Ethernet Interface
Configuration Mode Commands
The Ethernet Interface
Configuration Mode is used to create and manage the IP interface
parameters within a specified context.
IMPORTANT:
Available commands
or keywords/variables vary based on platform type, product
version, and installed license(s).
bfd
Configures Bidirectional
Forwarding Detection (BFD) interface parameters.
Privilege:
Security Administrator,
Administrator
Syntax
[no] bfd { echo | interval interval_num }
no
Disables the specified
option on this interface.
echo
Enables BFD echo mode.
BFD
echo mode works with asynchronous BFD. Echo packets are sent by
the forwarding engine and forwarded back along the same path in
order to perform detection—the BFD session at the other
end does not participate in the actual forwarding of the echo packets.
The echo function and the forwarding engine are responsible for
the detection process, therefore the number of BFD control packets
that are sent out between two BFD neighbors is reduced.
Since
the forwarding engine is testing the forwarding path on the remote
(neighbor) system without involving the remote system, there is
an opportunity to improve the interpacket delay variance, thereby
achieving quicker failure detection times than when using BFD Version
0 with BFD control packets for the BFD session.
interval interval_num
Specifies the transmit
interval (in milliseconds) between BFD packets. interval_num is
an integer from 50 through 999. default: 50
Usage:
Specify BFD parameters
including echo mode and the transmit interval between BFD packets.
Example:
To apply enable echo
mode on this interface, use the following command:
bfd echo
crypto-map
Applies the specified
IPSec crypto-map to this interface.
Privilege:
Security Administrator,
Administrator
Syntax
crypto-map map_name [ secondary-address
sec_ip_addr ]
no
Deletes the application
of the crypto map on this interface.
map_name
Specifies the name
of the crypto map being applied as an alphanumeric string of 1 through 127
characters that is case sensitive.
secondary-address sec_ip_addr
Applies the crypto
map to the secondary address for this interface. sec_ip_addr must
be specified using the IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal
notation.
Usage:
In order for ISAKMP
and/or manual crypto maps to work, they must be applied
to a specific interface using this command. Dynamic crypto maps
should not be applied to
interfaces.
The crypto map must
be configured in the same context as the interface.
Example:
To apply the IPSec
crypto map named cmap1 to this interface, use the following command:
crypto-map cmap1
description
Sets the descriptive
text for the current interface.
Privilege:
Security Administrator,
Administrator
Syntax
description
text
no description
no
Clears the description
for the interface.
text
Specifies the descriptive
text as an alphanumeric string of 0 through 79 characters.
Usage:
Set the description
to provide useful information on the interface’s primary
function, services, end users, etc. Any information useful may be
provided.
Example
Example
description sampleInterfaceDescriptiveText
end
Exits the current
configuration mode and returns to the Exec mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the Exec mode.
exit
Exits the current
mode and returns to the parent configuration mode.
Privilege:
Security Administrator,
Administrator
Usage:
Use this command to
return to the parent configuration mode.
ip access-group
Specifies the name
of the Access Control List (ACL) group to assign to the
interface.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] ip
access-group group_name { in | out } priority
no
Removes the ACL group
from this interface.
group_name
Specifies the name
of an existing ACL group as an alphanumeric string of 1 through
47 characters.
IMPORTANT:
Up to eight ACLs can
be applied to a group provided that the number of rules configured within
the ACL(s) does not exceed the 128-rule limit for the interface.
{ in | out }
Specifies whether the
ACL group will apply to inbound or outbound traffic.
priority
If more than one ACL
group is applied, priority-value specifies
the priority in which they will be compared against the packet.
If not specified, the priority is set to 0. priority-value must
be an integer from 0 through 4294967295. If access groups in the
list have the same priority, the last one entered is used first.
Usage:
Specify the name of
the Access Control List (ACL) group to assign to the
interface along with its directionality and priority.
Example:
ip access-group acl-101
in 56
ip address
Specifies the primary
and optional secondary IP addresses and subnets for this interface.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] ip
address ip_address ip_mask [ secondary ip_address
ip_mask ] [ srp-activate ]
no
Removes the ACL group
from this interface.
ip_address
ip_mask
Configures the IP address
for the interface specifying the networking mask as well. ip_address and ip_mask must
be entered using IPv4 dotted-decimal notation. CIDR notation is
also accepted for the mask.
IMPORTANT:
For IPv4 addresses,
31-bit subnet masks are supported per RFC 3021.
secondary ip_address ip_mask
Configures a secondary
IP address on the interface.
IMPORTANT:
You
must configure the primary IP address before you will be allowed
to configure a secondary address.
srp-activate
Activates the IP address
for Interchassis Session Recovery (ICSR). Enable this IP address when
the Service Redundancy Protocol (SRP) determines that this chassis
is ACTIVE.
Usage:
Specify the primary
and optional secondary IP addresses and subnets for this interface,
as well SRP parameter for ICSR.
Example:
ip address 192.154.3.5/24
srp-activate
ip igmp profile
Associates an Internet
Group Management Protocol (IGMP) profile with this interface.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] ip
igmp profile profile_name
no
Removes the IGMP profile
from this interface.
profile_name
Specifies the name
of an existing IGMP profile as an alphanumeric string of 1 through
63 characters.
If the name is not for an existing profile,
you are prompted to create a new profile. You are then moved to
the IGMP Profile Configuration mode.
Usage:
Associates an Internet
Group Management Protocol (IGMP) profile with this interface.
ip mtu
Configures the Maximum
Transmission Unit (MTU) for this IP interface.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] ip
mtu mtu-size
no
Removes the MTU value.
mtu-size
Specifies the MTU in
bytes as an integer from 576 though 2048.
Usage:
IP MTU is supported
for a normal interface and point-to-point interface (OLC ports).
The maximum MTU size
allowed with an OLC port is 1600. The maximum MTU size allowed
with an Ethernet port is 2048. The default MTU size is 1500.
Example:
The following command
sets the MTU value to
2048.
ip mtu 2048
ip ospf authentication-key
Configures the password
for authentication with neighboring Open Shortest Path First (OSPF)
routers.
Privilege:
Security Administrator,
Administrator
Syntax
ip ospf authentication-key [ encrypted ] password auth_key
no ip ospf authentication-key
no
Deletes the authentication
key.
encrypted
Use this keyword if
you are pasting a previously encrypted authentication key into the
CLI command.
password auth_key
Specifies the password
to use for authentication as an alphanumeric string of 1 through
16 characters entered in clear text format.
Usage:
Use this command to
set the authentication key used when authenticating with neighboring routers.
Example:
To set the authentication
key to 123abc, use the following command;
ip ospf authentication-key
password 123abc
Use the following command
to delete the authentication key;
no ip ospf authentication-key
ip ospf authentication-type
Configures the OSPF
authentication method to be used with OSPF neighbors over the logical
interface.
Privilege:
Security Administrator,
Administrator
Syntax
ip ospf authentication-type { message-digest | null | text }
no ip ospf authentication-type { message-digest | null | text }
no
Disable this function.
message-digest
Uses the message digest
(MD) authentication method.
null
Uses no authentication,
thus disabling either MD or clear text methods.
text
Uses the clear text
authentication method.
Usage:
Use this command to
set the type of authentication to use when authenticating with neighboring
routers.
Example:
To set the authentication
type to use clear text, enter the following command;
ip ospf authentication-type text
ip ospf bfd
Enables or disables
OSPF Bidirectional Forwarding Detection (BFD) on this interface.
Privilege:
Security Administrator,
Administrator
Syntax
ip ospf bfd [ disable ]
no ip ospf cost
no
Disable this function.
disable
Disables OSPF BFD on
this interface.
Usage:
Enable or disable OSPF
Bidirectional Forwarding Detection (BFD) on this interface.
Example:
Use the following command
to enable OSPF BFD;
ip ospf bfd
ip ospf cost
Configures the cost
associated with sending a packet over the OSPF logical interface.
Privilege:
Security Administrator,
Administrator
Syntax
ip ospf cost value
no ip ospf cost
no
Disable this function.
value
Specifies the cost
to assign to OSPF packets as an integer from 1 through 65535. Default: 10
Usage:
Use this command to
set the cost associated with routes from the interface.
Example:
Use the following command
to set the cost to
20;
ip ospf cost 20
Use the following command
to disable the cost setting;
no ip ospf cost
ip ospf dead-interval
Configures the interval
that the router should wait, during which time no packets are received
and after which the router considers a neighboring router to be
off-line.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] ip
ospf dead-interval seconds
no
Returns the value to
its default of 40 seconds.
seconds
Specifies the interval
(in seconds) as an integer from 1 through 65535. This number is typical
four times the hello-interval. Default: 40
Usage:
Use this command to
set the dead intervals for OSPF communications.
Example:
To set the dead-interval
to
100,
use the following command;
ip ospf dead-interval 100
ip ospf hello-interval
Configures the interval
(in seconds) between sending OSPF hello packets.
Privilege:
Security Administrator,
Administrator
Syntax
ip ospf hello-interval seconds
no ip ospf hello-interval
no
Returns the value to
its default of 10 seconds.
seconds
Specifies the number
of seconds between sending hello packets as an integer from 1 through 65535.
Default: 10
Usage:
Specify the interval
(in seconds) between sending OSPF hello packets.
Example:
To set the hello-interval
to
25,
use the following command;
ip ospf hello-interval 25
ip ospf message-digest-key
Enables or disables
the use of MD5-based OSPF authentication.
Privilege:
Security Administrator,
Administrator
Syntax
ip ospf message-digest-key
key_id md5 [ encrypted ] password authentication_key
no ip ospf message-digest-key key_id
message-digest-key key_id
Specifies the key identifier
number as an integer from 1 through 255.
encrypted
Use this if you are
pasting a previously encrypted authentication key into the CLI command.
password authentication_key
Specifies the password
to use for authentication as an alphanumeric string of 1 through
16 characters entered in clear text format.
Usage:
Use this command to
create an authentication key that uses MD5-based OSPF authentication.
Example:
To create a key with
the ID of
25 and
a password of
123abc,
use the following command;
ip ospf message-digest-key
25 md5 password 123abc
To delete the same
key, enter the following command;
no ip ospf message-digest-key 25
ip ospf network
Configures the Open
Shortest path First (OSPF) network type.
Privilege:
Security Administrator,
Administrator
Syntax
ip ospf network { broadcast | non-broadcast | point-to-multipoint | point-to-point }
no ip ospf network
no
Disable this function.
broadcast
Sets the network type
to broadcast.
non-broadcast
Sets the network type
to non-broadcast multi access (NBMA).
point-to-multipoint
Sets the network type
to point-to-multipoint.
point-to-point
Sets the network type
to point-to-point.
Usage:
Use this command to
specify the OSPF network type.
Example:
To set the OSPF network
type to
broadcast,
enter the following command;
ip ospf network broadcast
To disable the OSPF
network type, enter the following command;
no ip ospf network
ip ospf priority
Designates the OSPF
router priority.
Privilege:
Security Administrator,
Administrator
Syntax
ip ospf priority value
no ip ospf priority value
no
Disable this function.
value
Sets the priority value
as an integer from 0 through 255.
Usage:
Use this command to
set the OSPF router priority.
Example:
To set the priority
to
25,
enter the following command:
ip ospf priority 25
To disable the priority,
enter the following command:
no ip ospf priority
ip ospf retransmit-interval
Configures the interval
in (seconds) between LSA (Link State Advertisement) retransmissions.
Privilege:
Security Administrator,
Administrator
Syntax
ip ospf retransmit-interval seconds
no ip ospf retransmit-interval
no
Returns the value to
its default of 5 seconds.
seconds
Specifies the number
of seconds between LSA (Link State Advertisement) retransmissions as
an integer from 1 through 65535. Default: 5
Usage:
Configure the interval
in (seconds) between LSA (Link State Advertisement) retransmissions.
Example:
To set the retransmit-interval
to
10,
use the following command;
ip ospf retransmit-interval 10
ip ospf transmit-delay
Configures the interval
(in seconds) that the router should wait before transmitting an
OSPF packet.
Privilege:
Security Administrator,
Administrator
Syntax
ip ospf transmit-delayseconds
no ip ospf transmit-delay
no
Returns the value to
its default of 1 second.
seconds
Specifies the number
of seconds that the router should wait before transmitting a packet
as an integer from 1 through 65535. Default: 1
Usage:
Configure the interval
(in seconds) that the router should wait before transmitting an
OSPF packet.
Example:
To set the transmit-delay
to
5,
use the following command;
ip ospf transmit-delay
5
ipv6 access-group
Specifies the name
of the access control list (ACL) group to assign to this interface.
You can filter for either inbound or outbound traffic.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] ipv6
access-group group
name { in | out } { priority-value priority_value }
no
Removes a previously
configured access group association.
group_name
Specifies the name
of the access group as an alphanumeric string of 1 to 79 characters.
in
Applies the filter
to the inbound traffic.
out
Applies the filter
to the outbound traffic.
priority-value
Specifies the priority
of the access group as an integer from 0 to 4294967295. 0 is the highest
priority. If priority-value is not specified, the priority is set
to 0.
If access groups in
the list have the same priority, the last one entered is used first.
Usage:
Use this command to
specify the ACL group to assign the interface to. Specify an ACL group
name with this command.
IMPORTANT:
Up to eight ACLs can
be applied to a group provided that the number of rules configured within
the ACL(s) does not exceed the 128-rule limit for the interface.
Example:
Use the following command
to associate the
group_1 access group
with the current IPv6 profile for inbound access:
ipv6 access-group group_1
in 1
ipv6 address
Specifies the address
and subnet mask.
Privilege:
Security Administrator,
Administrator
Syntax
ipv6 address ip_address
ip_address
Specifies an individual
host IP address to add to this host pool in IPv6 colon-separated-hexadecimal
notation.
Usage:
Configures the IPv6
address and subnet mask for a specific interface.
ipv6 ospf
Enables Open Shortest
Path First Version 3 (OSPFv3) functionality on this interface.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] ipv6
ospf [ area { integer | ipv4-address } | cost cost-value | dead-interval dead-intrv | hello-interval hello-intrvl | priority p-value | retransmit-interval retx-interval | transmit-delay td-interval ]
no
Removes a previously
configured access group association.
area { integer | ipv4-address
Specifies an OSPFv3
area.
decimal_value:
Specifies the identification number of the area as an integer from
0 through 4294967295.
ipv4address:
Specifies the IP address of the area in IPv4 dotted-decimal notation.
cost cost-value
Specifies a link cost
as an integer from 1 through 65535. The link cost is carried in
the LSA updates for each link. The cost is an arbitrary number.
dead-interval dead-intrv
Specifies the interval
(in seconds) after which a neighbor is declared dead when no hello packets
as an integer from 1 through 65535.
hello-interval hello-intrvl
Specifies the interval
(in seconds) between hello packets that OSPFv3 sends on an interface as
an integer from 1 through 65535.
priority p-value
Specifies the of the
interface as an integer from 0 through 255.
retransmit-interval retx-interval
Specifies the time
(in seconds) between link-state advertisement (LSA) retransmissions
for adjacencies belonging to the OSPFv3 interface as an integer
from 1 through 65535.
transmit-delay td-interval
Specifies the estimated
time (in seconds) required to send a link-state update packet on
the interface as an integer from 1 through 65535.
Usage:
Configure an OSPFv3
interface in this context.
Example:
ipv6 ospf area 334
cost 555 dead-interval 40 hello-interval 10 priority 10 retransmit-interval
5 transmit-delay 10
ipv6 router advertisement
Enables or disables
the system to send IPv6 router advertisements.
Privilege:
Security Administrator,
Administrator
Syntax
[ no ] ipv6
router advertisement
Usage:
Enables sending of
router advertisements on the interface. All of the pool prefixes
in the context (belonging to the interface) will be advertised in
the router advertisement.
The router-lifetime
in the advertisement is sent as 0 to indicate to the receiver that
the sender cannot be a default-router. For all the prefixes (pools),
the valid and preferred lifetime are sent as default. The router-advertisement
is sent every 600 seconds.
If the pool-prefix
is deleted, then an router-advertisement is sent for that particular
prefix with the valid and preferred time set to 0.
mpls ip
Enables or disables
dynamic Multiprotocol Label Switching (MPLS) forwarding of IP packets
on this interface.
Privilege:
Security Administrator,
Administrator
no
Stops dynamic label
distribution on this interface.
Usage:
Starts label distribution
over an interface for a context that has MPLS enabled. For additional
information, refer to the Context Configuration Mode Commands chapter.Default:
This feature is not enabled.
Example:
To start dynamic MPLS
forwarding on this interface, enter the following command:
mpls ip
policy-forward
Configures the system
for redirecting the HA packets to new HA during existing HA upgrade.
Privilege:
Security Administrator,
Administrator
Syntax
policy-forward { icmp
unreachable next-hop ip address | unconnected-address next-system ip_address }
no policy-forward unconnected-address
no
Deletes the policy
forwarding configuration for unconnected address for the current interface.
icmp unreachable next-hop ip address
Specifies routing of
Internet Control Message Protocol (ICMP) unreachable is required
in overlapping pool configuration. ip_address must
be an IP address expressed in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.
unconnected-address
next-system ip address
Specifies the IP address
of the next system HA to handle processing during HA upgrade. ip_address must
be an IP address expressed in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal
notation.
Usage:
Use this command to
set the redirecting policy for IP packets from an existing HA to
a new HA during upgrade. To configure this command both keywords
will be in separate interface.
IMPORTANT:
This is a customer
specific command.
Example:
To configure existing
HA system for redirecting the HA packets to new HA during existing HA
upgrade enter the following commands:
policy-forward unconnected-address
next-system ip_address
policy-forward icmp
unreachable next-hop ip_address
pool-share-protocol
Configures the primary
or secondary system for the IP pool sharing protocol and enter IPSP
configuration mode.
Privilege:
Security Administrator,
Administrator
Syntax
pool-share-protocol { primary ip_address | secondary ip_address } [ mode { active | inactive | check-config } ]
no pool-share-protocol
no
Deletes the IP pool
sharing protocol information from the current interface.
primary address
On the secondary system,
defines the IP address of an interface on the primary system that has
identical IP pools configured for use with the IP pool sharing protocol. ip_address must
be expressed in IP v4 dotted-decimal notation.
secondary ip_address
On the primary system,
define the IP address of an interface on the secondary system that has
identical IP pools configured for use with the IP pool sharing protocol. ip_address must
be expressed in IP v4 dotted-decimal notation.
mode {active | inactive | check-config}
This is an optional
command to manage the mode for IP pool sharing protocol for primary
or secondary HA.
active: Activates
the IP pool sharing protocol mode.
inactive:
Inactivates the IP pool sharing protocol mode.
check-config:
Verifies the IP pool sharing protocol configuration.
Usage:
Use this command to
set the IP address of the primary or secondary system for use with
the IP pool sharing protocol and enter ipsp configuration mode.
This command must be configured for an interface in each context
that has IP pools configured. Refer to the System Administration and
Configuration Guide for information on configuring and using the
IP pool sharing protocol.
IMPORTANT:
Both the primary and
secondary systems must be in the same subnet.
IMPORTANT:
For information on
configuring and using IP Pool Sharing Protocol (IPSP), refer to
the Packet Data Serving
Node Administration Guide.
IMPORTANT:
Reserve free addresses
on the primary HA for this command via the reserved-free-percentage command
as described in the IPSP Configuration
Mode Commands chapter of this guide.
Example:
To configure a secondary
system with an IP address of
192.168.100.10 for
use with the IP pool sharing protocol, enter the following command:
pool-share-protocol
secondary 192.168.100.10
To inactivate a secondary
system with an IP address of
192.168.100.10 for
use with the IP pool sharing protocol, enter the following command:
pool-share-protocol
secondary 192.168.100.10 mode inactive
port-switch-on-L3-fail
Causes the ASR 5000
line card port or the ASR 5500 MIO port to which the current
interface is bound to switch over to the port on the redundant line
card or MIO when connectivity to the specified IP address is lost.
Privilege:
Security Administrator,
Administrator
Syntax
port-switch-on-L3-fail
address { ip_address | ipv6_address } [ minimum-switchover-period switch_time ] [ interval int_time ] [ timeout time_out ] [ num-retry number ]
no port-switch-on-L3-fail
no
Disable port switchover
on failure.
ip_address
The IP address to monitor
for connectivity, entered in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal
notation.
minimum-switchover-period switch_time
After a switchover
occurs, another switchover cannot occur until the specified amount
of time (in seconds) has elapsed. switch_time must
be an integer from 1 through 3600. Default: 120
interval int_time
Specifies how often
(in seconds) monitoring packets are sent to the IP address being monitored. int_time must
be an integer from 1 through 3600. Default: 60
timeout time_out
Specifies how long
to wait (in seconds) without a reply before resending monitoring
packets to the IP address being monitored. time_out must
be an integer from 1 through 10. Default: 3
num-retry number
Specifies how many
times to retry sending monitor packets to the IP address being monitored
before performing the switchover. number must
be an integer from 1 through 100. Default: 5
Usage:
Use this command to
monitor a destination in your network to test for L3 connectivity.
The destination being monitored should be reachable from both the
active and standby line cards.
Example:
The following command
enables port switchover on connectivity failure to the IP address
192.168.10.100 using
default values:
port-switch-on-L3-fail
address 192.168.10.100
The following command
disables port switchover on connectivity failure:
no port-switch-on-L3-fail
vlan-map
Sets a single next-hop
IP address so that multiple VLANs can use a single next-hop gateway.
The vlan-map is associated with a specific interface.
Privilege:
Security Administrator,
Administrator
Syntax
vlan-map next-hop ip_address
next-hop ip_address
Specifies the IP address
for the next-hop gateway in IPv4 dotted-decimal notation.
Usage:
Use this command to
combine multiple VLAN links to go through a single IP address. This
feature is used in conjunction with nexthop forwarding and overlapping
IP pools.
After configuring the
vlan-map, move to the Ethernet Port Configuration mode to attach the
vlan-map to a specific VLAN.
Example:
The following command
sets an IPv4 address for a next-hop gateway.
vlan-map next-hop 123.123.123.1