This chapter describes the IP configuring and monitoring commands. It includes the following sections:
To access the IP configuration environment, enter the following command at the Config> prompt:
Config> Protocol IP Internet protocol user configuration IP config>
This section describes the IP configuration commands. These commands
allow you to modify the IP protocol behavior to meet your specific
requirements. Some amount of configuration is necessary to produce a
fully functional IP router. Enter IP configuration commands at the
IP config> prompt.
Table 19. IP Configuration Commands Summary
| Command | Function |
|---|---|
| ? (Help) | Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help". |
| Add | Adds to the IP configuration information. Interface addresses can be added, along with access controls, filters, and packet-filters. |
| Change | Modifies information that was originally entered with the add command. |
| Delete | Deletes IP configuration information that had been entered with the add command. |
| Disable | Disables certain IP features that have been turned on by the enable command. |
| Enable | Enables IP features such as ARP subnet routing, UDP Forwarding, originate default, directed broadcasts, BOOTP, the various RIP flags controlling the sending and receiving of RIP information, diffserv, bypass of Layer 2 compression and encryption in access control records, and route-table-filtering. |
| List | Displays IP configuration items. |
| Move | Changes the order of access control records. |
| Set | Establishes IP configuration modes such as the use of access control and the format of broadcast addresses. Also sets IP parameters such as TTL (time-to-live) of packets originated by the router, the size of the IP routing table, cache size, and RIP interface metrics and sets IGMP configuration parameters. |
| Update | Used to assign access control entries to packet filters. |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
Use the add command to add IP information to your configuration.
Syntax:
Valid Values: any valid IP address
Default Value: none
Example:
add accept-rip-route
Network number [0.0.0.0]? 10.0.0.0
From the IP config> prompt, use this command to add an access control record to the end of the global access control list. From the Packet-filter packet-filter-name Config> prompt, use this command to add an access control rule to the end of the packet filter access control list. Access control allows you to define categories of packets to forward, to drop, or to process with network address translation, based on packet values specified in the access control rules. The length and order of the access control lists can affect the IP packet forwarding performance.
| Note: | The add access-control command configures access control rules, but it does not automatically enable access control; see the set access-control command. |
Valid Values: 0.0.0.0 to 255.255.255.255
Default Values: 0.0.0.0 for source IP address. The default for the source-mask is based on the configured IP-source address.
Valid Values: 0.0.0.0 to 255.255.255.255
Default Value: 0.0.0.0 for destination IP address. The default for the dest-mask is based on the IP-dest address.
Some common IP protocol numbers are:
Valid Values: 0 to 255
Default Values: 0 for first protocol and 255 for last protocol
Some commonly used port numbers are:
Valid Values: 0 - 65535
Default Value: 0 for first destination port and 65535 for last destination port
Valid Values: 0 - 65535
Default Value: 0 for first source port and 65535 for last source port
Valid Values: Yes or No
Default Value: No
Valid Values: -1 to 255
Default Value: -1 (all ICMP types)
Valid Values: -1 to 255
Default Value: -1 (all ICMP codes)
The tos-range-low and the tos-range-high define the range of consecutive values within the selected bits. If you want to filter all 8 values of the precedence bits (decimal 0 - 7), the tos-range-low is X'00' (B'00000000') and the tos-range-high is X'e0' (B'11100000', which defines decimal 7 within the 3 bits that are selected for filtering). If you want to filter the binary values B'000', B'001', B'010', and B'011' (decimal 0 - 3) of the 3 precedence bits, the tos-range-low is X'00' (B'00000000') and the tos-range-high is X'60' (B'01100000').
If you need to filter bit patterns that do not form a consecutive sequence of values, you need to define a separate access control rule for each range desired. For example, to filter the two precedence bit values B'001' (decimal 1) and B'011' (decimal 3) without filtering B'010' (decimal 2), you would have to define the first access control rule with tos-mask equal to X'e0' and tos-range-low and tos-range-high both equal to X'20'. Then you would have to define the second access control rule with tos-mask equal to X'e0' and tos-range-low and tos-range-high both equal to X'60'.
Valid Values for tos-mask: X'00' - X'FF'
Default Value: 0 for none
Valid Values for tos-range-low: X'00' - X'FF'
Default Value: 0
Valid Values for tos-range-high: X'00' - X'FF'
Default Value: The configured tos-range-low.
Valid Values for tos-mod-mask: X'00' - X'FF'
Default Value: 0 for none
Valid Values for new-tos-value: X'00' - X'FF'
Default Value: 0
Setting use-default-route to Yes enables the router to route the packet using the normal routing table if the defined gateway becomes unavailable. If this parameter is set to No, the packet is discarded if the defined gateway becomes unavailable and an ICMP unreachable message is sent to the source address of the discarded packet.
Valid Values for policy-based-routing: Yes or No
Default Value: No
Valid Value for next-hop-gateway: a valid IP address
Default Value: none
Valid Value for use-default-route: Yes or No
Default Value: Yes
Valid Values: Yes or No
Default Value: No
Valid Values: No, short, or long
Default Value: No
Valid Values: Yes or No
Default Value: No
Valid Values: No, short, or long
Default Value: No
Valid Values: Sys Def, Emerg, Alert, Crit, Error, Warn, Notice, Info, or Debug
Default Value: Router system default value
IP config> add access-control Enter type [E] I Internet source [0.0.0.0]? Source mask [0.0.0.0]? Internet destination [0.0.0.0]? Destination mask [0.0.0.0]? Enter starting protocol number ([CR] for all) [-1]? Enter starting destination port number ([CR] for all) [-1]? Enter starting source port number ([CR] for all) [-1]? Enter ICMP Type ([CR] for all) [-1]? 3 Enter ICMP Code ([CR] for all) [-1]? TOS/Precedence filter mask (00-FF - [0] for none) [0]? CD TOS/Precedence start value (00-FF) [0]? TOS/Precedence end value [0]? TOS/Precedence modification mask (00-FF - [0] for none) [0]? FA New TOS/Precedence value (00-FF) [0]? Next hop gateway address [ ]? 8.8.8.2 Use default route if next hop gateway unreachable? [Yes]: IP config>
| Note: | To assign an IP address to the 2216's bridge network, specify bridge for the interface number. See Assigning IP Addresses to the Bridge Network Interface for more information. |
You must specify an IP address together with its subnet mask. For example, if the address is on a class B network, using the third byte for subnetting, the mask would be 255.255.255.0. Use the List Devices option to obtain the appropriate option interface-number.
Default Value: none
Default Value: none
Default Value: none
Example: add address 0 128.185.123.22 255.255.255.0
Default Value: none
Default Value: none
Answering yes to this question indicates that the aggregate route is generated unconditionally. If it is generated unconditionally, it will be advertised when it is needed. A metric value is associated with an unconditional aggregate route.
Answering no indicates that the aggregate route is generated conditionally. If an aggregate route is generated conditionally, it is generated only when the destination address to be processed matches the range specified by the aggregate route and also meets the conditions of a specified route filter policy.
Valid Values: Yes or no
Default Value:No
Valid Values: A valid route filter policy identifier (1 to 15 ASCII characters)
Default Value: None. This parameter is required when No is specified or defaulted for unconditional aggregate.
Valid Values: 1-65535
Default Value: 1
Example:
IP config> add aggregate IP Address [ ]? 10.0.0.0 IP Mask [ ]? 255.0.0.0 Aggregate Route Always Generated? [No]:yes Metric value [1-16777215] [1]? Route aggregate 10.0.0.0/255.0.0.0 added or modified.
Default Value: none
Example: add bootp-server 128.185.123.22
The effect of this command is immediate; you do not have to reboot the router for it to take effect.
Default Value: none
Default Value: 0.0.0.0
Example: add filter 127.0.0.0 255.0.0.0
You can include dashes (-) and underscores (_) in the name.
Default Value: none
OUT filters outgoing traffic.
Default Value: none
Example: add packet-filter
Packet-filter name [ ]? filt-1-0 Filter incoming or outgoing traffic? [IN]? Which interface is this filter for [0]? 1
Valid Values: net numbers of LEC interfaces
Default Value: none
Valid Values: IP addresses used as default gateways
Default Value: 0.0.0.0
Valid Values: any valid IP net mask
Default Value: 0.0.0.0
| Note: | The primary gateway and the backup gateway must have the same MAC address |
Default Value: 00.00.00.00.00.00
This query asks whether the gateway on this device is the primary gateway active during the normal operation of the network, or the backup gateway that is active when the LEC interface containing the primary gateway is not operational. Answering Yes configures a primary gateway. There should be only one primary gateway per ELAN.
Valid Values Yes or No
Default Value: No
Example: add redundant
Which net is this redundant gateway for [0]? 1 IP address of gateway [0.0.0.0]? 9.67.205.1 Address mask [255.255.0.0]? 255.255.240.0 MAC address [00.00.00.00.00.00.]? 00.00.00.00.00.BA Is this the primary gateway [No]? Yes or No
The destination is specified by an IP address (dest-addr) together with an address mask (dest-mask). If the destination IP address is a network address, then the dest-mask must be a network mask. If the destination IP address is a subnet address, then the dest-mask must be a subnet mask. Finally, if the destination IP address is a host address, then the dest-mask must be a host mask (which means that the only valid value is 255.255.255.255). The dest-mask must be accurate; if it is not, the static route will not be accepted.
You may define up to four static routes per destination, each route having an IP address of its next hop (next-hop) and a cost (cost) of routing a packet to the destination. The next hop must be on the same (sub)net as one of the router's directly connected interfaces. Static routes to a given destination may have the same cost, in which case IP may use the routes simultaneously, or they may have different costs, in which case IP uses the lowest cost route that works.
Static routes are always overridden by routes learned through OSPF. By default, static routes are also overridden by routes learned through RIP; however, you can change that with the enable/disable override static-routes command. The add route command takes effect immediately; you do not have to reboot the router.
Default Value: none
Default Value: none
Default Value: none
Default Value: 1
Example:
IP config> add route
IP destination []? 1.1.0.0
Address mask [255.0.0.0]? 255.255.0.0
Via gateway 1 at []? 10.1.1.1
Cost [1]? 1
Via gateway 2 at []?
IP config> add route 1.1.0.0 255.255.0.0
Via gateway 2 at []? 20.1.1.1
Cost [1]? 2
Via gateway 3 at []? 30.1.1.1
Cost [1]? 3
Via gateway 4 at []?
IP config> add route 2.2.0.0 255.255.0.0 10.2.2.2 1 20.2.2.2 2
IP config> list routes
route to 1.1.0.0 ,255.255.0.0 via 10.1.1.1 cost 1
via 20.1.1.1 cost 2
via 30.1.1.1 cost 3
route to 2.2.0.0 ,255.255.0.0 via 10.2.2.2 cost 1
via 20.2.2.2 cost 2
IP config>
Valid Values: any 1-to-15-character ASCII string
Default Value: none
Valid Values: Yes or No
Default Value: No
Default Value: both exclude
You can enter a broadcast or unicast IP address.
Repeat this command to add more than one IP address for the same UDP port. This causes the router to forward the UDP datagram to each of the IP addresses.
Default Value: none
Default Value: none
Example:
Valid Values: Any configured IP interface.
Default Value: none
Valid Values: 1-255
Default Value: none
Valid Values: 1-255
Default Value: 1
Valid Values: Yes or No
Default Value: No
Valid Values: Any valid IP address.
Default Value: none
Valid Values: 1-254
Default Value: 100
Valid Values: Yes or No
Default Value: Yes
Valid Values: Yes or No
Default Value: No
Valid Values: none, simple
Default Value: none
Valid Values: Any 1 - 8 characters.
Default Value: A null string.
Valid Values: Yes or No
Default Value: No
Valid Values: 1 to the numbers of the configured networks
Default Value: No
Valid Values: Any valid IP address
Default Value: 0.0.0.0
Valid Values: Any valid IP mask
Default Value: 0.0.0.0
Example:
IP config>add vrid IP Interface []? 153.2.2.1 VRID (1-255) [0]? 1 Advertisement Interval (1-255) [1]? Backup Virtual Router? [No]: Use Hardware MAC Address? [No]: yes Authentication Type (0 - None, 1 - Simple) [0]? Require network for master eligibility? [No]: Require route for master eligibility? [No]: VRID 153.2.2.25/1 added/modified successfully
Valid Values: Any configured IP interface.
Default Value: none
Valid Values: 1 to 255
Default Value: none
Valid Values: Any IP address.
Default Value: none
Example: add vr-address
IP config>add vr-address IP Interface [ ]? 153.2.2.25 Virtual Router ID (1-255) [0]? 1 Additional IP Address [ ]? 5.1.1.1 VRID 153.2.2.25/1 address 5.1.1.1 added successfully.
Use the change command to change an IP configuration item previously installed by the add command. In general, you must specify the item you want to change, just as you specified the item with the add command.
Syntax:
Example:
IP config> change access-control 2 Enter type [E]? i Internet source [9.1.2.3]? Source mask [255.255.255.255]? Internet destination [0.0.0.0]? Destination mask [0.0.0.0]? Enter starting protocol number [0]? Enter starting DESTINATION port number [0]? Enter starting SOURCE port number [0]? Filter on ICMP Type [-1]? TOS/Precedence filter mask [e0]? TOS/Precedence start value [0]? TOS/Precedence end value [0]? TOS/Precedence modification mask [1f]? 1e New TOS/Precedence value[0]? 08 Use policy-based routing? [Yes]: Next hop gateway address [9.2.160.1]? Use default route if next hop gateway unreachable? [Yes]: Enable Logging [No]:
Valid IP addresses:
For serial line interfaces:
Default Value: none
Default Value: none
Default Value: none
Example: change address 192.9.1.1 128.185.123.22 255.255.255.0
Default Value: none
Default Value: none
Default Value: none
Default Value: 1
Example:
IP config>list routes
route to 1.1.0.0 ,255.255.0.0 via 10.1.1.1 cost 1
via 20.1.1.1 cost 2
via 30.1.1.1 cost 3
route to 2.2.0.0 ,255.255.0.0 via 10.2.2.2 cost 1
via 20.2.2.2 cost 2
IP config>change route
IP destination []? 1.1.0.0
Address mask [255.0.0.0]? 255.255.0.0
Via gateway 1 at [.10.1.1.1]? 10.10.10.1
Cost [1]? 10
Via gateway 2 at [20.1.1.1]? 20.20.20.1
Cost [2]? 20
Via gateway 3 at [30.1.1.1]? 30.30.30.1
Cost [3]? 30
Via gateway 4 at []? 40.40.40.1
Cost [1]? 40
IP config>change route 2.2.0.0 255.255.0.0 10.10.10.2 10
IP config>list routes
route to 1.1.0.0 ,255.255.0.0 via 10.10.10.1 cost 10
via 20.20.20.1 cost 20
via 30.30.30.1 cost 30
via 40.40.40.1 cost 40
route to 2.2.0.0 ,255.255.0.0 via 10.10.10.2 cost 10
Valid Values: the 1 to 15-character ASCII string that identifies an existing route filter policy
Default Value: none
Use the delete command to delete an IP configuration item previously installed by the add command. In general, you must specify the item you want to delete, just as you specified the item with the add command.
Syntax:
Valid Values: Any IP address contained in the list of accepted networks.
Default Value: none
Example: delete accept-rip-route 10.0.0.0
Example: delete access-control 2
Valid Values: any valid IP address
Default Value: none
Example: delete address 128.185.123.22
Default Value: none
Default Value: none
Valid Values: any configured BOOTP server IP address
Default Value: 0.0.0.0
Example: delete bootp-server 128.185.123.22
Valid Values: any valid IP address
Default Value: 0.0.0.0
Example: delete default subnet-gateway 128.185.0.0
Default Value: 0.0.0.0
Default Value: none
Example: delete filter 127.0.0.0
Address mask [0.0.0.0]? 255.0.0.0
Valid Values: any 16-character name.
You can include dashes (-) and underscores (_) in the name.
Default Value: none
Example:
IP config> delete packet-filter pf-in-0 All access controls defined for 'pf-in-0' will also be deleted. Are you sure you want to delete (Yes or [No]): y Deleted IP config>
Default Value: none
Example:
Enter the Net number of Redundant Gateway to delete:? 1 Gateway deleted.
Default Value: none
Default Value: none
Default Value: No
Example:
IP config>list routes
route to 1.1.0.0 ,255.255.0.0 via 10.10.10.1 cost 10
via 20.20.20.1 cost 20
via 30.30.30.1 cost 30
via 40.40.40.1 cost 40
route to 2.2.0.0 ,255.255.0.0 via 10.10.10.1 cost 10
IP config>delete route 1.1.0.0 255.255.0.0
Delete gateway 10.10.10.1? [No]:
Delete gateway 20.20.20.1? [No]: y
Delete gateway 30.30.30.1? [No]:
Delete gateway 40.40.40.1? [No]: y
IP config>delete route 2.2.0.0 255.255.0.0
IP config>delete route 1.1.0.0 255.255.0.0 n y
IP config>list routes
route to 1.1.0.0 ,255.255.0.0 via 10.10.10.1 cost 10
IP config>
Deletes an existing route filter policy from the configuration. You have the option to delete all route filter policy entries associated with the route filter policy. If the entries have not been deleted, when you reconfigure the deleted route filter policy, the entries associated with that route filter policy are reinstated. Use the add route-policy command to reconfigure a deleted route filter policy.
Default Value: none
Valid Values: Yes or No
Default Value: No
Default Value: none
Default Value: none
Default Value: none
Example: delete route-table-filter
IP config>delete route-table-filter Route Filter IP address []? 7.0.0.0 Route Filter IP mask []? 255.0.0.0 Enter Match type (B, E, or M) [B]? Enter Definition type (I or E) [E]? Route filter deleted IP config>
Default Value: none
Default Value: none
Examples:
Valid Values: Any configured IP interface.
Default Value: none
Valid Values: 1-255
Default Value: none
IP config>delete vrid IP Interface [ ]? 153.2.2.25 Virtual Router ID (1-255) [0]? 1 VRID 153.2.2.25/1 deleted.
Valid Values: Any configured IP interface.
Default Value: none
Valid Values: 1-255
Default Value: none
Valid Values: Any IP address.
Default Value: none
Example:
IP config>delete vr-address IP Interface [ ]? 153.2.2.25 Virtual Router ID (1-255) [0]? 1 IP Address to delete [ ]? 5.1.1.1 VRID 153.2.2.25/1 addr 5.1.1.1 deleted.
Use the disable command to disable IP features previously enabled by the enable command.
Syntax:
Example: disable arp-net-routing
Example: disable arp-subnet-routing
Example: disable bootp-forwarding
Example: disable compression-bypass 1
| Note: | Forwarding and exploding cannot be disabled separately. |
Example: disable directed-broadcast
This option is valid only on a network interface that has been configured as an unnumbered serial line interface (the IP address assigned to the network interface by the add address command is 0.0.0.n, where n is the network interface number).
Example:
IP config> disable dynamic-address Interface address []? 0.0.0.1 IP config>
Example: disable echo-reply
Example: disable encryption-bypass 1
Default Value: none
Example:
IP config> disable icmp-redirect Interface address (NULL for all) []? 192.9.200.44 IP config>
Default Value: none
Example:
IP config>disable nexthop-awareness 1.1.1.1 IP config>disable nexthop-awareness Interface address []? 2.2.2.2 IP config>
Default Value: none
Example: disable override default 128.185.123.22
Default Value: None
Example: disable packet-filter pf-in-0
After the global RIP route filter receiving policy has been disabled, the RIP interfaces are no longer affected by that policy.
The disable receiving policy interface ip-interface-address command disables the use of the route filter policy for the specified interface.
Default Value: none
Default Value: none
Example: disable receiving rip 128.185.123.22
Default Value: none
Example: disable receiving dynamic nets 128.185.123.22
Example: disable rip
Valid Values: any valid IP address
Default Value: none
Example: disable rip2 128.185.123.22
Example: disable route-table-filtering
Example: disable same-subnet
After the RIP global sending route policy has been disabled, the RIP interfaces are no longer affected by that policy.
The disable sending policy interface ip-interface-address command disables the use of the route filter policy on the specified interface.
Default Value: none
Default Value: none
Example: disable sending net-routes 128.185.123.22
Default Value: none
Example: disable sending rip1-routes-only 128.185.123.22
Default Value: none
Example: disable sending outage-only
Example: disable source-routing
Example: disable trace 1
Default: UDP forwarding is disabled for all port numbers.
Default Value: 0
Example: disable vrrp
Use the enable command to activate IP features, capabilities, and information added to your IP configuration.
Syntax:
Example: enable arp-net-routing
The way ARP subnet routing works is as follows. When a subnet-incapable host wants to send an IP packet to a destination on a remote subnet, it does not realize that it should send the packet to a router. The subnet-incapable host therefore simply broadcasts an ARP request. This ARP request is received by the router. The router responds as the destination (hence the name proxy) if both arp-subnet-routing is enabled and if the next hop to the destination is over a different interface than the interface receiving the ARP request.
If there are no hosts on your LAN that are "subnet-incapable," do not enable ARP-subnet routing. If ARP subnet routing is needed on a LAN, it should be enabled on all routers on that LAN.
Example: enable arp-subnet-routing
Example: enable bootp-forwarding
Maximum number of forwarding hops [4]?
Minimum seconds before forwarding [0]?
Default: 4
Default Value: 0
Example: enable classless
Example: enable compression-bypass 1
| Note: | Forwarding and exploding cannot be implemented separately. Also, the router will not forward all-subnets IP broadcasts. |
Example: enable directed-broadcast
This option is valid only on a network interface that has been configured as an unnumbered serial line interface (the IP address assigned to the network interface by the add address command is 0.0.0.n, where n is the network interface number).
| Note: | For the router to learn its IP address from the remote node, in addition to enabling this option, you must also configure IPCP on the PPP network interface to request an IP address from the remote node. |
Example:
Config>network 1 Point-to-Point user configuration PPP 1 Config>set ipcp IP COMPRESSION [no]: Request an IP address [no]: yes Interface remote IP address to offer if requested (0.0.0.0 for none) [0.0.0.0]? PPP 1 Config>exit Config>protocol ip Internet protocol user configuration IP config>add address Which net is this address for? [0]? 1 New address []? 0.0.0.1 Address mask [0.0.0.0]? IP config>enable dynamic-address Interface address []? 0.0.0.1 IP config>
Example: enable echo-reply
Example: enable encryption-bypass 1
| Note: | After it has been enabled, this function can be activated without affecting any other functions of IP. See the talk 5 reset IP command for more information. |
Default Value: none
Example:
IP config> enable icmp-redirect Interface address (NULL for all) []? 192.9.200.44 IP config>
Default Value: disabled
Example:
IP config>enable nexthop-awareness 1.1.1.1 IP config>enable nexthop-awareness Interface address []? 2.2.2.2 IP config>
Default Value: none
Example: enable override default 128.185.123.22
Default Value: none
Example: enable override static-routes 128.185.123.22
Default Value: none
Example: enable packet-filter pf-in-0
Example: enable per-packet-multipath
After the global route filter receiving policy has been enabled, the RIP interfaces that meet these conditions will accept routes as defined by the policy.
The command enable receiving policy interface ip-interface-address route-policy-identifier enables the use of the route filter policy for the determination of which routes are accepted on one specified RIP interface. Note that dynamic nets, subnets, and hosts are not applicable if global or interface receiving policy is enabled.
Default Value: none
Default Value: none
If you invoke the disable receiving rip command, no RIP updates will be accepted on interface ip-interface-address address.
Default Value: none
Example: enable receiving rip 128.185.123.22
If you invoke the disable receiving dynamic nets command, for RIP updates received on interface ip-interface-address, the router will not accept any network-level routes unless they have been specified in an add accept-rip-route command.
Default Value: none
Example: enable receiving dynamic nets 128.185.123.22
If you invoke the disable receiving dynamic subnets command, for RIP updates received on interface ip-interface-address, the router will not accept any subnet-level routes unless they have been specified in an add accept-rip-route command.
Default Value: none
Example: enable receiving dynamic subnets 128.185.123.22
| Note: | After it has been enabled, this function can be activated without affecting any other functions of IP. See the talk 5 reset IP command for more information. |
When RIP is enabled, the following default behavior is established:
To change any of the default sending/receiving behaviors, use the IP configuration commands, which are defined on a per-IP-interface basis.
Example: enable rip
Enables RIP2 on an IP interface. RIP2 advertisements are sent to the 224.0.0.9 multicast address. RIP2 is described in RFC 1723.
Indicates the IP interface on which RIP2 is enabled.Valid Values: any valid IP address
Default Value: none
Indicates whether or not a simple clear-text key will be used for RIP2 authentication. Authentication is not required.Valid Values: yes or no
Default Value: yes
Defines a clear-text password which will be used for RIP2 authentication. You are prompted for this string only when you answer yes to the question "Set RIP-2 Authentication?" When RIP2 authentication is used, only RIP2 packets with a matching password are accepted.Valid Values: a clear-text ASCII string
Default Value: a null string
Example:
IP config>enable rip2
Set for which interface address [0.0.0.0]? 153.2.2.25
RIP2 is enabled on this interface.
Set RIP-2 Authentication? [Yes]: yes
Authentication Key []? C1C3C5C5
Retype Auth. Key []? C1C3C5C5
RIP2 Authentication is enabled on this interface.
Example: enable route-table-filtering
By default, this option is disabled.
Example: enable same-subnet
Default Value: none
Example: enable sending default-routes 128.185.123.22
| Note: | By default, RIP will send network, subnet, and static routes. |
The effect of the enable sending command is additive. Each separate enable sending command specifies that a certain set of routes should be advertised from a particular interface. A route is included in an RIP update only if it has been included by at least one of the enable sending commands. The enable sending network-routes command specifies that all network-level routes should be included in RIP updates sent out interface ip-interface-address. A network-level route is a route to a single class A, B, or C IP network.
Default Value: none
Example: enable sending net-routes 128.185.123.22
Default value: none
Default value: none
Default value: none
Example: enable sending outage-only
IP config>enable sending outage-only Set for which interface address [0.0.0.0]? 0.0.0.2 Outage network []? 10.50.0.0 Outage network mask []? 255.255.0.0
In this example, RIP advertisements will only be sent on the unnumbered interface when the 10.50.0.0/255.255.0.0 route is absent from the routing table.
Default: Enabled
Default Value: none
After the global route filter sending policy is enabled, RIP interfaces that meet these two conditions will advertise routes as determined by the global route filter sending policy.
The enable sending policy interface ip-interface-address route-policy-identifier command enables the use of the route filter policy for the determination of which routes are advertised on the specified RIP interface. The route filter policy can be used to filter aggregate routes. See Route Aggregation for more information.
Default Value: none
Default Value: none
Default Value: none
Example: enable sending rip-routes-only 128.185.123.22
Default Value: none
Example: enable sending subnet-routes 128.185.123.22
Default Value: none
Example: enable sending static-routes 128.185.123.22
Default Value: none
| Note: | This option is only available on images that include both the DHCP and NAT feature. |
Example: enable source-routing
Example: enable tftp-server
| Note: | After it has been enabled, this function can be activated without affecting any other functions of IP. See the talk 5 reset IP command for more information. |
Tracing of IP packets uses the packet trace function of the Event Logging System. See the set trace and view commands in the chapter Configuring and Monitoring the Event Logging System (ELS) in the Nways Multiprotocol Access Services Software User's Guide for details on these commands. Only IP packets that match an access control rule for which trace is enabled are traced. The access control rule may be in the global access control list or in a packet filter access control list. Use the list access-control command to see the rules for which trace has been enabled.
Example: Tracing all IP Packets
IP config>set access-control on
IP config>add access-control
Access Control type [E]? i
Internet source [0.0.0.0]?
Source mask [0.0.0.0]?
Internet destination [0.0.0.0]?
Destination mask [0.0.0.0]?
Starting protocol number ([0] for all protocols) [0]?
Starting DESTINATION port number ([0] for all ports) [0]?
Starting SOURCE port number ([0] for all ports) [0]?
Filter on ICMP Type ([-1] for all types) [-1]?
TOS/Precedence filter mask (00-FF - [0] for none) [0]?
TOS/Precedence modification mask (00-FF - [0] for none) [0]?
Use policy-based routing? [No]:
Enable logging? [No]:
IP config>list access-control
Access Control is: enabled
Access Control facility: USER
List of access control records:
1 Type=I Source=0.0.0.0 Dest =0.0.0.0 Prot=17
SMask =0.0.0.0 DMAask =0.0.0.0
SPorts=5004-5511 DPorts=5004-5511
T/C=**/** Log=N
BypassComp BypassEncIP config>
enable trace
Index of access control to be traced [1]?
IP config> Ctrl-P
*talk 5
+protocol ip
IP>reset ip
IP>exit
+event
Event Logging System user console
ELS>set trace memory-trace-buffer-size
Amount of memory (in bytes) reserved for tracing [0]? 10000
ELS>set trace on
ELS>set trace decode on
ELS>view first
#1 Dir:INCOMING Time:0.5.47.53 Trap:450
Comp:IPV4 Type:UNKNOWN Port:65535 Circuit:0x000000 Size:64
** IPv4 Packet **
Ver/Hdr Len/TOS: 4 20 0x00
Packet Length/ID: 64 0x9E4E
Fragment Offset: 0x0000
TTL/Protocol/Hdr Chksum: 1 OSPF 0xA89D
Source Addr/Dest Addr: 10.0.10.106 224.0.0.5
** OSPF Header **
Version: 2
Packet type: Hello
Packet length: 44
Router ID: 10.0.0.106
Area ID: 0.0.0.0
Checksum: 0xDDB5
Authentication type: 0
Authentication: 0x00000000
Authentication: 0x00000000
Network mask: 255.255.255.0
Hello interval: 10
Options: E-bit
Options: MC-bit
Router priority: 1
Router dead interval: 40
Designated router: 10.0.10.106
Backup Designated router: 0.0.0.0
ELS>
Default: UDP forwarding is disabled for all port numbers.
Default Value: 0
Example: enable udp-forwarding 36
Example: enable vrrp
Use the list command to display various pieces of the IP configuration data, depending on the particular subcommand invoked.
Syntax:
Example: list all
Example: list access-control
list access-control
1 Type=I Source=0.0.0.0 Dest =0.0.0.0 Prot=17
SMask =0.0.0.0 DMAask =0.0.0.0
SPorts=5004-5511 DPorts=5004-5511
T/C=**/** Log=N
BypassComp BypassEnc
Example: list addresses
Example:
IP config>list aggregate
Aggregate Route Configuration
Address Mask Type Policy/Metric
----------------------------------------------------------------
10.1.0.0 255.255.0.0 Unconditional 12
10.2.0.0 255.255.0.0 Policy-Driven EAST-REGION
Example: list bootp
Example:
IP config>list igmp
Net IGMP Query Response Leave Query
Version Interval Interval Interval
(secs) (secs) (secs)
--- ------- -------- -------- -----------
0 2 250 10 1
1 1 125 10 1
4 2 125 10 2
5 2 125 20 1
IP config>
Example:
IP config>list nexthop-awareness Nexthop awareness for each IP interface address: intf 0 1.1.1.1 255.0.0.0 nexthop awareness enabled intf 1 2.2.2.2 255.0.0.0 nexthop awareness disabled IP config>
Example: list packet-filter pf-in-0
Name Direction Interface
pf-in-0 In 0
Access Control is: enabled
List of access control records:
1 Type=I Source=0.0.0.0 Dest =0.0.0.0 Prot=17
SMask =0.0.0.0 DMAask =0.0.0.0
SPorts=5004-5511 DPorts=5004-5511
T/C=**/** Log=N
BypassComp BypassEnc
2 Type=IN Source=10.1.1.1 Dest=10.1.1.2 Prot=0-255
Mask=255.255.255.255 Mask=255.255.255.254
Sports= N/A Dports= N/A
Log=Yes ELS=N SNMP=Y SLOG=L(Emergency)
3 Type=I Source=0.0.0.0 Dest=0.0.0.0 Prot=0-255
Mask=0.0.0.0 Mask=0.0.0.0
Sports= 1-65535 Dports= 1-68835
Log=No
Trace=Enabled
Example: list parameters
IP config>list parameters ARP-SUBNET-ROUTING : enabled ARP-NET-ROUTING : enabled CLASSLESS : disabled DIRECTED-BROADCAST : enabled DSCACHE-SIZE : 1024 entries ECHO-REPLY : enabled FRAGMENT-OFFSET-CHECK : enabled PER-PACKET-MULTIPATH : disabled REASSEMBLY-SIZE : 12000 bytes RECORD-ROUTE : enabled ROUTING TABLE-SIZE : 768 entries (52224 bytes) (Routing) CACHE-SIZE : 64 entries SAME-SUBNET : disabled SOURCE-ROUTING : enabled TIMESTAMP : enabled TTL : 64
Example: list protocols
Example: list redundant
Redundant Default IP Gateways for each interface: inf 4 11.1.1.6 255.0.0.0 00.00.00.00.00.BA primary inf 8 33.3.3.6 255.0.0.0 00.00.00.00.00.AB backup
Example:
IP config>list rip
RIP: enabled
RIP default origination: disabled
RIP global receive policy: rip-in
Per-interface address flags:
Net: 0 153.2.2.25 RIP Version 1
Send net, subnet and static routes
Receive routes based on global receive
policy: rip-in
RIP interface input metric: 1
RIP interface output metric: 0
Net: 1 153.2.1.1 RIP Version 1
Send net, subnet and static routes
Receive routes based on global receive
policy: rip-in
RIP interface input metric: 1
RIP interface output metric: 0
Net: 2 0.0.0.2 RIP Version 1
Send routes based on interface send
policy: rip-import
Receive routes based on global receive
policy: rip-in
RIP interface input metric: 1
RIP interface output metric: 0
Accept RIP updates always for:
[NONE]
Example:
IP config>list route-policy Route Policy Identifier [1-15 characters] [ ]? Route Policy Checksum Policy-Application --------------------------------------------- rip-send 0x8637 Longest-match rip-receive 0x5049 Longest-match rip-global-send 0xC9EA Longest-match
Example: list route-table-filtering
IP config>list route-table-filtering Route Filtering Disabled Destination Mask Match Type 10.1.1.0 255.255.255.0 BOTH E 50.50.0.0 255.255.0.0 BOTH I 10.1.1.1 255.255.255.255 EXACT I 50.0.0.0 255.0.0.0 BOTH E MORE-Match more-specific routes EXACT-Match route exactly BOTH-Match exact and more-specific routes E-Exclude I-Include IP config>
Example: list routes
IP config>list routes
route to 1.1.0.0 ,255.255.0.0 via 10.1.1.1 cost 1
via 20.1.1.1 cost 2
via 30.1.1.1 cost 3
route to 2.2.0.0 ,255.255.0.0 via 10.2.2.2 cost 10
route to 3.3.0.0 ,255.255.0.0 via 10.3.3.3 cost 100
via 20.3.3.3 cost 200
Example: list sizes
Example: list tags
Example: list udp-forwarding
Example:
IP config>list vrid
VRRP Enabled
--VRID Definitions--
IP address VRID Priority Interval Auth Auth-key Flags Address(es)
153.2.2.25 1 255 1 None N/A P,H
Use the move command to change the order of records in the global access control list. This command places record number from# immediately after record number to#. After you move the records, they are immediately renumbered to reflect the new order.
The router applies the access control records in a list in the order that they were created. For each packet received on an interface, the router applies each access control record in order until it finds a match. The first record that matches the packet determines whether it will be discarded, or forwarded to its destination.
This makes the order of the access control records very important. If they are in the wrong order, certain packets may slip through, or be blocked, in a manner contrary to your intentions.
Let us say, for example, that access control record 1 enforces the rule: all packets from network 10.0.0.0 shall be blocked on this interface. Contrary to this, access control record 2 states: Packets from subnet 10.5.5.0 in network 10.0.0.0, which are destined for address 1.2.3.4, shall be allowed to pass. Assigned in this order, these records will block all traffic from 10.0.0.0, even though record 2 explicitly allows certain types of packets to pass.
In this example, record 1 makes record 2 moot. Record 1 guarantees that the router discards all packets from 10.0.0.0, despite the intent of record 2, which is that certain packets be forwarded. The key to fixing this type of problem is in the order of the access control records. This way, packets in subnet 10.5.5.0 and destined for address 1.2.3.4 will pass through the interface; the router discards all other packets from 10.0.0.0 as intended.
Syntax:
Example: move 5 2
Use the set command to set certain values, routes, and formats within your IP configuration.
Syntax:
Example: set access-control on
| Note: | After it has been enabled, this function can be activated without affecting any other functions of IP. See the talk 5 reset IP command for more information. |
Default Value: USER
Example:
IP config> set access-control log-facility SYSLOG facility? (KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, LPR, NEWS, UUCP, CRON, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7) [USER]?
The style parameter can take either the value local wire or the value network. Local-wire broadcast addresses are either all ones (255.255.255.255) or all zeros (0.0.0.0). Network style broadcasts begin with the network and subnet portion of the ip-interface-address.
You can set the fill-pattern parameter to either 1 or 0. This indicates whether the rest of the broadcast address (that is, other than the network and subnet portions, if any) should be set to all ones or all zeros.
When receiving the router recognizes all forms of the IP broadcast address.
Default Value: none
Default Value: local-wire
Default Value: 1
The example below configures a broadcast address of 255.255.255.255. The second example produces a broadcast address of 192.9.1.0, assuming that the network 192.9.1.0 is not subnetted.
Example: set broadcast-address 192.9.1.11 local-wire 1 set broadcast-address 192.9.1.11 network 0
In contrast with this cache, the IP routing table stores information about all accessible networks but does not contain specific IP destination addresses. Use the set routing table-size command to configure the size of the IP routing table.
Valid Values: 64 to 10000
Default Value: 64
Example: set cache-size 64
The route is specified by the IP address of the next hop (next-hop) and the distance (cost) to the default gateway.
All packets having unknown destinations are forwarded to the authoritative router (default gateway).
Default Value: 0.0.0.0 with a gateway cost of 1.
Default Value: 1
Example: set default network-gateway 192.9.1.10 10
The IP address of the next hop (next-hop) and the distance (cost) to the default subnet gateway specify the route.
All packets destined for unknown subnets of a known subnetted network are forwarded to the subnetted network's authoritative router (default subnet gateway).
Valid Values: any valid IP address
Default Value: 0.0.0.0
Valid Values: any valid IP address
Default Value: 0.0.0.0
Valid Values: an integer in the range 0 to 255
Default Value: 1
Example: set default subnet-gateway 128.185.0.0 128.185.123.22 6
Valid Values: 64 to 8192
Default Value: 1024
Valid values: Any valid network number
Default value: None
Valid values: 1 - 3600
Default value: 125
Valid values: Any valid network number
Default value: None
Valid values: 1 - 60
Default value: 10
Valid values: Any valid network number
Default value: None
Valid values: 2 - 10
Default value: 2
Valid values: Any valid network number
Default value: None
Valid values: 1 - 60
Default value: 1
Valid values: Any valid network number
Default value: None
Valid values: 1 or 2
Default value: 2
The internal IP address also provides some value when unnumbered interfaces are used. It is the first choice as a source address for packets originated by this router and transmitted over an unnumbered interface. The stability of this address makes it easier to keep track of such packets. The chance for confusion is further reduced when the same IP address is used for both the router ID and the internal address. Therefore the router ID will default to the internal address.
When an internal address is defined, it will be advertised by OSPF as a host route into all areas directly attached to the router. It will also show up as a host route and will be advertised in RIP if allowed by the RIP sending configuration of the interface.
Valid Values: any valid IP address.
Default Value: none
Example: set internal-ip-address 142.82.10.1
Valid Values: 0, 68 - 65535
Default Value: Minimum of all non-zero MTUs on the network
Traffic in the RIP network for destinations that are not known by RIP can follow the default path to this router. The more complete routing information in this node's route table can then be used to forward the traffic along an appropriate path towards its destination. You can configure the router to only originate the default when routes are known to this router that will not be advertised in the RIP network.
When you issue this command, you will be prompted to indicate whether the router should always originate a RIP default or to originate a RIP default only when the route from other protocols are available.
This default route will direct traffic bound for a non-RIP network to a boundary router. Originating a single default route means that the boundary router does not have to distribute the other network's routing information to the other nodes in its network.
Default Value: none
Default Value: none
Default Value: 1
Example: set originate-rip-default
IP config> set originate rip-default
Always originate default route? [No]:?
Originate default if BGP routes available? [No] yes
From AS number [6]?
To network number [0.0.0.0]?
Originate default if OSPF routes available? [No]
Originate default cost [1]?
Valid Values: 2048-65535
Default: 12000
Example: set reassembly-size 12000
Default Value: none
Default Value: 1
Example: set rip-in-metric 128.185.120.209 1
Default Value: none
Default Value: 0
Example: set rip-out-metric 128.185.120.209 0
The router ID must match one of the configured IP interface addresses of the router or the configured internal IP address. If not, it is ignored. When ignored, or just not configured, the default IP address of the router (and its OSPF router ID) is set to the internal IP address (if configured) or to the first IP address in the router's configuration.
Valid Values: any valid IP address
Default Value: none
Example: set router-id 128.185.120.209
Valid Values: an integer number of entries in the range 64 to 65535
Default Value: 768 entries
Example: set routing table-size 1000
Valid Values: an integer in the range 0 to 65535
Default Value: 0
Example: set tag
Interface address [0.0.0.0]? 1.1.1.1
Interface tag (AS number) [0]? 1
Valid Values: a numeric in the range 1 to 255
Default Value: 64
Example: set ttl 255
Use the update packet-filter command to configure packet filters. This is an example of the command:
IP config> update packet-filter Packet-filter name [ ]? pf-1-in Packet-filter 'pf-1-in' Config>Packet-filter-name is any packet filter name that you have created by using the add packet-filter packet-filter-name command from the IP config> prompt. To enable the packet filter, you use the set access-control on command. From the Packet-filter 'packet-filter-name' Config> prompt, you can enter these commands:
Syntax:
For the add access-control, change access-control, delete access-control,list access-control, and move access-control commands for the Packet-filter 'filter-name' Config> prompt, see the descriptions of the parameters under the access-control parameter that is displayed at the IP config> prompt. For example, see add access-control for a description of the parameters for the update packet-filter add access-control command.
For the disable and enable commands, the keyword source-addr-verification can be configured only from the Packet-filter 'filter-name' Config> prompt.
The following sections list the parameters that are unique to the update packet-filter command. These are parameters that apply to packet filters, but not to router-wide filters and are entered only at the Packet-filter 'filter-name' Config> prompt.
Valid Value: N
Default Value: none
Example:
Packet-filter 'filter-name' Config> enable source-addr-verification
| Note: | To make the trace setting active, enter the Talk 5 reset IP command. |
Example:
Packet-filter 'filter-name' Config> enable trace 1
The following examples show how to configure various access control rules for packet filters. Refer to the chapter "Using Network Address Translation" in Using and Configuring Features for an example of access control rules for NAT.
Packet-filter 'pf-in-0' Config> add access-control
Enter type [E]?
Internet source [0.0.0.0]? 128.185.0.0
Source mask [255.255.255.255]? 255.255.0.0
Internet destination [0.0.0.0]?
Destination mask [255.255.255.255]? 0.0.0.0
Enter starting protocol number ([CR] for all) [-1]?
Enable Logging? (Yes or [No]):
Packet-filter 'test' Config> delete access-control
Enter index of access control to be deleted [1]? 4
The router responds by displaying the access-control record that you have specified.
4 Type=I Source=1.2.9.9 Dest=0.0.0.0 Prot=0-255
Mask=255.0.0.255 Mask=0.0.0.0
Sports= 0-65535 Dports= 1-65535
Log=No
Are you sure this is the record you want to delete (Yes or [No]): y
Deleted
Packet-filter 'test' Config>
Dports are destination ports and Sports are source
ports.
Packet-filter 'pf-in-0' Config> list access-control
Access Control is: enabled
Access Control facility: USER
List of access control records:
1 Type=E Source=128.185.0.0 Dest=0.0.0.0 Prot=0-255
Mask=255.255.0.0 Mask=0.0.0.0
Sports= 0-65535 Dports= 1-65535
ACK0=N T/C= **/** Log=No
Trace=Enabled
2 Type=I Source=9.67.8.3 Dest=128.54.67.8 Prot=0-255
Mask=255.255.255.255 Mask=255.255.255.254
Sports= N/A Dports= N/A
Log=Yes ELS=N SNMP=Y SLOG=L(Emergency)
3 Type=I Source=0.0.0.0 Dest=0.0.0.0 Prot=0-255
Mask=0.0.0.0 Mask=0.0.0.0
Sports= 1-65535 Dports= 1-68835
Log=No
This section describes the subset of commands used to configure route filter policies. To access this subset of IP configuration commands, follow these steps:
Example:
IP config>change route-policy ospf-import ospf-import IP Route Policy Configuration IP Route Policy Config>
| Note: | Route filter policies can be used to determine which routes are imported in
OSPF and the specific details of their advertisement, including OSPF external
type, metric, and tag value. Refer to the enable as boundary
routing command on page "Enable" for information about using route filter policies to
configure OSPF.
Route filter policies can also be used to control what routes are advertised or accepted when RIP is used. See the previously described enable receiving, enable sending, disable receiving, and disable sending commands. |
Table 20. IP Route Policy Configuration Commands Summary
| Command | Function |
|---|---|
| Add | Adds an action, an entry, or a match condition to a route filter policy. |
| Delete | Deletes an action, an entry, or a match condition from a route filter policy. |
| List | Lists the route policy entries, actions, and match conditions for the route policy currently being changed. |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
Use the add command to add route filter policy entries to the route filter policy, to add match conditions to existing entries, or to add actions to existing entries.
Syntax:
Syntax:
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: X'0' to X'FFFFFFFF'
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 255
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 or 2
Default Value: none
When you add the route filter policy, you define the processing of the entries as either strictly linear or longest match. If the route filter policy processing is strictly linear, the route filter policy entries are processed according to the ascending order of their index numbers. If the route filter policy processing is longest match, the route filter policy entries are processed according to the IP address and mask that has the longest match. If multiple route filter policy entries have the same IP address and mask when longest match is used, then the match will be in order of ascending index number among the entries with the same IP address and mask.
Valid Value: 1 to 65535
Default Value: none
Valid Value: any valid IP address
Default Value: none
Valid Value: any valid IP mask
Default Value: none
Valid Value: exact or range
Default Value: range
Valid Value: inclusive or exclusive
Default Value: inclusive
Syntax:
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: a valid IP address and mask
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65536
Default Value: none
Valid Value: 1 to 65536
Default Value: none
Valid Values:
Syntax:
Default Value:None. See the add aggregate command and Route Aggregation for more information about the aggregate protocol.
Valid Value: 1 to 65535
Default Value:none
Valid Value: 1 to 65535
Default Value: none
Valid Values: any valid IP address and mask combination
Default Value: none
Use the delete command to delete route filter policy entries, match-conditions from existing route filter policy entries, or actions from existing route filter policy entries. See the add command in this section for a description of the parameters that can be deleted.
Use the list command to list the route filter policy entries, match conditions, and actions that exist for the route filter policy currently being changed.
Syntax: list
Example:
IP Route Policy Config>list
IP Address IP Mask Match Index Type
-----------------------------------------------------
9.0.0.0 255.0.0.0 Range 1 Include
10.0.0.0 255.0.0.0 Range 2 Exclude
Match Conditions: Protocol: BGP
0.0.0.0 0.0.0.0 Range 3 Include
Match Conditions: Protocol: Static
Gateway IP Address Range: 153.2.2.20/255.255.255.255
10.1.1.0 255.255.255.0 Range 4 Include
0.0.0.0 0.0.0.0 Range 7 Include
Policy Actions: Set Manual Tag: 0xACEEACEE
0.0.0.0 0.0.0.0 Range 8 Include
Match Conditions: Protocol: RIP
Use the following procedure to access the IP monitoring commands. This process gives you access to the IP monitoring process.
* talk 5
+
After you enter the talk 5 command, the GWCON prompt (+) displays on the terminal. If the prompt does not appear when you first enter configuration, press Return again.
Example:
+ prot ip
IP>
This section describes the IP monitoring commands. Table 21 lists the IP monitoring commands. The commands allow
you to monitor the router's IP forwarding process. The monitoring
capabilities include the following: configured parameters such as
interface address and static routes can be viewed, the current state of the IP
routing table can be displayed, and a count of IP routing errors can be
listed.
Table 21. IP Monitoring Command Summary
| Command | Function |
|---|---|
| ? (Help) | Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help". |
| Access controls | List the current IP access control mode, together with the configured access control records. |
| Aggregate | Displays aggregate routes. |
| Aggr-policy | Displays status and policy for the specified aggregate route. |
| Cache | Displays a table of all recent routed destinations. |
| Counters | Lists various IP statistics, including counts of routing errors and packets dropped. |
| Dscache | Lists the actions, stats, and order of the DiffServ flow cache. |
| Dump routing tables | Lists the contents of the IP routing table. |
| IGMP | Displays IGMP counters and parameters |
| Interface addresses | Lists the router's IP interface addresses. |
| Packet-filter | Displays the access-control information defined for the specified packet-filter, or all filters. |
| Parameters | Lists various parameter values. |
| Ping | Sends ICMP Echo Requests to another host and watches for a response. This command can be used to isolate trouble in an internetwork environment. |
| Redundant Default Gateway | Lists whether a redundant default gateway exists and if it is active or inactive. |
| Reset | Allows you to dynamically reset the IP/RIP configuration. |
| RIP | Displays the status of the RIP protocol. |
| RIP-Policy | Displays the route filter policy applied on the specified interface. |
| Route | Lists whether a route exists for a specific IP destination, and if so, the routing table entry that corresponds to the route. |
| Route-table-filtering | Lists any defined route filters and indicates whether route-filtering is enabled or disabled. |
| Sizes | Displays the size of specific IP parameters. |
| Static routes | Displays the static routes that have been configured. This includes the default gateway. |
| Traceroute | Displays the complete path (hop-by-hop) to a particular destination. |
| UDP-Forwarding | Displays the UDP port numbers and destination IP addresses that you added using the add command or the enable command. |
| VRID | Displays detailed information for a specific VRID |
| VRRP | Lists the summary status for the VRRP protocol. |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
Use the access controls command to print the global access control mode in use together with a list of the configured global access control rules.
Access control is either disabled (meaning that no access control is being done and the access control rules are being ignored) or enabled (meaning that access control is being done and the access control rules are being recognized). The set access on talk 6 command enables access control.
Syntax:
Example: access
Access Control currently enabled
Access Control facility: USER
Access Control run 702469 times, 657159 cache hits
List of access control records:
1 Type=I Source=0.0.0.0 Dest =0.0.0.0 Prot=17
SMask =0.0.0.0 DMAask =0.0.0.0
SPorts=5004-5511 DPorts=5004-5511
T/C=**/** Log=N
BypassComp BypassEnc
2 Type=E Source=0.0.0.0 Dest=0.0.0.0 Prot= 1
SMask =255.255.255.255 DMask=255.255.255.255 Use=18962
Sports= N/A Dports= N/A
T/C= 1/** Log=Yes ELS=N SNMP=N SLOG=L(Alert)
3 Type=I Source=1.1.1.1 Dest=1.1.1.2 Prot= 6
SMask =255.255.255.255 DMask=255.255.255.254 Use=42
Sports= 2-200 Dports= 1-100
Log=No
4 Type=I Source=9.1.2.3 Dest=0.0.0.0 Prot= 0-255
SMask =255.255.255.255 DMask=0.0.0.0 Use=0
SPorts= 0-65535 DPorts= 0-65535
T/C= **/** Log=N
Tos=xE0/x00-x00 ModifyTos=x1F/x08
PbrGw=9.2.160.1 UseDefRte=Y
5 Type=I Source=0.0.0.0 Dest=0.0.0.0 Prot= 0-255
Mask=0.0.0.0 Mask=0.0.0.0 Use=683194
Sports= 1-65535 Dports= 1-65535
Log=No
Exclusive (E) means that packets matching the access control rule are discarded. Inclusive (I) means that packets matching the access control rule are forwarded. When access control is enabled, packets failing to match any access control record are discarded. Prot (protocol) indicates the IP protocol number. Sports indicates the range of TCP/UDP source port numbers; Dports indicates the range of TCP/UDP destination port numbers. SYN indicates TCP connection establishment filtering. T/C stands for ICMP type and code; SLOG stands for SysLog.
The Use field specifies the number of times the access control system matched a particular record to an incoming packet, for example, the number of times that a particular record in the IP access controls system was invoked by the characteristics of an incoming or outgoing packet.
In this example, access control rule number 4 has activated the TOS filter. The TOS parameters are shown. See the add access-control command in talk 6 for a description of these parameters.
Use the aggregate command to display the aggregate routes and whether they are active.
Syntax:
Example: aggregate
IP>aggregate
Aggregate Routes
Address Mask Policy Status Metric
---------------------------------------------------------------------
10.1.0.0 255.255.0.0 UNCONDITIONAL ACTIVE 12
10.2.0.0 255.255.0.0 EAST-REGION ACTIVE 20
Status for last dynamic reconfig: 0x04
Use the aggr-policy command to display the status and the route filter policy for the specified aggregate route.
Syntax:
Example:
IP>aggr-policy
IP Address []? 10.2.0.0
IP Mask []? 255.255.0.0
Aggregate route 10.2.0.0/255.255.0.0 Policy
Status: ACTIVE Metric: 20
Sufficient Route: 10.2.1.0/255.255.255.0
Checksum 0x4859 Longest-Match Application
IP Address IP Mask Match Index Type
-----------------------------------------------------
10.2.0.0 255.255.0.0 Range 1 Include
Match Conditions: Protocol: Static
Policy Actions: Set Metric: 20
Use the cache command to display the IP routing cache, which contains recently routed destinations. If a destination is not in the cache, the router looks up the destination in the routing information table in order to make a forwarding decision.
Syntax:
Example: cache
Destination Usage Next hop
128.185.128.225 1 128.185.138.180 (Eth/0)
192.26.100.42 1 128.185.138.180 (Eth/0)
128.185.121.1 18 128.185.123.18 (PPP/0)
128.185.129.219 76 128.185.125.25 (PPP/1)
128.185.129.41 130 128.185.125.25 (PPP/1)
128.185.129.134 546 128.185.125.40 (PPP/1)
128.185.129.221 1895 128.185.125.40 (PPP/1)
128.185.129.193 96 128.185.125.40 (PPP/1)
128.197.3.4 4 128.185.123.18 (PPP/0)
128.185.128.25 98 128.185.125.41 (PPP/1)
128.185.124.121 4 128.185.124.121 (Eth/0)
128.185.136.203 95 128.185.125.39 (PPP/1)
128.185.194.4 581 128.185.125.39 (PPP/1)
128.185.123.17 2 128.185.123.17 (PPP/0)
192.26.100.42 1 128.185.125.38 (PPP/1)
128.52.22.6 2 128.185.123.18 (PPP/0)
128.197.3.2 1 128.185.123.18 (PPP/0)
128.185.126.24 61 128.185.125.25 (PPP/1)
128.185.138.150 482 128.185.125.39 (PPP/1)
128.185.123.18 152 128.185.123.18 (PPP/0)
Use the counters command to display the statistics related to the IP forwarding process. This includes a count of routing errors, along with the number of packets that have been dropped due to congestion.
Syntax:
Example: counters
Routing errors
Count Type
0 Routing table overflow
2539 Net unreachable
0 Bad subnet number
0 Bad net number
0 Unhandled broadcast
58186 Unhandled multicast
0 Unhandled directed broadcast
4048 Attempted forward of LL broadcast
Packets discarded through filter 0
IP multicasts accepted: 60592
IP input packet overflows
Net Count
Eth/0 0
FR/0 0
Use the dscache command to list the actions, stats, and order of the DiffServ flow cache.
Example: dscache actions
IP>dscache actions Source Destination Pro ProtocolInf Net TosIn/Out Action 10.1.100.1 9.1.140.1 1 T:x08 C:x00 0 x05->x05 DROP 9.1.140.1 10.1.100.1 1 FrgId:x0008 -1 x00->x15 PASS 10.1.100.1 9.1.140.1 1 FrgId:x0008 -1 x03->x15 PASS 10.1.100.1 9.1.140.1 6 1024> 23 0 xFE->x15 PASS 9.1.140.1 10.1.100.1 1 T:x03 C:x03 1 x00->x15 PASS 10.1.100.1 9.1.140.1 17 12585>33437 0 x00->x15 PASS 10.1.100.1 9.1.140.1 1 FrgId:x0010 -1 x05->x05 DROP 9.1.140.1 10.1.100.1 6 23> 1024 1 x00->x15 PASS 9.1.140.1 10.1.100.1 1 T:x00 C:x00 1 x00->x15 PASS 10.1.100.1 9.1.140.1 1 FrgId:x0009 -1 x05->x05 DROP
Example: dscache stats
IP>dscache stats Source Destination Pro ProtocolInf Net Tos RxPkts RxBytes 10.1.100.1 9.1.140.1 1 T:x08 C:x00 0 x05 2 4088 9.1.140.1 10.1.100.1 1 FrgId:x0008 -1 x00 1 26 10.1.100.1 9.1.140.1 1 FrgId:x0008 -1 x03 1 26 10.1.100.1 9.1.140.1 6 1024> 23 0 xFE 9 383 9.1.140.1 10.1.100.1 1 T:x03 C:x03 1 x00 1 56 10.1.100.1 9.1.140.1 17 12585>33437 0 x00 1 84 10.1.100.1 9.1.140.1 1 FrgId:x0010 -1 x05 1 26 9.1.140.1 10.1.100.1 6 23> 1024 1 x00 8 879 9.1.140.1 10.1.100.1 1 T:x00 C:x00 1 x00 8 6552 10.1.100.1 9.1.140.1 1 FrgId:x0009 -1 x05 1 26
Example: dscache order
IP>dscache order Source Destination Pro ProtocolInf Net Tos 10.1.100.1 9.1.140.1 6 1024> 23 0 xFE 9.1.140.1 10.1.100.1 6 23> 1024 1 x00 9.1.140.1 10.1.100.1 1 T:x03 C:x03 1 x00 10.1.100.1 9.1.140.1 17 12585>33437 0 x00 10.1.100.1 9.1.140.1 1 FrgId:x0010 -1 x05 10.1.100.1 9.1.140.1 1 T:x08 C:x00 0 x05 10.1.100.1 9.1.140.1 1 FrgId:x0009 -1 x05 9.1.140.1 10.1.100.1 1 FrgId:x0008 -1 x00 9.1.140.1 10.1.100.1 1 T:x00 C:x00 1 x00 10.1.100.1 9.1.140.1 1 FrgId:x0008 -1 x03
Use the dump command to display the IP routing table. A separate entry is printed for each reachable IP network/subnet. The IP default gateway in use (if any) is listed at the end of the display.
Syntax:
Example: dump
Type Dest net Mask Cost Age Next hop(s)
SPE1 0.0.0.0 00000000 4 3 128.185.138.39 (2)
SPF* 128.185.138.0 FFFFFF00 1 1 Eth/0
Sbnt 128.185.0.0 FFFF0000 1 0 None
SPF 128.185.123.0 FFFFFF00 3 3 128.185.138.39 (2)
SPF 128.185.124.0 FFFFFF00 3 3 128.185.138.39 (2)
SPF 192.26.100.0 FFFFFF00 3 3 128.185.131.10 (2)
RIP 197.3.2.0 FFFFFF00 10 30 128.185.131.10
RIP 192.9.3.0 FFFFFF00 4 30 128.185.138.21
Del 128.185.195.0 FFFFFF00 16 270 None
Default gateway in use.
Type Cost Age Next hop
SPE1 4 3 128.185.138.39
Routing table size: 768 nets (36864 bytes), 36 nets known
Sbnt - Indicates that the network is subnetted; such an entry is a place-holder only.
Dir - Indicates a directly connected network or subnet.
RIP - Indicates that the route was learned through the RIP protocol.
Del - Indicates that the route has been deleted.
Stat - Indicates a statically configured route.
BGP - Indicates routes learned through the BGP protocol.
BGPR - Indicates routes learned through the BGP protocol that are readvertised by OSPF and RIP.
Fltr - Indicates a routing filter.
SPF - Indicates that the route is an OSPF intra-area route.
SPIA - Indicates that it is an OSPF inter-area route.
SPE1, SPE2 - Indicates OSPF external routes (type 1 and 2 respectively)
Rnge - Indicates a route type that is an active OSPF area address range and is not used in forwarding packets.
An asterisk (*) after the route type indicates that the route has a static or directly connected backup. A percent sign (%) after the route type indicates that RIP updates will always be accepted for this network/subnet.
A number in parentheses at the end of the column indicates the number of equal-cost routes to the destination. The first hops belonging to these routes can be displayed with the IP route command.
Use the igmp command to display IGMP counters and operational parameters for IGMP.
Syntax:
Example:
IP+ igmp counters
Net Querier Polls Sent Polls Rcvd Reports Rcvd
--- ------- ---------- ---------- ------------
0 Y 4973 0 0
2 N 1 4921 0
5 Y 4972 0 0
Example:
IP+ igmp parameters
Net Robustness Query Response Leave Query
Variable Interval Interval Interval
(secs) (secs) (secs)
--- ---------- -------- -------- -----------
0 2 125 10 1
2 2 125 10 1
5 2 125 10 1
Use the interface addresses command to display the router's IP interface addresses. Each address is listed together with its corresponding hardware interface and IP address mask. If the bridge interface used for bridging and routing on the same interface has been assigned an IP address, it will also be listed. The bridge interface is identified by BDG/0.
Hardware interfaces having no configured IP interface addresses will not be used by the IP forwarding process; they are listed as Not an IN net. There is one exception. Serial lines need not be assigned IP interface addresses in order to forward IP traffic. Such serial lines are called unnumbered. They show up as having address 0.0.0.0.
Syntax:
Example: interface
Interface IP Address(es) Mask(s) Address- MTU
TKR/0 133.1.169.2 255.255.252.0 Unspecified
FR/0 133.1.167.2 255.255.254.0 Unspecified
Use the packet-filter command to display information defined for a specific packet filter, or for all filters. Packet-filters are interface-specific lists of access control records. Interfaces are identified by interface numbers, except for the bridge interface used for routing and bridging on the same interface. It is identified by BDG/0.
Syntax:
IPv4 Example: packet-filter pf-in-0
Name Direction Interface State SRC-Addr-Check #Access-Controls
pf-in-0 Out 0 On N/A 3
Access Control is: enabled
Access Control run 563 times, 271 cache hits
List of access control records:
0 Type=IN Source=10.1.1.1 Dest=10.1.1.2 Prot=0-255
Mask=255.255.255.255 Mask=255.255.255.254 Use=71
Sports= N/A Dports= N/A
Log=Yes ELS=N SNMP=Y SLOG=L(Emergency)
Trace=Enabled
1 Type=I Source=9.67.1.5 Dest=9.37.192.1 Prot=6-255
Mask=255.255.255.255 Mask=255.255.255.255 Use=15
Sports= N/A Dports= N/A
Log=Yes ELS=L SNMP=N SLOG=L(Debug)
2 Type=I Source=0.0.0.0 Dest=0.0.0.0 Prot=0-255
Mask=255.255.255.255 Mask=255.255.255.255 Use=477
Sports= 0-65535 Dports= 1-65535
Log=N
IPv6 Example: packet-filter
pf-in-0
Name Direction Interface #Access-Controls
pf-in-0 In 0 2
Access Control currently enabled
Access Control run 8 times, 7 cache hits
List of access control records:
Beg End Beg End
Ty Source Mask Destination Mask PPP PPP Port Port Use
0 I 0.0.0.0 00000000 192.67.67.20 00000000 6 6 25 25 0
1 E 150.150.1.0 FFFFFF00 150.150.2.0 00000000 0 255 0 655 0
2 I 0.0.0.0 00000000 0.0.0.0 00000000 89 89 0 655 27
Trace=Enabled
Use the parameters command to list the values of various parameters.
Example:
IP> parameters ARP-SUBNET-ROUTING : disabled ARP-NET-ROUTING : disabled CLASSLESS : disabled DIRECTED-BROADCAST : enabled DSCACHE-SIZE : 64 entries ECHO-REPLY : enabled FRAGMENT-OFFSET-CHECK : disabled PER-PACKET-MULTIPATH : disabled REASSEMBLY-SIZE : 12000 bytes RECORD-ROUTE : enabled ROUTING TABLE-SIZE : 768 entries (52224 bytes) (Routing) CACHE-SIZE : 64 entries SAME-SUBNET : disabled SOURCE-ROUTING : enabled TIMESTAMP : enabled TTL : 64 IP>
Use the ping command to have the router send ICMP Echo messages to a given destination (that is, "pinging") and watch for a response. This command can be used to isolate trouble in the internetwork.
Syntax:
The ping process is done continuously, incrementing the ICMP sequence number with each additional packet. Each matching received ICMP Echo response is reported with its sequence number and the round-trip time. The granularity (time resolution) of the round-trip time calculation is usually around 20 milliseconds, depending on the platform.
To stop the ping process, type any character at the console. At that time, a summary of packet loss, round-trip time, and number of unreachable ICMP destinations will be displayed.
When a broadcast or multicast address is given as destination, there may be multiple responses printed for each packet sent, one for each group member. Each returned response is displayed with the source address of the responder.
You can specify the size of the ping (number of data bytes in the ICMP message, excluding the ICMP header), value of the data, time-to-live (TTL) value, rate of pinging, and TOS bits to set. You can also specify the source IP address. If you do not specify the source IP address, the router uses its local address on the outgoing interface to the specified destination. If you are validating connectivity from any of the router's other interfaces to the destination, enter the IP address for that interface as the source address.
Only the destination parameter is required; all other parameters are optional. By default the size is 56 bytes, the TTL is 64, the rate is 1 ping per second, and the TOS setting is 0. The first 4 bytes of the ICMP data are used for a timestamp. By default the remaining data is a series of bytes with values that are incremented by 1, starting at X'04', and rolling over from X'FF' to X'00' (for example, X'04 05 06 07 . . . FC FD FE FF 00 01 02 03 . . .'). These values are incremented only when the default is used; if the data byte value is specified, all of the ICMP data (except for the first 4 bytes) is set to that value and that value is not incremented. For example, if you set the data byte value to X'FF', the ICMP data is a series of bytes with the value X'FF FF FF . . .'.
Example:
IP> ping Destination IP address [0.0.0.0]? 192.9.200.1 Source IP address [192.9.200.77]? Ping data size in bytes [56]? Ping TTL [64]? Ping rate in seconds [1]? Ping TOS (00-FF) [0]? e0 Ping data byte value (00-FF) [ ]? PING 192.9.200.77-> 192.9.200.1:56 data bytes,ttl=64,every 1 sec. 56 data bytes from 192.9.200.1:icmp_seq=0.ttl=255.time=0.ms 56 data bytes from 192.9.200.1:icmp_seq=1.ttl=255.time=0.ms 56 data bytes from 192.9.200.1:icmp_seq=2.ttl=255.time=0.ms ----192.9.200.1 PING Statistics---- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max=0/0/0 ms IP> IP>ping
Use the redundant default gateway command to display the redundant Default IP Gateways configured for each interface.
Syntax:
Example:
Redundant Default IP Gateways for each interface: inf 3 22.2.2.6 255.0.0.0 00.00.00.00.00.AB backup standby inf 4 11.1.1.6 255.0.0.0 00.00.00.00.00.BA primary active
| Note: | Type can be "Primary" or "Backup". Status can be "Active" or "Standby". |
Use the reset IP command to make effective certain IP and RIP configuration changes.
Syntax:
Example:
IP>interface
Interface IP Address(es) Mask(s)
Eth/0 30.1.1.2 255.255.255.0
30.1.1.1 255.255.255.0
153.2.2.25 255.255.255.240
IP>
*talk 6
IP config>add address 0 5.1.1.1 255.255.0.0
IP config>
*talk 5
IP>reset ip
IP>interface
Interface IP Address(es) Mask(s)
Eth/0 5.1.1.1 255.255.0.0
30.1.1.2 255.255.255.0
30.1.1.1 255.255.255.0
153.2.2.25 255.255.255.240
IP>
Use the rip command to display the RIP protocol status detail.
Syntax:
Example:
IP>rip
RIP Interfaces
Interface-Addr Interface-Mask Version In Out Send-Flags Receive-Flags
10.69.1.2 255.255.255.0 1 1 0 D,P
200.1.1.2 255.255.255.0 2 1 0 Policy,P Policy
Send Flags: N=Network S=Subnet H=Host St=Static D=Default O=Outage-Only
P=PoisonReverse Policy=Send-Policy
Recv Flags: N=Network S=Subnet H=Host OSt=Override-Static OD=Override-Default
Policy=Receive-Policy
RIP Policy
Interface-Address Send Policy Receive-Policy
10.69.1.2 rip-global-send rip-global-recv
200.1.1.2 rip-send rip-receive
RIP global receive policy: rip-global-recv
RIP global send policy: rip-global-send
RIP never originates a default route
Use the rip-policy command to display the RIP policy that is currently applicable to the specified interface.
Syntax:
Example:
IP>rip-policy
For which interface [0.0.0.0]? 200.1.1.2
Interface Send Policy: rip-send for 200.1.1.2
Checksum 0x8637 Longest-Match Application
IP Address IP Mask Match Index Type
-----------------------------------------------------
0.0.0.0 0.0.0.0 Range 1 Include
Match Conditions: Protocol: BGP
Policy Actions: Set Manual Tag: 0xACEEACEE
Set Metric: 3
Interface Receive Policy: rip-receive for 200.1.1.2
Checksum 0x5049 Longest-Match Application
IP Address IP Mask Match Index Type
-----------------------------------------------------
0.0.0.0 0.0.0.0 Range 1 Include
Match Conditions: Source Gateway IP Address Range: 200.1.1.1/255.255.255.255
Use the route command to display the route (if one exists) to a given IP destination. If a route exists, the IP addresses of the next hops are displayed, along with detailed information concerning the matching routing table entry. (See the IP dump command.)
Syntax:
Example: route 133.1.167.2
Destination: 133.1.166.0
Mask: 255.255.254.0
Route type: SPF
Distance: 1
Age: 1
Tag: 0
Next hop(s): 133.1.167.2 (FR/0)
Example: route 128.185.230.0
Destination: 128.185.230.0
Mask: 255.255.255.0
Route type: SPF
Distance: 1
Age: 1
Next hop(s): 128.185.230.0 (TKR/0)
Example: route 128.185.232.0
Destination: 128.185.232.0
Mask: 255.255.255.0
Route type: RIP
Distance: 3
Age: 0
Next hop(s): 128.185.146.4 (Eth/0)
Use the route-table-filtering command to display whether or not route table filtering is enabled and list any defined route table filters.
Syntax:
Example: route-table-filtering
IP>route-table-filtering Route Filters Destination Mask Match Type 10.1.1.0 255.255.255.0 BOTH E 10.1.1.1 255.255.255.255 EXACT I 50.0.0.0 255.0.0.0 BOTH E 50.50.0.0 255.255.0.0 BOTH I IP>
Use the sizes command to display the configured sizes of specific IP parameters.
Example: sizes
Routing table size: 768
Table entries used: 3
Reassembly size: 12000
Largest reassembled pkt: 0
Size of routing cache: 64
# of cache entries in use: 0
Use the static routes command to display the list of configured static routes. Configured default gateways and default subnet gateways are also listed.
Each static route's destination is specified by an address-mask pair. Default gateways appear as static routes to destination 0.0.0.0 with mask 0.0.0.0. Default subnet gateways also appear as static routes to the entire IP subnetted network.
The following example shows a configured default gateway, a configured default subnet gateway (assuming 128.185.0.0 is subnetted), and a static route to network 192.9.10.0.
Syntax:
IP>static routes
Net Mask Cost Next hop
1.1.0.0 255.255.0.0 1 10.1.1.1 TKR/0
2 20.1.1.1 TKR/1
3 30.1.1.1 TKR/2
2.2.0.0 255.255.0.0 10 10.2.2.2 TKR/0
3.3.0.0 255.255.0.0 100 10.3.3.3 TKR/0
200 20.3.3.3 TKR/1
IP>
Use the traceroute command to display the entire path to a given destination, hop by hop. For each successive hop, traceroute sends out a default of three probes and prints the IP address of the responder, together with the round-trip time associated with the response. If a particular probe receives no response, an asterisk is displayed. Each line in the display relates to this set of three probes, with the left-most number indicating the distance from the router executing the command (in router hops).
The traceroute is done whenever the destination is reached, an ICMP Destination Unreachable is received, or the path length reaches a default maximum of 32 router hops.
When a probe receives an unexpected result, several indications can be displayed. "!N" indicates that an ICMP Destination Unreachable (net unreachable) has been received. "!H" indicates that an ICMP Destination Unreachable (host unreachable) has been received. "!P" indicates that an ICMP Destination Unreachable (protocol unreachable) has been received; because the probe is a UDP packet sent to a strange port, a port unreachable is expected. "!" indicates that the destination has been reached, but the reply sent by the destination has been received with a TTL of 1. This usually indicates an error in the destination, prevalent in some versions of UNIX, whereby the destination is inserting the probe's TTL in its replies. This unfortunately leads to a number of lines consisting solely of asterisks before the destination is finally reached.
Syntax:
Example:
IP> traceroute Destination IP address [0.0.0.0]? 128.185.142.239 Source IP address [128.185.142.1]? Data size in bytes [56]? Number of probes per hop [3]? Wait time between retries in seconds [3]? Maximum TTL [32]? Traceroute TOS (00-FF) [0]? 10 TRACEROUTE 128.185.142.1 -> 128.185.142.239: 56 data bytes 1 128.185.142.7 16 ms 0 ms 0 ms 2 128.185.123.22 16 ms 0 ms 16 ms 3 * * * 4 * * * 5 128.185.124.110 16 ms ! 0 ms ! 0 ms !
Use the UDP-forwarding command to display the UDP port and addresses that you added using the add udp-destination command or the enable udp-forwarding command.
Syntax:
Example: udp-forwarding
UDP Port IP Address
35 20.2.1.1
20 22.2.1.2
Use the VRID command to display the detailed status for a specific virtual router identified by an interface address and VRID. Note that three gratuitous ARPs are sent when the master router notifies the hosts that it is using its burned-in hardware MAC address as the VRID virtual MAC address.
Syntax:
Example:
IP>vrid 153.2.2.25 1
--- Detailed VRID Information ----
Interface address: 153.2.2.25
Interface mask: 255.255.255.240
VRID: 1
VRID State: MASTER
Virtual MAC Address: 10:00:5A:63:3B:88
Source MAC Address: 10:00:5A:63:3B:88
Ethernet V2 Interface: UP
Preempt mode active
Priority: 255 Advertise interval: 1
Advertise Timer: 1 Skew (in ticks): 0
Authentication Type: NONE Authentication Key:
State transitions: 2 Advertisements out: 9
Advertisements in: 0 Advertisements error: 0
ARPs Modified: 0 Gratuitous ARPs: 3
VRID Address: 153.2.2.25
Use the VRRP command to display summary information
Syntax:
Example:
--VRID Summary--
IP address VRID State Advertise Master-Dead Address(es)
153.2.2.25 1 MASTER 1 N/A 153.2.2.25
5.1.1.1
This section describes dynamic reconfiguration (DR) as it affects Talk 6 and Talk 5 commands.
Internet Protocol (IP) supports the CONFIG (Talk 6) delete interface command with no restrictions.
IP supports the GWCON (Talk 5) activate interface command with the following considerations:
All IP interface-specific commands are supported by the GWCON (Talk 5) activate interface command.
IP supports the GWCON (Talk 5) reset interface command with the following considerations:
All IP interface-specific commands are supported by the GWCON (Talk 5) reset interface command.
IP supports the following IP-specific GWCON (Talk 5) reset commands:
All IP configuration changes are automatically activated except the
following:
| Commands whose changes are not activated by the GWCON, protocol ip, reset ip command |
| CONFIG, protocol ip, add filter |
| CONFIG, protocol ip, add route |
| CONFIG, protocol ip, change route |
| CONFIG, protocol ip, delete filter |
| CONFIG, protocol ip, delete route |
IP supports the following CONFIG commands that immediately change the
operational state of the device. These changes are saved and are
preserved if the device is reloaded, restarted, or you execute a dynamically
reconfigurable command.
| Commands |
| CONFIG, protocol ip, add filter |
| CONFIG, protocol ip, add route |
| CONFIG, protocol ip, change route |
| CONFIG, protocol ip, delete filter |
| CONFIG, protocol ip, delete route |
| CONFIG, protocol ip, disable icmp-redirect |
| CONFIG, protocol ip, enable icmp-redirect |
| CONFIG, protocol ip, set ttl |
The following table describes the Internet Protocol (IP) configuration
commands that cannot be dynamically changed. To activate these
commands, you need to reload or restart the device.
| Commands |
| CONFIG, protocol ip, add distributed default gateway |
| CONFIG, protocol ip, add redundant default gateway |
| CONFIG, protocol ip, add route-table-filter |
| CONFIG, protocol ip, delete default network-gateway |
| CONFIG, protocol ip, delete default subnet-gateway |
| CONFIG, protocol ip, delete distributed default gateway |
| CONFIG, protocol ip, delete redundant default gateway |
| CONFIG, protocol ip, delete route-table-filter |
| CONFIG, protocol ip, disable arp-net-routing |
| CONFIG, protocol ip, disable arp-subnet-routing |
| CONFIG, protocol ip, disable classless |
| CONFIG, protocol ip, disable per-packet-multipath |
| CONFIG, protocol ip, disable route-table-filtering |
| CONFIG, protocol ip, disable simple-internet-access |
| CONFIG, protocol ip, enable arp-net-routing |
| CONFIG, protocol ip, enable arp-subnet-routing |
| CONFIG, protocol ip, enable classless |
| CONFIG, protocol ip, enable per-packet-multipath |
| CONFIG, protocol ip, enable route-table-filtering |
| CONFIG, protocol ip, enable simple-internet-access |
| CONFIG, protocol ip, set cache-size |
| CONFIG, protocol ip, set default network-gateway |
| CONFIG, protocol ip, set default subnet-gateway |
| CONFIG, protocol ip, set dscache-size |
| CONFIG, protocol ip, set internal-ip-address |
| CONFIG, protocol ip, set reassembly-size |
| CONFIG, protocol ip, set router-id |
| CONFIG, protocol ip, set routing table-size |
This section describes dynamic reconfiguration (DR) as it affects Talk 6 and Talk 5 commands.
Routing Information Protocol (RIP) supports the CONFIG (Talk 6) delete interface command with the following consideration:
Route policy records associated with the interface are not automatically deleted when an interface is deleted.
RIP supports the GWCON (Talk 5) activate interface command with the following consideration:
RIP must be globally enabled before RIP can be activated on a network interface.
All RIP interface-specific commands are supported by the GWCON (Talk 5) activate interface command.
RIP supports the GWCON (Talk 5) reset interface command with the following consideration:
RIP must be globally enabled before RIP can be activated on a network interface.
All RIP interface-specific commands are supported by the GWCON (Talk 5) reset interface command.
RIP supports the following RIP-specific GWCON (Talk 5) reset commands:
All RIP commands are supported by the GWCON, protocol ip, reset ip command.