reserved-only through show ip irdp

reserved-only

To restrict address assignments from the Dynamic Host Configuration Protocol (DHCP) address pool only to the preconfigured reservations, use the reserved-only command in DHCP pool configuration mode. To disable the configuration, use the no form of this command.

reserved-only

no reserved-only

Syntax Description

This command has no arguments or keywords.

Command Default

Address assignments from the DHCP address pool are not restricted only to the preconfigured reservations.

Command Modes

DHCP pool configuration (dhcp-config)

Command History

Release

Modification

12.2(50)SE

This command was introduced.

12.2(33)SXI4

This command was integrated into Cisco IOS Release 12.2(33)SXI4.

Usage Guidelines

When the DHCP port-based assignment feature is configured on multiple switches, devices connected to one switch may receive an IP address assignment from the neighboring switches rather than from the local DHCP address pool switch. If you want the switch to serve only the client directly connected to the switch, you can configure a group of switches with pools that share a common IP subnet but ignore the requests from other clients (not connected to this switch).

Examples

The following example shows how to restrict address assignments from the DHCP address pool only to the preconfigured reservations:


Router# configure terminal
Router(config)# ip dhcp pool red
Router(dhcp-config)# reserved-only 

restrict authenticated

To specify that a Domain Name System (DNS) view list member cannot be used to respond to an incoming DNS query if the DNS view and the DNS client have not been authenticated, use the restrict authenticated command in DNS view list member configuration mode. To remove this restriction from a DNS view list member, use the no form of this command.

restrict authenticated

no restrict authenticated

Syntax Description

This command has no arguments or keywords.

Command Default

When determining whether the DNS view list member can be used to respond to an incoming DNS query, the Cisco IOS software does not check that the DNS view and the DNS client have been authenticated.

Command Modes

DNS view list member configuration

Command History

Release

Modification

12.4(9)T

This command was introduced.

Usage Guidelines

This command restricts the DNS view list member from responding to an incoming DNS query unless the Cisco IOS software has verified the authentication status of the client. The view list member is rejected, and the view-selection process proceeds to the next view in the view list, if the client is not authenticated. The router that is running Split DNS determines the query client authentication status by calling any DNS client authentication functions that have been registered with Split DNS.

A client can be authenticated within a Cisco IOS environment by various methods, such as Firewall Authentication Proxy, 802.1x, and wireless authentication. Some DNS authentication functions might inspect only the source IP address or MAC address and the VRF information, while other functions might inspect the source IP address or MAC address, the VRF information, and the DNS view name.


Note


In Cisco IOS Release 12.4(9)T, none of these authentication methods are implemented by any Cisco IOS authentication subsystems. As a result, if a DNS view is configured to be restricted based on client authentication, the Cisco IOS software will not use that view whenever the view is considered for handling a query. In future Cisco IOS releases, authentication subsystems will implement client authentication functions and enable them to be registered on a router running Split DNS. This will enable the Cisco IOS software to support authentication-based use restrictions on DNS views. This command is provided now for backward compatibility when DNS authentication functions are implemented.


A DNS view list member can also be restricted from responding to an incoming DNS query based on the query source IP address (configured by using the restrict source access-group command) or the query hostname (configured by using the restrict name-group command).


Note


If a DNS view list member is configured with multiple usage restrictions, that DNS view can be used to respond to a DNS query only if the view is associated with the source VRF of the query and all configured usage restrictions are met by the query.


To display the usage restrictions for a DNS view list member, use the show ip dns view-list command.

Examples

The following example shows how to create the DNS view list userlist5 so that it contains the two DNS views:


Router(config)# ip dns view-list userlist5
 
Router(cfg-dns-view-list)# view vrf vpn101 user1 20
 
Router(cfg-dns-view-list-member)# exit
 
Router(cfg-dns-view-list)# view vrf vpn201 user2 35
 
Router(cfg-dns-view-list-member)# restrict authenticated

Both view list members are restricted from responding to an incoming DNS query unless the query is from the same VRF as the VRF with which the view is associated.

The first view list member (the view named user1 and associated with the VRF vpn101) has no further restrictions placed on its use.

The second view list member (the view named user2 and associated with the VRF vpn201) is further restricted from responding to an incoming DNS query unless the Cisco IOS software can verify the authentication status of the client.

restrict name-group

To specify that a Domain Name System (DNS) view list member cannot be used to respond to a DNS query unless the query hostname matches a permit clause in a particular DNS name list and none of the deny clauses, use the restrict name-group command in DNS view list member configuration mode. To remove this restriction from a DNS view list member, use the no form of this command.

restrict name-group name-list-number

no restrict name-group name-list-number

Syntax Description

name-list-number

Integer from 1 to 500 that identifies an existing DNS name list.

Command Default

When determining whether the DNS view list member can be used to respond to an incoming DNS query, the Cisco IOS software does not check that the query hostname matches a permit clause in a particular DNS name list.

Command Modes

DNS view list member configuration

Command History

Release

Modification

12.4(9)T

This command was introduced.

Usage Guidelines

This command restricts the DNS view list member from responding to an incoming DNS query if a permit clause in the specified DNS name list specifies a regular expression that matches the query hostname. The view list member is rejected, and the view-selection process proceeds to the next view in the view list, if an explicit deny clause in the name list (or the implicit deny clause at the end of the name list) matches the query hostname. To configure a DNS name list, use the ip dns name-list command.

A DNS view list member can also be restricted from responding to an incoming DNS query based on the source IP address of the incoming DNS query. To configure this type of restriction, use the restrict source access-group command.


Note


If a DNS view list member is configured with multiple usage restrictions, that DNS view can be used to respond to a DNS query only if the view is associated with the source VRF of the query and all configured usage restrictions are met by the query.


To display the usage restrictions for a DNS view list member, use the show ip dns view-list command.


Note


The name-list-number argument referenced in this command is configured using the ip dns name-list command. The DNS name list is referred to as a “name list” when it is defined and as a “name group” when it is referenced in other commands.


Examples

The following example shows how to specify that DNS view user3 associated with the global VRF, when used as a member of the DNS view list userlist5, cannot be used to respond to an incoming DNS query unless the query hostname matches the DNS name list identified by the number 1:


Router(config)# ip dns view-list userlist5
 
Router(cfg-dns-view-list)# view user3 40 
Router(cfg-dns-view-list-member)# restrict name-group 1
 

restrict source access-group

To specify that a Domain Name System (DNS) view list member cannot be used to respond to a DNS query unless the source IP address of the DNS query matches a standard access control list (ACL), use the restrict source access-group command in DNS view list member configuration mode. To remove this restriction from a DNS view list member, use the no form of this command.

restrict source access-group {acl-name | acl-number}

no restrict source access-group {acl-name | acl-number}

Syntax Description

acl-name

String (not to exceed 64 characters) that specifies a standard ACL.

acl-number

Integer from 1 to 99 that specifies a standard ACL.

Command Default

When determining whether the DNS view list member can be used to respond to an incoming DNS query, the Cisco IOS software does not check that the source IP address of the DNS query belongs to a particular standard ACL.

Command Modes

DNS view list member configuration

Command History

Release

Modification

12.4(9)T

This command was introduced.

Usage Guidelines

This command restricts the DNS view list member from responding to an incoming DNS query if the query source IP address matches the specified standard ACL. To configure a standard ACL, use the access-list (IP standard) command.

A DNS view list member can also be restricted from responding to an incoming DNS query based on the the query hostname. To configure this type of restriction, use the restrict name-group command.


Note


If a DNS view list member is configured with multiple usage restrictions, that DNS view can be used to respond to a DNS query only if the view is associated with the source Virtual Private Network (VPN) routing and forwarding (VRF) instance of the query and all configured usage restrictions are met by the query.


To display the usage restrictions for a DNS view list member, use the show ip dns view-list command.


Note


The acl-name or acl-number argument referenced in this command is configured using the access-list command. The access list is referred to as a “access list” when it is defined and as a “access group” when it is referenced in other commands.


Examples

The following example shows how to specify that DNS view user4 associated with the global VRF, when used as a member of the DNS view list userlist7, cannot be used to respond to an incoming DNS query unless the query source IP address matches the standard ACL number 6:


Router(config)# ip dns view-list userlist7
 
Router(cfg-dns-view-list)# view user4 40 
Router(cfg-dns-view-list-member)# restrict source access-group 6
 

service dhcp

To enable the Dynamic Host Configuration Protocol (DHCP) server and relay agent features on your router, use the service dhcp command in global configuration mode. To disable the DHCP server and relay agent features, use the no form of this command.

service dhcp

no service dhcp

Syntax Description

This command has no arguments or keywords.

Command Default

DHCP is enabled. DHCP is not running. Port 67 is closed.

Command Modes

Global configuration (config)

Command History

Release

Modification

12.0(1)T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

12.4

This command was modified. Port 67 is closed in the Cisco IOS DHCP/BOOTP default configuration. This command was broken into two logical parts: service enabled and service running.

12.2SXH

This command was modified. Port 67 is closed in the Cisco IOS DHCP/BOOTP default configuration. This command was broken into two logical parts: service enabled and service running.

Usage Guidelines

The BOOTP and DHCP servers in Cisco IOS software both use the Internet Control Message Protocol (ICMP) port (port 67) by default. ICMP “port unreachable messages” will only be returned to the sender if both the BOOTP server and DHCP server are disabled. Disabling only one of the servers will not result in ICMP port unreachable messages.

Port 67 is closed in the Cisco IOS DHCP/BOOTP default configuration. There are two logical parts to the service dhcp command: service enabled and service running. The DHCP service is enabled by default, but port 67 is not opened until the DHCP service is running. A DHCP address pool must be configured for the DHCP service to be running. If the service is running, the show ip sockets detail or show sockets detail commands displays port 67 as open.

Examples

The following example shows to enable DHCP services on the DHCP server:


service dhcp

service-instance mdns-sd

To create an instance of a specific service type, use the service-instance mdns-sd command in global configuration mode. To remove the service-instance, use the no form of this command.

service-instance mdns-sd service instance-name regtype service-type domain name

no service-instance mdns-sd service instance-name regtype service-type domain name

Syntax Description

service instance-name

Specifies the service instance name.

regtype service-type

Specifies that the service instance is of the specified service type.

domain name

Specifies the domain with which the service-instance is being associated.

Command Default

Service instances need to be created, and are not available by default.

Command Modes

Global configuration (config)

Command History

Release

Modification

15.2(2)E

This command was introduced.

Cisco IOS XE 3.6E

This command was integrated into the Cisco IOS XE 3.6E release.

15.2(1)SY

This command was integrated into Cisco IOS Release 15.2(1)SY.

15.5(2)S

This command was integrated into Cisco IOS Release 15.5(2)S.

Cisco IOS XE Release 3.15S

This command was integrated into the Cisco IOS XE Release 3.15S

Usage Guidelines

When you create a new service instance, the command enters multicast Domain Name System (mDNS) service discovery service-instance (config-mdns-sd-si) mode . In this mode, you can configure various parameters for the service instance. The options in this mode are given below:

  • ipv4addr ipv4-address or ipv6addr ipv6-address - Specifies the IP address of the port on which the service is available.

    Note


    You must specify an IPv4 or IPv6 address.
  • port number - Specifies the port on which the service is available.
  • (Optional). priority value - Specifies the priority. The default priority value is zero.
  • target-hostname host-name - Specifies the fully qualified domain name (FQDN) of the target host.
  • txt - Text record for the service. To associate more than one text record, separate each record by a semi-colon.
  • (Optional). weight value - Specifies the weight for the service instance. The default weight value is zero.

Examples

The following example shows you how to create a service instance and configure parameters for the service instance:


Device> enable
Device# configure terminal
Device(config)# service-instance mdns-sd service serv-inst3 regtype _airplay._tcp domain tcp4
Device(config-mdns-sd-si)# ipv4addr 209.165.200.230 255.255.255.224
Device(config-mdns-sd-si)# port 65
Device(config-mdns-sd-si)# target-hostname domainv6
Device(config-mdns-sd-si)# exit

 

service-list mdns-sd

To create a service-list and apply a filter on the service-list or associate a query for the service-list, use the service-list mdns-sd command in global configuration mode. To remove a service-list or service-list filter, or to disassociate a query for a service-list, use the no form of this command.

service-list mdns-sd service-list-name {deny sequence-number | permit sequence-number | query}

no service-list mdns-sd service-list-name [ deny sequence-number | permit sequence-number | query]

Syntax Description

service-list-name

Service-list name. The permit, deny, and query options are applicable for the created service-list.

deny sequence-number

Restricts service information from being shared on a specific device, for the specified sequence number.

permit sequence-number

Allows service information to be shared on a specific device, for the specified sequence number.

query

Associates a query for the service-list name.

Command Default

Service-list information is not shared between devices or interfaces.

Command Modes

Global configuration (config)

Command History

Release

Modification

15.2(1)E

This command was introduced.

Usage Guidelines

While creating a service-list, the permit or deny option must to be used. The permit option allows you to permit/transport specific service-list information. The deny option allows you to deny service-list information that is available to be transported to other subnets.

You need to mention a sequence number when using the permit or deny option. The same service-list name can be associated with multiple sequence numbers and each sequence number will be mapped to a rule.

Query is another option provided while creating service-lists. You can create queries using a service-list. If you want to browse for a service, then active queries can be used. This will be helpful to keep the records refreshed in the cache.

Examples

The following example shows creation of a service-list sl1. The permit option is being applied on sequence number 3:


Device> enable
Device# configure terminal
Device(config)# service-list mdns-sd sl1 permit 3
Device(config-mdns-sd-sl)# exit

 

service-policy

To filter in-bound or out-bound service information for a service-list, use the service-policy command in the multicast DNS (mDNS) configuration or interface mDNS configuration mode. To remove a service-policy or service-list filter, or to disassociate a query for a service-list, use the no form of this command.

service-policy service-policy-name {IN | OUT}

no service-policy service-policy-name {IN | OUT}

Syntax Description

service-policy-name

Service-list name.

IN

Filters incoming service information for a device or interface according to the service policy.

OUT

Filters outgoing service information for a device or interface according to the service policy.

Command Default

Service information is not transported between two devices or interfaces.

Command Modes

Multicast DNS configuration (config-mdns)

Interface multicast DNS configuration (config-if-mdns)

Command History

Release

Modification

15.2(1)E

This command was introduced.

Usage Guidelines

The main purpose of creating a service-policy is to apply it at the interface level rather than at a global level.

Examples

The following example shows the application of a service-policy for an interface:


Device> enable
Device# configure terminal
Device(config)# service-routing mdns-sd
Device(config-mdns)# interface ethernet 0/1 
Device(config-if-mdns)# service-policy serv-pol2 IN 
Device(config-if-mdns)# exit 

 

service-policy-proximity

To configure service policy proximity filtering on a wireless device or interface, use the service-policy-proximity command in multicast Domain Name System (mDNS) configuration mode or in interface mDNS configuration mode. To disable service policy proximity filtering on a wireless device or interface, use the no form of this command.

service-policy-proximity service-list-name [ limit number-of-services]

no service-policy-proximity

Syntax Description

service-list-name

Service-list. Specifies that the services in the service-list are available in close proximity to the requester, and will be offered to the user when queried for.

limit number-of-services

(Optional) Specifies the maximum number of services that can be returned. The default value for the maximum number of services that can be returned is 50.

Command Default

Service policy proximity filtering is disabled.

Command Modes

Multicast DNS configuration (config-mdns)

Interface mDNS configuration (config-if-mdns-sd)

Command History

Release

Modification

15.2(2)E

This command was introduced.

Cisco IOS XE 3.6E

This command was integrated into the Cisco IOS XE 3.6E release.

Cisco IOS XE Release 3.13S

This command was integrated into the Cisco IOS XE Release 3.13S

15.2(1)SY

This command was integrated into Cisco IOS Release 15.2(1)SY.

15.5(2)S

This command was integrated into Cisco IOS Release 15.5(2)S.

Cisco IOS XE Release 3.15S

This command was integrated into the Cisco IOS XE Release 3.15S

Usage Guidelines

Service policy proximity filtering functionality is only available on wireless devices and their interfaces.

If service policy proximity filtering is configured on a device or interface, outbound service information is filtered first and then services in proximity are filtered and only the services in proximity are offered to the user.

Proximity based filtering applies to response filtering and not to redistribution or queries.

For example, consider this scenario. In a network, AirPlay and printer services are available, and are part of the mDNS cache. The AirPlay service is defined in the proximity group of the requesting client whereas the printer service is not. When the requesting client or device in the network queries for the AirPlay service, the out-going filter will filter all available Airplay and printer services in the mDNS cache first, and then filter Airplay services in the proximity. Only the Airplay services in the proximity are returned to the user. If the client requests printer services, all printer services in the mDNS cache are returned.

Examples

The following example shows you how to configure service policy proximity filtering on a wireless device:


Device> enable
Device# configure terminal
Device(config)# interface Vlan136
Device(config-if)# service-routing mdns-sd
Device(config-if-mdns-sd)# service-policy-proximity permit-airplay limit 10
Device(config-if-mdns-sd)# exit

 

service-policy-query

To configure an active query and active query period, use the service-policy-query command in multicast Domain Name System (mDNS) configuration mode. To disable an active query, use the no form of this command.

service-policy-query service-list-name query-period

no service-policy-query service-list-name query-period

Syntax Description

service-list-name

Service-list name; services in the specified service-list are queried according to the period specified in the service-list-query-period argument.

query-period

Service-list query period, in seconds.

Command Default

An active query is not configured for browsing services.

Command Modes

Multicast DNS configuration (config-mdns)

Command History

Release

Modification

15.2(1)E

This command was introduced.

Usage Guidelines

An active query enables browsing of services specified within the query. The service-policy-query command can only be used for enabling browsing of services periodically. Before configuring an active query for browsing services, you must create an active query and specify services within it. To create an active query, use the command service-list mdns-sd .

Examples

The following example shows creation of an active query and active query period:


Device> enable
Device# configure terminal
Device(config)# service-routing mdns-sd
Device(config-mdns)# service-policy-query sl4 100
Device(config-mdns)# exit 

 

Note


In the above example, sl4 is the active query. If printer services are specified within the query, then the printer services connected to the device are browsed every 100 seconds and stored in cache.


service-policy-query (interface)

To configure periodic browsing of services on an interface or to stop browsing of services on an interface, use the service-policy-query (interface) command in interface multicast Domain Name System (mDNS) configuration mode. To disable periodic browsing of services on an interface, use the no form of this command.

service-policy-query { service-list-name query-period | disable}

no service-policy-query

Syntax Description

service-list-name

Service-list name; services in the specified service-list are browsed periodically on the interface.

query-period

Service-list query period, in seconds.

disable

Disables browsing of specified services on the interface.

Note

 
There is a difference between the no form of this command and the disable option.
  • no form - If you have enabled browsing of printer services for a specific interface which has a printer connected, and if the printer is removed from the interface, then you can use the no form to stop browsing printer services on the interface.

  • disable option - If you have enabled browsing for specific services, such as printer services, on the device (globally configured), then printer services are periodically searched for on all the interfaces of the device. If there is an interface where there is no printer service available, you can use the disable option to disable browsing of printer services only for the interface.

Command Default

An active query for browsing services on an interface does not exist by default.

Command Modes

Interface mDNS configuration (config-if-mdns-sd)

Command History

Release

Modification

15.2(3)E

This command was introduced.

Cisco IOS XE 3.7E

This command was integrated into the Cisco IOS XE 3.7E release.

15.5(2)S

This command was integrated into Cisco IOS Release 15.5(2)S.

Cisco IOS XE Release 3.15S

This command was integrated into the Cisco IOS XE Release 3.15S.

Usage Guidelines


Remember


You must first create an active query and specify services within it, using the service-list mdns-sd command. Only then can you enable periodic browsing of those services on the interface, using the service-policy-query (interface) command.


The disable option can only be used for interfaces. If you have enabled browsing of certain types of service globally, you can stop those services from being browsed on some interfaces by using this option. For example, if an active query is created for browsing printer services and applied globally, then all interfaces on the device will browse printer services periodically. If some interfaces don't have printer services, then you can disable browsing of printer services on those interfaces.

Examples

The following example shows how to enable browsing of printer services on an interface :


Device> enable
Device# configure terminal
Device# interface ethernet0/1
Device(config-if)# service-routing mdns-sd
Device(config-if-mdns-sd)# service-policy-query AQ-int 1000
Device(config-if-mdns-sd)# exit
Device(config-if)# 

 

Note


In the above example, AQ-int is the service-list that contains printer services. Printer services connected to the interface are browsed every 1000 seconds and stored in cache.


service-routing mdns-sd

To enable multicast Domain Name System (mDNS) gateway functionality for a device or interface, use the service-routing mdns-sd command in global or interface configuration mode. To disable mDNS gateway functionality for a device or interface, use the no form of this command.

service-routing mdns-sd

no service-routing mdns-sd

Syntax Description

This command has no arguments or keywords.

Command Default

The mDNS gateway functionality is disabled for a device or interface.

Command Modes

Global configuration (config)

Interface configuration (config-if)

Command History

Release

Modification

15.2(1)E

This command was introduced.

15.2(1)SY

This command was integrated into Cisco IOS Release 15.2(1)SY.

15.5(2)S

This command was integrated into Cisco IOS Release 15.5(2)S.

Usage Guidelines

The service-routing mdns-sd command enables you to enter multicast DNS configuration (config-mdns) mode. In this mode, you can apply in-bound and out-bound filters (using the service-policy command) and use active queries. When you enable mDNS gateway functionality for an interface, the command enters multicast DNS interface configuration (config-if-mdns-sd) mode.

You can use the following options in the mDNS configuration (config-mdns) mode and the mDNS interface configuration (config-if-mdns-sd) mode:

Purpose

Use this Command

Note

 
The complete syntax is provided in the corresponding command page.

Global and Interface Configuration Options

For a service-list, apply a filter on incoming service discovery information or outgoing service discovery information.

service-policy

Global and interface levels.

Set some part of the system memory for cache.

cache-memory-max

Global level.

Configure an active query and active query period.

Note

 

Service-lists of the type query can be used to browse services. Such queries are called active queries

service-policy-query

Global level.

Designate a specific device or interface in a domain for routing mDNS announcement and query information.

designated-gateway

Global and interface levels.

Configure service policy proximity filtering on the device.

service-policy-proximity

Global and interface levels.

Configure service-type enumeration period for the device.

service-type-enumeration period

Global level.

Specify an alternate source interface for outgoing mDNS packets on a device.

source-interface

Global level.

Configure the maximum rate limit of incoming mDNS packets for a device.

rate-limit

Global level.

Speeds up visibility of newly announced services and withdrawal of services when a service or device is turned off.

redistribute

Interface level.

Examples

The following example shows how to enable the mDNS gateway for a device and apply a service policy:


Device> enable
Device# configure terminal
Device(config)# service-routing mdns-sd
Device(config-mdns)# service-policy serv-pol1 IN
Device(config-mdns)# exit

 

service-type-enumeration period

To configure a service-type enumeration period, use the service-type-enumeration period command in multicast Domain Name System (mDNS) configuration mode. To disable service-type enumeration period, use the no form of this command.

service-type-enumeration period period-value

no service-type-enumeration period period-value

Syntax Description

period-value

Service-type enumeration period, in minutes.

Command Default

Service-type enumeration period is not configured.

Command Modes

Multicast DNS configuration (config-mdns)

Command History

Release

Modification

15.2(2)E

This command was introduced.

Cisco IOS XE 3.6E

This command was integrated into the Cisco IOS XE 3.6E release.

15.2(1)SY

This command was integrated into Cisco IOS Release 15.2(1)SY.

15.5(2)S

This command was integrated into Cisco IOS Release 15.5(2)S.

Examples

The following example shows you how to configure a service-type enumeration period of 45 minutes:


Device> enable
Device# configure terminal
Device(config)# service-routing mdns-sd
Device(config-mdns)# service-type-enumeration period 45
Device(config-mdns)# exit 

 

set ip next-hop dynamic dhcp

To set the next hop to the gateway that was most recently learned by the Dynamic Host Configuration Protocol (DHCP) client, use the set ip next-hop dynamic dhcp command in route-map configuration mode. To restore the default setting, use the no form of this command.

set ip next-hop dynamic dhcp

no set ip next-hop dynamic dhcp

Syntax Description

This command has no arguments or keywords.

Command Default

This command is disabled by default.

Command Modes

Route-map configuration (config-router)

Command History

Release

Modification

12.3(2)XE

This command was introduced.

12.3(8)T

This command was integrated into Cisco IOS Release 12.3(8)T.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.

12.2(33)SRE

This command was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

The set ip next-hop dynamic dhcp command supports only a single DHCP interface. If multiple interfaces have DHCP configured, the gateway that was most recently learned among all interfaces running DHCP will be used by the route map.

Examples

The following example shows how to configure a local routing policy that sets the next hop to the gateway that was most recently learned by the DHCP client:


access list 101 permit icmp any host 172.16.23.7 echo
route map MY-LOCAL-POLICY permit 10
 match ip address 101
 set ip next-hop dynamic dhcp
!
ip local policy route-map MY-LOCAL-POLICY

set platform software trace forwarding-manager alg

To set the platform software trace levels for the forwarding manager application layer gateway (ALG), use the set platform software trace forwarding-manager alg command in privileged EXEC mode.

set platform software trace forwarding-manager {F0 | F1 | FP | R0 | R1 | RP} {active | standby} alg {debug | emergency | error | info | noise | notice | verbose | warning}

Syntax Description

F0

Specifies slot 0 of the Embedded Service Processor (ESP).

F1

Specifies slot 1 of the ESP.

FP

Specifies the ESP.

R0

Specifies slot 0 of the Route Processor (RP).

R1

Specifies slot 1 of the RP.

RP

Specifies the RP.

active

Specifies the active instance of the processor.

standby

Specifies the standby instance of the processor.

debug

Sets debug messages for ALGs.

emergency

Sets emergency messages for ALGs.

error

Sets error messages for ALGs.

info

Sets informational messages for ALGs.

noise

Sets the maximum message level for ALGs.

notice

Sets notice messages for ALGs.

verbose

Sets detailed debug messages for ALGs.

warning

Sets warning messages for ALGs.

Command Default

Trace levels are not set.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Release 3.11S

This command was introduced.

Usage Guidelines

Use this command to troubleshoot platform-specific ALG issues.

Examples

The following is example shows how to set platform-specific debug messages for ALGs:

Device# set platform software trace forwarding-manager FP active alg debug

 

show alg sip

To display all Session Initiation Protocol (SIP) application layer gateway (ALG) information, use the show alg sip command in privileged EXEC mode.

show alg sip

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Release 3.11S

This command was introduced.

Usage Guidelines

This command displays information about the configured parameters for SIP sessions.

Examples

The following is sample output from the show alg sip command:

Device# show alg sip

sip timer configuration
   Type                      Seconds
   max-call-duration         380        
   call-proceeding-timeout   620        

sip processor configuration
   Type           Backlog number
   session         14         
   global          189        

sip blacklist configuration
   dst-addr         trig-period(ms)    trig-size     block-time(sec) 
   10.0.0.0             60                 30              2000                
   10.1.1.1             20                 30              30                  
   192.0.2.115          1000                5              30                  
   198.51.100.34        20                 30              388   

 

The table below describes the significant fields shown in the display.

Table 1. show alg sip Field Descriptions

Field

Description

sip timer configuration

Information about the configured SIP timers.

max-call-duration

Maximum call duration, in seconds, for a successful SIP call.

call-proceeding-timeout

Call proceeding time interval, in seconds, for SIP calls that do not receive a response.

sip processor configuration

Number of backlog messages that are waiting for shared resources.

session

Number of backlog messages in a session that are waiting for shared resources.

global

Number of backlog messages in all sessions that are waiting for shared resources.

sip blacklist configuration

Blacklist criteria configured for all destinations.

dst-addr

Destination IP address to be monitored.

trig-period (ms)

Time period, in milliseconds, during which events are monitored before a blacklist is triggered.

trig-size

Number of events that are allowed from a source before the blacklist is triggered and all packets from that source are blocked.

block-time (sec)

Time period, in seconds, when packets from a source are blocked if the configured limit exceeds.

show arp

To display the entries in the Address Resolution Protocol (ARP) table, use the show arp command in user EXEC or privileged EXEC mode.

show arp [ [vrf vrf-name] [ [arp-mode] [ [ip-address [mask] ] [interface-type interface-number]]]] [detail]

Syntax Description

vrf vrf-name

(Optional) Displays the entries under the Virtual Private Network (VPN) routing and forwarding (VRF) instance specified by the vrf-name argument.

If this option is specified, it can be followed by any valid combination of the arp-mode , ip-address , mask , interface-type , and interface-number arguments and the detail keyword.

arp-mode

(Optional) Displays the entries that are in a specific ARP mode. This argument can be replaced by one of the following keywords:

  • alias --Displays only alias ARP entries. An alias ARP entry is a statically configured (permanent) ARP table entry that is associated with a local IP address. This type of entry can be configured or removed using the arp (global) command with the alias keyword.

  • dynamic --Displays only dynamic ARP entries. A dynamic ARP entry is learned through an ARP request and completed with the MAC address of the external host.

  • incomplete --Displays only incomplete ARP entries. An incomplete ARP entry is learned through an ARP request but has not yet been completed with the MAC address of the external host.

  • interface --Displaysonly interface ARP entries. An interface ARP entry contains a local IP address and is derived from an interface.

  • static --Displays only static ARP entries. A static ARP entry is a statically configured (permanent) ARP entry that is associated with an external host. This type of entry can be configured or removed using the arp (global) command.

Note

 

If this option is specified, it can be followed by any valid combination of the ip-address , mask , interface-type , and interface-number arguments and the detail keyword.

ip-address [mask ]

(Optional) Displays the entries associated with a specific host or network.

Note

 

If this option is specified, it can be followed by any valid combination of the interface-type and interface-number arguments and the detail keyword.

interface-type interface-number

(Optional) Displays the specified entries that are also associated with this router interface.

Note

 

If this option is specified, it can be followed by the detail keyword.

detail

(Optional) Displays the specified entries with mode-specific details and information about subblocks (if any).

Command Modes

User EXEC Privileged EXEC

Command History

Release

Modification

10.0

This command was introduced.

12.2(14)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2(17d)SXB

Support for this command on the Supervisor Engine 2 was extended to the 12.2 SX release.

12.4(11)T

The vrf keyword and vrf-name argument were added to limit the display to entries under a specific VRF. The alias , dynamic , incomplete , interface , and static keywords were added to limit the display to entries in a specific ARP mode. The ip-address and mask arguments were added to limit the display to entries for a specific host or network. The interface-type and interface-number arguments were added to limit the display to entries for a specific interface. The detail keyword was added to display additional details about the entries.

12.2(33)SRB

This command was integrated into Cisco IOS Release 12.2(33)SRB.

Usage Guidelines

To display all entries in the ARP cache, use this command without any arguments or keywords.

Entry Selection Options

You can to limit the scope of the command output by applying various combinations of the following ARP entry selection criteria:

  • Entries under a specific VRF

  • Entries in a specific ARP mode

  • Entries for a specific host or entries for a specific network

  • Entries associated with a specific router interface


Tip


The valid interface types and numbers can vary according to the router and the interfaces on the router. To list all the interfaces configured on a particular router, use the show interfaces command with the summary keyword. Use the appropriate interface specification, typed exactly as it is displayed under the Interface column of the show interfaces command output, to replace the interface-type and interface-number arguments in the show arp command.


Detailed Output Format

To include additional details about each ARP entry displayed, use this command with the detail keyword. When this display option is used, the following additional information is included:

  • Mode-specific details (such as entry update time)

  • Subblocks (if any)

ARP Adjacency Notification

If Cisco Express Forwarding (CEF) is enabled on the router, the router maintains forwarding information (outbound interface and MAC header rewrite) for adjacent nodes. A node is said to be adjacent to another node if the node can be reached with a single hop across a link layer (Layer 2). CEF stores the forwarding information in an adjacency database so that Layer 2 addressing information can be inserted into link-layer headers attached to the ARP packets.

  • To verify that IPv4 CEF is running, use the show ip cef command.

  • To verify that an adjacency exists for a connected device, that the adjacency is valid, and that the MAC header rewrite string is correct, use the show adjacency command.

The ARP table information is one of the sources for CEF adjacency. Whenever the ARP subsystem attaches an ARP table entry to an outbound interface with a valid hardware address, the subsystem issues an internal “ARP adjacency” notification. The notification causes an ARP background process to synchronize that ARP entry with CEF adjacency via the adjacency database. If the synchronization succeeds, IP ARP adjacency is said to be “installed”; if the synchronization fails, IP ARP adjacency is said to have been “withdrawn.”


Note


Attachment to an outbound interface occurs only for ARP entries in the following modes: alias, dynamic, static, Application Simple, and Application Timer.


To display detailed information about any ARP adjacency notification that may have occurred, use the show arp command with the detail keyword. You can use this information to supplement the information available through ARP/CEF adjacency debug trace. To enable debug trace for ARP/CEF adjacency interactions, use the debug arp command with the adjacency keyword.

ARP Cache Administration

To refresh all entries for the specified interface (or all interfaces) or to refresh all entries of the specified address (or all addresses) in the specified VRF table (or in the global VRF table), use the clear arp-cache command.

To enable debugging output for ARP transactions, use the debug arp command.

Examples

The following is sample output from the show arp command with no optional keywords or arguments specified:


Router# show arp
 
Protocol   Address          Age (min)   Hardware Addr    Type    Interface
Internet   192.0.2.112      120         0000.a710.4baf   ARPA    Ethernet3
AppleTalk  4028.5           29          0000.0c01.0e56   SNAP    Ethernet2
Internet   192.0.2.114      105         0000.a710.859b   ARPA    Ethernet3
AppleTalk  4028.9           -           0000.0c02.a03c   SNAP    Ethernet2
Internet   192.0.2.121      42          0000.a710.68cd   ARPA    Ethernet3
Internet   192.0.2.9        -           0000.3080.6fd4   SNAP    TokenRing0
AppleTalk  4036.9           -           0000.3080.6fd4   SNAP    TokenRing0
Internet   192.0.2.9        -           0000.0c01.7bbd   SNAP    Fddi0

The table below describes the fields shown in the display.

Table 2. show arp Field Descriptions

Field

Description

Protocol

Protocol for network address in the Address field.

Address

The network address that corresponds to the Hardware Address.

Age (min)

Age in minutes of the cache entry. A hyphen (-) means the address is local.

Hardware Addr

LAN hardware address of a MAC address that corresponds to the network address.

Type

Indicates the encapsulation type the Cisco IOS software is using for the network address in this entry. Possible values include:

  • ARPA--For Ethernet interfaces.

  • SAP--For Hewlett-Packard interfaces.

  • SMDS--For Switched Multimegabit Data Service (SMDS) interfaces.

  • SNAP--For FDDI and Token Ring interfaces.

  • SRP-A--For Switch Route Processor, side A (SRP-A) interfaces.

  • SRP-B--For Switch Route Processor, side B (SRP-B) interfaces.

Interface

Indicates the interface associated with this network address.

When this command is used to display dynamic ARP entries, the display information includes the time of the last update and the amount of time before the next scheduled refresh is to occur. The following is sample output from the show arp command for the dynamic ARP entry at network address 192.0.2.1:


Router# show arp 192.0.2.1 detail
 
ARP entry for 192.0.2.1, link type IP.
  Alias, last updated 13323 minutes ago.
  Encap type is ARPA, hardware address is 1234.1234.1234, 6 bytes long.
  ARP subblocks:
  * Static ARP Subblock
    Floating entry.
    Entry is complete, attached to GigabitEthernet1/1.
  * IP ARP Adjacency
    Adjacency (for 192.0.2.1 on GigabitEthernet1/1) was installed.

When this command is used to display floating static ARP entries, the display information includes the associated interface, if any.The following is sample output from the show arp command for the floating static ARP entry at network address 192.0.2.2 whose intended interface is down:


Router# show arp 192.0.2.2 detail
 
ARP entry for 192.0.2.2, link type IP.
  Alias, last updated 13327 minutes ago.
  Encap type is ARPA, hardware address is 1234.1234.1234, 6 bytes long.
  ARP subblocks:
  * Static ARP Subblock
    Floating entry.
    Entry is incomplete.
  * IP ARP Adjacency
    Adjacency (for 192.0.2.2 on GigabitEthernet1/1) was withdrawn.

The following is sample detailed output from the show arp command for the Application Alias ARP entry at network address 192.0.2.3:


Router# show arp 192.0.2.3 detail
 
ARP entry for 192.0.2.3, link type IP.
  Application Alias, via Ethernet2/2, last updated 0 minute ago.
  Created by "HSRP".
  Encap type is ARPA, hardware address is 0000.0c07.ac02, 6 bytes long.
  ARP subblocks:
  * Application Alias ARP Subblock
  * HSRP
    ARP Application entry for application HSRP.

The following is sample detailed output from the show arp command for all dynamic ARP entries:


Router# show arp dynamic detail
 
ARP entry for 192.0.2.4, link type IP.
  Dynamic, via Ethernet2/1, last updated 0 minute ago.
  Encap type is ARPA, hardware address is 0000.0000.0014, 6 bytes long.
  ARP subblocks:
  * Dynamic ARP Subblock
    Entry will be refreshed in 0 minute and 1 second.
    It has 1 chance to be refreshed before it is purged.
    Entry is complete.
  * IP ARP Adjacency
    Adjacency (for 192.0.2.4 on Ethernet2/1) was installed.

show arp application

To display Address Resolution Protocol (ARP) table information for a specific ARP application or for all applications supported by ARP and running on registered clients, use the show arp application command in user EXEC or privileged EXEC mode.

show arp application [application-id] [detail]

Syntax Description

application-id

(Optional) Displays ARP table information for a specific ARP application. The range is from 200 to 4294967295. If no ID is specified, ARP table information is displayed for all supported ARP applications running on registered clients.

detail

(Optional) Includes detailed information about subblocks for ARP table information displayed (for the specified application or for all applications supported by ARP and running on registered clients).

Command Modes

User EXEC Privileged EXEC

Command History

Release

Modification

12.4(11)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(33)SRB

This command was integrated into Cisco IOS Release 12.2(33)SRB.

Usage Guidelines

To display ARP table information about all supported ARP applications running on registered clients, use this command without any arguments or keywords.

Entry Selection Options

To display ARP table information about a single ARP application running on a registered client, use this command with the application-ID argument.

Detailed Output Format

To display the specified ARP table information along with detailed information about any subblocks, use this command with the detail keyword. The additional details consist of the following information:

  • IP address or network

  • ARP table entry type (dynamic, interface, static, or alias) or ARP application mode (Simple Application or Application Alias)

  • Associated interface

  • Brief description of the subblock data

Examples

The following is sample output from the show arp application command:


Router# show arp application
 
Number of clients registered: 7
Application         ID        Num of Subblocks
ARP Backup          200       1
IP SIP              201       0
LEC                 202       0
DHCPD               203       0
IP Mobility         204       0
HSRP                209       1
IP ARP Adjacency    212       2

The following is sample detailed output from the show arp application detail command:


Router# show arp application detail
 
Number of clients registered: 7
Application         ID        Num of Subblocks
ARP Backup          200       1
ARP entry for 192.0.2.10, link type IP.
  Application Alias, via Ethernet2/2.
    Subblock data:
    Backup for Interface on Ethernet2/2
Application         ID        Num of Subblocks
IP SIP              201       0
Application         ID        Num of Subblocks
LEC                 202       0
Application         ID        Num of Subblocks
DHCPD               203       0
Application         ID        Num of Subblocks
IP Mobility         204       0
Application         ID        Num of Subblocks
HSRP                209       1
ARP entry for 192.0.2.10, link type IP.
  Application Alias, via Ethernet2/2.
    Subblock data:
    ARP Application entry for application HSRP.
Application         ID        Num of Subblocks
IP ARP Adjacency    212       2
ARP entry for 192.0.2.4, link type IP.
  Dynamic, via Ethernet2/1.
    Subblock data:
    Adjacency (for 192.0.2.4 on Ethernet2/1) was installed.
ARP entry for 192.0.2.2, link type IP.
  Dynamic, via Ethernet2/1.
    Subblock data:
    Adjacency (for 192.0.2.2 on Ethernet2/1) was installed.

The table below describes the significant fields shown in the display.

Table 3. show arp application Field Descriptions

Field

Description

Application

ARP application name

ID

ARP application ID number

Num of Subblocks

Number of subblocks attached

show arp ha

To display the status and statistics of Address Resolution Protocol (ARP) high availability (HA), use the show arp ha command in user EXEC or privileged EXEC mode.

show arp ha

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC Privileged EXEC

Command History

Release

Modification

12.4(11)T

This command was introduced.

12.2(33)SRE

This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

Use this command to display the ARP HA status and statistics.

HA-Capable Platforms

This command is available only on HA-capable platforms (that is, Cisco networking devices that support dual Route Processors [RPs]).

ARP HA Statistics

The ARP HA process collects one set of statistics for the active RP (described in the show arp ha Field Descriptions for Statistics Collected for an Active RP table below) and a different set of statistics for the standby RP (described in the show arp ha Field Descriptions for Statistics Collected for a Standby RP table below). These statistics can be used to track the RP state transitions when a user is debugging ARP HA issues.

The output from this command depends on the current and most recent states of the RP:

  • For the active RP that has been the active RP since the last time the router was rebooted, this command displays the HA statistics for the active RP.

  • For the active RP that had been a standby RP and became the active RP after the most recent stateful switchover (SSO) occurred, this command displays the HA statistics for the active RP plus the HA statistics collected when the RP was a standby RP.

  • For a standby RP, this command displays the HA statistics for a standby RP.

Examples

The following is sample output from the show arp ha command on the active RP that has been the active RP since the last time the router was rebooted. ARP HA statistics are displayed for the active state only.


Router# show arp ha
 
ARP HA in active state (ARP_HA_ST_A_UP_SYNC).
  2 ARP entries in the synchronization queue.
  No ARP entry waiting to be synchronized.
  806 synchronization packets sent.
  No error in allocating synchronization packets.
  No error in sending synchronization packets.
  No error in encoding interface names.

The following is sample output from the show arp ha command on the active RP that had been a standby RP and became the active RP after the most recent SSO occurred. ARP HA statistics are displayed for the active state and also for the previous standby state.


Router# show arp ha
 
ARP HA in active state (ARP_HA_ST_A_UP).
  1 ARP entry in the synchronization queue.
  1 ARP entry waiting to be synchronized.
  No synchronization packet sent.
  No error in allocating synchronization packets.
  No error in sending synchronization packets.
  No error in encoding interface names.
Statistics collected when ARP HA in standby state:
  No ARP entry in the backup table.
  808 synchronization packets processed.
  No synchronization packet dropped in invalid state.
  No error in decoding interface names.
  2 ARP entries restored before timer.
  No ARP entry restored on timer.
  No ARP entry purged since interface is down.
  No ARP entry purged on timer.

The following is sample output from the show arp ha command on the standby RP. ARP HA statistics are displayed for the standby state only.


Router# show arp ha
 
ARP HA in standby state (ARP_HA_ST_S_UP).
  2 ARP entries in the backup table.
  806 synchronization packets processed.
  No synchronization packet dropped in invalid state.
  No error in decoding interface names.

The table below describes the significant fields shown in the display collected for an active RP.

Table 4. show arp ha Field Descriptions for Statistics Collected for an Active RP

Field

Description

ARP HA in active state

The current state that the event-driven state machine contains for the active RP:

  • ARP_HA_ST_A_BULK--Transient state in which the active RP waits for the standby RP to signal that it has finished processing of the entries sent by the bulk-synchronization operation.

  • ARP_HA_ST_A_SSO--Transient state in which the new active RP waits for the signal to be fully operational.

  • ARP_HA_ST_A_UP--Active state in which the active RP does not send entries to the standby RP. The active RP transitions into this state either because the standby RP has not come up yet or because a previous synchronization has failed.

  • ARP_HA_ST_A_UP_SYNC--Active state in which the active RP sends entries from the synchronization queue to the standby RP. The active RP transitions into this state when the number of entries to be synchronized reaches a threshold or when the synchronization timer expires, whichever occurs first.

ARP entries in the synchronization queue

Number of ARP entries that are queued to be synchronized or have already been synchronized to the standby RP.

Note

 

Entries that have already been synchronized are kept in the synchronization queue in case the standby RP reloads. After the standby RP reboots, the entire queue (including entries that were already synchronized to the standby RP before the reload) must be bulk-synchronized to the standby RP.

ARP entry waiting to be synchronized

Number of ARP entries that are queued to be synchronized to the standby RP.

synchronization packets sent

Number of synchronization packets that have been sent to the standby RP.

error in allocating synchronization packets

Number of errors that occurred while synchronization packets were being allocated.

error in sending synchronization packets.

Number of errors that occurred while synchronization packets were being sent to the standby RP.

error in encoding interface names

Number of errors that occurred while interface names were being encoded.

The table below describes the significant fields shown in the display collected for a standby RP or for an active RP that was previously in the active state.

Table 5. show arp ha Field Descriptions for Statistics Collected for a Standby RP

Field

Description

ARP HA in standby state

The current state that the event-driven state machine contains for the standby RP:

  • ARP_HA_ST_S_BULK--Transient state in which the standby RP processes the entries sent by the bulk-synchronization operation. After the active RP signals that it has finished sending entries, the standby RP transitions into the ARP_HA_ST_S_UP state and then signals back to the active RP that it has finished processing the entries sent by the bulk-synchronization operation.

  • ARP_HA_ST_S_UP--Active state in which the standby RP processes the incremental ARP synchronization entries from the active RP. When the switchover occurs, the standby RP transitions to the ARP_HA_ST_A_SSO state.

ARP entries in the backup table

Number of ARP entries contained in the backup ARP table.

synchronization packets processed

Number of synchronization packets that were processed.

synchronization packet dropped in invalid state

Number of synchronization packets that were dropped due to an invalid state.

error in decoding interface names

Number of errors that occurred in decoding interface names.

ARP entries restored before timer

Number of ARP entries that the new active RP restored prior to expiration of the “flush” timer.

ARP entry restored on timer

Number of ARP entries that the new active RP restored upon expiration of the “flush” timer.

ARP entry purged since interface is down

Number of ARP entries that the new active RP purged because the interface went down.

ARP entry purged on timer

Number of ARP entries that the new active RP purged upon expiration of the “flush” timer.

show arp summary

To display the total number of Address Resolution Protocol (ARP) table entries, the number of ARP table entries for each ARP entry mode, and the number of ARP table entries for each interface on the router, use the show arp summary command in user EXEC or privileged EXEC mode.

show arp summary

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC Privileged EXEC

Command History

Release

Modification

12.4(11)T

This command was introduced.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

12.2(33)SRB

This command was integrated into Cisco IOS Release 12.2(33)SRB.

12.2(33)SRD3

This command was modified. Support was added for the Cisco 7600 router.

Usage Guidelines

Use this command to display high-level statistics about the ARP table entries:

  • Total number of ARP table entries

  • Number of ARP table entries for each ARP mode

  • Number of ARP table entries for each router interface

A maximum limit for learned ARP entries can be configured on the Cisco 7600 platform in Cisco IOS Release 12.2(33)SRD3. This is subject to memory constraints. The 7600 can support a maximum limit of 256,000 learned ARP entries, and if a memory card is installed on the router the maximum limit is extended to 512,000.

Examples

The following is sample output from the show arp summary command:


Note


In this example the maximum limit for the number of learned ARP entries has not been configured.



Router# show arp summary
 
Total number of entries in the ARP table: 10.
Total number of Dynamic ARP entries: 4.
Total number of Incomplete ARP entries: 0.
Total number of Interface ARP entries: 4.
Total number of Static ARP entries: 2.
Total number of Alias ARP entries: 0.
Total number of Simple Application ARP entries: 0.
Total number of Application Alias ARP entries: 0.
Total number of Application Timer ARP entries: 0.
Interface Entry Count
Ethernet3/2 1

The following is sample output from the show arp summary command on a Cisco 7600 router for Cisco IOS Release 12.2(33)SRD3, after a maximum limit is set for the number of learned ARP entries:


Router> enable
Router# configure terminal
Router(config)# ip arp entry learn 512000
Router(config)# exit
Router# show arp summary
Total number of entries in the ARP table: 4.
Total number of Dynamic ARP entries: 0.
Total number of Incomplete ARP entries: 0.
Total number of Interface ARP entries: 3.
Total number of Static ARP entries: 1.
Total number of Alias ARP entries: 0.
Total number of Simple Application ARP entries: 0.
Total number of Application Alias ARP entries: 0.
Total number of Application Timer ARP entries: 0.
Maximum limit of Learn ARP entry : 512000.
Maximum configured Learn ARP entry limit : 512000.
Learn ARP Entry Threshold is 409600 and Permit Threshold is 486400.
Total number of Learn ARP entries: 0.
Interface              Entry Count
GigabitEthernet4/7               1
GigabitEthernet4/1.1             1
GigabitEthernet4/1               1
EOBC0/0

The table below describes the fields shown in the display.

Table 6. show arp summary Command Field Descriptions

Field

Description

Total Number of entries in the ARP table

Displays the number of entries in the ARP table.

Total number of Dynamic ARP entries

Displays the number of ARP entries in the dynamic state.

Total number of Incomplete ARP entries

Displays the number of ARP entries in the incomplete state.

Total number of Interface ARP entries

Displays the number of ARP entries on ARP enabled interfaces.

Total number of Static ARP entries

Displays the number of active statically configured ARP entries.

Total number of Alias ARP entries

Displays the number of active statically configured alias entries.

Total number of Simple Application ARP entries

Displays the number of ARP entries in the simple application mode.

Total number of Application Alias ARP entries

Displays the number of ARP entries in the application alias mode.

Total number of Application Timer ARP entries

Displays the number of ARP entries in the application timer mode.

Maximum limit of Learn ARP entry

Displays the allowed maximum limit for the learned ARP entries.

Maximum configured Learn ARP entry limit

Displays the figure the maximum learned ARP entry limit is set to.

Learn ARP Entry Threshold

Displays the value representing 80 percent of the set maximum learned ARP entry limit.

Permit Threshold

Displays the value representing 95 percent of the set maximum learned ARP entry limit.

Total number of Learn ARP entries

Displays the total number of learned ARP entries.

Interface

Lists the names of the ARP enabled interfaces.

Entry Count

Displays the number of ARP entries on each ARP enabled interface

show auto-ip-ring

To display auto-IP ring information for a specific device or auto-IP ring, use the show auto-ip-ring command in privileged EXEC mode.

show auto-ip-ring [ ring-id] [ detail]

Syntax Description

ring-id

(Optional) Auto-IP ring identification number.

detail

(Optional) Specifies detailed information for auto-IP enabled interfaces, including the neighbor interface’s auto-IP address, interface IP address, and priority value. If the auto-IP enabled interface is assigned to a VRF, the VRF name is displayed.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.10S

This command was introduced.

15.3(3)S

This command was integrated into Cisco IOS Release15.3(3)S

Cisco IOS XE Release 3.12S

This command was modified. The VRF Name field was added in the command output.

15.4(2)S

This command was integrated into Cisco IOS Release15.4(2)S.

Usage Guidelines

To view auto-IP information for all auto-IP enabled node interfaces for a device, use the show auto-ip-ring command without the ring-id argument.

To view auto-IP information for a specific auto-IP ring, use the ring-id argument. If the auto-IP enabled interface is assigned to a VRF, use the detail keyword to view the VRF name.

Examples

The following is sample output for the show auto-ip-ring detail command. This command displays auto-IP ring information for VRF interfaces.


Device# show auto-ip-ring detail

Auto-IP ring 7
Auto-IP Address         : 10.1.1.11

VRF Name                : 3
Ring Port1              : Ethernet1/1
My Current-IP           : 10.1.1.11
My Priority             : 2

Rx Auto-IP Address      : 10.1.1.13
Rx Current-IP           : 10.1.1.10
Rx Priority             : 0


VRF Name                : 3
Ring Port0              : Ethernet1/0
My Current-IP           : 10.1.1.8
My Priority             : 0

Rx Auto-IP Address      : 10.1.1.9
Rx Current-IP           : 10.1.1.9
Rx Priority             : 2

      

The following is sample output for the show auto-ip-ring command. The example displays detailed information for the auto-IP ring on a device:


Note


In this example, information for only one node interface (and corresponding neighbor interface information) is displayed. The other interface is not connected to a neighbor node interface since it is an open ring.

Device> enable
Device# show auto-ip-ring 4 detail


Auto-IP ring 4
Auto-IP Address : 10.1.1.3

Ring Port0 : Ethernet0/0
My Current-IP : 10.1.1.0
My Priority : 0

Rx Auto-IP Address : 10.1.1.1
Rx Current-IP : 10.1.1.1
Rx Priority : 2

 
Table 7. show auto-ip-ring Field Descriptions

Field

Description

Auto-IP ring

The auto-IP ring identification number.

Auto-IP Address

The auto IP address configured on the node interface.

VRF Name

VRF which contains auto-IP enabled interfaces. The auto-IP enabled VRF interfaces are displayed in the command output along with the VRF name.

Ring Port0

Node interface for the specified auto-IP ring. Ethernet 0/0 is one of the 2 interfaces in the specified auto-IP ring.

My Current-IP

IP address configured on the interface.

My Priority

Auto-IP TLV priority value sent from the current node interface to the neighbor node interface.

Rx Auto-IP Address

Auto-IP address of the neighbor node interface. This information is received from the connected, neighbor interface.

Rx Current-IP

IP address configured on the neighbor node interface. This information is received from the connected, neighbor interface.

Rx Priority

Priority value of the neighbor node interface. This information is received from the connected, neighbor interface.

show hosts

To display the default domain name, the style of name lookup service, a list of name server hosts, and the cached list of hostnames and addresses specific to a particular Domain Name System (DNS) view or for all configured DNS views, use the show hosts command in privileged EXEC mode.

show hosts [vrf vrf-name] [view [view-name | default]] [all] [hostname | summary]

Syntax Description

vrf vrf-name

(Optional) The vrf-name argument specifies the name of the Virtual Private Network (VPN) routing and forwarding (VRF) instance associated with the DNS view whose hostname cache entries are to be displayed. Default is the global VRF (that is, the VRF whose name is a NULL string) with the specified or default DNS view.

Note

 

More than one DNS view can be associated with a VRF. To uniquely identify a DNS view, specify both the view name and the VRF with which it is associated.

view view-name

(Optional) The view-name argument specifies the DNS view whose hostname cache information is to be displayed. Default is the default (unnamed) DNS view associated with the specified or global VRF.

Note

 

More than one DNS view can be associated with a VRF. To uniquely identify a DNS view, specify both the view name and the VRF with which it is associated.

default

(Optional) Displays the default view.

all

(Optional) Display all the host tables.

hostname

(Optional) The specified hostname cache information displayed is to be limited to entries for a particular hostname. Default is the hostname cache information for all hostname entries in the cache.

summary

(Optional) The specified hostname cache information is to be displayed in brief summary format. Disabled by default.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

10.0

This command was introduced.

12.2T

Support was added for Cisco modem user interface feature.

12.4(4)T

The vrf , all , and summary keywords and vrf-name and hostname arguments were added.

12.4(9)T

The view keyword and view-name argument were added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

This command displays the default domain name, the style of name lookup service, a list of name server hosts, and the cached list of hostnames and addresses specific to a particular DNS view or for all configured DNS views.

If you specify the show hosts command without any optional keywords or arguments, only the entries in the global hostname cache will be displayed.

If the output from this command extends beyond the bottom of the screen, press the Space bar to continue or press the Q key to terminate command output.

Examples

The following is sample output from the show hosts command with no parameters specified:


Router# show hosts
 
Default domain is CISCO.COM
Name/address lookup uses domain service
Name servers are 192.0.2.220
Host Flag Age Type Address(es)
EXAMPLE1.CISCO.COM (temp, OK) 1 IP 192.0.2.10
EXAMPLE2.CISCO.COM (temp, OK) 8 IP 192.0.2.50
EXAMPLE3.CISCO.COM (temp, OK) 8 IP 192.0.2.115
EXAMPLE4.CISCO.COM (temp, EX) 8 IP 192.0.2.111
EXAMPLE5.CISCO.COM (temp, EX) 0 IP 192.0.2.27
EXAMPLE6.CISCO.COM (temp, EX) 24 IP 192.0.2.30

The following is sample output from the show hosts command that specifies the VRF vpn101:


Router# show hosts vrf vpn101
 
Default domain is example.com
Domain list: example1.com, example2.com, example3.com
Name/address lookup uses domain service
Name servers are 192.0.2.204, 192.0.2.205, 192.0.2.206
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
       temp - temporary, perm - permanent
       NA - Not Applicable None - Not defined
Host                      Port  Flags      Age Type   Address(es)
user                      None  (perm, OK)  0   IP    192.0.2.001
www.example.com           None  (perm, OK)  0   IP    192.0.2.111
                                                      192.0.2.112

The table below describes the significant fields shown in the display.

Table 8. show hosts Field Descriptions

Field

Description

Default domain

Default domain name to be used to complete unqualified names if no domain list is defined.

Domain list

List of default domain names to be tried in turn to complete unqualified names.

Name/address lookup

Style of name lookup service.

Name servers

List of name server hosts.

Host

Learned or statically defined hostname. Statically defined hostname-to-address mappings can be added to the DNS hostname cache for a DNS view by using the ip hosts command.

Port

TCP port number to connect to when using the defined hostname in conjunction with an EXEC connect or Telnet command.

Flags

Indicates additional information about the hostname-to-IP address mapping. Possible values are as follows:

  • EX--Entries marked EX are expired.

  • OK--Entries marked OK are believed to be valid.

  • perm--A permanent entry is entered by a configuration command and is not timed out.

  • temp--A temporary entry is entered by a name server; the Cisco IOS software removes the entry after 72 hours of inactivity.

  • ??--Entries marked ?? are considered suspect and subject to revalidation.

Age

Number of hours since the software last referred to the cache entry.

Type

Type of address. For example, IP, Connectionless Network Service (CLNS), or X.121.

If you have used the ip hp-host global configuration command, the show hosts command will display these hostnames as type HP-IP.

Address(es)

IP address of the host. One host may have up to eight addresses.

show ip aliases

To display the IP addresses that are mapped to TCP ports (aliases) and Serial Line Internet Protocol (SLIP) addresses, which are treated similar to aliases, use the show ip aliases command in user EXEC or privileged EXEC mode.

show ip aliases

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

15.1(1)T

This command was integrated into Cisco IOS Release 15.1(1)T. The output of the command was changed to display dynamic and interface IP addresses, even when both IP addresses are the same.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE. The output of the command was changed to display only external IP addresses. Internal IP addresses are not displayed.

Usage Guidelines

To distinguish a SLIP address from a normal alias address, the command output displays SLIP TTY1 for the port number, where 1 is the auxiliary port. The display lists the address type, the IP address, and the corresponding port number. The fields in the output are self-explanatory.

Examples

The following is sample output from the show ip aliases command:


Device# show ip aliases 
Address Type             IP Address           Port 
Dynamic                  198.51.100.1
Dynamic 																	198.51.100.22
Dynamic 																	209.165.200.230
Dynamic 																	203.0.113.2
Interface 															203.0.113.200 							SLIP TTY1
Interface 															198.51.100.100 						SLIP TTY1
Interface 															209.165.201.20 						SLIP TTY1
Dynamic 																	209.165.200.226
Interface 															209.165.200.225

Note


Only external IP addresses are displayed in the show ip aliases command output. Internal IP addresses are not displayed.


show ip arp

To display the Address Resolution Protocol (ARP) cache, where Serial Line Internet Protocol (SLIP) addresses appear as permanent ARP table entries, use the show ip arp EXEC command.

show ip arp [ip-address] [host-name] [mac-address] [interface type number]

Syntax Description

ip-address

(Optional) ARP entries matching this IP address are displayed.

host-name

(Optional) Host name.

mac-address

(Optional) 48-bit MAC address.

interface type number

(Optional) ARP entries learned via this interface type and number are displayed.

Command Modes

EXEC

Command History

Release

Modification

9.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

ARP establishes correspondences between network addresses (an IP address, for example) and LAN hardware addresses (Ethernet addresses). A record of each correspondence is kept in a cache for a predetermined amount of time and then discarded.

Examples

The following is sample output from the show ip arp command:


Router# show ip arp
Protocol  Address              Age(min)       Hardware Addr     Type      Interface
Internet  172.16.233.229       -              0000.0c59.f892    ARPA      Ethernet0/0
Internet  172.16.233.218       -              0000.0c07.ac00    ARPA      Ethernet0/0
Internet  172.16.233.19        -              0000.0c63.1300    ARPA      Ethernet0/0
Internet  172.16.233.309       -              0000.0c36.6965    ARPA      Ethernet0/0
Internet  172.16.168.11        -              0000.0c63.1300    ARPA      Ethernet0/0
Internet  172.16.168.254       9              0000.0c36.6965    ARPA      Ethernet0/0 

The table below describes the significant fields shown in the display.

Table 9. show ip arp Field Descriptions

Field

Description

Protocol

Protocol for network address in the Address field.

Address

The network address that corresponds to the Hardware Address.

Age (min)

Age in minutes of the cache entry. A hyphen (-) means the address is local.

Hardware Addr

LAN hardware address of a MAC address that corresponds to the network address.

Type

Indicates the encapsulation type the Cisco IOS software is using the network address in this entry. Possible value include:

  • ARPA

  • SNAP

  • SAP

Interface

Indicates the interface associated with this network address.

show ip arp inspection

To display the status of DAI for a specific range of VLANs, use the show ip arp inspection command in privileged EXEC mode.

show ip arp inspection [interfaces [interface-name] | statistics [vlan vlan-range]]

Syntax Description

interfaces interface-name

(Optional) Displays the trust state and the rate limit of ARP packets for the provided interface.

statistics

(Optional) Displays statistics for the following types of packets that have been processed by this feature: forwarded, dropped, MAC validation failure, and IP validation failure.

vlan vlan-range

(Optional) Displays the statistics for the selected range of VLANs.

Command Default

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(18)SXE

Support for this command was introduced on the Supervisor Engine 720.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

If you do not enter the statistics keyword, the configuration and operating state of DAI for the selected range of VLANs is displayed.

If you do not specify the interface name, the trust state and rate limit for all applicable interfaces in the system are displayed.

Examples

This example shows how to display the statistics of packets that have been processed by DAI for VLAN 3:


Router# show ip arp inspection statistics vlan 3
 Vlan      Forwarded        Dropped     DHCP Drops     ACL Drops
 ----      ---------        -------     ----------     ----------
    3          31753         102407         102407              0
 Vlan   DHCP Permits    ACL Permits   Source MAC Failures
 ----   ------------    -----------   -------------------
    3          31753              0                    0
 Vlan   Dest MAC Failures   IP Validation Failures
 ----   -----------------   ----------------------
    3                  0                        0

This example shows how to display the statistics of packets that have been processed by DAI for all active VLANs:


Router# show ip arp inspection statistics
 Vlan      Forwarded        Dropped     DHCP Drops     ACL Drops
 ----      ---------        -------     ----------     ----------
    1              0              0              0              0
    2              0              0              0              0
    3          68322         220356         220356              0
    4              0              0              0              0
  100              0              0              0              0
  101              0              0              0              0
 1006              0              0              0              0
 1007              0              0              0              0
 Vlan   DHCP Permits    ACL Permits   Source MAC Failures
 ----   ------------    -----------   -------------------
    1              0              0                    0
    2              0              0                    0
    3          68322              0                    0
    4              0              0                    0
  100              0              0                    0
  101              0              0                    0
 1006              0              0                    0
 1007              0              0                    0
 Vlan   Dest MAC Failures   IP Validation Failures
 ----   -----------------   ----------------------
    1                  0                        0
    2                  0                        0
    3                  0                        0
    4                  0                        0
  100                  0                        0
  101                  0                        0
 1006                  0                        0
 1007                  0                        0

This example shows how to display the configuration and operating state of DAI for VLAN 1:


Router# show ip arp inspection vlan 1
Source Mac Validation      : Disabled
Destination Mac Validation : Disabled
IP Address Validation      : Disabled
 Vlan     Configuration    Operation   ACL Match          Static ACL
 ----     -------------    ---------   ---------          ----------
    1     Enabled          Active                        
 Vlan     ACL Logging      DHCP Logging
 ----     -----------      ------------
    1     Deny             Deny 

This example shows how to display the trust state of Fast Ethernet interface 6/3:


Router# show ip arp inspection interfaces fastEthernet 6/3
Interface        Trust State     Rate (pps)    Burst Interval
 ---------------  -----------     ----------    --------------
 Fa6/1            Untrusted               20                 5

This example shows how to display the trust state of the interfaces on the switch:


Router# show ip arp inspection interfaces
Interface        Trust State     Rate (pps)
 ---------------  -----------     ----------
 Gi1/1            Untrusted               15
 Gi1/2            Untrusted               15
 Gi3/1            Untrusted               15
 Gi3/2            Untrusted               15
 Fa3/3            Trusted               None
 Fa3/4            Untrusted               15
 Fa3/5            Untrusted               15
 Fa3/6            Untrusted               15
 Fa3/7            Untrusted               15

show ip arp inspection log

To show the status of the log buffer, use the show ip arp inspection log command in privileged EXEC mode.

show ip arp inspection log

Syntax Description

This command has no arguments or keywords.

Command Default

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(18)SXE

Support for this command was introduced on the Supervisor Engine 720.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

This example shows how to display the current contents of the log buffer before and after the buffers are cleared:


Router# show ip arp inspection log
Total Log Buffer Size : 10
Syslog rate : 0 entries per 10 seconds.
 Interface        Vlan   Sender MAC         Sender IP        Num of Pkts
 ---------------  -----  -----------------  ---------------  -----------
Fa6/3            1     0002.0002.0002  10.1.1.2          1(12:02:52 UTC Fri Apr 25 2003)
Fa6/3            1     0002.0002.0002  10.1.1.3          1(12:02:52 UTC Fri Apr 25 2003)
Fa6/3            1     0002.0002.0002  10.1.1.4          1(12:02:52 UTC Fri Apr 25 2003)
Fa6/3            1     0002.0002.0002  10.1.1.5          1(12:02:52 UTC Fri Apr 25 2003)
Fa6/3            1     0002.0002.0002  10.1.1.6          1(12:02:52 UTC Fri Apr 25 2003)
Fa6/3            1     0002.0002.0002  10.1.1.7          1(12:02:52 UTC Fri Apr 25 2003)
Fa6/3            1     0002.0002.0002  10.1.1.8          1(12:02:52 UTC Fri Apr 25 2003)
Fa6/3            1     0002.0002.0002  10.1.1.9          1(12:02:52 UTC Fri Apr 25 2003)
Fa6/3            1     0002.0002.0002  10.1.1.10         1(12:02:52 UTC Fri Apr 25 2003)
Fa6/3            1     0002.0002.0002  10.1.1.11         1(12:02:52 UTC Fri Apr 25 2003)
    --            --         --               --        5(12:02:52 UTC Fri Apr 25 2003)

This example shows how to clear the buffer with the clear ip arp inspection log command:


Router# clear ip arp inspection log
 
Router# show ip arp inspection log
 
Total Log Buffer Size : 10
Syslog rate : 0 entries per 10 seconds.
No entries in log buffer.

show ip arp poll

To display the IP Address Resolution Protocol (ARP) host polling status, use the show ip arp poll command in privileged EXEC mode.

show ip arp poll [detail]

Syntax Description

detail

(Optional) Displays the detailed IP ARP host polling status.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

15.1(1)SY

This command was introduced.

Examples

The following is sample output from the show ip arp poll command. The output fields are self-explanatory.

Device# show ip arp poll

Number of IP addresses processed for polling: 438
Number of entries in the queue: 100 (high water mark: 154, max: 1000)
Number of request dropped:
  Queue was full: 1288
  Request was throttled by incomplete ARP: 10
  Duplicate entry found in queue: 1431
     

show ip ddns update

To display information about the Dynamic Domain Name System (DDNS) updates, use the show ip ddns update command in privileged EXEC mode.

show ip ddns update [interface-type number]

Syntax Description

interface-type number

(Optional) Displays DDNS updates configured on an interface.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.3(8)YA

This command was introduced.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

Examples

The following output shows the IP DDNS update method on loopback interface 100 and the destination:


Router# show ip ddns update
Dynamic DNS Update on Loopback100:
 Update Method Name     Update Destination
 testing                10.1.2.3

show ip ddns update method

To display information about the Dynamic Domain Name System (DDNS) update method, use the show ip ddns update method command in privileged EXEC mode.

show ip ddns update method [method-name]

Syntax Description

method-name

(Optional) Name of the update method.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.3(8)YA

This command was introduced.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.

Examples

The following is sample output from the show ip ddns update method command:


Router# show ip ddns update method
Dynamic DNS Update Method: test
  Dynamic DNS update in IOS internal name cache

show ip dhcp binding

To display address bindings on the Cisco IOS Dynamic Host Configuration Protocol (DHCP) server, use the show ip dhcp binding command in user EXEC or privileged EXEC mode.

Cisco IOS Release 12.0(1)T, 12.2(28)SB, and Later Releases

show ip dhcp binding [ip-address]

Cisco IOS Release 12.2(33)SRC and Later 12.2SR Releases

show ip dhcp binding [vrf vrf-name] [ip-address]

Syntax Description

ip-address

(Optional) IP address of the DHCP client for which bindings will be displayed. If the ip-address argument is used with the vrf vrf-name option, the binding in the specified VPN routing and forwarding (VRF) instance is displayed.

vrf vrf-name

(Optional) Specifies the name of a VRF instance.

Command Modes

User EXEC (>) Privileged EXEC (#)

Command History

Release

Modification

12.0(1)T

This command was introduced.

12.0(15)T

The command was modified. Support to display allocated subnets was added to the output.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(33)SRC

This command was integrated into Cisco IOS Release 12.2(33)SRC. The vrf keyword and vrf-name argument were added.

12.2(33)SB9

This command was modified. The output was modified to display the option 82 sub-options of the remote ID and circuit ID.

15.3(3)M

This command was integrated into Cisco IOS Release 15.3(3)M.

Usage Guidelines

This command is used to display DHCP binding information for IP address assignment and subnet allocation. If a specific IP address is not specified, all address bindings are shown. Otherwise, only the binding for the specified client is displayed. The output that is generated for DHCP IP address assignment and subnet allocation is almost identical, except that subnet leases display an IP address followed by the subnet mask (which shows the size of the allocated subnet). Bindings for individual IP address display only an IP address and are not followed by a subnet mask.

Examples

Examples

The following examples show the DHCP binding address parameters, including an IP address, an associated MAC address, a lease expiration date, the type of address assignment that has occurred, and the option 82 suboptions of the remote ID and circuit ID.

The table below describes the significant fields shown in the displays.


Router# show ip dhcp binding 192.0.2.2
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.0.2.2           aabb.cc00.0a00          Apr 28 2010 05:00 AM    Automatic
Remote id : 020a00001400006400000000
Table 10. show ip dhcp binding Field Descriptions

Field

Description

IP address

The IP address of the host as recorded on the DHCP server.

Client-ID/Hardware address/User name

The MAC address or client ID of the host as recorded on the DHCP server.

Lease expiration

The lease expiration date and time of the IP address of the host.

Type

The manner in which the IP address was assigned to the host.

Remote id

Information sent to the DHCP server using a suboption of the remote ID.

Examples

The following example shows the subnet lease to MAC address mapping, the lease expiration, and the lease type (subnet lease bindings are configured to be automatically created and released by default):


Router# show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.0.2.2/24        0063.6973.636f.2d64.    Mar 29 2003 04:36 AM    Automatic
                    656d.6574.6572.2d47.
                    4c4f.4241.4c

The table below describes the significant fields shown in the display.

Table 11. show ip dhcp binding Field Descriptions

Field

Description

IP address

The IP address of the host as recorded on the DHCP server. The subnet that follows the IP address (/26) in the example defines this binding as a subnet allocation binding.

Hardware address

The MAC address or client identifier of the host as recorded on the DHCP server.

Lease expiration

The lease expiration date and time of the IP address of the host.

Type

The manner in which the IP address was assigned to the host.

show ip dhcp conflict

To display address conflicts found by a Dynamic Host Configuration Protocol (DHCP) server when addresses are offered to the client, use the show ip dhcp conflict command in user EXEC or privileged EXEC mode.

show ip dhcp conflict [vrf vrf-name]

Syntax Description

vrf

(Optional) Displays virtual routing and forwarding (VRF) address conflicts found by the DHCP server.

vrf-name

(Optional) The VRF name.

Command Default

If you do not enter the IP address or VRF then all dhcp conflict related information is displayed.

Command Modes

User EXEC (>) Privileged EXEC (#)

Command History

Release

Modification

12.0(1)T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.6

This command was modified. The vrf keyword and vrf-name argument were added.

15.3(3)M

This command was integrated into Cisco IOS Release 15.3(3)M.

Usage Guidelines

The server uses a ping operation to detect conflicts. The client uses gratuitous Address Resolution Protocol (ARP) to detect clients. If an address conflict is detected, the address is removed from the pool and the address is not assigned until an administrator resolves the conflict.

Examples

The following is sample output from the show ip dhcp conflict command, which shows the detection method and detection time for all IP addresses the DHCP server has offered that have conflicts with other devices:


Router# 
show ip dhcp conflict
IP address    Detection method     Detection time         VRF
172.16.1.32   Ping                 Feb 16 1998 12:28 PM   vrf1
172.16.1.64   Gratuitous ARP       Feb 23 1998 08:12 AM   vrf2

The table below describes the fields shown in the display.

Table 12. show ip dhcp conflict Field Descriptions

Field

Description

IP address

The IP address of the host as recorded on the DHCP server.

Detection method

The manner in which the IP address of the hosts were found on the DHCP server. Can be a ping or a gratuitous ARP.

Detection time

The date and time when the conflict was found.

VRF

VRFs configured on the DHCP server.

The following is sample output from the show ip dhcp conflict vrf command:


Router# 
show ip dhcp conflict vrf vrf1
IP address        Detection method   Detection time          VRF
172.16.1.32       Ping               Feb 15 2009 05:39 AM    vrf1

See the table below for the field description.

show ip dhcp database

To display Dynamic Host Configuration Protocol (DHCP) server database agent information, use the show ip dhcp database command in privileged EXEC mode.

show ip dhcp database [url]

Syntax Description

url

(Optional) Specifies the remote file used to store automatic DHCP bindings. Following are the acceptable URL file formats:

  • tftp://host/filename

  • ftp://user:password@host/filename

  • rcp://user@host/filename

  • flash://filename

  • disk0://filename

Command Default

If a URL is not specified, all database agent records are shown. Otherwise, only information about the specified agent is displayed.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.0(1)T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following example shows all DHCP server database agent information. The table below describes the significant fields shown in the display.


Router# show ip dhcp database
URL       :    ftp://user:password@172.16.4.253/router-dhcp
Read      :    Dec 01 1997 12:01 AM
Written   :    Never
Status    :    Last read succeeded. Bindings have been loaded in RAM.
Delay     :    300 seconds
Timeout   :    300 seconds
Failures  :    0
Successes :    1
Table 13. show ip dhcp database Field Descriptions

Field

Description

URL

Specifies the remote file used to store automatic DHCP bindings. Following are the acceptable URL file formats:

  • tftp://host/filename

  • ftp://user:password@host/filename

  • rcp://user@host/filename

  • flash://filename

  • disk0://filename

Read

The last date and time bindings were read from the file server.

Written

The last date and time bindings were written to the file server.

Status

Indication of whether the last read or write of host bindings was successful.

Delay

The amount of time (in seconds) to wait before updating the database.

Timeout

The amount of time (in seconds) before the file transfer is aborted.

Failures

The number of failed file transfers.

Successes

The number of successful file transfers.

show ip dhcp import

To display the option parameters that were imported into the Dynamic Host Configuration Protocol (DHCP) server database, use the show ip dhcp import command in privileged EXEC command.

show ip dhcp import

Syntax Description

This command has no arguments or keywords.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.1(2)T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Imported option parameters are not part of the router configuration and are not saved in NVRAM. Thus, the show ip dhcp import command is necessary to display the imported option parameters.

Examples

The following is sample output from the show ip dhcp import command:


Router# show ip dhcp import
Address Pool Name:2
Domain Name Server(s): 10.1.1.1
NetBIOS Name Server(s): 10.3.3.3

The following example indicates the address pool name:


Address Pool Name:2

The following example indicates the imported values, which are domain name and NetBIOS name information:


Domain Name Server(s): 10.1.1.1
NetBIOS Name Server(s): 10.3.3.3

show ip dhcp limit lease

To display the number of times the lease limit threshold has been violated, use the show ip dhcp limit lease command in user EXEC or privileged EXEC mode.

show ip dhcp limit lease [type number]

Syntax Description

type

(Optional) Interface type. For more information, use the question mark (?) online help function.

number

(Optional) Interface or subinterface number. For more information about the numbering system for your networking device, use the question mark (?) online help function.

Command Modes

User EXEC (>) Privileged EXEC (#)

Command History

Release

Modification

12.2(33)SRC

This command was introduced.

Usage Guidelines

You can control the number of subscribers at the global level by using the ip dhcp limit lease per interface command and at the interface level by using the ip dhcp limit lease command. The show ip dhcp limit lease command displays the number of lease limit violations per interface or at the global level.

Examples

In the following example, the number of lease violations is displayed. If the ip dhcp limit lease log command is enabled, the show output will indicate that lease limit logging is enabled:


Router# show ip dhcp limit lease
DHCP limit lease logging is enabled
Interface        Count
Serial0/0.1      5
Serial1          3

show ip dhcp pool

To display information about the Dynamic Host Configuration Protocol (DHCP) address pools, use the show ip dhcp pool command in user EXEC or privileged EXEC mode.

show ip dhcp pool [name]

Syntax Description

name

(Optional) Name of the address pool.

Command Default

If a pool name is not specified, information about all address pools is displayed.

Command Modes

User EXEC (>) Privileged EXEC (#)

Command History

Release

Modification

12.2(8)T

This command was introduced.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(28)SB.

12.2(33)SRC

This command was modified. The command output was enhanced to display information about excluded addresses in network pools.

12.2(33)SXI4

This command was integrated into Cisco IOS Release 12.2(33)SXI4.

Usage Guidelines

Use this command to determine the subnets allocated and to examine the current utilization level for the pool or all the pools if the name argument is not used.

Examples

The following example shows DHCP address pool information for an on-demand address pool (ODAP), pool 1. The table below describes the significant fields shown in the display.


Router# show ip dhcp pool 1
Pool 1:
 Utilization mark (high/low)    : 85 / 15
 Subnet size (first/next)       : 24 / 24 (autogrow)
 VRF name                       : abc
 Total addresses                : 28
 Leased addresses               : 11
 Pending event                  : none
 2 subnets are currently in the pool :
 Current index        IP address range           Leased addresses
 10.1.1.12            10.1.1.1 - 10.1.1.14       11
 10.1.1.17            10.1.1.17 - 10.1.1.30      0
 Interface Ethernet0/0 address assignment
   10.1.1.1 255.255.255.248
   10.1.1.17 255.255.255.248 secondary

The following example shows DHCP address pool information for a network pool, pool 2. The table below describes the significant fields shown in the display.


Router# show ip dhcp pool 2
Pool pool2 :
Utilization mark (high/low) : 80 / 70
Subnet size (first/next) : 0 / 0 
Total addresses : 256
Leased addresses : 0
Excluded addresses : 2
Pending event : none
2 subnets are currently in the pool:
Current index   IP address range         Leased/Excluded/Total
10.0.2.1        10.0.2.1 - 10.0.2.254     0     / 1     / 254 
10.0.4.1        10.0.4.1 - 10.0.4.2       0     / 1     / 2 
Table 14. show ip dhcp pool Field Descriptions

Field

Description

Pool

The name of the pool.

Utilization mark (high/low)

The configured high and low utilization level for the pool.

Subnet size (first/next)

The size of the requested subnets.

VRF name

The VRF name to which the pool is associated.

Total addresses

The total number of addresses in the pool.

Leased addresses

The number of leased addresses in the pool.

Pending event

Displays any pending events.

2 subnets are currently in the pool

The number of subnets allocated to the address pool.

Current index

Displays the current index.

IP address range

The IP address range of the subnets.

Leased addresses

The number of leased addresses from each subnet.

Excluded addresses

The number of excluded addresses.

Interface Ethernet0/0 address assignment

The first line is the primary IP address of the interface. The second line is the secondary IP address of the interface. More than one secondary address on the interface is supported.

show ip dhcp relay information trusted-sources

To display all interfaces configured to be a trusted source for the Dynamic Host Configuration Protocol (DHCP) relay information option, use the show ip dhcp relay information trusted-sources command in user EXEC or privileged EXEC mode.

show ip dhcp relay information trusted-sources

Syntax Description

This command has no arguments or keywords.

Command Modes

user EXEC privileged EXEC

Command History

Release

Modification

12.2

This command was introduced.

12.2(14)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command is not supported on Cisco 7600 series routers that are configured with a Supervisor Engine 2.

Examples

The following is sample output when the ip dhcp relay information trusted-sources command is configured. Note that the display output lists the interfaces that are configured to be trusted sources.


Router# show ip dhcp relay information trusted-sources
List of trusted sources of relay agent information option:
Ethernet1/1       Ethernet1/2       Ethernet1/3       Serial4/1.1
Serial4/1.2       Serial4/1.3

The following is sample output when the ip dhcp relay information trust-all global configuration command is configured. Note that the display output does not list the individual interfaces.


Router# show ip dhcp relay information trusted-sources
All interfaces are trusted source of relay agent information option Serial4/1.1

show ip dhcp server statistics

To display Dynamic Host Configuration Protocol (DHCP) server statistics, use the show ip dhcp server statistics command in privileged EXEC mode.

show ip dhcp server statistics

Syntax in Cisco IOS Release 12.2(33)SRC and Subsequent 12.2SR Releases

show ip dhcp server statistics [type number]

Syntax Description

type

(Optional) Interface type. For more information, use the question mark (?) online help function.

number

(Optional) Interface or subinterface number. For more information about the numbering system for your networking device, use the question mark (?) online help function.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.0(1)T

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

12.2(33)SRC

The type and number arguments were added. The command was enhanced to display interface level DHCP statistics.

Examples

The following example displays DHCP server statistics. The table below describes the significant fields in the display.


Router# show ip dhcp server statistics
Memory usage          40392
Address pools         3
Database agents       1
Automatic bindings    190
Manual bindings       1
Expired bindings      3
Malformed messages    0
Secure arp entries    1
Renew messages        0
Message               Received
BOOTREQUEST           12
DHCPDISCOVER          200
DHCPREQUEST           178
DHCPDECLINE           0
DHCPRELEASE           0
DHCPINFORM            0
Message               Sent
BOOTREPLY             12
DHCPOFFER             190
DHCPACK               172
DHCPNAK               6
Table 15. show ip dhcp server statistics Field Descriptions

Field

Description

Memory usage

The number of bytes of RAM allocated by the DHCP server.

Address pools

The number of configured address pools in the DHCP database.

Database agents

The number of database agents configured in the DHCP database.

Automatic bindings

The number of IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database.

Manual bindings

The number of IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database.

Expired bindings

The number of expired leases.

Malformed messages

The number of truncated or corrupted messages that were received by the DHCP server.

Secure arp entries

The number of ARP entries that have been secured to the MAC address of the client interface.

Renew messages

The number of renew messages for a DHCP lease. The counter is incremented when a new renew message has arrived after the first renew message.

Message

The DHCP message type that was received by the DHCP server.

Received

The number of DHCP messages that were received by the DHCP server.

Sent

The number of DHCP messages that were sent by the DHCP server.

show ip dhcp snooping

To display DHCP snooping configuration information, use the show ip dhcp snooping command in privileged EXEC mode.

show ip dhcp snooping

Syntax Description

This command has no arguments or keywords.

Command Default

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(18)SXE

Support for this command was introduced on the Supervisor Engine 720.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Cisco IOS Release 15.2E

This command was modified. DHCP gleaning information was added to the show ip dhcp snooping command output, and this command was integrated into Cisco IOS Release 15.2E.

15.4(3)S

This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.

Examples

The following is sample output for the show ip dhcp snooping command:


Device# show ip dhcp snooping
 
Switch DHCP snooping is enabled
Switch DHCP gleaning is disabled
DHCP snooping is configured on following VLANs:
43,47,136
DHCP snooping is operational on following VLANs:
136
DHCP snooping is configured on the following L3 Interfaces:

Insertion of option 82 is enabled
   circuit-id default format: vlan-mod-port
   remote-id: 0c27.2497.bd80 (MAC)
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Verification of giaddr field is enabled
DHCP snooping trust/rate is configured on the following Interfaces:

Interface                  Trusted    Allow option    Rate limit (pps)
-----------------------    -------    ------------    ----------------
GigabitEthernet1/0/1       yes        yes             unlimited
  Custom circuit-ids:
GigabitEthernet1/0/24      yes        yes             unlimited
  Custom circuit-ids:
GigabitEthernet1/1/1       yes        yes             unlimited
  Custom circuit-ids: 

Table 16. show ip dhcp snooping Field Descriptions

Field

Description

circuit-ID default format

The default format of the circuit-ID. The circuit-ID encodes a relay-agent-local identifier of the circuit from which a DHCP client-to-server packet was received. The DHCP Snooping feature encodes circuit ID and remote ID.

remote-id

Identifies the remote host end of the circuit. The remote-ID Option-82 sub-option is used by DHCP relay agents which have mechanisms to identify the remote host end of the circuit.

hwaddr

Client hardware address.

giaddr

Gateway IP address. The relay agent stores its own IP address in the Gateway IP address field of the DHCP packet.

DHCP snooping trust/rate

DHCP snooping configuration parameters such as rate Limit and interface status (Trusted or Untrusted) information.

Rate limit

DHCP packets' rate limit, calculated in packets per second (pps).

show ip dhcp snooping binding

To display the DHCP snooping binding entries, use the show ip dhcp snooping binding command in privileged EXEC mode.

show ip dhcp snooping binding [ip-address] [mac-address] [vlan vlan] [interface type number]

Syntax Description

ip-address

(Optional) IP address for the binding entries.

mac-address

(Optional) MAC address for the binding entries.

vlan vlan

(Optional) Specifies a valid VLAN number; valid values are from 1 to 4094.

interface type

(Optional) Specifies the interface type; possible valid values are ethernet , fastethernet , gigabitethernet , and tengigabitethernet .

number

Module and port number.

Command Default

If no argument is specified, the switch displays the entire DHCP snooping binding table.

Command Modes

User EXEC Privileged EXEC

Command History

Release

Modification

12.2(18)SXE

Support for this command was introduced on the Supervisor Engine 720.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

15.4(3)S

This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.

Usage Guidelines

DHCP snooping is enabled on a VLAN only if both the global snooping and the VLAN snooping are enabled.

Examples

This example shows how to display the DHCP snooping binding entries for a switch:


Router# show ip dhcp snooping binding
 
MacAddress      IP Address   Lease(seconds)  Type           VLAN   Interface
-----------     -----------  --------------  -------------  -----  --------------
0000.0100.0201  10.0.0.1     600             dhcp-snooping  100    FastEthernet3/1

This example shows how to display an IP address for DHCP snooping binding entries:


Router# show ip dhcp snooping binding 172.16.101.102
MacAddress      IP Address      Lease (seconds)  Type           VLAN   Interface
-----------     -----------     ---------------  -------------  -----  ------------
0000.0100.0201  172.16.101.102  1600             dhcp-snooping  100    FastEthernet3/1

This example shows how to display the MAC address for the DHCP snooping binding entries:


Router# show ip dhcp snooping binding 10.5.5.2 0002.b33f.3d5f
 
MacAddress          IpAddress  Lease(sec)  Type           VLAN  Interface 
------------------  ---------  ----------  -------------  ----  ---------------- 
00:02:B3:3F:3D:5F   10.5.5.2   492         dhcp-snooping  99    FastEthernet6/36 Router# 

This example shows how to display the DHCP snooping binding entries’ MAC address for a specific VLAN:


Router# show ip dhcp snooping binding 10.5.5.2 0002.b33f.3d5f vlan 99
 
MacAddress         IpAddress  Lease(sec)  Type           VLAN  Interface 
-----------------  ---------  ----------  -------------  ----  ---------------- 
00:02:B3:3F:3D:5F  10.5.5.2   479         dhcp-snooping  99    FastEthernet6/36

This example shows how to display the DHCP snooping binding entries on VLAN 100:


Router# show ip dhcp snooping binding vlan 100
MacAddress         IP Address  Lease(seconds)  Type           VLAN  Interface
--------------     ----------  --------------  -------------  ----  --------------
0000.0100.0201     10.0.0.1    1600            dhcp-snooping  100   FastEthernet3/1

This example shows how to display the DHCP snooping binding entries on Fast Ethernet interface 3/1:


Router# show ip dhcp snooping binding interface fastethernet3/1
MacAddress         IP Address  Lease(seconds)  Type           VLAN  Interface
--------------     ----------  --------------  -------------  ----  --------------
0000.0100.0201     10.0.0.1    1600            dhcp-snooping  100   FastEthernet3/1

The table below describes the fields in the show ip dhcp snooping command output.

Table 17. show ip dhcp snooping Command Output

Field

Description

Mac Address

Client hardware MAC address.

IP Address

Client IP address assigned from the DHCP server.

Lease (seconds)

IP address lease time.

Type

Binding type; statically configured from CLI or dynamically learned.

VLAN

VLAN number of the client interface.

Interface

Interface that connects to the DHCP client host.

show ip dhcp snooping database

To display the status of the DHCP snooping database agent, use the show ip dhcp snooping database command in privileged EXEC mode.

show ip dhcp snooping database [detail]

Syntax Description

detail

(Optional) Provides additional operating state and statistics information.

Command Default

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(18)SXE

Support for this command was introduced on the Supervisor Engine 720.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

15.4(3)S

This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.

Examples

This example shows how to display the DHCP snooping database:


Router# show ip dhcp snooping database
Agent URL : 
Write delay Timer : 300 seconds
Abort Timer : 300 seconds
Agent Running : No
Delay Timer Expiry : Not Running
Abort Timer Expiry : Not Running
Last Succeded Time : None
Last Failed Time : None
Last Failed Reason : No failure recorded.
Total Attempts       :        0   Startup Failures :        0
Successful Transfers :        0   Failed Transfers :        0
Successful Reads     :        0   Failed Reads     :        0
Successful Writes    :        0   Failed Writes    :        0
Media Failures       :        0

This example shows how to view additional operating statistics:


Router# show ip dhcp snooping database detail
 
Agent URL : tftp://10.1.1.1/directory/file
Write delay Timer : 300 seconds
Abort Timer : 300 seconds
Agent Running : No
Delay Timer Expiry : 7 (00:00:07)
Abort Timer Expiry : Not Running
Last Succeded Time : None
Last Failed Time : 17:14:25 UTC Sat Jul 7 2001
Last Failed Reason : Unable to access URL.
Total Attempts       :       21   Startup Failures :        0
Successful Transfers :        0   Failed Transfers :       21
Successful Reads     :        0   Failed Reads     :        0
Successful Writes    :        0   Failed Writes    :       21
Media Failures       :        0
First successful access: Read
Last ignored bindings counters :
Binding Collisions    :        0   Expired leases    :        0
Invalid interfaces    :        0   Unsupported vlans :        0
Parse failures        :        0
Last Ignored Time : None
Total ignored bindings counters:
Binding Collisions    :        0   Expired leases    :        0
Invalid interfaces    :        0   Unsupported vlans :        0
Parse failures        :        0