mls ip cef load-sharing command. To return to the default settings, use the no form of this command.
mls ip cef load-sharing [full [exclude-port {destination | source}]] [simple]
no mls ip cef load-sharing
Syntax Description
Defaults
Source IP address and universal identification
Command Modes
Global configuration
Command History
Usage Guidelines
The mls ip cef load-sharing command affects the IPv4, the IPv6, and the MPLS forwardings.
The mls ip cef load-sharing command is structured as follows:
•
•
•
For additional guidelines, refer to the Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide.
Examples
This example shows how to set load balancing to include Layer 3 and Layer 4 ports with multiple adjacencies:
Router(config)# mls ip cef load-sharing fullRouter(config)#This example shows how to set load balancing to exclude the destination Layer 4 ports and source and destination IP addresses (Layer 3) from the load-balancing algorithm:
Router(config)# mls ip cef load-sharing full exclude-port destinationRouter(config)#This example shows how to set load balancing to exclude the source Layer 4 ports and source and destination IP addresses (Layer 3) from the load-balancing algorithm:
Router(config)# mls ip cef load-sharing full exclude-port sourceRouter(config)#This example shows how to return to the default setting:
Router(config)# no mls ip cef load-sharingRouter(config)#Related Commands
show running-config
See the Catalyst 6500 Series Switch Cisco IOS Command Reference.
mls ip cef rate-limit
To rate limit CEF-punted data packets, use the mls ip cef rate-limit command. Use the no form of this command to disable this feature.
mls ip cef rate-limit pps
no mls ip cef rate-limit
Syntax Description
Defaults
No rate limit is configured.
Command Modes
Global configuration
Command History
Usage Guidelines
The mls ip cef rate-limit command is supported on systems configured with the Supervisor Engine 2 only.
Certain denial-of-service attacks target the route processing engines of routers. Certain packets that cannot be forwarded by the PFC2 are directed to the MSFC2 for processing. Denial-of-service attacks can overload the route processing engine and cause routing instability when running dynamic routing protocols. The mls ip cef rate-limit command can be used to limit the amount of traffic sent to the MSFC2 to prevent denial-of-service attacks against the route processing engine.
This command rate limits all CEF-punted data packets including the following:
•
•
Setting the rate to a low value could impact handling of packets destined to the IP addresses of the local interfaces and packets requiring ARP.
You should use this command to limit these packets to a normal rate and to avoid abnormal incoming rates.
For additional guidelines, refer to the Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide.
Examples
This example shows how to enable and set the rate-limiting feature:
Router(config)# mls ip cef rate-limit 50000Router(config)#Related Commands
set mls rate (refer to the Catalyst 6500 Series Switch Command Reference)
mls ip cef rpf interface-group
To define an interface group in the RPF_VLAN table, use the mls ip cef rpf interface-group command. Use the no form of this command to delete the interface group.
mls ip cef rpf interface-group group-number interface1 interface2 interface3 [...]
no mls ip cef rpf interface-group group-number interface1 interface2 interface3 [...]
Syntax Description
Defaults
No groups are configured.
Command Modes
Global configuration
Command History
Usage Guidelines
This command is supported on the MSFC3 only.
A single interface group contains three to six interfaces. You can configure up to four interface groups. For each interface group, the first four entries are installed in the hardware RPF_VLAN table.
Enter the interface as follows:
interface-typemod/port
Separate each interface entry with a space. You do not have to include a space between the interface-type and the mod/port arguments. See the "Examples" section for a sample entry.
Examples
This example shows how to define an interface group:
Router(config)# mls ip cef rpf interface-group 0 F2/1 F2/2 F2/3 F2/4 F2/5 F2/6Router(config)#Related Commands
mls ip cef rpf multipath
To configure the RPF modes, use the mls ip cef rpf multipath command. Use the no form of this command to return to the default values.
mls ip cef rpf multipath {interface-group | punt | pass}
Syntax Description
Defaults
punt
Command Modes
Global configuration
Command History
Usage Guidelines
This command is supported on the MSFC3 only.
The interface-group mode is similar to the pass mode but utilizes the RPF_VLAN global table for the RPF check. The packets from other multiple path prefixes always pass the RPF check.
You enter the mls ip cef rpf multipath interface-group command to define an RPF_VLAN table interface group. One interface group contains from three to six interfaces, and you can configure up to four interface groups. For each interface group, the first four entries are installed in the hardware RPF_VLAN table. For the prefix that has more than three multiple paths, and all paths except two are part of that interface group, the FIB entry of that prefix uses this RPF_VLAN entry.
Examples
This example shows how to redirect the RPF-failed packets to the RP for multiple path prefix support:
Router(config)# mls ip cef rpf multipath interface-groupRouter(config)#Related Commands
mls ip delete-threshold
Use the mls ip delete-threshold command to delete configured ACL thresholds.
mls ip delete-threshold acl-num
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
Usage Guidelines
The mls ip delete-threshold command is active only when you enable the mls ip reflexive ndr-entry tcam command.
Examples
This example shows how to delete an ACL threshold:
Router(config)# mls ip delete-threshold 223Router(config)#Related Commands
mls ip install-threshold
mls ip reflexive ndr-entry tcam (refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference)mls ip inspect
Use the mls ip inspect command to permit traffic through any ACLs that would deny the traffic through other interfaces. Use the no form of this command to return to the default setting.
mls ip inspect acl-name
no mls ip inspect acl-name
Syntax Description
Defaults
Permit traffic is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
On a Catalyst 6500 series switch, when interfaces are configured to deny traffic, the CBAC permits traffic to flow bidirectionally only through the interface that is configured with the ip inspect command.
Examples
This example shows how to permit the traffic through a specific ACL (named deny_ftp_c):
Router(config)# mls ip inspect deny_ftp_cRouter(config)#Related Commands
ip inspect (refer to Cisco IOS documentation)
mls ip install-threshold
Use the mls ip install-threshold command to install the configured ACL thresholds.
mls ip install-threshold acl-num
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
Usage Guidelines
The mls ip install-threshold command is active only when you enable the mls ip reflexive ndr-entry tcam command.
Examples
This example shows how to install an ACL threshold:
Router(config)# mls ip install-threshold 123Router(config)#Related Commands
mls ip delete-threshold
mls ip reflexive ndr-entry tcam (refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference)mls ip multicast consistency-check
To enable and configure the hardware-shortcut consistency checker, use the mls ip multicast consistency-check command. Use the no form of this command to disable the consistency checkers.
mls ip multicast consistency-check [{settle-time seconds} | {type scan-mroute [count count-number] | {period seconds}}]
no mls ip multicast consistency-check
Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
Command Modes
Global configuration
Command History
Usage Guidelines
oif is the outgoing interface of a multicast {*,G} or {source, group} flow.
The consistency checker scans the mroute-table and assures that the multicast-hardware entries are consistent with the mroute-table. Whenever an inconsistency is detected, the inconsistency is automatically corrected.
To display the inconsistency error, use the show mls ip multicast consistency-check command.
Examples
This example shows how to enable the hardware-shortcut consistency checker:
Router (config)# mls ip multicast consistency-checkRouter (config)#This example shows how to enable the hardware-shortcut consistency checker and configure the scan check of the mroute table:
Router (config)# mls ip multicast consistency-check type scan-mroute count 20 period 35Router (config)#This example shows how to enable the hardware-shortcut consistency checker and specify the period between scans:
Router (config)# mls ip multicast consistency-check type scan-mroute period 35Router (config)#Related Commands
show mls ip multicast consistency-check (refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference)
mls ip multicast stub
To enable support for non-RPF traffic drops for PIM sparse-mode stub networks, use the mls ip multicast stub command. Use the no form of this command to disable this feature.
mls ip multicast stub
no mls ip stub
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
When you enable the ACL-based method of filtering RPF failures by entering the mls ip multicast stub command on the redundant router, the following ACLs automatically download to the PFC and are applied to the interface that you specify:
•
•
•
•
•
The ACLs filter RPF failures and drop them in the hardware so that they are not forwarded to the router.
Use the ACL-based method of filtering RPF failures only in sparse-mode stub networks where there are no downstream routers. For dense-mode groups, the RPF failure packets have to be seen on the router for the PIM assert mechanism to function properly. Use CEF-or NetFlow-based rate limiting to rate limit RPF failures in dense-mode networks and sparse-mode transit networks.
Examples
This example shows how to enable support for non-RPF traffic drops for PIM sparse-mode stub networks:
Router(config-if)# mls ip multicast stubRouter(config-if)#Related Commands
show mls ip multicast (refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference)
mls rate-limit all
To enable and set the rate limiters common to unicast and multicast packets, use the mls rate-limit all command. Use the no form of this command to disable the rate limiters.
mls rate-limit all {mtu-failure | ttl-failure} pps [packets-in-burst]
no mls rate-limit all {mtu-failure | ttl-failure}
Syntax Description
Defaults
The Layer 2 rate limiters are off by default. If you enable and set the rate limiters, the default packets-in-burst is 10.
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported on Catalyst 6500 series switches that are configured with a Supervisor Engine 2.
Rate limiters can rate-limit packets that are punted from the data path in the hardware up to the data path in the software. Rate limiters protect the control path in the software from congestion by dropping the traffic that exceeds the configured rate.
Note
Examples
This example shows how to set the TTL-failure limiter for unicast and multicast packets:
Router(config)# mls rate-limit all ttl-failure 15Router(config)#Related Commands
show mls rate-limit
mls rate-limit multicast ipv4
To enable and set the rate limiters for the IPv4 multicast packets, use the mls rate-limit multicast ipv4 command. Use the no form of this command to disable the rate limiters.
mls rate-limit multicast ipv4 {connected | fib-miss | igmp | ip-option | partial | non-rpf} pps [packets-in-burst]
no mls rate-limit multicast ipv4 {connected | fib-miss | igmp | ip-option | partial | non-rpf}
Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported on Catalyst 6500 series switches that are configured with a Supervisor Engine 2.
You cannot configure the IPv4 rate limiters if the global switching mode is set to truncated mode.
The rate limiters can rate limit the packets that are punted from the data path in the hardware up to the data path in the software. The rate limiters protect the control path in the software from congestion and drop the traffic that exceeds the configured rate.
The ip-option keyword is supported in PFC3BXL or PFC3B mode only.
Examples
This example shows how to set the rate limiters for the multicast packets failing the RPF check:
Router(config)# mls rate-limit multicast ipv4 non-rpf 100Router(config)#This example shows how to set the rate limiters for the multicast packets during a partial SC state:
Router(config)# mls rate-limit multicast ipv4 partial 250Router(config)#This example shows how to set the rate limiters for the FIB-missed multicast packets:
Router(config)# mls rate-limit multicast ipv4 fib-miss 15Router(config)#Related Commands
show mls rate-limit
mls rate-limit multicast ipv6
To configure the IPv6 multicast rate limiters, use the mls rate-limit multicast ipv6 command. Use the no form of this command to disable the rate limiters.
mls rate-limit multicast ipv6 {connected pps [packets-in-burst]} | {rate-limiter-name {share {auto | target-rate-limiter}}}
no mls rate-limit multicast ipv6 {connected | rate-limiter-type}
Syntax Description
Defaults
If the burst is not set, a default of 100 is programmed for multicast cases.
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported on Catalyst 6500 series switches that are configured with a Supervisor Engine 2.
The rate-limiter-name argument must be a rate limiter that is not currently programmed.
The target-rate-limiter argument must be a rate limiter that is programmed in the hardware and must be the first rate limiter programmed for its group.
Table 2-2 lists the IPv6 rate limiters and the class of traffic that each rate limiter serves.
You can configure rate limiters for IPv6 multicast traffic using one of the following methods:
•
Router(config)# mls rate-limit multicast ipv6 default-drop 1000 20•
Router(config)# mls rate-limit multicast ipv6 route-cntl share default-dropIf the target rate limiter is not configured, a message displays that the target rate limiter must be configured for it to be shared with other rate limiters.
•
Router(config)# mls rate-limit multicast ipv6 route-cntl share autoExamples
This example shows how to set the rate limiters for the IPv6 multicast packets from a directly connected source:
Router(config)# mls rate-limit multicast ipv6 connected 1500 20Router(config)#This example shows shows how to configure a direct association of the rate limiters for a traffic class:
Router(config)# mls rate-limit multicast ipv6 default-drop 1000 20Router(config)#This example shows how to configure the static sharing of a rate limiter with another preconfigured rate limiter:
Router(config)# mls rate-limit multicast ipv6 route-cntl share default-dropRouter(config)#This example shows how to enable dynamic sharing for the route-cntrl rate limiter:
Router(config)# mls rate-limit multicast ipv6 route-cntl share autoRouter(config)#Related Commands
show mls rate-limit
mls rate-limit unicast acl
To enable and set the ACL-bridged rate limiters, use the mls rate-limit unicast acl command. Use the no form of this command to disable the rate limiters.
mls rate-limit unicast acl {input | output | vacl-log} {pps [packets-in-burst]}
Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
Command Modes
Global configuration
Command History
Usage Guidelines
The input and output keywords are not supported on Catalyst 6500 series switches that are configured with a Supervisor Engine 2.
The rate limiters can rate limit the packets that are punted from the data path in the hardware up to the data path in the software. The rate limiters protect the control path in the software from congestion and drop the traffic that exceeds the configured rate.
When setting the pps, valid values are as follows:
•
•
You cannot change the vacl-log packets-in-burst keyword and argument; it is set to 1 by default.
Some cases (or scenarios) share the same hardware register. These cases are divided into the following two groups:
•
–
–
•
–
–
–
–
All the components of each group use or share the same hardware register. For example, ACL-bridged ingress and egress packets use register A. ICMP-unreachable, no-route, and RPF failure use register B.
In most cases, when you change a component of a group, all the components in the group are overwritten to use the same hardware register as the first component changed. A warning message is printed out each time that an overwriting operation occurs, but only if you enable the service internal mode. The overwriting operation does not occur in these situations:
•
•
Examples
This example shows how to set the input ACL-bridged packet limiter for unicast packets:
Router(config)# mls rate-limit unicast acl ingress 100Router(config)#Related Commands
show mls rate-limit
mls rate-limit unicast cef
To enable and set the CEF rate limiters, use the mls rate-limit unicast cef command. Use the no form of this command to disable the rate limiters.
mls rate-limit unicast cef {receive | glean} pps [packets-in-burst]
Syntax Description
Defaults
The defaults are as follows:
•
•
Command Modes
Global configuration
Command History
Usage Guidelines
If you enable the CEF rate limiters, the following behaviors occur (if the behavior that is listed is unacceptable, disable the CEF rate limiters):
•
•
•
Examples
This example shows how to set the CEF-glean limiter for the unicast packets:
Router(config)# mls rate-limit unicast cef glean 5000Router(config)#Related Commands
show mls rate-limit
mls rate-limit unicast ip
To enable and set the rate limiters for the unicast packets, use the mls rate-limit unicast ip command. Use the no form of this command to disable the rate limiters.
mls rate-limit unicast ip {errors | features | options | rpf-failure} pps [packets-in-burst]
mls rate-limit unicast ip icmp {redirect | unreachable {acl-drop pps} | no-route pps} [packets-in-burst]
no mls rate-limit unicast ip {errors | features | {icmp {redirect | unreachable {acl-drop | no-route}}} | options | rpf-failure} pps [packets-in-burst]
Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
•
•
Command Modes
Global configuration
Command History
Usage Guidelines
This command is not supported on Catalyst 6500 series switches that are configured with a Supervisor Engine 2.
To provide OAL support for denied packets, enter the mls rate-limit unicast ip icmp unreachable acl-drop 0 command.
OAL and VACL capture are incompatible. Do not configure both features on the switch. With OAL configured, use SPAN to capture traffic.
The rate limiters can rate limit the packets that are punted from the data path in the hardware up to the data path in the software. The rate limiters protect the control path in the software from congestion and drop the traffic that exceeds the configured rate.
Note
When setting the pps, the valid values are 0 and from 10 to 1000000. Setting the pps to 0 globally disables the redirection of the packets to the route processor. The 0 value is supported for these rate limiters:
•
•
•
•
Some cases (or scenarios) share the same hardware register. These cases are divided into the following two groups:
•
–
–
•
–
–
–
–
All the components of each group use or share the same hardware register. For example, ACL-bridged ingress and egress packets use register A. ICMP-unreachable, no-route, and RPF failure use register B.
In most cases, when you change a component of a group, all the components in the group are overwritten to use the same hardware register as the first component changed. A warning message is printed out each time that an overwriting operation occurs, but only if you enable the service internal mode. The overwriting operation does not occur in these situations:
•
•
Examples
This example shows how to set the ICMP-redirect limiter for unicast packets:
Router(config)# mls rate-limit unicast ip icmp redirect 250Router(config)#Related Commands
show mls rate-limit
mode
To set the redundancy mode, use the mode command.
mode {rpr | rpr-plus | sso}
Syntax Description
Defaults
The defaults are as follows:
•
•
•
Command Modes
Redundancy configuration
Command History
12.2(14)SX
Support for this command was introduced on the MSFC.
12.2(17a)SXA
This command was changed to support the SSO mode.
Usage Guidelines
Enter the redundancy command in global configuration mode to enter the redundancy configuration mode. You can enter the mode command within the redundancy configuration mode.
Follow these guidelines when configuring your system to RPR+ mode:
•
•
•
•
The standby supervisor engine reloads on any change of mode and begins to work in the current mode.
Examples
This example shows how to set the redundancy mode to RPR+:
Router(config)# redundancyRouter(config-red)# mode rpr-plusRouter(config-red)#This example shows how to set the redundancy mode to SSO:
Router(config)# redundancyRouter(config-red)# mode ssoRouter(config-red)#Related Commands
mtu
To adjust the maximum packet size or MTU size, use the mtu command. Use the no form of this command to return to the default value.
mtu bytes
no mtu
Syntax Description
bytes
Byte size; valid values are from 64 to 9216 for SVI ports and from 1500 to 9216 for all other ports.
Defaults
Table 2-3 lists the default MTU values if jumbo frame support is disabled.
Table 2-3 Default MTU Values
Ethernet
1500
Serial
1500
Token Ring
4464
ATM
4470
FDDI
4470
HSSI (HSA)
4470
If you enable jumbo frame support, the default is 64 for SVI ports and 9216 for all other ports. Jumbo frame support is disabled by default.
Command Modes
Interface configuration
Command History
Usage Guidelines
For switch ports, only one larger-than-default MTU value is allowed globally. For Layer 3 ports, including router ports and VLANs, you can configure nondefault MTU values on a per-interface basis.
For a complete list of modules that do not support jumbo frames, refer to the Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide.
Changing the MTU value with the mtu command can affect values for the protocol-specific versions of the command (for example, the ip mtu command). If the values that are specified with the ip mtu command is the same as the value that is specified with the mtu command, and you change the value for the mtu command, the ip mtu value automatically matches the new mtu command value. However, changing the values for the ip mtu command has no effect on the value for the mtu command.
Examples
This example shows how to specify an MTU of 1800 bytes:
Router(config)# interface fastethernet 5/1Router(config-if)# mtu 1800Related Commands
ip mtu (refer to Cisco IOS Release 12.2 Command Reference)
redundancy
To enable redundancy and enter the redundancy configuration mode, use the redundancy command.
redundancy
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
Usage Guidelines
Once you enter redundancy configuration mode, these options are available:
•
•
•
Examples
This example shows how to enable redundancy and enter the redundancy configuration submode:
Router(config)# redundancyRouter(config-r)#Related Commands
high-availability
show redundancyroute-converge-delay
To configure the time interval after which the old FIB entries are purged, use the route-converge-delay command. Use the no form of this command to return to the default setting.
route-converge-delay seconds
Syntax Description
seconds
Time interval after which the old FIB entries are purged; valid values are from 60 to 3600 seconds.
Defaults
seconds is 120 seconds (2 minutes).
Command Modes
Main CPU submode
Command History
Usage Guidelines
The route-converge delay-time interval is needed to simulate the route-converge time when routing protocols restart on switchover.
Examples
This example shows how to set the route-converge delay-time interval:
Router(config)# redundancyRouter(config-red)# main-cpuRouter(config-red-main)# route-converge-delay 90Router(config-red-main)#This example shows how to return to the default route-converge delay-time interval:
Router(config)# redundancyRouter(config-red)# main-cpuRouter(config-red-main)# no route-converge-delayRouter(config-red-main)#Related Commands
set traffic-index
To create a BGP traffic-classification number for accounting, use the set traffic-index command.
set traffic-index num
Syntax Description
Defaults
This command has no default settings.
Command Modes
Route map configuration
Command History
Usage Guidelines
Inbound and outbound traffic shaping is based on a destination traffic-index called DSTS. Destination-sensitive billing provides packet and byte counters (seven sets per inbound interface), which represent counts for IP packets by destination network. Destination-sensitive billing uses route maps to classify the traffic into one of seven possible indexes, which represent a traffic classification.
Examples
This example shows how to create a BGP traffic index:
Router(config-route-map)# set traffic-index 3Router(config-route-map)show fm features
To display information about the feature manager, use the show fm features command.
show fm features
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Examples
This example shows how to display information about the feature manager:
Router> show fm featuresDesignated MSFC:1 Non-designated MSFC:1Redundancy Status:designatedInterface:FastEthernet2/10 IP is enabledhw[EGRESS] = 1, hw[INGRESS] = 1hw_force_default[EGRESS] = 0, hw_force_default[INGRESS] = 0mcast = 0priority = 2reflexive = 0inbound label:1protocol:ipfeature #:1feature id:FM_IP_ACCESSACL:106outbound label:2protocol:ipfeature #:1feature id:FM_IP_ACCESSACL:106Interface:FastEthernet2/26 IP is enabledhw[EGRESS] = 1, hw[INGRESS] = 0hw_force_default[EGRESS] = 0, hw_force_default[INGRESS] = 1mcast = 0priority = 2reflexive = 0inbound label:24protocol:ipfeature #:1feature id:FM_IP_ACCESSACL:113outbound label:3protocol:ipfeature #:1 featureid:FM_IP_WCCPService ID:0Service Type:0Interface:Vlan55 IP is enabledhw[EGRESS] = 1, hw[INGRESS] = 1hw_force_default[EGRESS] = 0, hw_force_default[INGRESS] = 0mcast = 0priority = 2reflexive = 0inbound label:4protocol:ipfeature #:1feature id:FM_IP_ACCESSACL:111Interface:Vlan101 IP is enabledhw[EGRESS] = 1, hw[INGRESS] = 1hw_force_default[EGRESS] = 0, hw_force_default[INGRESS] = 0mcast = 0priority = 2reflexive = 0inbound label:5protocol:ipfeature #:1feature id:FM_IP_ACCESSACL:101outbound label:6protocol:ipfeature #:1feature id:FM_IP_ACCESSACL:101Router>This example shows how to display lines of the feature manager beginning with the line that begins with Redundancy:
Router> show fm features | begin RedundancyRedundancy Status: designatedRouter>show fm inband-counters
To display the number of inband packets that are sent by the MSFC for SLB, use the show fm inband-counters command.
show fm inband-counters
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Usage Guidelines
The output display of the show fm inband-counters command includes the number of SLB inband packets that were sent.
If CBAC is configured, the display includes the number of packets that were sent for CBAC.
Examples
This example shows how to display the number of SLB inband packets that were sent:
Router# show fm inband-countersInband Packets SentSlot WCCP SLB1 0 02 0 03 0 04 0 05 0 06 0 07 0 08 0 09 0 010 0 011 0 012 0 013 0 0Router#show fm insp
To display the list and status of the ACLs and ports on which CBAC is configured, use the show fm insp command.
show fm insp [detail]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Usage Guidelines
If you can configure a VACL on the port before you configure CBAC, the status displayed is INACTIVE; otherwise, it is ACTIVE. If PFC resources are exhausted, the command displays BRIDGE followed by the number of failed currently active NetFlow requests that have been sent to the MSFC for processing.
The show fm insp command output includes this information:
•
•
•
•
The detail keyword also displays the ACEs that are part of the ACL that is used for IP inspect on the given interface direction.
Examples
This example shows how to display the list and status of CBAC-configured ACLs and ports:
Router> show fm inspinterface:Vlan305(in) status :ACTIVEacl name:denyinterfaces:Vlan305(out):status ACTIVEshow fm interface
To display the detailed information about the feature manager on a per-interface basis, use the show fm interface command.
show fm interface {{interface interface-number} | {null interface-number} | {port-channel number} | {vlan vlan-id}}
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Usage Guidelines
The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module installed in a Catalyst 6513 chassis, valid values for the module number are from 2 to 13 and valid values for the port number are from 1 to 48.
Examples
This example shows how to display the detailed information about the feature manager on a specified interface:
Router> show fm interface fastethernet 2/26Interface:FastEthernet2/26 IP is enabledhw[EGRESS] = 1, hw[INGRESS] = 0hw_force_default[EGRESS] = 0, hw_force_default[INGRESS] = 1mcast = 0priority = 2reflexive = 0inbound label:24protocol:ipfeature #:1feature id:FM_IP_ACCESSACL:113vmr IP value #1:0, 0, 0, 0, 0, 0, 0, 6 - 1vmr IP mask #1:0, 0, FFFF, FFFF, 0, 0, 0, FFvmr IP value #2:642D4122, 0, 0, 0, 1, 0, 0, 6 - 1vmr IP mask #2:FFFFFFFF, 0, 0, 0, 1, 0, 0, FFvmr IP value #3:0, 64020302, 0, 0, 6, 0, 0, 6 - 1vmr IP mask #3:0, FFFFFFFF, 0, 0, 6, 0, 0, FFvmr IP value #4:0, 64020302, 0, 0, A, 0, 0, 6 - 1vmr IP mask #4:0, FFFFFFFF, 0, 0, A, 0, 0, FFvmr IP value #5:0, 64020302, 0, 0, 12, 0, 0, 6 - 1vmr IP mask #5:0, FFFFFFFF, 0, 0, 12, 0, 0, FFvmr IP value #6:0, 0, 0, 0, 0, 0, 0, 0 - 2vmr IP mask #6:0, 0, 0, 0, 0, 0, 0, 0outbound label:3protocol:ipfeature #:1feature id:FM_IP_WCCPService ID:0Service Type:0Router>show fm reflexive
To display information about the dynamic feature-manager reflexive entry, use the show fm reflexive command.
show fm reflexive
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Examples
This example shows how to display information about the dynamic feature-manager reflexive entry:
Router# show fm reflexiveReflexive hash table:Vlan613:refacl, OUT-REF, 64060E0A, 64060D0A, 0, 0, 7, 783, 6Router#show fm summary
To display a summary of feature manager information, use the show fm summary command.
show fm summary
Syntax Description
This command has no keywords or arguments.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Examples
This example shows how to display a summary of feature manager information:
Router# show fm summaryCurrent global ACL merge algorithm:BDDRouter#show fm vlan
To display information about the per-VLAN feature manager, use the show fm vlan command.
show fm vlan vlan-id
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Examples
This example shows how to display information about the per-VLAN feature manager:
Router# show fm vlan 1hw[EGRESS] = 1, hw[INGRESS] = 1hw_force_default[EGRESS] = 0, hw_force_default[INGRESS] = 0mcast = 0priority = 2reflexive = 0vacc_map : map1inbound label: 5merge_err: 0protocol: ipfeature #: 1feature id: FM_VACLmap_name: map1seq #: 10(only for IP_PROT) DestAddr SrcAddr Dpt Spt L4OP TOS Est prot Rsltvmr IP value # 1: 0.0.0.0 0.0.0.0 0 0 0 0 0 6 permitvmr IP mask # 1: 0.0.0.0 0.0.0.0 0 0 0 0 0 FFvmr IP value # 2: 0.0.0.0 0.0.0.0 0 0 0 0 0 11 permitvmr IP mask # 2: 0.0.0.0 0.0.0.0 0 0 0 0 0 FFvmr IP value # 3: 0.0.0.0 0.0.0.0 0 0 0 0 0 0 denyvmr IP mask # 3: 0.0.0.0 0.0.0.0 0 0 0 0 0 0seq #: 65536(only for IP_PROT) DestAddr SrcAddr Dpt Spt L4OP TOS Est prot Rsltvmr IP value # 1: 0.0.0.0 0.0.0.0 0 0 0 0 0 0 permitvmr IP mask # 1: 0.0.0.0 0.0.0.0 0 0 0 0 0 0outbound label: 6merge_err: 0protocol: ipfeature #: 1feature id: FM_VACLmap_name: map1seq #: 10(only for IP_PROT) DestAddr SrcAddr Dpt Spt L4OP TOS Est prot Rsltvmr IP value # 1: 0.0.0.0 0.0.0.0 0 0 0 0 0 6 permitvmr IP mask # 1: 0.0.0.0 0.0.0.0 0 0 0 0 0 FFvmr IP value # 2: 0.0.0.0 0.0.0.0 0 0 0 0 0 11 permitvmr IP mask # 2: 0.0.0.0 0.0.0.0 0 0 0 0 0 FFvmr IP value # 3: 0.0.0.0 0.0.0.0 0 0 0 0 0 0 denyvmr IP mask # 3: 0.0.0.0 0.0.0.0 0 0 0 0 0 0seq #: 65536(only for IP_PROT) DestAddr SrcAddr Dpt Spt L4OP TOS Est prot Rsltvmr IP value # 1: 0.0.0.0 0.0.0.0 0 0 0 0 0 0 permitvmr IP mask # 1: 0.0.0.0 0.0.0.0 0 0 0 0 0 0show ip auth-proxy watch-list
To display information about the authentication proxy watch list, use the show ip auth-proxy watch-list command.
show ip auth-proxy watch-list
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Examples
This example shows how to display information about the authentication-proxy watch list:
Router# show ip auth-proxy watch-listAuthentication Proxy Watch-list is enabledWatch-list expiry timeout is 2 minutesTotal number of watch-list entries: 3Source IP Type Violation-count12.0.0.2 MAX_RETRY MAX_LIMIT12.0.0.3 TCP_NO_DATA MAX_LIMIT1.2.3.4 CFGED N/ATotal number of watch-listed users: 3Router#Related Commands
clear ip auth-proxy watch-list
ip auth-proxy max-login-attempts
ip auth-proxy watch-listshow ip pim interface
To display the list that the PIM neighbors discovered, use the show ip pim neighbor command
show ip pim [vrf vrf-name] interface [count | detail | {vlan num} | {tunnel num}]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
12.2(18)SXF
Support for this command was introduced on the Supervisor Engine 720.
Usage Guidelines
This command is not supported on Catalyst 6500 series switches that are configured with a Supervisor Engine 2.
This command is supported on interfaces that are configured for PIM.
Examples
This example shows the output from the show ip pim interface command:
Router# show ip pim interfaceAddress Interface Mode Neighbor Query DRCount Interval198.92.37.6 Ethernet0 Dense 2 30 198.92.37.33198.92.36.129 Ethernet1 Dense 2 30 198.92.36.13110.1.37.2 Tunnel0 Dense 1 30 0.0.0.0Router#This example shows how to display interface multicast packet counts:
Router# show ip pim interface countAddress Interface FS Mpackets In/Out171.69.121.35 Ethernet0 * 548305239/13744856171.69.121.35 Serial0.33 * 8256/67052912198.92.12.73 Serial0.1719 * 219444/862191Router#Table 2-4 contains the show ip pim interface command output field descriptions.
show ip pim neighbor
To display the list the PIM neighbors discovered, use the show ip pim neighbor command
show ip pim [vrf vrf-name] neighbor [{vlan num} | {tunnel num}]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
12.2(18)SXF
Support for this command was introduced on the Supervisor Engine 720.
Usage Guidelines
This command is not supported on Catalyst 6500 series switches that are configured with a Supervisor Engine 2.
This command is supported on interfaces that are configured for PIM.
Use this command to determine which routers on the LAN are configured for PIM.
Examples
This example shows how to display the list that the PIM neighbors discovered:
Router# show ip pim neighborPIM Neighbor TableNeighbor Address Interface Uptime Expires Mode192.168.37.2 Ethernet0 17:38:16 0:01:25 Dense192.168.37.33 Ethernet0 17:33:20 0:01:05 Dense (DR)192.168.36.131 Ethernet1 17:33:20 0:01:08 Dense (DR)192.168.36.130 Ethernet1 18:56:06 0:01:04 Dense10.1.22.9 Tunnel0 19:14:59 0:01:09 DenseTable 2-5 describes the fields shown in the display.
show l3-mgr
To display information about the Layer 3 manager, use the show l3-mgr command.
show l3-mgr status
show l3-mgr {interface {{interface interface-number} | {null interface-number} | {port-channel number} | {vlan vlan-id} | status}}
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Usage Guidelines
This command is useful for debugging purposes and the output is intended for Cisco TAC and engineering use only.
The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module installed in a Catalyst 6513 chassis, valid values for the module number are from 2 to 13 and valid values for the port number are from 1 to 48.
Examples
This example shows how to display information about the Layer 3 manager status:
Router# show l3-mgr statusl3_mgr_state: 2l3_mgr_req_q.count: 0l3_mgr_req_q.head: 0l3_mgr_req_q.tail: 0l3_mgr_max_queue_count: 1060l3_mgr_shrunk_count: 0l3_mgr_req_q.ip_inv_count: 303l3_mgr_req_q.ipx_inv_count: 0l3_mgr_outpak_count: 18871l3_mgr_inpak_count: 18871l3_mgr_max_pending_pak: 4l3_mgr_pending_pak_count: 0nde enable statue: 0current nde addr: 0.0.0.0Router#This example shows how to display information about the Layer 3 manager for a specific interface:
Router# show l3-mgr interface ge-wan 5/40vlan: 0ip_enabled: 1ipx_enabled: 1bg_state: 0 0 0 0hsrp_enabled: 0hsrp_mac: 0000.0000.0000state: 0up: 0Router#show microcode
To display the versions for all bundled MCP and LCP images for the runtime supervisor engine, use the show microcode command.
show microcode
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Examples
This example shows how to display microcode versions:
Console> (enable) show microcodeBundled Images Version Size Built--------------- -------------------- ------- -----------------LCP SLCP 6.2(0.92) 330918 02/16/01 01:26:27LCP LX1000 6.2(0.92) 312782 02/16/01 01:27:59LCP LX10100 6.2(0.92) 364846 02/16/01 01:26:47LCP AX10100 6.2(0.92) 380296 02/16/01 01:27:10LCP AX1000 6.2(0.92) 338672 02/16/01 01:28:19LCP VX10100 6.2(0.92) 378532 02/16/01 01:27:35LCP CPSLCP 6.2(0.92) 585234 02/16/01 00:59:19LCP CPFAB 6.2(0.92) 251186 02/16/01 01:02:58LCP CPGBIT 6.2(0.92) 579282 02/16/01 01:00:49LCP CP10G 6.2(0.92) 477778 02/16/01 01:02:17LCP CPMBIT2 6.2(0.92) 777922 02/16/01 01:05:20Console> (enable) showshow mls cef ip
To display IP entries in the MLS-hardware Layer 3-switching table, use the show mls cef ip command.
show mls cef ip [{prefix [mask | module number]} | {module number} | {multicast [{prefix [mask | module num}]}]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Usage Guidelines
Information in the output of the show mls cef ip command is also displayed in the show mls ip command.
Examples
This example shows how to display IP entries in the MLS-hardware Layer 3-switching table:
Router# show mls cef ipCodes: G-GRE encap, W-WCCP encap, M-MPLS encapI-IP encap, + - Push LabelIndex Prefix Out i/f Tunnel i/f192 127.0.0.22/32 punt193 127.0.0.0/32 punt194 127.255.255.255/32 punt195 0.0.0.0/32 punt196 255.255.255.255/32 punt197 200.2.5.3/32 puntRouter#Related Commands
mls ip cef rate-limit
mls ip cef rpf interface-group
mls ip cef rpf multipath
show mls cef ip multicastshow mls cef ip multicast
To display IP entries in the MLS hardware Layer 3-switching table on the switch processor, use the show mls cef ip multicast command.
show mls cef ip multicast {bidir | grp-only | source source-ip} [detail | group group-id | vlan rpf-vlanid]
show mls cef ip multicast control [detail | prefix prefix | vlan rpf-vlanid]
show mls cef ip multicast group group-id [detail | vlan rpf-vlanid]
show mls cef ip multicast src-grp [detail | group group-ip | source | vlan rpf-vlanid]
show mls cef ip multicast subnet [detail | prefix prefix | vlan rpf-vlanid]
show mls cef ip multicast summary [vpn-num]
show mls cef ip multicast tcam [prefix [mask-length]] [detail] [module num] [vrf src-ip {src-port | dst-ip} [dst-port | module num]
show mls cef ip multicast {grp-mask | vlan rpf-vlanid | vpn vpn-id} [detail]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Switch processor—EXEC
Command History
Usage Guidelines
There are two MMLS modes, ingress and egress. The output displayed differs for each mode.
The hardware-entry types are as follows:
•
•
•
•
•
•
The DF index field ranges from 1 to 4 and is an index into the acceptance (PIM-RP x DF) table. The acceptance table is used with DF forwarding and is used to identify the set of DF interfaces for each of the four RPs in a VPN.
Examples
This example shows how to display ingress hardware-entry information that is based on Bidir (*,G/m) shortcuts:
Router# show mls cef ip multicast grp-maskMulticast CEF Entries for VPN#0Flags: R - Control, S - Subnet, B - Bidir, C - Complete, P - Partial,c - Central Rewrite, p - Primary Input, r - RecirculationSource/mask Destination/mask RPF/DF Flags #packets #bytes rwindex Output Vlans/Info+-------------------+-------------------+-------+-----+-------------+------------------+-- ------+------------------------------+* 226.2.2.0/24 Df0 BCp 0 0 - Vl50 [1 oifs]* 225.2.2.0/24 Df1 BCp 0 0 - Vl51 [1 oifs]* 227.2.2.0/24 Df1 BCp 0 0 - Vl51 [1 oifs]Found 3 entries. 3 are mfd entriesRouter#This example shows how to display detailed ingress hardware-entry information that is based on Bidir (*,G/m) shortcuts:
Router# show mls cef ip multicast grp-mask detail(*, 226.2.2.0/24)PI:1 (1) CR:0 (0) Recirc:0 (1)DFidx:0 AdjPtr:7,32775,65543,98311 FibRpfNf:0 FibRpfDf:0 FibAddr:0x100rwvlans:0 rwindex:0x0 adjmac:0006.d606.e240 rdt:0 E:0 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1518 rwtype:L3 met2:0x0 met3:0x5packets:0000000000000 bytes:000000000000000000Starting Offset: 0x0005V E C: 50 I:0x00449(*, 225.2.2.0/24)PI:1 (1) CR:0 (0) Recirc:0 (1)DFidx:1 AdjPtr:8,32776,65544,98312 FibRpfNf:0 FibRpfDf:0 FibAddr:0x102rwvlans:0 rwindex:0x0 adjmac:0006.d606.e240 rdt:0 E:0 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1518 rwtype:L3 met2:0x0 met3:0x6packets:0000000000000 bytes:000000000000000000Starting Offset: 0x0006V E C: 51 I:0x0044B(*, 227.2.2.0/24)PI:1 (1) CR:0 (0) Recirc:0 (1)DFidx:1 AdjPtr:19,32787,65555,98323 FibRpfNf:0 FibRpfDf:0 FibAddr:0x104rwvlans:0 rwindex:0x0 adjmac:0006.d606.e240 rdt:0 E:0 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1518 rwtype:L3 met2:0x0 met3:0x7packets:0000000000000 bytes:000000000000000000Starting Offset: 0x0007V E C: 51 I:0x0044BFound 3 entries. 3 are mfd entriesRouter#This example shows how to display Bidir information:
Router# show mls cef ip multicast bidirMulticast CEF Entries for VPN#0Flags: R - Control, S - Subnet, B - Bidir, C - Complete, P - Partial,c - Central Rewrite, p - Primary Input, r - RecirculationSource/mask Destination/mask RPF/DF Flags #packets #bytes rwindex Output Vlans/Info+-------------------+-------------------+-------+-----+-------------+------------------+-- ------+------------------------------+* 225.2.2.2/32 Df1 BCp 0 0 - Vl51,Vl30 [2 oifs]* 225.2.2.1/32 Df1 BCp 0 0 - Vl51,Vl30 [2 oifs]Found 2 entries. 2 are mfd entriesRouter#This example shows how to display detailed Bidir information:
Router# show mls cef ip multicast bidir detail(*, 225.2.2.2)PI:1 (1) CR:0 (0) Recirc:0 (1)DFidx:1 AdjPtr:10,32778,65546,98314 FibRpfNf:0 FibRpfDf:0 FibAddr:0xE2rwvlans:0 rwindex:0x0 adjmac:0006.d606.e240 rdt:0 E:0 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1518 rwtype:L3 met2:0x0 met3:0xApackets:0000000000000 bytes:000000000000000000Starting Offset: 0x000AV C: 51 I:0x004B5 P->19A0- VV E C: 30 I:0x0049B(*, 225.2.2.1)PI:1 (1) CR:0 (0) Recirc:0 (1)DFidx:1 AdjPtr:9,32777,65545,98313 FibRpfNf:0 FibRpfDf:0 FibAddr:0xE0rwvlans:0 rwindex:0x0 adjmac:0006.d606.e240 rdt:0 E:0 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1518 rwtype:L3 met2:0x0 met3:0x8packets:0000000000000 bytes:000000000000000000Starting Offset: 0x0008V C: 51 I:0x004B1 P->199C- VV E C: 30 I:0x00499Found 2 entries. 2 are mfd entriesRouter#This example shows how to display egress hardware-entry information that is based on Bidir (*,G/m) shortcuts:
Router# show mls cef ip multicast grp-maskMulticast CEF Entries for VPN#0Flags: R - Control, S - Subnet, B - Bidir, C - Complete, P - Partial,c - Central Rewrite, p - Primary Input, r - RecirculationSource/mask Destination/mask RPF/DF Flags #packets #bytes rwindex Output Vlans/Info+-------------------+-------------------+-------+-----+-------------+------------------+-- ------+------------------------------+* 225.2.2.0/24 Df0 BCp 0 0 -* 225.2.2.0/24 - Bpr 0 0 0x4AE Vl51 [1 oifs]* 225.2.2.0/24 - Br 0 0 0x40E Vl51 [1 oifs]* 226.2.2.0/24 Df1 BCp 0 0 -* 226.2.2.0/24 - Bpr 0 0 0x4AE Vl50 [1 oifs]* 226.2.2.0/24 - Br 0 0 0x40E Vl50 [1 oifs]* 227.2.2.0/24 Df0 BCp 0 0 -* 227.2.2.0/24 - Bpr 0 0 0x4AE Vl51 [1 oifs]* 227.2.2.0/24 - Br 0 0 0x40E Vl51 [1 oifs]Found 3 entries. 3 are mfd entriesRouter#This example shows how to display detailed egress hardware-entry information that is based on Bidir (*,G/m) shortcuts:
Router# show mls cef ip multicast grp-mask detail(*, 225.2.2.0/24)PI:1 (1) CR:0 (0) Recirc:0 (1)DFidx:0 AdjPtr:7,32775,65543,98311 FibRpfNf:0 FibRpfDf:0 FibAddr:0x120rwvlans:0 rwindex:0x0 rdt:0 E:0 CAP1:0fmt:recir l3rwvld:1 DM:0 mtu:1522 rwtype:RECIRpackets:0000000000000 bytes:000000000000000000PI:1 (1) CR:0 (0) Recirc:1 (1)AdjPtr:8,32776,65544,98312 FibRpfNf:0 FibRpfDf:0 FibAddr:0x122rwvlans:0 rwindex:0x4AE adjmac:0006.d606.e240 rdt:1 E:1 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1522 rwtype:L3 met2:0x0 met3:0x5packets:0000000000000 bytes:000000000000000000Starting Offset: 0x0005V E C: 51 I:0x0044CPI:0 (1) CR:0 (0) Recirc:1 (1)AdjPtr:9,32777,65545,98313 FibRpfNf:0 FibRpfDf:0 FibAddr:0x124rwvlans:0 rwindex:0x40E adjmac:0006.d606.e240 rdt:1 E:0 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1522 rwtype:L3 met2:0x0 met3:0x5packets:0000000000000 bytes:000000000000000000Starting Offset: 0x0005V E C: 51 I:0x0044C(*, 226.2.2.0/24)PI:1 (1) CR:0 (0) Recirc:0 (1)DFidx:1 AdjPtr:10,32778,65546,98314 FibRpfNf:0 FibRpfDf:0 FibAddr:0x126rwvlans:0 rwindex:0x0 rdt:0 E:0 CAP1:0fmt:recir l3rwvld:1 DM:0 mtu:1522 rwtype:RECIRpackets:0000000000000 bytes:000000000000000000PI:1 (1) CR:0 (0) Recirc:1 (1)AdjPtr:11,32779,65547,98315 FibRpfNf:0 FibRpfDf:0 FibAddr:0x128rwvlans:0 rwindex:0x4AE adjmac:0006.d606.e240 rdt:1 E:1 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1522 rwtype:L3 met2:0x0 met3:0x1Cpackets:0000000000000 bytes:000000000000000000Starting Offset: 0x001CV E C: 50 I:0x00447PI:0 (1) CR:0 (0) Recirc:1 (1)AdjPtr:12,32780,65548,98316 FibRpfNf:0 FibRpfDf:0 FibAddr:0x12Arwvlans:0 rwindex:0x40E adjmac:0006.d606.e240 rdt:1 E:0 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1522 rwtype:L3 met2:0x0 met3:0x1Cpackets:0000000000000 bytes:000000000000000000Starting Offset: 0x001CV E C: 50 I:0x00447(*, 227.2.2.0/24)PI:1 (1) CR:0 (0) Recirc:0 (1)DFidx:0 AdjPtr:13,32781,65549,98317 FibRpfNf:0 FibRpfDf:0 FibAddr:0x12Crwvlans:0 rwindex:0x0 rdt:0 E:0 CAP1:0fmt:recir l3rwvld:1 DM:0 mtu:1522 rwtype:RECIRpackets:0000000000000 bytes:000000000000000000PI:1 (1) CR:0 (0) Recirc:1 (1)AdjPtr:14,32782,65550,98318 FibRpfNf:0 FibRpfDf:0 FibAddr:0x12Erwvlans:0 rwindex:0x4AE adjmac:0006.d606.e240 rdt:1 E:1 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1522 rwtype:L3 met2:0x0 met3:0x1Dpackets:0000000000000 bytes:000000000000000000Starting Offset: 0x001DV E C: 51 I:0x0044CPI:0 (1) CR:0 (0) Recirc:1 (1)AdjPtr:15,32783,65551,98319 FibRpfNf:0 FibRpfDf:0 FibAddr:0x130rwvlans:0 rwindex:0x40E adjmac:0006.d606.e240 rdt:1 E:0 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1522 rwtype:L3 met2:0x0 met3:0x1Dpackets:0000000000000 bytes:000000000000000000Starting Offset: 0x001DV E C: 51 I:0x0044CFound 3 entries. 3 are mfd entriesRouter#This example shows how to display egress Bidir information:
Router# show mls cef ip multicast bidirMulticast CEF Entries for VPN#0Flags: R - Control, S - Subnet, B - Bidir, C - Complete, P - Partial,c - Central Rewrite, p - Primary Input, r - RecirculationSource/mask Destination/mask RPF/DF Flags #packets #bytes rwindex Output Vlans/Info+-------------------+-------------------+-------+-----+-------------+------------------+-- ------+------------------------------+* 225.2.2.2/32 Df0 BCp 0 0 -* 225.2.2.2/32 - Bpr 0 0 0x4AE Vl51,Vl30 [2 oifs]* 225.2.2.2/32 - Br 0 0 0x40E Vl51,Vl30 [2 oifs]* 225.2.2.1/32 Df0 BCp 0 0 -* 225.2.2.1/32 - Bpr 0 0 0x4AE Vl51,Vl30 [2 oifs]* 225.2.2.1/32 - Br 0 0 0x40E Vl51,Vl30 [2 oifs]Found 2 entries. 2 are mfd entriesRouter#This example shows how to display detailed egress Bidir information:
Router# show mls cef ip multicast bidir detail(*, 225.2.2.2)PI:1 (1) CR:0 (0) Recirc:0 (1)DFidx:0 AdjPtr:19,32787,65555,98323 FibRpfNf:0 FibRpfDf:0 FibAddr:0xE6rwvlans:0 rwindex:0x0 rdt:0 E:0 CAP1:0fmt:recir l3rwvld:1 DM:0 mtu:1522 rwtype:RECIRpackets:0000000000000 bytes:000000000000000000PI:1 (1) CR:0 (0) Recirc:1 (1)AdjPtr:20,32788,65556,98324 FibRpfNf:0 FibRpfDf:0 FibAddr:0xE8rwvlans:0 rwindex:0x4AE adjmac:0006.d606.e240 rdt:1 E:1 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1522 rwtype:L3 met2:0x0 met3:0x22packets:0000000000000 bytes:000000000000000000Starting Offset: 0x0022V C: 51 I:0x004B3 P->24V E C: 30 I:0x004B6PI:0 (1) CR:0 (0) Recirc:1 (1)AdjPtr:21,32789,65557,98325 FibRpfNf:0 FibRpfDf:0 FibAddr:0xEArwvlans:0 rwindex:0x40E adjmac:0006.d606.e240 rdt:1 E:0 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1522 rwtype:L3 met2:0x0 met3:0x22packets:0000000000000 bytes:000000000000000000Starting Offset: 0x0022V C: 51 I:0x004B3 P->24V E C: 30 I:0x004B6(*, 225.2.2.1)PI:1 (1) CR:0 (0) Recirc:0 (1)DFidx:0 AdjPtr:16,32784,65552,98320 FibRpfNf:0 FibRpfDf:0 FibAddr:0xE0rwvlans:0 rwindex:0x0 rdt:0 E:0 CAP1:0fmt:recir l3rwvld:1 DM:0 mtu:1522 rwtype:RECIRpackets:0000000000000 bytes:000000000000000000PI:1 (1) CR:0 (0) Recirc:1 (1)AdjPtr:17,32785,65553,98321 FibRpfNf:0 FibRpfDf:0 FibAddr:0xE2rwvlans:0 rwindex:0x4AE adjmac:0006.d606.e240 rdt:1 E:1 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1522 rwtype:L3 met2:0x0 met3:0x1Epackets:0000000000000 bytes:000000000000000000Starting Offset: 0x001EV C: 51 I:0x004AF P->20V E C: 30 I:0x004B2PI:0 (1) CR:0 (0) Recirc:1 (1)AdjPtr:18,32786,65554,98322 FibRpfNf:0 FibRpfDf:0 FibAddr:0xE4rwvlans:0 rwindex:0x40E adjmac:0006.d606.e240 rdt:1 E:0 CAP1:0fmt:mcast l3rwvld:1 DM:0 mtu:1522 rwtype:L3 met2:0x0 met3:0x1Epackets:0000000000000 bytes:000000000000000000Starting Offset: 0x001EV C: 51 I:0x004AF P->20V E C: 30 I:0x004B2Found 2 entries. 2 are mfd entriesRouter#Related Commands
mls ip cef rate-limit
mls ip cef rpf interface-group
mls ip cef rpf multipath
show mls cef ipshow msfc2 rom-monitor
To display the status of the ROMMON region, use the show msfc2 rom-monitor command.
show msfc2 rom-monitor
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Examples
This example shows how to display ROMMON information:
Router# show msfc3 rom-monitorRegion region1: APPROVED, preferredRegion region2: INVALIDCurrently running ROMMON from region1 regionRouter#Table 2-6 describes the possible output fields for the show msfc2 rom-monitor command.
Related Commands
show redundancy
To display information about the redundancy high-availability setting, use the show redundancy command.
show redundancy
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Examples
This example shows how to display information about the RF client:
Router# show redundancyDesignated Router: 2 Non-designated Router: 0Redundancy Status: designatedConfig Sync AdminStatus : enabledConfig Sync RuntimeStatus: disabledSingle Router Mode AdminStatus : disabledSingle Router Mode RuntimeStatus: disabledSingle Router Mode transition timer : 120 secondsRouter#show scp
To display SCP information, use the show scp command.
show scp {accounting | counters | {process [id]} | status}
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Usage Guidelines
This command is useful for debugging purposes and the output is intended for Cisco TAC and engineering use only.
Examples
This example shows how to display information about SCP accounting:
Router> show scp accountingTotal 11 1D 1E 2C 82 100 105 10F 119 11C 11D 11E 127----- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ----Tot: 10F8 FFC1 2 2 3 1 0 1 2 2 1 6 E 110E10FB FFC1 2 2 3 1 2 1 2 3 1 6 E 110E11: 10F8 FFC1 2 2 3 1 0 1 2 2 1 6 E 110E10FA FFC1 2 2 3 1 1 1 2 3 1 6 E 110E13: 0 0 0 0 0 0 0 0 0 0 0 0 0 01 0 0 0 0 0 1 0 0 0 0 0 0 012B 157 1FF---- ---- ----Tot: 1 4 21 4 211: 1 4 21 4 213: 0 0 00 0 0Router>This example shows how to display information about the SCP counter:
Router> show scp countersreceived packets = 69896transmitted packets = 69894retransmitted packets = 0loop back packets = 0transmit failures = 0recv pkts not for me = 0recv pkts to dead process = 0recv pkts not enqueuable = 0response has wrong opcode = 0response has wrong seqnum = 0response is not an ack = 0response is too big = 0Router>This example shows how to display the process name and the number of messages that are received and transmitted:
Router> show scp processPID Process Msgs Msgs NMP Tx Q Msgs Bufs Rx Q Rx QSent Resent in Overflow Rcvd Held Size Oflow--- ---------------- ---------- ---------- ------------ ---------- ----- ----- ----------0 Kernel and Idle 2 0 0 0 0 0 01 Flash MIB Updat 0 0 0 0 0 0 02 SynDiags 1410 0 0 1410 0 4 03 SynConfig 2 0 0 3481603 0 64 04 Statuspoll 3481589 0 0 0 0 2 05 SL_TASK 0 0 0 0 0 24 0...This example shows how to display information about the local SCP server status:
Router> show scp statusRx 69866, Tx 69864, Sap 6Id Channel name # msgs pending # peak count-- ------------------------- -------------- ------------0 SCP async: TCAM MGR Chann 0 51 SCP async: l3_mgr scp cha 0 12 SCP async: l3_mgr scp cha 0 23 SCP async: Draco-NMP 0 1Router>show slot0:
To display information about the slot0: file system, use the show slot0: command.
show slot0: [all | chips | filesys]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
Examples
This example shows how to display information about the image:
Router> show slot0:-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name1 .. image 6375DBB7 A4F144 6 10678468 Nov 09 1999 10:50:42 halley5705404 bytes available (10678596 bytes used)Router>This example shows how to display information about the Flash chip:
Router> show slot0: chips******** Intel Series 2+ Status/Register Dump ********ATTRIBUTE MEMORY REGISTERS:Config Option Reg (4000): 2Config Status Reg (4002): 0Card Status Reg (4100): 1Write Protect Reg (4104): 4Voltage Cntrl Reg (410C): 0Rdy/Busy Mode Reg (4140): 2COMMON MEMORY REGISTERS: Bank 0Intelligent ID Code : 8989A0A0Compatible Status Reg: 8080Global Status Reg: B0B0Block Status Regs:0 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B08 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B016 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B024 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0COMMON MEMORY REGISTERS: Bank 1Intelligent ID Code : 8989A0A0Compatible Status Reg: 8080Global Status Reg: B0B0Block Status Regs:0 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B08 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B016 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B024 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0COMMON MEMORY REGISTERS: Bank 2Intelligent ID Code : 8989A0A0Compatible Status Reg: 8080Global Status Reg: B0B0Block Status Regs:0 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B08 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B016 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B024 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0COMMON MEMORY REGISTERS: Bank 3Intelligent ID Code : 8989A0A0Compatible Status Reg: 8080Global Status Reg: B0B0Block Status Regs:0 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B08 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B016 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B024 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0COMMON MEMORY REGISTERS: Bank 4Intelligent ID Code : FFFFFFFFIID Not Intel -- assuming bank not populatedRouter>This example shows how to display information about the file system:
Router> show slot0: filesys-------- F I L E S Y S T E M S T A T U S --------Device Number = 0DEVICE INFO BLOCK: slot0Magic Number = 6887635 File System Vers = 10000 (1.0)Length = 1000000 Sector Size = 20000Programming Algorithm = 4 Erased State = FFFFFFFFFile System Offset = 20000 Length = FA0000MONLIB Offset = 100 Length = F568Bad Sector Map Offset = 1FFF0 Length = 10Squeeze Log Offset = FC0000 Length = 20000Squeeze Buffer Offset = FE0000 Length = 20000Num Spare Sectors = 0Spares:STATUS INFO:WritableNO File Open for WriteComplete StatsNo Unrecovered ErrorsNo Squeeze in progressUSAGE INFO:Bytes Used = 9F365C Bytes Available = 5AC9A4Bad Sectors = 0 Spared Sectors = 0OK Files = 1 Bytes = 9F35DCDeleted Files = 0 Bytes = 0Files w/Errors = 0 Bytes = 0Router>show standby delay
To display information about the HSRP delay periods, use the show standby delay command.
show standby delay [type number]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Privileged EXEC
Command History
Examples
This example shows the output from the show standby delay command:
Router# show standby delayInterface Minimum ReloadVLAN100 1 5Router#Related Commands
snmp-server enable traps
To enable SNMP notifications (traps or informs) that are available on your system, use the snmp-server enable traps command. To disable all available SNMP notifications, use the no form of this command.
snmp-server enable traps [notification-type]
no snmp-server enable traps [notification-type]
Syntax Description
Defaults
This command is disabled by default. Most notification types are disabled. However, some notification types cannot be controlled with this command.
If you enter this command without a notification-type, all notification types that are controlled by this command are enabled.
If enabled, the default settings are as follows:
•
•
Command Modes
Global configuration
Command History
12.1(11b)E
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
For additional notification types, refer to Cisco IOS documentation.
SNMP notifications can be sent as traps or inform requests. This command enables both traps and inform requests for the specified notification types. To specify whether the notifications should be sent as traps or informs, use the snmp-server host [traps | informs] command.
If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent. In order to configure the router to send these SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, all notification types are enabled. If you enter the command with a keyword, only the notification type related to that keyword is enabled. In order to enable multiple types of notifications, you must issue a separate snmp-server enable traps command for each notification type and notification option.
The snmp-server enable traps command is used with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP notifications. In order to send notifications, you must configure at least one snmp-server host command.
Valid values for the notification-type are as follows:
•
•
•
•
•
•
•
•
•
•
•
•
Examples
This example shows how to send all traps to the host that is specified by the name myhost.cisco.com, using the community string that is defined as public:
Router(config)# snmp-server enable trapsRouter(config)# snmp-server host myhost.cisco.com publicRelated Commands
Refer to Cisco IOS documentation for additional snmp-server enable traps commands.
standby delay minimum reload
To configure the delay period before the initialization of HSRP groups, use the standby delay minimum reload command. Use the no form of this command to disable the delay period.
standby delay minimum [min-delay] reload [reload-delay]
no standby delay minimum [min-delay] reload [reload-delay]
Syntax Description
Defaults
The defaults are as follows:
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
The minimum delay period applies to all subsequent interface events.
The delay period applies only to the first interface-up event after the router has reloaded.
If the active router fails or is removed from the network, the standby router automatically becomes the new active router. If the former active router comes back online, you can control whether it takes over as the active router by using the standby preempt command.
However, even if the standby preempt command is not configured, the former active router resumes the active role after it reloads and comes back online. Use the standby delay minimum reload command to set a delay period for HSRP group initialization. This command allows time for the packets to get through before the router resumes the active role.
We recommend that you use the standby delay minimum reload command if the standby timers command is configured in milliseconds or if HSRP is configured on a VLAN interface of a switch.
In most configurations, the default values provide sufficient time for the packets to get through and it is not necessary to configure longer delay values.
The delay is canceled if an HSRP packet is received on an interface.
Examples
This example shows how to set the minimum delay period to 30 seconds and the delay period after the first reload to 120 seconds:
Router(config-if) # standby delay minimum 30 reload 120Router(config-if) #Related Commands
show standby delay
standby delay minimum reload (refer to Cisco IOS documentation)
standby preempt (refer to Cisco IOS documentation)
standby timers (refer to Cisco IOS documentation)standby ip
To enable HSRP and set the virtual IP address, use the standby ip command. Use the no form of this command to disable HSRP.
standby [group-number] ip [ip-addr [secondary]]
no standby [group-number] ip [ip-addr]
Syntax Description
Defaults
The defaults are as follows:
•
•
•
•
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
The standby ip command activates HSRP on the configured interface. If an IP address is specified, that address is used as the designated address for the hot standby group. If no IP address is specified, the designated address is learned through the standby function. For HSRP to elect a designated router, at least one router on the cable must have been configured with, or have learned, the designated address. Configuring the designated address on the active router always overrides a designated address that is currently in use.
When the standby ip command is enabled on an interface, the handling of proxy ARP requests is changed (unless proxy ARP was disabled). If the hot standby state of the interface is active, proxy ARP requests are answered using the MAC address of the hot standby group. If the interface is in a different state, the proxy ARP responses are suppressed.
When group number 0 is used, no group number is written to NVRAM, which provides backward compatibility.
To assist in troubleshooting, configure the group-number to match the VLAN number.
Increase the priority of at least one interface in the HSRP group. The interface with the highest priority becomes active for that HSRP group.
All interfaces in the HSRP group should use the same timer values.
All interfaces in the HSRP group should use the same authentication string.
The alt keyword is used to specify an alternate configuration and is used in the following:
[no] standby [group-number] ip [ip-address [secondary]] alt
[no] standby [group-number] ip [ip-address [secondary]]
[no] standby [group-number] priority priority [preempt [delay delay]] alt
[no] standby [group-number] priority priority [preempt [delay delay]]
For additional information, see the "alt Keyword Usage" section on page 2-9.
Examples
This example shows how to enable HSRP for group 1 on an interface. The IP address that is used by the hot standby group will be learned using HSRP.
Router(config-if) # standby 1 ipRouter(config-if) #standby track
To configure an interface so that the hot-standby priority changes are based on the availability of other interfaces, use the standby track command. Use the no standby group-number track command to delete all tracking configuration for a group.
standby [group-number] track {interface-type interface-number | designated-router} [priority-decrement]
no standby group-number track
Syntax Description
Defaults
The defaults are as follows:
•
•
•
Command Modes
Interface configuration
Command History
Usage Guidelines
Prior to entering the designated-router keyword, you must ensure that the new designated router has a higher HSRP priority than the current designated router to take over.
When a tracked interface goes down, the hot-standby priority decreases by the number that is specified by the priority-decrement argument. If an interface is not tracked, its state changes do not affect the hot-standby priority. For each interface configured for hot standby, you can configure a separate list of interfaces to be tracked.
When multiple tracked interfaces are down, the decrements are cumulative whether they are configured with priority-decrement values or not.
A tracked interface is considered down if the IP address is disabled on that interface.
You must enter the group-number when using the no form of this command.
If you configure HSRP to track an interface, and that interface is physically removed as in the case of an OIR operation, HSRP will regard the interface as always down. You cannot remove the HSRP interface-tracking configuration. To prevent this situation, use the no standby track interface-type interface-number command before you physically remove the interface.
When you enter a group-number 0, no group number is written to NVRAM, which provides backward compatibility.
Examples
This example shows how to enable HSRP tracking for group 1 on an interface:
Router(config-if)# standby 1 track Ethernet0/2Router(config-if)#This example shows how to specify that if the designated router becomes nondesignated, the active HSRP router becomes the designated router:
Router(config-if)# standby 1 track designated-router 15Router(config-if)#Related Commands
show standby (refer to the Catalyst 6500 Series Switch Cisco IOS Command Reference)
upgrade rom-monitor
To set the execution preference on a ROMMON, use the upgrade rom-monitor command.
upgrade rom-monitor {rp | sp} {invalidate | preference} {region1 | region2}
upgrade rom-monitor {rp | sp} file {device:filename}
Syntax Description
Defaults
This command has no default settings.
Command Modes
Privileged EXEC
Command History
Usage Guidelines
Caution
Caution
The slot num is required for this command to function properly.
The sp keyword is not supported.
You can enter the upgrade rom-monitor rp {invalidate | preference} {region1 | region2} command to set the execution preference manually on a ROMMON in region1 or region2. You can enter this command in privileged EXEC mode only.
You can enter the upgrade rom-monitor rp file {device:filename} command to program a new ROMMON into a Flash (region1 or region2) region.
Examples
This example shows how to program the new ROMMON into the ROMMON Flash file:
Router# upgrade rom-monitor rp file bootflash:FUR_173.srecROMMON image upgrade in progressErasing flashProgramming flashVerifying new imageROMMON image upgrade complete, MSFC3 must be reloaded.Related Commands
