Ethernet Interface Configuration Mode Commands

The Ethernet Interface Configuration Mode is used to create and manage the IP interface parameters within a specified context.

IMPORTANT:

Available commands or keywords/variables vary based on platform type, product version, and installed license(s).

bfd

Configures Bidirectional Forwarding Detection (BFD) interface parameters.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[no] bfd { echo | interval interval_num } 
no

Disables the specified option on this interface.

echo

Enables BFD echo mode.

BFD echo mode works with asynchronous BFD. Echo packets are sent by the forwarding engine and forwarded back along the same path in order to perform detection—the BFD session at the other end does not participate in the actual forwarding of the echo packets. The echo function and the forwarding engine are responsible for the detection process, therefore the number of BFD control packets that are sent out between two BFD neighbors is reduced.

Since the forwarding engine is testing the forwarding path on the remote (neighbor) system without involving the remote system, there is an opportunity to improve the interpacket delay variance, thereby achieving quicker failure detection times than when using BFD Version 0 with BFD control packets for the BFD session.

interval interval_num

Specifies the transmit interval (in milliseconds) between BFD packets. interval_num is an integer from 50 through 999. default: 50


Usage:

Specify BFD parameters including echo mode and the transmit interval between BFD packets.


Example:
To apply enable echo mode on this interface, use the following command:
bfd echo 
crypto-map

Applies the specified IPSec crypto-map to this interface.

Platform:

ASR 5000

Product:

PDSN, HA


Privilege:

Security Administrator, Administrator


Syntax
crypto-map map_name [ secondary-address
 sec_ip_addr ]
no

Deletes the application of the crypto map on this interface.

map_name

Specifies the name of the crypto map being applied as an alphanumeric string of 1 through 127 characters that is case sensitive.

secondary-address sec_ip_addr

Applies the crypto map to the secondary address for this interface. sec_ip_addr must be specified using the IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.


Usage:

In order for ISAKMP and/or manual crypto maps to work, they must be applied to a specific interface using this command. Dynamic crypto maps should not be applied to interfaces.

The crypto map must be configured in the same context as the interface.


Example:
To apply the IPSec crypto map named cmap1 to this interface, use the following command:
crypto-map  cmap1
description

Sets the descriptive text for the current interface.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
description 
textno description
no

Clears the description for the interface.

text

Specifies the descriptive text as an alphanumeric string of 0 through 79 characters.


Usage:

Set the description to provide useful information on the interface’s primary function, services, end users, etc. Any information useful may be provided.

Example

Example
description sampleInterfaceDescriptiveText 
end

Exits the current configuration mode and returns to the Exec mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
end

Usage:

Use this command to return to the Exec mode.

exit

Exits the current mode and returns to the parent configuration mode.

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
exit

Usage:

Use this command to return to the parent configuration mode.

ip access-group

Specifies the name of the Access Control List (ACL) group to assign to the interface.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] ip
access-group group_name { in | out } priority
no

Removes the ACL group from this interface.

group_name

Specifies the name of an existing ACL group as an alphanumeric string of 1 through 47 characters.

IMPORTANT:

Up to eight ACLs can be applied to a group provided that the number of rules configured within the ACL(s) does not exceed the 128-rule limit for the interface.

{ in | out }

Specifies whether the ACL group will apply to inbound or outbound traffic.

priority

If more than one ACL group is applied, priority-value specifies the priority in which they will be compared against the packet. If not specified, the priority is set to 0. priority-value must be an integer from 0 through 4294967295. If access groups in the list have the same priority, the last one entered is used first.


Usage:

Specify the name of the Access Control List (ACL) group to assign to the interface along with its directionality and priority.


Example:
ip access-group acl-101
in 56
ip address

Specifies the primary and optional secondary IP addresses and subnets for this interface.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] ip
address ip_address ip_mask [ secondary ip_address
ip_mask ] [ srp-activate ]
no

Removes the ACL group from this interface.

ip_address ip_mask

Configures the IP address for the interface specifying the networking mask as well. ip_address and ip_mask must be entered using IPv4 dotted-decimal notation. CIDR notation is also accepted for the mask.

IMPORTANT:

For IPv4 addresses, 31-bit subnet masks are supported per RFC 3021.

secondary ip_address ip_mask

Configures a secondary IP address on the interface.

IMPORTANT:

You must configure the primary IP address before you will be allowed to configure a secondary address.

srp-activate

Activates the IP address for Interchassis Session Recovery (ICSR). Enable this IP address when the Service Redundancy Protocol (SRP) determines that this chassis is ACTIVE.


Usage:

Specify the primary and optional secondary IP addresses and subnets for this interface, as well SRP parameter for ICSR.


Example:
ip address 192.154.3.5/24
srp-activate
ip igmp profile

Associates an Internet Group Management Protocol (IGMP) profile with this interface.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] ip
igmp profile profile_name
no

Removes the IGMP profile from this interface.

profile_name

Specifies the name of an existing IGMP profile as an alphanumeric string of 1 through 63 characters.

If the name is not for an existing profile, you are prompted to create a new profile. You are then moved to the IGMP Profile Configuration mode.


Usage:

Associates an Internet Group Management Protocol (IGMP) profile with this interface.


Example:
ip igmp profile default
ip mtu

Configures the Maximum Transmission Unit (MTU) for this IP interface.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
[ no ] ip
mtu mtu-size
no

Removes the MTU value.

mtu-size

Specifies the MTU in bytes as an integer from 576 though 2048.


Usage:

IP MTU is supported for a normal interface and point-to-point interface (OLC ports).

The maximum MTU size allowed with an OLC port is 1600. The maximum MTU size allowed with an Ethernet port is 2048. The default MTU size is 1500.


Example:
The following command sets the MTU value to 2048.
ip mtu 2048
ip ospf authentication-key

Configures the password for authentication with neighboring Open Shortest Path First (OSPF) routers.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
ip ospf authentication-key [ encrypted ] password auth_keyno ip ospf authentication-key
no

Deletes the authentication key.

encrypted

Use this keyword if you are pasting a previously encrypted authentication key into the CLI command.

password auth_key

Specifies the password to use for authentication as an alphanumeric string of 1 through 16 characters entered in clear text format.


Usage:

Use this command to set the authentication key used when authenticating with neighboring routers.


Example:
To set the authentication key to 123abc, use the following command;
ip ospf authentication-key
password 123abc
Use the following command to delete the authentication key;
no ip ospf authentication-key
ip ospf authentication-type

Configures the OSPF authentication method to be used with OSPF neighbors over the logical interface.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
ip ospf authentication-type { message-digest | null | text }no ip ospf authentication-type { message-digest | null | text }
no

Disable this function.

message-digest

Uses the message digest (MD) authentication method.

null

Uses no authentication, thus disabling either MD or clear text methods.

text

Uses the clear text authentication method.


Usage:

Use this command to set the type of authentication to use when authenticating with neighboring routers.


Example:
To set the authentication type to use clear text, enter the following command;
ip ospf authentication-type text
ip ospf bfd

Enables or disables OSPF Bidirectional Forwarding Detection (BFD) on this interface.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
ip ospf bfd [ disable ]no ip ospf cost
no

Disable this function.

disable

Disables OSPF BFD on this interface.


Usage:

Enable or disable OSPF Bidirectional Forwarding Detection (BFD) on this interface.


Example:
Use the following command to enable OSPF BFD;
ip ospf bfd
ip ospf cost

Configures the cost associated with sending a packet over the OSPF logical interface.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
ip ospf cost valueno ip ospf cost
no

Disable this function.

value

Specifies the cost to assign to OSPF packets as an integer from 1 through 65535. Default: 10


Usage:

Use this command to set the cost associated with routes from the interface.


Example:
Use the following command to set the cost to 20;
ip ospf cost 20
Use the following command to disable the cost setting;
no ip ospf cost
ip ospf dead-interval

Configures the interval that the router should wait, during which time no packets are received and after which the router considers a neighboring router to be off-line.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] ip
ospf dead-interval seconds
no

Returns the value to its default of 40 seconds.

seconds

Specifies the interval (in seconds) as an integer from 1 through 65535. This number is typical four times the hello-interval. Default: 40


Usage:

Use this command to set the dead intervals for OSPF communications.


Example:
To set the dead-interval to 100, use the following command;
ip ospf dead-interval 100
ip ospf hello-interval

Configures the interval (in seconds) between sending OSPF hello packets.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
ip ospf hello-interval secondsno ip ospf hello-interval
no

Returns the value to its default of 10 seconds.

seconds

Specifies the number of seconds between sending hello packets as an integer from 1 through 65535. Default: 10


Usage:

Specify the interval (in seconds) between sending OSPF hello packets.


Example:
To set the hello-interval to 25, use the following command;
ip ospf hello-interval 25
ip ospf message-digest-key

Enables or disables the use of MD5-based OSPF authentication.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
ip ospf message-digest-key
 key_id md5 [ encrypted ] password authentication_keyno ip ospf message-digest-key key_id
no

Deletes the key.

message-digest-key key_id

Specifies the key identifier number as an integer from 1 through 255.

encrypted

Use this if you are pasting a previously encrypted authentication key into the CLI command.

password authentication_key

Specifies the password to use for authentication as an alphanumeric string of 1 through 16 characters entered in clear text format.


Usage:

Use this command to create an authentication key that uses MD5-based OSPF authentication.


Example:
To create a key with the ID of 25 and a password of 123abc, use the following command;
ip ospf message-digest-key
25 md5 password 123abc
To delete the same key, enter the following command;
no ip ospf message-digest-key 25
ip ospf network

Configures the Open Shortest path First (OSPF) network type.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
ip ospf network { broadcast | non-broadcast | point-to-multipoint | point-to-point }no ip ospf network
no

Disable this function.

broadcast

Sets the network type to broadcast.

non-broadcast

Sets the network type to non-broadcast multi access (NBMA).

point-to-multipoint

Sets the network type to point-to-multipoint.

point-to-point

Sets the network type to point-to-point.


Usage:

Use this command to specify the OSPF network type.


Example:
To set the OSPF network type to broadcast, enter the following command;
ip ospf network broadcast
To disable the OSPF network type, enter the following command;
no ip ospf network
ip ospf priority

Designates the OSPF router priority.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
ip ospf priority valueno ip ospf priority value
no

Disable this function.

value

Sets the priority value as an integer from 0 through 255.


Usage:

Use this command to set the OSPF router priority.


Example:
To set the priority to 25, enter the following command:
ip ospf priority 25
To disable the priority, enter the following command:
no ip ospf priority
ip ospf retransmit-interval

Configures the interval in (seconds) between LSA (Link State Advertisement) retransmissions.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
ip ospf retransmit-interval secondsno ip ospf retransmit-interval
no

Returns the value to its default of 5 seconds.

seconds

Specifies the number of seconds between LSA (Link State Advertisement) retransmissions as an integer from 1 through 65535. Default: 5


Usage:

Configure the interval in (seconds) between LSA (Link State Advertisement) retransmissions.


Example:
To set the retransmit-interval to 10, use the following command;
ip ospf retransmit-interval 10
ip ospf transmit-delay

Configures the interval (in seconds) that the router should wait before transmitting an OSPF packet.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
ip ospf transmit-delaysecondsno ip ospf transmit-delay
no

Returns the value to its default of 1 second.

seconds

Specifies the number of seconds that the router should wait before transmitting a packet as an integer from 1 through 65535. Default: 1


Usage:

Configure the interval (in seconds) that the router should wait before transmitting an OSPF packet.


Example:
To set the transmit-delay to 5, use the following command;
ip ospf transmit-delay
5 
ipv6 access-group

Specifies the name of the access control list (ACL) group to assign to this interface. You can filter for either inbound or outbound traffic.

Platform:

ASR 5000

Product:

PDSN, HA


Privilege:

Security Administrator, Administrator


Syntax
[ no ] ipv6
access-group group
name { in | out } { priority-value priority_value }
no

Removes a previously configured access group association.

group_name

Specifies the name of the access group as an alphanumeric string of 1 to 79 characters.

in

Applies the filter to the inbound traffic.

out

Applies the filter to the outbound traffic.

priority-value

Specifies the priority of the access group as an integer from 0 to 4294967295. 0 is the highest priority. If priority-value is not specified, the priority is set to 0.

If access groups in the list have the same priority, the last one entered is used first.


Usage:

Use this command to specify the ACL group to assign the interface to. Specify an ACL group name with this command.

IMPORTANT:

Up to eight ACLs can be applied to a group provided that the number of rules configured within the ACL(s) does not exceed the 128-rule limit for the interface.


Example:
Use the following command to associate the group_1 access group with the current IPv6 profile for inbound access:
ipv6 access-group group_1
in 1
ipv6 address

Specifies the address and subnet mask.

Platform:

ASR 5000

Product:

PDSN, HA


Privilege:

Security Administrator, Administrator


Syntax
ipv6 address ip_address
ip_address

Specifies an individual host IP address to add to this host pool in IPv6 colon-separated-hexadecimal notation.


Usage:

Configures the IPv6 address and subnet mask for a specific interface.

ipv6 ospf

Enables Open Shortest Path First Version 3 (OSPFv3) functionality on this interface.

Platform:

ASR 5000

Product:

PDSN, HA, GGSN


Privilege:

Security Administrator, Administrator


Syntax
[ no ] ipv6
ospf [ area { integer | ipv4-address } | cost cost-value | dead-interval dead-intrv | hello-interval hello-intrvl | priority p-value | retransmit-interval retx-interval | transmit-delay td-interval ] 
no

Removes a previously configured access group association.

area { integer | ipv4-address

Specifies an OSPFv3 area.

decimal_value: Specifies the identification number of the area as an integer from 0 through 4294967295.

ipv4address: Specifies the IP address of the area in IPv4 dotted-decimal notation.

cost cost-value

Specifies a link cost as an integer from 1 through 65535. The link cost is carried in the LSA updates for each link. The cost is an arbitrary number.

dead-interval dead-intrv

Specifies the interval (in seconds) after which a neighbor is declared dead when no hello packets as an integer from 1 through 65535.

hello-interval hello-intrvl

Specifies the interval (in seconds) between hello packets that OSPFv3 sends on an interface as an integer from 1 through 65535.

priority p-value

Specifies the of the interface as an integer from 0 through 255.

retransmit-interval retx-interval

Specifies the time (in seconds) between link-state advertisement (LSA) retransmissions for adjacencies belonging to the OSPFv3 interface as an integer from 1 through 65535.

transmit-delay td-interval

Specifies the estimated time (in seconds) required to send a link-state update packet on the interface as an integer from 1 through 65535.


Usage:

Configure an OSPFv3 interface in this context.


Example:
ipv6 ospf area 334
cost 555 dead-interval 40 hello-interval 10 priority 10 retransmit-interval
5 transmit-delay 10 
ipv6 router advertisement

Enables or disables the system to send IPv6 router advertisements.

Platform:

ASR 5000

Product:

PDSN, HA


Privilege:

Security Administrator, Administrator


Syntax
[ no ] ipv6
router advertisement

Usage:

Enables sending of router advertisements on the interface. All of the pool prefixes in the context (belonging to the interface) will be advertised in the router advertisement.

The router-lifetime in the advertisement is sent as 0 to indicate to the receiver that the sender cannot be a default-router. For all the prefixes (pools), the valid and preferred lifetime are sent as default. The router-advertisement is sent every 600 seconds.

If the pool-prefix is deleted, then an router-advertisement is sent for that particular prefix with the valid and preferred time set to 0.

mpls ip

Enables or disables dynamic Multiprotocol Label Switching (MPLS) forwarding of IP packets on this interface.

Platform:

ASR 5000

Product:

GGSN, HA, P-GW


Privilege:

Security Administrator, Administrator


Syntax
[ no ] mpls ip
no

Stops dynamic label distribution on this interface.


Usage:

Starts label distribution over an interface for a context that has MPLS enabled. For additional information, refer to the Context Configuration Mode Commands chapter.Default: This feature is not enabled.


Example:
To start dynamic MPLS forwarding on this interface, enter the following command:
mpls ip 
policy-forward

Configures the system for redirecting the HA packets to new HA during existing HA upgrade.

Platform:

ASR 5000

Product:

PDSN, HA


Privilege:

Security Administrator, Administrator


Syntax
policy-forward { icmp
unreachable next-hop ip address | unconnected-address next-system ip_address }no policy-forward unconnected-address
no

Deletes the policy forwarding configuration for unconnected address for the current interface.

icmp unreachable next-hop ip address

Specifies routing of Internet Control Message Protocol (ICMP) unreachable is required in overlapping pool configuration. ip_address must be an IP address expressed in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

unconnected-address next-system ip address

Specifies the IP address of the next system HA to handle processing during HA upgrade. ip_address must be an IP address expressed in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.


Usage:

Use this command to set the redirecting policy for IP packets from an existing HA to a new HA during upgrade. To configure this command both keywords will be in separate interface.

IMPORTANT:

This is a customer specific command.


Example:
To configure existing HA system for redirecting the HA packets to new HA during existing HA upgrade enter the following commands:
policy-forward unconnected-address
next-system ip_address
policy-forward icmp
unreachable next-hop ip_address
pool-share-protocol

Configures the primary or secondary system for the IP pool sharing protocol and enter IPSP configuration mode.

Platform:

ASR 5000

Product:

PDSN, HA


Privilege:

Security Administrator, Administrator


Syntax
pool-share-protocol { primary ip_address | secondary ip_address } [ mode { active | inactive | check-config } ]no pool-share-protocol
no

Deletes the IP pool sharing protocol information from the current interface.

primary address

On the secondary system, defines the IP address of an interface on the primary system that has identical IP pools configured for use with the IP pool sharing protocol. ip_address must be expressed in IP v4 dotted-decimal notation.

secondary ip_address

On the primary system, define the IP address of an interface on the secondary system that has identical IP pools configured for use with the IP pool sharing protocol. ip_address must be expressed in IP v4 dotted-decimal notation.

mode {active | inactive | check-config}

This is an optional command to manage the mode for IP pool sharing protocol for primary or secondary HA.

active: Activates the IP pool sharing protocol mode.

inactive: Inactivates the IP pool sharing protocol mode.

check-config: Verifies the IP pool sharing protocol configuration.


Usage:

Use this command to set the IP address of the primary or secondary system for use with the IP pool sharing protocol and enter ipsp configuration mode. This command must be configured for an interface in each context that has IP pools configured. Refer to the System Administration and Configuration Guide for information on configuring and using the IP pool sharing protocol.

IMPORTANT:

Both the primary and secondary systems must be in the same subnet.

IMPORTANT:

For information on configuring and using IP Pool Sharing Protocol (IPSP), refer to the Packet Data Serving Node Administration Guide.

IMPORTANT:

Reserve free addresses on the primary HA for this command via the reserved-free-percentage command as described in the IPSP Configuration Mode Commands chapter of this guide.


Example:
To configure a secondary system with an IP address of 192.168.100.10 for use with the IP pool sharing protocol, enter the following command:
pool-share-protocol
secondary 192.168.100.10
To inactivate a secondary system with an IP address of 192.168.100.10 for use with the IP pool sharing protocol, enter the following command:
pool-share-protocol
secondary 192.168.100.10 mode inactive
port-switch-on-L3-fail

Causes the ASR 5000 line card port or the ASR 5500 MIO port to which the current interface is bound to switch over to the port on the redundant line card or MIO when connectivity to the specified IP address is lost.

Platform:

ASR 5000

Product:

All


Privilege:

Security Administrator, Administrator


Syntax
port-switch-on-L3-fail
address { ip_address | ipv6_address } [ minimum-switchover-period switch_time ] [ interval int_time ] [ timeout time_out ] [ num-retry number ]no port-switch-on-L3-fail
no

Disable port switchover on failure.

ip_address

The IP address to monitor for connectivity, entered in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.

minimum-switchover-period switch_time

After a switchover occurs, another switchover cannot occur until the specified amount of time (in seconds) has elapsed. switch_time must be an integer from 1 through 3600. Default: 120

interval int_time

Specifies how often (in seconds) monitoring packets are sent to the IP address being monitored. int_time must be an integer from 1 through 3600. Default: 60

timeout time_out

Specifies how long to wait (in seconds) without a reply before resending monitoring packets to the IP address being monitored. time_out must be an integer from 1 through 10. Default: 3

num-retry number

Specifies how many times to retry sending monitor packets to the IP address being monitored before performing the switchover. number must be an integer from 1 through 100. Default: 5


Usage:

Use this command to monitor a destination in your network to test for L3 connectivity. The destination being monitored should be reachable from both the active and standby line cards.


Example:
The following command enables port switchover on connectivity failure to the IP address 192.168.10.100 using default values:
port-switch-on-L3-fail
address 192.168.10.100
The following command disables port switchover on connectivity failure:
no port-switch-on-L3-fail
vlan-map

Sets a single next-hop IP address so that multiple VLANs can use a single next-hop gateway. The vlan-map is associated with a specific interface.

Platform:

ASR 5000

Product:

PDSN, HA, SGSN


Privilege:

Security Administrator, Administrator


Syntax
vlan-map next-hop ip_address
next-hop ip_address

Specifies the IP address for the next-hop gateway in IPv4 dotted-decimal notation.


Usage:

Use this command to combine multiple VLAN links to go through a single IP address. This feature is used in conjunction with nexthop forwarding and overlapping IP pools.

After configuring the vlan-map, move to the Ethernet Port Configuration mode to attach the vlan-map to a specific VLAN.


Example:
The following command sets an IPv4 address for a next-hop gateway.
vlan-map next-hop 123.123.123.1