Search the Catalog
Cisco IOS in a Nutshell

Cisco IOS in a Nutshell

By James Boney
December 2001
1-56592-942-X, Order Number: 942X
606 pages, $34.95

Excerpt
Reference Section I

ignore-dcd

interface

ignore-dcd

no ignore-dcd

Configures

Determination of a link's status

Default

A DTE serial interface monitors the DCD signal

Description

This command tells the interface to ignore the DCD signal and use the DSR signal to determine whether the link is up or down. By default, all DTE serial interfaces monitor the DCD signal for the link's status.

interface

global

interface interface.subinterface [{point-to-point | multipoint}]

Configures

Allows configuration of a given interface

Default

None

Description

This command enters the interface configuration mode for the given interface and subinterface. The interface most commonly consists of an interface type followed by the number of the particular interface (for example, ethernet0). A space is allowed (and commonly used) between the interface type and the number. Table I-1 shows the most common interface types. On more complex routers, the interface number can be specified in a number of different ways: as a slot/port combination, as a slot/adapter/port combination, or as a slot/port:channel-group combination. The appropriate form depends on the hardware you're dealing with. The interface specification can include a subinterface number; subinterfaces are most common when using protocols like Frame Relay or ATM, which can package a number of communications channels on a single physical connection. The point-to-point keyword indicates that a subinterface is logically connected to a single remote node; multipoint indicates that it is logically connected to a number of remote nodes. multipoint and point-to-point are most commonly used on Frame Relay and ATM interfaces.

Table I-1: Common interface types

Type

Description

async

An asynchronous interface (a standard terminal or modem line)

atm

ATM

bri

ISDN BRI (2 B channels)

dialer

Dial-on-demand interface (see the interface dialer command)

ethernet

Ethernet

fastethernet

100 Mbps Ethernet

fddi

FDDI

gigabitethernet

Gigabit Ethernet

group-async

A logical grouping of asynchronous interfaces to which all configuration commands apply (See the interface group-async command)

hssi

High-speed serial interface

lex

Lan extender

loopback

The internal software virtual interface

null

Null interface; packets sent to this interface are discarded.

pos

OC-3/SONET

serial

Serial interface (used for leased line, T1, and T3)

tokenring

Token ring

tunnel

A virtual interface for a tunnel configuration

interface bvi

global

interface bvi bridge-group-number

no interface bvi bridge-group-number

Configures

Bridging

Default

None

Description

The Bridge Virtual Interface (BVI) becomes available on routers when the bridge irb command has been given. This interface allows the router to route and bridge the same protocol over the same interface. The bridge group-number must match the bridge group defined for the bridge.

Example

In this configuration, serial0 and serial1 are bridged, and traffic is routed through those interfaces out through ethernet0:

bridge irb
bridge 1 protocol ieee
!
interface serial0
 bridge-group 1
!
interface serial
  bridge-group 1
!
interface ethernet 0
  ip address 10.11.1.1 255.255.255.0
!
! Configure the virtual bvi interface with a bridge group number of 1
interface bvi 1
  ip address 10.10.3.1 255.255.255.0
!
! Now configure the routing for the bridge
bridge 1 route ip

interface dialer

global

interface dialer number

no interface dialer number

Configures

A dialer configuration

Default

None

Description

This command allows you to define a virtual dialer configuration that can be applied to a set of physical interfaces. Once you configure this interface, you can make other interfaces use this configuration by using the dialer rotary-group command. number is the virtual interface number, and can be a value from 0 to 9.

Example

interface dialer 0
  encapsulation ppp
  dialer in-band
  dialer map ip 10.1.1.1 name bob 5551111
!
interface async 1
  dialer rotary-group 0

interface group-async

global

interface group-async number

no interface group-async number

Configures

A group of interfaces that can share configuration parameters

Default

None

Description

This command allows you to create a group of async interfaces to which you can apply commands. Actual interfaces that belong to the group inherit the settings you apply to this virtual interface. The group-range command defines which physical async interfaces are included in the group. A physical interface can belong only to one group.

Example

The following commands define a group-async interface that includes async interfaces 1 through 7. The ip unnumbered and async mode commands apply to all the interfaces in the group.

interface group-async 0
  group-range 1 7
  ip unnumbered ethernet0
  async mode interactive

ip access-group

interface

ip access-group access-list [in | out]

no ip access-group access-list [in | out]

Configures

Assigns an access list to an interface

Default

No access lists defined

Description

This command applies the given access list to the interface in the direction specified (in or out). Access-list commands are discussed in Chapter 7. Each interface can support only one access list in either direction.

Example

The following commands apply access list 110 to filter incoming packets on the serial1 interface, and access list 111 to filter outgoing packets:

interface serial1
  ip access-group 110 in
  ip access-group 111 out

To remove an access list from an interface, use the no form of this command:

interface serial1

no ip access-group 111 out

If you use the no access-list command instead of no ip access-group, your access list will be deleted. Be sure to use no ip access-group when removing lists from interfaces.

ip access-list

global

ip access-list {standard | extended} name

Configures

Named access lists

Default

None

Description

This command allows you to create a named access list. A named access list is really no different from a numbered access list as defined by the access-list command, except that it is identified by a logical name. A named access list may be either standard or extended. This command is followed by permit and deny commands that specify the access-list rules. For more about access lists, see Chapter 7 and the discussion of the access-list command.

Example

The following commands defines a named access list that allows HTTP traffic from any host to the server at 10.1.2.3 and permits all other TCP traffic that has the SYN flag set:

ip access-list extended bogus-firewall 
  permit tcp any host 10.1.2.3 eq http
  permit tcp any any established

Remember that all access lists end with an implicit deny, which rejects all traffic not permitted by a statement in the access list.

ip accounting

interface

ip accounting [access-violations]

no ip accounting [access-violations]

Configures

IP accounting for an interface

Default

Disabled

Description

This command enables IP accounting based on the source and destination IP addresses that are passing through this router. Traffic that terminates at the router is not logged. The access-violations option enables logging based on access lists. For an access list to log information, the log keyword must be specified at the end of the access-list command.

Example

The following interface has IP accounting enabled and logs access-list violations:

interface serial 1
  ip address 10.10.2.3 255.255.255.0
  ip access-group 110 in
  ip accounting access-violations
! Deny telnet to the outside and log it when someone tries
access-list 110 deny tcp 10.10.2.0 0.0.0.255 any eq 23 log
access-list 110 permit ip any any

ip accounting-list

global

ip accounting-list address mask

no ip accounting-list address mask

Configures

An accounting filter

Default

None

Description

This command defines an IP address and wildcard mask for use as an accounting filter. Once a filter has been created, traffic is logged only if it matches the filter. If an IP address fails to match this filter, it is considered a transit IP packet and is logged to a separate table. See ip accounting-transits.

Example

The following command logs traffic to and from the 10.10.0.0 network:

ip accounting-list 10.10.0.0 0.0.255.255

ip accounting-threshold

global

ip accounting-threshold log-size

no ip accounting-threshold log-size

Configures

The IP accounting log table

Default

512 entries

Description

This command sets the size of the IP accounting table to log-size bytes. Each entry takes up to 26 bytes. Therefore, an accounting table defined at 100 entries could consume up to 2600 bytes of memory. This calculation should be kept in mind when defining new thresholds, as memory usage has adverse affects on the router.

Example

To double the accounting buffer:

ip accounting-threshold 1024

ip accounting-transits

global

ip accounting-transits number

no ip accounting-transits

Configures

The table used for logging transit IP addresses

Default

None

Description

This command sets the size of the table for transit IP accounting to number entries. A transit IP packet is any packet with a source or destination that does not match the filter defined in the ip accounting-list command. If no accounting filters are defined, there are no transit IP packets.

Example

To set the transit table to 200 entries:

ip accounting-transits 200

ip address

interface

ip address address subnet-mask [secondary]

no ip address address subnet-mask [secondary]

Configures

The IP address for an interface

Default

No IP address

Description

This command sets the IP address for the interface to address; the network mask used on the network is subnet-mask. The secondary keyword is used to apply a second (or third, or fourth...) address to an interface. It is allowed only if the interface allows multiple IP addresses.

Example

This command sets the IP address of the ethernet 0 interface to 10.10.1.1 and the subnet mask to 255.255.255.0:

interface ethernet 0
  ip address 10.10.1.1 255.255.255.0

The following commands use the secondary keyword to add a second IP address to the ethernet 0 interface:

interface ethernet 0

ip address 10.10.1.1 255.255.255.0

ip address 10.10.2.1 255.255.255.0 secondary

This interface will now answer and provide routing for both the 10.10.1.0/24 and 10.10.2.0/24 subnets.

ip address negotiated

interface

ip address negotiated

no ip address negotiated

Configures

PPP/IPCP address negotiation

Default

Disabled

Description

This command configures an interface to obtain its IP address via PPP.

ip address-pool

global

ip address-pool [dhcp-proxy-client | local]

no ip address-pool

Configures

Default address pooling

Default

Disabled

Description

This command provides an IP address pool to be used on dial-in or ISDN interfaces.

dhcp-proxy-client
Optional. The router works as a proxy between the dial-in peers and the DHCP server to provide the address pool.

local
Optional. Tells the router to use the local address pool.

ip alias

global

ip alias ip-address port

no ip alias ip-address

Configures

IP address mapping for reverse telnet

Default

None

Description

This command allows you to provide aliases in the form of IP addresses for various ports on the router. This feature is helpful if you are configuring a communication server with reverse telnet.

ip-address
The IP address of the port for which you want to establish an alias.

port
The port that you want to use as an alias for the IP address.

Example

Say we have a communication server (router) with three ports to which we allow reverse telnet access: 2001, 2002, and 2003. Instead of requiring users to type the router's IP address and the port every time, we assign (alias) an available IP address to each of our ports. The following commands create three IP address aliases (172.30.1.1, 172.30.1.2, and 172.30.1.3):

ip alias 172.30.1.1 2001
ip alias 172.30.1.2 2002
ip alias 172.30.1.3 2003

ip as-path access-list

global

ip as-path access-list access-list {permit|deny} as-regex

no ip as-path access-list access-list {permit|deny} as-regex

Configures

A BGP access list

Default

None

Description

This command allows you to build an access list for BGP autonomous system (AS) paths. These lists can be applied to a neighbor with the filter-list option to the neighbor command. access-list is a number that identifies the list; as-regex is a regular expression that matches AS paths. For more information on valid regular expressions for BGP, see Chapter 10.

Example

The following commands create an AS-path access list that denies (blocks) routes that include AS 111. This access list is then applied to routes that are sent to the BGP neighbor 11.1.1.1. 

ip as-path access-list 1 deny _111_
 
router bgp 120
  network 10.1.0.0
  neighbor 11.1.1.1 remote-as 200
  neighbor 11.1.1.1 filter-list 1 out

ip authentication

interface

ip authentication key-chain eigrp as-number key-chain
no ip authentication key-chain eigrp as-number key-chain

ip authentication mode eigrp as-number md5
no ip authentication mode eigrp as-number md5

Configures

Authentication of EIGRP packets

Default

None

Description

The ip authentication key-chain command defines the key chain to be used for authenticating EIGRP packets. It is used with the ip authentication mode eigrp command, which applies the key chain to the correct EIGRP process. Key chains are defined with the global key chain command.

as-number
The EIGRP process to which this key applies.

key-chain
The name of an EIGRP key chain.

Example

interface ethernet 0
  ip authentication key-chain eigrp 100 key1
  ip authentication mode eigrp 100 md5

ip bandwidth-percent eigrp

interface, EIGRP

ip bandwidth-percent eigrp as-number percent-value

Configures

The bandwidth that EIGRP is allowed to use

Default

50 percent

Description

This command sets the bandwidth percentage that EIGRP is allowed to consume on a link. It is particularly useful if the link's bandwidth has been set to a fake value for some reason (such as metrics).

as-number
The EIGRP process whose bandwidth is being limited.

percent-value
The percentage of the interface's total bandwidth that can be used by EIGRP. The interface's bandwidth is defined by the bandwidth command and may not be the same as the actual bandwidth available on the link. Note that percent-value may be greater than 100; this is useful if the bandwidth has been set to an artificially low value and doesn't reflect the actual capacity of the link.

ip bgp-community new-format

global

ip bgp-community new-format

no ip bgp-community new-format

Configures

Display of the BGP communities

Default

Disabled

Description

This command changes the display of BGP communities from NN:AA to AA:NN.

ip bootp server

global

ip bootp server

no ip bootp server

Configures

Use of a BOOTP server from the network

Default

Enabled

Description

This command enables or disables the router's BOOTP server. Disabling this feature prevents hosts from accessing the BOOTP service on the router; that is, the router won't act as a BOOTP server.

ip broadcast-address

interface

ip broadcast-address address

no ip broadcast-address address

Configures

A broadcast address for an interface

Default

Depends on the settings in the config-register

Description

This command specifies the interface's broadcast address. All hosts on the network to which the interface is connected must use the same broadcast address. Broadcast addresses are usually formed by setting the "host address" portion of the IP address to 1, which is the default for the router and virtually all modern computer systems. Some very old systems may form the broadcast address by setting the host portion to 0, and may be incapable of using the "1" form. In this case, you must explicitly set the broadcast address of the router interface (and all other hosts on the network) to use the older form.

Example

The following code changes the broadcast IP address for serial 0 to 10.10.10.255:

interface serial 0
    ip broadcast-address 10.10.10.255

ip cef

global

ip cef [distributed]

no ip cef

Configures

Cisco Express Forwarding (CEF)

Default

Depends on the hardware: disabled on the 7000 and 7200; enabled on the 7500 and 12000

Description

This command enables CEF on the router. CEF is a Layer 3 switching technology that increases network performance for certain types of network traffic. The optional distributed keyword enables distributed CEF (dCEF), which distributes CEF information to line cards on the router.

ip cef traffic-statistics

global

ip cef traffic-statistics [load-interval seconds] [update-rate seconds]

no ip cef traffic-statistics

Configures

Time intervals that control when NHRP creates or destroys an SVC

Default

load-interval is 30 seconds; update-rate is 10 seconds

Description

This command sets the intervals that NHRP uses when building or tearing down an SVC. The load-interval is used in conjunction with the ip nhrp trigger-svc command; its value can range from 30 to 300 seconds. The update-rate is the frequency, in seconds, at which the port adapter sends statistics to the route processor (RP). When using NHRP in distributed CEF switching mode, the update rate must be set to 5 seconds.

ip classless

global

ip classless

no ip classless

Configures

IP classless routing for the router

Default

Depends on the IOS version

Description

This command enables routing based on "classless" addresses. With classless routing, packets can be routed if the router knows a route for a supernet of the addressee. Without classless addressing, the packet is discarded if it arrives at the router and there is no network route for its destination. Assume that a packet arrives with the destination of 10.10.1.5, but we have routes only for 10.10.2.0/24, 10.10.3.0/24, and 10.10.0.0/16. With IP classless routing enabled, the router forwards the packet to the 10.10.0.0/16 network because 10.10.0.0/16 is the best matching supernet of 10.10.1.5.

ip community-list

global

ip community-list number {permit | deny} community

no ip community-list number

Configures

A community list for BGP

Default

None

Description

This command defines a community list, which is basically an access list for a BGP community. A community list can be used with the match community command in a route-map configuration.

number
A value identifying the community list that this command belongs to. Values can be 1 to 99.

permit | deny
Permits or denies the given community.

community
The community to permit or deny. This parameter may be a community number between 1 and 99, or one of the default community names (internet, no-export, no-advertise).

Example

ip community-list 1 permit internet

ip default-gateway

global

ip default-gateway address

no default-gateway address

Configures

The default gateway for the router

Default

None

Description

This command establishes address as the router's default gateway, which is the gateway to which nonlocal packets are forwarded in the absence of a better route. It is useful if the no ip routing command has been issued or if you are running from boot mode, in which IP routing is disabled. This command allows you to forward traffic to the default gateway when routing is disabled. Use the no form of this command to remove the entry from the router's configuration.

ip default-network

global

ip default-network network

no ip default-network network

Configures

Gateway of last resort

Default

None

Description

This command defines a gateway of last resort. The network argument is a network address; any route to the network becomes the default route. For RIP, this is the 0.0.0.0 route; for OSPF, it is an external route.

ip dhcp-server

global

ip dhcp-server address

no ip dhcp-server address

Configures

The DHCP server for the router to use

Default

None

Description

Specifies the address of the DHCP server for this router. You can provide the hostname of the DHCP server instead of its IP address. This DHCP server is then used for creating address pools with the ip address-pool command.

ip directed-broadcast

interface

ip directed-broadcast [access-list]

no ip directed-broadcast

Configures

Broadcast forwarding

Default

Enabled (disabled for IOS 12.0 and later)

Description

By default, the router automatically translates directed broadcasts to physical broadcasts within your network. In other words, Layer 3 broadcasts to the IP broadcast address (10.10.1.255 for the subnet 10.10.1.0/24) are translated into Layer 2 broadcasts with an address appropriate for the interface (e.g., ff:ff:ff:ff:ff:ff for an Ethernet interface).

While this can be useful, an interface that is configured to the outside world could allow a potential hacker to flood your network by pinging the broadcast address on your interface. It is recommended that directed-broadcast is disabled on your external interfaces to prevent this attack from occurring. Directed broadcast is also the primary mechanism used for the "smurf" attack. It is recommended that you disable directed broadcast on all your interfaces unless you have a very good reason to use it.

Example

To disable directed broadcasts:

interface serial 0
     no ip directed-broadcast

ip domain-list

global

ip domain-list domain

no ip domain-list domain

Configures

The domain names for the router

Default

None

Description

This command allows you to define a series of domain names to be used (in turn) to complete an unqualified domain name. It behaves just like the domain-name command except that it allows you to list a series of domains.

Example

These commands set the domain list to mydomain.com, com.com, and mycom.com:

ip domain-list mydomain.com
ip domain-list com.com
ip domain list mycom.com

Use the no form of the command to delete an entry:

no ip domain-list com.com

ip domain-lookup

global

ip domain-lookup

no ip domain-lookup

Configures

DNS lookups for hostnames

Default

Enabled

Description

This command enables the DNS lookup feature. To disable DNS, use the no form of this command. Disabling this feature is useful because you don't usually want the router trying to perform a DNS lookup on every word that you type at the command prompt. (You can accomplish the same thing by enabling transport preferred none on all lines.) Furthermore, if you are having network problems, you may not be able to reach any DNS servers to perform lookups.

Example

To disable DNS lookups:

no ip domain-lookup

ip domain-name

global

ip domain-name domain

no ip domain-name domain

Configures

The domain name for the router

Default

None

Description

This command sets the domain name that the router will use to complete any unqualified domain names.

Example

Here, all unqualified hostnames are taken to be in the mydomain.com domain:

ip domain-name mydomain.com

ip dvmrp accept-filter

interface

ip dvmrp accept-filter access-list [distance] [neighbor-list access-list]

no dvmrp accept-filter access-list

Configures

Incoming filter for DVMRP reports

Default

All reports are accepted with a distance of 0

Description

This command applies an access list to incoming DVMRP reports. The lower the distance, the higher the precedence of the route when computing the Reverse Path Forwarding value.

access-list
The number of a standard IP access list (0-99). Routes matching the access list are assigned the given administrative distance. If the access list number is 0 (which is not a legal access list number), all reports are accepted with the given administrative distance.

distance
Optional. The administrative distance to be assigned to routes matching the filter. Default is 0.

neighbor-list list
Optional. The number of a standard IP access list (1-99). DVMRP reports are accepted only from neighbors who match this access list.

ip dvmrp auto-summary

interface

ip dvmrp auto-summary

no ip dvmrp auto-summary

Configures

DVMRP auto summarization

Default

Enabled

Description

Auto summarization occurs when a route is summarized into a classful network route. Use the no form of this command to disable it, which you will want to do if you are using the ip dvmrp summary-address command.

ip dvmrp default-information

interface

ip dvmrp default-information {originate | only}

no dvmrp default-information

Configures

Advertises a default route to DVMRP neighbors

Default

Disabled

Description

This command causes the default route (0.0.0.0) to be advertised to DVMRP neighbors.

originate
Routes more specific than 0.0.0.0 can be advertised.

only
Only the default route is advertised.

ip dvmrp metric

interface

ip dvmrp metric metric [list access-list] [[protocol process-id] | [dvmrp]

no ip dvmrp metric

Configures

Metrics for DVMRP

Default

1

Description

This command lets you specify a metric to be used with the DVMRP routing protocol. The specified metric is assigned to multicast destinations that match the access list.

metric
The metric associated with DVMRP reports; it can range from 0 to 32. 0 means the route is not advertised; 32 means that the route's destination is unreachable.

list access-list
Optional. If used, this metric is assigned only to multicast destinations that match the access list.

protocol
Optional. bgp, eigrp, igrp, isis, ospf, rip, static, or dvmrp.

process-id
Optional. The process ID of the routing protocol, if required.

dvmrp
Optional. Allows routes from the DVMRP routing table to be advertised with the configured metric route map.

ip dvmrp metric-offset

interface

ip dvmrp metric-offset [in | out] value

no ip dvmrp metric-offset

Configures

Metrics of advertised DVMRP routes

Default

in; the default value for in is 1; for out is 0

Description

This command allows you to increment the metric for DVMRP routes. The given value is added to either metrics received (in) or metrics sent (out) by the router.

ip dvmrp output-report-delay

interface

ip dvmrp output-report-delay milliseconds [burst-packets]

no ip dvmrp output-report-delay

Configures

Interpacket delay of a DVMRP report

Default

100 milliseconds; 2 burst packets

Description

This command sets the number of milliseconds that elapse between packets of a DVMRP report.

milliseconds
Number of milliseconds between transmission of packets.

burst-packets
Optional. The number of packets in the set being transmitted.

ip dvmrp reject-non-pruners

interface

ip dvmrp reject-non-pruners

no ip dvmrp reject-non-pruners

Configures

Peering with DVMRP non-pruners

Default

Disabled

Description

When enabled, this feature tells the interface not to peer with DVMRP hosts that do not support pruning. By default, the router will peer with all DVMRP neighbors.

ip dvmrp routehog-notification

global

ip dvmrp routehog-notification route-count

no ip dvmrp routehog-notification

Configures

Number of routes accepted before a syslog message is generated

Default

10,000

Description

This command sets the number of DVMRP routes that can be accepted within one minute to route-count. If more than this number of routes is accepted within a minute, the router generates a syslog message. This usually helps capture any router that is misconfigured and injecting too many routes.

ip dvmrp route-limit

global

ip dvmrp route-limit count

no ip dvmrp route-limit count

Configures

Number of advertised DVMRP routes

Default

7000

Description

This command sets the limit on the number of DVMRP routes that can be advertised over an interface to count.

ip dvmrp summary-address

interface

ip dvmrp summary-address address mask [metric value]

no ip dvmrp summary-address address mask

Configures

A summary DVMRP route

Default

None

Description

This command configures a summary DVMRP route to be advertised over an interface.

address
The IP address of the summary route.

mask
The network mask of the summary route.

metric value
Optional. The metric to be assigned to the summary address. Default is 1.

ip dvmrp unicast-routing

interface

ip dvmrp unicast-routing

no dvmrp unicast-routing

Configures

DVMRP unicast routing

Default

Disabled

Description

This command enables DVMRP unicast routing on the interface.

ip forward-protocol

global

ip forward-protocol {udp [port] | any-local-broadcast | spanning-tree | turbo-flood}

no ip forward-protocol

Configures

Forwarding of broadcast packets for certain services

Default

Enabled with the ip helper-address command

Description

When the ip helper-address command is configured for an interface, the router "helps" hosts find certain UDP services by forwarding the packets. These services are BOOTP (DHCP), DNS, TFTP, TACACS, TIME, and NetBIOS name and datagram servers. This command allows you to define additional UDP ports that you want forwarded automatically to the helper IP address.

port
Optional. Without this parameter, all the default UDP ports listed here are forwarded. This keyword allows you to forward a specific port. You can disable a default port with the no version of this command.

any-local-broadcast
Forwards any broadcasts including local subnet broadcasts.

spanning-tree
Forwards IP broadcasts that meet the following criteria: First, it must be a MAC level broadcast; second, it must be an IP level broadcast; and third, it must be TFTP, DNS, NetBIOS, ND, TIME, BOOTP, or any other UDP packet specified by an ip forward-protocol udp command.

turbo-flood
Speeds up the flooding of UDP datagrams when using the spanning-tree algorithm. This command should be used in conjunction with the ip forward-protocol spanning-tree command.

Example

To forward port 21000 for a specific application:

ip forward-protocol udp 21000

ip ftp passive

global

ip ftp passive

no ip ftp passive

Configures

Passive FTP mode

Default

Disabled (normal FTP)

Description

This command configures the router to use passive FTP. Passive FTP is often used when connecting through firewalls or access lists that block normal FTP connections. With passive FTP, the file transfer occurs on the same port as the initial connection. You may need to use passive FTP when copying a file or image to an FTP server.

ip ftp password

global

ip ftp password [encryption-level] password

no ftp password

Configures

The FTP password

Default

username@routername.domain

Description

This command sets the password to be used for FTP connections. The default password is appropriate for anonymous FTP connections. If you do not use anonymous FTP, you must use this command to provide an appropriate secret password. The encryption-level allows you to encrypt the password within the router's configuration, so people who have access to the configuration file won't learn it. The encryption-level may be 0 or 7; 0 does not encrypt the password, while 7 uses a proprietary (but not particularly strong) encryption scheme.

ip ftp source-interface

global

ip ftp source-interface interface

no ip ftp source-interface

Configures

The FTP source address

Default

The IP address of the interface closest to the destination

Description

This command sets the source address for FTP connections to the IP address of the given interface.

ip ftp username

global

ip ftp username username

no ip ftp username

Configures

The FTP username

Default

anonymous

Description

This command sets the username for FTP connections. If no username is supplied, the router attempts an anonymous FTP file transfer.

Example

The following commands configure the router to use passive FTP with the username saul and the password pleaseletmein.

ip ftp passive
ip ftp username saul
ip ftp password pleaseletmein

ip hello-interval eigrp

interface

ip hello-interval eigrp as-number seconds

no ip hello-interval eigrp as-number seconds

Configures

Hello interval for EIGRP

Default

5 seconds

Description

This command sets the interval at which EIGRP hello discovery packets are sent out on a link. The default value for the hello interval is 5 seconds. On links where latency is high, changing this value to a higher number can be advantageous.

as-number
The EIGRP process number (frequently called an AS number).

seconds
The interval between hello discovery packets.

ip helper-address

interface

ip helper-address address

no ip helper-address address

Configures

IP address to which certain broadcast UDP packets are forwarded

Default

Disabled

Description

This command sets the helper address to address. The helper address should be the address of a host that can answer UDP requests from other hosts. The router sees these requests broadcasted on a LAN interface and forwards them to the helper address (generally a unicast address) if one is defined. A helper is particularly useful for DHCP requests; without some kind of forwarding, DHCP requires you to have a separate server on every subnet. By itself, this command forwards packets for the BOOTP (DHCP), DNS, TFTP, TACACS, TIME, and NetBIOS name and datagram services. The ip forward-protocol command can be used to forward additional UDP services.

Example

To configure interface ethernet 0 to have a helper address:

interface ethernet 0
  ip address 10.10.1.2 255.255.255.0
  ip helper address 10.10.2.5

ip hold-time eigrp

interface

ip hold-time eigrp as-number seconds

no ip hold-time eigrp as-number seconds

Configures

Hold time for EIGRP networks

Default

15 seconds

Description

This command defines the number of seconds that a route is held before hearing from a neighbor router. If the router doesn't hear from a neighbor within this time, the routes from that neighbor are considered invalid. The default holdtime is three times the hello interval, which is 15 seconds on most links. Slower links might have a holdtime of 180 seconds and a hello interval of 60 seconds.

as-number
The EIGRP process number (frequently called an AS number)

seconds
The holdtime for this EIGRP process.

ip host

global

ip host name [tcp-port] address [address]

no ip host name address

Configures

A static hostname that maps to one or more IP addresses

Default

None

Description

This command allows you to define an IP address for a hostname. Each hostname can have up to eight IP addresses associated with it. This is similar to a host file on a workstation (for example, the /etc/hosts file on Unix).

name
The name of a host.

tcp-port
Optional. The port to connect to on the host when using the telnet command.

address
The address assigned to the host.

Example

The following commands define two IP hosts; the second one has two IP addresses:

ip host gateway1 10.10.1.1
ip host gateway2 10.10.1.2 10.10.1.3

ip http

global

ip http server
no ip http server

ip http access-class access-list
no ip http access-class access-list

ip http authentication method
no ip http authentication method

ip http port port
no ip http port port

Configures

Web IOS interface

Default

Disabled; when enabled, listens on port 80

Description

This command configures support for the Web IOS interface software. This feature enables an HTTP server on the router and allows you to configure the router by pointing any web browser at this server. The access-class option lets you specify an access list that limits access to the HTTP server. The port option lets you specify the port on which the server listens.

The acceptable authentication methods are enable, local, tacacs, and aaa.

Example

The following commands enable the web browser interface and specify a non-default port:

ip http server
ip http port 8008

ip identd

global

ip identd

no ip identd

Configures

Identification support

Default

Disabled

Description

This command enables the IDENTD identification protocol. To disable IDENTD, use the no form of the command.

ip igmp access-group

interface

ip igmp access-group access-list version

no ip igmp access-group access-list version

Configures

Controls multicast groups

Default

All groups are enabled; version 2

Description

This command allows you to set an access-list that controls which groups are available on the interface for hosts to join. If a host is in the access list, it will be allowed to join multicast groups. The version parameter changes the IGMP version.

ip igmp helper-address

interface

ip igmp helper-address ip-address

no ip igmp helper-address ip-address

Configures

Forwards IGMP messages to another IP address

Default

Disabled

Description

This command causes all IGMP Host Reports and Leave messages to be sent to the host specified by the ip-address parameter.

ip igmp join-group

interface

ip igmp join-group group-address

no ip igmp join-group group-address

Configures

Has the router join a multicast group

Default

None

Description

This command causes the router to join the multicast group specified by the IP group address on the interface.

ip igmp query-interval

interface

ip igmp query-interval seconds

no ip igmp query-interval seconds

Configures

Query message interval

Default

60 seconds

Description

This command configures the router to send IGMP host-query messages at the specified interval. Changing this value may affect multicast forwarding.

ip igmp query-max-response-time

interface

ip igmp query-max-response-time seconds

no ip igmp query-max-response-time seconds

Configures

Response time advertised in IGMP query packets

Default

10 seconds

Description

This command sets the time in seconds that the responder has to respond to a query before the router deletes the group. This command works only with IGMP Version 2.

ip igmp query-timeout

interface

ip igmp query-timeout seconds

no ip igmp query-timeout seconds

Configures

Query timeout

Default

2 times the query interval

Description

This commmand sets the query timeout period in seconds. This is the time that the router waits after the last querier stops querying, and takes over as the querier.

ip igmp static-group

interface

ip igmp static-group group-address

no ip igmp static-group group-address

Configures

A static igmp group for the router

Default

Disabled

Description

This command enrolls the router in the multicast group specified by the group-address. Unlike the ip igmp join-group command, this command allows packets to the group to be fast-switched out the interface.

ip igmp version

interface

ip igmp version { 1 | 2 }

no ip igmp version

Configures

The IGMP version type

Default

2

Description

This command sets the version number of IGMP supported by the router (1 or 2). Make sure that your hosts support the same version. Version 3 is planned for later releases of the IOS.

ip irdp

interface

ip irdp [multicast | holdtime seconds | maxadvertinterval seconds | minadvertinterval seconds | preference value | address ip-address [preference]]

no ip irdp

Configures

IRDP

Default

Disabled

Description

This command enables ICMP Router Discovery Protocol (IRDP) on an interface. Other hosts on the network can use this protocol to negotiate a default router based on the preference parameter.

This command has many options. Instead of writing a single long command, it's often more convenient to issue a number of shorter commands, each setting one option.

multicast
Optional. Tells the router to use the multicast address instead of the broadcast address for IRDP.

holdtime seconds
Optional. The time in seconds that advertisements are held. By default, this value is three times the maxadvertinterval.

maxadvertinterval seconds
Optional. Sets the maximum interval in seconds between advertisements. The default is 600 seconds.

minadvertinterval seconds
Optional. Sets the minimum interval in seconds between advertisements. The default is the maximum interval.

preference value
Optional. Sets the preference value for this router, which is used by the routers running IRDP to select the default gateway. The default preference is 0. The higher the preference, the more preferred this router is to hosts.

address ip-address [preference]
Optional. Tells the router to generate proxy advertisements for the given ip-address. If you specify a preference, it is associated with the given ip-address. This allows routers that do not run IRDP to participate in router discovery.

Example

interface ethernet0
  ! Enable IRDP on this interface
  ip irdp
  ! make this router preferred 
  ip irdp preference 10

ip load-sharing

interface

ip load-sharing [per-packet] [per-destination]

no ip load-sharing [per-packet] [per-destination]

Configures

CEF

Default

per-destination

Description

This command enables load sharing for Cisco Express Forwarding (CEF). By default, CEF uses per-destination load sharing, in which all traffic for a given destination is sent through the same interface. The per-packet keyword changes the behavior of CEF so that packets for the same destination may be sent through different interfaces. This approach makes load sharing more effective because it increases the effective bandwidth between the router and the destination. However, packets might arrive at the destination out of order, requiring the destination host to reassemble them.

ip local policy route-map

global

ip local policy route-map map

no ip local policy route-map map

Configures

Policy routing

Default

None

Description

This command enables local policy routing. In brief, policy routing means using criteria other than the shortest path to the destination (as computed by a routing protocol) for route selection. The map parameter is the name of a route map that specifies the routing policy. Unlike the ip policy command, which applies a routing policy to a single interface, this command applies the policy to traffic originating on the router.

Example

In this example, a route map named map1 states that any traffic that matching access list 101 will be routed to the 10.1.1.1 router. Access list 101 matches all IP traffic destined for network 10.1.5.0/24. The ip local policy command is used to apply this route map, effectively routing all traffic for 10.1.5.0 through 10.1.1.1 regardless of what the routing protocols might tell the router to do. There are many possible reasons for this policy--for example, the traffic for 10.1.5.0 might be highly confidential, and we want to make sure that it passes only through trusted routers.

access-list 101 permit ip 10.1.5.0 0.0.0.255 any
!
ip local policy route-map map1
!
route-map map1
  match ip address 101
  set ip next-hop 10.1.1.1

ip local pool

global

ip local pool {default | poolname} low-ip-address [high-ip-address]

no ip local pool {default | poolname}

Configures

A pool of IP addresses

Default

None

Description

This command allows you to create a pool of IP addresses that are used when a remote system connects to one of your interfaces. The default pool is the one used if no name is given on the interface.

default
Default pool configuration.

poolname
The name of the pool you are configuring.

low-ip-address
The starting (lowest) IP address in the address pool.

high-ip-address
The ending (highest) IP address in the pool. This is optional. If omitted, the only IP address in the pool is the low-ip-address.

Example

! Assign a pool called dialins1 that goes from 172.30.25.10 to 172.30.25.100

ip local pool dialins1 172.30.25.10 172.30.25.100

ip mask-reply

interface

ip mask-reply

no mask-reply

Configures

Responses to ICMP mask request messages

Default

Disabled

Description

By default, the router does not respond to ICMP mask requests. This command enables responses through the interface.

Example

interface ethernet 1
  ip mask-reply

ip mroute

global

ip mroute source mask [protocol as-number] {rpf-address | interface} [distance]

no ip mroute source mask [protocol as-number] {rpf-address | interface} [distance]

Configures

A multicast static route

Default

None

Description

This command adds a static multicast route.

source
The source IP address.

mask
Network mask for the source address.

protocol as-number
Optional. The unicast routing protocol you are using, followed by the protocol's process number or autonomous system number, if applicable.

rpf-address
The address of the incoming interface for the multicast route. This address can be a host address or a network address.

interface
The incoming interface for the route (e.g., serial 0).

distance
Optional. This value is used to decide if a unicast, DVMRP, or static route should be used for RPF lookup.

ip mroute-cache

interface

ip mroute-cache

no ip mroute-cache

Configures

IP multicast fast switching

Default

Enabled

Description

This command enables fast switching for multicast routing, which is analogous to the route cache for unicast routing. If disabled with the no form of the command, every packet is switched at the process level.

ip mtu

interface

ip mtu bytes

no ip mtu bytes

Configures

Maximum Transmission Unit (MTU) for the interface

Default

Depends on the interface's media type

Description

This command sets the MTU for the interface to bytes. The MTU is the largest packet size that can be sent over the interface. The default MTU depends on the media type; Table I-2 shows default MTU values for some common media. This command allows you to modify the MTU for any interface. Larger MTU values are more efficient with highly reliable networks; lower MTU values can help if an interface is unreliable, or in situations where protocols do not support fragmentation.

Table I-2: Default MTU values

Interface type

Default MTU

Ethernet/Serial

1500

HSSI/ATM/FDDI

4470

Example

interface ethernet 0
  ip mtu 1250

ip multicast boundary

interface

ip multicast boundary access-list

no ip multicast boundary

Configures

A multicast boundary

Default

None

Description

The access-list defines the multicast boundary, which is used to keep multicast packets from being forwarded out the interface.

ip multicast cache-headers

global

ip multicast cache-headers

no ip multicast cache-headers

Configures

Buffers multicast packet headers

Default

Disabled

Description

This command enables the router to cache IP multicast packet headers. These headers can be viewed with the show ip mpacket command.

ip multicast helper-map

interface

ip multicast helper-map group-address broadcast-address access-list
ip multicast helper-map broadcast multicast-address access-list

no ip multicast helper-map group-address broadcast-address access-list
no ip multicast helper-map broadcast multicast-address access-list

Configures

Multicast tunnelling

Default

None

Description

Use this command to send broadcast packets through a multicast network that connects two or more broadcast-capable networks. At one multicast network, you convert the multicast packets to broadcast packets and send them through the broadcast network, which converts them back to multicast packets at the other end.

group-address
Multicast group whose traffic is to be converted to broadcast traffic.

broadcast
Specifies that the traffic is going to be converted from broadcast to multicast.

broadcast-address
When using the group-address parameter, this parameter specifies the IP address to which to send the broadcast traffic.

multicast-address
When using the broadcast option, this variable specifies the multicast address to which converted traffic is sent.

access-list
An extended access list that uses the UDP port number to control which broadcast packets will be converted.

Example

The following configuration converts multicast traffic for the multicast group 224.1.1.2 to broadcast traffic using the broadcast address 10.1.1.255 and UDP port 5000:

interface ethernet 0 
  ip multicast helper-map 224.1.1.2 10.1.1.255 101 
  ip pim dense-mode 
! 
! Convert to UDP port 5000
access-list 101 permit any any udp 5000 
access-list 101 deny any any udp
!
! Forward UDP port 5000
ip forward-protocol udp 5000

The next configuration is the other end of the tunnel. It converts broadcast traffic on UDP port 5000 to multicast traffic:

interface ethernet 0
  ip multicast helper-map broadcast 224.1.1.2 101
  ip pim dense-mode
!
! Use access list to convert traffic to UDP
! port 5000
access-list 101 permit any any udp 5000
access-list 101 deny any any udp
!
! Forward udp port 5000
ip forward-protocol udp 5000

ip multicast rate-limit

interface

ip multicast rate-limit {in | out} [video | whiteboard]
[group-list access-list] [source-list access-list] kbps

no ip multicast rate-limit {in | out} [video | whiteboard]
[group-list access-list] [source-list access-list] kbps

Configures

The rate at which a sender can send to a multicast group

Default

No rate limit

Description

This command controls the rate at which hosts matching a source list can send multicast packets to a multicast group.

in
The limit applies only to incoming packets.

out
The limit applies only to outgoing packets.

video
Optional. Rate limit applies only to video traffic.

whiteboard
Optional. Rate limit applies only to whiteboard traffic.

group-list access-list
Optional. The rate limit applies only to multicast groups that match the access list.

source-list access-list
Optional. The rate limit applies only to hosts sending multicast traffic that match the access list.

kbps
The total bandwidth, in kbps, that is used for multicast traffic that matches the preceding parameters. Traffic in excess of this rate is discarded. If the rate is set to 0, no traffic is permitted.

ip multicast-routing

global

ip multicast-routing

no ip multicast-routing

Configures

IP multicast routing

Default

Disabled

Description

By default, the router does not forward multicast packets. This command enables multicast routing.

ip multicast ttl-threshold

interface

ip multicast ttl-threshold ttl

no ip multicast ttl-threshold

Configures

TTL threshold of forwarded packets

Default

0

Description

This command configures the TTL threshold for packets that are being forwarded out the interface. Only packets with TTL values greater than the threshold are forwarded. The default value is 0, which means all packets are forwarded. The value of ttl can be from 0 to 255.

ip name-server

global

ip name-server address [address]

no ip name-server address

Configures

DNS server name

Default

None

Description

This command sets the name servers that the router uses for DNS queries. You can specify the addresses of up to 6 different DNS servers on one command line. Because you are configuring domain name service, be sure to use an IP address and not a hostname for the server!

Example

The first line configures one name server; the second line configures six name servers:

ip name-server 10.10.2.5
ip name-server 10.10.1.5 10.10.2.5 10.10.3.5 10.10.4.5 10.10.5.5 10.10.6.5

ip nat

interface

ip nat {inside | outside}

no ip nat {inside | outside}

Configures

IP network address translation (NAT)

Default

Disabled

Description

This command configures an interface for NAT. The translation can occur for inside or outside addresses.

Example

In the following configuration, ethernet0 is our internal network with the internal IP address; serial0 is our external interface to the Internet. The NAT translation should be inside on ethernet0 and outside on serial0.

interface ethernet0
  ip address 10.10.1.1 255.255.255.0
  ip nat inside
interface serial0
  ip address 192.168.1.1 255.255.255.0
  ip nat outside

ip nat inside destination

global

ip nat inside destination [list access-list] pool pool-name

no ip nat inside destination [list access-list] pool pool-name

ip nat inside destination [list access-list] static global-ip local-ip

no ip nat inside destination [list access-list] static global-ip local-ip

Configures

Enables NAT for inside destination IP addresses

Default

Disabled

Description

This command enables the mapping of internal (inside) destination addresses to global destination addresses.

list access-list
Optional. Defines an access list for the translation. If an address is not blocked by the access list, it is translated.

pool pool-name
The name of the address pool for allocating global IP addresses.

static global-ip local-ip
A static mapping of a global IP address to a local IP address.

ip nat inside source

global

ip nat inside source [list access-list] pool pool-name [overload]

no ip inside source [list access-list] pool pool-name [overload]

ip nat inside source [list access-list] static local-ip global-ip

no ip nat inside source [list access-list] static local-ip global-ip

Configures

Enables NAT for inside source IP addresses

Default

None

Description

This command enables the mapping of internal (inside) source addresses to global addresses.

list access-list
Optional. Defines an access list for the translation. If an address is not blocked by the access list, it is translated.

pool pool-name
The name of an address pool to be used for selecting global IP addresses.

overload
Optional. Allows many local IP addresses to share a few global IP addresses by multiplexing the ports.

static local-ip global-ip
A static mapping of a local IP address to a global IP address.

ip nat outside source

global

ip nat outside source [list access-list] pool pool-name

no ip nat outside source [list access-list] pool pool-name

ip nat outside source [list access-list] static global-ip local-ip

no ip nat outside source[list access-list] static global-ip local-ip

Configures

Enables NAT for outside source IP addresses

Default

None

Description

This command enables the mapping of external (outside) source addresses to internal addresses.

list access-list
Optional. Defines an access list for the translation. If an address is not blocked by the access list, it is translated.

pool pool-name
The name of the address pool for allocating global IP addresses.

static global-ip local-ip
A static mapping of a global IP address to a local IP address.

ip nat pool

global

ip nat pool name starting-address ending-address [netmask value | prefix-length length] [type rotary]

no ip nat pool name starting-address ending-address [netmask value | prefix-length length] [type rotary]

Configures

The IP address pool to be used in the NAT configuration

Default

None

Description

This command defines a sequential range of IP addresses to use with NAT configurations.

name
Name of the address pool.

starting-address
The beginning of the pool's IP address range.

ending-address
The last IP address in the pool.

netmask value
Specifies the netmask for the pool address range.

prefix-length length
Specifies the number of ones in the bitmask.

type rotary
Optional. Specifies that the range of IP addresses corresponds to real hosts for which load distribution should occur. This means that the pool is defined as a round-robin set of address for load balancing. As new TCP connections are made, a new address is selected from the pool. Non-TCP traffic passes through without translation.

ip nat translation

global

ip nat translation {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout} seconds

no ip nat translation {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout} seconds

Configures

None

Default

See description

Description

This command specifies different timeouts for NAT translations. timeout is 86400 seconds; udp-timeout is 300 seconds; dns-timeout is 60 seconds; tcp-timeout is 86400 seconds; finrst-timeout is 60 seconds.

timeout seconds
The timeout on all translations except overloads.

udp-timeout seconds
The timeout on UDP port translations.

dns-timeout seconds
The timeout on DNS (Domain Name Service).

tcp-timeout seconds
The timeout on TCP ports.

finrst-timeout seconds
The timeout on Finish and Reset TCP packets.

ip netmask-format

line

ip netmask-format [bitcount | decimal | hexadecimal]

no ip netmask-format [bitcount | decimal | hexadecimal]

Configures

How subnets are displayed by the show command

Default

Decimal format (255.255.255.0)

Description

This command determines the format that the show commands use for displaying subnet masks. Table I-3 shows the possibilities.

Table I-3: Netmask formats

Format name

Example

decimal

255.255.255.0

bitcount

10.10.1.0/24

hexadecimal

0xffffff00

ip nhrp authentication

interface

ip nhrp authentication string

no ip nhrp authentication

Configures

Authentication for NHRP

Default

Disabled

Description

This command sets an authentication string for Next Hop Resolution Protocol (NHRP). By default, no authentication is performed. The string can be up to eight characters in length. All routers within the NBMA (nonbroadcast multiple access) must use the same authentication string.

ip nhrp holdtime

interface

ip nhrp holdtime seconds

no nhrp holdtime

Configures

NHRP holdtime

Default

7200 seconds

Description

This command sets the number of seconds to advertise to other routers that they should keep NHRP information.

ip nhrp interest

interface

ip nhrp interest access-list

no nhrp interest

Configures

Which packets should trigger NHRP requests

Default

All non-NHRP packets trigger NHRP requests

Description

This command specifies an access list that the router uses to select which packets should generate NHRP traffic.

ip nhrp map

interface

ip nhrp map ip-address nbma-address

no ip nhrp map ip-address nbma-address

Configures

A static NBMA-to-IP address mapping

Default

None

Description

This command allows you to define a static ip-address to nbma-address mapping. The NBMA address can be a MAC address for Ethernet or an NSAP address for ATM. For NHRP, you usually need to configure one static mapping to get to the next-hop server.

ip nhrp map multicast

interface

ip nhrp map multicast

no ip nhrp map multicast

Configures

An NBMA address for broadcast or multicast packets

Default

None

Description

This command defines a nonbroadcast multiple access (NBMA) address to which to send broadcast or multicast traffic. An NBMA address is a MAC address for Ethernet networks or an NSAP address for ATM networks. A configuration may include several of these commands, each defining another NBMA address. This command allows you to send multicast traffic through a tunnel that crosses networks that do not support IP multicasting. It may be used only on tunnel interfaces.

ip nhrp max-send

interface

ip nhrp max-send packet-count every interval

no nhrp max-send

Configures

Frequency of NHRP packets

Default

packet-count is 5; interval is 10 seconds

Description

This command controls the rate at which NHRP packets can be sent. At most, packet-count packets can be sent every interval seconds. packet-count can be from 1 to 65535; interval can be from 10 to 65535. NHRP traffic cannot exceed this rate. Both locally generated and forwarded traffic count toward the total.

ip nhrp network-id

interface

ip nhrp network-id id

no nhrp network-id id

Configures

Enables NHRP

Default

Disabled

Description

This command enables NHRP on an interface by assigning a unique identifier for the network. All hosts participating in NHRP on a logical NBMA network must use the same network ID. id can be from 1 to 4294967295.

ip nhrp nhs

interface

ip nhrp nhs ip-address [network mask]

no ip nhrp nhs ip-address [network mask]

Configures

The NHS address

Default

None

Description

This command configures the ip-address of the next hop server (NHS). Optionally, you can provide a network address and mask that specify the network that the NHS serves. To specify multiple networks for a single NHS, enter this command multiple times with different network and mask parameters.

When NHS servers are configured, they override the normal NHRP forwarding table.

ip nhrp record

interface

ip nhrp record

no ip nhrp record

Configures

The use of forward and reverse record options in NHRP packets

Default

Enabled

Description

The no form of this command disables the forward and reverse record options in NHRP request and reply packets. These options provide loop detection.

ip nhrp responder

interface

ip nhrp responder interface

no ip nhrp responder interface

Configures

The IP address to use as the source of NHRP reply packets

Default

The IP address of the interface that received the NHRP request

Description

This command specifies the interface whose IP address is used as the source for NHRP reply packets. Normally, the IP address of the interface that received the NHRP packet is used. This command is useful on next-hop servers because it allows a form of loop detection: the server can look for its own unique IP address.

ip nhrp server-only

interface

ip nhrp server-only [non-caching]

no ip nhrp server-only

Configures

NHRP on an interface acting in server mode only

Default

Disabled

Description

This command enables NHRP on an interface in server mode only. In server mode, an interface does not originate NHRP requests. The optional non-caching keyword disables the cache of NHRP information.

ip nhrp trigger-svc

interface

ip nhrp trigger-svc trigger-threshold teardown-threshold

no nhrp trigger-svc

Configures

The thresholds for building an SVC based on traffic rates

Default

trigger threshold is 1 kbps; teardown-threshold is 0 kbps

Description

This command sets the thresholds for traffic rates that define when an SVC is built or destroyed. The trigger-threshold is the average traffic rate at (or above) which NHRP will create an SVC for a destination. The teardown-threshold is the traffic rate at (or below) which NHRP will tear down an SVC. Both parameters are in kbps; they are calculated during the load interval. The load interval is the length of time over which the router calculates the interface's throughput for comparison with the trigger and teardown thresholds. It is always a multiple of 30 seconds and is set by the ip cef traffic-statistics command.

ip nhrp use

interface

ip nhrp use count

no ip nhrp use

Configures

A usage count that defers NHRP requests for a certain number of packets

Default

1

Description

By default, when the router has a packet that is eligible for NHRP address resolution, the router sends the NHRP request immediately. This command allows you to defer the NHRP request until count packets have been sent to the destination. The packet count can be from 1 to 65535.

The packet count is destination-based. If the count was set to 3 and the router received five packets, two for destination 1 and three for destination 2, the router would generate an NHRP request only for destination 2.

ip ospf authentication

interface

ip ospf authentication [message-digest | null]

no ip ospf authentication

Configures

OSPF authentication

Default

No authentication

Description

This command enables OSPF authentication for an interface, to be used if the area authentication command is not enabled. If you enable this command with no options, specify the password with the ip ospf authentiation-key command. If you use the message-digest option, specify the password with the ip ospf message-digest-key command.

The null option can be used to disable authentication for this interface if authentication of the entire area has already been configured.

ip ospf authentication-key

interface

ip ospf authentication-key password

no ip ospf authentication-key

Configures

A password to authenticate OSPF neighbors

Default

None

Description

This command assigns a password for communicating with neighboring routers to this interface. All adjacent routers should be configured with the same authentication key. The password can be from 1 to 8 bytes in length.

ip ospf cost