IP Routing Protocol-Independent Commands: S through T

send-lifetime

To set the time period during which an authentication key on a key chain is valid to be sent, use the send-lifetime command in key chain key configuration mode. To revert to the default value, use the no form of this command.

send-lifetime start-time {infinite | end-time | duration seconds}

no send-lifetime start-time {infinite | end-time | duration seconds}

Syntax Description

start-time

Beginning time that the key specified by the key command is valid to be sent. The syntax can be either of the following:

hh : mm : ss Month date year

hh : mm : ss date Month year

  • hh --hours

  • mm --minutes

  • ss -- seconds

  • Month -- first three letters of the month

  • date -- date (1-31)

  • year-- year (four digits)

The default start time and the earliest acceptable date is January 1, 1993.

infinite

Key is valid to be sent from the start-time value on.

end-time

Key is valid to be sent from the start-time value until the end-time value. The syntax is the same as that for the start-time value. The end-time value must be after the start-time value. The default end time is an infinite time period.

duration seconds

Length of time (in seconds) that the key is valid to be sent.

Command Default

Forever (the starting time is January 1, 1993, and the ending time is infinite)

Command Modes

Key chain key configuration (config-keychain-key)

Command History

Release

Modification

11.1

This command was introduced.

12.4(6)T

Support for IPv6 was added.

12.2(33)SRB

This command was integrated into Cisco IOS Release 12.2(33)SRB.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Specify a start-time value and one of the following values: infinite , end-time , or duration seconds .

We recommend running Network Time Protocol (NTP) or some other time synchronization method if you intend to set lifetimes on keys.

If the last key expires, authentication will continue and an error message will be generated. To disable authentication, you must manually delete the last valid key.

Examples

The following example configures a key chain named chain1. The key named key1 will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named key2 will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the set time of the router. There is a 30-minute leeway on each side to handle time differences.


Router(config)# interface ethernet 0
Router(config-if)# ip rip authentication key-chain chain1
Router(config-if)# ip rip authentication mode md5
!
Router(config)# router rip
Router(config-router)# network 172.19.0.0
Router(config-router)# version 2
!
Router(config)# key chain chain1
Router(config-keychain)# key 1
Router(config-keychain-key)# key-string key1
Router(config-keychain-key)# accept-lifetime 13:30:00 Jan 25 1996 duration 7200
Router(config-keychain-key)# send-lifetime 14:00:00 Jan 25 1996 duration 3600
Router(config-keychain-key)# exit
Router(config-keychain)# key 2
Router(config-keychain-key)# key-string key2
Router(config-keychain-key)# accept-lifetime 14:30:00 Jan 25 1996 duration 7200
Router(config-keychain-key)# send-lifetime 15:00:00 Jan 25 1996 duration 3600

The following example configures a key chain named chain1 for EIGRP address-family. The key named key1 will be accepted from 1:30 p.m. to 3:30 p.m. and be sent from 2:00 p.m. to 3:00 p.m. The key named key2 will be accepted from 2:30 p.m. to 4:30 p.m. and be sent from 3:00 p.m. to 4:00 p.m. The overlap allows for migration of keys or a discrepancy in the set time of the router. There is a 30-minute leeway on each side to handle time differences.


Router(config)# eigrp virtual-name
Router(config-router)# address-family ipv4 autonomous-system 4453
Router(config-router-af)# network 10.0.0.0
Router(config-router-af)# af-interface ethernet0/0
Router(config-router-af-interface)# authentication key-chain trees
Router(config-router-af-interface)# authentication mode md5
Router(config-router-af-interface)# exit
Router(config-router-af)# exit
Router(config-router)# exit
Router(config)# key chain chain1
Router(config-keychain)# key 1
Router(config-keychain-key)# key-string key1
Router(config-keychain-key)# accept-lifetime 13:30:00 Jan 25 1996 duration 7200
Router(config-keychain-key)# send-lifetime 14:00:00 Jan 25 1996 duration 3600
Router(config-keychain-key)# exit
Router(config-keychain)# key 2
Router(config-keychain-key)# key-string key2
Router(config-keychain-key)# accept-lifetime 14:30:00 Jan 25 1996 duration 7200
Router(config-keychain-key)# send-lifetime 15:00:00 Jan 25 1996 duration 3600

send-id

Specifies the send ID for a TCP-AO key chain.

send-id ID

Syntax Description

ID

Specifies the receive identifier. An integer between 0 to 255.

Command Default

No key chain exists.

Command Modes

Key chain key configuration (config-keychain-key)

Command History

Release

Modification

16.12.1

This command was introduced.

Usage Guidelines

The send-id on the device must match the recv-id on the other device and vice versa.

You must configure a key chain with keys to enable authentication.

Although you can identify multiple key chains, we recommend using one key chain per interface per routing protocol. Upon specifying the key chain command, you enter key chain configuration mode.

Examples

The following example configures a simple key chain for a TCP-AO enabled connection.

Router(config)# key chain kc1 tcp
Router(config-keychain)# key 7890
Router(config-keychain-key)# send-id 215
Router(config-keychain-key)# recv-id 215
Router(config-keychain-key)# key-string klomn
Router(config-keychain-key)# cryptographic-algorithm hmac-sha-1
Router(config-keychain-key)# include-tcp-options

set automatic-tag

To automatically compute the tag value, use the set automatic-tag command in route-map configuration mode. To disable this function, use the no form of this command.

set automatic-tag

no set automatic-tag

Syntax Description

This command has no arguments or keywords.

Command Default

This command is disabled by default.

Command Modes

Route-map configuration

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

You must have a match clause (even if it points to a “permit everything” list) if you want to set tags.

Use the route-map global configuration command and the match and set route-map configuration commands to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria--the conditions under which redistribution is allowed for the current route-map command. The set commands specify the set actions--the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.

The set commands specify the actions to be performed when all of the match criteria of a route map are met. When all match criteria are met, all set actions are performed.

Examples

The following example configures the Cisco software to automatically compute the tag value for the Border Gateway Protocol (BGP) learned routes:


route-map tag
 match as-path 10
 set automatic-tag 
!
router bgp 100
 table-map tag

set default interface

To indicate where to output packets that pass a match clause of a route map for policy routing and have no explicit route to the destination, use the set default interface command in route-map configuration mode. To delete an entry, use the no form of this command.

set default interface type number [. . . type number]

no set default interface type number [. . . type number]

Syntax Description

type

Interface type, used with the interface number, to which packets are output.

number

Interface number, used with the interface type, to which packets are output.

Command Default

This command is disabled by default.

Command Modes

Route-map configuration (config-route-map)

Command History

Release

Modification

11.0

This command was introduced.

12.3(7)T

This command was modified. This command was updated for use in configuring IPv6 policy-based routing (PBR).

12.2(30)S

This command was integrated into Cisco IOS Release 12.2(30)S.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 3.2S

This command was integrated into Cisco IOS XE Release 3.2S.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

Usage Guidelines

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the type and number arguments .

Use this command to provide certain users a different default route. If Cisco software has no explicit route for the destination, then it routes the packet to this interface. The first interface specified with the set default interface command is used. The optionally specified interfaces are tried in turn.

Use the ip policy route-map interface configuration command, the route-map global configuration command, and the match and set route-map configuration commands to define the conditions for policy routing packets. The ip policy route-map command identifies a route map by name. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing occurs. The set commands specify the set actions—the particular routing actions to perform if the criteria enforced by the match commands are met.

In PBR for IPv6, use the ipv6 policy route-map or ipv6 local policyroute-map command with match and set route map configuration commands to define conditions for policy routing packets.

The set clauses can be used in conjunction with one another. They are evaluated in the following order:

  1. set ip next-hop

  2. set interface

  3. set ip default next-hop

  4. set default interface

Examples

In the following example, packets that have a Level 3 length of 3 to 50 bytes and for which the software has no explicit route to the destination are output to Ethernet interface 0:


interface serial 0
 ip policy route-map brighton
!
route-map brighton
 match length 3 50
 set default interface ethernet 0

set interface

To indicate where to forward packets that pass a match clause of a route map for policy routing, use the set interface command in route-map configuration mode. To delete an entry, use the no form of this command.

set interface type number [. . . type number]

no set interface type number [. . . type number]

Syntax Description

type

Interface type, used with the interface number, to which packets are forwarded.

number

Interface number, used with the interface type, to which packets are forwarded.

Command Default

Packets that pass a match clause are not forwarded to an interface.

Command Modes

Route-map configuration (config-route-map)

Command History

Release

Modification

11.0

This command was introduced.

12.3(7)T

This command was modified. This command was updated for use in configuring IPv6 policy-based routing (PBR).

12.2(33)SRB

This command was integrated into Cisco IOS Release 12.2(33)SRB, and hardware switching support was introduced for the Cisco 7600 series platform.

12.2SX

This command was integrated into the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 3.2S

This command was integrated into Cisco IOS XE Release 3.2S.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

Usage Guidelines

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the type and number arguments .

Use the ip policy route-map interface configuration command, the route-map global configuration command, and the match and set route-map configuration commands to define the conditions for policy-routing packets. The ip policy route-map command identifies a route map by name. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria —the conditions under which policy routing occurs. The set commands specify the set actions —the particular routing actions to perform if the criteria enforced by the match commands are met.

In PBR for IPv6, use the ipv6 policy route-map or ipv6 local policy route-map command with match and set route-map configuration commands to define conditions for policy-routing packets.

If the first interface specified with the set interface command is down, the optionally specified interfaces are tried in turn.

The set clauses can be used in conjunction with one another. They are evaluated in the following order:

  1. set ip next-hop

  2. set interface

  3. set ip default next-hop

  4. set default interface

A useful next hop implies an interface. As soon as a next hop and an interface are found, the packet is routed.

Specifying the set interface null 0 command is a way to write a policy that the packet be dropped and an “unreachable” message be generated. In Cisco IOS Release 12.4(15)T and later releases, the packets are dropped; however, the “unreachable” messages are generated only when CEF is disabled.

In Cisco IOS Release 12.2(33)SRB and later releases, hardware switching support was introduced for PBR packets sent over a traffic engineering (TE) tunnel interface on a Cisco 7600 series router. When a TE tunnel interface is configured using the set interface command in a policy, the packets are processed in the hardware. In previous releases, PBR packets sent over TE tunnels are fast switched by Route Processor software.

Examples

In the following example, packets with a Level 3 length of 3 to 50 bytes are forwarded to Ethernet interface 0:


interface serial 0
 ip policy route-map testing
!
route-map testing
 match length 3 50
 set interface ethernet 0

The following example for IPv6 shows that packets with a Level 3 length of 3 to 50 bytes are forwarded to Ethernet interface 0:


interface serial 0
 ipv6 policy route-map testing
!
route-map testing
 match length 3 50
 set interface ethernet 0

In the following example, a TE tunnel interface is configured on a Cisco 7600 series router using the set interface command in a policy, and the packets are processed in hardware, instead of being fast switched by Route Processor software. This example can be used only with a Cisco IOS Release 12.2(33)SRB, or later release image.


interface Tunnel101 
 description FRR-Primary-Tunnel 
 ip unnumbered Loopback0 
 tunnel destination 172.17.2.2 
 tunnel mode mpls traffic-eng 
 tunnel mpls traffic-eng autoroute announce 
 tunnel mpls traffic-eng path-option 1 explicit name p1 
!
access-list 101 permit ip 10.100.0.0 0.255.255.255 any
! 
route-map test permit 10 
 match ip address 101 
 set interface Tunnel101 
!
interface GigabitEthernet9/5 
 description TO_CE_C1A_FastEther-5/5 
 ip address 192.168.5.1 255.255.255.0 
 ip policy route-map test 
 no keepalive

set ip default next-hop

To indicate where to output packets that pass a match clause of a route map for policy routing and for which the Cisco IOS software has no explicit route to a destination, use the setipdefaultnext-hop command in route-map configuration mode. To delete an entry, use the no form of this command.

set ip default next-hop ip-address [. . . ip-address]

no set ip default next-hop ip-address [. . . ip-address]

Syntax Description

ip-address

IP address of the next hop to which packets are output.The next hop must be an adjacent router.

Command Default

This command is disabled by default.

Command Modes

Route-map configuration

Command History

Release

Modification

11.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the ip-address argument .

Use this command to provide certain users a different default route. If the software has no explicit route for the destination in the packet, then it routes the packet to this next hop. The first next hop specified with the setipdefaultnext-hop command needs to be adjacent to the router. The optional specified IP addresses are tried in turn.

Use the ip policy route-map interface configuration command, the route-map global configuration command, and the match and set route-map configuration commands to define the conditions for policy routing packets. The ippolicyroute-map command identifies a route map by name. Each route-map command has a list of match and set commands associated with it. The match commands specify the matchcriteria --the conditions under which policy routing occurs. The set commands specify the setactions --the particular routing actions to perform if the criteria enforced by the match commands are met.

The set clauses can be used in conjunction with one another. They are evaluated in the following order:

  1. set ip next-hop

  2. set interface

  3. set ip default next-hop

  4. set default interface


Note

The set ip next-hop and set ip default next-hop are similar commands but have a different order of operations. Configuring the set ip next-hop command causes the system to use policy routing first and then use the routing table. Configuring the set ip default next-hop command causes the system to use the routing table first and then policy route the specified next hop.


Examples

The following example provides two sources with equal access to two different service providers. Packets arriving on asynchronous interface 1 from the source 10.1.1.1 are sent to the router at 172.16.6.6 if the software has no explicit route for the destination of the packet. Packets arriving from the source 10.2.2.2 are sent to the router at 172.17.7.7 if the software has no explicit route for the destination of the packet. All other packets for which the software has no explicit route to the destination are discarded.


access-list 1 permit ip 10.1.1.1 0.0.0.0
access-list 2 permit ip 10.2.2.2 0.0.0.0
!
interface async 1
 ip policy route-map equal-access
!
route-map equal-access permit 10
 match ip address 1
 set ip default next-hop 172.16.6.6
route-map equal-access permit 20
 match ip address 2
 set ip default next-hop 172.17.7.7
 route-map equal-access permit 30
 set default interface null0

set ip default next-hop verify-availability

To configure a router, for policy routing, to check the CDP database for the availability of an entry for the default next hop that is specified by the set ip default next-hop command, use the set ip default next-hop verify-availability route map configuration command. To disable this function, use the no form of this command.

set ip default next-hop commandset ip default next-hop verify-availability

no set ip default next-hop verify-availability

Syntax Description

This command has no arguments or keywords.

Command Default

This command is disabled by default.

Command Modes

Route-map configuration

Command History

Release

Modification

12.1(1.05)T

This command was introduced.

Usage Guidelines

Use this command to force the configured policy routing to check the CDP database to determine if an entry is available for the next hop that is specified by the set ip default next-hop command. This command is used to prevent traffic from being null routed if the configured next hop becomes unavailable.

Examples

The following example:


Router(config-route-map)# set ip default next-hop verify-availability

set ip global

To indicate where to forward packets that pass a match clause of a route map for policy routing and for which the Cisco IOS software uses the global routing table, use the setipglobal command in route-map configuration mode. To disable this feature, use the no form of this command.

set ip global next-hop ip-address [. . . ip-address]

no set ip global next-hop ip-address [. . . ip-address]

Syntax Description

next-hop ip-address

IP address of the next hop.

Command Default

The router uses the next-hop address in the global routing table.

Command Modes

Route-map configuration

Command History

Release

Modification

12.2(33)SRB1

This command was introduced.

12.4(15)T

This command was integrated into Cisco IOS Release 12.4(15)T.

Usage Guidelines

Use this command to allow packets to enter a VRF interface and be policy-routed or forwarded out of the global table.

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the ip-address argument.

Examples

The following example allows use of the global table and specifies that the next-hop address is 10.5.5.5:


set ip global next-hop 10.5.5.5 

set ip next-hop

To indicate where to output packets that pass a match clause of a route map for policy routing, use the set ip next-hop command in route-map configuration mode. To delete an entry indicating where to output the packets, use the no form of this command.

set ip next-hop {ip-address [...ip-address] | dynamic dhcp | encapsulate l3vpn profile-name | peer-address | recursive [global | vrf vrf-name] ip-address | verify-availability [ip-address sequence track track-object-number]}

no set ip next-hop {ip-address [...ip-address] | dynamic dhcp | encapsulate l3vpn profile-name | peer-address | recursive [global | vrf vrf-name] ip-address | verify-availability [ip-address sequence track track-object-number]}

Catalyst 3850 Switches

set ip next-hop ip-address [...ip-address]

no set ip next-hop ip-address [ ...ip-address]

Syntax Description

ip-address

IP address of the next hop to which packets are output. It must be the address of an adjacent router.

dynamic dhcp

Dynamically sets the DHCP next hop.

encapsulate l3vpn

Sets the encapsulation profile for the L3VPN next hop.

profile-name

L3VPN encapsulation profile name.

peer-address

Sets the next hop as the Border Gateway Protocol peering address.

recursive ip-address

Sets the IP address of the recursive next-hop router.

Note 

The next-hop IP address must be assigned separately from the recursive next-hop IP address.

global

(Optional) Sets the global routing table.

vrf vrf-name

(Optional) Sets the Virtual Routing and Forwarding instance.

verify-availability

Verifies if the next hop is reachable.

sequence

(Optional) The sequence to be inserted into the next-hop list. The range is from 1 to 65535.

track

(Optional) Sets the next hop depending on the state of a tracked object.

track-object-number

(Optional) The tracked object number. The range is from 1 to 500.

Command Default

Packets are forwarded to the next-hop router in the routing table.

Command Modes

Route-map configuration (config-route-map)

Command History

Release

Modification

11.0

This command was introduced.

12.0(28)S

This command was modified. The recursive keyword was added.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.2

In Cisco IOS XE Release 2.2, this command was integrated into the Cisco ASR 1000 Series Routers.

12.2(33)SRE

This command was modified. The encapsulate and l3vpn keywords were added.

Cisco IOS XE 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE. The set ip next-hop ip-address [...ip-address] command is available on Catalyst 3850 Series switches.

Usage Guidelines

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the ip-address argument.

Use the ip policy route-map interface configuration command, the route-map global configuration command, and the match and set route-map configuration commands to define conditions for policy routing packets. The ip policy route-map command identifies a route map by name. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria --the conditions under which policy routing occurs. The set commands specify the set actions --particular routing actions to be performed if the criteria enforced by the match commands are met.

If the interface associated with the first next hop, which is specified with the set ip next-hop command is down, the optionally specified IP addresses are tried in turn.

The set clauses can be used in conjunction with one another. They are evaluated in the following order:

  1. set ip next-hop

  2. set interface

  3. set ip default next-hop

  4. set default interface


Note

The set ip next-hop and the set ip default next-hop commands are similar but have a different order of operations. Configuring the set ip next-hop command causes the system to use policy-based routing first and then use the routing table. Configuring the set ip default next-hop command causes the system to use the routing table first and then the policy route to the specified next hop.



Note

The set ip next-hop command does not support Inherit-VRF routing on Cisco 7600 series routers because the set ip next-hop ip-address command is treated as equivalent to the set ip global next-hop ip-address command on Cisco 7600 series routers. (Inherit-VRF routing enables packets arriving on a VRF interface to be routed by the same outgoing interface.) Therefore, when using Cisco 7600 series routers, we recommend that you use the set ip vrf vrf next-hop command to explicitly indicate the VRF from which the next hop is to be chosen. We also recommend that in Cisco 7600 series routers, the set ip next-hop command be used only for route maps applied on non-VRF interfaces, where the software behavior and the hardware behavior would be similar.


Examples

The following example shows how packets with a Level 3 length of 3 to 50 bytes are output to the router at IP address 10.14.2.2:


interface serial 0
 ip policy route-map thataway
!
route-map thataway
 match length 3 50
 set ip next-hop 10.14.2.2

The following example shows how IP address 10.3.3.3 is set as the recursive next-hop address:


route-map map_recurse
 set ip next-hop recursive 10.3.3.3

set ip next-hop verify-availability

To configure policy routing to verify the reachability of the next hop of a route map before the router performs policy routing to that next hop, use the setipnext-hopverify-availability command in route-map configuration mode. To disable this function, use the no form of this command.

set ip next-hop verify-availability [next-hop-address sequence track object]

no set ip next-hop verify-availability [next-hop-address sequence track object]

Syntax Description

next-hop-address

(Optional) IP address of the next hop to which packets will be forwarded.

sequence

(Optional) Sequence of next hops. The acceptable range is from 1 to 65535.

track

(Optional) The tracking method is track.

object

(Optional) Object number that the tracking subsystem is tracking. The acceptable range is from 1 to 500.

Command Default

The reachability of the next hop of a route map before a router performs policy routing, is not verified.

Command Modes

Route-map configuration (config-route-map)

Command History

Release

Modification

12.0(3)T

This command was introduced.

12.3(4)T

The optional track keyword and next-hop-address , sequence , and object arguments were added.

12.3(14)T

The SAA feature (uses rtr commands) was replaced by the IP SLAs feature (uses ipsla commands).

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.2

In Cisco IOS XE Release 2.2 this command was introduced on the Cisco ASR 1000 Series Routers.

Usage Guidelines

The setipnext-hopverify-availability command can be used in the following two ways:

  • With policy-based routing (PBR) to verify next hop reachability using Cisco Discovery Protocol (CDP).

  • With optional arguments to support object tracking using Internet Control Message Protocol (ICMP) ping or an HTTP GET request to verify if a remote device is reachable.

Using CDP Verification

This command is used to verify that the next hop is reachable before the router tries to policy route to it. This command has the following characteristics:

  • It causes some performance degradation.

  • CDP must be configured on the interface.

  • The next hop must be a Cisco device with CDP enabled.

  • It is supported in process switching and Cisco Express Forwarding (CEF) policy routing, but is not available in distributed CEF (dCEF) because of the dependency of the CDP neighbor database.

If the router is policy routing packets to the next hop and the next hop is down, the router will try unsuccessfully to use Address Resolution Protocol (ARP) for the next hop (which is down). This behavior will continue indefinitely. To prevent this situation from occurring, use the setipnext-hopverify-availability command to configure the router to verify that the next hop of the route map is a CDP neighbor before routing to that next hop.

This command is optional because some media or encapsulations do not support CDP, or it may not be a Cisco device that is sending traffic to the router.

If this command is set and the next hop is not a CDP neighbor, then the router looks to the subsequent next hop, if there is one. If there is no next hop, the packets are not policy routed.

If this command is not set, the packets are either successfully policy routed or remain forever unrouted.

If you want to selectively verify availability of only some next hops, you can configure different route map entries (under the same route map name) with different criteria (using access list matching or packet size matching), and then use thesetipnext-hopverify-availability command selectively.

Using Object Tracking

With optional arguments to support object tracking, this command allows PBR to make decisions based on the following criteria:

  • ICMP ping reachability to a remote device.

  • Application running on a remote device (for example, the device responds to an HTTP GET request).

  • A route exists in the Routing Information Base (RIB) (for example, policy route only if 10.2.2.0/24 is in the RIB).

  • Interface state (for example, packets received on E0 should be policy routed out E1 only if E2 is down).

Object tracking functions in the following manner. PBR will inform the tracking process that it is interested in tracking a certain object. The tracking process will in turn notify PBR when the state of the object changes. This notification is done via registries and is event driven.

The tracking subsystem is responsible for tracking the state of an object. The object can be an IP address that is periodically being pinged by the tracking process. The state of the object (up or down) is stored in a track report data structure. The tracking process will create the tracking object report. Then the exec process that is configuring the route map can query the tracking process to determine if a given object exists. If the object exists, the tracking subsystem can start tracking it and read the initial state of the object. If the object changes state, the tracking process will notify all the clients that are tracking this process that the state of the object has changed. So, the route map structure that PBR is using can be updated to reflect the current state of the object in the track report. This interprocess communication is done by means of registries and the shared track report.


Note

If the CDP and object tracking commands are mixed, the tracked next hops will be tried first.


Examples

The following configuration sample demonstrates the use of the setipnext-hopverify-availability command to configure the router to verify that the next hop of the route map is a CDP neighbor before routing to that next hop. In this example, the next hop 10.0.0.8 in the route map named “Example1” will be verified as a CDP neighbor before the router tries to policy-route to it.


ip cef
interface ethernet0/0/1
 ip policy route-map Example1
 exit
route-map Example1 permit 10
 match ip address 1
 set ip precedence priority
 set ip next-hop 10.0.0.8
 set ip next-hop verify-availability
 exit
route-map Example1 permit 20
 match ip address 101
 set interface Ethernet0/0/3
 set ip tos max-throughput
 end

Examples

The following configuration sample shows a configuration used to track an object:


! Configure the objects to be tracked.
! Object 123 will be up if the router can ping 10.1.1.1.
! Object 124 will be up if the router can ping 10.2.2.2.
ip sla monitor 1
 type echo protocol ipicmpecho 10.1.1.1
ip sla monitor schedule 1 start-time now life forever
!
ip sla monitor 2
 type echo protocol ipicmpecho 10.2.2.2
ip sla monitor schedule 2 start-time now life forever
!
track 123 rtr 1 reachability
track 124 rtr 2 reachability
!
! Enable policy routing using route-map alpha on Ethernet 0.
interface ethernet 0
 ip address 10.4.4.254 255.255.255.0
 ip policy route-map alpha
!
! 10.1.1.1 is via this interface
interface ethernet 1
 ip address 10.1.1.254 255.255.255.0
! 10.2.2.2 is via this interface
interface ethernet 2
 ip address 10.2.2.254 255.255.255.0
!
! Configure a route-map to set the next-hop to 10.1.1.1 if object 123 is up. If object 123
! is down, the next hop will be set to 10.2.2.2 if object 124 is up. If object 124 is also
! down, then policy routing fails and unicast routing will route the packet.
route-map alpha
 set ip next-hop verify-availability 10.1.1.1 10 track 123
 set ip next-hop verify-availability 10.2.2.2 20 track 124

set ip vrf

To indicate where to forward packets that pass a match clause of a route map for policy routing when the next hop must be under a specified virtual routing and forwarding (VRF) name, use the setipvrf command in route-map configuration mode. To disable this feature, use the no form of this command.

set ip vrf vrf-name next-hop {ip-address [. . . ip-address] | recursive ip-address}

no set ip vrf vrf-name next-hop {ip-address [. . . ip-address] | recursive ip-address}

Syntax Description

vrf-name

Name of the VRF.

next - hop ip-address

IP address of the next hop to which packets are forwarded. The next hop must be an adjacent router.

next - hop recursive ip-address

IP address of the recursive next-hop router.

Note 

The next-hop IP address must be assigned separately from the recursive next-hop IP address.

Command Default

Policy-based routing is not applied to a VRF interface.

Command Modes

Route-map configuration

Command History

Release

Modification

12.2(33)SXH5

This command was introduced.

12.4(24)T

This command was integrated into Cisco IOS Release 12.4(24)T.

Usage Guidelines

The setipvrf command allows you to apply policy-based routing to a VRF interface.

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the ip-address argument.

Use the ippolicyroute-map interface configuration command, the route-map global configuration command, and match configuration commands to define the conditions for policy-routing packets. The ippolicyroute-map command identifies a route map by name. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria--the conditions under which policy routing occurs. The set commands specify the set actions--the particular routing actions to perform if the criteria enforced by the match commands are met.

If the interface associated with the first next hop specified with the setipvrf command is down, the optionally specified IP addresses are tried in turn.

The set clauses can be used in conjunction with one another. They are evaluated in the following order:

  1. set TOS

  2. set DF (Don’t Fragment) bit in IP header

  3. set vrf

  4. set ip next-hop

  5. set interface

  6. set ip default next-hop

  7. set default interface

Examples

The following example specifies that the next hop must be under the VRF name that has the IP address 10.5.5.5:


set ip vrf myvrf next-hop 10.5.5.5 

set ipv6 default next-hop

To specify an IPv6 default next hop to which matching packets are forwarded, use the set ipv6 default next-hop command in route-map configuration mode. To delete the default next hop, use the no form of this command.

set ipv6 default [vrf vrf-name | global] next-hop global-ipv6-address [global-ipv6-address...]

no set ipv6 default [vrf vrf-name | global] next-hop global-ipv6-address [global-ipv6-address...]

Syntax Description

vrf vrf-name

(Optional) Specifies explicitly that the default next-hops are under the specific Virtual Routing and Forwarding (VRF) instance.

global

(Optional) Specifies explicitly that the default next-hops are under the global routing table.

global-ipv6-address

IPv6 global address of the next hop to which packets are output. The next-hop router must be an adjacent router.

This argument must be in the form documented in RFC 2373, where the address is specified in hexadecimal using 16-bit values between colons.

Command Default

Packets are not forwarded to a default next hop.

Command Modes

Route-map configuration (config-route-map)

Command History

Release

Modification

12.3(7)T

This command was introduced.

12.2(30)S

This command was integrated into Cisco IOS Release 12.2(30)S.

12.2(33)SXI4

This command was integrated into Cisco IOS Release 12.2(33)SXI4.

Cisco IOS XE Release 3.2S

This command was modified. It was integrated into Cisco IOS XE Release 3.2S.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

Usage Guidelines

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the global-ipv6-address argument.

Use the set ipv6 default next-hop command in policy-based routing PBR for IPv6 to specify an IPv6 next-hop address to which a packet is policy routed when the router has no route in the IPv6 routing table or the packets match the default route. The IPv6 next-hop address must be adjacent to the router; that is, reachable by using a directly connected IPv6 route in the IPv6 routing table. The IPv6 next-hop address also must be a global IPv6 address. An IPv6 link-local address cannot be used because the use of an IPv6 link-local address requires interface context.

If the software has no explicit route for the destination in the packet, then the software routes the packet to the next hop as specified by the set ipv6 default next-hop command. The optional specified IPv6 addresses are tried in turn.

Use the ipv6 policy route-map command, the route-map command, and the match and set route-map commands to define the conditions for PBR packets. The ipv6 policy route-map command identifies a route map by name. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria, which are the conditions under which PBR occurs. The set commands specify the set actions, which are the particular routing actions to perform if the criteria enforced by the match commands are met.

The set clauses can be used in conjunction with one another. They are evaluated in the following order:

  1. set ipv6 next-hop

  2. set interface

  3. set ipv6 default next-hop

  4. set default interface


Note

The set ipv6 next-hop and set ipv6 default next-hop are similar commands. The set ipv6 next-hop command is used to policy route packets for which the router has a route in the IPv6 routing table. The set ipv6 default next-hop command is used to policy route packets for which the router does not have a route in the IPv6 routing table (or the packets match the default route).


Examples

The following example shows how to set the next hop to which the packet is routed:


ipv6 access-list match-dst-1
  permit ipv6 any 2001:DB8:4:1::1/64 any
route-map pbr-v6-default
  match ipv6 address match-dst-1
  set ipv6 default next-hop 2001:DB8:4:4::1/64

set ipv6 next-hop (PBR)

To indicate where to output IPv6 packets that pass a match clause of a route map for policy-based routing (PBR), use the set ipv6 next-hop command in route-map configuration mode. To delete an entry, use the no form of this command.

set ipv6 next-hop {next-hop-ipv6-address [next-hop-ipv6-address...] | encapsulate l3vpn encapsulation-profile | peer-address | recursive next-hop-ipv6-address | verify-availability next-hop-ipv6-address sequence track object-number}

no set ipv6 next-hop {next-hop-ipv6-address [next-hop-ipv6-address...] | encapsulate l3vpn encapsulation-profile | peer-address | recursive next-hop-ipv6-address | verify-availability next-hop-ipv6-address sequence track object-number}

Syntax Description

next-hop-ipv6-address [next-hop-ipv6-address ...]

IPv6 global address of the next hop to which packets are sent. The next-hop router must be an adjacent router.

The IPv6 address must be specified in hexadecimal using 16-bit values between colons as specified in RFC 2373.

encapsulate

Specifies the encapsulation profile for the next-hop VPN.

l3vpn

Specifies Layer 3 VPN encapsulation.

encapsulation-profile

Encapsulation profile name.

peer-address

Specifies the peer address. This keyword is specific to Border Gateway Protocol (BGP).

recursive next-hop-ipv6-address
Specifies the IPv6 address of the recursive next-hop router.
  • The next-hop IPv6 address must be assigned separately from the recursive next-hop IPv6 address.

verify-availability

Verifies if the next-hop router is reachable.

sequence

Sequence number to insert into the next-hop list. Valid values for the sequence argument are from 1 to 65535.

track object-number

Sets the next-hop router depending on the state of a tracked object number. Valid values for the object-number argument are from 1 to 1000.

Command Default

Packets are not forwarded to a default next hop.

Command Modes


Route-map configuration (config-route-map)

Command History

Release

Modification

12.3(7)T

This command was introduced.

12.2(30)S

This command was integrated into Cisco IOS Release 12.2(30)S.

12.2(33)SXI4

This command was integrated into Cisco IOS Release 12.2(33)SXI4.

Cisco IOS XE Release 3.2S

This command was integrated into Cisco IOS XE Release 3.2S.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

15.4(2)S

This command was modified. The recursive keyword was added.

Usage Guidelines

The set ipv6 next-hop command is similar to the set ip next-hop command, except that it is IPv6-specific.

An ellipsis (...) in the command syntax indicates that your command input can include multiple values for the next-hop-ipv6-address argument. You must specify an IPv6 address; an IPv6 link-local address cannot be used because the use of an IPv6 link-local address requires interface context.

The next-hop-ipv6-address argument must specify an address that is configured in the IPv6 Routing Information Base (RIB) and is directly connected. A directly connected address is covered by an IPv6 prefix configured on an interface, or an address covered by an IPv6 prefix specified on a directly connected static route.

Examples

The following example shows how to set the next hop to which packets are routed:


ipv6 access-list match-dst-1
  permit ipv6 any 2001:DB8::1 any
!
route-map pbr-v6-default
  match ipv6 address match-dst-1
  set ipv6 next-hop 2001:DB8::F

set ipv6 precedence

To set the precedence value in the IPv6 packet header, use the set ipv6 precedence command in route-map configuration mode. To remove the precedence value, use the no form of this command.

set ipv6 precedence precedence-value

no set ipv6 precedence precedence-value

Syntax Description

precedence-value

A number from 0 to 7 that sets the precedence bit in the packet header.

Command Modes


Route-map configuration (config-route-map)

Command History

Release

Modification

12.3(7)T

This command was introduced.

12.2(30)S

This command was integrated into Cisco IOS Release 12.2(30)S.

12.2(33)SXI4

This command was integrated into Cisco IOS Release 12.2(33)SXI4.

Cisco IOS XE Release 3.2S

This command was integrated into Cisco IOS XE Release 3.2S.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

Usage Guidelines

The way the network gives priority (or some type of expedited handling) to the marked traffic is through the application of weighted fair queueing (WFQ) or weighted random early detection (WRED) at points downstream in the network. Typically, you would set IPv6 precedence at the edge of the network (or administrative domain) and have queueing act on it thereafter. WFQ can speed up handling for high precedence traffic at congestion points. WRED ensures that high precedence traffic has lower loss rates than other traffic during times of congestion.

The mapping from keywords such as routine and priority to a precedence value is useful only in some instances. That is, the use of the precedence bit is evolving. You can define the meaning of a precedence value by enabling other features that use the value. In the case of Cisco high-end Internet quality of service (QoS), IPv6 precedences can be used to establish classes of service that do not necessarily correspond numerically to better or worse handling in the network. For example, IPv6 precedence 2 can be given 90 percent of the bandwidth on output links in the network, and IPv6 precedence 6 can be given 5 percent using the distributed weight fair queueing (DWFQ) implementation on the Versatile Interface Processors (VIPs).

Use the route-map global configuration command with match and set route-map configuration commands to define the conditions for redistributing routes from one routing protocol into another, or for policy routing. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which redistribution or policy routing is allowed for the current route-map command. The set commands specify the set actions—the particular redistribution or policy routing actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.

The set route-map configuration commands specify the redistribution set actions to be performed when all the match criteria of a route map are met. When all match criteria are met, all set actions are performed.

Examples

The following example sets the IPv6 precedence value to 5 for packets that pass the route map match:


interface serial 0
 ipv6 policy route-map texas
! 
route-map cisco1 
 match length 68 128 
 set ipv6 precedence 5 

set level (IP)

To indicate where to import routes, use the setlevel command in route-map configuration mode. To delete an entry, use the no form of this command.

set level {level-1 | level-2 | level-1-2 | nssa-only | stub-area | backbone}

no set level {level-1 | level-2 | level-1-2 | nssa-only | stub-area | backbone}

Syntax Description

level-1

Imports routes into a Level 1 area.

level-2

Imports routes into a Level 2 subdomain.

level-1-2

Imports routes into Level 1 and Level 2 areas.

nssa-only

Imports routes only into NSSA areas.

stub-area

Imports routes into an Open Shortest Path First (OSPF) NSSA area.

backbone

Imports routes into an OSPF backbone area.

Command Default

This command is disabled by default. For Intermediate System-to-Intermediate System (IS-IS) destinations, the default value is level-2 .

Command Modes

Route-map configuration

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

15.0(1)M

This command was modified. The nssa-only keyword was added.

Usage Guidelines

Use the route-map global configuration command, and the match and set route-map configuration commands, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the matchcriteria --the conditions under which redistribution is allowed for the current route-map command. The set commands specify the setactions --the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.

The set route-map configuration commands specify the redistribution setactions to be performed when all the match criteria of a route map are met. When all match criteria are met, all set actions are performed.

The stub-areaandbackbonekeywordshavenoeffectonwhereroutesareimported.

Examples

In the following example, routes will be imported into the Level 1 area:


route-map name
 set level level-l

set local-preference

To specify a preference value for the autonomous system paths that pass the route map, use the set local-preference command in route-map configuration mode. To delete the entry from the route map, use the no form of this command.

set local-preference number

no set local-preference

Syntax Description

number

Preference value. An integer from 0 to 4294967295.

Command Default

Preference value of 100

Command Modes

Route-map configuration (config-route-map)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

The local preference attribute is a number that indicates the relative preference of one route over another when there is more than one route to a destination. A higher preference causes a route to be preferred over a route with a lower preference.

This attribute is exchanged between iBGP peers only. That is, the preference is sent to all routers in the local autonomous system only. This attribute is used to determine local policy

You can change the default preference value with the bgp default local-preference command.

Examples

The following example sets the local preference to 200 for all routes that are included in access list 1:


route-map map-preference
 match as-path 1
 set local-preference 200

set metric (BGP-OSPF-RIP)

To set the metric value for a routing protocol, use the setmetric command in route-map configuration mode. To return to the default metric value, use the no form of this command.

set metric metric-value

no set metric metric-value

Syntax Description

metric-value

Metric value; an integer from -294967295 to 294967295. This argument applies to all routing protocols except Enhanced Interior Gateway Routing Protocol (EIGRP).

Command Default

The dynamically learned metric value.

Command Modes

Route-map configuration (config-route-map)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

We recommend that you consult your Cisco technical support representative before changing the default value.

Use the route-map global configuration command, and the match and set route-map configuration commands, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria --the conditions under which redistribution is allowed for the current route-map command. The set commands specify the set actions --the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.

The set route-map configuration commands specify the redistribution setactions to be performed when all the match criteria of a route map are met. When all match criteria are met, all set actions are performed.

Examples

The following example sets the metric value for the routing protocol to 100:


route-map set-metric
 set metric 100

set metric-type

To set the metric type for the destination routing protocol, use the setmetric-type command in route-map configuration mode. To return to the default, use the no form of this command.

set metric-type commandset metric-type {internal | external | type-1 | type-2}

no set metric-type {internal | external | type-1 | type-2}

Syntax Description

internal

Intermediate System-to-Intermediate System (IS-IS) internal metric, or IGP metric as the MED for BGP.

external

IS-IS external metric.

type-1

Open Shortest Path First (OSPF) external Type 1 metric.

type-2

OSPF external Type 2 metric.

Command Default

This command is disabled by default.

Command Modes

Route-map configuration

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Use the route-map global configuration command with match and set route-map configuration commands to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the matchcriteria --the conditions under which redistribution is allowed for the current route-map command. The set commands specify the setactions --the particular redistribution actions to perform if the criteria enforced by the match commands are met. The no route-map command deletes the route map.

The set route-map configuration commands specify the redistribution setactions to be performed when all the match criteria of a route map are met. When all match criteria are met, all set actions are performed.


Note

This command is not supported for redistributing routes into Border Gateway Protocol (BGP).


Examples

The following example sets the metric type of the destination protocol to OSPF external Type 1:


route-map map-type
 set metric-type type-1

set next-hop

To specify the address of the next hop, use thesetnext-hop command in route-map configuration mode. To delete an entry, use the no form of this command.

set next-hop commandset next-hop next-hop

no set next-hop next-hop

Syntax Description

next-hop

IP address of the next hop router.

Command Default

Default next hop address.

Command Modes

Route-map configuration

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

You must have a match clause (even if it points to a “permit everything” list) if you want to set tags.

Use the route-map global configuration command, and the match and set route-map configuration commands, to define the conditions for redistributing routes from one routing protocol into another. Each route-map command has a list of match and set commands associated with it. The match commands specify the matchcriteria --the conditions under which redistribution is allowed for the current route-map command. The set commands specify the setactions --the particular redistribution actions to perform if the criteria enforced by the match commands are met. Theno route-map command deletes the route map.

The set route-map configuration commands specify the redistribution setactions to be performed when all the match criteria of the router are met. When all match criteria are met, all set actions are performed.

Examples

In the following example, routes that pass the access list have the next hop set to 172.160.70.24:


route-map map_hop
 match address 5
 set next-hop 172.160.70.24

set tag (IP)

To set a tag value for a route in a route map, use the set tag command in route-map configuration mode. To delete the entry, use the no form of this command.

set tag {tag-value | tag-value-dotted-decimal}

no set tag {tag-value | tag-value-dotted-decimal}

Syntax Description

tag-value

Route tag value in plain decimals. The range is from 0 to 4294967295.

tag-value-dotted-decimal

Route tag value in dotted decimals. The range is from 0.0.0.0 to 255.255.255.255.

Command Default

Routes are not tagged.

Command Modes

Route-map configuration (config-route-map)

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.1

This command was implemented on Cisco ASR 1000 Series Aggregation Services Routers.

15.2(2)S

This command was modified. This command was integrated into Cisco IOS Release 15.2(2)S and the tag-value-dotted-decimal argument was added to support tag values in dotted-decimal format.

Cisco IOS XE Release 3.6S

This command was modified. The tag-value-dotted-decimal argument was added to support tag values in dotted-decimal format.

Usage Guidelines

Use the set tag command to set an administrative tag for a route within a route map. Route tags are 32-bit values attached to routes. You can set tag values as plain decimals or dotted decimals. Route tags are used by route maps to filter routes. The tag value has no impact on routing decisions. It is used to mark or flag routes to prevent routing loops when routes are redistributed between routing protocols.

Examples

The following example shows how to set the tag value of the destination routing protocol to 5:


Device(config)# route-map tag
Device(config-route-map)# set tag 5

The following example shows how to set the tag value in the dotted-decimal format:


Device(config)# route-map tag
Device(config-route-map)# set tag 10.10.10.10

set vrf next-hop verify-availability

To configure policy routing to verify the reachability of the next hop of a route map of a VRF instance before the device performs policy routing to that next hop, use the set {ip | ipv6} vrf next-hop verify-availability command in route-map configuration mode. To disable this function, use the no form of this command.

set {ip | ipv6} vrf vrf-name next-hop verify-availability next-hop-address sequence track object

no set {ip | ipv6} vrf vrf-name next-hop verify-availability next-hop-address sequence track object

Syntax Description

vrf-name

Name of the VRF instance.

next-hop-address

IP address of the next hop to which packets will be forwarded.

sequence

Sequence of next hops. The range is from 1 to 65535.

track

Specifies the tracking method.

object

Object number that the tracking subsystem is tracking. The range is from 1 to 1000.

Command Default

The reachability of the next hop of a route map in a VRF instance before a device performs policy routing is not verified.

Command Modes

Route-map configuration (config-route-map)

Command History

Release Modification

Cisco IOS XE Release 3.11S

This command was introduced.

Usage Guidelines

Use the set {ip | ipv6} vrf next-hop verify-availability to support object tracking using Internet Control Message Protocol (ICMP) ping or an HTTP GET request to verify if a remote device is reachable. With optional arguments to support object tracking, this command allows policy based routing (PBR) to make decisions based on the following criteria:
  • ICMP ping reachability to a remote device.
  • Application running on a remote device (for example, the device responds to an HTTP GET request).
  • A route exists in the Routing Information Base (RIB) (for example, policy route only if 10.2.2.0/24 is in the RIB).
  • Interface state (for example, packets received on E0 should be policy routed out E1 only if E2 is down).

PBR informs the tracking process that it is interested in tracking a certain object. The tracking process will in turn notify PBR when the state of the object changes. This notification is done via registries and is event driven.

The tracking subsystem is responsible for tracking the state of an object. The state of the object (up or down) is stored in a track report data structure. The tracking process will create the tracking object report. Then the exec process that is configuring the route map can query the tracking process to determine if a given object exists. If the object exists, the tracking subsystem can start tracking it and read the initial state of the object. If the object changes state, the tracking process will notify all the clients that are tracking this process that the state of the object has changed. So, the route map structure that PBR is using can be updated to reflect the current state of the object in the track report. This interprocess communication is done by means of registries and the shared track report.

Examples

The following example shows how to configure policy routing to verify the reachability of the next hop of a route map of a VRF instance:


Device> enable
Device# configure terminal
Device(config)# ip vrf RED
Device(config-vrf)# rd 100:1
Device(config-vrf)# route-target export 100:1
Device(config-vrf)# route-target import 100:1
Device(config-vrf)# exit
Device(config)# ip sla 1
Device(config-ip-sla)# icmp-echo 10.0.0.4
Device(config-ip-sla-echo)# vrf RED
Device(config-ip-sla-echo)# exit
Device(config)# ip sla schedule 1 life forever start-time now
Device(config)# track 1 ip sla 1
Device(config-track)# interface Ethernet0/0
Device(config-if)# ip vrf forwarding RED
Device(config-if)# ip address 10.0.0.2 255.0.0.0
Device(config-if)# exit
Device(config)# route-map test02 permit 10
Device(config-route-map)# set ip vrf RED next-hop verify-availability 192.168.23.2 1 track
Device(config-route-map)# interface Ethernet0/0
Device(config-if)# ip vrf forwarding RED
Device(config-if)# ip policy route-map test02
Device(config-if)# ip address 192.168.10.2 255.255.255.0
Device(config-if)# end

The following example shows how to configure policy routing to verify the reachability of the next hop of a route map of an IPv6 VRF instance:


Device> enable
Device# configure terminal
Device(config)# ip vrf RED
Device(config-vrf)# rd 100:1
Device(config-vrf)# route-target export 100:1
Device(config-vrf)# route-target import 100:1
Device(config-vrf)# exit
Device(config)# ip sla 1
Device(config-ip-sla)# icmp-echo 10.0.0.4
Device(config-ip-sla-echo)# vrf RED
Device(config-ip-sla-echo)# exit
Device(config)# ip sla schedule 1 life forever start-time now
Device(config)# track 1 ip sla 1
Device(config-track)# interface Ethernet0/0
Device(config-if)# ip vrf forwarding RED
Device(config-if)# ip policy route-map test02
Device(config-if)# ip address 192.168.10.2 255.255.255.0
Device(config-if)# ipv6 address 2001:DB8::/32
Device(config-if)# interface Ethernet1/0
Device(config-if)# ip vrf forwarding RED
Device(config-if)# ip address 10.0.0.2 255.0.0.0
Device(config-if)# ipv6 address 2001:DB8::/48
Device(config-if)# exit
Device(config)# route-map test02 permit 10
Device(config-route-map)# set ipv6 vrf RED next-hop verify-availability 2001:DB8:1::1 1
track 1
Device(config-route-map)# end

show bfd drops

To display the number of dropped packets in Bidirectional Forwarding Detection (BFD), use the show bfd drops command in user EXEC or privileged EXEC mode.

show bfd drops

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release

Modification

15.1(2)S

This command was introduced.

15.1(3)S

This command was modified. The output was enhanced to display authentication information for multihop sessions.

Cisco IOS XE Release 3.7S

This command was integrated into Cisco IOS XE Release 3.7S.

Examples

The following is sample output from the show bfd drops command. The IPV4 and IPV6 columns display single hop session counters for IPv4 and IPv6, respectively. The IPV4-M and IPV6-M columns display multihop session counters for IPv4 and IPv6, respectively.


Router# show bfd drops
 
BFD Drop Statistics
                        IPV4    IPV6    IPV4-M  IPV6-M  MPLS_PW MPLS_TP_LSP
Invalid TTL             0        0       0       0       0       0
BFD Not Configured      0        0       0       0       0       0
No BFD Adjacency        0        0       0       0       0       0
Invalid Header Bits     0        0       0       0       0       0
Invalid Discriminator   0        0       0       0       0       0
Session AdminDown       0        0       0       0       0       0
Authen invalid BFD ver  0        0       0       0       0       0
Authen invalid len      0        0       0       0       0       0
Authen invalid seq      0        0       0       0       0       0
Authen failed           0        0       0       0       0       0

The following is a sample output from show bfd drops command.

The following table describes the significant fields shown in the display.

Table 1. show bfd drops Field Descriptions

Field

Description

Invalid Header Bits

Some header bits are invalid or unexpected.

BFD Not Configured

A packet was received for a session that does not exist.

Invalid Discriminator

Invalid or unexpected discriminator ID.

Authen invalid BFD ver

An authenticated packet was received in a BFD session with a version that does not support authentication.

Authen invalid len

An authenticated packet was received with an invalid authentication length.

Authen invalid seq

An authenticated packet was received with an invalid authentication sequence.

show bfd neighbors

To display a line-by-line listing of existing Bidirectional Forwarding Detection (BFD) adjacencies, use the show bfd neighbors command in user EXEC or privileged EXEC mode.

show bfd neighbors [client {bgp | eigrp | isis | ospf | rsvp | te-frr} | details | interface-type interface-number | internal | ipv4 ip-address | ipv6 ipv6-address | vrf vrf-name]

Syntax Description

client

(Optional) Displays neighbors of a specific client.

bgp

(Optional) Displays a Border Gateway Protocol (BGP) client.

eigrp

(Optional) Displays an Enhanced Interior Gateway Routing Protocol (EIGRP) client.

isis

(Optional) Specifies an Intermediate System-to-Intermediate System (IS-IS) client.

ospf

(Optional) Specifies an Open Shortest Path First (OSPF) client.

rsvp

(Optional) Specifies a Resource Reservation Protocol (RSVP) client.

te-frr

(Optional) Specifies a traffic engineering (TE) Fast Reroute (FRR) client.

details

(Optional) Displays all BFD protocol parameters and timers for each neighbor.

interface-type interface-number

(Optional) Neighbors at the specified interface.

internal

(Optional) Displays internal BFD information.

ipv4

(Optional) Specifies an IPv4 neighbor. If the ipv4 keyword is used without the ip-address argument, all IPv4 sessions are displayed.

ip-address

(Optional) IP address of a neighbor in A.B.C.D format.

ipv6

(Optional) Specifies an IPv6 neighbor. If the ipv6 keyword is used without the ipv6-address argument, all IPv6 sessions are displayed.

ipv6-address

(Optional) IPv6 address of a neighbor in X:X:X:X::X format.

vrf vrf-name

(Optional) Displays entries for the specified VPN routing and forwarding (VRF) instance.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

S Release

Modification

12.0(31)S

This command was introduced.

12.2(18)SXE

This command was integrated into Cisco IOS Release 12.2(18)SXE.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SRC

This command was modified. The vrf vrf-name keyword and argument, the client keyword, and the ip-address argument were added.

12.2(33)SB

This command was integrated into Cisco IOS Release 12.2(33)SB.

12.2(33)SXI

This command was modified. The output was modified to display the “OurAddr” field only with the details keyword.

12.2(33)SRE

This command was modified. Support for IPv6 was added.

15.1(2)S

This command was modified.

  • The show bfd neighbors details command output was changed for hardware-offloaded BFD sessions.

  • The show bfd neighbors command output was changed to display the header type to identify the session type.

15.1(3)S

This command was modified to display information about multihop sessions.

15.2(4)S

This command was modified. The output of the command was enhanced to include Template and Authentication fields for single-hop sessions.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

15.4(3)S

This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.

T Release

Modification

12.4(4)T

This command was integrated into Cisco IOS Release 12.4(4)T.

12.4(9)T

This command was modified. Support for BFD Version 1 and BFD echo mode was added.

15.1(2)T

This command was modified. Support for IPv6 was added.

15.1(1)SG

This command was integrated into Cisco IOS Release 15.1(1)SG.

15.2(1)E

This command was integrated into Cisco IOS Release 15.2(1)E.

XE Release

Modification

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

Usage Guidelines

The show bfd neighbors command can be used to help troubleshoot the BFD feature.

The full output for the details keyword is not supported on the Route Processor (RP) for the Cisco 12000 Series Internet Router. If you want to enter the show bfd neighbors command with the details keyword on the Cisco 12000 Series Internet Router, you must enter the command on the line card. Use the attach slot command to establish a CLI session with a line card.

In Cisco IOS Release 15.1(2)S and later releases that support BFD hardware offload, the Tx and Rx intervals on both BFD peers must be configured in multiples of 50 milliseconds. If they are not, output from the show bfd neighbors details command will show the configured intervals, not the changed ones.

See the “Configuring Synchronous Ethernet on the Cisco 7600 Router with ES+ Line Card” section of the Cisco 7600 Series Ethernet Services Plus (ES+) and Ethernet Services Plus T (ES+T) Line Card Configuration Guide for more information about prerequisites and restrictions for hardware offload.

Examples

The following is sample output from the show bfd neighbors that shows the status of the adjacency or neighbor:

Device# show bfd neighbors

OurAddr       NeighAddr      LD/RD RH  Holdown(mult) State     Int
172.16.10.1   172.16.10.2    1/6  1   260  (3 )      Up        Fa0/1 

The following is sample output from the show bfd neighbors command when it is entered with the details keyword that shows BFD protocol parameters and timers for each neighbor:

Device# show bfd neighbors details

NeighAddr                         LD/RD    RH/RS     State     Int
10.1.1.2                           1/1         1(RH) Up        Et0/0
Session state is UP and not using echo function.
OurAddr: 10.1.1.1       
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 50000, MinRxInt: 50000, Multiplier: 3 Received MinRxInt: 50000, Received Multiplier: 3 Holddown (hits): 150(0), Hello (hits): 50(2223) Rx Count: 2212, Rx Interval (ms) min/max/avg: 8/68/49 last: 0 ms ago Tx Count: 2222, Tx Interval (ms) min/max/avg: 40/60/49 last: 20 ms ago Elapsed time watermarks: 0 0 (last: 0) Registered protocols: CEF Stub
Uptime: 00:01:49
Last packet: Version: 0                  - Diagnostic: 0
             I Hear You bit: 1           - Demand bit: 0
             Poll bit: 0                 - Final bit: 0
             Multiplier: 3               - Length: 24
             My Discr.: 1                - Your Discr.: 1
             Min tx interval: 50000      - Min rx interval: 50000
             Min Echo interval: 50000 

The following is sample output from the show bfd neighbors command when it is entered on a Cisco 12000 Series Internet Router Route Processor (RP) that shows the status of the adjacency or neighbor:

Device# show bfd neighbors

Cleanup timer hits: 0
OurAddr       NeighAddr     LD/RD RH  Holdown(mult)  State     Int
172.16.10.2   172.16.10.1    2/0  0   0    (0 )      Up        Fa6/0
 Total Adjs Found: 1

The following is sample output from the show bfd neighbors command when it is entered in a Cisco 12000 Series Internet Router RP that shows the status of the adjacency or neighbor with the details keyword:

Device# show bfd neighbors details

Cleanup timer hits: 0
OurAddr       NeighAddr     LD/RD RH  Holdown(mult)  State     Int
172.16.10.2   172.16.10.1    2/0  0   0    (0 )      Up        Fa6/0
Registered protocols: OSPF
Uptime: never
%% BFD Neighbor statistics are not available on RP. Please execute this command on Line Card.

The following is sample output from the show bfd neighbors command when it is entered on a Cisco 12000 Series Internet Router line card that shows the status of the adjacency or neighbor:

Device# attach 6

Entering Console for 8 Port Fast Ethernet in Slot: 6
Type "exit" to end this session
Press RETURN to get started!

Device> show bfd neighbors

Cleanup timer hits: 0
OurAddr       NeighAddr     LD/RD RH  Holdown(mult)  State     Int
172.16.10.2   172.16.10.1    2/1  1   848  (5 )      Up        Fa6/0
 Total Adjs Found: 1

The following is sample output from the show bfd neighbors command when it is entered on a Cisco 12000 Series Internet Router line card that shows the status of the adjacency or neighbor with the details keyword:

Device# attach 6

Entering Console for 8 Port Fast Ethernet in Slot: 6
Type "exit" to end this session
Press RETURN to get started!
Device> show bfd neighbors details

Cleanup timer hits: 0
OurAddr       NeighAddr     LD/RD RH  Holdown(mult)  State     Int
172.16.10.2   172.16.10.1    2/1  1   892  (5 )      Up        Fa6/0
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 50000, MinRxInt: 1000, Multiplier: 3
Received MinRxInt: 200000, Received Multiplier: 5
Holdown (hits): 1000(0), Hello (hits): 200(193745)
Rx Count: 327406, Rx Interval (ms) min/max/avg: 152/248/196 last: 108 ms ago
Tx Count: 193748, Tx Interval (ms) min/max/avg: 204/440/331 last: 408 ms ago
Last packet: Version: 0            - Diagnostic: 0
             I Hear You bit: 1     - Demand bit: 0
             Poll bit: 0           - Final bit: 0
             Multiplier: 5         - Length: 24
             My Discr.: 1          - Your Discr.: 2
             Min tx interval: 200000    - Min rx interval: 200000
             Min Echo interval: 0
Uptime: 17:54:07
SSO Cleanup Timer called: 0
SSO Cleanup Action Taken: 0
Pseudo pre-emptive process count: 7728507 min/max/avg: 8/16/8 last: 12 ms ago
 IPC Tx Failure Count: 0
 IPC Rx Failure Count: 0
 Total Adjs Found: 1
Device>

Examples

The following is sample output from the show bfd neighbors details command that shows that the BFD neighbor device is running BFD Version 1 and that the BFD session is up and running in echo mode:

Device# show bfd neighbors details

OurAddr       NeighAddr     LD/RD  RH/RS   Holdown(mult)  State     Int
172.16.1.2    172.16.1.1     1/6    Up        0    (3 )   Up        Fa0/1
Session state is UP and using echo function with 50 ms interval.
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3
Received MinRxInt: 1000000, Received Multiplier: 3
Holdown (hits): 3000(0), Hello (hits): 1000(337)
Rx Count: 341, Rx Interval (ms) min/max/avg: 1/1008/882 last: 364 ms ago
Tx Count: 339, Tx Interval (ms) min/max/avg: 1/1016/886 last: 632 ms ago
Registered protocols: EIGRP
Uptime: 00:05:00
Last packet: Version: 1 
           - Diagnostic: 0
             State bit: Up         - Demand bit: 0
             Poll bit: 0           - Final bit: 0
             Multiplier: 3         - Length: 24
             My Discr.: 6          - Your Discr.: 1
             Min tx interval: 1000000    - Min rx interval: 1000000
             Min Echo interval: 50000

The following is sample output from the show bfd neighbors command that displays all IPv6 sessions:

Device# show bfd neighbors ipv6 2001::1

OurAddr                   NeighAddr   							       LD/RD  RH/RS  Holddown(mult)  State  Int
2001:DB8:0:ABCD::1        2001:DB8:0:ABCD::2        2/2    Up        0    (3 )   Up     Et0/0
2001:DB8:0:1:FFFF:1234::5 2001:DB8:0:1:FFFF:1234::6 4/4    Up        0    (3 )   Up     Et1/0

The following is a sample output from the show bfd neighbors

The following is sample output from the show bfd neighbors command:

 Device# show bfd neighbors

NeighAddr                         LD/RD    RH/RS     State     Int
192.0.2.1                          4/0     Down      Down      Et0/0
192.0.2.2                          5/0     Down      Down      Et0/0
192.0.2.3                          6/0     Down      Down      Et0/0
192.0.2.4                          7/0     Down      Down      Et0/0
192.0.2.5                          8/0     Down      Down      Et0/0
192.0.2.6                         11/0         0(RH) Fail      Et0/0
2001:DB8::1                       9/0     Down      Down      Et0/0
2001:DB8:0:ABCD::1                10/0     Down      Down      Et0/0
2001:DB8::2																			     1/0         0(RH) Fail      Et0/0
2001:DB8:0:1::1															     2/0     Down      Down      Et0/0
2001:DB8:0:1:FFFF:1234::5          3/0     Down      Down      Et0/0

The following is sample output from the show bfd neighbors details command:

Device# show bfd neighbors details

IPv4 Sessions
NeighAddr                              LD/RD         RH/RS     State     Int
100.0.2.1                             127/156        Down      Init      Se0/5/1.1/2/1/1:0
Session Host: Hardware - session negotiated with platform adjusted timer values.
              MinTxInt - configured: 200000      adjusted: 1000000
OurAddr: 100.0.2.2
Handle: 2
Local Diag: 1, Demand mode: 0, Poll bit: 0
MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3
Received MinRxInt: 1000000, Received Multiplier: 3
Holddown (hits): 0(0), Hello (hits): 1000(0)
Rx Count: 5052
Tx Count: 7490
Elapsed time watermarks: 0 0 (last: 0)
Registered protocols: IPv4 Static CEF
Template: software
Downtime: 00:00:05
Last packet: Version: 1                  - Diagnostic: 3
             State bit: Down             - Demand bit: 0
             Poll bit: 0                 - Final bit: 0
             C bit: 1
             Multiplier: 3               - Length: 24
             My Discr.: 156              - Your Discr.: 0
             Min tx interval: 1000000    - Min rx interval: 1000000
             Min Echo interval: 200000

The table below describes the significant fields shown in the displays.

Table 2. show bfd neighbors Field Descriptions

Field

Description

OurAddr

IP address of the interface for which the show bfd neighbors details command was entered.

NeighAddr

IPv4 or IPv6 address of the BFD adjacency or neighbor.

LD/RD

Local discriminator (LD) and remote discriminator (RD) being used for the session.

RH

Remote Heard (RH) Indicates that the remote BFD neighbor has been heard.

Holdown (mult)

Detect timer multiplier that is used for this session.

State

State of the interface—Up or Down.

Int

Interface type and slot/port.

Session state is UP and using echo function with 50 ms interval.

BFD is up and running in echo mode. The 50-millisecond interval has been adopted from the bfd command.

Note 

BFD Version 1 and echo mode are supported only in Cisco IOS Release 12.4(9)T and later releases.

Rx Count

Number of BFD control packets that are received from the BFD neighbor.

Tx Count

Number of BFD control packets that are sent by the BFD neighbor.

Tx Interval

The interval, in milliseconds, between sent BFD packets.

Registered protocols

Routing protocols that are registered with BFD.

Last packet: Version:

BFD version detected and run between the BFD neighbors. The system automatically performs BFD version detection, and BFD sessions between neighbors will run in the highest common BFD version. For example, if one BFD neighbor is running BFD Version 0 and the other BFD neighbor is running Version 1, the session will run BFD Version 0.

Note 

BFD Version 1 and echo mode are supported only in Cisco IOS Release 12.4(9)T and later releases.

Diagnostic

A diagnostic code specifying the local system’s reason for the last transition of the session from Up to some other state.

State values are as follows:

  • 0—No Diagnostic

  • 1—Control Detection Time Expired

  • 2—Echo Function Failed

  • 3—Neighbor Signaled Session Down

  • 4—Forwarding Plane Reset

  • 5—Path Down

  • 6—Concentrated Path Down

  • 7—Administratively Down

I Hear You bit

The I Hear You bit is set to 0 if the transmitting system is either not receiving BFD packets from the remote system or is tearing down the BFD session for some reason. During normal operation, the I Hear You bit is set to 1 to signify that the remote system is receiving the BFD packets from the transmitting system.

Demand bit

Demand mode bit. BFD has two modes: asynchronous and demand. If the demand mode is set, the transmitting system prefers to operate in demand mode. The Cisco implementation of BFD supports only asynchronous mode.

Poll bit

Indicates that the transmitting system is requesting verification of connectivity or verification of a parameter change.

Final bit

Indicates that the transmitting system is responding to a received BFD control packet that had a Poll (P) bit set.

Multiplier

Detect time multiplier. The negotiated transmit interval multiplied by the detect time multiplier determines the detection time for the transmitting system in BFD asynchronous mode.

The detect time multiplier is similar to the hello multiplier in Intermediate System-to-Intermediate System (IS-IS), which is used to determine the hold timer: (hello interval) * (hello multiplier) = hold timer. If a hello packet is not received within the hold-timer interval, it indicates that a failure has occurred.

Similarly, for BFD: (transmit interval) * (detect multiplier) = detect timer. If a BFD control packet is not received from the remote system within the detect-timer interval, it indicates that a failure has occurred.

Length

Length of the BFD control packet, in bytes.

My Discr.

My Discriminator is a unique, nonzero discriminator value generated by the transmitting system used to demultiplex multiple BFD sessions between the same pair of systems.

Your Discr.

Your Discriminator is a discriminator that is received from the corresponding remote system. This field reflects the received value of My Discriminator or is zero if that value is unknown.

Min tx interval

Minimum transmission interval, in microseconds, that the local system wants to use when sending BFD control packets.

Min rx interval

Minimum receipt interval, in microseconds, between received BFD control packets that the system can support.

Min Echo interval

Minimum interval, in microseconds, between received BFD control packets that the system can support. If the value is zero, the transmitting system does not support the receipt of BFD echo packets.

The Cisco implementation of BFD for Cisco IOS Releases 12.2(18)SXE and 12.0(31)S does not support the use of echo packets.

The following is sample output from the show bfd neighbors details command for BFD sessions offloaded to hardware. The Rx and Tx counts show the number of packets received and transmitted by the BFD session in hardware.

Device# show bfd neighbors details

NeighAddr                              LD/RD         RH/RS     State     Int
192.0.2.1                              298/298        Up        Up        Te7/1.2
Session state is UP and not using echo function.
Session Host: Hardware - session negotiated with platform adjusted timer values.
              Holddown - negotiated: 510000      adjusted: 0         
OurAddr: 192.0.2.2       
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 170000, MinRxInt: 170000, Multiplier: 3
Received MinRxInt: 160000, Received Multiplier: 3
Holddown (hits): 0(0), Hello (hits): 170(0)
Rx Count: 1256983
Tx Count: 24990
Elapsed time watermarks: 0 0 (last: 0)
Registered protocols: OSPF CEF
Uptime: 18:11:31
Last packet: Version: 1                  - Diagnostic: 0
             State bit: Up               - Demand bit: 0
             Poll bit: 0                 - Final bit: 0
             Multiplier: 3               - Length: 24
             My Discr.: 298                 - Your Discr.: 298
             Min tx interval: 160000     - Min rx interval: 160000
             Min Echo interval: 0       

The following is sample output from the show bfd neighbors command showing a header type identifying the type of session:

Device# show bfd neighbors

MPLS-TP Sessions
Interface       LSP type                  LD/RD    RH/RS     State
Tunnel-tp1      Working                    1/0     Down      Down
Tunnel-tp2      Working                    3/0     Down      Down
Tunnel-tp1      Protect                    2/0     Down      Down

IPv4 Sessions
NeighAddr                         LD/RD    RH/RS     State     Int
192.0.2.1                           2/0     Down      Down      Et2/0

The following is sample output from the show bfd neighbors command for Virtual Circuit Connection Verification (VCCV) sessions:

Device# show bfd neighbors

VCCV Sessions
Peer Addr      :VCID                     LD/RD    RH/RS     State
198.51.100.1   :100                       1/1     Up        Up

The following is sample output from the show bfd neighbors command for IPv4 and IPv6 sessions:

Device# show bfd neighbors

IPv4 Sessions
NeighAddr                            LD/RD    RH/RS     State     Int
192.0.2.1                             6/0     Down      Down      Et1/0
203.0.113.1                           7/6     Up        Up        Et3/0
198.51.100.2                          8/7     Up        Up        Et0/0
IPv6 Sessions
NeighAddr                         LD/RD    RH/RS     State     Int
2001:DB8::1                        1/1     Up        Up        Et0/0
2001:DB8:0:ABCD::1                 2/2     Up        Up        Et0/0
2001:DB8::2                        3/3     Up        Up        Et0/0
2001:DB8:0:1:FFFF:1234::5          4/4     Up        Up        Et0/0
2001:DB8:0:1::1                    5/5     Up        Up        Et0/0

The table below describes the significant fields shown in the displays.

Table 3. show bfd neighbors Field Descriptions

Field

Description

Interface

Name of the Multiprotocol Label Switching (MPLS) tunnel Transport Profile (TP) interface.

LSP type

Type of label-switched path for this session (Working or Protect).

The following is sample output from the show bfd neighbors command for a single-hop session:

Device# show bfd neighbors

IPv4 Sessions
NeighAddr                              LD/RD         RH/RS     State     Int
192.0.2.6                                1/12         Up        Up        Et0/0
Session state is UP and using echo function with 300 ms interval.
Session Host: Software
OurAddr: 192.0.2.12       
Handle: 12
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 1000000, MinRxInt: 1000000, Multiplier: 3
Received MinRxInt: 1000000, Received Multiplier: 3
Holddown (hits): 0(0), Hello (hits): 1000(62244)
Rx Count: 62284, Rx Interval (ms) min/max/avg: 1/2436/878 last: 239 ms ago
Tx Count: 62247, Tx Interval (ms) min/max/avg: 1/1545/880 last: 246 ms ago
Elapsed time watermarks: 0 0 (last: 0)
Registered protocols: Stub CEF
Template: my-template                           
Authentication(Type/Keychain): sha-1/my-chain   
Uptime: 00:22:06
Last packet: Version: 1                  - Diagnostic: 0
             State bit: Up               - Demand bit: 0
             Poll bit: 0                 - Final bit: 0
             Multiplier: 3               - Length: 24
             My Discr.: 12               - Your Discr.: 1
             Min tx interval: 1000000    - Min rx interval: 1000000
             Min Echo interval: 300000  

The table below describes the significant fields shown in the display.

Table 4. show bfd neighbors Field Descriptions for Single-Hop BFD Sessions

Field

Description

Template

BFD multihop template name.

Authentication

Authentication type and key chain.

The following is sample output from the show bfd neighbors command for an IPv4 multihop session. The section headed “Map information:” has information specific to the multihop session.

Device# show bfd neighbors

IPv4 Multihop Sessions
NeighAddr[vrf]                                LD/RD         RH/RS     State
192.0.2.20                                        2/13         Up        Up       
Session state is UP and not using echo function.
Session Host: Software
OurAddr: 192.0.2.21
Handle: 13
Local Diag: 0, Demand mode: 0, Poll bit: 0
MinTxInt: 750000, MinRxInt: 750000, Multiplier: 3
Received MinRxInt: 750000, Received Multiplier: 15
Holddown (hits): 10772(0), Hello (hits): 750(82985)
Rx Count: 82973, Rx Interval (ms) min/max/avg: 24/1334/659 last: 478 ms ago
Tx Count: 82935, Tx Interval (ms) min/max/avg: 1/1141/660 last: 78 ms ago
Elapsed time watermarks: 0 0 (last: 0)
Registered protocols: Xconnect
Map information: 
 Destination[vrf]: 192.0.2.1/24
 Source[vrf]: 192.0.2.2/24
 Template: mh 
 Authentication(Type/Keychain): md5/qq
 last_tx_auth_seq: 5  last_rx_auth_seq 4
Uptime: 15:12:26
Last packet: Version: 1                  - Diagnostic: 0
             State bit: Up               - Demand bit: 0
             Poll bit: 0                 - Final bit: 0
             Multiplier: 15              - Length: 48
             My Discr.: 13               - Your Discr.: 2
             Min tx interval: 750000     - Min rx interval: 750000
             Min Echo interval: 0       

The table below describes the significant fields shown in the display.

Table 5. show bfd neighbors Field Descriptions for Multihop BFD Sessions

Field

Description

Destination

BFD map destination address.

Source

BFD map source address.

Template

BFD multihop template name.

Authentication

Authentication type and key chain.

last_tx_auth_seq

Last authenticated sequence sent by the peer.

last_rx_auth_seq

Last authenticated sequence received by the peer.

show bfd summary

To display summary information for Bidirectional Forwarding Protocol (BFD), use the show bfd summary command in user EXEC or privileged EXEC mode.

show bfd summary [client | session]

Syntax Description

client

(Optional) Displays list of BFD clients and number of sessions created by each client.

session

(Optional) Displays list of client-to-peer exchanges that have been launched by BFD clients, organized by session type.

Command Modes


User EXEC (>)
Privileged EXEC (#)

Command History

Release

Modification

15.0(1)S

This command was introduced.

Usage Guidelines

Use this command to display summary information about BFD, BFD clients, or BFD sessions.

When a BFD client launches a session with a peer, BFD sends periodic BFD control packets to the peer. Information about the following states of a session are included in the output of this command:

  • Up--When another BFD interface acknowledges the BFD control packets, the session moves into an up state.

  • Down--The session, and data path, is declared down if a data path failure occurs and BFD does not receive a control packet within the configured amount of time. When a session is down, BFD notifies the BFD client so that the client can perform necessary actions to reroute traffic.

Examples

The following is sample output from the show bfd summary command:


Router# show bfd summary
 
                    Session          Up          Down
Total                     1           1             0
 

The following is a sample output from the show bfd summary command:

The following is sample output from the show bfd summary session command:


Router# show bfd summary session
 
Protocol            Session          Up          Down
IPV4                      1           1             0
Total                     1           1             0
 

The following is sample output from the show bfd summary client command:


Router# show bfd summary client
 
Client              Session          Up          Down
EIGRP                     1           1             0
CEF                       1           1             0
Total                     2           2             0
 

The table below describes the significant fields shown in the display.

Table 6. show bfd summary Field Descriptions

Field

Description

Session

Sum of launched sessions by type or when combined with Total, sum of all launched sessions.

Up

Number of sessions for which the BFD client acknowleged receipt of control packets.

Down

Number of sessions for which the BFD client did not receive control packets from a peer.

Total

Sum of all launched sessions, all Up sessions, or all Down sessions in list.

Protocol

Routing protocol of interface in a session.

Client

Type of client in a session.

show dampening interface

To display a summary of dampened interfaces, use the showdampinginterface command in user EXEC or privileged EXEC mode.

show dampening interface commandshow dampening interface

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC Privileged EXEC

Command History

Release

Modification

12.0(22)S

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.2(18)SXD

This command was integrated into Cisco IOS Release 12.2(18)SXD.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Examples

The following is sample output from the showdampinginterface command in privileged EXEC mode:


Router# show dampening interface 
3 interfaces are configured with dampening.
No interface is being suppressed.
Features that are using interface dampening:
  IP Routing
  CLNS Routing

The table below describes the significant fields shown in the sample output of the show dampening interface command.

Table 7. show dampening interface Field Descriptions

Field

Description

... interfaces are configured with dampening.

Displays the number of interfaces that are configured for event dampening.

No interface is being suppressed.

Displays the suppression status of the interfaces that are configured for event dampening.

Features that are using interface dampening:

Displays the routing protocols that are configured to perceived interface dampening.

show fm ipv6 pbr all

To display IPv6 policy-based routing (PBR) value mask results (VMRs), use the show fm ipv6 pbr all command in privileged EXEC mode.

show fm ipv6 pbr all

Syntax Description

This command has no arguments or keywords.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.2(33)SXI4

This command was introduced.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

Usage Guidelines

The show fm ipv6 pbr all command shows the IPv6 PBR VMRs for all interfaces on which IPv6 PBR is configured.

show fm ipv6 pbr interface

To displays the IPv6 policy-based routing (PBR) value mask results (VMRs) on a specified interface, use the show fm ipv6 pbr interface command in privileged EXEC mode.

show fm ipv6 pbr interface interface type number

Syntax Description

interface type number

Specified interface for which PBR VMR information will be displayed.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.2(33)SXI4

This command was introduced.

15.1(1)SY

This command was integrated into Cisco IOS Release 15.1(1)SY.

Usage Guidelines

The show fm ipv6 pbr interface command shows the IPv6 PBR VMRs for a specified interface.

show interface dampening

To display dampened interfaces on the local router, use the showinterface dampening command in privileged EXEC mode.

show interface dampening commandshow interface dampening

Syntax Description

This command has no keywords or arguments.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.0(22)S

This command was introduced.

12.2(14)S

This command was integrated into Cisco IOS Release 12.2(14)S.

12.2(13)T

This command was integrated into Cisco IOS Release 12.2(13)T.

12.2(18)SXD

This command was integrated into Cisco IOS Release 12.2(18)SXD.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(31)SB2

This command was integrated into Cisco IOS Release 12.2(31)SB2.

Examples

The following is sample output from the showinterfacedampening command:


Router# show interface dampening 
Flaps Penalty    Supp ReuseTm   HalfL  ReuseV   SuppV  MaxSTm    MaxP Restart
      0       0   FALSE       0       5    1000    2000      20   16000       0

The table below describes the significant fields shown in the display.

Table 8. show interface dampening Field Descriptions

Field

Description

Flaps

Displays the number of times that an interface has flapped.

Penalty

Displays the accumulated penalty.

Supp

Indicates if the interface is dampened.

ReuseTm

Displays the reuse timer.

HalfL

Displays the half-life counter.

ReuseV

Displays the reuse threshold timer.

SuppV

Displays the suppress threshold.

MaxSTm

Displays the maximum suppress.

MaxP

Displays the maximum penalty.

Restart

Displays the restart timer.

show ip cef platform

To display entries in the Forwarding Information Base (FIB) or to display a summary of the FIB, use the show ip cef platform command in privileged EXEC mode.

show ip cef [ ip-prefix [mask]] platform [checksum | detail | internal checksum]

Syntax Description

ip-prefix

(Optional) IP address prefix of the entries to display.

mask

(Optional) Subnet mask of the entries to display.

checksum

(Optional) Displays FIB entry checksum information.

detail

(Optional) Displays detailed FIB entry information.

internal checksum

(Optional) Displays internal data structures. The checksum option includes FIB entry checksum information in the output.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.2 (28)SB

The command was introduced.

Cisco IOS XE Release 3.4S

This command was integrated into Cisco IOS XE Release 3.4S.

Examples

The following example shows FIB entry information for IP address prefix 10.4.4.4:


Router# show ip cef 10.4.4.4 platform

10.4.4.4/32 
Fib Entry: 0xD6680610 XCM leaf from 0x50805550(RP) 0xA0805550(FP):
load_bal_or_adj[0] 0x0 load_bal_or_adj[1] 0x18 load_bal_or_adj[2] 0x1C 
leaf points to an adjacency, index 0x607
ip_mask 0x0 as_number 0x0 precedence_num_loadbal_intf 0xF0 qos_group 0x0 
Label object OCE Chain:
Label(0x12, real) Adjacency 
c10k_label_data = 0x450467F8
tag_elt_addr = 0x50003038
ipv6_tag_elt_addr = 0x0
tag_index = 0x607
tt_tag_rew = 0x45046800
Tag Rewrite: vcci = 0x9DA, fib_root = 0x0
mac_rewrite_index = 0x395, flags = 0x9
pktswitched = 0 byteswitched = 0
XCM Tag Rewrite: vcci = 0x9DA, fib_root = 0x0
mac_rewrite_index = 0x395, flags = 0x9
mac_index_extension = 0x0
XCM mac rewrite from index 0x395
mtu from 0x53800E54(RP) 0xA3800E54(FP)
frag_flags = 0x0
mtu = 1496
mac length 0x12 encap length 0x16 upd_offset=0x02FF
mac string start from bank4 0x32001CA8(RP) 
0x82001CA8(FP) 
mac string end from bank9 0x50801CA8(RP) 
0xA0801CA8(FP) 
Encap String: 0005DC387B180003A011A57881000002884700012000

The following example shows how to display IP Fast ReRoute (FRR) entry information for IP address prefix 10.4.4.4:

Router# show ip cef 10.4.4.4 platform

10.4.4.4/32 
=== OCE ===

OCE Type: Fast ReRoute OCE, Number of children: 2
  FRR state: : 1
  FRR next hw oce ptr: : 0x89b002f0
  Backup hw oce ptr: : 0x89b00300
=== OCE ===

OCE Type: Adjacency, Number of children: 0
Adj Type: : IPV4 Adjacency
Encap Len: : 14
L3 MTU: : 1500
Adj Flags: : 0
Fixup Flags: : 0
Interface Name: FastEthernet1/2/7
Encap: : 00 1c b1 d7 8a 44 00 1f 6c 24 30 67 08 00
Next Hop Address: : 0b000002 00000000 00000000 00000000
Next HW OCE Ptr: : 00000000
=== OCE ===

OCE Type: Adjacency, Number of children: 0
Adj Type: : IPV4 Adjacency
Encap Len: : 14
L3 MTU: : 1500
Adj Flags: : 0
Fixup Flags: : 0
Interface Name: FastEthernet1/2/6
Encap: : 00 1c b1 d7 8a 43 00 1f 6c 24 30 66 08 00
Next Hop Address: : 0a000002 00000000 00000000 00000000
Next HW OCE Ptr: : 00000000

show ip cache policy

To display the cache entries in the policy route cache, use the showipcachepolicy command in EXEC mode.

show ip cache policy commandshow ip cache policy

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release

Modification

11.3

This command was introduced.

12.2(33)SRA