The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To specify the inject-map and exist-map routes for conditional route injection, use the inject-map command.
inject-map inject-map-name exist-map exist-map-name [copy-attributes]
inject-map-name |
Inject map route map. An inject map defines the prefixes that are created and installed into the local Border Gateway Protocol (BGP) table. |
exist-map |
Specifies the prefixes that BGP tracks. |
exist-map-name |
Exist map route name |
copy-attributes |
(Optional) Specifies that the injected route inherits the attributes of the aggregate route. |
None
config-router-neighbor-af mode
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
The BGP conditional route injection option is available only for IPv4 and IPv6 unicast address families in all VRF instances.
This command requires the Enterprise Services license.
This example shows how to specify the inject-map and exist-map routes for conditional route injection:
switch# configure terminal switch(config)# router bgp 40000 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# inject-map ORIGINATE exist-map AGGREGATEcopy-attributes switch(config-router-af)# exit switch(config-router)# exit switch(config)#
Command |
Description |
---|---|
ip prefix-list |
Configures a prefix list. |
router-map |
Configures a route map and enters route-map configuration mode. |
To activate the Gateway Load Balancing Protocol (GLBP) for a group, use the ip command. To disable GLBP in the group, use the no form of this command.
ip [ ip-address [secondary] ]
no ip [ ip-address [secondary] ]
ip-address |
(Optional) Virtual IP address for the GLBP group. The IP address must be in the same subnet as the interface IP address. |
secondary |
(Optional) Indicates that the IP address is a secondary GLBP virtual address. |
Disabled
GLBP configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip command to activate GLBP on the configured interface. If you configure a virtual IP address, that address is the designated virtual IP address for the entire GLBP group. If you do not configure a virtual IP address, the gateway learns the virtual IP address from another gateway in the same GLBP group. To allow GLBP to elect an active virtual gateway (AVG), you must configure at least one gateway on the LAN with a virtual IP address.
Configuring the virtual IP address on the AVG always overrides a virtual IP address that is in use.
When you configure the ip command on an interface, the handling of proxy Address Resolution Protocol (ARP) requests changes (unless proxy ARP was disabled). Hosts send ARP requests to map an IP address to a MAC address. The GLBP gateway intercepts the ARP requests and replies to the ARP requests on behalf of the connected nodes. If a forwarder in the GLBP group is active, proxy ARP requests are answered using the MAC address of the first active forwarder in the group. If no forwarder is active, proxy ARP responses are suppressed.
Note | You must configure all GLBP options before you use the ip command to assign a virtual IP address and activate the GLBP group. |
This command does not require a license.
This example shows how to activate GLBP for group 10 on Ethernet interface 1/1. The virtual IP address used by the GLBP group is set to 192.0.2.10.
switch# configure terminal switch(config)# interface ethernet 1/1 switch(config-if)# ip address 192.0.2.32 255.255.255.0 switch(config-if)# glbp 10 switch(config-glbp)# ip 192.0.2.10
This example shows how to activate GLBP for group 10 on Ethernet interface 2/1. The virtual IP address used by the GLBP group will be learned from another gateway configured to be in the same GLBP group.
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# glbp 10 switch(config-glbp)# ip
Command |
Description |
---|---|
glbp |
Enters GLBP configuration mode and creates a GLBP group. |
show glbp |
Displays GLBP information. |
To assign a virtual address to an HSRP group, use the ip command. To disable HSRP in the group, use the no form of this command.
ip [ autoconfig | ip-address [secondary] ]
no ip [ autoconfig | ip-address [secondary] ]
autoconfig |
(Optional) Generates a link-local address from the link-local prefix and a modified EUI-64 format Interface Identifier, where the EUI-64 Interface Identifier is created from the relevant HSRP virtual MAC address. You cannot configure this option if there are global unicast virtual IPv6 addresses configured. |
ip-address |
(Optional) Virtual IP address for the virtual router (HSRP group). The IP address must be in the same subnet as the interface IP address. You must configure the virtual IP address for at least one of the routers in the HSRP group. Other routers in the group will pick up this address. The IP address can be an IPv4 or an IPv6 address. |
secondary |
(Optional) Indicates that the IPv4 address is a secondary HSRP virtual address. HSRP IPv6 groups do no have secondary addresses. |
Disabled
HSRP configuration
Release |
Modification |
---|---|
5.0(2) |
Added IPv6 support and the autoconfig keyword. |
4.0(1) |
This command was introduced. |
Use the ip command to activate HSRP on the configured interface. If you configure a virtual IP address, that address is the designated virtual IP address for the entire HSRP group. For IPv4 groups, if you do not configure a virtual IP address, the gateway learns the virtual IP address from another gateway in the same HSRP group. To allow HSRP to elect an active group, you must configure at least one gateway on the LAN with a virtual IP address. For IPv6 groups, you can generate the virtual IP address using the autoconfig keyword.
If a configured IPv6 address as a link-local address, there are no HSRP ipv6 secondary addresses.
Note | You must configure all HSRP options before you use the ip command to assign a virtual IP address and activate the HSRP group. This helps you to avoid authentication error messages and unexpected state changes that can occur in other routers when a group is enabled first and then there is a delay before the configuration is created. We recommend that you always specify an IP address |
This command does not require a license.
This example shows how to activate HSRP for group 10 on Ethernet interface 1/1. The virtual IP address used by the HSRP group is set to 192.0.2.10.
switch# configure terminal switch(config)# interface ethernet 1/1 switch(config-if)# ip address 192.0.2.32 255.255.255.0 switch(config-if)# hsrp 10 switch(config-hsrp)# ip 192.0.2.10
This example shows how to activate HSRP for group 10 on Ethernet interface 2/1. The virtual IP address used by the HSRP group will be learned from another gateway configured to be in the same HSRP group.
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# hsrp 10 switch(config-hsrp)# ip
This example shows how to activate HSRP for group 2 on Ethernet interface 1/1 and creates a secondary IP address on the interface:
switch# configure terminal switch(config)# interface ethernet 1/1 switch(config-if)# ip address 20.20.20.1 255.255.255.0 secondary switch(config-if)# ip address 10.10.10.1 255.255.255.0 switch(config-if)# hsrp 2 switch(config-if-hsrp)# ip 10.10.10.2 switch(config-if-hsrp)# ip 20.20.20.2 secondary
Command |
Description |
---|---|
feature hsrp |
Enables the HSRP configuration. |
show hsrp |
Displays HSRP information. |
To specify the notify interval for the IP adjacency manager, use the ip adjacency notify command. To remove the notify interval, use the no form of this command.
ip adjacency notify interval interval
no ip adjacency notify interval interval
interval interval |
Specifies the notify interval for the adjacency manager. The default is 500 milliseconds. |
ipv6 |
Specifies the IPv6 address family. |
The notify interval is 500 milliseconds.
Global
Release |
Modification |
---|---|
6.2(8) |
This command was introduced. |
To get optimal BGP PIC convergence, the interval value should be set to 100 milliseconds.
This command does not require a license.
This example shows how to specify the notify interval as 100 milliseconds:
switch(config)# ip adjacency notify interval 100
Command |
Description |
---|---|
additional-paths |
Configure the capability of sending and receiving additional paths to and from the BGP peers. |
address family (BGP) |
Enters the address family configuration mode for BGP. |
To configure a static Address Resolution Protocol (ARP) entry, use the ip arp command. To remove a static ARP entry, use the no form of this command.
ip arp ip-address mac-address
no ip arp ip-address
ip-address |
IPv4 address, in A.B.C.D format. |
mac-address |
MAC address in one of the following formats:
|
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
4.2(1) |
Support added for multicast static MAC addresses. |
This command does not require a license.
This example shows how to configure a static ARP entry on interface Ethernet 2/1:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip arp 192.0.2.1 0150.5a03.efab
Command |
Description |
---|---|
show ip arp |
Displays ARP entries. |
To configure the maximum number of Address Resolution Protocol (ARP) entries in the neighbor adjacency table, use the ip arp cache limit command. To delete the ARP entries configuration, use the no form of this command.
ip arp cache limit max-arp-entries [ syslog syslogs-per-second ]
no ip arp cache limit max-arp-entries [ syslog syslogs-per-second ]
max-arp-entries |
Maximum ARP entries. The range is from 1 to 409600. |
syslog |
(Optional) Specifies syslog messages. The range is from 1 to 1000. |
syslogs-per-second |
Syslogs per second. |
1
Global configuration mode
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
If you do not configure a limit, system logs appear on the console when you try to add an adjacency after reaching the default limit. If you configure a limit for IPv4 ARP entries, system logs appear when you try to add an adjacency after reaching the configured limit.
This command requires the Enterprise Services license.
This example shows how to configure the maximum number of ARP entries in the neighbor adjacency table:
switch# configure terminal switch(config)# ip arp cache limit 4000 syslog 4 switch(config)#
This example shows how to delete the ARP cache limit configuration:
switch# configure terminal switch(config)# no ip arp cache limit 4000 syslog 4 switch(config)#
Command |
Description |
---|---|
show ip adjacency summary |
Displays the global limit of the neighbor adjacency table and a summary of throttle adjacencies. |
To enable glean optimization, use the ip arp fast-path command. To disable enable glean optimization, use the no form of this command.
ip arp fast-path
no ip arp fast-path
This command has no arguments or keywords.
Disabled
Global configuration mode
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to enable glean optimization:
switch# configure terminal switch(config)# ip arp fast-path switch(config)#
This example shows how to disable glean optimization:
switch# configure terminal switch(config)# no ip arp fast-path switch(config)#
To enable gratuitous Address Resolution Protocol (ARP), use the ip arp gratuitous command. To disable gratuitous ARP, use the no form of this command.
ip arp gratuitous { hsrp duplicate | request | update }
no ip arp gratuitous { hsrp duplicate | request | update }
hsrp duplicate |
Specifies duplicate HSRP address detection. |
request |
Enables sending gratuitous ARP requests when a duplicate address is detected. |
update |
Enables ARP cache updates for gratuitous ARP. |
Enabled
Interface configuration
Release |
Modification |
---|---|
4.2(8) |
Added keywords hsrp duplicate to the syntax description. |
4.0(3) |
This command was introduced. |
This command is typically useful in case of Data Center interconnection (DCI) scenario between multiple datacenters.
In a DCI scenario, typically it is desirable to have active /standby HSRP pair of routers on all sites so that each site has an active forwarder from the data plane perspective.To achieve this, a PACL denying the HSRP hello packets could be applied on the DCI facing links on each of the sites. This way HSRP hellos are dropped on the DCI links, and each site has a local HSRP active/standby router.
This command helps suppress duplicate IP detection when hosts do an ARP for HSRP active or when HSRP active sends a GARP for its own virtual IP.
This command does not require a license.
This example shows how to enable HSRP duplicate address detection:
switch# configure terminal switch(config)# interface vlan 10 switch(config-if)# ip arp gratuitous hsrp duplicate switch(config-if)#
This example shows how to enable gratuitous ARP request on interface Ethernet 2/1:
switch# configure terminal switch(config)# interface vlan 10 switch(config-if)# ip arp gratuitous request switch(config-if)#
Command |
Description |
---|---|
ip arp |
Configures a static ARP entry. |
To configure an access-list filter for Border Gateway Protocol (BGP) autonomous system (AS) number, use the ip as-path access-list command. To remove the filter, use the no form of this command.
ip as-path access-list name { deny | permit } regexp
no ip as-path access-list name { deny | permit } regexp
name |
AS path access list name. The name can be any alphanumeric string up to 63 characters. |
deny |
Rejects packets with AS numbers that match the regexp argument. |
permit |
Allows packets with AS numbers that match the regexp argument. |
regexp |
Regular expression to match BGP AS paths. See the Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 6.x at the following URL for details on regular expressions: |
None
Global configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip as-path access-list command to configure an autonomous system path filter. You can apply autonomous system path filters to both inbound and outbound BGP paths. Each filter is defined by the regular expression. If the regular expression matches the representation of the autonomous system path of the route as an ASCII string, then the permit or deny condition applies. The autonomous system path should not contain the local autonomous system number.
This command does not require a license.
This example shows how to configure an AS path filter for BGP to permit AS numbers 55:33 and 20:01 and apply it to a BGP peer for inbound filtering:
switch# configure terminal switch(config)# ip as-path access-list filter1 permit 55:33,20:01 switch(config) router bgp 65536:20 switch(config-router)# neighbor 192.0.2.1/16 remote-as 65536:20 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# filter-list filter1 in
Command |
Description |
---|---|
filter-list |
Assigns an AS path filter to a BGP peer. |
show ip as-path access-list |
Displays information about IP AS path access lists. |
To enable authentication for the Enhanced Interior Gateway Routing Protocol (EIGRP) packets and to specify the set of keys that can be used on an interface, use the ip authentication key-chain eigrp command. To prevent authentication, use the no form of this command.
ip authentication key-chain eigrp instance-tag name-of-chain
no ip authentication key-chain eigrp instance-tag name-of-chain
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
name-of-chain |
Group of keys that are valid. |
No authentication is provided for EIGRP packets.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
You must set the authentication mode using the ip authentication mode eigrp command in interface configuration mode. You must separately configure a key chain using the key-chain command to complete the authentication configuration for an interface.
This command requires the Enterprise Services license.
This example shows how to configure the interface to accept and send any key that belongs to the key-chain trees:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 1/2 switch(config-if)# ip authentication key-chain eigrp 209 trees
Command |
Description |
---|---|
ip authentication mode eigrp |
Sets the authentication mode for EIGRP on an interface. |
key-chain |
Creates a set of keys that can be used by an authentication method. |
To specify the type of authentication used in the Enhanced Interior Gateway Routing Protocol (EIGRP) packets, use the ip authentication mode eigrp command. To remove authentication, use the no form of this command.
ip authentication mode eigrp instance-tag md5
no ip authentication mode eigrp instance-tag md5
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
md5 |
Specifies Message Digest 5 (MD5) authentication. |
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to configure the interface to use MD5 authentication:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 1/2 switch(config-if)# ip authentication mode eigrp 209 md5
Command |
Description |
---|---|
authentication mode (EIGRP) |
Configures the authentication mode for EIGRP in a VRF. |
ip authentication key-chain eigrp |
Enables authentication for EIGRP and specifies the set of keys that can be used on an interface. |
key chain |
Creates a set of keys that can be used by an authentication method. |
To configure the bandwidth metric on an Enhanced Interior Gateway Routing Protocol (EIGRP) interface, use the ip bandwidth eigrp command. To restore the default, use the no form of this command.
ip bandwidth eigrp instance-tag bandwidth
no ip bandwidth eigrp
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
bandwidth |
Bandwidth value. The range is from 1 to 2,560,000,000 kilobits. |
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to configure EIGRP to use a bandwidth metric of 10000 in autonomous system 209:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ip bandwidth eigrp 209 10000
Command |
Description |
---|---|
ip bandwidth-percent eigrp |
Sets the percent of the interface bandwidth that EIGRP can use. |
To configure the percentage of bandwidth that may be used by the Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip bandwidth-percent eigrp command. To restore the default, use the no form of this command.
ip bandwidth-percent eigrp instance-tag percent
no ip bandwidth-percent eigrp
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
percent |
Percentage of bandwidth that EIGRP may use. |
percent: 50
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
EIGRP uses up to 50 percent of the bandwidth of a link, as defined by the ip bandwidth interface configuration command. Use the ip bandwidth-percent command to change this default percent.
This command requires the Enterprise Services license.
This example shows how to configure EIGRP to use up to 75 percent of an interface in autonomous system 209:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ip bandwidth-percent eigrp 209 75
Command |
Description |
---|---|
ip bandwidth eigrp |
Sets the EIGRP bandwidth value for an interface. |
To create a community list entry, use the ip community-list command. To remove the entry, use the no form of this command.
ip community-list standard list-name { deny | permit } { aa :nn | internet | local-AS | no-advertise | no-export }
no ip community-list standard list-name
ip community-list expanded list-name { deny | permit } regexp
no ip community-list expanded list-name
standard list-name |
Configures a named standard community list. |
||
permit |
Permits access for a matching condition. |
||
deny |
Denies access for a matching condition. |
||
aa:nn |
(Optional) Autonomous system number and network number entered in the 4-byte new community format. This value is configured with two 2-byte numbers separated by a colon. A number from 1 to 65535 can be entered each 2-byte number. A single community can be entered or multiple communities can be entered, each separated by a space. You can pick more than one of these optional community keywords. |
||
internet |
(Optional) Specifies the Internet community. Routes with this community are advertised to all peers (internal and external). You can pick more than one of these optional community keywords. |
||
no-export |
(Optional) Specifies the no-export community. Routes with this community are advertised to only peers in the same autonomous system or to only other subautonomous systems within a confederation. These routes are not advertised to external peers. You can pick more than one of these optional community keywords. |
||
local-AS |
(Optional) Specifies the local-as community. Routes with community are advertised to only peers that are part of the local autonomous system or to only peers within a subautonomous system of a confederation. These routes are not advertised external peers or to other subautonomous systems within a confederation. You can pick more than one of these optional community keywords. |
||
no-advertise |
(Optional) Specifies the no-advertise community. Routes with this community are not advertised to any peer (internal or external). You can pick more than one of these optional community keywords. |
||
expanded list-name |
Configures a named expanded community list. |
||
regexp |
Regular expression that is used to specify a pattern to match against an input string. See the Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 6.x at the following URL for details on regular expressions:
|
Community exchange is not enabled by default.
Global configuration (config)
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
The ip community-list command is used to configure BGP community filtering. BGP community values are configured as a 4-byte number. The first two bytes represent the autonomous system number, and the trailing two bytes represent a user-defined network number. BGP community attribute exchange between BGP peers is enabled when the send-community command is configured for the specified neighbor. The BGP community attribute is defined in RFC 1997 and RFC 1998.
BGP community exchange is not enabled by default. Use the send-community command in BGP neighbor fix-family configuration mode to enable BGP community attribute exchange between BGP peers.
The Internet community is applied to all routes or prefixes by default, until any other community value is configured with this command or the set community command.
Once you configure a permit value to match a given set of communities, the community list defaults to an implicit deny for all other community values. Use the internet community to apply an implicit permit to the community list.
Standard Community Lists
Standard community lists are used to configure well-known communities and specific community numbers. You can pick more than one of the optional community keywords. A maximum of 16 communities can be configured in a standard community list. If you attempt to configure more than 16 communities, the trailing communities that exceed the limit are not processed or saved to the running configuration file.
You can configure up to 32 communities.
Expanded Community Lists
Expanded community lists are used to filter communities using a regular expression. Regular expressions are used to configure patterns to match community attributes. The order for matching using the * or + character is longest construct first. Nested constructs are matched from the outside in. Concatenated constructs are matched beginning at the left side. If a regular expression can match two different parts of an input string, it will match the earliest part first.
Community List Processing
When multiple values are configured in the same community list statement, a logical AND condition is created. All community values must match to satisfy an AND condition. When multiple values are configured in separate community list statements, a logical OR condition is created. The first list that matches a condition is processed.
This command does not require a license.
This example shows how to configure a standard community list where the routes with this community are advertised to all peers (internal and external):
switch# configure terminal switch(config)# ip community-list standard test1 permit internet switch(config)#
In this example, a standard community list is configured that permits routes from:
This example shows how to configure a logical AND condition; all community values must match in order for the list to be processed:
switch# configure terminal switch(config)# ip community-list standard test1 permit 65534:40 65412:60 no-export switch(config)#
This example shows how to configure a standard community list that will deny routes that carry communities from network 40 in autonomous system 65534 and from network 60 in autonomous system 65412. This example shows a logical AND condition; all community values must match in order for the list to be processed.
switch# configure terminal switch(config)# ip community-list standard test2 deny 65534:40 65412:60
This example shows how to configure a named standard community list that permits all routes within the local autonomous system or permits routes from network 20 in autonomous system 40000. This example shows a logical OR condition; the first match is processed.
switch# configure terminal switch(config)# ip community-list standard RED permit local-AS switch(config)# ip community-list standard RED permit 40000:20 switch(config)#
In this example, an expanded community list is configured that will deny routes that carry communities from any private autonomous system:
switch# configure terminal switch(config)# ip community-list expanded 500 deny _64[6-9][0-9][0-9]_|_65[0-9][0-9][0-9]_ switch(config)#
In this example, a named expanded community list configured that denies routes from network 1 through 99 in autonomous system 50000:
switch# configure terminal switch(config)# ip community-list list expanded BLUE deny 50000:[0-9][0-9]_ switch(config)#
Command |
Description |
---|---|
feature bgp |
Enables BGP. |
match community |
Matches an community in a route map. |
send-community |
Configures BGP to propagate community attributes to BGP peers. |
set community |
Sets an community in a route map. |
To configure the throughput delay for the Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip delay eigrp command. To restore the default, use the no form of this command.
ip delay eigrp instance-tag seconds picoseconds
no ip delay eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
seconds |
Throughput delay, in microseconds. The range is from 1 to 16777215. |
picoseconds |
Specifies the delay units in picoseconds. |
100 (10-microsecond units)
Interface configuration
Release |
Modification |
---|---|
5.2(1) |
Added the picoseconds keyword. |
4.0(1) |
This command was introduced. |
You configure the throughput delay on an interface in 10-microsecond units. For example, if you set the ip delay eigrp command to 100, the throughput delay is 1000 microseconds.
The picoseconds option is supported only supported in 64-bit mode.
This command requires the Enterprise Services license.
This example shows how to set the delay to 40 microseconds for the interface:
switch# configure terminal switch(config)# router eigrp 1 switch(config-router)# interface ethernet 2/1 switch(config-if)# ip delay eigrp 1 40
Command |
Description |
---|---|
ip hello-interval eigrp |
Configures the hello interval on an interface for the EIGRP routing process that is designated by an autonomous system number. |
To enable the translation of a directed broadcast to physical broadcasts, use the ip directed-broadcast command. To disable this function, use the no form of this command.
ip directed-broadcast [acl-name]
ip directed-broadcast [acl-name]
acl-name |
Access control list (ACL) name. An ACL name can be any case-sensitive, alphanumeric string up to 63 characters. |
Disabled; all IP directed broadcasts are dropped.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for some IP subnet, but which originates from a node that is not itself part of that destination subnet.
A device that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way it would forward unicast IP packets destined to a host on that subnet. When a directed broadcast packet reaches a device that is directly connected to its destination subnet, that packet is exploded as a broadcast on the destination subnet. The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.
If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify them as directed broadcasts intended for the subnet to which that interface is attached will be exploded as broadcasts on that subnet.
If the no ip directed-broadcast command has been configured for an interface, directed broadcasts destined for the subnet to which that interface is attached will be dropped, rather than being broadcast.
Note | Because directed broadcasts, and particularly Internet Control Message Protocol (ICMP) directed broadcasts, have been abused by malicious persons, we recommend that security-conscious users disable the ip directed-broadcast command on any interface where directed broadcasts are not needed and that they use access lists to limit the number of exploded packets. |
This command does not require a license.
This example shows how to enable forwarding of IP directed broadcasts on Ethernet interface 2/1:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ip directed-broadcast
To configure a distribution list for the Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip distribute-list eigrp command. To restore the default, use the no form of this command.
ip distribute-list eigrp instance-tag { prefix-list list-name | route-map map-name } { in | out }
no ip distribute-list eigrp instance-tag { prefix-list list-name | route-map map-name } { in | out }
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
prefix-list list-name |
Specifies the name of an IP prefix list to filter EIGRP routes. |
route-map map-name |
Specifies the name of a route map to filter EIGRP routes. |
in |
Applies the route policy to incoming routes. |
out |
Applies the route policy to outgoing routes. |
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip distribute-list eigrp command to configure a route filter policy on an interface. You must configure the named route map or prefix list to complete this configuration.
This command requires the Enterprise Services license.
This example shows how to configure a route map for all EIGRP routes coming into the interface:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ip distribute-list eigrp 209 route-map InputFilter in
Command |
Description |
---|---|
prefix-list |
Configures a prefix list. |
route-map |
Configures a route map. |
To configure the IP domain list, use the ip domain-list command. To disable the IP domain list, use the no form of the command.
ip domain-list domain-name [ use-vrf name ]
no ip domain-list domain-name [ use-vrf name ]
domain-list |
Specifies the domain name for the IP domain list. The name can be any case-sensitive, alphanumeric string up to 63 characters. |
use-vrf name |
(Optional) Specifies the virtual routing and forwarding (VRF) to use to resolve the domain name for the IP domain list. The name can be any case-sensitive, alphanumeric string up to 63 characters. |
None
Global configurationVRF context configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip domain-list command to configure additional domain names for the device. Use the vrf context command to enter the VRF context mode to configure additional domain names for a particular VRF.
This command does not require a license.
This example shows how to configure the IP domain list for the default VRF:
switch# configure terminal switch(config)# ip domain-list Mysite.com
This example shows how to configure the IP domain list for the management VRF:
switch# configure terminal switch(config)# vrf context management switch(config-vrf)# ip domain-list Mysite.com
This example configures the IP domain list for the default VRF to use the management VRF as a backup if the domain name cannot be resolved through the default VRF.
switch# configure terminal switch(config)# ip domain-list Mysite.com use-vrf management
Command |
Description |
---|---|
show hosts |
Displays information about the IP domain name configuration. |
To enable the Domain Name Server (DNS) lookup feature, use the ip domain-lookup command. Use the no form of this command to disable this feature.
ip domain-lookup
no ip domain-lookup
This command has no arguments or keywords.
None
Global configuration.
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip domain-lookup command to enable DNS.
This command does not require a license.
This example shows how to configure a DNS server lookup feature:
switch# configure terminal switch(config)# ip domain-lookup
Command |
Description |
---|---|
show hosts |
Displays information about the DNS. |
To configure a domain name, use the ip domain-name command. To delete a domain name, use the no form of the command.
ip domain-name domain-name [ use-vrf name ]
no ip domain-name domain-name [ use-vrf name ]
domain-name |
Specifies the domain name. The name can be any case-sensitive, alphanumeric string up to 63 characters. |
use-vrfname |
(Optional) Specifies the virtual routing and forwarding (VRF) to use to resolve the domain name. The name can be any case-sensitive, alphanumeric string up to 63 characters. |
None
Global configuration
VRF context configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip domain-name command to configure the domain name for the device. Use the vrf context command to enter the VRF context mode to configure the domain monastery a particular VRF.
This command does not require a license.
This example shows how to configure the IP domain name for the default VRF:
switch# configure terminal switch(config)# ip domain-name Mysite.com
This example shows how to configure the IP domain name for the management VRF:
switch# configure terminal switch(config)# vrf context management switch(config-vrf)# ip domain-name Mysite.com
This example shows how to configure the IP domain name for the default VRF to use the management VRF as a backup if the domain name cannot be resolved through the default VRF:
switch# configure terminal switch(config)# ip domain-name Mysite.com use-vrf management
Command |
Description |
---|---|
show hosts |
Displays information about the IP domain name configuration. |
To set the DSCP value for locally originated packets for IPv4 and IPv6, use the ip dscp-lop command. To restore the default, use the no form of this command.
ip dscp-lop dscp-value
no ip dscp-lop
dscp-value |
The range is from 0 to 63.
|
0
Global configuration
Release |
Modification |
---|---|
6.2(12) |
This command was introduced. |
Use the ip dscp-lop command to set the dscp value of all locally originated packets unless they are set by the application.
For values 40-63, a warning is also thrown as this could contend with higher priority traffic.
This command applies to IPv4 and IPv6.
This command affects all protocols from the SUP which do not have explicitly specified markers and sets the marker to 0.
For example, if BGP has a dscp marker of cs6 while TFTP has a dscp marker of 0. BGP packets will not be affected by this command.
This example shows how to set the dscp value to 16:
switch# configure terminal switch(config)# ip dscp-lop 16
This example shows how to set the dscp value to 45:
switch# configure terminal switch(config)# ip dscp-lop 45 DSCP 40-63 are used for high priority traffic. Set dscp to a lower value to avoid contention. DSCP for Locally Originated packet for Telnet/SSH/SNMP/Syslog/TFTP/ICMP/Netflow/DNS/TACACS/RADIUS/FTP is set to 45
To shut down the Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip eigrp shutdown command. To restore the default, use the no form of this command.
ip eigrp instance-tag shutdown
no ip eigrp instance-tag shutdown
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip eigrp shutdown command to shut down the interface for EIGRP and prevent EIGRP adjacency for the interface for maintenance purposes. The network address for the interface does not show up in the EIGRP topology table.
Use the ip passive-interface eigrp command to prevent EIGRP adjacency but keep the network address in the topology table.
This command requires the Enterprise Services license.
This example shows how to disable EIGRP on an interface:
switch# configure terminal switch(config)# router eigrp 201 switch(config-router)# interface ethernet 2/1 switch(config-if)# ip eigrp 201 shutdown
Command |
Description |
---|---|
ip passive-interface eigrp |
Configures an instance of EIGRP. |
router eigrp |
Configures an instance of EIGRP. |
To create an extended community list entry, use the ip extcommunity-list command. To remove the entry, use the no form of this command.
ip extcommunity-list standard list-name { deny | permit } generic { transitive | nontransitive } aa4 : nn
no ip extcommunity-list standard generic { transitive | nontransitive } list-name
ip extcommunity-list expanded list-name { deny | permit } generic { transitive | nontransitive } regexp
no ip extcommunity-list expanded generic { transitive | nontransitive } list-name
standardlist-name |
Configures a named standard extended community list. |
||
deny |
Denies access for a matching condition. |
||
permit |
Permits access for a matching condition. |
||
generic |
Specifies the generic specific extended community type. |
||
transitive |
Configures BGP to propagate the extended community attributes to other autonomous systems. |
||
nontransitive |
Configures BGP to propagate the extended community attributes to other autonomous systems. |
||
aa4:nn |
(Optional) Autonomous system number and network number. This value is configured with a 4-byte AS number and a 2-byte network number separated by a colon. The 4-byte AS number range is from 1 to 4294967295 in plaintext notation, or from 1.0 to 56636.65535 in AS.dot notation. You can enter a single community or multiple communities, each separated by a space. |
||
expanded list-name |
Configures a named expanded extended community list. |
||
regexp |
Regular expression that is used to specify a pattern to match against an input string. See the Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 6.x at the following URL for details on regular expressions:
|
Community exchange is not enabled by default.
Global configuration
Release |
Modification |
---|---|
4.2(1) |
This command was introduced. |
Use the ip extcommunity-list command to configure extended community filtering for BGP. Extended community values are configured as a 6-byte number. The first four bytes represent the autonomous system number, and the last two bytes represent a user-defined network number. The BGP generic specific community attribute is defined in draft-ietf-idr-as4octet-extcomm-generic-subtype-00.txt.
BGP extended community exchange is not enabled by default. Use the send-extcommunity command in BGP neighbor fix-family configuration mode to enable extended community attribute exchange between BGP peers.
Once you configure a permit value to match a given set of extended communities, the extended community list defaults to an implicit deny for all other extended community values.
Standard Extended Community Lists
Use standard extended community lists to configure specific extended community numbers. You can configure a maximum of 16 extended communities in a standard extended community list.
Expanded Extended Community Lists
Use expanded extended community lists to filter communities using a regular expression. Use regular expressions to configure patterns to match community attributes. The order for matching using the * or + character is longest construct first. Nested constructs are matched from the outside in. Concatenated constructs are matched beginning at the left side. If a regular expression can match two different parts of an input string, it will match the earliest part first.
Community List Processing
When you configure multiple values in the same extended community list statement, a logical AND condition is created. All extended community values must match to satisfy the AND condition. When you configure multiple values in separate community list statements, a logical OR condition is created. The first list that matches a condition is processed.
This command does not require a license.
This example shows how to configure a standard generic specific extended community list that permits routes from network 40 in autonomous system 1.65534 and from network 60 in autonomous system 1.65412.
This example shows how to configure a logical AND condition:
switch# configure terminal switch(config)# ip extcommunity-list standard test1 permit generic transitive 1.65534:40 1.65412:60 switch(config)#
All community values must match in order for the list to be processed.
Command |
Description |
---|---|
feature bgp |
Enables BGP. |
match extcommunity |
Matches an extended community in a route map. |
send-community |
Configures BGP to propagate community attributes to BGP peers. |
set extcommunity |
Sets an extended community in a route map. |
To allow IPv4 traffic on an interface even when there is no IP address configuration on that interface, use the ip forward command. To disable this function, use the no form of this command.
ip forward
no ip forward
This command has no arguments or keywords.
Disabled
Global configuration
Release |
Modification |
---|---|
6.2(8) |
This command was introduced. |
Beginning with Cisco NX-OS Release 6.2(8), BGP supports RFC 5549 which allows an IPv4 prefix to be carried over an IPv6 next hop.
Use the ip forward command to do the following:
This command requires the Enterprise Services license.
This example shows how allow IPv4 traffic on an interface:
switch# configure terminal switch(config)# interface ethernet 0/2 switch(config-if)# ipv6 address ABCF:1::3/64 switch(config-if)# ip forward
Command |
Description |
---|---|
ipv6 nd mac-extract |
Enables any next hop that matches the IPv6 prefix on that interface to be treated as an MEv6 address, |
To configure the Enhanced Interior Gateway Routing Protocol (EIGRP) hello interval for an interface, use the ip hello-interval eigrp command. To restore the default, use the no form of this command.
ip hello-interval eigrp instance-tag seconds
no ip hello-interval eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
seconds |
Hello interval (in seconds). The range is from 1 to 65535. |
5 seconds
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to set the hello interval to 10 seconds for the interface:
switch# configure terminal switch(config)# router eigrp 1 switch(config-router)# interface ethernet 2/1 switch(config-if)# ip hello-interval eigrp 1 10
To configure the hold time for an Enhanced Interior Gateway Routing Protocol (EIGRP) interface, use the ip hold-time eigrp command. To restore the default, use the no form of this command.
ip hold-time eigrp instance-tag seconds
no ip hold-time eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
seconds |
Hold time (in seconds). The range is from 1 to 65535. |
15 seconds
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip hold-time eigrp command to increase the default hold time on very congested and large networks,
We recommend that you configure the hold time to be at least three times the hello interval. If a router does not receive a hello packet within the specified hold time, routes through this router are considered unavailable.
Increasing the hold time delays route convergence across the network.
This command requires the Enterprise Services license.
This example shows how to set the hold time to 40 seconds for the interface:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ip hold-time eigrp 209 40
Command |
Description |
---|---|
ip hello-interval eigrp |
Configures the hello interval on an interface for the EIGRP routing process designated by an autonomous system number. |
To define static hostname-to-address mappings in the Domain Name System (DNS) hostname cache, use the ip host command. To remove a hostname-to-address mapping, use the no form of this command.
ip host name address1 [ address2 . .. address6 ]
no ip host name address1 [ address2 . .. address6 ]
name |
Host name. The name can be any case-sensitive, alphanumeric string up to 80 characters. |
address1 |
IPv4 address in the x.x.x.x format. |
address2 ...address6 |
(Optional) Up to five additional IPv4 addresses in the x.x.x.x format. |
None
Global configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip host command to add a static host name to DNS.
This command does not require a license.
This example shows how to configure a static hostname:
switch# configure terminal switch(config)# ip host mycompany.com 192.0.2.1
Command |
Description |
---|---|
ipv6 host |
Configures a static host name in the DNS database. |
To configure the load-sharing algorithm used by the unicast Forwarding Information Base (FIB), use the ip load-sharingaddress command. To restore the default, use the no form of this command.
ip load-sharing address { destination port destination | source-destination [ port source-destination ] } [ universal-id seed ] gtp-teid
no ip load-sharing address { destination port destination | source-destination [ port source-destination ] } [ universal-id seed ] gtp-teid
destination port destination |
Sets the load-sharing algorithm based on destination address and port. |
source-destination |
Sets the load-sharing algorithm based on source and destination address. |
port source-destination |
(Optional) Sets the load-sharing algorithm based on source and destination address and port address. |
universal-id seed |
(Optional) Sets the random seed for the load sharing hash algorithm. The range is from 1 to 4294967295. |
gtp-teid |
(Optional) Includes the 32-bit TEID value in the path selection calculation. This option is only supported on M3 line cards. |
Destination address and port address
Global configuration
Release |
Modification |
---|---|
7.3(2) |
Added support for gtp-teid value in path selection calculation for M3 line cards. |
4.0(1) |
This command was introduced. |
Use the ip load-sharing address command to set the load-sharing algorithm that the unicast FIB uses to select a path from the equal-cost paths in the Router Information Base (RIB).
For M3 line cards, you can specify the gtp-teid keyword to include the 32-bit TEID value in the path calculation for packets that contain GTP header. To consider this value in path calculation, a packet must enter the port through the M3 line card. The gtp-teid keyword will not have an effect on the packets that enter the port on any other line card (like F3) and exit through the M3 card.
This command does not require a license.
This example shows how to set the load-sharing algorithm to use source and destination address:
switch# configure terminal switch(config)# ip load-sharing address source-destination
Command |
Description |
---|---|
show ip load-sharing |
Displays the load-sharing algorithm. |
show routing hash |
Displays the path the RIB and FIB select for a source/destination pair. |
To configure per-packet load sharing on an interface, use the ip load-sharing per-packet command. To restore the default, use the no form of this command.
ip load-sharing per-packet
no load-sharing per-packet
This command has no keywords or arguments.
Disabled
Global configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
Use the ip load-sharing per-packet command to set the load-sharing algorithm on an interface. This command overrides the ip load-sharing address command.
Note | Using per-packet load sharing can result in out-of-order packets. Packets for a given pair of source-destination hosts might take different paths and arrive at the destination out of order. Make sure you understand the implications of out-of-order packets to your network and applications. Per-packet load sharing is not appropriate for all networks. Per-flow load sharing ensures packets always arrive in the order that they were sent. |
You configure per-packet load sharing on the input interface. This configuration determines the output interface that Cisco NX-OS chooses for the packet.
For example, if you have ECMP paths on two output interfaces, Cisco NX-OS uses the following load-sharing methods for input packets on Ethernet 1/1:
The configuration for the other interfaces have no effect on the load-sharing method used for Ethernet 1/1 in this example.
This command does not require a license.
This example shows how to enable per-packet load-sharing on interface Ethernet 1/2:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip load-sharing per-packet
Command |
Description |
---|---|
ip load-sharing |
Configures the per-flow load-sharing algorithm. |
show ip load-sharing |
Displays the load-sharing algorithm. |
To configure a name server, use the ip name-server command. To disable this feature, use the no form of the command.
ip name-server ip-address [ use-vrf name ]
no ip name-server ip-address [ use-vrf name ]
ip-address |
IP address for the name server. |
use-vrf name |
(Optional) Specifies the virtual routing and forwarding (VRF) to use to reach the name-server. The name can be any case-sensitive, alphanumeric string up to 63 characters. |
None
Global configurationVRF context configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip name-server command to configure the name server for the device. Use the vrf context command to enter the VRF context mode to configure the domain names for a particular VRF.
This command does not require a license.
This example shows how to configure the IP name server for the default VRF:
switch# configure terminal switch(config)# ip name-server 192.0.2.1
This example shows how to configure the IP name server for the management VRF:
switch# configure terminal switch(config)# vrf context management switch(config-vrf)# ip name-server 192.0.2.1
This example configures the IP name server for the default VRF to use the management VRF as a backup if show ip rip policy statistics redistributeIP name server cannot be reached through the default VRF:
switch# configure terminal switch(config)# ip name-server 192.0.2.1 use-vrf management
Command |
Description |
---|---|
show hosts |
Displays information about the IP domain name configuration. |
To instruct the Enhanced Interior Gateway Routing Protocol (EIGRP) process to use the local IP address as the next-hop address when advertising these routes, use the ip next-hop-self eigrp command. To use the received next-hop value, use the no form of this command.
ip next-hop-self eigrp instance-tag
no ip next-hop-self eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
EIGRP always sets the IP next-hop value to be itself.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
EIGRP, by default, sets the IP next-hop value to be itself for routes that it is advertising, even when advertising those routes on the same interface from which the router learned them. To change this default, you must use the no ip next-hop-self eigrp interface configuration command to instruct EIGRP to use the received next-hop value when advertising these routes.
This example shows how to change the default IP next-hop value and instruct EIGRP to use the received next-hop value:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-eigrp-af-if)# no ip next-hop-self eigrp 209
To configure an offset list for the Enhanced Interior Gateway Routing Protocol (EIGRP) on an interface, use the ip offset-list eigrp command. To restore the default, use the no form of this command.
ip offset-list eigrp instance-tag { prefix-list list-name | route-map map-name } { in | out } offset
no ip offset-list eigrp instance-tag { prefix-list list-name | route-map map-name } { in | out } offset
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
prefix-list list-name |
Specifies the name of an IP prefix list to filter EIGRP routes. |
route-map map-name |
Specifies the name of a route map to filter EIGRP routes. |
in |
Applies route policy to incoming routes. |
out |
Applies route policy to outgoing routes. |
offset |
Value to add to the EIGRP metric. |
This command has no defaults.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip offset-list eigrp command to influence which route is advertised on an interface. Cisco NX-OS adds the configured offset value to any routes that match the configure prefix list or route map. You must configure the named route map or prefix list to complete this configuration.
This command requires the Enterprise Services license.
This example shows how to configure an offset list filter to add 20 to the metric for EIGRP routes coming into the interface that match the route map OffsetFilter:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ip offset-list eigrp 209 route-map OffsetFilter in 20
Command |
Description |
---|---|
prefix-list |
Configures a prefix list. |
route-map |
Configures a route map. |
To specify the authentication type for an Open Shortest Path First (OSPF) interface, use the ip ospf authentication command. To remove the authentication type for an interface, use the no form of this command.
ip ospf authentication [ key-chain key-name | message-digest | null ]
no ip ospf authentication
key-chain key-name |
(Optional) Specifies a key chain to use for authentication. The key-name argument can be any alphanumeric string. |
message-digest |
(Optional) Specifies that message-digest authentication will be used. |
null |
(Optional) Specifies that no authentication is used. Use the keyword to override any other authentication configured for an area. |
No authentication
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf authentication command to configure the authentication mode for an OSPF interface. If you use this command with no keywords, use the ip ospf authentication-key command to configure the password. If you use the message-digest keyword, use the ip ospf message-digest-key command to configure the message-digest key for the interface.
The authentication that you configure on an interface overrides the authentication that you configure for the area.
This command requires the Enterprise Services license.
This example shows how to configure message-digest authentication:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ip ospf authentication message-digest switch(config-if)# ip ospf message-digest-key 33 md5 0 mypassword
Command |
Description |
---|---|
area authentication |
Enables authentication for an OSPF area. |
ip ospf authentication-key |
Assigns a password to be used by neighboring routers that are using the password authentication of OSPF. |
ip ospf message-digest-key |
Configures the OSPF MD5 message-digest key. |
To assign a password for simple password authentication to be used by neighboring Open Shortest Path First (OSPF) routers, use the ip ospf authentication-key command. To remove a previously assigned OSPF password, use the no form of this command.
ip ospf authentication-key [ 0 | 3 ] password
no ip ospf authentication-key
0 |
(Optional) Configures an unencrypted password. |
3 |
(Optional) Configure a 3DES encrypted password string. |
password |
Any continuous string of characters that can be entered from the keyboard up to 8 bytes. |
Unencrypted password
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf authentication-key command to configure a password for simple password authentication. The password created by this command is used as a key that is inserted directly into the OSPF header when Cisco NX-OS originates routing protocol packets. You can assign a separate password to each network on a per-interface basis. All neighboring routers on the same network must have the same password to be able to exchange OSPF information.
Note | Cisco NX-OS uses this key when you enable authentication for an interface with the ip ospf authentication interface configuration command or if you configure the area for authentication with the area authentication command in router configuration mode. |
This command requires the Enterprise Services license.
This example shows how to configure an unencrypted authentication key with the string yourpass:
switch# configure terminal switch(config-if)# ip ospf authentication-key yourpass
Command |
Description |
---|---|
area authentication |
Specifies the authentication type for an OSPF area. |
ip ospf authentication |
Specifies the authentication type for an interface. |
To specify the cost of sending a packet on an interface, use the ip ospf cost command. To reset the path cost to the default, use the no form of this command.
ip ospf cost interface-cost
no ip ospf cost interface-cost
interface-cost |
Unsigned integer value expressed as the link-state metric. The range is from 1 to 65535. |
Calculates the cost based on the reference bandwidth divided by the configured interface bandwidth. You can configure the reference bandwidth or it defaults to 40 Gb/s.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf cost command to configure the cost metric manually for each interface. This command overrides any settings for the reference bandwidth that you set using the reference-bandwidth command in router configuration mode.
If this command is not used, the link cost is calculated using the following formula:
link cost = reference bandwidth / interface bandwidth
This command requires the Enterprise Services license.
This example shows how to configure the interface cost value to 65:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip ospf cost 65
Command |
Description |
---|---|
reference-bandwidth |
Specifies the reference bandwidth that OSPF uses to calculate the link cost. |
To set the interval during which at least one hello packet must be received from a neighbor before the router declares that neighbor as down, use the ip ospf dead-interval command. To restore the default, use the no form of this command.
ip ospf dead-interval seconds
no ip ospf dead-interval
seconds |
Interval (in seconds) during which the router must receive at least one hello packet from a neighbor or that neighbor adjacency is removed from the local router and does not participate in routing. The range is from 1 to 65535. The value must be the same for all nodes on the network. |
The default for seconds is four times the interval set by the ip ospf hello-interval command.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf dead-interval command to set the dead interval that OSPF advertises in hello packets. This value must be the same for all networking devices on a specific network.
Aggressive protocol timers are not supported in the Virtual Port-Channel (vPC) environment and they are also not supported from the in-service software updates (ISSU) perspective. We recommend that you retain the default value.
Configure a shorter dead interval to detect down neighbors faster and improve convergence. Very short dead intervals could cause routing instability.
Use the show ip ospf interface command to verify the dead interval and hello interval.
This command requires the Enterprise Services license.
This example shows how to set the OSPF dead interval to 20 seconds:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip ospf dead-interval 20
Command |
Description |
---|---|
ip ospf hello-interval |
Interval between hello packets that OSPF sends on the interface. |
show ip ospf interface |
Displays OSPF-related information. |
To specify the interval between hello packets that Open Shortest Path First (OSPF) sends on the interface, use the ip ospf hello-interval command. To return to the default, use the no form of this command.
ip ospf hello-interval seconds
no ip ospf hello-interval
seconds |
Interval (in seconds). The value must be the same for all nodes on a specific network. The range is from 1 to 65535. |
10 seconds
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf hello-interval command to set the rate at which OSPF advertises hello packets. Shorter hello intervals allow OSPF to detect topological changes faster. This value must be the same for all routers and access servers on a specific network.
Aggressive protocol timers are not supported in the Virtual Port-Channel (vPC) environment and they are also not supported from the in-service software updates (ISSU) perspective. We recommend that you retain the default value.
This command requires the Enterprise Services license.
This example shows how to set the interval between hello packets to 15 seconds:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip ospf hello-interval 15
Command |
Description |
---|---|
ip ospf dead-interval |
Sets the time period for which hello packets must not have been seen before neighbors declare the router as down. |
To enable Open Shortest Path First (OSPF) Message Digest 5 (MD5) authentication, use the ip ospf message-digest-key command. To remove an old MD5 key, use the noform of this command.
ip ospf message-digest-key key-id md5 [ 0 | 3 ] key
no ip ospf message-digest-key key-id
key-id |
Identifier in the range from 1 to 255. |
0 |
(Optional) Specifies an unencrypted password to generate the md5 key. |
3 |
(Optional) Specifies an encrypted 3DES password to generate the md5 key. |
key |
An alphanumeric password of up to 16 bytes. |
Unencrypted
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf message-digest-key command when you configure the MD5 digest authentication mode. All neighbor routers must have the same key value on the network.
This command requires the Enterprise Services license.
This example shows how to set key 19 with the password 8ry4222:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip ospf message-digest-key 19 md5 8ry4222
Command |
Description |
---|---|
area authentication |
Enables authentication for an OSPF area. |
ip ospf authentication |
Specifies the authentication type for an interface. |
To disable Open Shortest Path First (OSPF) maximum transmission unit (MTU) mismatch detection on received Database Descriptor (DBD) packets, use the ip ospf mtu-ignore command. To return to the default, use the no form of this command.
ip ospf mtu-ignore
no ip ospf mtu-ignore
This command has no arguments or keywords.
OSPF MTU mismatch detection is enabled.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf mtu-ignore command to disable MTU mismatch detection on an interface. By default, OSPF checks whether neighbors are using the same MTU on a common interface. If the receiving MTU is higher than the IP MTU configured on the incoming interface, OSPF does not establish adjacencies. Use the ip ospf mtu-ignore command to disable this check and allow adjacencies when the MTU value differs between OSPF neighbors.
This command requires the Enterprise Services license.
This example shows how to disable MTU mismatch detection on received DBD packets:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip ospf mtu-ignore
To configure the Open Shortest Path First (OSPF) network type to a type other than the default for an interface, use the ip ospf network command. To return to the default, use the noform of this command.
ip ospf network { broadcast | point-to-point }
no ip ospf network
broadcast |
Sets the network type as broadcast. |
point-to-point |
Sets the network type as point-to-point. |
Depends on the network type.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
The network type influences the behavior of the OSPF interface. OSPF network type is usually broadcast, which uses OSPF multicasting capabilities. Under this network type a designated router and backup designated router are elected. For point-to-point networks there are only two neighbors and multicast is not required. For routers on an interface to become neighbors the network type for all should match.
This command overrides the medium {broadcast | p2p} command in interface configuration mode.
This command requires the Enterprise Services license.
This example shows how to set an OSPF network as a broadcast network:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip address 192.0.2.33 255.255.255.0 switch(config-if)# ip ospf network broadcast
To suppress Open Shortest Path First (OSPF) routing updates on an interface, use the ip ospf passive-interface command. To return to the default, use the noform of this command.
ip ospf passive-interface
no ip ospf passive-interface
This command has no keywords or arguments.
Disabled
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
If an interface is configured as passive-interface it does not participate in the OSPF protocol and will not establish adjacencies or send routing updates. However the interface is announced as part of the routing network.
This command requires the Enterprise Services license.
This example shows how to set an interface as passive:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip ospf passive-interface
To set the router priority for an Open Shortest Path First (OSPF) interface, use the ip ospf priority command. To return to the default, use the no form of this command.
ip ospf priority number-value
no ip ospf priority number-value
number-value |
Number value that specifies the priority of the router. The range is from 0 to 255. |
Priority of 1
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf priority command to set the router priority, which determines the designated router for this network. When two routers are attached to a network, both attempt to become the designated router. The router with the higher router priority takes precedence. If there is a tie, the router with the higher router ID takes precedence. A router with a router priority set to zero cannot become the designated router or backup designated router.
Cisco NX-OS uses this priority value when you configure OSPF for broadcast networks using the neighbor command in router configuration mode.
This command requires the Enterprise Services license.
This example shows how to set the router priority value to 4:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip ospf priority 4
Command |
Description |
---|---|
ip ospf network |
Configures the OSPF network type to a type other than the default for a given medium. |
To specify the time between Open Shortest Path First (OSPF) link-state advertisement (LSA) retransmissions for adjacencies belonging to the interface, use the ip ospf retransmit-interval command. To return to the default, use the noform of this command.
ip ospf retransmit-interval seconds
no ip ospf retransmit-interval
seconds |
Time (in seconds) between retransmissions. The time must be greater than the expected round-trip delay between any two routers on the attached network. The range is from 1 to 65535 seconds. The default is 5 seconds. |
5 seconds
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf retransmit-interval command to set the time between LSA retransmissions. When a router sends an LSA to its neighbor, it keeps the LSA until it receives an acknowledgment message from the neighbor. If the router receives no acknowledgment within the retransmit interval, the local router resends the LSA.
This command requires the Enterprise Services license.
This example shows how to set the retransmit interval value to 8 seconds:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip ospf retransmit-interval 8
To shut down an Open Shortest Path First (OSPF) interface, use the ip ospf shutdown command. To return to the default, use the noform of this command.
ip ospf shutdown
no ip ospf shutdown
This command has no keywords or arguments.
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf shutdown command to shut down OSPF on this interface.
This command requires the Enterprise Services license.
This example shows how to shut down OSPF on an interface:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip ospf shutdown
To set the estimated time required to send an Open Shortest Path First (OSPF) link-state update packet on the interface, use the ip ospf transmit-delay command. To return to the default, use the noform of this command.
ip ospf transmit-delay seconds
no ip ospf transmit-delay
seconds |
Time (in seconds) required to send a link-state update. The range is from 1 to 450 seconds. |
1 second
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip ospf transmit-delay command to set the estimated time needed to send an LSA update packet. OSPF increments the LSA age time by transmit delay amount before transmitting the LSA update. You should take into account the transmission and propagation delays for the interface when you set this value.
This command requires the Enterprise Services license.
This example shows how to set the transmit delay value to 8 seconds:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip ospf transmit-delay 8
To suppress all routing updates on an Enhanced Interior Gateway Routing Protocol (EIGRP) interface, use the ip passive-interface eigrp command. To re-enable the sending of routing updates, use the no form of this command. To remove the interface-level configuration for the passive-interface, use the default ip passive-interface eigrp command.
ip passive-interface eigrp instance-tag
no ip passive-interface eigrp instance-tag
default ip passive-interface eigrp instance-tag
instance-tag |
Name of the EIGRP instance. Theinstance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
Routing updates are sent on the interface.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
6.2(2) |
The default form of this command was added. |
Use the ip passive-interface eigrp command to stop all routing updates on an interface and suppress the formation of EIGRP adjacencies. The network address for the interface remains in the EIGRP topology table. To remove this command from the interface, use the default ip passive-interface eigrp command. The final behavior of this command depends on passive-interface default (EIGRP) command.
The following table sums up the behavior of this command:
VRF mode (deafult passive-interface) |
Interface mode (passive) |
Result (interface passive ?) |
---|---|---|
TRUE |
FALSE |
FALSE |
TRUE |
TRUE |
TRUE |
TRUE |
NONE |
TRUE |
FALSE |
TRUE |
TRUE |
FALSE |
FALSE |
FALSE |
FALSE |
NONE |
FALSE |
Default configuration at interface-level corresponds to NONE state.
This command requires the Enterprise Services license.
This example shows how to stop EIGRP routing updates on Ethernet 2/1:
switch# configure terminal switch(config)# router eigrp 201 switch(config-router)# interface ethernet 2/1 switch(config-if)# ip passive-interface eigrp 201
Command |
Description |
---|---|
passive-interface default (EIGRP) |
Suppresses the EIGRP hellos. |
To identify a route map to use for policy routing on an interface, use the ip policy route-map command. To remove the route map, use the no form of this command.
ip policy route-map name
no ip policy route-map [name]
name |
Name of the route map. The name can be any alphanumeric string up to 63 characters. |
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip policy route-map command to identify a route map to use for policy routing. Use the route-map command to create the rout map. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing is allowed for the interface, based on the destination IP address of the packet. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ip policy route-map command deletes the pointer to the route map.
You can perform policy-based routing on any match criteria that can be defined in an expanded IP access list when using the match ip address command and referencing an expanded IP access list.
You must enable policy-based routing with the feature pbr command before you can use the ip policy route-map command.
This command requires the Enterprise Services license.
This example shows how to configure a policy-based route map to an interface:
switch# configure terminal switch(config)# feature pbr switch(config)# interface ethernet 2/1 switch(config-if)# ip policy route-map policymap
Command |
Description |
---|---|
feature pbr |
Enabled the policy-based routing feature. |
route-map |
Creates a route map. |
show route-map pbr-statistics |
Displays statistics about policy-based route maps |
To enable the generation of Internet Control Message Protocol (ICMP) port unreachable messages, use the ip port-unreachable command. To disable this function, use the no form of this command.
ip port-unreachable
no ip port-unreachable
This command has no keywords or arguments.
Enabled
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to enable the generation of ICMP port unreachable messages, as appropriate, on an interface:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ip port-unreachable
Command |
Description |
---|---|
ip unreachables |
Sends ICMP unreachable messages. |
To create a prefix list to match IP packets or routes against, use the ip prefix-list command. To remove the prefix-list, use the no form of this command.
ip prefix-list name [ seq number ] { permit | deny } prefix [ eq length | [ ge length ] [ le length ] ]
no prefix-list name [ seq number ] { permit | deny } prefix [ eq length | [ ge length ] [ le length ] ]
name |
IP prefix list name. The name can be any alphanumeric string up to 63 characters. |
seq number |
(Optional) Specifies the number to order entries in the prefix list. The range is from 1 to 4294967294. |
permit |
Allows routes or IP packets that match the prefix list. |
deny |
Rejects routes or IP packets that match the prefix list. |
prefix |
IP prefix in A.B.C.D/length format. |
eqlength |
(Optional) Specifies the prefix length to match. The range is from 1 to 32. |
gelength |
(Optional) Specifies the prefix length to match. The range is from 1 to 32. |
lelength |
(Optional) Specifies the prefix length to match. The range is from 1 to 32. |
None
Global configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip prefix-list command to configure IP prefix filtering. You configure prefix lists with permit or deny keywords to either permit or deny the prefix based on the matching condition. A prefix list consists of an IP address and a bit mask. The bit mask is entered as a number from 1 to 32. An implicit deny is applied to traffic that does not match any prefix-list entry.
You can configure prefix lists to match an exact prefix length or a prefix range. Use the ge and le keywords to specify a range of the prefix lengths to match, providing more flexible configuration than can be configured with just the network/length argument. Cisco NX-OS processes the prefix list using an exact match when you do not configure either neither the ge nor le keyword. If you configure both the gelength and lelength keywords and arguments, the allowed prefix length range falls between the values used for the ge-length and le-length arguments. The following formula shows this behavior:
network/length < ge ge-length < le le-length <= 32
If you do not configure a sequence number, Cisco NX-OS applies a a default sequence number of 5 to the prefix list, and subsequent prefix list entries will be increment by 5 (for example, 5, 10, 15, and onwards). If you configure a sequence number for the first prefix list entry but not subsequent entries, then Cisco NX-OS increments the subsequent entries by 5 (For example, if the first configured sequence number is 3, then subsequent entries will be 8, 13, 18, and onwards). Default sequence numbers can be suppressed by entering the no form of this command with the seq keyword.
Cisco NX-OS evaluates prefix lists starting with the lowest sequence number and continues down the list until a match is made. Once a match is made that covers the network the permit or deny statement is applied to that network and the rest of the list is not evaluated.
Tip | For best performance, the most frequently processed prefix list statements should be configured with the lowest sequence numbers. The seq number keyword and argument can be used for resequencing. |
The prefix list is applied to inbound or outbound updates for specific peer by entering the prefix-list command in neighbor address-family mode. Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can be reset by entering the clear ip prefix-list command.
This command does not require a license.
This example shows how to configure a prefix list and apply it to a BGP peer:
switch# configure terminal switch(config)# ip prefix-list allowprefix 10 permit 192.0.2.0 eq 24 switch(config)# ip prefix-list allowprefix 20 permit 209.165.201.0 eq 27 switch(config) router bgp 65536:20 switch(config-router)# neighbor 192.0.2.1/16 remote-as 65536:20 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# prefix-list allowprefix in
Command |
Description |
---|---|
clear ip prefix-list |
Clears counters for IP prefix lists. |
prefix-list |
Applies a prefix list to BGP peer. |
show ip prefix-list |
Displays information about IP prefix lists. |
To configure a description string for an IP prefix-list, use the ip prefix-list description command. To revert to default, use the no form of this command.
ip prefix-list name description string
no ip prefix-list name description
name |
Name of prefix list. The name can be any alphanumeric string up to 63 characters. |
string |
Descriptive string for the prefix list. The string can be any alphanumeric string up to 90 characters. |
None
Global configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure a description for an IP prefix list:
switch# configure terminal switch(config)# ip prefix-list test1 description “this is a test”
Command |
Description |
---|---|
ip prefix-list |
Creates an IPv6 prefix list |
show ip prefix-list |
Displays information about IPv6 prefix lists. |
To enable proxy Address Resolution Protocol (ARP) on an interface, use the ip proxy-arp command. To disable proxy ARP on the interface, use the no form of this command.
ip proxy-arp
no ip proxy-arp
This command has no keywords or arguments.
Disabled
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to enable proxy ARP:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ip proxy-arp
To enable authentication for the Routing Information Protocol (RIP) Version 2 packets and to specify the set of keys that can be used on an interface, use the ip rip authentication key-chain command in interface configuration mode. To prevent authentication, use the no form of this command.
ip rip authentication key-chain name-of-chain
no ip rip authentication key-chain [name-of-chain]
name-of-chain |
Group of keys that are valid. |
No authentication is provided for RIP packets.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
You must separately configure a key chain using the key-chain command to complete the authentication configuration for an interface.
This command does not require a license.
This example shows how to configure the interface to accept and send any key that belongs to the key-chain trees:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip rip authentication key-chain trees
Command |
Description |
---|---|
key-chain |
Creates a set of keys that can be used by an authentication method. |
To specify the type of authentication used in the Routing Information Protocol (RIP) Version 2 packets, use the ip rip authentication mode command in interface configuration mode. To restore clear text authentication, use the no form of this command.
ip rip authentication mode { text | md5 }
no ip rip authentication mode
text |
Specifies the clear text authentication. |
md5 |
Specifies the message Digest 5 (MD5) authentication. |
Clear text authentication is provided for RIP packets if you configured a key chain.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
RIP for IPv6 uses the authentication built into IPv6.
This command does not require a license.
This example shows how to configure the interface to use MD5 authentication:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip rip authentication mode md5
Command |
Description |
---|---|
ip rip authentication key-chain |
Enables authentication for RIP Version 2 packets and specifies the set of keys that can be used on an interface. |
key chain |
Enables authentication for routing protocols. |
To add an additional value to the incoming IP Routing Information Protocol (RIP) route metric for an interface, use the ip rip metric-offset command in interface configuration mode. To return the metric to its default value, use the no form of this command.
ip rip metric-offset value
no ip rip metric-offset
value |
Value to add to the incoming route metric for an interface. The range is from 1 to 15. The default is 1. |
value: 1
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip route metric-offset command to influence which routes are used by Cisco NX-OS. This command allows you to add a fixed offset to the route metric of all incoming routes on an interface. For example, if you set the metric-offset to 5 on an interface and the incoming route metric is 5,.Cisco NX-OS adds the route to the route table with a metric of 10.
This command does not require a license.
This example shows how to configure a metric offset of 10 for all incoming RIP routes on Ethernet interface 2/1:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ip rip metric-offset 10
Command |
Description |
---|---|
ip rip offset-list |
Adds an offset value to incoming RIP route metrics. |
To add an offset to incoming and outgoing metrics to routes learned via Routing Information Protocol (RIP), use the ip rip offset-list command in interface configuration mode. To remove an offset list, use the no form of this command.
ip rip offset-list value
no ip rip offset-list
value |
Value to add to the incoming route metric for an interface. The range is from 1 to 15. The default is 1. |
value: 1
Router address-family configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure an offset of 10 for all incoming RIP routes on Ethernet interface 2/1:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ip rip offset-list 10
Command |
Description |
---|---|
ip rip metric-offset |
Adds an offset value to incoming RIP route metrics. |
To suppress the sending of the Routing Information Protocol (RIP) updates on an interface, use the ip rip passive-interface command in interface configuration mode. To unsuppress updates, use the no form of this command.
ip rip passive-interface
no ip rip passive-interface
This command has no arguments or keywords.
RIP updates are sent on the interface.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
While RIP stops sending routing updates to the multicast (or broadcast) address on a passive interface, RIP continues to receive and process routing updates from its neighbors on that interface.
This command does not require a license.
This example shows how to configure Ethernet 1/2 as a passive interface:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip rip passive-interface
To enable poison-reverse processing of the Routing Information Protocol (RIP) router updates, use the ip rip poison-reverse command in interface configuration mode. To disable poison-reverse processing of RIP updates, use the no form of this command.
ip rip poison-reverse
no ip rip poison-reverse
This command has no arguments or keywords.
Split horizon is always enabled. Poison-reverse processing is disabled.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip rip poison-reverse command to enable poison-reverse processing of RIP router updates. By default, Cisco NX-OS does not advertise RIP routes out the interface over which they were learned (split horizon). If you configure both poison reverse and split horizon, then Cisco NX-OS advertises the learned routes as unreachable over the interface on which the route was learned.
This command does not require a license.
This example shows how to enable poison-reverse processing for an interface running RIP:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip rip poison-reverse
To filter the Routing Information Protocol (RIP) routes coming in or out of an interface, use the route-filter command in interface configuration mode. To remove filtering from an interface, use the no form of this command.
ip rip route filter { prefix-list list-name | route-map map-name } { in | out }
prefix-list list-name |
Associates a prefix list to filter RIP packets. |
route-mapmap-name |
Associates a route map to set the redistribution policy for RIP. |
in |
Filters incoming routes. |
out |
Filters outgoing routes. |
Route filtering is disabled.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip rip route-filter command to filter incoming or outgoing routes on an interface.
This command does not require a license.
This example shows how to use a route map to filter routes for a RIP interface:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip rip route-filter route-map InRipFilter in
Command |
Description |
---|---|
route-map |
Creates a route map. |
prefix-list |
Creates a prefix list. |
To configure a summary aggregate address under an interface for the Routing Information Protocol (RIP), use the ip rip summary-address command in interface configuration mode. To disable summarization of the specified address or subnet, use the no form of this command.
ip rip summary-address ip-prefix /mask
noip rip summary-address ip-prefix /mask
ip-prefix/length |
IP prefix and prefix length to be summarized. |
Disabled.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
The ip rip summary-address command summarizes an address or subnet under a specific interface.
This command does not require a license.
This example shows how to configure the summary address192.0.2.0 that is advertised out Ethernet interface 1/2:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip summary-address rip 192.0.2.0/24
To configure a static route, use the ip route command. To remove the static route, use the no form of this command.
ip route ip-prefix /mask [interface] next-hop [preference] [ tag id ] [ name nexthop-name ]
noip route ip-prefix /mask [interface] next-hop [preference] [ tag id ] [ name nexthop-name ]
ip-prefix/length |
IP prefix and prefix length. The format is x.x.x.x/length. The length is 1 to 32. |
interface |
(Optional) The interface on which all packets are sent to reach this route. Use ? to display a list of supported interfaces. |
next-hop |
IP address of the next-hop that can be used to reach that network. You can specify an IP address and an interface type and interface number. The format is x.x.x.x/length. The length is 1 to 32. |
preference |
(Optional) Sets the route preference, used as the administrative distance to this route. The range is from 1 to 255. The default is 1. |
tag id |
(Optional) Assigns a route tag that can be used to match against in a route map. The range is from 0 to 4294967295. The default is 0. |
name |
(Optional) Specifies the name of the nexthop. |
nexthop-name |
(Optional) Name of the nexthop. The maximum size is 50 characters. |
None
Global configuration
Release |
Modification |
---|---|
5.1(1) |
Added name nexthop-name option in the syntax description. |
4.0(1) |
This command was introduced. |
Static routes have a default administrative distance of 1. If you want a dynamic routing protocol to take precedence over a static route, you must configure the static route preference argument to be greater than the administrative distance of the dynamic routing protocol. For example, routes derived with Enhanced Interior Gateway Routing Protocol (EIGRP) have a default administrative distance of 100. To have a static route that would be overridden by an EIGRP dynamic route, specify an administrative distance greater than 100.
This command does not require a license.
This example shows how to create a static route for destinations with the IP address prefix 192.168.1.1/32, reachable through the next-hop address 10.0.0.2:
switch# configure terminal switch(config)# ip route 192.168.1.1/32 10.0.0.2
This example shows how to assign a tag to the previous example so that you can configure a route map that can match on this static route:
switch# configure terminal switch(config)# ip route 192.168.1.1/32 10.0.0.2 tag 5
This example shows how to choose a preference of 110. In this case, packets for prefix 10.0.0.0 will be routed to a router at 172.31.3.4 if dynamic route information with an administrative distance less than 110 is not available.
ip route 10.0.0.0/8 172.31.3.4 110
Command |
Description |
---|---|
ipv6 route |
Configures an IPv6 static route. |
match tag |
Matches the tag value associated with a route. |
To configure a static route associated with the track object, use the ip route track command.
ip route track route ip-prefix ip-mask ip-addr track object-number
ip-prefix |
IP address prefix. |
ip-mask |
IP mask. |
ip-addr |
IPv4 or IPv6 address. |
track |
(Optional) Specifies the object to be tracked. |
object-number |
Object number. The range is from 1 to 500. |
None
Global configuration mode.
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to configure a static route associated with the track object:
switch# configure terminal switch(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.242 track 123 switch(config)#
Command |
Description |
---|---|
show static-route track-table |
Displays information about the IPv4 or IPv6 static-route track table. |
To specify the Enhanced Interior Gateway Routing Protocol (EIGRP) instance for an interface, use the ip router eigrp command. To return to the default, use the noform of this command.
ip router eigrp instance-tag
no ip router eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip router eigrp command to specify the EIGRP instance for the interface.
This command requires the Enterprise Services license.
This example shows how to set the EIGRP instance for an interface:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip router eigrp Base
To specify the Open Shortest Path First (OSPF) instance and area for an interface, use the ip router ospf area command. To return to the default, use the noform of this command.
ip router ospf instance-tag area area-id [ secondaries none ]
no ip router ospf instance-tag area area-id [ secondaries none ]
instance-tag |
Instance tag. Specify as an alphanumeric string. |
area-id |
Identifier for the OSPF area where you want to enable authentication. Specify as either a positive integer value or an IP address. |
secondaries none |
(Optional) Excludes secondary IP addresses. |
10 seconds
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip router ospf area command to specify the area and OSPF instance for the interface.
This command requires the Enterprise Services license.
This example shows how configure an interface for OSPF:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip router ospf Base area 33
To configure multi-area adjacency on an Open Shortest Path First (OSPF) interface, use the ip router ospf multi-area command. To return to the default, use the no form of this command.
ip router ospf instance-tag multi-area area-id
no ip router ospf instance-tag multi-area area-id
instance-tag |
Instance tag. Specify as an case-sensitive alphanumeric string up to 63 characters. |
area-id |
Identifier for the OSPF area where you want to add as another area to the primary interface. Specify as either a positive integer value or an IP address. |
None
Interface configuration
Release |
Modification |
---|---|
4.2(1) |
This command was introduced. |
Use the ip router ospf multi-area command to specify additional areas on an OSPF interface.
This command requires the Enterprise Services license.
This example shows how to configure multi-area adjacency:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip router ospf Base area 33 switch(config-if)# ip router ospf Base multi-area 99
To handle IP datagrams with source routing header options, use the ip source-route command. To have the software discard any IP datagram containing a source-route option, use the no form of this command.
ip source-route
no ip source-route
This command has no keywords or arguments.
Enabled
Global configuration
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to enable the handling of IP datagrams with source routing header options:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ip source-route
To enable split horizon for an Enhanced Interior Gateway Routing Protocol (EIGRP) process, use the ip split-horizon eigrp command. To disable split horizon, use the no form of this command.
ip split-horizon eigrp instance-tag
no ip split-horizon eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
Enabled
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the no ip split-horizon eigrp command to disable split horizon on an interface.
This command requires the Enterprise Services license.
This example shows how to disable split horizon an an Ethernet link:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-eigrp-af-if)# no ip split-horizon eigrp 209
To configure a summary aggregate address for the specified Enhanced Interior Gateway Routing Protocol (EIGRP) interface, use the ip summary-address eigrp command. To disable a configuration, use the no form of this command.
ip summary-address eigrp instance-tag { ip-address /length | ip-address mask } [admin-distance]
ip summary-address eigrp instance-tag { ip-address /length | ip-address mask }
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
ip-address/length |
Summary IP prefix and prefix length to apply to an interface in four-part, dotted-decimal notation. For example, /8 indicates that the first eight bits in the IP prefix are network bits. If length is used, the slash is required. |
ip-address |
Summary IP address to apply to an interface in four-part, dotted-decimal notation. |
mask |
IP address mask. |
admin-distance |
(Optional) Administrative distance. The range is from 1 to 255. |
An administrative distance of 5 is applied to EIGRP summary routes.
No summary addresses are predefined.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip summary-address eigrp command to configure interface-level address summarization. EIGRP summary routes are given an administrative distance of 5.
This command requires the Enterprise Services license.
This example shows how to configure an administrative distance of 95 on an EIGRP interface for the 192.168.0.0/16 summary address:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ip summary-address eigrp 209 192.168.0.0/16 95
To enable path MTU discovery on an IPv4 or IPv6 interface, use the ip tcp path-mtu discovery command. To disable this feature, use the no form of this command.
ip ip tcp path-mtu discovery
no ip tcp path-mtu discovery
This command has no keywords or arguments
Disabled
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
5.0(2) |
Added support for IPv6 path MTU discovery. |
This command does not require a license.
This example shows how to enable path MTU discovery for both IPv4 and IPV6:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ip tcp path-mtu-discovery
To enable the generation of Internet Control Message Protocol (ICMP) unreachable messages, use the ip unreachables command. To disable this function, use the no form of this command.
ip unreachables
no ip unreachables
This command has no keywords or arguments.
Disabled
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip unreachables command to enable the generation of ICMP unreachable messages on a Layer-3 VLAN interface.
Hosts use maximum transmission unit (MTU) path discovery to find the largest MTU along the path. They do this by setting the DF bit and sending a large packet. If the packet exceeds the physical port or port-channel MTU, the packet is dropped and GIANTS and INPUT DISCARDS are incremented in the show interface command output.
By default, a Cisco Nexus 7000 Series switch does not send back an ICMP Unreachable Packet-Too-Big message that notifies the host that the MTU of a packet is too large. The switch silently drops inbound packets that are larger than the physical port, port-channel, or Layer-3 VLAN interface MTU.
If a packet is routed, the Layer-3 VLAN MTU is checked and if the packet is too big, the output of the show ip traffic command indicates outfrag fails and packets with DF increments.
The system jumbomtu sets the upper limit for configuration of the MTU on a Cisco Nexus 7000 Series switch and can be seen with the show run all | include jumbomtu command.
The show run all command shows the default commands. The default MTU for interfaces and physical ports is 1500 bytes (1472 in pings with encapsulation overhead).
This command does not require a license.
This example shows how to enable the generation of ICMP unreachable messages, as appropriate, on an interface:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ip unreachables
Command |
Description |
---|---|
ip port-unreachable |
Sends ICMP port unreachable messages. |
To enable a Web Cache Communication Protocol (WCCP) service in a service group, use the ip wccp command. To disable the service group, use the no form of this command.
ip wccp { service-number | web-cache [ hia-timeout timeout seconds | mode { open [ redirect-list access-list ] | closed service-list service-access-list } ] [ password [0-7] password ] }
noip wccp { service-number | web-cache [ hia-timeout timeout seconds | mode { open [ redirect-list access-list ] | closed service-list service-access-list } ] [ password [0-7] password ] }
service-number |
Dynamic service identifier. The service-number range is from 1 to 255. |
web-cache |
Specifies the web-cache well-known service. |
hia-timeout |
(Optional) Specifies the service group timeout. |
timeoutseconds |
Timeout in seconds. The range is from 2 to 15 seconds. |
mode |
(Optional) Configures a a route tag value for local or direct routes. |
open |
Identifies the service as open. |
redirect-list access-list |
(Optional) Specifies the access list that controls traffic redirected to this service group. The access-list can be any case-sensitive, alphanumeric string up to 64 characters. |
closed service-list service-access-list |
(Optional) Identifies the service as closed. The service list identifies a named IP access list that defines the packets that match the service. The service-access-list can be any case-sensitive, alphanumeric string up to 64 characters. |
password [0-7] |
(Optional) Configures the message digest algorithm 5 (MD5) authentication for messages received from the service group. WCCP discards messages that are not accepted by the authentication. The encryption type can be any value between 0 and 7 (inclusive), where 0 is unencrypted and 7 indicates proprietary encryption. |
password |
MD5 password. The password can be any case-sensitive, alphanumeric string up to eight characters. |
None
Global configuration
VRF configuration
Release |
Modification |
---|---|
5.1(1) |
Added the hia-timeout keyword to the syntax description. |
4.2(1) |
This command was introduced. |
The redirect-list keyword instructs the router to use an access list to control the traffic that is redirected to the cache engines of the service group. The access list specifies the traffic that is permitted to be redirected. The default is to redirect TCP traffic.
Use the service-list keyword only for closed mode services. When a WCCP service is closed, WCCP discards packets that do not have a client application registered to receive the traffic. Use the service-list keyword and service-access-list argument to register an application protocol type or port number.
The password can be up to seven characters. When you designate a password, the messages that are not accepted by the authentication are discarded. The password name is combined with the HMAC MD5 value to create a secure connection between the router and the cache engine.
Use password 0 pwstring to store the password in clear text. Use password 7 pwstring to store the password in encrypted form. You can use the password 7 keywords for an already encrypted password.
If you set the timer to 2 seconds and the timeout occurs at 10 seconds then at every 5 second interval, the service is lost due to the removal query.
Wildcard masks are not supported for the WCCPv2 redirect list.
Note | You must enter the ip wccp command with all your required parameters. Any subsequent entry of the ip wccp command overwrites the earlier configuration. |
This command does not require a license.
This example shows how to configure a service group timeout in seconds:
switch# configure terminal switch(config)# ip wccp 23 hia-timeout 14 switch(config)#
This example shows how to configure a router to redirect web-related packets without a destination of 10.168.196.51 to the web cache:
switch# configure terminal switch(config)# access-list 100 switch(config-acl)# permit ip any any switch(config-acl)# exit switch(config)# ip wccp web-cache redirect-list 100 switch(config)# interface ethernet 2/1 switch(config-if)# ip wccp web-cache redirect out
This example shows how to configure a closed WCCP service:
switch# configure terminal switch(config)# ip wccp 99 service-list access1 mode closed
Command |
Description |
---|---|
feature wccp |
Enables the WCCP feature. |
show ip wccp |
Displays the status of the WCCP service group. |
To redirect a packet on an outbound or inbound interface using the Web Cache Communication Protocol (WCCP), use the ip wccp redirect command. To disable WCCP redirection, use the no form of this command.
ip wccp { service-number | web-cache } redirect { in | out }
no ip wccp { service-number | web-cache } redirect { in | out }
service-number |
Dynamic service identifier. The service-number range is from 1 to 255. |
web-cache |
Specifies the web-cache well-known service. |
in |
Redirects a packet on an inbound interface. |
out |
Redirects a packet on an outbound interface. |
Disabled
Interface configuration
Release |
Modification |
---|---|
4.2(1) |
This command was introduced. |
WCCPv2 is only supported on Layer 3 interfaces, including Layer 3 subinterfaces, VLAN interfaces, Layer 3 and port channels.
Use the ip wccp redirect in command to configure WCCP redirection on an interface that receives inbound network traffic. When you configure the command on an interface, all packets that arrive at that interface are compared against the criteria defined by the specified WCCP service. If the packets match the criteria, they are redirected.
Use the ip wccp redirect out command to configure the WCCP redirection check at an outbound interface.
You can also include a redirect list when you configure a service group. The redirect list allows you to deny packets with a NAT (source) IP address and prevent redirection. See the ip wccp command for information about configuring the redirect list and service group.
To prevent redirection of any packets from the cache engine, use the ip wccp redirect exclude in command on the router interface that faces the cache engine.
Note | Do not use the ip wccp redirect {in | out} command and the ip wccp redirect exclude in command on the same interface. The ip wccp redirect exclude in command overrides the ip wccp redirect {in | out} command. |
This command does not require a license.
This example shows how to configure a session in which WCCP redirects outgoing packets on Ethernet interface 2/2 to a cache engine:
switch# configure terminal switch(config)# ip wccp 99 switch(config)# interface ethernet 2/2 switch(config-if)# ip wccp 99 redirect out
This example shows how to configure a session in which HTTP traffic arriving on Ethernet interface 2/1 is redirected to a cache engine:
switch# configure terminal switch(config)# ip wccp web-cache switch(config)# interface ethernet 0/1 switch(config-if)# ip wccp web-cache redirect in
Command |
Description |
---|---|
feature wccp |
Enables the WCCP feature. |
ip wccp redirect exclude in |
Excludes WCCP redirection on an interface. |
show ip wccp |
Displays the status of the WCCP service group. |
To exclude inbound packets on an interface from Web Cache Communication Protocol (WCCP) redirection checks, use the ip wccp redirect exclude in command. To disable the ability of a router to exclude packets from redirection checks, use the no form of this command.
ip wccp redirect exclude in
no ip wccp redirect exclude in
This command has no arguments or keywords.
Disabled
Interface configuration
Release |
Modification |
---|---|
4.2(1) |
This command was introduced. |
Use the ip wccp redirect exclude in command to exclude inbound packets on an interface from any redirection check that may occur at the outbound interface. This command is affects all the services and should be applied to any inbound interface that will be excluded from redirection.
Note | Do not use the ip wccp redirect {in | out} command and the ip wccp redirect exclude in command on the same interface. The ip wccp redirect exclude in command overrides the ip wccp redirect {in | out} command. |
This command does not require a license.
This example shows how to exclude packets that arrive on Ethernet interface 2/1 from all WCCP redirection checks:
switch# configure terminal switch(config)# interface ethernet 2/2 switch(config-if)# ip wccp redirect exclude in
Command |
Description |
---|---|
feature wccp |
Enables the WCCP feature. |
ip wccp redirect |
Configures WCCP redirection on an interface. |
show ip wccp |
Displays the status of the WCCP service group. |
To configure IPv4 local policy route maps for packets generated by the device, use the ipv4 local policy route-map command.
ipv4 local policy route-map map-name
map-name |
Map name. The map-namestring can be up to 63 alphanumeric characters. |
None
Global configuration mode
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to configure IPv4 local policy route maps for packets generated by the device:
switch# configure terminal switch(config)# ip local policy route-map pbr-src-90 switch(config)#
Command |
Description |
---|---|
ipv6 local policy route-map |
Configures IPv6 local policy route maps for packets generated by the device. |
To configure an IPv6 address on an interface, use the ipv6 address command. To remove the address, use the no form of this command.
ipv6 address { addr [eui64] [ route-preference preference ] [secondary] tag tag-id | use-link-local-only }
noipv6 address { addr [eui64] [ route-preference preference ] [secondary] tag tag-id | use-link-local-only }
addr |
IPv6 address. The format is A:B::C:D/length. The length range is 1 to 128. |
eui64 |
(Optional) Configures the Extended Unique Identifier (EUI64) for the low-order 64 bits of the address. |
route-preferencepreference |
(Optional) Sets the route preference for local or direct routes. The range is from 0 to 255. |
secondary |
(Optional) Creates a secondary IPv6 address. |
tagtag-id |
(Optional) Configures a a route tag value for local or direct routes. |
use-link-local-only |
Specifies IPv6 on the interface using only a single link-local. |
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
4.0(3) |
Added tag keyword. |
Use the ipv6 address command to configure an IPv6 address or secondary address on an interface.
This command does not require a license.
This example shows how to configure an IPv6 address:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 address 2001:0DB8::3/48
Command |
Description |
---|---|
ip address |
Configures an IPv4 address on an interface. |
To enable authentication for the Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 packets and to specify the set of keys that can be used on an interface, use the ipv6 authentication key-chain eigrp command. To prevent authentication, use the no form of this command.
ipv6 authentication key-chain eigrp instance-tag name-of-chain
no ipv6 authentication key-chain eigrp instance-tag name-of-chain
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
name-of-chain |
Name of a key chain. The key chain name can be any case-sensitive, alphanumeric string up to 63 characters. |
No authentication is provided for EIGRP packets.
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
You must set the authentication mode using the ipv6 authentication mode eigrp command in interface configuration mode. You must separately configure a key chain using the key-chain command to complete the authentication configuration for an interface.
This command requires the Enterprise Services license.
This example shows how to configure the interface to accept and send any key that belongs to the key-chain trees:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 1/2 switch(config-if)# ipv6 authentication key-chain eigrp 209 trees
Command |
Description |
---|---|
ipv6 authentication mode eigrp |
Sets the authentication mode for EIGRP for an IPv6 interface. |
key-chain |
Creates a set of keys that can be used by an authentication method. |
To specify the type of authentication used in the Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 packets, use the ipv6 authentication mode eigrp command. To remove authentication, use the no form of this command.
ipv6 authentication mode eigrp instance-tag md5
no ipv6 authentication mode eigrp instance-tag md5
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
md5 |
Specifies Message Digest 5 (MD5) authentication. |
None
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to configure the interface to use MD5 authentication:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 1/2 switch(config-if)# ipv6 authentication mode eigrp 209 md5
Command |
Description |
---|---|
authentication mode (EIGRP) |
Configures the authentication mode for EIGRP in address-family mode. |
iv6p authentication key-chain eigrp |
Enables authentication for EIGRP and specifies the set of keys that can be used on an interface. |
key chain |
Creates a set of keys that can be used by an authentication method. |
To configure the bandwidth metric on an Enhanced Interior Gateway Routing Protocol (EIGRP) for the IPv6 interface, use the ipv6 bandwidth eigrp command. To restore the default, use the no form of this command.
ipv6 bandwidth eigrp instance-tag bandwidth
no ipv6 bandwidth eigrp
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
bandwidth |
Bandwidth value. The range is from 1 to 2,560,000,000 kilobits. |
None
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to configure EIGRP to use a bandwidth metric of 10000 in autonomous system 209:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ipv6 bandwidth eigrp 209 10000
Command |
Description |
---|---|
ipv6 bandwidth-percent eigrp |
Sets the percent of the interface bandwidth that EIGRP can use. |
To configure the percentage of bandwidth that may be used by the Enhanced Interior Gateway Routing Protocol (EIGRP) for an IPv6 interface, use the ipv6 bandwidth-percent eigrp command. To restore the default, use the no form of this command.
ipv6 bandwidth-percent eigrp instance-tag percent
no ipv6 bandwidth-percent eigrp
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
percent |
Percentage of bandwidth that EIGRP may use. |
percent: 50
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
EIGRP uses up to 50 percent of the bandwidth of a link, as defined by the ip bandwidth interface configuration command. Use the ip bandwidth-percent command to change this default percent.
This command requires the Enterprise Services license.
This example shows how to configure EIGRP to use up to 75 percent of an interface in autonomous system 209:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ipv6 bandwidth-percent eigrp 209 75
Command |
Description |
---|---|
ipv6 bandwidth eigrp |
Sets the EIGRP bandwidth value for an interface. |
To configure the throughput delay for the Enhanced Interior Gateway Routing Protocol (EIGRP) for an IPv6 interface, use the ipv6 delay eigrp command. To restore the default, use the no form of this command.
ipv6 delay eigrp instance-tag seconds
no ipv6 delay eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
seconds |
Throughput delay, in tens of microseconds. The range is from 1 to 16777215. |
100 (10-microsecond units)
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
You configure the throughput delay on an interface in 10-microsecond units. For example, if you set the ipv6 delay eigrp command to 100, the throughput delay is 1000 microseconds.
This command requires the Enterprise Services license.
This example shows how to set the delay to 400 microseconds for the interface:
switch# configure terminal switch(config)# router eigrp 1 switch(config-router)# interface ethernet 2/1 switch(config-if)# ipv6 delay eigrp 1 40
Command |
Description |
---|---|
ipv6 hello-interval eigrp |
Configures the hello interval on an interface for the EIGRP routing process that is designated by an autonomous system number. |
To configure a distribution list for the Enhanced Interior Gateway Routing Protocol (EIGRP) for an IPv6 interface, use the ipv6 distribute-list eigrp command. To restore the default, use the no form of this command.
ipv6 distribute-list eigrp instance-tag { prefix-list list-name | route-map map-name } { in | out }
no ipv6 distribute-list eigrp instance-tag { prefix-list list-name | route-map map-name } { in | out }
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
prefix-list list-name |
Specifies the name of an IPv6 prefix list to filter EIGRP routes. |
route-map map-name |
Specifies the name of a route map to filter EIGRP routes. |
in |
Applies the route policy to incoming routes. |
out |
Applies the route policy to outgoing routes. |
None
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
Use the ipv6 distribute-list eigrp command to configure a route filter policy on an interface. You must configure the named route map or prefix list to complete this configuration.
This command requires the Enterprise Services license.
This example shows how to configure a route map for all EIGRP routes coming into the interface:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ipv6 distribute-list eigrp 209 route-map InputFilter in
Command |
Description |
---|---|
prefix-list |
Configures a prefix list. |
route-map |
Configures a route map. |
To shut down the Enhanced Interior Gateway Routing Protocol (EIGRP) for an IPv6 interface, use the ipv6 eigrp shutdown command. To restore the default, use the no form of this command.
ipv6 eigrp instance-tag shutdown
no ipv6 eigrp instance-tag shutdown
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
None
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to disable EIGRP on an interface:
switch# configure terminal switch(config)# router eigrp 201 switch(config-router)# interface ethernet 2/1 switch(config-if)# ipv6 eigrp 201 shutdown
Command |
Description |
---|---|
router eigrp |
Configures an instance of EIGRP. |
To configure the Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 hello interval for an interface, use the ipv6 hello-interval eigrp command. To restore the default, use the no form of this command.
ipv6 hello-interval eigrp instance-tag seconds
no ipv6 hello-interval eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
seconds |
Hello interval (in seconds). The range is from 1 to 65535. |
5 seconds
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to set the hello interval to 10 seconds for the interface:
switch# configure terminal switch(config)# router eigrp 1 switch(config-router)# interface ethernet 2/1 switch(config-if)# ipv6 hello-interval eigrp 1 10
To configure the hold time for an Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 interface, use the ipv6 hold-time eigrp command. To restore the default, use the no form of this command.
ipv6 hold-time eigrp instance-tag seconds
no ipv6 hold-time eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
seconds |
Hold time (in seconds). The range is from 1 to 65535. |
15 seconds
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
Use the ipv6 hold-time eigrp command to increase the default hold time on very congested and large networks.
We recommend that you configure the hold time to be at least three times the hello interval. If a router does not receive a hello packet within the specified hold time, routes through this router are considered unavailable.
Increasing the hold time delays route convergence across the network.
This command requires the Enterprise Services license.
This example shows how to set the hold time to 40 seconds for the interface:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ipv6 hold-time eigrp 209 40
Command |
Description |
---|---|
ipv6 hello-interval eigrp |
Configures the hello interval on an interface for the EIGRP routing process designated by an autonomous system number. |
To define static hostname-to-address mappings in the Domain Name System (DNS) hostname cache, use the ipv6 host command. To remove a hostname-to-address mapping, use the no form of this command.
ipv6 host name address1 [ address2 . .. address6 ]
no ipv6 host name address1 [ address2 . .. address6 ]
name |
Hostname. The name can be any case-sensitive, alphanumeric string up to 80 characters. |
address1 |
IPv6 address in the A:B::C:D format. |
address2 ...address6 |
(Optional) Up to five additional IPv6 addresses in the A:B::C:D format. |
None
Global configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
Use the ipv6 host command to add a static hostname to DNS.
This command does not require a license.
This example shows how to configure a static hostname:
switch# configure terminal switch(config)# ipv6 host mycompany.com 2001:0DB8::4
Command |
Description |
---|---|
ip host |
Configures a static hostname. |
To configure IPv6 local policy route maps for packets generated by the device, use the ipv6 local policy route-map command.
ipv6 local policy route-map map-name
map-name |
Map name. The map-namestring can be up to 63 alphanumeric characters. |
None
Global configuration mode
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to configure IPv6 local policy route maps for packets generated by the device:
switch# configure terminal switch(config)# ip local policy route-map pbr-src-90 switch(config)#
Command |
Description |
---|---|
ipv4 local policy route-map |
Configures IPv4 local policy route maps for packets generated by the device. |
To configure the maximum number of entries in the neighbor adjacency table, use the ipv6 nd cache limit command.
ipv6 nd cache limit max-nd-adj [ syslog syslogs-per-second ]
max-nd-adj |
Maximum number of entries in the neighbor adjacency table. The range is from 1 to 409600. |
syslog |
(Optional) Specifies syslog messages. |
syslogs-per-second |
Number of system logs per second. The range is from 1 to 1000. |
None
Interface configuration mode
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to configure the maximum number of entries in the neighbor adjacency table:
switch# configure terminal switch(config-if)# interface ethernet 2/1 switch(config-if)# ipv6 nd cache 1000 syslog 100 switch(config)#
Command |
Description |
---|---|
ipv6 nd dad attempts |
Sets the number of consecutive neighbor solicitation messages that the device sends from the IPv6 interface for duplicate address detection (DAD) validation. |
ipv6 nd fast-path |
Improves the performance of glean packets by reducing the processing of the packets in the supervisor. |
To set the number of consecutive neighbor solicitation messages that the device sends from the IPv6 interface for the duplicate address detection (DAD) validation, use the ipv6 nd dad attempts command.
ipv6 nd dad attempts number
number |
Number of attempts. |
1
Interface configuration mode
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to set the number of consecutive neighbor solicitation messages that the device sends from the IPv6 interface for the DAD validation:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd dad attempts 3 switch(config-if)#
Command |
Description |
---|---|
ipv6 nd cache limit |
Configures the maximum number of entries in the neighbor adjacency table. |
ipv6 nd fast-path |
Improves the performance of glean packets by reducing the processing of the packets in the supervisor. |
To improve the performance of glean packets by reducing the processing of the packets in the supervisor, use the ipv6 nd fast-path command. To remove the fast path configuration, use the no form of this command.
ipv6 nd fast-path
no ipv6 nd fast-path
This command has no arguments or keywords.
Enabled
config-router-neighbor-af mode
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to improve the performance of glean packets by reducing the processing of the packets in the supervisor:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd fast-path switch(config-if)#
This example shows how to delete the fast path configuration:
switch(config-if)# no ipv6 nd fast-path
Command |
Description |
---|---|
ipv6 nd dad attempts |
Sets the number of consecutive neighbor solicitation messages that the device sends from the IPv6 interface for duplicate address detection (DAD) validation. |
To advertise the hop limit in IPv6 neighbor discovery packets, use the ipv6 nd hop-limit command. To return to default, use the no form of this command.
ipv6 nd hop-limit hop-limit
no ipv6 nd hop-limit [hop-limit]
hop-limit |
Hop limit in IPv6 header. The range is from 0 to 255. |
64
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure the IPv6 hop limit:
switch# configure terminal switch(config)#interface ethernet 2/1 switch(config-if)# ipv6 nd hop-limit 55
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To enable any next hop that matches the IPv6 prefix on that interface to be treated as a MAC Embedded IPv6 (MEv6) address, use the ipv6 nd mac-extract command. To disable this function, use the no form of this command.
ipv6 nd mac-extract
no ipv6 nd mac-extract
This command has no arguments or keywords.
Disabled
Global configuration
Release |
Modification |
---|---|
6.2(8) |
This command was introduced. |
Beginning with Cisco NX-OS Release 6.2(8), BGP supports RFC 5549 which allows an IPv4 prefix to be carried over an IPv6 next hop.
The IPv6 next hop is leveraged to remove neighbor discover (ND) related traffic from the network by embedding the MAC address directly in the global IPv6 next-hop address. This address is called a MAC Embedded IPv6 (MEv6) address. The router extracts the MAC address directly from the MEv6 address instead of through ND.
This command requires the Enterprise Services license.
This example shows how to configure an IPv4 route over an IPv6 next-hop:
switch# configure terminal switch(config)# interface ethernet 0/1 switch(config-if)# mac-address mac3 switch(config-if)# ipv6 address ABCD:1::/64 eui-64 switch(config-if)# ipv6 nd mac-extract switch(config-if)# ip forward switch(config)# interface ethernet 0/2 switch(config-if)# ipv6 address ABCF:1::3/64 switch(config-if)# ip forward
Command |
Description |
---|---|
ip forward |
Allows IPv4 traffic on an interface even when there is no IP address configuration on that interface. |
To advertise in ICMPv6 Router-Advertisement messages to use stateful address auto-configuration to obtain address information, use the ipv6 nd managed-config-flag command. To revert to default, use the no form of this command.
ipv6 nd managed-config-flag
no ipv6 nd managed-config-flag
This command has no keywords or arguments.
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to advertise in ICMPv6 Router-Advertisement messages to use stateful address auto-configuration to obtain address information:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd managed-config-flag
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To advertise the Maximum Transmission Unit (MTU) in ICMPv6 Router-Advertisement messages on this link, use the ipv6 nd mtu command. To revert to default, use the no form of this command.
ipv6 nd mtu mtu
no ipv6 nd mtu [mtu]
mtu |
MTU in bytes. The range is from 1280 to 65535. |
1500
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure the MTU value to advertise on a link:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd mtu 1280
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To configure the retransmission interval between IPv6 neighbor solicitation messages, use the ipv6 nd ns-interval command. To revert to default, use the no form of this command.
ipv6 nd ns-interval interval
no ipv6 nd ns-interval [interval]
interval |
Interval in milliseconds. The range is from 1000 to 3600000. |
1000
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure the neighbor solicitation interval:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd ns-interval 1280
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To indicate in ICMPv6 router advertisement messages that hosts use stateful auto configuration to obtain nonaddress related information, use the ipv6 nd other-config-flag command. To revert to the default, use the no form of this command.
ipv6 nd other-config-flag
no ipv6 nd other-config-flag
This command has no keywords or arguments.
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure stateful autoconfiguration in ICMPv6 router advertisement messages:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd other-config-flag
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To advertise the IPv6 prefix in the router advertisement messages, use the ipv6 nd prefix command. To revert to the default, use the no form of this command.
ipv6 nd prefix { ipv6-address /prefix-length | default } { valid-lifetime | infinite | no-advertise } { preferred-lifetime | infinite } [no-autoconfig] [no-onlink] [off-link]
no ipv6 nd prefix { ipv6-address | default }
ipv6-address |
IPv6 prefix. |
prefix-length |
Length of the IPv6 prefix. A decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the decimal value. |
default |
Specifies that default values are used. |
valid-lifetime |
Amount of time (in seconds) that the specified IPv6 prefix is advertised as being valid. The range is from 0 to 4294967295. |
infinite |
Specifies that the valid lifetime is infinite. |
no-advertise |
Specifies that the prefix is not advertised. |
preferred-lifetime |
Amount of time (in seconds) that the specified IPv6 prefix is advertised as being preferred. The range is from 0 to 4294967295. |
no-autoconfig |
(Optional) Indicates to hosts on the local link that the specified prefix cannot be used for IPv6 autoconfiguration. The prefix is advertised with the A-bit clear. |
no-onlink |
(Optional) Configures the specified prefix as not on-link. The prefix is advertised with the L-bit clear. |
off-link |
(Optional) Configures the specified prefix as off-link. The prefix is advertised with the L-bit clear. The prefix is not inserted into the routing table as a connected prefix. If the prefix is already present in the routing table as a connected prefix (for example, because the prefix was also configured using the ipv6 address command), it will be removed. |
All prefixes are advertised as an autoconfiguration prefix (for example, the A-bit is set in the advertisement).
Interface configuration
Release |
Modification |
---|---|
6.2(8) |
The no-autoconfig keyword was added. |
5.2(1) |
This command was introduced. |
This command allows control over the individual parameters per prefix, including whether the prefix should be advertised.
By default, prefixes configured as addresses on an interface using the ipv6 address command are advertised in router advertisements. If you configure prefixes for advertisement using the ipv6 nd prefix command, only these prefixes are advertised.
Default Parameters
The default keyword can be used to set default parameters for all prefixes.
Prefix Lifetime and Expiration
A date can be set to specify the expiration of a prefix. The valid and preferred lifetimes are counted down in real time. When the expiration date is reached, the prefix is no longer advertised.
On-Link
When on-link is on (by default), the specified prefix is assigned to the link. Nodes sending traffic to such addresses that contain the specified prefix consider the destination to be locally reachable on the link. When autoconfiguration is on (the default), it indicates to hosts on the local link that the specified prefix can be used for IPv6 autoconfiguration.
The configuration options affect the L-bit and A-bit settings associated with the prefix in the IPv6 neighbor discovery (ND) router advertisement, and presence of the prefix in the routing table, as follows:
This command does not require a license.
This example shows how to include the IPv6 prefix 2001:0DB8::/35 in router advertisements sent out Ethernet interface 0/0 with a valid lifetime of 1000 seconds and a preferred lifetime of 900 seconds:
switch# configure terminal switch(config)# interface ethernet 0/0 switch(config-if)# ipv6 nd prefix 2001:0DB8::/35 1000 900
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To configure the interval between sending ICMPv6 router advertisement messages, use the ipv6 nd ra-interval command. To revert to default, use the no form of this command.
ipv6 nd ra-interval interval
no ipv6 nd ra-interval [interval]
interval |
Interval between sending router advertisement messages in seconds. The range is from 4 to 1800. |
600
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure the ICMPv6 router advertisement message interval:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd ra-interval 500
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To advertise the router lifetime of a default router in ICMPv6 router advertisement messages, use the ipv6 nd ra-lifetime command. To revert to the default, use the no form of this command.
ipv6 nd ra-lifetime lifetime
no ipv6 nd ra-lifetime [lifetime]
lifetime |
Lifetime in seconds. The range is from 0 to 9000. If 0, this router will not be the default router. |
Three times the router advertisement interval.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure the ICMPv6 router advertisement message lifetime:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd ra-lifetime 1500
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To advertise the time when a node considers a neighbor up after receiving a reachability confirmation in ICMPv6 router advertisement messages, use the ipv6 nd reachable-time command. To revert to the default, use the no form of this command.
ipv6 nd reachable-time time
no ipv6 nd reachable-time [time]
lifetime |
Lifetime in seconds. The range is from 0 to 9000. If 0, this router will not be the default router. |
0
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure the ICMPv6 router advertisement reachability time:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd reachable-time 1500
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To enable sending ICMPv6 redirect messages, use the ipv6 redirects command. To revert to the default, use the no form of this command.
ipv6 nd redirects
no ipv6 nd redirects
This command has no keywords or arguments.
Disabled
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to disable the ICMPv6 router advertisement messages:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)#ipv6 nd redirects
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To advertise the time between neighbor solicitation (NS) messages in ICMPv6 router advertisement messages, use the ipv6 nd retrans-timer command. To revert to the default, use the no form of this command.
ipv6 nd retrans-timer time
no ipv6 nd retrans-timer [time]
lifetime |
Lifetime in seconds. The range is from 0 to 9000. If 0, this router will not be the default router. |
0
if-igp configuration (config-xxx)
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure the ICMPv6 router advertisement reachability time:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd retrans-timer
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To disable sending ICMPv6 router advertisement messages, use the ipv6 nd suppress-ra command. To revert to default, use the no form of this command.
ipv6 nd suppress-ra
no ipv6 nd suppress-ra
This command has no keywords or arguments.
Enabled
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to disable the ICMPv6 router advertisement messages:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 nd suppress-ra
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To configure a static entry in the IPv6 neighbor discovery cache, use the ipv6 neighbor command. To remove a static IPv6 entry from the IPv6 neighbor discovery cache, use the no form of this command.
ipv6 neighbor pv6-address interface-type interface-number hardware-address
no ipv6 neighbor ipv6-address interface-type interface-number hardware-address
ipv6-address |
IPv6 address that corresponds to the local data-link address. This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons. |
interface-type |
Interface type. For supported interface types, use the question mark (?) online help function. |
interface-number |
Interface number. |
hardware-address |
Local data-link address (a 48-bit address). |
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ipv6 neighbor command to create a static entry. If an entry for the specified IPv6 address already exists in the neighbor discovery cache—learned through the IPv6 neighbor discovery process—the entry is automatically converted to a static entry.
Use the show ipv6 neighbors command to view static entries in the IPv6 neighbor discovery cache. A static entry in the IPv6 neighbor discovery cache can have one of the following states:
Note | Reachability detection is not applied to static entries in the IPv6 neighbor discovery cache; therefore, the descriptions for the INCMP and REACH states are different for dynamic and static cache entries. See the show ipv6 neighbors command for descriptions of the INCMP and REACH states for dynamic cache entries. |
The clear ipv6 neighbors command deletes all entries in the IPv6 neighbor discovery cache, except static entries. The no ipv6 neighbor command deletes a specified static entry from the neighbor discovery cache; the command does not remove dynamic entries—learned from the IPv6 neighbor discovery process—from the cache. Disabling IPv6 on an interface by using the no ipv6 enable command or the no ipv6 unnumbered command deletes all IPv6 neighbor discovery cache entries configured for that interface, except static entries (the state of the entry changes to INCMP).
Static entries in the IPv6 neighbor discovery cache are not modified by the neighbor discovery process.
This example configures a static entry in the IPv6 neighbor discovery cache for a neighbor with the IPv6 address 2001:0DB8::45A and link-layer address 0002.7D1A.9472 on Ethernet interface 2/1:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 neighbor 2001:0DB8::45A ethernet 2/10002.7D1A.9472
To instruct the Enhanced Interior Gateway Routing Protocol (EIGRP) for an IPv6 process to use the local IPv6 address as the next-hop address when advertising these routes, use the next-hop-self eigrp command. To use the received next-hop value, use the no form of this command.
ipv6 next-hop-self eigrp instance-tag
no ipv6 next-hop-self eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
EIGRP always sets the IPv6 next-hop value to be itself.
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
EIGRP, by default, sets the IPv6 next-hop value to be itself for routes that it is advertising, even when advertising those routes on the same interface from which the router learned them. To change this default, you must use the no ipv6 next-hop-self eigrp interface configuration command to instruct EIGRP to use the received next-hop value when advertising these routes.
This example shows how to change the default IPv6 next-hop value and instruct EIGRP to use the received next-hop value:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-eigrp-af-if)# no ipv6 next-hop-self eigrp 209
To configure an offset list for the Enhanced Interior Gateway Routing Protocol (EIGRP) for an IPv6 interface, use the ipv6 offset-list eigrp command. To restore the default, use the no form of this command.
ipv6 offset-list eigrp instance-tag { prefix-list list-name | route-map map-name } { in | out } offset
no ipv6 offset-list eigrp instance-tag { prefix-list list-name | route-map map-name } { in | out } offset
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
prefix-list list-name |
Specifies the name of an IPv6 prefix list to filter EIGRP routes. |
route-map map-name |
Specifies the name of a route map to filter EIGRP routes. |
in |
Applies a route policy to incoming routes. |
out |
Applies a route policy to outgoing routes. |
offset |
Value to add to the EIGRP metric. |
This command has no defaults.
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
Use the ipv6 offset-list eigrp command to influence which route is advertised on an interface. Cisco NX-OS adds the configured offset value to any routes that match the configure prefix list or route map. You must configure the named route map or prefix list to complete this configuration.
This command requires the Enterprise Services license.
This example shows how to configure an offset list filter to add 20 to the metric for EIGRP routes coming into the interface that match the route map OffsetFilter:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ipv6 offset-list eigrp 209 route-map OffsetFilter in 20
Command |
Description |
---|---|
prefix-list |
Configures a prefix list. |
route-map |
Configures a route map. |
To suppress all routing updates on an Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 interface, use the ipv6 passive-interface eigrp command. To reenable the sending of routing updates, use the no form of this command.
ipv6 passive-interface eigrp instance-tag
no ipv6 passive-interface eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
Routing updates are sent on the interface.
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
Use the ipv6 passive-interface eigrp command to stop all routing updates on an interface and suppress the formation of EIGRP adjacencies.
This command requires the Enterprise Services license.
This example shows how to stop EIGRP routing updates on Ethernet 2/1:
switch# configure terminal switch(config)# router eigrp 201 switch(config-router)# interface ethernet 2/1 switch(config-if)# ipv6 passive-interface eigrp 201
To identify a route map to use for policy routing on an interface, use the ipv6 policy route-map command. To remove the route map, use the no form of this command.
ipv6 policy route-map name
no ipv6 policy route-map [name]
name |
Name of the route map. The name can be any alphanumeric string up to 63 characters. |
None
Interface configuration
Release |
Modification |
---|---|
4.2(1) |
This command was introduced. |
Use the iv6 policy route-map command to identify a route map to use for policy routing on an IPv6 interface. Use the route-map command to create the rout map. Each route-map command has a list of match and set commands associated with it. The match commands specify the match criteria—the conditions under which policy routing is allowed for the interface, based on the destination IPv6 address of the packet. The set commands specify the set actions—the particular policy routing actions to perform if the criteria enforced by the match commands are met. The no ipv6 policy route-map command deletes the pointer to the route map.
You can perform policy-based routing on any match criteria that can be defined in an IPv6 access list when using the match ipv6 address command and referencing an IPv6 access list.
You must enable policy-based routing with the feature pbr command before you can use the ipv6 policy route-map command.
This command requires the Enterprise Services license.
This example shows how to configure a policy-based route map to an interface:
switch# configure terminal switch(config)# feature pbr switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 policy route-map policymap
Command |
Description |
---|---|
feature pbr |
Enabled the policy-based routing feature. |
route-map |
Creates a route map. |
show route-map pbr-statistics |
Displays statistics about policy-based route maps |
show ipv6 policy |
Displays information about IPv6 policies |
To create a prefix list to match IPv6 packets or routes again, use the ipv6 prefix-list command. To remove the prefix-list, use the no form of this command.
ipv6 prefix-list name [ seq number ] { permit | deny } prefix [ eq length | [ ge length ] [ le length ] ]
no ipv6 prefix-list name [ seq number ] { permit | deny } prefix [ eq length | [ ge length ] [ le length ] ]
name |
IPv6 prefix list name. The name can be any alphanumeric string up to 63 characters. |
seqnumber |
(Optional) Specifies the sequence number to order entries in the prefix list. The range is from 1 to 4294967294. |
permit |
Allows routes or IP packets that match the prefix list. |
deny |
Rejects routes or IP packets that match the prefix list. |
prefix |
IP prefix in A:B::C:D/length format. |
eq length |
(Optional) Specifies the exact prefix length to match. The range is from 1 to 128. |
ge length |
(Optional) Specifies the maximum prefix length to match. The range is from 1 to 128. |
le length |
(Optional) Specifies the minimum prefix length to match. The range is from 1 to 128. |
None
Global configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ipv6 prefix-list command to configure IPv6 prefix filtering. You configure prefix lists with permit or deny keywords to either permit or deny the prefix based on the matching condition. A prefix list consists of an IPv6 address and a bit mask. The bit mask is entered as a number from 1 to 128. An implicit deny is applied to traffic that does not match any prefix-list entry.
You can configure prefix lists to match an exact prefix length or a prefix range. Use the ge and le keywords to specify a range of the prefix lengths to match, providing more flexible configuration than can be configured with just the network/length argument. Cisco NX-OS processes the prefix list using an exact match when you do not configure either the ge nor le keyword. If you configure both the ge length and le length keywords and arguments, the allowed prefix length range falls between the values used for the ge-length and le-length arguments. The following formula shows this behavior:
network/length < ge ge-length < le le-length <= 32
If you do not configure a sequence number, Cisco NX-OS applies a a default sequence number of 5 to the prefix list, and subsequent prefix list entries will be increment by 5 (for example, 5, 10, 15, and onwards). If you configure a sequence number for the first prefix list entry but not subsequent entries, then Cisco NX-OS increments the subsequent entries by 5 (For example, if the first configured sequence number is 3, then subsequent entries will be 8, 13, 18, and onwards). Default sequence numbers can be suppressed by entering the no form of this command with the seq keyword.
Cisco NX-OS evaluates prefix lists starting with the lowest sequence number and continues down the list until a match is made. Once a match is made that covers the network the permit or deny statement is applied to that network and the rest of the list is not evaluated.
Tip | For best performance, the most frequently processed prefix list statements should be configured with the lowest sequence numbers. The seq number keyword and argument can be used for resequencing. |
The prefix list is applied to inbound or outbound updates for specific peer by entering the prefix-list command in neighbor address-family mode. Prefix list information and counters are displayed in the output of the show ipv6 prefix-list command. Prefix-list counters can be reset by entering the clear ipv6 prefix-list command.
This command does not require a license.
This example shows how to configure an IPv6 prefix list and apply it to a BGP peer:
switch# configure terminal switch(config)# ipv6 prefix-list allowprefix 10 permit 2001:0DB8::/48 eq 24 switch(config) router bgp 65536:20 switch(config-router)# neighbor 2001:0DB8::1/64 remote-as 65536:20 switch(config-router-neighbor)# address-family ipv6 unicast switch(config-router-neighbor-af)# prefix-list allowprefix in
Command |
Description |
---|---|
clear ip prefix-list |
Clears counters for IP prefix lists. |
prefix-list |
Applies a prefix list to BGP peer. |
show ip prefix-list |
Displays information about IP prefix lists. |
To configure a description string for an IPv6 prefix-list, use the ipv6 prefix-list description command. To revert to default, use the no form of this command.
ipv6 prefix-list name description string
no ipv6 prefix-list name description
name |
Name of the prefix list. The name can be any alphanumeric string up to 63 characters. |
string |
Descriptive string for the prefix list. The string can be any alphanumeric string up to 90 characters. |
None
Global configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to configure a description for an IPv6 prefix list:
switch# configure terminal switch(config)# ipv6 prefix-list test1 description “this is a test”
Command |
Description |
---|---|
ipv6 prefix-list |
Creates an IPv6 prefix list. |
show ipv6 prefix-list |
Displays information about IPv6 prefix lists. |
To add an additional value to the incoming IP Routing Information Protocol (RIP) route metric for an interface, use the ipv6 rip metric-offset command in interface configuration mode. To return the metric to its default value, use the no form of this command.
ipv6 rip metric-offset value
no ipv6 rip metric-offset
value |
Value to add to the incoming route metric for an interface. The range is from 1 to 15. The default is 1. |
value: 1
Interface configuration
network-adminvdc-admin
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ipv6 route metric-offset command to influence which routes are used by Cisco NX-OS. This command allows you to add a fixed offset to the route metric of all incoming routes on an interface. For example, if the you set the metric-offset to 5 on an interface and the incoming route metric is 5, then Cisco NX-OS adds the route to the route table with a metric of 10.
This command does not require a license.
The following example shows how to configure a metric offset of 10 for all incoming RIP routes on Ethernet interface 2/1:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 rip metric-offset 10
Command |
Description |
---|---|
ipv6 rip offset-list |
Adds an offset value to incoming RIP route metrics. |
To add an offset to incoming and outgoing metrics to routes learned via Routing Information Protocol (RIP), use the ipv6 rip offset-list command in interface configuration mode. To remove an offset list, use the no form of this command.
ipv6 rip offset-list value
no ipv6 rip offset-list
value |
Value to add to the incoming route metric for an interface. The range is from 1 to 15. The default is 1. |
value: 1
Router address-family configuration
network-adminvdc-admin
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
The following example shows how to configure an offset of 10 for all incoming RIP routes on Ethernet interface 2/1:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 rip offset-list 10
Command |
Description |
---|---|
ipv6 rip metric-offset |
Adds an offset value to incoming RIP route metrics. |
To suppress the sending of the Routing Information Protocol (RIP) updates on an interface, use the ipv6 rip passive-interface command in interface configuration mode. To unsuppress updates, use the no form of this command.
ipv6 rip passive-interface
no ipv6 rip passive-interface
This command has no arguments or keywords.
RIP updates are sent on the interface.
Interface configuration
network-adminvdc-admin
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
While RIP stops sending routing updates to the multicast (or broadcast) address on a passive interface, RIP continues to receive and process routing updates from its neighbors on that interface.
This command does not require a license.
The following example shows how to configure Ethernet 1/2 as a passive interface:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ipv6 rip passive-interface
To enable poison-reverse processing of the Routing Information Protocol (RIP) router updates, use the ipv6 rip poison-reverse command in interface configuration mode. To disable poison-reverse processing of RIP updates, use the no form of this command.
ipv6 rip poison-reverse
no ipv6 rip poison-reverse
This command has no arguments or keywords.
Split horizon is always enabled. Poison-reverse processing is disabled.
Interface configuration
network-adminvdc-admin
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ip v6rip poison-reverse command to enable poison-reverse processing of RIP router updates. By default, Cisco NX-OS does not advertise RIP routes out the interface over which they were learned (split horizon). If you configure both poison reverse and split horizon, then Cisco NX-OS advertises the learned routes as unreachable over the interface on which the route was learned.
This command does not require a license.
The following example shows how to enable poison-reverse processing for an interface running RIP:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ipv6 rip poison-reverse
To filter the Routing Information Protocol (RIP) routes coming in or out of an interface, use the ipv6 rip route-filter command in interface configuration mode. To remove filtering from an interface, use the no form of this command.
ipv6 rip route filter { prefix-list list-name | route-map map-name } { in | out }
prefix-list list-name |
Associates a prefix list to filter RIP packets. |
route-map map-name |
Associates a route map to set the redistribution policy for RIP. |
in |
Filters incoming routes. |
out |
Filters outgoing routes. |
Route filtering is disabled.
Interface configuration
network-adminvdc-admin
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ipv6 rip route-filter command to filter incoming or outgoing routes on an interface.
This command does not require a license.
The following example shows how to use a route map to filter routes for a RIP interface:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ipv6 rip route-filter route-map InRipFilter in
Command |
Description |
---|---|
route-map |
Creates a route map. |
prefix-list |
Creates a prefix list. |
To configure a summary aggregate address under an interface for the the Routing Information Protocol (RIP), use the ipv6 rip summary-address command in interface configuration mode. To disable summarization of the specified address or subnet, use the no form of this command.
ipv6 rip summary-address ipv6-prefix /length
noipv6 rip summary-address ipv6-prefix /length
iv6p-prefix/length |
IPv6 prefix and prefix length to be summarized. |
Disabled by default.
Interface configuration
network-adminvdc-admin
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
The ipv6 rip summary-address command summarizes an address or subnet under a specific interface.
This command does not require a license.
The following example shows that the summary address2001:0DB8::/48 is advertised out Ethernet interface 1/2:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ipv6 summary-address rip 2001:0DB8::/48
To configure a static IPv6 route, use the ipv6 route command. To remove this static route, use the no form of this command.
ipv6 route ipv6-prefix /length { { next-hop-addr | next-hop-prefix } | interface | link-local-addr } [preference] [ tag tag-id ]
no ipv6 route ipv6-prefix /length
ipv6-prefix/length |
IPv6 prefix and prefix length. The format is A:B::C:D/length. The length range is from 1 to 128. |
next-hop-addr |
Next-hop address. The format is A:B::C:D. |
next-hop-prefix |
Next-hop prefix and length. The format is A:B::C:D/length. The length range is from 1 to 128. |
interface |
Interface to reach this route. Use ? to display a list of supported interfaces. |
link-local-addr |
IPv6 link-local address. The format is A:B::C:D. |
preference |
(Optional) Sets the route preference, used as the administrative distance to this route. The range is from 1 to 255. The default is 1. |
tag id |
(Optional) Assigns a route tag that can be used to match against in a route map. The range is from 0 to 4294967295. The default is 0. |
Disabled
Global configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command does not require a license.
This example shows how to create an IPv6 static route:
switch# configure terminal switch(config)# ipv6 route 2001:0DB8::/48 2b11::2f01:4c
Command |
Description |
---|---|
ip route |
Configures an IPv4 static route. |
To specify the Enhanced Interior Gateway Routing Protocol (EIGRP) for an IPv6 interface, use the ipv6 router eigrp command. To return to the default, use the noform of this command.
ipv6 router eigrp instance-tag
no ipv6 router eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
None
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
Use the ipv6 router eigrp command to specify the EIGRP instance for the interface.
This command requires the Enterprise Services license.
This example shows how to set the EIGRP instance for an interface:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ipv6 router eigrp Base
To specify the Open Shortest Path First version 3(OSPFv3) instance and area for an interface, use the ipv6 router ospfv3 area command. To return to the default, use the noform of this command.
ipv6 router ospfv3 instance-tag area area-id [ secondaries none ]
no ipv6 router ospfv3 instance-tag area area-id [ secondaries none ]
instance-tag |
Instance tag. Specify as an alphanumeric string. |
area-id |
Identifier for the OSPFv3 area where you want to enable authentication. Specify as either a positive integer value or an IP address. |
secondaries none |
(Optional) Excludes secondary IP addresses. |
None
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Use the ipv6 router ospfv3 area command to specify the area and OSPFv3 instance for the interface.
This command requires the Enterprise Services license.
This example shows how configure an interface for OSPFv3:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ipv6 router ospfv3 Base area 33
To configure multi-area adjacency on an Open Shortest Path First version 3 (OSPFv3) interface, use the ipv6 router ospfv3 multi-area command. To return to the default, use the no form of this command.
ipv6 router ospfv3 instance-tag multi-area area-id
no ipv6 router ospfv3 instance-tag multi-area area-id
instance-tag |
Instance tag. Specify as an case-sensitive alphanumeric string up to 63 characters. |
area-id |
Identifier for the OSPF area where you want to add as another area to the primary interface. Specify as either a positive integer value or an IP address. |
None
Interface configuration
Release |
Modification |
---|---|
4.2(1) |
This command was introduced. |
Use the ipv6 router ospfv3 multi-area command to specify additional areas on an OSPFv3 interface.
This command requires the Enterprise Services license.
This example shows how to configure multi-area adjacency:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ipv6 router ospfv3 Base area 33 switch(config-if)# ipv6 router ospfv3 Base multi-area 99
To enable split horizon for an Enhanced Interior Gateway Routing Protocol (EIGRP) for an IPv6 process, use the ipv6 split-horizon eigrp command. To disable split horizon, use the no form of this command.
ipv6 split-horizon eigrp instance-tag
no ipv6 split-horizon eigrp instance-tag
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
Enabled
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
Use the no ipv6 split-horizon eigrp command to disable split horizon on an interface.
This command requires the Enterprise Services license.
This example shows how to disable split horizon an an Ethernet link:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-eigrp-af-if)# no ipv6 split-horizon eigrp 209
To configure a summary aggregate address for the specified Enhanced Interior Gateway Routing Protocol (EIGRP) for IPv6 interface, use the ipv6 summary-address eigrp command. To disable a configuration, use the no form of this command.
ipv6 summary-address eigrp instance-tag ipv6-address /length [admin-distance]
no ipv6 summary-address eigrp instance-tag ipv6-address /length
instance-tag |
Name of the EIGRP instance. The instance-tag can be any case-sensitive, alphanumeric string up to 63 characters. |
ipv6-address/length |
Summary IPv6 prefix and prefix length to apply to an interface in A:B::C:D/length format. The length range is from 1 to 128. |
admin-distance |
(Optional) Administrative distance. The range is from 1 to 255. |
An administrative distance of 5 is applied to EIGRP summary routes. No summary addresses are predefined.
Interface configuration
Release |
Modification |
---|---|
4.1(2) |
This command was introduced. |
Use the ipv6 summary-address eigrp command to configure interface-level summary address. EIGRP summary routes are given an administrative distance of 5.
This command requires the Enterprise Services license.
This example shows how to configure an administrative distance of 95 on an EIGRP interface for the 2001:0DB8::/48 summary address:
switch# configure terminal switch(config)# router eigrp 209 switch(config-router)# interface ethernet 2/1 switch(config-if)# ipv6 summary-address eigrp 209 2001:0DB8::/48 95
To enable sending ICMPv6 unreachable messages, use the ipv6 unreachables command. To revert to default, use the no form of this command.
ipv6 [icmp] unreachables
no ipv6 [icmp] unreachables
icmp |
(Optional) Specifies ICMPv6 commands. |
Disabled
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Port-unreachable messages are always rate limit enabled.
This command does not require a license.
This example shows how to enable the ICMPv6 unreachable messages:
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 unreachables
Command |
Description |
---|---|
show ipv6 nd interface |
Displays IPv6 neighbor discovery information for an interface. |
To configure the routing level for an instance of the Intermediate System-to-Intermediate System (IS-IS) routing process, use the is-type command. To reset the default value, use the no form of this command.
is-type { level-1 | level-1-2 | level-2 }
no is-type { level-1 | level-1-2 | level-2 }
level-1 |
Specifies that the router performs only level-1 (intraarea) routing. |
level-1-2 |
Specifies that the router performs both level-1 and level-2 routing. |
level-2 |
Specifies that the routing process acts as a level-2 (interarea) router only. |
Routers typically act as both a level-1 (intraarea) and a level-2 (interarea) router by default. In multiarea IS-IS configurations, the first instance of the IS-IS routing process configured is by default a level-1-2 (intraarea and interarea) router. The remaining instances of the IS-IS process configured by default are level-1 routers.
Router configurationVRF configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
The routing levels for an instance of the IS-IS routing process are defined as follows:
We recommend that you configure the type of IS-IS routing process. If you are configuring multiarea IS-IS, you must configure the type of the router, or allow it to be configured by default. By default, the first instance of the IS-IS routing process that you configure using the router isis command is a level-1-2 router.
If only one area is in the network, there is no need to run both level-1 and level-2 routing algorithms. If IS-IS is used for IP routing only (and there is only one area), you can run level-2 only everywhere. Areas you add after the level-1-2 area exists are by default level-1 areas.
If the router instance has been configured for level-1-2 (the default for the first instance of the IS-IS routing process in a Cisco device), you can remove level-2 (interarea) routing for the area using the is-type command. You can also use the is-type command to configure level-2 routing for an area, but it must be the only instance of the IS-IS routing process configured for level-2 on the Cisco device.
This command requires the Enterprise Services license.
This example specifies an area router:
switch# configure terminal switch(config)# router isis switch(config-router)# is-type level-2-only
Command |
Description |
---|---|
feature isis |
Enables IS-IS on the router. |
router isis |
Enables IS-IS. |
To enable authentication for Intermediate System-to-Intermediate System (IS-IS) for an individual IS-IS interface, use the isis authentication key-chain command. To disable authentication, use the no form of this command.
isis authentication key-chain auth-key { level-1 | level-2 }
no isis authentication key-chain auth-key { level-1 | level-2 }
auth-key |
Authentication key chain. |
level-1 |
Specifies the authentication key for level-1 link state packets (LSP), complete sequence number packets (CSNP), and partial sequence number packets (PSNP) only. |
level-2 |
Specifies the authentication key for level-2 LSP, CSNP and PSNP packets only. |
No key chain authentication is provided for IS-IS packets at the router level.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
If no key chain is configured with the isis authentication key-chain command, no key chain authentication is performed.
Key chain authentication could apply to clear text authentication or MD5 authentication. The mode is determined by the authentication mode command.
Only one authentication key chain is applied to IS-IS at one time. For example, if you configure a second isis authentication key-chain command, the first authentication key chain is overridden.
You can configure key-chain authentication per IS-IS instance by using the authentication key-chain configuration command.
This command requires the Enterprise Services license.
This example shows how to configure IS-IS to accept and send any key belonging to the key chain named site1 on a specific interface:
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 2/5 switch(config-if)# isis authentication key-chain site1 level-1 switch(config-if)#
Command |
Description |
---|---|
authentication key-chain |
Enables authentication per IS-IS instance. |
feature isis |
Enables IS-IS on the router. |
router isis |
Enables IS-IS. |
To specify for the Intermediate System-to-Intermediate System (IS-IS) instance that authentication is performed only on IS-IS packets being sent (not received) from an interface, use the isis authentication-check command. To configure for the IS-IS instance that if authentication is configured at the router level, such authentication be performed on packets being sent and received, use the no form of this command.
authentication-check { level-1 | level-2 }
no authentication-check
level-1 |
Specifies that authentication is performed only on level-1 packets that are being sent (not received) |
level-2 |
Specifies that authentication is performed only on level-2 packets that are being sent (not received). |
If authentication is configured at the router level, it applies to IS-IS packets being sent and received.
Interface configuration
Enter the isis authentication-check command before configuring the authentication mode and authentication key chain. Entering the isis authentication-check command allows the routers to have more time for the keys to be configured on each router if authentication is inserted only on the packets being sent, not checked on packets being received. After you enter the authentication-check command on all communicating routers, enable the authentication mode and key chain on each router. Then enter the no isis authentication-check command to disable the command.
This command could apply to clear text authentication or Message Digest 5 (MD5) authentication. The mode is determined by the authentication mode command.
You can specify authentication check per IS-IS instance by using the authentication-check configuration mode command.
This command requires the Enterprise Services license.
This example shows how to configure IS-IS level-1 packets on a specific interface to use clear text authentication on packets being sent (not received):
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 2/5 switch(config-if)# isis authentication-check level-1 switch(config-if)# isis authentication key-chain site1 level-1 switch(config-if)#
Command |
Description |
---|---|
authentication-check |
Specifies that authentication is performed only on IS-IS packets being sent (not received). |
feature isis |
Enables IS-IS on the router. |
router isis |
Enables IS-IS. |
To specify the type of authentication used in Intermediate System-to-Intermediate System (IS-IS) packets on a specific interface, use the isis authentication-type command. To restore clear text authentication, use the no form of this command.
isis authentication-type { cleartext | md5 } [ level-1 | level-2 ]
no isis authentication-type
cleartext |
Specifies clear text authentication. |
md5 |
Specifies Message Digest 5 (MD5) authentication. |
level-1 |
Enables the specified authentication for level-1 link state packet (LSP), complete sequence number packet (CSNP) and partial sequence number packet (PSNP) packets only. |
level-2 |
Enables the specified authentication for level-2 LSP, CSNP and PSNP packets only. |
No authentication is provided for IS-IS packets at the router level by use of this command.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
If you do not enter the level-1 or level-2 keywords, the mode applies to both levels.
You can specify the authentication type per IS-IS instance by using the authentication-type configuration mode command.
This command requires the Enterprise Services license.
This example configures for the IS-IS instance that Message Digest 5 (MD5) authentication is performed on level-1 packets on a specific interface:
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 2/5 switch(config-if)# isis authentication-type md5 level-1 switch(config-router)#
Command |
Description |
---|---|
authentication-type |
Specifies the authentication type per IS-IS instance. |
feature isis |
Enables IS-IS on the router. |
router isis |
Enables IS-IS. |
To configure the type of adjacency, use the isis circuit-type command. To reset the circuit type to Level l and Level 2, use the no form of this command.
isis circuit-type { level-1 | level-1-2 | level-2-only }
no isis circuit-type
level-1 |
Configures a router for Level 1 adjacency only. |
level-1-2 |
Configures a router for Level 1 and Level 2 adjacency. |
level-2-only |
Configures a router for Level 2 adjacency only. |
A Level 1 and Level 2 adjacency is established.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
You do not have to configure this command. We recommend that you configure a router as a Level 1-only, Level 1-2, or Level 2-only system. Only on routers that are between areas (Level 1-2 routers) should you configure some interfaces to be Level 2-only to prevent wasting bandwidth by sending out unused Level 1 hello packets. Note that on point-to-point interfaces, the Level 1 and Level 2 hellos are in the same packet.
A Level 1 adjacency may be established if there is at least one area address in common between this system and its neighbors. Level 2 adjacencies will never be established over this interface.
A Level 1 and Level 2 adjacency is established if the neighbor is also configured as level-1-2 and there is at least one area in common. If there is no area in common, a Level 2 adjacency is established. This is the default.
Level 2 adjacencies are established if the other routers are Level 2 or Level 1-2 routers and their interfaces are configured for Level 1-2 or Level 2. Level 1 adjacencies will never be established over this interface.
This command requires the Enterprise Services license.
This example shows how to configure an adjacency. In this example other routers on the Ethernet interface 2/5 are in the same area. Other routers on Ethernet interface 1 are in other areas, so the router will stop sending Level 1 hellos.
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 2/5 switch(config-if)# isis circuit-type level-2-only switch(config-if)#
To configure the Intermediate System-to-Intermediate System (IS-IS) complete sequence number (CSNPs) interval, use the isis csnp-interval command. To restore the default value, use the no form of this command.
isis csnp-interval seconds { level-1 | level-2 }
no isis csnp-interval [ level-1 | level-2 ]
seconds |
Interval of time (in seconds) between transmission of CSNPs on multiaccess networks. This interval only applies for the designated router. Range: 0 to 65535. Default: 10. |
level-1 |
Configures the interval of time between transmission of CSNPs for Level 1 independently. |
level-2 |
Configures the interval of time between transmission of CSNPs for Level 2 independently. |
The default settings are as follows:
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Normally, you will not have to change the default value of this command.
This command applies only for the designated router or a specified interface. Only designated routers send CSNP packets in order to maintain database synchronization. The CSNP interval can be configured independently for Level 1 and Level 2.
The isis csnp-interval command on point-to-point subinterfaces should be used only in combination with the IS-IS mesh-group feature.
This command requires the Enterprise Services license.
This example configures Ethernet interface 2/5 for sending CSNPs every 30 seconds:
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 2/5 switch(config-if)# isis csnp-interval 30 level-1 switch(config-if)#
show isis interface |
Displays IS-IS information. |
To reenable Intermediate System-to-Intermediate System (IS-IS) hello padding at the interface level, use the isis hello padding command. To disable IS-IS hello padding, use the no form of this command.
isis hello padding
no isis hello padding
This command has no arguments or keywords.
IS-IS hello padding is enabled.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Intermediate System-to-Intermediate System (IS-IS) hellos are padded to the full maximum transmission unit (MTU) size. The benefit of padding IS-IS hellos to the full MTU is that it allows for early detection of errors that result from transmission problems with large frames or errors that result from mismatched MTUs on adjacent interfaces.
You can disable hello padding in order to avoid wasting network bandwidth in case the MTU of both interfaces is the same or, in case of translational bridging. While hello padding is disabled, Cisco routers still send the first five IS-IS hellos padded to the full MTU size, in order to maintain the benefits of discovering MTU mismatches.
To selectively disable hello padding for a specific interface, enter the no isis hello padding command in interface configuration mode. To disable hello padding for all interfaces on a router for the IS-IS routing process, enter the no hello padding command in router configuration mode.
This command requires the Enterprise Services license.
This example shows how to turn off hello padding at the interface level for the Ethernet interface 0/0, and enter interface configuration mode:
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 0/0 switch(config-if)# no isis hello padding switch(config-if)#
Command |
Description |
---|---|
hello padding |
Reenables IS-IS hello padding at the router level. |
To specify the length of time between hello packets that the Cisco NX-OS software sends, use the isis hello-interval command. To restore the default value, use the no form of this command.
isis hello-interval seconds { level-1 | level-2 }
no isis hello-interval { level-1 | level-2 }
seconds |
Length of time between hello packets, in seconds. By default, a value three times the hello interval seconds is advertised as the hold time in the hello packets sent. (Change the multiplier of 3 by specifying the isis hello-multiplier command.) With smaller hello intervals, topological changes are detected faster, but there is more routing traffic. Range: 0 to 65535. Default: 10.
|
||
level-1 |
Configures the hello interval for Level 1 independently. Use this on X.25, Switched Multimegabit Data Service (SMDS), and Frame Relay multiaccess networks. |
||
level-2 |
Configures the hello interval for Level 2 independently. Use this on X.25, SMDS, and Frame Relay multiaccess networks. |
The default settings are as follows:
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
The hello interval multiplied by the hello multiplier equals the hold time.
The hello interval can be configured independently for Level 1 and Level 2. The level-1 and level-2 keywords are used on LAN interfaces.
A faster hello interval gives faster convergence, but increases bandwidth and CPU usage. It might also add to instability in the network. A slower hello interval saves bandwidth and CPU usage. Especially when used in combination with a higher hello multiplier, configuration of the slower hello interval may increase overall network stability. When the hello interval is configured on DIS interfaces, only one third of the interval value is used. Therefore, the hold time (hello interval multiplied by the hello multiplier) for DIS interfaces will also be one third the hold time for non-DIS interfaces.
Tune the hello interval and hello multiplier on point-to-point interfaces instead of LAN interfaces.
This command requires the Enterprise Services license.
This example shows how to configure the Ethernet interface 2/3 to advertise hello packets every 5 seconds. The router is configured to act as a station router. This configuration will cause more traffic than the traffic generated by configuring a longer interval, but topological changes will be detected earlier.
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 2/3 switch(config-if)# isis hello-interval 5 level-1 switch(config-if)#
Command |
Description |
---|---|
isis hello-multiplier |
Specifies the number of IS-IS hello packets that a neighbor must miss before the router should declare the adjacency as down. |
To specify the number of Intermediate System-to-Intermediate System (IS-IS) hello packets a neighbor must miss before the router should declare the adjacency as down, use the isis hello-multiplier command. To restore the default value, use the no form of this command.
isis hello-multiplier multiplier { level-1 | level-2 }
no isis hello-multiplier { level-1 | level-2 }
multiplier |
Integer value. Range: 3 to 1000. Default: 3. |
level-1 |
Configures the hello multiplier independently for Level 1 adjacencies. |
level-2 |
Configures the hello multiplier independently for Level 2 adjacencies. |
The default settings are as follows:
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
The holding time carried in an IS-IS hello packet determines how long a neighbor waits for another hello packet before declaring the neighbor to be down. This time determines how quickly a failed link or neighbor is detected so that routes can be recalculated. The advertised hold time in IS-IS hello packets will be set to the hello multiplier times the hello interval. Neighbors will declare an adjacency to this router down after not having received any IS-IS hello packets during the advertised hold time. The hold time (and thus the hello multiplier and the hello interval) can be set on a per-interface basis, and can be different between different routers in one area.
Using a smaller hello multiplier will give fast convergence, but can result in more routing instability. Increment the hello multiplier to a larger value to help network stability when needed. Never configure a hello multiplier lower than the default value of 3.
Use the isis hello-multiplier command in circumstances where hello packets are lost frequently and IS-IS adjacencies are failing unnecessarily. You can raise the hello multiplier and lower the hello interval (isishello-interval command) correspondingly to make the hello protocol more reliable without increasing the time required to detect a link failure.
On point-to-point links, there is only one hello for both Level 1 and Level 2, so different hello multipliers should be configured only for multiaccess networks such as Ethernet and FDDI. Separate Level 1 and Level 2 hello packets are also sent over nonbroadcast multiaccess (NBMA) networks in multipoint mode, such as X.25, Frame Relay, and ATM. However, we recommend that you run IS-IS over point-to-point subinterfaces over WAN NBMA media.
This command requires the Enterprise Services license.
This example shows how to increase network stability by making sure an adjacency will go down only when many (ten) hello packets are missed. The total time to detect link failure is 60 seconds. This configuration will ensure that the network remains stable, even when the link is fully congested.
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 2/3 switch(config-if)# ip router isis switch(config-if)# isis hello-interval 6 level-1 switch(config-if)# isis hello-multiplier 10 level-1
Command |
Description |
---|---|
isis hello-interval |
Specifies the length of time between hello packets that the Cisco NX-OS software sends. |
To differentiate between the link costs for Intermediate System-to-Intermediate System (IS-IS) IPv6 traffic, use the isis ipv6 metric command. To restore the default, use the no form of this command.
isis ipv6 metric metric-value { level-1 | level-2 }
no isis ipv6 metric metric-value { level-1 | level-2 }
metric-value |
Metric assigned to the link and used to calculate the cost from each other router via the links in the network to other destinations. You can configure this metric for Level 1 or Level 2 routing. Range: 1 to 16777215. Default: 10. |
level-1 |
Specifies that this metric should be used only in the SPF calculation for Level 1 (intraarea) routing. |
level-2 |
Specifies that this metric should be used only in the SPF calculation for Level 2 (interarea) routing. |
The default metric value is set to 10.
The metric is enabled on routing Level 1 and Level 2.
Address-family configuration mode
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
Specifying the level-1 or level-2 keyword resets the metric only for Level 1 or Level 2 routing, respectively.
We recommend that you configure metrics on all interfaces. If you do not configure metrics on all interfaces, the IS-IS metrics are similar to hop-count metrics.
This command requires the Enterprise Services license.
This example shows how to configure an IS-IS IPv6 metric:
switch# configure terminal switch(config)# router isis test1 switch(config-router)# address-family ipv6 unicast switch(config-router-af)# isis ipv6 metric 5 level-1
Command |
Description |
---|---|
isis metric |
Configures the value of an IS-IS metric, |
To configure the time delay between successive Intermediate System-to-Intermediate System (IS-IS) link-state packet (LSP) transmissions, use the isis lsp-interval command. To restore the default value, use the no form of this command.
isis lsp-interval milliseconds
no isis lsp-interval
milliseconds |
Time delay between successive LSPs (in milliseconds). Range: 10 to 65535. |
The default time delay is 33 milliseconds.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
In topologies with a large number of IS-IS neighbors and interfaces, a router may have difficulty with the CPU load imposed by LSP transmission and reception. This command allows the LSP transmission rate (and the reception rate of other systems) to be reduced.
This command requires the Enterprise Services license.
This example shows how to configure the system to send LSPs every 100 milliseconds (10 packets per second) on Ethernet interface 0/0:
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 0/0 switch(config-if)# isis lsp-interval 100
Command |
Description |
---|---|
isis retransmit-interval |
Configures the time between retransmission of each LSP (IS-IS link-state PDU) over point-to-point links. |
To optimize link-state packet (LSP) flooding in nonbroadcast multiaccess (NBMA) networks with highly meshed, point-to-point topologies, use the isis mesh-group command. To remove a subinterface from a mesh group, use the no form of this command.
isis mesh-group { number | blocked }
no isis mesh-group { number | blocked }
number |
Number identifying the mesh group of which this interface is a member. Range: 1 to 4294967295. |
blocked |
Specifies that no LSP flooding take place on this subinterface. |
The interface performs normal flooding.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
The LSPs that are first received on subinterfaces that are not part of a mesh group are flooded to all other subinterfaces in the usual way.
The LSPs that are first received on subinterfaces that are part of a mesh group are flooded to all interfaces except those in the same mesh group. If you enter the blocked keyword on a subinterface, then a newly received LSP is not flooded out over that interface.
To minimize the possibility of incomplete flooding, you should allow unrestricted flooding over at least a minimal set of links in the mesh. Selecting the smallest set of logical links that covers all physical paths results in very low flooding, but less robustness. Ideally, you should select only enough links to ensure that LSP flooding is not detrimental to scaling performance, but enough links to ensure that under most failure scenarios no router will be logically disconnected from the rest of the network. In other words, blocking flooding on all links permits the best scaling performance, but there is no flooding. Permitting flooding on all links results in very poor scaling performance.
This command requires the Enterprise Services license.
This example shows how to configure six interfaces are configured in three mesh groups. LSPs received are handled as follows:
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 1/0.1 switch(config-if)# isis mesh-group 10 switch(config)# router isis test1 switch(config-router)# interface ethernet 1/0.2 switch(config-if)# isis mesh-group 10 switch(config)# router isis test1 switch(config-router)# interface ethernet 1/1.1 switch(config-if)# isis mesh-group 11 switch(config)# router isis test1 switch(config-router)# interface ethernet 1/1.2 switch(config-if)# isis mesh-group 11 switch(config)# router isis test1 switch(config-router)# interface ethernet 1/2.1 switch(config-if)# isis mesh-group blocked switch(config)# router isis test1 switch(config-router)# interface ethernet 1/2.2 switch(config-if)# isis mesh-group 12
Command |
Description |
---|---|
router isis |
Enables the IS-IS routing protocol and specifies an IS-IS process. |
To configure the value of an Intermediate System-to-Intermediate System (IS-IS) metric, use the isis metric command. To restore the default metric value, use the no form of this command.
isis metric metric-value { level-1 | level-2 }
no isis metric metric-value { level-1 | level-2 }
metric-value |
Metric assigned to the link and used to calculate the cost from each other router via the links in the network to other destinations. You can configure this metric for Level 1 or Level 2 routing. Range: 1 to 16777215. Default: 10. |
level-1 |
Specifies that this metric should be used only in the SPF calculation for Level 1 (intraarea) routing. If you do not specify an optional keyword, the metric is enabled on routing Level 1 and Level 2. |
level-2 |
Specifies that this metric should be used only in the SPF calculation for Level 2 (interarea) routing. If you do not specify a level, the metric is enabled on routing Level 1 and Level 2. |
The default metric value is set to 10.
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Specifying the level-1 or level-2 keyword resets the metric only for Level 1 or Level 2 routing, respectively.
We recommend that you configure metrics on all interfaces. If you do not configure metrics on all interfaces, the IS-IS metrics are similar to hop-count metrics.
We recommend that you use the metric-style wide command to configure IS-IS to use the new-style type, length, value (TLV) because TLVs that are used to advertise IPv4 information in link-state packets (LSPs) are defined to use only expanded metrics. The Cisco NX-OS software provides support of a 24-bit metric field, the 24-bit metric field is called the wide metric. Using the new metric style, link metrics now have a maximum value of 16777215 with a total path metric of 4261412864.
This command requires the Enterprise Services license.
This example shows how to configure Ethernet interface 3/2 for a link-state metric cost of 15 for Level 1:
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 3/2 switch(config-if)# isis metric 15 level-1
Command |
Description |
---|---|
metric-style wide |
Configures a router running IS-IS so that it generates and accepts only new-style TLVs. |
To suppress adjacency forming on the interface, but still advertise the prefix associated with the interface, use the isis passive command. To disable suppression, use the no form of this command.
isis passive { level-1 | level-1-2 | level-2-only }
no isis passive { level-1 | level-1-2 | level-2-only }
level-1 |
Suppresses Level 1 PDU only. |
level-1-2 |
Suppresses Level 1 and Level 2 PDU. |
level-2-only |
Suppresses Level 2 PDU only. |
The default settings are as follows:
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
This command is not necessary on a loopback interface. Use the ip router isis command in interface configuration mode on a loopback interface to associate that interface with the IS-IS instance.
This command requires the Enterprise Services license.
This example suppresses adjacency for Ethernet interface 3/2 at Level 1:
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 3/2 switch(config-if)# isis passive level-1
To block sending of routing updates on an Intermediate System-to-Intermediate System (IS-IS) interface, use the isis passive-interface command. To revert to the default settings, use the no form of this command.
isis passive-interface { level-1 | level-1-2 | level-2 }
level-1 |
Suppresses level-1 PDU. |
level-1-2 |
Suppresses level-1 and level-2 PDU. |
level-2 |
Suppresses level-2 PDU. |
None
Interface configuration mode
Release |
Modification |
---|---|
6.2(2) |
This command was introduced. |
This command requires the Enterprise Services license.
This example shows how to block the sending of routing updates on an IS-IS interface:
switch# configure terminal switch(config)# router isis 1 switch(config-router)# passive-interface default level-1 switch(config-router)# exit switch# configure terminal switch(config)# interface GigabitEthernet 0/0/0/ switch(config-if# isis passive-interface level-1 switch(config-if#
Command |
Description |
---|---|
no isis passive-interface |
Re-enables sending of routing updates on an IS-IS interface and activates only those interfaces that need adjacencies. |
To configure the priority of designated routers, use the isis priority command in interface configuration mode. To reset the default priority, use the no form of this command.
isis priority number-value [ level-1 | level-2 ]
no isis priority [ level-1 | level-2 ]
number-value |
Priority of a router and is a number from 0 to 127. The default value is 64. |
level-1 |
(Optional) Sets the priority for Level 1 independently. |
level-2 |
(Optional) Sets the priority for Level 2 independently. |
Priority of 64Level 1 and Level 2
Interface configuration
Release |
Modification |
---|---|
4.0(1) |
This command was introduced. |
Priorities can be configured for Level 1 and Level 2 independently. Specifying the level-1 or level-2 keyword resets priority only for Level 1 or Level 2 routing, respectively.
The priority is used to determine which router on a LAN will be the designated router or Designated Intermediate System (DIS). The priorities are advertised in the hello packets. The router with the highest priority will become the DIS.
In Intermediate System-to-Intermediate System (IS-IS), there is no backup designated router. Setting the priority to 0 lowers the chance of this system becoming the DIS, but does not prevent it. If a router with a higher priority comes on line, it will take over the role from the current DIS. In the case of equal priorities, the highest MAC address breaks the tie.
This command requires the Enterprise Services license.
This example shows how to set the priority level to 80. So that the router is now more likely to become the DIS:
switch# configure terminal switch(config)# router isis test1 switch(config-router)# interface ethernet 3/2 switch(config-if)# isis priority 80 level-1