Ethernet Interface Configuration Mode Commands


Ethernet Interface Configuration Mode Commands
 
 
The Ethernet Interface Configuration Mode is used to create and manage the IP interfaces for addresses, address resolution options, etc.
 
 
crypto-map
Applies the specified IPSec crypto-map to this interface.
Product
PDSN, HA
Privilege
Security Administrator, Administrator
Syntax
crypto-mapmap_name [ secondary-addresssec_ip_addr ]
no
Deletes the application of the crypto map on this interface.
map_name
Specifies the name of the crypto map being applied. The name can be from 1 to 127 alpha and/or numeric characters and is case sensitive.
secondary-address sec_ip_addr
Applies the crypto map to the secondary address for this interface that is specified by sec_ip_addr. sec_ip_addr must be specified using the standard IPv4/IPv6 notation.
Usage
In order for ISAKMP and/or manual crypto maps to work, they must be applied to a specific interface using this command. Dynamic crypto maps should not be applied to interfaces.
The crypto map must be configured in the same context as the interface.
Example
To apply the IPSEC crypto map named cmap1 to this interface, use the following command:
crypto-map cmap1
 
description
Configures the description text for the current interface.
Product
All
Privilege
Security Administrator, Administrator
Syntax
descriptiontext
no description
no
Clears the description for the interface.
text
Specifies the descriptive text to use. text must be 0 to 79 alpha and/or numeric characters with no spaces or a quoted string of printable characters
Usage
Set the description to provide useful information on the interface’s primary function, services, end users, etc. Any information useful may be provided.
Example
description sampleInterfaceDescriptiveText
 
end
Exits the interface configuration mode and returns to the Exec mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
end
Usage
Change the mode back to the Exec mode.
 
exit
Exits the interface configuration mode and returns to the context configuration mode.
Product
All
Privilege
Security Administrator, Administrator
Syntax
exit
Usage
Return to the context configuration mode.
 
ip
Configures the IP options for the current interface.
Product
All
Privilege
Security Administrator, Administrator
Syntax
ip { access-group acl_name { in | out } [ priority-value ] | address ip_address ip_mask [ secondary | srp-activate ] | arp { arpa | timeout seconds } }
no ip { access-group acl_name { in | out } | address ip_address | arp { arpa | timeout } }
no
Disables and/or restores the option to the system default.
access-group acl_name { in | out } [ priority-value ]
acl_name specifies the access control list to be added/removed from the group. The ACL rules must be configured in the same context as the interface.
In Release 8.1 and later, acl_name must be an alpha and/or numeric string of 1 through 47 characters in length.
In Release 8.0 and earlier, acl_name must be an alpha and/or numeric string of 1 through 79 characters in length.
The direction must also be specified as either inbound or outbound using the keywords in and out, respectively.
priority-value: Default: 0. If more than one ACL is applied, priority-value specifies the priority in which they will be compared against the packet. If not specified, the priority is set to 0. priority-value must be an integer from 0 through 4294967295. If access groups in the list have the same priority, the last one entered is used first.
Important: Up to 8 ACLs can be applied to a group provided that the number of rules configured within the ACL(s) does not exceed the 128 rule limit for the interface.
address ip_address ip_mask [ secondary | srp-activate ]
Configures the IP address for the interface specifying the networking mask as well. ip_address and ip_mask must be specified using the standard IPv4/IPv6 notation.
The secondary keyword is used to configure a secondary IP address on the interface. This is referred to as multi-homing of the interface.
The srp-activate Activates the IP address for Interchassis Session Redundancy.
arp { arpa | timeout seconds }
Important: These keywords have been replaced by the R_arp command in the Global Configuration Mode. For backwards compatibility, however, these keywords are accepted as valid.
Usage
Create and manage the IP interfaces for the associated context.
Example
The following command configures the access group for the current context:
ip access-group sampleAccessGroup
ip address 1.2.3.4 0.0.0.128 secondary
The following command sets the address resolution protocol timeout.
ip arp timeout 1800
The following commands remove the associated IP address and disable ARP for the interface, respectively.
no ip address 1.2.3.4no ip arp arpa
 
ip mtu
Configures the Maximum Transmission Unit (MTU) for this IP interface.
Product
All
Privilege
Security Administrator, Administrator
Syntax
ip mtumtu-size
no ip mtumtu-size
no
Deletes the MTU value.
Usage
On ASR 5000 we support IP MTU with a normal interface and point-to-point interface (for OLC port).
The maximum MTU size allowed with an OLC port is 1600, the maximum MTU size allowed with an Ethernet port is 2048. The default MTU size is 1500.
Example
The following command sets the MTU value to the default.
ip mtu 1500
 
ip ospf authentication-key
This command configures the password for the authentication with neighboring routers.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator
Syntax
ip ospfauthentication-key [ encrypted ] passwordauth_key
no ip ospfauthentication-key
no
Deletes the authentication key.
encrypted
Use this keyword if you are pasting a previously encrypted authentication key into the CLI command.
password auth_key
The password to use for authentication. authentication_key is a string variable, from 1 through 16 alphanumeric characters, that denotes the authentication password. This variable is entered in clear text format.
Usage
Use this command to set the authentication key used when authenticating with neighboring routers.
Example
To set the authentication key to 123abc, use the following command;
ip ospf authentication-key password 123abc
Use the following command to delete the authentication key;
no ip ospf authentication-key
 
ip ospf authentication-type
This command configures the OSPF authentication method to be used with OSPF neighbors over the logical interface.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator
Syntax
ip ospf authentication-type { message-digest | null | text }
no ip ospf authentication-type { message-digest | null | text }
no
Disable this function.
message-digest
Set the OSPF authentication type to use the message digest (MD) authentication method.
null
Set the OSPF authentication type to use no authentication, thus disabling either MD or clear text methods.
text
Set the OSPF authentication type to use the clear text authentication method.
Usage
Use this command to set the type of authentication to use when authenticating with neighboring routers.
Example
To set the authentication type to use clear text, enter the following command;
ip ospf authentication-type text
 
ip ospf cost
This command configures the cost associated with sending a packet over the logical interface.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator
Syntax
ipospfcostvalue
no ipospfcost
no
Disable this function.
value
Default: 10
The cost to assign to OSPF packets. This must be an integer from 1 through 65535.
Usage
Use this command to set the cost associated with routes from the interface.
Example
Use the following command to set the cost to 20;
ip ospf cost 20
Use the following command to disable the cost setting;
no ip ospf cost
 
ip ospf intervals
This command configures the interval or delay type, and the interval or delay time in seconds, for OSPF communications.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator
Syntax
ip ospf { dead-intervalvalue | hello-intervalvalue | retransmit-intervalvalue | transmit-delayvalue }
no ip ospf { dead-interval | hello-interval | retransmit-interval | transmit-delay }
no
Deletes the value set and returns the value to its default.
dead-interval value
Default: 40
The interval, in seconds, that the router should wait, during which time no packets are received and after the router considers a neighboring router to be off-line. value must be an integer from 1 through 65535.
hello-interval value
Default: 10
The interval, in seconds between sending hello packets. value must be an integer from 1 through 65535.
retransmit-interval value
Default: 5
The interval, in seconds, between LSA (Link State Advertisement) retransmissions. value must be an integer from 1 through 65535.
transmit-delay value
Default: 1
The interval, in seconds, that the router should wait before transmitting a packet. value must be an integer from 1 through 65535.
Usage
Use this command to set the intervals or delays for OSPF communications.
Example
To set the dead-interval to 100, use the following command;
ip ospf dead-interval 100
To delete the setting for the dead-interval and reset the dead-interval value to its default of 40, use the following command’
no ip ospf dead-interval
 
ip ospf message-digest-key
This command enables the use of MD5-based OSPF authentication.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator
Syntax
ip ospfmessage-digest-keykey_idmd5 [ encrypted ] passwordauthentication_key
no ip ospfmessage-digest-keykey_id
no
Deletes the key.
message-digest-key key_id
Specifies the key identifier number. key_id must be an integer from 1 through 255.
encrypted
Use this if you are pasting a previously encrypted authentication key into the CLI command.
password authentication_key
The password to use for authentication. authentication_key is a string variable, from 1 through 16 alphanumeric characters, that denotes the authentication password. This variable is entered in clear text format.
Usage
Use this command to create an authentication key that uses MD5-based OSPF authentication.
Example
To create a key with the ID of 25 and a password of 123abc, use the following command;
ip ospf message-digest-key 25 md5 password 123abc
To delete the same key, enter the following command;
no ip ospf message-digest-key 25
 
ip ospf network
Configures the OSPF network type.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator
Syntax
ipospfnetwork { broadcast | non-broadcast | point-to-multipoint | point-to-point }
no ipospfnetwork
no
Disable this function.
broadcast
Sets the network type to broadcast.
non-broadcast
Sets the network type to non-broadcast multi access (NBMA).
point-to-multipoint
Sets the network type to point-to-multipoint.
point-to-point
Sets the network type to point-to-point.
Usage
Use this command to specify the OSPF network type.
Example
To set the OSPF network type to broadcast, enter the following command;
ip ospf network broadcast
To disable the OSPF network type, enter the following command;
no ip ospf network
 
ip ospf priority
This command designates the OSPF router priority.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator
Syntax
ipospfpriorityvalue
no ipospfpriorityvalue
no
Disable this function.
value
The priority value to assign. This must be an integer from 0 through 255.
Usage
Use this command to set the OSPF router priority.
Example
To set the priority to 25, enter the following command:
ip ospf priority 25
To disable the priority, enter the following command:
no ip ospf priority
 
ipv6 access-group
Specifies the name of the ACL group to assign the interface to. You can filter for either inbound or outbound traffic.
Product
PDSN, HA
Privilege
Security Administrator, Administrator
Syntax
[no] ipv6 access-group group name { in | out } { priority-value }
no
Removes a previously configured access group association.
group_name
Specifies the name of the access group. group_name must be an alpha and/or numeric string of 1 to 79 characters.
in
Applies the filter to the inbound traffic.
Specify a priority_value for the access group from 0 to 4294967295. The lower values indicate a higher priority.
out
Applies the filter to the outbound traffic.
Specify a priority-value for the access group from 0 to 4294967295. The lower values indicate a higher priority.
priority-value
Default: 0
Specifies the priority of the access group. 0 is the highest priority. If priority-value is not specified the priority is set to 0. priority-value must be a value from 0 to 4294967295.
If access groups in the list have the same priority, the last one entered is used first.
Usage
Use this command to specify the ACL group to assign the interface to. Specify an ACL group name with this command.
Important: Up to 8 ACLs can be applied to a group provided that the number of rules configured within the ACL(s) does not exceed the 128 rule limit for the interface.
Example
Use the following command to associate the group_1 access group with the current IPv6 profile for inbound access:
ipv6 access-group group_1 in 1
 
ipv6 address
Specifies the address and subnet mask.
Product
PDSN, HA
Privilege
Security Administrator, Administrator
Syntax
ipv6 address ip_address
ip_address
Specifies an individual host IP address to add to this host pool.
ip_address is the IP address in colon separated notation.
Usage
Configures the IPv6 address and subnet mask for a specific interface.
 
ipv6 router advertisement
Enables or disables the system to send IPv6 router advertisements.
Product
PDSN, HA
Privilege
Security Administrator, Administrator
Syntax
[no] ipv6 router advertisement
Usage
Enables sending of router advertisements on the interface. All of the pool prefixes in the context (belonging to the interface) will be advertised in the router advertisement.
The router-lifetime in the advertisement is sent as 0 to indicate to the receiver that the sender cannot be a default-router. For all the prefixes (pools), the valid and preferred lifetime are sent as default. The router-advertisement is sent every 600 seconds.
If the pool-prefix is deleted, then an router-advertisement is sent for that particular prefix with the valid and preferred time set to 0.
 
policy-forward
Configure the system for redirecting the HA packets to new HA during existing HA upgradation.
Product
PDSN, HA
Privilege
Security Administrator, Administrator
Syntax
policy-forward { icmp unreachable next-hopip address |unconnected-address next-systemip address}
no policy-forward unconnected-address
no policy-forward unconnected-address
Deletes the policy forwarding configuration for unconnected address for the current interface.
icmp unreachable next-hop ip address
Specifies routing of Internet Control Message Protocol (icmp) unreachable is required in overlapping pool configuration. ip address must be an IP address expressed in IPv4/IPv6 notation.
unconnected-address next-system ip address
Specifies address of next system HA to handle processing during HA upgrade.
ip address must be an IP address expressed in IPv4/IPv6 notation.
Usage
Use this command to set the redirecting policy for IP packets from existing HA to new HA during upgradation. To configure this command both keyword will be in separate interface.
Important: It is a customer specific command.
To configure existing HA system for redirecting the HA packets to new HA during existing HA upgrade enter the following command:
policy-forward unconnected-address next-system ip addresspolicy-forward icmp unreachable next-hop ip address
 
pool-share-protocol
Configure the primary or secondary system for the IP pool sharing protocol and enter IPSP configuration mode.
Product
PDSN, HA
Privilege
Security Administrator, Administrator
Syntax
pool-share-protocol { primaryaddress|secondaryaddress} [mode {active | inactive | check-config}]
no pool-share-protocol
no pool-share-protocol
Deletes the IP pool sharing protocol information from the current interface.
primary address
On the secondary system, define the IP address of an interface on the primary system that has identical IP pools configured for use with the IP pool sharing protocol. address must be an IP address expressed in IP v4 dotted decimal notation.
secondary address
On the primary system, define the IP address of an interface on the secondary system that has identical IP pools configured for use with the IP pool sharing protocol. address must be an IP address expressed in IP v4 dotted decimal notation.
mode {active | inactive | check-config}
This is an optional command to manage the mode for IP pool sharing protocol for primary or secondary HA.
active: Activates the IP pool sharing protocol mode.
inactive: Inactivates the IP pool sharing protocol mode.
check-config: Verify the IP pool sharing protocol configuration.
Usage
Use this command to set the IP address of the primary or secondary system for use with the IP pool sharing protocol and enter ipsp configuration mode. This command must be configured for an interface in each context that has IP pools configured. Refer to the System Administration and Configuration Guide for information on configuring and using the IP pool sharing protocol.
Important: Both the primary and secondary systems must be in the same subnet.
Important: For information on configuring and using IPSP refer to the System Administration and Configuration Guide.
Important: To reserve free addresses on primary HA for this command use reserved-free-percentage command in IPSP Configuration Mode Commands of this guide.
Example
To configure a secondary system with an IP address of 192.168.100.10 for use with the IP pool sharing protocol, enter the following command:
pool-share-protocol secondary 192.168.100.10
To inactivate a secondary system with an IP address of 192.168.100.10 for use with the IP pool sharing protocol, enter the following command:
pool-share-protocol secondary 192.168.100.10 mode inactive
 
port-switch-on-L3-fail
This command causes the line card port to which the current interface is bound to switch over to the port on the redundant line card when connectivity to the specified IP address is lost.
Product
All
Privilege
Security Administrator, Administrator
Syntax
port-switch-on-L3-failaddress { ip_address | ipv6_address } [ minimum-switchover-periodswitch_time ] [ intervalint_time ] [ timeouttime_out ] [ num-retrynumber ]
no port-switch-on-L3-fail
no
Disable port switchover on failure.
ip_address
The IP address to monitor for connectivity. ‘ ip_address must be in either ipv4 format or IPv6 format
minimum-switchover-period switch_time
Default: 120 seconds
After a switchover occurs, another switchover cannot occur until the amount of time specified has elapsed. switch_time must be an integer in the range from 1 to 3600.
interval int_time
Default: 60 seconds
This specifies how often, in seconds, monitoring packets are sent to the IP address being monitored. int_time must be an integer in the range from 1 to 3600.
timeout time_out
Default: 3 seconds
This specifies how long to wait without a reply before resending monitoring packets to the IP address being monitored. time_out must be an integer in the range from 1 to 10.
num-retry number
Default: 5
This value specifies how many times to retry sending monitor packets to the IP address being monitored before performing the switchover operation. number must be an integer in the range from 1 to 100.
Usage
Use this command to monitor a destination in your network to test for L3 connectivity. The destination being monitored should be reachable from both the active and standby line cards.
Example
The following command enables port switchover on connectivity failure to the IP address 192.168.10.100 using default values:
port-switch-on-L3-fail address 192.168.10.100
The following command disables port switchover on connectivity failure:
no port-switch-on-L3-fail
 
vlan-map
This command sets a single next-hop IP address so that multiple vlans can use a single next-hop gateway. vlan-map is associated with a specific interface.
Product
PDSN, HA, SGSN
Privilege
Security Administrator, Administrator
vlan-map next-hop ip_address
next-hop ip_address
This keyword defines an IP address for the next-hop gateway.
ip_address: Can be either an IPv4 or IPv6 address in standard format.
Usage
Use vlan-map to combine multiple vlan links to go through a single IP address. This feature is used in conjunction with nexthop forwarding and overlapping IP pools.
After configuring the vlan-map, move to the Port Ethernet configuration mode to attach the vlan-map to a specific vlan.
Example
The following command sets an IPv4 for a next-hop gateway.
vlan-map next-hop 123.123.123.1
 
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883