The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes the Cisco NX-OS Layer 3 interfaces commands that begin with I.
To set a primary or secondary IP address for an interface, use the ip address command. To remove an IP address or disable IP processing, use the no form of this command.
ip address ip-address mask [ secondary ]
no ip address ip-address mask [ secondary ]
Interface configuration mode
Subinterface configuration mode
|
|
---|---|
Note Before you use this command, make sure that you use the no switchport command on the interface to use the Layer 3 features.
An interface can have one primary IP address and one secondary IP address.
You can disable IP processing on a particular interface by removing its IP address with the no ip address command.
The optional secondary keyword allows you to specify a secondary IP address. Secondary addresses are treated like primary addresses, except the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts, Address Resolution Protocol (ARP) requests, and interface routes are handled in the IP routing table.
Note When you are routing using the Open Shortest Path First (OSPF) algorithm, ensure that the secondary address of an interface falls into the same OSPF area as the primary addresses.
This example shows how to configure the IP address 192.168.0.27 as the primary address and 192.168.0.5 as the secondary address for Ethernet interface 1/5:
|
|
---|---|
Saves the configuration change to the startup configuration file. |
|
To configure a static Address Resolution Protocol (ARP) entry, use the ip arp command. To remove a static ARP entry, use the no form of this command.
|
|
---|---|
Use this command on Layer 3 interfaces and Layer 3 subinterfaces.
This example shows how to configure a static ARP entry on interface Ethernet 1/2:
This example shows how to configure a static ARP entry on a subinterface:
|
|
---|---|
To enable gratuitous Address Resolution Protocol (ARP), use the ip arp gratuitous command. To disable gratuitous ARP, use the no form of this command.
ip arp gratuitous { request | update }
no ip arp gratuitous { request | update }
Enables sending gratuitous ARP requests when a duplicate address is detected. |
|
|
|
---|---|
This example shows how to disable a gratuitous ARP request on interface Ethernet 1/2:
|
|
To configure an Address Resolution Protocol (ARP) timeout, use the ip arp timeout command. To revert to the default value, use the no form of this command.
Time (in seconds) that an entry remains in the ARP cache. Valid values are from 60 to 28800, and the default is 1500. |
|
|
---|---|
This example shows how to configure the ARP timeout value to 120 seconds:
This example shows how to revert to the default ARP timeout value of 1500 seconds:
|
|
---|---|
Displays the ARP configuration, including the default configurations. |
To enable the translation of a directed broadcast to physical broadcasts, use the ip directed-broadcast command. To disable this function, use the no form of this command.
Subinterface configuration mode
|
|
---|---|
An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some IP subnet but which originates from a node that is not itself part of that destination subnet.
A device that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a device that is directly connected to its destination subnet, that packet is broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.
If a directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts that are intended for the subnet to which that interface is attached are broadcast on that subnet.
If the no ip directed-broadcast command has been configured for an interface, directed broadcasts that are destined for the subnet to which that interface is attached are dropped, rather than being broadcast.
Note Because directed broadcasts, and particularly ICMP-directed broadcasts, have been abused by malicious persons, we recommend that you disable the ip directed-broadcast command on any interface where directed broadcasts are not needed. We also recommend that you use access lists to limit the number of broadcast packets.
This example shows how to enable forwarding of IP directed broadcasts on Ethernet interface 2/1:
|
|
---|---|
To configure a Layer 3 Ethernet IEEE 802.3 routed interface, use the interface ethernet command.
interface ethernet [ chassis_ID /] slot / port [. subintf-port-no ]
Global configuration mode
Interface configuration mode
|
|
---|---|
You must use the no switchport command in the interface configuration mode to configure the interface as a Layer 3 routed interface. When you configure the interface as a Layer 3 interface, all
Layer 2-specific configurations on this interface are deleted.
Use the switchport command to convert a Layer 3 interface into a Layer 2 interface. When you configure the interface as a Layer 2 interface, all Layer 3-specific configurations on this interface are deleted.
This example shows how to enter interface configuration mode for a Layer 3 Ethernet interface 1/5:
switch(config)#
interface ethernet 1/5
switch(config-if)#
no switchport
switch(config-if)#
ip address 10.1.1.1/24
switch(config-if)#
This example shows how to enter interface configuration mode for a host interface on a Fabric Extender:
switch(config)#
interface ethernet 101/1/1
switch(config-if)#
no switchport
switch(config-if)#
ip address 10.1.1.1/24
switch(config-if)#
This example shows how to configure a Layer 3 subinterface for Ethernet interface 1/5 in the global configuration mode:
switch(config)#
interface ethernet 1/5.2
switch(config-if)#
no switchport
switch(config-subif)#
ip address 10.1.1.1/24
switch(config-subif)#
This example shows how to configure a Layer 3 subinterface in interface configuration mode:
switch(config)#
interface ethernet 1/5
switch(config-if)#
interface ethernet 1/5.1
switch(config-subif)#
ip address 10.1.1.1/24
switch(config-subif)#
This example shows how to convert a Layer 3 interface to a Layer 2 interface:
switch(config)#
interface ethernet 1/5
switch(config-if)#
no switchport
switch(config-if)#
ip address 10.1.1.1/24
switch(config-if)#
switchport
switch(config-if)#
|
|
---|---|
Displays all configured Fabric Extender chassis connected to the switch. |
|
Displays various parameters of an Ethernet IEEE 802.3 interface. |
To enable the local proxy Address Resolution Protocol (ARP) feature, use the ip local-proxy-arp command. To disable this feature, use the no form of this command.
Interface configuration mode
Subinterface configuration mode
|
|
Before the local proxy ARP feature can be used, you must enable the IP proxy ARP feature by using the ip proxy-arp command. The IP proxy ARP feature is disabled by default.
Note This command is not applicable to Layer 3 loopback interfaces.
This example shows how to enable the local proxy ARP:
|
|
---|---|
To create a loopback interface and enter interface configuration mode, use the interface loopback command. To remove a loopback interface, use the no form of this command.
|
|
---|---|
Use the interface loopback command to create or modify loopback interfaces.
From the loopback interface configuration mode, the following parameters are available:
This example shows how to create a loopback interface:
|
|
---|---|
Displays information about the traffic on the specified loopback interface. |
To create an EtherChannel interface and enter interface configuration mode, use the interface port-channel command. To remove an EtherChannel interface, use the no form of this command.
interface port-channel channel-number [. subintf-channel-no ]
no interface port-channel channel-number [. subintf-channel-no ]
Channel number that is assigned to this EtherChannel logical interface. The range is from 1 to 4096. |
|
(Optional) Port number of the EtherChannel subinterface. The range is from 1 to 4093. |
Global configuration mode
Interface configuration mode
|
|
---|---|
A port can belong to only one channel group.
When you use the interface port-channel command for Layer 2 interfaces, follow these guidelines:
You must use the no switchport command in interface configuration mode to configure the EtherChannel interface as a Layer 3 interface. When you configure the interface as a Layer 3 interface, all Layer 2-specific configurations on this interface are deleted.
Use the switchport command to convert a Layer 3 EtherChannel interface into a Layer 2 interface. When you configure the interface as a Layer 2 interface, all Layer 3-specific configurations on this interface are deleted.
You can configure one or more subinterfaces on a port channel made from routed interfaces.
This example shows how to create an EtherChannel group interface with channel-group number 50:
This example shows how to create a Layer 3 EtherChannel group interface with channel-group number 10:
This example shows how to configure a Layer 3 EtherChannel subinterface with channel-group number 1 in interface configuration mode:
This example shows how to configure a Layer 3 EtherChannel subinterface with channel-group number 20.1 in global configuration mode:
To enable the generation of ICMP port unreachable messages, use the ip port-unreachable command. To disable this function, use the no form of this command.
Subinterface configuration mode
|
|
---|---|
This example shows how to enable the generation of ICMP port unreachable messages, as appropriate, on an interface:
|
|
---|---|
To enable proxy Address Resolution Protocol (ARP) on an interface, use the ip proxy-arp command. To disable proxy ARP on the interface, use the no form of this command.
Subinterface configuration mode
|
|
---|---|
This example shows how to enable proxy ARP:
|
|
---|---|
To enable path maximum transmission unit (MTU) discovery on an IPv4 interface, use the ip tcp path-mtu discovery command. To disable this feature, use the no form of this command.
|
|
---|---|
This example shows how to enable path MTU discovery for IPv4:
|
|
---|---|
To set a period of time that the Cisco NX-OS software waits while attempting to establish a TCP connection before it times out, use the ip tcp synwait-time command. To restore the default time, use the no form of this command.
Time, in seconds, that the software waits while attempting to establish a TCP connection. It can be an integer from 5 to 300 seconds. |
|
|
This example shows how to configure the switch software to continue attempting to establish a TCP connection for 10 seconds:
This example shows how to disable TCP synchronization on interfaces:
|
|
---|---|
To enable the generation of ICMP unreachable messages, use the ip unreachables command. To disable this function, use the no form of this command.
Subinterface configuration mode
|
|
---|---|
This example shows how to enable the generation of ICMP unreachable messages on an interface:
|
|
---|---|
To enable support of the specified Web Cache Communication Protocol (WCCP) service for participation in a service group, use the ip wccp command. To disable the service group, enter the no form of this command.
ip wccp { service-number | web-cache } [ service-list service-access-list ] [ mode { open | closed }] [ redirect-list access-list ] [ password [ 0-7 ] password
no ip wccp { service-number | web-cache } [ service-list service-access-list ] [ mode { open | closed }] [ redirect-list access-list ] [ password [ 0-7 ] password
|
|
---|---|
The optional redirect-list access-list keyword and option instruct the router to use an access list to control the traffic that is redirected to the cache engines of the service group by the service name that you specify. The access-list argument specifies either a number from 1 to 99 to represent a standard or extended access-list number or a name to represent a named standard or extended access list. The access list itself specifies the traffic that is permitted to be redirected. The default is for no redirect-list to be configured (all traffic is redirected).
The service-list keyword can only be used for closed mode services. When a WCCP service is configured as closed, WCCP discards packets that do not have a client application registered to receive the traffic. Use the service-list keyword and service-access-list argument to register an application protocol type or port number.
The password can be up to seven characters. When user designates a password, the messages that are not accepted by the authentication are discarded. The password name is combined with the HMAC MD5 value to create security for the connection between the router and the cache engine.
This example shows how to configure a router to redirect web-related packets without a destination of 10.168.196.51 to the web cache:
switch(config)#
access-list 100 deny ip any host 10.168.196.51
The following example shows how to configure a closed WCCP service:
|
|
---|---|
To enable packet redirection on an outbound or inbound interface using the Web Cache Communication Protocol (WCCP), use the ip wccp redirect command. To disable WCCP redirection, use the no form of this command.
ip wccp { service-number | web-cache } redirect { in }
no ip wccp { service-number | web-cache } redirect { in }
Dynamic service identifier. The service definition is dictated by the cache. The dynamic service number can be from 0 to 254. The maximum number of services is 256. |
|
|
|
---|---|
Configure WCCP in the incoming direction on the inside interface by entering the ip wccp redirect in command on the router interface that faces the cache.
You can also include a redirect list when you configure a service group. The specified redirect list denies packets and prevents redirection. See the ip wccp command for configuration of the redirect list and service group.
The ip wccp redirect in command allows you to configure WCCP redirection on an interface that receives the inbound network traffic. When you apply this command to an interface, all packets that arrive at the interfaces are compared against the criteria that is defined by the specified. service. If the packets match the criteria, they are redirected.
This example shows how to configure a session in which HTTP traffic that arrives on Ethernet interface 0/1 is redirected to a Cisco cache engine:
|
|
---|---|
Displays the usability status of the interfaces that are configured for IP. |
|
To configure IPv6 neighbor discovery (ND), use the ipv6 nd command. To remove the IPv6 ND configuration, use the no form of this command.
ipv6 nd {hop-limit hop-limit | managed-config-flag | mtu | ns-interval ns-interval | other-config-flag | prefix {A:B::C:D/LEN | default {0-4294967295 | infinite {infinite [no-autoconfig | no-onlink | off-link]}| no-advertise}} | ra-interval ra-interval | ra-lifetime ra-lifetime | reachable-time reachable-time | redirects | retrans-timer retrans-timer | suppress-ra [mtu]}
no ipv6 nd {hop-limit hop-limit | managed-config-flag | mtu mtu-size | ns-interval ns-interval | other-config-flag | prefix {A:B::C:D/LEN | default {0-4294967295 | infinite {infinite [no-autoconfig | no-onlink | off-link]}| no-advertise}} | ra-interval ra-interval | ra-lifetime ra-lifetime | reachable-time reachable-time | redirects | retrans-timer retrans-timer | suppress-ra [mtu]}
hop-limit–64
mtu–1500
ns-interval–1000
ra-interval–600
reachable-time–0
retrans-timer–0
|
|
This example shows how to configure IPv6 neighbor discovery:
This example shows how to remove IPv6 neighbor discovery:
|
|
---|---|