This chapter describes the IP configuring and monitoring commands. It includes the following sections:
To access the IP configuration environment, enter the following command at the Config> prompt:
Config> Protocol IP Internet protocol user configuration IP config>
This section describes the IP configuration commands. These commands
allow you to modify the IP protocol behavior to meet your specific
requirements. Some amount of configuration is necessary to produce a
fully functional IP router. Enter IP configuration commands at the
IP config> prompt.
Table 56. IP Configuration Commands Summary
| Command | Function |
|---|---|
| ? (Help) | Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help". |
| Add | Adds to the IP configuration information. Interface addresses can be added, along with access controls, filters, and packet-filters. |
| Change | Modifies information that was originally entered with the add command. |
| Delete | Deletes IP configuration information that had been entered with the add command. |
| Disable | Disables certain IP features that have been turned on by the enable command. |
| Enable | Enables IP features such as ARP subnet routing, UDP Forwarding, originate default, directed broadcasts, BOOTP, the various RIP flags controlling the sending and receiving of RIP information, diffserv, and route-table-filtering. |
| List | Displays IP configuration items. |
| Move | Changes the order of access control records. |
| Set | Establishes IP configuration modes such as the use of access control and the format of broadcast addresses. Also sets IP parameters such as TTL (time-to-live) of packets originated by the router, the size of the IP routing table, and RIP interface metrics. |
| Update | Used to assign access control entries to packet filters. |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
This topic enables you to determine which IP
configuration (Talk 6) commands become effective immediately and which
commands remain pending until you issue the Talk 5 reset ip command
to a router. Table 57 lists both categories of commands. Any commands that
are not listed in the table remain pending until you issue a reload
command.
Table 57. IP Configuration Command Response
| Effective Immediately | Effective at Reset |
|---|---|
| add route | add accept-rip-route ... |
| change route | add access-control ... |
| delete route | add address |
| disable icmp-redirect | add bootp-server |
| enable icmp-redirect | add packet-filter |
| set ttl | add udp-destination |
|
| add vrid ... |
|
| add vr-address |
|
| change access-control ... |
|
| change address ... |
|
| delete accept-rip-route ... |
|
| delete access-control ... |
|
| delete address ... |
|
| delete bootp-server |
|
| delete packet-filter |
|
| delete udp-destination |
|
| delete vrid ... |
|
| delete vr-address ... |
|
| disable bootp-forwarding |
|
| disable directed-broadcast |
|
| disable echo-reply |
|
| disable fragment-offset-check |
|
| disable icmp-redirect |
|
| disable nexthop-awareness ... |
|
| disable override default/static-routes... |
|
| disable packet-filter |
|
| disable receiving ... |
|
| disable record-route |
|
| disable rip |
|
| disable rip2 |
|
| disable same-subnet |
|
| disable sending ... |
|
| disable source-addr-verification |
|
| disable source-routing |
|
| disable timestamp |
|
| disable trace |
|
| disable udp-forwarding |
|
| disable vrrp ... |
|
| enable bootp-forwarding |
|
| enable directed-broadcast |
|
| enable echo-reply |
|
| enable fragment-offset-check ... |
|
| enable icmp-redirect |
|
| enable nexthop-awareness |
|
| enable override ... |
|
| enable packet-filter |
|
| enable receiving ... |
|
| enable record-route |
|
| enable rip |
|
| enable rip2 |
|
| enable same-subnet |
|
| enable sending ... |
|
| enable source-address-verification |
|
| enable source-routing |
|
| enable timestamp |
|
| enable trace |
|
| enable udp-forwarding |
|
| enable vrrp ... |
|
| move access-control ... |
|
| set access-control ... |
|
| set access-control log-facility |
|
| set broadcast-address ... |
|
| set originate-rip-default |
|
| set rip-in-metric |
|
| set rip-out-metric |
|
| set tag ... |
|
| set ttl |
|
| update packet-filter ... |
Use the add command to add IP information to your configuration.
Syntax:
Valid Values: any valid IP address
Default Value: none
Example:
add accept-rip-route
Network number [0.0.0.0]? 10.0.0.0
Specify Include to cause the router to receive a packet and to forward it if it matches criteria in the remaining arguments.
Specify Exclude to cause the router to discard the packets.
Default Value: none
Default Value: none
Default Value: none
Default Value: none
Some commonly used protocol numbers are:
Valid Values: 0 to 255
Default Value: 0
Some commonly used protocol numbers are:
Valid Values: 0 to 255
Default Value: 255
Some commonly used port numbers are:
Valid Values: a port number in the range of 0 - 65535
Default Value: 0
Some commonly used port numbers are:
Valid Values: a port number in the range 0 to 65535
Default Value: 65535
Internet source [0.0.0.0]? Source mask [255.255.255.255]? Internet destination [0.0.0.0]? Destination mask [255.255.255.255]? Enter starting protocol number ([CR] for all) [-1]? IP config>
You must specify an IP address together with its subnet mask. For example, if the address is on a class B network, using the third byte for subnetting, the mask would be 255.255.255.0. Use the List Devices option to obtain the appropriate option interface-number.
Default Value: none
Default Value: none
Default Value: none
Example: add address 0 128.185.123.22 255.255.255.0
Default Value: none
Example: add bootp-server 128.185.123.22
Valid Values: net numbers of LEC interfaces
Default Value: none
Valid Values: IP addresses used as default gateways
Default Value: 0.0.0.0
Valid Values: any valid IP net mask
Default Value: 0.0.0.0
Default Value: 00.00.00.00.00.00
This query asks whether the gateway on this device is the primary gateway active during the normal operation of the network, or the backup gateway that is active when the LEC interface containing the primary gateway is not operational. Answering Yes configures a primary gateway. There should be only one primary gateway per ELAN.
Valid Values Yes or No
Default Value: No
Example: add distributed
Which net is this distributed gateway for [0]? 1 IP address of gateway [0.0.0.0]? 9.67.205.1 Address mask [255.255.0.0]? 255.255.240.0 MAC address [00.00.00.00.00.00.]? 00.00.00.00.00.BA Is this the primary gateway [No]? Yes or No
The effect of this command is immediate; you do not have to reboot the router for it to take effect.
Default Value: none
Default Value: 0.0.0.0
Example: add filter 127.0.0.0 255.0.0.0
You can include dashes (-) and underscores (_) in the name.
Default Value: none
OUT filters outgoing traffic.
Default Value: none
Example: add packet-filter
Packet-filter name [ ]? filt-1-0 Filter incoming or outgoing traffic? [IN]? Which interface is this filter for [0]? 1
Valid Values: net numbers of LEC interfaces
Default Value: none
Valid Values: IP addresses used as default gateways
Default Value: 0.0.0.0
Valid Values: any valid IP net mask
Default Value: 0.0.0.0
| Note: | The primary gateway and the backup gateway must have the same MAC address |
Default Value: 00.00.00.00.00.00
This query asks whether the gateway on this device is the primary gateway active during the normal operation of the network, or the backup gateway that is active when the LEC interface containing the primary gateway is not operational. Answering Yes configures a primary gateway. There should be only one primary gateway per ELAN.
Valid Values Yes or No
Default Value: No
Example: add redundant
Which net is this redundant gateway for [0]? 1 IP address of gateway [0.0.0.0]? 9.67.205.1 Address mask [255.255.0.0]? 255.255.240.0 MAC address [00.00.00.00.00.00.]? 00.00.00.00.00.BA Is this the primary gateway [No]? Yes or No
The destination is specified by an IP address (dest-addr) together with an address mask (dest-mask). If the destination IP address is a network address, then the dest-mask must be a network mask. If the destination IP address is a subnet address, then the dest-mask must be a subnet mask. Finally, if the destination IP address is a host address, then the dest-mask must be a host mask (which means that the only valid value is 255.255.255.255). The dest-mask must be accurate; if it is not, the static route will not be accepted.
The route to the destination is specified by the IP address of the next hop (next-hop), and the cost (cost) of routing the packet to the destination. The next hop must be on the same (sub)net as one of the router's directly connected interfaces. Static routes are always overridden by routes learned through OSPF, but, by default, routes learned through RIP do not override static routes. However, you can enable or disable routes learned through RIP to override static routes by using the enable override static-routes or disable override static-routes commands. This command takes effect immediately; you do not have to reboot the router.
Default Value: none
Default Value: none
Default Value: none
Default Value: 1
Example:
IP config> add route
IP destination []? 1.1.0.0
Address mask [255.0.0.0]? 255.255.0.0
Via gateway 1 at []? 10.1.1.1
Cost [1]? 1
Via gateway 2 at []?
IP config> add route 1.1.0.0 255.255.0.0
Via gateway 2 at []? 20.1.1.1
Cost [1]? 2
Via gateway 3 at []? 30.1.1.1
Cost [1]? 3
Via gateway 4 at []?
IP config> add route 2.2.0.0 255.255.0.0 10.2.2.2 1 20.2.2.2 2
IP config> list routes
route to 1.1.0.0 ,255.255.0.0 via 10.1.1.1 cost 1
via 20.1.1.1 cost 2
via 30.1.1.1 cost 3
route to 2.2.0.0 ,255.255.0.0 via 10.2.2.2 cost 1
via 20.2.2.2 cost 2
IP config>
Valid Values: any 1-to-15-character ASCII string
Default Value: none
Valid Values: Yes or No
Default Value: No
Default Value: both exclude
Valid Values: Any configured IP interface.
Default Value: none
Valid Values: 1-255
Default Value: none
Valid Values: 1-255
Default Value: 1
Valid Values: Yes or No
Default Value: No
Valid Values: Any valid IP address.
Default Value: none
Valid Values: 1-254
Default Value: 100
Valid Values: Yes or No
Default Value: No
Valid Values: none, simple
Default Value: none
Valid Values: Any 1 - 8 characters.
Default Value: A null string.
Valid Values: Any configured IP interface.
Default Value: none
Valid Values: 1 to 255
Default Value: none
Valid Values: Any IP address.
Default Value: none
Example: add vr-address
IP config>add vr-address IP Interface [ ]? 153.2.2.25 Virtual Router ID (1-255) [0]? 1 Additional IP Address [ ]? 5.1.1.1 VRID 153.2.2.25/1 address 5.1.1.1 added successfully.
Use the change command to change an IP configuration item previously installed by the add command. In general, you must specify the item you want to change, just as you specified the item with the add command.
Syntax:
Enter type [E]? i
Internet source [1.1.1.1]?
Source mask [255.255.255.255]?
Internet destination [2.2.2.2]?
Destination mask [255.255.255.255]?
Enter starting protocol number [6]?
Enter ending protocol number [6]?
Enter starting port number [23]?
Enter ending port number [23]?
Valid IP addresses:
Default Value: none
Default Value: none
Default Value: none
Example: change address 192.9.1.1 128.185.123.22 255.255.255.0
Modifies either the next hops or the costs associated with the configured static routes to the specified destination. The effect of this command is immediate; you do not have to reboot the router for it to take effect.
Default Value: none
Default Value: none
Default Value: none
Default Value: 1
Example:
IP config>list routes
route to 1.1.0.0 ,255.255.0.0 via 10.1.1.1 cost 1
via 20.1.1.1 cost 2
via 30.1.1.1 cost 3
route to 2.2.0.0 ,255.255.0.0 via 10.2.2.2 cost 1
via 20.2.2.2 cost 2
IP config>change route
IP destination []? 1.1.0.0
Address mask [255.0.0.0]? 255.255.0.0
Via gateway 1 at [.10.1.1.1]? 10.10.10.1
Cost [1]? 10
Via gateway 2 at [20.1.1.1]? 20.20.20.1
Cost [2]? 20
Via gateway 3 at [30.1.1.1]? 30.30.30.1
Cost [3]? 30
Via gateway 4 at []? 40.40.40.1
Cost [1]? 40
IP config>change route 2.2.0.0 255.255.0.0 10.10.10.2 10
IP config>list routes
route to 1.1.0.0 ,255.255.0.0 via 10.10.10.1 cost 10
via 20.20.20.1 cost 20
via 30.30.30.1 cost 30
via 40.40.40.1 cost 40
route to 2.2.0.0 ,255.255.0.0 via 10.10.10.2 cost 10
Use the delete command to delete an IP configuration item previously installed by the add command. In general, you must specify the item you want to delete, just as you specified the item with the add command.
Syntax:
Valid Values: Any IP address contained in the list of accepted networks.
Default Value: none
Example: delete accept-rip-route 10.0.0.0
Example: delete access-control 2
Valid Values: any valid IP address
Default Value: none
Example: delete address 128.185.123.22
Valid Values: any configured BOOTP server IP address
Default Value: 0.0.0.0
Example: delete bootp-server 128.185.123.22
Valid Values: any valid IP address
Default Value: 0.0.0.0
Example: delete default subnet-gateway 128.185.0.0
Default Value: none
Example:
Enter the Net number of distributed Gateway to delete:? 1 Gateway deleted.
Default Value: 0.0.0.0
Default Value: none
Example: delete filter 127.0.0.0
Address mask [0.0.0.0]? 255.0.0.0
Valid Values: any 16-character name.
You can include dashes (-) and underscores (_) in the name.
Default Value: none
Example:
IP config> delete packet-filter pf-in-0 All access controls defined for 'pf-in-0' will also be deleted. Are you sure you want to delete (Yes or [No]): y Deleted IP config>
Default Value: none
Example:
Enter the Net number of Redundant Gateway to delete:? 1 Gateway deleted.
Default Value: none
Default Value: none
Default Value: No
Example:
IP config>list routes
route to 1.1.0.0 ,255.255.0.0 via 10.10.10.1 cost 10
via 20.20.20.1 cost 20
via 30.30.30.1 cost 30
via 40.40.40.1 cost 40
route to 2.2.0.0 ,255.255.0.0 via 10.10.10.1 cost 10
IP config>delete route 1.1.0.0 255.255.0.0
Delete gateway 10.10.10.1? [No]:
Delete gateway 20.20.20.1? [No]: y
Delete gateway 30.30.30.1? [No]:
Delete gateway 40.40.40.1? [No]: y
IP config>delete route 2.2.0.0 255.255.0.0
IP config>delete route 1.1.0.0 255.255.0.0 n y
IP config>list routes
route to 1.1.0.0 ,255.255.0.0 via 10.10.10.1 cost 10
IP config>
Default Value: none
Default Value: none
Default Value: none
Example: delete route-table-filter
IP config>delete route-table-filter Route Filter IP address []? 7.0.0.0 Route Filter IP mask []? 255.0.0.0 Enter Match type (B, E, or M) [B]? Enter Definition type (I or E) [E]? Route filter deleted IP config>
Valid Values: Any configured IP interface.
Default Value: none
Valid Values: 1-255
Default Value: none
IP config>delete vrid IP Interface [ ]? 153.2.2.25 Virtual Router ID (1-255) [0]? 1 VRID 153.2.2.25/1 deleted.
Valid Values: Any configured IP interface.
Default Value: none
Valid Values: 1-255
Default Value: none
Valid Values: Any IP address.
Default Value: none
Example:
IP config>delete vr-address IP Interface [ ]? 153.2.2.25 Virtual Router ID (1-255) [0]? 1 IP Address to delete [ ]? 5.1.1.1 VRID 153.2.2.25/1 addr 5.1.1.1 deleted.
Use the disable command to disable IP features previously enabled by the enable command.
Syntax:
Example: disable arp-net-routing
Example: disable arp-subnet-routing
Example: disable bootp-forwarding
| Note: | Forwarding and exploding cannot be disabled separately. |
Example: disable directed-broadcast
Example: disable echo-reply
Default Value: none
Example:
IP config> disable icmp-redirect Interface address (NULL for all) []? 192.9.200.44 IP config>
Default Value: none
Example:
IP config>disable nexthop-awareness 1.1.1.1 IP config>disable nexthop-awareness Interface address []? 2.2.2.2 IP config>
Default Value: none
Example: disable override default 128.185.123.22
Default Value: None
Example: disable packet-filter pf-in-0
Default Value: none
Example: disable receiving rip 128.185.123.22
Default Value: none
Example: disable receiving dynamic nets 128.185.123.22
Example: disable rip
Valid Values: any valid IP address
Default Value: none
Example: disable rip2 128.185.123.22
Example: disable route-table-filtering
Example: disable same-subnet
Default Value: none
Example: disable sending net-routes 128.185.123.22
Default Value: none
Example: disable sending rip1-routes-only 128.185.123.22
Example: disable source-routing
Default: UDP forwarding is disabled for all port numbers.
Default Value: 0
Example: disable vrrp
Use the enable command to activate IP features, capabilities, and information added to your IP configuration.
Syntax:
Example: enable arp-net-routing
The way ARP subnet routing works is as follows. When a subnet-incapable host wants to send an IP packet to a destination on a remote subnet, it does not realize that it should send the packet to a router. The subnet-incapable host therefore simply broadcasts an ARP request. This ARP request is received by the router. The router responds as the destination (hence the name proxy) if both arp-subnet-routing is enabled and if the next hop to the destination is over a different interface than the interface receiving the ARP request.
If there are no hosts on your LAN that are "subnet-incapable," do not enable ARP-subnet routing. If ARP subnet routing is needed on a LAN, it should be enabled on all routers on that LAN.
Example: enable arp-subnet-routing
Example: enable bootp-forwarding
Maximum number of forwarding hops [4]?
Minimum seconds before forwarding [0]?
Default: 4
Default Value: 0
Example: enable classless
| Note: | Forwarding and exploding cannot be implemented separately. Also, the router will not forward all-subnets IP broadcasts. |
Example: enable directed-broadcast
Example: enable echo-reply
Default Value: none
Example:
IP config> enable icmp-redirect Interface address (NULL for all) []? 192.9.200.44 IP config>
Default Value: disabled
Example:
IP config>enable nexthop-awareness 1.1.1.1 IP config>enable nexthop-awareness Interface address []? 2.2.2.2 IP config>
Default Value: none
Example: enable override default 128.185.123.22
Default Value: none
Example: enable override static-routes 128.185.123.22
Default Value: none
Example: enable packet-filter pf-in-0
If you invoke the disable receiving rip command, no RIP updates will be accepted on interface ip-interface-address address.
Default Value: none
Example: enable receiving rip 128.185.123.22
If you invoke the disable receiving dynamic nets command, for RIP updates received on interface ip-interface-address, the router will not accept any network-level routes unless they have been specified in an add accept-rip-route command.
Default Value: none
Example: enable receiving dynamic nets 128.185.123.22
If you invoke the disable receiving dynamic subnets command, for RIP updates received on interface ip-interface-address, the router will not accept any subnet-level routes unless they have been specified in an add accept-rip-route command.
Default Value: none
Example: enable receiving dynamic subnets 128.185.123.22
| Note: | After it has been enabled, this function can be activated without affecting any other functions of IP. See the talk 5 reset IP command for more information. |
When RIP is enabled, the following default behavior is established:
To change any of the default sending/receiving behaviors, use the IP configuration commands, which are defined on a per-IP-interface basis.
Example: enable rip
Enables RIP2 on an IP interface. RIP2 advertisements are sent to the 224.0.0.9 multicast address. RIP2 is described in RFC 1723.
Indicates the IP interface on which RIP2 is enabled.Valid Values: any valid IP address
Default Value: none
Indicates whether or not a simple clear-text key will be used for RIP2 authentication. Authentication is not required.Valid Values: yes or no
Default Value: yes
Defines a clear-text password which will be used for RIP2 authentication. You are prompted for this string only when you answer yes to the question "Set RIP-2 Authentication?" When RIP2 authentication is used, only RIP2 packets with a matching password are accepted.Valid Values: a clear-text ASCII string
Default Value: a null string
Example:
IP config>enable rip2
Set for which interface address [0.0.0.0]? 153.2.2.25
RIP2 is enabled on this interface.
Set RIP-2 Authentication? [Yes]: yes
Authentication Key []? C1C3C5C5
Retype Auth. Key []? C1C3C5C5
RIP2 Authentication is enabled on this interface.
Example: enable route-table-filtering
By default, this option is disabled.
Example: enable same-subnet
Default Value: none
Example: enable sending default-routes 128.185.123.22
| Note: | By default, RIP will send network, subnet, and static routes. |
The effect of the enable sending command is additive. Each separate enable sending command specifies that a certain set of routes should be advertised from a particular interface. A route is included in an RIP update only if it has been included by at least one of the enable sending commands. The enable sending network-routes command specifies that all network-level routes should be included in RIP updates sent out interface ip-interface-address. A network-level route is a route to a single class A, B, or C IP network.
Default Value: none
Example: enable sending net-routes 128.185.123.22
Default: Enabled
Default Value: none
Default Value: none
Example: enable sending rip-routes-only 128.185.123.22
Default Value: none
Example: enable sending subnet-routes 128.185.123.22
Default Value: none
Example: enable sending static-routes 128.185.123.22
Default Value: none
Example: enable source-routing
Example: enable tftp-server
| Note: | After it has been enabled, this function can be activated without affecting any other functions of IP. See the talk 5 reset IP command for more information. |
Default: UDP forwarding is disabled for all port numbers.
Default Value: 0
Example: enable udp-forwarding 36
Example: enable vrrp
Use the list command to display various pieces of the IP configuration data, depending on the particular subcommand invoked.
Syntax:
Example: list all
Example: list access-control
list access-control
1 Type=I Source=0.0.0.0 Dest =0.0.0.0 Prot=17
SMask =0.0.0.0 DMAask =0.0.0.0
SPorts=5004-5511 DPorts=5004-5511
T/C=**/** Log=N
BypassComp BypassEnc
Example: list addresses
Example: list bootp
Example: list distributed
Distributed IP Gateways for each interface: inf 4 11.1.1.6 255.0.0.0 00.00.00.00.00.BA primary inf 8 33.3.3.6 255.0.0.0 00.00.00.00.00.AB backup
Example:
IP config>list nexthop-awareness Nexthop awareness for each IP interface address: intf 0 1.1.1.1 255.0.0.0 nexthop awareness enabled intf 1 2.2.2.2 255.0.0.0 nexthop awareness disabled IP config>
Example: list packet-filter pf-in-0
Name Direction Interface
pf-in-0 In 0
Access Control is: enabled
List of access control records:
2 Type=INS Source=10.1.1.1 Dest=10.1.1.2 Prot=0-255
Mask=255.255.255.255 Mask=255.255.255.254
Sports= N/A Dports= N/A Tid=5279
Log=Yes ELS=N SNMP=Y SLOG=L(Emergency)
3 Type=I Source=0.0.0.0 Dest=0.0.0.0 Prot=0-255
Mask=0.0.0.0 Mask=0.0.0.0
Sports= 1-65535 Dports= 1-68835
Log=No
Example: list parameters
IP config>list parameters ARP-SUBNET-ROUTING : enabled ARP-NET-ROUTING : enabled CLASSLESS : disabled DIRECTED-BROADCAST : enabled ECHO-REPLY : enabled FRAGMENT-OFFSET-CHECK : enabled REASSEMBLY-SIZE : 12000 bytes RECORD-ROUTE : enabled ROUTING TABLE-SIZE : 768 entries (52224 bytes) (Routing) CACHE-SIZE : 64 entries SAME-SUBNET : disabled SOURCE-ROUTING : enabled TIMESTAMP : enabled TTL : 64
Example: list protocols
Example: list redundant
Redundant Default IP Gateways for each interface: inf 4 11.1.1.6 255.0.0.0 00.00.00.00.00.BA primary inf 8 33.3.3.6 255.0.0.0 00.00.00.00.00.AB backup
Example:
IP config>list rip
RIP: enabled
RIP default origination: disabled
RIP global receive policy: rip-in
Per-interface address flags:
Net: 0 153.2.2.25 RIP Version 1
Send net, subnet and static routes
Receive routes based on global receive
policy: rip-in
RIP interface input metric: 1
RIP interface output metric: 0
Net: 1 153.2.1.1 RIP Version 1
Send net, subnet and static routes
Receive routes based on global receive
policy: rip-in
RIP interface input metric: 1
RIP interface output metric: 0
Net: 2 0.0.0.2 RIP Version 1
Send routes based on interface send
policy: rip-import
Receive routes based on global receive
policy: rip-in
RIP interface input metric: 1
RIP interface output metric: 0
Accept RIP updates always for:
[NONE]
Example: list route-table-filtering
IP config>list route-table-filtering Route Filtering Disabled Destination Mask Match Type 10.1.1.0 255.255.255.0 BOTH E 50.50.0.0 255.255.0.0 BOTH I 10.1.1.1 255.255.255.255 EXACT I 50.0.0.0 255.0.0.0 BOTH E MORE-Match more-specific routes EXACT-Match route exactly BOTH-Match exact and more-specific routes E-Exclude I-Include IP config>
Example: list routes
IP config>list routes
route to 1.1.0.0 ,255.255.0.0 via 10.1.1.1 cost 1
via 20.1.1.1 cost 2
via 30.1.1.1 cost 3
route to 2.2.0.0 ,255.255.0.0 via 10.2.2.2 cost 10
route to 3.3.0.0 ,255.255.0.0 via 10.3.3.3 cost 100
via 20.3.3.3 cost 200
Example: list sizes
Example: list tags
Example: list udp-forwarding
Example:
IP config>list vrid
VRRP Enabled
--VRID Definitions--
IP address VRID Priority Interval Auth Auth-key Flags Address(es)
153.2.2.25 1 255 1 None N/A P,H
Use the move command to change the order of records in the global access control list. This command places record number from# immediately after record number to#. After you move the records, they are immediately renumbered to reflect the new order.
The router applies the access control records in a list in the order that they were created. For each packet received on an interface, the router applies each access control record in order until it finds a match. The first record that matches the packet determines whether it will be discarded, or forwarded to its destination.
This makes the order of the access control records very important. If they are in the wrong order, certain packets may slip through, or be blocked, in a manner contrary to your intentions.
Let us say, for example, that access control record 1 enforces the rule: all packets from network 10.0.0.0 shall be blocked on this interface. Contrary to this, access control record 2 states: Packets from subnet 10.5.5.0 in network 10.0.0.0, which are destined for address 1.2.3.4, shall be allowed to pass. Assigned in this order, these records will block all traffic from 10.0.0.0, even though record 2 explicitly allows certain types of packets to pass.
In this example, record 1 makes record 2 moot. Record 1 guarantees that the router discards all packets from 10.0.0.0, despite the intent of record 2, which is that certain packets be forwarded. The key to fixing this type of problem is in the order of the access control records. This way, packets in subnet 10.5.5.0 and destined for address 1.2.3.4 will pass through the interface; the router discards all other packets from 10.0.0.0 as intended.
Syntax:
Example: move 5 2
Use the set command to set certain values, routes, and formats within your IP configuration.
Syntax:
Example: set access-control on
The style parameter can take either the value local wire or the value network. Local-wire broadcast addresses are either all ones (255.255.255.255) or all zeros (0.0.0.0). Network style broadcasts begin with the network and subnet portion of the ip-interface-address.
You can set the fill-pattern parameter to either 1 or 0. This indicates whether the rest of the broadcast address (that is, other than the network and subnet portions, if any) should be set to all ones or all zeros.
When receiving the router recognizes all forms of the IP broadcast address.
Default Value: none
Default Value: local-wire
Default Value: 1
The example below configures a broadcast address of 255.255.255.255. The second example produces a broadcast address of 192.9.1.0, assuming that the network 192.9.1.0 is not subnetted.
Example: set broadcast-address 192.9.1.11 local-wire 1 set broadcast-address 192.9.1.11 network 0
In contrast with this cache, the IP routing table stores information about all accessible networks but does not contain specific IP destination addresses. Use the set routing table-size command to configure the size of the IP routing table.
Valid Values: 64 to 10000
Default Value: 64
Example: set cache-size 64
The route is specified by the IP address of the next hop (next-hop) and the distance (cost) to the default gateway.
All packets having unknown destinations are forwarded to the authoritative router (default gateway).
Default Value: 0.0.0.0 with a gateway cost of 1.
Default Value: 1
Example: set default network-gateway 192.9.1.10 10
The IP address of the next hop (next-hop) and the distance (cost) to the default subnet gateway specify the route.
All packets destined for unknown subnets of a known subnetted network are forwarded to the subnetted network's authoritative router (default subnet gateway).
Valid Values: any valid IP address
Default Value: 0.0.0.0
Valid Values: any valid IP address
Default Value: 0.0.0.0
Valid Values: an integer in the range 0 to 255
Default Value: 1
Example: set default subnet-gateway 128.185.0.0 128.185.123.22 6
The internal IP address also provides some value when unnumbered interfaces are used. It is the first choice as a source address for packets originated by this router and transmitted over an unnumbered interface. The stability of this address makes it easier to keep track of such packets. The chance for confusion is further reduced when the same IP address is used for both the router ID and the internal address. Therefore the router ID will default to the internal address.
When an internal address is defined, it will be advertised by OSPF as a host route into all areas directly attached to the router. It will also show up as a host route and will be advertised in RIP if allowed by the RIP sending configuration of the interface.
Valid Values: any valid IP address.
Default Value: none
Example: set internal-ip-address 142.82.10.1
Valid Values: 0, 68 - 65535
Default Value: Minimum of all non-zero MTUs on the network
Traffic in the RIP network for destinations that are not known by RIP can follow the default path to this router. The more complete routing information in this node's route table can then be used to forward the traffic along an appropriate path towards its destination. You can configure the router to only originate the default when routes are known to this router that will not be advertised in the RIP network.
When you issue this command, you will be prompted to indicate whether the router should always originate a RIP default or to originate a RIP default only when the route from other protocols are available.
This default route will direct traffic bound for a non-RIP network to a boundary router. Originating a single default route means that the boundary router does not have to distribute the other network's routing information to the other nodes in its network.
Default Value: none
Default Value: none
Default Value: 1
Example: set originate-rip-default
IP config> set originate rip-default
Always originate default route? [No]:?
Originate default if BGP routes available? [No] yes
From AS number [6]?
To network number [0.0.0.0]?
Originate default if OSPF routes available? [No]
Originate default cost [1]?
Valid Values: 2048-65535
Default: 12000
Example: set reassembly-size 12000
Default Value: none
Default Value: 1
Example: set rip-in-metric 128.185.120.209 1
Default Value: none
Default Value: 0
Example: set rip-out-metric 128.185.120.209 0
The router ID must match one of the configured IP interface addresses of the router or the configured internal IP address. If not, it is ignored. When ignored, or just not configured, the default IP address of the router (and its OSPF router ID) is set to the internal IP address (if configured) or to the first IP address in the router's configuration.
Valid Values: any valid IP address
Default Value: none
Example: set router-id 128.185.120.209
Valid Values: an integer number of entries in the range 64 to 65535
Default Value: 768 entries
Example: set routing table-size 1000
Valid Values: an integer in the range 0 to 65535
Default Value: 0
Example: set tag
Interface address [0.0.0.0]? 1.1.1.1
Interface tag (AS number) [0]? 1
Valid Values: a numeric in the range 1 to 255
Default Value: 64
Example: set ttl 255
Use the update packet-filter command at the IP config> prompt to assign access control entries. The router prompts you for the name of the filter that you want to update. The IP config> prompt changes to incorporate the packet filter name you provide.
Syntax:
Valid Values: any 16-character name.
You can include dashes (-) and underscores (_) in the name.
Default Value:none
IP config> update packet-filter
Packet-filter name [ ]? pf-1-in
Packet-filter 'pf-1-in' Config>
You can access a list of sub-commands by typing ? at the Packet-filter 'name' Config> prompt.
Packet-filter 'test' Config> ?
LIST
CHANGE
DELETE
ADD
MOVE
EXIT
Use the add access-control command to add access controls to the specified packet filter. The router prompts you for the access control type (either Exclusive or Inclusive), and the source and destination addresses and masks of packets to which the filter will apply.
Default Value: Exclusive
Default Value: 0.0.0.0
Default Value: 255.255.255.255
Default Value: 0.0.0.0
Default Value: 255.255.255.255
The commonly used protocol numbers are:
See RFC 1340, "Assigned Numbers" for details on IP protocol numbers.
Valid Values: 0 to 255
Default Value: 0
The commonly used protocol numbers are:
See RFC 1340, "Assigned Numbers" for details on IP protocol numbers.
Valid Values: 0 to 255
Default Value:0
Valid Values: a port number in the range 0 to 65535
Address Default Value: 0
Some commonly used port numbers are:
Valid Values: a port number in the range 0 to 65535
Address Default Value: 0
Some commonly used port numbers are:
Example: This example of the add access-control command shows how to exclude all incoming packets originating from network 128.185.0.0 and received on interface 0.
Packet-filter 'pf-in-0' Config> add access-control
Enter type [E]?
Internet source [0.0.0.0]? 128.185.0.0
Source mask [255.255.255.255]? 255.255.0.0
Internet destination [0.0.0.0]?
Destination mask [255.255.255.255]? 0.0.0.0
Enter starting protocol number ([CR] for all) [-1]?
Use the change access-control command to change existing access controls using the index number of the access control that you want to change.
You can use the list access-control command to view the access controls configured for each packet filter.
Packet-filter 'pf-in-0' Config> list access-control
Access Control is: enabled
List of access control records:
Beg End Beg End
Ty Source Mask Destination Mask Pro Pro Prt Prt
1 E 128.185.0.0 FFFF0000 0.0.0.0 00000000 0 255 0 65535
2 I 0.0.0.0 00000000 0.0.0.0 00000000 0 255 0 65535
You can change the order of a packet filter's access control records with the move access-control command as shown.
Packet-filter 'test' Config> move access-control
Enter index of control to move [1]?
Move record AFTER record number [0]? 2
About to move:
Beg End Beg End
Ty Source Mask Destination Mask Pro Pro Prt Prt
1 E 10.0.0.0 FFFF0000 0.0.0.0 00000000 0 255 0 65535
to be after:
2 I 10.5.5.0 FFFF0000 1.2.3.4 FF0000FF 0 255 0 65535
Are you sure this is what you want to do (Yes or [No]): y
Use the delete access-control command to delete a record from a packet filter's access-control list.
Packet-filter 'test' Config> delete access-control
Enter index of access control to be deleted [1]? 4
The router responds by displaying the access-control record you have specified.
Beg End Beg End
Ty Source Mask Destination Mask Pro Pro Prt Prt
4 I 1.2.9.9 FF0000FF 0.0.0.0 00000000 0 255 0 65535
Are you sure this is the record you want to delete (Yes or [No]): y
Deleted
Packet-filter 'test' Config>
Exit the access controls process by typing exit at the prompt. This returns you to the IP config> prompt.
Packet-filter 'test' Config> exit
IP config>
For the disable and enable commands, the keyword source-addr-verification can be configured only from the Packet-filter 'filter-name' Config> prompt.
This section describes the subset of commands used to configure route filter policies. To access this subset of IP configuration commands, follow these steps:
Example:
IP config>change route-policy ospf-import ospf-import IP Route Policy Configuration IP Route Policy Config>
| Note: | Route filter policies can be used to determine which routes are imported in
OSPF and the specific details of their advertisement, including OSPF external
type, metric, and tag value. Refer to the enable as boundary
routing command on page "Enable" for information about using route filter policies to
configure OSPF.
Route filter policies can also be used to control what routes are advertised or accepted when RIP is used. See the previously described enable receiving, enable sending, disable receiving, and disable sending commands. |
Table 58. IP Route Policy Configuration Commands Summary
| Command | Function |
|---|---|
| Add | Adds an action, an entry, or a match condition to a route filter policy. |
| Delete | Deletes an action, an entry, or a match condition from a route filter policy. |
| List | Lists the route policy entries, actions, and match conditions for the route policy currently being changed. |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
Use the add command to add route filter policy entries to the route filter policy, to add match conditions to existing entries, or to add actions to existing entries.
Syntax:
Syntax:
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: X'0' to X'FFFFFFFF'
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 255
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 or 2
Default Value: none
When you add the route filter policy, you define the processing of the entries as either strictly linear or longest match. If the route filter policy processing is strictly linear, the route filter policy entries are processed according to the ascending order of their index numbers. If the route filter policy processing is longest match, the route filter policy entries are processed according to the IP address and mask that has the longest match. If multiple route filter policy entries have the same IP address and mask when longest match is used, then the match will be in order of ascending index number among the entries with the same IP address and mask.
Valid Value: 1 to 65535
Default Value: none
Valid Value: any valid IP address
Default Value: none
Valid Value: any valid IP mask
Default Value: none
Valid Value: exact or range
Default Value: range
Valid Value: inclusive or exclusive
Default Value: inclusive
Syntax:
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: a valid IP address and mask
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65536
Default Value: none
Valid Value: 1 to 65536
Default Value: none
Valid Values:
Syntax:
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Value: 1 to 65535
Default Value: none
Valid Values: any valid IP address and mask combination
Default Value: none
Use the delete command to delete route filter policy entries, match-conditions from existing route filter policy entries, or actions from existing route filter policy entries. See the add command in this section for a description of the parameters that can be deleted.
Use the list command to list the route filter policy entries, match conditions, and actions that exist for the route filter policy currently being changed.
Syntax: list
Example:
IP Route Policy Config>list
IP Address IP Mask Match Index Type
-----------------------------------------------------
9.0.0.0 255.0.0.0 Range 1 Include
10.0.0.0 255.0.0.0 Range 2 Exclude
Match Conditions: Protocol: BGP
0.0.0.0 0.0.0.0 Range 3 Include
Match Conditions: Protocol: Static
Gateway IP Address Range: 153.2.2.20/255.255.255.255
10.1.1.0 255.255.255.0 Range 4 Include
0.0.0.0 0.0.0.0 Range 7 Include
Policy Actions: Set Manual Tag: 0xACEEACEE
0.0.0.0 0.0.0.0 Range 8 Include
Match Conditions: Protocol: RIP
Use the following procedure to access the IP monitoring commands. This process gives you access to the IP monitoring process.
* talk 5
+
After you enter the talk 5 command, the GWCON prompt (+) displays on the terminal. If the prompt does not appear when you first enter configuration, press Return again.
Example:
+ prot ip
IP>
This section describes the IP monitoring commands. Table 59 lists the IP monitoring commands. The commands allow
you to monitor the router's IP forwarding process. The monitoring
capabilities include the following: configured parameters such as
interface address and static routes can be viewed, the current state of the IP
routing table can be displayed, and a count of IP routing errors can be
listed.
Table 59. IP Monitoring Command Summary
| Command | Function |
|---|---|
| ? (Help) | Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help". |
| Access controls | List the current IP access control mode, together with the configured access control records. |
| Cache | Displays a table of all recent routed destinations. |
| Counters | Lists various IP statistics, including counts of routing errors and packets dropped. |
| Distributed IP Gateway | Lists whether a distributed gateway exists and if it is active or inactive. |
| Dump routing tables | Lists the contents of the IP routing table. |
| Interface addresses | Lists the router's IP interface addresses. |
| Packet-filter | Displays the access-control information defined for the specified packet-filter, or all filters. |
| Parameters | Lists various parameter values. |
| Ping | Sends ICMP Echo Requests to another host and watches for a response. This command can be used to isolate trouble in an internetwork environment. |
| Redundant Default Gateway | Lists whether a redundant default gateway exists and if it is active or inactive. |
| Reset | Allows you to dynamically reset the IP/RIP configuration. |
| RIP | Displays the status of the RIP protocol. |
| RIP-Policy | Displays the route filter policy applied on the specified interface. |
| Route | Lists whether a route exists for a specific IP destination, and if so, the routing table entry that corresponds to the route. |
| Route-table-filtering | Lists any defined route filters and indicates whether route-filtering is enabled or disabled. |
| Sizes | Displays the size of specific IP parameters. |
| Static routes | Displays the static routes that have been configured. This includes the default gateway. |
| Traceroute | Displays the complete path (hop-by-hop) to a particular destination. |
| UDP-Forwarding | Displays the UDP port numbers and destination IP addresses that you added using the add command or the enable command. |
| VRID | Displays detailed information for a specific VRID |
| VRRP | Lists the summary status for the VRRP protocol. |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
Use the access controls command to print the global access control mode in use together with a list of the configured global access control rules.
Access control is either disabled (meaning that no access control is being done and the access control rules are being ignored) or enabled (meaning that access control is being done and the access control rules are being recognized). The set access on talk 6 command enables access control.
Syntax:
Example: access
Access Control currently enabled
Access Control facility: USER
Access Control run 702469 times, 657159 cache hits
List of access control records:
2 Type=E Source=0.0.0.0 Dest=0.0.0.0 Prot= 1
SMask =255.255.255.255 DMask=255.255.255.255 Use=18962
Sports= N/A Dports= N/A
T/C= 1/** Log=Yes ELS=N SNMP=N SLOG=L(Alert)
3 Type=I Source=1.1.1.1 Dest=1.1.1.2 Prot= 6
SMask =255.255.255.255 DMask=255.255.255.254 Use=42
Sports= 2-200 Dports= 1-100
Log=No
4 Type=I Source=9.1.2.3 Dest=0.0.0.0 Prot= 0-255
SMask =255.255.255.255 DMask=0.0.0.0 Use=0
SPorts= 0-65535 DPorts= 0-65535
T/C= **/** Log=N
Tos=xE0/x00-x00 ModifyTos=x1F/x08
PbrGw=9.2.160.1 UseDefRte=Y
5 Type=I Source=0.0.0.0 Dest=0.0.0.0 Prot= 0-255
Mask=0.0.0.0 Mask=0.0.0.0 Use=683194
Sports= 1-65535 Dports= 1-65535
Log=No
Exclusive (E) means that packets matching the access control rule are discarded. Inclusive (I) means that packets matching the access control rule are forwarded. When access control is enabled, packets failing to match any access control record are discarded. Prot (protocol) indicates the IP protocol number. Sports indicates the range of TCP/UDP source port numbers; Dports indicates the range of TCP/UDP destination port numbers. SYN indicates TCP connection establishment filtering. T/C stands for ICMP type and code; SLOG stands for SysLog.
The Use field specifies the number of times the access control system matched a particular record to an incoming packet, for example, the number of times that a particular record in the IP access controls system was invoked by the characteristics of an incoming or outgoing packet.
In this example, access control rule number 4 has activated the TOS filter. The TOS parameters are shown. See the add access-control command in talk 6 for a description of these parameters.
Use the cache command to display the IP routing cache, which contains recently routed destinations. If a destination is not in the cache, the router looks up the destination in the routing information table in order to make a forwarding decision.
Syntax:
Example: cache
Destination Usage Next hop
128.185.128.225 1 128.185.138.180 (Eth/0)
192.26.100.42 1 128.185.138.180 (Eth/0)
128.185.121.1 18 128.185.123.18 (PPP/0)
128.185.129.219 76 128.185.125.25 (PPP/1)
128.185.129.41 130 128.185.125.25 (PPP/1)
128.185.129.134 546 128.185.125.40 (PPP/1)
128.185.129.221 1895 128.185.125.40 (PPP/1)
128.185.129.193 96 128.185.125.40 (PPP/1)
128.197.3.4 4 128.185.123.18 (PPP/0)
128.185.128.25 98 128.185.125.41 (PPP/1)
128.185.124.121 4 128.185.124.121 (Eth/0)
128.185.136.203 95 128.185.125.39 (PPP/1)
128.185.194.4 581 128.185.125.39 (PPP/1)
128.185.123.17 2 128.185.123.17 (PPP/0)
192.26.100.42 1 128.185.125.38 (PPP/1)
128.52.22.6 2 128.185.123.18 (PPP/0)
128.197.3.2 1 128.185.123.18 (PPP/0)
128.185.126.24 61 128.185.125.25 (PPP/1)
128.185.138.150 482 128.185.125.39 (PPP/1)
128.185.123.18 152 128.185.123.18 (PPP/0)
Use the counters command to display the statistics related to the IP forwarding process. This includes a count of routing errors, along with the number of packets that have been dropped due to congestion.
Syntax:
Example: counters
Routing errors
Count Type
0 Routing table overflow
2539 Net unreachable
0 Bad subnet number
0 Bad net number
0 Unhandled broadcast
0 Unhandled directed broadcast
4048 Attempted forward of LL broadcast
Packets discarded through filter 0
IP multicasts accepted: 60592
IP input packet overflows
Net Count
Eth/0 0
FR/0 0
Use the distributed ip gateway command to display the distributed IP Gateways configured for each interface.
Syntax:
Example
Distributed IP Gateways for each interface: inf 3 22.2.2.6 255.0.0.0 00.00.00.00.00.AB backup standby inf 4 11.1.1.6 255.0.0.0 00.00.00.00.00.BA primary active
| Note: | Type can be "Primary" or "Backup". Status can be "Active" or "Standby". |
Use the dump command to display the IP routing table. A separate entry is printed for each reachable IP network/subnet. The IP default gateway in use (if any) is listed at the end of the display.
Syntax:
Example: dump
Type Dest net Mask Cost Age Next hop(s)
SPE1 0.0.0.0 00000000 4 3 128.185.138.39 (2)
SPF* 128.185.138.0 FFFFFF00 1 1 Eth/0
Sbnt 128.185.0.0 FFFF0000 1 0 None
SPF 128.185.123.0 FFFFFF00 3 3 128.185.138.39 (2)
SPF 128.185.124.0 FFFFFF00 3 3 128.185.138.39 (2)
SPF 192.26.100.0 FFFFFF00 3 3 128.185.131.10 (2)
RIP 197.3.2.0 FFFFFF00 10 30 128.185.131.10
RIP 192.9.3.0 FFFFFF00 4 30 128.185.138.21
Del 128.185.195.0 FFFFFF00 16 270 None
Default gateway in use.
Type Cost Age Next hop
SPE1 4 3 128.185.138.39
Routing table size: 768 nets (36864 bytes), 36 nets known
Sbnt - Indicates that the network is subnetted; such an entry is a place-holder only.
Dir - Indicates a directly connected network or subnet.
RIP - Indicates that the route was learned through the RIP protocol.
Del - Indicates that the route has been deleted.
Stat - Indicates a statically configured route.
BGP - Indicates routes learned through the BGP protocol.
BGPR - Indicates routes learned through the BGP protocol that are readvertised by OSPF and RIP.
Fltr - Indicates a routing filter.
SPF - Indicates that the route is an OSPF intra-area route.
SPIA - Indicates that it is an OSPF inter-area route.
SPE1, SPE2 - Indicates OSPF external routes (type 1 and 2 respectively)
Rnge - Indicates a route type that is an active OSPF area address range and is not used in forwarding packets.
An asterisk (*) after the route type indicates that the route has a static or directly connected backup. A percent sign (%) after the route type indicates that RIP updates will always be accepted for this network/subnet.
A number in parentheses at the end of the column indicates the number of equal-cost routes to the destination. The first hops belonging to these routes can be displayed with the IP route command.
Use the interface addresses command to display the router's IP interface addresses. Each address is listed together with its corresponding hardware interface and IP address mask.
Hardware interfaces having no configured IP interface addresses will not be used by the IP forwarding process; they are listed as Not an IN net. There is one exception.
Syntax:
Use the packet-filter command to display information defined for a specific packet filter, or for all filters. Packet-filters are interface-specific lists of access control records.
Syntax: packet-filter [name]
Example: packet-filter pf-in-0
Name Direction Interface #Access-Controls
pf-in-0 In 0 2
Access Control currently enabled
Access Control run 8 times, 7 cache hits
List of access control records:
Beg End Beg End
Ty Source Mask Destination Mask PPP PPP Port Port Use
0 I 0.0.0.0 00000000 192.67.67.20 00000000 6 6 25 25 0
1 E 150.150.1.0 FFFFFF00 150.150.2.0 00000000 0 255 0 655 0
2 I 0.0.0.0 00000000 0.0.0.0 00000000 89 89 0 655 27
Use the parameters command to list the values of various parameters.
Example:
IP> parameters ARP-SUBNET-ROUTING : disabled ARP-NET-ROUTING : disabled CLASSLESS : disabled DIRECTED-BROADCAST : enabled ECHO-REPLY : enabled FRAGMENT-OFFSET-CHECK : disabled REASSEMBLY-SIZE : 12000 bytes RECORD-ROUTE : enabled ROUTING TABLE-SIZE : 768 entries (52224 bytes) (Routing) CACHE-SIZE : 64 entries SAME-SUBNET : disabled SOURCE-ROUTING : enabled TIMESTAMP : enabled TTL : 64 IP>
Use the ping command to have the router send ICMP Echo messages to a given destination (that is, "pinging") and watch for a response. This command can be used to isolate trouble in the internetwork.
Syntax:
The ping process is done continuously, incrementing the ICMP sequence number with each additional packet. Each matching received ICMP Echo response is reported with its sequence number and the round-trip time. The granularity (time resolution) of the round-trip time calculation is usually around 20 milliseconds, depending on the platform.
To stop the ping process, type any character at the console. At that time, a summary of packet loss, round-trip time, and number of unreachable ICMP destinations will be displayed.
When a broadcast or multicast address is given as destination, there may be multiple responses printed for each packet sent, one for each group member. Each returned response is displayed with the source address of the responder.
You can specify the size of the ping (number of data bytes in the ICMP message, excluding the ICMP header), value of the data, time-to-live (TTL) value, rate of pinging, and TOS bits to set. You can also specify the source IP address. If you do not specify the source IP address, the router uses its local address on the outgoing interface to the specified destination. If you are validating connectivity from any of the router's other interfaces to the destination, enter the IP address for that interface as the source address.
Only the destination parameter is required; all other parameters are optional. By default the size is 56 bytes, the TTL is 64, the rate is 1 ping per second, and the TOS setting is 0. The first 4 bytes of the ICMP data are used for a timestamp. By default the remaining data is a series of bytes with values that are incremented by 1, starting at X'04', and rolling over from X'FF' to X'00' (for example, X'04 05 06 07 . . . FC FD FE FF 00 01 02 03 . . .'). These values are incremented only when the default is used; if the data byte value is specified, all of the ICMP data (except for the first 4 bytes) is set to that value and that value is not incremented. For example, if you set the data byte value to X'FF', the ICMP data is a series of bytes with the value X'FF FF FF . . .'.
Example:
IP> ping Destination IP address [0.0.0.0]? 192.9.200.1 Source IP address [192.9.200.77]? Ping data size in bytes [56]? Ping TTL [64]? Ping rate in seconds [1]? Ping TOS (00-FF) [0]? e0 Ping data byte value (00-FF) [ ]? PING 192.9.200.77-> 192.9.200.1:56 data bytes,ttl=64,every 1 sec. 56 data bytes from 192.9.200.1:icmp_seq=0.ttl=255.time=0.ms 56 data bytes from 192.9.200.1:icmp_seq=1.ttl=255.time=0.ms 56 data bytes from 192.9.200.1:icmp_seq=2.ttl=255.time=0.ms ----192.9.200.1 PING Statistics---- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max=0/0/0 ms IP> IP>ping
Use the redundant default gateway command to display the redundant Default IP Gateways configured for each interface.
Syntax:
Example:
Redundant Default IP Gateways for each interface: inf 3 22.2.2.6 255.0.0.0 00.00.00.00.00.AB backup standby inf 4 11.1.1.6 255.0.0.0 00.00.00.00.00.BA primary active
| Note: | Type can be "Primary" or "Backup". Status can be "Active" or "Standby". |
Use the reset IP command to make effective certain IP and RIP configuration changes. See Response to IP Configuration Commands for a list of configuration changes made effective by this command.
Syntax:
Example:
IP>interface
Interface IP Address(es) Mask(s)
Eth/0 30.1.1.2 255.255.255.0
30.1.1.1 255.255.255.0
153.2.2.25 255.255.255.240
IP>
*talk 6
IP config>add address 0 5.1.1.1 255.255.0.0
IP config>
*talk 5
IP>reset ip
IP>interface
Interface IP Address(es) Mask(s)
Eth/0 5.1.1.1 255.255.0.0
30.1.1.2 255.255.255.0
30.1.1.1 255.255.255.0
153.2.2.25 255.255.255.240
IP>
Use the rip command to display the RIP protocol status detail.
Syntax:
Example:
IP>rip
RIP Interfaces
Interface-Addr Interface-Mask Version In Out Send-Flags Receive-Flags
10.69.1.2 255.255.255.0 1 1 0 D,P
200.1.1.2 255.255.255.0 2 1 0 Policy,P Policy
Send Flags: N=Network S=Subnet H=Host St=Static D=Default O=Outage-Only
P=PoisonReverse Policy=Send-Policy
Recv Flags: N=Network S=Subnet H=Host OSt=Override-Static OD=Override-Default
Policy=Receive-Policy
RIP Policy
Interface-Address Send Policy Receive-Policy
10.69.1.2 rip-global-send rip-global-recv
200.1.1.2 rip-send rip-receive
RIP global receive policy: rip-global-recv
RIP global send policy: rip-global-send
RIP never originates a default route
Use the rip-policy command to display the RIP policy that is currently applicable to the specified interface.
Syntax:
Example:
IP>rip-policy
For which interface [0.0.0.0]? 200.1.1.2
Interface Send Policy: rip-send for 200.1.1.2
Checksum 0x8637 Longest-Match Application
IP Address IP Mask Match Index Type
-----------------------------------------------------
0.0.0.0 0.0.0.0 Range 1 Include
Match Conditions: Protocol: BGP
Policy Actions: Set Manual Tag: 0xACEEACEE
Set Metric: 3
Interface Receive Policy: rip-receive for 200.1.1.2
Checksum 0x5049 Longest-Match Application
IP Address IP Mask Match Index Type
-----------------------------------------------------
0.0.0.0 0.0.0.0 Range 1 Include
Match Conditions: Source Gateway IP Address Range: 200.1.1.1/255.255.255.255
Use the route command to display the route (if one exists) to a given IP destination. If a route exists, the IP addresses of the next hops are displayed, along with detailed information concerning the matching routing table entry. (See the IP dump command.)
Syntax:
Example: route 133.1.167.2
Destination: 133.1.166.0
Mask: 255.255.254.0
Route type: SPF
Distance: 1
Age: 1
Tag: 0
Next hop(s): 133.1.167.2 (FR/0)
Example: route 128.185.230.0
Destination: 128.185.230.0
Mask: 255.255.255.0
Route type: SPF
Distance: 1
Age: 1
Next hop(s): 128.185.230.0 (TKR/0)
Example: route 128.185.232.0
Destination: 128.185.232.0
Mask: 255.255.255.0
Route type: RIP
Distance: 3
Age: 0
Next hop(s): 128.185.146.4 (Eth/0)
Use the route-table-filtering command to display whether or not route table filtering is enabled and list any defined route table filters.
Syntax:
Example: route-table-filtering
IP>route-table-filtering Route Filters Destination Mask Match Type 10.1.1.0 255.255.255.0 BOTH E 10.1.1.1 255.255.255.255 EXACT I 50.0.0.0 255.0.0.0 BOTH E 50.50.0.0 255.255.0.0 BOTH I IP>
Use the sizes command to display the configured sizes of specific IP parameters.
Example: sizes
Routing table size: 768
Table entries used: 3
Reassembly size: 12000
Largest reassembled pkt: 0
Use the static routes command to display the list of configured static routes. Configured default gateways and default subnet gateways are also listed.
Each static route's destination is specified by an address-mask pair. Default gateways appear as static routes to destination 0.0.0.0 with mask 0.0.0.0. Default subnet gateways also appear as static routes to the entire IP subnetted network.
The following example shows a configured default gateway, a configured default subnet gateway (assuming 128.185.0.0 is subnetted), and a static route to network 192.9.10.0.
Syntax:
IP>static routes
Net Mask Cost Next hop
1.1.0.0 255.255.0.0 1 10.1.1.1 TKR/0
2 20.1.1.1 TKR/1
3 30.1.1.1 TKR/2
2.2.0.0 255.255.0.0 10 10.2.2.2 TKR/0
3.3.0.0 255.255.0.0 100 10.3.3.3 TKR/0
200 20.3.3.3 TKR/1
IP>
Use the traceroute command to display the entire path to a given destination, hop by hop. For each successive hop, traceroute sends out a default of three probes and prints the IP address of the responder, together with the round-trip time associated with the response. If a particular probe receives no response, an asterisk is displayed. Each line in the display relates to this set of three probes, with the left-most number indicating the distance from the router executing the command (in router hops).
The traceroute is done whenever the destination is reached, an ICMP Destination Unreachable is received, or the path length reaches a default maximum of 32 router hops.
When a probe receives an unexpected result, several indications can be displayed. "!N" indicates that an ICMP Destination Unreachable (net unreachable) has been received. "!H" indicates that an ICMP Destination Unreachable (host unreachable) has been received. "!P" indicates that an ICMP Destination Unreachable (protocol unreachable) has been received; because the probe is a UDP packet sent to a strange port, a port unreachable is expected. "!" indicates that the destination has been reached, but the reply sent by the destination has been received with a TTL of 1. This usually indicates an error in the destination, prevalent in some versions of UNIX, whereby the destination is inserting the probe's TTL in its replies. This unfortunately leads to a number of lines consisting solely of asterisks before the destination is finally reached.
Syntax:
Example:
IP> traceroute Destination IP address [0.0.0.0]? 128.185.142.239 Source IP address [128.185.142.1]? Data size in bytes [56]? Number of probes per hop [3]? Wait time between retries in seconds [3]? Maximum TTL [32]? Traceroute TOS (00-FF) [0]? 10 TRACEROUTE 128.185.142.1 -> 128.185.142.239: 56 data bytes 1 128.185.142.7 16 ms 0 ms 0 ms 2 128.185.123.22 16 ms 0 ms 16 ms 3 * * * 4 * * * 5 128.185.124.110 16 ms ! 0 ms ! 0 ms !
Use the UDP-forwarding command to display the UDP port and addresses that you added using the add udp-destination command or the enable udp-forwarding command.
Syntax:
Example: udp-forwarding
UDP Port IP Address
35 20.2.1.1
20 22.2.1.2
Use the VRRP command to display summary information
Syntax:
Example:
--VRID Summary--
IP address VRID State Advertise Master-Dead Address(es)
153.2.2.25 1 MASTER 1 N/A 153.2.2.25
5.1.1.1