IBM Books

Multiprotocol Routing Services
Protocol Configuration Reference
Version 3.3 Volume 1


Configuring and Monitoring IP

This chapter describes the IP configuring and monitoring commands. It includes the following sections:


Accessing the IP Configuration Environment

To access the IP configuration environment, enter the following command at the Config> prompt:

  Config> Protocol IP
  Internet protocol user configuration
  IP config>

IP Configuration Commands

This section describes the IP configuration commands. These commands allow you to modify the IP protocol behavior to meet your specific requirements. Some amount of configuration is necessary to produce a fully functional IP router. Enter IP configuration commands at the IP config> prompt.

Table 18. IP Configuration Commands Summary
 Command   Function 
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
 Add   Adds to the IP configuration information. Interface addresses can be added, along with access controls, filters, and packet-filters. 
 Change   Modifies information that was originally entered with the  add command.
 Delete   Deletes IP configuration information that had been entered with the  add command.
 Disable   Disables certain IP features that have been turned on by the  enable command.
 Enable   Enables IP features such as ARP subnet routing, UDP Forwarding, originate default, directed broadcasts, BOOTP, the various RIP flags controlling the sending and receiving of RIP information, diffserv, and route-table-filtering. 
 List   Displays IP configuration items. 
 Move   Changes the order of access control records. 
 Set   Establishes IP configuration modes such as the use of access control and the format of broadcast addresses. Also sets IP parameters such as TTL (time-to-live) of packets originated by the router, the size of the IP routing table, cache size, and RIP interface metrics and sets IGMP configuration parameters. 
 Update   Used to assign access control entries to packet filters. 
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Response to IP Configuration Commands

This topic enables you to determine which IP configuration (Talk 6) commands become effective immediately and which commands remain pending until you issue the Talk 5 reset ip command to a router. Table 19 lists both categories of commands. Any commands that are not listed in the table remain pending until you issue a reload or restart command.

Table 19. IP Configuration Command Response
 Effective Immediately   Effective at Reset 
add route add accept-rip-route ...
change route add access-control ...
delete route add address
disable icmp-redirect add bootp-server
enable icmp-redirect add packet-filter
set ttl add udp-destination

add vrid ...

add vr-address

change access-control ...

change address ...

delete accept-rip-route ...

delete access-control ...

delete address ...

delete bootp-server

delete packet-filter

delete udp-destination

delete vrid ...

delete vr-address ...

disable bootp-forwarding

disable directed-broadcast

disable echo-reply

disable fragment-offset-check

disable icmp-redirect

disable nexthop-awareness ...

disable override default/static-routes...

disable packet-filter

disable receiving ...

disable record-route

disable rip

disable rip2

disable same-subnet

disable sending ...

disable source-addr-verification

disable source-routing

disable timestamp

disable trace

disable udp-forwarding

disable vrrp ...

enable bootp-forwarding

enable directed-broadcast

enable echo-reply

enable fragment-offset-check ...

enable icmp-redirect

enable nexthop-awareness

enable override ...

enable packet-filter

enable receiving ...

enable record-route

enable rip

enable rip2

enable same-subnet

enable sending ...

enable source-address-verification

enable source-routing

enable timestamp

enable trace

enable udp-forwarding

enable vrrp ...

move access-control ...

set access-control ...

set access-control log-facility

set broadcast-address ...

set originate-rip-default

set rip-in-metric

set rip-out-metric

set tag ...

set ttl

update packet-filter ...

Add

Use the add command to add IP information to your configuration.

Syntax:

add
accept-rip-route . . .

access-control . . .

address . . .

bootp-server

filter . . .

packet-filter

redundant-default-gateway

route . . .

route-policy . . .

route-table-filter

udp-destination . . .

vrid . . .

vr-address . . .

accept-rip-route IP-network/subnet
Allows an interface to accept a RIP route when input RIP filtering is enabled for an interface. You can print the list of networks and subnets that have already been entered using the list rip command. You can enable the input filtering of RIP routes on a per-IP-interface basis. This is done separately for network-level routes (for example, a route to 10.0.0.0) for subnet-level routes (for example, a route to 128.185.0.0), and for host-level routes (for example 128.185.123.28). To enable input filtering of routes on an IP interface, use the disable receiving dynamic nets or disable receiving dynamic subnets or disable receiving dynamic hosts commands.

IP network/subnet

Valid Values: any valid IP address

Default Value: none

Example:

add accept-rip-route

Network number [0.0.0.0]? 10.0.0.0

access-control type IP-source source-mask IP-dest dest-mask first-protocol last-protocol [first-dest-port last-dest-port first-source-port last-source-port] [tcp-syn] [icmp-type icmp-code] [tos-mask tos-range-low tos-range-high tos-mod-mask new-tos-value policy-based-routing next-hop-gateway use-default-route] [log els snmp-trap syslog syslog-level]

From the IP config> prompt, use this command to add an access control record to the end of the global access control list. From the Packet-filter packet-filter-name Config> prompt, use this command to add an access control rule to the end of the packet filter access control list. Access control allows you to define categories of packets to forward, to drop, or to process with network address translation, based on packet values specified in the access control rules. The length and order of the access control lists can affect the IP packet forwarding performance.
Note:The add access-control command configures access control rules, but it does not automatically enable access control; see the set access-control command.

type
Indicates what is done with packets that match the access control rule parameters.

E
Exclusive; matching packets are discarded.

I
Inclusive; matching packets are processed further by the router.

N
Network address translation (NAT); matching packets are passed to NAT for address translation. This type is valid only when specified in combination with inclusive, for example, IN. This parameter is valid only in the packet filter configuration console (accessed by the update packet-filter command).

IP-source source-mask
Source IP address and mask. The source-mask is bit-ANDed with the received source IP address to allow the rule to match a range of source IP addresses. Where bits of the source mask are 0, the corresponding bits of the IP source address must also be 0.

Valid Values: 0.0.0.0 to 255.255.255.255

Default Values: 0.0.0.0 for source IP address. The default for the source mask is the configured IP source address.

IP-dest dest-mask
Destination IP address and mask. The dest-mask is bit-ANDed with the received destination IP address to allow the rule to match a range of destination IP addresses. Where bits of the destination mask are 0, the corresponding bits of the destination IP address must also be 0.

Valid Values: 0.0.0.0 to 255.255.255.255

Default Value: 0.0.0.0 for destination IP address. The default for the dest mask is the configured IP dest address.

first-protocol last-protocol
A range of IP protocol numbers.

Some common IP protocol numbers are:

1 for ICMP
6 for TCP
17 for UDP
89 for OSPF

Valid Values: 0 to 255

Default Values: 0 for first protocol and 255 for last protocol

first-dest-port last-dest-port
A range of TCP/UDP destination port numbers. These parameters are valid only if the range of IP protocol numbers includes 6 (for TCP) or 17 (for UDP). These parameters are ignored for packets in which the IP protocol number is not 6 or 17.

Some commonly used port numbers are:

21 for FTP
23 for Telnet
25 for SMTP
513 for rlogin
520 for RIP

Valid Values: 0 - 65535

Default Value: 0 for first destination port and 65535 for last destination port

first-source-port last-source-port
A range of TCP/UDP source port numbers. These parameters are valid only if the range of IP protocol numbers includes 6 (for TCP) or 17 (for UDP). These parameters are ignored for packets in which the IP protocol number is not 6 or 17. See the description of first-dest-port last-dest-port for a list of commonly used TCP/UDP port numbers.

Valid Values: 0 - 65535

Default Value: 0 for first source port and 65535 for last source port

tcp-syn
This parameter matches TCP packets that establish TCP connections (that is, TCP packets in which the SYN bit is 1 and the ACK bit is 0). This parameter is valid only if the range of IP protocol numbers includes 6 (for TCP) and the rule type is exclusive. This parameter is invalid for types IPSec and NAT, which are always inclusive. This parameter is ignored for packets in which the IP protocol number is not 6.

Valid Values: Yes or No

Default Value: No

icmp-type
This parameter, which defines the ICMP type, is valid only if the range of IP protocol numbers includes 1 (for ICMP). The value of this parameter defines the ICMP type of the access rule. ICMP packets can match the access rule only if the ICMP type of the packet matches the ICMP type of the access rule. If the default value -1 is specified, all ICMP type values are treated as matching the access rule. This parameter is ignored for packets in which the IP protocol number is not 1.

Valid Values: -1 to 255

Default Value: -1 (all ICMP types)

icmp-code
This parameter, which defines the ICMP code, is valid only if the range of IP protocol numbers includes 1 (for ICMP). The value of this parameter defines the ICMP code of the access rule. ICMP packets can match the access rule only if the ICMP code of the packet matches the ICMP code of the access rule. If the default value -1 is specified, all ICMP code values are treated as matching. This parameter is ignored for packets in which the IP protocol number is not 1.

Valid Values: -1 to 255

Default Value: -1 (all ICMP codes)

tos-mask, tos-range-low, tos-range-high
Setting tos-mask to a non-zero value enables filtering according to bits in the TOS byte. Tos-mask identifies the bits in the precedence/TOS byte that are to be filtered. For example, if the tos-mask is X'E0' (B'11100000'), filtering applies only to the 3 precedence bits in the TOS byte (the 3 most significant bits of the TOS byte).

The tos-range-low and the tos-range-high define the range of consecutive values within the selected bits. If you want to filter all 8 values of the precedence bits (decimal 0 - 7), the tos-range-low is X'00' (B'00000000') and the tos-range-high is X'e0' (B'11100000', which defines decimal 7 within the 3 bits that are selected for filtering). If you want to filter the binary values B'000', B'001', B'010', and B'011' (decimal 0 - 3) of the 3 precedence bits, the tos-range-low is X'00' (B'00000000') and the tos-range-high is X'60' (B'01100000').

If you need to filter bit patterns that do not form a consecutive sequence of values, you need to define a separate access control rule for each range desired. For example, to filter the two precedence bit values B'001' (decimal 1) and B'011' (decimal 3) without filtering B'010' (decimal 2), you would have to define the first access control rule with tos-mask equal to X'e0' and tos-range-low and tos-range-high both equal to X'20'. Then you would have to define the second access control rule with tos-mask equal to X'e0' and tos-range-low and tos-range-high both equal to X'60'.

Valid Values for tos-mask: X'00' - X'FF'

Default Value: 0 for none

Valid Values for tos-range-low: X'00' - X'FF'

Default Value: 0

Valid Values for tos-range-high: X'00' - X'FF'

Default Value: The configured tos-range-low.

new-tos-value, tos-mod-mask
Setting these parameters enables the router to modify specified bits in the TOS byte. The tos-mod-mask identifies the bits within the TOS byte that are to be changed. The new-tos-value defines the new value for the selected bits. For example, if the tos-mod-mask is X'1e' and the new-tos-value is X'00', the 4 bits of the TOS field (identified within the byte by the tos-mod-mask value X'1e' [B'00011110']) are set to B'0000'. To set the TOS bits to the value for maximum throughput (B'0100'), use the tos-mod-mask X'1e' and the new-tos-value X'08' (B'00001000').

Valid Values for tos-mod-mask: X'00' - X'FF'

Default Value: 0 for none

Valid Values for new-tos-value: X'00' - X'FF'

Default Value: 0

policy-based-routing, next-hop-gateway, use-default-route
These parameters enable policy based routing, which is the ability to specify the next hop gateway to which the filtered packets will be sent. Setting the policy-based-routing parameter to Yes indicates that you plan to have the filtered packets sent to the defined next hop gateway. Next-hop-gateway is the address of the next hop gateway to which these packets will be sent.

Setting use-default-route to Yes enables the router to route the packet using the normal routing table if the defined gateway becomes unavailable. If this parameter is set to No, the packet is discarded if the defined gateway becomes unavailable and an ICMP unreachable message is sent to the source address of the discarded packet.

Valid Values for policy-based-routing: Yes or No

Default Value: No

Valid Value for next-hop-gateway: a valid IP address

Default Value: none

Valid Value for use-default-route: Yes or No

Default Value: Yes

log
Enables logging.

Valid Values: Yes or No

Default Value: No

els
If logging is enabled, enables ELS messages for this access control rule.

Valid Values: No, short, or long

Default Value: No

snmp-trap
If logging is enabled, enables the sending of SNMP traps for this access control rule.

Valid Values: Yes or No

Default Value: No

syslog
If logging is enabled, enables SysLog for this access control rule. SysLog posts system messages to an attached remote workstation.

Valid Values: No, short, or long

Default Value: No

syslog-level
If SysLog is enabled, specifies the level of the SysLog messages.

Valid Values: Sys Def, Emerg, Alert, Crit, Error, Warn, Notice, Info, or Debug

Default Value: Router system default value

Example:
IP config> add access-control
Enter type [E] I
Internet source [0.0.0.0]?
Source mask [0.0.0.0]?
Internet destination [0.0.0.0]?
Destination mask [0.0.0.0]?
Enter starting protocol number ([CR] for all) [-1]?
Enter starting destination port number ([CR] for all) [-1]?
Enter starting source port number ([CR] for all) [-1]?
Enter ICMP Type ([CR] for all) [-1]? 3
Enter ICMP Code ([CR] for all) [-1]?
TOS/Precedence filter mask (00-FF - [0] for none) [0]? CD
TOS/Precedence start value (00-FF) [0]?
TOS/Precedence end value [0]?
TOS/Precedence modification mask (00-FF - [0] for none) [0]? FA
New TOS/Precedence value (00-FF) [0]?
Next hop gateway address [ ]? 8.8.8.2
Use default route if next hop gateway unreachable? [Yes]:
IP config>

address interface-number IP-address address-mask
Assigns an IP address to one of the router's hardware network interfaces. A hardware network interface will not receive or transmit IP packets until it has at least one IP address. You must specify an IP address together with its subnet mask. For example, if the address is on a class B network, using the third byte for subnetting, the mask would be 255.255.255.0. Use the list devices command to obtain the appropriate command interface-number. Serial lines do not need addresses. Such lines are called unnumbered. However, you must still enable them for IP traffic using the add address command. The address then used is 0.0.0.n, where n is the interface-number.
Note:To assign an IP address to the 2210's bridge network, specify bridge for the interface number. See Assigning IP Addresses to the Bridge Network Interface for more information.

You must specify an IP address together with its subnet mask. For example, if the address is on a class B network, using the third byte for subnetting, the mask would be 255.255.255.0. Use the List Devices option to obtain the appropriate option interface-number.

interface-number
Valid Values: any defined interface number, or bridge

Default Value: none

ip-address
Valid Values:
The class A range is 1.0.0.1 through 126.255.255.254
The class B range is 128.0.0.1 through 191.255.255.254
The class C range is 192.0.0.1 through 223.255.255.254
For unnumbered serial line interfaces, 0.0.0.n, where n is the interface number

Default Value: none

address mask
Valid Values: 0.0.0.0 - 255.255.255.255

Default Value: none

Example: add address 0 128.185.123.22 255.255.255.0

bootp-server server-IP-address
Adds a BOOTP/DHCP server to the list of servers to which the router will forward BOOTP/DHCP requests. See Configuring the BOOTP/DHCP Forwarding Process for more information.

server-IP-address
Valid Values: any valid Bootp server IP address

Default Value: none

Example: add bootp-server 128.185.123.22

filter dest-IP-address address-mask
Designates an IP destination to be filtered. IP packets will not be forwarded to filtered destinations, nor will routing information be disseminated concerning such destinations. Packets to filtered destinations are simply discarded. You must specify a filtered destination as an IP address with its subnet mask. For example, to filter a subnet of a class B network, using the third byte for subnetting, the mask would be 255.255.255.0. Using the filter mechanism is more efficient than IP access controls, although not as flexible. Filters also affect the operation of the IP routing protocols, unlike access controls. Filtered networks/subnets are overridden if learned using the OSPF routing protocol.

The effect of this command is immediate; you do not have to reboot the router for it to take effect.

dest-IP-address
Valid Values: any valid IP address

Default Value: none

address mask.
Valid Values: 0.0.0.0 to 255.255.255.255

Default Value: 0.0.0.0

Example: add filter 127.0.0.0 255.0.0.0

packet-filter filter-name type interface-number
Defines a packet filter record within the router configuration.

filter-name
Valid Values: any 16-character name.

You can include dashes (-) and underscores (_) in the name.

Default Value: none

type
IN filters incoming traffic.

OUT filters outgoing traffic.

interface-number 
Valid Values: any defined interface, or bridge for the Bridge Network Interface

Default Value: none

Example: add packet-filter

   Packet-filter name [ ]? filt-1-0
   Filter incoming or outgoing traffic? [IN]?
   Which interface is this filter for [0]? 1

redundant-default-gateway interface-number gateway-IP-address address-mask MAC-address primary-gateway
Adds a Redundant Default Gateway IP address to your configuration.

interface-number
Specifies the net number of LEC interfaces on the ELAN.

Valid Values: net numbers of LEC interfaces

Default Value: none

gateway-IP-address
Specifies the Default Gateway of the end station.

Valid Values: IP addresses used as default gateways

Default Value: 0.0.0.0

address-mask
Specifies the mask of the IP address.

Valid Values: any valid IP net mask

Default Value: 0.0.0.0

MAC-address
Note:The primary gateway and the backup gateway must have the same MAC address
Valid Values: any valid MAC address not used by other interfaces on the ELAN

Default Value: 00.00.00.00.00.00

primary-gateway
Specifies whether the gateway is used as the primary or as the backup gateway.

This query asks whether the gateway on this device is the primary gateway active during the normal operation of the network, or the backup gateway that is active when the LEC interface containing the primary gateway is not operational. Answering Yes configures a primary gateway. There should be only one primary gateway per ELAN.

Valid Values Yes or No

Default Value: No

Example: add redundant-default-gateway

   Which net is this redundant gateway for [0]? 1
   IP address of gateway [0.0.0.0]? 9.67.205.1
   Address mask [255.255.0.0]? 255.255.240.0
   MAC address [00.00.00.00.00.00.]? 00.00.00.00.00.BA
   Is this the primary gateway [No]? Yes or No

route dest-addr dest-mask next-hop1 cost1 [next-hop2 cost2 [next-hop3 cost3 [next-hop4 cost4]]]
Adds 1 to 4 static routes to the device's IP configuration. When dynamic routing information is not available for a particular destination, static routes are used.

The destination is specified by an IP address (dest-addr) together with an address mask (dest-mask). If the destination IP address is a network address, then the dest-mask must be a network mask. If the destination IP address is a subnet address, then the dest-mask must be a subnet mask. Finally, if the destination IP address is a host address, then the dest-mask must be a host mask (which means that the only valid value is 255.255.255.255). The dest-mask must be accurate; if it is not, the static route will not be accepted.

The route to the destination is specified by the IP address of the next hop (next-hop), and the cost (cost) of routing the packet to the destination. The next hop must be on the same (sub)net as one of the router's directly connected interfaces. Static routes are always overridden by routes learned through OSPF, but, by default, routes learned through RIP do not override static routes. However, you can enable or disable routes learned through RIP to override static routes by using the enable override static-routes or disable override static-routes commands. This command takes effect immediately; you do not have to reboot the router.

dest-addr
Valid Values: any valid IP address

Default Value: none

dest-mask
Valid Values: 0.0.0.0 to 255.255.255.255

Default Value: none

next-hop1, next-hop2, next-hop3, next-hop4
Valid Values: any valid IP address

Default Value: none

cost1, cost2, cost3, cost4
Valid Values: an integer in the range 0 to 255

Default Value: 1

Example:

IP config> add route
IP destination []? 1.1.0.0
Address mask [255.0.0.0]? 255.255.0.0
Via gateway 1 at []? 10.1.1.1
Cost [1]? 1
Via gateway 2 at []?
IP config> add route 1.1.0.0 255.255.0.0
Via gateway 2 at []? 20.1.1.1
Cost [1]? 2
Via gateway 3 at []? 30.1.1.1
Cost [1]? 3
Via gateway 4 at []?
IP config> add route 2.2.0.0 255.255.0.0 10.2.2.2 1 20.2.2.2 2
IP config> list routes
 
route to 1.1.0.0        ,255.255.0.0     via 10.1.1.1        cost 1
                                         via 20.1.1.1        cost 2
                                         via 30.1.1.1        cost 3
route to 2.2.0.0        ,255.255.0.0     via 10.2.2.2        cost 1
                                         via 20.2.2.2        cost 2
 
IP config>

route-policy route-policy-identifier use-strictly-linear-policy
Adds a route filter policy. A route filter policy consists of entries that define a set of routes that can be filtered to be included or excluded from the routing table of an external routing protocol such as OSPF or RIP.

route-policy-identifier
A string that identifies a route filter policy.

Valid Values: any 1-to-15-character ASCII string

Default Value: none

use-strictly-linear-policy
Yes indicates that matching will be done based strictly upon the sequence of index numbers of the route filter policy entries. The entry with the lowest index number will be processed first. No indicates that matching will be done using the longest-match application. The entry with the lower index number will be chosen only when more than one entry has the same address and mask.

Valid Values: Yes or No

Default Value: No

route-table-filter destination mask [both | exact | more-specific] [exclusive | inclusive]
Adds a route table filter for the specified routes. When route-table-filtering is enabled, the route-table-filter will be matched against routes added to the IP route table. The order in which route-table-filters is unimportant. Rather, the route-table-filter with the most specific match is chosen. If no match is found, the route is added to the route table. When exact is specified, the route destination and mask must be exactly the same as the route-table-filter destination and mask for a match to occur. When more-specific is specified, the route destination and mask must part of the range subsumed by the route-table-filter destination and mask. Specifying both is the superset of both and more-specific (that is, a match will occur in both the case of an exact match and a more-specific match). If the route-table-filter indicates include, the route will be added to the IP route table. If the route-table-filter indicates exclude, the route will not be added to the IP route table. Static and direct routes are never excluded from the IP route table.

destination mask
Valid Values: any valid IP mask

Default Value: both exclude

udp-destination port-number address
Adds a UDP forwarding destination address. Received UDP datagrams with the specified destination UDP port number will be forwarded to the specified IP address.

You can enter a broadcast or unicast IP address.

Repeat this command to add more than one IP address for the same UDP port. This causes the router to forward the UDP datagram to each of the IP addresses.

port-number
Valid Values: 0 to 65535

Default Value: none

address
Valid Values: any valid IP address

Default Value: none

Example:

add udp-destination 36 20.1.2.2

vrid interface-ip-address vrid advertisement-interval backup-router backup-ip-address priority functional/group- mode authentication-type authentication-key
Adds a Virtual Router ID definition for a VRRP router on a LAN segment.

interface-ip-address
Indicates the IP interface for which this VRID is being defined.

Valid Values: Any configured IP interface.

Default Value: none

vrid
The Virtual Router identifier. The combination of the ip-interface-address and vrid uniquely define the VRID. The same vrid can be used on more than one physical interface. If the VRID already exists, it will be modified.

Valid Values: 1-255

Default Value: none

advertisement-interval
The interval between VRRP advertisements.

Valid Values: 1-255

Default Value: 1

backup-router
Indicates whether this router is the master or a backup router for this VRID.

Valid Values: Yes or No

Default Value: No

backup-ip-address
Indicates the first IP address that is the backup for this VRID. Additional addresses may be added using the add vr-address command for LAN segments supporting more than one subnet. It is not applicable if No was configured for backup-router.

Valid Values: Any valid IP address.

Default Value: none

priority
Indicate the VRRP priority for backup routers. If a backup router takes over for the primary router, it will use this priority in it's VRRP advertisements. It is not applicable if No was configured for backup-router. A master router will always advertise a priority of 255.

Valid Values: 1-254

Default Value: 100

functional/group-mode
Indicates whether or not a multicast MAC address is used as the VRID virtual MAC address. All routers configured for this VRID should have the same value for this parameter in order for VRRP to function correctly.

Valid Values: Yes or No

Default Value: No

authentication-type
Indicates the type of authentication used for VRRP advertisements. The choices for authentication types are 1, which indicates a simple password; or 0, which indicates that no authentication is used.

Valid Values: none, simple

Default Value: none

authentication-key
The parameter that defines the password for this VRID. When password authentication is used, only packets with the correct authentication key are accepted. The authentication key is not applicable when none is specified or defaulted for authentication type.

Valid Values: Any 1 - 8 characters.

Default Value: A null string.

Example: add vrid

IP config> add vrid
IP Interface [ ]? 153.2.2.25
VRID (1-255) [0]? 1
Advertisement Interval (1-255) [1]?
Backup Virtual Router? [No]:
Use Functional/Group Address? [No]:
Authentication Type (0 - None, 1 - Simple) [0]?
VRID 153.2.2.25/1 added successfully

vr-address interface-ip-address vrid ip-address
Adds a secondary address to a configured Virtual Router ID (VRID) definition. Secondary addresses will be included in VRRP advertisements for the VRID. Secondary addresses are necessary on physical LANs supporting multiple IP subnets. Each address designates the default gateway address for that subnet. If the router is a master router, addresses added using the add vr-address command will be advertised in addition to the ip-interface-address for the VRID. If the router is a backup router for the VRID, addresses added using the add vr-address command will be advertised in addition to the backup-ip-address.

interface-ip-address
The IP interface for the VRID.

Valid Values: Any configured IP interface.

Default Value: none

vrid
The Virtual Router identifier. The combination of the ip-interface-address and vrid uniquely define the VRID. The VRID must be configured for addresses to be added to its definition.

Valid Values: 1-255

Default Value: none

ip-address
The additional IP address that will be included in VRRP advertisements for the VRID.

Valid Values: Any IP address.

Default Value: none

Example: add vr-address

IP config>add vr-address
IP Interface [ ]? 153.2.2.25
Virtual Router ID (1-255) [0]? 1
Additional IP Address [ ]? 5.1.1.1
VRID 153.2.2.25/1 address 5.1.1.1 added successfully.

Change

Use the change command to change an IP configuration item previously installed by the add command. In general, you must specify the item you want to change, just as you specified the item with the add command.

Syntax:

change
access-control . . .

address . . .

route . . .

route-policy

access-control rule-number type IP-source source-mask IP-dest dest-mask first-protocol last-protocol [first-dest-port last-dest-port first-source-port last-source-port] [tcp-syn] [icmp-type icmp-code] [tos-mask tos-range-low tos-range-high tos-mod-mask new-tos-value policy-based-routing next-hop-gateway use-default-route] [log els snmp-trap syslog syslog-level]
Modifies an existing global access-control record. Use the list access-control command to view all existing records and obtain the rule number. See the talk 6 Add command for definitions of the parameters.

Example:

IP config> change access-control 2
Enter type [E]? i
Internet source [9.1.2.3]?
Source mask [255.255.255.255]?
Internet destination [0.0.0.0]?
Destination mask [0.0.0.0]?
Enter starting protocol number [0]?
Enter starting DESTINATION port number [0]?
Enter starting SOURCE port number [0]?
Filter on ICMP Type [-1]?
TOS/Precedence filter mask [e0]?
TOS/Precedence start value [0]?
TOS/Precedence end value [0]?
TOS/Precedence modification mask [1f]? 1e
New TOS/Precedence value[0]? 08
Use policy-based routing? [Yes]:
Next hop gateway address [9.2.160.1]?
Use default route if next hop gateway unreachable? [Yes]:
Enable Logging [No]:
 

address old-address new-address new-mask
Modifies one of the router's IP interface addresses. You must specify each new address together with the new address' subnet mask. This command can also be used to change an existing address' subnet mask.

Valid IP addresses:

old-address
Valid Value: a currently configured IP interface address

Default Value: none

new-address
Valid Value: any valid IP address

Default Value: none

new-mask
Valid Value: 0.0.0.0 - 255.255.255.255

Default Value: none

Example: change address 192.9.1.1 128.185.123.22  255.255.255.0

route dest-addr dest-mask new-next-hop1 new-cost1 [new-next-hop2 new-cost2 [new-next-hop3 new-cost3 [new-next-hop4 new-cost4]]]
Modifies either the next hops or the costs associated with the configured static routes to the specified destination. The effect of this command is immediate; you do not have to reboot the router for it to take effect.

dest-addr
Valid Values: any valid IP address

Default Value: none

dest-mask
Valid Values: 0.0.0.0 to 255.255.255.255

Default Value: none

new-next-hop1, new-next-hop2, new-next-hop3, new-next-hop4
Valid Values: any valid IP address

Default Value: none

new-cost1, new-cost2, new-cost3, new-cost4
Valid Values: an integer in the range 0 to 255

Default Value: 1

Example:

IP config>list routes
 
route to 1.1.0.0        ,255.255.0.0     via 10.1.1.1        cost 1
                                         via 20.1.1.1        cost 2
                                         via 30.1.1.1        cost 3
route to 2.2.0.0        ,255.255.0.0     via 10.2.2.2        cost 1
                                         via 20.2.2.2        cost 2
 
IP config>change route
IP destination []? 1.1.0.0
Address mask [255.0.0.0]? 255.255.0.0
Via gateway 1 at [.10.1.1.1]? 10.10.10.1
Cost [1]? 10
Via gateway 2 at [20.1.1.1]? 20.20.20.1
Cost [2]? 20
Via gateway 3 at [30.1.1.1]? 30.30.30.1
Cost [3]? 30
Via gateway 4 at []? 40.40.40.1
Cost [1]? 40
IP config>change route 2.2.0.0 255.255.0.0 10.10.10.2 10
IP config>list routes
 
route to 1.1.0.0        ,255.255.0.0     via 10.10.10.1      cost 10
                                         via 20.20.20.1      cost 20
                                         via 30.30.30.1      cost 30
                                         via 40.40.40.1      cost 40
route to 2.2.0.0        ,255.255.0.0     via 10.10.10.2      cost 10

route-policy route- policy-identifier
Use this command to change an existing route filter policy, which was created using the add route-policy command. You use the change route-policy command to configure the entries, actions, and match-conditions associated with the route filter policy. The change route-policy command brings up the IP Route Policy Config> prompt.

route-policy-identifier

Valid Values: the 1 to 15-character ASCII string that identifies an existing route filter policy

Default Value: none

Delete

Use the delete command to delete an IP configuration item previously installed by the add command. In general, you must specify the item you want to delete, just as you specified the item with the add command.

Syntax:

delete
accept-rip-route . . .

access-control . . .

address . . .

bootp-server

default network/subnet-gateway . . .

filter . . .

packet-filter

redundant-default-gateway

route . . .

route-policy . . .

route-table-filter

udp-destination . . .

vrid . . .

vr-address . . .

accept-rip-route net-number
Removes a route from the list of networks that the RIP protocol always accepts.

Valid Values: Any IP address contained in the list of accepted networks.

Default Value: none

Example: delete accept-rip-route 10.0.0.0

access-control rule-number
Deletes one of the access control rules from the global access control list.

Example: delete access-control 2

address ip-interface-address
Deletes one of the router's IP interface addresses.

Valid Values: any valid IP address

Default Value: none

Example: delete address 128.185.123.22

bootp-server server-IP-address
Removes a BOOTP server from an IP configuration.

Valid Values: any configured BOOTP server IP address

Default Value: 0.0.0.0

Example: delete bootp-server 128.185.123.22

default network/subnet-gateway [ip-network-address]
Deletes either the default gateway or the default subnet gateway for the specified subnetted network.

Valid Values: any valid IP address

Default Value: 0.0.0.0

Example: delete default subnet-gateway 128.185.0.0

filter dest-addr dest-mask
Deletes one of the router's filtered networks. The effect of this command is immediate; you do not have to reboot the router for it to take effect.

dest-addr
Valid Values: any valid IP address

Default Value: 0.0.0.0

dest-mask
Valid Values: 0.0.0.0 - 255.255.255.255

Default Value: none

Example: delete filter 127.0.0.0

             Address mask [0.0.0.0]? 255.0.0.0

packet-filter filter-name
Deletes a specified packet-filter from the router's configuration.

Valid Values: any 16-character name.

You can include dashes (-) and underscores (_) in the name.

Default Value: none

Example:

IP config> delete packet-filter pf-in-0
All access controls defined for 'pf-in-0' will also be deleted.
Are you sure you want to delete (Yes or [No]): y
Deleted
IP config>

redundant interface-number
Deletes the Redundant IP Gateway from a LEC interface.

interface-number
Valid Values: Interface numbers of LECs with a Redundant Default IP Gateway.

Default Value: none

Example:

Enter the Net number of Redundant Gateway to delete:? 1
Gateway deleted.

route dest-addr dest-mask [delete-next-hop1 [delete-next-hop2 [delete-next-hop3 [delete-next-hop4]]]]
Deletes one of the device's configured static routes. The effect of this command is immediate; you do not have to reboot the router for it to take effect.

dest-addr
Valid Values: any valid IP address

Default Value: none

dest-mask
Valid Values: any valid IP mask

Default Value: none

delete-next-hop
Valid Values: Yes or No

Default Value: No

Example:

IP config>list routes
 
route to 1.1.0.0        ,255.255.0.0     via 10.10.10.1      cost 10
                                         via 20.20.20.1      cost 20
                                         via 30.30.30.1      cost 30
                                         via 40.40.40.1      cost 40
route to 2.2.0.0        ,255.255.0.0     via 10.10.10.1      cost 10
 
IP config>delete route 1.1.0.0 255.255.0.0
Delete gateway 10.10.10.1? [No]:
Delete gateway 20.20.20.1? [No]: y
Delete gateway 30.30.30.1? [No]:
Delete gateway 40.40.40.1? [No]: y
IP config>delete route 2.2.0.0 255.255.0.0
IP config>delete route 1.1.0.0 255.255.0.0 n y
IP config>list routes
 
route to 1.1.0.0        ,255.255.0.0     via 10.10.10.1      cost 10
 
IP config>

route-policy route-policy-identifier delete-route-policy-entries

Deletes an existing route filter policy from the configuration. You have the option to delete all route filter policy entries associated with the route filter policy. If the entries have not been deleted, when you reconfigure the deleted route filter policy, the entries associated with that route filter policy are reinstated. Use the add route-policy command to reconfigure a deleted route filter policy.

route policy identifier
Valid Values: the 1 to 15-character ASCII string that identifies a configured route filter policy

Default Value: none

delete-route-policy-entries
Yes deletes the corresponding route policy entries; No saves them.

Valid Values: Yes or No

Default Value: No

route-table-filter destination mask mask-definition[both | exact | more specific]
Deletes a route filter from the route table filters added using add route-table-filter. See "route-table-filter" on page *** for the command extension definitions.

destination
Valid Values: any valid IP mask

Default Value: none

mask
Valid Values: any valid IP mask

Default Value: none

mask-definition
Valid Values: any valid IP mask

Default Value: none

Example: delete route-table-filter

   IP config>delete route-table-filter
   Route Filter IP address []? 7.0.0.0
   Route Filter IP mask []? 255.0.0.0
   Enter Match type (B, E, or M) [B]?
   Enter Definition type (I or E) [E]?
   Route filter deleted
   IP config>

udp-destination port-number address
Deletes a UDP Forwarding destination address that was configured using the add udp-destination command. The result is that locally delivered UDP datagrams received at the specified port will not be forwarded to the specified IP address.

port-number
Valid Values: any integer in the range 0 to 65535

Default Value: none

address
Valid Values: any valid IP address

Default Value: none

Examples:

delete udp-destination 36 20.1.2.2

vrid interface-ip-address vrid
Deletes a configured Virtual Router ID definition for a VRRP router.

interface-ip-address
Indicates the IP interface for which this VRID is being deleted.

Valid Values: Any configured IP interface.

Default Value: none

vrid
The Virtual Router identifier. The combination of the ip-interface-address and vrid uniquely define the VRID. It is used to identify the VRID which is going to be deleted.

Valid Values: 1-255

Default Value: none

Example:
IP config>delete vrid
IP Interface [ ]? 153.2.2.25
Virtual Router ID (1-255) [0]? 1
VRID 153.2.2.25/1 deleted.

vr-address interface-ip-address vrid ip-address
Deletes a secondary address from a configured Virtual Router ID (VRID) definition.

interface-ip-address
The IP interface for the VRID.

Valid Values: Any configured IP interface.

Default Value: none

vrid
The Virtual Router identifier. The combination of the ip-interface-address and vrid uniquely define the VRID. The VRID must be configured for addresses to be deleted from its definition.

Valid Values: 1-255

Default Value: none

ip-address
The additional IP address that will be deleted from the VRRP definition.

Valid Values: Any IP address.

Default Value: none

Example:

IP config>delete vr-address
IP Interface [ ]? 153.2.2.25
Virtual Router ID (1-255) [0]? 1
IP Address to delete [ ]? 5.1.1.1
VRID 153.2.2.25/1 addr 5.1.1.1 deleted.

Disable

Use the disable command to disable IP features previously enabled by the enable command.

Syntax:

disable
arp-net-routing

arp-subnet-routing

bootp-forwarding

classless

directed-broadcast

dynamic-address

echo-reply

fragment-offset-check

icmp-redirect . . .

nexthop-awareness . . .

override default/static-routes . . .

packet-filter

per-packet-multipath

receiving policy . . .

receiving rip . . .

receiving dynamic all/hosts/nets/subnets . . .

record-route

rip

rip2

route-table-filtering

same-subnet

sending all/default/net/subnet/poisoned/host/static/...

sending outage-only . . .

sending policy . . .

sending rip1-routes-only

simple-internet-access

source-addr-verification

source-routing

tftp-server

timestamp

trace

udp-forwarding . . .

vrrp . . .

arp-net-routing
Turns off ARP network routing. When this is enabled, the router replies by proxy to all ARP requests for remote destinations that are best reached through the router. This is the default and the generally recommended setting.

Example: disable arp-net-routing

arp-subnet-routing
Turns off the IP feature called ARP subnet routing or proxy ARP, which, when enabled, deals with hosts that have no IP subnetting support. This is the default and the generally recommended setting.

Example: disable arp-subnet-routing

bootp-forwarding
Turns off the BOOTP/DHCP relay function.

Example: disable bootp-forwarding

classless
Disables the suppression of natural network routes. Natural network routes (for example, class A, B, or C routes) will be automatically generated for advertisement in protocols that do not advertise the subnet mask (for example, RIPv1).

directed-broadcast
Disables the forwarding of IP packets whose destination is a non-local (for example, remote LAN) broadcast address. The source host originates the packet as a unicast where it is then forwarded as a unicast to a destination subnet and "exploded" into a broadcast. You can use these packets to locate network servers.
Note:Forwarding and exploding cannot be disabled separately.

Example: disable directed-broadcast

dynamic-address 0.0.0.n
On the specified PPP network interface, disables the router from learning its IP address from the remote node on that network interface. By default, this option is disabled.

This option is valid only on a network interface that has been configured as an unnumbered serial line interface (the IP address assigned to the network interface by the add address command is 0.0.0.n, where n is the network interface number).

Example:

IP config> disable dynamic-address
Interface address []? 0.0.0.1
IP config>

echo-reply
Disables the router's ICMP Echo Reply function. Thus a ping sent to any of the router's interfaces will not generate a reply. The router defaults to echo-reply enabled.

Example: disable echo-reply

fragment-offset-check
Disables the checking of the fragment offset of received IP packets. When this check is enabled, the router checks each fragment to ensure that no secondary fragment has overlaid the first eight bytes of the first fragment's payload. By default this check is disabled.

icmp-redirect ip-interface-address
Disables the router from sending ICMP Redirect messages on the specified IP interface. If you enter nothing at the prompt for the IP interface address, the router will be disabled from sending ICMP Redirect messages on all IP interfaces.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example:

IP config> disable icmp-redirect
Interface address (NULL for all) []? 192.9.200.44
IP config>

nexthop-awareness ip-interface-address
Disables nexthop awareness on an IP interface.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example:

IP config>disable nexthop-awareness 1.1.1.1
IP config>disable nexthop-awareness
Interface address []? 2.2.2.2
IP config>

override default/static-routes ip-interface-address
By default, routes received by RIP do not override static routes. However, the command enable override static-routes enables routes received by RIP to override static routes. After RIP routes have been enabled to override static routes, you can use the command disable override default-route or disable override static-route to again prevent static routes from being overridden by routes received by RIP. The command disable override default-route prevents a default route received by RIP on interface ip-interface-address from replacing a default route already installed in the IP routing table. The command disable override static-routes prevents RIP routes received on interface ip-interface-address from overriding any of the router's static routes.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: disable override default 128.185.123.22

packet-filter filter-name
Disables specified interface-specific access control list (packet-filters).

filter-name
Valid Values: Any 16-character name. You can include dashes (-) and underscores (_) in the name.

Default Value: None

Example: disable packet-filter pf-in-0

per-packet-multipath
If per-packet-multipath is disabled, equal cost multipath routes will load balance by destination when the destination is placed in the IP cache. The default is disabled.

receiving policy global/interface ip-interface-address
Disables the use of the policy for determination of what routes are accepted by RIP. The disable receiving policy global command disables the use of the global route filter receiving policy for all RIP interfaces that meet these two conditions:

After the global RIP route filter receiving policy has been disabled, the RIP interfaces are no longer affected by that policy.

The disable receiving policy interface ip-interface-address command disables the use of the route filter policy for the specified interface.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

receiving rip ip-interface-address
Prevents RIP from processing any RIP updates received on interface ip-interface-address.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: disable receiving rip 128.185.123.22

receiving dynamic all/hosts/nets/subnets ip-interface-address
The disable receiving dynamic nets command ensures that for RIP updates received on the interface ip-interface-address, the router accept only those network level routes entered by the add accept-rip-route command. The disable receiving dynamic subnets command produces the analogous behavior for subnet routes. The disable receiving dynamic host produces the analogous behavior for host routes.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: disable receiving dynamic nets 128.185.123.22

record-route
Disables the router from receiving or forwarding IP packets that contain a record route IP option. By default, the router receives and forwards these packets.

rip
Turns off the RIP protocol.

Example: disable rip

rip2
Disables RIP2 on an IP interface on which it was previously enabled.

ip-interface-address
Indicates the IP interface on which RIP2 is disabled.

Valid Values: any valid IP address

Default Value: none

Example: disable rip2 128.185.123.22

route-table-filtering
Disables application of route-table-filters when routes are added to the routing table.

Example: disable route-table-filtering

same-subnet
Disables the same subnet option. When the router is rebooted, it will not allow multiple IP interfaces to the same subnet to be installed. This is the default.

Example: disable same-subnet

sending policy global/interface ip-interface-address
Disables the use of the route filter policy for the determination of what routes are advertised by RIP. The disable sending policy global disables the use of the global route filter sending policy for all RIP interfaces that meet these two conditions:

After the RIP global sending route policy has been disabled, the RIP interfaces are no longer affected by that policy.

The disable sending policy interface ip-interface-address command disables the use of the route filter policy on the specified interface.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

sending rip-routes-only ip-interface-address
To stop advertising only RIP routes in the RIP2 multicast packets.

ip-interface-address
Valid Values: any valid IP address of an interface that has RIP2 enabled.

Default Value: none

Example: disable sending rip1-routes-only 128.185.123.22

sending all/default/host/net/poisoned/static/subnet ip-interface-address
Prevents the router from advertising the specified type of route in RIP updates sent out using the interface ip-interface-address. The other flags that control the RIP routes sent out an interface are host-routes, static-routes, net-routes, and subnet-routes. You can turn these off individually. A route is advertised if it is specified by any of the enabled flags.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: disable sending net-routes 128.185.123.22

sending outage-only interface-IP-address
Disables the sending of RIP updates contingent on the presence of the route specified on the analogous enable command. When this function is disabled, RIP advertisements will be sent unconditionally.

interface-IP-address
Valid Values: any valid IP address

Default Value: none

Example: disable sending outage-only

simple-internet-access
This option disables Simple Internet access on the specified interface.

source-addr-verification
This inbound packet filter option verifies that a received packet's source IP address is consistent, based on the IP routing table, with the interface from which it was received. This option helps prevent the forwarding of packets from an IP host that is using a source IP address that does not belong to it, a technique known as spoofing. This command is valid only in the packet filter configuration console (accessed by the update packet-filter command).

source-routing
Prevents the router from forwarding source-routed packets (that is, IP packets that include a source-route option). This option defaults to source-routing enabled.

Example: disable source-routing

tftp-server
Prevents the router from accepting TFTP GET or PUT requests from the network. This prevents the inadvertent overlaying of configuration files or load images from another device. You will still be able to perform TFTP client operations (GETs and PUTs) from the router through a directly attached terminal or telnet session.

timestamp
Disables the router from receiving or forwarding IP packets that contain a timestamp IP option. By default, the router receives and forwards these packets.

trace rule-number
Disables tracing of IP packets that match the specified access control rule number. By default, this option is disabled. For more information on tracing IP packets, see the enable trace command.

Example: disable trace 1

udp-forwarding port-number
Disables UDP forwarding for packets received by the router with the specified UDP destination port number.

Default: UDP forwarding is disabled for all port numbers.

port-number
Valid Values: an integer in the range 0 to 65535

Default Value: 0

Example: disable udp-forwarding 36

vrrp
Disables Virtual Router Redundancy Protocol.

Example: disable vrrp

Enable

Use the enable command to activate IP features, capabilities, and information added to your IP configuration.

Syntax:

enable
arp-net-routing

arp-subnet-routing

bootp-forwarding

classless

directed-broadcast

dynamic-address

echo-reply

fragment-offset-check

icmp-redirect

nexthop-awareness

override default ...

override static-routes ...

packet-filter

per-packet-multipath

receiving policy . . .

receiving rip ...

receiving dynamic all ...

receiving dynamic hosts...

receiving dynamic nets ...

receiving dynamic subnets ...

record-route

rip

rip2

route-table-filtering

same-subnet

sending all-routes ...

sending default-routes ...

sending host-routes ...

sending net-routes ...

sending outage-only . . .

sending poisoned-reverse-routes

sending policy . . .

sending rip1-routes-only

sending static-routes ...

sending subnet-routes ...

simple-internet-access

source-addr-verification

source-routing

tftp-server

timestamp

trace

udp-forwarding ...

vrrp ...

arp-net-routing
Turns on ARP network routing. When enabled, the router replies by proxy to all ARP requests for remote destinations that are best reached through the router. Use this command when there are hosts on the LAN that ARP for all destinations, instead of (as is proper) only local destinations.

Example: enable arp-net-routing

arp-subnet-routing
Turns on the router's ARP subnet routing (sometimes also called Proxy ARP) function. This function is used when there are hosts unaware of subnetting attached to directly connected IP subnets. The directly connected subnet having subnet-incapable hosts must use ARP for this feature to be useful.

The way ARP subnet routing works is as follows. When a subnet-incapable host wants to send an IP packet to a destination on a remote subnet, it does not realize that it should send the packet to a router. The subnet-incapable host therefore simply broadcasts an ARP request. This ARP request is received by the router. The router responds as the destination (hence the name proxy) if both arp-subnet-routing is enabled and if the next hop to the destination is over a different interface than the interface receiving the ARP request.

If there are no hosts on your LAN that are "subnet-incapable," do not enable ARP-subnet routing. If ARP subnet routing is needed on a LAN, it should be enabled on all routers on that LAN.

Example: enable arp-subnet-routing

bootp-forwarding
Turns on BOOTP/DHCP packet forwarding. In order to use BOOTP forwarding, you must also add one or more BOOTP servers with the add bootp-server command.

Example: enable bootp-forwarding

            Maximum number of forwarding hops [4]?
            Minimum seconds before forwarding [0]?

Maximum number of forwarding hops
Maximum number of allowable BOOTP agents that can forward a BOOTP request from the client to the Server (this is not the maximum number of IP hops to the server).

Default: 4

Minimum seconds before forwarding
This parameter is generally not used. Use this parameter when there is a redundant path between the client and the server, and you want to use the secondary path or paths as a standby.

Default Value: 0

classless
Indicates the router will be operating in a classless IP addressing environment. The IBM 2210 fully supports CIDR addressing as described in RFC 1817 without this option enabled. Enabling this option prevents automatic generation of the natural network routes (for example, Class A, B, or C network routes) corresponding to routes added to the IP route table. If you are not running RIPv1 you do not require the natural network route.

Example: enable classless

directed-broadcast
Enables the forwarding of IP packets whose destination is a network-directed or subnet-directed broadcast address. The packet is originated by the source host as a unicast where it is then forwarded as a unicast to a destination subnet and "exploded" into a broadcast. These packets can be used to locate network servers. This command enables both the forwarding and exploding of directed broadcasts. The IP packet forwarder never forwards link level broadcasts/multicasts, unless they correspond to Class D IP addresses. (See the OSPF enable multicast-routing command.) The default setting for this feature is enabled.
Note:Forwarding and exploding cannot be implemented separately. Also, the router will not forward all-subnets IP broadcasts.

Example: enable directed-broadcast

dynamic-address 0.0.0.n
On the specified PPP network interface, enables the router to learn its IP address from the remote node on that network interface. By default, this option is disabled.

This option is valid only on a network interface that has been configured as an unnumbered serial line interface (the IP address assigned to the network interface by the add address command is 0.0.0.n, where n is the network interface number).
Note:For the router to learn its IP address from the remote node, in addition to enabling this option, you must also configure IPCP on the PPP network interface to request an IP address from the remote node.

Example:

Config>network 1
Point-to-Point user configuration
PPP 1 Config>set ipcp
IP COMPRESSION [no]:
Request an IP address [no]: yes
Interface remote IP address to offer if requested (0.0.0.0 for none) [0.0.0.0]?
PPP 1 Config>exit
Config>protocol ip
Internet protocol user configuration
IP config>add address
Which net is this address for? [0]? 1
New address []? 0.0.0.1
Address mask [0.0.0.0]?
IP config>enable dynamic-address
Interface address []? 0.0.0.1
IP config>
 

echo-reply
Enables the building and sending of an ICMP Echo Reply in response to an ICMP Echo Request.

Example: enable echo-reply

fragment-offset-check
Enables the checking of the fragment offset of received IP packets in which the IP protocol number is 6 (that is, TCP). Packets with a fragment offset of 1 are dropped. By default, this check is disabled.
Note:After it has been enabled, this function can be activated without affecting any other functions of IP. See the talk 5 reset IP command for more information.

icmp-redirect ip-interface-address
Enables the router to send ICMP Redirect messages on the specified IP interface. If you enter nothing at the prompt for the IP interface address, the device will be enabled to send ICMP Redirect messages on all IP interfaces.

ip-interface-address
Valid Values: any valid IP address, or nothing for all IP interfaces

Default Value: none

Example:

IP config> enable icmp-redirect
Interface address (NULL for all) []? 192.9.200.44
IP config>

nexthop-awareness ip-interface-address
Enables nexthop awareness on an IP interface.

ip-interface-address
Valid Values: any valid IP address

Default Value: disabled

Example:

IP config>enable nexthop-awareness 1.1.1.1
IP config>enable nexthop-awareness
Interface address []? 2.2.2.2
IP config>

override default ip-interface-address
Enables received RIP information to override any default route installed in the IP routing table. This command is invoked on a per-IP-interface basis. When the enable override default command is invoked, default RIP routes received on interface ip-interface-address overwrites the router's current default route, providing the cost of the new default is cheaper.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: enable override default 128.185.123.22

override static-routes ip-interface-address
Enables received RIP information to override some of the router's statically configured routing information. This command is invoked on a per-IP-interface basis. When the enable override static-routes command is invoked, RIP routing information received on interface ip-interface-address overwrite statically configured network/subnet routes providing the cost of the RIP information is cheaper.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: enable override static-routes 128.185.123.22

packet-filter filter-name
Enables specified interface-specific access control list (packet-filters).

filter-name
Valid Values: any 16-character name. You can include dashes (-) and underscores (_) in the name.

Default Value: none

Example: enable packet-filter pf-in-0

per-packet-multipath
If per-packet-multipath is enabled, and there are multiple equal-cost paths to a destination, then the router load balances between equal cost paths for each packet in round-robin fashion. The default for this feature is disabled.

Example: enable per-packet-multipath

receiving policy global/interface ip-interface-address route-policy-identifier
Enables the use of the route filter policy for determination of what routes are accepted by RIP. The enable receiving policy global route-policy-identifier command enables the use of the global route filter receiving policy for RIP interfaces that meet these two conditions:

After the global route filter receiving policy has been enabled, the RIP interfaces that meet these conditions will accept routes as defined by the policy.

The command enable receiving policy interface ip-interface-address route-policy-identifier enables the use of the route filter policy for the determination of which routes are accepted on one specified RIP interface. Note that dynamic nets, subnets, and hosts are not applicable if global or interface receiving policy is enabled.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

route-policy-identifier
Valid Values: a valid route policy identifier consisting of a 1 to 15-character string of ASCII characters

Default Value: none

receiving rip ip-interface-address
Enables the processing of RIP updates that are received on a particular interface. This command has an analogous disable command. (See the disable receiving command.) This command is enabled by default.

If you invoke the disable receiving rip command, no RIP updates will be accepted on interface ip-interface-address address.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: enable receiving rip 128.185.123.22

receiving dynamic nets ip-interface-address
Modifies the processing of RIP updates that are received on a particular interface. This command has an analogous disable command. (See the disable receiving command.) This command is enabled by default.

If you invoke the disable receiving dynamic nets command, for RIP updates received on interface ip-interface-address, the router will not accept any network-level routes unless they have been specified in an add accept-rip-route command.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: enable receiving dynamic nets 128.185.123.22

receiving dynamic subnets ip-interface-address
Modifies the processing of RIP updates that are received on a particular interface. This command has an analogous disable command. (See the disable receiving command.) This command is enabled by default.

If you invoke the disable receiving dynamic subnets command, for RIP updates received on interface ip-interface-address, the router will not accept any subnet-level routes unless they have been specified in an add accept-rip-route command.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: enable receiving dynamic subnets 128.185.123.22

record-route
Enables the router to receive and forward IP packets that contain a record route IP option. This is the default.
Note:After it has been enabled, this function can be activated without affecting any other functions of IP. See the talk 5 reset IP command for more information.

rip
Enables the router's RIP protocol processing.

When RIP is enabled, the following default behavior is established:

To change any of the default sending/receiving behaviors, use the IP configuration commands, which are defined on a per-IP-interface basis.

Example: enable rip

rip2 ip-interface-address RIP2-authentication authentication-keys

Enables RIP2 on an IP interface. RIP2 advertisements are sent to the 224.0.0.9 multicast address. RIP2 is described in RFC 1723.

ip-interface-address

Indicates the IP interface on which RIP2 is enabled.Valid Values: any valid IP address

Default Value: none

RIP2-authentication

Indicates whether or not a simple clear-text key will be used for RIP2 authentication. Authentication is not required.Valid Values: yes or no

Default Value: yes

authentication-key

Defines a clear-text password which will be used for RIP2 authentication. You are prompted for this string only when you answer yes to the question "Set RIP-2 Authentication?" When RIP2 authentication is used, only RIP2 packets with a matching password are accepted.Valid Values: a clear-text ASCII string

Default Value: a null string

Example:

             IP config>enable rip2
             Set for which interface address [0.0.0.0]? 153.2.2.25
             RIP2 is enabled on this interface.
             Set RIP-2 Authentication? [Yes]: yes
             Authentication Key []? C1C3C5C5
             Retype Auth. Key []? C1C3C5C5
             RIP2 Authentication is enabled on this interface.

route-table-filtering
Applies route table filters to any route added to the routing table. Route table filters are applied based on a most-specific match of the destination and network mask. Route table filters are never applied to direct routes or static routes.

Example: enable route-table-filtering


same-subnet
Enables the same subnet option. When the device is rebooted, it will allow multiple IP interfaces to the same subnet to be installed. Multiple IP interfaces to the same subnet are useful under only one of the following conditions:

By default, this option is disabled.

Example: enable same-subnet

sending default-routes ip-interface-address
Determines the contents of RIP updates that are sent out a particular interface. This command has an analogous disable command. (See the disable sending command.) The effect of the enable sending command is additive. Each separate enable sending command specifies that a certain set of routes should be advertised from a particular interface. A route is included in a RIP update only if it has been included by at least one of the enable sending commands. The enable sending default-routes command specifies that the default route (if one exists) should be included in RIP updates sent out interface ip-interface-address.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: enable sending default-routes 128.185.123.22
Note:By default, RIP will send network, subnet, and static routes.

sending net-routes ip-interface-address
Determines the contents of RIP updates that are sent out a particular interface. This command has an analogous disable command. (See the disable sending command.)

The effect of the enable sending command is additive. Each separate enable sending command specifies that a certain set of routes should be advertised from a particular interface. A route is included in an RIP update only if it has been included by at least one of the enable sending commands. The enable sending network-routes command specifies that all network-level routes should be included in RIP updates sent out interface ip-interface-address. A network-level route is a route to a single class A, B, or C IP network.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: enable sending net-routes 128.185.123.22

sending outage-only interface-ip-address outage-network outage-network-mask
Enables the sending of RIP update packets on the interface specified by interface-ip-address contingent on the presence of the IP route specified by the outage-network and outage-network-mask. Normally, updates are sent unconditionally on interfaces configured to advertise RIP routes. Additionally, RIP updates are ignored on an outage-only interface when the specified route is present. This function can be useful in backup scenarios where the backup dial circuit is configured as a Dial-on-Demand circuit.

ip-interface-address
Valid values: any valid IP address

Default value: none

outage-network
Valid values: any valid IP address

Default value: none

outage-network-mask
Valid values: any valid IP mask

Default value: none

Example: enable sending outage-only

IP config>enable sending outage-only
Set for which interface address [0.0.0.0]? 0.0.0.2
Outage network []? 10.50.0.0
Outage network mask []? 255.255.0.0

In this example, RIP advertisements will only be sent on the unnumbered interface when the 10.50.0.0/255.255.0.0 route is absent from the routing table.

sending poisoned-reverse-routes ip-interface-address
A technique used by RIP to improve convergence time when routes change (for complete details on the technique, refer to RFC 1058). Use of this technique increases the size of RIP update messages. You may find it more acceptable to minimize routing overhead by accepting somewhat slower convergence. The disable sending poisoned-reverse-routes command specifies that poisoned reverse routes should not be included in RIP updates sent out on an interface specified by the enable ip-interface-address command.

Default: Enabled

ip-interface-address
Valid Values: any valid IP address

Default Value: none

sending policy global/interface ip-interface-address route-policy-identifier
Enables the use of the route filter policy for determination of what routes are advertised by RIP. The enable sending policy global route-policy-identifier command enables the use of the global route filter sending policy for RIP interfaces that meet these two conditions:

After the global route filter sending policy is enabled, RIP interfaces that meet these two conditions will advertise routes as determined by the global route filter sending policy.

The enable sending policy interface ip-interface-address route-policy-identifier command enables the use of the route filter policy for the determination of which routes are advertised on the specified RIP interface.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

route-policy-identifier
Valid Values: a valid route policy identifier consisting of a 1 to 15-character string of ASCII characters

Default Value: none

sending rip-routes-only ip-interface-address
To advertise only RIP routes in the RIP2 multicast packets.

ip-interface-address
Valid Values: any valid IP address of an interface that has RIP2 enabled.

Default Value: none

Example: enable sending rip-routes-only 128.185.123.22

sending subnet-routes ip-interface-address
Determines the contents of RIP updates that are sent out a particular interface. This command has an analogous disable command. (See the disable sending command.) The effect of the enable sending command is additive. Each separate enable sending command specifies that a certain set of routes should be advertised out a particular interface. A route is included in an RIP update only if it has been included by at least one of the enable sending commands. The enable sending subnet-routes command specifies that all subnet routes should be included in RIP updates sent out interface ip-interface-address. However, a subnet route is included only if ip-interface-address connects directly to a subnet of the same IP subnetted network.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: enable sending subnet-routes 128.185.123.22

sending static-routes ip-interface-address
Determines the contents of RIP updates that are sent out a particular interface. This command has an analogous disable command. (See the disable sending command.) The effect of the enable sending command is additive. Each separate enable sending command specifies that a certain set of routes that meet other sending criteria should be advertised out a particular interface. A route is included in an RIP update only if it has been included by at least one of the enable sending commands. The enable sending static-routes command specifies that all statically configured and directly connected routes should be included in RIP updates sent out interface ip-interface-address.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

Example: enable sending static-routes 128.185.123.22

sending host-routes ip-interface-address
Determines the contents of RIP updates that are sent out a particular interface. This command has an analogous disable ... command. (See the disable sending command.) The effect of the enable sending command is additive. Each separate enable sending command specifies that a certain set of routes should be advertised out a particular interface. A route is included in an RIP update only if it has been included by at least one of the enable sending commands. The enable sending host-routes command specifies that all host routes should be included in RIP updates sent out interface ip-interface-address.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

simple-internet-access
This option enables Simple Internet Access on the specified interface. Use Simple Internet Access to create an integrated configuration that includes an unnumbered serial line with the Dynamic Address option enabled, IP Packet Filters (both inbound and outbound), IP Access Controls (both inbound and outbound), a Default Route, Dynamic NAT/NAPT Reserve pool and a private address subnet in the DHCP feature. Users that have additional requirements for the listed integrated configuration should consider manual configuration.
Note:This option is only available on images that include both the DHCP and NAT feature.

source-addr-verification
This inbound packet filter option verifies that a received packet's source IP address is consistent, based on the IP routing table, with the interface from which it was received. This option helps prevent the forwarding of packets from an IP host that is using a source IP address that does not belong to it, a technique known as spoofing. This command is valid only in the packet filter configuration console (accessed by the update packet-filter command).

source-routing
Allows the router to forward IP packets containing an IP source route option.

Example: enable source-routing

tftp-server
Allows the router to accept TFTP GET or PUT requests from the network for configuration files or image loads.

Example: enable tftp-server

timestamp
Enables the router to receive and forward IP packets that contain a Timestamp IP option. This is the default.
Note:After it has been enabled, this function can be activated without affecting any other functions of IP. See the talk 5 reset IP command for more information.

trace rule-number
Enables tracing of IP packets that match the specified access control rule number. By default, this option is disabled.

Tracing of IP packets uses the packet trace function of the Event Logging System. See the set trace and view commands in the chapter Configuring and Monitoring the Event Logging System (ELS) in the Software User's Guide for details on these commands. Only IP packets that match an access control rule for which trace is enabled are traced. The access control rule may be in the global access control list or in a packet filter access control list. Use the list access-control command to see the rules for which trace has been enabled.

Example: Tracing all IP Packets

IP config>set access-control on
IP config>add access-control
Access Control type [E]? i
Internet source [0.0.0.0]?
Source mask [0.0.0.0]?
Internet destination [0.0.0.0]?
Destination mask [0.0.0.0]?
Starting protocol number ([0] for all protocols) [0]?
Starting DESTINATION port number ([0] for all ports) [0]?
Starting SOURCE port number ([0] for all ports) [0]?
Filter on ICMP Type ([-1] for all types) [-1]?
TOS/Precedence filter mask (00-FF - [0] for none) [0]?
TOS/Precedence modification mask (00-FF - [0] for none) [0]?
Use policy-based routing? [No]:
Enable logging? [No]:
IP config>list access-control
Access Control is: enabled
Access Control facility: USER
 
List of access control records:
 
1   Type=I    Source=0.0.0.0          Dest  =0.0.0.0          Prot=  0-255
              SMask =0.0.0.0          DMask =0.0.0.0
              SPorts=    0-65535      DPorts=    0-65535
                      T/C= **/**      Log=N
IP config>enable trace
Index of access control to be traced [1]?
IP config> Ctrl-P
*talk 5
+protocol ip
IP>reset ip
IP>exit
+event
Event Logging System user console
ELS>set trace memory-trace-buffer-size
Amount of memory (in bytes) reserved for tracing [0]? 10000
ELS>set trace on
ELS>set trace decode on
ELS>view first
#1 Dir:INCOMING  Time:0.5.47.53  Trap:450
Comp:IPV4  Type:UNKNOWN  Port:65535  Circuit:0x000000  Size:64
 
** IPv4 Packet **
Ver/Hdr Len/TOS:           4 20 0x00
Packet Length/ID:          64 0x9E4E
Fragment Offset:           0x0000
TTL/Protocol/Hdr Chksum:   1 OSPF  0xA89D
Source Addr/Dest Addr:     10.0.10.106 224.0.0.5
 
** OSPF Header **
Version:                   2
Packet type:               Hello
Packet length:             44
Router ID:                 10.0.0.106
Area ID:                   0.0.0.0
Checksum:                  0xDDB5
Authentication type:       0
Authentication:            0x00000000
Authentication:            0x00000000
Network mask:              255.255.255.0
Hello interval:            10
Options:                   E-bit
Options:                   MC-bit
Router priority:           1
Router dead interval:      40
Designated router:         10.0.10.106
Backup Designated router:  0.0.0.0
ELS>

udp-forwarding port-number
Enables UDP forwarding for packets received by the router with the specified UDP destination port number.

Default: UDP forwarding is disabled for all port numbers.

port-number
Valid Values: an integer in the range 0 to 65535

Default Value: 0

Example: enable udp-forwarding 36

vrrp
Enables Virtual Router Redundancy Protocol

Example: enable vrrp

List

Use the list command to display various pieces of the IP configuration data, depending on the particular subcommand invoked.

Syntax:

list
all

access-control

addresses

bootp

filters

icmp-redirect

igmp

mtu

nexthop-awareness

packet-filter

parameters

protocols

redundant-default-gateway

rip

route-policy

route-table-filtering

routes

simple-internet-access

sizes

tags

udp-forwarding

vrid

all
Displays the entire IP configuration.

Example: list all

access-control
Displays the configured access control mode (enabled or disabled) and the list of configured global access control records. Each record is listed with its record number. This record number can be used to reorder the list with the IP move access-control command.

Example: list access-control

addresses
Displays the IP interface addresses that have been assigned to the router, along with their configured broadcast formats. The interface identified by BDG/0 is the bridging interface.

Example: list addresses

bootp
Indicates whether BOOTP forwarding is enabled or disabled as well as the configured list of BOOTP servers.

Example: list bootp

filters
Lists the router's configured filtered networks.

icmp-redirect
Lists whether the sending of ICMP redirect messages is enabled or disabled on each IP interface.

igmp
Displays the IGMP configuration.

Example:

IP config>list igmp
 
Net          IGMP          Query          Response          Leave Query
            Version       Interval        Interval           Interval
                            (secs)          (secs)             (secs)
---         -------       --------        --------          -----------
   0             2             250             10                  1
   1             1             125             10                  1
   4             2             125             10                  2
   5             2             125             20                  1
 
IP config>

mtu
Lists configured MTU values.

nexthop-awareness
Lists the setting of nexthop awareness on all IP interfaces.

Example:

IP config>list nexthop-awareness
Nexthop awareness for each IP interface address:
   intf  0   1.1.1.1          255.0.0.0        nexthop awareness enabled
   intf  1   2.2.2.2          255.0.0.0        nexthop awareness disabled
IP config>

packet-filter filter-name
Lists information on packet filters. If you specify a name, the command lists access control information configured for the filter. If you do not specify a filter name, the command lists configured packet-filters. If you have configured a packet filter on the bridge interface, the interface is identified by BDG/0.

Example: list packet-filter pf-in-0

Name               Direction     Interface
pf-in-0            In            0
 
Access Control is: enabled
 
List of access control records:
 
1  Type=E    Source=128.185.0.0   Dest=0.0.0.0           Prot=0-255
             Mask=255.255.0.0     Mask=0.0.0.0
             Sports=  0-65535     Dports=  1-65535
             ACK0=N  T/C= **/**   Log=No
 
2  Type=IN   Source=10.1.1.1      Dest=10.1.1.2          Prot=0-255
             Mask=255.255.255.255 Mask=255.255.255.254
             Sports=  N/A         Dports=  N/A           
                                  Log=Yes ELS=N SNMP=Y SLOG=L(Emergency)
 
3  Type=I    Source=0.0.0.0       Dest=0.0.0.0          Prot=0-255
             Mask=0.0.0.0         Mask=0.0.0.0
             Sports= 1-65535      Dports=  1-68835
                                  Log=No
             Trace=Enabled
 

parameters
Lists the various global IP parameters.

Example: list parameters

IP config>list parameters
ARP-SUBNET-ROUTING    : enabled
ARP-NET-ROUTING       : enabled
CLASSLESS             : disabled
DIRECTED-BROADCAST    : enabled
DSCACHE-SIZE          : 1024 entries
ECHO-REPLY            : enabled
FRAGMENT-OFFSET-CHECK : enabled
PER-PACKET-MULTIPATH  : disabled
REASSEMBLY-SIZE       : 12000 bytes
RECORD-ROUTE          : enabled
ROUTING TABLE-SIZE    : 768 entries (52224 bytes)
(Routing) CACHE-SIZE  : 64 entries
SAME-SUBNET           : disabled
SOURCE-ROUTING        : enabled
TIMESTAMP             : enabled
TTL                   : 64

protocols
Displays the configured state of the IP routing protocols (OSPF, RIP, BGP) along with other general configuration settings.

Example: list protocols

redundant-default-gateway
Displays the Redundant Default IP Gateway for each interface configured.

Example: list redundant

Redundant Default IP Gateways for each interface:
   inf 4  11.1.1.6     255.0.0.0     00.00.00.00.00.BA  primary
   inf 8  33.3.3.6     255.0.0.0     00.00.00.00.00.AB  backup

rip
Displays all RIP configuration parameters. RIP can be configured to receive and send dynamic routes or the routes can be defined by a route filter policy. See the IP configuration commands enable receiving dynamic nets/subnets/hosts for more information about dynamic routing. See Route Filter Policy Configuration for more information about route filter policies.

Example:

IP config>list rip
 
RIP: enabled
RIP default origination: disabled
RIP global receive policy: rip-in
 
  Per-interface address flags:
  Net:     0  153.2.2.25       RIP Version 1
                               Send net, subnet and static routes
                               Receive routes based on global receive
                                    policy: rip-in
                               RIP interface input metric: 1
                               RIP interface output metric: 0
  Net:     1  153.2.1.1        RIP Version 1
                               Send net, subnet and static routes
                               Receive routes based on global receive
                                    policy: rip-in
                               RIP interface input metric: 1
                               RIP interface output metric: 0
  Net:     2  0.0.0.2          RIP Version 1
                               Send routes based on interface send
                                    policy: rip-import
                               Receive routes based on global receive
                                    policy: rip-in
                               RIP interface input metric: 1
                               RIP interface output metric: 0
 
Accept RIP updates always for:
[NONE]

route-policy route-policy-identifier
Displays configured route policy information. If you specify a particular route policy, a detailed listing of that route policy is displayed. If you do not specify a particular route policy, a summary display of all policies is displayed.

Example:

IP config>list route-policy
Route Policy Identifier [1-15 characters] [ ]?
 
 Route Policy        Checksum  Policy-Application                                             ---------------------------------------------
 rip-send            0x8637      Longest-match
 rip-receive         0x5049      Longest-match
 rip-global-send     0xC9EA      Longest-match

route-table-filtering
Displays the list of route filters added to the routing filter.

Example: list route-table-filtering

IP config>list route-table-filtering
 
Route Filtering Disabled
 
Destination     Mask           Match Type
10.1.1.0        255.255.255.0   BOTH  E
50.50.0.0       255.255.0.0     BOTH  I
10.1.1.1        255.255.255.255 EXACT I
50.0.0.0        255.0.0.0       BOTH  E
 
MORE-Match more-specific routes   EXACT-Match route exactly
BOTH-Match exact and more-specific routes  E-Exclude  I-Include
IP config>

routes
Displays the list of static routes that have been configured.

Example: list routes

IP config>list routes
 
route to 1.1.0.0        ,255.255.0.0     via 10.1.1.1        cost 1
                                         via 20.1.1.1        cost 2
                                         via 30.1.1.1        cost 3
route to 2.2.0.0        ,255.255.0.0     via 10.2.2.2        cost 10
route to 3.3.0.0        ,255.255.0.0     via 10.3.3.3        cost 100
                                         via 20.3.3.3        cost 200

simple-internet-access
Displays the Simple Internet Access interface number.

sizes
Displays the routing table size, reassembly buffer size, and the route cache size.

Example: list sizes

tags
Displays the per-interface tags that will be associated with received RIP information. These tags can be used to group routes together for later readvertisement via BGP where a tag will be treated as if it were a route's source autonomous system (AS). Tags are also propagated by the OSPF routing protocol.

Example: list tags

udp-forwarding
Displays all the configured information for the UDP Forwarding function, including all ports and all IP addresses.

Example: list udp-forwarding

vrid
Displays the configured VRRP status, VRIDs, and VRID addresses.

Example:

IP config>list vrid
 
VRRP Enabled
 
                           --VRID Definitions--
 
IP address      VRID  Priority Interval Auth   Auth-key Flags Address(es)
153.2.2.25         1       255        1 None   N/A      P     5.1.1.1

Move

Use the move command to change the order of records in the global access control list. This command places record number from# immediately after record number to#. After you move the records, they are immediately renumbered to reflect the new order.

The router applies the access control records in a list in the order that they were created. For each packet received on an interface, the router applies each access control record in order until it finds a match. The first record that matches the packet determines whether it will be discarded, or forwarded to its destination.

This makes the order of the access control records very important. If they are in the wrong order, certain packets may slip through, or be blocked, in a manner contrary to your intentions.

Let us say, for example, that access control record 1 enforces the rule: all packets from network 10.0.0.0 shall be blocked on this interface. Contrary to this, access control record 2 states: Packets from subnet 10.5.5.0 in network 10.0.0.0, which are destined for address 1.2.3.4, shall be allowed to pass. Assigned in this order, these records will block all traffic from 10.0.0.0, even though record 2 explicitly allows certain types of packets to pass.

In this example, record 1 makes record 2 moot. Record 1 guarantees that the router discards all packets from 10.0.0.0, despite the intent of record 2, which is that certain packets be forwarded. The key to fixing this type of problem is in the order of the access control records. This way, packets in subnet 10.5.5.0 and destined for address 1.2.3.4 will pass through the interface; the router discards all other packets from 10.0.0.0 as intended.

Syntax:

move access-control
from# to#

Example: move 5 2

Set

Use the set command to set certain values, routes, and formats within your IP configuration.

Syntax:

set
access-control...

access-control log-facility

broadcast-address...

cache-size

default network-gateway...

default subnet-gateway...

dscache-size

igmp ...

internal-ip-address

mtu

originate-rip-default

reassembly-size

rip-in-metric

rip-out-metric

router-id

routing table-size

tag . . .

ttl

access-control on or off
Allows you to configure the router to enable or disable IP access control. Setting access-control on enables the global access control list as well as the interface-specific lists. Setting it off disables all lists but does not delete them

Example: set access-control on

access-control log-facility log-facility
Sets the SysLog facility for access control. The SysLog facility option defines the system upon which the SysLog messages will be displayed.
Note:After it has been enabled, this function can be activated without affecting any other functions of IP. See the talk 5 reset IP command for more information.

log-facility
Valid Values: KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, LPR, NEWS, UUCP, CRON, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7, USER

Default Value: USER

Example:

IP config> set access-control log-facility
SYSLOG facility? (KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, LPR,
NEWS, UUCP, CRON, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7) [USER]?

broadcast-address ip-interface-address style fill-pattern
Specifies the IP broadcast format that the router uses when broadcasting packets out on a particular interface. IP broadcasts are most commonly used by the router when sending RIP update packets.

The style parameter can take either the value local wire or the value network. Local-wire broadcast addresses are either all ones (255.255.255.255) or all zeros (0.0.0.0). Network style broadcasts begin with the network and subnet portion of the ip-interface-address.

You can set the fill-pattern parameter to either 1 or 0. This indicates whether the rest of the broadcast address (that is, other than the network and subnet portions, if any) should be set to all ones or all zeros.

When receiving the router recognizes all forms of the IP broadcast address.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

style
Valid Values: local-wire or network

Default Value: local-wire

fill-pattern
Valid Values: 0 or 1

Default Value: 1

The example below configures a broadcast address of 255.255.255.255. The second example produces a broadcast address of 192.9.1.0, assuming that the network 192.9.1.0 is not subnetted.

Example: set broadcast-address 192.9.1.11 local-wire 1 set broadcast-address 192.9.1.11 network 0

cache-size entries
Configures the maximum number of entries for the IP routing cache. This cache stores information about the specific IP addresses to which the router has recently forwarded packets. The cache reduces the processing time needed to forward multiple packets to the same destination.

In contrast with this cache, the IP routing table stores information about all accessible networks but does not contain specific IP destination addresses. Use the set routing table-size command to configure the size of the IP routing table.

Valid Values: 64 to 10000

Default Value: 64

Example: set cache-size 64

default network-gateway next-hop cost
Configures a route to the authoritative router (default gateway). You should assume that the router's default gateway has more complete routing information than the router itself.

The route is specified by the IP address of the next hop (next-hop) and the distance (cost) to the default gateway.

All packets having unknown destinations are forwarded to the authoritative router (default gateway).

nexthop
Valid Values: any valid IP address

Default Value: 0.0.0.0 with a gateway cost of 1.

cost
Valid Values: an integer in the range 0 to 255

Default Value: 1

Example: set default network-gateway 192.9.1.10 10

default subnet-gateway subnetted-network next-hop cost
Configures a route to a subnetted network's authoritative router (default subnet gateway). You can configure a separate default subnet gateway for each subnetted network.

The IP address of the next hop (next-hop) and the distance (cost) to the default subnet gateway specify the route.

All packets destined for unknown subnets of a known subnetted network are forwarded to the subnetted network's authoritative router (default subnet gateway).

subnetted network

Valid Values: any valid IP address

Default Value: 0.0.0.0

next-hop

Valid Values: any valid IP address

Default Value: 0.0.0.0

cost

Valid Values: an integer in the range 0 to 255

Default Value: 1

Example: set default subnet-gateway 128.185.0.0 128.185.123.22 6

dscache-size entries
Configures the number of entries to be allocated for the DiffServ flow cache. The DiffServ flow cache is allocated if one of the following conditions is true:

Valid Values: 64 to 8192

Default Value: 1024

igmp ...
Configures Internet Group Management (IGMP) parameters. You can specify values for the following parameters:

query interval net interval
Changes the interval between IGMP general queries.

net
Specifies the network number for the interface being configured.

Valid values: Any valid network number

Default value: None

interval
Specifies the number of seconds between the transmissions of general queries.

Valid values: 1 - 3600

Default value: 125

response-interval net interval
Changes the maximum response time inserted into IGMP general queries.

net
Specifies the network number for the interface being configured.

Valid values: Any valid network number

Default value: None

interval
Specifies the number of seconds between the transmissions of a query and a host sending an IGMP Report in response.

Valid values: 1 - 60

Default value: 10

robustness-variable net variable
Changes the robustness variable for a network.

net
Specifies the network number for the interface being configured.

Valid values: Any valid network number

Default value: None

variable
Specifies the number of IGMP packets sent to combat packet loss on a network.

Valid values: 2 - 10

Default value: 2

leave-interval net interval
Changes the maximum response time inserted into IGMP specific queries.

net
Specifies the network number for the interface being configured.

Valid values: Any valid network number

Default value: None

interval
Specifies the number of seconds allowed between the transmissions of specific queries and a host sending an IGMP Report in response.

Valid values: 1 - 60

Default value: 1

version net vernum
Changes the version of IGMP running on a network.

net
Specifies the network number for the interface being configured.

Valid values: Any valid network number

Default value: None

vernum
Specifies the version number to run on the network.

Valid values: 1 or 2

Default value: 2

internal-ip-address ip-address
Configures an IP address that is independent of the state of any interface. The internal address is always considered active. The primary reason for defining an internal address is to provide an address for a TCP connection that will not become inactive when an interface becomes inactive. This address is used for data link switching (DLSw), allowing alternate paths to be used to avoid disrupting DLSw connections when an interface becomes inactive. Because the internal address remains active and because OSPF maintains active IP routes to this destination, IP routing can switch DLSw traffic onto the alternate path without bringing down the TCP connection or disrupting the SNA sessions that are running on top of DLSw.

The internal IP address also provides some value when unnumbered interfaces are used. It is the first choice as a source address for packets originated by this router and transmitted over an unnumbered interface. The stability of this address makes it easier to keep track of such packets. The chance for confusion is further reduced when the same IP address is used for both the router ID and the internal address. Therefore the router ID will default to the internal address.

When an internal address is defined, it will be advertised by OSPF as a host route into all areas directly attached to the router. It will also show up as a host route and will be advertised in RIP if allowed by the RIP sending configuration of the interface.

Valid Values: any valid IP address.

Default Value: none

Example: set internal-ip-address 142.82.10.1

mtu
Sets the MTU value for the IP protocol on this interface.

Valid Values: 0, 68 - 65535

Default Value: Minimum of all non-zero MTUs on the network

originate-rip-default
Causes RIP to advertise this router as the default gateway. Use this command in the following environment:

Traffic in the RIP network for destinations that are not known by RIP can follow the default path to this router. The more complete routing information in this node's route table can then be used to forward the traffic along an appropriate path towards its destination. You can configure the router to only originate the default when routes are known to this router that will not be advertised in the RIP network.

When you issue this command, you will be prompted to indicate whether the router should always originate a RIP default or to originate a RIP default only when the route from other protocols are available.

This default route will direct traffic bound for a non-RIP network to a boundary router. Originating a single default route means that the boundary router does not have to distribute the other network's routing information to the other nodes in its network.

from AS number
Valid Values: an integer in the range 0 to 65535

Default Value: none

to network number
Valid Values: any valid IP address

Default Value: none

default cost
Valid Values: an integer in the range 0 to 255

Default Value: 1

Example: set originate-rip-default

            IP config> set originate rip-default
            Always originate default route? [No]:?
            Originate default if BGP routes available? [No] yes
              From AS number [6]?
              To network number [0.0.0.0]?
            Originate default if OSPF routes available? [No]
            Originate default cost [1]?

reassembly-size bytes
Configures the size of the buffers that are used for the reassembly of fragmented IP packets.

Valid Values: 2048-65535

Default: 12000

Example: set reassembly-size 12000

rip-in-metric ip-interface-address metric
Allows the configuration of the metric to be added to RIP routes of an interface prior to installation in the routing table.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

metric
Valid Values: an integer in the range 1 to 15

Default Value: 1

Example: set rip-in-metric 128.185.120.209 1

rip-out-metric ip-interface-address metric
Allows the configuration of the metric to be added to RIP routes advertised on an interface configured to advertise RIP or RIP2 routes.

ip-interface-address
Valid Values: any valid IP address

Default Value: none

metric
Valid Values: an integer in the range 0 to 15

Default Value: 0

Example: set rip-out-metric 128.185.120.209 0

router-id ip-address
Sets the default IP address used by the router when sourcing various IP packets. This address is of particular importance in multicasting and OSPF.

The router ID must match one of the configured IP interface addresses of the router or the configured internal IP address. If not, it is ignored. When ignored, or just not configured, the default IP address of the router (and its OSPF router ID) is set to the internal IP address (if configured) or to the first IP address in the router's configuration.

Valid Values: any valid IP address

Default Value: none

Example: set router-id 128.185.120.209

routing table-size number-of-entries
Sets the size of the router's IP routing table. The default size is 768 entries. Setting the routing table size too small causes dynamic routing information to be discarded. Setting the routing table size too large wastes router memory resources. See "Sizes" for additional information about table sizes.

Valid Values: an integer number of entries in the range 64 to 65535

Default Value: 768 entries

Example: set routing table-size 1000

tag
Configures the per-interface tags associated with received RIP information. These tags can be used to group routes together for later readvertisement via BGP where a tag will be treated as if it were a route's source autonomous system (AS) number. (Refer to the information on originate, send, and receive policies in the chapter "Using and Configuring BGP" in Protocol Configuration and Monitoring Reference Volume 1.) Tags are propagated also by the OSPF routing protocol.

Valid Values: an integer in the range 0 to 65535

Default Value: 0

Example: set tag

             Interface address [0.0.0.0]? 1.1.1.1
             Interface tag (AS number) [0]? 1

ttl
Specifies the time-to-live for packets originated by the router.

Valid Values: a numeric in the range 1 to 255

Default Value: 64

Example: set ttl 255

Update

Use the update packet-filter command to configure packet filters. This is an example of the command:

IP config> update packet-filter
Packet-filter name [ ]? pf-1-in
Packet-filter 'pf-1-in' Config>
Packet-filter-name is any packet filter name that you have created by using the add packet-filter packet-filter-name command from the IP config> prompt. To enable the packet filter, you use the set access-control on command. From the Packet-filter 'packet-filter-name' Config> prompt, you can enter these commands:

Syntax:

add access-control

change access-control

delete access-control

disable

enable

list access-control

move access-control

For the add access-control, change access-control, delete access-control,list access-control, and move access-control commands for the Packet-filter 'filter-name' Config> prompt, see the descriptions of the parameters under the access-control parameter that is displayed at the IP config> prompt. For example, see add access-control for a description of the parameters for the update packet-filter add access-control command.

For the disable and enable commands, the keyword source-addr-verification can be configured only from the Packet-filter 'filter-name' Config> prompt.

The following sections list the parameters that are unique to the update packet-filter command. These are parameters that apply to packet filters, but not to router-wide filters and are entered only at the Packet-filter 'filter-name' Config> prompt.

add/change access-control type

Network Address Translation (NAT)
This type of packet filter access control rule passes packets to NAT for address translation. This type is valid only in packet filters and only when specified in combination with inclusive, for example, IN. Refer to the description of the NAT feature in the Software User's Guide for more information. An example of access control rules for NAT is found in the in the chapter Using Network Address Translation in Using and Configuring Features.

Valid Value: N

Default Value: none

disable/enable source-addr-verification
This inbound packet filter option verifies that a received packet's source IP address is consistent, based on the IP routing table, with the interface from which it was received. This option helps prevent the forwarding of packets from an IP host that is using a source IP address that does not belong to it, a technique known as spoofing.

Example:

Packet-filter 'filter-name' Config> enable source-addr-verification

disable/enable trace access-control-index-number
This option disables or enables packet trace for a specific access control rule. To view the packets that have been traced, use the Talk 5 GWCON event command and use the Talk 5 ELS view command with the appropriate options to display the trace records.
Note:To make the trace setting active, enter the Talk 5 reset IP command.

Example:

Packet-filter 'filter-name' Config> enable trace 1

Examples:

The following examples show how to configure various access control rules for packet filters. Refer to the chapter "Using Network Address Translation" in Using and Configuring Features for an example of access control rules for NAT.

Example 1--Exclusive type access control rule
This example shows how to exclude all incoming packets originating from network 128.185.0.0 and received on interface 0.
    Packet-filter 'pf-in-0' Config> add access-control
    Enter type [E]?
    Internet source [0.0.0.0]? 128.185.0.0
    Source mask [255.255.255.255]? 255.255.0.0
    Internet destination [0.0.0.0]?
    Destination mask [255.255.255.255]? 0.0.0.0
    Enter starting protocol number ([CR] for all) [-1]?
Enable Logging? (Yes or [No]):

Example 2--Deleting an access control rule
Use the list access-control command to find the access control index number.
    Packet-filter 'test' Config> delete access-control
    Enter index of access control to be deleted [1]? 4

The router responds by displaying the access-control record that you have specified.

4  Type=I    Source=1.2.9.9       Dest=0.0.0.0          Prot=0-255
             Mask=255.0.0.255     Mask=0.0.0.0
             Sports=  0-65535     Dports=  1-65535
                                  Log=No
Are you sure this is the record you want to delete (Yes or [No]): y
    Deleted
    Packet-filter 'test' Config>
Dports are destination ports and Sports are source ports.

Example 3-- List access-control command
You can use the list access-control command to view the access controls configured for each packet filter.
Packet-filter 'pf-in-0' Config> list access-control
Access Control is: enabled
Access Control facility: USER
 
List of access control records:
 
1  Type=E    Source=128.185.0.0   Dest=0.0.0.0           Prot=0-255
             Mask=255.255.0.0     Mask=0.0.0.0
             Sports=  0-65535     Dports=  1-65535
             ACK0=N  T/C= **/**   Log=No
             Trace=Enabled
 
2  Type=I    Source=9.67.8.3      Dest=128.54.67.8     Prot=0-255
             Mask=255.255.255.255 Mask=255.255.255.254
             Sports=  N/A         Dports=  N/A      
                                  Log=Yes ELS=N SNMP=Y SLOG=L(Emergency)
 
3  Type=I    Source=0.0.0.0       Dest=0.0.0.0           Prot=0-255
             Mask=0.0.0.0         Mask=0.0.0.0
             Sports= 1-65535      Dports=  1-68835
                                  Log=No
 

Route Filter Policy Configuration

This section describes the subset of commands used to configure route filter policies. To access this subset of IP configuration commands, follow these steps:

  1. Create a route filter policy. See the add route-policy command on page ***.

  2. Use the change route-policy command to bring up the IP Route Policy Config> prompt. The IP Route Policy Config> prompt applies only to the particular route policy identified by the change route-policy command.

    Example:

    IP config>change route-policy ospf-import
    ospf-import IP Route Policy Configuration
    IP Route Policy Config>
    
Note:Route filter policies can be used to determine which routes are imported in OSPF and the specific details of their advertisement, including OSPF external type, metric, and tag value. Refer to the enable as boundary routing command on page "Enable" for information about using route filter policies to configure OSPF.

Route filter policies can also be used to control what routes are advertised or accepted when RIP is used. See the previously described enable receiving, enable sending, disable receiving, and disable sending commands.


Table 20. IP Route Policy Configuration Commands Summary
 Command   Function 
 Add   Adds an action, an entry, or a match condition to a route filter policy. 
 Delete  Deletes an action, an entry, or a match condition from a route filter policy.
 List  Lists the route policy entries, actions, and match conditions for the route policy currently being changed.
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Add

Use the add command to add route filter policy entries to the route filter policy, to add match conditions to existing entries, or to add actions to existing entries.

Syntax:

add
action . . .

entry . . .

match-condition . . .

action . . .
Adds an action to an existing route filter policy entry. Adding an action to a route filter policy is optional. One action can be added to each entry. If you need more than one action to apply to one address or address range, specify a second entry for that address or range. Then, define the second action for the second entry. These are the actions that can be specified:

Syntax:

auto-tag

set manual-tag

set metric

set route-type

auto-tag route-policy-index
Automatically sets the tag for the route, using a routing protocol specific heuristic. This option is described in RFC 1745.

route-policy-index
Identifies the entry to which the action should be applied.

Valid Value: 1 to 65535

Default Value: none

set manual-tag route-policy-index manual-tag
Sets the manual tag for the route to the specified value. This tag is usually the AS number when the protocol is OSPF.

route-policy-index
Identifies the entry to which the action should be applied.

Valid Value: 1 to 65535

Default Value: none

manual-tag

Valid Value: X'0' to X'FFFFFFFF'

Default Value: none

set metric route-policy-index metric
Sets the metric for the route to the specified value.

route-policy-index
Identifies the entry to which the action should be applied.

Valid Value: 1 to 65535

Default Value: none

metric

Valid Value: 1 to 255

Default Value: none

set route-type route-policy-index route-type
Sets the OSPF external route type. This action is ignored for applications other than OSPF AS boundary route importation.

route-policy-index
Identifies the entry to which the action should be applied.

Valid Value: 1 to 65535

Default Value: none

route-type

Valid Value: 1 or 2

Default Value: none

entry route-policy-index ip-address ip-mask address-match policy-type
Adds a route filter policy entry to the route filter policy being changed. Each entry within a route filter policy is identified by a unique index number, which is manually configured. If the entry with the specified index number already exists, that entry is changed according to the new parameters configured.

When you add the route filter policy, you define the processing of the entries as either strictly linear or longest match. If the route filter policy processing is strictly linear, the route filter policy entries are processed according to the ascending order of their index numbers. If the route filter policy processing is longest match, the route filter policy entries are processed according to the IP address and mask that has the longest match. If multiple route filter policy entries have the same IP address and mask when longest match is used, then the match will be in order of ascending index number among the entries with the same IP address and mask.

route-policy-index
Identifies the entry.

Valid Value: 1 to 65535

Default Value: none

ip-address

Valid Value: any valid IP address

Default Value: none

ip-mask

Valid Value: any valid IP mask

Default Value: none

address-match exact/range
If this value is exact, the route filter policy entry will match only on a route with that exact address and mask. If this value is range, the route filter policy entry will match on any route that is within the range encompassed by the address and mask, including the exact route.

Valid Value: exact or range

Default Value: range

policy-type inclusive/exclusive
If this value is inclusive, routes matching this route filter policy entry are included in the routing table. If this value is exclusive, routes matching this route filter policy entry are excluded, that is, they are not entered into the routing table. Even if actions are configured for a route filter policy entry that is exclusive, these actions are not applicable.

Valid Value: inclusive or exclusive

Default Value: inclusive

match-condition . . .
Adds a match condition to an existing route filter policy entry. A match condition, which is an optional parameter or set of parameters, is applied to a route that the entry definition has matched. The match condition filters the packet for particular conditions in addition to the IP address and the IP mask. Only one match condition can be configured per entry. To use two match conditions for the same address or address range, you can add a second entry to the route filter policy and specify the second match condition for that entry. These are the match conditions:

Syntax:

as

gateway

metric

net

protocol

source-gateway

as route-policy-index as-number
Matches the route according to its AS number. This value is interpreted only when the route filter policy is applied to AS boundary routing.

route-policy-index
An integer that identifies the entry with which the match should be made.

Valid Value: 1 to 65535

Default Value: none

as-number

Valid Value: 1 to 65535

Default Value: none

gateway route-policy-index gateway-address-and-mask
Matches the route with a next-hop gateway in the specified range.

route-policy-index
Identifies the entry with which the match should be made.

Valid Value: 1 to 65535

Default Value: none

gateway-address-and-mask

Valid Value: a valid IP address and mask

Default Value: none

metric route-policy-index lower-metric-number upper-metric-number
Matches the metric of the route with the one of the numbers in a range of metric numbers. You will be prompted for two numbers to identify the range of metric numbers: one for the low end of the range and one for the high end. If you want a single metric number, specify the same number twice.

route-policy-index

Valid Value: 1 to 65535

Default Value: none

lower-metric-number

Valid Value: 1 to 65535

Default Value: none

upper-metric-number

Valid Value: 1 to 65535

Default Value: none

net route-policy-index lower-net-number upper-net-number
Matches the routes that have a next hop with an outgoing network number in the range defined by the lower and upper network numbers. You will be prompted for two numbers to identify the range of outgoing network numbers: one for the low end of the range and one for the high end. If you want a single network number, specify the same number twice.

route-policy-index
Identifies the entry with which the match should be made.

Valid Value: 1 to 65535

Default Value: none

lower-net-number
The lower bound of the network number range for matching next-hop outgoing networks. These can be viewed using the list devices command from the Config> prompt.

Valid Value: 1 to 65536

Default Value: none

upper-net-number
The upper bound of the network number range for matching next-hop outgoing networks.

Valid Value: 1 to 65536

Default Value: none

protocol protocol route-policy-index
Matches the route with a protocol.

protocol

Valid Values:

Syntax:

bgp

direct

natural-nets

ospf-intra

ospf-inter

ospf

ospf-all

ospf-ext

ospf-e1

ospf-e2

rip

static

Default Value: none

route-policy-index
An integer that identifies the entry with which the match should be made.

Valid Value: 1 to 65535

Default Value: none

source-gateway route-policy-index ip-address-and-mask
Matches routes that come from a specified source gateway or a range of source gateways.

route-policy-index
An integer that identifies the entry with which the match should be made.

Valid Value: 1 to 65535

Default Value: none

ip-address-and-mask

Valid Values: any valid IP address and mask combination

Default Value: none

Delete

Use the delete command to delete route filter policy entries, match-conditions from existing route filter policy entries, or actions from existing route filter policy entries. See the add command in this section for a description of the parameters that can be deleted.

List

Use the list command to list the route filter policy entries, match conditions, and actions that exist for the route filter policy currently being changed.

Syntax: list

Example:

IP Route Policy Config>list
 
     IP Address      IP Mask           Match  Index  Type
     -----------------------------------------------------
     9.0.0.0         255.0.0.0         Range  1      Include
     10.0.0.0        255.0.0.0         Range  2      Exclude
         Match Conditions:  Protocol: BGP
     0.0.0.0         0.0.0.0           Range  3      Include
         Match Conditions:  Protocol: Static
                            Gateway IP Address Range: 153.2.2.20/255.255.255.255
     10.1.1.0        255.255.255.0     Range  4      Include
     0.0.0.0         0.0.0.0           Range  7      Include
         Policy Actions:    Set Manual Tag: 0xACEEACEE
     0.0.0.0         0.0.0.0           Range  8      Include
         Match Conditions:  Protocol: RIP

Accessing the IP Monitoring Environment

Use the following procedure to access the IP monitoring commands. This process gives you access to the IP monitoring process.

  1. At the OPCON prompt, enter talk 5. (For more detail on this command, refer to "The OPCON Process and Commands" in the Software User's Guide.) For example:
        * talk 5
        +
    

    After you enter the talk 5 command, the GWCON prompt (+) displays on the terminal. If the prompt does not appear when you first enter configuration, press Return again.

  2. At the + prompt, enter the protocol ip command to get you to the IP> prompt.

    Example:

        + prot ip
        IP>
     
    

IP Monitoring Commands

This section describes the IP monitoring commands. Table 21 lists the IP monitoring commands. The commands allow you to monitor the router's IP forwarding process. The monitoring capabilities include the following: configured parameters such as interface address and static routes can be viewed, the current state of the IP routing table can be displayed, and a count of IP routing errors can be listed.

Table 21. IP Monitoring Command Summary
 Command   Function 
? (Help) Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help".
 Access controls   List the current IP access control mode, together with the configured access control records. 
 Cache   Displays a table of all recent routed destinations. 
 Counters   Lists various IP statistics, including counts of routing errors and packets dropped. 
 Dscache   Lists the actions, stats, and order of the DiffServ flow cache. 
 Dump routing tables   Lists the contents of the IP routing table. 
 IGMP   Displays IGMP counters and parameters 
 Interface addresses   Lists the router's IP interface addresses. 
 Packet-filter   Displays the access-control information defined for the specified packet-filter, or all filters. 
 Parameters   Lists various parameter values. 
 Ping   Sends ICMP Echo Requests to another host and watches for a response. This command can be used to isolate trouble in an internetwork environment. 
 Redundant Default Gateway   Lists whether a redundant default gateway exists and if it is active or inactive. 
 Reset   Allows you to dynamically reset the IP/RIP configuration. 
 RIP   Displays the status of the RIP protocol. 
 RIP-Policy   Displays the route filter policy applied on the specified interface. 
 Route   Lists whether a route exists for a specific IP destination, and if so, the routing table entry that corresponds to the route. 
 Route-table-filtering   Lists any defined route filters and indicates whether route-filtering is enabled or disabled. 
 Sizes   Displays the size of specific IP parameters. 
 Static routes   Displays the static routes that have been configured. This includes the default gateway. 
 Traceroute   Displays the complete path (hop-by-hop) to a particular destination. 
 UDP-Forwarding   Displays the UDP port numbers and destination IP addresses  that you added using the add command or the enable command.
 VRID   Displays detailed information for a specific VRID 
 VRRP   Lists the summary status for the VRRP protocol. 
Exit Returns you to the previous command level. See "Exiting a Lower Level Environment".

Access Controls

Use the access controls command to print the global access control mode in use together with a list of the configured global access control rules.

Access control is either disabled (meaning that no access control is being done and the access control rules are being ignored) or enabled (meaning that access control is being done and the access control rules are being recognized). The set access on talk 6 command enables access control.

Syntax:

access

Example: access

            Access Control currently enabled
            Access Control facility: USER
            Access Control run 702469 times, 657159 cache hits
 
            List of access control records:
 
1  Type=I    Source=2.2.2.2          Dest=2.2.2.128         Prot= 0-255
             SMask =255.255.255.254  DMask=255.255.255.128  Use=271
             Sports=  2-200          Dports=  1-100
                     T/C= 1/4        Log=Yes  ELS=L SNMP=Y  SLOG=S(Information)
             Trace=Enabled
 
2  Type=E    Source=0.0.0.0          Dest=0.0.0.0           Prot= 1
             SMask =255.255.255.255  DMask=255.255.255.255  Use=18962
             Sports=  N/A            Dports=  N/A
                      T/C= 1/**      Log=Yes ELS=N SNMP=N   SLOG=L(Alert)
 
3  Type=I    Source=1.1.1.1          Dest=1.1.1.2           Prot= 6
             SMask =255.255.255.255  DMask=255.255.255.254  Use=42
             Sports=  2-200          Dports=  1-100
                                     Log=No
 
4  Type=I    Source=9.1.2.3          Dest=0.0.0.0       Prot=  0-255
             SMask =255.255.255.255  DMask=0.0.0.0      Use=0
             SPorts=  0-65535        DPorts=  0-65535
                      T/C= **/**     Log=N
             Tos=xE0/x00-x00         ModifyTos=x1F/x08
             PbrGw=9.2.160.1         UseDefRte=Y
 
5  Type=I    Source=0.0.0.0        Dest=0.0.0.0         Prot= 0-255
             Mask=0.0.0.0          Mask=0.0.0.0         Use=683194
             Sports=  1-65535      Dports=  1-65535
                                   Log=No

Exclusive (E) means that packets matching the access control rule are discarded. Inclusive (I) means that packets matching the access control rule are forwarded. When access control is enabled, packets failing to match any access control record are discarded. Prot (protocol) indicates the IP protocol number. Sports indicates the range of TCP/UDP source port numbers; Dports indicates the range of TCP/UDP destination port numbers. SYN indicates TCP connection establishment filtering. T/C stands for ICMP type and code; SLOG stands for SysLog.

The Use field specifies the number of times the access control system matched a particular record to an incoming packet, for example, the number of times that a particular record in the IP access controls system was invoked by the characteristics of an incoming or outgoing packet.

In this example, access control rule number 4 has activated the TOS filter. The TOS parameters are shown. See the add access-control command in talk 6 for a description of these parameters.

Cache

Use the cache command to display the IP routing cache, which contains recently routed destinations. If a destination is not in the cache, the router looks up the destination in the routing information table in order to make a forwarding decision.

Syntax:

cache

Example: cache

            Destination     Usage           Next hop
            128.185.128.225 1               128.185.138.180 (Eth/0)
            192.26.100.42   1               128.185.138.180 (Eth/0)
            128.185.121.1   18              128.185.123.18  (PPP/0)
            128.185.129.219 76              128.185.125.25  (PPP/1)
            128.185.129.41  130             128.185.125.25  (PPP/1)
            128.185.129.134 546             128.185.125.40  (PPP/1)
            128.185.129.221 1895            128.185.125.40  (PPP/1)
            128.185.129.193 96              128.185.125.40  (PPP/1)
            128.197.3.4     4               128.185.123.18  (PPP/0)
            128.185.128.25  98              128.185.125.41  (PPP/1)
            128.185.124.121 4               128.185.124.121 (Eth/0)
            128.185.136.203 95              128.185.125.39  (PPP/1)
            128.185.194.4   581             128.185.125.39  (PPP/1)
            128.185.123.17  2               128.185.123.17  (PPP/0)
            192.26.100.42   1               128.185.125.38  (PPP/1)
            128.52.22.6     2               128.185.123.18  (PPP/0)
            128.197.3.2     1               128.185.123.18  (PPP/0)
            128.185.126.24  61              128.185.125.25  (PPP/1)
            128.185.138.150 482             128.185.125.39  (PPP/1)
            128.185.123.18  152             128.185.123.18  (PPP/0)

Destination
IP destination host.

Usage
Number of packets recently sent to the destination host.

Next hop
IP address of the next router on the path toward the destination host. Also displayed is the network name of the interface used by the sending router to forward the packet.

Counters

Use the counters command to display the statistics related to the IP forwarding process. This includes a count of routing errors, along with the number of packets that have been dropped due to congestion.

Syntax:

counters

Example: counters

            Routing errors
            Count   Type
                0   Routing table overflow
             2539   Net unreachable
                0   Bad subnet number
                0   Bad net number
                0   Unhandled broadcast
            58186   Unhandled multicast
                0   Unhandled directed broadcast
             4048   Attempted forward of LL broadcast
 
            Packets discarded through filter  0
            IP multicasts accepted:           60592
             IP input packet overflows
                Net   Count
               TKR/0  0
                FR/0  0

Routing table overflow
Lists the number of routes that have been discarded due to the routing table being full.

Net unreachable
Indicates the number of packets that could not be forwarded due to unknown destinations. This does not count the number of packets that have been forwarded to the authoritative router (default gateway).

Bad subnet number
Counts the number of packets or routes that have been received for illegal subnets (all ones or all zeros).

Bad net number
Counts the number of packets or routes that have been received for illegal IP destinations (for example, class E addresses).

Unhandled broadcasts
Counts the number of (non-local) IP broadcasts received (these are not forwarded).

Unhandled multicasts
Counts the number of IP multicasts that have been received, but whose addresses were not recognized by the router (these are discarded).

Unhandled directed broadcasts
Counts the number of directed (non-local) IP broadcasts received when forwarding of these packets is disabled.

Attempted forward of LL broadcast
Counts the number of packets that are received having non-local IP addresses but were sent to a link-level broadcast address. These are discarded.

Packets discarded through filter
Counts the number of received packets that have been addressed to filtered networks/subnets. These are discarded silently.

IP multicasts accepted
Counts the number of IP multicasts that have been received and successfully processed by the router.

IP packet overflows
Counts the number of packets that have been discarded due to congestion at the forwarder's input queue. These counts are sorted by the receiving interface.

Dscache

Use the dscache command to list the actions, stats, and order of the DiffServ flow cache.

Example: dscache actions

IP>dscache actions
Source          Destination     Pro ProtocolInf Net TosIn/Out Action
10.1.100.1      9.1.140.1         1 T:x08 C:x00   0 x05->x05   DROP
9.1.140.1       10.1.100.1        1 FrgId:x0008  -1 x00->x15   PASS
10.1.100.1      9.1.140.1         1 FrgId:x0008  -1 x03->x15   PASS
10.1.100.1      9.1.140.1         6  1024>   23   0 xFE->x15   PASS
9.1.140.1       10.1.100.1        1 T:x03 C:x03   1 x00->x15   PASS
10.1.100.1      9.1.140.1        17 12585>33437   0 x00->x15   PASS
10.1.100.1      9.1.140.1         1 FrgId:x0010  -1 x05->x05   DROP
9.1.140.1       10.1.100.1        6    23> 1024   1 x00->x15   PASS
9.1.140.1       10.1.100.1        1 T:x00 C:x00   1 x00->x15   PASS
10.1.100.1      9.1.140.1         1 FrgId:x0009  -1 x05->x05   DROP
 
 

Example: dscache stats

IP>dscache stats
Source          Destination     Pro ProtocolInf Net Tos     RxPkts    RxBytes
10.1.100.1      9.1.140.1         1 T:x08 C:x00   0 x05          2       4088
9.1.140.1       10.1.100.1        1 FrgId:x0008  -1 x00          1         26
10.1.100.1      9.1.140.1         1 FrgId:x0008  -1 x03          1         26
10.1.100.1      9.1.140.1         6  1024>   23   0 xFE          9        383
9.1.140.1       10.1.100.1        1 T:x03 C:x03   1 x00          1         56
10.1.100.1      9.1.140.1        17 12585>33437   0 x00          1         84
10.1.100.1      9.1.140.1         1 FrgId:x0010  -1 x05          1         26
9.1.140.1       10.1.100.1        6    23> 1024   1 x00          8        879
9.1.140.1       10.1.100.1        1 T:x00 C:x00   1 x00          8       6552
10.1.100.1      9.1.140.1         1 FrgId:x0009  -1 x05          1         26
 
 

Example: dscache order

IP>dscache order
Source          Destination     Pro ProtocolInf Net Tos
10.1.100.1      9.1.140.1         6  1024>   23   0 xFE
9.1.140.1       10.1.100.1        6    23> 1024   1 x00
9.1.140.1       10.1.100.1        1 T:x03 C:x03   1 x00
10.1.100.1      9.1.140.1        17 12585>33437   0 x00
10.1.100.1      9.1.140.1         1 FrgId:x0010  -1 x05
10.1.100.1      9.1.140.1         1 T:x08 C:x00   0 x05
10.1.100.1      9.1.140.1         1 FrgId:x0009  -1 x05
9.1.140.1       10.1.100.1        1 FrgId:x0008  -1 x00
9.1.140.1       10.1.100.1        1 T:x00 C:x00   1 x00
10.1.100.1      9.1.140.1         1 FrgId:x0008  -1 x03

Dump Routing Table

Use the dump command to display the IP routing table. A separate entry is printed for each reachable IP network/subnet. The IP default gateway in use (if any) is listed at the end of the display.

Syntax:

dump

Example: dump

            Type   Dest net         Mask     Cost Age   Next hop(s)
            SPE1   0.0.0.0          00000000  4    3    128.185.138.39  (2)
            SPF*   128.185.138.0    FFFFFF00  1    1    Eth/0
            Sbnt   128.185.0.0      FFFF0000  1    0    None
            SPF    128.185.123.0    FFFFFF00  3    3    128.185.138.39  (2)
            SPF    128.185.124.0    FFFFFF00  3    3    128.185.138.39  (2)
            SPF    192.26.100.0     FFFFFF00  3    3    128.185.131.10  (2)
            RIP    197.3.2.0        FFFFFF00  10   30   128.185.131.10
            RIP    192.9.3.0        FFFFFF00  4    30   128.185.138.21
            Del    128.185.195.0    FFFFFF00  16   270  None
 
 
            Default gateway in use.
 
            Type Cost Age  Next hop
            SPE1 4    3    128.185.138.39
 
            Routing table size: 768 nets (36864 bytes), 36 nets known

Type
Indicates how the route was derived.

Sbnt - Indicates that the network is subnetted; such an entry is a place-holder only.

Dir - Indicates a directly connected network or subnet.

RIP - Indicates that the route was learned through the RIP protocol.

Del - Indicates that the route has been deleted.

Stat - Indicates a statically configured route.

BGP - Indicates routes learned through the BGP protocol.

BGPR - Indicates routes learned through the BGP protocol that are readvertised by OSPF and RIP.

Fltr - Indicates a routing filter.

SPF - Indicates that the route is an OSPF intra-area route.

SPIA - Indicates that it is an OSPF inter-area route.

SPE1, SPE2 - Indicates OSPF external routes (type 1 and 2 respectively)

Rnge - Indicates a route type that is an active OSPF area address range and is not used in forwarding packets.

Dest net
IP destination network/subnet.

Mask
IP address mask.

Cost
Route Cost.

Age
For RIP and BGP routes, the time that has elapsed since the routing table entry was last refreshed.

Next Hop
IP address of the next router on the path toward the destination host. Also displayed is the interface type used by the sending router to forward the packet.

An asterisk (*) after the route type indicates that the route has a static or directly connected backup. A percent sign (%) after the route type indicates that RIP updates will always be accepted for this network/subnet.

A number in parentheses at the end of the column indicates the number of equal-cost routes to the destination. The first hops belonging to these routes can be displayed with the IP route command.

IGMP

Use the igmp command to display IGMP counters and operational parameters for IGMP.

Syntax:

igmp
counters

parameters

counters
Displays the counts of IGMP messages sent and received.

Example:

IP+ igmp counters
     Net      Querier      Polls Sent      Polls Rcvd      Reports Rcvd
     ---      -------      ----------      ----------      ------------
      0         Y            4973               0              0
      2         N               1            4921              0
      5         Y            4972               0              0     

Net
Specifies the network number.

Querier
Specifies whether the device is the querier on the specified network.

Polls Sent
Number of IGMP queries sent.

Polls Rcvd
Number of IGMP queries received.

Reports Rcvd
Number of IGMP reports received.

parameters
Displays the operational IGMP parameters of the device's attached interfaces.

Example:

IP+ igmp parameters
 
        Net      Robustness      Query       Response     Leave Query
                  Variable      Interval     Interval      Interval
                                 (secs)       (secs)        (secs)
        ---      ----------     --------     --------     -----------
          0          2             125          10             1
          2          2             125          10             1
          5          2             125          10             1
 

Net
The network number of the IGMP interface.

Robustness variable
The robustness variable of the specified interface.

Query interval
The number of seconds between IGMP general queries on that network if this device is the designated IGMP querier.

Response interval
The maximum response time inserted into IGMP general queries on that network if this device is the designated IGMP querier.

Leave query interval
The maximum response time inserted into IGMP specific queries on that network if this device is the designated IGMP querier.

Interface Addresses

Use the interface addresses command to display the router's IP interface addresses. Each address is listed together with its corresponding hardware interface and IP address mask. If the bridge interface used for bridging and routing on the same interface has been assigned an IP address, it will also be listed. The bridge interface is identified by BDG/0.

Hardware interfaces having no configured IP interface addresses will not be used by the IP forwarding process; they are listed as Not an IN net. There is one exception. Serial lines need not be assigned IP interface addresses in order to forward IP traffic. Such serial lines are called unnumbered. They show up as having address 0.0.0.0.

Syntax:

interface

Example: interface

            Interface  IP Address(es)   Mask(s)          MTU
               TKR/0   133.1.169.2      255.255.252.0
                FR/0   133.1.167.2       255.255.254.0

Interface
Indicates the hardware type of the interface.

IP addresses
Indicates the IP address of the interface.

Mask
Indicates the subnet mask of the interface.

Packet-filter

Use the packet-filter command to display information defined for a specific packet filter, or for all filters. Packet-filters are interface-specific lists of access control records. Interfaces are identified by interface numbers, except for the bridge interface used for routing and bridging on the same interface. It is identified by BDG/0.

Syntax:

packet-filter
[name]

IPv4 Example: packet-filter pf-in-0

Name               Direction     Interface  State  SRC-Addr-Check #Access-Controls
pf-in-0            Out           0          On     N/A            3
 
Access Control is: enabled
Access Control run 563 times, 271 cache hits
 
List of access control records:
 
0  Type=IN   Source=10.1.1.1      Dest=10.1.1.2          Prot=0-255
             Mask=255.255.255.255 Mask=255.255.255.254   Use=71
             Sports=  N/A         Dports=  N/A
                                  Log=Yes ELS=N SNMP=Y SLOG=L(Emergency)
             Trace=Enabled
 
1  Type=I    Source=9.67.1.5      Dest=9.37.192.1        Prot=6-255
             Mask=255.255.255.255 Mask=255.255.255.255   Use=15
             Sports=  N/A         Dports=  N/A
                                  Log=Yes ELS=L SNMP=N SLOG=L(Debug)
 
2  Type=I    Source=0.0.0.0       Dest=0.0.0.0           Prot=0-255
             Mask=255.255.255.255 Mask=255.255.255.255   Use=477
             Sports=  0-65535     Dports=  1-65535
                                  Log=N
IPv6 Example: packet-filter pf-in-0
            Name               Direction     Interface   #Access-Controls
            pf-in-0            In            0           2
 
            Access Control currently enabled
            Access Control run 8 times, 7 cache hits
 
            List of access control records:
 
                                                               Beg End  Beg  End
              Ty  Source       Mask     Destination  Mask      PPP PPP  Port Port  Use
            0 I   0.0.0.0      00000000 192.67.67.20 00000000  6   6    25   25    0
            1 E   150.150.1.0  FFFFFF00 150.150.2.0  00000000  0   255  0    655   0
            2 I   0.0.0.0      00000000 0.0.0.0      00000000  89  89   0    655   27
              Trace=Enabled
 

Parameters

Use the parameters command to list the values of various parameters.

Example:

IP> parameters
ARP-SUBNET-ROUTING     : disabled
ARP-NET-ROUTING        : disabled
CLASSLESS              : disabled
DIRECTED-BROADCAST     : enabled
DSCACHE-SIZE           : 64 entries
ECHO-REPLY             : enabled
FRAGMENT-OFFSET-CHECK  : disabled
PER-PACKET-MULTIPATH   : disabled
REASSEMBLY-SIZE        : 12000 bytes
RECORD-ROUTE           : enabled
ROUTING TABLE-SIZE     : 768 entries (52224 bytes)
(Routing) CACHE-SIZE   : 64 entries
SAME-SUBNET            : disabled
SOURCE-ROUTING         : enabled
TIMESTAMP              : enabled
TTL                    : 64
 
IP>
 

Ping

Use the ping command to have the router send ICMP Echo messages to a given destination (that is, "pinging") and watch for a response. This command can be used to isolate trouble in the internetwork.

Syntax:

ping
dest-addr [src-addr data-size ttl rate tos data-value]

The ping process is done continuously, incrementing the ICMP sequence number with each additional packet. Each matching received ICMP Echo response is reported with its sequence number and the round-trip time. The granularity (time resolution) of the round-trip time calculation is usually around 20 milliseconds, depending on the platform.

To stop the ping process, type any character at the console. At that time, a summary of packet loss, round-trip time, and number of unreachable ICMP destinations will be displayed.

When a broadcast or multicast address is given as destination, there may be multiple responses printed for each packet sent, one for each group member. Each returned response is displayed with the source address of the responder.

You can specify the size of the ping (number of data bytes in the ICMP message, excluding the ICMP header), value of the data, time-to-live (TTL) value, rate of pinging, and TOS bits to set. You can also specify the source IP address. If you do not specify the source IP address, the router uses its local address on the outgoing interface to the specified destination. If you are validating connectivity from any of the router's other interfaces to the destination, enter the IP address for that interface as the source address.

Only the destination parameter is required; all other parameters are optional. By default the size is 56 bytes, the TTL is 64, the rate is 1 ping per second, and the TOS setting is 0. The first 4 bytes of the ICMP data are used for a timestamp. By default the remaining data is a series of bytes with values that are incremented by 1, starting at X'04', and rolling over from X'FF' to X'00' (for example, X'04 05 06 07 . . . FC FD FE FF 00 01 02 03 . . .'). These values are incremented only when the default is used; if the data byte value is specified, all of the ICMP data (except for the first 4 bytes) is set to that value and that value is not incremented. For example, if you set the data byte value to X'FF', the ICMP data is a series of bytes with the value X'FF FF FF . . .'.

Example:

   IP> ping
   Destination IP address [0.0.0.0]? 192.9.200.1
   Source IP address [192.9.200.77]?
   Ping data size in bytes [56]?
   Ping TTL [64]?
   Ping rate in seconds [1]?
   Ping TOS (00-FF) [0]? e0
   Ping data byte value (00-FF) [ ]?
   PING 192.9.200.77-> 192.9.200.1:56 data bytes,ttl=64,every 1 sec.
   56 data bytes from 192.9.200.1:icmp_seq=0.ttl=255.time=0.ms
   56 data bytes from 192.9.200.1:icmp_seq=1.ttl=255.time=0.ms
   56 data bytes from 192.9.200.1:icmp_seq=2.ttl=255.time=0.ms
 
 
   ----192.9.200.1 PING Statistics----
   3 packets transmitted, 3 packets received, 0% packet loss
   round-trip min/avg/max=0/0/0 ms
   IP>
IP>ping
 

Redundant Default Gateway

Use the redundant default gateway command to display the redundant Default IP Gateways configured for each interface.

Syntax:

redundant default gateway

Example:

Redundant Default IP Gateways for each interface:
   inf  3   22.2.2.6   255.0.0.0   00.00.00.00.00.AB   backup standby
   inf  4   11.1.1.6   255.0.0.0   00.00.00.00.00.BA   primary active
Note:Type can be "Primary" or "Backup". Status can be "Active" or "Standby".

Reset IP

Use the reset IP command to make effective certain IP and RIP configuration changes. See Response to IP Configuration Commands for a list of configuration changes made effective by this command.

Syntax:

reset ip

Example:

IP>interface
Interface  IP Address(es)   Mask(s)
  Eth/0    30.1.1.2         255.255.255.0
           30.1.1.1         255.255.255.0
           153.2.2.25       255.255.255.240
   FR/0    10.69.1.1        255.255.255.0
  PPP/0    0.0.0.0          255.255.0.0
IP>
*talk 6
 
IP config>add address 0 5.1.1.1 255.255.0.0
IP config>
*talk 5
 
IP>reset ip
 
IP>interface
Interface  IP Address(es)   Mask(s)
  Eth/0    5.1.1.1          255.255.0.0
           30.1.1.2         255.255.255.0
           30.1.1.1         255.255.255.0
           153.2.2.25       255.255.255.240
   FR/0    10.69.1.1        255.255.255.0
  PPP/0    0.0.0.0          255.255.0.0
 
IP> 

RIP

Use the rip command to display the RIP protocol status detail.

Syntax:

rip

Example:

     IP>rip
 
                                    RIP Interfaces
 
     Interface-Addr  Interface-Mask  Version  In Out  Send-Flags      Receive-Flags
     10.69.1.2       255.255.255.0      1      1   0  D,P
     200.1.1.2       255.255.255.0      2      1   0  Policy,P        Policy
     Send Flags: N=Network S=Subnet H=Host St=Static D=Default O=Outage-Only
                 P=PoisonReverse Policy=Send-Policy
     Recv Flags: N=Network S=Subnet H=Host OSt=Override-Static OD=Override-Default
                 Policy=Receive-Policy
 
             RIP Policy
 
     Interface-Address  Send Policy        Receive-Policy
     10.69.1.2          rip-global-send    rip-global-recv
     200.1.1.2          rip-send           rip-receive
     RIP global receive policy: rip-global-recv
     RIP global send policy: rip-global-send
 
     RIP never originates a default route

RIP-Policy

Use the rip-policy command to display the RIP policy that is currently applicable to the specified interface.

Syntax:

rip-policy

Example:

     IP>rip-policy
     For which interface [0.0.0.0]? 200.1.1.2
 
     Interface Send Policy: rip-send for 200.1.1.2
     Checksum 0x8637  Longest-Match Application
 
     IP Address      IP Mask           Match  Index  Type
     -----------------------------------------------------
     0.0.0.0         0.0.0.0           Range  1      Include
         Match Conditions:  Protocol: BGP
         Policy Actions:    Set Manual Tag: 0xACEEACEE
                            Set Metric: 3
 
     Interface Receive Policy: rip-receive for 200.1.1.2
     Checksum 0x5049  Longest-Match Application
 
     IP Address      IP Mask           Match  Index  Type
     -----------------------------------------------------
     0.0.0.0         0.0.0.0           Range  1      Include
         Match Conditions:  Source Gateway IP Address Range: 200.1.1.1/255.255.255.255
  

Route

Use the route command to display the route (if one exists) to a given IP destination. If a route exists, the IP addresses of the next hops are displayed, along with detailed information concerning the matching routing table entry. (See the IP dump command.)

Syntax:

route
ip-destination

Example: route 133.1.167.2

            Destination:    133.1.166.0
            Mask:           255.255.254.0
            Route type:     SPF
            Distance:       1
            Age:            1
            Tag:            0
            Next hop(s):    133.1.167.2       (FR/0)

Example: route 128.185.230.0

            Destination:   128.185.230.0
            Mask:          255.255.255.0
            Route type:    SPF
            Distance:      1
            Age:           1
            Next hop(s):   128.185.230.0    (TKR/0)

Example: route 128.185.232.0

            Destination:   128.185.232.0
            Mask:          255.255.255.0
            Route type:    RIP
            Distance:      3
            Age:           0
            Next hop(s):   128.185.146.4   (Eth/0)

Route-table-filtering

Use the route-table-filtering command to display whether or not route table filtering is enabled and list any defined route table filters.

Syntax:

route-table-filtering

Example: route-table-filtering

IP>route-table-filtering
Route Filters
 
Destination     Mask            Match Type
10.1.1.0        255.255.255.0   BOTH  E
10.1.1.1        255.255.255.255 EXACT I
50.0.0.0        255.0.0.0       BOTH  E
50.50.0.0       255.255.0.0     BOTH  I
 
IP>           

Sizes

Use the sizes command to display the configured sizes of specific IP parameters.

Syntax:

sizes

Example: sizes

            Routing table size:         768
            Table entries used:         3
            Reassembly size:            12000
            Largest reassembled pkt:    0
            Size of routing cache:      64
            # of cache entries in use:  0

Routing table size
The configured number of entries that the routing table will maintain.

Table entries used
The number of entries used from the routing table. This number includes both active and inactive entries. The value displayed using the "dump" command as "xx nets known" is the number of active routing table entries. The configured routing table size should be large enough to maintain current active entries as well as other anticipated routing entries.

Reassembly buffer size
The configured size of the reassembly buffer that is used to reassemble fragmented IP packets.

Largest reassembled pkt
The largest IP packet that this router has had to reassemble.

Size of routing cache
The configured size of the routing cache.

# of cache entries in use
The number of entries currently being used from the cache.

Static Routes

Use the static routes command to display the list of configured static routes. Configured default gateways and default subnet gateways are also listed.

Each static route's destination is specified by an address-mask pair. Default gateways appear as static routes to destination 0.0.0.0 with mask 0.0.0.0. Default subnet gateways also appear as static routes to the entire IP subnetted network.

The following example shows a configured default gateway, a configured default subnet gateway (assuming 128.185.0.0 is subnetted), and a static route to network 192.9.10.0.

Syntax:

static

IP>static routes
Net             Mask            Cost  Next hop
1.1.0.0         255.255.0.0     1     10.1.1.1        TKR/0
                                2     20.1.1.1        TKR/1
                                3     30.1.1.1        TKR/2
2.2.0.0         255.255.0.0     10    10.2.2.2        TKR/0
3.3.0.0         255.255.0.0     100   10.3.3.3        TKR/0
                                200   20.3.3.3        TKR/1
 
IP>

Net
The destination address of the route.

Mask
The destination mask of the route.

Cost
The cost of using this route.

Next Hop
The next router a packet would pass through using this route.

Traceroute

Use the traceroute command to display the entire path to a given destination, hop by hop. For each successive hop, traceroute sends out a default of three probes and prints the IP address of the responder, together with the round-trip time associated with the response. If a particular probe receives no response, an asterisk is displayed. Each line in the display relates to this set of three probes, with the left-most number indicating the distance from the router executing the command (in router hops).

The traceroute is done whenever the destination is reached, an ICMP Destination Unreachable is received, or the path length reaches a default maximum of 32 router hops.

When a probe receives an unexpected result, several indications can be displayed. "!N" indicates that an ICMP Destination Unreachable (net unreachable) has been received. "!H" indicates that an ICMP Destination Unreachable (host unreachable) has been received. "!P" indicates that an ICMP Destination Unreachable (protocol unreachable) has been received; because the probe is a UDP packet sent to a strange port, a port unreachable is expected. "!" indicates that the destination has been reached, but the reply sent by the destination has been received with a TTL of 1. This usually indicates an error in the destination, prevalent in some versions of UNIX, whereby the destination is inserting the probe's TTL in its replies. This unfortunately leads to a number of lines consisting solely of asterisks before the destination is finally reached.

Syntax:

traceroute
dest-addr [src-addr data-size probes wait tos max-ttl]

dest-addr
The address at the far end of the route.

src-addr
The source address from which the trace originates.

data-size
The size in bytes of the data field of the traceroute message. The data field does not include the UDP header.

probes
Number of UDP traceroute messages sent from each hop.

wait
Time in seconds between retries.

tos
The setting of the TOS bits in the UDP messages. For example, a value of X'10' (B'00010000') sets the TOS bits to B'1000'. The default is 0, which sets the TOS bits to B'1000'.

max-ttl
Maximum time-to-live in seconds for each message.

Example:

IP> traceroute 
Destination IP address [0.0.0.0]? 128.185.142.239
Source IP address [128.185.142.1]?
Data size in bytes [56]?
Number of probes per hop [3]?
Wait time between retries in seconds [3]?
Maximum TTL [32]?
Traceroute TOS (00-FF) [0]? 10
 
TRACEROUTE 128.185.142.1 -> 128.185.142.239: 56 data bytes
1 128.185.142.7 16 ms 0 ms 0 ms
2 128.185.123.22 16 ms 0 ms 16 ms
3 * * *
4 * * *
5 128.185.124.110 16 ms ! 0 ms ! 0 ms !
 

TRACEROUTE
Displays the destination area address and the size of the packet being sent to that address.

1
The first trace showing the destination's NSAP and the amount of time it took the packet to arrive at the destination. The packet is traced three times.

Destination unreachable
Indicates that no route to destination is available.

3 * * *
Indicates that the router is expecting some form of response from the destination, but the destination is not responding.

UDP-Forwarding

Use the UDP-forwarding command to display the UDP port and addresses that you added using the add udp-destination command or the enable udp-forwarding command.

Syntax:

udp-forwarding

Example: udp-forwarding

             UDP Port   IP Address
                 35      20.2.1.1
                 20      22.2.1.2

VRID

Use the VRID command to display detailed status for a specific virtual router identified by an interface address and VRID.

Syntax:

vrid

Example:

IP>vrid 153.2.2.25 1
 
              --- Detailed VRID Information ----
 
             Interface address:      153.2.2.25
             Interface mask:         255.255.255.240
             VRID:                   1
             VRID State:             MASTER
             Virtual MAC Address:    00:00:5E:00:00:01
             Source MAC Address:     00:00:5E:00:00:01
             Ethernet V2 Interface:  UP
             
  Priority:             255       Advertise interval:   1
  Advertise Timer:      1         Skew (in ticks):      0
  Authentication Type:  NONE      Authentication Key:
  State transitions:    1         Advertisements out:   9019
  Advertisements in:    0         Advertisements error: 0
  ARPs Modified:        22        Gratuitous ARPs:      2
 
                  VRID Addresses
153.2.2.25        5.1.1.1             

VRRP

Use the VRRP command to display summary information

Syntax:

vrrp

Example:

                                   --VRID Summary--
IP address       VRID  State  Advertise Master-Dead  Address(es)
153.2.2.25          1  MASTER         1         N/A  153.2.2.25
                                                     5.1.1.1


[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]