|
|
Use the commands in this chapter to configure and monitor source-route bridging networks. For source-route bridging configuration information and examples, refer to the "Configuring Source-Route Bridging" chapter in the Router Products Configuration Guide.
Use the access-expression interface configuration command to define an access expression. Use the no form of this command to remove the access expression from the given interface. You use this command in conjunction with the access-list interface configuration command.
access-expression {in | out} expression
in | out | Either in or out is specified to indicate whether the access expression is applied to packets entering or leaving this interface. |
| You can specify both an input and an output access expression for an interface, but only one of each. |
expression | Boolean access list expression, built as explained in the "Usage Guidelines" section. |
No access expression is defined.
Interface configuration
An access expression consists of a list of terms, separated by Boolean operators, and optionally grouped in parentheses.
An access expression term specifies a type of access list, followed by its name or number. The result of the term is either true or false, depending on whether the access list specified in the term permits or denies the frame. Table 23-1 describes the possible terms that can be used.
| Access Expression Term | Definition |
|---|---|
lsap(2nn) | The LSAP access list to be evaluated for this frame. (200 series) |
type(2nn) | The SNAP type access list to be evaluated for this frame. (200 series) |
smac(7nn) | The access list to match the source MAC address of the frame. (700 series) |
dmac(7nn) | The access list to match the destination MAC address of the frame. (700 series) |
netbios-host(name) | The netbios-host access list to be applied on NetBIOS frames traversing the interface. |
netbios-bytes(name) | The netbios-bytes access list to be applied on NetBIOS frames traversing the interface. |
Access expression terms are separated by Boolean operators as listed in Table 23-2.
| Boolean Operators | Definitions |
|---|---|
~ (called "not") | Negates, or reverses, the result of the term or group of terms immediately to the right of the ~. |
& (called "and") | Returns TRUE if the terms or parenthetical expressions to the left and right of the & both return TRUE. |
| (called "or") | Returns TRUE if the terms or parenthetical expressions to the left or right of the | either or both of return TRUE. |
Terms can be grouped in parenthetical expressions. Any of the terms and operators can be placed in parentheses, similar to what is done in arithmetic expressions, to affect order of evaluation.
access-list-number | Integer that identifies the access list. If the type-code wild-mask arguments are included, this integer ranges from 200 through 299, indicating that filtering is by protocol type. If the address and mask arguments are included, this integer ranges from 700 through 799, indicating that filtering is by vendor code. |
permit | Permits the frame. |
deny | Denies the frame. |
type-code | 16-bit hexadecimal number written with a leading 0x; for example, 0x6000. Specify either a Link Service Access Point (LSAP) type code for 802-encapsulated packets or a SNAP type code for SNAP-encapsulated packets. (LSAP, sometimes called SAP, refers to the type codes found in the DSAP and SSAP fields of the 802 header.) |
wild-mask | 16-bit hexadecimal number whose ones bits correspond to bits in the type-code argument. The wild-mask indicates which bits in the type-code argument should be ignored when making a comparison. (A mask for a DSAP/SSAP pair should always be 0x0101 because these two bits are used for purposes other than identifying the SAP code.) |
address
| 48-bit Token Ring address written in dotted triplet form. This field is used for filtering by vendor code. |
mask
| 48-bit Token Ring address written in dotted triplet form. The ones bits in mask are the bits to be ignored in address. This field is used for filtering by vendor code. |
No access list is configured.
Global configuration
For a list of type codes, refer to the "Ethernet Type Codes" appendix of this manual.
In the following example, the access list permits only Novell frames (LSAP 0xE0E0) and filters out all other frame types. This set of access lists would be applied to an interface via the source-bridge input-lsap list or source-bridge input-lsap list commands (described later in this chapter).
! access-list 201 permit 0xE0E0 0x0101 access-list 201 deny 0x0000 0xFFFF !
Combine the DSAP/LSAP fields into one number to do LSAP filtering; for example,
0xE0E0—not 0xE0. Note that the deny condition specified in the preceding example is not required; access lists have an implicit deny as the last statement. Adding this statement can serve as a useful reminder, however.
The following access list filters out only SNAP type codes assigned to DEC (0x6000 through 0x6007) and lets all other types pass. This set of access lists would be applied to an interface using the source-bridge input-type-list or source-bridge output-type-list commands (described later in this chapter).
! access-list 202 deny 0x6000 0x0007 access-list 202 permit 0x0000 0xFFFF !
Type code access lists will negatively affect system performance by greater than 30 percent. Therefore, it is recommended that you keep the lists as short as possible and use wildcard bit masks whenever possible.
access-expression
source-bridge input-address-list
source-bridge input-lsap-list
source-bridge input-type-list
source-bridge output-address-list
source-bridge output-lsap-list
source-bridge output-type-list
bridge-group | Number in the range 1 through 9 that you choose to refer to a particular set of bridged interfaces. |
No bridge group is defined.
Global configuration
The following example specifies bridge 1 to use the automatic spanning-tree function:
bridge 1 protocol ibm
show source-bridge
source-bridge spanning (automatic)
source-bridge spanning (manual)
Use the clear netbios-cache privileged EXEC command to clear the entries of all dynamically learned NetBIOS names. This command will not remove statically defined name cache entries.
clear netbios-cacheThis command has no arguments or keywords.
Privileged EXEC
Routers automatically learn NetBIOS names. This command clears those entries.
The following example shows the use of the clear netbios-cache command:
clear netbios-cache
netbios enable-name-cache
netbios name-cache timeout
show netbios-cache
Use the clear rif-cache privileged EXEC command to clear the entire RIF cache.
clear rif-cacheThis command has no arguments or keywords.
Privileged EXEC
Some entries in the RIF cache are dynamically added and others are static.
The following example shows the use of the clear rif-cache command:
clear rif-cache
Use the clear source-bridge privileged EXEC command to clear the source-bridge statistical counters.
clear source-bridgeThis command has no arguments or keywords.
Privileged EXEC
The following example shows the use of the clear source-bridge command:
clear source-bridge
A dagger (†) indicates that the command is documented in another chapter.
Use the clear sse privileged EXEC command to reinitialize the Silicon Switch Processor (SSP) on the Cisco 7000 series.
clear sseThis command has no arguments or keywords.
Disabled
Privileged EXEC
The silicon switching engine (SSE) is on the SSP board in the Cisco 7000.
The following example causes the SSP to be reinitialized:
clear sse
Use the ethernet-transit-oui interface configuration command to choose the Organizational Unique Identifier (OUI) code to be used in the encapsulation of Ethernet Type II frames across Token Ring backbone networks. Various versions of this OUI code are used by Ethernet/Token Ring translational bridges. The standard keyword is used when you are forced to interoperate with other vendor equipment, such as the IBM 8209, in providing Ethernet and Token Ring mixed media bridged connectivity. Use the no form of this command to return the default OUI code.
ethernet-transit-oui standard
90-compatible | (Optional) Default OUI form. |
standard | (Optional) Standard OUI form. |
cisco | (Optional) Cisco's OUI form. |
Interface configuration
This command replaces and extends the bridge old-oui command in release 9.0.
Before using this command, you must have completely configured your router using multiport source-bridging and transparent bridging.
The actual OUI codes that are used, when they are used, and how they compare to Software Release 9.0-equivalent commands is shown in Table 23-3.
| Keyword | OUI Used | When Used/Benefits | 9.0 Command Equivalent |
|---|---|---|---|
90-compatible | 0000F8 | By default, when talking to other Cisco routers. | no bridge old-oui |
cisco | 00000C | Provided for compatibility with future equipment. | None |
standard | 000000 | When talking to IBM 8209 bridges and other vendor equipment. Does not provide for as much flexibility as the other two choices. | bridge old-oui |
Specify the 90-compatible keyword when talking to our routers. This keyword provides the most flexibility. When 90-compatible is specified or the default is used, Token Ring frames with an OUI of 0x0000F8 are translated into Ethernet Type II frames while Token Ring frames with the OUI of 0x000000 are translated into SNAP-encapsulated frames. Specify the standard keyword when talking to IBM 8209 bridges and other vendor equipment. This OUI does not provide for as much flexibility as the other two choices. The cisco OUI is provided for compatibility with future equipment.
Do not use the standard keyword unless you are forced to interoperate with other vendor equipment, such as the IBM 8209, in providing Ethernet and Token Ring mixed media bridged connectivity. Only use the standard keyword when you are transferring data between IBM 8209 Ethernet/Token Ring bridges and routers running the SR/TLB software (to create a Token Ring backbone to connect Ethernets).
Use of the standard keyword causes the OUI code in Token Ring frames to always be 0x000000. In the context of the standard keyword, an OUI of 0x000000 identifies the frame as an Ethernet Type II frame. (Compare with 90-compatible, where 0x000000 OUI means SNAP-encapsulated frames.)
If you use the 90-compatible keyword, the router, acting as an SR/TLB, can distinguish immediately on Token Ring interfaces between frames that started on an Ethernet Type II frame and those that started on an Ethernet as a SNAP-encapsulated frame. The distinction is possible because the router uses the 0x0000F8 OUI when converting Ethernet Type II frames into Token Ring SNAP frames, and leaves the OUI as 0x000000 for Ethernet SNAP frames going to a Token Ring. This distinction in OUIs leads to efficiencies in the design and execution of the SR/TLB product; no tables need to be kept to know which Ethernet hosts use SNAP encapsulation and which hosts use Ethernet Type II.
The IBM 8209 bridges, however, by using the 0x000000 OUI for all the frames entering the Token Ring, must take extra measures to perform the translation. For every station on each Ethernet, the 8209 bridges attempt to remember the frame format used by each station, and assume that once a station sends out a frame using Ethernet Type II or 802.3, it will always continue to do so. It must do this because in using 0x000000 as an OUI, there is no way to distinguish between SNAP and Type II frame types. Because the SR/TLB router does not need to keep this database, when 8209 compatibility is enabled with the standard keyword, the SR/TLB chooses to translate all Token Ring SNAP frames into Ethernet Type II frames as described earlier in this discussion. Because every nonroutable protocol on Ethernet uses either non SNAP 802.3 (which traverses fully across a mixed IBM 8209/ router Token Ring backbone) or Ethernet Type II, this results in correct interconnectivity for virtually all applications.
Do not use the standard OUI if you want SR/TLB to output Ethernet SNAP frames. Using either the 90-compatible or cisco OUI does not present such a restriction, because SNAP frames and Ethernet Type II-encapsulated frames have different OUI codes on Token Ring networks.
The following example specifies standard OUI form:
interface tokenring 0 ethernet-transit-oui standard
A dagger (†) indicates that the command is documented in another chapter.
ethernet-transit-oui†
source-bridge transparent
Use the lnm alternate interface configuration command to specify the threshold reporting link number. In order for a LAN Reporting Manager (LRM) to change parameters, it must be attached to the reporting link with the lowest reporting link number, and that reporting link number must be lower than this threshold reporting link number. Use the no form of this command to restore the default of 0.
lnm alternate number
number | Threshold reporting link number. It must be in the range 0 through 3. |
0
Interface configuration
LAN Network Manager (LNM) employs the concepts of reporting links and reporting link numbers. A reporting link is simply a connection (or potential connection) between an LRM and a bridge. A reporting link number is a unique number used to identify a reporting link. An IBM bridge allows four simultaneous reporting links numbered 0 through 3. Only the LRM attached to the lowest number connection is allowed to change any parameters, and then only when that connection number falls below a certain configurable number. In the default configuration, the LRM connected through link 0 is the only LRM allowed to change parameters.
The following example permits LRMs connected through links 0 and 1 to change parameters:
! provide appropriate global configuration command if not currently in your config. ! ! permit 0 and 1 lnm alternate 1
The following example permits all LRMs to change parameters in the router:
! provide appropriate global configuration command if not currently in your config. ! ! permit 0, 1, 2, and 3 lnm alternate 3
lnm password
Use the lnm crs interface configuration command to monitor the current logical configuration of a Token Ring. Use the no form of this command to disable this function.
lnm crsThis command has no arguments or keywords.
Enabled
Interface configuration
For more information about the Active Monitor, refer to the IBM Token Ring Architecture Reference Manual or the IEEE 802.5 specification.
Because lnm crs is enabled by default, the following example shows the use of the no form of this command of the lnm crs command disable monitoring of the current logical configuration of a Token Ring:
interface TokenRing 0 no lnm crs
Use the lnm disabled global configuration command to disable LAN Network Manager (LNM) functionality. Use the no form of this command to restore LNM functionality.
lnm disabledThis command has no arguments or keywords.
Enabled
Global configuration
Under some circumstances, you can disable all LNM server functions on the router without having to determine whether to disable a specific server, such as the ring parameter server or the ring error monitor on a given interface.
This command can be used to terminate all LNM server input and reporting links. In normal circumstances, this command should not be necessary, because it is a superset of the functions normally performed on individual interfaces by the no lnm rem and no lnm rps commands.
The following example disables LNM functionality:
lnm disabled
lnm pathtrace-disabled
lnm rem
lnm rps
lnm snmp-only
show lnm bridge
Use the lnm loss-threshold interface configuration command to set the threshold at which the router sends a message informing all attached LNMs that it is dropping frames. Use the no form of this command to return to the default value.
lnm loss-threshold number
number | A single number expressing the percentage loss rate in hundredths of a percent. The valid range is 0 through 9999. |
10 (.10 percent)
Interface configuration
The router sends a message to all attached LNMs whenever it begins to drop frames. The point at which this report is generated (threshold) is a percentage of the number of frames dropped compared with the number of frames forwarded.
When setting this value, remember that 9999 would mean 100 percent of your frames could be dropped before the message is sent. A value of 1000 would mean 10 percent of the frames could be dropped before sending the message. A value of 100 would mean 1 percent of the frames could be dropped before the message is sent.
In the following example, the loss threshold is set to 0.02 percent:
interface TokenRing 0 lnm loss-threshold 2
Use the lnm password interface configuration command to set the password for the reporting link. Use the no form of this command to return the password to its default value of 00000000.
lnm password number string
number | Number of the reporting link to which to apply the password. This value should be in the range 0 through 3. |
string | Password you enter at the keyboard. In order to maintain compatibility with LNM, the parameter string should be a six- to eight-character string of the type listed in the "Usage Guidelines" section. |
00000000
Interface configuration
LAN Network Manager (LNM) employs the concepts of reporting links and reporting link numbers. A reporting link is simply a connection (or potential connection) between a LAN Reporting Manager (LRM) and a bridge. A reporting link number is a unique number used to identify a reporting link. An IBM bridge allows four simultaneous reporting links numbered 0 through 3. Only the LRM attached to the lowest number connection is allowed to change any parameters, and then only when that connection number falls below a certain configurable number. In the default configuration, the LRM connected through link 0 is the only LRM allowed to change parameters.
Each reporting link has its own password. Passwords are used not only to prevent unauthorized access from an LRM to a bridge, but to control access to the different reporting links. This is important because of the different abilities associated with the various reporting links.
Characters allowable in the string are the following:
Passwords are displayed only through use of the privileged EXEC write terminal command.
In the following example, the password Zephyr@ is assigned to reporting link 2:
! provide appropriate global configuration command if not currently in your config. ! lnm password 2 Zephyr@
lnm alternate
Use the lnm pathtrace-disabled global configuration command to disable pathtrace reporting to LAN Network Manager (LNM) stations. Use the no form of this command to restore pathtrace reporting functionality.
lnm pathtrace-disabled [all | origin]
all | Disable pathtrace reporting to the LNM and originating stations. |
origin | Disable pathtrace reporting to originating stations only. |
Enabled
Global configuration
Under some circumstances, such as when new hardware has been introduced into the network and is causing problems, the automatic report path trace function can be disabled. The new hardware may be setting bit-fields B1 or B2 (or both) of the routing control field in the routing information field embedded in a source-route bridged frame. This condition may cause the network to be flooded by report path trace frames if the condition is persistent. The lnm pathtrace-disabled command, along with its options, allows you to alleviate network congestion that may be occurring by disabling all or part of the automatic report path trace function within LNM.
The following example disables all pathtrace reporting:
lnm pathtrace-disabled
lnm disabled
lnm snmp-only
show lnm bridge
Use the lnm rem interface configuration command to monitor errors reported by any station on the ring. Use the no form of this command to disable this function.
lnm remThis command has no arguments or keywords.
Enabled
Interface configuration
The following example shows the use of the lnm rem command:
interface TokenRing 0 lnm rem
Use the lnm rps interface configuration command to ensure that all stations on a ring are using a consistent set of reporting parameters. Use the no form of this command to disable this function.
lnm rpsThis command has no arguments or keywords.
Enabled
Interface configuration
The following example shows the use of the lnm rps command:
interface TokenRing 0 lnm rps
Use the lnm snmp-only global configuration command to prevent any LNM stations from modifying parameters in the router. Use the no form of this command to allow modifications.
lnm snmp-onlyThis command has no arguments or keywords.
Enabled
Global configuration
Configuring a router/bridge for LNM support is very simple. It happens automatically as a part of configuring the router to act as a source-route bridge. There are several commands available to modify the behavior of the LNM support, but none of them are necessary for it to function.
Because there is now more than one way to remotely change parameters in a router, this command was developed to prevent them from detrimentally interacting with each other.
This command does not affect the ability of LNM to monitor events, only to modify parameters in the router.
The following command prevents any LNM stations from modifying parameters in the router:
lnm snmp-only
Use the lnm softerr interface configuration command to set the time interval in which the router will accumulate error messages before sending them. Use the no form of this command to return to the default value.
lnm softerr milliseconds
milliseconds | Time interval in tens of milliseconds between error messages. The valid range is 0 through 65535. |
200 milliseconds (2 seconds)
Interface configuration
All stations on a Token Ring notify the Ring Error Monitor (REM) when they detect errors on the ring. In order to prevent excessive messages, error reports are not sent immediately, but are accumulated for a short period of time and then reported. A station learns this value from a router (configured as a source-route bridge) when it first enters the ring.
The following example changes the error-reporting frequency to once every 5 seconds:
! provide appropriate Global configuration command if not currently in your config. ! lnm softerr 500
lnm rem
list-number | Priority list number of the input interface. |
No RSRB priority group is assigned.
Interface configuration
You must use the priority-list command to assign priorities to the ports as shown in
Table 23-4.
| Service | Port |
|---|---|
RSRB high priority | 1996 |
RSRB medium priority | 1987 |
RSRB normal priority | 1988 |
RSRB low priority | 1989 |
In the following example, Token Ring interface 0 is assigned the RSRB priority group 1:
source-bridge ring-group 2624 source-bridge remote-peer 2624 tcp 1.0.0.1 source-bridge remote-peer 2624 tcp 1.0.0.2 local-ack priority ! interface TokenRing 0 source-bridge 2576 8 2624 locaddr-priority 1
locaddr-priority-list
priority-list
Use the locaddr-priority-list global configuration command to map Logical Units (LUs) to queuing priorities as one of the steps to establishing queuing priorities based on LU addresses. Use the no form of this command to remove that RSRB priority queuing assignment. You use this command in conjunction with the priority list command.
locaddr-priority-list list-number address-number queue-keyword [dsap ds] [dmac dm]
list-number | Arbitrary integer between 1 and 10 that identifies the LU address priority list selected by the user. |
address-number | Value of the LOCADDR= parameter on the LU macro, which is a one-byte address of the LU in hex. |
queue-keyword | Priority queue name; one of high, medium, normal, or low. |
dsap | (Optional) Indicates that the next argument, ds, represents the destination service access point address. The argument ds is a hexadecimal value. |
dmac | (Optional) Indicates that the next argument, dm, is the destination MAC address. The argument dm is a dotted triple of four-digit hexadecimal numbers. |
ssap ss | (Optional) Indicates that the next argument, ss, is the source service access point address. If this is not specified, the default is all ssaps. |
smac sm | (Optional) Indicates that the next argument, sm, is the source MAC address, written as a dotted triple of rout-digit hexadecimal number. If this is not specified, the default is all smacs. |
No mapping
Global configuration
Use this command to map LUs to queuing priorities. Once you have established the priority for each LU, you can assign a priority to a TCP port. Hence you have established a mapping between the LUs and queuing priorities, and queuing priorities and TCP ports.
It is preferable to prioritize NetBIOS traffic below SNA traffic, but by default is assigned the high priority on TCP port 1996.
In the following example LU 01 has been assigned a medium priority and maps to TCP port 1996; LU 02 has been assigned a normal priority and maps to TCP port 1987; LU 03 has been assigned a low priority and maps to TCP port 1988; LU 04 has been assigned high priority and maps to TCP port 1989.
locaddr-priority-list 1 01 medium locaddr-priority-list 1 02 normal locaddr-priority-list 1 03 low locaddr-priority-list 1 04 high priority-list 1 protocol ip low tcp 1996 priority-list 1 protocol ip high tcp 1987 priority-list 1 protocol ip medium tcp 1988 priority-list 1 protocol ip normal tcp 1989
Use the mac-address interface configuration command to set the MAC layer address of the Cisco Token Ring.
mac-address ieee-address
ieee-address | 48-bit IEEE MAC address written as a dotted triplet of four-digit hexadecimal numbers |
No MAC layer address is set.
Interface configuration
There is a known defect in earlier forms of this command of the Texas Instruments (TI) Token Ring MAC firmware. This implementation is used by Proteon, Apollo, and IBM RTs. A host using a MAC address whose first two bytes are zeros (such as a Cisco router/bridge) will not properly communicate with hosts using that form of this command of TI firmware.
There are two solutions. The first involves installing a static RIF entry for every faulty node with which the router communicates. If there are many such nodes on the ring, this may not be practical. The second solution involves setting the MAC address of the Cisco Token Ring to a value that works around the problem.
This command forces the use of a different MAC address on the specified interface, thereby avoiding the TI MAC firmware problem. It is up to the network administrator to ensure that no other host on the network is using that MAC address.
The following example sets the MAC layer address, where xx.xxxx is an appropriate second half of the MAC address to use:
interface tokenring 0 mac-address 5000.5axx.xxxx
Use the multiring interface configuration command to enable collection and use of RIF information. Use the no multiring command, with the appropriate keyword, to disable the use of RIF information for the protocol specified.
multiring {protocol-keyword [all-routes | spanning] | all | other}
protocol-keyword | Specifies a protocol; see the keyword list under the "Usage Guidelines" section. |
all-routes | Use all-routes explorers |
spanning | Use spanning-tree explorers |
all | Enables the multiring for all frames. |
other | Enables the multiring for any routed frame not included in the previous list of supported protocols. |
Disabled
Interface configuration
Level 3 routers that use protocol-specific information (for example, Novell IPX or XNS headers) rather than MAC information to route datagrams also must be able to collect and use RIF information to ensure that they can transmit datagrams across a source-route bridge. The software default is to not collect and use RIF information for routed protocols. This allows operation with software that does not understand or properly use RIF information.
The current software allows you to specify a protocol. This is specified by the argument protocol-keyword. The protocols supported and the keywords you can enter include the following:
The multiring command was extended in Software Release 8.3 to allow for per-protocol specification of the interface's ability to append RIFs to routed protocols. When it is enabled for a protocol, the router will source packets that include information used by source-route bridges. This allows a router with Token Ring interfaces, for the protocol or protocols specified, to connect to a source-bridged Token Ring network. If a protocol is not specified for multiring, the router can only route packets to nodes directly connected to its local Token Ring.
These commands enable IP and Novell IPX bridging on a Token Ring interface. RIFs will be generated for IP frames, but not for the Novell IPX frames.
! commands that follow apply to interface token 0 interface tokenring 0 ! generate RIFs for IP frames multiring ip ! enable the Token Ring interface for IP ip address 131.108.183.37 255.255.255.0 ! enable the Token Ring interface for Novell IPX novell network 33
A dagger (†) indicates that the command is documented in another chapter.
clear rif-cache
rif
rif timeout
show rif
xns encapsulation †
Use the netbios access-list bytes global configuration command to define the offset and hexadecimal patterns with which to match byte offsets in NetBIOS packets. Use the no form of this command to remove an entire list or the entry specified with the pattern argument.
netbios access-list bytes name {permit | deny} offset pattern
name | Name of the access list being defined. |
permit | Permits the condition. |
deny | Denies the condition. |
offset | Decimal number indicating the number of bytes into the packet where the byte comparison should begin. An offset of zero points to the very beginning of the NetBIOS header. Therefore, the NetBIOS delimiter string (0xffef), for example, begins at offset 2. |
pattern | Hexadecimal string of digits representing a byte pattern. The argument pattern must conform to certain conventions. These conventions are listed under the "Usage Guidelines" section. |
No offset or pattern is defined.
Global configuration
For offset pattern matching, the byte pattern must be an even number of hexadecimal digits in length.
The byte pattern must be no more than 16 bytes (32 hexadecimal digits) in length.
As with all access lists, the NetBIOS access lists are scanned in order.
You can specify a wildcard character in the byte string indicating that the value of that byte does not matter in the comparison. This is done by specifying two asterisks (**) in place of digits for that byte. For example, the following command would match 0xabaacd, 0xab00cd, and so on.
netbios access-list bytes marketing permit 3 0xab**cd
The following example shows how to configure for offset pattern matching:
netbios access-list bytes marketing permit 3 0xabcd
In the following example, the byte pattern would not be accepted because it must be an even number of hexadecimal digits.:
netbios access-list bytes marketing permit 3 0xabc
In the following example, the byte pattern would not be permitted because the byte pattern is longer than 16 bytes in length:
netbios access-list bytes marketing permit 3 00112233445566778899aabbccddeeff00
The following example would match 0xabaacd, 0xab00cd, and so on:
netbios access-list bytes marketing permit 3 0xab**cd
The following example deletes the entire marketing NetBIOS access list named marketing:
no netbios access-list bytes marketing
The following example removes a single entry from the list:
no netbios access-list bytes marketing deny 3 0xab**cd
In the following example, the first line serves to deny all packets with a byte pattern starting in offset 3 of 0xab. However, this denial would also include the pattern 0xabcd because the entry permitting the pattern 0xabcd comes after the first entry:
netbios access-list bytes marketing deny 3 0xab netbios access-list bytes marketing permit 3 0xabcd
netbios input-access-filter bytes
netbios output-access-filter bytes
Use the netbios access-list host global configuration command to assign the name of the access list to a station or set of stations on the network. The NetBIOS station access list contains the station name to match, along with a permit or deny condition. Use the no netbios access-list host command to remove either an entire list or just a single entry from a list, depending upon the argument given for pattern.
netbios access-list host name {permit | deny} pattern
name | Name of the access list being defined. |
permit | Permits the condition. |
deny | Denies the condition. |
pattern | A set of characters. The characters can be the name of the station, or a combination of characters and pattern-matching symbols that establish a pattern for a set of NetBIOS station names. This combination can be especially useful when stations have names with the same characters, such as a prefix. The table in the "Usage Guidelines" section explains the pattern-matching symbols that can be used. |
No access list is assigned.
Global configuration
Table 23-5 explains the pattern-matching characters that can be used.
| Character | Description |
|---|---|
* | Used at the end of a string to match any character or string of characters. |
? | Matches any single character. If this wildcard is used as the first letter of the name, you must precede it with a CNTL-V key sequence. Otherwise it will be interpreted by the router as a request for help. |
The following example specifies a full station name to match:
netbios access-list host marketing permit ABCD
The following example specifies a prefix where the pattern matches any name beginning with the characters DEFG:
!The string DEFG itself is included in this condition.
netbios access-list host marketing deny DEFG*
The following example permits any station name with the letter W as the first character and the letter Y as the third character in the name. The second and fourth character in the name can be any character. This example would allow stations named WXYZ and WAYB; however, stations named WY and WXY would not be allowed because the ? must match specific characters in the name.
netbios access-list host marketing permit W?Y?
The following example illustrates how to combine wildcard characters. In this example the marketing list denies any name beginning with AC that is not at least three characters in length (the ? would match any third character). The string ACBD and ACB would match, but the string AC would not:
netbios access-list host marketing deny AC?
In the following example, a single entry in the marketing NetBIOS access list is removed:
no netbios access-list host marketing deny AC?*
In the following example, the entire marketing NetBIOS access list is removed:
no netbios access-list host marketing
netbios input-access-filter host
netbios output-access-filter host
Use the netbios enable-name-cache interface configuration command to enable NetBIOS name caching. Use the no form of this command to disable the name-cache behavior.
netbios enable-name-cacheThis command has no arguments or keywords.
Disabled
Interface configuration
This command enables the NetBIOS name cache on the specified interface. By default the name cache is disabled for the interface. Proxy explorers must be enabled on any interface that is using the NetBIOS name cache.
The following example enables NetBIOS name caching for interface tokenring 0:
interface tokenring 0 source-bridge proxy-explorer netbios enable-name-cache
clear netbios-cache
netbios name-cache timeout
show netbios-cache
Use the netbios input-access-filter bytes interface configuration command to define a byte access list filter on incoming messages. The actual access filter byte offsets and patterns used are defined in one or more netbios-access-list bytes commands. Use the no netbios input-access-filter bytes command with the appropriate name to remove the entire access list.
netbios input-access-filter bytes name
name | Name of a NetBIOS access filter previously defined with one or more of the netbios access-list bytes global configuration commands. |
No access list is defined.
Interface configuration
The following example applies a previously-defined filter named marketing to packets coming into tokenring 1:
interface tokenring 1 ! netbios input-access-filter bytes marketing
netbios access-list bytes
netbios output-access-filter bytes
Use the netbios input-access-filter host interface configuration command to define a station access list filter on incoming messages. The access lists of station names are defined in netbios access-list host commands. Use the no netbios input-access-filter host command with the appropriate argument to remove the entire access list.
netbios input-access-filter host name
name | Name of a NetBIOS access filter previously defined with one or more of the netbios access-list host global configuration commands. |
No access list is defined.
Interface configuration
The following example shows how to filter packets coming into Token Ring unit 1 using the NetBIOS access list named marketing:
interface tokenring 1 netbios access-list host marketing permit W?Y? netbios input-access-filter host marketing
netbios access-list host
netbios output-access-filter host
Use the netbios name-cache global configuration command to define a static NetBIOS name cache entry, tying the server with the name netbios-name to the mac-address, and specifying that the server is accessible either locally via the interface-name specified, or remotely, via the ring-group group-number specified. Use the no form of this command to remove the entry.
netbios name-cache mac-address netbios-name {interface-name | ring-group group-number}
mac-address | The MAC address. |
netbios-name | Server name linked to the MAC address. |
interface-name | Name of the interface by which the server is accessible locally. |
ring-group | Specifies that the link is accessible remotely. |
group-number | Number of the ring group by which the server is accessible remotely. This ring group number must match the number you have specified with the source-bridge ring-group command. The valid range is 1 through 4095. |
No entry is defined.
Global configuration
To specify an entry in the static name cache, first specify a Routing Information Field (RIF) that leads to the server's MAC address. The router displays an error message if it cannot find a static RIF entry for the server when the NetBIOS name-cache entry is attempted or if the server's type conflicts with that given for the static RIF entry.
The following example indicates the syntax usage of this command if the NetBIOS server is accessed locally:
source-bridge ring-group 2 rif 0220.3333.4444 00c8.042.0060 tokenring 0 netbios name-cache 0220.3333.4444 DEF tokenring 0
The following example indicates the syntax usage of this command if the NetBIOS server is accessed remotely:
source-bridge ring-group 2 rif 0110.2222.3333 0630.021.0030 ring group 2 netbios name-cache 0110.2222.3333 DEF ring-group 2
Use the netbios name-cache name-len global configuration command to specify how many characters of the NetBIOS type name the name cache will validate.
netbios name-cache name-len length
length | The length of the NetBIOS type name. The range is 8 to 16 characters. |
15 characters
Global configuration
The following example specifies that the name cache will validate 16 characters of the NetBIOS type name:
netbios name-cache name-len 16
netbios enable-name-cache
netbios name-cache
netbios name-cache proxy-datagram
netbios name-cache query-timeout
netbios name-cache recognized-timeout
netbios name-cache timeout
Use the netbios name-cache proxy-datagram global configuration command to enable the router to act as a proxy and send NetBIOS datagram type frames.
netbios name-cache proxy-datagram seconds
seconds | Time interval, in seconds, that the router forwards a route broadcast datagram type packet. The valid range is any number greater than 0. |
There is no default time interval.
Global configuration
The following example specifies that the router will forward a NetBIOS datagram type frame in 20-second intervals:
netbios name-cache proxy-datagram 20
netbios enable-name-cache
netbios name-cache
netbios name-cache query-timeout
netbios name-cache recognized-timeout
netbios name-cache timeout
seconds | "Dead" time period in seconds. Default is 6 seconds. |
6 seconds
Global configuration
The following example sets the timeout to 15 seconds:
netbios name-cache query-timeout 15
netbios name-cache recognized-timeout
Use the netbios name-cache recognized-timeout global configuration command to specify the "dead" time, in seconds, that starts when a host sends any FIND_NAME or NAME_RECOGNIZED frame. During this dead time, the router drops any repeat, duplicate FIND_NAME or NAME_RECOGNIZED frame sent by the same host. This timeout is only effective at the time of the login negotiation process. Use the no form of this command to bring the time back to the default of 6 seconds.
netbios name-cache recognized-timeout seconds
seconds | "Dead" time period in seconds. Default is 6 seconds. |
6 seconds
Global configuration
The following example sets the timeout to 15 seconds:
netbios name-cache recognized-timeout 15
netbios name-cache query-timeout
Use the netbios name-cache timeout global configuration command to enable NetBIOS name caching and to set the time that entries can remain in the NetBIOS name cache. Use the no form of this command to bring the time back to the default of 15 minutes.
netbios name-cache timeout minutes
minutes | Time, in minutes, that entries can remain in the NetBIOS name cache. Once the time expires, the entry will be deleted from the cache. Default is 15 minutes. |
15 minutes
Global configuration
This command allows you to establish NetBIOS name caching. NetBIOS name caching can be used only between routers that are running Software Release 9.1 or later. NetBIOS name-caching does not apply to static entries.
The following example sets the timeout to 10 minutes:
interface tokenring 0 netbios name-cache timeout 10
Use the netbios output-access-filter bytes interface configuration command to define a byte access list filter on outgoing messages. Use the no netbios output-access-filter bytes command to remove the entire access list.
netbios output-access-filter bytes name
name | Name of a NetBIOS access filter previously defined with one or more of the netbios access-list bytes global configuration commands. |
No access list is defined.
Interface configuration
The following example filters packets leaving Token Ring unit 1 using the NetBIOS access list named engineering:
interface tokenring 1 netbios access-list bytes engineering permit 3 0xabcd netbios output-access-filter bytes engineering
netbios access-list bytes
netbios input-access-filter bytes
Use the netbios output-access-filter host interface configuration command to define a station access list filter on outgoing messages. Use the no netbios output-access-filter host command to remove the entire access list.
netbios output-access-filter host name
name | Name of a NetBIOS access filter previously defined with one or more of the netbios access-list host global configuration commands. |
No access list filter is defined.
Interface configuration
The following example filters packets leaving Token Ring unit 1 using the NetBIOS access list named engineering:
interface tokenring 1 netbios access-list host engineering permit W?Y? netbios output-access-filter host engineering
netbios access-list host
netbios input-access-filter host
Use the priority-group interface configuration command to assign a specified priority list to an interface.
priority-group list
list | Priority list number assigned to the interface. |
No priority list number is established.
Interface configuration
The following is an example of a priority-group assignment:
interface Ethernet 0 ip address 1.0.0.1 255.255.255.0 priority-group 1
locaddr-priority-list
priority-list
Use the priority-list global configuration command to establish queuing priorities based upon the protocol type as one of the steps to establishing queuing priorities based on Logical Unit (LU) addresses. Use the no form of this command to remove the priority list. Use this command in conjunction with the locaddr-priority-list command.
priority-list list-number protocol protocol-name queue-keyword
list-number | Arbitrary integer between 1 and 10 that identifies the LU address priority list selected by the user. |
protocol | Keyword indicating you want the priority list to be based on a protocol type. |
protocol-name | Protocol you are using. In most cases, this will be ip. |
queue-keyword | Priority queue name; one of high, medium, normal, or low. |
No queuing priorities are established.
Global configuration
This command is used to assign the priority level defined to TCP segments originating from or destined to a specified TCP port. Assign priorities to the ports as shown in Table 23-6.
| Service | Port |
|---|---|
RSRB high priority | 1996 |
RSRB medium priority | 1987 |
RSRB normal priority | 1988 |
RSRB low priority | 1989 |
Once you have established the priority for each LU using the locaddr-priority-list command, you can assign a priority to a TCP port using the priority-list command. Hence, by using both commands you have established a mapping between the LUs and queuing priorities, and queuing priorities and TCP ports.
It is preferable to prioritize NetBIOS traffic below SNA traffic, but by default is assigned the high priority on TCP port 1996.
In the following example LU 01 has been assigned a medium priority and maps to TCP port 1996; LU 02 has been assigned a normal priority and maps to TCP port 1987; LU 03 has been assigned a low priority and maps to TCP port 1988; LU 04 has been assigned high priority and maps to TCP port 1989.
locaddr-priority-list 1 01 medium locaddr-priority-list 1 02 normal locaddr-priority-list 1 03 low locaddr-priority-list 1 04 high priority-list 1 protocol ip low tcp 1996 priority-list 1 protocol ip high tcp 1987 priority-list 1 protocol ip medium tcp 1988 priority-list 1 protocol ip normal tcp 1989
locaddr-priority
llocaddr-priority-list
Use the rif global configuration command to enter static source-route information into the RIF cache. If a Token Ring host does not support the use of IEEE 802.2 TEST or XID datagrams as explorer packets, you may need to add static information to the RIF cache of the router/bridge. Use the no rif command to remove an entry from the cache.
rif mac-address rif-string {interface-name | ring-group ring}
mac-address | 12-digit hexadecimal string written as a dotted triplet; for example, 0010.0a00.20a6. |
rif-string | Series of 4-digit hexadecimal numbers separated by a period (.). This RIF string is inserted into the packets sent to the specified MAC address. |
interface-name | Interface name (for example, tokenring0) that indicates the origin of the RIF. |
ring-group | Specifies the origin of the RIF is a ring group. |
ring | Ring group number that indicates the origin of the RIF. This ring group number must match the number you have specified with the source-bridge ring-group command. The valid range is 1 through 4095. |
No static source-route information is entered.
Global configuration
You must specify either an interface name or a ring group number to indicate the origin of the RIF. You specify an interface name (for example, tokenring0) with the interface-name argument, and you specify a ring group number with the ring-group ring argument. The ring group number must match the number you specified with the source-bridge ring-group command. Ring groups are explained in the "Configuring Source-Route Bridging" chapter of the Router Products Configuration Guide.
Using the command rif mac-address without any of the arguments puts an entry into the RIF cache indicating that packets for this MAC address should not have RIF information.
Do not configure a static RIF with any of the all rings type codes. Doing so causes traffic for the configured host to appear on more than one ring and leads to unnecessary congestion.
The following example configuration sets up a static RIF between Token Rings 8 and 9:
! insert entry with MAC address 1000.5A12.3456 and RIF of ! 0630.0081.0090 into RIF cache rif 1000.5A12.3456 0630.0081.0090 tokenring 0
multiring
source-bridge ring-group
Use the rif timeout global configuration command to determine the number of minutes an inactive RIF entry is kept. RIF information is maintained in a cache whose entries are aged. Use the no rif timeout command to restore the default.
rif timeout minutes
minutes | Number of minutes RIF entry is kept. The value must be greater than 0. Default is 15 minutes. |
15 minutes
Global configuration
A RIF entry is cached based on the MAC address and the interface.
A RIF entry can be aged out even if there is active traffic, but the traffic is fast or autonomously switched.
A RIF entry is refreshed only if a RIF field of an incoming frame is identical to the RIF information of the RIF entry in the cache.
Until a RIF entry is aged out and removed from the cache, no new RIF information is accepted for the same RIF entry.
The following example changes the timeout period to 5 minutes:
rif timeout 5
clear rif-cache
rif validate-enable
show rif
Use the rif validate-age global configuration command to define the validation time when the router is acting as a proxy for NetBIOS NAME_QUERY packet or for explorer frames.
rif validate-age seconds
seconds | Interval, in seconds, at which a proxy is sent. The valid range is any number greater than 0. Default is 2 seconds. |
2 seconds
Global configuration
If the timer expires before the response is received, the RIF entry or the NetBIOS cache entry is marked as invalid and is flushed from the cache table when another explorer or NAME_QUERY packet is received.
The following example specifies the interval at which a proxy is sent to be 3 seconds:
rif validate-age 3
Use the rif validate-enable global configuration command to enable RIF validation for entries learned on an interface (Token Ring or FDDI). Use the no form of this command to disable the specification.
rif validate-enableThis command has no arguments or keywords.
RIF validation is enabled.
Global configuration
A RIF validation algorithm is used for the following cases:
A directed IEEE TEST command is sent to the destination MAC address. If a response received in the time specified by rif validate-age, the entry is refreshed and is considered valid. Otherwise, the entry is removed from the cache. To prevent sending too many TEST commands, any entry that has been refreshed in less than 70 seconds is considered valid.
Validation is triggered as follows:
The following example enables RIF validation:
rif validate-enable
rif timeout
rif validate-age
rif validate-enable-age
rif validate-enable-route-cache
Use the no rif validate-enable-age global configuration command to enable RIF validation for stations on a source-route bridge network that do not respond to an IEEE TEST command.
rif validate-enable-ageThis command has no arguments or keywords.
RIF validation is enabled.
Global configuration
You must first issue the rif validate-enable command.
When this command is enabled, a RIF entry is not removed from the cache even if it becomes invalid. If the entry is refreshed, it becomes valid again.
If a RIF field of an incoming frame and the RIF information of the invalid RIF entry are not identical, the old RIF information is replaced by the new information.
Use the rif validate-enable-route-cache global configuration command to enable synchronization of the RIF cache with the protocol route cache.
rif validate-enable-route-cacheThis command has no arguments or keywords.
This command is disabled by default.
Global configuration
When a RIF entry is removed from the RIF cache, or the RIF information in the RIF entry is changed, the protocol route caches are synchronized with the RIF cache.
ring-group | Virtual ring number of the remote peer. |
tcp | Indicates TCP encapsulation. |
fst | Indicates FST encapsulation. |
ip-address | IP address. |
interface | Indicates direct encapsulation. |
interface-name | Interface name. |
access-list-number | Number of the access list. |
No filters are assigned.
Global configuration
The following example specifies SAP filters by LSAP address:
rsrb remote-peer 1000 tcp 131.108.2.30 lsap-output-list 201
priority-list
sap-priority
sap-priority-list
ring-group | Virtual ring number of the remote peer. |
tcp | Indicates TCP encapsulation. |
fst | Indicates FST encapsulation. |
ip-address | IP address. |
interface | Indicates direct encapsulation. |
interface-name | Interface name. |
name | Name of a NetBIOS access filter previously defined with one or more netbios access-list host global configuration commands. |
host | Host name. |
No filter is assigned.
Global configuration
The following example filters packets by NetBIOS station name:
rsrb remote-peer 1000 tcp 131.108.2.30 netbios-output-list host engineering
priority-list
sap-priority
sap-priority-list
Use the sap-priority interface configuration command to define a priority list on an interface.
sap-priority number
number | Priority list number you specified in the sap-priority-list command |
No priority list is defined.
Interface configuration
The following example specifies priority list number 1:
sap-priority 1
Use the sap-priority-list global configuration command to define a priority list.
sap-priority-list number queue-keyword [dsap ds] [ssap ss] [dmac dm] [smac sm]
number | Arbitrary integer between 1 and 10 that identifies the priority list. |
queue-keyword | Priority queue name or a remote source-route bridge TCP port name. |
dsap | (Optional) Indicates that the next argument, ds, represents the destination service access point address. The argument ds is a hexadecimal number. |
ssap | (Optional) Indicates that the next argument, ss, represents the source service access point address. The argument ss is a hexadecimal number. |
dmac | (Optional) Indicates that the next argument, dm, represents the destination MAC address. The argument dm is written as a dotted triple of four-digit hexadecimal numbers. |
smac | (Optional) Indicates that the next argument, sm, represents the source MAC address. The argument sm is written as a dotted triple of four-digit hexadecimal numbers. |
No priority list is defined.
Global configuration
To give precedence to traffic on a particular LLC2 session, you must specify all four keywords (dsap, ssap, dmac, and smac) to uniquely identify the LLC2 session.
The following example defines priority list 1 and specifies SSAP and DSAP addresses:
sap-priority-list 1 high dsap 04 ssap 04
Use the show controllers token privileged EXEC command to display information about memory management, error counters, and the board itself. Depending on the board being used, the output can vary. This command also displays proprietary information. Thus, the information that show controllers token displays is of primary use to our technical personnel. Information that is useful to users can be obtained with the show interfaces tokenring command, described later.
show controllers tokenThis command has no arguments or keywords.
Privileged EXEC
The following is sample output from the show controllers token command of a CSC-IR or
CSC-2R card:
Router# show controllers token
TR Unit 0 is board 0 - ring 0
state 3, dev blk: 0x1D2EBC, mailbox: 0x2100010, sca: 0x2010000
current address: 0000.3080.6f40, burned in address: 0000.3080.6f40
current TX ptr: 0xBA8, current RX ptr: 0x800
Last Ring Status: none
Stats: soft:0/0, hard:0/0, sig loss:0/0
tx beacon: 0/0, wire fault 0/0, recovery: 0/0
only station: 0/0, remote removal: 0/0
Bridge: local 3330, bnum 1, target 3583
max_hops 7, target idb: 0x0, not local
Interface failures: 0 -- Bkgnd Ints: 0
TX shorts 0, TX giants 0
Monitor state: (active)
flags 0xC0, state 0x0, test 0x0, code 0x0, reason 0x0
f/w ver: 1.0, chip f/w: '000000.ME31100', [bridge capable]
SMT form of this command s: 1.01 kernel, 4.02 fastmac
ring mode: F00, internal enables: SRB REM RPS CRS/NetMgr
internal functional: 0000011A (0000011A), group: 00000000 (00000000)
if_state: 1, ints: 0/0, ghosts: 0/0, bad_states: 0/0
t2m fifo purges: 0/0
t2m fifo current: 0, t2m fifo max: 0/0, proto_errs: 0/0
ring: 3330, bridge num: 1, target: 3583, max hops: 7
Packet counts:
receive total: 298/6197, small: 298/6197, large 0/0
runts: 0/0, giants: 0/0
local: 298/6197, bridged: 0/0, promis: 0/0
bad rif: 0/0, multiframe: 0/0
ring num mismatch 0/0, spanning violations 0
transmit total: 1/25, small: 1/25, large 0/0
runts: 0/0, giants: 0/0, errors 0/0
bad fs: 0/0, bad ac: 0
congested: 0/0, not present: 0/0
Unexpected interrupts: 0/0, last unexp. int: 0
Internal controller counts:
line errors: 0/0, internal errors: 0/0
burst errors: 0/0, ari/fci errors: 0/0
abort errors: 0/0, lost frame: 0/0
copy errors: 0/0, rcvr congestion: 0/0
token errors: 0/0, frequency errors: 0/0
dma bus errors: -/-, dma parity errors: -/-
Internal controller smt state:
Adapter MAC: 0000.3080.6f40, Physical drop: 00000000
NAUN Address: 0000.a6e0.11a6, NAUN drop: 00000000
Last source: 0000.a6e0.11a6, Last poll: 0000.3080.6f40
Last MVID: 0006, Last attn code: 0006
Txmit priority: 0006, Auth Class: 7FFF
Monitor Error: 0000, Interface Errors: FFFF
Correlator: 0000, Soft Error Timer: 00C8
Local Ring: 0000, Ring Status: 0000
Beacon rcv type: 0000, Beacon txmit type: 0000
Beacon type: 0000, Beacon NAUN: 0000.a6e0.11a6
Table 23-7 describes the fields shown in the first line of sample output.
| Field | Description |
|---|---|
TR Unit 0 | Unit number assigned to the Token Ring interface associated with this output. |
is board 0 | Board number assigned to the Token Ring controller board associated with this interface. |
ring 0 | Number of the Token Ring associated with this board. |
In the following line, state 3 indicates the state of the board. The rest of this output line displays memory mapping that is of primary use to our engineers.
state 3, dev blk: 0x1D2EBC, mailbox: 0x2100010, sca: 0x2010000
The following line also appears in show interface token output as the address and burned in address (bia), respectively:
current address: 0000.3080.6f40, burned in address: 0000.3080.6f40
The following line displays buffer management pointers that change by board:
current TX ptr: 0xBA8, current RX ptr: 0x800
The following line indicates the ring status from the controller chip set. This information is used by LAN Network Manager:
Last Ring Status: none
The following line displays Token Ring statistics. See the Token Ring specification for more information:
Stats: soft:0/0, hard:0/0, sig loss:0/0
tx beacon: 0/0, wire fault 0/0, recovery: 0/0
only station: 0/0, remote removal: 0/0
The following line indicates that Token Ring communication has been enabled on the interface. If this line of output appears, the message "Source Route Bridge capable" should appear in the show interfaces tokenring display.
Bridge: local 3330, bnum 1, target 3583
Table 23-8 describes the fields shown in the following line of sample output:
max_hops 7, target idb: 0x0, not local
| Field | Description |
|---|---|
max_hops 7 | Maximum number of bridges. |
target idb: 0x0 | Destination interface definition. |
not local | Interface has been defined as a remote bridge. |
The following line is specific to the hardware:
Interface failures: 0 -- Bkgnd Ints: 0
In the following line, TX shorts are the number of packets the interface transmits that are discarded because they are smaller than the medium's minimum packet size. TX giants are the number of packets the interface transmits that are discarded because they exceed the medium's maximum packet size.
TX shorts 0, TX giants 0
The following line indicates the state of the controller. Possible values include active, failure, inactive, and reset.
Monitor state: (active)
The following line displays detailed information relating to the monitor state shown in the previous line of output. This information relates to the firmware on the controller. This information is relevant to our engineers only if the monitor state is something other than active.
flags 0xC0, state 0x0, test 0x0, code 0x0, reason 0x0
Table 23-9 describes the fields in the following line or output:
f/w ver: 1.0 expr 0, chip f/w: '000000.ME31100', [bridge capable]
| Field | Description |
|---|---|
f/w ver: 1.0 | Version of our firmware on the board. |
chip f/w: '000000.ME31100' | Firmware on the chip set. |
[bridge capable] | Interface has not been configured for bridging, but it has that capability. |
The following line displays the version numbers for the kernel and the accelerator microcode of the Madge firmware on the board; this firmware is the LLC interface to the chip set:
SMT form of this command s: 1.01 kernel, 4.02 fastmac
The following line displays LAN Network Manager information that relates to ring status:
ring mode: F00, internal enables: SRB REM RPS CRS/NetMgr
The following line corresponds to the functional address and the group address shown in show interfaces tokenring output:
internal functional: 0000011A (0000011A), group: 00000000 (00000000)
The following line displays interface board state information that is proprietary:
if_state: 1, ints: 0/0, ghosts: 0/0, bad_states: 0/0
The following lines display information that is proprietary. Our engineers use this information for debugging purposes:
t2m fifo purges: 0/0 t2m fifo current: 0, t2m fifo max: 0/0, proto_errs: 0/0
Each of the fields in the following line maps to a field in the show source bridge display, as follows: ring maps to srn; bridge num maps to bn; target maps to trn; and max hops maps to max:
ring: 3330, bridge num: 1, target: 3583, max hops: 7
In the following lines of output, the number preceding the slash (/) indicates the count since the value was last displayed; the number following the slash (/) indicates count since the system was last booted:
Packet counts:
receive total: 298/6197, small: 298/6197, large 0/0
In the following line, the number preceding the slash (/) indicates the count since the value was last displayed; the number following the slash (/) indicates count since the system was last booted. The runts and giants values that appear here correspond to the runts and giants values that appear in show interfaces tokenring output:
runts: 0/0, giants: 0/0
The following lines are receiver-specific information that our engineers can use for debugging purposes:
local: 298/6197, bridged: 0/0, promis: 0/0
bad rif: 0/0, multiframe: 0/0
ring num mismatch 0/0, spanning violations 0
transmit total: 1/25, small: 1/25, large 0/0
runts: 0/0, giants: 0/0, errors 0/0
The following lines include very specific statistics that are not relevant in most cases, but exist for historical purposes. In particular, the internal errors, burst errors, ari/fci, abort errors, copy errors, frequency errors, dma bus errors, and dma parity errors fields are not relevant.
Internal controller counts: line errors: 0/0, internal errors: 0/0 burst errors: 0/0, ari/fci errors: 0/0 abort errors: 0/0, lost frame: 0/0 copy errors: 0/0, rcvr congestion: 0/0 token errors: 0/0, frequency errors: 0/0 dma bus errors: -/-, dma parity errors: -/-
The following lines are low-level Token Ring interface statistics relating to the state and status of the Token Ring with respect to all other Token Rings on the line:
Internal controller smt state: Adapter MAC: 0000.3080.6f40, Physical drop: 00000000 NAUN Address: 0000.a6e0.11a6, NAUN drop: 00000000 Last source: 0000.a6e0.11a6, Last poll: 0000.3080.6f40 Last MVID: 0006, Last attn code: 0006 Txmit priority: 0006, Auth Class: 7FFF Monitor Error: 0000, Interface Errors: FFFF Correlator: 0000, Soft Error Timer: 00C8 Local Ring: 0000, Ring Status: 0000 Beacon rcv type: 0000, Beacon txmit type: 0000
Use the show interfaces tokenring privileged EXEC command to display information about the Token Ring interface and the state of source-route bridging.
show interfaces tokenring [unit]
unit | (Optional) Interface number. If you do not provide a value for the unit argument, the command will display statistics for all Token Ring interfaces. |
Privileged EXEC
The following is sample output from the show interfaces tokenring command:
Router# show interfaces tokenring
TokenRing 0 is up, line protocol is up
Hardware is 16/4 Token Ring, address is 5500.2000.dc27 (bia 0000.3000.072b)
Internet address is 150.136.230.203, subnet mask is 255.255.255.0
MTU 8136 bytes, BW 16000 Kbit, DLY 630 usec, rely 255/255, load 1/255
Encapsulation SNAP, loopback not set, keepalive set (10 sec)
ARP type: SNAP, ARP Timeout 4:00:00
Ring speed: 16 Mbps
Single ring node, Source Route Bridge capable
Group Address: 0x00000000, Functional Address: 0x60840000
Last input 0:00:01, output 0:00:01, output hang never
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
Five minute input rate 0 bits/sec, 0 packets/sec
Five minute output rate 0 bits/sec, 0 packets/sec
16339 packets input, 1496515 bytes, 0 no buffer
Received 9895 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
32648 packets output, 9738303 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets, 0 restarts
5 transitions
Table 23-10 describes significant fields shown in the display.
| Field | Description |
|---|---|
Token Ring is up/down | The interface is currently active and inserted into ring (up) or inactive and not inserted (down). |
Token Ring is Reset | Hardware error has occurred. This is not |