secondary-address sec_ip_addr
Applies the crypto map to the secondary address for this interface. sec_ip_addr must be specified using the IPv4 dotted-decimal or IPv6 colon-separated notation.
In order for ISAKMP and/or manual crypto maps to work, they must be applied to a specific interface using this command. Dynamic crypto maps should not be applied to interfaces.
description text
ip { access-group acl_name { in | out } [ priority-value ] | address ip_address ip_mask [ secondary | srp-activate ] | arp { arpa | timeout seconds } }
In Release 8.1 and later, acl_name must be an alphanumeric string of 1 through 47 characters.
In Release 8.0 and earlier, acl_name must be an alphanumeric string of 1 through 79 characters.
The direction must also be specified as either inbound or outbound using the keywords in and out, respectively.
priority-value: Default: 0. If more than one ACL is applied, priority-value specifies the priority in which they will be compared against the packet. If not specified, the priority is set to 0. priority-value must be an integer from 0 through 4294967295. If access groups in the list have the same priority, the last one entered is used first.
Important: Up to eight ACLs can be applied to a group provided that the number of rules configured within the ACL(s) does not exceed the 128-rule limit for the interface.Configures the IP address for the interface specifying the networking mask as well. ip_address and ip_mask must be entered using IPv4 dotted-decimal or IPv6 colon-separated notation.
Important: For IPv4 addresses, 31-bit subnet masks are supported per RFC 3021.The secondary keyword configures a secondary IP address on the interface. This is referred to as multi-homing of the interface.
The srp-activate keyword activates the IP address for Interchassis Session Recovery (ICSR).
Important: These keywords have been replaced by the R_arp command in the Global Configuration Mode. For backwards compatibility, however, these keywords are accepted as valid.[ no ] ip mtu mtu-size
Configures the password for authentication with neighboring Open Shortest Path First (OSPF) routers.
password auth_key
Configures the OSPF authentication method to be used with OSPF neighbors over the logical interface.
ip ospf cost value
ip ospf { dead-interval value | hello-interval value | retransmit-interval value | transmit-delay value }
dead-interval value
Specifies the interval (in seconds,) that the router should wait, during which time no packets are received and after the router considers a neighboring router to be off-line. value must be an integer from 1 through 65535. Default: 40
hello-interval value
retransmit-interval value
transmit-delay value
Specifies the interval (in seconds) that the router should wait before transmitting a packet. value must be an integer from 1 through 65535. Default: 1
To set the dead-interval to 100, use the following command;
message-digest-key key_id
password authentication_key
To set the OSPF network type to broadcast, enter the following command;
ip ospf priority value
no ip ospf priority value
To set the priority to 25, enter the following command:
Important: Up to eight ACLs can be applied to a group provided that the number of rules configured within the ACL(s) does not exceed the 128-rule limit for the interface.Use the following command to associate the group_1 access group with the current IPv6 profile for inbound access:
ipv6 address ip_address
[ no ] ipv6 ospf [ area { integer_value | ipv4-address } | cost cost-value | dead-interval dead-intrv | hello-interval hello-intrvl | priority p-value | retransmit-interval retx-interval | transmit-delay td-interval ]
decimal_value: Specifies the identification number of the area as an integer from 0 through 4294967295.
ipv4address: Specifies the IP address of the area in IPv4 dotted-decimal notation.
cost cost-value
dead-interval dead-intrv
hello-interval hello-intrvl
priority p-value
retransmit-interval retx-interval
transmit-delay td-interval
policy-forward { icmp unreachable next-hop ip address | unconnected-address next-system ip_address }
icmp unreachable next-hop ip address
Specifies routing of Internet Control Message Protocol (ICMP) unreachable is required in overlapping pool configuration. ip_address must be an IP address expressed in IPv4 dotted-decimal or IPv6 colon-separated notation.
unconnected-address next-system ip address
Specifies the IP address of the next system HA to handle processing during HA upgrade. ip_address must be an IP address expressed in IPv4 dotted-decimal or IPv6 colon-separated notation.
Important: This is a customer specific command.policy-forward icmp unreachable next-hop ip_address
pool-share-protocol { primary ip_address | secondary ip_address } [ mode { active | inactive | check-config } ]
primary address
On the secondary system, defines the IP address of an interface on the primary system that has identical IP pools configured for use with the IP pool sharing protocol. ip_address must be expressed in IP v4 dotted-decimal notation.
secondary ip_address
On the primary system, define the IP address of an interface on the secondary system that has identical IP pools configured for use with the IP pool sharing protocol. ip_address must be expressed in IP v4 dotted-decimal notation.
active: Activates the IP pool sharing protocol mode.
inactive: Inactivates the IP pool sharing protocol mode.
check-config: Verifies the IP pool sharing protocol configuration.
Important: Both the primary and secondary systems must be in the same subnet.
Important: For information on configuring and using IP Pool Sharing Protocol (IPSP), refer to the Packet Data Serving Node Administration Guide.
Important: Reserve free addresses on the primary HA for this command via the reserved-free-percentage command as described in the IPSP Configuration Mode Commands chapter of this guide.To configure a secondary system with an IP address of 192.168.100.10 for use with the IP pool sharing protocol, enter the following command:
To inactivate a secondary system with an IP address of 192.168.100.10 for use with the IP pool sharing protocol, enter the following command:
port-switch-on-L3-fail address { ip_address | ipv6_address } [ minimum-switchover-period switch_time ] [ interval int_time ] [ timeout time_out ] [ num-retry number ]
minimum-switchover-period switch_time
After a switchover occurs, another switchover cannot occur until the specified amount of time (in seconds) has elapsed. switch_time must be an integer from 1 through 3600. Default: 120
interval int_time
Specifies how often (in seconds) monitoring packets are sent to the IP address being monitored. int_time must be an integer from 1 through 3600. Default: 60
timeout time_out
Specifies how long to wait (in seconds) without a reply before resending monitoring packets to the IP address being monitored. time_out must be an integer from 1 through 10. Default: 3
num-retry number
Specifies how many times to retry sending monitor packets to the IP address being monitored before performing the switchover. number must be an integer from 1 through 100. Default: 5
The following command enables port switchover on connectivity failure to the IP address 192.168.10.100 using default values:
vlan-map next-hop ip_address
next-hop ip_address
