Ciscopedia

CiscoPedia
Empowering the Internet Generation
Ciscopedia is a collection of commands that are taught in Cisco Networking Academy CCNA and
CCNP courses. It includes information on where, when, why, and how to use the commands. It also
includes examples for simple configurations.
Print Formatting Conventions for IOS Commands
ip routing
interface type number
ip broadcast-address [ip-address mask]
ip address ip-address mask [secondary]
interface [type slot/port-adapter/port] [ethernet | serial]
queue-list list-number queue queue-number limit limit-number
access list access-list-number {deny | permit} source [source-wildcard]
show ip route [address [mask] | protocol]

Ciscopedia v1.0
Copyright © 2002, Cisco Systems, Inc.
(build June 18, 2002)
Please send comments and suggestions for Ciscopedia to: ciscopedia-quality@cisco.com

Command:
aaa accounting
Mode:
Router(config)#
Syntax:
aaa accounting {system | network | exec | connection | commands
level | nested | suppress | update} {default | list-name} {start-
stop | wait-start | stop-only | none} method1 [method2...]
no aaa accounting {system | network | exec | connection | commands
level | nested | suppress | update}
Syntax Description:
system Performs accounting for all system-level events not associated with users,
such as reloads.
network Runs accounting for all network-related service requests, including SLIP,
PPP, PPP NCPs, and ARAP.
exec To create a method list to provide accounting records about user EXEC
terminal sessions on the network access server, including username, date,
start, and stop times, use the exec keyword.
connection Provides information about all outbound connections made from the
network access server (NAS), such as Telnet, local-area transport (LAT),
TN3270, packet assembler/disassembler (PAD), and rlogin.
commands Runs accounting for all commands at the specified privilege level.
level Specific command level to track for accounting. Valid entries are 0 through
15.
default Uses the listed accounting methods that follow this argument as the default
list of methods for accounting services.
list-name Character string used to name the list of accounting methods.
start-stop Sends a start accounting notice at the beginning of a process and a stop
accounting notice at the end of a process. The start accounting record is sent
in the background. The requested user process begins regardless of whether
or not the start accounting notice was received by the accounting server.
wait-start As in start-stop, sends both a start and a stop accounting notice to the
accounting server. However, if the wait-start keyword is used, the requested
user service does not begin until the start accounting notice is
acknowledged. A stop accounting notice is also sent.
stop-only Sends a stop accounting notice at the end of the requested user process.
none Disables accounting services on this line or interface.
resource Provides start and stop records for calls that have passed user
authentication, and provides stop records for calls that fail to authenticate
nested Provides accounting when starting PPP from EXEC, generate NETWORK
records before EXEC-STOP record.
Enables periodic interim accounting records to be sent to the accounting
update
server.
method1 At least one of the keywords described in the table below.
[method2...]
Command Description:
To enable AAA accounting of requested services for billing or security purposes when using
RADIUS or TACACS+, use the aaa accounting global configuration command. Use the no form
of this command to disable accounting.
This command first appeared in Cisco IOS Release 10.3.
Use the aaa accounting command to enable accounting and to create named method lists defining
specific accounting methods on a per-line or per-interface basis. Method keywords are described in
the table.
Table: AAA Accounting Methods
Keyword Description
group radius Uses the list of all RADIUS servers to provide accounting services
group tacacs+ Uses the list of all TACACS+ servers to provide accounting services.
group | group- Uses a subset of RADIUS or TACACS+ servers for accounting as defined by
name the server group group-name.
Cisco IOS software supports the following two methods for accounting:
group TACACS+---The network access server reports user activity to the TACACS+
security servers in the form of accounting records. Each accounting record contains
accounting attribute-value (AV) pairs and is stored on the security server.
group RADIUS---The network access server reports user activity to the RADIUS security
servers in the form of accounting records. Each accounting record contains accounting
attribute-value (AV) pairs and is stored on the security server.
Method lists for accounting define the way accounting will be performed. Named accounting
method lists enables the option to designate a particular security protocol to be used on specific
lines or interfaces for particular types of accounting services. Create a list by entering the list-
name and the method, where list-name is any character string used to name this list (excluding the
names of methods, such as radius or tacacs+) and method identifies the method(s) tried in the given
sequence.
Named accounting method lists are specific to the indicated type of accounting. To create a method
list to provide accounting information for ARAP (network) sessions, use the arap keyword. To
create a method list to provide accounting records about user EXEC terminal sessions on the
network access server, including username, date, start and stop times, use the exec keyword. To
create a method list to provide accounting information about specific, individual EXEC commands
associated with a specific privilege level, use the commands keyword. To create a method list to
provide accounting information about all outbound connections made from the network access
server, use the connection keyword.
Note System accounting does not use named accounting lists; only the default list for system
accounting can be defined.
For minimal accounting, include the stop-only keyword to send a stop record accounting notice at
the end of the requested user process. For more accounting, include the start-stop keyword, so that
RADIUS or TACACS+ sends a start accounting notice at the beginning of the requested process
and a stop accounting notice at the end of the process. For even more accounting control, include
the wait-start keyword, which ensures that the start notice is received by the RADIUS or
TACACS+ server before granting the user's process request. Accounting is stored only on the
RADIUS or TACACS+ server. The none keyword disables accounting services for the specified
line or interface.
When aaa accounting is activated, the network access server monitors either RADIUS accounting
attributes or TACACS+ AV pairs pertinent to the connection, depending on the security method
implemented. The network access server reports these attributes as accounting records, which are
then stored in an accounting log on the security server. For a list of supported RADIUS accounting
attributes, refer to the "RADIUS Attributes" appendix in the Security Configuration Guide. For a
list of supported TACACS+ accounting AV pairs, refer to the "TACACS+ Attribute-Value Pairs"
appendix in the Security Configuration Guide.
Example:
In the following example, a default commands accounting method list is defined, where commands
accounting services are provided by a TACACS+ security server, set for privilege level 15
commands with a stop-only restriction.
Router(config)#aaa accounting commands 15 default stop-only group tacacs+
Misconceptions:
This command can be used with TACACS or extended TACACS.
Related Commands:
aaa authorization
aaa new-model

Command:
aaa authentication arap
Mode:
Router(config)#
Syntax:
aaa authentication arap {default | list-name} method1
[method2...]
no aaa authentication arap {default | list-name} method1
[method2...]
Syntax Description:
default Uses the listed methods that follow this argument as the default list of methods
when a user logs in.
list- Character string used to name the following list of authentication methods tried
name when a user logs in.
method One of the keywords described in the table: aaa authentication arap Methods.
To enable an AAA authentication method for AppleTalk Remote Access (ARA) using TACACS+,
use the aaa authentication arap global configuration command. Use the no form of this
command to disable this authentication.
Usage Guidelines
The list names and default that are set with the aaa authentication arap command are used with
the arap authentication command. Note that ARAP guest logins are disabled by default when
AAA is enabled. To allow guest logins, either the guest or auth-guest method listed in the table
must be used. Only one of these methods must be used, they are mutually exclusive.
Create a list by entering the aaa authentication arap list-name method command, where list-
name is any character string used to name this list (such as MIS-access). The method# arguments
identify the list of methods the authentication algorithm tries in the given sequence. For
descriptions of method keywords, see Table: aaa authentication arap Methods.
If no list is specified on an interface or line with the arap authentication command, a default list
to be used can be specified with the default keyword followed by the methods.
The additional methods of authentication are used only if the previous method returns an error, not
if it fails.
Use the show running-config command to view currently configured lists of authentication
methods.
Table: aaa authentication arap Methods
Keyword Description
Allows guest logins. This method must be the first method listed, but it can be
guest
followed by other methods if it does not succeed.
Allows guest logins only if the user has already logged in to EXEC. This method
auth-
must be the first method listed, but can be followed by other methods if it does not
guest
succeed.
line Uses the line password for authentication.
local Uses the local username database for authentication.
group Uses a group of TACACS+, RADIUS, or named server group for authentication.
local-
Uses case-sensitive local username authentication.
case
Example
The following example creates a list called MIS-access, which first tries TACACS+ authentication
and then none:
Router(config)#aaa authentication arap MIS-access group tacacs+ none
The following example creates the same list, but sets it as the default list that is used for all ARA
protocol authentications if no other list is specified:
Router(config)#aaa authentication arap default group tacacs+ none
Misconceptions:
Related Commands:
aaa new-model

Command:
aaa authentication enable default
Mode:
Router(config)#
Syntax:
aaa authentication enable default method1 [method2...]
no aaa authentication enable default method1 [method2...]
Syntax Description:
method At least one of the keywords described in the table below.
To enable AAA authentication to determine if a user can access the privileged command level, use
the aaa authentication enable default global configuration command. Use the no form of this
command to disable this authorization method.
Usage Guidelines
Use the aaa authentication enable default command to create a series of authentication methods
that are used to determine whether a user can access the privileged command level. Method
keywords are described in the table below. The additional methods of authentication are used only
if the previous method returns an error, not if it fails. To specify that the authentication should
succeed even if all methods return an error, specify none as the final method in the command line.
If a default authentication routine is not set for a function, the default is none and no authentication
is performed. Use the show running-config command to view currently configured lists of
authentication methods.
Table: aaa authentication enable Default Methods
Keyword Description
enable Uses the enable password for authentication.
none Uses no authentication.
group tacacs+ Uses the list of all TACACS+ to provide authentication services.
group radius Uses the list of all RADIUS to provide authentication services.
group | group- Uses a subset of RADIUS or TACACS+ servers for authentication as defined
name by the server group group-name.
Example:
The following example creates an authentication list that first tries to contact a TACACS+ server.
If no server can be found, AAA tries to use the enable password. If this attempt also returns an
error (because no enable password is configured on the server), the user is allowed access with no
authentication.
Router(config)#aaa authentication enable default group tacacs+ enable none
Misconceptions:
The additional methods of authentication are used if the previous method fails.
Related Commands:
aaa authorization
aaa new-model
enable password

Command:
aaa authentication login
Mode:
Router(config)#
Syntax:
aaa authentication login {default | list-name} method1
[method2...]
no aaa authentication login {default | list-name} method1
[method2...]
Syntax Description:
default Uses the listed authentication methods that follow this argument as the default list
of methods when a user logs in.
list- Character string used to name the following list of authentication methods
name activated when a user logs in.
method At least one of the keywords described in the table: aaa authentication login
Methods.
To set AAA authentication at login, use the aaa authentication login global configuration
command. Use the no form of this command to disable AAA authentication.
Usage Guidelines
The default and optional list names created with the aaa authentication login command are used
with the login authentication command.
Create a list by entering the aaa authentication login list-name method command for a particular
protocol, where list-name is any character string used to name this list (such as MIS-access). The
method argument identifies the list of methods that the authentication algorithm tries, in the given
sequence. Method keywords are described in the table.
If no list is specified on an interface with the login authentication command, a default list to be
used can be specified with the default keyword followed by the methods.
The additional methods of authentication are used only if the previous method returns an error, not
if it fails. To ensure that the authentication succeeds even if all methods return an error, specify
none as the final method in the command line.
If authentication is not specifically set for a line, the default is to deny access and no authentication
is performed. Use the show running-config command to display currently configured lists of
Table: aaa authentication login Methods
Keyword Description
krb5 Uses Kerberos 5 for authentication.
group radius Uses the list of all RADIUS to provide authentication services.
Uses Kerberos 5 Telnet authentication protocol when using Telnet to connect to
krb5-telnet
the router.
local-case Uses case-sensitive local username authentication
This command cannot be used with TACACS or extended TACACS.
Examples:
The following example creates an AAA authentication list called MIS-access. This authentication
first tries to contact a TACACS+ server. If no server is found, TACACS+ returns an error and
AAA tries to use the enable password. If this attempt also returns an error (because no enable
password is configured on the server), the user is allowed access with no authentication.
Router(config)#aaa authentication login MIS-access group tacacs+ enable none
The following example creates the same list, but it sets it as the default list that is used for all login
authentications if no other list is specified:
Router(config)#aaa authentication login default group tacacs+ enable none
The following example sets authentication at login to use the Kerberos 5 Telnet authentication
protocol when using Telnet to connect to the router:
Router(config)#aaa authentication login default krb5-telnet krb5
Misconceptions:
None
Related Commands:
aaa new-model
login authentication

Command:
aaa authentication nasi
Mode:
Router(config)#
Syntax:
aaa authentication nasi {default | list-name} method1
[method2...]
no aaa authentication nasi {default | list-name} method1
[method2...]
Syntax Description:
default Makes the listed authentication methods that follow this argument the
default list of methods used when a user logs in.
list-name Character string used to name the following list of authentication
methods activated when a user logs in.
method1 At least one of the methods described in the table below.
[method2...]
To specify AAA authentication for Netware Asynchronous Services Interface (NASI) clients
connecting through the access server, use the aaa authentication nasi global configuration
command. Use the no form of this command to disable authentication for NASI clients.
Usage Guidelines
The default and optional list names created with the aaa authentication nasi command are used
with the nasi authentication command.
Create a list by entering the aaa authentication nasi command, where list-name is any character
string that names the list (such as MIS-access). The method argument identifies the list of methods
the authentication algorithm tries in the given sequence. Method keywords are described in table
below.
To create a default list that is used if no list is assigned to a line with the nasi authentication
command, use the default argument followed by the methods that are desired in default situations.
The remaining methods of authentication are used only if the previous method returns an error, not
if it fails. To ensure that the authentication succeeds even if all methods return an error, specify
none as the final method in the command line.
If authentication is not specifically set for a line, the default is to deny access and no authentication
is performed. Use the show running-config command to display currently configured lists of
Table: aaa authentication nasi Methods
Keyword Description
local-case Uses case-sensitive local username authentication.
group radius Uses the list of all RADIUS to provide authentication service.
Examples:
The following example creates an AAA authentication list called list1. This authentication first
tries to contact a TACACS+ server. If no server is found, TACACS+ returns an error and AAA
tries to use the enable password. If this attempt also returns an error (because no enable password
is configured on the server), the user is allowed access with no authentication.
Router(config)#aaa authentication nasi list1 group tacacs+ enable none
The following example creates the same list, but sets it as the default list that is used for all login
authentications if no other list is specified:
Router(config)#aaa authentication nasi default group tacacs+ enable none
Misconceptions:
None
Related Commands:
None

Command:
aaa authentication password-prompt
Mode:
Router(config)#
Syntax:
aaa authentication password-prompt text-string
no aaa authentication password-prompt text-string
Syntax Description:
text- String of text that will be displayed when the user is prompted to enter a password.
string If this text-string contains spaces or unusual characters, it must be enclosed in
double-quotes (for example, "Enter your password:").
To change the text displayed when users are prompted for a password, use the aaa authentication
password-prompt global configuration command. Use the no form of this command to return to
the default password prompt text.
Usage Guidelines
Use the aaa authentication password-prompt command to change the default text that the Cisco
IOS software displays when prompting a user to enter a password. This command changes the
password prompt for the enable password as well as for login passwords that are not supplied by
remote security servers. The no form of this command returns the password prompt to the default
value:
Password:
The aaa authentication password-prompt command does not change any dialog that is supplied
by a remote TACACS+ or RADIUS server.
Example:
The following example changes the text for the password prompt:
Router(config)#aaa authentication password-prompt
"Enter your password now:"
Misconceptions:
None
Related Commands:
aaa authentication username-prompt
aaa new-model
enable password

Command:
aaa authentication ppp
Mode:
Router(config)#
Syntax:
aaa authentication ppp {default | list-name} method1 [method2...]
no aaa authentication ppp {default | list-name} method1
[method2...]
Syntax Description:
default Uses the listed authentication methods that follow this argument as
the default list of methods when a user logs in.
list-name Character string used to name the following list of authentication
methods tried when a user logs in.
method1 At least one of the keywords described in the table below.
[method2...]
To specify one or more AAA authentication methods for use on interfaces running Point-to-Point
Protocol (PPP), use the aaa authentication ppp global configuration command. Use the no form
of this command to disable authentication.
Usage Guidelines
The lists created with the aaa authentication ppp command are used with the ppp
authentication command. These lists contain up to four authentication methods that are used
when a user tries to log in to the serial interface.
Create a list by entering the aaa authentication ppp list-name method command, where list-name
is any character string used to name this list (such as MIS-access). The method argument identifies
the list of methods that the authentication algorithm tries in the given sequence. Up to four
methods can be entered. Method keywords are described in table below.
The additional methods of authentication are only used if the previous method returns an error, not
if it fails. Specify none as the final method in the command line to have authentication succeed
even if all methods return an error.
If authentication is not specifically set for a function, the default is none and no authentication is
performed. Use the show running-config command to display currently configured lists of
Table: aaa authentication ppp Methods
Keyword Description
if-needed Does not authenticate if user has already been authenticated on a TTY line
krb5 Uses Kerberos 5 for authentication (can only be used for PAP authentication)
local-case Uses case-sensitive local username authentication
local Uses the local username database for authentication
name by the server group group-name
none Uses no authentication
group radius Uses the list of all RADIUS to provide authentication service
group tacacs+ Uses the list of all TACACS+ to provide authentication service
Example:
The following example creates an AAA authentication list called MIS-access for lines that use
PPP. This authentication first tries to contact a TACACS+ server. If this action returns an error,
the user is allowed access with no authentication.
Router(config)#aaa authentication ppp MIS-access group tacacs+ none
Misconceptions:
None
Related Commands:
aaa new-model
ppp authentication
Command:
aaa authentication username-prompt
Mode:
Router(config)#
Syntax:
aaa authentication username-prompt text-string
no aaa authentication username-prompt text-string
Syntax Description:
text- String of text that will be displayed when the user is prompted to enter a
string username. If this text-string contains spaces or unusual characters, it must be
enclosed in double-quotes (for example, "Enter your name:").
To change the text displayed when users are prompted to enter a username, use the aaa
authentication username-prompt global configuration command. Use the no form of this
command to return to the default username prompt text.
Usage Guidelines
Use the aaa authentication username-prompt command to change the default text that the Cisco
IOS software displays when prompting a user to enter a username. The no form of this command
returns the username prompt to the default value:
Username:
Some protocols (for example, TACACS+) have the ability to override the use of local username
prompt information. Using the aaa authentication username-prompt command will not change
the username prompt text in these instances.
The aaa authentication username-prompt command does not change any dialog that is supplied
by a remote TACACS+ server.
Example:
The following example changes the text for the username prompt:
Router(config)#aaa authentication username-prompt "Enter your name here:"
Misconceptions:
None
Related Commands:
aaa authentication password-prompt
aaa new-model
enable password

Command:
aaa authorization
Mode:
Router(config)#
Syntax:
aaa authorization {network | exec | commands level| reverse-access
| configuration | config-commands | auth-proxy | ipmobile}
{default | list-name} method1 [method2...]
no aaa authorization {network | exec | commands level| reverse-

access | configuration | config-commands | auth-proxy | ipmobile}
Syntax Description:
auth-proxy For Authentication Proxy Services.
network Runs authorization for all network-related service requests, including
SLIP, PPP, PPP NCPs, and ARAP.
exec Runs authorization to determine if the user is allowed to run an EXEC
shell.
commands Runs authorization for all commands at the specified privilege level.
config-commands For configuration mode commands.
configuration Downloads the configuration from the AAA server.
ipmobile For Mobile IP services.
level Specific command level that should be authorized. Valid entries are 0
through 15.
reverse-access Runs authorization for reverse access connections, such as reverse
Telnet.
default Uses the listed authorization methods that follow this argument as the
default list of methods for authorization.
list-name Character string used to name the list of authorization methods.
method1 One of the keywords listed in the table below.
[method2...]
Use the aaa authorization global configuration command to set parameters that restrict a user's
network access. Use the no form of this command to disable authorization for a function. Use the
aaa authorization command to enable authorization and to create named methods lists, defining
authorization methods that can be used when a user accesses the specified function. Method lists
for authorization define the ways authorization will be performed and the sequence in which these
methods will be performed. A method list is simply a named list describing the authorization
methods to be queried (such as RADIUS or TACACS+), in sequence. Method lists enable one or
more security protocols to be used for authorization to be designated, thus ensuring a backup
system in case the initial method fails. Cisco IOS software uses the first method listed to authorize
users for specific network services; if that method fails to respond, the Cisco IOS software selects
the next method listed in the method list. This process continues until there is successful
communication with a listed authorization method, or all methods defined are exhausted.
Note The Cisco IOS software attempts authorization with the next listed method only when there
is no response from the previous method. If authorization fails at any point in this cycle (meaning
that the security server or local username database responds by denying the user services) the
authorization process stops and no other authorization methods are attempted.
Use the aaa authorization command to create a list by entering the list-name and the method,
where list-name is any character string used to name this list (excluding all method names) and
method identifies the list of authorization method(s) tried in the given sequence.
Method keywords are described in the table below.
Table: AAA Authorization Methods
Keyword Description
group radius Uses the list of all RADIUS to provide authorization service.
if-authenticated Allows the user to access the requested function if the user is
authenticated.
None No authorization is performed.
Local Uses the local database for authorization.
group tacacs+ Uses the list of all TACACS+ to provide authorization services.
krb5-instance Uses the instance defined by the kerberos instance map command.
Cisco IOS software supports the following six methods for authorization:
Group TACACS+---The network access server exchanges authorization information with

the TACACS+ security daemon. TACACS+ authorization defines specific rights for users by
associating attribute-value (AV) pairs, which are stored in a database on the TACACS+
security server, with the appropriate user.
If-Authenticated---The user is allowed to access the requested function provided the user
has been authenticated successfully.
None---The network access server does not request authorization information. Authorization
is not performed over this line/interface.
Local---The router or access server consults its local database, as defined by the username
command, to authorize specific rights for users. Only a limited set of functions can be
controlled via the local database.
Group RADIUS---The network access server requests authorization information from the
RADIUS security server. RADIUS authorization defines specific rights for users by
associating attributes, which are stored in a database on the RADIUS server.
Kerberos Instance Map---The network access server uses the instance defined by the
kerberos instance map command for authorization.
Method lists are specific to the type of authorization being requested. AAA supports four different
types of authorization:
Network---Applies to network connections. This can include a PPP, SLIP, or ARAP

connection.
EXEC---Applies to the attributes associated with a user EXEC terminal session.
Commands---Applies to the EXEC mode commands a user issues. Command authorization
attempts authorization for all EXEC mode commands, including global configuration
commands, associated with a specific privilege level.
Reverse Access---Applies to reverse Telnet sessions.
When creating a named method list, a particular list of authorization methods for the indicated
authorization type is defined. Once defined, method lists must be applied to specific lines or
interfaces before any of the defined methods will be performed. The authorization command
causes a request packet containing a series of AV pairs to be sent to the RADIUS or TACACS
daemon as part of the authorization process. The daemon can do one of the following:
Accept the request as is

Make changes to the request
Refuse the request and refuse authorization
For a list of supported RADIUS attributes, refer to the "RADIUS Attributes" appendix in the Cisco
IOS Release 11.3 Security Configuration Guide. For a list of supported TACACS+ AV pairs, refer
to the "TACACS+ AV Pairs" appendix in the Cisco IOS Release 11.3 Security Configuration
Guide.
Note There are five commands associated with privilege level 0; disable, enable, exit, help, and
logout. If AAA authorization is configured for a privilege level greater than 0, these five
commands will not be included in the privilege level command set.
Example:
The following example defines the network authorization method list named scoobee, which
specifies that RADIUS authorization will be used on serial lines using PPP. If the RADIUS server
fails to respond, then local network authorization will be performed.
Router(config)#aaa authorization network scoobee group radius local
Misconceptions:
Related Commands:
aaa accounting
aaa new-model

Command:
aaa new-model
Mode:
Router(config)#
Syntax:
aaa new-model
no aaa new-model
Syntax Description:
This command has no arguments or keywords.
To enable the AAA access control model, issue the aaa new-model global configuration
command. Use the no form of this command to disable the AAA access control model.
Example:
The following example initializes AAA:
Router(config)#aaa new-model
Misconceptions:
None
Related Commands:
aaa accounting
aaa authentication arap
aaa authentication enable default
aaa authentication ppp
aaa authorization

Command:
radius-server host
Mode:
Router(config)#
Syntax:
radius-server host {hostname | ip-address} [auth-port port-
number] [acct-port port-number] [timeout seconds]
[retransmit retries] [key string] [alias{hostname | ip-
address}]
no radius-server host {hostname | ip-address} [auth-port
port-number] [acct-port port-number] [timeout seconds]
[retransmit retries] [key string]
Syntax Description:
hostname DNS name of the RADIUS server host.
ip-address IP address of the RADIUS server host.
auth-port (Optional) Specifies the UDP destination port for authentication requests.
port- (Optional) Port number for authentication requests; the host is not used for
number authentication if set to 0.
acct-port (Optional) Specifies the UDP destination port for accounting requests.
port- (Optional) Port number for accounting requests; the host is not used for
number accounting if set to 0.
To specify a RADIUS server host, use the radius-server host global configuration command. Use
the no form of this command to delete the specified RADIUS host.
Usage Guidelines
Use multiple radius-server host commands to specify multiple hosts. The software searches for
hosts in the order they are specified.
Example:
The following example specifies host1 as the RADIUS server and uses default ports for both
accounting and authentication:
Router(config)#radius-server host host1.domain.com
The following example specifies port 12 as the destination port for authentication requests and port
16 as the destination port for accounting requests on a RADIUS host named host1:
Router(config)#radius-server host host1.domain.com auth-port 12 acct-port 16
Because entering a line resets all the port numbers, you must specify a host and configure
accounting and authentication ports on a single line.
To use separate servers for accounting and authentication, use the zero port value as appropriate.
The following example specifies that RADIUS server host1 be used for accounting but not for
authentication, and that RADIUS server host2 be used for authentication but not for accounting:
Router(config)#radius-server host host1.domain.com auth-port 0
Router(config)#radius-server host host2.domain.com acct-port 0
Misconceptions:
None
Related Commands:
aaa accounting
aaa authentication
aaa authorization
ppp authentication
radius-server key
username

Command:
radius-server key
Mode:
Router(config)#
Syntax:
radius-server key {string}
no radius-server key
Syntax Description:
string The key used to set authentication and encryption. This key must match the encryption
used on the RADIUS daemon.
To set the authentication and encryption key for all RADIUS communications between the router
and the RADIUS daemon, use the radius-server key global configuration command. Use the no
form of this command to disable the key.
Usage Guidelines
After enabling AAA authentication with the aaa new-model command, the authentication and
encryption key must be set using the radius-server key command.
The key entered must match the key used on the RADIUS daemon. All leading spaces are ignored,
but spaces within and at the end of the key are used. If spaces are used in the key, do not enclose
the key in quotation marks unless the quotation marks themselves are part of the key.
Example:
The following example sets the authentication and encryption key to "dare to go":
Router(config)#radius-server key dare to go
Misconceptions:
None
Related Commands:
aaa new-model
ppp authentication
radius-server host
username
© Cisco Systems, Inc. 2001, 2002

World Wide Education
Command:
tacacs-server host
Mode:
Router(config)#
Syntax:
tacacs-server host hostname [single-connection ] [port
integer] [timeout integer] [key string]
no tacacs-server host hostname
Syntax Description:
hostname Name or IP address of the host.
(Optional) Specify that the router maintain a single open connection for
single- confirmation from a AAA/TACACS+ server (CiscoSecure Release 1.0.1 or
connection later). This command contains no autodetect and fails if the specified host is
not running a CiscoSecure daemon.
(Optional) Specify a server port number. This option overrides the default,
port
which is port 49.
(Optional) Port number of the server. Valid port numbers range from 1 to
integer
65535.
timeout (Optional) Specify a timeout value. This overrides the global timeout value set
with the tacacs-server timeout command for this server only.
integer (Optional) Integer value, in seconds, of the timeout interval.
(Optional) Specify an authentication and encryption key. This must match the
key key used by the TACACS+ daemon. Specifying this key overrides the key set
by the global command tacacs-server key for this server only.
string (Optional) Character string specifying authentication and encryption key.
To specify a TACACS host, use the tacacs-server host global configuration command. Use the no
form of this command to delete the specified name or address.
Usage Guidelines
Multiple tacacs-server host commands can be used to specify additional hosts. The Cisco IOS
software searches for hosts in the order in which they are specified. Use the single-connection,
port, timeout, and key options only when running a AAA/TACACS+ server.
Because some of the parameters of the tacacs-server host command override global settings made
by the tacacs-server timeout and tacacs-server key commands, this command can be used to
enhance security on a network by uniquely configuring individual TACACS+ connections.
Examples:
The following example specifies a TACACS host named Sea_Change:
Router(config)#tacacs-server host Sea_Change
The following example specifies that, for AAA confirmation, the router consult the CiscoSecure TACACS+
named Sea_Cure on port number 51. The timeout value for requests on this connection is three seconds; the
encryption key is a_secret.
Router(config)#tacacs-server host Sea_Cure single-connection port 51 timeout 3 key a_se
Misconceptions:
None
Related commands:
tacacs-server key

Command:
tacacs-server key
Mode:
Router(config)#
Syntax:
tacacs-server key key
no tacacs-server key [key]
Syntax Description:
key Key used to set authentication and encryption. This key must match the key used on the
TACACS+ daemon.
To set the authentication encryption key used for all TACACS+ communications between the
access server and the TACACS+ daemon, use the tacacs-server key global configuration
command. Use the no form of this command to disable the key.
Usage Guidelines
After enabling AAA with the aaa new-model command, the authentication and encryption key
must be set using the tacacs-server key command.
The key entered must match the key used on the TACACS+ daemon. All leading spaces are
ignored; spaces within and at the end of the key are not. If spaces are used in the key, do not
enclose the key in quotation marks unless the quotation marks themselves are part of the key.
Example:
The following example sets the authentication and encryption key to "dare to go":
Router(config)#tacacs-server key dare to go
Misconceptions:
None
Related commands:
aaa new-model
tacacs-server host

Command:
absolute
Mode:
Router(config-time-range)#
Syntax:
absolute [start time date] [end time date]
no absolute
Syntax Description:
To specify an absolute time when a time range is in effect, use the absolute time-range
configuration command. To remove an absolute time-range, use the no form of the command.
Note All time specifications are interpreted as local time. To ensure that the time range entries take
effect at the desired times, the software clock should be synchronized using the Network Time
Protocol (NTP), or some other authoritative time source.
Example:
The following example defines a time range from 8:00 December 18, 2002 until 8:00 January 3,
2003:
Router(config-time-range)#absolute 8:00 18 december 2002 8:00 3 january 2003
Misconceptions:
None
Related Commands:
ip access-list extended
access-list
periodic
time-range

Command:
access-enable
Mode:
Router#
Syntax:
access-enable [host] [timeout minutes]
Syntax Description:
Tells the software to enable access only for the host from which the Telnet session
host originated. If not specified, the software allows all hosts on the defined network to
gain access. The dynamic access list contains the network mask to use for enabling
the new network.
Specifies an idle timeout for the temporary access list entry. If the access list entry is
timeout not accessed within this period, it is automatically deleted and requires the user to
authenticate again. The default is for the entries to remain permanently.
To enable the router to create a temporary access list entry in a dynamic access list, use the access-
enable privileged EXEC command. This command enables the lock-and-key access feature.
Always define either an idle timeout (with the timeout keyword in this command), or an absolute
timeout (with the timeout keyword in the access-list command). Otherwise, the temporary access
list entry will remain, even after the user terminates the session.
Use the autocommand command with the access-enable command to cause the access-enable
command to execute when a user opens a Telnet session into the router.
Example:
The following example causes the software to create a temporary access list entry and tells the
software to enable access only for the host from which the Telnet session originated. If the access
list entry is not accessed within 5 minutes, it is deleted:
Router#access-enable host timeout 5
Misconceptions:
None
Related Commands:
dynamic
access-list

Command:
access-list (IP)
Mode:
Router(config)#
Syntax:
IP standard access-list: access-list access-list-number {deny |
permit | remark line} source[source-wildcard] [log]
IP extended access-list: access-list access-list-number [dynamic

dynamic-name [timeout minutes]] {deny | permit | remark line }
protocol source source-wildcard destination destination-wildcard
[precedence precedence] [tos tos] [log | log-input][time-range
name]
no access-list access-list-number
TCP extended access-list: access-list access-list-number [dynamic

dynamic-name [timeout minutes]] {deny | permit | remark line } tcp
source source-wildcard [operator port [port]] destination
destination-wildcard [operator port [port]] [established]
[precedence precedence] [tos tos] [log | log-input] [time-range
name]
Syntax Description:
access-list- Number of an access list. This is a decimal number from 1 to 99 for IP
number standard and 100 to 199 or from 2000 to 2699 for IP extended.
dynamic (Optional) Identifies this access list as a dynamic access list. Refer to
dynamic-name lock-and-key access documented in the "Configuring Lock-and-Key
Security (Dynamic Access Lists)" chapter in the Security
Configuration Guide.
timeout (Optional) Specifies the absolute length of time (in minutes) that a
minutes temporary access list entry can remain in a dynamic access list. The
default is an infinite length of time and allows an entry to remain
permanently. Refer to lock-and-key access documented in the
"Configuring Lock-and-Key Security (Dynamic Access Lists)" chapter
in the Security Configuration Guide.
deny Denies access if the conditions are matched.
permit Permits access if the conditions are matched.
protocol It can be one of the keywords ahp, eigrp, esp, gre, icmp, igmp, igrp,
ip, ipinip, nos, ospf, pcp, pim, tcp, or udp, or an integer in the range
0 to 255 representing an IP protocol number. To match any Internet
protocol (including ICMP, TCP, and UDP) use the keyword ip. Some
protocols allow further qualifiers described below.
source Number of the network or host from which the packet is being sent.
There are three alternative ways to specify the source:
· Use a 32-bit quantity in four-part, dotted-decimal format.
· Use the keyword any as an abbreviation for a source and

source-wildcard of 0.0.0.0 255.255.255.255.
· Use host source as an abbreviation for a source and source-

wildcard of source 0.0.0.0.
source- Wildcard bits to be applied to source. Each wildcard bit set to zero
wildcard indicates that the corresponding bit position in the packet's ip address
must exactly match the bit value in the corresponding bit position in
the source. Each wildcard bit set to one indicates that both a zero bit
and a one bit in the corresponding position of the packet's ip address
will be considered a match to this access list entry.
There are three alternative ways to specify the source wildcard:

Place ones in the bit positions to be ignored. For example,
0.0.255.255 to require an exact match of only the first 16 bits
of the source.
· Use the keyword any as an abbreviation for a source and

source-wildcard of 0.0.0.0 255.255.255.255.
· Use host source as an abbreviation for a source and source-

Wildcard bits set to one do not need to be contiguous in the source-

wildcard. For example, a source-wildcard of 0.255.0.64 would be
valid.
destination Number of the network or host to which the packet is being sent.
There are three alternative ways to specify the destination:

· Use the keyword any as an abbreviation for the destination
and destination-wildcard of 0.0.0.0 255.255.255.255.
· Use host destination as an abbreviation for a destination and

destination-wildcard of destination 0.0.0.0.
destination- Wildcard bits to be applied to the destination. There are three

wildcard alternative ways to specify the destination wildcard:

Place ones in the bit positions to be ignored.
· Use the keyword any as an abbreviation for a destination and

destination-wildcard of 0.0.0.0 255.255.255.255.
· Use host destination as an abbreviation for a destination and

precedence (Optional) Packets can be filtered by precedence level, as specified by

precedence a number from 0 to 7 or by name. The IP precedence is the three
leftmost bits in the TOS octet of an IP header (as defined in RFCs
1349, 1812, 2474 & 2873). This may be set using the route map or
policy map command set ip precedence. The precedence names are
shown in the Command Usage section.
tos tos (Optional) Packets can be filtered by type of service level, as specified
by a number from 0 to 15 or by name. The TOS Field is bits 3-6 in the
TOS octet of IPv4 header [RFC 1349].
icmp-type (Optional) ICMP packets can be filtered by ICMP message type. The
type is a number from 0 to 255. The type is identified in the first byte
of the ICMP datagram and are defined by rfc 792.
icmp-code (Optional) ICMP packets that are filtered by ICMP message type can
also be filtered by the ICMP message code. The code is a number from
0 to 255. The code is identified in the second byte of the ICMP
datagram and are defined by rfc 792.
icmp-message (Optional) ICMP packets can be filtered by an ICMP message type

name or ICMP message type and code name. The possible names are
found in the section "Usage Guidelines."
igmp-type or (Optional) IGMP packets can be filtered by IGMP message type or

igmp-message message name. A message type is a number from 0 to 15. IGMP
message names are listed in the section "Usage Guidelines."
operator (Optional) Compares source or destination ports. Possible operands

include lt (less than), gt (greater than), eq (equal), neq (not equal), and
range (inclusive range).
If the operator is positioned after the source and source-wildcard, it

must match the source port.
If the operator is positioned after the destination and destination-

wildcard, it must match the destination port.
The range operator requires two port numbers. All other operators
require one port number.
port (Optional) The decimal number or name of a TCP or UDP port. A port
number is a number from 0 to 65535. TCP port names are listed in the
section "Usage Guidelines." TCP port names can only be used when
filtering TCP. UDP port names are listed in the section "Usage
Guidelines." UDP port names can only be used when filtering UDP.
TCP port names can only be used when filtering TCP. UDP port
names can only be used when filtering UDP.
established (Optional) For the TCP protocol only: Indicates an established

connection. A match occurs if the TCP datagram has the ACK or RST
bits set. The nonmatching case is that of the initial TCP datagram to
form a connection.
log (Optional) Causes an informational logging message about the packet

that matches the entry to be sent to the console. (The level of messages
logged to the console is controlled by the logging console command.)
The message includes the access list number, whether the packet was
permitted or denied; the protocol, whether it was TCP, UDP, ICMP or
a number; and, if appropriate, the source and destination addresses and
source and destination port numbers. The message is generated for the
first packet that matches, and then at 5-minute intervals, including the
number of packets permitted or denied in the prior 5-minute interval.
The logging facility might drop some logging message packets if there
are too many to be handled or if there is more than one logging
message to be handled in 1 second. This behavior prevents the router
from crashing due to too many logging packets. Therefore, the logging
facility should not be used as a billing tool or an accurate source of the
number of matches to an access list.
log-input (Optional) Includes the input interface and source MAC address or VC
in the logging output.
To define an access-control list, use the access-list global configuration command. To remove a
standard access lists, use the no form of this command. Plan the access conditions carefully and be
aware of the implicit "deny all" statement at the end of the access list. Access lists can be used to
control the transmission of packets on an interface, control virtual terminal line access, and restrict
the contents of routing updates.
Usage Guidelines
Note After an access list is created initially, any subsequent additions (possibly entered from the
terminal) are placed at the end of the list. In other words, access list command lines cannot be
selectively added or removed from a specific access list.
The following is a list of precedence names:
critical
flash
flash-override
immediate
internet
network
priority
routine
The following is a list of type of service (TOS) names:
max-reliability
max-throughput
min-delay
min-monetary-cost
normal
The following is a list of TCP port names that can be used instead of port numbers. Refer to the
current Assigned Numbers RFC to find a reference to these protocols. Port numbers corresponding
to these protocols can also be found by typing a ? in the place of a port number.
bgp
chargen
daytime
discard
domain
echo
finger
ftp
ftp-data
gopher
hostname
irc
klogin
kshell
lpd
nntp
pop2
pop3
smtp
sunrpc
syslog
tacacs-ds
talk
telnet
time
uucp
whois
www
Example:
The following example creates standard IP access-list 1, which will permit all traffic from network
171.0.0.0:
Router(config)# access-list 1 permit 171.0.0.0 0.0.255.255
The following IP standard access control list command defines an entry in access list 1 that permits
all IP traffic from host 192.168.4.2:
Router(config)# access-list 1 permit 192.168.4.2 0.0.0.0
Misconceptions:
None
Related Commands:
ip access-group

Command:
access-list (IP extended)
Mode:
Router(config)#
Syntax:
access-list access-list-number [dynamic dynamic-name [timeout
minutes]] {deny | permit} protocol source source-wildcard
destination destination-wildcard [precedence precedence] [tos
tos] [log | log-input]
no access-list access-list-number
Internet Control Message Protocol (ICMP)

minutes]] {deny | permit} icmp source source-wildcard destination
destination-wildcard [icmp-type | [[icmp-type icmp-code] | [icmp-
message]] [precedence precedence] [tos tos] [log | log-input]
Internet Group Management Protocol (IGMP)

minutes]] {deny | permit} igmp source source-wildcard destination
destination-wildcard [igmp-type] [precedence precedence] [tos tos]
[log | log-input]
TCP

minutes]] {deny | permit} tcp source source-wildcard [operator
port [port]] destination destination-wildcard [operator port
[port]] [established] [precedence precedence] [tos tos] [log |
log-input]
User Datagram Protocol (UDP)

minutes]] {deny | permit} udp source source-wildcard [operator
port [port]] destination destination-wildcard [operator port
[port]] [precedence precedence] [tos tos] [log | log-input]
Caution Enhancements to this command are backward compatible. Migrating from releases
prior to Release 11.1 will convert access lists automatically. However, releases prior to Release
11.1 are not upwardly compatible with these enhancements. Therefore, if an access list is saved
with these images and then used on software prior to Release 11.1, the resulting access list will
not be interpreted correctly. This could cause severe security problems. Save old configuration
file before booting these images.
Syntax Description:
access-list- Number of an access list. This is a decimal number from 1 to 99 for IP
number standard, and 100 to 199 for IP extended, or from 1000 to 1099 for IP
SAP.
dynamic (Optional) Identifies this access list as a dynamic access list. Refer to
dynamic-name lock-and-key access documented in the "Configuring Lock-and-Key
Security (Dynamic Access Lists)" chapter in the Security
Configuration Guide.
timeout (Optional) Specifies the absolute length of time (in minutes) that a
minutes temporary access list entry can remain in a dynamic access list. The
default is an infinite length of time and allows an entry to remain
permanently. Refer to lock-and-key access documented in the
"Configuring Lock-and-Key Security (Dynamic Access Lists)" chapter
in the Security Configuration Guide.
protocol Name or number of an IP protocol. It can be one of the keywords

eigrp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, pim, tcp, or udp,
or an integer in the range 0 to 255 representing an IP protocol number.
To match any Internet protocol (including ICMP, TCP, and UDP) use
the keyword ip. Some protocols allow further qualifiers described
below.
source Number of the network or host from which the packet is being sent.
There are three alternative ways to specify the source:
Use a 32-bit quantity in four-part, dotted-decimal format.

Use the keyword any as an abbreviation for a source and source-
wildcard of 0.0.0.0 255.255.255.255.
Use host source as an abbreviation for a source and source-
source- Wildcard bits to be applied to source. Each wildcard bit set to zero
wildcard indicates that the corresponding bit position in the packet's ip address
must exactly match the bit value in the corresponding bit position in
the source. Each wildcard bit set to one indicates that both a zero bit
and a one bit in the corresponding position of the packet's ip address
will be considered a match to this access list entry.
There are three alternative ways to specify the source wildcard:
Use a 32-bit quantity in four-part, dotted-decimal format. Place

ones in the bit positions to be ignored. For example, 0.0.255.255
to require an exact match of only the first 16 bits of the source.
wildcard of 0.0.0.0 255.255.255.255.
Use host source as an abbreviation for a source and source-
Wildcard bits set to one do not need to be contiguous in the source-

wildcard. For example, a source-wildcard of 0.255.0.64 would be
valid.
destination Number of the network or host to which the packet is being sent. There
are three alternative ways to specify the destination:

Use the keyword any as an abbreviation for the destination and
Use host destination as an abbreviation for a destination and
destination- Wildcard bits to be applied to the destination. There are three

wildcard alternative ways to specify the destination wildcard:
Use a 32-bit quantity in four-part, dotted-decimal format. Place

ones in the bit positions to be ignored.
Use the keyword any as an abbreviation for a destination and
precedence (Optional) Packets can be filtered by precedence level, as specified by

precedence a number from 0 to 7 or by name as listed in the section "Usage
Guidelines."
tos tos (Optional) Packets can be filtered by type of service level, as specified
by a number from 0 to 15 or by name as listed in the section "Usage
Guidelines."
icmp-type (Optional) ICMP packets can be filtered by ICMP message type. The
type is a number from 0 to 255.
icmp-code (Optional) ICMP packets that are filtered by ICMP message type can
also be filtered by the ICMP message code. The code is a number from
0 to 255.
icmp-message (Optional) ICMP packets can be filtered by an ICMP message type

name or ICMP message type and code name. The possible names are
found in the section "Usage Guidelines."
igmp-type (Optional) IGMP packets can be filtered by IGMP message type or

message name. A message type is a number from 0 to 15. IGMP
message names are listed in the section "Usage Guidelines."
operator (Optional) Compares source or destination ports. Possible operands

include; lt (less than), gt (greater than), eq (equal), neq (not equal), and
range (inclusive range).
If the operator is positioned after the source and source-wildcard, it

must match the source port.
If the operator is positioned after the destination and destination-

wildcard, it must match the destination port.
The range operator requires two port numbers. All other operators
require one port number.
number is a number from 0 to 65535. TCP port names are listed in the
section "Usage Guidelines." TCP port names can only be used when
filtering TCP. UDP port names are listed in the section "Usage
Guidelines." UDP port names can only be used when filtering UDP.
TCP port names can only be used when filtering TCP. UDP port names
can only be used when filtering UDP.
established (Optional) For the TCP protocol only. Indicates an established

connection. A match occurs if the TCP datagram has the ACK or RST
bits set. The nonmatching case is that of the initial TCP datagram to
form a connection.
log (Optional) Causes an informational logging message about the packet

that matches the entry to be sent to the console. (The level of messages
logged to the console is controlled by the logging console command.)
The message includes the access list number, whether the packet was
permitted or denied; the protocol, whether it was TCP, UDP, ICMP or
a number; and, if appropriate, the source and destination addresses and
source and destination port numbers. The message is generated for the
first packet that matches, and then at 5-minute intervals, including the
number of packets permitted or denied in the prior 5-minute interval.
The logging facility might drop some logging message packets if there
are too many to be handled or if there is more than one logging
message to be handled in 1 second. This behavior prevents the router
from crashing due to too many logging packets. Therefore, the logging
facility should not be used as a billing tool or an accurate source of the
number of matches to an access list.
log-input (Optional) Log matches against this entry, including input interface.
To define an extended IP access list, use the extended version of the access-list global
configuration command. Access lists can be used to control the transmission of packets on an
interface, control virtual terminal line access, and restrict contents of routing updates. The Cisco
IOS software stops checking the extended access list after a match occurs.
Fragmented IP packets, other than the initial fragment, are immediately accepted by any extended
IP access list. Extended access lists used to control virtual terminal line access or restrict contents
of routing updates must not match against the TCP source port, the type of service value, or the
packet's precedence.
Note After an access list is created initially, any subsequent additions (possibly entered from the
terminal) are placed at the end of the list. In other words, access list command lines cannot be
selectively added or removed from a specific access list.
The following is a list of precedence names:
Critical
flash
flash-override
immediate
internet
network
priority
routine
The following is a list of type of service (TOS) names:
max-reliability
max-throughput
min-delay
min-monetary-cost
normal
The following is a list of ICMP message type names and ICMP message type and code names:
administratively-prohibited
alternate-address
conversion-error
dod-host-prohibited
dod-net-prohibited
echo
echo-reply
general-parameter-problem
host-isolated
host-precedence-unreachable
host-redirect
host-tos-redirect
host-tos-unreachable
host-unknown
host-unreachable
information-reply
information-request
mask-reply
mask-request
mobile-redirect
net-redirect
net-tos-redirect
net-tos-unreachable
net-unreachable
network-unknown
no-room-for-option
option-missing
packet-too-big
parameter-problem
port-unreachable
precedence-unreachable
protocol-unreachable
reassembly-timeout
redirect
router-advertisement
router-solicitation
source-quench
source-route-failed
time-exceeded
timestamp-reply
timestamp-request
traceroute
ttl-exceeded
unreachable
The following is a list of IGMP message names:
dvmrp
host-query
host-report
pim
trace
The following is a list of TCP port names that can be used instead of port numbers. Refer to the
bgp
chargen
daytime
discard
domain
echo
finger
ftp
ftp-data
gopher
hostname
irc
klogin
kshell
lpd
nntp
pop2
pop3
smtp
sunrpc
syslog
tacacs-ds
talk
telnet
time
uucp
whois
www
The following is a list of UDP port names that can be used instead of port numbers. Refer to the
biff
bootpc
bootps
discard
dns
dnsix
echo
mobile-ip
nameserver
netbios-dgm
netbios-ns
ntp
rip
snmp
snmptrap
sunrpc
syslog
tacacs-ds
talk
tftp
time
who
xdmcp
Examples:
In the following example, serial interface 0 is part of a Class B network with the address 128.88.0.0, and the
address is 128.88.1.2. The keyword established is used only for the TCP protocol to indicate an established
match occurs if the TCP datagram has the ACK or RST bits set, which indicate that the packet belongs to a
connection.
Router(config)#access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.0.0 0.0.255.255
Router(config)#access-list 102 permit tcp 0.0.0.0 255.255.255.255 128.88.1.2 0.0.0.0 eq
Router(config)#interface serial 0
Router(config-if)#ip access-group 102 in
The following example also permits Domain Naming System (DNS) packets and ICMP echo and echo repl
Router(config)#access-list 102 permit tcp any 128.88.0.0 0.0.255.255 established
Router(config)#access-list 102 permit tcp any host 128.88.1.2 eq smtp
Router(config)#access-list 102 permit tcp any any eq domain
Router(config)#access-list 102 permit udp any any eq domain
Router(config)#access-list 102 permit icmp any any echo
Router(config)#access-list 102 permit icmp any any echo-reply
The following examples show how wildcard bits are used to indicate the bits of the prefix or mask that are r
are similar to the bitmasks that are used with normal access lists. Prefix/mask bits corresponding to wildcar
ignored during comparisons and prefix/mask bits corresponding to wildcard bits set to 0 are used in compar
In the following example, permit 192.108.0.0 255.255.0.0 but deny any more specific routes of 192.108.0.0
192.108.0.0 255.255.255.0).
Router(config)#access-list 101 permit ip 192.108.0.0 0.0.0.0 255.255.0.0 0.0.0.0
Router(config)#access-list 101 deny ip 192.108.0.0 0.0.255.255 255.255.0.0 0.0.255.25
In the following example, permit 131.108.0/24 but deny 131.108/16 and all other subnets of 131.108.0.0.
Router(config)#access-list 101 deny ip 131.108.0.0 0.0.255.255 255.255.0.0 0.0.255.25
Misconceptions:
None
Related Commands:
access-list
access-list (IPX standard)
access-list (IPX extended)
ip access-group

Command:
Mode:
Router(config)#
Syntax:
access-list access-list-number {deny | permit} {protocol} [source-
network | source-net.node-address | source-net.node-address
source-network.node-mask | source-net.node-address source-node-
mask] [source-socket] [destination-network | destination-
network.destination-node | destination-network.destination-node
destination-node-mask | destination-network.destination-node
destination-network-mask.destination-node-mask]
[destination-socket] [log] [time-range time-range]
no access-list access-list-number {deny | permit} {protocol}

[source-network | source-net.node-address | source-net node-
address source-network.node-mask | source-net.node-address source-
node-mask] [source-socket] [destination-network | destination-
destination-network-mask.destination-node-mask] [destination-
socket] [log] [time-range time-range]
Syntax Description:
access-list- Number of the access list. This is a number from 900 to 999.
number
protocol Name or number of an IPX protocol type. This is sometimes referred

to as the packet type. The table in the "Usage Guidelines" section
lists some IPX protocol names and numbers.
source-network (Optional) Number of the network from which the packet is being
sent. This is an eight-digit hexadecimal number that uniquely
identifies a network cable segment. It can be a number in the range
1 to FFFFFFFE. A network number of 0 matches the local network.
A network number of -1 matches all networks.
Leading zeros do not need to be specified in the network number. For

example, for the network number 000000AA, simply enter AA.
source-node (Optional) Node on source-network from which the packet is being

sent. This is a 48-bit value represented by a dotted triplet of four-digit
hexadecimal numbers (xxxx.xxxx.xxxx).
source-node- (Optional) Mask to be applied to source-node. This is a 48-bit value

mask represented as a dotted triplet of four-digit hexadecimal numbers
(xxxx.xxxx.xxxx). Place ones in the bit positions to be masked.
source- (Optional) Mask to be applied to source-network. This is an eight-

network-mask digit hexadecimal mask. Place ones in the bit positions to be masked.
The mask must immediately be followed by a period, which must in

turn immediately be followed by source-node-mask.
source-socket (Optional) Socket name or number (hexadecimal) from which the

packet is being sent. Table in the "Usage Guidelines" section lists
some IPX socket names and numbers.
destination- (Optional) Number of the network to which the packet is being sent.
network This is an eight-digit hexadecimal number that uniquely identifies a
network cable segment. It can be a number in the range 1 to
FFFFFFFE. A network number of 0 matches the local network. A
network number of -1 matches all networks.

destination- (Optional) Node on destination-network to which the packet is being

node sent. This is a 48-bit value represented by a dotted triplet of four-digit
destination- (Optional) Mask to be applied to destination-node. This is a 48-bit

node-mask value represented as a dotted triplet of four-digit hexadecimal
numbers (xxxx.xxxx.xxxx). Place ones in the bit positions to be
masked.
destination- (Optional) Mask to be applied to destination-network. This is an

network-mask. eight-digit hexadecimal mask. Place ones in the bit positions to be
masked.

turn immediately be followed by destination-node-mask.
destination- (Optional) Socket name or number (hexadecimal) to which the
socket packet is being sent. Table in the "Usage Guidelines" section lists
log (Optional) Logs IPX access control list violations whenever a packet
matches a particular access list entry. The information logged
includes source address, destination address, source socket,
destination socket, protocol type, and action taken (permit/deny).
To define an extended Novell IPX access list, use the extended version of the access-list global
configuration command. To remove an extended access list, use the no form of this command.
Extended IPX access lists filter on protocol type. All other parameters are optional.
If a network mask is used, all other fields are required.
Use the ipx access-group command to assign an access list to an interface. Only one extended or
one standard access list can be applied to an interface. The access list filters all outgoing packets
on the interface.
Note For some versions of NetWare, the protocol type field is not a reliable indicator of the
type of packet encapsulated by the IPX header. In these cases, use the source and destination
socket fields to make this determination. For additional information, contact Novell.
Table lists some IPX protocol names and numbers. Table lists some IPX socket names and
numbers. For additional information about IPX protocol numbers and socket numbers, contact
Novell.
Table: Some IPX Protocol Names and Numbers

IPX Protocol IPX Protocol Number Protocol (Packet Type)
Name (Decimal)
-1 any Wildcard; matches any packet type in 900

lists
0 Undefined; refer to the socket number to

determine the packet type
1 rip Routing Information Protocol (RIP)
4 sap Service Advertising Protocol (SAP)
5 spx Sequenced Packet Exchange (SPX)
17 ncp NetWare Core Protocol (NCP)
20 netbios IPX NetBIOS
Table: Some IPX Socket Names and Numbers
IPX Socket Number IPX Socket Socket

(Hexadecimal) Name
0 all All sockets, wildcard used to match all sockets
2 cping Cisco IPX ping packet
451 ncp NetWare Core Protocol (NCP) process
452 sap Service Advertising Protocol (SAP) process
453 rip Routing Information Protocol (RIP) process
455 netbios Novell NetBIOS process
456 diagnostic Novell diagnostic packet
457 Novell serialization socket

4000-7FFF Dynamic sockets; used by workstations for
interaction with file servers and other network
servers
8000-FFFF Sockets as assigned by Novell, Inc.
85BE eigrp IPX Enhanced Interior Gateway Routing

Protocol (EIGRP)
9001 nlsp NetWare Link Services Protocol
9086 nping Novell standard ping packet
To delete an extended access list, specify the minimum number of keywords and arguments needed
to delete the proper access list. For example, to delete the entire access list, use the following
command:
Router(config)#no access-list access-list-number
To delete the access list for a specific protocol, use the following command:
Router(config)#no access-list access-list-number {deny | permit} protocol
Examples:
The following example denies access to all RIP packets from the RIP process socket on source network 1 th
process socket on network 2. It permits all other traffic. This example uses protocol and socket names rathe
Router(config)#access-list 900 deny -1 1 rip 2 rip
Router(config)#access-list 900 permit -1
The following example permits type 2 packets from any socket from host 10.0000.0C01.5234 to access any
networks 1000 through 100F. It denies all other traffic (with an implicit deny all):
Note This type is chosen only as an example. The actual type to use depends on the specific application.
Router(config)#access-list 910 permit 2 10.0000.0C01.5234 0000.0000.0000 0 1000.0000.000
Misconceptions:
None
Related Commands:
ipx access-group
ipx access-list

Command:
Mode:
Router(config)#
Syntax:
access-list access-list-number {deny | permit} {-1 | source-
network | source-network.source-node |source-network.source-node
source-node-mask} [-1 | destination-network |destination-
destination-node-mask]
no access-list access-list-number {deny | permit} {-1 | source-

Syntax Description:
number
source-network Number of the network from which the packet is being sent. This is
an eight-digit hexadecimal number that uniquely identifies a network
cable segment. It can be a number in the range 1 to FFFFFFFE. A
network number of 0 matches the local network. A network number
of -1 matches all networks.

.source-node (Optional) Node on source-network from which the packet is being

sent. This is a 48-bit value represented by a dotted triplet of four-
digit hexadecimal numbers (xxxx.xxxx.xxxx).

.destination- (Optional) Node on destination-network to which the packet is being

node sent. This is a 48-bit value represented by a dotted triplet of four-

masked.
To define a standard IPX access list, use the standard version of the access-list global configuration
command. To remove a standard access list, use the no form of this command.
Standard IPX access lists filter on the source network. All other parameters are optional.
one standard access list can be applied to an interface. The access list filters all outgoing packets on
the interface.
To delete a standard access list, specify the minimum number of keywords and arguments needed
command:
Router (config)#no access-list access-list-number
To delete the access list for a specific network, use the following command:
Router (config)#no access-list access-list-number {deny | permit} source-network
Example:
The following example denies access to traffic from all IPX networks (-1) to destination network 2:
Router(config)#access-list 800 deny -1 2
The following example denies access to all traffic from IPX address 1.0000.0c00.1111:
Router(config)#access-list 800 deny 1.0000.0c00.1111
The following example denies access from all nodes on network 1 that have a source address beginning wit
Router(config)#access-list 800 deny 1.0000.0c00.0000 0000.00ff.ffff
The following example denies access from source address 1111.1111.1111 on network 1 to destination add
2222.2222.2222 on network 2:
Router(config)#access-list 800 deny 1.1111.1111.1111 0000.0000.0000 2.2222.2222.2222 00
or
Router(config)#access-list 800 deny 1.1111.1111.1111 2.2222.2222.2222
Misconceptions:
IPX standard access lists cannot filter based on source and destination addresses (they, in fact,
can).
Related Commands:
ipx access-list
ipx access-group

Command:
deny (extended)
Mode:
Router(config-ext-nacl)#
Syntax:
deny protocol source source-wildcard [operator port] destination
destination-wildcard [operator port][precedence precedence] [tos
tos] [established] [log]
Syntax Description:
Packets can be filtered by precedence level, as specified by a number from 0 to
precedence 7 or by name. The IP precedence is the three leftmost bits in the TOS octet of an
IP header (as defined in RFCs 1349, 1812, 2474 & 2873). This may be set using
the route map or policy map command set ip precedence.
Packets can be filtered by type of service level, as specified by a number from 0
tos to 15 or by name. The TOS Field is bits 3-6 in the TOS octet of IPv4 header
[RFC 1349].
For the TCP protocol only: Indicates an established connection. A match occurs
established if the TCP datagram has the ACK or RST bits set. The nonmatching case is that
of the initial TCP datagram to form a connection.
log Causes an informational logging message about the packet that matches the
entry to be sent to the console.
In access-list configuration mode, specify the conditions allowed or denied. Use the log keyword to
get access list logging messages, including violations.
Example:
The following example makes an entry into an IP named extended access list. This entry denies telnet traffi
from a telnet client originating on host 172.19.99.67 TCP port 11005 from accessing the telnet server runnin
on host 192.168.60.185.
Router(config-ext-nacl)#deny tcp host 172.19.99.67 eq 11005 host 192.168.60.185 eq telne
Misconceptions:
None
Related Commands:
ip access-list (extended)
permit (extended)

Command:
deny (standard)
Mode:
Router(config-std-nacl)#
Syntax:
deny {source [source-wildcard] | any} [log]
Syntax Description:
any applies the list to all sources
(Optional) Causes an informational logging message about the packet that matches
log the entry to be sent to the console. (The level of messages logged to the console is
controlled by the logging console command.)
Number of the network or host from which the packet is being sent. There are
three alternative ways to specify the source:
source Use the keyword any as an abbreviation for a source and source-wildcard of
0.0.0.0 255.255.255.255.
Use host source as an abbreviation for a source and source-wildcard of source
0.0.0.0.
Wildcard bits to be applied to source. Each wildcard bit set to zero indicates that
the corresponding bit position in the packet's ip address must exactly match the bit
source-
wildcard value in the corresponding bit position in the source. Each wildcard bit set to one
indicates that both a zero bit and a one bit in the corresponding position of the
packet's ip address will be considered a match to this access list entry.
In access-list configuration mode, specify one or more conditions denied. Packets matching this
condition will not be allowed to pass through the interface.
Example:
This example adds a entry to an IP standard named access control list that denies all IP traffic from
host 1.2.3.4:
Router(config-std-nacl)#deny 1.2.3.4
Misconceptions:
None
Related Commands:
ip access-list standard
permit (standard)

Command:
dynamic
Mode:
Syntax:
dynamic dynamic-name [timeout minutes] {deny | permit} protocol

source source-wildcard [operator [port]] destination destination-
wildcard [operator [port]] [precedence precedence] [tos tos]
[log]
no dynamic dynamic-name [timeout minutes] {deny | permit} protocol
source source-wildcard [operator [port]] destination destination-
wildcard [operator [port]] [precedence precedence] [tos tos]
[log]
Syntax Description:
Specifies the absolute length of time (in minutes) that a temporary access list
timeout entry can remain in a dynamic access list. The default is an infinite length of time
and allows an entry to remain permanently.
Packets can be filtered by precedence level, as specified by a number from 0 to 7
precedence or by name. The IP precedence is the three leftmost bits in the TOS octet of an IP
header (as defined in RFCs 1349, 1812, 2474 & 2873). This may be set using the
route map or policy map command set ip precedence.
Packets can be filtered by type of service level, as specified by a number from 0
tos to 15 or by name. The TOS Field is bits 3-6 in the TOS octet of IPv4 header
[RFC 1349].
(Optional) Causes an informational logging message about the packet that
log matches the entry to be sent to the console. (The level of messages logged to the
console is controlled by the logging console command.)
To define a named dynamic IP access list, use the dynamic access-list configuration command. To
remove the access lists, use the no form of this command. Use the any keyword as an abbreviation
for a source and source-wildcard of 0.0.0.0 255.255.255.255. Use host source as an abbreviation
for a source and source-wildcard of source 0.0.0.0. Use the any keyword as an abbreviation for a
source and source-wildcard of 0.0.0.0 255.255.255.255.
Example:
The following example defines a named access lists with a dynamic access list entry. The first line
allows any host to telnet to the router to the router (IP address 172.18.21.2). The second line
enables a dynamic list entry called testlist. This entry will allow any IP traffic from the host that
telneted into the router. It also specifies that the temporary access will end after 120 seconds of no
activity.
Router(config-ext-nacl)#permit tcp any host 172.18.21.2 eq telnet
Router(config-ext-nacl)#dynamic testlist timeout 120 permit ip any any
Misconceptions:
None
Related Commands:
access-list

Command:
evaluate
Mode:
Syntax:
evaluate name
Syntax Description:
name The name of the access-list
Used to identify a reflexive access-list. Add an entry that "points" to the reflexive access list. Add
an entry for each reflexive access list name previously defined.
Example:
This example will create an entry in a named access control list that will be used to allow traffic for
sessions that have entries into the reflexive list names "this".
Router(config-ext-nacl)#evaluate this
The entries are put in the list names this with an access statement like:
Router(config-ext-nacl)#permit ip any any reflect this
Misconceptions:
None
Related Commands:
ip reflexive-list

Command:
ip access-group
Mode:
Router(config-if)#
Syntax:
ip access-group access-list-number | access-list-name {in | out}
no ip access-group access-list-number |access-list-name
Syntax Description:
access-list-number | Assigned IP access list number or name

access-list-name
in This defines access control on packets transmitted from the host.
These packets are received into the router interface.
out This defines access control on packets being sent to the host.
These packets are transmitted out of the router interface. The
default is out.
To configure an access list to be used for packets transmitted to and from the host, use the ip
access-group interface configuration command. To disable control over packets transmitted to or
from a host, use the no form of this command.
With this command in effect, various fields within the packet are compared to criteria within the
access list for acceptability and dropped or passed. Some of the fields that can be compared
include: source IP address, destination IP address, protocol, source port number and destination
port number.
Example:
The following example assumes that users are restricted from accessing certain servers, but access
to other hosts can be accessed.
Router(config)#access-list 2 deny 172.16.42.55
Router(config)#access-list 2 permit 172.16.0.0 0.0.255.255
!! Specify the access list interface

Router(config)#async 6
Router(config-if)#async dynamic address
Router(config-if)#ip access-group 2 out
Misconceptions:
None
Related Commands:
access-list

Command:
Mode:
Router(config)#
Syntax:
ip access-list extended name
Syntax Description:
name The name of the access list to be defined.
Define an extended IP access list using a name.
Example:
The following example creates an extended IP access list named "fred". This list permits all IP
traffic from subnet 128.106.0.0 to any location.
Router(config)#ip access-list extended fred
Router(config-ext-nacl)#permit ip 128.106.0.0 0.0.255.255 any
Misconceptions:
None
Related Commands:
permit
deny

Command:
Mode:
Router(config)#
Syntax:
ip access-list standard name
Syntax Description:
name The name of the access-list.
The ip access-list standard command allows one to define a standard IP access list using a name.
Example:
The following example creates an standard IP access list named "myaccesslist". This list denies all
IP traffic from net 192.168.4.0.
Router(config)#ip access-list standard myaccesslist
Router(config-std-nacl)#deny 192.168.4.0 0.0.0.255
Misconceptions:
None
Related Commands:
deny (standard)
permit (standard)

Command:
ip reflexive-list
Mode:
Router(config)#
Syntax:
ip reflexive-list timeout seconds
Syntax Description:
seconds The time (in seconds) for the timeout.
To specify the length of time that reflexive access list entries will continue to exist when no
packets in the session are detected, use the ip reflexive-list command in global configuration
mode.
Example:
This example sets the IP reflexive access list time out to 300 seconds.
Router(config)#ip reflexive-list timeout 300
Misconceptions:
None
Related Commands:
access-list

Command:
periodic
Mode:
Router(config-time-range)#
Syntax:
periodic days-of-the-week hh:mm to [days-of-the-week] hh:mm
Syntax Description:
days-of-
the-week Defines the beginning or ending day of the time range.
Defines the beginning or ending time of the time range. hh is the 24 hour time
hh:mm
and mm is the minute.
To specify a recurring (weekly) time range for functions that support the time-range feature, use
the periodic time-range configuration command. The days-of-the-week argument can be any single
day or combinations of days: Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, and
Sunday, as well as daily (Monday through Sunday), weekdays (Monday through Friday), or
weekend (Saturday and Sunday).
The first occurrence of the hh:mm argument is the starting hours:minutes that the associated time
range is in effect. The second occurrence is the ending hours:minutes the associated statement is in
effect. Times are expressed in a 24 hour clock, therefore 8:00pm would be entered as "20:00".
Entry of the to keyword is required to complete the range "from start-time to end-time."
Example:
The following instruction defines a reoccuring time period of Monday and Tuesday from 8 AM
until 3 PM.
Router(config-time-range)#periodic monday tuesday 8:00 to 15:00
Misconceptions:
None
Related Commands:
access-list
absolute
time-range

Command:
permit (extended)
Mode:
Syntax:
permit protocol source source-wildcard [operator port] destination
destination-wildcard [operator port][precedence precedence] [tos
tos] [established] [log]
no permit protocol source source-wildcard destination

destination-wildcard [precedence precedence] [tos tos] [log]
ICMP
permit icmp source source-wildcard destination destination-
wildcard [icmp-type [icmp-code] | icmp-message] [precedence
precedence] [tos tos] [log]
IGMP
permit igmp source source-wildcard destination destination-
wildcard [igmp-type] [precedence precedence] [tos tos] [log]
TCP
permit tcp source source-wildcard [operator port [port]]
destination destination-wildcard [operator port [port]]
[established] [precedence precedence] [tos tos] [log]
UDP
permit udp source source-wildcard [operator port [port]]
destination destination-wildcard [operator port [port]]
[precedence precedence] [tos tos] [log]
Syntax Description:
source Number of the network or host from which the packet is being sent. There
are two alternative ways to specify the source:
Use the keyword any as an abbreviation for a source and source-wildcard of

0.0.0.0 255.255.255.255.
source-
source- (Optional) Wildcard bits to be applied to the source. There are two
wildcard alternative ways to specify the source wildcard:
Use a 32-bit quantity in four-part, dotted-decimal format. Place ones in the

bit positions to be ignored.
Use the keyword any as an abbreviation for a source and source-wildcard of

0.0.0.0 255.255.255.255.
protocol Name or number of an IP protocol. It can be one of the keywords ahp,
eigrp, esp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, pcp, pim, tcp, or
udp, or an integer in the range 0 to 255 representing an IP protocol number.
To match any Internet protocol (including ICMP, TCP, and UDP), use the
keyword ip. Some protocols allow further qualifiers described later.
source Number of the network or host from which the packet is being sent. There
are three alternative ways to specify the source:

wildcard of 0.0.0.0 255.255.255.255.
Use host source as an abbreviation for a source and source-wildcard of
source 0.0.0.0.
source- Wildcard bits to be applied to source. There are three alternative ways to
wildcard specify the source wildcard:
Use a 32-bit quantity in four-part, dotted-decimal format. Place ones in

the bit positions to be ignored.
wildcard of 0.0.0.0 255.255.255.255.
Use host source as an abbreviation for a source and source-wildcard of
source 0.0.0.0.
destination Number of the network or host to which the packet is being sent. There are
three alternative ways to specify the destination:

Use the keyword any as an abbreviation for the destination and
destination- Wildcard bits to be applied to the destination. There are three alternative
wildcard ways to specify the destination wildcard:
Use a 32-bit quantity in four-part, dotted-decimal format. Place ones in

the bit positions to be ignored.
Use the keyword any as an abbreviation for a destination and
precedence Packets can be filtered by precedence level, as specified by a number from 0
precedence to 7 or by name. The IP precedence is the three leftmost bits in the TOS
octet of an IP header (as defined in RFCs 1349, 1812, 2474 & 2873). This
may be set using the route map or policy map command set ip precedence.
tos tos Packets can be filtered by type of service level, as specified by a number
from 0 to 15 or by name. The TOS Field is bits 3-6 in the TOS octet of IPv4
header [RFC 1349].
icmp-type (Optional) ICMP packets can be filtered by ICMP message type. The type is
a number from 0 to 255. The type is identified in the first byte of the ICMP
datagram and are defined by rfc 792.
icmp-code (Optional) ICMP packets that are filtered by ICMP message type can also be
filtered by the ICMP message code. The code is a number from 0 to 255.
The code is identified in the second byte of the ICMP datagram and are
defined by rfc 792.
icmp-message (Optional) ICMP packets can be filtered by an ICMP message type name or
ICMP message type and code name.
operator (Optional) Compares source or destination ports. Possible operands include
lt (less than), gt (greater than), eq (equal), neq (not equal), and range
(inclusive range).
If the operator is positioned after the source and source-wildcard, it must

match the source port.
If the operator is positioned after the destination and destination-wildcard, it

must match the destination port.
The range operator requires two port numbers. All other operators require
one port number.
number is a number from 0 to 65535. TCP port names can only be used
when filtering TCP. UDP port names can only be used when filtering UDP.
established (Optional) For the TCP protocol only: Indicates an established connection.
A match occurs if the TCP datagram has the ACK or RST bits set. The
nonmatching case is that of the initial TCP datagram to form a connection.
log (Optional) Causes an informational logging message about the packet that
matches the entry to be sent to the console. (The level of messages logged to
the console is controlled by the logging console command.)
The message for a standard list includes the access list number, whether the
packet was permitted or denied, the source address, and the number of
packets.
The message for an extended list includes the access list number; whether
the packet was permitted or denied; the protocol; whether it was TCP, UDP,
ICMP, or a number; and, if appropriate, the source and destination addresses
and source and destination port numbers.
For both standard and extended lists, the message is generated for the first
packet that matches, and then at 5-minute intervals, including the number of
packets permitted or denied in the prior 5-minute interval.
The logging facility might drop some logging message packets if there are
too many to be handled or if there is more than one logging message to be
handled in 1 second. This behavior prevents the router from crashing due to
too many logging packets. Therefore, the logging facility should not be used
as a billing tool or an accurate source of the number of matches to an access
list.
To set conditions for a named IP access list, use the permit access-list configuration command. To
remove a condition from an access list, use the no form of this command.
Example:
The following example makes an entry into an IP named extended access list. This entry permits telnet traff
from a telnet client originating on host 172.19.99.67 TCP port 11005 to access the telnet server running on
192.168.60.185.
Router(config)#ip access-list extended Internetfilter
Router(config-ext-nacl)#permit tcp host 172.19.99.67 eq 11005 host 192.168.60.185 eq tel
Misconceptions:
None
Related Commands:
deny (extended)

Command:
permit (standard)
Mode:
Router(config-std-nacl)#
Syntax:
permit {source [source-wildcard] | any} [log]
Syntax Description:
source Number of the network or host from which the packet is being sent. There are two
alternative ways to specify the source:

source- (Optional) Wildcard bits to be applied to the source. There are two alternative ways
wildcard to specify the source wildcard:
Use a 32-bit quantity in four-part, dotted-decimal format. Place ones in the bit
positions to be ignored.
log (Optional) Causes an informational logging message about the packet that matches
the entry to be sent to the console. (The level of messages logged to the console is
controlled by the logging console command.)
any applies the list to all sources
In access-list configuration mode, specify one or more conditions allowed. Packets matching this
condition will be allowed to pass through the interface.
Example:
This example adds a entry to an IP standard named access control list that permits all IP traffic
from network 36.0.0.0:
Router(config-std-nacl)#permit 36.0.0.0 0.255.255.255
Misconceptions:
None
Related Commands:
deny (standard)

Command:
show access-lists
Mode:
Router#
Syntax:
show access-lists [access-list-number | access-list-name]
Syntax Description:
access-list-number Specifies a specific access-list by number
access-list-name Specifies a specific access-list by name
To display the contents of current access lists, use the show access-lists privileged EXEC
command.
Example:
The following example displays the contents of access list 101.
Router#show access-lists 101
Extended IP access list 101

permit tcp host 198.92.32.130 any established (4304 matches)
permit udp host 198.92.32.130 any eq domain (129 matches)
permit icmp host 198.92.32.130 any
permit tcp host 198.92.32.130 host 171.69.2.141 gt 1023
permit tcp host 198.92.32.130 host 171.69.2.135 eq smtp (2 matches)
permit tcp host 198.92.32.130 host 198.92.30.32 eq smtp
permit udp host 198.92.32.130 host 171.68.225.190 eq syslog
deny ip 150.136.0.0 0.0.255.255 224.0.0.0 15.255.255.255
deny ip 171.68.0.0 0.1.255.255 224.0.0.0 15.255.255.255 (2 matches)
deny ip 172.24.24.0 0.0.1.255 224.0.0.0 15.255.255.255
deny ip 192.82.152.0 0.0.0.255 224.0.0.0 15.255.255.255
deny ip 192.122.173.0 0.0.0.255 224.0.0.0 15.255.255.255
deny ip 192.122.174.0 0.0.0.255 224.0.0.0 15.255.255.255
deny ip 192.135.239.0 0.0.0.255 224.0.0.0 15.255.255.255
deny ip 192.135.240.0 0.0.7.255 224.0.0.0 15.255.255.255
deny ip 192.135.248.0 0.0.3.255 224.0.0.0 15.255.255.255
deny ip 192.150.42.0 0.0.0.255 224.0.0.0 15.255.255.255
Misconceptions:
None
Related Commands:
access-list

Command:
time-range
Mode:
Router(config)#
Syntax:
time-range time-range-name
Syntax Description:
time-range-name The name of the time-range.
To enable time-range configuration mode and define time ranges for functions (such as extended
access lists), use the time-range global configuration command.
Example:
The following example defines a time range named 'noaccessintheevening':
Router(config)#time-range noaccessintheevening
Misconceptions:
None
Related commands:
periodic
absolute

Command:
async
Mode:
Router(config-if)#
Syntax:
async [ dynamic address | dynamic routing | mode [dedicated |
interactive]]
no async [ dynamic address | mode [dedicated | interactive]]
Syntax Description:
dynamic Specifies dynamic asynchronous addressing. In order to use dynamic
address addressing, the router must be in interactive mode, and the user will enter the
address at the EXEC level. It is common to configure an asynchronous interface
to have a default address and to allow dynamic addressing. With this
configuration, the choice between the default address or a dynamic addressing
is made by users when they enter the slip or ppp EXEC command. If the user
enters an address, it is used, and if the user enters the default keyword, the
default address is used.
routing Allow user to run dynamic routing protocols
dedicated Places a line into dedicated asynchronous mode using SLIP or PPP
encapsulation. With dedicated asynchronous network mode, the interface will
use either SLIP or PPP encapsulation, depending on which encapsulation
method is configured for the interface. An EXEC prompt does not appear, and
the router is not available for normal interactive use.
interactive In interactive mode, the line can be used to make any type of connection,
depending on the EXEC command entered by the user. For example, depending
on its configuration, the line could be used for Telnet connections, or SLIP or
PPP encapsulation.
The async interface configuration command is used to establish an asynchronous serial connection.
Example:
The following example sets the mode of the interface to dedicated:
Router(config-if)#async mode dedicated
The following example sets the mode of the interface to interactive:
Router(config-if)#async mode interactive
The following example sets the interface to dynamic address:
Misconceptions:
None
Related Commands:
autoselect
peer default ip address

Command:
dialer in-band
Mode:
Router(config-if)#
Syntax:
dialer in-band [no-parity | odd-parity]
no dialer in-band
Syntax Description:
no-parity This indicates that no parity is to be applied to the dialer string that is sent out to
the modem on synchronous interfaces.
odd-parity This indicates that the dialed number has odd parity (7-bit ASCII characters with
the eighth bit as the parity bit) on synchronous interfaces.
To specify that dial-on-demand routing (DDR) is to be supported, use the dialer in-band interface
configuration command. To disable DDR for the interface, use the no form of this command.
The dialer in-band command specifies that chat scripts will be used on asynchronous interfaces
and V.25 bis will be used on synchronous interfaces. The parity keywords do not apply to
asynchronous interfaces.
The parity setting applies to the dialer string that is sent out to the modem. If a parity is not
specified, or no parity is specified, no parity is applied to the output number. If odd parity is
configured, the dialed number will have odd parity (7-bit ASCII characters with the eighth bit as
the parity bit.)
If an interface only accepts calls and does not place calls, the dialer in-band interface
configuration command is the only command needed to configure it. If an interface is configured in
this manner, with no dialer rotary groups, the idle timer never disconnects the line. It is up to the
remote end (the end that placed the call) to disconnect the line based on idle time.
Example:
The following example specifies DDR for asynchronous interface 1:
Router(config)#interface async 1
Router(config-if)#dialer in-band
The DTR pulse signals for three seconds on the interfaces in dialer group 1. This holds the DTR
low so the modem can recognize that DTR has been dropped.
Router(config-if)#pulse-time 3
Misconceptions:
None
Related Commands:
dialer map
dialer string

Command:
peer default ip address
Mode:
Router(config-if)#
Syntax:
peer default ip address {ip-address | dhcp | pool [pool-name]}
no peer default ip address {ip-address | dhcp | pool [pool-name]}
Syntax Description:
ip- Specific IP address to be assigned to a remote peer dialing in to the interface. To
address prevent duplicate IP addresses from being assigned on more than one interface,
this command argument cannot be applied to a dialer rotary group nor to an ISDN
interface.
dhcp Retrieve an IP address from the DHCP server.
pool Use the global default mechanism as defined by the ip address-pool command
unless the optional pool-name argument is supplied. This is the default.
pool- (Optional) Name of a local address pool created using the ip local pool command.
name Retrieve an address from this pool regardless of the Global Default Mechanism
setting.
Use the peer default ip address interface configuration command to specify an IP address, an
address from a specific IP address pool, or an address from the DHCP mechanism to be returned to
a remote peer connecting to this interface. This command sets the address used on the remote (PC)
side. Use the no form of this command to disable a prior peer IP address pooling configuration on
an interface. To remove the default address from the configuration, use the no form of this
command also.
Example:
The following will assign the distant peer the IP address of 10.0.0.200.
Router(config-if)#peer default ip address 10.0.0.200
Misconceptions:
None
Related Commands:
None

Command:
autoselect
Mode:
Router(config-line)#
Syntax:
autoselect { arap | ppp | slip | during-login | timeout }
no autoselect { arap | ppp | slip | during-login | timeout}
Syntax Description:
arap Configures the Cisco IOS software to allow an ARAP session to start up
automatically.
ppp Configures the Cisco IOS software to allow a PPP session to start up
automatically.
slip Configures the Cisco IOS software to allow a SLIP session to start up
automatically.
timeout Set wait timeout for initial autoselect byte
during- The username and/or password prompt is displayed without pressing the Return
login key. After the user logs in, the autoselect function begins.
To configure a line to start an ARA, PPP, or SLIP session, use the autoselect line configuration
command. Use the no form of this command to disable this function on a line.
Example:
The following will provide a PPP session when PPP headers are detected.
Router(config-line)#autoselect ppp
Misconceptions:
None
Related Commands:
async

Command:
chat-script
Mode:
Router(config)#
Syntax:
chat-script script-name expect send [expect1 send1] [expect2
send2]...
no chat-script script-name
Syntax Description:
script-name Name of the chat script.
expect send Pairs of information elements: an item to expect and an item to send in
response.
To create a script that will place a call over a modem, use the chat-script global configuration
command. Use the no form of this command to disable the specified chat script. script-name is the
name of the chat script to create, and expect-send represents pairs of information elements, an item
to expect and an item to send in response. Chat scripts are in the form expect-send, where the send
string following the hyphen (-) is executed if the preceding expect string fails. Each send string is
followed by a return unless it ends with the escape sequence \c.
Chat Script Escape Sequences

Escape
Description
Sequence
"" Expect a null string.
EOT Send an end-of-transmission character.
Cause a BREAK. This sequence is sometimes simulated with line speed changes
BREAK
and null characters. May not work on all systems.
\c Suppress new line at the end of the send string.
\d Delay for 2 seconds.
\K Insert a BREAK.
\n Send a newline or linefeed character.
\p Pause for 1/4 second.
\r Send a return.
\s Send a space character.
\t Send a table character.
\\ Send a backslash (\) character.
\T Replaced by phone number.
\q Reserved, not yet used.
Example:
The following creates a chat script named "t3000". This chat script uses the special case script modifier AB
if the modem returns ERROR. The first expect-send pair ("" "ATZ") tells the router to expect nothing an
"ATDT \T") tells the router to expect the modem to return with OK. Once the router sees OK, it will issue
modifier TIMEOUT 30 sets the time to wait for the CONNECT string. The CONNECT \c defines when "
(Note that \c is effectively nothing; " " would have indicated nothing followed by a carriage return). This de
Router(config)#chat-script t3000 ABORT ERROR ABORT BUSY ABORT "NO ANSWER" "" "AT H" OK "
Misconceptions:
None
Related Commands:
ppp pap
start-chat
Command:
clear line
Mode:
Router#
Syntax:
clear line line-number | aux number | console number | tty number
| vty number
Syntax Description:
aux Auxiliary line
vty Virtual terminal
console Primary terminal line
tty Terminal controller
line-number The line number to be cleared (Absolute line number)
To return a terminal line to idle state, use the clear line EXEC command. Use this command to log
out of a specific session running on another line. If the line uses a modem, the modem will be
disconnected.
Example:
The following example will clear line number 5.

Router#clear line 5
Misconceptions:
None
Related Commands:
show line

Command:
databits
Mode:
Syntax:
databits {5 | 6 | 7 | 8}
no databits {5 | 6 | 7 | 8}
Syntax Description:
5 Five data bits per character.
6 Six data bits per character.
7 Seven data bits per character.
8 Eight data bits per character. This is the default.
To set the number of data bits per character that are interpreted and generated by the router
hardware, use the databits line configuration command. Use the no form of the command to
restore the default value. The databits line configuration command can be used to mask the high bit
on input from devices that generate 7 data bits with parity. If parity is being generated, specify 7
data bits per character. If no parity generation is in effect, specify 8 data bits per character. The
other keywords are supplied for compatibility with older devices and generally are not used.
Example:
Router(config-line)#databits 7
Misconceptions:
None
Related Commands:
stopbits
parity
show line

Command:
debug confmodem
Mode:
Router#
Syntax:
debug confmodem
no debug confmodem
Syntax Description:
To display information associated with the discovery and configuration of the modem attached to
the router, use the debug confmodem privileged EXEC command. The no form of this command
disables debugging output.
Usage Guidelines:
The debug confmodem command is used in debugging configurations that use the modem
autoconfig command.
Example:
The following is a sample of debug confmodem output. In the first three lines, the router is
searching for a speed at which it can communicate with the modem. The remaining lines show the
actual sending of the modem command.
Router#debug confmodem
TTY4:detection speed(115200) response ------

TTY4:detection speed(38400) response ---OK---
TTY4:Modem command: --AT&F&C1&D2S180=3S190=1S0=1--
TTY4: Modem configuration succeeded
TTY4: Done with modem configuration
Misconceptions:
None
Related Commands:
modem autoconfigure type
modem autoconfigure discovery
debug all

Command:
flowcontrol
Mode:
Syntax:
flowcontrol {none [lock ] [in | out ] | software [lock ] [in | out
] | hardware [in | out ]}
no flowcontrol {none [lock ] [in | out ] | software [lock ] [in |

out ] | hardware [in | out ]}
Syntax Description:
none Turns off flow control
software Sets software flow control. An optional keyword specifies the direction: in causes
the Cisco IOS software to listen to flow control from the attached device, and out
causes the software to send flow control information to the attached device. If you
do not specify a direction, both are assumed.
lock (Optional) Used to make it impossible to turn off flow control from the remote host
when the connected device needs software flow control. This option applies to
connections using the Telnet or rlogin protocols.
hardware Sets hardware flow control. An optional keyword specifies the direction: in causes
the software to listen to flow control from the attached device, and out causes the
software to send flow control information to the attached device. If you do not
specify a direction, both are assumed. For more information about hardware flow
control, see the hardware manual that was shipped with your router.
To set the method of data flow control between the terminal or other serial device and the router,
use the flowcontrol line configuration command. Use the no form of this command to disable flow
control.
Example:
The following command sets the flow control for the line to hardware.
Router(config-line)#flowcontrol hardware
Misconceptions:
None
Related Commands:
speed
transport input
transport output
login
password
flowcontrol
speed
stopbits

Command:
Mode:
Syntax:
no modem autoconfigure
Syntax Description:
To configure a line to discover what kind of modem is connected to the router and to configure that
modem automatically, use the modem autoconfigure discovery line configuration command. Use
the no form of this command to disable this feature. The modem is identified each time the line is
reset. If a modem cannot be detected, the line continues retrying for 10 seconds. When the modem
type is determined, this information remains stored until the modem is recycled or disconnected.
Discovery mode is much slower than configuring a line directly.
Example:
The following example discovers what kind of modem is attached to the router:
Router(config-line)#modem autoconfigure discovery
Misconceptions:
None
Related Commands:
speed
transport input
transport output
login
password
flowcontrol
stopbits

Command:
Mode:
Syntax:
modem autoconfigure type modem-name

no modem autoconfigure type modem-name
Syntax Description:
modem-name The name of the modem (such as Codex_3260).
To direct a line to attempt to configure the attached modem using the entry for modem-name, use
the modem autoconfigure type line configuration command. Use the no form of this command to
disable the feature. The modem is reconfigured each time the line goes down.
Example:
The following example set the line to autoconfigure the router using the Codex_3260 configuration
from the modemcap database:
Router(config-line)#modem autoconfigure type Codex_3260
Misconceptions:
None
Related Commands:
show modemcap
speed
transport input
transport output
login
password
flowcontrol
speed
stopbits

Command:
modem inout
Mode:
Syntax:
modem inout
no modem inout
Syntax Description:
To configure a line for both incoming and outgoing calls, use the modem inout line configuration
command. Use the no form of this command to disable the line. This command uses DSR and
RING signals for carrier detection. The Cisco IOS software does not support any dialing protocols.
The host system software or the user must provide any special dialing commands when using the
modem for outgoing calls.
Example:
The following example illustrates how to configure a line for both incoming and outgoing calls:
Router(config-line)#modem inout
Misconceptions:
None
Related Commands:
speed
login
password
flowcontrol
speed
parity
databits
stopbits

Command:
modemcap edit
Mode:
Router(config)#
Syntax:
modemcap edit modem-name attribute value

no modemcap edit modem-name attribute value
Syntax Description:
modem-name Name of the modem whose values are being edited.

attribute Modem capability, or attribute, as defined by the show modemcap command.
value The AT command equivalent (such as &F).
To change a modem value that was returned from the show modemcap command, use the
modemcap edit global configuration command. The argument modem-name is a modemcap entry,
attribute is a modem function as defined by the show modemcap command, and value is the
modem AT command, such as &F.
Example:
The following example adds the factory default entry, &F, to the configuration file. This entry, and
others like it, are stored in a database that is referenced.
Router(config)#modemcap edit Codex_3250 factory-default &F
Misconceptions:
None
Related Commands:
modemcap entry
show modemcap

Command:
modemcap entry
Mode:
Router(config)#
Syntax:
modemcap entry modem-type
no modemcap entry modem-type
Syntax Description:
modem-type Name of the modem whose values are being edited.
To store and compress information about the capability of a specified modem, use the modemcap
entry command. Use the no form of this command to disable the feature.
Example:
The following example shows the modem capability in a Codex_3260:
Router(config)#modemcap entry Codex_3250
Misconceptions:
None
Related Commands:
show modemcap
modemcap edit

Command:
parity
Mode:
Syntax:
parity {none | even | odd | space | mark}
Syntax Description:
none No parity
even Even parity
odd Odd parity
space Space parity
mark Mark parity
To define generation of a parity bit, use the parity line configuration command. Use the no form
of the command to specify no parity.
Example:
The following example changes the default of no parity to odd parity:
Router(config-line)#parity odd
Misconceptions:
None
Related Commands:
stopbits
databits
show line

Command:
speed (async)
Mode:
Syntax:
speed bps
no speed
Syntax Description:
bps The speed of the line in bits per second.
To set the terminal speed (how fast the terminal sends and receives information to/from the
modem), use the speed line configuration command. The default is 9600 bps.
Usage Guidelines:
Set the speed to match the transmission rate of the device that is connected to the port. Some baud
rates available on devices connected to the port might not be supported on the router. The router
indicates whether the speed selected is not supported.
Use the Table below as a guide for setting line speeds.
Router Model Baud Rates
Cisco 7000 50, 75, 110, 134, 150, 200, 300, 600, 1050, 1200, 2000, 2400,
4800, 9600, 19200, 38400
Cisco 2500 access servers Any speed from 50 to 115200
Cisco 2500 routers, Cisco 75, 110, 134, 150, 300, 600, 1200, 2000, 2400, 4800, 1800,
4000 series 9600, 19200, 38400
Example:
The following sets the line transmit and receive speed for 115200 bits per second.
Router (config)#line 1 2
Router (config-line)#speed 115200
Misconceptions:
None
Related commands:
transport input
transport output
login
password
flowcontrol
speed
stopbits

Command:
start-chat
Mode:
Router#
Syntax:
start-chat regexp [ line-number | aux number| console number |
tty number | vty number] [dialer-string]
Syntax Description:
Specifies the name of a regular expression or modem script to be executed. If there

regexp is more than one script with a name that matches the argument regexp, the first
script found will be used.
(Optional) Indicates the line number on which to execute the chat script. If a line
number is not specified, the current line number is chosen. If the specified line is
line-
number busy, the script is not executed and an error message appears. If the dialer-string
argument is specified, a line-number must be entered; it is not optional if a dialer
string is specified.
(Optional) String of characters (often a telephone number) to be sent to a DCE. If a
dialer-
string dialer string is entered, a line-number must also be specified, or the chat script
regexp will not start.
To specify that a chat script start on a specified line at any point, use the start-chat privileged
EXEC command. Use the no form of this command to stop the chat script. This command
provides modem dialing commands for a chat script to be applied immediately to a line. If a line is
not specified, the script runs on the current line. If the specified line is already in use, the script is
not activated and an error message appears. This command functions only on physical terminal
(TTY) lines. It does not function on virtual terminal (VTY) lines.
Example:
The following will execute chat script "telebit" on line 8.
Router#start-chat telebit line 8
Misconceptions:
None
Related commands:
debug chat
chat-script

Command:
stopbits
Mode:
Syntax:
stopbits {1 | 1.5 | 2 }
no stopbits
Syntax Description:
1 One stop bit
1.5 One and one-half stop bits
2 Two stop bits
Communication protocols provided by devices such as terminals and modems often require a
specific stop-bit setting. To set the number of the stop bits transmitted per byte, use the stopbits
line configuration command. Use the no form of the command to restore the default value of 2.
Example:
The following example changes the default from 2 stop bits to 1 as a performance enhancement:
Router(config-line)#stopbits 1
Misconceptions:
None
Related commands:
speed
transport input
transport output
login
password
flowcontrol
speed

Command:
transport input
Mode:
Syntax:
transport input {all | lat | mop | nasi | none | pad | rlogin |
ssh | telnet | v120}
no transport input
Syntax Description:
all Selects all protocols.
lat Selects the Digital LAT protocol and specifies both incoming reverse LAT and host-
initiated connections.
mop Selects Maintenance Operation Protocol (MOP).
nasi Select NetWare Access Servers Interface (NASI) as the input transport protocol.
none Prevents any protocol selection on the line. This makes the port unusable by incoming
connections.
pad Selects X.3 PAD incoming connections.
rlogin Selects the UNIX rlogin protocol.
ssh Selects the Secure Shell (SSH) protocol.
telnet Specifies all types of incoming TCP/IP connections.
v120 Select the V.120 protocol for incoming async over ISDN connections.
To define which protocols to use to connect to a specific line of the router, use the transport input
line configuration command.
One protocol, multiple protocols, all protocols, or no protocols can be specified. To specify
multiple protocols, enter the keyword for each protocol, separated by a space.
This command can be useful in distributing resources among different types of users, or making
certain that only specific hosts can access a particular port. When using two-step protocol
translation, the transport input command is useful in controlling exactly which protocols can be
translated to other protocols.
Access lists for each individual protocol can be defined in addition to the allowances created by the
transport input command. Any settings made with the transport input command override
settings made with the transport preferred command.
Usage Guidelines:
Cisco routers do not accept incoming network connections to asynchronous ports (TTY lines) by
default. An incoming transport protocol has to be specified, or specify transport input all before the
line will accept incoming connections. For example, if you are using your router as a terminal
server to make console-port connections to routers or other devices, you will not be able to use
Telnet to connect to these devices. You will receive the message "Connection Refused." This
behavior is new as of Cisco IOS Software Release 11.1. Previous to release 11.1, the default was
transport input all. If upgrading to Cisco IOS software version 11.1(1) or later from Cisco IOS
software Release 11.0 or earlier, the transport input {protocol | all} command must be added,
otherwise the Telnet session will not function and router access will be denied.
Example:
The following example sets the incoming protocol to Telnet for vtys 0 to 4:
Router(config)#line vty 0 4
Router(config-line)#transport input telnet
Misconceptions:
None
Related commands:
transport output

Command:
transport output
Mode:
Syntax:
transport output {all | lat | mop | nasi | none | pad | rlogin |
telnet | v120}
no transport output
Syntax Description:
all Selects all protocols.
lat Selects the Digital LAT protocol, which is the protocol used most often to connect
routers to Digital hosts.
mop Selects Maintenance Operation Protocol (MOP).
nasi Select NetWare Access Server Interface (NASI) as the output transport protocol.
none Prevents any protocol selection on the line. The system normally assumes that any
unrecognized command is a host name. If the protocol is set to none, the system no
longer makes that assumption. No connection will be attempted if the command is not
recognized.
pad Selects X.3 PAD, used most often to connect routers to X.25 hosts.
rlogin Selects the UNIX rlogin protocol for TCP connections. The rlogin setting is a special
case of Telnet. If an rlogin attempt to a particular host has failed, the failure will be
tracked, and subsequent connection attempts will use Telnet instead.
telnet Selects the TCP/IP Telnet protocol. It allows a user at one site to establish a TCP
connection to a login server at another site.
v120 Select the V.120 protocol for outgoing asynchronous over ISDN connections.
To determine the protocols that can be used for outgoing connections from a line, use the
transport output line configuration command. The default setting is Telnet.
You can specify one protocol, multiple protocols, all protocols, or no protocols. To specify
multiple protocols, enter the keyword for each protocol, separated by a space.
Any settings made with the transport output command override settings made with the
transport preferred command.
Example:
The following example prevents any protocol selection:
Router(config-line)#transport output none
Misconceptions:
None
Related commands:
transport input

Command:
address-family ipv4
Mode:
Router(config-router)#
Syntax:
address-family ipv4 [multicast | unicast | vrf vrf-name]
no address-family ipv4 [multicast | unicast | vrf vrf-name]
Syntax Description:
multicast (Optional) Specifies IP Version 4 multicast address prefixes.
unicast (Optional) Specifies IP Version 4 unicast address prefixes.
vrf vrf- (Optional) Specifies the name of the virtual routing and forwarding (VRF)
name instance to associate with subsequent IP Version 4 address family
configuration mode commands.
To enter address family configuration mode for configuring routing sessions such as BGP that use
standard IP Version 4 address prefixes, use the address-family ipv4 router configuration
command. To disable address family configuration mode, use the no form of this command.
Usage Guidelines:
The address-family ipv4 command places the router in address family configuration mode, from
which you can configure routing sessions that use standard IP Version 4 address prefixes. To leave
address family configuration mode and return to router configuration mode, type exit.
Routing information for address family IP Version 4 is advertised by default when you configure a
BGP routing session using the neighbor remote-as command unless you enter the no bgp default
ipv4-unicast command.
The address-family ipv4 command replaces the match nlri and set nlri commands.
Example:
The following example places the router in address family configuration mode for the IP Version 4
address family:
Router(config)# router bgp 100

Router(config-router)# address-family ipv4
Router(config-router-af)#
The following example places the router in address family configuration mode and specifies
multicast address prefixes for the IP Version 4 address family:

Router(config-router)# address-family ipv4 multicast
unicast address prefixes for the IP Version 4 address family:

Router(config-router)# address-family ipv4 unicast
The following example places the router in address family configuration mode and specifies cisco
as the name of the VRF instance to associate with subsequent IP Version 4 address family
configuration mode commands:
Router(config-router)# address-family ipv4 vrf cisco
Misconceptions:
None
Related Commands:
network (BGP)
neighbor weight
neighbor route-reflector-client
neighbor route-map
neighbor prefix-list
neighbor peer-group (creating)
neighbor peer-group (assigning members)
neighbor filter-list
neighbor advertisement-interval
maximum-paths
aggregate-address

Command:
aggregate-address
Mode:
Syntax:
aggregate-address address mask [as-set] [summary-only] [suppress-
map map-name] [advertise-map map-name] [attribute-map map-name]
no aggregate-address address mask [as-set] [summary-only]
[suppress-map map-name] [advertise-map map-name] [attribute-map
map-name]
Syntax Description:
as-set Generates autonomous system set path information
summary-only Filters all more-specific routes from updates
suppress-map Name of the route map used to select the routes to be suppressed
advertise-map Name of the route map used to select the routes to create AS_SET origin
communities
attribute-map Name of route map used to set the attribute of the aggregate route
To create an aggregate entry in a BGP or multicast BGP database, use the aggregate-address
command in address family or router configuration mode.
Example:
The following example shows how to create the aggregate route for 193.*.*.*, and also suppress
advertisements of more specific routes to all neighbors:
Router(config)#router bgp 5
Router(config-router)#aggregate-address 193.0.0.0 255.0.0.0 summary-only
In the following example, a multiprotocol BGP aggregate address is created in address family
configuration mode and applied to the multicast database only using an IP Version 4 address
family. More-specific routes are filtered from updates.
Router(config-router)#address-family ipv4 multicast
Router(config-router-af)#aggregate-address 193.0.0.0 255.0.0.0 summary-only
Misconceptions:
None
Related Commands:
address-family ipv4

Command:
bgp always-compare-med
Mode:
Syntax:
bgp always-compare-med
no bgp always-compare-med
Syntax Description:
To allow the comparison of the Multi Exit Discriminator (MED) for paths from neighbors in
different autonomous systems, use the bgp always-compare-med router configuration command.
To disallow the comparison, use the no form of this command.
Example:
The following example configures the BGP speaker in autonomous system 109 to compare MEDs
among alternative paths, regardless of the autonomous system from which the paths are received:
Router(config-router)#bgp always-compare-med
Misconceptions:
None
Related Commands:
None

Command:
bgp default local-preference
Mode:
Syntax:
bgp default local-preference value
no bgp default local-preference value
Syntax Description:
value Local preference value range from 0 to 4294967295. A higher value is preferred.
To change the default local preference value, use the bgp default local-preference router
configuration command. Local preference value from 0 to 429496729. Higher is more preferred.
Example:
The following example raises the default local preference value from the default of 100 to 200:
Router(config-router)#bgp default local-preference 200
Misconceptions:
None
Related Commands:
None

Command:
clear ip bgp
Mode:
Router#
Syntax:
clear ip bgp {* | address | peer-group-name } [soft [in | out ]]
Syntax Description:
* Resets all current BGP sessions
neighbor-address Resets only the identified BGP neighbor.
peer-group-name Resets the specified BGP peer group.
out (Optional) Triggers outbound soft
reconfiguration. If the in or out option is not
specified, both inbound and outbound soft reset
are triggered.
in (Optional) Triggers inbound soft
reconfiguration. If the in or out option is not
specified, both inbound and outbound soft reset
are triggered.
(Optional) Soft reset. Does not reset the
soft
session.
To force BGP to clear its table and reset all BGP sessions or to reset individual BGP connections,
use the clear ip bgp privileged EXEC command.
Usage Guidelines
If BGP soft reconfiguration is specified, by including the soft keyword, the sessions are not reset
and the router sends all routing updates again. To generate new inbound updates without resetting
the BGP session, the local BGP speaker should store all received updates without modification
regardless of whether it is accepted by the inbound policy, using the neighbor soft-
reconfiguration command. This process is memory intensive and should be avoided if possible.
Outbound BGP soft configuration does not have any memory overhead. An outbound
reconfiguration can be triggered on the other side of the BGP session to make the new inbound
policy take effect.
Use this command whenever any of the following changes occur:
Additions or changes to the BGP-related access lists

Changes to BGP-related weights
Changes to BGP-related distribution lists
Changes in the BGP timer's specifications
Changes to the BGP administrative distance
Changes to BGP-related route maps
Example:
The following example resets all current BGP sessions:

Router#clear ip bgp *
The following example resets a specific BGP session:

Router#clear ip bgp 10.0.0.0
Misconceptions:
None
Related Commands:
show ip bgp
neighbor soft-reconfiguration

Command:
ip as-path access-list
Mode:
Router(config)#
Syntax:
ip as-path access-list access-list-number {permit | deny } as-

regular-expression
no ip as-path access-list access-list-number {permit | deny } as-
regular-expression
Syntax Description:
access-list- Integer from 1 to 199 that indicates the regular expression access list
number number.
permit Permits access for matching conditions.
deny Denies access to matching conditions.
as-regular- Autonomous system in the access list using a regular expression. See the
expression "Regular Expressions" appendix in the Dial Solutions Command Reference
for information about forming regular expressions.
To define a BGP-related access list, use the ip as-path access-list global configuration command.
To disable use of the access list, use the no form of this command.
Usage Guidelines:
An access list filter can be spcified on both inbound and outbound BGP routes. In addition,
weights can be assigned based on a set of filters. Each filter is an access list based on regular
expressions. If the regular expression matches the representation of the autonomous system path of
the route as an ASCII string, then the permit or deny condition applies. The autonomous system
path does not contain the local autonomous system number. Use the ip as-path access-list global
configuration command to define an BGP access list, and the neighbor router configuration
command to apply a specific access list.
Example:
The following example specifies that the BGP neighbor with IP address 128.125.1.1 is not sent
advertisements about any path through or from the adjacent autonomous system 123:
Router (config)#ip as-path access-list 1 deny _123_
Router (config)#ip as-path access-list 1 deny ^123$
Router (config)#router bgp 109

Router (config-router)#network 131.108.0.0
Router (config-router)#neighbor 129.140.6.6 remote-as 123
Router (config-router)#neighbor 128.125.1.1 filter-list 1 out
Misconceptions:
None
Related Commands:

Command:
maximum-paths
Mode:
Syntax:
maximum-paths maximum
no maximum-paths
Syntax Description:
Maximum number of parallel routes an IP routing protocol installs in a routing table,

maximum
in the range 1 to 6.
To control the maximum number of parallel routes an IP routing protocol can support, use the
maximum-paths command in address family or router configuration mode. To restore the default
value, use the no form of this command. The default for Border Gateway Protocol (BGP) is one
path.
Examples:
The following router configuration example allows a maximum of two paths to a destination:
Router(config-router)#maximum-paths 2
The following address family configuration example allows a maximum of two paths to a
destination:
Router(config-router)#address-family ipv4 multicast
Router(config-router-af)#maximum-paths 2
Misconceptions:
None
Related Commands:
address-family ipv4

Command:
Mode:
Syntax:
neighbor {ip-address | peer-group-name} advertisement-interval
seconds
no neighbor {ip-address | peer-group-name} advertisement-interval
seconds
Syntax Description:
ip-address Neighbor's IP address
peer-group-name Name of a BGP peer group
seconds Time (in seconds) is specified by an integer from 0 to 600.
To set the minimum interval between the sending of BGP routing updates, use the neighbor
advertisement-interval command in address family or router configuration mode. To remove an
entry, use the no form of this command.
Example:
The following router configuration mode example sets the minimum time between sending BGP
routing updates to 240 seconds:
Router(config-router)#neighbor 172.25.21.5 advertisement-interval 240
The following address family configuration mode example sets the minimum time between
sending BGP routing updates to 10 seconds:
Router(config-router)#address-family ipv4 unicast
Router(config-router-af)#neighbor 4.4.4.4 advertisement-interval 10
Misconceptions:
None
Related Commands:
address-family ipv4

Command:
neighbor ebgp-multihop
Mode:
Syntax:
neighbor {ip-address | peer-group-name} ebgp-multihop [ttl]
no neighbor {ip-address | peer-group-name} ebgp-multihop [ttl]
Syntax Description:
ip-address IP address of the BGP-speaking neighbor
ttl (Optional) Time-to-live in the range 1 to 255 hops
To accept and attempt BGP connections to external peers residing on networks that are not directly
connected, use the neighbor ebgp-multihop router configuration command. To return to the
default (allow peering with only directly connected neighbors), use the no form of this command.
Usage Guidelines:
If you specify a BGP peer group by using the peer-group-name argument, all the members of the
peer group will inherit the characteristic configured with this command. To prevent the creation of
loops through oscillating routes, the multihop will not be established if the only route to the
multihop peer is the default route (0.0.0.0).
Example:
The following example allows connections to or from neighbor 131.108.1.1, which resides on a
network that is not directly connected:
Router(config-router)#neighbor 131.108.1.1 ebgp-multihop
Misconceptions:
None
Related Commands:
router bgp
neighbor peer-group
neighbor remote-as

Command:
Mode:
Syntax:
neighbor {ip-address | peer-group-name} filter-list access-list-
number {in | out | weight weight}
Syntax Description:
ip-address IP address of the neighbor

peer-group-
name Name of a BGP peer group
access- Number of an autonomous system path access list. You define this access list
list-number with the ip as-path access-list command.
in Access list applied to incoming routes
out Access list applied to outgoing routes
weight Assigns a relative importance to incoming routes matching autonomous system
paths. Acceptable values are 0 to 65535. (The weight keyword was removed in
Release 12.1)
To set up a BGP filter, use the neighbor filter-list command in address family or router
configuration mode. To disable this function, use the no form of this command.
Example:
In the following router configuration mode example, the BGP neighbor with IP address
128.125.1.1 is not sent advertisements about any path through or from the adjacent autonomous
system 123:
Router(config)#ip as-path access-list 1 deny _123_
Router(config)#ip as-path access-list 1 deny ^123$
Router(config-router)#network 131.108.0.0
Router(config-router)#neighbor 129.140.6.6 remote-as 123
outer(config-router)#neighbor 128.125.1.1 filter-list 1 out
In the following address family configuration mode example, the BGP neighbor with IP address
128.125.1.1 is not sent advertisements about any path through or from the adjacent autonomous
system 123:
Router(config)#ip as-path access-list 1 deny _123_
Router(config)#ip as-path access-list 1 deny ^123$
Router(config-router-af)#network 131.108.0.0
Router(config-router-af)#neighbor 129.140.6.6 remote-as 123
Router(config-router-af)#neighbor 128.125.1.1 remote-as 47
Router(config-router-af)#neighbor 128.125.1.1 filter-list 1 out
Misconceptions:
None
Related Commands:
address-family ipv4

Command:
neighbor maximum-prefix
Mode:
Syntax:
neighbor {ip-address | peer-group-name} maximum-prefix maximum
[threshold] [warning-only]
no neighbor {ip-address | peer-group-name} maximum-prefix maximum
Syntax Description:
ip-address IP address of the neighbor
peer-group- Name of a BGP peer group
name
maximum Maximum number of prefixes allowed from this neighbor
threshold (Optional) Integer specifying at what percentage of maximum the router starts to
generate a warning message. The range is from 1 to 100 percent. The default is 75
(percent).
warning- (Optional) Allows the router to generate a log message when the maximum is
only exceeded, instead of terminating the peering
To control how many prefixes can be received from a neighbor, use the neighbor maximum-
prefix router configuration command. To disable this function, use the no form of this command.
Usage Guidelines:
When the number of received prefixes exceeds the maximum number configured, the router
terminates the peering (by default). However, if the keyword warning-only is configured, the
router sends only a log message instead and continues peering with the sender. If the peer is
terminated, the peer stays down until the clear ip bgp command is issued.
Example:
The following example sets the maximum number of prefixes allowed from the neighbor at
129.140.6.6 to 1000:

Router(config-router)#neighbor 129.140.6.6 maximum-prefix 1000
Misconceptions:
None
Related Commands:
clear ip bgp

Command:
neighbor next-hop-self
Mode:
Syntax:
neighbor {ip-address | peer-group-name} next-hop-self
no neighbor {ip-address | peer-group-name} next-hop-self
Syntax Description:
To configure the router as the next hop for a BGP-speaking neighbor or peer group, use the
neighbor next-hop-self router configuration command. To disable this feature, use the no form of
this command. This command is useful in nonmeshed networks (such as Frame Relay or X.25)
where BGP neighbors may not have direct access to all other neighbors on the same IP subnet.
Example:
The following example forces all updates destined for 131.108.1.1 to advertise this router as the
next hop:
Router(config-router)#neighbor 131.108.1.1 next-hop-self
Misconceptions:
None
Related Commands:

Command:
Mode:
Syntax:
neighbor ip-address peer-group peer-group-name
no neighbor ip-address peer-group peer-group-name
Syntax Description:
ip-address IP address of the BGP neighbor that belongs to the peer group specified by the
peer-group-name argument
peer-group- Name of the BGP peer group to which this neighbor belongs
name
To configure a BGP neighbor to be a member of a peer group, use the neighbor peer-group
command in address family or router configuration mode. To remove the neighbor from the peer
group, use the no form of this command. The neighbor at the IP address indicated inherits all the
configured options of the peer group.
Example:
The following router configuration mode example assigns three neighbors to the peer group named
internal:
Router(config-router)#neighbor 171.69.232.53 peer-group internal
The following address family configuration mode example assigns three neighbors to the peer
group named internal:
Router(config-router-af)#neighbor 171.69.232.53 peer-group internal
Misconceptions:
None
Related Commands:
address-family ipv4
neighbor shutdown

Command:
Mode:
Syntax:
neighbor peer-group-name peer-group

no neighbor peer-group-name peer-group
Syntax Description:
peer-group-name Name of the BGP peer group.
To create a BGP or multiprotocol BGP peer group, use the neighbor peer-group command in
address family or router configuration mode. To remove the peer group and all of its members, use
the no form of this command.
Usage Guidelines:
Often in a BGP speaker, there are many neighbors configured with the same update policies (the
same outbound route maps, distribute lists, filter lists, update source, and so on). Neighbors with
the same update policies can be grouped into peer groups to simplify configuration and make
update calculation more efficient. Once a peer group is created with the neighbor peer-group
command, it can be configured with the other neighbor commands.
Example:
The following router configuration mode example creates a BGP peer group named external-peers:

Router(config-router)#neighbor external-peers peer-group
The following address family configuration mode example creates a BGP peer group named my
group. All members of the peer-group are multicast capable:
Router (config-router)#address-family ipv4 multicast
Router (config-router-af)#neighbor my group peer-group
Misconceptions:
None
Related Commands:
clear ip bgp
address-family ipv4

Command:
Mode:
Syntax:
neighbor {ip-address | peer-group-name} prefix-list prefix-
listname {in | out}
no neighbor {ip-address | peer-group-name} prefix-list prefix-
listname {in | out}
Syntax Description:
prefix-list-name Name of a prefix list
ip-address IP address of neighbor
in Filter incoming updates
out Filter outgoing updates
To distribute BGP neighbor information as specified in a prefix list, use the neighbor prefix-list
command in address family or router configuration mode. To remove an entry, use the no form of
this command.
Example:
The following router configuration mode example applies the prefix list named abc to incoming
advertisements to neighbor 120.23.4.1:
Router(config-router)#neighbor 120.23.4.1 prefix-list abc in
The following address family configuration mode example applies the prefix list named abc to
incoming advertisements to neighbor 120.23.4.1:
Router(config-router-af)#neighbor 120.23.4.1 prefix-list abc in
Misconceptions:
None
Related Commands:

Command:
neighbor remote-as
Mode:
Syntax:
neighbor {ip-address | peer-group-name} remote-as as-number
no neighbor {ip-address | peer-group-name} remote-as as-number
Syntax Description:
as-number Autonomous system to which the neighbor belongs
To add an entry to the BGP or multiprotocol BGP neighbor table, use the neighbor remote-as
router configuration command. To remove an entry from the table, use the no form of this
command.
Usage Guidelines:
Specifying a neighbor with an autonomous system number that matches the autonomous system
number specified in the router bgp global configuration command identifies the neighbor as
internal to the local autonomous system. Otherwise, the neighbor is considered external. If you
specify a BGP peer group by using the peer-group-name argument, all the members of the peer
group will inherit the characteristic configured with this command.
Example:
The following example specifies that a router at the address 131.108.1.2 is a neighbor in
autonomous system number 109:
Misconceptions:
None
Related Commands:
router bgp
neighbor peer-group

Command:
neighbor route-map
Mode:
Syntax:
neighbor {ip-address | peer-group-name} route-map map-name {in |
out}
no neighbor {ip-address | peer-group-name} route-map map-name {in
| out }
Syntax Description:
peer-group-name Name of a BGP or multiprotocol BGP peer group
map-name Name of route map
in Apply to incoming updates
out Apply to outgoing updates
To apply a route map to incoming or outgoing routes, use the neighbor route-map command in
address family or router configuration mode. To remove a route map, use the no form of this
command.
Usage Guidelines:
When specified in address family configuration mode, this command applies a route map to that
particular address family only. When specified in router configuration mode, this command applies
a route map to IP Version 4 unicast routes only. If an outbound route map is specified, it is proper
behavior to only advertise routes that match at least one section of the route map.
If a BGP or multiprotocol BGP peer group is specified by using the peer-group-name argument, all
the members of the peer group will inherit the characteristic configured with this command.
Specifying the command for a neighbor overrides the inbound policy that is inherited from the peer
group.
Example:
The following router configuration mode example applies a route map named internal-map to a
BGP incoming route from 198.92.70.24:
Router(config-router)#neighbor 198.92.70.24 route-map internal-map in
The following address family configuration mode example applies a route map named internal-
map to a multiprotocol BGP incoming route from 198.92.70.24:
Router (config-router-af)#neighbor 198.92.70.24 route-map internal-map in
Misconceptions:
None
Related Commands:
address-family ipv4
neighbor remote-as
route-map

Command:
Mode:
Syntax:
neighbor ip-address route-reflector-client
no neighbor ip-address route-reflector-client
Syntax Description:
ip address IP address of the BGP neighbor being identified as a client
To configure the router as a BGP route reflector and configure the specified neighbor as its client,
use the neighbor route-reflector-client command in address family or router configuration mode.
To indicate that the neighbor is not a client, use the no form of this command.
Usage Guidelines:
By default, all internal BGP (iBGP) speakers in an autonomous system must be fully meshed, and
neighbors do not readvertise iBGP learned routes to neighbors, thus preventing a routing
information loop. When all the clients are disabled, the local router is no longer a route reflector.
If you use route reflectors, all iBGP speakers need not be fully meshed. In the route reflector
model, an Interior BGP peer is configured to be a route reflector responsible for passing iBGP
learned routes to iBGP neighbors. This scheme eliminates the need for each router to talk to every
other router.
Example:
In the following router configuration mode example, the local router is a route reflector. It passes
learned iBGP routes to the neighbor at 198.92.70.24.
Router(config-router)#neighbor 198.92.70.24 route-reflector-client
In the following address family configuration mode example, the local router is a route reflector. It
passes learned iBGP routes to the neighbor at 198.92.70.24.
Router(config-router-af)#neighbor 198.92.70.24 route-reflector-client
Misconceptions:
None
Related Commands:
neighbor ebgp-multihop
show ip bgp
address-family ipv4
router bgp
neighbor remote-as

Command:
neighbor shutdown
Mode:
Syntax:
neighbor {ip-address | peer-group-name} shutdown
no neighbor {ip-address | peer-group-name} shutdown
Syntax Description:
To disable a neighbor or peer group, use the neighbor shutdown router configuration command.
To reenable the neighbor or peer group, use the no form of this command.
Example:
The following example disables any active session for the neighbor 171.34.23.22:
Router(config-router)#neighbor 171.34.23.22 shutdown
The following example disables all peering sessions for the peer group named internal:
Routere(config-router)#neighbor internal shutdown
Misconceptions:
None
Related Commands:
None
Command:
neighbor soft-reconfiguration
Mode:
Syntax:
neighbor {ip-address | peer-group-name} soft-reconfiguration

[inbound]
no neighbor {ip-address | peer-group-name} soft-reconfiguration

[inbound]
Syntax Description:

inbound (Optional) Indicates that the update to be stored is an incoming update.
To configure the Cisco IOS software to start storing updates, use the neighbor soft-
reconfiguration router configuration command. To not store received updates, use the no form of
this command.
Example:
The following example enables inbound soft reconfiguration for the neighbor 131.108.1.1. All the
updates received from this neighbor will be stored unmodified, regardless of the inbound policy.
When inbound soft reconfiguration is done later, the stored information will be used to generate a
new set of inbound updates.

Router (config-router)#neighbor 131.108.1.1 soft-reconfiguration inbound
Misconceptions:
None
Related Commands:
neighbor remote-as
clear ip bgp

Command:
neighbor timers
Mode:
Syntax:
neighbor [ip-address | peer-group-name] timers keepalive holdtime

no neighbor [ip-address | peer-group-name] timers keepalive
holdtime
Syntax Description:
ip-address (Optional) A BGP peer or peer group IP address
peer-group- (Optional) Name of the BGP peer group
name
keepalive Frequency, in seconds, with which the Cisco IOS software sends keepalive
messages to its peer. The default is 60 seconds.
holdtime Interval, in seconds, after not receiving a keepalive message that the software
declares a peer dead. The default is 180 seconds.
To set the timers for a specific BGP peer or peer group, use the neighbor timers router
configuration command. To clear the timers for a specific BGP peer or peer group, use the no form
of this command.
Example:
The following example changes the keepalive timer to 70 seconds and the hold-time timer to 210
seconds for the BGP peer 192.98.47.0:
Router (config-router)#neighbor 192.98.47.0 timers 70 210

Misconceptions:
None
Related Commands:
None

Command:
neighbor update-source
Mode:
Syntax:
neighbor {ip-address | peer-group-name} update-source interface-

type
no neighbor {ip-address | peer-group-name} update-source
interface-type
Syntax Description:
interface-type Interface to be used as the source
To have the Cisco IOS software allow Border Gateway Protocol (BGP) sessions to use a specific
operational interface for TCP connections, use the neighbor update-source router configuration
command. To restore the interface assignment to the closest interface, which is called the best local
address, use the no form of this command. This feature works in conjunction with any specified
interface on the router. The loopback interface is the interface that is most commonly used.
Example:
The following example sources BGP TCP connections for the specified neighbor with the IP
address of the loopback interface rather than the best local address:
Router (config-router)#network 160.89.0.0
Router (config-router)#neighbor 160.89.2.3 update-source loopback0

Misconceptions:
None
Related Commands:
neighbor remote-as

Command:
neighbor weight
Mode:
Syntax:
neighbor {ip-address | peer-group-name} weight number
no neighbor {ip-address | peer-group-name} weight number
Syntax Description:
ip-address Neighbor's IP address.
peer-group-name Name of a BGP peer group.
number Weight to assign. Acceptable values are 0 to 65535.
To assign a weight to a neighbor connection, use the neighbor weight command in address family
or router configuration mode. To remove a weight assignment, use the no form of this command.
Example:
The following router configuration mode example sets the weight of all routes learned via
151.23.12.1 to 50:
Router(config-router)#neighbor 151.23.12.1 weight 50
The following address family configuration mode example sets the weight of all routes learned via
151.23.12.1 to 50:

Router (config-router-af)#neighbor 151.23.12.1 weight 50
Misconceptions:
None
Related Commands:
address-family ipv4
router bgp
neighbor remote-as
neighbor route-map

Command:
network (BGP)
Mode:
Syntax:
network network-number [mask network-mask]
no network network-number [mask network-mask]
Syntax Description:
network-
number Network that BGP or multiprotocol BGP will advertise
network-
mask (Optional) Network mask address
mask (Optional) Network or subnetwork mask. If the mask keyword is configured,

then an exact match must exist in the routing table.
To specify the networks to be advertised by the BGP and multiprotocol BGP routing processes, use
the network command in address family or router configuration mode. To remove an entry, use
Example:
The following router configuration mode example sets up network 131.108.0.0 to be included in
the BGP updates:
The following address-family mode configuration example sets up network 131.108.0.0 to be included in the
multiprotocol BGP updates:
Router (config-router)#address family ipv4 multicast
Router (config-router-af)#network 131.108.0.0
Misconceptions:
None
Related Commands:
router bgp
address-family ipv4
show ip route

Command:
route-map
Mode:
Router(config)#
Syntax:
route-map map-tag [permit | deny] [sequence-number]
no route-map map-tag [permit | deny] [sequence-number]
Syntax Description:
map-tag Defines a meaningful name for the route map. The redistribute router
configuration command uses this name to reference this route map. Multiple
route maps may share the same map tag name.
permit (Optional) If the match criteria are met for this route map, and permit is
specified, the route is redistributed as controlled by the set actions. In the case
of policy routing, the packet is policy routed.
If the match criteria are not met, and permit is specified, the next route map
with the same map tag is tested. If a route passes none of the match criteria for
the set of route maps sharing the same name, it is not redistributed by that set.
The permit keyword is the default.
deny (Optional) If the match criteria are met for the route map, and deny is
specified, the route is not redistributed. In the case of policy routing, the packet
is not policy routed, and no further route maps sharing the same map tag name
will be examined. If the packet is not policy-routed, it reverts to the normal
forwarding algorithm.
sequence- (Optional) Number that indicates the position a new route map is to have in the
number list of route maps already configured with the same name. If given with the no
form of this command, it specifies the position of the route map that should be
deleted.
To define the conditions for redistributing routes from one routing protocol into another, or to
enable policy routing, use the route-map global configuration command. To enable policy routing,
the route-map command can be combined with the match and set route-map configuration
commands.
Example:
The following example shows how you can use route maps to modify incoming data from a
neighbor. Any route received from 140.222.1.1 that matches the filter parameters set in
autonomous system access list 200 will have its weight set to 200 and its local preference set to
250, and it will be accepted.
Router(config-router)#neighbor 140.222.1.1 route-map fix-weight in
Router(config-router)#exit
Router(config)#ip as-path access-list 200 permit ^690$
Router(config)#ip as-path access-list 200 permit ^1800
Router(config)#route-map fix-weight permit 10
Router(config-route-map)#match as-path 200
Router(config-route-map)#set local-preference 250
Router(config-route-map)#set weight 200

The following example applies a route map named internal-map to incoming route from 198.92.70.24:
Router(config)#route-map internal-map
Misconceptions:
None
Related Commands:
None

Command:
router bgp
Mode:
Router(config)#
Syntax:
router bgp as-number
no router bgp as-number
Syntax Description:
as- Number of an autonomous system that identifies the router to other BGP routers
number and tags the routing information passed along
To configure the Border Gateway Protocol (BGP) routing process, use the router bgp global
configuration command. To remove a routing process, use the no form of this command.
This command allows you to set up a distributed routing core that automatically guarantees the
loop-free exchange of routing information between autonomous systems.
Example:
The following example configures a BGP process for autonomous system 120:
Misconceptions:
None
Related Commands:
network (BGP)
Command:
show ip bgp
Mode:
Router#
Syntax:
show ip bgp [network] [network-mask] [longer-prefixes]
Syntax Description:
network (Optional) Network number, entered to display a particular network in the

BGP routing table
network-mask (Optional) Displays all BGP routes matching the address/mask pair
longer- (Optional) Displays route and more specific routes

prefixes
To display entries in the BGP routing table, use the show ip bgp EXEC command.
Examples:
The following is a sample of output from the show ip bgp command:
Router#show ip bgp
BGP table version is 716977, local router ID is 193.0.32.1

Status codes: s suppressed, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path

* i3.0.0.0 193.0.22.1 0 100 0 1800 1239 ?
*>i 193.0.16.1 0 100 0 1800 1239 ?
* i6.0.0.0 193.0.22.1 0 100 0 1800 690 568 ?
*>i 193.0.16.1 0 100 0 1800 690 568 ?
* i7.0.0.0 193.0.22.1 0 100 0 1800 701 35 ?
*>i 193.0.16.1 0 100 0 1800 701 35 ?
* 198.92.72.24 0 1878 704 701 35 ?
* i8.0.0.0 193.0.22.1 0 100 0 1800 690 560 ?
*>i 193.0.16.1 0 100 0 1800 690 560 ?
* 198.92.72.24 0 1878 704 701 560 ?
* i13.0.0.0 193.0.22.1 0 100 0 1800 690 200 ?
*>i 193.0.16.1 0 100 0 1800 690 200 ?
* 198.92.72.24 0 1878 704 701 200 ?
* i15.0.0.0 193.0.22.1 0 100 0 1800 174 ?
*>i 193.0.16.1 0 100 0 1800 174 ?
* i16.0.0.0 193.0.22.1 0 100 0 1800 701 i
*>i 193.0.16.1 0 100 0 1800 701 i
* 198.92.72.24 0 1878 704 701 i
The following table describes the significant fields in the display:
Table: show ip bgp Field Descriptions
Field Description
BGP table This shows the internal version number of the table. This number is
version incremented whenever the table changes.
local router IP address of the router

ID
Status Status of the table entry. The status is displayed at the beginning of each line
codes in the table. It can be one of the following values:
s—The table entry is suppressed.
*—The table entry is valid.
>—The table entry is the best entry to use for that network.
i—The table entry was learned via an internal BGP session.
Origin This field indicates the origin of the entry. The origin code is placed at the end
codes of
each line in the table. It can be one of the following values:
i—Entry originated from IGP and was advertised with a network router
configuration command.
e—Entry originated from EGP.
?—Origin of the path is not clear Usually, this is a router that is

redistributed into BGP from an IGP.
Network IP address of a network entity

Next Hop The IP address of the next system that is used when forwarding a packet to the
destination network. An entry of 0.0.0.0 indicates that the router has some
non-BGP routes to this network.
Metric If shown, this is the value of the interautonomous system metric. This field is
frequently not used.
LocPrf This displays the local preference value as set with the set local-preference
route-map configuration command. The default value is 100.
Weight Weight of the route as set via autonomous system filters
Path This shows the autonomous system paths to the destination network. There
can be one entry in this field for each autonomous system in the path.
The following is a sample of output from the show ip bgp command when you specify longer-
prefixes:
Router#show ip bgp 198.92.0.0 255.255.0.0 longer-prefixes


*> 198.92.0.0 198.92.72.30 8896 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.1.0 198.92.72.30 8796 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.11.0 198.92.72.30 42482 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.14.0 198.92.72.30 8796 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.15.0 198.92.72.30 8696 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.16.0 198.92.72.30 1400 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.17.0 198.92.72.30 1400 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.18.0 198.92.72.30 8876 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.19.0 198.92.72.30 8876 32768 ?
* 198.92.72.30 0 109 108 ?
The following is a sample of output from the show ip bgp command, showing information for
prefix 3.0.0.0:
Router#show ip bgp 3.0.0.0
BGP routing table entry for 3.0.0.0/8, version 628
Paths: (1 available, best #1)
Advertised to peer-groups:
ebgp
Advertised to non peer-group peers:
171.69.232.162
109 65000 297 701 80
171.69.233.56 from 171.69.233.56 (172.19.185.32)
Origin incomplete, localpref 100, valid, external, best, ref 2
Misconceptions:
None
Related commands:
None

Command:
show ip prefix-list
Mode:
Router#
Router>
Syntax:
show ip prefix-list [detail | summary] prefix-list-name
[network/length] [seq sequence-number] [longer] [first-match]
Syntax Description:
detail |
(Optional) Displays detailed or summarized information about all prefix lists.
summary
seq (Optional) Applies the sequence number to the prefix list entry.
sequence-
(Optional) The sequence number of the prefix list entry
number
prefix-
(Optional) The name of a specific prefix list
list-name
network/length
(Optional) The network number and length (in bits) of the network mask
Displays all entries of a prefix list that are more specific than the given
longer
network/length.
first-match Displays the entry of a prefix list that matches the given network/length.
To display information about a prefix list or prefix list entries, use the show ip prefix-list
command in user and privileged EXEC mode.
Example:
The following example shows the output of the show ip prefix-list command with details about the
prefix list named test in privileged EXEC mode:
Router#show ip prefix-list detail test

ip prefix-list test:
Description: test-list
cont: 1, range entries: 0, sequences: 10 - 10, refcount: 3
seq 10 permit 35.0.0.0/8 (hit count: 0, refcount: 1)
Misconceptions:
When troubleshooting a prefix list, a technician may want to reset the hit count. The number of hits
related to a prefix list can be cleared using the clear ip prefix-list command.
Related commands:
ip prefix-list
distribute-list

Command:
show ip protocols
Mode:
Router#
Syntax:
show ip protocols
Syntax Description:
To display the parameters and current state of the active routing protocol process, use the show ip
protocols EXEC command.
The information displayed by show ip protocols is useful in debugging routing operations.

Information in the Routing Information Sources field of the show ip protocols output can help you
identify a router suspected of delivering bad routing information.
Examples:
The following is a sample of output from the show ip protocols command, showing IGRP
processes:
Router#show ip protocols
Routing Protocol is "igrp 109"

Sending updates every 90 seconds, next due in 44 seconds
Invalid after 270 seconds, hold down 280, flushed after 630
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
IGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
IGRP maximum hopcount 100
IGRP maximum metric variance 1
Redistributing: igrp 109
Routing for Networks:
198.92.72.0
Routing Information Sources:
Gateway Distance Last Update
198.92.72.18 100 0:56:41
198.92.72.19 100 6d19
198.92.72.22 100 0:55:41
198.92.72.20 100 0:01:04
198.92.72.30 100 0:01:29
Distance: (default is 100)
Routing Protocol is "bgp 1878"

Outgoing update filter list for all interfaces is 1
IGP synchronization is disabled
Automatic route summarization is enabled
Neighbor(s):
Address FiltIn FiltOut DistIn DistOut Weight RouteMap
192.108.211.17 1
192.108.213.89 1
198.6.255.13 1
198.92.72.18 1
198.92.72.19
198.92.84.17 1
192.108.209.0
192.108.211.0
198.6.254.0
198.92.72.19 20 0:05:28
Distance: external 20 internal 200 local 200
The following table describes significant fields shown in the IGRP display:
Table: Show IP Protocols Field Descriptions for IGRP Processes
Field Description
Routing Protocol is Specifies the routing protocol used

"igrp 109"
Sending updates Specifies the time between sending updates

every 90 seconds
next due in 44 Precisely when the next update is due to be sent

seconds
Invalid after 270 Specifies the value of the invalid parameter

seconds
hold down for 280 Specifies the current value of the hold-down parameter
flushed after 630 Specifies the time in seconds after which the individual routing
information will be thrown (flushed) out
Outgoing update ... Specifies whether the outgoing filtering list has been set
Incoming update ... Specifies whether the incoming filtering list has been set
Default networks Specifies how these networks will be handled in both incoming and
outgoing updates
IGRP metric Specifies the value of the K0-K5 metrics, as well as the maximum
hopcount
Redistributing Lists the protocol that is being redistributed
Routing Specifies the networks for which the routing process is currently
injecting routes
Routing Information Lists all the routing sources the Cisco IOS software is using to build
Sources its routing table. For each source, you will see the following
displayed:
IP address
Administrative distance
Time the last update was received from this source.
The following is a sample of output from the show ip protocols command, showing EIGRP
processes:
Routing Protocol is "eigrp 77"

Redistributing: eigrp 77
Automatic network summarization is in effect
160.89.0.0
160.89.81.28 90 0:02:36
160.89.80.28 90 0:03:04
160.89.80.31 90 0:03:04
Distance: internal 90 external 170
The table describes the fields that might be shown in the display.
Table: show ip protocols Field Descriptions for EIGRP Processes
Field Description
Routing Protocol is Name and autonomous system number of the currently running
"eigrp 77" routing protocol.
Outgoing update filter Indicates whether a filter for outgoing routing updates has been
list for all interfaces... specified with the distribute-list out command.
Incoming update filter Indicates whether a filter for incoming routing updates has been
list for all interfaces... specified with the distribute-list in command.
Redistributing: eigrp Indicates whether route redistribution has been enabled with the
77 redistribute command.
Automatic network Indicates whether route summarization has been enabled with the
summarization... auto-summary command.
Routing for Networks: Networks for which the routing process is currently injecting
routes.
Routing Information Lists all the routing sources that the Cisco IOS software is using to
Sources: build its routing table. The following is displayed for each source:
IP address, administrative distance, and time the last update was
received from this source.
Distance: internal 90 Internal and external distances of the router. Internal distance is the
external 170 degree of preference given to EIGRP internal routes. External
distance is the degree of preference given to EIGRP external
routes.
The following is a sample of output from the show ip protocols command, showing IS-IS
processes:
Routing Protocol is "isis"

Sending updates every 0 seconds
Redistributing: isis
Address Summarization:
None
Serial0
The following is a sample of output from the show ip protocols command, showing RIP
processes:
Routing Protocol is "rip"

Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Key-chain
Ethernet0 2 2 trees
Fddi0 2 2
172.19.0.0
2.0.0.0
3.0.0.0
Misconceptions:
None
Related commands:
None

Command:
show ip route
Mode:
Router#
Syntax:
show ip route [address [mask] [longer-prefixes]] | [protocol
[process-id]] | [list access-list-number | access-list-name]
Syntax Description:
(Optional) Address about which routing information should be

address
displayed.
mask (Optional) Argument for a subnet mask.
longer-prefixes (Optional) The address and mask pair becomes a prefix and any routes
that match that prefix are displayed.
(Optional) Name of a routing protocol, or the keyword connected, static,
protocol or summary. If you specify a routing protocol, use one of the following
keywords: bgp, egp, eigrp, hello, igrp, isis, ospf, or rip.
process-id (Optional) Number used to identify a process of the specified protocol.
list (Optional) The list keyword is required to filter output by an access list
name or number.
access-list- (Optional) Filters the displayed output of the routing table based on the
name specified access list name.
number specified access list number.
Use the show ip route EXEC command to display the current state of the routing table.
Example:
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
U - per-user static route, o - ODR
Gateway of last resort is not set
C 1.0.0.0/8 is directly connected, Serial0
O 2.0.0.0/8 [110/128] via 1.1.1.2, 00:07:11, Serial0
3.0.0.0/32 is subnetted, 1 subnets
O 3.1.1.1 [110/129] via 1.1.1.2, 00:07:11, Serial0
Misconceptions:
None
Related commands:
ip route
ip default-network

Command:
backup delay
Mode:
Router(config-if)#
Syntax:
backup delay {enable-delay | never }{disable-delay | never}
no backup delay {enable-delay | never }{disable-delay | never}
Syntax Description:
enable- Number of seconds that elapse after the primary line goes down before the
delay Cisco IOS software activates the secondary line
disable- Number of seconds that elapse after the primary line comes up before the
delay Cisco IOS software deactivates the secondary line
never Prevents the secondary line from being activated or deactivated
To define how much time should elapse before a secondary line status changes after a primary line
status has changed, use the backup delay interface configuration command. Use the no form of
this command to return to the default, so that as soon as the primary fails, the secondary is
immediately brought up without delay.
For environments in which false signal disruptions appear as intermittent lost carrier signals, we
recommend that you enable some delay before activating and deactivating a secondary line.
Example:
The following example sets a 10-second delay on deactivating the secondary line (serial interface
0). However, line S0 is activated immediately.
Router(config-if)#backup delay 0 10
Misconceptions:
None
Related Commands:
None

Command:
backup interface
Mode:
Router(config-if)#
Syntax:
backup interface type number
no backup interface type number
Syntax Description:
type number Interface type and port number to use as the backup interface
To configure an interface as a secondary or dial backup, use the backup interface interface
configuration command. Use the no form of this command to disable this feature. The interface
you define with this command can back up only one other interface. Routers support only serial
and ISDN backup interfaces. Access servers support both asynchronous and serial backup
interfaces.
Example:
The following example sets serial 1 as the backup line to serial 0:
Router(config-if)#backup interface serial 1
The following example on the Cisco 7200 sets serial 2/2 as the backup line to
serial 1/1:
Router(config)#interface serial 1/1
Router(config-if)#backup interface serial 2/2
Misconceptions:
None
Related Commands:
None

Command:
backup load
Mode:
Router(config-if)#
Syntax:
backup load {enable-threshold | never }{disable-
load | never}
no backup load {enable-threshold | never }{disable-

load | never}
Syntax Description:
enable- Percentage of the primary line's available bandwidth that the traffic load
threshold must exceed to enable dial backup
disable-load Percentage of the primary line's available bandwidth that the traffic load
must be less than to disable dial backup
never The secondary line will never be activated due to traffic load.
To set a traffic load threshold for dial backup service, use the backup load interface configuration
command. Use the no form of this command to return to the default value. The default has no
predefined threshold.
When the transmitted or received load on the primary line is greater than the value assigned to the
enable-threshold argument, the secondary line is enabled.
The secondary line is disabled when one of the following conditions occurs:
The transmitted load on the primary line plus the transmitted load on the secondary line is
less than the value entered for the disable-load argument.
The received load on the primary line plus the received load on the secondary line is less than
the value entered for the disable-load argument.
If the never keyword is used instead of an enable-threshold value, the secondary line is never
activated because of traffic load. If the never keyword is used instead of a disable-load argument,
the secondary line is never activated because of traffic load.
Example:
The following example sets the traffic load threshold to 60 percent of the primary line, serial 0.
When that load is exceeded, the secondary line, serial 1, is activated, and will not be deactivated
until the combined load is less than 5 percent of the primary bandwidth.
Router(config-if)#backup load 60 5
Router(config-if)#backup interface serial 1
Misconceptions:
None
Related Commands:
backup interface

Command:
traffic-share
Mode:
Syntax:
traffic-share {balanced | min}
no traffic share {balanced | min}
Syntax Description:
balanced Distributes traffic proportionately to the ratios of the metrics
min Uses routes that have minimum costs
When there are multiple routes for the same destination network that have different costs, use the
traffic-share router configuration command. This command will control how traffic is distributed
among the routes. To disable this function, use the no form of the command.
Usage Guidelines:
This command applies to IGRP and EIGRP routing protocols only. With the default setting, routes
that have higher metrics represent less-preferable routes and get less traffic. Configuring traffic-
share min causes the Cisco IOS software to divide traffic only among the routes with the best
metric. Other routes will remain in the routing table, but will receive no traffic.
Example:
In the following example, only routes of minimum cost will be used:
Router(config)#router igrp 5
Router(config-router)#traffic-share min
Misconceptions:
None
Related commands:
None

Command:
variance
Mode:
Syntax:
variance multiplier
no variance
Syntax Description:
multiplier A metric value used for load balancing. It can be a value from 1 to 128. The
default is 1, which means equal-cost load balancing.
To control load balancing in an EIGRP-based internetwork, use the variance router configuration
command. The variance value determines whether IGRP will accept unequal-cost routes. An IGRP
router will only accept routes equal to the local best metric for the destination multiplied by the
variance value.To reset the variance to the default value, use the no form of this command.
Usage Guidelines:
Setting a variance value lets the Cisco IOS software determine the feasibility of a potential route. A
route is feasible if the next router in the path is closer to the destination than the current router and
if the metric for the entire path is within the variance. Only paths that are feasible can be used for
load balancing and included in the routing table.
If the following two conditions are met, the route is deemed feasible and can be added to the
routing table:
1. The local best metric must be greater than the metric learned from the next router.
2. The multiplier times the local best metric for the destination must be greater than or equal
to the metric through the next router.
Example:
The following example sets a variance value of 4:
Router(config-router)#variance 4
Misconceptions:
None
Related commands:
None

Command:
configure
Mode:
Router#
Syntax:
configure {terminal | memory | network | overwrite-network}
Syntax Description:
Enters global configuration mode to allow you to configure the system from the
terminal
terminal.
network Configure from a TFTP network host
overwrite-
Overwrite NVRAM from TFTP network host
network
memory Configures the system with the commands found in the default NVRAM
configuration file.
For the Class A Flash file system platforms, configures the system with the
configuration file specified by the CONFIG_FILE environment variable.
This command is used to switch from enable mode to one of the configuration modes.
Example:
The following will put the router into the configuration mode with the changes being done through
the terminal session.
Router#configure terminal
Router(config)#
Misconceptions:
None
Related Commands:
exit

Command:
disable
Mode:
Router#
Router>
Syntax:
disable [privilege-level]
Syntax Description:
privilege- You can specify up to 16 privilege levels, using numbers 0 through 15. Level 1
level is normal EXEC-mode user privileges. If this argument is not specified, the
privilege level defaults to level 15 (traditional enable privileges).
To exit privileged EXEC mode and return to user EXEC mode, enter the disable EXEC command.
Use this command with the level option to reduce the user-privilege level. If a level is not
specified, it defaults to the user EXEC mode, which is level 1.
Example:
Router#disable
Misconceptions:
The disable and exit commands are often confused. Exit is thought to return to the previous
prompt. However from the privilege exec prompt, exit will terminate the session. To return to the
previous mode (user exec), use disable.
Related Commands:
enable
Command:
enable
Mode:
Router>
Syntax:
enable [privilege-level]
Syntax Description:
You can specify up to 16 privilege levels, using numbers 0 through 15. Level 1
privilege-
To enter privileged EXEC mode, use the enable EXEC command. Since many of the privileged
commands set operating parameters, privileged access should be password-protected to prevent
unauthorized use. If the system administrator has set a password with the enable password global
configuration command, a prompt to enter the password will appear before being allowed access to
privileged EXEC mode. If an enable password has not been set, enable mode can only be accessed
from the router console. If a level is not specified, it defaults to the privileged EXEC mode, which
is level 15.
Example:
The following command will enter the privilege exec mode from the user exec mode:
Router>enable
Router#
Misconceptions:
None
Related Commands:
exit
disable

Command:
exit
Mode:
Router>
Router#
Router(config)#
Router(config-if)#
...
Syntax:
exit
Syntax Description:
Use the exit command at the EXEC levels to exit the EXEC mode. Use the exit command at the
configuration level to return to privileged EXEC mode. Use the exit command in interface, line,
router, IPX-router, and route-map command modes to return to global configuration mode. Use the
exit command in subinterface configuration mode to return to interface configuration mode. You
also can press Ctrl-Z, or use the end command, from any configuration mode to return to
privileged EXEC mode.
Example:
The following command will return the router session from the global config mode to the privilege
exec mode.
Router(config)#exit
Router#
Misconceptions:
Related Commands:
disable

Command:
access-class
Mode:
Syntax:
access-class access-list-number {in | out}
no access-class number
Syntax Description:
access- Specifies an integer between 1 and 199 that defines the access-list.
list-number
in Controls which nodes can make LAT connections into the server.
out Defines the access checks made on outgoing connections. (A user who types a
node name at the system prompt to initiate a LAT connection is making an
outgoing connection.)
To define restrictions on incoming and outgoing connections, use the access-class line
configuration command. To remove the access-list number, use the no form of this command. This
command defines access list numbers that will then be used with the lat access-list command to
specify the access conditions.
The value supplied for the access-list-number argument is used for all protocols supported by the
Cisco IOS software. If you are already using an IP access list, you must define LAT (and possibly
X.25) access lists permitting connections to everything, to emulate the behavior of previous
software versions.
When both IP and LAT connections are allowed from a terminal line and an IP access list is
applied to that line with the access-class line command, a LAT access list must also be created
with the same number if any LAT connections from that terminal are going to be allowed. Only
one incoming and one outgoing access list number can be specified for each terminal line. When
checking LAT access lists, if the specified list does not exist, the system denies all LAT
connections.
Example:
The following example configures an incoming access class on virtual terminal line 4:
Router(config)#line vty 4
Router(config-line)#access-class 4 in
Misconceptions:
None
Related Commands:
None

Command:
exec-timeout
Mode:
Syntax:
exec-timeout minutes [seconds]
no exec-timeout
Syntax Description:
minutes Integer that specifies the number of minutes
seconds (Optional) Additional time intervals in seconds
To set the interval that the EXEC command interpreter waits until user input is detected, use the
exec-timeout line configuration command. To remove the timeout definition, use the no form of
this command.
If no input is detected during the interval, the EXEC facility resumes the current connection. If no
connections exist, the EXEC facility returns the terminal to the idle state and disconnects the
incoming session. To specify no timeout, enter the exec-timeout 0 0 command.
Examples:
The following example sets a time interval of 2 minutes, 30 seconds:
Router(config)#line console
Router(config-time)#exec-timeout 2 30
The following example sets a time interval of 10 seconds:

Router(config)#line console
Router(config)#exec-timeout 0 10
Misconceptions:
None
Related Commands:
None

Command:
line
Mode:
Router(config)#
Syntax:
line [aux | console | tty | vty ] line-number [ending-line-number]
Syntax Description:
aux (Optional) This represents the auxiliary EIA/TIA-232 DTE port. Must be addressed
as relative line 0. The auxiliary port can be used for modem support and
asynchronous connections.
console (Optional) This represents the console terminal line. The console port is DCE.
tty (Optional) Standard asynchronous line
vty (Optional) Virtual terminal for remote console access
line-number The relative number of the terminal line (or the first line in a contiguous group) that
you want to configure when the line type is specified. Numbering begins with zero.
ending-line- (Optional) The relative number of the last line in a contiguous group that you want
number to configure. If you omit the keyword, then line-number and ending-line-number are
absolute rather than relative line numbers.
To identify a specific line for configuration and begin the line configuration command collection
mode, use the line global configuration command. Entering the line command with the optional
line type (aux , console , tty , or vty ) designates the line number as a relative line number.
Relative line numbers always begin numbering at zero and define the type of line. Addressing the
second virtual terminal line as line VTY 1, for example, is easier than remembering it as line 143,
its absolute line number. Entering the line command without specifying a line type causes the line
number to be treated as an absolute line number.
Example:
The following example configures 5 virtual terminal sessions for remote access.
The following example configures line parameters for line 65, which can be of any type:
Router(config)#line 65
Misconceptions:
None
Related Commands:
show line

Command:
lockable
Mode:
Syntax:
lockable
no lockable
Syntax Description:
To enable the lock EXEC command, use the lockable global configuration command. This
command enables a terminal-locking mechanism that allows a terminal to be temporarily locked.
Use the no form of this command to reinstate the default. This allows a user to lock a privilege
exec session using the lock command. A locked session allows the user to leave a privilege exec
session and not leave it available for someone to change. When a lock command is issued, the user
will be prompted for a password and a conformation of that password. When the password and
conformation is entered, the session is locked. The user must press the Enter key and enter this
password to resume the session.
Example:
The following example is the dialog of the use of the lockable and lock commands
Router#conf t
Router(config)#line console 0
Router(config-line)#lock
Router(config-line)#lockable
Router(config-line)#^z
Router#lock
Password:
Again:
Locked
Password:
Misconceptions:
None
Related Commands:
lock
line

Command:
login
Mode:
Router#(config-line)#
Syntax:
login [local | tacacs]
no login [local | tacacs]
Syntax Description:
local This key word selects local password checking. Authentication is based on the
username specified with the username global configuration command.
tacacs Selects the TACACS-style user ID and password-checking mechanism
To enable password checking at login, use the login line configuration command. Use the no form
of this command to disable password checking and allow connections without a password. Virtual
terminals (VTYs) require a password. If you do not set a password for a virtual terminal, it
responds to attempted connections by displaying an error message and closing the connection. If
you specify the login command without the local or tacacs option, authentication is based on the
password specified with the password line configuration command.
Example:
The following example show a sequence of commands that creates a local user and sets up console
0 for local login.
Router#conf t
Router(config)#username mark password kram
Router(config-line)#login local
Router(config-line)#^Z
Router#exit
Router con0 is now available
Press RETURN to get started.

User Access Verification
Username:
Misconceptions:
None
Related Commands:
login
username

Command:
password
Mode:
Syntax:
password password
no password password
Syntax Description:
password The password to assign to the line
To specify a password on a line, use the password line configuration command. Use the no form
of this command to remove the password.
Examples:
The following example sets a password for virtual terminal sessions 0 through 4.
Router(config-line)#password 12345
The following example will set a password of 1234 on console 0.

Router(config-line)#password 1234
Router(config-line)#^Z
Router#
Misconceptions:
None
Related Commands:
None

Command:
show line
Mode:
Router#
Syntax:
show line [line-number | aux number | console number | tty number
| vty number]
Syntax Description:
aux Auxiliary line
line-
number The line number to be shown
To display the parameters of a terminal line, use the show line EXEC command.
Example:
The following sample output from the show line command shows that line 17 is a virtual terminal
line with a transmit and receive rate of 9600 bps. Also shown is the modem state, terminal screen
width and length, and so on.
Router#show line 17
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
A 17 VTY 9600/9600 - - - - - 1 0 0/0
Line 17, Location: "", Type: ""

Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600
Status: Ready, Connected, Active, No Exit Banner, Async interface active
Capabilities: Line usable as async interface
Modem state: Ready
Special Chars: Escape Hold Stop Start Disconnect Activation
^^x none - - none
Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch
never never none not set
Session limit is not set.
Time since activation: never
Editing is enabled.
History is enabled, history size is 10.
Full user help is disabled
Allowed transports are lat telnet rlogin mop. Preferred is lat.
No output characters are padded
No special data dispatching characters
Line is running SLIP routing for address 1.0.0.2.

0 output packets queued, 0 input packets.
Group codes: 0
The table describes the fields in the show line output.

Table: Show Line Field Descriptions
Field Description
Tty Line number. In this case, 17.
Typ Type of line. In this case, a virtual terminal line (VTY), which is active, in
asynchronous mode denoted by the preceding `A.' Other possible values are:
CTY---console
AUX---auxiliary port
TTY---asynchronous terminal port
lpt---parallel printer
Tx/Rx Transmit rate/receive rate of the line.

A Indicates whether autobaud has been configured for the line. A value of F
indicates that autobaud has been configured; a hyphen indicates that it has not
been configured.
Modem Types of modem signals that have been configured for the line. Possible values
include
callin
callout
cts-req
DTR-Act
inout
RIisCD
Roty Rotary group configured for the line.

AccO, AccI Output or Input access list number configured for the line.
Uses Number of connections established to or from the line since the system was
restarted.
Noise Number of times noise has been detected on the line since the system restarted.
Overruns Hardware (UART) overruns and/or software buffer overflows, both defined as the
number of overruns or overflows that have occurred on the specified line since the
system was restarted. Hardware overruns are buffer overruns; the UART chip has
received bits from the software faster than it can process them. A software
overflow occurs when the software has received bits from the hardware faster than
it can process them.
Line Current line.
Location Location of the current line.
Type Type of line, as specified by the line global configuration command.
Length Length of the terminal or screen display.
Width Width of the terminal or screen display.
Baud rate Transmit rate/receive rate of the line.
(TX/RX)
Status State of the line: Ready or not, connected or disconnected, active or inactive, exit
banner or no exit banner, async interface active or inactive.
Capabilities Current terminal capabilities. In this case, the line is usable as an asynchronous
interface.
Modem state Modem control state. This field should always read READY.
Special Chars Current settings of special characters that were input by the user (or taken by
default) from the following global configuration commands:
escape-character
hold-character
stop-character
start-character
disconnect-character
activation-character
Timeouts Current settings that were input by the user (or taken by default) from the
following global configuration commands:
exec-timeout
session-timeout
dispatch-timeout
modem answer-timeout
Session limit Maximum number of sessions.
Time since Last time start_process was run.
activation
Editing Whether or not command line editing is enabled.
History Current history length, set by the user (or taken by default) from the history
Full user help Whether or not full user help has been set by the user with the terminal full-help
command or by the administrator with the full-help line configuration command.
Allowed Current set transport method, set by the user (or taken by default) from the
transports transport preferred line configuration command.
are...
characters are Current set padding, set by the user (or taken by default) from the padding line
padded configuration command.
data Current dispatch character set by the user (or taken by default) from the dispatch-
dispatching character line configuration command.
characters
Line Definition of the specified line's protocol and address.
output, input Number of output and input packets queued on this line.
packets
Group codes AT group codes.
Misconceptions:
None
Related commands:
clear line

Command:
bandwidth
Mode:
Router(config-if)#
Syntax:
bandwidth kilobits
no bandwidth
Syntax Description:
kilobits Intended bandwidth in kilobits per second
To set a bandwidth value for an interface, use the bandwidth command in interface configuration
mode. The bandwidth command sets an informational parameter to communicate only the current
bandwidth to the higher-level protocols.
Example:
The following command sequence will set the bandwidth of serial 0/0 to 1.54 megabits per
second.
Router(config-if)#bandwidth 1540
Misconceptions:
The bandwidth is occasionally misinterpreted as a command to modify the bandwidth rate of an
interface. You cannot adjust the actual bandwidth of an interface with this command.
Related Commands:
None
Command:
cdp enable
Mode:
Router(config-if)#
Syntax:
cdp enable
no cdp enable
Syntax Description:
To enable Cisco Discovery Protocol (CDP) on an interface, use the cdp enable interface
configuration command. Use the no form of this command to disable CDP on an interface. CDP is
enabled by default on all supported interfaces.
Example:
The following commands enables CDP on serial 0/0:

Router(config-if)#cdp enable
Misconceptions:
None
Related Commands:
show cdp neighbors
show cdp
cdp run

Command:
clear counters
Mode:
Router#
Syntax:
clear counters interface-type number
Syntax Description:
interface-type Type of interface to be configured
number This represents a port, connector, or interface card number. On a Cisco
4000 series router, it specifies the NPM number. The numbers are assigned
at the factory at the time of installation or when added to a system, and can
be displayed with the show interfaces command.
Many steps occur during the processing of a packet, and tests are performed at each step. The
outcome of each step is recorded in an interface counter. Network administrators can analyze these
interface counters to determine the reasons for sluggish router and network performance. This
command is used to set all the counters of the specified interfaces to zero.
Example:
The following command resets all the counters of the ethernet 0 interface to zero.
Router#clear counters ethernet 0
Misconceptions:
None
Related Commands:
show interfaces

Command:
clock rate
Mode:
Router(config-if)#
Syntax:
clock rate speed-in-bits-per-second
no clock rate
Syntax Description:
speed-in-bits-per-second Speed of line measured in bits per second
Use the clock rate (or clockrate) interface configuration command to configure the clock rate for
the hardware connections on serial interfaces such as network interface modules (NIMs) and
interface processors to an acceptable bit rate. Use the no form of this command to remove the
clock rate if you change the interface from a DCE to a DTE device. Using the no form of this
command on a DCE interface sets the clock rate to the hardware-dependent default value. bps (bits
per second) values are physical-layer dependent (i.e. RS232, V.35, etc.) and can be any of the
following:
1200
2400
4800
9600
19200
38400
56000
64000
72000
125000
148000
250000
500000
800000
1000000
1300000
2000000
4000000
Example:
The following a sets a clock of 56000 on interface serial 0/0.

Router(config-if)#clock rate 56000
! or
Router(config-if)#clockrate 56000
Misconceptions:
None
Related Commands:
interface

Command:
description
Mode:
Router(config-if)#
Syntax:
description string
no description
Syntax Description:
string Comment that describes the use or tracks the attachment of a particular interface.
To add a description to an interface configuration, use the description interface configuration

command. Use the no form of this command to remove the description.
The description command is meant solely as a comment to be put in the configuration to help you
remember the use of certain interfaces. The description appears in the output of the following
EXEC commands: more nvram:startup-config, show interfaces, and more system:running-
config.
Example:
The following commands adds a description to serial interface 0/0.
Router(config-if)#description 128k connected to SJ site
Misconceptions:
None
Related Commands:
None

Command:
encapsulation dot1q
Mode:
Router(config-subif)#
Syntax:
encapsulation dot1q vlan-id [native]

no encapsulation dot1q
Syntax Description:
vlan-id This represents a VLAN identifier that has an allowed range from 1 to 4095.
native (Optional) Sets the PVID value of the port to the vlan-id value
To enable IEEE 802.1Q encapsulation of traffic on a specified subinterface in virtual LANs
(VLANs), use the encapsulation dot1q subinterface configuration command.
IEEE 802.1Q encapsulation is configurable on Fast Ethernet interfaces. IEEE 802.1Q is a standard
protocol for interconnecting multiple switches and routers and for defining VLAN topologies.
Example:
The following example sets subinterface fastethernet 4/1.100 for trunking protocol of dot.1q.
Router(config)#interface fastethernet 4/1.100

Router(config-subif)#encapsulation dot1q 100
Misconceptions:
None
Related Commands:
encapsulation isl

Command:
encapsulation isl
Mode:
Router(config-subif)#
Syntax:
encapsulation isl vlan-identifier
no encapsulation isl
Syntax Description:
vlan- This represents a VLAN identifier that has an allowed range from 1
identifier to 1000.
To enable the Inter-Switch Link (ISL), use the encapsulation isl command in subinterface
configuration mode.
ISL is a Cisco protocol for interconnecting multiple switches and routers, and for defining VLAN
topologies.
ISL encapsulation is configurable on Fast Ethernet interfaces.
ISL encapsulation adds a 26-byte header to the beginning of the Ethernet frame. The header
contains a 10-bit VLAN identifier that conveys VLAN membership identities between switches.
Example:
The following example sets subinterface fastethernet 2/1.20 for trunking protocol of ISL:
Router(config)#interface FastEthernet 2/1.20
Router(config-subif)#encapsulation isl 400
Misconceptions:
None
Related Commands:
encapsulation dot1q

Command:
interface
Mode:
Router(config)#
Syntax:
interface type number
interface type slot/port
interface [type slot/port-adapter/port] [ethernet | serial] (for
ports on VIP cards in the Cisco 7500 series routers)
interface serial slot/port:channel-group (for channelized T1 or
E1 on Cisco 7500 series routers)
interface serial number:channel-group (for channelized T1 or E1
on the Cisco 4000 series routers and the Cisco MC3810)
To configure a subinterface, use this form of the interface global
configuration commands:
interface type slot/port-adapter/port.subinterface-number
{multipoint | point-to-point}
(for ports on VIP cards in the Cisco 7500 series routers)
interface type slot/port.subinterface-number {multipoint | point-
to-point} (for the Cisco 7200
series routers)
interface type slot/port-adapter.subinterface-number {multipoint |
point-to-point} (for the Cisco 7500 series)
Syntax Description:
type Type of interface to be configured
number This specifies a port, connector, or interface card number. On a Cisco 4000
series router, it specifies the NPM number. The numbers are assigned at the
factory at the time of installation or when added to a system, and can be
displayed with the show interfaces command.
slot Refer to the appropriate hardware manual for slot and port information.
port Refer to the appropriate hardware manual for slot and port information.
port-adapter Refer to the appropriate hardware manual for information about port adapter
compatibility.
:channel-group The Cisco 4000 series routers specifies the T1 channel group number in the
range of 0 to 23 defined with the channel-group controller configuration
command. On a dual port card, it is possible to run channelized on one port and
primary rate on the other port.
The Cisco MC3810 specifies the T1/E1 channel group number in the range of
0 to 23 defined with the channel-group controller configuration command.
.subinterface- This specifies the subinterface number in the range 1 to 4294967293. The
number number that precedes the period (.) must match the interface number to which
this subinterface belongs.
multipoint | (Optional) This specifies a multipoint or point-to-point subinterface. There is
point-to-point no default.
Use the interface global configuration command to configure an interface type and enter interface
configuration mode.
Example:
The following will move the router prompt from the global config to the interface config mode.
Router(config)#interface ethernet 0
Misconceptions:
None
Related Commands:
description
bandwidth
ip address
clock rate

Command:
ip access-group
Mode:
Router(config-if)#
Syntax:
ip access-group access-list-number | access-list-name {in | out}
no ip access-group access-list-number |access-list-name
Syntax Description:
access-list-number | Assigned IP access list number or name

access-list-name
in This defines access control on packets transmitted from the host.
These packets are received into the router interface.
out This defines access control on packets being sent to the host.
These packets are transmitted out of the router interface. The
default is out.
To configure an access list to be used for packets transmitted to and from the host, use the ip
access-group interface configuration command. To disable control over packets transmitted to or
from a host, use the no form of this command.
With this command in effect, various fields within the packet are compared to criteria within the
access list for acceptability and dropped or passed. Some of the fields that can be compared
include: source IP address, destination IP address, protocol, source port number and destination
port number.
Example:
The following example assumes that users are restricted from accessing certain servers, but access
to other hosts can be accessed.
!! Specify the access list interface

Router(config)#async 6
Router(config-if)#ip access-group 2 out
Misconceptions:
None
Related Commands:
access-list

Command:
ip address
Mode:
Router(config-if)#
Syntax:
ip address ip-address mask [secondary]

no ip address
Syntax Description:
Value that indicates the division of network, subnetworks and host

ip-address mask
addresses
secondary Designates an IP address as an auxiliary address
To set IP addresses for an interface, use the ip address interface configuration command. The
secondary keyword designates an IP address as an auxiliary address. To remove the specified
addresses, use the no form of this command.
Example:
The following example assigns an interface an IP address of 194.123.12.3:

Router(config-if)#ip address 194.123.12.3 255.255.255.0
Misconceptions:
None
Related Commands:
interface
clock rate

Command:
ip cgmp
Mode:
Router(config-if)#
Syntax:
ip cgmp[proxy]
no ip cgmp
Syntax Description:
proxy (Optional) Enables CGMP and the CGMP proxy function.
To enable Cisco Group Management Protocol (CGMP) on an interface of a router connected to a
Catalyst 5000 switch, use the ip cgmp interface configuration command. To disable CGMP
routing, use the no form of this command. By default CGMP is disabled.
Usage Guidelines:
When enabled on an interface, this command triggers a CGMP Join message. When a no ip cgmp
command is issued, a triggered CGMP Leave message is sent for the routers MAC address on the
interface for group 0000.0000.0000 (all groups). CGMP can run on an interface only if Protocol
Independent Multicast (PIM) is configured on the same interface.
When the proxy keyword is specified, the CGMP proxy function is also enabled. That is, any
router that is not CGMP-capable will be advertised by the proxy router. The proxy router
advertises the existence of other non CGMP-capable routers by sending a CGMP Join message
with the non-CGMP-capable router's MAC address and a group address of 0000.0000.0000. To
perform CGMP proxy, a Cisco router must be the IGMP querier. If you configure ip cgmp proxy,
you must manipulate the IP addresses so that a Cisco router will be the IGMP querier, which might
be the highest or lowest IP address, depending on which version of IGMP is being run on the
network.
When multiple Cisco routers are connected to a switched network and ip cgmp [proxy] is needed,
it is recommended that all of them be configured:
With the same CGMP option

To have precedence of becoming IGMP querier over non-Cisco routers
Example:
The following example enables CGMP:
Router(config-if)#ip cgmp
The following example enables CGMP and CGMP proxy:

Router(config-if)#ip cgmp proxy
Misconceptions:
None
Related Commands:
None

Command:
ppp chap hostname
Mode:
Router(config-if)#
Syntax:
ppp chap hostname hostname
no ppp chap hostname hostname
Syntax Description:
hostname Used to specify an alternate username/hostname that will be used for authentication
Use the ppp chap hostname interface configuration command to create a pool of dialup routers
that all appear to be the same host when authenticating with CHAP. The hostname that is sent with
chap is normally the host name of the router. This command allows the CHAP username that is
sent to be independent of the routers host name. This will useful if you have a situation where any
number of routers may be making a connection to a remote router and be authenticated with
CHAP. They need to send the same username for several reasons. First you may wish to limit the
number of concurrent connections to the remote site from any specific site. Second, DDR will need
to know that the location is connected in order to use a current connection rather than attempting to
bring up another connection.
Example:
The following example will cause the router to send the CHAP username BHM instead of the
routers name of BHM6.
BHM6(config-if)#ppp chap hostname BHM
Misconceptions:
None
Related Commands:
encapsulation ppp
ppp chap password
ppp authentication

Command:
ppp chap password
Mode:
Router(config-if)#
Syntax:
ppp chap password password
no ppp chap password password
Syntax Description:
password Actual password required for authentication of remote router
Use the ppp chap password interface configuration command to configure a common CHAP
secret password to be used in response to challenges from an unknown remote peer. This command
is useful when there is a collection of routers that do not support this command (such as routers
running older Cisco IOS software images). To disable this function, use the no form of this
command.
Example:
Router(config-if)#ppp chap password 7 cisco
Misconceptions:
none
Related Commands:
encapsulation ppp
ppp chap hostname
ppp authentication

Command:
show hosts
Mode:
Router#
Syntax:
show hosts
Syntax Description:
To display the default domain name, the style of name lookup service, a list of name server hosts,
and the cached list of host names and addresses, use the show hosts EXEC command.
Example:
Router#show hosts
Default domain is not set
Name/address lookup uses domain service
Name servers are 255.255.255.255
Host Flags Age Type Address(es)

abc (perm, OK) 0 IP 12.12.12.12
Router#
Misconceptions:
None
Related commands:
ip host

Command:
show interfaces
Mode:
Router>
Router#
Syntax:
show interfaces {type number}
Syntax Description:
number This represents a port, connector, or interface card number.
Use the show interfaces EXEC command to display statistics for all interfaces configured on the
router or access server. The resulting output varies, depending on the network for which an
interface has been configured. You should use the summary option to limit the amount of
information presented.
Example:
Router#show interfaces fastethernet 0/1
Ethernet0 is administratively down, line protocol is down
Hardware is Lance, address is 00e0.b05a.6396 (bia 00e0.b05a.6396)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 252/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec)
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:29:44, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
1 packets output, 60 bytes, 0 underruns
1 output errors, 0 collisions, 6 interface resets
0 babbles, 0 late collision, 0 deferred
1 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Misconceptions:
None
Related commands:
None

Command:
show ip interface
Mode:
Router>
Router#
Syntax:
show ip interface interface-type number
Syntax Description:
type (Optional) Specifies that information be displayed about that interface type only. The
possible value depends on the type of interfaces the system has. For example, it could
be Ethernet, null, serial, token ring, and so forth.
number (Optional) Interface number.
To display the usability status of interfaces configured for IP, use the show ip interface EXEC
command.
Example:
Router#show ip interface
FastEthernet0 is up, line protocol is up
Internet address is 192.195.78.24, subnet mask is 255.255.255.240
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Secondary address 131.192.115.2, subnet mask 255.255.255.0
Directed broadcast forwarding is enabled
Multicast groups joined: 224.0.0.1 224.0.0.2
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP SSE switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Web Cache Redirect is enabled
Field Description
FastEthernet0 is up If the interface hardware is usable, the interface is marked "up." For an
interface to be usable, both the interface hardware and line protocol must
be up.
line protocol is up If the interface can provide two-way communication, the line protocol is
marked "up." For an interface to be usable, both the interface hardware
and line protocol must be up.
Internet address and IP Internet address and subnet mask of the interface.
subnet mask
Broadcast address Displays the broadcast address.
Address determined Indicates how the IP address of the interface was determined.
by...
MTU Displays the MTU value set on the interface.
Helper address Displays a helper address, if one has been set.
Secondary address Displays a secondary address, if one has been set.
Directed broadcast Indicates whether directed broadcast forwarding is enabled.
forwarding
Multicast groups Indicates the multicast groups this interface is a member of.
joined
Outgoing access list Indicates whether the interface has an outgoing access list set.
Inbound access list Indicates whether the interface has an incoming access list set.
Proxy ARP Indicates whether Proxy Address Resolution Protocol (ARP) is enabled
for the interface.
Security level Specifies the IP Security Option (IPSO) security level set for this
interface.
Split horizon Indicates that split horizon is enabled.
ICMP redirects Specifies whether redirect messages will be sent on this interface.
ICMP unreachables Specifies whether unreachable messages will be sent on this interface.
ICMP mask replies Specifies whether mask replies will be sent on this interface.
IP fast switching Specifies whether fast switching has been enabled for this interface. It is
generally enabled on serial interfaces, such as this one.
IP SSE switching Specifies whether IP silicon switching engine (SSE) is enabled.
Router Discovery Specifies whether the discovery process has been enabled for this
interface. It is generally disabled on serial interfaces.
IP output packet Specifies whether IP accounting is enabled for this interface and what the
accounting threshold (maximum number of entries) is.
TCP/IP header Indicates whether compression is enabled or disabled.
compression
Probe proxy name Indicates whether HP Probe proxy name replies are generated.
WCCP Redirect Indicates the status of whether packets received on an interface are
outbound is enabled redirected to a cache engine. Displays "enabled" or "disabled."
WCCP Redirect Indicates the status of whether packets targeted for an interface will be
exclude is disabled excluded from being redirected to a cache engine. Displays "enabled" or
"disabled."
Misconceptions:
None
Related commands:
show interfaces
show access-lists

Command:
show running-config
Mode:
Router#
Syntax:
show running-config
Syntax Description:
This command allows you to view the current configuration in the RAM. This configuration is the
active configuration, and changes made to the router will show up in this configuration file. Since
it is stored in the RAM, any changes not saved will be gone when the router resets.
Example:
Router#show running-config
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
boot system flash
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
interface FastEthernet0
--More--
Misconceptions:
IOS 12.0 and newer versions replaces show running-config with the command show running-
config.
Related commands:
show startup-config

Command:
show startup-config
Mode:
Router#
Syntax:
show startup-config
Syntax Description:
This command has no arguments or keywords
This command allows you to view the configuration file "startup-config" in the NVRAM. This
configuration file is the stored, default file that is used by the router when it boots. Any changes
made to the active configuration on the router that is not saved to this file using "copy running-
config startup-config" will be lost upon next reload.
Example:
Router#show startup-config
Using 475 out of 7506 bytes
!
version 12.1
!
hostname Router
!
!
!
!
!
!
ip subnet-zero
!
!
!
!
no ip address
ip broadcast-address 0.0.0.0
shutdown
--More--
Misconceptions:
IOS 12.0 and newer versions replaces show startup-config with the command more
nvram:startup-config.
Related commands:
show running-config
copy

Command:
shutdown
Mode:
Router(config-if)#
Syntax:
shutdown
no shutdown
Syntax Description:
To disable an interface, use the shutdown configuration command. To restart a disabled interface,
use the no form of this command. This should be done on all interfaces in use as they are shutdown
by default.
Example:
The following example will disable an interface.
Router(config-if)#shutdown
Misconceptions:
None
Related commands:
interface

Command:
ip inspect name
Mode:
Router(config)#
Syntax:
ip inspect name inspection-name protocol [alert {on | off}]
[audit-trail {on | off}] [timeout seconds]
no ip inspect name [inspection-name protocol]
Syntax Description:
inspection-
name Name of inspection defined protocol
protocol A protocol keyword listed in the Table A.
alert For each inspected protocol, the generation of alert messages can be set on or
off.
audit-trail For each inspected protocol, audit trail can be set on or off.
timeout To override the global TCP or User Datagram Protocol idle timeouts for the
specified protocol, specify the number of seconds for a different idle timeout.
Table A: Protocol Keywords
Protocol protocol Keyword

Transport-Layer Protocols
TCP tcp
UDP udp
Application-Layer Protocols
CU-SeeMe cuseeme
FTP ftp
Java http
H.323 h323
Microsoft NetShow netshow
UNIX R commands (rlogin, rexec, rsh) rcmd
RealAudio realaudio
RPC rpc
SMTP smtp
SQL*Net sqlnet
StreamWorks streamworks
TFTP tftp
VDOLive vdolive
To define a set of inspection rules, use the ip inspect name command in global configuration
mode.
Example:
The following examples directs the router to inspect ftp traffic:
Router(config)#ip inspect name mycbac1 ftp
Misconceptions:
None
Related Commands:
None

Command:
show ip inspect
Mode:
Router#
Syntax:
show ip inspect {name inspection-name | config | interfaces |
session [detail] | all }
Syntax Description:
name Shows the configured inspection rule with the name inspection-name
config Shows the complete CBAC inspection configuration
interfaces Shows interface configuration with respect to applied inspection rules and access
lists
Shows existing sessions that are currently being tracked and inspected by CBAC.
session The optional detail keyword causes additional details about these sessions to be
shown.
all Shows all CBAC configuration and all existing sessions that are currently being
tracked and inspected by CBAC.
This command shows configuration information and statistics about context based access control
processes.
Example:
Router#show ip inspect all
Misconceptions:
None
Related commands:
None

Command:
dialer fast-idle
Mode:
Router (config-if)#
Syntax:
dialer fast-idle number-of-seconds
no dialer fast-idle
Syntax Description:
number-of- Idle time, in seconds, that must occur on an interface before the line is
seconds disconnected. Acceptable values are positive, nonzero integers.
If there is contention for a line, the dialer fast-idle interface configuration command is used to
specify the amount of time that the line will stay idle before it is disconnected. The dialer fast idle
timer is activated if a line is busy, a packet for a different next hop address is received, and the
busy line is required to send the competing packet. If the line becomes idle for the configured
length of time, the current call is disconnected immediately and the new call is placed. Use the no
dialer fast-idle command to reset the timeout period to the default.
Example:
The following example specifies a fast idle timeout of 35 seconds on interface async 1:
Router(config-if)#dialer fast-idle 35
Misconceptions:
None
Related Commands:
dialer in-band
dialer idle-timeout
dialer map
Command:
dialer hold-queue
Mode:
Router(config-if)#
Syntax:
dialer hold-queue packets timeout seconds
no dialer hold-queue packets
Syntax Description:
packets Number of packets, in the range 1 to 100 packets, to hold in the queue. This
argument is optional with the no form of the command.
timeout Amount of time in seconds to queue the packets.
seconds
To allow interesting outgoing packets to be queued until a modem connection is established, use
the dialer hold-queue interface configuration command. To disable the hold queue, use the no
form of this command.
A dialer hold queue can be configured on any type of dialer, including in-band synchronous,
asynchronous, data terminal ready (DTR), and Integrated Services Digital Network (ISDN) dialers.
Rotary groups can also be configured with a dialer hold queue. If a rotary group is configured with
a hold queue, all members of the group inherit that queue. No individual member's hold queue can
be altered.
If no hold queue is configured, packets are dropped during the time required to establish a
connection. Setting packets to 0 using the dialer hold-queue command is equivalent to using the no
dialer hold-queue command.
Example:
The following command configures a dialer hold queue to hold 10 packets:

Router(config)#dialer hold-queue 10 timeout 60
Misconceptions:
None
Related Commands:
dialer-group

Command:
dialer load-threshold
Mode:
Router(config-if)#
Syntax:
dialer load-threshold load [outbound | inbound | either]
no dialer load-threshold
Syntax Description:
load Interface load used to determine whether to initiate another call or to drop a link to the
destination. This argument represents a utilization percentage; it is a number between
1 and 255, where 255 is 100%.
outbound (Optional) Calculates the actual load using outbound data only
inbound (Optional) Calculates the actual load using inbound data only
either (Optional) Sets the maximum calculated load as the larger of the outbound and
inbound loads
To configure bandwidth on demand by setting the maximum load before the dialer places another
call to a destination, use the dialer load-threshold interface command. To disable the setting, use
This command first appeared in Cisco IOS Release 10.0. The list command and access-list-number
and access-group arguments first appeared in Cisco IOS Release 10.3.
This command applies to dialer rotary groups only.
When the cumulative load of all UP links(a number n) exceeds the load threshold the dialer adds
an extra link and when the cumulative load of all UP links minus one (n - 1) is at or below load
threshold then the dialer can bring down that one link. The dialer will make additional calls or drop
links as necessary but will never interrupt an existing call to another destination.
The argument load is the calculated weighted average load value for the interface; 1 is unloaded
and 255 is fully loaded. The load is calculated by the system dynamically, based on bandwidth.
You must set the bandwidth for an interface in kilobits per second, using the bandwidth
command.
The load calculation determines how much of the total bandwidth you are using. A load value of
255 means that you are using one hundred percent of the bandwidth. The load number is required.
When multilink PPP is configured, the dialer-load threshold 1 command no longer keeps a
multilink bundle of n links connected indefinitely and the dialer-load threshold 2 command no
longer keeps a multilink bundle of 2 links connected indefinitely. If you want a multilink bundle to
be connected indefinitely, you must set a very high idle timer.
Example:
In the following example, if the load to a particular destination on an interface in dialer rotary
group 5 exceeds interface load 200, the dialer will initiate another call to the destination:
Router(config)#interface dialer 5
Router(config-if)#dialer load-threshold 200
Misconceptions:
None
Related Commands:
bandwidth
interface dialer
dialer rotary-group

Command:
dialer map
Mode:
Router(config-if)#
Syntax:
dialer map protocol next-hop-address [name hostname] [spc ] [speed
56 | speed 64 ] [broadcast ] [modem-script modem-regexp] [system-
script system-regexp] [dial-string [: isdn-subaddress]]
no dialer map protocol next-hop-address [name hostname] [spc ]

[speed 56 | speed 64 ] [broadcast ] [modem-script modem-regexp]
[system-script system-regexp] [dial-string [: isdn-subaddress]]
Syntax Description:
protocol Protocol keywords; one of the following: appletalk, bridge, clns, decnet,
ip, ipx, novell, snapshot, vines, and xns
next-hop- Protocol address used to match against addresses to which packets are
address destined
name (Optional) Indicates the remote system with which the local router or
access server communicates. Used for authenticating the remote system on
incoming calls.
hostname (Optional) Case-sensitive name or ID of the remote device (usually the
host name). For routers with ISDN interfaces, if calling line identification
sometimes called CLI, but also known as caller ID and automatic number
identification (ANI) is provided, the hostname field can contain the
number that the calling line ID provides.
spc (Optional) Specifies a semipermanent connection between customer
equipment and the exchange; used only in Germany for circuits between
an ISDN BRI and a 1TR6 ISDN switch and in Australia for circuits
between an ISDN PRI and a TS-014 switch.
speed 56 | (Optional) Keyword and value indicating the line speed in kilobits per
speed 64 second to use. Used for ISDN only. The default speed is speed 64 (64
kbps).
broadcast (Optional) Indicates that broadcasts should be forwarded to this protocol
address
modem-script (Optional) Indicates the modem script to be used for the connection (for
asynchronous interfaces)
modem-regexp (Optional) Regular expression to which a modem script will be matched
(for asynchronous interfaces)
system-script (Optional) Indicates the system script to be used for the connection (for
asynchronous interfaces
system-regexp (Optional) Regular expression to which a system script will be matched
dial-string (Optional) Telephone number sent to the dialing device when it
[:isdn- recognizes packets with the specified next hop address that matches the
subaddress] access lists defined, and the optional subaddress number used for ISDN
multipoint connections. The dial string and ISDN subaddress, if used,
must be the last item in the command line.
To configure an ISDN interface to place a call to multiple sites, or to authenticate calls from
multiple sites, use the dialer map interface configuration command. Similar to the function
provided by an ARP table, dialer map statements translate next-hop protocol addresses to
telephone numbers. Use the no form of this command to reset the ISDN interface dialer map
configuration.
Example:
In the following example, packets received for a host 10.0.0.1 (HQ-central) is statically mapped to
telephone number 555-1212:
Router(config)#interface bri 0/0
Router(config-if)#dialer map ip 10.0.0.1 name HQ-central broadcast 2330038283
Misconceptions:
None
Related Commands:
dialer-list protocol

Command:
Mode:
Router(config)#
Syntax:
dialer-list dialer-group protocol protocol-name {permit | deny |
list access-list-number | access-group}
no dialer-list dialer-group [protocol protocol-name {permit | deny

| list access-list-number | access-group} ]
Syntax Description:
dialer- Number of a dialer access group identified in any dialer-group interface
group configuration command
protocol- One of the following protocol keywords: appletalk, bridge, clns, clns_es, clns_is,
name decnet, decnet_router-L1, decnet_router-L2, decnet_node, ip, ipx, vines, or xns
permit Permits access to an entire protocol
deny Denies access to an entire protocol
list Specifies that an access list will be used for defining a granularity finer than an
entire protocol
access-list- Access list numbers specified in any DECnet, Banyan VINES, IP, Novell IPX, or
number XNS standard or extended access lists, including Novell IPX extended service
access point (SAP) access lists and bridging types. See Table for the supported
access list types and numbers.
access- Filter list name used in the clns filter-set and clns access-group commands
group
To define a dial-on-demand routing (DDR) dialer list to control dialing by protocol or by a
combination of a protocol and a previously defined access list, use the dialer-list global
configuration command. To delete a dialer list, use the no form of this command.
Example:
Dialing occurs when an interesting packet (one that matches access list specifications) needs to be output on
an interface. Using the standard access list method, packets can be classified as interesting or uninteresting.
In the following example, IGRP TCP/IP routing protocol updates are not classified as interesting and do no
initiate calls:
Router(config)#access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0
The following example classifies all other IP packets as interesting and permits them to initiate calls:
Then the following command places list 101 into dialer access group 1:
Router(config)#dialer-list 1 protocol ip list 101
Misconceptions:
None
Related Commands:
dialer map
dialer-group

Command:
default-router
Mode:
Router(dhcp-config)#
Syntax:
default-router {hostname | address} [hostname2 | address2 ...
Hostname8 | address8]
no default-router
Syntax Description:
address Describes the IP address of the default router for the DHCP client
hostname Name of the router for use by DHCP clients
This command specifies the IP address of the default router for a DHCP client. To disable this
feature, use the no form of this command.
Example:
This example specifies two addresses for the default router:
Router(dhcp-config)#default-router 192.168.0.1 192.168.0.2
Misconceptions:
None
Related Commands:
ip dhcp pool
host

Command:
dns-server
Mode:
Syntax:
dns-server {hostname | address} [hostname2 | address2 ...

no dns-server
Syntax Description:
address The IP address of the domain name server
hostname The name of the domain name server
This command specifies the IP address of a DNS server that is available to a DHCP client. To
disable this feature, use the no form of this command.
Example:
The following example will define two domain name servers (192.168.0.10, and 10.0.0.20) in a
DHCP pool named "house".
Router(config)#ip dhcp pool house
Router(dhcp-config)#dns-server 192.168.0.10 10.0.0.20
Misconceptions:
None
Related Commands:
ip dhcp pool
domain-name
Command:
domain-name
Mode:
Syntax:
domain-name domain
no domain-name
Syntax Description:
domain The domain name string of the client
This command specifies the domain name for the client. To remove the domain name, use the no
Example:
The following example will define the domain name to mydomain.com in a DHCP pool named
"house".
Router(dhcp-config)#domain-name mydomain.com
Misconceptions:
None
Related Commands:
ip dhcp pool
dns-server

Command:
host
Mode:
Syntax:
host address [mask | prefix-length]
no host
Syntax Description:
address Specifies the address of the client.
mask (Optional) Specifies the network mask of the client.
prefix- (Optional) Specifies the number of bits that comprise the address prefix. The prefix is
length an alternative way of specifying the network mask of the client. The prefix length must
be preceded by a forward slash (/).
Use this command to specify the IP address and network mask for a manual binding to a DHCP
client. To remove the IP address of the client, use the no form of this command.
Example:
The following example specifies 10.12.1.99 as the IP address of the client and 255.255.248.0 as
the subnet mask:
Router(dhcp-config)#host 10.12.1.99 255.255.248.0
Misconceptions:
None
Related Commands:
ip dhcp pool
dns-server
domain-name
Command:
ip dhcp pool
Mode:
Router(config)#
Syntax:
ip dhcp pool pool-name
no ip dhcp pool pool-name
Syntax Description:
pool-name The name of this DHCP pool
To activate the IOS DHCP server and configure pool-specific settings, use the ip dhcp pool
command. To remove the address pool, use the no form of this command.
Example:
The following creates a pool named "MyPool1".
Router(config)#ip dhcp pool MyPool1
Misconceptions:
None
Related Commands:
dns-server
domain-name
default-router
lease
netbios-name-server
network (DHCP)
Command:
lease
Mode:
Syntax:
lease {days [hours][minutes] | infinite}
no lease
Syntax Description:
days The lease time for the DHCP host in days.
hours The lease time for the DHCP host in hours.
minutes The lease time for the DHCP host in minutes.
infinite Set the lease time to never expire.
To change the lease value for an IP address, use the lease command. To restore the default value,
use the no form of this command.
Example:
This example configures a DHCP lease for 3 days, 2 hours and 1 minute:
Router(dhcp-config)#lease 3 2 1
To configure a 3 hour lease, enter the following:

Router(dhcp-config)#lease 0 3
Misconceptions:
None
Related Commands:
ip dhcp pool
Command:
netbios-name-server
Mode:
Syntax:
netbios-name-server {hostname | address} [hostname2 | address2 ...
no netbios-name-server
Syntax Description:
address(n) The IP address(es) of the netbios name server(s).

hostname The name of the netbios-name-server.
This command specifies the IP address of a netbios name-server that is available to a DHCP client.
One IP address is required; however, you can specify up to eight IP addresses in one command
line. To remove the NetBIOS name server list, use the no form of this command.
Example:
The following example will define a two netbios name server in a DHCP pool named "house". The
first is at 192.168.0.10 and the second is at 10.0.0.20.
Router(dhcp-config)#netbios-name-server 192.168.0.10 10.0.0.20
Misconceptions:
None
Related Commands:
ip dhcp pool
dns-server
domain-name
Command:
network (DHCP)
Mode:
Syntax:
network network-number [mask | /prefix-length]
no network
Syntax Description:
network-number Specify the network address for the DHCP pool
mask Specify the subnet mask of the DHCP pool in dotted decimal notation
prefix-length Specify the subnet mask in prefix-length notation
Specifies the subnet network number and mask of the DHCP address pool.
Example:
The following example will define a range of addresses from 192.168.0.0 through 192.168.0.255
in a DHCP pool named "house".
Router(dhcp-config)#network 192.168.0.0 255.255.255.0
Misconceptions:
None
Related Commands:
None
Command:
show ip dhcp
Mode:
Router#
Syntax:
show ip dhcp { binding [address] | conflict [address] | database
[url] | server statistics }
Syntax Description:
conflict Displays a list of all address conflicts recorded by a specific DHCP server
binding Displays a list of all bindings created on a specific DHCP server
database Displays recent activity on the DHCP database
server Displays count information about server statistics and messages sent and received
statistics
(Optional) Specifies the remote file used to store automatic DHCP bindings. Following
are the acceptable URL file formats:
url tftp://host/filename
ftp://user:password@host/filename
rcp://user@host/filename
address The address of the DHCP server.
This command is used to display DHCP server information from EXEC mode.
Example:
The following will display the DHCP server statics:
Router#show ip dhcp server statistics

Misconceptions:
None
Related commands:
None

Command:
debug all
Mode:
Router#
Syntax:
debug all
no debug all
Syntax Description:
To enable all system diagnostics, enter the debug all command in privileged EXEC mode. The no
debug all command turns off all diagnostic output. Using the no debug all command is a
convenient way to ensure that you have not accidentally left any debug commands turned on.
Debugging output takes priority over other network traffic, and because the debug all command
generates more output than any other debug command, it can severely diminish the router's
performance or even render it unusable. In virtually all cases, it is best to use more specific debug
commands.
Example:
Router#debug all
This may severely impact network performance. Continue? [confirm]
All possible debugging has been turned on
Misconceptions:
None
Related Commands:
debug ip ospf
show ip ospf
debug ppp
Command:
debug confmodem
Mode:
Router#
Syntax:
debug confmodem
no debug confmodem
Syntax Description:
To display information associated with the discovery and configuration of the modem attached to
the router, use the debug confmodem privileged EXEC command. The no form of this command
disables debugging output.
Usage Guidelines:
The debug confmodem command is used in debugging configurations that use the modem
autoconfig command.
Example:
The following is a sample of debug confmodem output. In the first three lines, the router is
searching for a speed at which it can communicate with the modem. The remaining lines show the
actual sending of the modem command.
Router#debug confmodem

TTY4:detection speed(38400) response ---OK---
TTY4:Modem command: --AT&F&C1&D2S180=3S190=1S0=1--
TTY4: Modem configuration succeeded
TTY4: Done with modem configuration
Misconceptions:
None
Related Commands:
debug all

Command:
debug dialer
Mode:
Router#
Syntax:
debug dialer {events | packets}
no debug dialer {events | packets}
Syntax Description:
events When DDR is enabled on the interface, information concerning the cause of any call
(called the Dialing cause) is displayed.
packets Displays debugging information about the packets received on a dialer interface.
This command is used to display debugging information about the packets received on a dialer
interface, including source and destination address, and number dialed. When Dial on Demand
Routing (DDR) is enabled on the interface, information concerning the cause of any call (called the
Dialing cause) is also displayed. The no form of the command disables debugging output.
Example:
The following is a sample line of output from the debug dialer events command. The following
display for an IP packet, lists the name of the DDR interface and the source and destination
addresses of the packet:
Router#debug dialer events
Dialing cause: Serial0: ip (s=172.16.1.111 d=172.16.2.22)
The following is a sample of output from the debug dialer packets command. It shows the
interface type, the type of packet (protocol) being sent, the source and destination addresses, the
size of the packet, and the default action for the packet (in this example, PERMIT).
Router#debug dialer packets

BRI0: ip (s=10.1.1.8, d=10.1.1.1), 100 bytes, interesting (ip PERMIT)
Misconceptions:
None
Related Commands:
debug all

Command:
debug eigrp
Mode:
Router#
Syntax:
debug ip eigrp {fsm | neighbors | packet}
no debug eigrp {fsm | neighbors [static] | packet}
Syntax Description:
fsm Displays debugging information about EIGRP feasible successormetrics (FSM).
neighbors Display neighbors discovered by EIGRP.
packet Displays general debugging information, including packets transmitted and received.
The debug eigrp commands can be used to troubleshoot or monitor live EIGRP processes.
Example:
Router#debug eigrp fsm

DUAL:
dual_rcvupdate(): 172.25.166.0 255.255.255.0 via 0.0.0.0 metric 750080/0
DUAL: Find FS for dest 172.25.166.0 255.255.255.0. FD is 4294967295, RD is 42949
67295 found
DUAL: RT installed 172.25.166.0 255.255.255.0 via 0.0.0.0
DUAL:
dual_rcvupdate(): 192.168.4.0 255.255.255.0 via 0.0.0.0 metric 4294967295/
4294967295
DUAL: 0.0.0.0 metric 4294967295/4294967295not found Dmin is 4294967295
DUAL: Dest 192.168.4.0 255.255.255.0 not entering active state.
DUAL: Removing dest 192.168.4.0 255.255.255.0, nexthop 0.0.0.0
DUAL: No routes. Flushing dest 192.168.4.0 255.255.255.0
Misconceptions:
None
Related Commands:
debug all

Command:
debug ip ospf
Mode:
Router#
Syntax:
debug ip ospf { events | packet }
no debug ip ospf { events | packet }
Syntax Description:
Displays information on the Open Shortest Path First (OSPF) protocol related events,
events such as adjacencies, flooding information, designated router selection, and shortest path
first (SPF) calculation. The no form of this command disables debugging output.
packet Displays information about each Open Shortest Path First (OSPF) packet received.
The debug ip ospf commands can be used to troubleshoot or monitor live OSPF processes.
Example:
Router#debug ip ospf events
OSPF:hello with invalid timers on interface Ethernet0
hello interval received 10 configured 10
net mask received 255.255.255.0 configured 255.255.255.0
dead interval received 40 configured 30
Misconceptions:
None
Related Commands:
debug all

Command:
debug ip rip
Mode:
Router#
Syntax:
debug ip rip
no debug ip rip
Syntax Description:
This command displays RIP transactions.
Example:
Router#debug ip rip
RIP protocol debugging is on
Misconceptions:
None
Related Commands:
debug all

Command:
debug isdn
Mode:
Router#
Syntax:
debug isdn [events | q921 | q931]

no debug isdn [events | q921 | q931]
Syntax Description:
events Displays Integrated Services Digital Network (ISDN) events occurring on the user side
(on the router) of the ISDN interface. The ISDN events that can be displayed are Q.931
events (call setup and teardown of ISDN network connections). Although the debug isdn
event and the debug isdn q931 commands provide similar debug information, the
information is displayed in a different format. If you want to see the information in both
formats, enable both commands at the same time. The displays will be intermingled.
q921 Displays data link layer (Layer 2) access procedures occurring at the router on the D
channel (LAPD) of its Integrated Services Digital Network (ISDN) interface.
q931 q931: Displays information about the call setup and teardown of ISDN network
connections (Layer 3) between the local router (user side) and the network. The ISDN
network layer interface provided by the router conforms to the user interface specification
defined by ITU-T recommendation Q.931, supplemented by other specifications such as
for switch type VN4. The router tracks only activities that occur on the user side, not the
network side of the network connection. The command output of the debug isdn q931
command is limited to commands and responses exchanged during peer-to-peer
communication carried over the D channel.
Use the debug isdn priviledged EXEC command to display information on ISDN link activity.
The no form of the command disables debugging output.
Example:
Router#debug isdn events
ISDN Event: Call to 415555121202
received HOST_PROCEEDING
Channel ID i = 0x0101
-------------------
Channel ID i = 0x89
received HOST_CONNECT
ISDN Event: Connected to 415555121202 on B1 at 64 Kb/s
Misconceptions:
None
Related Commands:
show dialer

Command:
debug ppp
Mode:
Router#
Syntax:
debug ppp {packet | negotiation | error | authentication |
compression | cbcp}
no debug ppp {packet | negotiation | error | authentication |

compression | cbcp}
Syntax Description:
packet Displays PPP packets being sent and received. (This command displays low-
level packet dumps.)
negotiation Displays PPP packets transmitted during PPP startup, where PPP options are
negotiated.
error Displays protocol errors and error statistics associated with PPP connection
negotiation and operation.
authentication Displays authentication protocol messages, including Challenge Authentication
Protocol (CHAP) packet exchanges and Password Authentication Protocol
(PAP) exchanges.
compression Displays information specific to the exchange of PPP connections using MPPC.
This command is useful for obtaining incorrect packet sequence number
information where MPPC compression is enabled.
cbcp Displays protocol errors and statistics associated with PPP connection
negotiations using MSCB.
Use the debug ppp EXEC command to display information on traffic and exchanges in an
internetwork implementing the Point-to-Point Protocol (PPP).
Example:
Router#debug ppp negotiation
The following is sample output from the debug ppp negotiation command. This is a normal
negotiation, where both sides agree on network control program (NCP) parameters. In this
case, protocol type IP is proposed and acknowledged.
ppp: sending CONFREQ, type = 4 (CI_QUALITYTYPE), value = C025/3E8
ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 3D56CAC
ppp: received config for type = 4 (QUALITYTYPE) acked
ppp: received config for type = 5 (MAGICNUMBER) value = 3D567F8 acked (ok)
PPP Serial4: state = ACKSENT fsm_rconfack(C021): rcvd id 5
ppp: config ACK received, type = 4 (CI_QUALITYTYPE), value = C025
ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 3D56CAC
ppp: ipcp_reqci: returning CONFACK.
(ok)
PPP Serial4: state = ACKSENT fsm_rconfack(8021): rcvd id 4
Misconceptions:
None
Related Commands:
debug all

Command:
debug dialer
Mode:
Router#
Syntax:
debug dialer {events | packets}
no debug dialer {events | packets}
Syntax Description:
events When DDR is enabled on the interface, information concerning the cause of any call
(called the Dialing cause) is displayed.
packets Displays debugging information about the packets received on a dialer interface.
This command is used to display debugging information about the packets received on a dialer
interface, including source and destination address, and number dialed. When Dial on Demand
Routing (DDR) is enabled on the interface, information concerning the cause of any call (called the
Dialing cause) is also displayed. The no form of the command disables debugging output.
Example:
The following is a sample line of output from the debug dialer events command. The following
display for an IP packet, lists the name of the DDR interface and the source and destination
addresses of the packet:
Router#debug dialer events
Dialing cause: Serial0: ip (s=172.16.1.111 d=172.16.2.22)
The following is a sample of output from the debug dialer packets command. It shows the
interface type, the type of packet (protocol) being sent, the source and destination addresses, the
size of the packet, and the default action for the packet (in this example, PERMIT).
Router#debug dialer packets

BRI0: ip (s=10.1.1.8, d=10.1.1.1), 100 bytes, interesting (ip PERMIT)
Misconceptions:
None
Related Commands:
debug all

Command:
dialer idle-timeout
Mode:
Router(config-if)#
Syntax:
dialer idle-timeout seconds [inbound | either]
no dialer idle-timeout
Syntax Description:
Idle time, in seconds, that must occur on the interface before the line is disconnected.
seconds
Acceptable values are positive, nonzero integers.
inbound (Optional) Only inbound traffic will reset the idle timeout.
either (Optional) Both inbound and outbound traffic will reset the idle timeout.
The dialer idle-timeout interface configuration command specifies the amount of idle time (in
seconds) before the line is disconnected. Use the no dialer idle-timeout command to reset the idle
timeout to the default value of 120 seconds.
Example:
The following example specifies of an idle timeout of 3 minutes (180 seconds) on asynchronous
interface 1. Because the inbound keyword is included, only inbound traffic that matches the dialer
group will reset the idle timer.
Router(config-if)#dialer idle-timeout 180 inbound
Misconceptions:
None
Related Commands:
dialer wait-for-carrier-time
dialer fast-idle

Command:
dialer in-band
Mode:
Router(config-if)#
Syntax:
dialer in-band [no-parity | odd-parity]
no dialer in-band
Syntax Description:
no-parity This indicates that no parity is to be applied to the dialer string that is sent out to
the modem on synchronous interfaces.
odd-parity This indicates that the dialed number has odd parity (7-bit ASCII characters with
the eighth bit as the parity bit) on synchronous interfaces.
To specify that dial-on-demand routing (DDR) is to be supported, use the dialer in-band interface
configuration command. To disable DDR for the interface, use the no form of this command.
The dialer in-band command specifies that chat scripts will be used on asynchronous interfaces
and V.25 bis will be used on synchronous interfaces. The parity keywords do not apply to
asynchronous interfaces.
The parity setting applies to the dialer string that is sent out to the modem. If a parity is not
specified, or no parity is specified, no parity is applied to the output number. If odd parity is
configured, the dialed number will have odd parity (7-bit ASCII characters with the eighth bit as
the parity bit.)
If an interface only accepts calls and does not place calls, the dialer in-band interface
configuration command is the only command needed to configure it. If an interface is configured in
this manner, with no dialer rotary groups, the idle timer never disconnects the line. It is up to the
remote end (the end that placed the call) to disconnect the line based on idle time.
Example:
The following example specifies DDR for asynchronous interface 1:
The DTR pulse signals for three seconds on the interfaces in dialer group 1. This holds the DTR
low so the modem can recognize that DTR has been dropped.
Router(config-if)#pulse-time 3
Misconceptions:
None
Related Commands:
dialer map
dialer string

Command:
dialer pool
Mode:
Router(config-if)#
Syntax:
dialer pool number
no dialer pool number
Syntax Description:
number Dialing pool number, in the range 1 through 255.
To specify, for a dialer interface, which dialing pool to use to connect to a specific destination
subnetwork, use the dialer pool interface configuration command.
This command applies to dialer interfaces only.
Example:
The following example shows a dialer interface configuration that is linked to the physical
interface configuration shown for BRI 1 in the dialer pool-member command section. Dialer
interface 1 uses dialer pool 3, of which BRI 1 is a member.
This is a dialer profile for reaching remote subnetwork 1.1.1.1.

Router(config)#interface Dialer1
Router(config-if)#encapsulation ppp
Router(config-if)#dialer remote-name Smalluser
Router(config-if)#dialer string 4540
Router(config-if)#dialer pool 3
Router(config-if)#dialer-group 1
The following example might accompany the previous dialer profile configuration example.
Physical interface BRI 1 has a reserved channel in dialer pool 3. That channel is inactive until BRI
1 uses it to place calls.
Router(config)#interface BRI1
Router(config-if)#dialer pool-member 1 priority 50
Router(config-if)#dialer pool-member 3 min-link 1
Router(config-if)#ppp authentication chap
Misconceptions:
None
Related Commands:
dialer pool-member

Command:
dialer pool-member
Mode:
Router(config-if)#
Syntax:
dialer pool-member number [priority priority] [min-link minimum]
[max-link maximum]
no dialer pool-member
Syntax Description:
priority (Optional) Priority of this interface within the dialing pool, in the range 0
priority (lowest) to 255 (highest). Interfaces with the highest priority are selected first for
dialing out. Default is 0.
min-link (Optional) Minimum number of B channels on this interface that are reserved for
minimum this dialing pool, in the range 0 to 255. Default is 0. A reserved channel is
inactive until the specified interface uses it to place calls. Applies to ISDN
interfaces only.
max-link (Optional) Maximum number of B channels on this interface that can be used by
maximum this dialing pool, in the range 0 to 255. Default is 255. Applies to ISDN
interfaces only.
To configure a physical interface to be a member of a Dialer Profiles dialing pool, use the dialer
pool-member interface configuration command.
Example:
The following example shows the configuration of one ISDN BRI interface to be a member of
dialer pool 2 with priority 100:
Router(config)#interface bri 2
In the following example, BRI physical interface configuration BRI 1 has a reserved channel in
dialer pool 3. That channel is inactive until BRI 1 uses it to place calls.
Misconceptions:
None
Related Commands:
dialer pool

Command:
dialer priority
Mode:
Router(config-if)#
Syntax:
dialer priority number
no dialer priority
Syntax Description:
number Priority of an interface in a dialer rotary group; the highest number indicates the
highest priority. This is a number from 0 through 255. The default value is 0, the
lowest priority.
To set the priority of an interface in a dialer rotary group, use the dialer priority interface
configuration command. Use the no form of the command to revert to the default setting.This
command is meaningful only for interfaces that are part of dialer rotary groups.
The value 0 indicates the lowest priority, and 255 indicates the highest priority. The dialer
priority command controls which interfaces within a dialer rotary group will be used first. Higher
priority interfaces (configured with higher n value) are used first.
The dialer priority command gives you the ability to tell the dialer rotary group which free
interface (and, by extension for asynchronous interfaces, which modem) to use first. This
command applies to outgoing calls only.
For example, a router or access server might have a selection of many modems, some of which are
better performers than others. You might have a 19.2-kbps, two 4800-bps, three 1200-bps, and one
300-bps modem on interfaces in one dialer rotary group. You do not want the router or access
server to make the call on the 300 bps modem if any of the faster modems are free. You want to
use the highest-performance modems first, and the slowest modems last.
Example:
In the following example, asynchronous interface 3 will be used after interfaces with higher
priority and before interfaces with lower priority:
Router(config-if)#dialer priority 5
Misconceptions:
None
Related Commands:
interface dialer
dialer rotary-group

Command:
dialer remote-name
Mode:
Router(config-if)#
Syntax:
dialer remote-name username
no dialer remote-name username
Syntax Description:
username Case-sensitive character string identifying the remote device; maximum length is 255
characters.
Use the dialer remote-name interface configuration command to specify the authentication name
of the remote router on the destination subnetwork.
Example:
The following example sets the name of the remote host to dallas:
Router(config-if)#dialer remote-name dallas
Misconceptions:
None
Related Commands:
ppp authentication

Command:
dialer rotary-group
Mode:
Router(config-if)#
Syntax:
dialer rotary-group number
no dialer rotary-group number
Syntax Description:
number Number of the previously defined dialer interface in whose rotary group this interface is
to be included. This is a number from 0 to 255. The dialer interface is defined by the
interface dialer command.
To include a specified interface in a dialer rotary group, use the dialer rotary-group interface
Usage Guidelines:
Dialer rotary groups allow you to apply a single interface configuration to a set of physical
interfaces. This allows a group of interfaces to be used as a pool of interfaces for calling many
destinations.
Once the interface configuration is propagated to a set of interfaces, those interfaces can be used to
place calls using the standard DDR criteria. When multiple destinations are configured, any of
these interfaces can be used for outgoing calls.
Dialer rotary groups are useful in environments that require multiple calling destinations. Only the
rotary group needs to be configured with the dialer map commands. The only configuration
required for the interfaces is the dialer rotary-group command indicating that each interface is
part of a dialer rotary group.
Although a dialer rotary group is configured as an interface, it is not a physical interface. Instead, it
represents a group of interfaces. Interface configuration commands entered after the interface
dialer command will be applied to all physical interfaces assigned to specified rotary groups.
Individual interfaces in a dialer rotary group do not have individual addresses. The dialer interface
has a protocol address, and that address is used by all interfaces in the dialer rotary group.
Example:
The following example identifies interface dialer 1 as the dialer rotary group leader. Interface
dialer 1 is not a physical interface, but represents a group of interfaces. The interface configuration
commands that follow apply to all interfaces included in this group. The first dialer map
command allows the central site and remote site YYY to call each other and allows the central site
to authenticate site YYY when it calls in. The second dialer map command, with no dialer string,
allows the central site to authenticate remote site ZZZ when it calls in, but the central site cannot
call remote site ZZZ (no phone number).
Router(config-if)#authentication chap
Router(config-if)#ip address 1.2.3.4
Router(config-if)#dialer map ip 131.108.2.5 name YYY 14155553434
Router(config-if)#dialer map ip 131.126.4.5 name ZZZ
Router(config-if)#dialer rotary-group 1
Router(config-if)#interface rotary-group 1
Misconceptions:
None
Related Commands:
interface dialer

Command:
dialer string
Mode:
Router(config-if)#
Syntax:
dialer string dial-string [class class-name]
no dialer string
Syntax Description:
dial-string Telephone number to be sent to a DCE device.
class class-name (Optional) Dialer map class associated with this telephone number.
To specify the string (telephone number) to be used when placing a call from an interface, use the
dialer string interface configuration command. Use the no form of this command to delete the
telephone number specified for the interface.
Usage Guidelines
When you use Dialer Profiles for DDR, use the dialer string class form of this command to define
a map class for a specific dialer profile.
Dialer Profiles make it unnecessary to use dialer maps to configure DDR.
If a dialer string command is specified without a dialer-group command with access lists
defined, dialing is never initiated. If the debug dialer command is enabled, an error message is
displayed indicating that dialing never will occur.
Example:
The following example specifies that the dial string 4159991234 be used in calls to destinations
defined by the map class sf:
Router(config-if)#dialer string 4159991234 class sf
Misconceptions:
None
Related Commands:
interface dialer

Command:
Mode:
Router(config-if)#
Syntax:
dialer wait-for-carrier-time seconds
no dialer wait-for-carrier-time
Syntax Description:
seconds Number of seconds that the interface waits for the carrier to come up when a call is
placed. Acceptable values are positive, nonzero integers. The default is 30 seconds.
To specify the length of time to wait for a carrier when dialing out to the dial string associated with
a specified map class, use the dialer wait-for-carrier-time map-class dialer configuration
command. Use the no form of this command to reset the carrier wait time value to the default.
Usage Guidelines
You can define different dialer map classes with different wait-for-carrier times to suit the different
types of lines and interfaces. For example, you must define a longer wait time for a map class used
by serial interfaces than for one used by ISDN interfaces.
Example:
The following example specifies a carrier wait time of 20 seconds for the Eng class on the Dialer2
interface:
Router(config-if)#dialer remote-name Mediumuser
Router(config-if)#dialer string 5264540 class Eng
Router(config-if)#dialer wait-for-carrier-time 20
Router(config-if)#dialer load-threshold 50 either
Misconceptions:
None
Related Commands:
None

Command:
dialer-group
Mode:
Router(config-if)#
Syntax:
dialer-group group-number
no dialer-group
Syntax Description:
This specifies the number of the dialer access group to which the specific interface
group-
number belongs. This access group is defined with the dialer-list command. Acceptable
values are nonzero, positive integers between 1 and 10.
To control access by configuring an interface to belong to a specific dialing group, use the dialer-
group command in interface configuration mode. Use the no form of this command to remove an
interface from the specified dialer access group.
Example:
The following example specifies dialer access group number 1. The destination address of the packet is
evaluated against the access list specified in the associated dialer-list command. If it passes, either a call is
initiated (if no connection has already been established) or the idle timer is reset (if a call is currently conne
Router(config-if)#exit
Router(config)#access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0
Misconceptions:
None
Related Commands:

Command:
group-range
Mode:
Router(config-if)#
Syntax:
group-range low-end-of-range high-end-of-range
no group-range interface
Syntax Description:
low-end-of-range Beginning interface number to be made a member of the group interface.
high-end-of-range Ending interface number to be made a member of the group interface.
To create a list of member asynchronous interfaces (associated with a group interface), use the
group-range interface configuration command. Use the no form of the command to remove an
interface from the member list.
Usage Guidelines
Using the group-range command, you create a group of asynchronous interfaces that are
associated with a group asynchronous interface on the same device. This group interface is
configured by using the interface group-async command. This one-to-many structure allows you
to configure all associated member interfaces by entering one command on the group interface,
rather than entering this command on each interface. You can customize the configuration on a
specific interface by using the member command.
Example:
The following example defines interfaces 2, 3, 4, 5, 6, and 7 as members of asynchronous group
interface 0:
Router(config)#interface group-async 0
Router(config-if)#group-range 2 7
Misconceptions:
None
Related Commands:
interface group-async

Command:
interface dialer
Mode:
Router(config)#
Syntax:
interface dialer number
Syntax Description:
number Number of the dialer rotary group. It can be number in the range 0 through 255.
To define a dialer rotary group, use the interface dialer global configuration command.
Dialer rotary groups allow you to apply a single interface configuration to a set of physical
interfaces. This allows a group of interfaces to be used as a pool of interfaces for calling many
destinations.
Once the interface configuration is propagated to a set of interfaces, those interfaces can be used to
place calls using the standard DDR criteria. When multiple destinations are configured, any of
these interfaces can be used for outgoing calls.
Dialer rotary groups are useful in environments that require multiple calling destinations. Only the
rotary group needs to be configured with the dialer map commands. The only configuration
required for the interfaces is the dialer rotary-group command indicating that each interface is
part of a dialer rotary group.
Although a dialer rotary group is configured as an interface, it is not a physical interface. Instead, it
represents a group of interfaces. Interface configuration commands entered after the interface
dialer command will be applied to all physical interfaces assigned to specified rotary groups.
Individual interfaces in a dialer rotary group do not have individual addresses. The dialer interface
has a protocol address, and that address is used by all interfaces in the dialer rotary group.
Example:
The following example identifies interface dialer 1 as the dialer rotary group leader. Interface
dialer 1 is not a physical interface, but represents a group of interfaces. The interface configuratin
commands that follow apply to all interfaces included in this group.
Router(config-if)#authentication chap
Router(config-if)#dialer in-band ip address 1.2.3.4
Router(config-if)#dialer map ip 1.2.2.5 name YYY 14155553434
Router(config-if)#dialer map ip 1.3.2.6 name ZZZ
Misconceptions:
None
Related Commands:
None

Command:
interface group-async
Mode:
Router(config)#
Syntax:
interface group-async unit-number
no interface group-async unit-number
Syntax Description:
unit-number The number of the asynchronous group interface being created.
To create a group interface that will serve as master, to which asynchronous interfaces can be
associated as members, use the interface group-async global configuration command. Use the no
form of the command to restore the default.
Using the interface group-async command, you create a single asynchronous interface to which
other interfaces are associated as members using the group-range command. This one-to-many
configuration allows you to configure all associated member interfaces by entering one command
on the group master interface, rather than entering this command on each individual interface. You
can create multiple group masters on a device. However, each member interface can only be
associated with one group.
Example:
The following example defines asynchronous group master interface 0:
Router(config)#interface group-async 0
Misconceptions:
None
Related Commands:
group-range
Command:
isdn incoming-voice modem
Mode:
Router(config-if)#
Syntax:
isdn incoming-voice {voice | data [56 | 64] | modem [56 | 64]}
no isdn incoming-voice {voice | data [56 | 64] | modem [56 | 64]}
Syntax Description:
voice Incoming voice calls bypass the modems and will be handled as a voice call.
Incoming voice calls bypass the modems and will be handled as digital data. If this
data keyword is selected, you can specify a B-channel bandwidth of either 56 kbps or 64
kbps. If no argument is entered, the default value is 64.
Incoming voice calls are passed over to the digital modems, where they negotiate the
appropriate modem connection with the far-end modem. If this keyword is selected, you
modem
can specify a B-channel bandwidth of either 56 kbps or 64 kbps. If no argument is
entered, the default value is 64.
To allow all incoming ISDN voice calls to access onboard modems, use the isdn incoming-voice
modem interface configuration command. Use the no form of this command to stop all incoming
voice calls from accessing the modems.
Usage Guidelines
Configure this command on each D channel in the access server or router. Incoming circuit
switched data calls are not affected by this command.
This command is not used for channelized T1 or channelized E1 network scenarios. These
networks use traditional analog trunks that have in-band signaling. Use the isdn incoming-voice
modem command only when you are using ISDN.
Example:
The following example enables incoming and outgoing ISDN calls to route to the modems using
the D channel serial interface:
Router(config)#interface serial 0:23
Router(config-if)#isdn incoming-voice modem
Misconceptions:
None
Related Commands:
None

Command:
map-class dialer
Mode:
Router(config)#
Syntax:
map-class dialer classname
Syntax Description:
classname Unique class identifier.
To define a class of shared configuration parameters for outgoing calls from an ISDN interface, use
the map-class dialer global configuration command.
The classname in the map-class dialer command used to specify the class must be the same as a
classname used in a dialer map command.
This command is used to define classes of calls for PPP callback for DDR, for ISDN Advice of
Charge, and for Network Specific Facilities (NSF) call-by-call dialing plans.
For NSF call-by-call support on ISDN Primary-4ESS switches only, use one of the dialing-plan
keywords listed in the table below.
Table: NSF Keywords and Supported Services
Keyword NSF Dialing Plan Data Voice International
sdnplan SDN Yes Yes GSDN (Global SDN)
megaplan MEGACOMM No Yes Yes
accuplan ACCUNET Yes Yes Yes
Example:
The following example configures the PPP callback server on an ISDN BRI interface on a router in
Atlanta. The callback server requires an enable timeout and a map class to be defined.
Router(config)#interface BRI0
Router(config-if)#dialer callback-secure
Router(config-if)#dialer enable-timeout 2
Router(config-if)#dialer map ip 7.1.1.8 name atlanta class dial1 81012345678901
Router(config-if)#ppp callback accept
Router(config)#map-class dialer dial1
Router(config-map-class)#dialer callback-server username
The following example configures the ISDN switch type to Primary-4ESS and configures ISDN PRI
on T1 controller 1/0, and sets the D channel for dialer map classes that reference the NSF dialing
plans. Finally, the map-class dialer command uses a dialing plan keyword and the dialer outgoing
command refers to the same plan.
Router(config)#isdn switch-type primary-4ess

Router(config)#controller T1 1/0
Router(config-controller)#framing esf
Router(config-controller)#linecode b8zs
Router(config-controller)#pri-group timeslots 1-24
Router(config)#interface Serial 1/0:23
Router(config-if)#description
This is the DMS D-channel 415-390-9503
Router(config-if)#no keepalive
Router(config-if)#dialer map ip 6.1.1.1 name tommyjohn class sdnplan 14085770715
Router(config-if)#dialer map ip 6.1.1.2 name angus class megaplan 14085773775
Router(config-if)#dialer map ip 6.1.1.4 name angus class accuplan 14085773778
Router(config)#map-class dialer sdnplan
Router(config-map-class)#dialer outgoing sdn
Router(config)#map-class dialer megaplan
Router(config-map-class)#dialer voice-call
Router(config-map-class)#dialer outgoing megacomm
Router(config)#map-class dialer accuplan
Router(config-map-class)#dialer outgoing accunet
The following example configures a map class called "hawaii" and sets an ISDN speed of 56 kbps
for the class.
Router(config)#map-class dialer hawaii

Router(config-map-class)#isdn speed 56
The following example configures BRI 0 to function as the callback server on the shared network.
The callback server requires an enable timeout and a map class to be defined.
Router(config-if)#dialer enable-timeout 2
Router(config-if)#dialer map ip 10.2.1.8 name atlanta class dial1 81012345678901
Router(config)#map-class dialer dial1
Router(config-map-class)#dialer callback-server username
Misconceptions:
None
Related Commands:
None

Command:
show dialer
Mode:
Router#
Syntax:
show dialer [interface type number]
Syntax Description:
interface Displays information for the interface specified by the arguments type and number
To display general diagnostic information for interfaces configured for DDR (dial-on-demand
routing), use the show dialer command in EXEC mode.
Example:
The following is an output example from the show dialer command for a BRI interface when dialer
profiles are configured:
Router#show dialer interface bri 0
BRI0 - dialer type = ISDN
Dial String Successes Failures Last called Last status
0 incoming call(s) have been screened.
BRI0: B-Channel 1
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: ip (s=6.1.1.8, d=6.1.1.1)
Interface bound to profile Dialer0
Time until disconnect 102 secs
Current call connected 00:00:19
Connected to 5773872 (wolfman)
BRI0: B-Channel 2
Dialer state is idle
The following table describes significant fields shown in the display:
Table: Show Dialer Interface BRI Field Descriptions

Field Description
BRI0 - dialer ISDN dialer.

type = ISDN
Dial string Dial strings of logged calls (telephone numbers). On ISDN

BRI interfaces, if you have specified a subaddress number
in the dialer string, this number is included in the dial
string after a colon.
Successes Successful connections (even if no data is passed).
Failures Failed connections; call not successfully completed.
Last called Time that last call occurred to specific dial string.
Last status Status of last call to specific dial string (successful

or failed).
0 incoming Number of calls subjected to Dialer Profiles screening to

call(s) have determine how the call is to be treated.
been screened.
BRI0: B-Channel Header indicating the following data is for B channel 1.

1
Idle timer (120 Settings (in seconds) for the idle timer and the fast
secs), Fast idle idle timer.
timer (20 secs)
Wait for carrier Settings (in seconds) for the wait for carrier timer and
(30 secs), Re- the reenable timer.
enable (15 secs)
Dialer state is The message "data link layer up" suggests that the dialer
data link layer came up properly, if it says anything else then dialer
up did not come up properly. The message "physical layer up"
means the line protocol (LCP) came up, but the NCP did
not come up. The show interfaces command also provides
the similar information.
Dial reason: ip What initiated the dial, namely an IP packet, plus source
(s=6.1.1.8, and destination address in the packet.
d=6.1.1.1)
Interface bound Dialer profile that is bound to this interface or

to profile B channel.
Dialer0
Time until Time until line is configured to disconnect. This field

disconnect is displayed if the interface is currently connected to a
destination.
Current call Time at which the current call was connected.
connected
Connected to Dial string to which line is currently connected.
Misconceptions:
None
Related Commands:
debug isdn

Command:
debug eigrp
Mode:
Router#
Syntax:
debug ip eigrp {fsm | neighbors | packet}
no debug eigrp {fsm | neighbors [static] | packet}
Syntax Description:
fsm Displays debugging information about EIGRP feasible successormetrics (FSM).
neighbors Display neighbors discovered by EIGRP.
packet Displays general debugging information, including packets transmitted and received.
The debug eigrp commands can be used to troubleshoot or monitor live EIGRP processes.
Example:
Router#debug eigrp fsm

DUAL:
dual_rcvupdate(): 172.25.166.0 255.255.255.0 via 0.0.0.0 metric 750080/0
67295 found
DUAL: RT installed 172.25.166.0 255.255.255.0 via 0.0.0.0
DUAL:
dual_rcvupdate(): 192.168.4.0 255.255.255.0 via 0.0.0.0 metric 4294967295/
4294967295
DUAL: 0.0.0.0 metric 4294967295/4294967295not found Dmin is 4294967295
DUAL: Dest 192.168.4.0 255.255.255.0 not entering active state.
DUAL: Removing dest 192.168.4.0 255.255.255.0, nexthop 0.0.0.0
DUAL: No routes. Flushing dest 192.168.4.0 255.255.255.0
Misconceptions:
None
Related Commands:
debug all

Command:
eigrp log-neighbor-changes
Mode:
Syntax
eigrp log-neighbor-changes
no eigrp log-neighbor-changes
Syntax Description:
To enable the logging of changes in EIGRP neighbor adjacencies, use the eigrp log-neighbor-
changes router interface configuration command.
Example:
The following configuration will log neighbor changes for EIGRP process 209:
Router(config)#router eigrp 209
Router(config-router)#eigrp log-neighbor-changes
Misconceptions:
None
Related Commands:
None
Command:
ip bandwidth-percent eigrp
Mode:
Router(config-if)#
Syntax:
ip bandwidth-percent eigrp as-number percent
no ip bandwidth-percent eigrp as-number percent
Syntax Description:
as-number Autonomous system number.

percent Percent of bandwidth that Enhanced IGRP may use
To configure the percentage of bandwidth that may be used by EIGRP on an interface, use the ip
bandwidth-percent eigrp interface configuration command.
Example:
Router(config-if)#ip bandwidth-percent eigrp 209 75
Misconceptions:
None
Related Commands:
None

Command:
ip summary-address eigrp
Mode:
Router(config-if)#
Syntax:
ip summary-address eigrp as-number network-address subnet-mask
[admin-distance]
no ip summary-address eigrp as-number network-address subnet-mask
[admin-distance]
Syntax Description:
as-number Autonomous system number.
network-address IP summary aggregate address to apply to an interface.
subnet-mask Subnet mask.
admin-distance (Optional) Administrative distance. A value from 0 to 255.
To configure a summary aggregate address for a specified interface, use the ip summary-address
eigrp interface configuration command. To disable a configuration, use the no form of this
command.
Example:
Router(config-if)#ip summary-address eigrp 109 192.1.0.0 255.255.0.0
Misconceptions:
None
Related Commands:
auto-summary
summary-address
Command:
ipx sap-incremental
Mode:
Router(config-if)#
Syntax:
ipx sap-incremental eigrp autonomous-system-number rsup-only
no ipx sap-incremental eigrp autonomous-system-number rsup-only
Syntax Description:
eigrp autonomous- IPX EIGRP autonomous system number. It can be a number from 1 to
system-number: 65535.
(Optional) Indicates that the system uses EIGRP on this interface to carry
rsup-only: reliable SAP update information only. RIP routing updates are used, and
EIGRP routing updates are ignored.
To send Service Advertising Protocol (SAP) updates only when a change occurs in the SAP table,
use the ipx sap incremental interface configuration command. To send periodic SAP updates, use
Example:
The following example sends SAP updates on Ethernet interface 0 only when there is a change in
the SAP table:
Router(config-if)#ipx sap-incremental eigrp 200
Misconceptions:
None
Related Commands:
None

Command:
metric weights
Mode:
Syntax:
metric weights tos k1 k2 k3 k4 k5
no metric weights
Syntax Description:
tos Type of service. Currently, it must always be zero.
k1-k5 Constants that convert an IGRP or EIGRP metric vector into a scalar quantity.
To allow the tuning of the IGRP or EIGRP metric calculations, use the metric weights router
configuration command. To reset the values to their defaults, use the no form of this command.
Usage Guidelines
Use this command to alter the default behavior of IGRP or EIGRP routing and metric computation
and allow the tuning of the metric calculation for a particular type of service (TOS).
If k5 equals 0, the composite IGRP or EIGRP metric is computed according to the following
formula:
metric = [k1 * bandwidth + (k2 * bandwidth)/(256 - load) + k3 * delay]
If k5 does not equal zero, an additional operation is done:

metric = metric * [k5 / (reliability + k4)]
Bandwidth is inverse minimum bandwidth of the path in bits per second scaled by a factor of 2.56
* 10^12. The range is from a 1200-bps line to 10 terabits per second.
Delay is in units of 10 microseconds. This gives a range of 10 microseconds to 168 seconds. A

delay of all ones indicates that the network is unreachable. The delay parameter is stored in a 32-bit
field, in increments of 39.1 nanoseconds. This gives a range of 1 (39.1 nanoseconds) to
hexadecimal FFFFFFFF (decimal 167,503,724,504 nanoseconds). A delay of all ones
(hexadecimal FFFFFFFF) indicates that the network is unreachable.
defaults:
tos: 0
k1: 1
k2: 0
k3: 1
k4: 0
k5: 0
Example:
The following example sets the metric weights to slightly different values than the defaults:
Router(config-router)#metric weights 0 2 0 2 0 0
Misconceptions:
None
Related Commands:
show ip protocols

Command:
network (EIGRP)
Mode:
Syntax:
network network-number [network-mask]
no network network-number [network-mask]
Syntax Description:
network-number IP address of the directly connected networks.
network-mask (Optional) Network mask.
To specify a list of networks for an EIGRP routing process, use this form of the network router
configuration command. To remove an entry, use the no form of this command.
Example:
The following example configures a router for EIGRP and assigns autonomous system number
109. The network command indicates the network directly connected to the router.

Router(config-router)#network 172.16.0.0 0.0.255.255
Misconceptions:
None
Related Commands:
router eigrp
show ip route

Command:
router eigrp
Mode:
Router(config)#
Syntax:
router eigrp autonomous-system
no router eigrp autonomous-system
Syntax Description:
autonomous- Autonomous system number that identifies the routes to the other EIGRP
system routers. It is also used to tag the routing information.
To configure the EIGRP routing process, use the router eigrp global configuration command. To
shut down a routing process, use the no form of this command.
Example:
The following example configures an EIGRP routing process and assigns process number 109:
Misconceptions:
None
Related Commands:
network (EIGRP)

Command:
show ip eigrp interfaces
Mode:
Router#
Syntax:
show ip eigrp interfaces [interface-type interface-number] [as-
number]
Syntax Description:
interface-type: (Optional) Interface type
interface-number Displays the Enhanced IGRP topology table
as-number (Optional) Interface number
This command displays EIGRP statistics and status information.
Example:
Router#show ip eigrp interfaces
Misconceptions:
None
Related commands:
show ip eigrp topology

Command:
Mode:
Router#
Syntax:
show ip eigrp topology [autonomous-system-number | [[ip-address]
mask]]
Syntax Description:
autonomous-system-number (Optional) Autonomous system number
(Optional) IP address. When specified with a mask, a detailed
ip address
description of the entry is provided.
mask (Optional) Subnet mask
To display the EIGRP topology table, use the show ip eigrp topology EXEC command. This
command is also used to determine Diffusing Update Algorithm (DUAL) states and to debug
possible DUAL problems.
Example:
Router#show ip eigrp topology
Misconceptions:
None
Related commands:
show ip eigrp

Command:
show ip protocols
Mode:
Router#
Syntax:
show ip protocols
Syntax Description:

Examples:
processes:

198.92.72.0
198.92.72.18 100 0:56:41
198.92.72.19 100 6d19
198.92.72.22 100 0:55:41
198.92.72.20 100 0:01:04
198.92.72.30 100 0:01:29

Neighbor(s):
192.108.211.17 1
192.108.213.89 1
198.6.255.13 1
198.92.72.18 1
198.92.72.19
198.92.84.17 1
192.108.209.0
192.108.211.0
198.6.254.0
198.92.72.19 20 0:05:28
Field Description

"igrp 109"

every 90 seconds

seconds

seconds
outgoing updates
hopcount
injecting routes
displayed:
IP address
processes:

160.89.0.0
160.89.81.28 90 0:02:36
160.89.80.28 90 0:03:04
160.89.80.31 90 0:03:04
Field Description
routes.
routes.
processes:

None
Serial0
processes:

Redistributing: rip
Ethernet0 2 2 trees
Fddi0 2 2
172.19.0.0
2.0.0.0
3.0.0.0
Misconceptions:
None
Related commands:
None

Command:
show ip route
Mode:
Router#
Syntax:
Syntax Description:

address
displayed.
name or number.
Example:
O 2.0.0.0/8 [110/128] via 1.1.1.2, 00:07:11, Serial0
O 3.1.1.1 [110/129] via 1.1.1.2, 00:07:11, Serial0
Misconceptions:
None
Related commands:
ip route
ip default-network

Command:
banner motd
Mode:
Router(config)#
Syntax:
banner motd d message d
no banner motd
Syntax Description:
d Delimiting character of your choice, a pound sign (#) for example. You cannot use
the delimiting character in the banner message.
message Message text
To specify a message-of-the-day (MOTD) banner, use the banner motd global configuration
command. The no form of this command deletes the MOTD banner.
Follow this command with one or more blank spaces and a delimiting character of your choice.
Then enter one or more lines of text, terminating the message with the second occurrence of the
delimiting character.
This MOTD banner is displayed to all terminals connected and is useful for sending messages that
affect all users (such as impending system shutdowns). Use the no exec-banner or no motd-
banner command to disable the MOTD banner on a line. The no exec-banner command also
disables the EXEC banner on the line.
When someone connects to the router, the MOTD banner appears before the login prompt. After
the user successfully logs in to the router, the EXEC banner or incoming banner will be displayed,
depending on the type of connection. For a reverse Telnet login, the incoming banner will be
displayed. For all other connections, the router will display the EXEC banner.
The banner command without any keywords specified defaults to the banner motd command.
When a new banner motd command is added to the configuration, it overwrites the existing
banner command if no keyword is specified. Similarly, if a banner command is added to the
configuration, any existing banner motd command is overwritten.
Example:
The following example sets a MOTD banner. The pound sign (#) is used as a delimiting character.
Router(config)#banner motd # Building power will be off from 7:00 AM until 9:00 AM this
Misconceptions:
None
Related Commands:
None

Command:
boot system
Mode:
Router(config)#
Syntax:
boot system file-url
no boot system file-url
boot system flash [flash-fs:][partition-number:][filename]
no boot system flash [flash-fs:][partition-number:][filename]
boot system mop filename [mac-address] [interface]
no boot system mop filename [mac-address] [interface]
boot system rom
no boot system rom
boot system {rcp | tftp | ftp} filename [ip-address]
no boot system {rcp | tftp | ftp} filename [ip-address]
no boot system
Syntax Description:
file-url URL of the system image to load at system startup.
flash On all platforms except the Cisco 1600 series, Cisco 3600 series, and
Cisco 7000 family, this keyword boots the router from internal Flash
memory. If you omit all arguments that follow this keyword, the system
searches internal Flash for the first bootable image.
On the Cisco 1600 series, Cisco 3600 series, and Cisco 7000 family, this
keyword boots the router from a Flash device, as specified by the device:
argument. On the Cisco 1600 series and Cisco 3600 series, if you omit all
optional arguments, the router searches internal Flash memory for the first
bootable image. On the Cisco 7000 family, when you omit all arguments
that follow this keyword, the system searches the PCMCIA slot 0 for the
first bootable image.
flash-fs: (Optional) Flash file system containing the system image to load at
startup. The colon (:) is required. Valid file systems are as follows:
flash:—Internal Flash memory on the Cisco 1600 series and

Cisco 3600 series. For the Cisco 1600 series and Cisco 3600 series,
this file system is the default if you do not specify a file system. This
is the only valid file system for the Cisco 1600 series.
bootflash—Internal Flash memory in the Cisco 7000 family.
slot0—First PCMCIA slot on the Cisco 3600 series and
Cisco 7000 family. For the Cisco 7000 family, this file system is the
default if you do not specify a file system.
slot1—Flash memory card in the second PCMCIA slot on the
Cisco 3600 series and Cisco 7000 family.
partition- (Optional) Number of the Flash memory partition that contains the system
number: image to boot, specified by the optional filename argument. If you do not
specify a filename, the router loads the first valid file in the specified
partition of Flash memory. This argument is only valid on routers which
can be partitioned.
filename (Optional when used with boot system flash) Name of the system image
to load at startup. It is case sensitive. If you do not specify a filename, the
router loads the first valid file in the specified Flash file system, the
specified partition of Flash memory, or the default Flash file system if you
also omit the flash-fs: argument.
mop Boots the router from a system image stored on a Digital MOP server. Do
not use this keyword with the Cisco 3600 series or Cisco 7000 family.
mac- (Optional) Media Access Control (MAC) address of the MOP server
address containing the specified system image file. If you do not include the MAC
address argument, the router sends a broadcast message to all MOP boot
servers. The first MOP server to indicate that it has the specified file is the
server from which the router gets the boot image.
interface (Optional) Interface the router uses to send out MOP requests to the MOP
server. The interface options are async, dialer, ethernet, serial, and tunnel.
If you do not specify the interface argument, the router sends a request out
on all interfaces that have MOP enabled. The interface that receives the
first response is the interface the router uses to load the software.
rom Boots the router from ROM. Do not use this keyword with the
Cisco 3600 series or the Cisco 7000 family.
rcp Boots the router from a system image stored on a network server using
rcp.
tftp Boots the router from a system image stored on a TFTP server.
ftp Boots the router from a system image stored on an FTP server.
ip-address (Optional) IP address of the server containing the system image file. If
omitted, this value defaults to the IP broadcast address of
255.255.255.255.
To specify the system image that the router loads at startup, use one of the following boot system
global configuration commands. Use a no form of this command to remove the startup system
image specification.
For this command to work, the config-register command must be set properly.
Enter several boot system commands to provide a fail-safe method for booting your router. The
router stores and executes the boot system commands in the order in which you enter them in the
configuration file. For example, if you enter two commands that instruct the router to boot from
different network servers, the router will execute them in the order in which they appear in the
configuration file. If a boot system command entry in the list specifies an invalid device, the router
skips that entry. Use the boot system rom command to specify use of the ROM system image as a
backup to other boot commands in the configuration.
For some platforms, the boot image must be loaded before the system image is loaded. However,
on many platforms, the boot image is loaded only if the router is booting from a network server or
if the flash file system is not specified. If the file system is specified, the router will boot faster
because it does not have to load the boot image first.
This section contains the following usage guideline sections:
Change the List of Boot System Commands

Boot Compressed Images
Understand the rcp Protocol
Stop Booting and Enter ROM Monitor Mode
Cisco1600 series, Cisco 3600 series, and Cisco 7000 family notes
Change the List of Boot System Commands
To remove a single entry from the bootable image list, use the no form of the command with an
argument. For example, to remove the entry that specifies a bootable image on a Flash memory
card inserted in the second slot, use the no boot system flash slot1:[filename] command. All other
entries in the list remain.
To eliminate all entries in the bootable image list, use the no boot system command. At this point,
you can redefine the list of bootable images using the previous boot system commands. Remember
to save your changes to your startup configuration by issuing the copy system:running-config
nvram:startup-config command.
Each time you write a new software image to Flash memory, you must delete the existing filename
in the configuration file with the no boot system flash filename command. Then add a new line in
the configuration file with the boot system flash filename command.
Note If you want to rearrange the order of the entries in the configuration file, you must first
issue the no boot system command and then redefine the list.
Boot Compressed Images
You can boot the router from a compressed image on a network server. When a network server
boots software, both the image being booted and the running image must fit into memory. Use
compressed images to ensure that enough memory is available to boot the router. You can
compress a software image on any UNIX platform using the compress command. Refer to your
UNIX platform's documentation for the exact usage of the compress command. (You can also
uncompress data with the UNIX uncompress command.)
Understand the rcp Protocol
The rcp protocol requires a client to send the remote username in an rcp request to a server. When
the router executes the boot system rcp command, the Cisco IOS software sends the host name as
both the remote and local usernames by default. For the rcp protocol to execute properly, an
account must be defined on the network server for the remote username configured on the router.
If the server has a directory structure, the rcp software searches for the system image to boot from
the remote server relative to the directory of the remote username.
By default, the router software sends host name as the remote username. You can override the
default remote username by using the ip rcmd remote-username command. For example, if the
system image resides in the home directory of a user on the server, you can specify that user's name
as the remote username.
Understand TFTP
You need a TFTP server running in order to fetch the router image from the host.
Understand FTP
You need to an FTP server running in order to fetch the router image from the host. You also need
an account on the server or anonymous file access to the server.
Stop Booting and Enter ROM Monitor Mode
During the first 60 seconds of startup, you can force the router to stop booting by pressing the
Break key. The router will enter ROM Monitor mode, where you can change the configuration
register value or boot the router manually.
Cisco 1600 series, Cisco 3600 series, and Cisco 7000 family notes
For the Cisco 3600 series and Cisco 7000 family, the boot system command modifies the BOOT
environment variable in the running configuration. The BOOT environment variable specifies a list
of bootable images on various devices.
Note When you use the boot system global configuration command on the Cisco 1600 series,
Cisco 3600 series, and Cisco 7000 family, you affect only the running configuration. You must
save the BOOT environment variable settings to your startup configuration to place the
information under ROM monitor control and to have the environment variable function as
expected. Use the copy system:running-config nvram:startup-config command to save the
environment variable from your running configuration to your startup configuration.
To view the contents of the BOOT environment variable, use the show bootenv command.
Example:
Router(config)#boot system ftp cz2600-120tomz.bin 10.0.0.2
Misconceptions:
None
Related Commands:
None

Command:
cd
Mode:
Router#
Syntax:
cd [filesystem: ]
Syntax Description:
(Optional) The URL or alias of the directory or file systems followed by a
filesystem:
colon
To change the default directory or file system, use the cd EXEC command. The initial default file
system is flash: . For platforms that do not have a physical device named flash: the keyword flash:
is aliased to the default Flash device. If you do not specify a directory on a file system, the default
is the root directory on that file system.
Example:
Router# cd flash:
Misconceptions:
None
Related Commands:
dir
Command:
config-register
Mode:
Router(config)#
Syntax:
config-register register-value
Syntax Description:
Hexadecimal number or value that represents the 16-bit configuration register
register-
value value that you want to use the next time the router is restarted. The value range
is from 0x0 to 0xFFFF (0 to 65535 in decimal)
This command is used to define the configuration register. The register is a hexadecimal value
from 0x0 to 0xFFFF. This command only applies to platforms which use a software configuration
register. The lowest four bits of the configuration register (bits 3, 2, 1, and 0) form the boot field.
The boot field determines if the router boots manually, from ROM, or from Flash, or from the
network. To change the boot field value and leave all other bits set to their default values, follow
these guidelines:
If you set the configuration register boot field value to 0x0, you must boot the operating system
manually with the boot command.
If you set the configuration register boot field value to 0x1, the router boots using the default ROM
software. If you set the configuration register boot field to any value from 0x2 to 0xF, the router
uses the boot field value to form a default boot filename for booting from a network server. For
more information about the configuration register bit settings and default filenames, see the
appropriate router hardware installation guide.
Example:
The following sets the config register value to 0x2102 at next boot:
Router(config)#config-register 0x2102
Misconceptions:
Unlike most commands, the changing of the config register does not occur until next boot.
Related Commands:
show version
configure

Command:
configure
Mode:
Router#
Syntax:
configure {terminal | memory | network | overwrite-network}
Syntax Description:
Enters global configuration mode to allow you to configure the system from the
terminal
terminal.
network Configure from a TFTP network host
overwrite-
Overwrite NVRAM from TFTP network host
network
memory Configures the system with the commands found in the default NVRAM
configuration file.
For the Class A Flash file system platforms, configures the system with the
configuration file specified by the CONFIG_FILE environment variable.
This command is used to switch from enable mode to one of the configuration modes.
Example:
The following will put the router into the configuration mode with the changes being done through
the terminal session.
Router(config)#
Misconceptions:
None
Related Commands:
exit

Command:
copy
Mode:
Router#
Syntax:
copy {flash | ftp | nvram | running-config|startup-config | system
| tftp} {flash | ftp | nvram | running-config | startup-config |
system | tftp}
Syntax Description:
Specify a source filesystem and destination filesystem.
To copy any file from a source to a destination, use the copy EXEC command. Use the /erase
option to erase the destination file system before copying.
Example:
Router(config)#copy tftp flash
Misconceptions:
None
Related Commands:
cd
dir
erase
delete

Command:
delete
Mode:
Router#
Syntax:
delete flash-url
undelete flash-url
Syntax Description:
flash-url URL of the file to be deleted.
To delete a file on a Flash memory device, use the delete EXEC command.
When you delete a file, the software simply marks the file as deleted, but it does not erase the file.
This feature allows you to later recover a "deleted" file using the undelete command. You can
delete and undelete a file up to 15 times. To permanently delete all files marked "deleted" on a
Flash memory device, use the squeeze command.
If you attempt to delete the configuration file or image specified by the CONFIG_FILE or
BOOTLDR environment variable, the system prompts you to confirm the deletion. Also, if you
attempt to delete the last valid system image specified in the BOOT environment variable, the
system prompts you to confirm the deletion.
Example:
The following example deletes the file named test from the Flash card inserted in slot 0:
Router#delete slot0:test
Delete slot0:test? [confirm]
Misconceptions:
None
Related Commands:
erase
copy
dir
cd

Command:
dir
Mode:
Router#
Syntax:
dir [/all] [filesystem: | file-url]
Syntax Description:
/all (Optional) Lists deleted files, undeleted files, and files with errors.
filesystem: (Optional) File system or directory containing the file(s) to list followed by a
colon.
file-url (Optional) Name of the file(s) to display on a specified device. The files can be
of any type. You can use wildcards in the filename. A wildcard character (*)
matches all patterns. Strings after a wildcard are ignored.
To display a list of files on a file system, use the dir EXEC command.
Use the show (Flash file system) command to display more detail about the files in a particular
file system.
Example:
The following is sample output from the dir command:
Router#dir slot0:
Directory of slot0:/
1 -rw- 4720148 Aug 29 1997 17:49:36 hampton/nitro/c7200-j-mz

2 -rw- 4767328 Oct 01 1997 18:42:53 c7200-js-mz
5 -rw- 639 Oct 02 1997 12:09:32 rally
7 -rw- 639 Oct 02 1997 12:37:13 the_time
20578304 bytes total (3104544 bytes free)
Router#dir /all slot0:

Directory of slot0:/
1 -rw- 4720148 Aug 29 1997 17:49:36 hampton/nitro/c7200-j-mz

2 -rw- 4767328 Oct 01 1997 18:42:53 c7200-js-mz
3 -rw- 7982828 Oct 01 1997 18:48:14 [rsp-jsv-mz]
4 -rw- 639 Oct 02 1997 12:09:17 [the_time]
5 -rw- 639 Oct 02 1997 12:09:32 rally
6 -rw- 639 Oct 02 1997 12:37:01 [the_time]
7 -rw- 639 Oct 02 1997 12:37:13 the_time
The following table describes the fields shown in these displays.
Table: dir Field Descriptions
Field Description
1 Index number of the file.
-rw- Permissions. The file can be any or all of the following:
d—directory
r—readable
w—writable
x—executable
4720148 Size of the file.
Aug 29 1997 17:49:36 Last modification date.
hampton/nitro/c7200-j- Filename. Deleted files are indicated by square brackets around

mz the filename.
Misconceptions:
None
Related Commands:
cd
delete
erase
copy
Command:
disable
Mode:
Router#
Router>
Syntax:
disable [privilege-level]
Syntax Description:
privilege- You can specify up to 16 privilege levels, using numbers 0 through 15. Level 1
To exit privileged EXEC mode and return to user EXEC mode, enter the disable EXEC command.
Use this command with the level option to reduce the user-privilege level. If a level is not
specified, it defaults to the user EXEC mode, which is level 1.
Example:
Router#disable
Misconceptions:
Related Commands:
enable
Command:
enable
Mode:
Router>
Syntax:
enable [privilege-level]
Syntax Description:
You can specify up to 16 privilege levels, using numbers 0 through 15. Level 1
privilege-
To enter privileged EXEC mode, use the enable EXEC command. Since many of the privileged
commands set operating parameters, privileged access should be password-protected to prevent
unauthorized use. If the system administrator has set a password with the enable password global
configuration command, a prompt to enter the password will appear before being allowed access to
privileged EXEC mode. If an enable password has not been set, enable mode can only be accessed
from the router console. If a level is not specified, it defaults to the privileged EXEC mode, which
is level 15.
Example:
The following command will enter the privilege exec mode from the user exec mode:
Router>enable
Router#
Misconceptions:
None
Related Commands:
exit
disable

Command:
enable password
Mode:
Router(config)#
Syntax:
enable password [level level] {password | [encryption-type]
encrypted-password}
no enable password [level level] {password | [encryption-type]

encrypted-password}
Syntax Description:
level (Optional) Level for which the password applies. You can specify up to 16
privilege levels, using numbers 0 through 15. Level 1 is normal EXEC-mode user
privileges. If this argument is not specified in the command or the no form of the
command, the privilege level defaults to 15 (traditional enable privileges).
password Password users type to enter enable mode.
(Optional) Cisco-proprietary algorithm used to encrypt the password. Currently the
encryption- only encryption type available is 7. If you specify encryption-type, the next
type argument you supply must be an encrypted password (a password already
encrypted by a Cisco router).
encrypted-
Encrypted password you enter, copied from another router configuration.
password
To set a local password to control access to various privilege levels, use the enable password
global configuration command. Use the no form of this command to remove the password
requirement. The encryption-type argument specifies a pre-encrypted password (using a proprietary
Cisco algorithm). Currently the only encryption type available is 7. If you specify encryption-type,
the next argument you supply must be an encrypted password (a password already encrypted by a
Cisco router).
Example:
Router(config)#enable password 7 $1$nnCO$Hp3iCaDMrTvJIRI9IGRsa0
Misconceptions:
None
Related Commands:
enable secret

Command:
enable secret
Mode:
Router(config)#
Syntax:
enable secret [level level] {password | [encryption-type]
encrypted-password}
no enable secret [level level]
Syntax Description:
level level (Optional) Level for which the password applies. You can specify up to sixteen
privilege levels, using numbers 0 through 15. Level 1 is normal EXEC-mode user
privileges. If this argument is not specified in the command or in the no form of
the command, the privilege level defaults to 15 (traditional enable privileges). The
same holds true for the no form of the command.
password Password for users to enter enable mode. This password should be different from
the password created with the enable password command.
encryption- (Optional) Cisco-proprietary algorithm used to encrypt the password. Currently the
type only encryption type available for this command is 5. If you specify encryption-
type, the next argument you supply must be an encrypted password (a password
encrypted by a Cisco router).
encrypted- Encrypted password you enter, copied from another router configuration.
password
To specify an additional layer of security over the enable password command, use the enable
secret global configuration command. Use the no form of this command to turn off the enable
secret function.
Use this command to provide an additional layer of security over the enable password. The enable
secret command provides better security by storing the enable secret password using a non-
reversible cryptographic function. The added layer of security encryption provides is useful in
environments where the password crosses the network or is stored on a TFTP server.
You will not ordinarily enter an encryption type. Typically you enter an encryption type only if you
paste into this command an encrypted password that you copied from a router configuration file.
Caution
If you specify an encryption-type and then enter a clear text password, you will not be able to
reenter enable mode. You cannot recover a lost password that has been encrypted by any method.
If you use the same password for the enable password and enable secret commands, you receive
an error message warning that this practice is not recommended, but the password will be accepted.
By using the same password, however, you undermine the additional security the enable secret
command provides.
Note After you set a password using enable secret command, a password set using the enable
password command works only if the enable secret is disabled or an older version of Cisco IOS
software is being used. Additionally, you cannot recover a lost password that has been encrypted
by any method.
If service password-encryption is set, the encrypted form of the

password you create here is displayed when a more nvram:startup-config
command is entered.
You can enable or disable password encryption with the service

password-encryption command.
An enable password is defined as follows:
Must contain from 1 to 25 uppercase and lowercase alphanumeric characters

Must not have a number as the first character
Can have leading spaces, but they are ignored. However, intermediate and trailing spaces are
recognized.
Can contain the question mark (?) character if you precede the question mark with the key
combination Crtl-V when you create the password; for example, to create the password abc?
123, do the following:
Enter abc.
Type Crtl-V.
Enter ?123.
When the system prompts you to enter the enable password, you need not precede the
question mark with the Ctrl-V; you can simply enter abc?123 at the password prompt.
Example:
The following example specifies the enable secret password of gobbledegook:
Router(config)#enable secret gobbledegook
After specifying an enable secret password, users must enter this password to gain access. Any
passwords set through enable password will no longer work.
Password: gobbledegook
The following example enables the encrypted password $1$FaD0$Xyti5Rkls3LoyxzS8, which has
been copied from a router configuration file, for privilege level 2 using encryption type 5:
Router(config)#enable password level 2 5 $1$FaD0$Xyti5Rkls3LoyxzS8
Misconceptions:
None
Related Commands:
enable password

Command:
erase
Mode:
Router#
Syntax:
erase {filesystem:| start-up config}
Syntax Description:
filesystem: File system name followed by a colon.
start-up config Erase contents of configuration memory
To erase a file system, use the erase EXEC command.The erase nvram: command replaces the
write erase command and the erase startup-config command.
When a file system is erased, none of the files in the file system can be recovered.
The erase command can be used on both Class B and Class C Flash file systems only. To reclaim
space on Flash file systems after deleting files using the delete command, you must use the erase
command. This command erases all of the files in the Flash file system.
Class A Flash file systems cannot be erased. You can delete individual files using the delete
command and then reclaim the space using the squeeze command. You can also use the format
command to format the Flash file system.
On Class C Flash file systems, space is dynamically reclaimed when you use the delete command.
You can also use either the format or erase command to reinitialize a Class C Flash file system.
The erase nvram: command erases NVRAM. On Class A file system platforms, if the
CONFIG_FILE variable specifies a file in Flash memory, the specified file will be marked
"deleted."
Example:
The following example erases the NVRAM, including the startup configuration located there:
erase nvram:
The following example erases all of partition 2 in internal Flash memory:

Router#erase flash:2
System flash directory, partition 2:

File Length Name/status
1 1711088 dirt/images/c3600-i-mz
[1711152 bytes used, 15066064 available, 16777216 total]
Erase flash device, partition 2? [confirm]

Are you sure? [yes/no]: yes
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased
The following example erases Flash memory when Flash is partitioned, but no partition is specified
in the command:
Router#erase flash:
System flash partition information:

Partition Size Used Free Bank-Size State Copy-Mode
1 4096K 2048K 2048K 2048K Read Only RXBOOT-FLH
2 4096K 2048K 2048K 2048K Read/Write Direct
[Type ?<no> for partition directory; ? for full directory; q to abort]

Which partition? [default = 2]
The system will prompt only if there are two or more read/write partitions. If the partition entered is
not valid or is the read-only partition, the process terminates. You can enter a partition number, a
question mark (?) for a directory display of all partitions, or a question mark and a number (?number)
for directory display of a particular partition. The default is the first read/write partition.
1 3459720 master/igs-bfpx.100-4.3
Erase flash device, partition 2? [confirm] <Return>
Misconceptions:
None
Related Commands:
delete
copy
dir
cd

Command:
exit
Mode:
Router>
Router#
Router(config)#
Router(config-if)#
...
Syntax:
exit
Syntax Description:
Use the exit command at the EXEC levels to exit the EXEC mode. Use the exit command at the
configuration level to return to privileged EXEC mode. Use the exit command in interface, line,
router, IPX-router, and route-map command modes to return to global configuration mode. Use the
exit command in subinterface configuration mode to return to interface configuration mode. You
also can press Ctrl-Z, or use the end command, from any configuration mode to return to
Example:
The following command will return the router session from the global config mode to the privilege
exec mode.
Router(config)#exit
Router#
Misconceptions:
Related Commands:
disable

Command:
reload
Mode:
Router#
Syntax:
reload [text | in [hh:]mm [text] | at hh:mm [month day | day
month] [text] | cancel]
Syntax Description:
text (Optional) Reason for the reload, 1 to 255 characters long.
in (Optional) Schedule a reload of the software to take effect in the specified

[hh:]mm minutes or hours and minutes. The reload must take place within approximately
24 days.
at (Optional) Schedule a reload of the software to take place at the specified time
hh:mm (using a 24-hour clock). If you specify the month and day, the reload is scheduled
to take place at the specified time and date. If you do not specify the month and
day, the reload takes place at the specified time on the current day (if the
specified time is later than the current time), or on the next day (if the specified
time is earlier than the current time). Specifying 00:00 schedules the reload for
midnight. The reload must take place within approximately 24 days.
month (Optional) Name of the month, any number of characters in a unique string.
day (Optional) Number of the day in the range 1 to 31.
cancel (Optional) Cancel a scheduled reload.
To reload the operating system, use the reload EXEC command.
The reload command halts the system. If the system is set to restart on error, it reboots itself. Use
the reload command after configuration information is entered into a file and saved to the startup
configuration.
You cannot reload from a virtual terminal if the system is not set up for automatic booting. This
prevents the system from dropping to the ROM monitor and thereby taking the system out of the
remote user's control.
If you modify your configuration file, the system prompts you to save the configuration. During a
save operation, the system asks you if you want to proceed with the save if the CONFIG_FILE
environment variable points to a startup configuration file that no longer exists. If you say "yes" in
this situation, the system goes to setup mode upon reload.
When you schedule a reload to occur at a later time, it must take place within approximately 24
days.
The at keyword can only be used if the system clock has be set on the router (either through NTP,
the hardware calendar, or manually). The time is relative to the configured time zone on the router.
To schedule reloads across several routers to occur simultaneously, the time on each router must be
synchronized with NTP.
To display information about a scheduled reload, use the show reload command.
Example:
The following example immediately reloads the software on the router:
Router#reload
The following example reloads the software on the router in 10 minutes:

Router#reload in 10
Router# Reload scheduled for 11:57:08 PDT Fri Apr 21 1996 (in 10 minutes)
Proceed with reload? [confirm]
Router#
The following example reloads the software on the router at 1:00 p.m. today:
Router#reload at 13:00
Router# Reload scheduled for 13:00:00 PDT Fri Apr 21 1996 (in 1 hour and 2 minutes)
Router#
The following example reloads the software on the router on April 20 at 2:00 a.m.:
Router#reload at 02:00 apr 20
Router# Reload scheduled for 02:00:00 PDT Sat Apr 20 1996 (in 38 hours and 9 minutes)
Router#
The following example cancels a pending reload:

Router#reload cancel
%Reload cancelled.
Misconceptions:
None
Related Commands:
None

Command:
send
Mode:
Router#
Syntax:
send {line-number | * | aux number | console number | tty number
| vty number}
Syntax Description:
line-number Line number to which the message will be sent
* Sends a message to all TTY lines
aux line-number Sends a message to the AUX port
console line-number Sends a message to the console port
tty line-number Sends a message to an asynchronous line
vty line-number Sends a message to a VTY
To send messages to one or all terminal lines, use the send EXEC command.
Example:
Router#send *
Enter message, end with CTRL/Z; abort with CTRL/C:
Router going offline in 10 minutes.^Z
Send message? [confirm]
Router#
Misconceptions:
None
Related Commands:
None

Command:
setup
Mode:
Router#
Syntax:
setup
Syntax Description:
To enter the setup command facility, use the setup privileged EXEC command. You can use the
setup command facility to create a basic configuration to get a router up and running, but for
advanced features and fine tuning of router processes, use the command line. You might want to
use setup to add a protocol suite, to make major addressing scheme changes, or to configure a
newly installed interface. While you can use the command parser to make these major changes, the
setup command facility provides you with a high-level view of the configuration and guides you
through the configuration change process.
Additionally, if you are not familiar with Cisco products and the command parser, the setup
command facility is a particularly valuable tool because it asks you the questions required to make
configuration changes.
Note If you use setup to modify a configuration because you have added or modified the hardware,
be sure to verify the physical connections using the show version command. Also, verify the
logical port assignments using the show running-config command to ensure that you configure the
correct port. Refer to your platform's hardware publications for details on physical and logical port
assignments.
Whenever you use the setup command facility, be sure that you have the following information:
Interfaces the router has

Protocols the router is routing
Whether the router is to perform bridging
Network addresses for the protocols being configured
Password strategy for your environment
When you enter the setup command facility after first-time startup, an interactive dialog called the
System Configuration Dialog appears on the system console screen. The System Configuration
Dialog guides you through the configuration process. It prompts you first for global parameters and
then for interface parameters. The values shown in brackets next to each prompt are the default
values last set using either the setup command facility or the configure command.
Note The prompts and the order in which they appear on the screen vary depending on the platform
and the interfaces installed in the device.
You must run through the entire System Configuration Dialog until you come to the item that you
intend to change. To accept default settings for items that you do not want to change, press the
Enter key.
To return to the privileged EXEC prompt without making changes and without running through the
entire System Configuration Dialog, press Ctrl-C.
The facility also provides help text for each prompt. To access help text, press the question mark (?
) key at a prompt.
When you complete your changes, the setup command facility shows you the configuration
command script that was created during the setup session. The router displays the following
options:
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit. Enter your selection [2]:
The Cisco IOS software automatically puts you in the streamlined setup command facility when
your router is accidentally or intentionally rebooted (or you are attempting to load a system image
from a network server) after any of the following circumstances:
You issued an erase startup-config or erase nvram command, thereby deleting the startup
configuration file.
You have bit 6 (ignore NVRAM configuration) set in the configuration register.
Your startup configuration has been corrupted.
You configured the router to boot from a network server (the last four bits of the
configuration register are not equal to 0 or 1) and there is no Flash or no valid image in Flash.
You configured the router to boot the RXBOOT image.
The streamlined setup command facility permits your router to load a system image from a
network server when there are problems with the startup configuration.
The streamlined setup command facility differs from the standard setup command facility because
the streamlined facility does not ask you to configure global router parameters. You are prompted
only to configure interface parameters, which permit your router to boot.
The streamlined setup command facility is available only if your router is running from ROM
monitor and has RXBOOT ROMs installed. The following routers can have this type of ROM
installed:
Cisco 2500 running the IGS-RXBOOT image

Cisco 3000 running the IGS-RXBOOT image
Cisco 4000 running the XX-RXBOOT image
Other routers running the RXBOOT image
Examples:
The following example shows how to use the setup command facility to configure interface serial
0/0 and to add ARAP and IP/IPX PPP support on the asynchronous interfaces.
Router#setup
--- System Configuration Dialog ---
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Continue with configuration dialog? [yes]:
First, would you like to see the current interface summary? [yes]:
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 172.16.72.2 YES manual up up
Serial0 unassigned YES not set administratively down down
Serial1 172.16.72.2 YES not set up up
Configuring global parameters:
Enter host name [Router]:
The enable secret is a one-way cryptographic secret used
instead of the enable password when it exists.
Enter enable secret [<Use current secret>]:
The enable password is used when there is no enable secret
and when using older software and some boot images.
Enter enable password [ww]:
Enter virtual terminal password [ww]:
Configure SNMP Network Management? [yes]:
Community string [public]:
Configure DECnet? [no]:
Configure AppleTalk? [yes]:
Multizone networks? [no]: yes
Configure IPX? [yes]:
Configure IP? [yes]:
Configure IGRP routing? [yes]:
Your IGRP autonomous system number [15]:
Configure Async lines? [yes]:
Async line speed [9600]: 57600
Configure for HW flow control? [yes]:
Configure for modems? [yes/no]: yes
Configure for default chat script? [yes]: no
Configure for Dial-in IP SLIP/PPP access? [no]: yes
Configure for Dynamic IP addresses? [yes]: no
Configure Default IP addresses? [no]: yes
Configure for TCP Header Compression? [yes]: no
Configure for routing updates on async links? [no]:
Configure for Async IPX? [yes]:
Configure for Appletalk Remote Access? [yes]:
AppleTalk Network for ARAP clients [1]: 20
Zone name for ARAP clients [ARA Dialins]:
Configuring interface parameters:
Configuring interface FastEthernet0/0:
Is this interface in use? [yes]:
Configure IP on this interface? [yes]:
IP address for this interface [172.16.72.2]:
Number of bits in subnet field [8]:
Class B network is 172.16.0.0, 8 subnet bits; mask is /24
Configure AppleTalk on this interface? [yes]:
Extended AppleTalk network? [yes]:
AppleTalk starting cable range [1]:
AppleTalk ending cable range [1]:
AppleTalk zone name [Sales]:
AppleTalk additional zone name:
Configure IPX on this interface? [yes]:
IPX network number [1]:
Configuring interface Serial0:
Is this interface in use? [no]: yes
Configure IP on this interface? [no]: yes
Configure IP unnumbered on this interface? [no]: yes
Assign to which interface [FastEthernet0/0]:
Configure AppleTalk on this interface? [no]: yes
AppleTalk starting cable range [2]: 3
AppleTalk ending cable range [3]: 3
AppleTalk zone name [myzone]: ZZ Serial
Configure IPX on this interface? [no]: yes
IPX network number [2]: 3
Configure IP unnumbered on this interface? [yes]:
Assign to which interface [FastEthernet0/0]:
Configure AppleTalk on this interface? [yes]:
AppleTalk starting cable range [2]:
AppleTalk ending cable range [2]:
AppleTalk zone name [ZZ Serial]:
Configure IPX on this interface? [yes]:
Configuring interface Async1:
Default client IP address for this interface [none]: 172.16.72.4
Default client IP address for this interface [172.16.72.5]:
IPX network number [A]:
IPX network number [B]:
IPX network number [C]:
IPX network number [D]:
IPX network number [E]:
IPX network number [F]:
The following configuration command script was created:
hostname Router
enable secret 5 $1$krIg$emfYm/1OwHVspDuS8Gy0K1
enable password ww
line vty 0 4
password ww
snmp-server community public
!
no decnet routing
appletalk routing
ipx routing
ip routing
!
line 1 16
speed 57600
flowcontrol hardware
modem inout
!
arap network 20 ARA Dialins
line 1 16
arap enable
autoselect
!
! Turn off IPX to prevent network conflicts.
interface FastEthernet0/0
no ipx network
interface Serial0
no ipx network
interface Serial1
no ipx network
!
interface FastEthernet0/0
ip address 172.16.72.2 255.255.255.0
appletalk cable-range 1-1 1.204
appletalk zone Sales
ipx network 1
no mop enabled
!
interface Serial0
no shutdown
no ip address
ip unnumbered FastEthernet0/0
appletalk cable-range 3-3
appletalk zone ZZ Serial
ipx network 3
no mop enabled
!
interface Serial1
no ip address
appletalk cable-range 2-2 2.2
appletalk zone ZZ Serial
ipx network 2
no mop enabled
!
Interface Async1
ipx network 4
peer default ip address 172.16.72.4
async mode interactive
!
Interface Async2
ipx network 5
!
Interface Async3
ipx network 6
ip unnumbered Ethernet0/0
!
Interface Async4
ipx network 7
ip unnumbered Ethernet0/0
async dynamic address
!
Interface Async5
ipx network 8
!
Interface Async6
ipx network 9
!
Interface Async7
ipx network A
!
Interface Async8
ipx network B
!
Interface Async9
ipx network C
!
Interface Async10
ipx network D
!
Interface Async11
ipx network E
!
Interface Async12
ipx network F
!
Interface Async13
ipx network 10
!
Interface Async14
ipx network 11
!
Interface Async15
ipx network 12
!
Interface Async16
ipx network 13
!
router igrp 15
network 172.16.0.0
!
end
Use this configuration? [yes/no]: yes
Building configuration...
Use the enabled mode 'configure' command to modify this configuration.
Router#
The following example shows a router entering the streamlined setup command facility:
---
System Configuration Dialog ---
Default settings are in square brackets
'[]'.
Configuring interface IP parameters for netbooting:
Note The message "Configuring interface IP parameters for netbooting" only appears if you are
booting over a network server and your configuration has insufficient IP information.
The streamlined setup command facility continues by prompting you for interface parameters for
each installed interface. The facility asks if an interface is in use. If so, the facility then prompts you
to provide an IP address and subnet mask bits for the interface. Enter the subnet mask bits as a
decimal value, such as 5. Continuing with the streamlined setup command facility example, the
following output shows the portion of the facility that prompts for interface parameters. In the
example, the facility is prompting for FastEthernet 0/0 interface parameters and Serial 0 interface
parameters:
Configuring interface FastEthernet0/0:
IP address for this interface: 192.195.78.50
Number of bits in subnet field [0]: 5
Class C network is 192.195.78.0, 5 subnet bits; mask is 255.255.255.248
IP address for this interface: 192.195.78.34
Number of bits in subnet field [5]:
Class C network is 192.195.78.0, 5 subnet bits; mask is 255.255.255.248
The configuration information you provide on this screen is temporary and exists only so that you
can proceed with booting your system. When you reload the system, your original configuration is
left intact. If your startup configuration is corrupted, enter the setup command facility, and
configure the basic parameters. Then issue the copy running-config startup-config or copy
system:running-config nvram:startup-config command to write this configuration to NVRAM.
Misconceptions:
None
Related Commands:
show version
configure

Command:
show flash
Mode:
Router>
Router#
Syntax:
Class A Flash file systems
show flash-filesystem: [all | chips | filesys]
Class B Flash file systems
show flash-filesystem: [partition number] [all | chips | detailed

| err | summary]
Class C Flash file systems
show flash-filesystem:
Syntax Description:
flash- Flash memory file system (bootflash:, flash:, slot0:, slot1:,slavebootflash:,

filesystem slaveslot0:, or slaveslot1:)
all (Optional) On Class B Flash file systems, all shows complete information
about Flash memory, including information about the individual ROM devices
in Flash memory and the names and sizes of all system image files stored in
Flash memory, including those that are invalid.
On Class A Flash file systems, all shows the following information:
The information displayed when no keywords are used.

The information displayed by the filesys keyword.
The information displayed by the chips keyword.
chips (Optional) Shows information per partition and per chip, including which bank
the chip is in plus its code, size, and name
filesys (Optional) Shows the Device Info Block, the Status Info, and the Usage Info
detailed (Optional) Shows detailed file directory information per partition, including
file length, address, name, Flash memory checksum, computer checksum,
bytes used, bytes available, total bytes, and bytes of system Flash memory
err (Optional) Shows write or erase failures in the form of number of retries
partition (Optional) Shows output for the specified partition number

number
If you do not specify a partition in the command, the router displays output for
all partitions. You can use this keyword only when Flash memory has multiple
partitions.
summary (Optional) Shows summary information per partition, including the partition
size, bank size, state, and method by which files can be copied into a particular
partition
You can use this keyword only when Flash memory has multiple partitions.
To display the layout and contents of a Flash memory file system, use the show EXEC command.
If Flash memory is partitioned, the command displays the requested output for each partition,
unless you use the partition keyword.
The command also specifies the location of the current image.
To display the contents of boot Flash memory, use the show bootflash: command as follows:
show bootflash [all | chips | filesys]
show bootflash [partition number] [all| chips | detailed | err]
To display the contents of internal Flash memory, use the show flash command as follows:

show flash [all | chips | filesys]
show flash [partition number][all | chips | detailed | err | summary]
The show (Flash file system) command replaces the show flash devices command.
Examples:
The output of the show command depends on the type of Flash file system you select. Types include flash:
bootflash:, slot0:, slot1:, slavebootflash:, slaveslot0:, and slaveslot1:.
This section contains examples of output from show flash:.
Class A Flash File System

Class B Flash File Systems
Although the examples below use flash: as the Flash file system, you may also use the other Flash file syste
listed above.
The following three examples show sample output for Class A Flash file systems. The following table descr
the fields shown in the output.
Table: show (Class A Flash File System) Field Descriptions
Field Description
# File's index number
ED Whether the file contains an error (E) or is deleted (D)
type File's type (1 = configuration file, 2 = image file). The software displays these values only w
the file's type is certain. When the file's type is unknown, the system displays unknown in th
field.
crc File's cyclic redundant check
seek Offset into the file system of the next file
nlen Length of the file's name

length Length of the file itself
date/time Date and time the file was created
name File's name
The following is sample output from the show flash: command.

RouterA#show flash:
-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name

1 .. unknown 317FBA1B 4A0694 24 4720148 Aug 29 1997 17:49:36 hampton/nitro/c7200-
2 .. unknown 9237F3FF 92C574 11 4767328 Oct 01 1997 18:42:53 c7200-js-mz
3 .D unknown 71AB01F1 10C94E0 10 7982828 Oct 01 1997 18:48:14 rsp-jsv-mz
4 .D unknown 96DACD45 10C97E0 8 639 Oct 02 1997 12:09:17 the_time
5 .. unknown 96DACD45 10C9AE0 3 639 Oct 02 1997 12:09:32 the_time
6 .D unknown 96DACD45 10C9DE0 8 639 Oct 02 1997 12:37:01 the_time
7 .. unknown 96DACD45 10CA0E0 8 639 Oct 02 1997 12:37:13 the_time
3104544 bytes available (17473760 bytes used)
The following is a sample of output from the show flash: chips command:
RouterA#show flash: chips
******** Intel Series 2+ Status/Register Dump ********
ATTRIBUTE MEMORY REGISTERS:

Config Option Reg (4000): 2
Config Status Reg (4002): 0
Card Status Reg (4100): 1
Write Protect Reg (4104): 4
Voltage Cntrl Reg (410C): 0
Rdy/Busy Mode Reg (4140): 2
COMMON MEMORY REGISTERS: Bank 0

Intelligent ID Code : 8989A0A0
Compatible Status Reg: 8080
Global Status Reg: B0B0
Block Status Regs:
0 : B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0 B0B0

Block Status Regs:
Block Status Regs:

Block Status Regs:

Block Status Regs:
The following is a sample of output from the show flash: filesys command:
RouterA#show flash: filesys
-------- F I L E S Y S T E M S T A T U S --------
Device Number = 0
DEVICE INFO BLOCK:
Magic Number = 6887635 File System Vers = 10000 (1.0)
Length = 1400000 Sector Size = 20000
Programming Algorithm = 4 Erased State = FFFFFFFF
File System Offset = 20000 Length = 13A0000
MONLIB Offset = 100 Length = C730
Bad Sector Map Offset = 1FFEC Length = 14
Squeeze Log Offset = 13C0000 Length = 20000
Squeeze Buffer Offset = 13E0000 Length = 20000
Num Spare Sectors = 0
Spares:
STATUS INFO:
Writable
NO File Open for Write
Complete Stats
No Unrecovered Errors
No Squeeze in progress
USAGE INFO:
Bytes Used = 10AA0E0 Bytes Available = 2F5F20
Bad Sectors = 0 Spared Sectors = 0
OK Files = 4 Bytes = 90C974
Deleted Files = 3 Bytes = 79D3EC
Files w/Errors = 0 Bytes = 0
The table below describes fields in the sample output for Class B Flash file systems
Table: show (Class BFlash File System) all Fields
Field Description
addr Address of the file in Flash memory
available Total number of bytes available in Flash memory
Bank Bank number
Bank-Size Size of bank in bytes
bytes used Total number of bytes used in Flash memory
ccksum Computed checksum
Chip Chip number
Code Code number
Copy-Mode Method by which the partition can be copied to:
RXBOOT-MANUAL indicates a user can copy manually by reloading to the boot

ROM image.
RXBOOT-FLH indicates user can copy via Flash load helper.
Direct indicates user can copy directly into Flash memory.
None indicates that it is not possible to copy into that partition.
fcksum Checksum recorded in Flash memory
File Number of the system image file. If no filename is specified in the boot system flash
command, the router boots the system image file with the lowest file number.
Free Number of bytes free in partition

Length Size of the system image file (in bytes)
Name Name of chip manufacturer and chip type
Name/status Filename and status of a system image file. The status [invalidated] appears when a file
been rewritten (recopied) into Flash memory. The first (now invalidated) copy of the fil
still present within Flash memory, but it is rendered unusable in favor of the newest
version. The [invalidated] status can also indicate an incomplete file that results from th
user abnormally terminating the copy process, a network timeout, or a Flash memory
overflow.
Partition Partition number in Flash memory
Size Size of partition in bytes or size of chip
State State of the partition. It can be one of the following values:
Read-Only indicates the partition that is being executed from.

Read/Write is a partition that can be copied to.
System flash Flash directory and its contents

directory
total Total size of Flash memory, in bytes
Used Number of bytes used in partition
The following is a sample of output from the show flash: command:

RouterB> show flash:
System flash directory:

1 4137888 c3640-c2is-mz.Feb24
16384K bytes of processor board System flash (Read/Write)\
The following example shows detailed information about the second partition in internal Flash memory:
RouterB#show flash: partition 2

16384K bytes of processor board System flash (Read/Write)
The following is a sample of output from the show flash: all command:
RouterB> show flash: all
Partition Size Used Free Bank-Size State Copy Mode


addr fcksum ccksum
1 4137888 c3640-c2is-mz.Feb24
0x40 0xED65 0xED65
Chip Bank Code Size Name

1 1 01D5 1024KB AMD 29F080
2 1 01D5 1024KB AMD 29F080
3 1 01D5 1024KB AMD 29F080
4 1 01D5 1024KB AMD 29F080
1 2 01D5 1024KB AMD 29F080
2 2 01D5 1024KB AMD 29F080
3 2 01D5 1024KB AMD 29F080
4 2 01D5 1024KB AMD 29F080
1 3 01D5 1024KB AMD 29F080
2 3 01D5 1024KB AMD 29F080
3 3 01D5 1024KB AMD 29F080
4 3 01D5 1024KB AMD 29F080
1 4 01D5 1024KB AMD 29F080
2 4 01D5 1024KB AMD 29F080
3 4 01D5 1024KB AMD 29F080
4 4 01D5 1024KB AMD 29F080
The following is a sample of output from the show flash: all command on a router with Flash memory
partitioned:
Router#show flash: all


addr fcksum ccksum
1 3459720 master/igs-bfpx.100-4.3
0x40 0x3DE1 0x3DE1
4096K bytes of processor board System flash (Read ONLY)
1 1 89A2 1024KB INTEL 28F008SA
2 1 89A2 1024KB INTEL 28F008SA
3 1 89A2 1024KB INTEL 28F008SA
4 1 89A2 1024KB INTEL 28F008SA
Executing current image from System flash [partition 1]
System flash directory, partition2:

addr fcksum ccksum
1 3224008 igs-kf.100
0x40 0xEE91 0xEE91

1 2 89A2 1024KB INTEL 28F008SA
2 2 89A2 1024KB INTEL 28F008SA
3 2 89A2 1024KB INTEL 28F008SA
4 2 89A2 1024KB INTEL 28F008SA
RouterB>show flash: chips

1 1 01D5 1024KB AMD 29F080
2 1 01D5 1024KB AMD 29F080
3 1 01D5 1024KB AMD 29F080
4 1 01D5 1024KB AMD 29F080
1 2 01D5 1024KB AMD 29F080
2 2 01D5 1024KB AMD 29F080
3 2 01D5 1024KB AMD 29F080
4 2 01D5 1024KB AMD 29F080
1 3 01D5 1024KB AMD 29F080
2 3 01D5 1024KB AMD 29F080
3 3 01D5 1024KB AMD 29F080
4 3 01D5 1024KB AMD 29F080
1 4 01D5 1024KB AMD 29F080
2 4 01D5 1024KB AMD 29F080
3 4 01D5 1024KB AMD 29F080
4 4 01D5 1024KB AMD 29F080
The following is a sample of output from the show flash: detailed command:
RouterB>show flash: detailed

addr fcksum ccksum
1 4137888 c3640-c2is-mz.Feb24
0x40 0xED65 0xED65
The following is a sample of output from the show flash: err command:
RouterB>show flash: err

1 4137888 c3640-c2is-mz.Feb24
Chip Bank Code Size Name erase write

1 1 01D5 1024KB AMD 29F080 0 0
2 1 01D5 1024KB AMD 29F080 0 0
3 1 01D5 1024KB AMD 29F080 0 0
4 1 01D5 1024KB AMD 29F080 0 0
1 2 01D5 1024KB AMD 29F080 0 0
2 2 01D5 1024KB AMD 29F080 0 0
3 2 01D5 1024KB AMD 29F080 0 0
4 2 01D5 1024KB AMD 29F080 0 0
1 3 01D5 1024KB AMD 29F080 0 0
2 3 01D5 1024KB AMD 29F080 0 0
3 3 01D5 1024KB AMD 29F080 0 0
4 3 01D5 1024KB AMD 29F080 0 0
1 4 01D5 1024KB AMD 29F080 0 0
2 4 01D5 1024KB AMD 29F080 0 0
3 4 01D5 1024KB AMD 29F080 0 0
4 4 01D5 1024KB AMD 29F080 0 0
Refer to tables above for a description of the fields. The show flash: err command also displays
two extra fields, erase and write. The erase field indications the number of erase errors. The write
field indicates the number of write errors.
The following is a sample of output from the show flash summary command on a router with
Flash memory partitioned. The partition in the Read Only state is the partition from which the
Cisco IOS image is being executed.
Router#show flash summary

Misconceptions:
None
Related Commands:
None
Command:
show hosts
Mode:
Router#
Syntax:
show hosts
Syntax Description:
Example:
Router#show hosts

abc (perm, OK) 0 IP 12.12.12.12
Router#
Misconceptions:
None
Related commands:
ip host

Command:
show interfaces
Mode:
Router>
Router#
Syntax:
Syntax Description:
Example:
Misconceptions:
None
Related commands:
None

Command:
show memory
Mode:
Router>
Router#
Syntax:
show memory [memory-type] [free] [summary]
Syntax Description:
memory- (Optional) Memory type to display (processor, multibus, io,sram). If type is

type not specified, statistics for all memory types present are displayed.
free (Optional) Displays free memory statistics.
summary (Optional) Displays a summary of memory usage including the size and
number of blocks allocated for each address of the system call that allocated
the block.
Use the show memory EXEC command to show statistics about memory, including memory-free
pool statistics.
The show memory command displays information about memory available after the system image
decompresses and loads.
Examples:
The following is a sample of output from the show memory command:
Router#show memory
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)

Processor B0EE38 5181896 2210036 2971860 2692456 2845368
Processor memory
Address Bytes Prev. Next Ref PrevF NextF Alloc PC What
B0EE38 1056 0 B0F280 1 18F132 List Elements
B0F280 2656 B0EE38 B0FD08 1 18F132 List Headers
B0FD08 2520 B0F280 B10708 1 141384 TTY data
B10708 2000 B0FD08 B10F00 1 14353C TTY Input Buf
B10F00 512 B10708 B11128 1 14356C TTY Output Buf
B11128 2000 B10F00 B11920 1 1A110E Interrupt Stack
B11920 44 B11128 B11974 1 970DE8 *Init*
B11974 1056 B11920 B11DBC 1 18F132 messages
B11DBC 84 B11974 B11E38 1 19ABCE Watched Boolean
B11E38 84 B11DBC B11EB4 1 19ABCE Watched Boolean
B11EB4 84 B11E38 B11F30 1 19ABCE Watched Boolean
B11F30 84 B11EB4 B11FAC 1 19ABCE Watched Boolean
Router#
The following is a sample of output from the show memory free command:
Router#show memory free

Processor B0EE38 5181896 2210076 2971820 2692456 2845368
Processor memory
24 Free list 1
CEB844 32 CEB7A4 CEB88C 0 0 0 96B894 SSE Manager
52 Free list 2
72 Free list 3
76 Free list 4
80 Free list 5
D35ED4 80 D35E30 D35F4C 0 0 D27AE8 96B894 SSE Manager
D27AE8 80 D27A48 D27B60 0 D35ED4 0 22585E SSE Manager
88 Free list 6
100 Free list 7
D0A8F4 100 D0A8B0 D0A980 0 0 0 2258DA SSE Manager
104 Free list 8
B59EF0 108 B59E8C B59F84 0 0 0 2258DA (fragment)
The display of show memory free contains the same types of information as the show memory
display, except that only free memory is displayed, and the information is displayed in order for
each free list.
The first section of the display includes summary statistics about the activities of the system
memory allocator. The table below describes significant fields shown in the first section of the
display.
Table: show memory Field Descriptions—First Section

Field Description
Head Hexadecimal address of the head of the memory allocation chain
Total(b) Sum of used bytes plus free bytes
Used(b) Amount of memory in use
Free(b) Amount of memory not in use
Lowest(b) Smallest amount of free memory since last boot
Largest(b) Size of largest available free block
The second section of the display is a block-by-block listing of memory use.

Table below describes significant fields shown in the second section of the display.
Table: Characteristicsof Each Block of Memory—Second Section
Field Description
Address Hexadecimal block of addresses
Bytes Size of block in bytes
Prev. Address of previous block (should match Address on previous line)
Next Address of next block (should match address on next line)
Ref Reference count for that memory block, indicating how many different processes
are using that block of memory
PrevF Address of previous free block (if free)
NextF Address of next free block (if free)
Alloc Address of the system call that allocated the block

PC
What Name of process that owns the block, or "(fragment)" if the block
is a fragment, or "(coalesced)" if the block was coalesced from
adjacent free blocks
The show memory io command displays the free I/O memory blocks. On the Cisco 4000, this
command quickly shows how much unused I/O memory is available.
The following is a sample of output from the show memory io command:

Router#show memory io

6132DA0 59264 6132664 6141520 0 0 600DDEC 3FCF0 *Packet Buffer*
600DDEC 500 600DA4C 600DFE0 0 6132DA0 600FE68 0
600FE68 376 600FAC8 600FFE0 0 600DDEC 6011D54 0
6011D54 652 60119B4 6011FEO 0 600FE68 6013D54 0
614FCA0 832 614F564 614FFE0 0 601FD54 6177640 0
6177640 2657056 6172E90 0 0 614FCA0 0 0
Total: 2723244
The show memory sram command displays the free SRAM memory blocks. For the Cisco 4000,
this command supports the high-speed static RAM memory pool to make it easier to debug or
diagnose problems with allocation or freeing of such memory.
The following is a sample of output from the show memory sram command:
Router#show memory sram

7AE0 38178 72F0 0 0 0 0 0
Total 38178
The show memory command on the Cisco 4000 includes information about SRAM memory and
I/O memory, and appears as follows:
Router#show memory

Processor 49C724 28719324 1510864 27208460 26511644 15513908
I/O 6000000 4194304 1297088 2897216 2869248 2896812
SRAM 1000 65536 63400 2136 2136 2136

1000 2032 0 17F0 1 3E73E *Init*
17F0 2032 1000 1FE0 1 3E73E *Init*
1FE0 544 17F0 2200 1 3276A *Init*
2200 52 1FE0 2234 1 31D68 *Init*
2234 52 2200 2268 1 31DAA *Init*
2268 52 2234 229C 1 31DF2 *Init*
72F0 2032 6E5C 7AE0 1 3E73E Init
7AE0 38178 72F0 0 0 0 0 0
The show memory summary command displays a summary of all memory pools as well as
memory usage per Alloc PC (address of the system call that allocated the block).
The following is a partial sample output from the show memory summary command. This
command shows the size, blocks, and bytes allocated. Bytes equal the size multiplied by the
blocks. For a description of the other fields, see Table 20 and Table 21.
Router#show memory summary

Processor B0EE38 5181896 2210216 2971680 2692456 2845368
Processor memory
Alloc PC Size Blocks Bytes What
0x2AB2 192 1 192 IDB: Serial Info
0x70EC 92 2 184 Init
0xC916 128 50 6400 RIF Cache
0x76ADE 4500 1 4500 XDI data
0x76E84 4464 1 4464 XDI data
0x76EAC 692 1 692 XDI data
0x77764 408 1 408 Init
0x77776 116 1 116 Init
0x777A2 408 1 408 Init
0x777B2 116 1 116 Init
0xA4600 24 3 72 List
0xD9B5C 52 1 52 SSE Manager
.......................
0x0 0 3413 2072576 Pool Summary
0x0 0 28 2971680 Pool Summary (Free Blocks)
0x0 40 3441 137640 Pool Summary(All Block Headers)
0x0 0 3413 2072576 Memory Summary
0x0 0 28 2971680 Memory Summary (Free Blocks)
Misconceptions:
None
Related commands:
show processes

Command:
show protocols
Mode:
Router>
Router#
Syntax:
show protocols
Syntax Description:
Use the show protocols EXEC command to display the configured protocols.
This command shows the global and interface-specific status of any configured Level 3 protocol;
for example, IP, DECnet, IPX, AppleTalk, and so forth.
Example:
The following is sample output from the show protocols command:
Router#show protocols
Global values:
Internet Protocol routing is enabled
DECNET routing is enabled
XNS routing is enabled
Appletalk routing is enabled
X.25 routing is enabled
Ethernet 0 is up, line protocol is up
Decnet cost is 5
XNS address is 2001.AA00.0400.06CC
AppleTalk address is 4.129, zone Twilight
Serial 0 is up, line protocol is up
Decnet cost is 5
Serial 1 is down, line protocol is down
AppleTalk address is 999.1, zone Magnolia Estates
Misconceptions:
This command displays information about routed protocols not routing protocols. For information
about routing protocols, use the show ip protocols command.
Related commands:
show ip protocols

Command:
show running-config
Mode:
Router#
Syntax:
show running-config
Syntax Description:
Example:
!
version 12.1
!
hostname Router
!
boot system flash
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
--More--
Misconceptions:
config.
Related commands:
show startup-config

Command:
show startup-config
Mode:
Router#
Syntax:
show startup-config
Syntax Description:
Example:
!
version 12.1
!
hostname Router
!
!
!
!
!
!
ip subnet-zero
!
!
!
!
no ip address
shutdown
--More--
Misconceptions:
Related commands:
show running-config
copy

Command:
show status
Mode:
Router#
Syntax:
show status
Syntax Description:
This command is used to display the status of the BRI channels.
Example:
Router#show status
Misconceptions:
None
Related commands:
show isdn active
show isdn status

Command:
show version
Mode:
Router>
Router#
Syntax:
show version
Syntax Description:
To display the configuration of the system hardware, the software version, the names and sources
of configuration files and the boot images, use the show version EXEC command.
Example:
Router>show version
Cisco Internetwork Operating System Software
IOS (tm) 1600 Software (C1600-NY-M), Version 12.1(3), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2000 by cisco Systems, Inc.
Compiled Wed 05-Jul-00 11:06 by cmong
Image text-base: 0x02005000, data-base: 0x025E3D40
ROM: System Bootstrap, Version 11.1(12)XA, EARLY DEPLOYMENT RELEASE SOFTWARE (f)
ROM: 1600 Software (C1600-RBOOT-R), Version 11.1(12)XA, EARLY DEPLOYMENT RELEAS
Router uptime is 2 days, 5 hours, 33 minutes
System returned to ROM by power-on
System image file is "flash:c1600-ny-mz.121-3.bin"
cisco 1605 (68360) processor (revision C) with 18432K/6144K bytes of memory.
Processor board ID 07708942, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.2
FastEthernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
U interface for ISDN Basic Rate interface.
--More--
Misconceptions:
None
Related commands:
None

Command:
squeeze
Mode:
Switch#
Router#
Syntax:
squeeze filesystem:
Syntax Description:
filesystem: Flash file system followed by a colon.
To permanently delete Flash files by squeezing a Class A Flash file system, use the squeeze EXEC
command.
When Flash memory is full, you might need to rearrange the files so that the space used by the files
marked "deleted" can be reclaimed. When you issue the squeeze command, the router copies all
valid files to the beginning of Flash memory and erases all files marked "deleted." At this point,
you cannot recover "deleted" files and you can write to the reclaimed Flash memory space.
In addition to removing deleted files, the squeeze command removes any files that the system has
marked as error. An error file is created when a file write fails (for example, the device is full). To
remove error files, you must use the squeeze command.
Example:
The following example instructs the router to permanently erase the files marked "deleted" from
the Flash memory card inserted in slot 1:
Router#squeeze slot1:
Misconceptions:
The squeeze operation might take as long as several minutes because it can involve erasing and
rewriting almost an entire Flash memory space
Related commands:
delete
erase
dir
cd

Command:
write
Mode:
Router#
Syntax:
write [ erase | memory | network | terminal | ]
Syntax Description:
erase Erases the startup-configuration
memory Writes the running-configuration to the startup-configuration
terminal Dumps the running-configuration to the terminal (console/line)
network Dumps the startup-configuration to a tftp-server
The default write command without any parameters is the same as "write memory." See write
memory for more information about this topic. This command provides several different methods
for output of configuration files. Much of the same functionality can be accomplished using the
copy command.
Example:
Router#write
Misconceptions:
This command has been replaced with the command copy run start
Related commands:
copy
write memory

Command:
write erase
Mode:
Router#
Syntax:
write erase
Syntax Description:
erase Clear the Flash memory configuration.
This command erases the startup-config in NVRAM.
Example:
Router#write erase
Misconceptions:
None
Related commands:
write memory

Command:
write memory
Mode:
Router#
Syntax:
write memory
Syntax Description:
memory Store current configuration in Flash memory.
This command copies the running-config to the startup-config. In fact, it is basically the same
command. Copy running-config startup-config is preferred.
Example:
Router#write memory
Misconceptions:
None.
Related commands:
copy
write erase

Command:
encapsulation frame-relay
Mode:
Router(config-if)#
Syntax:
encapsulation frame-relay [cisco | ietf]
no encapsulation frame-relay [ietf]
Syntax Description:
cisco (Optional) Uses Cisco's own encapsulation, which is a 4-byte header, with 2 bytes to
identify the data-link connection identifier (DLCI) and 2 bytes to identify the packet
type.
ietf (Optional) Sets the encapsulation method to comply with the Internet Engineering
Task Force (IETF) standard (RFC 1490). Use this keyword when connecting to
another vendor's equipment across a Frame Relay network.
To enable Frame Relay encapsulation, use the encapsulation frame-relay interface configuration
command. To disable Frame Relay encapsulation, use the no form of this command.
Usage Guidelines
Use this command with no keywords to restore the default Cisco encapsulation, which is a 4-byte
header with 2 bytes for the DLCI and 2 bytes to identify the packet type.
You should shut down the interface prior to changing encapsulation types. Although this is not
required, shutting down the interface ensures the interface is reset for the new encapsulation.
Example:
The following example configures Cisco Frame Relay encapsulation on interface serial 1:
Router(config-if)#encapsulation frame-relay
Use the ietf keyword if your router or access server is connected to another vendor's equipment
across a Frame Relay network to conform with RFC 1490:
Router(config-if)#encapsulation frame-relay ietf
Misconceptions:
None
Related Commands:
None

Command:
frame-relay adaptive-shaping
Mode:
Router(config-map-class)#
Syntax:
frame-relay adaptive-shaping {becn | foresight }
no frame-relay adaptive-shaping
Syntax Description:
becn Enables rate adjustment in response to BECN.
foresight Enables rate adjustment in response to ForeSight messages.
Use the frame-relay adaptive-shaping map-class subcommand to select the type of backward
notification you want to use. Use the no form of the command to disable backward notification.
This command replaces the frame-relay becn-response-enable command, which will be removed
in a future Cisco IOS release. If you use the frame-relay becn-response-enable command in
scripts, you should replace it with the frame-relay adaptive-shaping command.
The frame-relay adaptive-shaping command configures a router to respond to either BECN or

ForeSight backward congestion notification messages.
Include this command in a map-class definition and apply the map class to either the main
interface or to a subinterface.
Example:
This example shows the map-class definition for a router configured with traffic shaping and
Router ForeSight enabled.
Router#interface Serial 0/0
Router(config-if)#no ip address
Router(config-if)#frame-relay traffic-shaping
Router(config-if)#frame-relay class control-A
Router(config)#map-class frame-relay control-A
Router(config-map-class)#frame-relay adaptive-shaping foresight
Router(config-map-class)#frame-relay cir 56000
Router(config-map-class)#frame-relay bc 64000
Misconceptions:
None
Related Commands:
frame-relay traffic-shaping
map-class frame-relay

Command:
frame-relay class
Mode:
Router(config-if)#
Syntax:
frame-relay class name
no frame-relay class name
Syntax Description:
name Name of the map class to associate with this interface or subinterface.
To associate a map class with an interface or subinterface, use the frame-relay class interface
configuration command. To remove the association between in the interface or subinterface and
the named map class, use the no form of this command.
This command can apply to interfaces or subinterfaces.
All relevant parameters defined in the name map class are inherited by each virtual circuit created
on the interface or subinterface. For each virtual circuit, the precedence rules are as follows:
1. Use the map class associated with the virtual circuit if it exists.
2. If not, use the map class associated with the subinterface if the map class
exists.
3. If not, use map class associated with interface if the map class exists.
4. If not, use the interface default parameters.
Example:
The following example associates the map class slow_vcs with the serial 0.1 subinterface. The
map class slow_vcs is defined to have an outbound CIR value of 9600:
Router(config)#interface serial 0/0.1

Router(config-if)#frame-relay class slow_vcs
Router(config)#map-class frame-relay slow_vcs
Router(config-map-class)#frame-relay cir out 9600
If a virtual circuit exists on the serial 0/0.1 interface and is associated with some other map class,
the parameter values of the second map class override those defined in the slow_vc map class for
that virtual circuit.
Misconceptions:
None
Related Commands:

Command:
frame-relay custom-queue-list
Mode:
Syntax:
frame-relay custom-queue-list list-number
no frame-relay custom-queue-list list-number
Syntax Description:
list-number Custom queue list number.
To specify a custom queue to be used for the virtual circuit queuing associated with a specified
map class, use the frame-relay custom-queue-list map-class configuration command. To remove
the specified queuing from the virtual circuit and cause it to revert to the default first-come-first-
served queuing, use the no form of this command.
Definition of the custom queue takes place in the existing manner (through queue-list commands).
Only one form of queuing can be associated with a particular map class; subsequent definitions
overwrite previous ones.
Example:
The following example configures a custom queue list for the fast_vcs map class:
Router(config)#map-class frame-relay fast_vcs
Router(config-map-class)#frame-relay custom-queue-list 1
Router(config)#queue-list 1 queue 4 byte-count 100
Misconceptions:
None
Related Commands:

Command:
frame-relay interface-dlci
Mode:
Router(config-if)#
Syntax:
frame-relay interface-dlci dlci [ietf | cisco] [voice-encap size]
no frame-relay interface-dlci dlci [ietf | cisco] [voice-encap
size]
BOOTP server only:
frame-relay interface-dlci dlci [protocol ip ip-address]
Syntax Description:
dlci DLCI number to be used on the specified subinterface.
ietf | cisco (Optional) Encapsulation type: Internet Engineering Task Force (IETF) Frame
Relay encapsulation or Cisco Frame Relay encapsulation.
protocol ip (Optional) Indicates the IP address of the main interface of a new router or access
ip-address server onto which a router configuration file is to be automatically installed over a
Frame Relay network. Use this option only when this device will act as the BOOTP
server for automatic installation over Frame Relay.
voice-encap (Supported on the Cisco MC3810 only.) Specifies that data segmentation will be
size used to support Voice over Frame Relay. The voice encapsulation size denotes the
data segmentation size. For a list of recommended data segmentation sizes, see
Usage Guidelines.
To assign a data link connection identifier (DLCI) to a specified Frame Relay subinterface on the
router or access server, use the frame-relay interface-dlci interface configuration command. To
remove this assignment, use the no form of this command.
This command is typically used for subinterfaces. However, it can also be used on main interfaces.
Using the frame-relay interface-dlci command on main interfaces will enable the use of routing
protocols on interfaces that use Inverse ARP . The frame-relay interface-dlci command on a
main interface is also valuable for assigning a specific class to a single PVC where special
characteristics are desired. Subinterfaces are logical interfaces associated with a physical interface.
You must specify the interface and subinterface before you can use this command to assign any
DLCIs and any encapsulation or broadcast options. See the "Examples" section for the sequence of
commands.
This command is required for all point-to-point subinterfaces; it is also required for multipoint
subinterfaces for which dynamic address resolution is enabled. It is not required for multipoint
subinterfaces configured with static address mappings.
Use the protocol ip ip-address option only when this router or access server will act as the BOOTP
server for auto installation over Frame Relay.
For the voice-encap option on the Cisco MC3810, set the data segmentation size based on the port
access rate. The table below lists recommended data segmentation sizes for different port access
rates. Also, when the voice-encap option is configured on the Cisco MC3810, all priority queuing,
custom queuing, and weighted fair queuing is disabled on the interface.
Table: Recommended Data Segmentation Sizes for Port Access Rates
Port Access The data segmentation size is based for back-to-back Frame Relay. If sending traffic
Rate through an IGX with standard Frame Relay, add an extra 15 bytes to the
recommended data segmentation size.
64 kbps 80 bytes
128 kbps 160 bytes
256 kbps 320 bytes
512 kbps 640 bytes
1536 kbps
1600 bytes
(full T1)
2048 kbps
1600 bytes
(full E1)
Example:
The following example assigns DLCI 100 to serial subinterface 0/0.17:
! Enter interface configuration and begin assignments on interface serial 0/0
Router#interface serial 0/0
! Enter subinterface configuration by assigning subinterface 17
interface serial 0/0.17
! Now assign a DLCI number to subinterface 0/0.17
Router(config-if)#frame-relay interface-dlci 100
Misconceptions:
None
Related Commands:
frame-relay class
Command:
frame-relay lmi-type
Mode:
Router(config-if)#
Syntax:
frame-relay lmi-type {ansi | cisco | q933a }
no frame-relay lmi-type {ansi | q933a }
Syntax Description:
ansi Annex D defined by American National Standards Institute (ANSI) standard T1.617.
cisco LMI type defined jointly by Cisco and three other companies.
q933a ITU-T Q.933 Annex A.
To select the Local Management Interface (LMI) type, use the frame-relay lmi-type interface
configuration command. To return to the default LMI type, use the no form of this command.
Cisco's implementation of Frame Relay supports three LMI types: Cisco, ANSI Annex D, and ITU-
T Q.933 Annex A.
The LMI type is set on a per-interface basis and is shown in the output of the show interfaces
EXEC command.
If you want to deactivate LMI autosense, use this command and the keepalive command to
configure the LMI. For more information about LMI autosense and configuring the LMI, see the
"Configuring Frame Relay" chapter in the Wide-Area Networking Configuration Guide.
Example:
The following is an example of the commands you might enter to configure an interface for the
ANSI Annex D LMI type:
Router#interface Serial 0/1
Router(config-if)#frame-relay lmi-type ansi
Router(config-if)#keepalive 15
Misconceptions:
None
Related Commands:
None

Command:
frame-relay map
Mode:
Router(config-if)#
Syntax:
frame-relay map protocol protocol-address dlci [broadcast] [ietf |
cisco] [payload-compress {packet-by-packet |frf9 stac [hardware-
options]}]
no frame-relay map protocol protocol-address
Syntax Description:
protocol Supported protocol, bridging, or logical link control keywords: appletalk,

decnet, dlsw,ip, ipx, llc2, rsrb, vines and xns
protocol- Destination protocol address

address
dlci DLCI number used to connect to the specified protocol address on the
interface
broadcast (Optional) Forwards broadcasts to this address when multicast is not

enabled (see the frame-relay multicast-dlci command for more
information about multicasts). This keyword also simplifies the
configuration of Open Shortest Path First (OSPF) (see the "Usage
Guidelines" section for more detail)
ietf (Optional) Internet Engineering Task Force (IETF) form of Frame Relay
encapsulation. Used when the router or access server is connected to
another vendor's equipment across a Frame Relay network
cisco (Optional) Cisco encapsulation method
payload- (Optional) Packet-by-packet payload compression using the Stacker

compress method
packet-by-
packet
payload- (Optional) Enables FRF.9 compression using the Stacker method
compress frf9
stac
If the router contains a compression service adapter (CSA),
compression is performed in the CSA hardware (hardware
compression).
If the CSA is not available, compression is performed in the software
installed on the VIP2 (distributed compression).
If the VIP2 is not available, compression is performed in the router's
main processor (software compression).
hardware- distributed
options
(Optional) Specifies that compression is implemented in the software that
is installed in a VIP2. If the VIP2 is not available, compression is
performed in the router's main processor (software compression). This
option applies only to the Cisco 7500 series.
software
(Optional) Specifies that compression is implemented in the Cisco IOS

software installed in the router's main processor.
csa csa_number
(Optional) Specifies the CSA to use for a particular interface. This option
applies only to Cisco 7200 series routers.
To define the mapping between a destination protocol address and the DLCI used to connect to the
destination address, use the frame-relay map interface configuration command. Use the no form
of this command to delete the map entry.
There can be many DLCIs known by a router or access server that can send data to many different
places, but they are all multiplexed over one physical link. The Frame Relay map defines the
logical connection between a specific protocol and address pair and the correct DLCI.
The optional ietf and cisco keywords allow flexibility in the configuration. If no keywords are
specified, the map inherits the attributes set with the encapsulation frame-relay command. You
can use the frame-relay map command to specify bridging that uses a Cisco encapsulation. You
can also use the encapsulation options to specify that, for example, all interfaces use IETF
encapsulation except one, which needs the original Cisco encapsulation method and can be
configured through use of the cisco keyword with the frame-relay map command.
Packet-by-packet compression is Cisco-proprietary and will not interoperate with routers of other
manufacturers.
You can disable payload compression by entering the no frame-relay map payload command and
then entering the frame-relay map command again with one of the other encapsulation keywords
(cisco or ietf).
Use the frame-relay map command to enable or disable payload compression on multipoint
interfaces. Use the frame-relay payload-compress command to enable or disable payload
compression on point-to-point interfaces.
We recommend that you shut down the interface prior to changing encapsulation types. Although
this is not required, shutting down the interface ensures the interface is reset for the new
encapsulation.
The broadcast keyword provides two functions: it forwards broadcasts when multicasting is not
enabled, and it simplifies the configuration of OSPF for nonbroadcast networks that will use Frame
Relay.
The broadcast keyword might also be required for some routing protocols—for example,
AppleTalk—that depend on regular routing table updates, especially when the router at the remote
end is waiting for a routing update packet to arrive before adding the route.
By requiring selection of a designated router, OSPF treats a nonbroadcast, multiaccess network

such as Frame Relay in much the same way as it treats a broadcast network. In previous releases,
this required manual assignment in the OSPF configuration using the neighbor interface router
command. When the frame-relay map command is included in the configuration with the
broadcast keyword, and the ip ospf network command (with the broadcast keyword) is
configured, there is no need to configure any neighbors manually. OSPF will now automatically
run over the Frame Relay network as a broadcast network. (Refer to the ip ospf network interface
command for more detail.)
Note The OSPF broadcast mechanism assumes that IP class D addresses are never used for regular
traffic over Frame Relay.
Example:
The following example maps the destination IP address 172.16.123.1 to DLCI 100:
Router(config-if)#frame-relay map IP 172.16.123.1 100 broadcast
OSPF will use DLCI 100 to broadcast updates.
The following segment of the show running-config command, shows FRF.9 compression
configuration using the frame-relay map command.
!
interface Serial0/1
ip address 172.16.1.4 255.255.255.0
no ip route-cache
encapsulation frame-relay IETF
no keepalive
shutdown
frame-relay map ip 172.16.1.1 105 IETF payload-compression FRF9 stac
!
The following segment of the show running-config command, shows IETF encapsulation on the
interface, and stun traffic configured to use CISCO encapsulation:
!
interface Serial0/0
no ip address
no ip mroute-cache
encapsulation frame-relay IETF
no ip route-cache
no keepalive
no fair-queue
clockrate 64000
no frame-relay inverse-arp IP 100
no frame-relay inverse-arp NOVELL 100
no frame-relay inverse-arp APPLETALK 100
no frame-relay inverse-arp XNS 100
no frame-relay inverse-arp DECNET 100
no frame-relay inverse-arp VINES 100
frame-relay local-dlci 100
frame-relay map stun 100 CISCO
!
interface Serial0/1
no ip address
no ip mroute-cache
encapsulation stun
no ip route-cache
stun group 123
stun sdlc-role primary
sdlc address 62
stun route address 62 interface Serial0/0 dlci 100 4 local-ack
Misconceptions:
None
Related Commands:
frame-relay payload-compress

Command:
frame-relay priority-group
Mode:
Syntax:
frame-relay priority-group list-number
no frame-relay priority-group list-number
Syntax Description:
list-number Priority-list number to be associated with the specified map class
To assign a priority queue to virtual circuits associated with a map class, use the frame-relay
priority-group map-class configuration command. To remove the specified queuing from the
virtual circuit and cause it to revert to the default first-come-first-served queuing, use the no form
of this command.
Definition of the priority queue takes place in the existing manner (through priority-list
commands).
Because only one form of queuing can be associated with a particular map class, subsequent
definitions overwrite previous ones.
Example:
The following example configures a map class for a specified DLCI, specifies a priority list for the map
class, and then defines the priority list:
Router(config-if)#frame-relay interface-dlci 100 class pri_vc
Router(config)#map-class frame-relaypri_vc
Router(config-map-class)#frame-relay priority-group 1 priority-list 1 protocol ip high
Misconceptions:
None
Related Commands:
frame-relay interface-dlci

Command:
frame-relay traffic-rate
Mode:
Syntax:
frame-relay traffic-rate average [peak]
no frame-relay traffic-rate average [peak]
Syntax Description:
average Average rate, in bits per second; equivalent to specifying the contracted CIR.
peak (Optional) Peak rate, in bits per second; equivalent to CIR + Be/Tc = CIR (1 + Be/Bc)
= CIR + EIR.
To configure all the traffic shaping characteristics of a virtual circuit in a single command, use the
frame-relay traffic-rate map-class configuration command. To remove the specified traffic
shaping from the map class, use the no form of this command.
Usage Guidelines
For SVCs, the configured peak and average rates are converted to the equivalent CIR, excess burst
size (Be), and committed burst size (Bc) values for use by SVC signaling.
This command lets you configure all the traffic shaping characteristics of a virtual circuit in a
single command. Using it is simpler than the alternative of entering the three subcommands
frame-relay cir out, frame-relay be out and frame-relay bc out, but offers slightly less
flexibility.
Example:
The following example associates a map class with specified DLCI and then sets a traffic rate for
the map-class (and thus for the DLCI):
Router(config-if)#frame-relay interface-dlci 100 class fast_vc
Router(config)#map-class frame-relay fast_vc

Router(config-map-class)#frame-relay traffic-rate 56000 128000
Misconceptions:
None
Related Commands:
frame-relay cir

Command:
Mode:
Router(config-if)#
Syntax:
no frame-relay traffic-shaping
Syntax Description:
To enable both traffic shaping and per-virtual circuit queuing for all PVCs and SVCs on a Frame
Relay interface, use the frame-relay traffic-shaping interface configuration command. To disable
traffic shaping and per-virtual circuit queuing, use the no form of this command.
Usage Guidelines
For virtual circuits for which no specific traffic shaping or queuing parameters are specified, a set
of default values are used. The default queuing is performed on a first-come-first-served basis.
Frame Relay traffic shaping is not effective for Layer 2 PVC switching using the frame-relay
route command.
Example:
The following example enables both traffic shaping and per-virtual circuit queuing:
Router(config-if)#frame-relay traffic-shaping
Misconceptions:
None
Related Commands:
frame-relay class
frame-relay custom-queue-list
frame-relay priority-group
frame-relay traffic-rate

Command:
keepalive (LMI)
Mode:
Router(config-if)#
Syntax:
keepalive number
no keepalive number
Syntax Description:
Number of seconds that defines the keepalive interval. The interval must be set as a
number
positive integer that is less than the interval set on the switch.
To enable the Local Management Interface (LMI) mechanism for serial lines using Frame Relay
encapsulation, use the keepalive interface configuration command. Use the no form of this
command to disable this capability. The keepalive command enables the keepalive sequence,
which is part of the Local Management Interface (LMI) protocol. When booting from a network
server over Frame Relay, you might need to disable keepalives.
Example:
The following example sets the keepalive timer on the server for a period that is two or three
seconds faster (shorter interval) than the interval set on the keepalive timer of the Frame Relay
switch. The difference in keepalive intervals ensures proper synchronization between the Cisco
server and the Frame Relay switch.
Router(config-if)#keepalive 8
Misconceptions:
None
Related Commands:
frame-relay lmi-type

Command:
Mode:
Router(config)#
Syntax:
map-class frame-relay map-class-name
no map-class frame-relay map-class-name
Syntax Description:
map-class-name Name of this map class
To specify a map class to define quality of service (QoS) values for an SVC, use the map-class
frame-relay global configuration command.
After you specify the named map class, you can specify the QoS parameters such as incoming and
outgoing CIR, committed burst rate, excess burst rate, and the idle timer for the map class.
To specify the protocol-and-address combination to which the QoS parameters are to be applied,
associate this map class with the static maps under a map list.
Example:
The following example specifies a map class called hawaii and defines three QoS parameters for it.
The hawaii map class is associated with a protocol-and-address static map defined under the map-
list command.
Router(config)#map-list bermuda source-addr E164 123456 dest-addr E164 654321
Router(config-map-list)#ip 131.108.177.100 class hawaii
Router(config-map-list)#appletalk 1000.2 class hawaii
Router(config)#map-class frame-relay hawaii

Router(config-map-class)#frame-relay cir in 2000000
Router(config-map-class)#frame-relay cir out 56000
Router(config-map-class)#frame-relay be out 9000
Misconceptions:
None
Related Commands:
None

Command:
show frame-relay lmi
Mode:
Router#
Syntax:
show frame-relay lmi [type number]
Syntax Description:
type (Optional) Interface type, it must be serial
number (Optional) Interface number
To display statistics about the Local Management Interface (LMI), use the show frame-relay lmi
EXEC command.
Enter the command without arguments to obtain statistics about all Frame Relay interfaces.
Example:
The following is a sample of output from the show frame-relay lmi command when the interface
is a DTE:
Router#show frame-relay lmi
LMI Statistics for interface Serial0/1 (Frame Relay DTE) LMI TYPE = ANSI
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 9 Num Status msgs Rcvd 0
Num Update Status Rcvd 0 Num Status Timeouts 9
is an NNI:
LMI Statistics for interface Serial0/2 (Frame Relay NNI) LMI TYPE = CISCO
Num Status Enq. Rcvd 11 Num Status msgs Sent 11
Num Update Status Rcvd 0 Num St Enq. Timeouts 0
Num Update Status Sent 0 Num Status Timeouts 0
The table below describes significant fields shown in the output.
Table: show frame-relay lmi Field Descriptions
Field Description
LMI Statistics Signaling or LMI specification: CISCO, ANSI, or ITU-T
Invalid Unnumbered Number of received LMI messages with invalid unnumbered

info information field
Invalid Prot Disc Number of received LMI messages with invalid protocol
discriminator
Invalid dummy Call Number of received LMI messages with invalid dummy call
Ref references
Invalid Msg Type Number of received LMI messages with invalid message type
Invalid Status Number of received LMI messages with invalid status message
Message
Invalid Lock Shift Number of received LMI messages with invalid lock shift type
Invalid Information Number of received LMI messages with invalid information

ID identifier
Invalid Report IE Len Number of received LMI messages with invalid Report IE Length
Invalid Report Number of received LMI messages with invalid Report Request
Request
Invalid Keep IE Len Number of received LMI messages with invalid Keep IE Length
Num Status Enq. Sent Number of LMI status inquiry messages sent
Num Status Msgs Number of LMI status messages received

Rcvd
Num Update Status Number of LMI asynchronous update status messages received
Rcvd
Num Status Timeouts Number of times the status message was not received within the
keepalive time value
Num Status Enq. Number of LMI status enquiry messages received

Rcvd
Num Status Msgs Number of LMI status messages sent

Sent
Num Status Enq. Number of times the status enquiry message was not received within
Timeouts the T392 DCE timer value
Num Update Status Number of LMI asynchronous update status messages sent
Sent
Misconceptions:
None
Related commands:
None

Command:
show frame-relay map
Mode:
Router#
Syntax:
Syntax Description:
To display the current map entries and information about the connections, use the show frame-
relay map EXEC command.
Example:
The following is a sample of output from the show frame-relay map command:
Router# show frame-relay map
Serial 1 (administratively down): ip 131.108.177.177

dlci 177 (0xB1,0x2C10), static, broadcast, CISCO
TCP/IP Header Compression (inherited), passive (inherited)
Table: show frame-relay map Field Descriptions

Field Description
Serial 1 (administratively Identifies a Frame Relay interface and its status (up or down).
down)
ip 131.108.177.177 Destination IP address.
dlci 177 (0xB1,0x2C10) DLCI that identifies the logical connection being used to reach
this interface. This value is displayed in three ways: its decimal
value (177), its hexadecimal value (0xB1), and its value as it
would appear on the wire (0x2C10).
static Indicates whether this is a static or dynamic entry.
CISCO Indicates the encapsulation type for this map, either CISCO or
IETF.
TCP/IP Header Indicates whether the TCP/IP header compression

Compression (inherited), characteristics were inherited from the interface or were
passive (inherited) explicitly configured for the IP map.
Misconceptions:
None
Related commands:
show frame-relay pvc

Command:
Mode:
Router#
Syntax:
show frame-relay pvc [type number [dlci]]
Syntax Description:
type (Optional) Interface type
dlci (Optional) This represents one of the specific DLCI numbers used on the interface.
Statistics for the specified PVC display when a DLCI is also specified.
To display statistics about PVCs for Frame Relay interfaces, use the show frame-relay pvc EXEC
command.
Statistics Reporting
To obtain statistics about PVCs on all Frame Relay interfaces, use this command with no
arguments.
Per VC counters are not incremented at all when either autonomous or SSE switching is
configured. Therefore, PVC values will be inaccurate if either switching method is used.
DCE, DTE, and Logical Interfaces
When the interface is configured as a DCE and the DLCI usage is SWITCHED, the value
displayed in the PVC STATUS field is determined by the status of outgoing interfaces (up or
down) and the status of the outgoing PVC. The status of the outgoing PVC is updated in the Local
Management Interface (LMI) message exchange. PVCs terminated on a DCE interface use the
status of the interface to set the PVC STATUS.
In the case of a hybrid DTE switch, the PVC status on the DTE side is determined by the PVC
status reported by the external Frame Relay network through the LMI.
If the outgoing interface is a tunnel, the PVC status is determined by what is learned from the
tunnel.
Traffic Shaping
Congestion control mechanisms are currently not supported, but the switch passes forward explicit
congestion notification (FECN) bits, backward explicit congestion notification (BECN) bits, and
discard eligibility (DE) bits unchanged from entry to exit points in the network.
If an LMI status report indicates that a PVC is not active, then it is marked as inactive. A PVC is
marked as deleted if it is not listed in a periodic LMI status message.
Example:
The following is a sample of output from the show frame-relay pvc command:
Router#show frame-relay pvc
PVC Statistics for interface Serial (Frame Relay DCE)
DLCI = 22, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial3/1:1.1
input pkts 9 output pkts 300008 in bytes 2754

out bytes 161802283 dropped pkts 0 in FECN pkts 0
in BECN pkts 1 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
outbcast pkts 0 outbcast bytes 0
Shaping adapts to ForeSight in ForeSight signals 1304
pvc create time 1d05h, last time pvc status changed 00:11:00
If the circuit is configured for shaping to adapt to BECN, it is indicated in the display:
Shaping adapts to BECN
If traffic shaping on the circuit does not adapt to either BECN or ForeSight, nothing extra shows:
DLCI = 100, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE

pvc create time 0:03:03 last time pvc status changed 0:03:03
Num Pkts Switched 0
The following is a sample of output from the show frame-relay pvc command for multipoint subinterfaces
both the subinterface number and the DLCI. This display is the same whether the PVC is configured for sta
addressing:
DLCI = 300, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0.103


The following table describes the additional fields shown in the display when traffic sh
Table: show frame-relay pvc

Field Descriptions
Field Description
DLCI One of the data link connection identifier (DLCI) numbers for the PVC
DLCI USAGE One of the following values:
SWITCHED—the router or access server is used as a switch

LOCAL—the router or access server is used as a DTE
UNUSED—the DLCI is not referenced by any user-entered configurat
router
PVC STATUS Status of the PVC: ACTIVE, INACTIVE, or DELETED
INTERFACE = Specific subinterface associated with this DLCI

Serial0.103
input pkts Number of packets received on this PVC
output pkts Number of packets sent on this PVC
in bytes Number of bytes received
out bytes Number of bytes sent
dropped pkts Number of packets dropped by the router at Frame Relay level because an a
was not found
in FECN pkts Number of packets received with the FECN bit set
in BECN pkts Number of packets received with the BECN bit set
out FECN pkts Number of packets sent with the FECN bit set
out BECN pkts Number of packets sent with the BECN bit set
in DE pkts Number of DE packets received
out DE pkts Number of DE packets sent
outbcast pkts Number of output broadcast packets
outbcast bytes Number of output broadcast bytes
pvc create time Time the PVC was created
last time pvc status Time the PVC changed status (active to inactive)
changed
Num Pkts Switched Number of packets switched within the router or access server, this PVC is
The following is a sample of output from the show frame-relay pvc command with no traffic shaping conf
PVC Statistics for interface Serial1 (Frame Relay DTE)
DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial1

out bcast pkts 0 out bcast bytes 0
The following is a sample of output from the show frame-relay pvc command when traffic shaping is in ef
pvc create time 11:59:29, last time pvc status changed 11:59:29
CIR 64000 BC 8000 BE 1600 limit 2000 interval 125
mincir 32000 byte incremen 500 BECN response yes
pkts 9776 bytes 838676 pkts delayed 0 bytes delayed 0
shaping inactive
List Queue Args

1 4 byte-count 100
Output queues: (queue #: size/max/drops)
0: 0/20/0 1: 0/20/0 2: 0/20/0 3: 0/20/0 4: 0/20/0
5: 0/20/0 6: 0/20/0 7: 0/20/0 8: 0/20/0 9: 0/20/0
10: 0/20/0 11: 0/20/0 12: 0/20/0 13: 0/20/0 14: 0/20/0
15: 0/20/0 16: 0/20/0

Field Descriptions with Traffic Shaping in Effect
Field Description
CIR Current committed information rate (CIR), in bits per second
BC Current committed burst size, in bits
BE Current excess burst size, in bits
limit Maximum number of bytes transmitted per internal interval (excess plus
sustained)
interval Interval being used internally interval being used internally (may be smaller than the inte
Bc/CIR, this happens when the router determines that traffic flow will be more stable wit
interval)
mincir Minimum committed information rate (CIR) for the PVC
incremen Number of bytes that will be sustained per internal interval
BECN Frame Relay has BECN Adaptation configured

response
List Queue Identifier and parameter values for a custom queue list defined for the PVC (These identi
Args correspond to the command queue-list 1
queue 4 byte-count 100)
Output Output queues used for the PVC, with the current size, the maximum size, and the numbe
queues shown for each queue
The packet and byte values are counts for the number of packets and bytes that have gone through the traffi
Misconceptions:
None
Related commands:
None

Command:
show standby
Mode:
Router#
Syntax:
show standby [type number [group]] [brief]
Syntax Description:
type number (Optional) Interface type and number for which output is displayed.
group (Optional) Group number on the interface for which output is displayed.
brief (Optional) A single line of output summarizes each standby group.
To display Hot Standby Router Protocol (HSRP) information, use the show standby EXEC
command.
If you want to specify a group, you must also specify an interface type and number.
Examples:
The following is a sample of output from the show standby command:
Router#show standby
FastEthernet0/0 - Group 0
Local state is Active, priority 100, may preempt
Hellotime 3 holdtime 10
Next hello sent in 0:00:00
Hot standby IP address is 198.92.72.29 configured
Active router is local
Standby router is 198.92.72.21 expires in 0:00:07
Tracking interface states for 2 interfaces, 2 up:
Up FastEthernet0/0
Up Serial0/0
The following is a sample of output from the show standby command with a specific interface and
the brief keyword:
Router#show standby fastethernet0 brief
Interface Grp Prio P State Active addr Standby addr Group addr
Et0 0 100 Standby 171.69.232.33 local 172.19.48.254
The table below describes the fields in the display.
Table: show standby Field Descriptions
Field Description
Ethernet0 - Interface type and number and Hot Standby group number for the
Group 0 interface
Local state is ... State of local router; can be one of the following:
Active—Current Hot Standby router

Standby—Router next in line to be the Hot Standby router
priority Priority value of the router based on the standby priority, standby
preempt command
may preempt Indicates that the router will attempt to assume control as the active
(indicated by P in router if its priority is greater than the current active router
the brief output)
Hellotime Time between hello packets (in seconds), based on the standby timers
command
holdtime Time (in seconds) before other routers declare the active or standby
router to be down, based on the standby timers command
Next hello sent in Time in which the Cisco IOS software will send the next hello packet (in
... hours:minutes:seconds).
Hot Standby IP IP address of the current Hot Standby router. The word "configured"
address is ... indicates that this address is known through the standby ip command.
configured Otherwise, the address was learned dynamically through HSRP hello
packets from other routers that do have the HSRP IP address configured.
Active router is ... Value can be "local" or an IP address. Address of the current active Hot
Standby router
Standby router is Value can be "local" or an IP address. Address of the "standby" router
... (the router that is next in line to be the Hot Standby router)
expires in Time (in hours:minutes:seconds) in which the standby router will no

longer be the standby router if the local router receives no hello packets
from it.
Tracking List of interfaces that are being tracked and their corresponding states.
interface states Based on the standby track command.
for ...
Misconceptions:
None
Related commands:
standby ip
standby preempt or priority
standby timers
standby track

Command:
standby ip
Mode:
Router(config-if)#
Syntax:
standby [group-number] ip [ip-address [secondary]]
no standby [group-number] ip [ip-address]
Syntax Description:
group- (Optional) Group number on the interface for which HSRP is being activated.
number Default is 0.
ip-address (Optional) IP address of the Hot Standby Router interface.
secondary (Optional) Indicates the IP address is a secondary Hot Standby Router

interface. Useful on interfaces with primary and secondary addresses; you can
configure primary and secondary HSRP addresses.
To activate the Hot Standby Router Protocol (HSRP), use the standby ip interface configuration
command. To disable HSRP, use the no form of this command.
The standby ip command activates HSRP on the configured interface. If an IP address is

specified, that address is used as the designated address for the Hot Standby group. If no IP address
is specified, the designated address is learned through the standby function. For HSRP to elect a
designated router, at least one router on the cable must have been configured with, or learned, the
designated address. Configuring the designated address on the active router always overrides a
designated address that is currently in use.
When the standby ip command is enabled on an interface, the handling of proxy ARP requests is
changed (unless proxy ARP was disabled). If the interface's Hot Standby state is active, proxy ARP
requests are answered using the Hot Standby group's MAC address. If the interface is in a different
state, proxy ARP responses are suppressed.
When group number 0 is used, no group number is written to NVRAM, providing backward
compatibility.
Examples:
The following example activates HSRP for group 1 on FastEthernet interface 0/0. The IP address
used by the Hot Standby group will be learned using HSRP.
Router(config)#interface fastethernet 0/0
Router(config-if)#standby 1 ip
In the following example, all three virtual IP addresses appear in the ARP table using the same
(single) virtual MAC address. All three virtual IP addresses are using the same HSRP group
(group 0).
Router(config-if)#ip address 1.2.2.2 255.255.255.0 secondary
Router(config-if)#standby ip 1.1.1.254
Router(config-if)#standby ip 1.2.2.254 secondary
Router(config-if)#standby ip 1.3.3.254 secondary
Misconceptions:
None
Related commands:
None

Command:
Mode:
Router(config-if)#
Syntax:
standby [group-number] priority priority [preempt [delay delay]]
standby [group-number] [priority priority] preempt [delay delay]
no standby [group-number] priority priority [preempt [delay

delay]]
no standby [group-number] [priority priority] preempt [delay

delay]
Syntax Description:
group- (Optional) Group number on the interface to which the other arguments in this
number command apply.
priority (Optional) Priority value that prioritizes a potential Hot Standby router. The
priority range is 1 to 255, where 1 denotes the lowest priority and 255 denotes the
highest priority. The default priority value is 100. The router in the HSRP group
with the highest priority value becomes the active router.
preempt (Optional) The router is configured to preempt, which means that when the local
router has a Hot Standby priority higher than the current active router, the local
router should attempt to assume control as the active router. If preempt is not
configured, the local router assumes control as the active router only if it
receives information indicating that there is no router currently in the active state
(acting as the designated router).
delay (Optional) Time in seconds. The delay argument causes the local router to
delay postpone taking over the active role for delay seconds since that router was last
restarted. The range is 0 to 3600 seconds (1 hour). The default is 0 seconds (no
delay).
To configure Hot Standby Router Protocol (HSRP) priority, preemption, and preemption delay, use
the standby interface configuration command. To restore the default values, use the no form of
this command.
When using this command, you must specify at least one keyword (priority or preempt) or you
can specify both.
compatibility.
The assigned priority is used to help select the active and standby routers. Assuming preemption is
enabled, the router with the highest priority becomes the designated active router. In case of ties,
the primary IP addresses are compared, and the higher IP address has priority.
Note that the device's priority can change dynamically if an interface is configured with the
standby track command and another interface on the router goes down.
When a router first comes up, it does not have a complete routing table. If it is configured to
preempt, it will become the active router, yet it is unable to provide adequate routing services. This
problem is solved by configuring a delay before the preempting router actually preempts the
currently active router.
The assigned priority has a higher priority than the authentication string specified in the standby
authentication command. A router with a higher HSRP priority will ignore the authentication
string.
Example:
In the following example, the router has a priority of 120 (higher than the default value) and will
wait for 300 seconds (5 minutes) before attempting to become the active router:
Router(config)#interface fastethernet 0
Router(config-if)#standby priority 120 preempt delay 300
Misconceptions:
None
Related commands:
standby track

Command:
standby timers
Mode:
Router(config-if)#
Syntax:
standby [group-number] timers [msec] hellotime [msec] holdtime
no standby [group-number] timers [msec] hellotime [msec] holdtime
Syntax Description:
group- (Optional) Group number on the interface to which the timers apply. The
number default is 0.
msec (Optional) Interval in milliseconds. Millisecond timers allow for faster failover.
hellotime Hello interval in seconds.This is an integer from 1 to 255. The default is 3

seconds. If the msec option is specified, hello interval is in milliseconds. This is
an integer from 20 to 999.
holdtime Time in seconds before the active or standby router is declared to be down. This
is an integer from 1 to 255. The default is 10 seconds. If the msec option is
specified, holdtime is in milliseconds. This is an integer from 20 to 999.
To configure the time between hellos and the time before other routers declare the active Hot
Standby or standby router to be down, use the standby timers interface configuration command.
To restore the timers to their default values, use the no form of this command.
The standby timers command configures the time between standby hellos and the time before
other routers declare the active or standby router to be down. Routers or access servers on which
timer values are not configured can learn timer values from the active or standby router. The timers
configured on the active router always override any other timer settings. All routers in a Hot
Standby group should use the same timer values. Normally, holdtime is greater than or equal to 3
times the value of hellotime, (holdtime > 3 * hellotime). The value of the standby timer will not be
learned through HSRP hellos if it is less than 1 second.
compatibility.
Examples:
The following example sets, for group number 1 on Ethernet interface 0, the time between hello
packets to 5 seconds, and the time after which a router is considered to be down to 15 seconds:
Router(config-if)#standby 1 ip 1.1.1.1
Router(config-if)#standby 1 timers 5 15
The following example sets, for the Hot Router interface located at 172.19.10.1 on Ethernet
interface 0, the time between hello packets to 300 milliseconds, and the time after which a router is
considered to be down to 900 milliseconds.
Router(config-if)#standby timers msec 300 msec 900
Misconceptions:
None
Related commands:
None

Command:
standby track
Mode:
Router(config-if)#
Syntax:
standby [group-number]track type number [interface-priority]
no standby [group-number] track type number [interface-priority]
Syntax Description:
group- (Optional) Group number on the interface to which the tracking applies.
number
type Interface type (combined with interface number) that will be tracked.
number Interface number (combined with interface type) that will be tracked.
interface- (Optional) Amount by which the Hot Standby priority for the router is
priority decremented (or incremented) when the interface goes down (or comes back
up). The default value is 10.
To configure an interface so that the Hot Standby priority changes based on the availability of other
interfaces, use the standby track interface configuration command. To remove the tracking, use
This command ties the router's Hot Standby priority to the availability of its interfaces. It is useful
for tracking interfaces that are not configured for the Hot Standby Router Protocol.
When a tracked interface goes down, the Hot Standby priority decreases by 10. If an interface is
not tracked, its state changes do not affect the Hot Standby priority. For each interface configured
for Hot Standby, you can configure a separate list of interfaces to be tracked.
The optional argument interface-priority specifies how much to decrement the Hot Standby priority
when a tracked interface goes down. When the tracked interface comes back up, the priority is
incremented by the same amount.
When multiple tracked interfaces are down and interface-priority values have been configured,
these configured priority decrements are cumulative. If tracked interfaces are down, but none of
them were configured with priority decrements, the default decrement is 10 and it is
noncumulative.
compatibility.
Example:
In the following example, Ethernet interface 1 tracks Ethernet interface 0 and serial interface 0. If
one or both of these two interfaces go down, the Hot Standby priority of the router decreases by 10.
Because the default Hot Standby priority is 100, the priority becomes 90 when one or both of the
tracked interfaces go down.
Router(config-if)#no ip redirects
Router(config-if)#standby track ethernet 0
Router(config-if)#standby track serial 0
Router(config-if)#standby preempt
Misconceptions:
None
Related commands:

Command:
ip forward-protocol
Mode:
Router(config)#
Syntax:
ip forward-protocol {udp [port] | nd | sdns | any-local-broadcast
| spanning-tree | turbo-flood}
no ip forward-protocol {udp [port] | nd | sdns | any-local-

broadcast | spanning-tree | turbo-flood}
Syntax Description:
any-local- Direct the router to forward any broadcasts including local subnet broadcasts.
broadcast
Permit IP broadcasts to be flooded throughout the internetwork in a controlled
spanning-tree
fashion.
Speed up flooding of User Datagram Protocol (UDP) datagrams using the
turbo-flood
spanning-tree algorithm.
udp Forward User Datagram Protocol (UDP) datagrams. See the "Default" section
below for a list of port numbers forwarded by default.
Forward Network Disk (ND) datagrams. This protocol is used by older diskless
nd
Sun workstations.
sdns Secure Data Network Service.
port (Optional) Destination port that controls which UDP services are forwarded.
To specify which protocols and ports the router forwards when forwarding broadcast packets, use
the ip forward-protocol global configuration command. To remove a protocol or port, use the no
Example:
Router(config)#ip forward-protocol udp 3001
Misconceptions:
None
Related Commands:
ip helper-address

Command:
ip helper-address
Mode:
Router(config-if)#
Syntax:
ip helper-address address
no ip helper-address address
Syntax Description:
Destination broadcast or host address to be used when forwarding UDP broadcasts.
address
There can be more than one helper address per interface.
To have the Cisco IOS software forward User Datagram Protocol (UDP) broadcasts, including
BOOTP, received on an interface, use the ip helper-address interface configuration command. To
disable the forwarding of broadcast packets to specific addresses, use the no form of this
command.
Example:
Router(config-if)#ip helper-address 121.24.43.2
Misconceptions:
None
Related Commands:
None

Command:
ip unnumbered
Mode:
Router(config-if)#
Syntax:
ip unnumbered type number
no ip unnumbered
Syntax Description:
type Interface type
number Interface number
To enable IP processing on a serial interface without assigning an explicit IP address to the
interface, use the ip unnumbered interface configuration command. To disable the IP processing
on the interface, use the no form of this command.
Example:
Router(config-if)#ip unnumbered fastethernet 0/0
Misconceptions:
The ip unnumbered command is intended for serial interfaces; a common misconception is that ip
unnumbered works with all physical and link layer standards. It does not, for example, work with
smds or x25.
Related Commands:
None

Command:
show ip dhcp
Mode:
Router#
Syntax:
Syntax Description:
statistics
Example:

Misconceptions:
None
Related commands:
None

Command:
show ip interface
Mode:
Router>
Router#
Syntax:
Syntax Description:
command.
Example:
MTU is 1500 bytes
Field Description
be up.
subnet mask
by...
forwarding
joined
for the interface.
interface.
compression
"disabled."
Misconceptions:
None
Related commands:
show interfaces
show access-lists

Command:
show ip protocols
Mode:
Router#
Syntax:
show ip protocols
Syntax Description:

Examples:
processes:

198.92.72.0
198.92.72.18 100 0:56:41
198.92.72.19 100 6d19
198.92.72.22 100 0:55:41
198.92.72.20 100 0:01:04
198.92.72.30 100 0:01:29

Neighbor(s):
192.108.211.17 1
192.108.213.89 1
198.6.255.13 1
198.92.72.18 1
198.92.72.19
198.92.84.17 1
192.108.209.0
192.108.211.0
198.6.254.0
198.92.72.19 20 0:05:28
Field Description

"igrp 109"

every 90 seconds

seconds

seconds
outgoing updates
hopcount
injecting routes
displayed:
IP address
processes:

160.89.0.0
160.89.81.28 90 0:02:36
160.89.80.28 90 0:03:04
160.89.80.31 90 0:03:04
Field Description
routes.
routes.
processes:

None
Serial0
processes:

Redistributing: rip
Ethernet0 2 2 trees
Fddi0 2 2
172.19.0.0
2.0.0.0
3.0.0.0
Misconceptions:
None
Related commands:
None

Command:
version
Mode:
Syntax:
version {1 | 2}
no version {1 | 2}
Syntax Description:
1 Specifies RIP Version 1
2 Specifies RIP Version 2
To specify a RIP version used globally by the router, use the version router configuration
command. Use the no form of this command to restore the default value.
Example:
Router(config-router)#version 2
Misconceptions:
None
Related commands:
None

Command:
cgmp
Mode:
Switch(config)#
Syntax:
cgmp [leave-processing | holdtime time]
no cgmp [leave-processing | holdtime]
Syntax Description:
holdtime (Optional) Set the amount of time a router connection is retained

before the switch ceases to exchange messages with it
Number of seconds a router connection is retained before the switch
time ceases to exchange messages with it. You can enter a number from
10 to 6000 (seconds).
leave-processing (Optional) Enable Fast Leave processing on the switch
Use the cgmp global configuration command to enable Cisco Group Management Protocol
(CGMP). You can also enable and disable the Fast Leave parameter and set the router port aging
time. Use the no form of this command to disable CGMP. By default CGMP is enabled and Fast
Leave is disabled. The default holdtime is 300 seconds.
Usage Guidelines:
CGMP must be enabled before the Fast Leave option can be enabled. Fast Leave processing
optimizes the use of network bandwidth by reducing the delay between members of a multicast
group leaving the group and the actual pruning of multicast traffic to that segment.
Example:
This example shows how to enable CGMP on a switch:
Switch(config)#cgmp
The following command enables CGMP Fast Leave processing:
Switch(config)#cgmp leave-processing
Misconceptions:
None
Related Commands:
show cgmp

Command:
ip cgmp
Mode:
Router(config-if)#
Syntax:
ip cgmp[proxy]
no ip cgmp
Syntax Description:
proxy (Optional) Enables CGMP and the CGMP proxy function.
To enable Cisco Group Management Protocol (CGMP) on an interface of a router connected to a
Catalyst 5000 switch, use the ip cgmp interface configuration command. To disable CGMP
routing, use the no form of this command. By default CGMP is disabled.
Usage Guidelines:
When enabled on an interface, this command triggers a CGMP Join message. When a no ip cgmp
command is issued, a triggered CGMP Leave message is sent for the routers MAC address on the
interface for group 0000.0000.0000 (all groups). CGMP can run on an interface only if Protocol
Independent Multicast (PIM) is configured on the same interface.
When the proxy keyword is specified, the CGMP proxy function is also enabled. That is, any
router that is not CGMP-capable will be advertised by the proxy router. The proxy router
advertises the existence of other non CGMP-capable routers by sending a CGMP Join message
with the non-CGMP-capable router's MAC address and a group address of 0000.0000.0000. To
perform CGMP proxy, a Cisco router must be the IGMP querier. If you configure ip cgmp proxy,
you must manipulate the IP addresses so that a Cisco router will be the IGMP querier, which might
be the highest or lowest IP address, depending on which version of IGMP is being run on the
network.
When multiple Cisco routers are connected to a switched network and ip cgmp [proxy] is needed,
it is recommended that all of them be configured:
With the same CGMP option

To have precedence of becoming IGMP querier over non-Cisco routers
Example:
The following example enables CGMP:
Router(config-if)#ip cgmp
The following example enables CGMP and CGMP proxy:

Router(config-if)#ip cgmp proxy
Misconceptions:
None
Related Commands:
None

Command:
ip igmp join-group
Mode:
Router(config)#
Syntax:
ip igmp join-group group-address
no ip igmp join-group group-address
Syntax Description:
group- Address of the multicast group. This is a multicast IP address in four-part,

address dotted notation.
To have the router join a multicast group, use the ip igmp join-group interface configuration
command. To cancel membership in a multicast group, use the no form of this command.
IP packets that are addressed to the group address are passed to the IP client process in the Cisco
IOS software.
If all the multicast-capable routers and access servers that you administer are members of a
multicast group, pinging that group causes all routers to respond. This can be a useful
administrative and debugging tool.
Another reason to have a router join a multicast group is when other hosts on the network have a
bug in IGRP that prevents them from correctly answering IGMP queries. Having the router join the
multicast group causes upstream routers to maintain multicast routing table information for that
group and keep the paths for that group active.
Example:
In the following example, the router joins multicast group 225.2.2.2:
Router(config)#ip igmp join-group 225.2.2.2
Misconceptions:
None
Related Commands:
ping

Command:
ip mroute-cache
Mode:
Router(config-if)#
Syntax:
ip mroute source-address mask [protocol as-number] {rpf-address |
type number} [distance]
no ip mroute source-address mask [protocol as-number] {rpf-address

| type number} [distance]
Syntax Description:
source-
IP address of the multicast source.
address
mask Mask on the IP address of the multicast source.
protocol (Optional) Unicast routing protocol that you are using.
as- (Optional) Autonomous system number of the routing protocol you are using, if
number applicable.
rpf- Incoming interface for the mroute. If the Reverse Path Forwarding (RPF) address rpf-
address address is a Protocol Independent Multicast (PIM) neighbor, PIM join, graft, and prune
messages are sent to it. The rpf-address argument can be a host IP address of a directly
connected system or a network/subnet number. When it is a route, a recursive lookup is
done from the unicast routing table to find a directly connected system. If the rpf-
address argument is not specified, the interface type number value is used as the
incoming interface.
type-
Interface type and number for the mroute.
number
distance (Optional) Determines whether a unicast route, a Distance Vector Multicast Routing
Protocol (DVMRP) route, or a static mroute should be used for the RPF lookup. The
lower distances have better preference. If the static mroute has the same distance as the
other two RPF sources, the static mroute will take precedence. The default is 0.
To configure IP multicast fast switching or multicast distributed switching (MDS), use the ip
mroute-cache interface configuration command. To disable either of these features, use the no
Usage Guidelines
On the RSP
If multicast fast switching is disabled on an incoming interface for a multicast routing table entry,
the packet will be sent at process level for all interfaces in the outgoing interface list.
If multicast fast switching is disabled on an outgoing interface for a multicast routing table entry,
the packet is process level switched for that interface, but may be fast-switched for other interfaces
in the outgoing interface list.
When multicast fast switching is enabled (like unicast routing), debug messages are not logged. If
you want to log debug messages, disable fast switching.
If MDS is not enabled on an incoming interface that is capable of MDS, incoming multicast
packets will not be distributed switched; they will be fast-switched at the RP as before. Also, if the
incoming interface is not capable of MDS, packets will get fast-switched or process-switched at the
RP as before.
If MDS is enabled on the incoming interface, but at least one of the outgoing interfaces cannot fast-
switch, packets will be process-switched. So it is a good idea not to disable fast switching on any
interface when MDS is enabled.
On the GSR
On the GSR, all interfaces should be configured for MDS because that is the only switching mode.
Example:
The following example enables IP multicast fast switching on the interface:
Router(config-if)#no ip mroute-cache
The following example disables IP multicast fast switching on the interface:

Router(config-if)#no ip mroute-cache
The following example enables MDS on the interface:

Router(config-if)#ip mroute-cache distributed
The following example disables MDS and IP multicast fast switching on the interface:
Router(config-if)#no ip mroute-cache distributed
Misconceptions:
None
Related Commands:
ip multicast-routing

Command:
ip multicast ttl-threshold
Mode:
Router(config-if)#
Syntax:
ip multicast ttl-threshold ttl-value
no ip multicast ttl-threshold [ttl-value]
Syntax Description:
ttl- This specifies the time-to-live value, expressed in hops. It can be a value from 0 to
value 255. The default value is 0, which means that all multicast packets are forwarded
out the interface.
To configure the time-to-live (TTL) threshold of packets being forwarded out an interface, use the
ip multicast ttl-threshold interface configuration command. To return to the default TTL
threshold, use the no form of this command.
Only multicast packets with a TTL value greater than the threshold are forwarded out the interface.
You should configure the TTL threshold only on border routers. Conversely, routers on which you
configure a TTL threshold value automatically become border routers.
This command replaces the ip multicast-threshold command, which is obsolete.
Example:
The following example sets the TTL threshold on a border router to 200, which is a very high
value. This means that multicast packets must have a TTL greater than 200 in order to be
forwarded out this interface. Multicast applications generally set this value well below 200.
Therefore, setting a value of 200 means that no packets will be forwarded out the interface.
Router(config)#interface tunnel 0
Router(config-if)#ip multicast ttl-threshold 200
Misconceptions:
None
Related Commands:
None

Command:
ip multicast-routing
Mode:
Router(config)#
Syntax:
ip multicast-routing [distributed]
no ip multicast-routing
Syntax Description:
distributed (Optional) Enables MDS.
To enable IP multicast routing or multicast distributed switching (MDS), use the ip multicast-
routing global configuration command. To disable IP multicast routing and MDS, use the no form
of this command.
When IP multicast routing is disabled, the Cisco IOS software does not forward any multicast
packets.
Example:
The following example enables IP multicast routing:

Router(config)#ip multicast-routing
The following example disables IP multicast routing and MDS:

Router(config)#no ip multicast-routing
Misconceptions:
None
Related Commands:
ip pim send-rp-discovery
ip pim send-rp-announce
ip pim rp-address

Command:
ip pim rp-address
Mode:
Router(config)#
Syntax:
ip pim rp-address ip-address[group-access-list-number] [override]
no ip pim rp-address ip-address [group-access-list-number]
Syntax Description:
ip-address IP address of a router to be a PIM RP. This is a unicast IP address in
four-part, dotted notation.
group-access- (Optional) Number of an access list that defines for which multicast
list-number groups the RP should be used. This is a standard IP access list. The
number can be from 1 to 100.
override (Optional) Indicates that if there is a conflict between the RP

configured
with this command and one learned by Auto-RP, the RP configured
with this command prevails.
To configure the address of a PIM rendezvous point (RP) for a particular group, use the ip pim rp-
address global configuration command. To remove an RP address, use the no form of this
command. You must configure the IP address of RPs on all routers (including the RP router).
First-hop routers send register packets to the RP address on behalf of source multicast hosts.
Routers also use this address on behalf of multicast hosts that want to become members of a group.
These routers send Join and Prune messages towards the RP. The RP must be a PIM router;
however, it does not require any special configuration to recognize that it is the RP. RPs are not
members of the multicast group. They serve as a "meeting place" for multicast sources and group
members.
You can configure the Cisco IOS software to use a single RP for more than one group. The
conditions specified by the access list determine which groups the RP can be used for. If no access
list is configured, the RP is used for all groups.
A PIM router can use multiple RPs, but only one per group.
If there is no RP configured for a group, the router will treat the group as dense using the dense-
mode PIM techniques.
If the RP for a group is learned through a dynamic mechanism, such as Auto-RP, then this
command might not be required. If there is a conflict between the RP configured with this
command and one learned by Auto-RP, the Auto-RP information is used, unless the override
keyword is specified.
Example:
The following example sets the PIM RP address to 198.92.37.33 for all multicast groups:
Router(config)#ip pim rp-address 198.92.37.33
The following example sets the PIM RP address to 147.106.6.22 for the multicast group 225.2.2.2
only:
Router(config)#access list 1 225.2.2.2 0.0.0.0
Router(config)#ip pim rp-address 147.106.6.22 1
Misconceptions:
None
Related Commands:
access-list

Command:
Mode:
Router(config)#
Syntax:
ip pim send-rp-announce type number scope ttl group-list access-

list-number
no ip pim send-rp-announce
Syntax Description:
type number Interface type and number that identify the RP address.
scope ttl Time-to-live value that limits the announcements.
group-list access- Access list that describes the group ranges for which this
list-number router is the RP.
To use Auto-RP to configure which groups the router is willing to act as RP for, use the ip pim
send-rp-announce global configuration command. To change this router from being the RP, use
Use this command in the router you want to be an RP. This command causes the router to send an
Auto-RP announcement message to the well-known group CISCO-RP-ANNOUNCE (224.0.1.39).
This message announces the router as a candidate RP for the groups in the range described by the
access list.
Example:
The following example sends RP announcements out all PIM-enabled interfaces for a maximum of
31 hops. The IP address the router wants to be identified by as RP is the IP address associated with
FastEthernet interface 0/0. Access-list 5 describes for which groups this router serves as RP.
Router(config)#ip pim send-rp-announce FastEthernet 0/0 scope 31 group-list 5
Misconceptions:
None
Related Commands:
access-list

Command:
Mode:
Router(config)#
Syntax:
ip pim send-rp-discovery [type number] scope ttl
no ip pim send-rp-discovery [type number] scope ttl
Syntax Description:
type (Optional) Interface type and number that is used to define the RP mapping
number agent address.
scope ttl Time-to-live value in the IP header that keeps the discovery messages within
this number of hops.
To configure the router to be an RP-mapping agent, use the ip pim send-rp-discovery global
configuration command. To restore the default value, use the no form of this command.
Configure this command on the router designated as an RP-mapping agent. Specify a TTL large
enough to cover your PIM domain.
When Auto-RP is used, the following steps occur:
1. The RP-mapping agent listens on well-known group address CISCO-RP-ANNOUNCE

(224.0.1.39), which candidate RPs send to.
2. The RP-mapping agent sends RP-to-group mappings in an Auto-RP RP discovery message

to the well-known group CISCO-RP-DISCOVERY (224.0.1.40). The TTL value limits how
many hops the message can take.
3. PIM designated routers listen to this group and use the RPs they learn about from the
discovery message.
Example:
The following example limits Auto-RP RP Discovery messages to 20 hops:
Router(config)#ip pim send-rp-discovery scope 20
Misconceptions:
None
Related Commands:

Command:
show ip igmp interface
Mode:
Router#
Syntax:
show ip igmp interface [type number]
Syntax Description:
To display multicast-related information about an interface, use the show ip igmp interface EXEC
command.
If you omit the optional arguments, the show ip igmp interface command displays information
about all interfaces.
This command also displays information about dynamically learned DVMRP routers on the
interface.
Example:
The following is sample output from the show ip igmp interface command:
Router#show ip igmp interface
Ethernet0 is up, line protocol is up

IGMP is enabled on interface
IGMP query interval is 60 seconds
Inbound IGMP access group is not set
Multicast routing is enabled on interface
Multicast TTL threshold is 0
Multicast designated router (DR) is 198.92.37.33
No multicast groups joined
Tunnel0 is up, line protocol is up
The table below describes the fields shown in the display.
Table: show ip igmp interface Field Descriptions
Field Description
Ethernet0 is up, line Interface type, number, and status.

protocol is up
Internet address is... Internet address of the interface and subnet mask being applied to
subnet mask is... the interface, as specified with the ip address command.
IGMP is enabled on Indicates whether IGMP has been enabled on the interface with the
interface ip pim command.
IGMP query interval is Interval at which the Cisco IOS software sends PIM router-query
60 seconds messages, as specified with the ip igmp query-interval
command.
Inbound IGMP access Indicates whether an IGMP access group has been configured with
group is not set the ip igmp access-group command.
Multicast routing is Indicates whether multicast routing has been enabled on the
enabled on interface interface with the ip pim command.
Multicast TTL Packet time-to-threshold, as specified with the ip multicast ttl-

threshold is 0 threshold command.
Multicast designated IP address of the designated router for this LAN segment (subnet).
router (DR) is...
Multicast groups Indicates whether this interface is a member of any multicast

joined: groups and, if so, lists the IP addresses of the groups.
No multicast groups
joined
Misconceptions:
None
Related commands:
ip igmp join-group

Command:
show ip pim interface
Mode:
Router#
Syntax:
show ip pim interface [type number] [count]
Syntax Description:
count (Optional) Number of packets received and sent out the interface
To display information about interfaces configured for Protocol Independent Multicast (PIM) , use
the show ip pim interface EXEC command.
This command works only on interfaces that are configured for PIM.
Examples:
The following is a sample of output from the show ip pim interface command:
Router#show ip pim interface
Address Interface Mode Neighbor Query DR

Count Interval
198.92.37.6 FastEthernet0/0 Dense 2 30 198.92.37.33
10.1.37.2 Tunnel0 Dense 1 30 0.0.0.0
The following is a sample of output from the show ip pim interface command with a count:
Router#show ip pim interface count
Address Interface FS Mpackets In/Out
171.69.121.35 FastEthernet0/0 * 548305239/13744856
171.69.121.35 Serial0/0.33 * 8256/67052912
198.92.12.73 Serial0/0.1719 * 219444/862191
The table describes the fields shown in the display.
Table: show ip pim interface Field Descriptions
Field Description
Address IP address of the next-hop router.
Interface Interface type and number that is configured to run PIM.
Mode Multicast mode in which the Cisco IOS software is operating. This can be
dense mode or sparse mode. DVMRP indicates a DVMRP tunnel is
configured.
Neighbor Number of PIM neighbors that have been discovered through this interface. If
Count the Neighbor Count is 1 for a DVMRP tunnel, the neighbor is active
(receiving probes and reports).
Query Frequency, in seconds, of PIM router-query messages, as set by the ip pim

Interval query-interval interface configuration command. The default is 30 seconds.
DR IP address of the designated router on the LAN. Note that serial lines do not
have designated routers, so the IP address is shown as 0.0.0.0.
FS An asterisk (*) in this column indicates fast switching is enabled.
Mpackets Number of packets into and out of the interface since the box has been up.
In/Out
Misconceptions:
None
Related commands:
show ip pim neighbor

Command:
Mode:
Router#
Syntax:
show ip pim neighbor [type number]
Syntax Description:
type (Optional) Interface type.
To list the PIM neighbors discovered by the Cisco IOS software, use the show ip pim neighbor
EXEC command.
Use this command to determine which routers on the LAN are configured for PIM.
Example:
The following is a sample of output from the show ip pim neighbor command:
Router#show ip pim neighbor
PIM Neighbor Table

Neighbor Address Interface Uptime Expires Mode
198.92.37.2 FastEthernet0 17:38:16 0:01:25 Dense
198.92.37.33 FastEthernet0 17:33:20 0:01:05 Dense (DR)
198.92.36.131 FastEthernet0/1 17:33:20 0:01:08 Dense (DR)
198.92.36.130 FastEthernet0/1 18:56:06 0:01:04 Dense
10.1.22.9 Tunnel0 19:14:59 0:01:09 Dense
Table: show ip pim neighbor Field Descriptions

Field Description
Neighbor IP address of the PIM neighbor

Address
Interface Interface type and number on which the neighbor is reachable
Uptime How long in hours, minutes, and seconds the entry has been in the PIM
neighbor table
Expires How long in hours, minutes, and seconds until the entry will be removed
from the IP multicast routing table
Mode Mode in which the interface is operating
(DR) Indicates that this neighbor is a designated router on the LAN
Misconceptions:
None
Related commands:

Command:
clear ip nat translation
Mode:
Router#
Syntax:
clear ip nat translation {* | [inside global-ip local-ip] [outside
local-ip global-ip]}
clear ip nat translation protocol {[inside global-ip global-port

local-ip local-port] | [outside local-ip global-ip]}
Syntax Description:
* Clears all dynamic translations.
inside Clears the inside translations containing the specified global-ip and local-ip
addresses.
global-ip When used without the arguments protocol, global-port, and local-port, clears
a simple translation that also contains the specified local-ip address. When
used with the arguments protocol, global-port, and local-port, clears an
extended translation.
local-ip (Optional) Clears an entry that contains this local IP address and the specified
global-ip address.
outside Clears the outside translations containing the specified global-ip and local-ip
addresses.
protocol (Optional) Clears an entry that contains this protocol and the specified
global-ip address, local-ip address, global-port, and local-port.
global- (Optional) Clears an entry that contains this global-port and the specified
port protocol, global-ip address, local-ip address, and local-port.
local- (Optional) Clears an entry that contains this local-port and the specified
port protocol, global-ip address, local-ip address, and global-port.
To clear dynamic Network Address Translation (NAT) translations from the translation table, use
the clear ip nat translation EXEC command.
Use this command to clear entries from the translation table before they time out.
Example:
The following example shows the NAT entries before and after the UDP entry being cleared:
Router#show ip nat translation
Pro Inside global Inside local Outside local Outside global

udp 171.69.233.209:1220 192.168.1.95:1220 171.69.2.132:53 171.69.2.132:53
tcp 171.69.233.209:11012 192.168.1.89:11012 171.69.1.220:23 171.69.1.220:23
tcp 171.69.233.209:1067 192.168.1.95:1067 171.69.1.161:23 171.69.1.161:23
Router#clear ip nat translation udp inside 171.69.233.209 1220 192.168.1.95 1220 171.69.
Router#show ip nat translation

tcp 171.69.233.209:11012 192.168.1.89:11012 171.69.1.220:23 171.69.1.220:23
tcp 171.69.233.209:1067 192.168.1.95:1067 171.69.1.161:23 171.69.1.161:23
Misconceptions:
None
Related Commands:
ip nat
ip nat inside destination
ip nat inside source
ip nat pool
show ip nat statistics
show ip nat translations
Command:
ip nat
Mode:
Router(config-if)#
Syntax:
ip nat {inside | outside}
no ip nat {inside | outside}
Syntax Description:
inside Indicates the interface is connected to the inside network (the network subject to
NAT translation).
outside Indicates the interface is connected to the outside network.
To designate that traffic originating from or destined for the interface is subject to Network
Address Translation (NAT), use the ip nat interface configuration command. To prevent the
interface from being able to translate, use the no form of this command.
Only packets moving between "inside" and "outside" interfaces can be translated. You must
specify at least one inside interface and one outside interface for each border router where you
intend to use NAT.
Example:
The following example translates between inside hosts addressed from either the 192.168.1.0 or
192.168.2.0 networks to the globally unique 171.69.233.208/28 network:
ip nat pool net-208 171.69.233.208 171.69.233.223 prefix-length 28
ip nat inside source list 1 pool net-208
!
interface fastethernet 0/0
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
access-list 1 permit 192.168.1.0 0.0.0.255
Misconceptions:
None
Related Commands:
ip nat pool
ip nat translation

Command:
Mode:
Router(config)#
Syntax:
ip nat inside destination list{access-list-number | name} pool
name
no ip nat inside destination list {access-list-number | name}
Syntax Description:
list access- Standard IP access list number. Packets with destination addresses that pass
list-number the access list are translated using global addresses from the named pool.
list name Name of a standard IP access list. Packets with destination addresses that
pass the access list are translated using global addresses from the named
pool.
pool name Name of the pool from which global IP addresses are allocated during
dynamic translation.
To enable Network Address Translation (NAT) of the inside destination address, use the
ip nat inside destination global configuration command. To remove the dynamic association to a
pool, use the no form of this command.
This command has two forms: dynamic and static address translation. The form with an access list
establishes dynamic translation. Packets from addresses that match the standard access list are
translated using global addresses allocated from the pool named with the ip nat pool command.
Example:
The following portion of a show running-config translates between inside hosts addressed to
either the 192.168.1.0 or 192.168.2.0 networks to the globally unique 171.69.233.208/28 network:
ip nat inside destination list 1 pool net-208
!
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
Misconceptions:
None
Related Commands:
ip nat
ip nat pool
ip nat translation

Command:
Mode:
Router(config)#
Syntax:
ip nat inside source {list {access-list-number |name} {pool name |
interface dialer-name} [overload] | static local-ip global-ip}
no ip nat inside source {list {access-list-number | name}{pool

name | interface dialer-name} [overload] | static local-ip global-
ip}
Syntax Description:
list access- Standard IP access list number. Packets with source addresses that pass the
list-number access list are dynamically translated using global addresses from the named
pool.
list name Name of a standard IP access list. Packets with source addresses that pass the
access list are dynamically translated using global addresses from the named
pool.
pool name Name of the pool from which global IP addresses are allocated dynamically.
interface Name of the dialer interface on which the PPP/IPCP address negotiation
dialer-name takes place.
overload (Optional) Enables the router to use one global address for many local
addresses. When overloading is configured, each inside host's TCP or UDP
port number distinguishes between the multiple conversations using the same
local IP address.
static Sets up a single static translation. This argument establishes the local IP
local-ip address assigned to a host on the inside network. The address could be
randomly chosen, allocated from RFC 1918, or obsolete.
global-ip Sets up a single static translation. This argument establishes the globally
unique IP address of an inside host as it appears to the outside world.
To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside
source global configuration command. To remove the static translation or remove the dynamic
association to a pool, use the no form of this command.
This command has two forms: dynamic and static address translation. The form with an access list
establishes dynamic translation. Packets from addresses that match the standard access list are
translated using global addresses allocated from the pool named with the ip nat pool command.
Alternatively, the syntax form with the keyword static establishes a single static translation.
Example:
The following portion of a show running-config translates between inside hosts addressed from
interface ethernet 0
ip address 171.69.232.182 255.255.255.240
ip nat outside
ip address 192.168.1.94 255.255.255.0
ip nat inside
Misconceptions:
None
Related Commands:
ip nat
ip nat pool
ip nat translation

Command:
ip nat pool
Mode:
Router(config)#
Syntax:
ip nat pool name start-ip end-ip {netmask netmask | prefix-length
prefix-length}[type rotary]
no ip nat pool name
Syntax Description:
name Name of the pool.
start-ip Starting IP address that defines the range of addresses in the address pool.
end-ip Ending IP address that defines the range of addresses in the address pool.
netmask Network mask that indicates which address bits belong to the network and
netmask subnetwork fields and which bits belong to the host field. Specify the
netmask of the network to which the pool addresses belong.
prefix-length Number that indicates how many bits of the netmask are ones (how many
prefix-length bits of the address indicate network). Specify the netmask of the network to
which the pool addresses belong.
type rotary (Optional) Indicates that the range of address in the address pool identify
real, inside hosts among which TCP load distribution will occur.
To define a pool of IP addresses for Network Address Translation (NAT), use the ip nat pool
global configuration command. To remove one or more addresses from the pool, use the no form
of this command.
This command defines a pool of addresses using start address, end address, and either netmask or
prefix length. The pool could define either an inside global pool, an outside local pool, or a rotary
pool.
Example:
The following portion of a show running-config translates between inside hosts addressed from
!
ip address 171.69.232.182 255.255.255.240
ip nat outside
!
ip address 192.168.1.94 255.255.255.0
ip nat inside
!
Misconceptions:
None
Related Commands:
ip nat
ip nat translation

Command:
ip nat translation
Mode:
Router(config)#
Syntax:
ip nat translation {timeout | udp-timeout | dns-timeout | tcp-
timeout | finrst-timeout} seconds
no ip nat translation {timeout | udp-timeout | dns-timeout | tcp-

timeout | finrst-timeout}
Syntax Description:
timeout Specifies that the timeout value applies to dynamic translations except for
overload translations. Default is 86400 seconds (24 hours).
udp- Specifies that the timeout value applies to the UDP port. Default is
timeout 300 seconds (5 minutes).
dns- Specifies that the timeout value applies to connections to the Domain Naming
timeout System (DNS). Default is 60 seconds.
tcp- Specifies that the timeout value applies to the TCP port. Default is
timeout 86400 seconds (24 hours).
finrst- Specifies that the timeout value applies to Finish and Reset TCP packets,
timeout which terminate a connection. Default is 60 seconds.
seconds Number of seconds after which the specified port translation times out. Default
values are listed in the Default section.
To change the amount of time after which Network Address Translation (NAT) translations time
out, use the ip nat translation global configuration command. To disable the timeout, use the no
When port translation is configured, there is finer control over translation entry timeouts because
each entry contains more context about the traffic that is using it. Non-Domain Naming System
UDP translations time out after 5 minutes, while DNS times out in 1 minute. TCP translations
timeout in 24 hours, unless a RST or FIN is seen on the stream, in which case they will time out in
1 minute.
Example:
The following example causes UDP port translation entries to timeout after 10 minutes:
Router(config)#ip nat translation udp-timeout 600
Misconceptions:
None
Related Commands:
ip nat
ip nat pool

Command:
Mode:
Router#
Syntax:
Syntax Description:
To display Network Address Translation (NAT) statistics, use the show ip nat statistics EXEC
command.
Example:
The following is a sample of output from the show ip nat statistics command:
Router#show ip nat statistics
Total translations: 2 (0 static, 2 dynamic; 0 extended)

Outside interfaces: Serial0/0
Inside interfaces: FastEthernet0/1
Hits: 135 Misses: 5
Expired translations: 2
Dynamic mappings:
-- Inside Source
access-list 1 pool net-208 refcount 2
pool net-208: netmask 255.255.255.240
start 171.69.233.208 end 171.69.233.221
type generic, total addresses 14, allocated 2 (14%), misses 0
The table describes the significant fields in the display.
Table: show ip nat statistics Field Descriptions
Field Description
Total Number of translations active in the system. This number is incremented
translations each time a translation is created and is decremented each time a translation
is cleared or times out.
Outside List of interfaces marked as outside with the ip nat outside command
interfaces
Inside List of interfaces marked as inside with the ip nat inside command
interfaces
Hits Number of times the software does a translations table lookup and finds an
entry
Misses Number of times the software does a translations table lookup, fails to find
an entry, and must try to create one
Expired Cumulative count of translations that have expired since the router was
translations booted
Dynamic Indicates that the information that follows is about dynamic mappings
mappings
Inside Source The information that follows is about an inside source translation
access-list Access list number being used for the translation
pool Name of the pool (in this case, net-208)
refcount Number of translations that are using this pool
netmask IP network mask being used in the pool
start Starting IP address in the pool range
end Ending IP address in the pool range
type Type of pool. Possible types are generic or rotary
total addresses Number of addresses in the pool that are available for translation
allocated Number of addresses being used
misses Number of failed allocations from the pool

Misconceptions:
None
Related commands:
ip nat

Command:
Mode:
Router#
Syntax:
show ip nat translations [verbose]
Syntax Description:
verbose (Optional) Displays additional information for each translation table entry,
including how long ago the entry was created and used.
To display active Network Address Translation (NAT) translations, use the show ip nat
translations EXEC command.
Examples:
The following is a sample of output from the show ip nat translations command. Without
overloading, two inside hosts are exchanging packets with some number of outside hosts.
Router#show ip nat translations

--- 171.69.233.209 192.168.1.95 --- ---
--- 171.69.233.210 192.168.1.89 --- --
With overloading, a translation for a DNS transaction is still active, and translations for two Telnet
sessions (from two different hosts) are also active. Note that two different inside hosts appear on
the outside with a single IP address.

udp 171.69.233.209:1220 192.168.1.95:1220 171.69.2.132:53 171.69.2.132:53
tcp 171.69.233.209:11012 192.168.1.89:11012 171.69.1.220:23 171.69.1.220:23
tcp 171.69.233.209:1067 192.168.1.95:1067 171.69.1.161:23 171.69.1.161:23
The following is a sample of output that includes the verbose keyword.
Router#show ip nat translations verbose

udp 171.69.233.209:1220 192.168.1.95:1220 171.69.2.132:53 171.69.2.132:53
create 00:00:02, use 00:00:00, flags: extended
tcp 171.69.233.209:11012 192.168.1.89:11012 171.69.1.220:23 171.69.1.220:23
tcp 171.69.233.209:1067 192.168.1.95:1067 171.69.1.161:23 171.69.1.161:23
Table: show ip nat translationsField Descriptions
Field Description
Pro Protocol of the port identifying the address
Inside The legitimate IP address (assigned by the NIC or service provider) that
global represents one or more inside local IP addresses to the outside world.
Inside The IP address assigned to a host on the inside network; probably not a
local legitimate address assigned by the NIC or service provider.
Outside IP address of an outside host as it appears to the inside network; probably not a
Outside The IP address assigned to a host on the outside network by its owner
global
create How long ago the entry was created (in hours:minutes:seconds).
use How long ago the entry was last used (in hours:minutes:seconds).
flags Indication of the type of translation. Possible flags are:
extended—Extended translation
static—Static translation
destination—Rotary translation
outside—Outside translation
timing out—Translation will no longer be used, due to a TCP FIN or RST.
Misconceptions:
None
Related commands:
ip nat
ip nat pool

Command:
Mode:
Router(config)#
Syntax:
access-list access-list-number {deny | permit} {protocol} [source-
network | source-net.node-address | source-net.node-address
source-network.node-mask | source-net.node-address source-node-
mask] [source-socket] [destination-network | destination-
destination-network-mask.destination-node-mask]
[destination-socket] [log] [time-range time-range]
no access-list access-list-number {deny | permit} {protocol}

[source-network | source-net.node-address | source-net node-
address source-network.node-mask | source-net.node-address source-
node-mask] [source-socket] [destination-network | destination-
destination-network-mask.destination-node-mask] [destination-
socket] [log] [time-range time-range]
Syntax Description:
number
protocol Name or number of an IPX protocol type. This is sometimes referred

to as the packet type. The table in the "Usage Guidelines" section
lists some IPX protocol names and numbers.
source-network (Optional) Number of the network from which the packet is being
sent. This is an eight-digit hexadecimal number that uniquely
identifies a network cable segment. It can be a number in the range
1 to FFFFFFFE. A network number of 0 matches the local network.
A network number of -1 matches all networks.

source-node (Optional) Node on source-network from which the packet is being

sent. This is a 48-bit value represented by a dotted triplet of four-digit

source- (Optional) Mask to be applied to source-network. This is an eight-

network-mask digit hexadecimal mask. Place ones in the bit positions to be masked.

turn immediately be followed by source-node-mask.
source-socket (Optional) Socket name or number (hexadecimal) from which the

packet is being sent. Table in the "Usage Guidelines" section lists

destination- (Optional) Node on destination-network to which the packet is being

node sent. This is a 48-bit value represented by a dotted triplet of four-digit

masked.
destination- (Optional) Mask to be applied to destination-network. This is an

network-mask. eight-digit hexadecimal mask. Place ones in the bit positions to be
masked.

turn immediately be followed by destination-node-mask.
destination- (Optional) Socket name or number (hexadecimal) to which the
socket packet is being sent. Table in the "Usage Guidelines" section lists
log (Optional) Logs IPX access control list violations whenever a packet
matches a particular access list entry. The information logged
includes source address, destination address, source socket,
destination socket, protocol type, and action taken (permit/deny).
To define an extended Novell IPX access list, use the extended version of the access-list global
configuration command. To remove an extended access list, use the no form of this command.
Extended IPX access lists filter on protocol type. All other parameters are optional.
If a network mask is used, all other fields are required.
one standard access list can be applied to an interface. The access list filters all outgoing packets
on the interface.
Note For some versions of NetWare, the protocol type field is not a reliable indicator of the
type of packet encapsulated by the IPX header. In these cases, use the source and destination
socket fields to make this determination. For additional information, contact Novell.
Table lists some IPX protocol names and numbers. Table lists some IPX socket names and
numbers. For additional information about IPX protocol numbers and socket numbers, contact
Novell.
Table: Some IPX Protocol Names and Numbers

IPX Protocol IPX Protocol Number Protocol (Packet Type)
Name (Decimal)
-1 any Wildcard; matches any packet type in 900

lists
0 Undefined; refer to the socket number to

determine the packet type
1 rip Routing Information Protocol (RIP)
4 sap Service Advertising Protocol (SAP)
5 spx Sequenced Packet Exchange (SPX)
17 ncp NetWare Core Protocol (NCP)
20 netbios IPX NetBIOS
Table: Some IPX Socket Names and Numbers
IPX Socket Number IPX Socket Socket

(Hexadecimal) Name
0 all All sockets, wildcard used to match all sockets
2 cping Cisco IPX ping packet
451 ncp NetWare Core Protocol (NCP) process
452 sap Service Advertising Protocol (SAP) process
453 rip Routing Information Protocol (RIP) process
455 netbios Novell NetBIOS process
456 diagnostic Novell diagnostic packet
457 Novell serialization socket

4000-7FFF Dynamic sockets; used by workstations for
interaction with file servers and other network
servers
8000-FFFF Sockets as assigned by Novell, Inc.
85BE eigrp IPX Enhanced Interior Gateway Routing

Protocol (EIGRP)
9001 nlsp NetWare Link Services Protocol
9086 nping Novell standard ping packet
To delete an extended access list, specify the minimum number of keywords and arguments needed
command:
Router(config)#no access-list access-list-number
To delete the access list for a specific protocol, use the following command:
Router(config)#no access-list access-list-number {deny | permit} protocol
Examples:
The following example denies access to all RIP packets from the RIP process socket on source network 1 th
process socket on network 2. It permits all other traffic. This example uses protocol and socket names rathe
Router(config)#access-list 900 deny -1 1 rip 2 rip
Router(config)#access-list 900 permit -1
The following example permits type 2 packets from any socket from host 10.0000.0C01.5234 to access any
networks 1000 through 100F. It denies all other traffic (with an implicit deny all):
Note This type is chosen only as an example. The actual type to use depends on the specific application.
Router(config)#access-list 910 permit 2 10.0000.0C01.5234 0000.0000.0000 0 1000.0000.000
Misconceptions:
None
Related Commands:
ipx access-group
ipx access-list

Command:
Mode:
Router(config)#
Syntax:
access-list access-list-number {deny | permit} {-1 | source-
no access-list access-list-number {deny | permit} {-1 | source-

Syntax Description:
number
source-network Number of the network from which the packet is being sent. This is
an eight-digit hexadecimal number that uniquely identifies a network
cable segment. It can be a number in the range 1 to FFFFFFFE. A
network number of 0 matches the local network. A network number
of -1 matches all networks.

.source-node (Optional) Node on source-network from which the packet is being

sent. This is a 48-bit value represented by a dotted triplet of four-

.destination- (Optional) Node on destination-network to which the packet is being

node sent. This is a 48-bit value represented by a dotted triplet of four-

masked.
To define a standard IPX access list, use the standard version of the access-list global configuration
command. To remove a standard access list, use the no form of this command.
Standard IPX access lists filter on the source network. All other parameters are optional.
one standard access list can be applied to an interface. The access list filters all outgoing packets on
the interface.
To delete a standard access list, specify the minimum number of keywords and arguments needed
command:
Router (config)#no access-list access-list-number
To delete the access list for a specific network, use the following command:
Router (config)#no access-list access-list-number {deny | permit} source-network
Example:
The following example denies access to traffic from all IPX networks (-1) to destination network 2:
Router(config)#access-list 800 deny -1 2
The following example denies access to all traffic from IPX address 1.0000.0c00.1111:
Router(config)#access-list 800 deny 1.0000.0c00.1111
The following example denies access from all nodes on network 1 that have a source address beginning wit
Router(config)#access-list 800 deny 1.0000.0c00.0000 0000.00ff.ffff
The following example denies access from source address 1111.1111.1111 on network 1 to destination add
2222.2222.2222 on network 2:
Router(config)#access-list 800 deny 1.1111.1111.1111 0000.0000.0000 2.2222.2222.2222 00
or
Router(config)#access-list 800 deny 1.1111.1111.1111 2.2222.2222.2222
Misconceptions:
IPX standard access lists cannot filter based on source and destination addresses (they, in fact,
can).
Related Commands:
ipx access-list
ipx access-group

Command:
clear ipx route
Mode:
Router#
Syntax:
clear ipx route {network [network-mask] | default | *}
Syntax Description:
network Number of the network whose routing table entry you want to delete. This is
an eight-digit hexadecimal number that uniquely identifies a network cable
segment. It can be a number in the range 1 to FFFFFFFD. You do not need to
specify leading zeros in the network number. For example, for the network
number 000000AA, you can enter AA.
network- (Optional) Specifies the portion of the network address that is common to all
mask addresses in an NLSP route summary. When used with the network
argument, it specifies the NLSP route summary to clear.
The high-order bits of network-mask must be contiguous Fs, while the low-
order bits must be contiguous zeros (0). An arbitrary mix of Fs and 0s is not
permitted.
default Deletes the default route from the routing table.
* Deletes all routes in the routing table.
To delete routes from the IPX routing table, use the clear ipx route EXEC command. After you
use the clear ipx route command, RIP/SAP general requests are issued on all IPX interfaces. For
routers configured for NLSP route aggregation, use this command to clear an aggregated route
from the routing table.
Example:
The following example clears the entry for network 3 from the IPX routing table:
Router#clear ipx route 3
The following example clears a route summary entry from the IPX routing table:
Router#clear ipx route ccc00000 fff00000
Misconceptions:
None
Related Commands:
show ipx route

Command:
ipx access-group
Mode:
Router(config-if)#
Syntax:
ipx access-group {access-list-number | name} [in | out]
no ipx access-group [access-list-number | name] [in | out]
Syntax Description:
access- Number of the access list. For standard access lists, access-list-number is a
list- number from 800 to 899. For extended access lists, access-list-number is a
number number from 900 to 999.
name Name of the access list. Names cannot contain a space or quotation mark and
must begin with an alphabetic character to prevent ambiguity with numbered
access lists.
in (Optional) Filters inbound packets. All incoming packets defined with either
standard or extended access lists are filtered by the entries in this access list.
out (Optional) Filters outbound packets. All outgoing packets defined with either
standard or extended access lists and forwarded through the interface are filtered
by the entries in this access list. This is the default when you do not specify an
input (in) or output (out) keyword in the command line.
To apply generic input and output filters to an interface, use the ipx access-group interface
configuration command. To remove filters, use the no form of this command.
Generic filters control which data packets an interface receives or sends out based on the packet's
source and destination addresses, IPX protocol type, and source and destination socket numbers.
You use the standard access-list and extended access-list commands to specify the filtering
conditions.
You can apply only one input filter and one output filter per interface or subinterface.
When you do not specify an input (in) or output (out) filter in the command line, the default is an
output filter.
You cannot configure an output filter on an interface where autonomous switching is already
configured. Similarly, you cannot configure autonomous switching on an interface where an output
filter is already present. You cannot configure an input filter on an interface if autonomous
switching is already configured on any interface. Likewise, you cannot configure input filters if
autonomous switching is already enabled on any interface.
Example:
The following example applies access list 801 to FastEthernet interface 0/1. Because the command
line does not specify an input filter or output filter with the keywords in or out, the software
assumes that it is an output filter.
Router(config-if)#ipx access-group 801
The following example applies access list 901 to FastEthernet interface 0/0. The access list is an
input filter access list as specified by the keyword in.
Router(config-if)#ipx access-group 901 in
To remove the input access list filter in the previous example, you must specify the in keyword
when you use the no form of the command. The following example correctly removes the access
list:
Router(config-if)#no ipx access-group 901 in
Misconceptions:
None
Related Commands:
ipx access-list

Command:
ipx access-list
Mode:
Router(config)#
Syntax:
ipx access-list {standard | extended | sap | summary} name
no ipx access-list {standard | extended | sap | summary} name
Syntax Description:
standard Specifies a standard IPX access list.
extended Specifies an extended IPX access list.
sap Specifies a SAP access list.
summary Specifies area addresses that summarize routes using NLSP route aggregation
filtering.
name Name of the access list. Names cannot contain a space or quotation mark, and
they must begin with an alphabetic character to prevent ambiguity with
numbered access lists.
To define an IPX access list by name, use the ipx access-list global configuration command. To
remove a named IPX access list, use the no form of this command.
Use this command to configure a named IPX access list as opposed to a numbered IPX access list.
This command will take you into access-list configuration mode, where you must define the denied
or permitted access conditions with the deny and permit commands.
Specifying standard, extended, sap, or summary with the ipx access-list command determines
the prompt you get when you enter access-list configuration mode.
Example:
The following example creates a standard access list named fred. It permits communication with
only IPX network number 5678.
Router(config)#ipx access-list standard fred
Router(config-ipx-std-nacl)#permit 5678 any deny any
The following example creates an extended access list named sal that denies all SPX packets:
Router(config)#ipx access-list extended sal
Router(config-ipx-ext-nacl)#deny spx any all any all log
Router(config-ipx-ext-nacl)#permit any
The following example creates a SAP access list named MyServer that allows only MyServer to be
sent in SAP advertisements:
Router(config)#ipx access-list sap MyServer
Router(config-ipx-sap-nacl)#permit 1234 4 MyServer
Misconceptions:
Named access lists will not be recognized by any software release prior to Cisco IOS Release 11.3.
Related Commands:

Command:
ipx default-route
Mode:
Router(config)#
Syntax:
ipx default-route
no ipx default-route
Syntax Description:
To forward to the default network all packets for which a route to the destination network is
unknown, use the ipx default-route global configuration command. To disable the use of the
default network, use the no form of this command.
When you use the no ipx default-route command, Cisco IOS software no longer uses -2 as the
default network. Instead, the software interprets -2 as a regular network and packets for which a
route to the destination network is unknown are dropped.
Example:
The following example disables the forwarding of packets towards the default network:
Router(config)#no ipx default-route
Misconceptions:
None
Related Commands:
None
Command:
ipx eigrp-sap-split-horizon
Mode:
Router(config)#
Syntax:
ipx eigrp-sap-split-horizon
no ipx eigrp-sap-split-horizon
Syntax Description:
To configure EIGRP SAP split horizon, use the ipx eigrp-sap-split-horizon global configuration
command. To revert to default, use the no form of this command.
When split horizon is enabled, EIGRP SAP update and packets are not sent back to the receiving
interface. This reduces the number of EIGRP packets on the network. Split horizon blocks the
advertising of information from SAPs to the source router. This behavior optimizes
communication among multiple routers. However, with nonbroadcast networks, such as Frame
Relay and SMDS, situations can arise for which this behavior is less than ideal. For these
situations, you may wish to disable split horizon.
Example:
The following example disables split horizon on the router:
Router(config)#no ipx eigrp-sap-split-horizon
Misconceptions:
When the ipx sap-incremental split-horizon interface configuration command is configured, it
takes precedence over the ipx eigrp-sap-split-horizon command.
Related Commands:
ipx split-horizon eigrp
show ipx eigrp interfaces
show ipx eigrp neighbors
show ipx eigrp topology

Command:
ipx network
Mode:
Router(config-if)#
Syntax:
ipx network network [encapsulation encapsulation-type [secondary]]
no ipx network network [encapsulation encapsulation-type]
Syntax Description:
network Network number. This is an eight-digit hexadecimal number that

uniquely identifies a network cable segment. It can be a number in the
range 1 to FFFFFFFD.
You do not need to specify leading zeros in the network number. For
example, for the network number 000000AA you can enter AA.
encapsulation (Optional) Type of encapsulation (framing). It can be one of the

encapsulation- following values:
type
arpa (for Ethernet interfaces only)—Use Novell's Ethernet_II

encapsulation. This encapsulation is recommended for networks
that handle both TCP/IP and IPX traffic.
hdlc (for serial interfaces only)—Use HDLC encapsulation.
novell-ether (for Ethernet interfaces only)—Use Novell's
"Ethernet_802.3" encapsulation. This encapsulation consists of a
standard 802.3 Media Access Control (MAC) header followed
directly by the IPX header with a checksum of FFFF. It is the
default encapsulation used by all versions of NetWare up to and
including Version 3.11.
novell-fddi (for FDDI interfaces only)—Use Novell's
"FDDI_RAW" encapsulation. This encapsulation consists of a
standard FDDI MAC header followed directly by the IPX header
with a checksum of 0xFFFF.
sap (for Ethernet interfaces)—Use Novell's Ethernet_802.2
encapsulation.This encapsulation consists of a standard 802.3 MAC
header followed by an 802.2 LLC header. This is the default
encapsulation used by NetWare Version 3.12 and 4.0.
— Token Ring interfaces—This encapsulation consists of a
standard 802.5 MAC header followed by an 802.2 LLC header.
—FDDI interfaces—This encapsulation consists of a standard
FDDI MAC header followed by an 802.2 LLC header.
snap (for Ethernet interfaces)—Use Novell Ethernet_Snap
encapsulation. This encapsulation consists of a standard 802.3
MAC header followed by an 802.2 SNAP LLC header.
— Token Ring and FDDI interfaces—This encapsulation consists
of a standard 802.5 or FDDI MAC header followed by an 802.2
SNAP LLC header.
secondary (Optional) Indicates an additional (secondary) network configured after

the first (primary) network.
To enable IPX routing on a particular interface and to optionally select the type of encapsulation
(framing), use the ipx network interface configuration command. To disable IPX routing, use the
no form of this command.
The ipx network command allows you to configure a single logical network on a physical network
or more than one logical network on the same physical network (network cable segment). Each
network on a given interface must have a different encapsulation type.
The first network you configure on an interface is considered to be the primary network. Any
additional networks are considered to be secondary networks. These must include the secondary
keyword.
Note In future Cisco IOS software releases, primary and secondary networks will not be
supported. When enabling NLSP and configuring multiple encapsulations on the same physical
LAN interface, you must use subinterfaces. You cannot use secondary networks.
You can configure an IPX network on any supported interface as long as all the networks on the
same physical interface use a distinct encapsulation type. For example, you can configure up to
four IPX networks on a single Ethernet cable because Ethernet supports four encapsulation types.
The interface processes only packets with the correct encapsulation and the correct network
number. IPX networks using other encapsulations can be present on the physical network. The only
effect on the router is that it uses some processing time to examine packets to determine whether
they have the correct encapsulation.
All logical networks on an interface share the same set of configuration parameters. For example,
if you change the IPX RIP update time on an interface, you change it for all networks on that
interface.
When you define multiple logical networks on the same physical network, IPX treats each
encapsulation as if it were a separate physical network. This means, for example, that IPX sends
RIP updates and SAP updates for each logical network.
The ipx network command is useful when migrating from one type of encapsulation to another. If
you are using it for this purpose, you should define the new encapsulation on the primary network.
To delete all networks on an interface, use the following command:
no ipx network
Deleting the primary network with the following command also deletes all networks on that
interface. The argument number is the number of the primary network.
no ipx network number
To delete a secondary network on an interface, use one of the following commands. The argument
number is the number of a secondary network.
no ipx network number
no ipx network number encapsulation encapsulation-type
Novell's FDDI_RAW encapsulation is common in bridged or switched environments that connect

Ethernet-based Novell end hosts via a FDDI backbone. Packets with FDDI_RAW encapsulation
are classified as Novell packets, and are not automatically bridged when you enable both bridging
and IPX routing. Additionally, you cannot configure FDDI_RAW encapsulation on an interface
configured for IPX autonomous or SSE switching. Similarly, you cannot enable IPX autonomous
or SSE switching on an interface configured with FDDI_RAW encapsulation.
With FDDI_RAW encapsulation, platforms that do not use CBUS architecture support fast
switching. Platforms using CBUS architecture support only process switching of novell-fddi
packets received on an FDDI interface.
Example:
The following example uses subinterfaces to create four logical networks on FastEthernet interface
0/0. Each subinterface has a different encapsulation. Any interface configuration parameters that
you specify on an individual subinterface are applied to that subinterface only.
Router(config)#ipx routing interface fastethernet 0/0
Router(config)interface fastethernet 0/0.1
Router(config-subif)#ipx network 1 encapsulation novell-ether
Router(config-subif)#ipx network 2 encapsulation snap
Router(config-subif)#ipx network 3 encapsulation arpa
Router(config-subif)#ipx network 4 encapsulation sap
The following example uses primary and secondary networks to create the same four logical
networks as shown previously in this section. Any interface configuration parameters that you
specify on this interface are applied to all the logical networks. For example, if you set the routing
update timer to 120 seconds, this value is used on all four networks.
Router(config)#ipx routing
Router(config-if)#ipx network 1 encapsulation novell-ether
Router(config-if)#ipx network 2 encapsulation snap secondary
Router(config-if)#ipx network 3 encapsulation arpa secondary
Router(config-if)#ipx network 4 encapsulation sap secondary
The following example enables IPX routing on FDDI interfaces 0.2 and 0.3. On FDDI interface
0.2, the encapsulation type is SNAP. On FDDI interface 0.3, the encapsulation type is Novell's
FDDI_RAW.
Router(config)#interface fddi 0.2
Router(config-if)#ipx network f02 encapsulation snap
Router(config)#interface fddi 0.3
Router(config-if)#ipx network f03 encapsulation novell-fddi
Misconceptions:
None
Related Commands:
ipx routing

Command:
ipx ping-default
Mode:
Router(config)#
Syntax:
ipx ping-default {cisco | novell | diagnostic}
no ipx ping-default {cisco | novell | diagnostic}
Syntax Description:
cisco Transmits Cisco pings.
novell Transmits standard Novell pings.
diagnostic Transmits diagnostic request/response for IPX pings.
To select the ping type that the Cisco IOS software transmits, use the ipx ping-default global
configuration command. To return to the default ping type, use the no form of this command.
This command can transmit Cisco pings, standard Novell pings as defined in the NLSP
specification, and IPX diagnostic pings. The IPX diagnostic ping feature addresses diagnostic
related issues by accepting and processing unicast or broadcast diagnostic packets. It makes
enhancements to the current IPX ping command to ping other stations using the diagnostic packets
and display the configuration information in the response packet.
Example:
The following is sample output of IPX ping-default when diagnostic is enabled:
Router# ipx ping-default diagnostic
Router(config)#ipx ping-default diagnostic

Router(config)#exit
Router#ping
Protocol [ip]: ipx
Target IPX address: 20.0000.0000.0001
Verbose [n]: y
Timeout in seconds [2]: 1
Type escape sequence to abort.
Sending 1, 31-byte IPX Diagnostic Echoes to 20.0000.0000.0001, timeout is 1 seconds:
Diagnostic Response from 20.0000.0000.0001 in 4 ms

Major Version: 1
Minor Version: 0
SPX Diagnostic Socket: 4002
Number of components: 3
Component ID: 0 (IPX / SPX)
Component ID: 1 (Router Driver)
Component ID: 5 (Router)
Number of Local Networks: 2
Local Network Type: 0 (LAN Board)
Network Address1 20
Node Address1 0000.0000.0001
Local Network Type: 0 (LAN Board)
Network Address2 30
Node Address2 0060.70cc.bc65
Note Verbose mode must be enabled to get diagnostic information.
Misconceptions:
Note When a ping is sent from one station to another, the response is expected to come back
immediately; when ipx
ping-default is set to diagnostics, the response could consist of more than one packet and each
node is expected to respond within 0.5 seconds of receipt of the request. Due to the absence of an
end-of-message flag, there is a delay and the requester must wait for all responses to arrive.
Therefore, in verbose mode there may be a brief delay of 0.5 seconds before the response data is
displayed.
The ipx ping-default command using the diagnostic keyword can be used to conduct a reachability
test and should not be used to measure accurate roundtrip delay.
Related Commands:
trace
ping

Command:
ipx route
Mode:
Router(config)#
Syntax:
ipx route {network [network-mask] | default} {network.node |

interface} [ticks] [hops] [floating-static]
no ipx route {network [network-mask] | default} {network.node |

interface}
Syntax Description:
network Network to which you want to establish a static route.
This is an eight-digit hexadecimal number that uniquely identifies a

network cable segment. It can be a number in the range 1 to FFFFFFFD.
You do not need to specify leading zeros in the network number. For
example, for the network number 000000AA, you can enter AA.
network-mask (Optional) Specifies the portion of the network address that is common
to all addresses in an NLSP route summary. When used with the network
argument, it specifies the static route summary.
The high-order bits of network-mask must be contiguous Fs, while the

low-order bits must be contiguous zeros (0). An arbitrary mix of Fs and
0s is not permitted.
default Creates a static entry for the "default route." The router forwards all
nonlocal packets for which no explicit route is known via the specified
next hop address (network.node) or interface.
network.node The router to forward packets to that are destined for the specified
network.
The argument network is an eight-digit hexadecimal number that

uniquely identifies a network cable segment. It can be a number in the
range 1 to FFFFFFFD. You do not need to specify leading zeros in the
network number. For example, for the network number 000000AA, you
can enter AA.
The argument node is the node number of the target router. This is a 48-
bit value represented by a dotted triplet of four-digit hexadecimal
numbers (xxxx.xxxx.xxxx).
interface Network interface to which packets are forwarded that are destined for
the specified network. Interface is serial 0 or serial 0.2. Specifying an
interface instead of a network node is intended for use on IPXWAN
unnumbered interfaces. The specified interface can be a null interface.
ticks (Optional) Number of IBM clock ticks of delay to the network for which
you are establishing a static route. One clock tick is 1/18 of a second
(approximately 55 ms). Valid values are 1 through 65534.
hops (Optional) Number of hops to the network for which you are
establishing a static route. Valid values are 1 through 254.
floating- (Optional) Specifies that this route is a floating static route, which is a
static static route that can be overridden by a dynamically learned route.
To add a static route or static NLSP route summary to the routing table, use the ipx route global
configuration command. To remove a route from the routing table, use the no form of this
command.
The ipx route command forwards packets destined for the specified network (network) via the
specified router (network.node) or an interface (interface) on that network regardless of whether
that router is sending dynamic routing information.
Floating static routes are static routes that can be overridden by dynamically learned routes.
Floating static routes allow you to switch to another path whenever routing information for a
destination is lost. One application of floating static routes is to provide back-up routes in
topologies where dial-on-demand routing is used.
If you configure a floating static route, the Cisco IOS software checks to see if an entry for the
route already exists in its routing table. If a dynamic route already exists, the floating static route is
placed in reserve as part of a floating static route table. When the software detects that the dynamic
route is no longer available, it replaces the dynamic route with the floating static route. If the route
is later relearned dynamically, the dynamic route replaces the floating static route and the floating
static route is again placed in reserve.
If you specify an interface instead of a network node address, the interface must be an IPXWAN
unnumbered interface. For IPXWAN interfaces, the network number need not be preassigned;
instead, the nodes may negotiate the network number dynamically.
Note that by default, floating static routes are not redistributed into other dynamic protocols.
Example:
In the following example, a router at address 3abc.0000.0c00.1ac9 handles all traffic destined for
network 5e:
Router(config)#ipx route 5e 3abc.0000.0c00.1ac9
The following example defines a static NLSP route summary:

Router(config)#ipx route aaaa0000 ffff0000
Misconceptions:
None
Related Commands:
ipx default-route
show ipx route

Command:
ipx split-horizon eigrp
Mode:
Router(config-if)#
Syntax:
ipx split-horizon eigrp autonomous-system-number
no ipx split-horizon eigrp autonomous-system-number
Syntax Description:
autonomous-system- EIGRP autonomous system number. It can be a number from

number 1 to 65535.
To configure split horizon, use the ipx split-horizon eigrp interface configuration command. To
disable split horizon, use the no form of this command.
When split horizon is enabled, EIGRP update and query packets are not sent for destinations that
have next hops on this interface. This reduces the number of EIGRP packets on the network.
Split horizon blocks information about routes from being advertised by the Cisco IOS software to
any interface from which that information originated. Typically, this behavior optimizes
communication among multiple routers, particularly when links are broken. However, with
nonbroadcast networks, such as Frame Relay and SMDS, situations can arise for which this
behavior is less than ideal. For these situations, you may wish to disable split horizon.
Example:
The following example disables split horizon on serial interface 0/0:
Router#interface serial 0/0
Router(config)#no ipx split-horizon eigrp 200
Misconceptions:
None
Related Commands:
None

Command:
ipx type-20-propagation
Mode:
Router(config-if)#
Syntax:
ipx type-20-propagation
no ipx type-20-propagation
Syntax Description:
To forward IPX type 20 propagation packet broadcasts to other network segments, use the
ipx type-20-propagation interface configuration command. To disable both the reception and
forwarding of type 20 broadcasts on an interface, use the no form of this command.
Routers normally block all broadcast requests. To allow input and output of type 20 propagation
packets on an interface, use the ipx type-20-propagation command. Note that type 20 packets are
subject to loop detection and control as specified in the IPX router specification.
Example:
The following example enables both the reception and forwarding of type 20 broadcasts on
FastEthernet interface 0/0:
Router(config-if)#ipx type-20-propagation
The following example enables the reception and forwarding of type 20 broadcasts between
networks 123 and 456, but does not enable reception and forwarding of these broadcasts to and
from network 789:
Router(config-if)#ipx network 123


Misconceptions:
None
Related Commands:
None

Command:
show ipx access-list
Mode:
Router#
Syntax:
show ipx access-list [access-list-number | name]
Syntax Description:
access-list- (Optional) Number of the IPX access list to display. This is a number from
number 800 to 899, 900 to 999, 1000 to 1099, or 1200 to 1299.
name (Optional) Name of the IPX access list to display.
To display the contents of all current IPX access lists, use the show ipx access-list EXEC
command.
The show ipx access-list command provides output identical to the show access-lists command,
except that it is IPX specific and allows you to specify a particular access list.
Examples:
The following is a sample of output from the show ipx access-list command when all access lists
are requested:
Router#show ipx access-list
IPX extended access list 900

deny any 1
IPX sap access list London
deny FFFFFFFF 107
deny FFFFFFFF 301C
permit FFFFFFFF 0
The following is a sample of output from the show ipx access-list command when the name of a
specific access list is requested:
Router#show ipx access-list London
deny FFFFFFFF 107
deny FFFFFFFF 301C
permit FFFFFFFF 0
Misconceptions:
None
Related commands:
ipx access-list
ipx access-group

Command:
Mode:
Router#
Syntax:
show ipx eigrp interfaces [type number] [as-number]
Syntax Description:
as-number (Optional) Autonomous system number.
To display information about interfaces configured for EIGRP, use the show ipx eigrp interfaces
EXEC command.
Use the show ipx eigrp interfaces command to determine on which interfaces EIGRP is active
and to find out information about EIGRP relating to those interfaces.
If an interface is specified, only that interface is displayed. Otherwise, all interfaces on which
EIGRP is running are displayed.
If an autonomous system is specified, only the routing process for the specified autonomous system
is displayed. Otherwise, all EIGRP processes are displayed.
Example:
The following is a sample of output from the show ipx eigrp interfaces command:
Router>show ipx eigrp interfaces
IPX EIGRP interfaces for process 109

Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Di0 0 0/0 0 11/434 0 0
Et0 1 0/0 337 0/10 0 0
SE0:1.16 1 0/0 10 1/63 103 0
Tu0 1 0/0 330 0/16 0 0
Table: show ipx eigrp interfaces Field Descriptions
Field Description
process 109 Autonomous system number of the process.
Interface Interface name.
Peers Number of neighbors on the interface.
Xmit Queue Count of unreliable and reliable packets queued for transmission.
Mean SRTT Average round-trip time for all neighbors on the interface.
Pacing Time Number of milliseconds to wait after transmitting unreliable and reliable
packets.
Multicast Flow Number of milliseconds to wait for acknowledgment of a multicast packet

Timer by all neighbors before transmitting the next multicast packet.
Pending Number of routes still to be transmitted on this interface.

Routes
Misconceptions:
None
Related commands:
Command:
Mode:
Router#
Syntax:
show ipx eigrp neighbors [servers] [autonomous-system-number |
interface] [regexp name]
Syntax Description:
servers (Optional) Displays the server list advertised by each neighbor.
This is displayed only if the ipx sap incremental command is
enabled on the interface on which the neighbor resides.
autonomous- (Optional) Autonomous system number, an integer in the range

system-number 1 to 65535
interface (Optional) Interface type and number
regexp name (Optional) Displays the IPX servers whose names match the regular
expression
To display the neighbors discovered by EIGRP, use the show ipx eigrp neighbors EXEC
command.
Example:
The following is a sample of output from the show ipx eigrp neighbors command:
Router# show ipx eigrp neighbors
IPX EIGRP Neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num
0 200.0000.0c34.d83b Et0/2 11 00:00:18 2 200 0 10
2 total IPX servers for this peer
Type Name Address Port Hops
4 server 2037.0000.0000.0001:0001 2
4 server2 2037.0000.0000.0001:0001 2
1 200.0000.0c34.d83c Et0/2 11 00:00:18 2 200 0 10
4 server 2037.0000.0000.0001:0001 2
The following table describes the fields shown in the display:
Table: show ipx eigrp neighbors Field Descriptions
Field Description
process Autonomous system number specified in the ipx router configuration command
200
H Handle, an arbitrary and unique number inside this router that identifies the
neighbor
Address IPX address of the EIGRP peer
Interface Interface on which the router is receiving hello packets from the peer
Hold Length of time, in seconds, that the Cisco IOS software will wait to hear from the
peer before declaring it down (If the peer is using the default hold time, this
number will be less than 15. If the peer configures a nondefault hold time, it will
be reflected here).
Uptime Elapsed time (in hours, minutes, and seconds) since the local router first heard
from this neighbor
Q Cnt Number of IPX EIGRP packets (Update, Query, and Reply) that the Cisco IOS
software is waiting to send
SRTT Smooth round-trip time, this is the number of milliseconds it takes for an IPX
EIGRP packet to be sent to this neighbor and for the local router to receive an
acknowledgment of that packet
RTO Retransmission timeout (in milliseconds), this is the amount of time the Cisco
IOS software waits before retransmitting a packet from the retransmission queue
to a neighbor
Seq Num Sequence number of the last Update, Query, or Reply packet that was received
from this neighbor
Type Contains codes from the Codes field to indicates how service was learned
Name Name of server
Address Network address of server
Port Source socket number
Misconceptions:
None
Related commands:

Command:
Mode:
Router#
Syntax:
show ipx eigrp topology [network-number] [active] [all-links] [as
as_number] [pending] [summary] [zero-successors]
Syntax Description:
network-number (Optional) IPX network number whose topology table entry to display
active Show only active entries
all-links Show all links in topology table
as Show only entries for this autonomous system
pending Show only entries pending transmission
summary Show a summary of the topology table
zero-successors Show only zero successor entries
To display the EIGRP topology table, use the show ipx eigrp topology EXEC command.
Examples:
The following is a sample of output from the show ipx eigrp topology command:
Router#show ipx eigrp topology
IPX EIGRP Topology Table for process 109

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - Reply status
P 42, 1 successors, FD is 0
via 160.0000.0c00.8ea9 (345088/319488), FastEthernet0/0
P 160, 1 successor via Connected, FastEthernet
via Redistributed (287744/0)
P 164, 1 successors, flags: U, FD is 200
via 160.0000.0c01.2b71 (332800/307200), FastEthernet0/1
P A112, 1 successors, FD is 0
via Connected, FastEthernet1/2
P AAABBB, 1 successors, FD is 10003
via Redistributed (287744/0),
A A112, 0 successors, 1 replies, state: 0, FD is 0
via 160.0000.0c00.8ea9 (332800/307200), r, FastEthernet0/1
The table below describes the fields shown in the output.
Table: show ipx eigrp topology Field Descriptions
Field Description
Codes State of this topology table entry. Passive and Active refer to the EIGRP
state with respect to this destination; Update, Query, and Reply refer to
the type of packet that is being sent.
P - Passive No EIGRP computations are being performed for this destination
A - Active EIGRP computations are being performed for this destination
U - Update Indicates that an update packet was sent to this destination
Q - Query Indicates that a query packet was sent to this destination
R - Reply Indicates that a reply packet was sent to this destination
r - Reply status Flag that is set after the Cisco IOS software has sent a query and is
waiting for a reply
42, 160, and so Destination IPX network number

on
successors Number of successors. This number corresponds to the number of next

hops in the IPX routing table.
FD Feasible distance. This value is used in the feasibility condition check. If

the neighbor's reported distance (the metric after the slash) is less than
the feasible distance, the feasibility condition is met and that path is a
feasible successor. Once the router determines it has a feasible successor,
it does not have to send a query for that destination.
replies Number of replies that are still outstanding (have not been received) with
respect to this destination. This information appears only when the
destination is in Active state.
state Exact EIGRP state that this destination is in. It can be the number 0, 1, 2,
or 3. This information appears only when the destination is Active.
via IPX address of the peer who told the Cisco IOS software about this
destination. The first n of these entries, where n is the number of
successors, are the current successors. The remaining entries on the list
are feasible successors.
(345088/319488) The first number is the EIGRP metric that represents the cost to the
destination. The second number is the EIGRP metric that this peer
advertised.
FastEthernet0/0 Interface from which this information was learned
The following is a sample of output from the show ipx eigrp topology command when you
specify an IPX network number:
Router#show ipx eigrp topology 160
IPX-EIGRP topology entry for 160

State is Passive, Query origin flag is 1, 1 Successor(s)
Routing Descriptor Blocks:
Next hop is Connected (FastEthernet0/0), from 0.0000.0000.0000
Composite metric is (0/0), Send flag is 0x0, Route is Internal
Vector metric:
Minimum bandwidth is 10000 Kbit
Total delay is 1000000 nanoseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Next hop is 164.0000.0c00.8ea9 (FastEthernet0/1), from 164.0000.0c00.8ea9
Composite metric is (307200/281600), Send flag is 0x0, Route is External
This is an ignored route
Vector metric:
Load is 1/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 0000.0c00.8ea9
External protocol is RIP, metric is 1, delay 2
Administrator tag is 0 (0x00000000)
Flag is 0x00000000
Table: show ipx eigrp topology Field Descriptions—Specific Network
Field Description
160 IPX network number of the destination
State is ... State of this entry. It can be either Passive or Active. Passive
means that no EIGRP computations are being performed for this
destination, and Active means that they are being performed.
Query origin flag Exact EIGRP state that this destination is in. It can be the number
0, 1, 2, or 3. This information appears only when the destination is
Active.
Successor(s) Number of successors. This number corresponds to the number of

next hops in the IPX routing table.
Next hop is ... Indicates how this destination was learned. It can be one of the
following:
Connected—The destination is on a network directly

connected to this router.
Redistributed—The destination was learned via RIP or
another EIGRP process.
IPX host address—The destination was learned from that
peer via this EIGRP process.
from Peer from whom the information was learned. For connected and
redistributed routers, this is 0.0000.0000.0000. For information
learned via EIGRP, this is the peer's address. Currently, for
information learned via EIGRP, the peer's IPX address always
matches the address in the "Next hop is" field.
Composite metric is EIGRP composite metric. The first number is this device's metric
to the destination, and the second is the peer's metric to the
destination.
Send flag Numeric representation of the "flags" field described in Table. It is

0 when nothing is being sent, 1 when an Update is being sent,
3 when a Query is being sent, and 4 when a Reply is being sent.
Currently, 2 is not used.
Route is ... Type of router. It can be either internal or external. Internal routes
are those that originated in an EIGRP autonomous system, and
external are routes that did not. Routes learned via RIP are always
external.
This is an ignored route Indicates that this path is being ignored because of filtering
Vector metric: This section describes the components of the EIGRP metric
Minimum bandwidth Minimum bandwidth of the network used to reach the next hop
Total delay Delay time to reach the next hop
Reliability Reliability value used to reach the next hop
Load Load value used to reach the next hop
Minimum MTU Minimum MTU size of the network used to reach the next hop
Hop count Number of hops to the next hop
External data: This section describes the original protocol from which this route
was redistributed. It appears only for external routes.
Originating router Network address of the router that first distributed this route into
EIGRP
External External protocol from which this route was learned. The metric
protocol..metric..delay will match the external hop count displayed by the show ipx route
command for this destination. The delay is the external delay.
Administrator tag Not currently used
Flag Not currently used
Misconceptions:
None
Related commands:
show ipx route

Command:
show ipx interface
Mode:
Router#
Syntax:
show ipx interface [type number] [brief]
Syntax Description:
type (Optional) Interface type. It can be one of the following types: asynchronous,
dialer, Ethernet (IEEE 802.3), FDDI, loopback, null, serial, Token Ring, or tunnel.
brief Brief summary of IPX interface status and configuration
To display the status of the IPX interfaces configured in the Cisco IOS software and the parameters
configured on each interface, use the show ipx interface EXEC command.
Examples:
The following is a sample of output from the show ipx interface command:
Router#show ipx interface fastethernet 0/1
FastEthernet0/1 is up, line protocol is up

IPX address is C03.0000.0c05.6030, NOVELL-ETHER [up] line-up, RIPPQ: 0, SAPPQ : 0
Delay of this Novell network, in ticks is 1
IPXWAN processing not enabled on this interface.
IPX SAP update interval is 1 minute(s)
IPX type 20 propagation packet forwarding is disabled
IPX Helper access list is not set
SAP Input filter list is not set
SAP Output filter list is not set
SAP Router filter list is not set
SAP GNS output filter list is not set
Input filter list is not set
Output filter list is not set
Router filter list is not set
Netbios Input host access list is not set
Netbios Input bytes access list is not set
Netbios Output host access list is not set
Netbios Output bytes access list is not set
Update time is 60 seconds
IPX accounting is enabled
IPX fast switching is configured (enabled)
IPX SSE switching is disabled
The following is a sample of output from the show ipx interface command when NLSP is enabled:
Router#show ipx interface fastethernet 1

IPX address is E001.0000.0c02.8cf9, SAP [up] line-up, RIPPQ: 0, SAPPQ : 0
Delay of this IPX network, in ticks is 1 throughput 0 link delay 0
IPX NLSP is running on primary network E001
RIP compatibility mode is AUTO (OFF)
SAP compatibility mode is AUTO (OFF)
Level 1 Hello interval 20 sec
Level 1 Designated Router Hello interval 10 sec
Level 1 CSNP interval 30 sec
Level 1 LSP retransmit interval 5 sec, LSP (pacing) interval 1000 mSec
Level 1 adjacency count is 1
Level 1 circuit ID is 0000.0C02.8CF9.02
Table: show ipx interface Field Descriptions
Field Description
Ethernet1 is ..., Type of interface and whether it is currently active and inserted into the
line protocol is ... network (up) or inactive and not inserted (down)
IPX address is ... Network and node address of the local router interface, followed by the
type of encapsulation configured on the interface and the interface's status.
Refer to the ipx network command for a list of possible values.
NOVELL-ETHER Type of encapsulation being used on the interface, if any
[up] line-up Indicates whether IPX routing is enabled or disabled on the interface. The
"line-up" indicates that IPX routing has been enabled with the ipx routing
command. The "line-down" indicates that it is not enabled. The word in
square brackets provides more detail about the status of IPX routing when
it is in the process of being enabled or disabled.
RIPPQ Number of packets in the RIP queue
SAPPQ Number of packets in the SAP queue
Secondary address Address of a secondary network configured on this interface, if any,

is ... followed by the type of encapsulation configured on the interface and the
interface's status. Refer to the ipx routing command for a list of possible
values. This line is displayed only if you have configured a secondary
address with the ipx routing command.
Delay of this IPX Value of the ticks field (configured with the ipx delay command)
network, in ticks,
...
throughput Throughput of the interface (configured with the ipx spx-idle-time

interface configuration command)
link delay Link delay of the interface (configured with the ipx link-delay interface
configuration command)
IPXWAN Indicates whether IPXWAN processing has been enabled on this interface
processing... with the ipx ipxwan command
IPX SAP update Indicates the frequency of outgoing SAP updates (configured with the ipx
interval update interval command)
IPX type 20 Indicates whether forwarding of IPX type 20 propagation packets (used by
propagation packet NetBIOS) is enabled or disabled on this interface, as configured with the
forwarding... ipx type-20-propagation command.
Outgoing access Indicates whether an access list has been enabled with the
list ipx access-group command
IPX Helper access Number of the broadcast helper list applied to the interface with the ipx
list helper-list command
SAP Input filter Number of the input SAP filter applied to the interface with the ipx input-
list sap-filter command
SAP Output filter Number of the output SAP filter applied to the interface with the ipx
list output-sap-filter command.
SAP Router filter Number of the router SAP filter applied to the interface with the ipx
list router-sap-filter command
SAP GNS output Number of the Get Nearest Server (GNS) response filter applied to the
filter list interface with the ipx output-gns-filter command
Input filter list Number of the input filter applied to the interface with the
ipx input-network-filter command
Output filter list Number of the output filter applied to the interface with the
ipx output-network-filter command
Router filter list Number of the router entry filter applied to the interface with the ipx
router-filter command
Netbios Input host Name of the IPX NetBIOS input host filter applied to the interface with the
access list ipx netbios input-access-filter host command
Netbios Input bytes Name of the IPX NetBIOS input bytes filter applied to the interface with
access list the ipx netbios input-access-filter bytes command
Netbios Output Name of the IPX NetBIOS output host filter applied to the interface with
host access list the ipx netbios input-access-filter host command
Netbios Output Name of the IPX NetBIOS output bytes filter applied to the interface with
bytes access list the ipx netbios input-access-filter bytes command
Update time How often the Cisco IOS software sends RIP updates, as configured with
the ipx update sap-after-rip command
Watchdog Indicates whether watchdog spoofing is enabled of disabled for this
spoofing ... interface, as configured with the ipx watchdog-spoof command. This
information is displayed only on serial interfaces.
IPX accounting Indicates whether IPX accounting has been enabled with the ipx
accounting command
IPX fast switching Indicates whether IPX fast switching is enabled (default) or disabled for
IPX autonomous this interface, as configured with ipx route-cache command. (If IPX
switching autonomous switching is enabled, it is configured with the ipx route-cache
cbus command.)
IPX SSE switching Indicates whether IPX SSE switching is enabled for this interface, as
configured with the ipx route-cache sse command
IPX NLSP is Indicates that NLSP is running and the number of the primary IPX network
running on primary on which it is running
network E001
RIP compatibility State of RIP compatibility (configured by the ipx nlsp rip interface
mode configuration command)
SAP compatibility State of SAP compatibility (configured by the ipx nlsp sap interface
Level 1 Hello Interval between transmission of hello packets for nondesignated routers
interval (configured by the ipx nlsp hello-interval interface configuration
command)
Level 1 Designated Interval between transmission of hello packets for designated routers
Router Hello (configured by the ipx nlsp hello-interval interface configuration
interval command)
Level 1 CSNP CSNP interval (as configured by the ipx nlsp csnp-interval interface
interval configuration command)
Level 1 LSP LSP retransmission interval (as configured by the ipx nlsp retransmit-
retransmit interval interval interface configuration command)
LSP (pacing) LSP transmission interval (as configured by the ipx nlsp lsp-interval
interval interface configuration command)
Level 1 adjacency Number of Level 1 adjacencies in the adjacency database

count
Level 1 circuit ID System ID and pseudonode number of the designated router. In this
example, 0000.0C02.8CF9 is the system ID, and 02 is the pseudonode
number.
Misconceptions:
None
Related commands:
ipx access-list
ipx network
ipx routing

Command:
show ipx route
Mode:
Router#
Syntax:
show ipx route [network] [default] [detailed]
Syntax Description:
network (Optional) Number of the network whose routing table entry you want to display.
This is an eight-digit hexadecimal number that uniquely identifies a network cable
default (Optional) Displays the default route. This is equivalent to specifying a value of
FFFFFFFE for the argument network.
detailed (Optional) Displays detailed route information.
To display the contents of the IPX routing table, use the show ipx route user EXEC command.
Examples:
The following is a sample of output from the show ipx route command:
Router#show ipx route
Codes: C - Connected primary network, c - Connected secondary network

S - Static, F - Floating static, L - Local (internal), W - IPXWAN
R - RIP, E - EIGRP, N - NLSP, X - External, A - Aggregate
s - seconds, u - uses
8 Total IPX routes. Up to 1 parallel paths and 16 hops allowed.
No default route known.
L D40 is the internal network

C 100 (NOVELL-ETHER), Et1
C 7000 (TUNNEL), Tu1
S 200 via 7000.0000.0c05.6023, Tu1
R 300 [02/01] via 100.0260.8c8d.e748, 19s, Et1
S 2008 via 7000.0000.0c05.6023, Tu1
R CC0001 [02/01] via 100.0260.8c8d.e748, 19s, Et1
Table: show ipx route Field Descriptions
Field Description
Codes Codes defining how the route was learned.
L - Local Internal network number.
C - Connected Directly connected primary network.

primary network
c - connected Directly connected secondary network.

secondary
network
S - Static Statically defined route via the ipx route command.
R - RIP Route learned from a RIP update.
E - EIGRP Route learned from an Enhanced IGRP (EIGRP) update.
W - IPXWAN Directly connected route determined via IPXWAN.
8 Total IPX routes Number of routes in the IPX routing table.
No parallel paths Maximum number of parallel paths for which the Cisco IOS software
allowed has been configured with the ipx maximum-paths command.
Novell routing Indicates whether the Cisco IOS software is using the IPX-compliant
algorithm variant routing algorithms (default).
in use
Net 1 Network to which the route goes.
[3/2] Delay/Metric. Delay is the number of IBM clock ticks (each tick is
1/18 seconds) reported to the destination network. Metric is the number
of hops reported to the same network. Delay is used as the primary
routing metric, and the metric (hop count) is used as a tie breaker.
via network.node Address of a router that is the next hop to the remote network.
age Amount of time (in hours, minutes, and seconds) that has elapsed since
information about this network was last received.
uses Number of times this network has been looked up in the route table.
This field is incremented when a packet is process-switched, even if the
packet is eventually filtered and not sent. As such, this field represents
a fair estimate of the number of times a route gets used.
Ethernet0 Interface through which packets to the remote network will be sent.
(NOVELL- Encapsulation (frame) type. This is shown only for directly connected
ETHER) networks.
is directly Indicates that the network is directly connected to the router.

connected
When the Cisco IOS software generates an aggregated route, the show ipx route command
displays a line item similar to the following:
NA 1000 FFFFF000 [**][**/06] via 0.0000.0000.0000, 163s, Nu0
In the following example, the router that sends the aggregated route also generates the aggregated
route line item in its table. But the entry in the table points to the null interface (Nu0), indicating
that if this aggregated route is the most-specific route when a packet is being forwarded, the router
drops the packet instead.

NA 1000 FFFFF000 [**][**/06] via 0.0000.0000.0000, 163s, Nu0

L 2008 is the internal network
C 89 (SAP), To0
C 91 (SAP), To1
N 2 [19][01/01] via 91.0000.30a0.51cd, 317s, To1
N 3 [19][01/01] via 91.0000.30a0.51cd, 327s, To1
N 20 [20][01/01] via 1.0000.0c05.8b24, 2024s, Et0
N 101 [19][01/01] via 91.0000.30a0.51cd, 327s, To1
NX 1000 [20][02/02][01/01] via 1.0000.0c05.8b24, 2024s, Et0
N 2010 [20][02/01] via 1.0000.0c05.8b24, 2025s, Et0
N 2011 [19][02/01] via 91.0000.30a0.51cd, 328s, To1
The following is a sample of output from the show ipx route detailed command:
Router#show ipx route detailed

R - RIP, E - EIGRP, N - NLSP, X - External, s - seconds, u - uses

C E001 (SAP), Et0
C D35E2 (NOVELL-ETHER), Et2
R D34 [02/01]
-- via E001.0000.0c02.8cf9, 43s, 1u, Et0
N D36 [20][02/01]
-- via D35E2.0000.0c02.8cfc, 704s, 1u, Et2
10000000:1000:1500:0000.0c02.8cfb:6:0000.0c02.8cfc
NX D40 [20][03/02][02/01]
-- via D35E2.0000.0c02.8cfc, 704s, 1u, Et2
10000000:2000:1500:0000.0c02.8cfb:6:0000.0c02.8cfc
R D34E1 [01/01]
-- via E001.0000.0c02.8cf9, 43s, 1u, Et0
NX D40E1 [20][02/02][01/01]
-- via D35E2.0000.0c02.8cfc, 704s, 3u, Et2
10000000:2000:1500:0000.0c02.8cfb:6:0000.0c02.8cfc
N D36E02 [20][01/01]
-- via D35E2.0000.0c02.8cfc, 705s, 2u, Et2
10000000:2000:1500:0000.0c02.8cfb:6:0000.0c02.8cfc
The table below explains the additional fields shown in the display.
Table: show ipx route detailed Field Descriptions

Field Description
1u Number of times this network has been looked up in the route table. This
field is incremented when a packet is process-switched, even if the packet
is eventually filtered and not sent. As such, this field represents a fair
estimate of the number of times a route gets used.
10000000 (NLSP only) Throughput (end to end).
3000 (NLSP only) Link delay (end to end).
1500 (NLSP only) MTU (end to end).
0000.0c02.8cfb (NLSP only) System ID of the next-hop router.
6 (NLSP only) Local circuit ID.
0000.0c02.8cfc (NLSP only) MAC address of the next-hop router.
Misconceptions:
None
Related commands:
clear ipx route
ipx route

Command:
show ipx servers
Mode:
Router#
Syntax:
show ipx servers [detailed] [network network_number] [unsorted |
[sorted [name | net | type]]] [regexp name]
Syntax Description:
unsorted (Optional) Does not sort entries when displaying IPX servers.
sorted (Optional) Sorts the display of IPX servers according to the keyword that
follows.
name (Optional) Displays the IPX servers alphabetically by server name.
net (Optional) Displays the IPX servers numerically by network number.
type (Optional) Displays the IPX servers numerically by SAP service type. This
is the default.
regexp (Optional) Displays the IPX servers whose names match the regular
name expression.
detailed Comprehensive display including path detail
network Display Services on a particular network
To list the IPX servers discovered through Service Advertising Protocol (SAP) advertisements, use
the show ipx servers EXEC command.
Examples:
The following is a sample of output from the show ipx servers command when NLSP is enabled:
Router#show ipx servers
Codes: S - Static, P - Periodic, E - EIGRP, N - NLSP, H - Holddown, + = detail
9 Total IPX Servers
Table ordering is based on routing and server info
Type Name Net Address Port Route Hops Itf
N+ 4 MERLIN1-VIA-E03 E03E03.0002.0004.0006:0451 4/03 4 Et0
N+ 4 merlin E03E03.0002.0004.0006:0451 4/03 3 Et0
N+ 4 merlin 123456789012345 E03E03.0002.0004.0006:0451 4/03 3 Et0
S 4 WIZARD1--VIA-E0 E0.0002.0004.0006:0451 none 2
N+ 4 dtp-15-AB E002.0002.0004.0006:0451 none 4 Et0
N+ 4 dtp-15-ABC E002.0002.0004.0006:0451 none 4 Et0
N+ 4 dtp-15-ABCD E002.0002.0004.0006:0451 none 4 Et0
N+ 4 merlin E03E03.0002.0004.0006:0451 4/03 3 Et0
N+ 4 dtp-15-ABC E002.0002.0004.0006:0451 none 4 Et0
Table: show ipx servers Field Descriptions

Field Description
Codes: Codes defining how the service was learned.
S - Static Statically defined service via the ipx sap command.
P - Periodic Service learned via a SAP update.
E - EIGRP Service learned via EIGRP.
N - NLSP Service learned via NLSP.
H- Indicates that the entry is in holddown mode and is not reachable.

Holddown
+ - detail Indicates that multiple paths to the server exist. Use the show ipx servers
detailed EXEC command to display more detailed information about the
paths.
Type Contains codes from Codes field to indicates how service was learned.
Name Name of server.
Net Network on which server is located.
Address Network address of server.
Port Source socket number.
Route Ticks/hops (from the routing table).
Hops Hops (from the SAP protocol).
Itf Interface through which to reach server.
The following example uses a regular expression to display SAP table entries corresponding to a
particular group of servers in the accounting department of a company:
Router#show ipx servers regexp ACCT\_SERV.+

9 Total IPX Servers
S 108 ACCT_SERV_1 7001.0000.0000.0001:0001 1/01 2 Et0
S 108 ACCT_SERV_2 7001.0000.0000.0001:0001 1/01 2 Et0
S 108 ACCT_SERV_3 7001.0000.0000.0001:0001 1/01 2 Et0
See the table above for show IPX servers field descriptions.
Misconceptions:
None
Related commands:
None

Command:
show ipx traffic
Mode:
Router#
Syntax:
show ipx traffic [since boot | since show ]
Syntax Description:
since boot IPX protocol statistics since system booted
since show IPX protocol statistics since last show command was issued
To display information about the number and type of IPX packets transmitted and received, use the
show ipx traffic user EXEC command.
Example:
The following is a sample of output from the show ipx traffic command:
Router>show ipx traffic
System Traffic for 0.0000.0000.0001 System-Name: router

Time since last clear: never
Rcvd: 0 total, 0 format errors, 0 checksum errors, 0 bad hop count
0 packets pitched, 0 local destination, 0 multicast
Bcast: 0 received, 0 sent
Sent: 0 generated, 0 forwarded
0 encapsulation failed, 0 no route
SAP: 0 Total SAP requests, 0 Total SAP replies, 1 servers
0 SAP General Requests, 2 sent, 0 ignored, 0 replies
0 SAP Get Nearest Server requests, 0 replies
0 SAP Nearest Name requests, 0 replies
0 SAP General Name requests, 0 replies
0 SAP advertisements received, 324 sent, 0 Throttled
0 SAP flash updates sent, 0 SAP format errors
RIP: 0 RIP requests, 0 ignored, 0 RIP replies, 3 routes
0 RIP advertisements received, 684 sent, 0 Throttled
0 RIP flash updates sent, 0 atlr sent
2 RIP general requests sent
0 RIP format errors
Echo: Rcvd 0 requests, 0 replies
Sent 0 requests, 0 replies
0 unknown: 0 no socket, 0 filtered, 0 no helper
0 SAPs throttled, freed NDB len 0
Watchdog:
0 packets received, 0 replies spoofed
Queue lengths:
IPX input: 0, SAP 0, RIP 0, GNS 0
SAP throttling length: 0/(no limit), 0 nets pending lost route reply
Delayed process creation: 0
EIGRP: Total received 0, sent 0
Updates received 0, sent 0
Queries received 0, sent 0
Replies received 0, sent 0
SAPs received 0, sent 0
NLSP: Time since last clear: never
NLSP: Level-1 Hellos (sent/rcvd): 0/0
PTP Hellos (sent/rcvd): 0/0
Level-1 LSPs sourced (new/refresh): 1/0
Level-1 LSPs flooded (sent/rcvd): 0/0
LSP Retransmissions: 0
Level-1 CSNPs (sent/rcvd): 0/0
Level-1 PSNPs (sent/rcvd): 0/0
Level-1 DR Elections: 0
Level-1 SPF Calculations: 1
Level-1 Partial Route Calculations: 0
LSP checksum errors received: 0
Trace: Rcvd 0 requests, 0 replies
Table: show ipx traffic Field Descriptions
Field Description
Time since last clear Elapsed time since last clear command issued
Rcvd: Description of the packets received
total Total number of packets received
format errors Number of bad packets discarded (for example, packets with
a corrupted header). Includes IPX packets received in an
encapsulation that this interface is not configured for.
checksum errors Number of packets containing a checksum error. This

number should always be 0, because IPX rarely uses a
checksum.
bad hop count Number of packets discarded because their hop count
exceeded 16
packets pitched Number of times the device received its own broadcast
packet
local destination Number of packets sent to the local broadcast address or

specifically to the router
multicast Number of packets received that were addressed to an IPX

multicast address
Bcast: Description of broadcast packets the router received and sent
received Number of broadcast packets received
sent Number of broadcast packets sent, including those the router

is either forwarding or has generated
Sent: Description of packets the software generated and sent and

those the software received and routed to other destinations
generated Number of packets sent that the router generated itself
forwarded Number of packets sent that the router forwarded from other
sources
encapsulation failed Number of packets the software was unable to encapsulate
no route Number of times the software could not locate a route to the
destination in the routing table
SAP: Description of the Service Advertising Protocol (SAP)

packets sent and received
Total SAP requests Cumulative sum of SAP requests received:
SAP general requests

SAP Get Nearest Server (GNS) requests
Total SAP replies Cumulative sum of all SAP reply types: General, Get Nearest
Server, Nearest Name, and General Name
servers Number of servers in the SAP table

SAP General Requests, Number of general SAP requests, sent requests, ignored
received, sent, ignored, requests, and replies. This field applies to Cisco IOS Release
replies 11.2 and later.
SAP Get Nearest Server, Number of GNS requests and replies. This field applies to
requests, replies Cisco IOS Release 11.2 and later.
SAP Nearest Name Number of SAP Nearest Name requests and replies. This
requests, replies field applies to Cisco IOS Release 11.2 and later.
SAP advertisements Number of SAP advertisements generated and then sent as a

received and sent result of a change to the routing or service tables
Throttled Number of SAP advertisements discarded because they

exceeded buffer capacity
SAP flash updates sent Number of SAP flash updates generated and sent because of
changes to routing or service tables
SAP format errors Number of incorrectly formatted SAP advertisements

received
RIP: Description of the Routing Information Protocol (RIP)

packets received and sent
RIP requests Number of RIP requests received
ignored Number of RIP requests ignored
RIP replies Number of RIP replies sent in response to RIP requests
routes Number of RIP routes in the current routing table
RIP advertisements Number of RIP advertisements received from another router

received
sent Number of RIP advertisements generated and then sent
Throttled Number of RIP advertisements discarded because they

RIP flash updates sent Number of RIP flash updates generated and sent and number
of advertisements to lost routes sent because of changes to
atlr sent the routing table.
RIP general requests sent Number of RIP general requests generated and then sent
RIP format errors Number of incorrectly formatted RIP packets received
Echo: Description of the ping replies and requests received and sent
Rcvd requests, replies Number of ping requests and replies received
Sent requests, replies Number of ping requests and replies sent
unknown Number of unsupported packets received on socket
no socket, filtered, no Number of packets that could not be forwarded because

helper helper addresses were improperly configured
SAPs throttled Number of SAP packets discarded because they exceeded

buffer capacity
freed NDB len Number of Network Descriptor Blocks removed from the
network but still needing to be removed from the routing
table of the router
Watchdog: Description of the watchdog packets the software handled
packets received Number of watchdog packets received from IPX servers on

the local network
replies spoofed Number of times the software responded to a watchdog

packet on behalf of the remote client
Queue lengths Description of outgoing packets currently in buffers waiting

to be processed
IPX input Number of incoming packets waiting to be processed
SAP Number of outgoing SAP packets waiting to be processed
RIP Number of outgoing RIP packets waiting to be processed
GNS Number of outgoing GNS packets waiting to be processed
SAP throttling length Maximum number of outgoing SAP packets allowed in the
buffer. Additional packets received are discarded.
nets pending lost reply Number of "downed" routes being processed by the Lost
route Route Algorithm
EIGRP: Total received, sent Description of the Enhanced Interior Gateway Protocol
(EIGRP) packets the router received and sent
Updates received, sent Number of EIGRP updates received and sent
Queries received, sent Number of EIGRP queries received and sent
Replies received, sent Number of EIGRP replies received and sent
SAPs received, sent Number of SAP packets received from and sent to EIGRP
neighbors
NLSP: Description of the NetWare Link Services Protocol (NLSP)

packets the router sent and received
Level-1 Hellos (sent/rcvd) Number of LAN hello packets sent and received
PTP Hellos (sent/rcvd) Number of point-to-point Hello packets sent and received
Misconceptions:
None
Related commands:
None

Command:
clear interface
Mode:
Router#
Syntax:
clear interface name-tag type slot/port
Syntax Description:
type Interface type and port number to use as the backup interface
Backplane slot number and port number on the interface. See your hardware
slot/port
installation manual for the specific slot and port numbers
This command will clear the hardware logic for the specified slot/port. This is often used with
ISDN BRI interfaces to force the interface to resend the SPIDs.
Example:
The following command will clear the hardware logic BRI 0/0:
Router#clear interface bri 0/0
Misconceptions:
None
Related Commands:
None
Command:
debug isdn
Mode:
Router#
Syntax:
debug isdn [events | q921 | q931]

no debug isdn [events | q921 | q931]
Syntax Description:
events Displays Integrated Services Digital Network (ISDN) events occurring on the user side
(on the router) of the ISDN interface. The ISDN events that can be displayed are Q.931
events (call setup and teardown of ISDN network connections). Although the debug isdn
event and the debug isdn q931 commands provide similar debug information, the
information is displayed in a different format. If you want to see the information in both
formats, enable both commands at the same time. The displays will be intermingled.
q921 Displays data link layer (Layer 2) access procedures occurring at the router on the D
channel (LAPD) of its Integrated Services Digital Network (ISDN) interface.
q931 q931: Displays information about the call setup and teardown of ISDN network
connections (Layer 3) between the local router (user side) and the network. The ISDN
network layer interface provided by the router conforms to the user interface specification
defined by ITU-T recommendation Q.931, supplemented by other specifications such as
for switch type VN4. The router tracks only activities that occur on the user side, not the
network side of the network connection. The command output of the debug isdn q931
command is limited to commands and responses exchanged during peer-to-peer
communication carried over the D channel.
Use the debug isdn priviledged EXEC command to display information on ISDN link activity.
The no form of the command disables debugging output.
Example:
Router#debug isdn events
ISDN Event: Call to 415555121202
received HOST_PROCEEDING
-------------------
Channel ID i = 0x89
received HOST_CONNECT
ISDN Event: Connected to 415555121202 on B1 at 64 Kb/s
Misconceptions:
None
Related Commands:
show dialer

Command:
dialer idle-timeout
Mode:
Router(config-if)#
Syntax:
dialer idle-timeout seconds [inbound | either]
no dialer idle-timeout
Syntax Description:
Idle time, in seconds, that must occur on the interface before the line is disconnected.
seconds
Acceptable values are positive, nonzero integers.
inbound (Optional) Only inbound traffic will reset the idle timeout.
either (Optional) Both inbound and outbound traffic will reset the idle timeout.
The dialer idle-timeout interface configuration command specifies the amount of idle time (in
seconds) before the line is disconnected. Use the no dialer idle-timeout command to reset the idle
timeout to the default value of 120 seconds.
Example:
The following example specifies of an idle timeout of 3 minutes (180 seconds) on asynchronous
interface 1. Because the inbound keyword is included, only inbound traffic that matches the dialer
group will reset the idle timer.
Router(config-if)#dialer idle-timeout 180 inbound
Misconceptions:
None
Related Commands:
dialer fast-idle

Command:
dialer map
Mode:
Router(config-if)#
Syntax:
dialer map protocol next-hop-address [name hostname] [spc ] [speed
56 | speed 64 ] [broadcast ] [modem-script modem-regexp] [system-
script system-regexp] [dial-string [: isdn-subaddress]]
no dialer map protocol next-hop-address [name hostname] [spc ]

[speed 56 | speed 64 ] [broadcast ] [modem-script modem-regexp]
[system-script system-regexp] [dial-string [: isdn-subaddress]]
Syntax Description:
protocol Protocol keywords; one of the following: appletalk, bridge, clns, decnet,
ip, ipx, novell, snapshot, vines, and xns
next-hop- Protocol address used to match against addresses to which packets are
address destined
name (Optional) Indicates the remote system with which the local router or
access server communicates. Used for authenticating the remote system on
incoming calls.
hostname (Optional) Case-sensitive name or ID of the remote device (usually the
host name). For routers with ISDN interfaces, if calling line identification
sometimes called CLI, but also known as caller ID and automatic number
identification (ANI) is provided, the hostname field can contain the
number that the calling line ID provides.
spc (Optional) Specifies a semipermanent connection between customer
equipment and the exchange; used only in Germany for circuits between
an ISDN BRI and a 1TR6 ISDN switch and in Australia for circuits
between an ISDN PRI and a TS-014 switch.
speed 56 | (Optional) Keyword and value indicating the line speed in kilobits per
speed 64 second to use. Used for ISDN only. The default speed is speed 64 (64
kbps).
broadcast (Optional) Indicates that broadcasts should be forwarded to this protocol
address
modem-script (Optional) Indicates the modem script to be used for the connection (for
asynchronous interfaces)
modem-regexp (Optional) Regular expression to which a modem script will be matched
system-script (Optional) Indicates the system script to be used for the connection (for
asynchronous interfaces
system-regexp (Optional) Regular expression to which a system script will be matched
dial-string (Optional) Telephone number sent to the dialing device when it
[:isdn- recognizes packets with the specified next hop address that matches the
subaddress] access lists defined, and the optional subaddress number used for ISDN
multipoint connections. The dial string and ISDN subaddress, if used,
must be the last item in the command line.
To configure an ISDN interface to place a call to multiple sites, or to authenticate calls from
multiple sites, use the dialer map interface configuration command. Similar to the function
provided by an ARP table, dialer map statements translate next-hop protocol addresses to
telephone numbers. Use the no form of this command to reset the ISDN interface dialer map
configuration.
Example:
In the following example, packets received for a host 10.0.0.1 (HQ-central) is statically mapped to
telephone number 555-1212:
Router(config-if)#dialer map ip 10.0.0.1 name HQ-central broadcast 2330038283
Misconceptions:
None
Related Commands:

Command:
dialer pool-member
Mode:
Router(config-if)#
Syntax:
dialer pool-member number [priority priority] [min-link minimum]
[max-link maximum]
no dialer pool-member
Syntax Description:
priority (Optional) Priority of this interface within the dialing pool, in the range 0
priority (lowest) to 255 (highest). Interfaces with the highest priority are selected first for
dialing out. Default is 0.
min-link (Optional) Minimum number of B channels on this interface that are reserved for
minimum this dialing pool, in the range 0 to 255. Default is 0. A reserved channel is
inactive until the specified interface uses it to place calls. Applies to ISDN
interfaces only.
max-link (Optional) Maximum number of B channels on this interface that can be used by
maximum this dialing pool, in the range 0 to 255. Default is 255. Applies to ISDN
interfaces only.
To configure a physical interface to be a member of a Dialer Profiles dialing pool, use the dialer
pool-member interface configuration command.
Example:
The following example shows the configuration of one ISDN BRI interface to be a member of
dialer pool 2 with priority 100:
In the following example, BRI physical interface configuration BRI 1 has a reserved channel in
dialer pool 3. That channel is inactive until BRI 1 uses it to place calls.
Misconceptions:
None
Related Commands:
dialer pool

Command:
Mode:
Router(config-if)#
Syntax:
dialer wait-for-carrier-time seconds
no dialer wait-for-carrier-time
Syntax Description:
seconds Number of seconds that the interface waits for the carrier to come up when a call is
placed. Acceptable values are positive, nonzero integers. The default is 30 seconds.
To specify the length of time to wait for a carrier when dialing out to the dial string associated with
a specified map class, use the dialer wait-for-carrier-time map-class dialer configuration
command. Use the no form of this command to reset the carrier wait time value to the default.
Usage Guidelines
You can define different dialer map classes with different wait-for-carrier times to suit the different
types of lines and interfaces. For example, you must define a longer wait time for a map class used
by serial interfaces than for one used by ISDN interfaces.
Example:
The following example specifies a carrier wait time of 20 seconds for the Eng class on the Dialer2
interface:
Router(config-if)#dialer remote-name Mediumuser
Router(config-if)#dialer string 5264540 class Eng
Router(config-if)#dialer wait-for-carrier-time 20
Router(config-if)#dialer load-threshold 50 either
Misconceptions:
None
Related Commands:
None

Command:
dialer-group
Mode:
Router(config-if)#
Syntax:
dialer-group group-number
no dialer-group
Syntax Description:
This specifies the number of the dialer access group to which the specific interface
group-
number belongs. This access group is defined with the dialer-list command. Acceptable
values are nonzero, positive integers between 1 and 10.
To control access by configuring an interface to belong to a specific dialing group, use the dialer-
group command in interface configuration mode. Use the no form of this command to remove an
interface from the specified dialer access group.
Example:
The following example specifies dialer access group number 1. The destination address of the packet is
evaluated against the access list specified in the associated dialer-list command. If it passes, either a call is
initiated (if no connection has already been established) or the idle timer is reset (if a call is currently conne
Router(config-if)#exit
Router(config)#access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0
Misconceptions:
None
Related Commands:

Command:
Mode:
Router(config)#
Syntax:
dialer-list dialer-group protocol protocol-name {permit | deny |
list access-list-number | access-group}
no dialer-list dialer-group [protocol protocol-name {permit | deny

| list access-list-number | access-group} ]
Syntax Description:
dialer- Number of a dialer access group identified in any dialer-group interface
group configuration command
protocol- One of the following protocol keywords: appletalk, bridge, clns, clns_es, clns_is,
name decnet, decnet_router-L1, decnet_router-L2, decnet_node, ip, ipx, vines, or xns
permit Permits access to an entire protocol
deny Denies access to an entire protocol
list Specifies that an access list will be used for defining a granularity finer than an
entire protocol
access-list- Access list numbers specified in any DECnet, Banyan VINES, IP, Novell IPX, or
number XNS standard or extended access lists, including Novell IPX extended service
access point (SAP) access lists and bridging types. See Table for the supported
access list types and numbers.
access- Filter list name used in the clns filter-set and clns access-group commands
group
To define a dial-on-demand routing (DDR) dialer list to control dialing by protocol or by a
combination of a protocol and a previously defined access list, use the dialer-list global
configuration command. To delete a dialer list, use the no form of this command.
Example:
Dialing occurs when an interesting packet (one that matches access list specifications) needs to be output on
an interface. Using the standard access list method, packets can be classified as interesting or uninteresting.
In the following example, IGRP TCP/IP routing protocol updates are not classified as interesting and do no
initiate calls:
Router(config)#access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0
The following example classifies all other IP packets as interesting and permits them to initiate calls:
Then the following command places list 101 into dialer access group 1:
Misconceptions:
None
Related Commands:
dialer map
dialer-group

Command:
isdn spid1
Mode:
Router(config-if)#
Syntax:
isdn spid1 spid-number [ldn] [ldn2] [ldn3] ... [ldn]
no isdn spid1
Syntax Description:
spid- Number identifying the service to which you have subscribed. This value is assigned by
number the ISDN service provider and is usually a 10-digit telephone number with additional
digits such as 40855522220101.
ldn (Optional) Local directory number (LDN), which is a 7-digit number assigned by the
service provider. This information is delivered by the switch in the incoming setup
message. If you include the local directory number in the no form of this command,
access to the switch is permitted, but the other B channel may not be able to receive
incoming calls.
Use the isdn spid1 interface configuration command on the router to define the service profile
identifier (SPID) number that has been assigned by the ISDN service provider for the B1 channel.
This value is assigned by the ISDN service provider and is usually a 10-digit telephone number
with additional digits. Use the no form of this command to disable the specified SPID, thereby
preventing access to the switch. LDN is an optional Local directory number, which is a 7-digit
number assigned by the service provider. This information is delivered by the switch in the
incoming setup message.
Example:
Router(config-if)#isdn spid1 28392037598234 3837439
Misconceptions:
None
Related Commands:
isdn spid2
isdn switch-type

Command:
isdn spid2
Mode:
Router(config-if)#
Syntax:
isdn spid2 spid-number [ldn] [ldn2] [ldn3] ... [ldn]
no isdn spid2
Syntax Description:
spid- Number identifying the service to which you have subscribed. This value is assigned by
number the ISDN service provider and is usually a 10-digit telephone number with additional
digits such as 40855522220101.
ldn (Optional) Local directory number (LDN), which is a 7-digit number assigned by the
service provider. This information is delivered by the switch in the incoming setup
message. If you include the local directory number in the no form of this command,
access to the switch is permitted, but the other B channel may not be able to receive
incoming calls.
Use the isdn spid2 interface configuration command on the router to define the service profile
identifier (SPID) number that has been assigned by the ISDN service provider for the B2 channel.
This value is assigned by the ISDN service provider and is usually a 10-digit telephone number
with additional digits. Use the no form of this command to disable the specified SPID, thereby
preventing access to the switch. LDN is an optional Local directory number, which is a 7-digit
number assigned by the service provider. This information is delivered by the switch in the
incoming setup message.
Example:
Router(config-if)#isdn spid2 28393027598234 3937439
Misconceptions:
None
Related Commands:
isdn spid1
isdn switch-type

Command:
isdn switch-type
Mode:
Router(config)#
Router(config-if)#
Syntax:
isdn switch-type switch-type
Syntax Description:
switch-type Service provider switch type; see Table for a list of supported switches
To specify the central office switch type on the ISDN interface, use the isdn switch-type command
in global or interface configuration mode. To remove an ISDN switch type, use the no form of this
command.
Table: ISDN Service Provider BRI Switch Types
Keywords by Switch Type

Area
none No switch defined
Australia and
Europe
basic-1tr6 German 1TR6 ISDN switches
basic-net3 NET3 ISDN, Norway NET3, Australia NET3, and New Zealand NET3
switches (covers the Euro-ISDN E-DSS1 signaling system and is ETSI-
compliant)
vn3 French VN3 and VN4 ISDN BRI switches
Japan
ntt Japanese NTT ISDN switches

North America
basic-5ess AT&T basic rate switches
basic-dms100 Northern Telecom DMS-100 basic rate switches
basic-ni National ISDN switches
Example:
Router(config)#isdn switch-type basic-5ess
Misconceptions:
None
Related Commands:
None

Command:
show isdn active
Mode:
Router#
Syntax:
show isdn active
Syntax Description:
Displays current call information, including called number, the time until the call is disconnected,
AOC (Advice of Charge) charging units used during the call, and whether the AOC information is
provided during calls or at end of calls.
Example:
Router#show isdn active
-------------------------------------------------------------------------------
ISDN ACTIVE CALLS
-------------------------------------------------------------------------------
History Table MaxLength = 320 entries
History Retain Timer = 15 Minutes
-------------------------------------------------------------------------------
Call Calling Called Duration Remote Time until Recorded Charges
Type Number Number Seconds Name Disconnect Units/Currency
-------------------------------------------------------------------------------
Out 9876543222 Active(10) idacom 11
u(E)
Out 9876543210 Active(34) idacom 115 5 u(D)
-------------------------------------------------------------------------------
Misconceptions:
None
Related commands:
show isdn status

Command:
show isdn status
Mode:
Router#
Syntax:
show isdn status [dsl | interface-type number]
Syntax Description:
Displays the status of a specific digital signal link (DSL) or a specific
dsl | interface-type
ISDN interface. The dsl range can vary, depending on the hardware
number
platform. Interface-type can be bri or serial.
Displays the status of all ISDN interfaces or, optionally, a specific digital signal link (DSL) or a
specific ISDN interface. The dsl range can vary , depending on the hardware platform. Interface-
type can be bri or serial.
Example:
Router#show isdn status
Global ISDN Switchtype = basic-5ess

ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-5ess
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 64, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Activated dsl 0 CCBs = 0
ISDN BRI1 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 2 NOT Activated
Layer 3 Status:
ISDN BRI2 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN BRI3 interface
Layer 1 Status: ACTIVE
Layer 2 Status:
Layer 3 Status:
ISDN BRI4 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN BRI5 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN BRI6 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN BRI7 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN Serial0:15 interface
dsl 8, interface ISDN Switchtype = primary-ni
Layer 1 Status:
ACTIVE
Layer 2 Status:
Layer 3 Status:
Total Allocated ISDN CCBs = 0
Misconceptions:
None
Related commands:
show isdn active

Command:
clock source
Mode:
Router(config-controller)#
Syntax:
clock source {line | internal}
no clock source
Syntax Description:
line The controller recovers external clock from the line and provides the recovered
clock to the internal (system) clock generator.
internal The controller synchronizes itself to the internal (system) clock.
Use the clock source controller configuration command to set the E1 line clock source for the
Cisco AS5200.
Configure the clock source line primary command on the controller that takes the most reliable
clocking from an E1 line. Configure the clock source line secondary command on the controller
that has the next best known clocking. With this configuration, the primary line clocking is backed
up to the secondary line if the primary clocking shuts down.
Example:
The following example shows how to configure the clock source for internal and then reconfigure
the clock source for line:
Router(config)#controller t1 1/0
Router(config-controller)#clock source internal
Router(config-controller)#clock source line
Misconceptions:
None
Related Commands:
framing
linecode

Command:
framing
Mode:
Syntax:
framing {sf | esf} (for T1 lines)
framing {crc4 | no-crc4} [australia] (for E1 lines)
no framing (restores the default framing type)
Syntax Description:
sf Specifies Super Frame as the T1 frame type.
esf Specifies Extended Super Frame as the T1 frame type.
crc4 Specifies CRC4 frame as the E1 frame type.
no-crc4 Specifies no CRC4 frame as the E1 frame type.
australia (Optional) Specifies the E1 frame type used in Australia.
Use the framing controller configuration command to select the frame type for the T1 or E1 data
line.Use this command in configurations where the router or access server is intended to
communicate with T1 or E1 fractional data line. The service provider determines which framing
type, either sf, esf, or crc4, is required for your T1/E1 circuit.
Example:
The following example shows how to configure a T1 controller for extended super framing:
Misconceptions:
None
Related Commands:
linecode
Command:
linecode
Mode:
Syntax:
linecode {ami | b8zs | hdb3}
no linecode
Syntax Description:
ami Specifies alternate mark inversion (AMI) as the line-code type. Valid for T1 or E1
controllers; the default for T1 lines.
b8zs Specifies B8ZS as the line-code type. Valid for T1 controller only.
hdb3 Specifies high-density bipolar 3 (hdb3) as the line-code type. Valid for E1 controller only;
the default for E1 lines.
Use the linecode controller configuration command to select the line-code type for the T1 or E1
line. Use the no form of the command to restore the default.
Example:
The following example specifies B8ZS as the line-code type for a T1 line:
Misconceptions:
None
Related Commands:
None
Command:
pri-group
Mode:
Syntax:
pri-group [timeslots range]

no pri-group
Syntax Description:
timeslots range (Optional) Specifies a single range of values from 1 to 23 for channelized T1
and from 1 to 31 for channelized E1.
To specify ISDN Primary Rate Interface (PRI) on a channelized T1 or channelized E1 controller,
use the pri-group controller configuration command. Use the no form of this command to remove
the ISDN PRI configuration.
Example:
The following example configures ISDN PRI on all timeslots of the T1 controller in slot 1 port 0
on a Cisco 7200 series router:
Router(config)#isdn switch-type primary-4ess
Router(config)#controllers t1 1/0
The following example configures E1 controller 0 on a Cisco 4000 series router for ISDN PRI on
all timeslots:
Router(config)#isdn switch-type primary-net5
Router(config)#controllers e1 0/0
Misconceptions:
None
Related Commands:
framing
isdn switch-type
linecode

Command:
banner exec
Mode:
Router(config)#
Syntax:
banner exec c banner-text c
no banner exec
Syntax Description:
c Delimiting character of your choice, such as a pound sign (#)
banner-text Text of your choice
Example:
Router(config)#banner exec # You have just logged into the Phoenix branch router! #
Misconceptions:
None
Related Commands:
banner motd

Command:
banner motd
Mode:
Router(config)#
Syntax:
banner motd d message d
no banner motd
Syntax Description:
d Delimiting character of your choice, a pound sign (#) for example. You cannot use
the delimiting character in the banner message.
message Message text
To specify a message-of-the-day (MOTD) banner, use the banner motd global configuration
command. The no form of this command deletes the MOTD banner.
Follow this command with one or more blank spaces and a delimiting character of your choice.
Then enter one or more lines of text, terminating the message with the second occurrence of the
delimiting character.
This MOTD banner is displayed to all terminals connected and is useful for sending messages that
affect all users (such as impending system shutdowns). Use the no exec-banner or no motd-
banner command to disable the MOTD banner on a line. The no exec-banner command also
disables the EXEC banner on the line.
The banner command without any keywords specified defaults to the banner motd command.
When a new banner motd command is added to the configuration, it overwrites the existing
banner command if no keyword is specified. Similarly, if a banner command is added to the
configuration, any existing banner motd command is overwritten.
Example:
Router(config)#banner motd # Building power will be off from 7:00 AM until 9:00 AM this
Misconceptions:
None
Related Commands:
None

Command:
send
Mode:
Router#
Syntax:
send {line-number | * | aux number | console number | tty number
| vty number}
Syntax Description:
line-number Line number to which the message will be sent
* Sends a message to all TTY lines
aux line-number Sends a message to the AUX port
console line-number Sends a message to the console port
tty line-number Sends a message to an asynchronous line
vty line-number Sends a message to a VTY
To send messages to one or all terminal lines, use the send EXEC command.
Example:
Router#send *
Enter message, end with CTRL/Z; abort with CTRL/C:
Router going offline in 10 minutes.^Z
Send message? [confirm]
Router#
Misconceptions:
None
Related Commands:
None

Command:
cdp run
Mode:
Router(config)#
Syntax:
cdp run
no cdp run
Syntax Description:
To enable CDP, use the cdp run global configuration command. Use the no form of this command
to disable CDP. CDP is enabled on your router by default, which means the Cisco IOS software
will receive CDP information. CDP also is enabled on supported interfaces by default. To disable
CDP on an interface, use the no cdp enable interface configuration command.
Example:
The following example disables CDP:
Router(config)#no cdp run
Misconceptions:
None
Related Commands:
show cdp
show cdp entry
show cdp neighbors
Command:
clock set
Mode:
Router#
Syntax:
clock set hh:mm:ss day month year
clock set hh:mm:ss month day year
Syntax Description:
hh:mm:ss Current time in hours (military format), minutes, and seconds.
day Current day (by date) in the month.
month Current month (by name).
year Current year (no abbreviation).
To manually set the system clock, use one of the formats of the clock set EXEC command.
Generally, if the system is synchronized by a valid outside timing mechanism, such as an NTP or
VINES clock source, or if you have a router with calendar capability, you do not need to set the
system clock. Use this command if no other time sources are available. The time specified in this
command is relative to the configured time zone.
Example:
The following example manually sets the system clock to 1:32 p.m. on July 23, 1997:
Router#clock set 13:32:00 23 July 1997
Misconceptions:
None
Related Commands:
clock timezone

Command:
clock timezone
Mode:
Router(config)#
Syntax:
clock timezone zone hours [minutes]
no clock timezone
Syntax Description:
zone Name of the time zone to be displayed when standard time is in effect.
hours Hours offset from UTC.
minutes (Optional) Minutes offset from UTC.
To set the time zone for display purposes, use the clock timezone global configuration command.
To set the time to Coordinated Universal Time (UTC), use the no form of this command.
The system internally keeps time in UTC, so this command is used only for display purposes and
when the time is manually set.
Example:
The following example sets the timezone to Pacific Standard Time and offsets 8 hours behind
UTC:
Router(config)#clock timezone PST -8
Misconceptions:
None
Related Commands:
clock set

Command:
help
Mode:
Router>
Router#
Router(config)#
Router(config-if)#
Syntax:
help
Syntax Description:
To display a brief description of the help system, enter the help command.
Example:
Router#help
Help may be requested at any point in a command by entering
a question mark '?'. If nothing matches, the help list will
be empty and you must backup until entering a '?' shows the
available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a
command argument (e.g. 'show ?') and describes each possible
argument.
2. Partial help is provided when an abbreviated argument is entered
and you want to know what arguments match the input
(e.g. 'show pr?'.)
Misconceptions:
None
Related Commands:
None
Command:
ip domain-lookup
Mode:
Router(config)#
Syntax:
ip domain-lookup
no ip domain-lookup
Syntax Description:
To enable the IP Domain Naming System (DNS)-based host name-to-address translation, use the
ip domain-lookup global configuration command. To disable the DNS, use the no form of this
command.
Example:
Router(config)#ip domain-lookup
Misconceptions:
None
Related Commands:
ip domain-name

Command:
ip domain-name
Mode:
Router(config)#
Syntax:
ip domain-name name
no ip domain-name name
Syntax Description:
name Default domain name used to complete unqualified host names. Do not include the
initial period that separates an unqualified name from the domain name.
To define a default domain name that the Cisco IOS software uses to complete unqualified host
names (names without a dotted-decimal domain name), use the ip domain-name global
configuration command. To disable use of the Domain Name System (DNS), use the no form of
this command.
Any IP host name that does not contain a domain name (that is, any name without a dot) will have
the dot and cisco.com appended to it before being added to the host table.
Example:
The following example defines cisco.com as the default domain name:
Router(config)#ip domain-name cisco.com
Misconceptions:
None
Related Commands:
ip domain-lookup

Command:
ip host
Mode:
Router(config)#
Syntax:
ip host name-of-host [tcp-port-number] ip-address [ip-address2 ...
address8]
Syntax Description:
name-of-host Hostname to associate with an ip address
Specifies a default Tcp-port to associate with the host. The telnet
tcp-port-number
command will use this port as the default for this host.
ip-address Address to associate with a hostname
ip-address2 ...
address8 Auxiliary addresses for this host
To define a static host name-to-address mapping in the host cache, use the ip host global
configuration command. To remove the name-to-address mapping, use the no form of this
command. It is possible to specify up to 8 alternate addresses. The tcp-port-number argument is the
TCP port number to connect to when using the defined host name in conjunction with an EXEC
connect or Telnet command. The default is Telnet (port 23).
Example:
Router(config)#ip host Lab_A 156.12.12.12 162.12.34.1
Misconceptions:
None
Related Commands:
show hosts
Command:
ip name-server
Mode:
Router(config)#
Syntax:
ip name-server {address} [address2 ... address6]
Syntax Description:
address IP address of a domain-name server to configure
This command is used to define up to six domain name servers on the router.
Example:
The following example configures a primary dns server at 164.12.12.1, as well as a secondary at
143.34.23.8:
Router(config)#ip name-server 164.12.12.1 143.34.23.8
Misconceptions:
None
Related Commands:
ip domain-lookup

Command:
logging console
Mode:
Router(config)#
Syntax:
logging console level
no logging console
Syntax Description:
level Limits the logging of messages displayed on the console terminal to a specified level.
You can enter the level number or level name. See the table for a list of the level
keywords.
To limit messages logged to the console based on severity, use the logging console global
configuration command. The no form of this command disables logging to the console terminal.
Specifying a level causes messages at that level and numerically lower levels to be displayed at the
console terminal.
The EXEC command show logging displays the addresses and levels associated with the current
logging setup, as well as any other logging statistics. See Table below.
Table: Logging Console Error Message Logging Priorities

Level Keyword Level Description Syslog Definition
emergencies 0 System unusable LOG_EMERG
alerts 1 Immediate action needed LOG_ALERT
critical 2 Critical conditions LOG_CRIT
errors 3 Error conditions LOG_ERR
warnings 4 Warning conditions LOG_WARNING
notifications 5 Normal but significant condition LOG_NOTICE
informational 6 Informational messages only LOG_INFO
debugging 7 Debugging messages LOG_DEBUG
The effect of the log keyword with the IP access list (extended) command depends on the setting
of the logging console command. The log keyword takes effect only if the logging console level is
set to 6 or 7. If you change the default to a level lower than 6 and specify the log keyword with the
IP access list (extended) command, no information is logged or displayed.
Example:
The following example changes the level of messages displayed to the console terminal to alerts,
which means alerts and emergencies are displayed:
Router(config)#logging console alerts
Misconceptions:
None
Related Commands:
None

Command:
media-type
Mode:
Router(config-if)#
Syntax:
media-type {aui | 10baset | 100baset | mii}
no media-type {aui | 10baset | 100baset | mii}
Syntax Description:
aui Selects an AUI 15-pin physical connection. This is the default on Cisco 4000
series routers.
10baset Selects an R-J45 10BASE-T physical connection.
100baset Specifies an RJ-45 100BASE-T physical connection. This is the default on

Cisco 7000 series and Cisco 7200 series routers.
mii Specifies a media-independent interface.
To specify the physical connection on an Ethernet interface, use the media-type interface
configuration command. Use the no form of this command to restore the default value.
Example:
Router(config)#int ethernet 0
Router(config-if)#media-type 10BaseT
Misconceptions:
None
Related Commands:
None

Command:
ping
Mode:
Router>
Router#
Syntax:
ping [protocol] {ip-address | hostname}
Syntax Description:
Use the ping (packet internet groper) privileged EXEC command to diagnose basic network
connectivity on Apollo, AppleTalk, Connectionless Network Service (CLNS), DECnet, IP, Novell
IPX, VINES, or XNS networks. The optional protocol argument can be any of the following:
apollo, appletalk, clns, decnet, ip, ipx, vines, or xns. To perform an extended ping, enter the ping
command with no arguments.
Example:
Router>ping 10.0.0.1
Router#ping
Protocol [ip]:
Target IP address: 8.8.8.1
Repeat count [5]: 5
Datagram size [100]: 100
Timeout in seconds [2]: 2
Extended commands [n]: n
Sweep range of sizes [n]: n
Misconceptions:
None
Related Commands:
trace
telnet

Command:
router ospf
Mode:
Router(config)#
Syntax:
router ospf process-id
Syntax Description:
Internally used identification parameter for an OSPF routing process. It is locally
process-
id assigned and can be any positive integer. A unique value is assigned for each OSPF
routing process.
To configure an OSPF routing process, use the router ospf global configuration command. To
terminate an OSPF routing process, use the no form of this command.
Example:
Router(config)#router ospf 1
Misconceptions:
None
Related Commands:
show ip ospf

Command:
show cdp
Mode:
Router#
Syntax:
show cdp
Syntax Description:
To display global CDP information, including timer and hold-time information, use the show cdp
privileged EXEC command.
Example:
The following is sample output from the show cdp command. Global CDP timer and hold-time
parameters are set to the defaults of 60 and 180 seconds, respectively.
Router#show cdp
Global CDP information:

Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Misconceptions:
None
Related Commands:
show cdp neighbors
show cdp entry
cdp run
Command:
show cdp entry
Mode:
Router#
Syntax:
show cdp entry {* | entry-name [protocol | version]}
Syntax Description:
* Shows all of the CDP neighbors.
entry- Name of neighbor about which you want information.

name
You can enter an asterisk (*) at the end of an entry-name, such as show cdp
entry dev*, which would show information about the neighbor,
device.cisco.com.
protocol (Optional) Limits the display to information about the protocols enabled on a
router.
version (Optional) Limits the display to information about the version of software
running on the router.
To display information about a neighbor device listed in the CDP table, use the show cdp entry
Example:
The following is a sample of output from the show cdp entry command with no limits. Information
about the neighbor device.cisco.com is displayed including device ID, address and protocol, platform,
interface, hold time, and version.
Router#show cdp entry device.cisco.com
-------------------------
Device ID: device.cisco.com
Entry address(es):
IP address: 192.168.68.18
CLNS address: 490001.1111.1111.1111.00
DECnet address: 10.1
Platform: cisco 4500, Capabilities: Router
Interface: Ethernet0/1, Port ID (outgoing port): Ethernet0
Holdtime : 125 sec
Version :
IOS (tm) 4500 Software (C4500-J-M), Version 11.1(10.4), MAINTENANCE INTERIM SOFTWARE
Compiled Mon 07-Apr-97 19:51 by dschwart
The following is a sample of output from the show cdp entry protocol command. Only information
about the protocols enabled on device.cisco.com is displayed.
Router#show cdp entry device.cisco.com protocol
Protocol information for device.cisco.com:

IP address: 192.168.68.18
CLNS address: 490001.1111.1111.1111.00
The following is a sample of output from the show cdp entry version command. Only information
about the version of software running on device.cisco.com is displayed.
Router#show cdp entry device.cisco.com version
Version information for device.cisco.com:

Misconceptions:
None
Related Commands:
cdp run
show cdp

Command:
show cdp neighbors
Mode:
Router#
Syntax:
show cdp neighbors [type number] [detail]
Syntax Description:
type (Optional) Type of the interface connected to the neighbors about which you want
information.
number (Optional) Number of the interface connected to the neighbors about which you
want information.
detail (Optional) Displays detailed information about a neighbor (or neighbors) including
network address, enabled protocols, hold time, and software version.
To display information about neighbors, use the show cdp neighbors privileged EXEC command.
Example:
The following is a sample of output from the show cdp neighbors command. Device ID, interface type
and number, holdtime settings, capabilities, platform, and port ID information about neighbors is
displayed:
Router#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID

device1.cisco.com Eth 0/1 122 T S WS-C2900 2/11
device2.cisco.com Eth 0/1 179 R 4500 Eth 0
The following is a sample of output for one neighbor from the show cdp neighbors detail command.
Additional detail is shown about neighbors including network address, enabled protocols, and software
version:
Router#show cdp neighbors detail
-------------------------
Device ID: device2.cisco.com
Entry address(es):
IP address: 171.68.162.134
Holdtime : 156 sec
Version :
Copyright (c) 1986-1997 by Cisco Systems, Inc.
Misconceptions:
None
Related Commands:
cdp run
show cdp

Command:
show controllers bri
Mode:
Router#
Syntax:
show controllers bri slot/port
show controllers bri number
Syntax Description:
number Interface number. The value is 0 through 7 if the router has one 8-port BRI network
interface module (NIM), or 0 through 15 if the router has two 8-port BRI NIMs.
Interface number values will vary depending on the hardware platform used. The Cisco
3600 series router for example, can have up to 48 interfaces.
slot/port Backplane slot number and port number on the interface. See your hardware installation
manual for the specific slot and port numbers.
To display information about the ISDN Basic Rate Interface (BRI), use the show controllers bri
Examples:
The following is a sample of output from the show controllers bri command:
Router#show controllers bri 0
BRI unit 0
D Chan Info:
Layer 1 is ACTIVATED
idb 0x32089C, ds 0x3267D8, reset_mask 0x2
buffer size 1524
RX ring with 2 entries at 0x2101600 : Rxhead 0
00 pak=0x4122E8 ds=0x412444 status=D000 pak_size=0
01 pak=0x410C20 ds=0x410D7C status=F000 pak_size=0
TX ring with 1 entries at 0x2101640: tx_count = 0, tx_head = 0, tx_tail = 0
00 pak=0x000000 ds=0x000000 status=7C00 pak_size=0
0 missed datagrams, 0 overruns, 0 bad frame addresses
0 bad datagram encapsulations, 0 memory errors
0 transmitter underruns
B1 Chan Info:
idb 0x3224E8, ds 0x3268C8, reset_mask 0x0
buffer size 1524
00 pak=0x421FC0 ds=0x42211C status=D000 pak_size=0
02 pak=0x422EF0 ds=0x42304C status=D000 pak_size=0
03 pak=0x4148E0 ds=0x414A3C status=D000 pak_size=0
04 pak=0x424D50 ds=0x424EAC status=D000 pak_size=0
05 pak=0x423688 ds=0x4237E4 status=D000 pak_size=0
06 pak=0x41AB98 ds=0x41ACF4 status=D000 pak_size=0
07 pak=0x41A400 ds=0x41A55C status=F000 pak_size=0
B2 Chan Info:
idb 0x324520, ds 0x3269B8, reset_mask 0x2
buffer size 1524
00 pak=0x40FCF0 ds=0x40FE4C status=D000 pak_size=0
01 pak=0x40E628 ds=0x40E784 status=D000 pak_size=0
02 pak=0x40F558 ds=0x40F6B4 status=D000 pak_size=0
03 pak=0x413218 ds=0x413374 status=D000 pak_size=0
04 pak=0x40EDC0 ds=0x40EF1C status=D000 pak_size=0
05 pak=0x4113B8 ds=0x411514 status=D000 pak_size=0
06 pak=0x416ED8 ds=0x417034 status=D000 pak_size=0
07 pak=0x416740 ds=0x41689C status=F000 pak_size=0
The following table describes the significant fields in the display.
Table: Show Controllers BRI Field Descriptions
Field Description
BRI unit 0 Interface type and unit number
Chan Info D and B channel numbers
Layer 1 is Status can be DEACTIVATED, PENDING ACTIVATION, or

ACTIVATED ACTIVATED
idb Information about internal data structures and parameters
ds
reset_mask
buffer size Number of bytes allocated for buffers
RX ring with - Information about the Receiver Queue

entries at -
Rxhead Start of the Receiver Queue
pak Information about internal data structures and parameters

ds
status
pak_size
TX ring with - Information about the Transmitter Queue

entries at -
tx_count Number of packets to transmit
tx_head Start of the transmit list
tx_tail End of the transmit list
missed datagrams Incoming packets missed due to internal errors
overruns Number of times the receiver hardware was unable to hand received
data to a hardware buffer because the input rate exceeded the receiver's
ability to handle the data.
bad frame Frames received with a cyclic redundancy check (CRC) error and
addresses noninteger number of octets
bad datagram Packets received with bad encapsulation

encapsulations
memory errors Internal direct memory access (DMA) memory errors
transmitter Number of times that the transmitter has been running faster than the
underruns router can handle
The following is a partial sample output from the show controllers bri command on a Cisco 7200
series router:
BRI slot 2 interface 0 with integrated NT1
Layer 1 is ACTIVATED. (ISDN L1 State F7)
Master clock for slot 2 is bri interface 0.
Total chip configuration successes: 193, failures: 0, timeouts: 0
D Channel Information:
Channel state: UP Channel IDB: 6092AC64
RX ring entries: 5, buffer size 512
RX descriptor ring: head = 165F4D8, tail = 165F508
RX buffer ring: head = 6093A260, tail = 6093A290
00 params=0x2000000 status=0x0 data ptr=0x1650F84 next ptr=0x165F4D8
01 params=0x2000000 status=0xC0080000 data ptr=0x1651884 next ptr=0x165F4E8
02 params=0x2000000 status=0xC0080000 data ptr=0x1651644 next ptr=0x165F4F8
03 params=0x2000000 status=0x0 data ptr=0x1651404 next ptr=0x165F508
04 params=0x42000000 status=0x0 data ptr=0x16511C4 next ptr=0x165F4C8
TX ring entries: 5, in use: 0, buffer size 512
TX descriptor ring: head = 3C2049C0, tail = 3C2049C0
TX buffer ring: head = 608EC0C4, tail = 608EC0C4
00 params=0x80000000 data ptr=0x0000000 next ptr=0x4D0049A8
01 params=0x80000000 data ptr=0x0000000 next ptr=0x4D0049B4
02 params=0x80000000 data ptr=0x0000000 next ptr=0x4D0049C0
03 params=0xC0000000 data ptr=0x0000000 next ptr=0x4D0049CC
04 params=0x0 data ptr=0x0000000 next ptr=0x4D00499C
List of timeslots (sw): 2
Field Description
BRI slot 2 interface Interface type and slot and port number
0 with integrated
NTI

ACTIVATED ACTIVATED
Master clock The first interface that comes up on an MBRI port adapter holds the
master clock. This clock is used for all interfaces on that port adapter.
If the master clock interface goes down, the second interface that came
up becomes the master clock interface.
Total chip Counters of successful chip configuration

configuration
successes
failures Counters of bad chip configuration
timeouts Counters of failing to initialize chip

D Channel Information related to D-channel status
Information
Channel state Channel state can be UNUSED, IDLE, DOWN, STANDBY, UP,
THROTTLED, ILLEGAL
Channel IDB Internal interface channel description
RX (or TX) ring Internal receive queue

entries
RX (or TX) Internal receive queue to manage hardware chip

descriptor ring
RX (or TX) buffer Internal receive queue to hold inbound packets

ring
Rxhead Start of the receiver queue
params, status, data Information about internal data structures and params
ptr, next ptr
List of timeslots Timeslots assigned to this channel

(sw)
Misconceptions:
None
Related Commands:
show controllers serial
show controllers ethernet

Command:
Mode:
Router#
Syntax:
show controllers ethernet number (2500 series)
show controllers ethernet slot/port
Syntax Description:
slot/port Interface slot and port number of the Ethernet interface.
number Interface port number of the Ethernet interface.
Use the show controllers ethernet EXEC command to display information on the Cisco 2500,
Cisco 2600, Cisco 3000, or Cisco 4000 series.
Example:
The following is sample output from the show controllers ethernet command on Cisco 4000
series routers:
Router#show controllers ethernet 0
LANCE unit 0, NIM slot 1, NIM type code 4, NIM version 1

Media Type is 10BaseT, Link State is Up, Squelch is Normal
idb 0x4060, ds 0x5C80, regaddr = 0x8100000
IB at 0x600D7AC: mode=0x0000, mcfilter 0000/0001/0000/0040
station address 0000.0c03.a14f default station address 0000.0c03.a14f
buffer size 1524
RX ring with 32 entries at 0xD7E8
Rxhead = 0x600D8A0 (12582935), Rxp = 0x5CF0(23)
00 pak=0x60336D0 ds=0x6033822 status=0x80 max_size=1524 pak_size=98
01 pak=0x60327C0 ds=0x6032912 status=0x80 max_size=1524 pak_size=98
02 pak=0x6036B88 ds=0x6036CDA status=0x80 max_size=1524 pak_size=98
03 pak=0x6041138 ds=0x604128A status=0x80 max_size=1524 pak_size=98
04 pak=0x603FAA0 ds=0x603FBF2 status=0x80 max_size=1524 pak_size=98
05 pak=0x600DC50 ds=0x600DDA2 status=0x80 max_size=1524 pak_size=98
06 pak=0x6023E48 ds=0x6023F9A status=0x80 max_size=1524 pak_size=1506
07 pak=0x600E3D8 ds=0x600E52A status=0x80 max_size=1524 pak_size=1506
08 pak=0x6020990 ds=0x6020AE2 status=0x80 max_size=1524 pak_size=386
09 pak=0x602D4E8 ds=0x602D63A status=0x80 max_size=1524 pak_size=98
10 pak=0x603A7C8 ds=0x603A91A status=0x80 max_size=1524 pak_size=98
11 pak=0x601D4D8 ds=0x601D62A status=0x80 max_size=1524 pak_size=98
12 pak=0x603BE60 ds=0x603BFB2 status=0x80 max_size=1524 pak_size=98
13 pak=0x60318B0 ds=0x6031A02 status=0x80 max_size=1524 pak_size=98
14 pak=0x601CD50 ds=0x601CEA2 status=0x80 max_size=1524 pak_size=98
15 pak=0x602C5D8 ds=0x602C72A status=0x80 max_size=1524 pak_size=98
18 pak=0x601EB70 ds=0x601ECC2 status=0x80 max_size=1524 pak_size=98
19 pak=0x602DC70 ds=0x602DDC2 status=0x80 max_size=1524 pak_size=98
20 pak=0x60163E0 ds=0x6016532 status=0x80 max_size=1524 pak_size=98
21 pak=0x602CD60 ds=0x602CEB2 status=0x80 max_size=1524 pak_size=98
22 pak=0x6037A98 ds=0x6037BEA status=0x80 max_size=1524 pak_size=98
23 pak=0x602BE50 ds=0x602BFA2 status=0x80 max_size=1524 pak_size=98
24 pak=0x6018988 ds=0x6018ADA status=0x80 max_size=1524 pak_size=98
25 pak=0x6033E58 ds=0x6033FAA status=0x80 max_size=1524 pak_size=98
26 pak=0x601BE40 ds=0x601BF92 status=0x80 max_size=1524 pak_size=98
27 pak=0x6026B78 ds=0x6026CCA status=0x80 max_size=1524 pak_size=98
28 pak=0x6024D58 ds=0x6024EAA status=0x80 max_size=1524 pak_size=74
29 pak=0x602AF40 ds=0x602B092 status=0x80 max_size=1524 pak_size=98
30 pak=0x601FA80 ds=0x601FBD2 status=0x80 max_size=1524 pak_size=98
31 pak=0x6038220 ds=0x6038372 status=0x80 max_size=1524 pak_size=98
TX ring with 8 entries at 0xDA20, tx_count = 0
tx_head = 0x600DA58 (12582919), head_txp = 0x5DC4 (7)
tx_tail = 0x600DA58 (12582919), tail_txp = 0x5DC4 (7)
00 pak=0x000000 ds=0x600CF12 status=0x03 status2=0x0000 pak_size=118
01 pak=0x000000 ds=0x602126A status=0x03 status2=0x0000 pak_size=60
07 pak=0x000000 ds=0x6003ED2 status=0x03 status2=0x0000 pak_size=126
0 missed datagrams, 0 overruns, 2 late collisions, 2 lost carrier events
0 transmitter underruns, 0 excessive collisions, 0 tdr, 0 babbles
0 memory errors, 0 spurious initialization done interrupts
0 no enp status, 0 buffer errors, 0 overflow errors
10 one_col, 10 more_col, 22 deferred, 0 tx_buff
0 throttled, 0 enabled
Lance csr0 = 0x73
Misconceptions:
None
Related Commands:

Command:
Mode:
Router#
Syntax:
show controllers serial [number] (2500 series)
show controllers serial [slot/port]
show controllers serial [slot/port-adapter/port] (Cisco 7500

series and Cisco 7000 series routers with the RSP7000 and
RSP7000CI)
Syntax Description:
number (Optional) Interface number of the serial interface
slot (Optional) Slot number of the interface.
port (Optional) Port number on the interface. The port value is always 0.
port- (Optional) On Cisco 7500 series routers and Cisco 7000 series routers with the
adapter RSP7000 and RSP7000CI, the location of the port adapter on a VIP. The value can be
0 or 1.
Use the show controllers serial privileged EXEC command to display information that is specific
to the interface hardware.
The information displayed is generally useful for diagnostic tasks performed by technical support
personnel only. For the PA-E3 or PA-T3, the show controllers serial command also displays
configuration information such as the framing, clock source, bandwidth limit, whether scrambling
is enabled, the national bit, the international bits, and DSU mode configured on the interface. Also
displayed is the performance statistics for the current interval and last 15-minute interval and
whether any alarms exist.
Examples:
Sample output of the show controllers serial command on the Cisco 4000 follows:
Router#show controllers serial
MK5 unit 0, NIM slot 1, NIM type code 7, NIM version 1
idb = 0x6150, driver structure at 0x34A878, regaddr = 0x8100300
IB at 0x6045500: mode=0x0108, local_addr=0, remote_addr=0
N1=1524, N2=1, scaler=100, T1=1000, T3=2000, TP=1
buffer size 1524
DTE V.35 serial cable attached
RX ring with 32 entries at 0x45560 : RLEN=5, Rxhead 0
00 pak=0x6044D78 ds=0x6044ED4 status=80 max_size=1524 pak_size=0
01 pak=0x60445F0 ds=0x604474C status=80 max_size=1524 pak_size=0
02 pak=0x6043E68 ds=0x6043FC4 status=80 max_size=1524 pak_size=0
03 pak=0x60436E0 ds=0x604383C status=80 max_size=1524 pak_size=0
04 pak=0x6042F58 ds=0x60430B4 status=80 max_size=1524 pak_size=0
05 pak=0x60427D0 ds=0x604292C status=80 max_size=1524 pak_size=0
06 pak=0x6042048 ds=0x60421A4 status=80 max_size=1524 pak_size=0
07 pak=0x60418C0 ds=0x6041A1C status=80 max_size=1524 pak_size=0
08 pak=0x6041138 ds=0x6041294 status=80 max_size=1524 pak_size=0
09 pak=0x60409B0 ds=0x6040B0C status=80 max_size=1524 pak_size=0
11 pak=0x603FAA0 ds=0x603FBFC status=80 max_size=1524 pak_size=0
12 pak=0x603F318 ds=0x603F474 status=80 max_size=1524 pak_size=0
13 pak=0x603EB90 ds=0x603ECEC status=80 max_size=1524 pak_size=0
14 pak=0x603E408 ds=0x603E564 status=80 max_size=1524 pak_size=0
15 pak=0x603DC80 ds=0x603DDDC status=80 max_size=1524 pak_size=0
16 pak=0x603D4F8 ds=0x603D654 status=80 max_size=1524 pak_size=0
17 pak=0x603CD70 ds=0x603CECC status=80 max_size=1524 pak_size=0
18 pak=0x603C5E8 ds=0x603C744 status=80 max_size=1524 pak_size=0
19 pak=0x603BE60 ds=0x603BFBC status=80 max_size=1524 pak_size=0
20 pak=0x603B6D8 ds=0x603B834 status=80 max_size=1524 pak_size=0
21 pak=0x603AF50 ds=0x603B0AC status=80 max_size=1524 pak_size=0
22 pak=0x603A7C8 ds=0x603A924 status=80 max_size=1524 pak_size=0
23 pak=0x603A040 ds=0x603A19C status=80 max_size=1524 pak_size=0
24 pak=0x60398B8 ds=0x6039A14 status=80 max_size=1524 pak_size=0
25 pak=0x6039130 ds=0x603928C status=80 max_size=1524 pak_size=0
26 pak=0x60389A8 ds=0x6038B04 status=80 max_size=1524 pak_size=0
28 pak=0x6037A98 ds=0x6037BF4 status=80 max_size=1524 pak_size=0
30 pak=0x6036B88 ds=0x6036CE4 status=80 max_size=1524 pak_size=0
TX ring with 8 entries at 0x45790 : TLEN=3, TWD=7
tx_count = 0, tx_head = 7, tx_tail = 7
00 pak=0x000000 ds=0x600D70C status=0x38 max_size=1524 pak_size=22
01 pak=0x000000 ds=0x600D70E status=0x38 max_size=1524 pak_size=2
XID/Test TX desc at 0xFFFFFF, status=0x30, max_buffer_size=0, packet_size=0
XID/Test RX desc at 0xFFFFFF, status=0x0, max_buffer_size=0, packet_size=0
Status Buffer at 0x60459C8: rcv=0, tcv=0, local_state=0, remote_state=0
phase=0, tac=0, currd=0x00000, curxd=0x00000
bad_frames=0, frmrs=0, T1_timeouts=0, rej_rxs=0, runts=0
0 bad datagram encapsulations, 0 user primitive errors
0 provider primitives lost, 0 unexpected provider primitives
0 spurious primitive interrupts, 0 memory errors, 0 tr
%LINEPROTO-5-UPDOWN: Linansmitter underruns
mk5025 registers: csr0 = 0x0E00, csr1 = 0x0302, csr2 = 0x0704
csr3 = 0x5500, csr4 = 0x0214, csr5 = 0x0008
The following is a sample of output from the show controllers serial command for a PA-E3 serial
port installed in slot 2:
router#show controllers serial 2/0
M1T-E3 pa: show controller:
PAS unit 0, subunit 0, f/w version 2-55, rev ID 0x2800001, version 2
idb = 0x6080D54C, ds = 0x6080F304, ssb=0x6080F4F4
Clock mux=0x30, ucmd_ctrl=0x0, port_status=0x1
Serial config=0x8, line config=0x1B0202
maxdgram=4474, bufpool=128Kb, 256 particles
rxLOS inactive, rxLOF inactive, rxAIS inactive
txAIS inactive, rxRAI inactive, txRAI inactive
line state: up
E3 DTE cable, received clockrate 50071882
base0 registers=0x3D000000, base1 registers=0x3D002000
mxt_ds=0x608BA654, rx ring entries=128, tx ring entries=256
rxring=0x4B01F480, rxr shadow=0x6081081C, rx_head=26
txring=0x4B01F960, txr shadow=0x60810E48, tx_head=192, tx_tail=192, tx_count=0
throttled=0, enabled=0, disabled=0
rx_no_eop_err=0, rx_no_stp_err=0, rx_no_eop_stp_err=0
rx_no_buf=0, rx_soft_overrun_err=0, dump_err= 1
tx_underrun_err=0, tx_soft_underrun_err=0, tx_limited=0
tx_fullring=0, tx_started=11504
Framing is g751, Clock Source is Line, Bandwidth limit is 34010.
Scrambling is enabled
National Bit is 0, Internaltional Bits are: 0 0
DSU mode 1
Data in current interval (213 seconds elapsed):
0 Line Code Violations, 0 P-bit Coding Violation
0 C-bit Coding Violation
0 P-bit Err Secs, 0 P-bit Severely Err Secs
0 Severely Err Framing Secs, 0 Unavailable Secs
0 Line Errored Secs, 0 C-bit Errored Secs, 0 C-bit Severely Errored Secs
Total Data (last 24 hours)
0 Line Code Violations, 0 P-bit Coding Violation,
0 C-bit Coding Violation,
0 P-bit Err Secs, 0 P-bit Severely Err Secs,
0 Severely Err Framing Secs, 0 Unavailable Secs,
No alarms detected.
PIO A: 639, PIO B: 303, Gapper register: 50DE
Framer register information:
reg 0: E0 reg 1: 0 reg 2: 0 reg 3: 0
reg 4: 0 reg 5: 8 reg 6: 0 reg 7: 0
The following is a sample of output from the show controllers serial command that shows serial
port 1/0/0 on a 1-port PA-T3 serial port adapter installed on a VIP2 in chassis slot 1:
router#show controllers serial 2/0/1
Serial1/0/0 -
Mx T3(1) HW Revision 0x3, FW Revision 2.55
Framing is c-bit, Clock Source is Line
Bandwidth limit is 35000, DSU mode 1, Cable length is 50
0 P-bit Err Secs, 0 P-bit Sev Err Secs
0 Sev Err Framing Secs, 0 Unavailable Secs
0 Line Errored Secs, 0 C-bit Errored Secs, 0 C-bit Sev Err Secs
0 P-bit Err Secs, 0 P-bit Sev Err Secs,
0 Sev Err Framing Secs, 0 Unavailable Secs,
No alarms detected.
Misconceptions:
None
Related Commands:

Command:
show ip arp
Mode:
Router#
Syntax:
show ip arp [ip-address] [hostname] [mac-address] [type number]
Syntax Description:
ip-address (Optional) ARP entries matching this IP address are displayed.
hostname (Optional) Host name.
mac-address (Optional) 48-bit MAC address.
type number (Optional) ARP entries learned via this interface type and number are
displayed.
To display the Address Resolution Protocol (ARP) cache, where SLIP addresses appear as
permanent ARP table entries, use the show ip arp EXEC command.
ARP establishes correspondences between network addresses (an IP address, for example) and
LAN hardware addresses (Ethernet addresses). A record of each correspondence is kept in a cache
for a predetermined amount of time and then discarded.
Example:
The following is a sample of output from the show ip arp command:
Router#show ip arp
Protocol Address Age(min) Hardware Addr Type Interface

Internet 171.69.233.22 9 0000.0c59.f892 ARPA Ethernet0/0
Internet 171.69.233.21 8 0000.0c07.ac00 ARPA Ethernet0/0
Internet 171.69.233.19 - 0000.0c63.1300 ARPA Ethernet0/0
Internet 171.69.233.30 9 0000.0c36.6965 ARPA Ethernet0/0
The table describes significant fields shown in the display.
Table: show ip arp Field Descriptions
Field Description
Protocol Protocol for network address in the Address field
Address The network address that corresponds to Hardware Address
Age (min) Age, in minutes, of the cache entry. A hyphen (-) means the address is local
Hardware Addr LAN hardware address a MAC address that corresponds to network
address
Type Type of encapsulation:
ARPA—Ethernet
SNAP—RFC 1042
SAP—IEEE 802.3
Interface Interface to which this address mapping has been assigned
Misconceptions:
None
Related commands:
None

Command:
trace
Mode:
Router>
Router#
Syntax:
trace [protocol] | [hostname | ip-address ]
Syntax Description:
Use the trace privileged EXEC command to discover the routes that packets will actually take
when traveling to their destination; appletalk, clns, ip and vines.
Example:
Router# trace ABA.NYC.mil
Type escape sequence to abort.

Tracing the route to ABA.NYC.mil (26.0.0.73)
1 DEBRIS.CISCO.COM (192.180.1.6) 1000 msec 8 msec 4 msec
2 BARRNET-GW.CISCO.COM (192.180.16.2) 8 msec 8 msec 8 msec
3 EXTERNAL-A-GATEWAY.STANFORD.EDU (192.42.110.225) 8 msec 4 msec 4 msec
4 BB2.SU.BARRNET.NET (192.200.254.6) 8 msec 8 msec 8 msec
5 SU.ARC.BARRNET.NET (192.200.3.8) 12 msec 12 msec 8 msec
6 MOFFETT-FLD-MB.in.MIL (192.52.195.1) 216 msec 120 msec 132 msec
7 ABA.NYC.mil (26.0.0.73) 412 msec 628 msec 664 msec
Misconceptions:
None
Related commands:
ping
telnet

Command:
mls rp ip
Mode:
Router(config)#
Syntax:
mls rp ip
no mls rp ip
Syntax Description:
To enable Multilayer Switching Protocol (MLSP), use the mls rp ip global configuration
command. MLSP is the protocol that runs between the switches and routers. Use the no form of
this command to disable MLS.
Use this command to enable Multilayer Switching, either globally or on a specific interface.
Example:
Router(config)#mls rp ip
Misconceptions:
None
Related Commands:
mls rp management-interface
mls rp vlan-id
mls rp vtp-domain

Command:
Mode:
Router(config-if)#
Syntax:
no mls rp management-interface
Syntax Description:
To designate an interface as the management interface for MLSP packets, use the mls rp
management-interface interface configuration command. Use the no version of the command to
remove an interface as the management interface.
Use this command to designate an interface as the MLSP management interface. You must specify
a router interface as a management interface. If you do not specify an interface, MLSP packets will
not be sent or received.
The management interface can be any MLS interface connected to the Catalyst 5000 series switch.
Specifying more than one interface is not necessary.
Example:
The following example sets the current interface as the management interface:
Router(config-if)#mls rp management-interface
Misconceptions:
None
Related Commands:
mls rp ip
mls rp vlan-id
mls rp vtp-domain

Command:
mls rp vlan-id
Mode:
Router(config-if)#
Syntax:
mls rp vlan-id vlan-id-num
Syntax Description:
vlan-id-num VLAN identification number.
To assign a VLAN ID, use the mls ip vlan-id interface configuration command.
Use this command to assign a VLAN ID to an interface. RSM VLAN interfaces or ISL-
encapsulated interfaces do not require the VLAN ID to be assigned.
Example:
The following example assigns a VLAN ID of 23 to the current interface:
Router(config-if)#mls rp vlan-id 23
Misconceptions:
None
Related Commands:
mls rp ip
mls rp vtp-domain

Command:
mls rp vtp-domain
Mode:
Router(config-if)#
Syntax:
mls rp vtp-domain domain-name
Syntax Description:
domain-name VTP domain name
To select the router interface to be Layer 3 switched and then add that interface to a VLAN
Trunking Protocol (VTP) domain, use the mls rp vtp-domain interface configuration command.
This command is required only if the Catalyst switch is in a VTP domain. For an ISL interface, you
can enter this command only on the primary interface. All subinterfaces that are part of the primary
interface inherit the primary's VTP domain.
Example:
The following example adds the interface to the engineering VTP domain:
Router(config-if)#mls rp vtp-domain engineering
Misconceptions:
None
Related Commands:
mls rp ip
mls rp vlan-id

Command:
area
Mode:
Syntax:
area area-id { authentication [message-digest] | stub [no-summary]
| nssa [no-redistribution] [default-information-originate] |
default-cost cost | range address mask [advertise | not-advertise]
| virtual-link router-id }
no area area-id [ authentication [message-digest] | stub [no-
summary] | nssa [no-redistribution] [default-information-
originate] | default-cost cost | range address mask [advertise |
not-advertise] | virtual-link router-id ]
Syntax Description:
authentication Enables authentication for an OSPF area
Specifies a stub area to reduce routing overhead. To further reduce the
number of link state advertisements (LSA) sent into a stub area, you can
stub
configure no-summary on the ABR to prevent it from sending summary
LSAs (LSA type 3) into the stub area.
nssa Specifies a not-so-stubby area. A not-so-stubby area provides the benefits

of a stub area, while allowing the router to import external routes.
default-cost Specifies a cost for the default summary route sent into a stub area
range Use to consolidate and summarize routes at an area boundary
In OSPF, all areas must be connected to a backbone area (area 0). If the
virtual-link connection to the backbone is lost, it can be repaired by establishing a
virtual link.
Use the area command to configure area parameters such as authentication and summarization.
Example:
Router(config-router)#area 2 range 192.168.0.1 255.255.240.0
Misconceptions:
None
Related Commands:
None

Command:
clear ip ospf
Mode:
Router#
Syntax:
clear ip ospf [pid] {process | redistribution | counters [neighbor
[intf] [nbr-id]]}
Syntax Description:
pid (Optional) Process ID.
process Reset OSPF process.
redistribution Clear OSPF route redistribution.
counters OSPF counters.
neighbor Neighbor statistics per interface.
intf Neighbor interface.
nbr-id Neighbor ID.
To clear OSPF statistics, or to clear redistribution based on the OSPF routing process ID, use the
clear ip ospf EXEC command.
Example:
Router#clear ip ospf process

Misconceptions:
None
Related Commands:
clear ip route
show ip ospf

Command:
clear ip route
Mode:
Router#
Syntax:
clear ip route {network [mask] | * }
Syntax Description:
network Network or subnet address to remove.
mask (Optional) Subnet address to remove.
* Removes all routing table entries.
This command removes a route from the IP routing table
Example:
Router#clear ip route *
Misconceptions:
None
Related Commands:
None

Command:
debug ip ospf
Mode:
Router#
Syntax:
debug ip ospf { events | packet }
no debug ip ospf { events | packet }
Syntax Description:
Displays information on the Open Shortest Path First (OSPF) protocol related events,
events such as adjacencies, flooding information, designated router selection, and shortest path
first (SPF) calculation. The no form of this command disables debugging output.
packet Displays information about each Open Shortest Path First (OSPF) packet received.
The debug ip ospf commands can be used to troubleshoot or monitor live OSPF processes.
Example:
Router#debug ip ospf events
OSPF:hello with invalid timers on interface Ethernet0
hello interval received 10 configured 10
net mask received 255.255.255.0 configured 255.255.255.0
dead interval received 40 configured 30
Misconceptions:
None
Related Commands:
debug all

Command:
ip ospf authentication-key
Mode:
Router(config-if)#
Syntax:
ip ospf authentication-key password
no ip ospf authentication-key
Syntax Description:
password Any continuous string of characters that can be entered from the keyboard up to 8
bytes in length.
To assign a password to be used by neighboring routers that are using OSPF's simple password
authentication, use the ip ospf authentication-key interface configuration command. To remove a
previously assigned OSPF password, use the no form of this command.
The password created by this command is used as a "key" that is inserted directly into the OSPF
header when the Cisco IOS software originates routing protocol packets. A separate password can
be assigned to each network on a per-interface basis. All neighboring routers on the same network
must have the same password to be able to exchange OSPF information.
Example:
The following example enables the authentication key with the string yourpass:
Router(config-if)#ip ospf authentication-key yourpass
Misconceptions:
The Cisco IOS software will use this key only when authentication is enabled for an area with the
area authentication router configuration command.
Related Commands:
None

Command:
ip ospf cost
Mode:
Router(config-if)#
Syntax:
ip ospf cost cost
no ip ospf cost
Syntax Description:
Unsigned integer value expressed as the link state metric. It can be a value in the range 1
cost
to 65535.
To explicitly specify the cost of sending a packet on an interface, use the ip ospf cost interface
configuration command. To reset the path cost to the default value, use the no form of this
command.
Example:
Router(config-if)#ip ospf cost 65
Misconceptions:
None
Related Commands:
None

Command:
ip ospf dead-interval
Mode:
Router(config-if)#
Syntax:
ip ospf dead-interval seconds
no ip ospf dead-interval
Syntax Description:
seconds Length of the ospf dead interval in seconds
To set how long hello packets must not have been seen before its neighbors declare the router
down, use the ip ospf dead-interval interface configuration command.
Example:
Router(config-if)#ip ospf dead-interval 60
Misconceptions:
None
Related Commands:
None

Command:
ip ospf hello-interval
Mode:
Router(config-if)#
Syntax:
ip ospf hello-interval seconds
no ip ospf hello-interval
Syntax Description:
seconds The OSPF hello-interval in seconds
To specify the interval between hello packets that the Cisco IOS software sends on the interface,
use the ip ospf hello-interval interface configuration command.
Example:
Router(config-if)#ip ospf hello-interval 15
Misconceptions:
None
Related Commands:
None

Command:
ip ospf message-digest-key
Mode:
Router(config-if)#
Syntax:
ip ospf message-digest-key key-id md5 key
no ip ospf message-digest-key key-id
Syntax Description:
key-id An identifier in the range from 1 to 255
key Alphanumeric password of up to 16 bytes
To enable OSPF Message Digest 5 (MD5) authentication, use the ip ospf message-digest-key
interface configuration command. To remove an old MD5 key, use the no form of this command.
Usage Guidelines:
Usually, one key per interface is used to generate authentication information when sending packets
and to authenticate incoming packets. The same key identifier on the neighbor router must have the
same key value.
The process of changing keys is as follows. Suppose the current configuration is as follows:
ip ospf message-digest-key 100 md5 OLD
You change the configuration to the following:

ip ospf message-digest-key 101 md5 NEW
The system assumes its neighbors do not have the new key yet, so it begins a rollover process. It
sends multiple copies of the same packet, each authenticated by different keys. In this example, the
system sends out two copies of the same packet—the first one authenticated by key 100 and the
second one authenticated by key 101.
Rollover allows neighboring routers to continue communication while the network administrator is
updating them with the new key. Rollover stops once the local system finds that all its neighbors
know the new key. The system detects that a neighbor has the new key when it receives packets
from the neighbor authenticated by the new key.
After all neighbors have been updated with the new key, the old key should be removed. In this
example, you would enter the following:
no ip ospf message-digest-key 100
Then, only key 101 is used for authentication on Ethernet interface 1.
It is good practice not to keep more than one key per interface. Every time you add a new key, you
should remove the old key to prevent the local system from continuing to communicate with a
hostile system that knows the old key. Removing the old key also reduces overhead during
rollover.
Example:
The following example sets a new key 19 with the password 8ry4222:
Router(config-if)#ip ospf message-digest-key 10 md5 xvv560qle
Router(config-if)#ip ospf message-digest-key 19 md5 8ry4222
Misconceptions:
None
Related Commands:
None

Command:
ip ospf network
Mode:
Router(config-if)#
Syntax:
ip ospf network {broadcast | non-broadcast | {point-to-
multipoint [non-broadcast ]}}
no ip ospf network
Syntax Description:
broadcast Sets the network type to broadcast
non-broadcast Sets the network type to NBMA
point-to-
multipoint Sets the network type to point-to-multipoint
non-broadcast Sets the point-to-multipoint network to be nonbroadcast. If you use the

non-broadcast keyword, the neighbor command is required.
To configure the OSPF network type to a type other than the default for a given media, use the ip
ospf network interface configuration command. To return to the default value, use the no form of
this command.
Example:
Router(config-if)#ip ospf network non-broadcast
Misconceptions:
None
Related Commands:
None
Command:
ip ospf priority
Mode:
Router(config-if)#
Syntax:
ip ospf priority number
Syntax Description:
number 8-bit unsigned integer that specifies the priority. The range is from 0 to 255.
To set the router priority, which helps determine the designated router for this network, use the ip
ospf priority interface configuration command. To return to the default value, use the no form of
this command.
Example:
Router(config-if)#ip ospf priority 100
Misconceptions:
None
Related Commands:
None

Command:
neighbor database-filter
Mode:
Syntax:
neighbor ip-address database-filter all out
no neighbor ip-address database-filter all out
Syntax Description:
ip-address IP address of the neighbor to which outgoing LSAs are blocked.
To filter outgoing LSAs to an OSPF neighbor, use the neighbor database-filter router
configuration command. To restore the forwarding of LSAs to the neighbor, use the no form of
this command.
Example:
The following example prevents flooding of OSPF LSAs to the neighbor at IP address 1.2.3.4:
Router(config-router)#neighbor 1.2.3.4 database-filter all out
Misconceptions:
None
Related Commands:
None

Command:
network area
Mode:
Syntax:
network address wildcard-mask area area-id
Syntax Description:
area Specifies the area to associate with the network address
To define the interfaces on which OSPF runs and to define the area ID for those interfaces, use the
network area router configuration command.
Example:
Router(config)#network 131.108.0.0 0.0.255.255 area 2
Misconceptions:
None
Related Commands:
None

Command:
router ospf
Mode:
Router(config)#
Syntax:
router ospf process-id
Syntax Description:
Internally used identification parameter for an OSPF routing process. It is locally
process-
id assigned and can be any positive integer. A unique value is assigned for each OSPF
routing process.
To configure an OSPF routing process, use the router ospf global configuration command. To
terminate an OSPF routing process, use the no form of this command.
Example:
Misconceptions:
None
Related Commands:
show ip ospf

Command:
show ip ospf
Mode:
Router#
Syntax:
show ip ospf { [process-id] | border-routers | database |
interface | virtual-links }
Syntax Description:
process- Displays information about a specific instance of OSPF, it is the same value
id specified by the router ospf command
border- Displays the internal OSPF routing table entries to an area border router (ABR)
routers and autonomous system boundary router (ASBR)
database Displays lists of information related to the OSPF database for a specific router
interface Display OSPF-related interface information, including timers, neighbor ID's, and
network type, and area details
virtual- Displays parameters about and the current state of OSPF virtual links, including
links timers, and state of adjacency
Displays statistics and status information of running ospf processes.
Example:
Router#show ip ospf interface
Misconceptions:
None
Related commands:
router ospf
debug all
Command:
show ip protocols
Mode:
Router#
Syntax:
show ip protocols
Syntax Description:

Examples:
processes:

198.92.72.0
198.92.72.18 100 0:56:41
198.92.72.19 100 6d19
198.92.72.22 100 0:55:41
198.92.72.20 100 0:01:04
198.92.72.30 100 0:01:29

Neighbor(s):
192.108.211.17 1
192.108.213.89 1
198.6.255.13 1
198.92.72.18 1
198.92.72.19
198.92.84.17 1
192.108.209.0
192.108.211.0
198.6.254.0
198.92.72.19 20 0:05:28
Field Description

"igrp 109"

every 90 seconds

seconds

seconds
outgoing updates
hopcount
injecting routes
displayed:
IP address
processes:

160.89.0.0
160.89.81.28 90 0:02:36
160.89.80.28 90 0:03:04
160.89.80.31 90 0:03:04
Field Description
routes.
routes.
processes:

None
Serial0
processes:

Redistributing: rip
Ethernet0 2 2 trees
Fddi0 2 2
172.19.0.0
2.0.0.0
3.0.0.0
Misconceptions:
None
Related commands:
None

Command:
show ip route
Mode:
Router#
Syntax:
Syntax Description:

address
displayed.
name or number.
Example:
O 2.0.0.0/8 [110/128] via 1.1.1.2, 00:07:11, Serial0
O 3.1.1.1 [110/129] via 1.1.1.2, 00:07:11, Serial0
Misconceptions:
None
Related commands:
ip route
ip default-network

Command:
callback forced-wait
Mode:
Syntax:
Syntax Description:
Use this command when the router is calling back a modem that initiated a call, then dropped the
connection, but requires a rest period before subsequent input is accepted.
Example:
Router(config-line)#callback forced-wait
Misconceptions:
None
Related Commands:
ppp callback
script callback
Command:
debug ppp
Mode:
Router#
Syntax:
debug ppp {packet | negotiation | error | authentication |
compression | cbcp}
no debug ppp {packet | negotiation | error | authentication |

compression | cbcp}
Syntax Description:
packet Displays PPP packets being sent and received. (This command displays low-
level packet dumps.)
negotiation Displays PPP packets transmitted during PPP startup, where PPP options are
negotiated.
error Displays protocol errors and error statistics associated with PPP connection
negotiation and operation.
authentication Displays authentication protocol messages, including Challenge Authentication
Protocol (CHAP) packet exchanges and Password Authentication Protocol
(PAP) exchanges.
compression Displays information specific to the exchange of PPP connections using MPPC.
This command is useful for obtaining incorrect packet sequence number
information where MPPC compression is enabled.
cbcp Displays protocol errors and statistics associated with PPP connection
negotiations using MSCB.
Use the debug ppp EXEC command to display information on traffic and exchanges in an
internetwork implementing the Point-to-Point Protocol (PPP).
Example:
Router#debug ppp negotiation
The following is sample output from the debug ppp negotiation command. This is a normal
negotiation, where both sides agree on network control program (NCP) parameters. In this
case, protocol type IP is proposed and acknowledged.
ppp: sending CONFREQ, type = 4 (CI_QUALITYTYPE), value = C025/3E8
ppp: sending CONFREQ, type = 5 (CI_MAGICNUMBER), value = 3D56CAC
ppp: received config for type = 4 (QUALITYTYPE) acked
ppp: received config for type = 5 (MAGICNUMBER) value = 3D567F8 acked (ok)
PPP Serial4: state = ACKSENT fsm_rconfack(C021): rcvd id 5
ppp: config ACK received, type = 4 (CI_QUALITYTYPE), value = C025
ppp: config ACK received, type = 5 (CI_MAGICNUMBER), value = 3D56CAC
ppp: ipcp_reqci: returning CONFACK.
(ok)
PPP Serial4: state = ACKSENT fsm_rconfack(8021): rcvd id 4
Misconceptions:
None
Related Commands:
debug all

Command:
dialer callback-secure
Mode:
Router(config-if)#
Syntax:
dialer callback-secure
Syntax Description:
To enable callback security, use the dialer callback-secure interface configuration command. This
command ensures that the initial call is always disconnected at the receiving end and that the return
call is made only if the username is configured for callback. If the username (hostname in the
dialermap command) is not configured for callback, the initial call stays up and no return call is
made.
Example:
Misconceptions:
None
Related Commands:
None

Command:
encapsulation ppp
Mode:
Router(config-if)#
Syntax:
encapsulation ppp
Syntax Description:
This command is used to set the encapsulation type of a serial interface interface to PPP (Point-to-
Point Protocol).
Example:
Misconceptions:
None
Related Commands:
ppp pap
ppp multilink
ppp chap hostname

Command:
encapsulation slip
Mode:
Router(config-if)#
Syntax:
encapsulation slip
Syntax Description:
This command is used to set the encapsulation type of the current interface to Serial Line Internet
Protocol. SLIP is the predecessor of ppp.
Example:
Router(config-if)#encapsulation slip
Misconceptions:
None
Related Commands:
None

Command:
ppp authentication
Mode:
Router(config-if)#
Syntax:
ppp authentication {chap | chap pap | pap chap | pap} [if-needed]

[list-name | default] [callin]
no ppp authentication
Syntax Description:
chap Enables CHAP on a serial interface.
pap Enables PAP on a serial interface.
chap pap Enables both CHAP and PAP, and performs CHAP authentication before PAP.
pap chap Enables both CHAP and PAP, and performs PAP authentication before CHAP.
if-needed (Optional) Used with TACACS and XTACACS. Do not perform CHAP or PAP
authentication if the user has already provided authentication. This option is
available only on asynchronous interfaces.
list-name (Optional) Used with AAA/TACACS+. Specifies the name of a list of TACACS+
methods of authentication to use. If no list name is specified, the system uses the
default. Lists are created with the aaa authentication ppp command.
default (Optional) Used with AAA/TACACS+. Created with the aaa authentication ppp
command.
callin (Optional) Specifies authentication on incoming (received) calls only.
The ppp authentication command is used configure the PPP PAP or CHAP authentication
protocols on an interface. The interface must be using ppp encapsulation to access these protocols.
Example:
Router(config-if)#ppp authentication pap
Misconceptions:
None
Related Commands:
ppp pap
encapsulation ppp
username

Command:
ppp callback
Mode:
Router(config-if)#
Syntax:
ppp callback {accept | request }
Syntax Description:
accept Enables this dialer interface to accept PPP callback requests (and function as the PPP
callback server)
request Enables this dialer interface to request PPP callback (and function as the PPP callback
client)
To enable a dialer interface that is not a data terminal ready (DTR) interface to function either as a
callback client that requests callback or as a callback server that accepts callback requests, use the
ppp callback interface configuration command.
Example:
Misconceptions:
None
Related Commands:
script callback

Command:
ppp chap hostname
Mode:
Router(config-if)#
Syntax:
ppp chap hostname hostname
no ppp chap hostname hostname
Syntax Description:
hostname Used to specify an alternate username/hostname that will be used for authentication
Use the ppp chap hostname interface configuration command to create a pool of dialup routers
that all appear to be the same host when authenticating with CHAP. The hostname that is sent with
chap is normally the host name of the router. This command allows the CHAP username that is
sent to be independent of the routers host name. This will useful if you have a situation where any
number of routers may be making a connection to a remote router and be authenticated with
CHAP. They need to send the same username for several reasons. First you may wish to limit the
number of concurrent connections to the remote site from any specific site. Second, DDR will need
to know that the location is connected in order to use a current connection rather than attempting to
bring up another connection.
Example:
The following example will cause the router to send the CHAP username BHM instead of the
routers name of BHM6.
BHM6(config-if)#ppp chap hostname BHM
Misconceptions:
None
Related Commands:
encapsulation ppp
ppp chap password
ppp authentication

Command:
ppp chap password
Mode:
Router(config-if)#
Syntax:
ppp chap password password
no ppp chap password password
Syntax Description:
password Actual password required for authentication of remote router
Use the ppp chap password interface configuration command to configure a common CHAP
secret password to be used in response to challenges from an unknown remote peer. This command
is useful when there is a collection of routers that do not support this command (such as routers
running older Cisco IOS software images). To disable this function, use the no form of this
command.
Example:
Router(config-if)#ppp chap password 7 cisco
Misconceptions:
none
Related Commands:
encapsulation ppp
ppp chap hostname
ppp authentication

Command:
ppp multilink
Mode:
Router(config-if)#
Syntax:
ppp multilink [bap]
Syntax Description:
bap Specifies bandwidth allocation control negotiation and dynamic allocation of bandwidth on
a link
To enable Multilink PPP (MLP) on an interface and, optionally, to enable dynamic bandwidth
allocation, use the ppp multilink interface configuration command.
Example:
Router(config-if)#ppp multilink
Misconceptions:
None
Related Commands:
encapsulation ppp

Command:
ppp pap
Mode:
Router(config-if)#
Syntax:
ppp pap [refuse | sent-username username password password]
Syntax Description:
refuse Directs ppp to refuse a peer request to authenticate remotely with PPP using
Password Authentication Protocol
sent-
username Specifies a username and password to be authenticated by the peer
Configures the PPP Password Authentication Protocol. PAP is a simple clear-text authentication
protocol that authenticates by comparing a received username/password pair to a local database.
Example:
Router(config-if)#ppp pap sent-username admin password 12345
Misconceptions:
None
Related Commands:
encapsulation ppp
ppp authentication
username

Command:
script callback
Mode:
Syntax:
script callback chat-script-name
Syntax Description:
To specify that a chat script start on a line any time a client requests a callback, use the script
callback line configuration command. Use the no form of this command to disable this feature.
This command specifies that if an originating client requests callback, the device will be
disconnected and the chat script defined by the argument regexp will be executed to call back the
client. The first available line specified for callback, and for which a chat script has been applied,
will be used for the callback.
Example:
Router(config-line)#script callback supra4
Misconceptions:
None
Related Commands:
ppp callback
chat-script

Command:
username
Mode:
Router(config)#
Syntax:
username name {nopassword | password password | password
encryption-typeencrypted-password}
username name password secret
username name [access-class number]
username name [autocommand command]
username name [callback-dialstring telephone-number]

username name [callback-rotary rotary-group-number]
username name [callback-line [tty ]line-number [ending-line-
number]]
username name [nocallback-verify ]
username name [noescape ] [nohangup ]
username name [privilege level]
Syntax Description:
name Host name, server name, user ID, or command name. The name argument can
be only one word. White spaces and quotation marks are not allowed.
nopassword No password is required for this user to log in. This is usually most useful in
combination with the autocommand keyword.
password Specifies a possibly encrypted password for this username.
password Password a user enters.
encryption-type (Optional) Single-digit number that defines whether the text immediately
following is encrypted, and, if so, what type of encryption is used. Currently
defined encryption types are 0, which means that the text immediately
following is not encrypted, and 7, which means that the text is encrypted using
a Cisco-defined encryption algorithm.
encrypted- (Optional) Encrypted password a user enters.
password
password Password to access the name argument. A password must be from 1 to 25
characters, can contain embedded spaces, and must be the last option specified
in the username command.
secret For CHAP authentication: specifies the secret for the local router or the remote
device. The secret is encrypted when it is stored on the local router. The secret
can consist of any string of up to 11 ASCII characters. There is no limit to the
number of username and password combinations that can be specified,
allowing any number of remote devices to be authenticated.
access-class (Optional) Specifies an outgoing access list that overrides the access list
specified in the access-class line configuration command. It is used for the
duration of the user's session.
number (Optional) Access list number.
autocommand (Optional) Causes the specified command to be issued automatically after the
user logs in. When the command is complete, the session is terminated.
Because the command can be any length and contain embedded spaces,
commands using the autocommand keyword must be the last option on the line.
command The command string. Because the command can be any length and contain
embedded spaces, commands using the autocommand keyword must be the
last option on the line.
callback- (Optional) For asynchronous callback only: permits you to specify a telephone
dialstring number to pass to the DCE device.
telephone- For asynchronous callback only: telephone number to pass to the DCE device.
number
callback- (Optional) For asynchronous callback only: permits you to specify a rotary
rotary group number. The next available line in the rotary group is selected.
rotary-group- For asynchronous callback only: integer between 1 and 100 that identifies the
number group of lines on which you want to enable a specific username for callback.
callback-line (Optional) For asynchronous callback only: specific line on which you enable a
specific username for callback.
tty (Optional) For asynchronous callback only: standard asynchronous line.
line-number For asynchronous callback only: relative number of the terminal line (or the
first line in a contiguous group) on which you want to enable a specific
username for callback. Numbering begins with zero.
ending-line- (Optional) Relative number of the last line in a contiguous group on which you
number want to enable a specific username for callback. If you omit the keyword (such
as tty ), then line-number and ending-line-number are absolute rather than
relative line numbers.
nocallback- (Optional) Authentication not required for EXEC callback on the specified line.
verify
noescape (Optional) Prevents a user from using an escape character on the host to which
that user is connected.
nohangup (Optional) Prevents Cisco IOS from disconnecting the user after an automatic
command (set up with the autocommand keyword) has completed. Instead, the
user gets another EXEC prompt.
privilege (Optional) Sets the privilege level for the user.
level (Optional) Number between 0 and 15 that specifies the privilege level for the
user.
To establish a username-based authentication system, enter the username global configuration
command.
Example:
Router(config)#username jjones password supersecretpassword
Misconceptions:
None
Related commands:
ppp pap
ppp authentication

Command:
compress
Mode:
Router(config-if)#
Syntax:
compress [predictor | stac | mppc [ignore-pfc]]
no compress [predictor | stac | mppc [ignore-pfc]]
Syntax Description:
predictor (Optional) Specifies a predictor compression algorithm will be used.
stac (Optional) Specifies a Stacker (LZS) compression algorithm will be used.
mppc (Optional) Specifies the MPPC compression algorithm will be used.
ignore-pfc (Optional) Specifies the protocol field compression flag negotiated through
LCP will be ignored.
To configure software compression for Point-to-Point Protocol (PPP) encapsulation, use the
compress interface configuration command. To disable compression, use the no form of this
command.
Usage Guidelines:
End-point devices must be configured to use the same compression method (predictor, Stacker or
MPPC).
Compression reduces the size of frames via lossless data compression. The compression algorithm
used is a predictor algorithm (the RAND compression algorithm), which uses a compression
dictionary to predict what the next character in the frame will be.
PPP encapsulation supports both predictor and Stacker compression algorithms.
MPPC Compression
The compress command using the mppc and ignore-pfc options support compression between
Cisco routers, access servers, and Microsoft clients such as Windows 95 and Windows NT. MPPC
implements an LZ based compression algorithm that uses a compression dictionary to compress
PPP packets. The ignore-pfc keyword instructs the router to ignore the protocol field compression
flag negotiated by LCP. For example, the uncompressed standard protocol field value for IP is
0x0021 and 0x21 when compression is enabled. When the ignore-pfc option is enabled, the router
will continue to use the uncompressed value (0x0021). Using the ignore-pfc option is helpful for
some asynchronous driver devices which use an uncompressed protocol field (0x0021), even
though the pfc is negotiated between peers. If protocol rejects are displayed when the debug ppp
negotiation command is enabled, setting the ignore-pfc option may remedy the problem.
System Performance
Compression is accomplished through software and may significantly affect system performance.
We recommend that you disable compression if CPU load exceeds 65 percent. To display the CPU
load, use the show process cpu EXEC command.
You should never enable compression for connections to a public data network.
If the majority of your traffic is already compressed files, we recommend that you not use
compression. If the files are already compressed, the additional processing time spent in
unsuccessfully attempting to compress them again will slow system performance.
Example:
The following example enables predictor compression on serial interface 0:
Router(config-if)#compress predictor
The following example configures BRI interface 0 to perform MPPC:

Router(config)#interface BRI 0
Router(config-if)#ip unnumbered ethernet 0
Router(config-if)#isdn spid1 5551234
Router(config-if)#dialer map ip 172.21.71.74 5551234
Router(config-if)#compress mppc
The following example configures asynchronous interface 1 to implement MPPC and ignore the
protocol field compression flag negotiated by LCP:
Router(config-if)#ip unnumbered ethernet 0
Router(config-if)#default routing
Router(config-if)#async dynamic routing
Router(config-if)#async mode interactive
Router(config-if)#peer default ip address 172.21.71.74
Router(config-if)#compress mppc ignore-pfc
Misconceptions:
None
Related Commands:
encapsulation ppp

Command:
custom-queue-list
Mode:
Router(config-if)#
Syntax:
custom-queue-list list
no custom-queue-list [list]
Syntax Description:
list Any number from 1 to 16 for the custom queue list.
To assign a custom queue list to an interface, use the custom-queue-list interface configuration
command. To remove a specific list or all list assignments, use the no form of this command.
Only one queue list can be assigned per interface. Use this command in place of the priority-list
command (not in addition to it). Custom queueing allows a fairness not provided with priority
queueing. With custom queueing, you can control the interface's available bandwidth when it is
unable to accommodate the aggregate traffic enqueued. Associated with each output queue is a
configurable byte count, which specifies how many bytes of data should be delivered from the
current queue by the system before the system moves on to the next queue. When a particular
queue is being processed, packets are sent until the number of bytes sent exceeds the queue byte
count or until the queue is empty.
Use the show queueing custom and show interfaces commands to display the current status of the
custom output queues.
Example:
In the following example, custom queue list number 3 is assigned to serial interface 0:
Router(config-if)#custom-queue-list 3
Misconceptions:
None
Related Commands:
queue-list default
queue-list interface
queue-list queue byte-count
queue-list queue limit
show interfaces
show queueing

Command:
fair-queue
Mode:
Router(config-if)#
Syntax:
fair-queue [congestive-discard-threshold [dynamic-queues
[reservable-queues]]]
no fair-queue
Syntax Description:
congestive- (Optional) Number of messages allowed in each queue. The default is 64

discard- messages, and a new threshold must be a power of 2 in the range 16 to
threshold 4096. When a conversation reaches this threshold, new message packets
are discarded.
dynamic-queues (Optional) Number of dynamic queues used for best-effort conversations

(that is, a normal conversation not requiring any special network services).
Values are 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096. The default is
256.
reservable- (Optional) Number of reservable queues used for reserved conversations

queues in the range 0 to 1000. The default is 0. Reservable queues are used for
interfaces configured for features such as Resource Reservation Protocol
(RSVP).
To enable weighted fair queueing (WFQ) for an interface, use the fair-queue interface
configuration command. To disable weighted fair queueing for an interface, use the no form of this
command. This command enables WFQ. With WFQ, packets are classified by flow. For example,
packets with the same source IP address, destination IP address, source TCP or UDP port,
destination TCP or UDP port, and protocol belong to the same flow; see the table below for a full
list of protocols and traffic stream discrimination fields.
When enabled for an interface, WFQ provides traffic priority management that automatically sorts
among individual traffic streams without requiring that you first define access lists. Enabling WFQ
requires use of this command only.
When WFQ is enabled for an interface, new messages for high-bandwidth traffic streams are
discarded after the configured or default congestive discard threshold has been met. However, low-
bandwidth conversations, which include control message conversations, continue to enqueue data.
As a result, the fair queue may occasionally contain more messages than its configured threshold
number specifies.
WFQ uses a traffic data stream discrimination registry service to determine which traffic stream a
message belongs to. For each forwarding protocol, Table shows the attributes of a message that are
used to classify traffic into data streams.
Fair queueing is enabled by default for physical interfaces whose bandwidth is less than or equal to
2.048 Mbps and that do not use the following: X.25 and Synchronous Data Link Control (SDLC)
encapsulations; Link Access Procedure, Balanced (LAPB); tunnels; loopbacks; dialer; bridges; or
virtual interfaces. Fair queueing is not an option for these protocols. However, if custom queueing
or priority queueing is enabled for a qualifying link, it overrides fair queueing, effectively disabling
it. Additionally, fair queueing is automatically disabled if you enable the autonomous or silicon
switching engine mechanisms.
Table: Weighted Fair Queueing

Traffic Stream Discrimination Fields
Forwarder Fields Used
AppleTalk
Source net, node, socket

Destination net, node, socket
Type
CLNS
Source NSAP
Destination NSAP
DECnet
Source address
Destination address
Frame Relay switching
DLCI value
IP
ToS
IP protocol
Source IP address (if message is not fragmented)
Destination IP address (if message is not fragmented)
Source TCP/UDP port
Destination TCP/UDP port
Transparent bridging
Unicast: source MAC, destination MAC

Ethertype SAP/SNAP multicast: destination MAC address
Source-route bridging
Unicast: source MAC, destination MAC

SAP/SNAP multicast: destination MAC address
VINES
Source network/host
Destination network/host
Level 2 protocol
Apollo
Source network/host/socket
Destination network/host/socket
Level 2 protocol
XNS
Source/destination network/host/socket
Level 2 protocol
Novell NetWare
Source/destination network/host/socket
Level 2 protocol
All others (default)
Control protocols (one queue per protocol)
It is important to note that IP precedence, congestion in Frame Relay switching, and discard
eligibility flags affect the weights used for queueing.
IP precedence, which is set by the host or by policy maps, is a number in the range of 0 to 7. Data
streams of precedence number are weighted so that they are given an effective bit rate of
number+1 times as fast as a data stream of precedence 0, which is normal.
In Frame Relay switching, message flags for forward explicit congestion notification (FECN),
backward explicit congestion notification (BECN), and discard eligibility (DE) message flags
cause the algorithm to select weights that effectively impose reduced queue priority, providing the
application with "slow down" feedback and sorting traffic, giving the best service to applications
within their committed information rate (CIR).
Fair queueing is supported for all LAN and line (WAN) protocols except X.25, including LAPB
and SDLC.
Example:
The following example enables use of WFQ on serial interface 0, with a congestive threshold of
300. This threshold means that messages will be discarded from the queueing system only when
300 or more messages have been queued and the message is in a data stream that has more than
one message in the queue. The transmit queue limit is set to 2, based on the 384-kilobit (Kb) line
set by the bandwidth command:
Router(config-if)#bandwidth 384
Router(config-if)#fair-queue 300
Unspecified parameters take the default values.
The following example requests a fair queue with a congestive discard threshold of 64 messages,
512 dynamic queues, and 18 RSVP queues:
Router(config)#interface Serial 3/0
Router(config-if)#ip unnumbered Ethernet 0/0
Router(config-if)#fair-queue 64 512 18
Misconceptions:
None
Related Commands:
custom-queue-list
priority-group
priority-list default
show interfaces
show queueing

Command:
frame-relay payload-compress
Mode:
Router(config-if)#
Syntax:
frame-relay payload-compress {packet-by-packet | frf9
stac[hardware-options]}
no frame-relay payload-compress {packet-by-packet | frf9 stac}
Syntax Description:
packet-by- Packet-by-packet payload compression, using the Stacker method.

packet
frf9 stac (Optional) Enables FRF.9 compression using the Stacker method.
If the router contains a compression service adapter (CSA), compression

is performed in the CSA hardware (hardware compression).
If the CSA is not available, compression is performed in the software
installed on the VIP2 (distributed compression).
If the VIP2 is not available, compression is performed in the router's
main processor (software compression).
hardware- distributed
options
(Optional) Specifies that compression is implemented in the software that is
installed in a VIP2. If the VIP2 is not available, compression is performed in
the router's main processor (software compression). This option applies only to
the Cisco 7500 series.
software
(Optional) Specifies that compression is implemented in the Cisco IOS

software installed in the router's main processor.
csa csa_number
(Optional) Specifies the CSA to use for a particular interface. This option
applies only to Cisco 7200 series routers.
Use the frame-relay payload-compress interface configuration command to enable Stacker
payload compression on a specified point-to-point interface or subinterface. To disable payload
compression on a specified point-to-point interface or subinterface, use the no form of this
command.
Use the frame-relay payload-compress command to enable or disable payload compression on a

point-to-point interface or subinterface. Use the frame-relay map command to enable or disable
payload compression on a multipoint interface or subinterface.
We recommend that you shut down the interface prior to changing encapsulation types. Although
this is not required, shutting down the interface ensures the interface is reset for the new
encapsulation.
Example:
The following running-config excerpt configures FRF.9 compression for subinterfaces:
!
interface Serial2/0/0
no ip address
no ip route-cache
ip route-cache distributed
no keepalive
shutdown
!
interface Serial2/0/0.500 point-to-point
ip address 172.16.1.4 255.255.255.0
no cdp enable
frame-relay interface-dlci 500 IETF
frame-relay payload-compress FRF9 stac
!
Misconceptions:
None
Related Commands:
frame-relay map

Command:
ip tcp header-compression
Mode:
Router(config-if)#
Syntax:
ip tcp header-compression [on | off | passive]
no ip tcp header-compression
Syntax Description:
on (Optional) Turns header compression on.
off (Optional) Turns header compression off.
passive (Optional) On SLIP lines, prevents transmission of compressed packets until a
compressed packet arrives from the asynchronous link, unless a user specifies SLIP on
the command line. For PPP, this option functions the same as the on option.
To configure TCP header compression on the asynchronous link, use the ip tcp header-
compression interface configuration command. To disable header compression, use the no form of
this command.
Header compression data areas are initialized to handle up to 16 simultaneous TCP connections.
Currently, you cannot change this number. You can only turn header compression on or off or use
the passive keyword.
On lines configured for PPP encapsulation, the keywords passive and on cause the same behavior.
Before attempting header compression, PPP automatically negotiates whether compression is
available at each end of the connection.
There are two ways to implement header compression when the line is configured for ip tcp
header-compression passive:
The user enters the /compressed option with the slip EXEC commands to force the line into
compressed mode. This overrides the passive setting and causes the interface to behave as if
header compression is enabled.
The user enters slip or slip default and the connecting system sends compressed packets to
the server. The server detects the use of compression by the connecting system and
automatically enters compressed mode.
If a line is configured for passive header compression and you use the slip or ppp EXEC command
to enter asynchronous mode, you will see the interface is set to match the compression status used
by the host at the other end of the asynchronous line.
Router>slip 10.0.0.1
Password:
Entering SLIP mode.
Interface IP address is 10.0.0.1, MTU is 1500 bytes
Header compression will match your system.
The message "Header compression will match your system" indicates the interface is set to match
the compression status used by the host at the other end of the asynchronous line. If the line was
configured to have header compression on, this line would read "Header compression is On."
Example:
The following example enables Van Jacobson TCP header compression. The passive keyword
prevents transmission of compressed packets until a compressed packet arrives from the IP link.
Notice that asynchronous routing and dynamic addressing are also enabled.
Router(config-if)#async dynamic routing
Router(config-if)#ip tcp header-compression passive
Misconceptions:
None
Related Commands:
None

Command:
priority-group
Mode:
Router(config-if)#
Syntax:
priority-group list-number
no priority-group list-number
Syntax Description:
list-number Priority list number assigned to the interface. Any number from 1 to 16.
To assign the specified priority list to an interface, use the priority-group interface configuration
command. To remove the specified priority group assignment, use the no form of this command.
Only one list can be assigned per interface. Priority output queueing provides a mechanism to
prioritize packets transmitted on an interface.
Use the show queueing priority and show interfaces commands to display the current status of
the output queues.
Example:
The following example causes packets for transmission on serial interface 0 to be classified by
priority list 1:
Router(config-if)#priority-group 1
The following sample configuration shows how to establish queueing priorities based on the
address of the serial link on a STUN connection. Note that you must use the priority-group
interface configuration command to assign a priority group to an output interface.
stun peer-name 131.108.254.6
stun protocol-group 1 sdlc
!
interface serial 0
! Disable the ip address for interface serial 0:
no ip address
! Enable the interface for STUN:
encapsulation stun
!
stun group 2
stun route address 10 tcp 131.108.254.8 local-ack priority
!
! Assign priority group 1 to the input side of interface serial 0:
priority-group 1
! Assign a low priority to priority list 1 on serial link identified
! by group 2 and address A7:
priority-list 1 stun low address 2 A7
Misconceptions:
None
Related Commands:
priority-list interface
priority-list queue-limit
show interfaces
show queueing

Command:
Mode:
Router(config)#
Syntax:
priority-list list-number default {high | medium | normal | low}
no priority-list list-number
Syntax Description:
list-number Any number from 1 to 16 that identifies the priority list.
high | medium | Priority queue level. The normal queue is used, if you use the no
normal | low form of this command.
To assign a priority queue for those packets that do not match any other rule in the priority list, use
the priority-list default global configuration command. To return to the default or assign normal
as the default, use the no form of this command.
When you use multiple rules, remember the system reads the priority settings in order of
appearance. When classifying a packet, the system searches the list of rules specified by priority-
list commands for a matching protocol or interface type. When a match is found, the system
assigns the packet to the appropriate queue. The system searches the list in the order it is specified,
and the first matching rule terminates the search.
Example:
The following example sets the priority queue for those packets that do not match any other rule in
the priority list to a low priority:
router(config)#priority-list 1 default low
Misconceptions:
None
Related Commands:
priority-group
priority-list protocol
show queueing

Command:
Mode:
Router(config)#
Syntax:
priority-list list-number protocol protocol-name {high | medium |
normal | low} queue-keyword keyword-value
no priority-list list-number protocol [protocol-name {high| medium

| normal | low} queue-keyword keyword-value]
Syntax Description:
list-number Any number from 1 to 16 that identifies the priority list selected by the
user.
protocol-name Protocol type: aarp, apollo, appletalk, arp, bridge (transparent), clns,
clns_es, clns_is, compressedtcp,cmns, decnet, decnet_node,
decnet_router-l1, decnet_router-l2,dlsw, ip, ipx, pad, rsrb, stun,
vines,xns, and x25.
high | medium Priority queue level.

| normal | low
queue-keyword Possible keywords are fragments, gt, list, lt, tcp, and udp. See table
keyword-value below.
To establish queueing priorities based on the protocol type, use the priority-list protocol global
configuration command. To remove a priority list entry assigned by protocol type, use the no form
of this command followed by the appropriate list-number argument and the protocol keyword.
When you use multiple rules for a single protocol, remember the system reads the priority settings
in order of appearance. When classifying a packet, the system searches the list of rules specified by
priority-list commands for a matching protocol type. When a match is found, the system assigns
the packet to the appropriate queue. The system searches the list in the order it is specified, and the
first matching rule terminates the search.
The decnet_router-l1 keyword refers to the multicast address for all level 1 routers, which are
intra-area routers, and the decnet_router-l2 keyword refers to all level 2 routers, which are inter-
area routers.
The dlsw, rsrb, and stun keywords refer only to direct encapsulation.
Use the tables below to configure the queueing priorities for your system.
Table: Protocol Priority Queue Keywords and Values
Option Description
fragments Assigns the priority level defined to fragmented IP packets (for use with the
IP protocol only). More specifically, this command matches IP packets whose
fragment offset field is nonzero. The initial fragment of a fragmented IP packet
has a fragment offset of zero, so such packets are not matched by this
command.
Note Packets with a nonzero fragment offset do not contain TCP or

UDP headers. Other instances of this command that use the tcp or udp
keyword will always fail to match such packets.
gt byte- Specifies a greater-than count. The priority level assigned goes into effect
count when a packet size exceeds the value entered for the argument byte-count.
Note The size of the packet must also include additional bytes because
of MAC encapsulation on the outgoing interface.
list list- Assigns traffic priorities according to a specified list when used with
number AppleTalk, bridging, IP, IPX, VINES, or XNS. The argument list-number is
the access list number as specified by the access-list global configuration
command for the specified protocol-name. For example, if the protocol is
AppleTalk, list-number should be a valid AppleTalk access list number.
lt byte- Specifies a less-than count. The priority level assigned goes into effect when a
count packet size is less than the value entered for the argument byte-count.
tcp port Assigns the priority level defined to TCP segments originating from or
destined to a specified port (for use with the IP protocol only).
udp port Assigns the priority level defined to UDP packets originating from or destined
to a specified port (for use with the IP protocol only).
Table: Common TCP Services and Their Port Numbers
Service Port
FTP data 20
FTP 21
SMTP 25
Telnet 23
Table: Common UDP Services and Their Port Numbers
Service Port
DNS 53
NFS 2049
RPC 111
SNMP 161
TFTP 69
Example:
The following example assigns 1 as the arbitrary priority list number, specifies DECnet as the
protocol type, and assigns a high-priority level to the DECnet packets transmitted on this interface:
Router(config)#priority-list 1 protocol decnet high
The following example assigns a medium-priority level to every DECnet packet with a size greater
than 200 bytes:
Router(config)#priority-list 2 protocol decnet medium gt 200
The following example assigns a medium-priority level to every DECnet packet with a size less
than 200 bytes:
Router(config)#priority-list 4 protocol decnet medium lt 200
The following example assigns a high-priority level to traffic that matches IP access list 10:
Router(config)#priority-list 1 protocol ip high list 10
The following example assigns a medium-priority level to Telnet packets:

Router(config)#priority-list 4 protocol ip medium tcp 23
The following example assigns a medium-priority level to UDP Domain Name Service packets:
Router(config)#priority-list 4 protocol ip medium udp 53
The following example assigns a high-priority level to traffic that matches Ethernet type code
access list 201:
Router(config)#priority-list 1 protocol bridge high list 201
The following example assigns a high-priority level to DLSw+ traffic with TCP encapsulation:
Router(config)#priority-list 1 protocol ip high tcp 2065
The following example assigns a high-priority level to DLSw+ traffic with direct encapsulation:
Router(config)#priority-list 1 protocol dlsw high
Note These commands define a rule that determines how packets are attached to an interface.
Once the rule is defined, the packet is actually attached to the interface using the priority-group
command.
Misconceptions:
None
Related Commands:
priority-group
show queueing

Command:
Mode:
Router(config)#
Syntax:
priority-list list-number protocol protocol-name {high | medium |
normal | low} queue-keyword keyword-value
no priority-list list-number protocol [protocol-name {high |

medium | normal | low} queue-keyword keyword-value]
Syntax Description:
list-number Any number from 1 to 16 that identifies the priority list selected by the
user.
protocol-name Protocol type: aarp, apollo, appletalk, arp, bridge (transparent), clns,
clns_es, clns_is, compressedtcp, cmns, decnet, decnet_node,
decnet_router-l1, decnet_router-l2, dlsw, ip, ipx, pad, rsrb, stun, vines,
xns, and x25.
high | medium Priority queue level.

| normal | low
queue-keyword Possible keywords are fragments, gt, list, lt, tcp, and udp.
keyword-value
To establish queueing priorities based upon the protocol type, use the priority-list protocol global
configuration command. To remove a priority list entry assigned by protocol type, use the no form
of this command followed by the appropriate list-number argument and the protocol keyword.
When you use multiple rules for a single protocol, remember that the system reads the priority
settings in order of appearance. When classifying a packet, the system searches the list of rules
specified by priority-list commands for a matching protocol type. When a match is found, the
system assigns the packet to the appropriate queue. The system searches the list in the order it is
specified, and the first matching rule terminates the search.
intra-area routers, and the decnet_router-l2 keyword refers to all level 2 routers, which are inter-
area routers.
Use the tables to configure the queueing priorities for your system.
Table: Protocol Priority Queue Keywords and Values
Option Description
fragments Assigns the priority level defined to fragmented IP packets (for use with the IP
protocol only). More specifically, this command matches IP packets whose
fragment offset field is nonzero. The initial fragment of a fragmented IP packet
has a fragment offset of zero, so such packets are not matched by this
command.
Note Packets with a nonzero fragment offset do not contain TCP or

UDP headers, so other instances of this command that use the tcp or udp
keyword will always fail to match such packets.
gt byte- Specifies a greater-than count. The priority level assigned goes into effect when
count a packet size exceeds the value entered for the argument byte-count.
list list- Assigns traffic priorities according to a specified list when used with
number AppleTalk, bridging, IP, IPX, VINES, or XNS. The argument list-number is
the access list number as specified by the access-list global configuration
command for the specified protocol-name. For example, if the protocol is
AppleTalk, list-number should be a valid AppleTalk access list number.
lt byte- Specifies a less-than count. The priority level assigned goes into effect when a
count packet size is less than the value entered for the argument byte-count.
tcp port Assigns the priority level defined to TCP segments originating from or destined
udp port Assigns the priority level defined to UDP packets originating from or destined
Table: Common TCP Services and Their Port Numbers
Service Port
FTP data 20
FTP 21
SMTP 25
Telnet 23
Table: Common UDP Services and Their Port Numbers
Service Port
DNS 53
NFS 2049
RPC 111
SNMP 161
TFTP 69
Example:
The following example assigns 1 as the arbitrary priority list number, specifies DECnet as the
protocol type, and assigns a high-priority level to the DECnet packets transmitted on this interface:
Router(config)#priority-list 1 protocol decnet high
The following example assigns a medium-priority level to every DECnet packet with a size greater
than 200 bytes:
Router(config)#priority-list 2 protocol decnet medium gt 200
The following example assigns a medium-priority level to every DECnet packet with a size less
than 200 bytes:
Router(config)#priority-list 4 protocol decnet medium lt 200
The following example assigns a high-priority level to traffic that matches IP access list 10:
Router(config)# priority-list 1 protocol ip high list 10
The following example assigns a medium-priority level to Telnet packets:

Router(config)# priority-list 4 protocol ip medium tcp 23
The following example assigns a medium-priority level to UDP Domain Name Service packets:
Router(config)#priority-list 4 protocol ip medium udp 53
The following example assigns a high-priority level to traffic that matches Ethernet type code
access list 201:
Router(config)#priority-list 1 protocol bridge high list 201
The following example assigns a high-priority level to DLSw+ traffic with TCP encapsulation:
Router(config)#priority-list 1 protocol ip high tcp 2065
The following example assigns a high-priority level to DLSw+ traffic with direct encapsulation:
Router(config)#priority-list 1 protocol dlsw high
Note These commands define a rule that determines how packets are attached to an interface.
Once the rule is defined, the packet is actually attached to the interface using the priority-group
command.
Misconceptions:
None
Related Commands:
None
Command:
Mode:
Router(config)#
Syntax:
priority-list list-number queue-limit [high-limit [medium-limit
[normal-limit [low-limit]]]]
no priority-list list-number queue-limit
Syntax Description:
list-number Any number from 1 to 16 that identifies the priority list.
high-limit medium- (Optional) Priority queue maximum length. A value of 0 for any of
limit normal-limit low- the four arguments means that the queue can be of unlimited size
limit for that particular queue.
To specify the maximum number of packets that can be waiting in each of the priority queues, use
the priority-list queue-limit global configuration command. To select the normal queue, use the
no form of this command.
If a priority queue overflows, excess packets are discarded and quench messages can be sent, if
appropriate, for the protocol.
The default queue limit arguments are listed below.
Table: Default Priority Queue

Packet Limits
Priority Queue Argument Packet Limits
high-limit 20
medium-limit 40
normal-limit 60
low-limit 80
Note If priority queueing is enabled and there is an active ISDN (Integrated Services Digital
Network) call in the queue, changing the configuration of the priority-list queue-limit command
drops the call from the queue. For more information about priority queueing, refer to the Quality
of Service Configuration Guide, Release 12.0.
Example:
The following example sets the maximum packets in the priority queue to 10:
Router(config)#priority-list 2 queue-limit 10 40 60 80
Misconceptions:
None
Related Commands:
priority-group
show queueing

Command:
queue-list default
Mode:
Router(config)#
Syntax:
queue-list list-number default queue-number
no queue-list list-number default queue-number
Syntax Description:
list-number Number of the queue list. Any number from 1 to 16.
queue- Number of the queue. Any number from 1 to 16. The default number of the
number queue list is queue number 1.
To assign a priority queue for those packets that do not match any other rule in the queue list, use
the queue-list default global configuration command. To restore the default value, use the no
When you use multiple rules, remember that the system reads the queue-list commands in order of
appearance. When classifying a packet, the system searches the list of rules specified by queue-list
commands for a matching protocol or interface type. When a match is found, the system assigns
the packet to the appropriate queue. The system searches the list in the order it is specified, and the
first matching rule terminates the search.
Queue number 0 is a system queue. It is emptied before any of the other queues are processed. The
system enqueues high-priority packets, such as keepalives, to this queue.
Use the show interfaces command to display the current status of the output queues.
Example:
In the following example, the default queue for list 10 is set to queue number 2:
Router(config)#queue-list 10 default 2
Misconceptions:
None
Related Commands:
custom-queue-list
show queueing

Command:
Mode:
Router(config)#
Syntax:
queue-list list-number interface interface-type interface-number
queue-number
no queue-list list-number interface interface-type interface-

number queue-number
Syntax Description:
interface-type Name of the interface
interface-number Number of the interface
queue-number Number of the queue. Any number from 1 to 16.
To establish queueing priorities on packets entering on an interface, use the queue-list interface
global configuration command. To remove an entry from the list, use the no form of this
command.
When you use multiple rules, remember that the system reads the queue-list commands in order of
commands for a matching protocol or interface type. When a match is found, the system assigns
the packet to the appropriate queue. The list is searched in the order it is specified, and the first
matching rule terminates the search.
Example:
In the following example, queue list 4 establishes queueing priorities for packets entering on
interface tunnel 3. The queue number assigned is 10.
Router(config)#queue-list 4 interface tunnel 3 10
Misconceptions:
None
Related Commands:
custom-queue-list
queue-list default
show queueing

Command:
Mode:
Router(config)#
Syntax:
queue-list list-number queue queue-number byte-count byte-count-
number
no queue-list list-number queue queue-number byte-count byte-

count-number
Syntax Description:
queue- Number of the queue. Any number from 1 to 16.

number
byte-count- Average number of bytes the system allows to be delivered from a given
number queue during a particular cycle. The default byte count is 1500 bytes.
To specify how many bytes the system allows to be delivered from a given queue during a
particular cycle, use the queue-list queue byte-count global configuration command. To return the
byte count to the default value, use the no form of this command.
Example:
In the following example, queue list 9 establishes the byte count as 1400 for queue number 10:
Router(config)#queue-list 9 queue 10 byte-count 1400
Misconceptions:
None
Related Commands:
custom-queue-list
queue-list default
show queueing

Command:
Mode:
Router(config)#
Syntax:
queue-list list-number queue queue-number limit limit-number
no queue-list list-number queue queue-number limit limit-number
Syntax Description:
list- Number of the queue list. Any number from 1 to 16.

number
queue- Number of the queue. Any number from 1 to 16.

number
limit- Maximum number of packets that can be enqueued at any time. The range is 0 to
number 32767 queue entries. A value of 0 means that the queue can be of unlimited size.
The default queue is 20 entries.
To designate the queue length limit for a queue, use the queue-list queue limit global
configuration command. To return the queue length to the default value, use the no form of this
command.
Example:
In the following example, the queue length of queue 10 is increased to 40:
Router(config)#queue-list 5 queue 10 limit 40
Misconceptions:
None
Related Commands:
custom-queue-list
queue-list default
show queueing

Command:
queue-list queue protocol
Mode:
Router(config)#
Syntax:
queue-list list-number protocol protocol-name queue-number queue-
keyword keyword-value
no queue-list list-number protocol protocol-name queue-number

queue-keyword keyword-value
Syntax Description:
protocol-name Required argument that specifies the protocol type: aarp, apollo,
appletalk, arp, bridge (transparent), clns, clns_es, clns_is, cmns,
compressedtcp, decnet, decnet_node, decnet_routerl1, decnet_routerl2,
dlsw, ip, ipx, pad, rsrb, stun, vines, xns, and x25.
queue-number Number of the queue. Any number from 1 to 16.
queue- Possible keywords are gt, list, lt, tcp, and udp.
keyword
keyword-value
To establish queueing priority based upon the protocol type, use the queue-list protocol global
configuration command. To remove an entry from the list, use the no form of this command with
the appropriate list number.
When you use multiple rules, remember the system reads the queue-list commands in order of
commands for a matching protocol or interface type. When a match is found, the packet is assigned
to the appropriate queue. The list is searched in the order it is specified, and the first matching rule
terminates the search.
intra-area routers, and the decnet_router-l2 keyword refers to all level 2 routers, which are
interarea routers.
Use the tables from the priority-list protocol command to configure the queueing priorities for
your system.
Example:
The following example assigns 1 as the custom queue list, specifies DECnet as the protocol type,
and assigns 3 as a queue number to the packets transmitted on this interface:
Router(config)#queue-list 1 protocol decnet 3
The following example assigns DECnet packets with a size greater than 200 bytes to queue
number 2:
Router(config)#queue-list 2 protocol decnet 2 gt 200
The following example assigns DECnet packets with a size less than 200 bytes to queue number 2:
Router(config)#queue-list 4 protocol decnet 2 lt 200
The following example assigns traffic that matches IP access list 10 to queue number 1:
Router(config)#queue-list 1 protocol ip 1 list 10
The following example assigns Telnet packets to queue number 2:

Router(config)#queue-list 4 protocol ip 2 tcp 23
The following example assigns UDP Domain Name Service packets to queue number 2:
Router(config)#queue-list 4 protocol ip 2 udp 53
The following example assigns traffic that matches Ethernet type code access list 201 to queue
number 1:
Router(config)#queue-list 1 protocol bridge 1 list 201
Misconceptions:
None
Related Commands:
custom-queue-list
queue-list default
show queueing

Command:
show queueing
Mode:
Router#
Syntax:
show queueing [custom | fair | priority | red]
Syntax Description:
custom (Optional) Status of the custom queueing list configuration.
fair (Optional) Status of the fair queueing configuration.
priority (Optional) Status of the priority queueing list configuration.
red (Optional) Status of the Weighted Random Early Detection (WRED)

configuration.
To list all or selected configured queueing strategies, use the show queueing privileged EXEC
command.
Examples:
The following is a sample of output from the show queueing custom command:
Router#show queueing custom
Current custom queue configuration:
List Queue Args

3 10 default
3 3 interface Tunnel3
3 3 protocol ip
3 3 byte-count 444 limit 3
The following is a sample of output from the show queueing command. There are two active
conversations in the serial interface 0. Weighted fair queueing ensures that both of these IP data
streams—both using TCP—receive equal bandwidth on the interface while they have messages in
the pipeline, even though there is more FTP data in the queue than RCP data.
Router#show queueing
Current fair queue configuration:
Interface Discard Dynamic Reserved

threshold queue count queue count
Serial0 64 256 0
Serial1 64 256 0
Serial2 64 256 0
Serial3 64 256 0
Current priority queue configuration:
List Queue Args

1 high protocol cdp
2 medium interface Ethernet1
Current RED queue configuration:
Interface: Ethernet3 Exp-weight-constant: 9

Class Min-th Max-th Mark-prob
0 20 40 1/10
1 22 40 1/10
2 24 40 1/10
3 26 40 1/10
4 28 40 1/10
5 31 40 1/10
6 33 40 1/10
7 35 40 1/10
rsvp 37 40 1/10
Misconceptions:
None
Related commands:
custom-queue-list
fair-queue
priority-group

Command:
connect
Mode:
Router>
Router#
Syntax:
connect [ip-address | hostname]
Syntax Description:
ip-address Ip address of the remote-host
hostname Name of the remote-host
To log on to a host that supports Telnet, rlogin, or LAT, use the connect EXEC command.
Example:
Router#connect 10.0.0.1
Trying 10.0.0.1 ...
% Destination unreachable; gateway or host down
Router#connect othersystem
Misconceptions:
None
Related Commands:
disconnect
telnet

Command:
disconnect
Mode:
Router#
Syntax:
disconnect [connection]
Syntax Description:
connection Number of the line or name of the active network connection to be disconnected
To disconnect a line, use the disconnect EXEC command.
Example:
Router#disconnect
Misconceptions:
None
Related Commands:
connect
telnet

Command:
telnet
Mode:
Router>
Router#
Syntax:
telnet {host} [port] [keyword]
Syntax Description:
host A host name or an IP address
port (Optional) A decimal TCP port number; the default is the

Telnet router port (decimal 23) on the host
keyword (Optional) One of the keywords listed in the following table
This command will create a connection to a remote system. The keywords for telnet are shown in
the following table:
Table: Telnet Command Connection Options

Option Description
/debug Enables Telnet debugging mode.
Enables an encrypted Telnet session. This keyword is available only if you have the
Kerberized Telnet subsystem. If you authenticate using Kerberos Credentials, the use
of this keyword initiates an encryption negotiation with the remote server. If the
/encrypt
encryption negotiation fails, the Telnet connection will be reset. If the encryption
kerberos
negotiation is successful, the Telnet connection will be established, and the Telnet
session will continue in encrypted mode (all Telnet traffic for the session will be
encrypted).
Enables Telnet line mode. In this mode, the Cisco IOS software sends no data to the
host until you press Return. You can edit the line using the standard Cisco IOS
/line
software command-editing characters. The /line keyword is a local switch; the
remote router is not notified of the mode change.
/noecho Disables local echo.
Specifies loose source routing. The path argument is a list of host names or IP
/route path
addresses that specify network nodes and ends with the final destination.
/source-
Specifies the source interface.
interface
Turns on stream processing, which enables a raw TCP stream with no Telnet control
/stream sequences. A stream connection does not process Telnet options and can be
appropriate for connections to ports running UUCP and other non-Telnet protocols.
port-
Port number.
number
bgp Border Gateway Protocol.
chargen Character generator.
cmd rcmd Remote commands.
daytime Daytime.
discard Discard.
domain Domain Name Service.
echo Echo.
exec EXEC.
finger Finger
ftp File Transfer Protocol.
ftp-data FTP data connections (used infrequently).
gopher Gopher.
hostname NIC hostname server.
ident Ident Protocol.
irc Internet Relay Chat
klogin Kerberos login.
kshell Kerberos shell.
login Login (rlogin).
lpd Printer service.
nntp Network News Transport Protocol.
node Connect to a specific LAT node
pop2 Post Office Protocol v2.
pop3 Post Office Protocol v3.
port Destination LAT port name.
smtp Simple Mail Transport Protocol.
sunrpc Sun Remote Procedure Call.
syslog Syslog.
tacacs Specify TACACS security.
talk Talk.
telnet Telnet.
time Time.
uucp Unix-to-Unix Copy Program.
whois Nickname.
www World Wide Web (HTTP).
Example:
Router#telnet 10.0.0.1
Router>telnet mywebserver.mydomain.com
Misconceptions:
None
Related commands:
ping
disconnect
connect

Command:
distance
Mode:
Syntax:
distance weight {source ip-address {source wildcard}} [ip standard
access list number] | [ip standard access list name]
no distance weight {source ip-address {source wildcard}} [ip
standard access list number] | [ip standard access list name]
Syntax Description:
weight The weight argument is used to set a routing protocol's
administrative distance. This can be an integer from 1 to 255. The
higher the value, the lower the trust rating. Used alone, the
argument weight specifies a default administrative distance that the
Cisco IOS software uses when no other specification exists for a
routing source. Routes with a distance of 255 are not installed in the
routing table.
source ip (Optional) Routing source's IP address in four-part, dotted decimal

address notation.
source wildcard Source wildcard mask in four-part, dotted decimal format. A bit set
to 1 in the wildcard mask argument instructs the software to ignore
the corresponding bit in the ip address value. A bit set to 0 in the
wildcard mask instructs the software to look for a match in the
corresponding bit.
ip standard Number or name of a standard IP access list to be applied to

access list incoming routing updates.
number, ip
standard access
list name
The distance command is used to prioritize routing information from different sources, because
some pieces of routing information may be more accurate than others. An administrative distance
is a rating of the trustworthiness of a routing information source, such as an individual router or a
group of routers. In a large network, some routing protocols and some routers can be more reliable
than others as sources of routing information. Also, when multiple routing processes are running in
the same router for IP, it is possible for the same route to be advertised by more than one routing
process. By specifying administrative distance values, you enable the router to intelligently
discriminate between sources of routing information. The router will always pick the route whose
routing protocol has the lowest administrative distance.
Table: Default Administrative Distances

Route Source Default Distance
Connected interface 0
Static route 1
EIGRP summary route 5
External BGP 20
Internal EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
External EIGRP 170
Internal BGP 200
Unknown 255
Example:
Router(config-router)#distance 255
Router(config-router)#distance 90 192.31.7.0 0.0.0.255
Router(config-router)#distance 120 128.88.1.3 0.0.0.0
The first distance router configuration command sets the default administrative distance to 255,
which instructs the router to ignore all routing updates from routers for which an explicit distance
has not been set. The second distance command sets the administrative distance to 90 for all
routers on the Class C network 192.31.7.0. The third distance command sets the administrative
distance to 120 for the router with the address 128.88.1.3.
Misconceptions:
The distance command does not get sent in routing updates. The command only affects routes on
the local router.
Related Commands:
access-list
distribute-list
redistribute

Command:
distribute-list
Mode:
Syntax:
distribute-list {access-list number | gateway | prefix} in | out

[type number]
no distribute-list {access-list number | gateway | prefix} in |

out [type number]
Syntax Description:
in Filters incoming updates

out Filters outgoing updates
access-list A standard IP access list number. The access list defines which networks are
number | to be received or sent (depending on whether the in or out parameter is
prefix | used) and defines which networks are to be suppressed in routing updates.
gateway
The keyword gateway filters incoming updates based on gateway. The
keyword prefix filters based on prefixes contained in routing updates.
type (Optional) Interface type. If no interface is specified, the access list will be
applies to all incoming or outgoing updates (depending on whether the in or
out parameter is used).
(Optional) Interface number on which the access list is applied to incoming
number
or outgoing updates (depending on whether the in or out parameter is used).
The distribute-list command is used to filter networks received or transmitted in routing updates.
A network is defined using a standard access list. The optional [type number] argument allows
filtering on a specific interface.
Example:
Router(config-router)#distribute-list 5 in serial 0/0
Misconceptions:
The distribute-list command works with all routing protocols (unlike some other methods of
controlling routing updates). However, with OSPF, routes cannot be filtered from entering the
OSPF database. The distribute-list in command only filters routes from entering the routing table,
but it does not prevent link-state packets from being propagated. The command distribute-list out
works only on routes being redistributed by ASBRs into OSPF. The command can be applied to
external type 2 and external type 1 routes, but not to intra-area and inter-area routes.
Related Commands:
access-list (IP standard)
access-list (IP extended)
passive-interface
redistribute

Command:
ip prefix-list
Mode:
Router(config)#
Syntax:
ip prefix-list list-name [seq seq-value] {deny | permit

network/length} [ge ge-value] [le le-value]
no ip prefix-list list-name [seq seq-value] {deny | permit

network/length} [ge ge-value] [le le-value]
Syntax Description:
list-name The name of the prefix list.

seq (Optional) Applies the sequence number to the prefix list entry being
created or deleted.
seq-value (Optional) Specifies the sequence number for the prefix list entry.
deny Denies access for a matching condition.
permit Allows access for a matching condition.
(Mandatory) The network parameter specifies the network number. The / is
network/length typed followed by the number of set bits in the network mask. An example
is 192.168.10.0/24.
ge (Optional) Applies the value specified in the ge-value to the prefix list as
the minimum prefix length to be matched. For example, the command ip
prefix-list Test deny 192.0.0.0/8 ge 25 denies routes that have 192 in the
first octet of the network number and a mask greater than or equal to 25
bits.
(Optional) Specifies the minimum number of mask bits that must be
ge-value
matched.
(Optional) Applies the value specified in the le-value to the prefix list. For
example, the command ip prefix-list Test permit 192.0.0.0/8 le 24 accepts
le routes that have 192 in the first octet of the network number and a mask
length up to 24 bits. Note that the ge ge-value and le le-value parameters
can be combined. For example, ip prefix-list ABC permit 0.0.0.0/0 ge 8 le
24 permits mask lengths from eight to 24 bits in all address space.
(Optional) Specifies the maximum number of mask bits that must be
le-value
matched.
A prefix list is used to filter routing updates. Prefix lists are more efficient and easier to manage
than distribution lists because lines can be added or deleted to form a prefix list without having to
recreate the list. An implicit deny all is at the end of every prefix list. The first match in the prefix
list is used and the rest of the prefix list is ignored. An empty prefix list permits all prefixes. The
router always begins the filtering starting at the top of the prefix list with the lower sequence
number. Sequence numbers are automatically generated by default. Prefix lists are applied to
specific BGP neighbors using the neighbor prefix-list command.
Example:
Router(config)#ip prefix-list abc permit 192.0.0.0/8 le 24
Misconceptions:
Some people believe that distribution lists are easier than prefix lists. Advantages include (1)
improved performance when loading and route lookup large lists and (2) support for incremental
updates and greater flexibility. A prefix list can be changed by adding or deleting specific portions
without having to recreate the entire list. The IOS tracks how many times a specific prefix list entry
is considered a match. To clear the hit count table of prefix list entries, use the clear ip prefix-list
EXEC command.
Related Commands:
show ip prefix-list
distribute-list

Command:
Mode:
Syntax:
neighbor {ip-address | peer-group-name} prefix-list prefix-
listname {in | out}
no neighbor {ip-address | peer-group-name} prefix-list prefix-
listname {in | out}
Syntax Description:
prefix-list-name Name of a prefix list
ip-address IP address of neighbor
in Filter incoming updates
out Filter outgoing updates
To distribute BGP neighbor information as specified in a prefix list, use the neighbor prefix-list
command in address family or router configuration mode. To remove an entry, use the no form of
this command.
Example:
The following router configuration mode example applies the prefix list named abc to incoming
advertisements to neighbor 120.23.4.1:
Router(config-router)#neighbor 120.23.4.1 prefix-list abc in
The following address family configuration mode example applies the prefix list named abc to
incoming advertisements to neighbor 120.23.4.1:
Router(config-router-af)#neighbor 120.23.4.1 prefix-list abc in
Misconceptions:
None
Related Commands:

Command:
passive-interface
Mode:
Syntax:
passive-interface type number

no passive-interface type number
Syntax Description:
type Interface type
number Interface number
Sets all interfaces as passive. Individual interfaces can have the passive parameter
removed by using the no passive-interface type number command. This parameter is
default
useful in ISPs and large enterprise networks that have routers that contain more than
200 interfaces.
The passive-interface command keeps a router from sending routing updates out an interface.
Example:
Router(config-router)#passive interface serial 0/0
Misconceptions:
A passive interface performs differently when using EIGRP, OSPF, IS-IS, and BGP than it does
with RIP and IGRP. When using the passive-interface command with EIGRP, inbound and
outbound hellos are prevented. Therefore, EIGRP neighboring cannot occur. Use the distribute-
list command with EIGRP to control routing updates. When using the passive-interface command
with OSPF, routing information is neither sent, nor received through the specified interface. The
best way to control OSPF routing updates is to create a stub, NSSA, or totally stub area. The
distribute-list command can also be used, but see the Misconceptions area of that command for
information on using it within OSPF. The passive-interface command does not work with BGP.
BGP is not a traditional routing protocol in that it is never really run on an interface. Instead a
neighbor (peer) is specified. BGP has no idea which physical interface is actually performing the
neighbor peering. If two BGP neighbors are NOT to peer with each other, do not enter neighbor
statements. When configuring other routing protocols, an interface is never specified. Instead the
network command is used. When the protocol is active, the protocol knows that an interface is
active for that particular protocol. This can been seen by using the show ip protocols command.
Conversely, with BGP, network commands are used to specify what networks to advertise and
neighbor commands to specify BGP peers. With BGP, use a route map to filter out routes.
Related Commands:
distribute-list
area

Command:
redistribute
Mode:
Syntax:
redistribute protocol [process-id] [metric metric-value] [metric-
type type-value] [match {internal | external 1 | external 2}] [tag
tag-value] [route-map map-tag] [weight weight] [subnets]
no redistribute protocol [process-id] [metric metric-value]
[metric-type type-value] [match {internal | external 1 | external
2}] [tag tag-value] [route-map map-tag] [weight weight] [subnets]
Syntax Description:
protocol The routing protocol that is being "brought into" or redistributed into
another routing protocol. For example, if bringing RIP routes into
OSPF, the commands used would be as follows:
Router(config-router)#redistribute rip
The following keywords can be used with the redistribute command:

bgp, egp, eigrp, igrp, iso-igrp, isis, odr, ospf, mobile, static,
connected, and rip.
The keyword static is used to redistribute IP static routes.
The keyword connected refers to routes which are established

automatically by virtue of having enabled IP on an interface. For
routing protocols such as OSPF, these routes will be redistributed as
external to the autonomous system.
process-id For bgp, eigrp, egp, igrp, or eigrp this is an autonomous system
number, which is a 16-bit decimal number. For ospf, this is an
appropriate OSPF process ID from which routes are to be
redistributed. This identifies the routing process. This value takes the
form of a nonzero decimal number. For rip, no process-id value is
needed.
metric metric-
metric metric- Metric used for the redistributed route. If a value is not specified for
value this option, and no value is specified using the default-metric
command, the default metric value is 0. Use a value consistent with
the destination protocol. For example, if redistributing RIP into
OSPF, use OSPF metrics in the redistribution statement:
Router(config-router)#redistribute igrp 77 metric 100
OSPF's metric is cost. IGRP uses the combination of bandwidth,

delay, reliability, load, and MTU. Since OSPF routers only
understand cost, you must translate IGRP's metrics into one that
OSPF understands.
metric-type When used with OSPF, the metric-type type-value defines the
type-value external link type associated with the default route advertised into the
OSPF routing domain. It can be one of two values:
1—Type 1 external route
2—Type 2 external route
If a metric-type is not specified, the Cisco IOS software adopts a

Type 2 external route.
match For OPSF, the criteria by which OSPF routes are redistributed into
{internal | other routing domains. It an be one of the following:
external 1 |
external 2} internal—Routes that are internal to a specific autonomous system.
external 1—Routes that are external to the autonomous system, but

are imported into OSPF as type 1 external routes.
external 2—Routes that are external to the autonomous system, but

are imported into OSPF as type 2 external routes.
tag tag-value 32-bit decimal value attached to each external route. This is not used
by the OSPF protocol itself. It may be used to communicate
information between Autonomous System Boundary Routers. If none
is specified, then the remote autonomous system number is used for
routes from BGP and EGP. For other protocols, zero (0) is used.
route-map Route map should be interrogated to filter the importation of routes

from this source routing protocol to the current routing protocol. If
not specified, all routes are redistributed. If this keyword is specified,
but no route map tags are listed, no routes will be imported.
map-tag A route map is used to filter the importation of routes. If not

specified, all routes are redistributed. The map-tag identifies by a
number or name which route map to use. If the route-map keyword
is specified, but no route map tags are listed, no routes will be
imported.
weight weight Defines the network weight when redistributing routes into BGP.
Weight is an integer from 0 to 65535.
subnets Allows subnetworks to be redistributed into OSPF. By default,

subnetworks are not redistributed into OSPF, only routes that are not
subnetted.
To redistribute routes from one routing domain into another routing domain, use the redistribute
router configuration command. To disable redistribution, use the no form of this command.
A router receiving a link-state protocol such as OSPF with an internal metric will consider the cost
of the route from itself to the redistributing router plus the advertised cost to reach the destination.
An external metric only considers the advertised metric to reach the destination.
Whenever you use the redistribute or the default-information router configuration commands to
redistribute routes into an OSPF routing domain, the router automatically becomes an Autonomous
System Boundary Router (ASBR). An ASBR does not, by default, generate a default route into the
OSPF routing domain.
When routes are redistributed between OSPF processes, no OSPF metrics are preserved. When
routes are redistributed into OSPF and no metric is specified in the metric keyword, the default
metric that OSPF uses is 20 for routes from all protocols except a BGP route, which gets a metric
of 1. Furthermore, when the router redistributes from one OSPF process to another OSPF process
on the same router, and if no default metric is specified, the metrics in one process are carried to
the redistributing process.
The only directly connected routes affected by the redistribute command are the routes not
specified by the network command.
You cannot use the default-metric command to affect the metric used to advertise connected
routes.
Example:
The following example causes OSPF routes to be redistributed into a BGP domain:
Router(config-router)#redistribute ospf 1 match internal
The following example causes IGRP routes (for Autonomous System 1) to be redistributed into an OSPF do
Subnets are also redistributed. The metric for these routes is converted from an IGRP metric to an OSPF co
100:
Router(config-router)#redistribute igrp 1 metric 100 subnets
The following example causes the specified IGRP process routes to be redistributed into an OSPF domain.
IGRP-derived metric will be converted to an OSPF cost of 100 and RIP routes to a cost value of 200.
Router(config)#router ospf 109 Router(config-router)#redistribute igrp 108 metric 100 s
Router(config-router)#redistribute rip metric 200 subnets
In the following example, network 20.0.0.0 will appear as an external LSA in OSPF 1 with a cost of 100 (th
preserved):
Router(config-if)#ip ospf cost 100
Router(config-if)#interface ethernet 1
Router(config-router)#network 10.0.0.0 0.255.255.255 area 0
Router(config-if)#redistribute ospf 2 subnet
Router(config-router)#network 20.0.0.0 0.255.255.255 area 0
The metric value specified in the redistribute command supercedes the metric value specified using the d
metric command.
When redistributing one protocol into another, each protocol's metrics play an important role in redistributio
uses hop count as its metric while IGRP/EIGRP uses bandwidth and delay. When routes are redistributed, a
must be defined that is understood by the protocol into which the routes are going. There are two methods f
defining metrics during redistribution: (1) use the metric parameter in conjunction with the redistribute co
or (2) use the default-metric router configuration command. The metric metric-value specified in the redi
command supersedes the metric value specified by the default-metric command. For example, when defin
metric for a specific redistribution, the redistribute...metric command is used:
Router(config)#router rip
Router(config-router)#redistribute static metric 1
Router(config-router)#redistribute ospf 1 metric 2
The other option is to assign all redistributed routes the same metric using the default-metric comman
this is done all redistributions receive the same metric. In the example shown below, all redistribution
the metric of one hop count:
Router(config-router)#redistribute static
Router(config-router)#redistribute ospf 1
Misconceptions:
None
Related Commands:
show ip route
show ip protocols
distribute-list
default-information originate

Command:
route-map
Mode:
Router(config)#
Syntax:
route-map map-tag [permit | deny] [sequence-number]
no route-map map-tag [permit | deny] [sequence-number]
Syntax Description:
map-tag Defines a meaningful name for the route map. The redistribute router
configuration command uses this name to reference this route map. Multiple
route maps may share the same map tag name.
permit (Optional) If the match criteria are met for this route map, and permit is
specified, the route is redistributed as controlled by the set actions. In the case
of policy routing, the packet is policy routed.
If the match criteria are not met, and permit is specified, the next route map
with the same map tag is tested. If a route passes none of the match criteria for
the set of route maps sharing the same name, it is not redistributed by that set.
The permit keyword is the default.
deny (Optional) If the match criteria are met for the route map, and deny is
specified, the route is not redistributed. In the case of policy routing, the packet
is not policy routed, and no further route maps sharing the same map tag name
will be examined. If the packet is not policy-routed, it reverts to the normal
forwarding algorithm.
sequence- (Optional) Number that indicates the position a new route map is to have in the
number list of route maps already configured with the same name. If given with the no
form of this command, it specifies the position of the route map that should be
deleted.
To define the conditions for redistributing routes from one routing protocol into another, or to
enable policy routing, use the route-map global configuration command. To enable policy routing,
the route-map command can be combined with the match and set route-map configuration
commands.
Example:
The following example shows how you can use route maps to modify incoming data from a
neighbor. Any route received from 140.222.1.1 that matches the filter parameters set in
autonomous system access list 200 will have its weight set to 200 and its local preference set to
250, and it will be accepted.
Router(config-router)#neighbor 140.222.1.1 route-map fix-weight in
Router(config-router)#exit
Router(config)#ip as-path access-list 200 permit ^690$
Router(config)#ip as-path access-list 200 permit ^1800
Router(config)#route-map fix-weight permit 10
Router(config-route-map)#set weight 200

The following example applies a route map named internal-map to incoming route from 198.92.70.24:
Router(config)#route-map internal-map
Misconceptions:
None
Related Commands:
None

Command:
show ip prefix-list
Mode:
Router#
Router>
Syntax:
Syntax Description:
detail |
summary
sequence-
number
prefix-
list-name
network/length
longer
network/length.
Example:

Misconceptions:
Related commands:
ip prefix-list
distribute-list

Command:
address-family ipv4
Mode:
Syntax:
address-family ipv4 [multicast | unicast | vrf vrf-name]
no address-family ipv4 [multicast | unicast | vrf vrf-name]
Syntax Description:
multicast (Optional) Specifies IP Version 4 multicast address prefixes.
unicast (Optional) Specifies IP Version 4 unicast address prefixes.
vrf vrf- (Optional) Specifies the name of the virtual routing and forwarding (VRF)
name instance to associate with subsequent IP Version 4 address family
configuration mode commands.
To enter address family configuration mode for configuring routing sessions such as BGP that use
standard IP Version 4 address prefixes, use the address-family ipv4 router configuration
command. To disable address family configuration mode, use the no form of this command.
Usage Guidelines:
The address-family ipv4 command places the router in address family configuration mode, from
which you can configure routing sessions that use standard IP Version 4 address prefixes. To leave
address family configuration mode and return to router configuration mode, type exit.
Routing information for address family IP Version 4 is advertised by default when you configure a
BGP routing session using the neighbor remote-as command unless you enter the no bgp default
ipv4-unicast command.
The address-family ipv4 command replaces the match nlri and set nlri commands.
Example:
The following example places the router in address family configuration mode for the IP Version 4
address family:

Router(config-router)# address-family ipv4
multicast address prefixes for the IP Version 4 address family:

Router(config-router)# address-family ipv4 multicast
unicast address prefixes for the IP Version 4 address family:

Router(config-router)# address-family ipv4 unicast
The following example places the router in address family configuration mode and specifies cisco
as the name of the VRF instance to associate with subsequent IP Version 4 address family
configuration mode commands:
Router(config-router)# address-family ipv4 vrf cisco
Misconceptions:
None
Related Commands:
network (BGP)
neighbor weight
neighbor route-map
maximum-paths
aggregate-address

Command:
auto-summary
Mode:
Syntax:
auto-summary
Syntax Description:
This command applies to a RIP routing process. To restore the default behavior of automatic
summarization of subnet routes into network-level routes, use the auto summary router
configuration command. To disable this function and transmit subprefix routing information across
classful network boundaries, use the no form of this command. RIP Version 1 always uses
automatic summarization. If you are using RIP Version 2, you can turn off automatic
summarization by specifying no auto-summary. Disable automatic summarization if you must
perform routing between disconnected subnets. When automatic summarization is off, subnets are
advertised.
Example:
Router(config-router)#no auto-summary
Misconceptions:
None
Related Commands:
ip summary-address eigrp
summary-address

Command:
clear ip eigrp neighbors
Mode:
Router#
Syntax:
clear ip eigrp neighbors [ip-address | type number]
Syntax Description:
ip-address (Optional) Address of the neighbor
type number (Optional) Interface type and number. Specifying these arguments removes
from the neighbor table all entries learned via this interface.
To delete entries from the neighbor table, use the clear ip eigrp neighbors EXEC command.
Example:
Router#clear ip eigrp neighbors 128.12.43.1
Misconceptions:
None
Related Commands:
clear ip route
show ip eigrp
Command:
clear ip ospf
Mode:
Router#
Syntax:
clear ip ospf [pid] {process | redistribution | counters [neighbor
[intf] [nbr-id]]}
Syntax Description:
pid (Optional) Process ID.
process Reset OSPF process.
redistribution Clear OSPF route redistribution.
counters OSPF counters.
neighbor Neighbor statistics per interface.
intf Neighbor interface.
nbr-id Neighbor ID.
To clear OSPF statistics, or to clear redistribution based on the OSPF routing process ID, use the
clear ip ospf EXEC command.
Example:
Router#clear ip ospf process

Misconceptions:
None
Related Commands:
clear ip route
show ip ospf

Command:
clear ipx cache
Mode:
Router#
Syntax:
clear ipx cache
Syntax Description:
To delete entries from the IPX fast-switching cache, use the clear ipx cache EXEC command.
Example:
Router#clear ipx cache
Misconceptions:
None
Related Commands:
show ipx cache
ipx route-cache

Command:
debug ip rip
Mode:
Router#
Syntax:
debug ip rip
no debug ip rip
Syntax Description:
This command displays RIP transactions.
Example:
Router#debug ip rip
RIP protocol debugging is on
Misconceptions:
None
Related Commands:
debug all

Command:
ip route
Mode:
Router(config)#
Syntax:
ip route prefix mask {address | interface} [distance] [tag tag]
[permanent]
no ip route prefix mask {address | interface} [distance] [tag tag]

[permanent]
Syntax Description:
prefix IP route prefix for the destination
mask Prefix mask for the destination
address IP address of the next hop that can be used to reach that network
interface Network interface to use
distance (Optional) An administrative distance
tag tag (Optional) Tag value that can be used as a "match" value for controlling
redistribution via route maps
permanent (Optional) Specifies that the route will not be removed, even if the interface
shuts down
To establish static routes, use the ip route global configuration command. To remove static routes,
Example:
Router(config)#ip route 10.0.0.0 255.0.0.0 131.108.3.4 110
Misconceptions:
None
Related Commands:
show ip route

Command:
ip route-cache
Mode:
Router(config-if)#
Syntax:
ip route-cache [cbus]
no ip route-cache [cbus]
ip route-cache same-interface
no ip route-cache same-interface
ip route-cache [flow]
no ip route-cache [flow]
ip route-cache distributed
no ip route-cache distributed
Syntax Description:
cbus (Optional) Enables both autonomous switching and fast switching. This
command is supported only on the AGS+ (with a switch processor card) and
the Cisco 7000.
same- Enables fast-switching packets back out the interface on which they arrived.
interface
flow (Optional) Enables the RSP to perform flow switching on the interface.
distributed Enables VIP distributed switching on the interface. This feature can be
enabled on Cisco 7500 series routers with an RSP and Versatile Interface
Processor (VIP) controllers. If both ip route-cache flow and ip route-cache
distributed are configured, the VIP does distributed flow switching. If only ip
route-cache distributed is configured, the VIP does distributed switching.
Use the ip route-cache interface configuration command to control the use of high-speed
switching caches for IP routing. To disable any of these switching modes, use the no form of this
command. Using the route cache is often called fast switching. The route cache allows outgoing
packets to be load-balanced on a per-destination basis. The ip route-cache command with no
additional keywords enables fast switching. Cisco routers generally offer better packet transfer
performance when fast switching is enabled, with one exception. On networks using slow serial
links (64K and below), disabling fast switching to enable the per-packet load sharing is usually the
best choice. Not all switching methods are available on all platforms.
Example:
Router(config-if)#ip route-cache
Misconceptions:
None
Related Commands:
show ip cache

Command:
ip route-cache cef
Mode:
Router(config-if)#
Syntax:
ip route-cache cef
no ip route-cache cef
Syntax Description:
To enable Cisco Express Forwarding (CEF) operation on an interface after CEF operation has been
disabled, use the ip route-cache cef interface configuration command. To disable CEF operation
on an interface, use the no form of this command. CEF is advanced Layer 3 switching technology
for IP. CEF optimizes network performance and scalability for networks with dynamic,
topologically dispersed traffic patterns, such as those associated with Web-based applications and
interactive type sessions. All interfaces supporting CEF or dCEF are enabled by default when you
enable standard CEF or dCEF operation globally. You use the no form of the command to turn off
CEF operation on a particular interface. Some interfaces do not support CEF or dCEF and you may
want to disable CEF or DCEF on that particular interface. For example, policy routing and CEF
cannot be used together. You might want one interface to support policy routing while the other
interfaces support CEF. In this case, you would turn on CEF globally, but turn off CEF on the
interface configured for policy routing. This enables all but one interface to express forward.
Example:
Router(config-if)#ip route-cache cef
Misconceptions:
None
Related Commands:
ip route-cache
show ip cache

Command:
ip routing
Mode:
Router(config)#
Syntax:
ip routing
no ip routing
Syntax Description:
Enables the routing of IP packets. This option is enabled by default, and is required for routing of
IP packets. To disable IP routing, use the no form of this command.
Example:
Router(config)#ip routing
Misconceptions:
None
Related Commands:
ipx routing

Command:
ip subnet-zero
Mode:
Router(config)#
Syntax:
ip subnet-zero
no ip subnet-zero
Syntax Description:
To enable the use of subnet zero for interface addresses and routing updates, use the ip subnet-
zero global configuration command. To restore the default (disabled), use the no form of this
command.
Example:
Router(config)#ip subnet-zero
Misconceptions:
none
Related Commands:
ip classless

Command:
ipx route-cache
Mode:
Router(config-if)#
Syntax:
ipx route-cache
no ipx route-cache
Syntax Description:
To enable IPX fast switching, use the ipx route-cache interface configuration command. To
disable fast switching, use the no form of this command. Fast switching allows higher throughput
by switching packets using a cache created by previous transit packets. Fast switching is enabled
by default on all interfaces that support fast switching, including Token Ring, Frame Relay, PPP,
SMDS, and ATM. You might want to disable fast switching in two situations. One is if you want
to save memory on the interface cards. Fast-switching caches require more memory than those
used for standard switching. The second situation is to avoid congestion on interface cards when a
high-bandwidth interface is writing large amounts of information to a low-bandwidth interface.
Example:
Router(config-if)#ipx route-cache
Misconceptions:
None
Related Commands:
clear ipx cache

Command:
ipx router
Mode:
Router(config)#
Syntax:
ipx router {eigrp autonomous-system-number | nlsp [tag] | rip}
no ipx router {eigrp autonomous-system-number | nlsp [tag] | rip}
Syntax Description:
eigrp Enables the EIGRP routing protocol. The argument autonomous-system-
autonomous- number is the EIGRP autonomous system number. It can be a number from 1
system-number to 65535.
nlsp [tag] Enables the NLSP routing protocol. The optional argument tag names the
NLSP process to which you are assigning the NLSP protocol. If the router has
only one process, defining a tag is optional. A maximum of three NLSP
processes may be configured on the router at the same time. The tag can be
any combination of printable characters.
rip Enables the RIP routing protocol. It is on by default.
To specify the routing protocol to use, use the ipx router global configuration command. To
disable a particular routing protocol on the router, use the no form of this command. RIP must be
explicitly disabled by issuing the no ipx router rip command if this routing protocol is not to be
used. Also, multiple EIGRP processes on a router can be configured. To do so, assign each a
different autonomous system number.
Example:
Router(config)#ipx router eigrp 4
Router(config-ipx-router)#
Misconceptions:
None
Related Commands:
ipx routing
ip routing

Command:
ipx routing
Mode:
Router(config)#
Syntax:
ipx routing node
no ipx routing
Syntax Description:
The node number is either user specified or the MAC address of the first Ethernet, Token
node
or FDDI card.
To enable IPX routing, use the ipx routing global configuration command. To disable IPX routing,
use the no form of this command. Node is a 48-bit value represented by a dotted triplet of four-
digit hexadecimal numbers (xxxx.xxxx.xxxx). It must not be a multicast address. If you omit node,
the Cisco IOS software uses the hardware MAC address currently assigned to it as its node
address. This is the MAC address of the first Ethernet, Token Ring, or FDDI interface card. If no
satisfactory interfaces are present in the router (such as only serial interfaces), you must specify
node.
Example:
Misconceptions:
None
Related Commands:
ip routing
ipx router
Command:
metric weights
Mode:
Syntax:
metric weights tos k1 k2 k3 k4 k5
no metric weights
Syntax Description:
tos Type of service. Currently, it must always be zero.
k1-k5 Constants that convert an IGRP or EIGRP metric vector into a scalar quantity.
To allow the tuning of the IGRP or EIGRP metric calculations, use the metric weights router
configuration command. To reset the values to their defaults, use the no form of this command.
Usage Guidelines
Use this command to alter the default behavior of IGRP or EIGRP routing and metric computation
and allow the tuning of the metric calculation for a particular type of service (TOS).
If k5 equals 0, the composite IGRP or EIGRP metric is computed according to the following
formula:
metric = [k1 * bandwidth + (k2 * bandwidth)/(256 - load) + k3 * delay]
If k5 does not equal zero, an additional operation is done:

metric = metric * [k5 / (reliability + k4)]
Bandwidth is inverse minimum bandwidth of the path in bits per second scaled by a factor of 2.56
* 10^12. The range is from a 1200-bps line to 10 terabits per second.
Delay is in units of 10 microseconds. This gives a range of 10 microseconds to 168 seconds. A

delay of all ones indicates that the network is unreachable. The delay parameter is stored in a 32-bit
field, in increments of 39.1 nanoseconds. This gives a range of 1 (39.1 nanoseconds) to
hexadecimal FFFFFFFF (decimal 167,503,724,504 nanoseconds). A delay of all ones
(hexadecimal FFFFFFFF) indicates that the network is unreachable.
defaults:
tos: 0
k1: 1
k2: 0
k3: 1
k4: 0
k5: 0
Example:
The following example sets the metric weights to slightly different values than the defaults:
Router(config-router)#metric weights 0 2 0 2 0 0
Misconceptions:
None
Related Commands:
show ip protocols

Command:
network (BGP)
Mode:
Syntax:
network network-number [mask network-mask]
no network network-number [mask network-mask]
Syntax Description:
network-
number Network that BGP or multiprotocol BGP will advertise
network-
mask (Optional) Network mask address
mask (Optional) Network or subnetwork mask. If the mask keyword is configured,

then an exact match must exist in the routing table.
To specify the networks to be advertised by the BGP and multiprotocol BGP routing processes, use
the network command in address family or router configuration mode. To remove an entry, use
Example:
The following router configuration mode example sets up network 131.108.0.0 to be included in
the BGP updates:
The following address-family mode configuration example sets up network 131.108.0.0 to be included in the
multiprotocol BGP updates:
Router (config-router)#address family ipv4 multicast
Router (config-router-af)#network 131.108.0.0
Misconceptions:
None
Related Commands:
router bgp
address-family ipv4
show ip route

Command:
network (EIGRP)
Mode:
Syntax:
network network-number [network-mask]
no network network-number [network-mask]
Syntax Description:
network-number IP address of the directly connected networks.
network-mask (Optional) Network mask.
To specify a list of networks for an EIGRP routing process, use this form of the network router
Example:
The following example configures a router for EIGRP and assigns autonomous system number
109. The network command indicates the network directly connected to the router.

Router(config-router)#network 172.16.0.0 0.0.255.255
Misconceptions:
None
Related Commands:
router eigrp
show ip route

Command:
network (RIP, RIPv2, and IGRP)
Mode:
Syntax:
network network-address
Syntax Description:
To specify a list of networks for a Routing Information Protocol (RIP), RIP version 2, or Interior
Gateway Routing Protocol (IGRP) routing process, use this form of the network router
Example:
Misconceptions:
None
Related Commands:
router rip
router igrp
show ip route

Command:
router bgp
Mode:
Router(config)#
Syntax:
router bgp as-number
no router bgp as-number
Syntax Description:
as- Number of an autonomous system that identifies the router to other BGP routers
number and tags the routing information passed along
To configure the Border Gateway Protocol (BGP) routing process, use the router bgp global
configuration command. To remove a routing process, use the no form of this command.
This command allows you to set up a distributed routing core that automatically guarantees the
loop-free exchange of routing information between autonomous systems.
Example:
The following example configures a BGP process for autonomous system 120:
Misconceptions:
None
Related Commands:
network (BGP)
Command:
router eigrp
Mode:
Router(config)#
Syntax:
router eigrp autonomous-system
no router eigrp autonomous-system
Syntax Description:
autonomous- Autonomous system number that identifies the routes to the other EIGRP
To configure the EIGRP routing process, use the router eigrp global configuration command. To
shut down a routing process, use the no form of this command.
Example:
The following example configures an EIGRP routing process and assigns process number 109:
Misconceptions:
None
Related Commands:
network (EIGRP)

Command:
router igrp
Mode:
Router(config)#
Syntax:
router igrp autonomous-system
no router igrp autonomous-system
Syntax Description:
autonomous- Autonomous system number that identifies the routes to the other IGRP
To configure the Interior Gateway Routing Protocol (IGRP) routing process, use the router igrp
global configuration command. To shut down an IGRP routing process, use the no form of this
command.
It is not necessary to have a registered autonomous system number to use IGRP. If you do not have
a registered number, you are free to create your own. We recommend that if you do have a
registered number, you use it to identify the IGRP process.
Example:
The following example configures an IGRP routing process and assign process number 109:
Misconceptions:
None
Related Commands:
Command:
router rip
Mode:
Router(config)#
Syntax:
router rip
no router rip
Syntax Description:
To configure the Routing Information Protocol (RIP) routing process, use the router rip global
configuration command. To turn off the RIP routing process, use the no form of this command.
Example:
The following example shows how to begin the RIP routing process:
Misconceptions:
None
Related Commands:

Command:
show ip cache
Mode:
Router#
Syntax:
show ip cache [prefix mask] [type number]
Syntax Description:
prefix (Optional) Display only the entries in the cache that match the prefix and mask
combination.
mask (Optional) Display only the entries in the cache that match the prefix and mask
combination.
type (Optional) Display only the entries in the cache that match the interface type and
number combination.
number (Optional) Display only the entries in the cache that match the interface type and
number combination.
To display the routing table cache used to fast switch IP traffic, use the show ip cache EXEC
command. The show ip cache display shows MAC headers up to 92 bytes.
Example:
Router#show ip cache
IP routing cache version 4490, 141 entries, 20772 bytes, 0 hash overflows
Minimum invalidation interval 2 seconds, maximum interval 5 seconds,
quiet interval 3 seconds, threshold 0 requests
Invalidation rate 0 in last 7 seconds, 0 in last 3 seconds
Last full cache invalidation occurred 0:06:31 ago
Prefix/Length
Age
Interface MAC Header
131.108.1.1/32 0:01:09
Ethernet0/0 AA000400013400000C0357430800
131.108.1.7/32 0:04:32
Ethernet0/0 00000C01281200000C0357430800
131.108.1.12/32 0:02:53
Ethernet0/0 00000C029FD000000C0357430800
131.108.2.13/32 0:06:22
Fddi2/0
00000C05A3E000000C035753AAAA030000000800
131.108.2.160/32 0:06:12
Fddi2/0
00000C05A3E000000C035753AAAA030000000800
131.108.3.0/24 0:00:21
Ethernet1/2 00000C026BC600000C03574D0800
131.108.4.0/24 0:02:00
Ethernet1/2 00000C026BC600000C03574D0800
131.108.5.0/24 0:00:00
Ethernet1/2 00000C04520800000C03574D0800
131.108.10.15/32 0:05:17
Ethernet0/2 00000C025FF500000C0357450800
131.108.11.7/32 0:04:08
Ethernet1/2 00000C010E3A00000C03574D0800
131.108.11.12/32 0:05:10
Ethernet0/0 00000C01281200000C0357430800
131.108.11.57/32 0:06:29
Ethernet0/0 00000C01281200000C0357430800
Misconceptions:
None
Related commands:
ip route-cache
ip route-cache cef

Command:
show ip protocols
Mode:
Router#
Syntax:
show ip protocols
Syntax Description:

Examples:
processes:

198.92.72.0
198.92.72.18 100 0:56:41
198.92.72.19 100 6d19
198.92.72.22 100 0:55:41
198.92.72.20 100 0:01:04
198.92.72.30 100 0:01:29

Neighbor(s):
192.108.211.17 1
192.108.213.89 1
198.6.255.13 1
198.92.72.18 1
198.92.72.19
198.92.84.17 1
192.108.209.0
192.108.211.0
198.6.254.0
198.92.72.19 20 0:05:28
Field Description

"igrp 109"

every 90 seconds

seconds

seconds
outgoing updates
hopcount
injecting routes
displayed:
IP address
processes:

160.89.0.0
160.89.81.28 90 0:02:36
160.89.80.28 90 0:03:04
160.89.80.31 90 0:03:04
Field Description
routes.
routes.
processes:

None
Serial0
processes:

Redistributing: rip
Ethernet0 2 2 trees
Fddi0 2 2
172.19.0.0
2.0.0.0
3.0.0.0
Misconceptions:
None
Related commands:
None

Command:
show ip route
Mode:
Router#
Syntax:
Syntax Description:

address
displayed.
name or number.
Example:
O 2.0.0.0/8 [110/128] via 1.1.1.2, 00:07:11, Serial0
O 3.1.1.1 [110/129] via 1.1.1.2, 00:07:11, Serial0
Misconceptions:
None
Related commands:
ip route
ip default-network

Command:
show ipx cache
Mode:
Router#
Syntax:
show ipx cache
Syntax Description:
To display the contents of the IPX fast-switching cache, use the show ipx cache EXEC command.
Example:
Router#show ipx cache
Novell routing cache version is 9

Destination Interface MAC Header
*1006A Ethernet 0 00000C0062E600000C003EB0064
*14BB Ethernet 1 00000C003E2A00000C003EB0064
Misconceptions:
None
Related commands:
clear ipx cache

Command:
summary-address
Mode:
Syntax:
summary-address address mask {level-1 | level-1-2 | level-2}
prefix mask [not-advertise]
[tag tag]
no summary-address address mask {level-1 | level-1-2 | level-2}
Syntax Description:
address Summary address designated for a range of addresses.
mask IP subnet mask used for the summary route.
level-1 Only routes redistributed into Level 1 are summarized with the configured
address/mask value. This keyword applies to IS-IS only.
level-1-2 The summary router is injected into both a Level 1 area and a Level 2
subdomain. This keyword applies to IS-IS only.
level-2 Routes learned by Level 1 routing will be summarized into the Level 2
backbone with the configured address/mask value. This keyword applies to IS-
IS only.
prefix IP route prefix for the destination.
mask IP subnet mask used for the summary route.
not- (Optional) Used to suppress routes that match the prefix/mask pair. This
advertise keyword applies to OSPF only.
redistribution via route maps. This keyword applies to OSPF only.
Use the summary-address router configuration command to create aggregate addresses for OSPF.
The no summary-address command restores the default.
Multiple groups of addresses can be summarized for a given level. Routes learned from other
routing protocols can also be summarized. The metric used to advertise the summary is the
smallest metric of all the more specific routes. This command helps reduce the size of the routing
table.
Using this command for OSPF causes an OSPF autonomous system boundary router (ASBR) to
advertise one external route as an aggregate for all redistributed routes that are covered by the
address. For OSPF, this command summarizes only routes from other routing protocols that are
being redistributed into OSPF. Use the area range command for route summarization between
OSPF areas.
Example:
In the following example, summary address 10.1.0.0 includes address 10.1.1.0, 10.1.2.0, 10.1.3.0,
and so forth. Only the address 10.1.0.0 is advertised in an external link state advertisement.
Router(config-router)#summary-address 10.1.0.0 255.255.0.0
Misconceptions:
None
Related commands:
area
ip ospf authentication-key

Command:
timers basic
Mode:
Syntax:
timers basic update invalid holddown flush [sleeptime]
no timers basic
Syntax Description:
update Rate in seconds at which updates are sent. This is the fundamental timing parameter of
the routing protocol.
invalid The passing of an interval of time in seconds which a route is declared invalid. It
should be at least three times the value of the update. A route becomes invalid when
there is an absence of updates that refresh the route. The route then enters holddown.
The route is marked inaccessible and advertised as unreachable. However, the route is
still used for forwarding packets.
holddown Interval in seconds during which routing information regarding better paths is
suppressed. It should be at least three times the value of update. A route enters into a
holddown state when an update packet is received that indicates the route is
unreachable. The route is marked inaccessible and advertised as unreachable.
However, the route is still used for forwarding packets. When holddown expires,
routes advertised by other sources are accepted and the route is no longer inaccessible.
flush Amount of time in seconds that must pass before the route is removed from the
routing table; the interval specified must be at least the sum of invalid and holddown.
If it is less than this sum, the proper holddown interval cannot elapse, which results in
a new route being accepted before the holddown interval expires.
sleeptime (Optional) Interval in milliseconds for postponing routing updates in the event of a
flash update. The sleeptime value should be less than the update time. If the sleeptime
is greater than the update time, routing tables will become unsynchronized.
To adjust IGRP network timers, use the timers basic router configuration command. To restore the
default timers, use the no form of this command.
The basic timing parameters for IGRP are adjustable. Since this routing protocol is executing a
distributed, asynchronous routing algorithm, it is important that these timers be the same for all
routers and access servers in the network.
Note The current and default timer values can be seen by inspecting the output of the show ip
protocols EXEC command. The relationships of the various timers should be preserved as
described previously.
Example:
The following example sets updates to be broadcast every 5 seconds. If a router is not heard from
in 15 seconds, the route is declared unusable. Further information is suppressed for an additional
15 seconds. At the end of the suppression period, the route is flushed from the routing table.
Router(config-router)#timers basic 5 15 15 30
Note that by setting a short update period, you run the risk of congesting slow-speed serial lines;
however, this is not a big concern on faster-speed Ethernets and T1-rate serial lines. Also, if you
have many routes in your updates, you can cause the routers to spend an excessive amount of time
processing updates.
Misconceptions:
None
Related commands:
None

Command:
show access-lists
Mode:
Router#
Syntax:
show access-lists [access-list-number | access-list-name]
Syntax Description:
access-list-number Specifies a specific access-list by number
access-list-name Specifies a specific access-list by name
To display the contents of current access lists, use the show access-lists privileged EXEC
command.
Example:
The following example displays the contents of access list 101.
Router#show access-lists 101
Extended IP access list 101

permit tcp host 198.92.32.130 any established (4304 matches)
permit udp host 198.92.32.130 any eq domain (129 matches)
permit icmp host 198.92.32.130 any
permit tcp host 198.92.32.130 host 171.69.2.141 gt 1023
permit tcp host 198.92.32.130 host 171.69.2.135 eq smtp (2 matches)
deny ip 150.136.0.0 0.0.255.255 224.0.0.0 15.255.255.255
deny ip 171.68.0.0 0.1.255.255 224.0.0.0 15.255.255.255 (2 matches)
deny ip 172.24.24.0 0.0.1.255 224.0.0.0 15.255.255.255
deny ip 192.82.152.0 0.0.0.255 224.0.0.0 15.255.255.255
deny ip 192.122.173.0 0.0.0.255 224.0.0.0 15.255.255.255
deny ip 192.122.174.0 0.0.0.255 224.0.0.0 15.255.255.255
deny ip 192.135.239.0 0.0.0.255 224.0.0.0 15.255.255.255
deny ip 192.135.240.0 0.0.7.255 224.0.0.0 15.255.255.255
deny ip 192.135.248.0 0.0.3.255 224.0.0.0 15.255.255.255
deny ip 192.150.42.0 0.0.0.255 224.0.0.0 15.255.255.255
Misconceptions:
None
Related Commands:
access-list

Command:
show cdp
Mode:
Router#
Syntax:
show cdp
Syntax Description:
To display global CDP information, including timer and hold-time information, use the show cdp
Example:
The following is sample output from the show cdp command. Global CDP timer and hold-time
parameters are set to the defaults of 60 and 180 seconds, respectively.
Router#show cdp
Global CDP information:

Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Misconceptions:
None
Related Commands:
show cdp neighbors
show cdp entry
cdp run
Command:
show cdp entry
Mode:
Router#
Syntax:
show cdp entry {* | entry-name [protocol | version]}
Syntax Description:
* Shows all of the CDP neighbors.
entry- Name of neighbor about which you want information.

name
You can enter an asterisk (*) at the end of an entry-name, such as show cdp
entry dev*, which would show information about the neighbor,
device.cisco.com.
protocol (Optional) Limits the display to information about the protocols enabled on a
router.
version (Optional) Limits the display to information about the version of software
running on the router.
To display information about a neighbor device listed in the CDP table, use the show cdp entry
Example:
The following is a sample of output from the show cdp entry command with no limits. Information
about the neighbor device.cisco.com is displayed including device ID, address and protocol, platform,
interface, hold time, and version.
Router#show cdp entry device.cisco.com
-------------------------
Device ID: device.cisco.com
Entry address(es):
IP address: 192.168.68.18
CLNS address: 490001.1111.1111.1111.00
Holdtime : 125 sec
Version :
The following is a sample of output from the show cdp entry protocol command. Only information
about the protocols enabled on device.cisco.com is displayed.
Router#show cdp entry device.cisco.com protocol
Protocol information for device.cisco.com:

IP address: 192.168.68.18
CLNS address: 490001.1111.1111.1111.00
The following is a sample of output from the show cdp entry version command. Only information
about the version of software running on device.cisco.com is displayed.
Router#show cdp entry device.cisco.com version
Version information for device.cisco.com:

Misconceptions:
None
Related Commands:
cdp run
show cdp

Command:
show cdp neighbors
Mode:
Router#
Syntax:
show cdp neighbors [type number] [detail]
Syntax Description:
type (Optional) Type of the interface connected to the neighbors about which you want
information.
number (Optional) Number of the interface connected to the neighbors about which you
want information.
detail (Optional) Displays detailed information about a neighbor (or neighbors) including
network address, enabled protocols, hold time, and software version.
To display information about neighbors, use the show cdp neighbors privileged EXEC command.
Example:
The following is a sample of output from the show cdp neighbors command. Device ID, interface type
and number, holdtime settings, capabilities, platform, and port ID information about neighbors is
displayed:
Router#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID

device1.cisco.com Eth 0/1 122 T S WS-C2900 2/11
The following is a sample of output for one neighbor from the show cdp neighbors detail command.
Additional detail is shown about neighbors including network address, enabled protocols, and software
version:
Router#show cdp neighbors detail
-------------------------
Device ID: device2.cisco.com
Entry address(es):
IP address: 171.68.162.134
Holdtime : 156 sec
Version :
Copyright (c) 1986-1997 by Cisco Systems, Inc.
Misconceptions:
None
Related Commands:
cdp run
show cdp

Command:
show cgmp
Mode:
Switch#
Syntax:
show cgmp
Syntax Description:
Use the show cgmp privileged Exec command to display the Cisco Group Management Protocol
(CGMP) status, CGMP Fast Leave status, CGMP hold time, multicast group information, and
multicast router information.
Example:
This example shows how to display CGMP status for managed devices.
hostname# show cgmp
CGMP Status : Enabled

CGMP Fast Leave Status : Disabled
CGMP Holdtime (secs) : 600
Allow reserved address to join as GDA: Enabled
VLAN Address Destination

-----------------------------------------------------------------------
1 0100.5E00.0128 Fa2
VLAN Router Address Expiration Interface

-----------------------------------------------------------------------
1 00E0.1E68.7751 589 sec Fa2
Misconceptions:
None
Related Commands:
cgmp
cgmp leave-processing

Command:
Mode:
Router#
Syntax:
show controllers bri slot/port
show controllers bri number
Syntax Description:
number Interface number. The value is 0 through 7 if the router has one 8-port BRI network
interface module (NIM), or 0 through 15 if the router has two 8-port BRI NIMs.
Interface number values will vary depending on the hardware platform used. The Cisco
3600 series router for example, can have up to 48 interfaces.
slot/port Backplane slot number and port number on the interface. See your hardware installation
manual for the specific slot and port numbers.
To display information about the ISDN Basic Rate Interface (BRI), use the show controllers bri
Examples:
The following is a sample of output from the show controllers bri command:
Router#show controllers bri 0
BRI unit 0
D Chan Info:
idb 0x32089C, ds 0x3267D8, reset_mask 0x2
buffer size 1524
01 pak=0x410C20 ds=0x410D7C status=F000 pak_size=0
B1 Chan Info:
idb 0x3224E8, ds 0x3268C8, reset_mask 0x0
buffer size 1524
00 pak=0x421FC0 ds=0x42211C status=D000 pak_size=0
02 pak=0x422EF0 ds=0x42304C status=D000 pak_size=0
03 pak=0x4148E0 ds=0x414A3C status=D000 pak_size=0
04 pak=0x424D50 ds=0x424EAC status=D000 pak_size=0
05 pak=0x423688 ds=0x4237E4 status=D000 pak_size=0
06 pak=0x41AB98 ds=0x41ACF4 status=D000 pak_size=0
07 pak=0x41A400 ds=0x41A55C status=F000 pak_size=0
B2 Chan Info:
idb 0x324520, ds 0x3269B8, reset_mask 0x2
buffer size 1524
00 pak=0x40FCF0 ds=0x40FE4C status=D000 pak_size=0
01 pak=0x40E628 ds=0x40E784 status=D000 pak_size=0
02 pak=0x40F558 ds=0x40F6B4 status=D000 pak_size=0
03 pak=0x413218 ds=0x413374 status=D000 pak_size=0
04 pak=0x40EDC0 ds=0x40EF1C status=D000 pak_size=0
05 pak=0x4113B8 ds=0x411514 status=D000 pak_size=0
06 pak=0x416ED8 ds=0x417034 status=D000 pak_size=0
07 pak=0x416740 ds=0x41689C status=F000 pak_size=0
Field Description
BRI unit 0 Interface type and unit number
Chan Info D and B channel numbers

ACTIVATED ACTIVATED
idb Information about internal data structures and parameters
ds
reset_mask
buffer size Number of bytes allocated for buffers
RX ring with - Information about the Receiver Queue

entries at -
Rxhead Start of the Receiver Queue
pak Information about internal data structures and parameters

ds
status
pak_size
TX ring with - Information about the Transmitter Queue

entries at -
tx_count Number of packets to transmit
tx_head Start of the transmit list
tx_tail End of the transmit list
missed datagrams Incoming packets missed due to internal errors
overruns Number of times the receiver hardware was unable to hand received
data to a hardware buffer because the input rate exceeded the receiver's
ability to handle the data.
bad frame Frames received with a cyclic redundancy check (CRC) error and
addresses noninteger number of octets
bad datagram Packets received with bad encapsulation

encapsulations
memory errors Internal direct memory access (DMA) memory errors
transmitter Number of times that the transmitter has been running faster than the
underruns router can handle
The following is a partial sample output from the show controllers bri command on a Cisco 7200
series router:
BRI slot 2 interface 0 with integrated NT1
Layer 1 is ACTIVATED. (ISDN L1 State F7)
Master clock for slot 2 is bri interface 0.
Total chip configuration successes: 193, failures: 0, timeouts: 0
D Channel Information:
Channel state: UP Channel IDB: 6092AC64
RX ring entries: 5, buffer size 512
RX descriptor ring: head = 165F4D8, tail = 165F508
RX buffer ring: head = 6093A260, tail = 6093A290
00 params=0x2000000 status=0x0 data ptr=0x1650F84 next ptr=0x165F4D8
01 params=0x2000000 status=0xC0080000 data ptr=0x1651884 next ptr=0x165F4E8
02 params=0x2000000 status=0xC0080000 data ptr=0x1651644 next ptr=0x165F4F8
03 params=0x2000000 status=0x0 data ptr=0x1651404 next ptr=0x165F508
04 params=0x42000000 status=0x0 data ptr=0x16511C4 next ptr=0x165F4C8
TX ring entries: 5, in use: 0, buffer size 512
TX descriptor ring: head = 3C2049C0, tail = 3C2049C0
TX buffer ring: head = 608EC0C4, tail = 608EC0C4
00 params=0x80000000 data ptr=0x0000000 next ptr=0x4D0049A8
01 params=0x80000000 data ptr=0x0000000 next ptr=0x4D0049B4
02 params=0x80000000 data ptr=0x0000000 next ptr=0x4D0049C0
03 params=0xC0000000 data ptr=0x0000000 next ptr=0x4D0049CC
04 params=0x0 data ptr=0x0000000 next ptr=0x4D00499C
List of timeslots (sw): 2
Field Description
BRI slot 2 interface Interface type and slot and port number
0 with integrated
NTI

ACTIVATED ACTIVATED
Master clock The first interface that comes up on an MBRI port adapter holds the
master clock. This clock is used for all interfaces on that port adapter.
If the master clock interface goes down, the second interface that came
up becomes the master clock interface.
Total chip Counters of successful chip configuration

configuration
successes
failures Counters of bad chip configuration
timeouts Counters of failing to initialize chip

D Channel Information related to D-channel status
Information
Channel state Channel state can be UNUSED, IDLE, DOWN, STANDBY, UP,
THROTTLED, ILLEGAL
Channel IDB Internal interface channel description
RX (or TX) ring Internal receive queue

entries
RX (or TX) Internal receive queue to manage hardware chip

descriptor ring
RX (or TX) buffer Internal receive queue to hold inbound packets

ring
Rxhead Start of the receiver queue
params, status, data Information about internal data structures and params
ptr, next ptr
List of timeslots Timeslots assigned to this channel

(sw)
Misconceptions:
None
Related Commands:

Command:
Mode:
Router#
Syntax:
show controllers ethernet number (2500 series)
show controllers ethernet slot/port
Syntax Description:
slot/port Interface slot and port number of the Ethernet interface.
number Interface port number of the Ethernet interface.
Use the show controllers ethernet EXEC command to display information on the Cisco 2500,
Cisco 2600, Cisco 3000, or Cisco 4000 series.
Example:
The following is sample output from the show controllers ethernet command on Cisco 4000
series routers:
Router#show controllers ethernet 0
LANCE unit 0, NIM slot 1, NIM type code 4, NIM version 1

Media Type is 10BaseT, Link State is Up, Squelch is Normal
idb 0x4060, ds 0x5C80, regaddr = 0x8100000
IB at 0x600D7AC: mode=0x0000, mcfilter 0000/0001/0000/0040
station address 0000.0c03.a14f default station address 0000.0c03.a14f
buffer size 1524
RX ring with 32 entries at 0xD7E8
Rxhead = 0x600D8A0 (12582935), Rxp = 0x5CF0(23)
01 pak=0x60327C0 ds=0x6032912 status=0x80 max_size=1524 pak_size=98
02 pak=0x6036B88 ds=0x6036CDA status=0x80 max_size=1524 pak_size=98
04 pak=0x603FAA0 ds=0x603FBF2 status=0x80 max_size=1524 pak_size=98
05 pak=0x600DC50 ds=0x600DDA2 status=0x80 max_size=1524 pak_size=98
06 pak=0x6023E48 ds=0x6023F9A status=0x80 max_size=1524 pak_size=1506
07 pak=0x600E3D8 ds=0x600E52A status=0x80 max_size=1524 pak_size=1506
08 pak=0x6020990 ds=0x6020AE2 status=0x80 max_size=1524 pak_size=386
09 pak=0x602D4E8 ds=0x602D63A status=0x80 max_size=1524 pak_size=98
10 pak=0x603A7C8 ds=0x603A91A status=0x80 max_size=1524 pak_size=98
11 pak=0x601D4D8 ds=0x601D62A status=0x80 max_size=1524 pak_size=98
12 pak=0x603BE60 ds=0x603BFB2 status=0x80 max_size=1524 pak_size=98
13 pak=0x60318B0 ds=0x6031A02 status=0x80 max_size=1524 pak_size=98
14 pak=0x601CD50 ds=0x601CEA2 status=0x80 max_size=1524 pak_size=98
15 pak=0x602C5D8 ds=0x602C72A status=0x80 max_size=1524 pak_size=98
18 pak=0x601EB70 ds=0x601ECC2 status=0x80 max_size=1524 pak_size=98
19 pak=0x602DC70 ds=0x602DDC2 status=0x80 max_size=1524 pak_size=98
20 pak=0x60163E0 ds=0x6016532 status=0x80 max_size=1524 pak_size=98
21 pak=0x602CD60 ds=0x602CEB2 status=0x80 max_size=1524 pak_size=98
22 pak=0x6037A98 ds=0x6037BEA status=0x80 max_size=1524 pak_size=98
23 pak=0x602BE50 ds=0x602BFA2 status=0x80 max_size=1524 pak_size=98
24 pak=0x6018988 ds=0x6018ADA status=0x80 max_size=1524 pak_size=98
25 pak=0x6033E58 ds=0x6033FAA status=0x80 max_size=1524 pak_size=98
26 pak=0x601BE40 ds=0x601BF92 status=0x80 max_size=1524 pak_size=98
27 pak=0x6026B78 ds=0x6026CCA status=0x80 max_size=1524 pak_size=98
28 pak=0x6024D58 ds=0x6024EAA status=0x80 max_size=1524 pak_size=74
29 pak=0x602AF40 ds=0x602B092 status=0x80 max_size=1524 pak_size=98
30 pak=0x601FA80 ds=0x601FBD2 status=0x80 max_size=1524 pak_size=98
TX ring with 8 entries at 0xDA20, tx_count = 0
tx_head = 0x600DA58 (12582919), head_txp = 0x5DC4 (7)
tx_tail = 0x600DA58 (12582919), tail_txp = 0x5DC4 (7)
01 pak=0x000000 ds=0x602126A status=0x03 status2=0x0000 pak_size=60
07 pak=0x000000 ds=0x6003ED2 status=0x03 status2=0x0000 pak_size=126
0 missed datagrams, 0 overruns, 2 late collisions, 2 lost carrier events
0 transmitter underruns, 0 excessive collisions, 0 tdr, 0 babbles
0 memory errors, 0 spurious initialization done interrupts
0 no enp status, 0 buffer errors, 0 overflow errors
10 one_col, 10 more_col, 22 deferred, 0 tx_buff
0 throttled, 0 enabled
Lance csr0 = 0x73
Misconceptions:
None
Related Commands:

Command:
Mode:
Router#
Syntax:
show controllers serial [number] (2500 series)
show controllers serial [slot/port]
show controllers serial [slot/port-adapter/port] (Cisco 7500

series and Cisco 7000 series routers with the RSP7000 and
RSP7000CI)
Syntax Description:
number (Optional) Interface number of the serial interface
slot (Optional) Slot number of the interface.
port (Optional) Port number on the interface. The port value is always 0.
port- (Optional) On Cisco 7500 series routers and Cisco 7000 series routers with the
adapter RSP7000 and RSP7000CI, the location of the port adapter on a VIP. The value can be
0 or 1.
Use the show controllers serial privileged EXEC command to display information that is specific
to the interface hardware.
The information displayed is generally useful for diagnostic tasks performed by technical support
personnel only. For the PA-E3 or PA-T3, the show controllers serial command also displays
configuration information such as the framing, clock source, bandwidth limit, whether scrambling
is enabled, the national bit, the international bits, and DSU mode configured on the interface. Also
displayed is the performance statistics for the current interval and last 15-minute interval and
whether any alarms exist.
Examples:
Sample output of the show controllers serial command on the Cisco 4000 follows:
Router#show controllers serial
MK5 unit 0, NIM slot 1, NIM type code 7, NIM version 1
idb = 0x6150, driver structure at 0x34A878, regaddr = 0x8100300
IB at 0x6045500: mode=0x0108, local_addr=0, remote_addr=0
N1=1524, N2=1, scaler=100, T1=1000, T3=2000, TP=1
buffer size 1524
DTE V.35 serial cable attached
RX ring with 32 entries at 0x45560 : RLEN=5, Rxhead 0
00 pak=0x6044D78 ds=0x6044ED4 status=80 max_size=1524 pak_size=0
01 pak=0x60445F0 ds=0x604474C status=80 max_size=1524 pak_size=0
02 pak=0x6043E68 ds=0x6043FC4 status=80 max_size=1524 pak_size=0
03 pak=0x60436E0 ds=0x604383C status=80 max_size=1524 pak_size=0
04 pak=0x6042F58 ds=0x60430B4 status=80 max_size=1524 pak_size=0
05 pak=0x60427D0 ds=0x604292C status=80 max_size=1524 pak_size=0
06 pak=0x6042048 ds=0x60421A4 status=80 max_size=1524 pak_size=0
07 pak=0x60418C0 ds=0x6041A1C status=80 max_size=1524 pak_size=0
09 pak=0x60409B0 ds=0x6040B0C status=80 max_size=1524 pak_size=0
11 pak=0x603FAA0 ds=0x603FBFC status=80 max_size=1524 pak_size=0
12 pak=0x603F318 ds=0x603F474 status=80 max_size=1524 pak_size=0
13 pak=0x603EB90 ds=0x603ECEC status=80 max_size=1524 pak_size=0
14 pak=0x603E408 ds=0x603E564 status=80 max_size=1524 pak_size=0
15 pak=0x603DC80 ds=0x603DDDC status=80 max_size=1524 pak_size=0
16 pak=0x603D4F8 ds=0x603D654 status=80 max_size=1524 pak_size=0
17 pak=0x603CD70 ds=0x603CECC status=80 max_size=1524 pak_size=0
18 pak=0x603C5E8 ds=0x603C744 status=80 max_size=1524 pak_size=0
19 pak=0x603BE60 ds=0x603BFBC status=80 max_size=1524 pak_size=0
20 pak=0x603B6D8 ds=0x603B834 status=80 max_size=1524 pak_size=0
21 pak=0x603AF50 ds=0x603B0AC status=80 max_size=1524 pak_size=0
22 pak=0x603A7C8 ds=0x603A924 status=80 max_size=1524 pak_size=0
23 pak=0x603A040 ds=0x603A19C status=80 max_size=1524 pak_size=0
24 pak=0x60398B8 ds=0x6039A14 status=80 max_size=1524 pak_size=0
26 pak=0x60389A8 ds=0x6038B04 status=80 max_size=1524 pak_size=0
28 pak=0x6037A98 ds=0x6037BF4 status=80 max_size=1524 pak_size=0
30 pak=0x6036B88 ds=0x6036CE4 status=80 max_size=1524 pak_size=0
TX ring with 8 entries at 0x45790 : TLEN=3, TWD=7
tx_count = 0, tx_head = 7, tx_tail = 7
00 pak=0x000000 ds=0x600D70C status=0x38 max_size=1524 pak_size=22
XID/Test TX desc at 0xFFFFFF, status=0x30, max_buffer_size=0, packet_size=0
XID/Test RX desc at 0xFFFFFF, status=0x0, max_buffer_size=0, packet_size=0
Status Buffer at 0x60459C8: rcv=0, tcv=0, local_state=0, remote_state=0
phase=0, tac=0, currd=0x00000, curxd=0x00000
bad_frames=0, frmrs=0, T1_timeouts=0, rej_rxs=0, runts=0
0 bad datagram encapsulations, 0 user primitive errors
0 provider primitives lost, 0 unexpected provider primitives
0 spurious primitive interrupts, 0 memory errors, 0 tr
%LINEPROTO-5-UPDOWN: Linansmitter underruns
mk5025 registers: csr0 = 0x0E00, csr1 = 0x0302, csr2 = 0x0704
csr3 = 0x5500, csr4 = 0x0214, csr5 = 0x0008
The following is a sample of output from the show controllers serial command for a PA-E3 serial
port installed in slot 2:
router#show controllers serial 2/0
M1T-E3 pa: show controller:
PAS unit 0, subunit 0, f/w version 2-55, rev ID 0x2800001, version 2
idb = 0x6080D54C, ds = 0x6080F304, ssb=0x6080F4F4
Clock mux=0x30, ucmd_ctrl=0x0, port_status=0x1
Serial config=0x8, line config=0x1B0202
maxdgram=4474, bufpool=128Kb, 256 particles
rxLOS inactive, rxLOF inactive, rxAIS inactive
txAIS inactive, rxRAI inactive, txRAI inactive
line state: up
E3 DTE cable, received clockrate 50071882
base0 registers=0x3D000000, base1 registers=0x3D002000
mxt_ds=0x608BA654, rx ring entries=128, tx ring entries=256
rxring=0x4B01F480, rxr shadow=0x6081081C, rx_head=26
txring=0x4B01F960, txr shadow=0x60810E48, tx_head=192, tx_tail=192, tx_count=0
throttled=0, enabled=0, disabled=0
rx_no_eop_err=0, rx_no_stp_err=0, rx_no_eop_stp_err=0
rx_no_buf=0, rx_soft_overrun_err=0, dump_err= 1
tx_underrun_err=0, tx_soft_underrun_err=0, tx_limited=0
tx_fullring=0, tx_started=11504
Framing is g751, Clock Source is Line, Bandwidth limit is 34010.
Scrambling is enabled
National Bit is 0, Internaltional Bits are: 0 0
DSU mode 1
0 P-bit Err Secs, 0 P-bit Severely Err Secs
0 Severely Err Framing Secs, 0 Unavailable Secs
0 P-bit Err Secs, 0 P-bit Severely Err Secs,
0 Severely Err Framing Secs, 0 Unavailable Secs,
No alarms detected.
PIO A: 639, PIO B: 303, Gapper register: 50DE
Framer register information:
reg 0: E0 reg 1: 0 reg 2: 0 reg 3: 0
reg 4: 0 reg 5: 8 reg 6: 0 reg 7: 0
The following is a sample of output from the show controllers serial command that shows serial
port 1/0/0 on a 1-port PA-T3 serial port adapter installed on a VIP2 in chassis slot 1:
router#show controllers serial 2/0/1
Serial1/0/0 -
Mx T3(1) HW Revision 0x3, FW Revision 2.55
Framing is c-bit, Clock Source is Line
Bandwidth limit is 35000, DSU mode 1, Cable length is 50
0 P-bit Err Secs, 0 P-bit Sev Err Secs
0 Sev Err Framing Secs, 0 Unavailable Secs
0 P-bit Err Secs, 0 P-bit Sev Err Secs,
0 Sev Err Framing Secs, 0 Unavailable Secs,
No alarms detected.
Misconceptions:
None
Related Commands:

Command:
show dialer
Mode:
Router#
Syntax:
show dialer [interface type number]
Syntax Description:
interface Displays information for the interface specified by the arguments type and number
To display general diagnostic information for interfaces configured for DDR (dial-on-demand
routing), use the show dialer command in EXEC mode.
Example:
The following is an output example from the show dialer command for a BRI interface when dialer
profiles are configured:
Router#show dialer interface bri 0
BRI0 - dialer type = ISDN
Dial String Successes Failures Last called Last status
0 incoming call(s) have been screened.
BRI0: B-Channel 1
Dialer state is data link layer up
Dial reason: ip (s=6.1.1.8, d=6.1.1.1)
Interface bound to profile Dialer0
Time until disconnect 102 secs
Current call connected 00:00:19
Connected to 5773872 (wolfman)
BRI0: B-Channel 2
Dialer state is idle
Table: Show Dialer Interface BRI Field Descriptions

Field Description
BRI0 - dialer ISDN dialer.

type = ISDN
Dial string Dial strings of logged calls (telephone numbers). On ISDN

BRI interfaces, if you have specified a subaddress number
in the dialer string, this number is included in the dial
string after a colon.
Successes Successful connections (even if no data is passed).
Failures Failed connections; call not successfully completed.
Last called Time that last call occurred to specific dial string.
Last status Status of last call to specific dial string (successful

or failed).
0 incoming Number of calls subjected to Dialer Profiles screening to

call(s) have determine how the call is to be treated.
been screened.
BRI0: B-Channel Header indicating the following data is for B channel 1.

1
Idle timer (120 Settings (in seconds) for the idle timer and the fast
secs), Fast idle idle timer.
timer (20 secs)
Wait for carrier Settings (in seconds) for the wait for carrier timer and
(30 secs), Re- the reenable timer.
enable (15 secs)
Dialer state is The message "data link layer up" suggests that the dialer
data link layer came up properly, if it says anything else then dialer
up did not come up properly. The message "physical layer up"
means the line protocol (LCP) came up, but the NCP did
not come up. The show interfaces command also provides
the similar information.
Dial reason: ip What initiated the dial, namely an IP packet, plus source
(s=6.1.1.8, and destination address in the packet.
d=6.1.1.1)
Interface bound Dialer profile that is bound to this interface or

to profile B channel.
Dialer0
Time until Time until line is configured to disconnect. This field

disconnect is displayed if the interface is currently connected to a
destination.
Current call Time at which the current call was connected.
connected
Connected to Dial string to which line is currently connected.
Misconceptions:
None
Related Commands:
debug isdn

Command:
show flash
Mode:
Router>
Router#
Syntax:
show flash-filesystem: [all | chips | filesys]
show flash-filesystem: [partition number] [all | chips | detailed

| err | summary]
Class C Flash file systems
show flash-filesystem:
Syntax Description:
flash- Flash memory file system (bootflash:, flash:, slot0:, slot1:,slavebootflash:,

filesystem slaveslot0:, or slaveslot1:)
all (Optional) On Class B Flash file systems, all shows complete information
about Flash memory, including information about the individual ROM devices
in Flash memory and the names and sizes of all system image files stored in
Flash memory, including those that are invalid.
On Class A Flash file systems, all shows the following information:
The information displayed when no keywords are used.

The information displayed by the filesys keyword.
The information displayed by the chips keyword.
chips (Optional) Shows information per partition and per chip, including which bank
the chip is in plus its code, size, and name
filesys (Optional) Shows the Device Info Block, the Status Info, and the Usage Info
detailed (Optional) Shows detailed file directory information per partition, including
file length, address, name, Flash memory checksum, computer checksum,
bytes used, bytes available, total bytes, and bytes of system Flash memory
err (Optional) Shows write or erase failures in the form of number of retries
partition (Optional) Shows output for the specified partition number

number
If you do not specify a partition in the command, the router displays output for
all partitions. You can use this keyword only when Flash memory has multiple
partitions.
summary (Optional) Shows summary information per partition, including the partition
size, bank size, state, and method by which files can be copied into a particular
partition
You can use this keyword only when Flash memory has multiple partitions.
To display the layout and contents of a Flash memory file system, use the show EXEC command.
If Flash memory is partitioned, the command displays the requested output for each partition,
unless you use the partition keyword.
The command also specifies the location of the current image.
To display the contents of boot Flash memory, use the show bootflash: command as follows:
show bootflash [all | chips | filesys]
show bootflash [partition number] [all| chips | detailed | err]
To display the contents of internal Flash memory, use the show flash command as follows:

show flash [all | chips | filesys]
show flash [partition number][all | chips | detailed | err | summary]
The show (Flash file system) command replaces the show flash devices command.
Examples:
The output of the show command depends on the type of Flash file system you select. Types include flash:
bootflash:, slot0:, slot1:, slavebootflash:, slaveslot0:, and slaveslot1:.
This section contains examples of output from show flash:.

Although the examples below use flash: as the Flash file system, you may also use the other Flash file syste
listed above.
The following three examples show sample output for Class A Flash file systems. The following table descr
the fields shown in the output.
Table: show (Class A Flash File System) Field Descriptions
Field Description
# File's index number
ED Whether the file contains an error (E) or is deleted (D)
type File's type (1 = configuration file, 2 = image file). The software displays these values only w
the file's type is certain. When the file's type is unknown, the system displays unknown in th
field.
crc File's cyclic redundant check
seek Offset into the file system of the next file
nlen Length of the file's name

length Length of the file itself
date/time Date and time the file was created
name File's name
The following is sample output from the show flash: command.

RouterA#show flash:
-#- ED --type-- --crc--- -seek-- nlen -length- -----date/time------ name

1 .. unknown 317FBA1B 4A0694 24 4720148 Aug 29 1997 17:49:36 hampton/nitro/c7200-
2 .. unknown 9237F3FF 92C574 11 4767328 Oct 01 1997 18:42:53 c7200-js-mz
3 .D unknown 71AB01F1 10C94E0 10 7982828 Oct 01 1997 18:48:14 rsp-jsv-mz
4 .D unknown 96DACD45 10C97E0 8 639 Oct 02 1997 12:09:17 the_time
5 .. unknown 96DACD45 10C9AE0 3 639 Oct 02 1997 12:09:32 the_time
6 .D unknown 96DACD45 10C9DE0 8 639 Oct 02 1997 12:37:01 the_time
7 .. unknown 96DACD45 10CA0E0 8 639 Oct 02 1997 12:37:13 the_time
3104544 bytes available (17473760 bytes used)
RouterA#show flash: chips
******** Intel Series 2+ Status/Register Dump ********
ATTRIBUTE MEMORY REGISTERS:

Config Option Reg (4000): 2
Config Status Reg (4002): 0
Card Status Reg (4100): 1
Write Protect Reg (4104): 4
Voltage Cntrl Reg (410C): 0
Rdy/Busy Mode Reg (4140): 2

Block Status Regs:

Block Status Regs:
Block Status Regs:

Block Status Regs:

Block Status Regs:
The following is a sample of output from the show flash: filesys command:
RouterA#show flash: filesys
-------- F I L E S Y S T E M S T A T U S --------
Device Number = 0
DEVICE INFO BLOCK:
Magic Number = 6887635 File System Vers = 10000 (1.0)
Length = 1400000 Sector Size = 20000
Programming Algorithm = 4 Erased State = FFFFFFFF
File System Offset = 20000 Length = 13A0000
MONLIB Offset = 100 Length = C730
Bad Sector Map Offset = 1FFEC Length = 14
Squeeze Log Offset = 13C0000 Length = 20000
Squeeze Buffer Offset = 13E0000 Length = 20000
Num Spare Sectors = 0
Spares:
STATUS INFO:
Writable
NO File Open for Write
Complete Stats
No Unrecovered Errors
No Squeeze in progress
USAGE INFO:
Bytes Used = 10AA0E0 Bytes Available = 2F5F20
Bad Sectors = 0 Spared Sectors = 0
OK Files = 4 Bytes = 90C974
Deleted Files = 3 Bytes = 79D3EC
Files w/Errors = 0 Bytes = 0
The table below describes fields in the sample output for Class B Flash file systems
Table: show (Class BFlash File System) all Fields
Field Description
addr Address of the file in Flash memory
available Total number of bytes available in Flash memory
Bank Bank number
Bank-Size Size of bank in bytes
bytes used Total number of bytes used in Flash memory
ccksum Computed checksum
Chip Chip number
Code Code number
Copy-Mode Method by which the partition can be copied to:
RXBOOT-MANUAL indicates a user can copy manually by reloading to the boot

ROM image.
RXBOOT-FLH indicates user can copy via Flash load helper.
Direct indicates user can copy directly into Flash memory.
None indicates that it is not possible to copy into that partition.
fcksum Checksum recorded in Flash memory
File Number of the system image file. If no filename is specified in the boot system flash
command, the router boots the system image file with the lowest file number.
Free Number of bytes free in partition

Length Size of the system image file (in bytes)
Name Name of chip manufacturer and chip type
Name/status Filename and status of a system image file. The status [invalidated] appears when a file
been rewritten (recopied) into Flash memory. The first (now invalidated) copy of the fil
still present within Flash memory, but it is rendered unusable in favor of the newest
version. The [invalidated] status can also indicate an incomplete file that results from th
user abnormally terminating the copy process, a network timeout, or a Flash memory
overflow.
Partition Partition number in Flash memory
Size Size of partition in bytes or size of chip
State State of the partition. It can be one of the following values:
Read-Only indicates the partition that is being executed from.

Read/Write is a partition that can be copied to.
System flash Flash directory and its contents

directory
total Total size of Flash memory, in bytes
Used Number of bytes used in partition
The following is a sample of output from the show flash: command:

RouterB> show flash:

1 4137888 c3640-c2is-mz.Feb24
16384K bytes of processor board System flash (Read/Write)\
The following example shows detailed information about the second partition in internal Flash memory:
RouterB#show flash: partition 2

The following is a sample of output from the show flash: all command:
RouterB> show flash: all
Partition Size Used Free Bank-Size State Copy Mode


addr fcksum ccksum
1 4137888 c3640-c2is-mz.Feb24
0x40 0xED65 0xED65

1 1 01D5 1024KB AMD 29F080
2 1 01D5 1024KB AMD 29F080
3 1 01D5 1024KB AMD 29F080
4 1 01D5 1024KB AMD 29F080
1 2 01D5 1024KB AMD 29F080
2 2 01D5 1024KB AMD 29F080
3 2 01D5 1024KB AMD 29F080
4 2 01D5 1024KB AMD 29F080
1 3 01D5 1024KB AMD 29F080
2 3 01D5 1024KB AMD 29F080
3 3 01D5 1024KB AMD 29F080
4 3 01D5 1024KB AMD 29F080
1 4 01D5 1024KB AMD 29F080
2 4 01D5 1024KB AMD 29F080
3 4 01D5 1024KB AMD 29F080
4 4 01D5 1024KB AMD 29F080
The following is a sample of output from the show flash: all command on a router with Flash memory
partitioned:
Router#show flash: all


addr fcksum ccksum
1 3459720 master/igs-bfpx.100-4.3
0x40 0x3DE1 0x3DE1
4096K bytes of processor board System flash (Read ONLY)
1 1 89A2 1024KB INTEL 28F008SA
2 1 89A2 1024KB INTEL 28F008SA
3 1 89A2 1024KB INTEL 28F008SA
4 1 89A2 1024KB INTEL 28F008SA
Executing current image from System flash [partition 1]
System flash directory, partition2:

addr fcksum ccksum
1 3224008 igs-kf.100
0x40 0xEE91 0xEE91

1 2 89A2 1024KB INTEL 28F008SA
2 2 89A2 1024KB INTEL 28F008SA
3 2 89A2 1024KB INTEL 28F008SA
4 2 89A2 1024KB INTEL 28F008SA
RouterB>show flash: chips

1 1 01D5 1024KB AMD 29F080
2 1 01D5 1024KB AMD 29F080
3 1 01D5 1024KB AMD 29F080
4 1 01D5 1024KB AMD 29F080
1 2 01D5 1024KB AMD 29F080
2 2 01D5 1024KB AMD 29F080
3 2 01D5 1024KB AMD 29F080
4 2 01D5 1024KB AMD 29F080
1 3 01D5 1024KB AMD 29F080
2 3 01D5 1024KB AMD 29F080
3 3 01D5 1024KB AMD 29F080
4 3 01D5 1024KB AMD 29F080
1 4 01D5 1024KB AMD 29F080
2 4 01D5 1024KB AMD 29F080
3 4 01D5 1024KB AMD 29F080
4 4 01D5 1024KB AMD 29F080
The following is a sample of output from the show flash: detailed command:
RouterB>show flash: detailed

addr fcksum ccksum
1 4137888 c3640-c2is-mz.Feb24
0x40 0xED65 0xED65
The following is a sample of output from the show flash: err command:
RouterB>show flash: err

1 4137888 c3640-c2is-mz.Feb24
Chip Bank Code Size Name erase write

1 1 01D5 1024KB AMD 29F080 0 0
2 1 01D5 1024KB AMD 29F080 0 0
3 1 01D5 1024KB AMD 29F080 0 0
4 1 01D5 1024KB AMD 29F080 0 0
1 2 01D5 1024KB AMD 29F080 0 0
2 2 01D5 1024KB AMD 29F080 0 0
3 2 01D5 1024KB AMD 29F080 0 0
4 2 01D5 1024KB AMD 29F080 0 0
1 3 01D5 1024KB AMD 29F080 0 0
2 3 01D5 1024KB AMD 29F080 0 0
3 3 01D5 1024KB AMD 29F080 0 0
4 3 01D5 1024KB AMD 29F080 0 0
1 4 01D5 1024KB AMD 29F080 0 0
2 4 01D5 1024KB AMD 29F080 0 0
3 4 01D5 1024KB AMD 29F080 0 0
4 4 01D5 1024KB AMD 29F080 0 0
Refer to tables above for a description of the fields. The show flash: err command also displays
two extra fields, erase and write. The erase field indications the number of erase errors. The write
field indicates the number of write errors.
The following is a sample of output from the show flash summary command on a router with
Flash memory partitioned. The partition in the Read Only state is the partition from which the
Cisco IOS image is being executed.
Router#show flash summary

Misconceptions:
None
Related Commands:
None
Command:
show frame-relay lmi
Mode:
Router#
Syntax:
show frame-relay lmi [type number]
Syntax Description:
type (Optional) Interface type, it must be serial
To display statistics about the Local Management Interface (LMI), use the show frame-relay lmi
EXEC command.
Enter the command without arguments to obtain statistics about all Frame Relay interfaces.
Example:
is a DTE:
LMI Statistics for interface Serial0/1 (Frame Relay DTE) LMI TYPE = ANSI
Num Update Status Rcvd 0 Num Status Timeouts 9
is an NNI:
LMI Statistics for interface Serial0/2 (Frame Relay NNI) LMI TYPE = CISCO
Num Status Enq. Rcvd 11 Num Status msgs Sent 11
Num Update Status Rcvd 0 Num St Enq. Timeouts 0
Num Update Status Sent 0 Num Status Timeouts 0
The table below describes significant fields shown in the output.
Table: show frame-relay lmi Field Descriptions
Field Description
LMI Statistics Signaling or LMI specification: CISCO, ANSI, or ITU-T
Invalid Unnumbered Number of received LMI messages with invalid unnumbered

info information field
Invalid Prot Disc Number of received LMI messages with invalid protocol
discriminator
Invalid dummy Call Number of received LMI messages with invalid dummy call
Ref references
Invalid Msg Type Number of received LMI messages with invalid message type
Invalid Status Number of received LMI messages with invalid status message
Message
Invalid Lock Shift Number of received LMI messages with invalid lock shift type
Invalid Information Number of received LMI messages with invalid information

ID identifier
Invalid Report IE Len Number of received LMI messages with invalid Report IE Length
Invalid Report Number of received LMI messages with invalid Report Request
Request
Invalid Keep IE Len Number of received LMI messages with invalid Keep IE Length
Num Status Enq. Sent Number of LMI status inquiry messages sent
Num Status Msgs Number of LMI status messages received

Rcvd
Num Update Status Number of LMI asynchronous update status messages received
Rcvd
Num Status Timeouts Number of times the status message was not received within the
keepalive time value
Num Status Enq. Number of LMI status enquiry messages received

Rcvd
Num Status Msgs Number of LMI status messages sent

Sent
Num Status Enq. Number of times the status enquiry message was not received within
Timeouts the T392 DCE timer value
Num Update Status Number of LMI asynchronous update status messages sent
Sent
Misconceptions:
None
Related commands:
None

Command:
Mode:
Router#
Syntax:
Syntax Description:
To display the current map entries and information about the connections, use the show frame-
relay map EXEC command.
Example:
The following is a sample of output from the show frame-relay map command:
Router# show frame-relay map
Serial 1 (administratively down): ip 131.108.177.177

dlci 177 (0xB1,0x2C10), static, broadcast, CISCO
TCP/IP Header Compression (inherited), passive (inherited)
Table: show frame-relay map Field Descriptions

Field Description
Serial 1 (administratively Identifies a Frame Relay interface and its status (up or down).
down)
ip 131.108.177.177 Destination IP address.
dlci 177 (0xB1,0x2C10) DLCI that identifies the logical connection being used to reach
this interface. This value is displayed in three ways: its decimal
value (177), its hexadecimal value (0xB1), and its value as it
would appear on the wire (0x2C10).
static Indicates whether this is a static or dynamic entry.
CISCO Indicates the encapsulation type for this map, either CISCO or
IETF.
TCP/IP Header Indicates whether the TCP/IP header compression

Compression (inherited), characteristics were inherited from the interface or were
passive (inherited) explicitly configured for the IP map.
Misconceptions:
None
Related commands:

Command:
Mode:
Router#
Syntax:
show frame-relay pvc [type number [dlci]]
Syntax Description:
dlci (Optional) This represents one of the specific DLCI numbers used on the interface.
Statistics for the specified PVC display when a DLCI is also specified.
To display statistics about PVCs for Frame Relay interfaces, use the show frame-relay pvc EXEC
command.
Statistics Reporting
To obtain statistics about PVCs on all Frame Relay interfaces, use this command with no
arguments.
Per VC counters are not incremented at all when either autonomous or SSE switching is
configured. Therefore, PVC values will be inaccurate if either switching method is used.
DCE, DTE, and Logical Interfaces
When the interface is configured as a DCE and the DLCI usage is SWITCHED, the value
displayed in the PVC STATUS field is determined by the status of outgoing interfaces (up or
down) and the status of the outgoing PVC. The status of the outgoing PVC is updated in the Local
Management Interface (LMI) message exchange. PVCs terminated on a DCE interface use the
status of the interface to set the PVC STATUS.
In the case of a hybrid DTE switch, the PVC status on the DTE side is determined by the PVC
status reported by the external Frame Relay network through the LMI.
If the outgoing interface is a tunnel, the PVC status is determined by what is learned from the
tunnel.
Traffic Shaping
Congestion control mechanisms are currently not supported, but the switch passes forward explicit
congestion notification (FECN) bits, backward explicit congestion notification (BECN) bits, and
discard eligibility (DE) bits unchanged from entry to exit points in the network.
If an LMI status report indicates that a PVC is not active, then it is marked as inactive. A PVC is
marked as deleted if it is not listed in a periodic LMI status message.
Example:
The following is a sample of output from the show frame-relay pvc command:
PVC Statistics for interface Serial (Frame Relay DCE)
DLCI = 22, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial3/1:1.1

Shaping adapts to ForeSight in ForeSight signals 1304
pvc create time 1d05h, last time pvc status changed 00:11:00
If the circuit is configured for shaping to adapt to BECN, it is indicated in the display:
Shaping adapts to BECN
If traffic shaping on the circuit does not adapt to either BECN or ForeSight, nothing extra shows:
DLCI = 100, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE

Num Pkts Switched 0
The following is a sample of output from the show frame-relay pvc command for multipoint subinterfaces
both the subinterface number and the DLCI. This display is the same whether the PVC is configured for sta
addressing:


The following table describes the additional fields shown in the display when traffic sh

Field Descriptions
Field Description
DLCI One of the data link connection identifier (DLCI) numbers for the PVC
DLCI USAGE One of the following values:
SWITCHED—the router or access server is used as a switch

LOCAL—the router or access server is used as a DTE
UNUSED—the DLCI is not referenced by any user-entered configurat
router
PVC STATUS Status of the PVC: ACTIVE, INACTIVE, or DELETED
INTERFACE = Specific subinterface associated with this DLCI

Serial0.103
input pkts Number of packets received on this PVC
output pkts Number of packets sent on this PVC
in bytes Number of bytes received
out bytes Number of bytes sent
dropped pkts Number of packets dropped by the router at Frame Relay level because an a
was not found
in FECN pkts Number of packets received with the FECN bit set
in BECN pkts Number of packets received with the BECN bit set
out FECN pkts Number of packets sent with the FECN bit set
out BECN pkts Number of packets sent with the BECN bit set
in DE pkts Number of DE packets received
out DE pkts Number of DE packets sent
outbcast pkts Number of output broadcast packets
outbcast bytes Number of output broadcast bytes
pvc create time Time the PVC was created
last time pvc status Time the PVC changed status (active to inactive)
changed
Num Pkts Switched Number of packets switched within the router or access server, this PVC is
The following is a sample of output from the show frame-relay pvc command with no traffic shaping conf

The following is a sample of output from the show frame-relay pvc command when traffic shaping is in ef
pvc create time 11:59:29, last time pvc status changed 11:59:29
CIR 64000 BC 8000 BE 1600 limit 2000 interval 125
mincir 32000 byte incremen 500 BECN response yes
pkts 9776 bytes 838676 pkts delayed 0 bytes delayed 0
shaping inactive
List Queue Args

1 4 byte-count 100
Output queues: (queue #: size/max/drops)
0: 0/20/0 1: 0/20/0 2: 0/20/0 3: 0/20/0 4: 0/20/0
5: 0/20/0 6: 0/20/0 7: 0/20/0 8: 0/20/0 9: 0/20/0
10: 0/20/0 11: 0/20/0 12: 0/20/0 13: 0/20/0 14: 0/20/0
15: 0/20/0 16: 0/20/0

Field Descriptions with Traffic Shaping in Effect
Field Description
CIR Current committed information rate (CIR), in bits per second
BC Current committed burst size, in bits
BE Current excess burst size, in bits
limit Maximum number of bytes transmitted per internal interval (excess plus
sustained)
interval Interval being used internally interval being used internally (may be smaller than the inte
Bc/CIR, this happens when the router determines that traffic flow will be more stable wit
interval)
mincir Minimum committed information rate (CIR) for the PVC
incremen Number of bytes that will be sustained per internal interval
BECN Frame Relay has BECN Adaptation configured

response
List Queue Identifier and parameter values for a custom queue list defined for the PVC (These identi
Args correspond to the command queue-list 1
queue 4 byte-count 100)
Output Output queues used for the PVC, with the current size, the maximum size, and the numbe
queues shown for each queue
The packet and byte values are counts for the number of packets and bytes that have gone through the traffi
Misconceptions:
None
Related commands:
None

Command:
show hosts
Mode:
Router#
Syntax:
show hosts
Syntax Description:
Example:
Router#show hosts

abc (perm, OK) 0 IP 12.12.12.12
Router#
Misconceptions:
None
Related commands:
ip host

Command:
show interfaces
Mode:
Router>
Router#
Syntax:
Syntax Description:
Example:
Misconceptions:
None
Related commands:
None

Command:
show interfaces fair-queue
Mode:
Router#
Syntax:
show interfaces [interface-type interface-number] fair-queue
Syntax Description:
interface-type (Optional) The name of the interface.
interface-number (Optional) The number of the interface.
To display information and all statistics about weighted fair queueing for a VIP-based interface,
use the show interfaces fair-queue EXEC command.
Example:
The following is a sample of output from the show interfaces fair-queue command:
Router#show interfaces fair-queue
Hssi0/0/0 queue size 0

packets output 1417079, drops 2
WFQ: aggregate queue limit 54, individual queue limit 27
max available buffers 54
Class 0: weight 10 limit 27 qsize 0 packets output 1150 drops 0

The table describes the fields and statistics shown in this display.
Table: show interfaces fair-queue Field Descriptions

Field Description
queue size Current output queue size for this interface
packets output Number of packets transmitted out this interface, or, number of packets in
this class transmitted out the interface.
drops Number of packets dropped, or, number of packets in this class dropped
aggregate queue Aggregate limit, in number of packets

limit
individual queue Individual limit, in number of packets

limit
max available Available buffer space allocated to aggregate queue limit, in number of
buffers packets
Class QoS group or ToS class
weight Percent of bandwidth allocated to this class during periods of congestion
limit Queue limit for this class, in number of packets
qsize Current size of the queue for this class
Misconceptions:
None
Related commands:
show interfaces

Command:
show ip arp
Mode:
Router#
Syntax:
show ip arp [ip-address] [hostname] [mac-address] [type number]
Syntax Description:
ip-address (Optional) ARP entries matching this IP address are displayed.
hostname (Optional) Host name.
mac-address (Optional) 48-bit MAC address.
type number (Optional) ARP entries learned via this interface type and number are
displayed.
To display the Address Resolution Protocol (ARP) cache, where SLIP addresses appear as
permanent ARP table entries, use the show ip arp EXEC command.
ARP establishes correspondences between network addresses (an IP address, for example) and
LAN hardware addresses (Ethernet addresses). A record of each correspondence is kept in a cache
for a predetermined amount of time and then discarded.
Example:
The following is a sample of output from the show ip arp command:
Router#show ip arp
Protocol Address Age(min) Hardware Addr Type Interface

Internet 171.69.233.22 9 0000.0c59.f892 ARPA Ethernet0/0
Internet 171.69.233.21 8 0000.0c07.ac00 ARPA Ethernet0/0
The table describes significant fields shown in the display.
Table: show ip arp Field Descriptions
Field Description
Protocol Protocol for network address in the Address field
Address The network address that corresponds to Hardware Address
Age (min) Age, in minutes, of the cache entry. A hyphen (-) means the address is local
Hardware Addr LAN hardware address a MAC address that corresponds to network
address
Type Type of encapsulation:
ARPA—Ethernet
SNAP—RFC 1042
SAP—IEEE 802.3
Interface Interface to which this address mapping has been assigned
Misconceptions:
None
Related commands:
None

Command:
show ip bgp
Mode:
Router#
Syntax:
show ip bgp [network] [network-mask] [longer-prefixes]
Syntax Description:
network (Optional) Network number, entered to display a particular network in the

BGP routing table
network-mask (Optional) Displays all BGP routes matching the address/mask pair
longer- (Optional) Displays route and more specific routes

prefixes
To display entries in the BGP routing table, use the show ip bgp EXEC command.
Examples:
The following is a sample of output from the show ip bgp command:
Router#show ip bgp


* i3.0.0.0 193.0.22.1 0 100 0 1800 1239 ?
*>i 193.0.16.1 0 100 0 1800 1239 ?
* i6.0.0.0 193.0.22.1 0 100 0 1800 690 568 ?
*>i 193.0.16.1 0 100 0 1800 690 568 ?
* i7.0.0.0 193.0.22.1 0 100 0 1800 701 35 ?
*>i 193.0.16.1 0 100 0 1800 701 35 ?
* 198.92.72.24 0 1878 704 701 35 ?
* i8.0.0.0 193.0.22.1 0 100 0 1800 690 560 ?
*>i 193.0.16.1 0 100 0 1800 690 560 ?
* 198.92.72.24 0 1878 704 701 560 ?
* i13.0.0.0 193.0.22.1 0 100 0 1800 690 200 ?
*>i 193.0.16.1 0 100 0 1800 690 200 ?
* 198.92.72.24 0 1878 704 701 200 ?
* i15.0.0.0 193.0.22.1 0 100 0 1800 174 ?
*>i 193.0.16.1 0 100 0 1800 174 ?
* i16.0.0.0 193.0.22.1 0 100 0 1800 701 i
*>i 193.0.16.1 0 100 0 1800 701 i
* 198.92.72.24 0 1878 704 701 i
The following table describes the significant fields in the display:
Table: show ip bgp Field Descriptions
Field Description
BGP table This shows the internal version number of the table. This number is
version incremented whenever the table changes.
local router IP address of the router

ID
Status Status of the table entry. The status is displayed at the beginning of each line
codes in the table. It can be one of the following values:
s—The table entry is suppressed.
*—The table entry is valid.
>—The table entry is the best entry to use for that network.
i—The table entry was learned via an internal BGP session.
Origin This field indicates the origin of the entry. The origin code is placed at the end
codes of
each line in the table. It can be one of the following values:
i—Entry originated from IGP and was advertised with a network router
e—Entry originated from EGP.
?—Origin of the path is not clear Usually, this is a router that is

redistributed into BGP from an IGP.
Network IP address of a network entity

Next Hop The IP address of the next system that is used when forwarding a packet to the
destination network. An entry of 0.0.0.0 indicates that the router has some
non-BGP routes to this network.
Metric If shown, this is the value of the interautonomous system metric. This field is
frequently not used.
LocPrf This displays the local preference value as set with the set local-preference
route-map configuration command. The default value is 100.
Weight Weight of the route as set via autonomous system filters
Path This shows the autonomous system paths to the destination network. There
can be one entry in this field for each autonomous system in the path.
The following is a sample of output from the show ip bgp command when you specify longer-
prefixes:
Router#show ip bgp 198.92.0.0 255.255.0.0 longer-prefixes


*> 198.92.0.0 198.92.72.30 8896 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.1.0 198.92.72.30 8796 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.11.0 198.92.72.30 42482 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.14.0 198.92.72.30 8796 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.15.0 198.92.72.30 8696 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.16.0 198.92.72.30 1400 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.17.0 198.92.72.30 1400 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.18.0 198.92.72.30 8876 32768 ?
* 198.92.72.30 0 109 108 ?
*> 198.92.19.0 198.92.72.30 8876 32768 ?
* 198.92.72.30 0 109 108 ?
The following is a sample of output from the show ip bgp command, showing information for
prefix 3.0.0.0:
Router#show ip bgp 3.0.0.0
BGP routing table entry for 3.0.0.0/8, version 628
Paths: (1 available, best #1)
Advertised to peer-groups:
ebgp
Advertised to non peer-group peers:
171.69.232.162
109 65000 297 701 80
171.69.233.56 from 171.69.233.56 (172.19.185.32)
Origin incomplete, localpref 100, valid, external, best, ref 2
Misconceptions:
None
Related commands:
None

Command:
show ip cache
Mode:
Router#
Syntax:
show ip cache [prefix mask] [type number]
Syntax Description:
prefix (Optional) Display only the entries in the cache that match the prefix and mask
combination.
mask (Optional) Display only the entries in the cache that match the prefix and mask
combination.
type (Optional) Display only the entries in the cache that match the interface type and
number combination.
number (Optional) Display only the entries in the cache that match the interface type and
number combination.
To display the routing table cache used to fast switch IP traffic, use the show ip cache EXEC
command. The show ip cache display shows MAC headers up to 92 bytes.
Example:
Router#show ip cache
IP routing cache version 4490, 141 entries, 20772 bytes, 0 hash overflows
Minimum invalidation interval 2 seconds, maximum interval 5 seconds,
quiet interval 3 seconds, threshold 0 requests
Invalidation rate 0 in last 7 seconds, 0 in last 3 seconds
Last full cache invalidation occurred 0:06:31 ago
Prefix/Length
Age
Interface MAC Header
131.108.1.1/32 0:01:09
Ethernet0/0 AA000400013400000C0357430800
131.108.1.7/32 0:04:32
Ethernet0/0 00000C01281200000C0357430800
131.108.1.12/32 0:02:53
Ethernet0/0 00000C029FD000000C0357430800
131.108.2.13/32 0:06:22
Fddi2/0
00000C05A3E000000C035753AAAA030000000800
131.108.2.160/32 0:06:12
Fddi2/0
00000C05A3E000000C035753AAAA030000000800
131.108.3.0/24 0:00:21
Ethernet1/2 00000C026BC600000C03574D0800
131.108.4.0/24 0:02:00
Ethernet1/2 00000C026BC600000C03574D0800
131.108.5.0/24 0:00:00
Ethernet1/2 00000C04520800000C03574D0800
131.108.10.15/32 0:05:17
Ethernet0/2 00000C025FF500000C0357450800
131.108.11.7/32 0:04:08
Ethernet1/2 00000C010E3A00000C03574D0800
131.108.11.12/32 0:05:10
Ethernet0/0 00000C01281200000C0357430800
131.108.11.57/32 0:06:29
Ethernet0/0 00000C01281200000C0357430800
Misconceptions:
None
Related commands:
ip route-cache
ip route-cache cef

Command:
show ip dhcp
Mode:
Router#
Syntax:
Syntax Description:
statistics
Example:

Misconceptions:
None
Related commands:
None

Command:
show ip eigrp interfaces
Mode:
Router#
Syntax:
show ip eigrp interfaces [interface-type interface-number] [as-
number]
Syntax Description:
interface-type: (Optional) Interface type
interface-number Displays the Enhanced IGRP topology table
as-number (Optional) Interface number
This command displays EIGRP statistics and status information.
Example:
Router#show ip eigrp interfaces
Misconceptions:
None
Related commands:

Command:
Mode:
Router#
Syntax:
show ip eigrp topology [autonomous-system-number | [[ip-address]
mask]]
Syntax Description:
autonomous-system-number (Optional) Autonomous system number
(Optional) IP address. When specified with a mask, a detailed
ip address
description of the entry is provided.
mask (Optional) Subnet mask
To display the EIGRP topology table, use the show ip eigrp topology EXEC command. This
command is also used to determine Diffusing Update Algorithm (DUAL) states and to debug
possible DUAL problems.
Example:
Router#show ip eigrp topology
Misconceptions:
None
Related commands:
show ip eigrp

Command:
show ip igmp interface
Mode:
Router#
Syntax:
show ip igmp interface [type number]
Syntax Description:
To display multicast-related information about an interface, use the show ip igmp interface EXEC
command.
If you omit the optional arguments, the show ip igmp interface command displays information
about all interfaces.
This command also displays information about dynamically learned DVMRP routers on the
interface.
Example:
The following is sample output from the show ip igmp interface command:
Router#show ip igmp interface

Tunnel0 is up, line protocol is up
Table: show ip igmp interface Field Descriptions
Field Description
Ethernet0 is up, line Interface type, number, and status.

protocol is up
Internet address is... Internet address of the interface and subnet mask being applied to
subnet mask is... the interface, as specified with the ip address command.
IGMP is enabled on Indicates whether IGMP has been enabled on the interface with the
interface ip pim command.
IGMP query interval is Interval at which the Cisco IOS software sends PIM router-query
60 seconds messages, as specified with the ip igmp query-interval
command.
Inbound IGMP access Indicates whether an IGMP access group has been configured with
group is not set the ip igmp access-group command.
Multicast routing is Indicates whether multicast routing has been enabled on the
enabled on interface interface with the ip pim command.
Multicast TTL Packet time-to-threshold, as specified with the ip multicast ttl-

threshold is 0 threshold command.
Multicast designated IP address of the designated router for this LAN segment (subnet).
router (DR) is...
Multicast groups Indicates whether this interface is a member of any multicast

joined: groups and, if so, lists the IP addresses of the groups.
No multicast groups
joined
Misconceptions:
None
Related commands:
ip igmp join-group

Command:
show ip inspect
Mode:
Router#
Syntax:
show ip inspect {name inspection-name | config | interfaces |
session [detail] | all }
Syntax Description:
name Shows the configured inspection rule with the name inspection-name
config Shows the complete CBAC inspection configuration
interfaces Shows interface configuration with respect to applied inspection rules and access
lists
Shows existing sessions that are currently being tracked and inspected by CBAC.
session The optional detail keyword causes additional details about these sessions to be
shown.
all Shows all CBAC configuration and all existing sessions that are currently being
tracked and inspected by CBAC.
This command shows configuration information and statistics about context based access control
processes.
Example:
Router#show ip inspect all
Misconceptions:
None
Related commands:
None

Command:
show ip interface
Mode:
Router>
Router#
Syntax:
Syntax Description:
command.
Example:
MTU is 1500 bytes
Field Description
be up.
subnet mask
by...
forwarding
joined
for the interface.
interface.
compression
"disabled."
Misconceptions:
None
Related commands:
show interfaces
show access-lists

Command:
show ip interface brief
Mode:
Router#
Syntax:
show ip interface brief
Syntax Description:
To display a brief summary of the information and status for an IP address, use the show ip
interface brief command in EXEC mode.
Example:
The following is a sample of output from the show ip interface brief command:
Router#show ip interface brief
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
Ethernet0 172.30.160.22 YES NVRAM up up
Misconceptions:
None
Related commands:
show ip interface

Command:
Mode:
Router#
Syntax:
Syntax Description:
To display Network Address Translation (NAT) statistics, use the show ip nat statistics EXEC
command.
Example:
The following is a sample of output from the show ip nat statistics command:
Router#show ip nat statistics
Total translations: 2 (0 static, 2 dynamic; 0 extended)

Outside interfaces: Serial0/0
Inside interfaces: FastEthernet0/1
Hits: 135 Misses: 5
Expired translations: 2
Dynamic mappings:
-- Inside Source
access-list 1 pool net-208 refcount 2
pool net-208: netmask 255.255.255.240
start 171.69.233.208 end 171.69.233.221
type generic, total addresses 14, allocated 2 (14%), misses 0
Table: show ip nat statistics Field Descriptions
Field Description
Total Number of translations active in the system. This number is incremented
translations each time a translation is created and is decremented each time a translation
is cleared or times out.
Outside List of interfaces marked as outside with the ip nat outside command
interfaces
Inside List of interfaces marked as inside with the ip nat inside command
interfaces
Hits Number of times the software does a translations table lookup and finds an
entry
Misses Number of times the software does a translations table lookup, fails to find
an entry, and must try to create one
Expired Cumulative count of translations that have expired since the router was
translations booted
Dynamic Indicates that the information that follows is about dynamic mappings
mappings
Inside Source The information that follows is about an inside source translation
access-list Access list number being used for the translation
pool Name of the pool (in this case, net-208)
refcount Number of translations that are using this pool
netmask IP network mask being used in the pool
start Starting IP address in the pool range
end Ending IP address in the pool range
type Type of pool. Possible types are generic or rotary
total addresses Number of addresses in the pool that are available for translation
allocated Number of addresses being used
misses Number of failed allocations from the pool

Misconceptions:
None
Related commands:
ip nat

Command:
Mode:
Router#
Syntax:
show ip nat translations [verbose]
Syntax Description:
verbose (Optional) Displays additional information for each translation table entry,
including how long ago the entry was created and used.
To display active Network Address Translation (NAT) translations, use the show ip nat
translations EXEC command.
Examples:
The following is a sample of output from the show ip nat translations command. Without
overloading, two inside hosts are exchanging packets with some number of outside hosts.

--- 171.69.233.209 192.168.1.95 --- ---
--- 171.69.233.210 192.168.1.89 --- --
With overloading, a translation for a DNS transaction is still active, and translations for two Telnet
sessions (from two different hosts) are also active. Note that two different inside hosts appear on
the outside with a single IP address.

udp 171.69.233.209:1220 192.168.1.95:1220 171.69.2.132:53 171.69.2.132:53
tcp 171.69.233.209:11012 192.168.1.89:11012 171.69.1.220:23 171.69.1.220:23
tcp 171.69.233.209:1067 192.168.1.95:1067 171.69.1.161:23 171.69.1.161:23
The following is a sample of output that includes the verbose keyword.
Router#show ip nat translations verbose

udp 171.69.233.209:1220 192.168.1.95:1220 171.69.2.132:53 171.69.2.132:53
tcp 171.69.233.209:11012 192.168.1.89:11012 171.69.1.220:23 171.69.1.220:23
tcp 171.69.233.209:1067 192.168.1.95:1067 171.69.1.161:23 171.69.1.161:23
Table: show ip nat translationsField Descriptions
Field Description
Pro Protocol of the port identifying the address
Inside The legitimate IP address (assigned by the NIC or service provider) that
global represents one or more inside local IP addresses to the outside world.
Inside The IP address assigned to a host on the inside network; probably not a
Outside IP address of an outside host as it appears to the inside network; probably not a
Outside The IP address assigned to a host on the outside network by its owner
global
create How long ago the entry was created (in hours:minutes:seconds).
use How long ago the entry was last used (in hours:minutes:seconds).
flags Indication of the type of translation. Possible flags are:
extended—Extended translation
static—Static translation
destination—Rotary translation
outside—Outside translation
timing out—Translation will no longer be used, due to a TCP FIN or RST.
Misconceptions:
None
Related commands:
ip nat
ip nat pool

Command:
show ip ospf
Mode:
Router#
Syntax:
show ip ospf { [process-id] | border-routers | database |
interface | virtual-links }
Syntax Description:
process- Displays information about a specific instance of OSPF, it is the same value
id specified by the router ospf command
border- Displays the internal OSPF routing table entries to an area border router (ABR)
routers and autonomous system boundary router (ASBR)
database Displays lists of information related to the OSPF database for a specific router
interface Display OSPF-related interface information, including timers, neighbor ID's, and
network type, and area details
virtual- Displays parameters about and the current state of OSPF virtual links, including
links timers, and state of adjacency
Displays statistics and status information of running ospf processes.
Example:
Router#show ip ospf interface
Misconceptions:
None
Related commands:
router ospf
debug all
Command:
Mode:
Router#
Syntax:
show ip pim interface [type number] [count]
Syntax Description:
count (Optional) Number of packets received and sent out the interface
To display information about interfaces configured for Protocol Independent Multicast (PIM) , use
the show ip pim interface EXEC command.
This command works only on interfaces that are configured for PIM.
Examples:
The following is a sample of output from the show ip pim interface command:
Router#show ip pim interface
Address Interface Mode Neighbor Query DR

Count Interval
10.1.37.2 Tunnel0 Dense 1 30 0.0.0.0
The following is a sample of output from the show ip pim interface command with a count:
Router#show ip pim interface count
Address Interface FS Mpackets In/Out
171.69.121.35 FastEthernet0/0 * 548305239/13744856
171.69.121.35 Serial0/0.33 * 8256/67052912
198.92.12.73 Serial0/0.1719 * 219444/862191
Table: show ip pim interface Field Descriptions
Field Description
Address IP address of the next-hop router.
Interface Interface type and number that is configured to run PIM.
Mode Multicast mode in which the Cisco IOS software is operating. This can be
dense mode or sparse mode. DVMRP indicates a DVMRP tunnel is
configured.
Neighbor Number of PIM neighbors that have been discovered through this interface. If
Count the Neighbor Count is 1 for a DVMRP tunnel, the neighbor is active
(receiving probes and reports).
Query Frequency, in seconds, of PIM router-query messages, as set by the ip pim

Interval query-interval interface configuration command. The default is 30 seconds.
DR IP address of the designated router on the LAN. Note that serial lines do not
have designated routers, so the IP address is shown as 0.0.0.0.
FS An asterisk (*) in this column indicates fast switching is enabled.
Mpackets Number of packets into and out of the interface since the box has been up.
In/Out
Misconceptions:
None
Related commands:

Command:
Mode:
Router#
Syntax:
show ip pim neighbor [type number]
Syntax Description:
To list the PIM neighbors discovered by the Cisco IOS software, use the show ip pim neighbor
EXEC command.
Use this command to determine which routers on the LAN are configured for PIM.
Example:
The following is a sample of output from the show ip pim neighbor command:
Router#show ip pim neighbor
PIM Neighbor Table

Neighbor Address Interface Uptime Expires Mode
198.92.37.2 FastEthernet0 17:38:16 0:01:25 Dense
198.92.37.33 FastEthernet0 17:33:20 0:01:05 Dense (DR)
198.92.36.131 FastEthernet0/1 17:33:20 0:01:08 Dense (DR)
198.92.36.130 FastEthernet0/1 18:56:06 0:01:04 Dense
10.1.22.9 Tunnel0 19:14:59 0:01:09 Dense
Table: show ip pim neighbor Field Descriptions

Field Description
Neighbor IP address of the PIM neighbor

Address
Interface Interface type and number on which the neighbor is reachable
Uptime How long in hours, minutes, and seconds the entry has been in the PIM
neighbor table
Expires How long in hours, minutes, and seconds until the entry will be removed
from the IP multicast routing table
Mode Mode in which the interface is operating
(DR) Indicates that this neighbor is a designated router on the LAN
Misconceptions:
None
Related commands:

Command:
show ip prefix-list
Mode:
Router#
Router>
Syntax:
Syntax Description:
detail |
summary
sequence-
number
prefix-
list-name
network/length
longer
network/length.
Example:

Misconceptions:
Related commands:
ip prefix-list
distribute-list

Command:
show ip protocols
Mode:
Router#
Syntax:
show ip protocols
Syntax Description:

Examples:
processes:

198.92.72.0
198.92.72.18 100 0:56:41
198.92.72.19 100 6d19
198.92.72.22 100 0:55:41
198.92.72.20 100 0:01:04
198.92.72.30 100 0:01:29

Neighbor(s):
192.108.211.17 1
192.108.213.89 1
198.6.255.13 1
198.92.72.18 1
198.92.72.19
198.92.84.17 1
192.108.209.0
192.108.211.0
198.6.254.0
198.92.72.19 20 0:05:28
Field Description

"igrp 109"

every 90 seconds

seconds

seconds
outgoing updates
hopcount
injecting routes
displayed:
IP address
processes:

160.89.0.0
160.89.81.28 90 0:02:36
160.89.80.28 90 0:03:04
160.89.80.31 90 0:03:04
Field Description
routes.
routes.
processes:

None
Serial0
processes:

Redistributing: rip
Ethernet0 2 2 trees
Fddi0 2 2
172.19.0.0
2.0.0.0
3.0.0.0
Misconceptions:
None
Related commands:
None

Command:
show ip route
Mode:
Router#
Syntax:
Syntax Description:

address
displayed.
name or number.
Example:
O 2.0.0.0/8 [110/128] via 1.1.1.2, 00:07:11, Serial0
O 3.1.1.1 [110/129] via 1.1.1.2, 00:07:11, Serial0
Misconceptions:
None
Related commands:
ip route
ip default-network

Command:
show ipx access-list
Mode:
Router#
Syntax:
show ipx access-list [access-list-number | name]
Syntax Description:
access-list- (Optional) Number of the IPX access list to display. This is a number from
number 800 to 899, 900 to 999, 1000 to 1099, or 1200 to 1299.
name (Optional) Name of the IPX access list to display.
To display the contents of all current IPX access lists, use the show ipx access-list EXEC
command.
The show ipx access-list command provides output identical to the show access-lists command,
except that it is IPX specific and allows you to specify a particular access list.
Examples:
The following is a sample of output from the show ipx access-list command when all access lists
are requested:
Router#show ipx access-list
IPX extended access list 900

deny any 1
deny FFFFFFFF 107
deny FFFFFFFF 301C
permit FFFFFFFF 0
The following is a sample of output from the show ipx access-list command when the name of a
specific access list is requested:
Router#show ipx access-list London
deny FFFFFFFF 107
deny FFFFFFFF 301C
permit FFFFFFFF 0
Misconceptions:
None
Related commands:
ipx access-list
ipx access-group

Command:
Mode:
Router#
Syntax:
show ipx eigrp interfaces [type number] [as-number]
Syntax Description:
as-number (Optional) Autonomous system number.
To display information about interfaces configured for EIGRP, use the show ipx eigrp interfaces
EXEC command.
Use the show ipx eigrp interfaces command to determine on which interfaces EIGRP is active
and to find out information about EIGRP relating to those interfaces.
If an interface is specified, only that interface is displayed. Otherwise, all interfaces on which
EIGRP is running are displayed.
If an autonomous system is specified, only the routing process for the specified autonomous system
is displayed. Otherwise, all EIGRP processes are displayed.
Example:
The following is a sample of output from the show ipx eigrp interfaces command:
Router>show ipx eigrp interfaces
IPX EIGRP interfaces for process 109

Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Di0 0 0/0 0 11/434 0 0
Et0 1 0/0 337 0/10 0 0
SE0:1.16 1 0/0 10 1/63 103 0
Tu0 1 0/0 330 0/16 0 0
Table: show ipx eigrp interfaces Field Descriptions
Field Description
process 109 Autonomous system number of the process.
Interface Interface name.
Peers Number of neighbors on the interface.
Xmit Queue Count of unreliable and reliable packets queued for transmission.
Mean SRTT Average round-trip time for all neighbors on the interface.
Pacing Time Number of milliseconds to wait after transmitting unreliable and reliable
packets.
Multicast Flow Number of milliseconds to wait for acknowledgment of a multicast packet

Timer by all neighbors before transmitting the next multicast packet.
Pending Number of routes still to be transmitted on this interface.

Routes
Misconceptions:
None
Related commands:
Command:
Mode:
Router#
Syntax:
show ipx eigrp neighbors [servers] [autonomous-system-number |
interface] [regexp name]
Syntax Description:
servers (Optional) Displays the server list advertised by each neighbor.
This is displayed only if the ipx sap incremental command is
enabled on the interface on which the neighbor resides.
autonomous- (Optional) Autonomous system number, an integer in the range

system-number 1 to 65535
interface (Optional) Interface type and number
regexp name (Optional) Displays the IPX servers whose names match the regular
expression
To display the neighbors discovered by EIGRP, use the show ipx eigrp neighbors EXEC
command.
Example:
The following is a sample of output from the show ipx eigrp neighbors command:
Router# show ipx eigrp neighbors
IPX EIGRP Neighbors for process 1
H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num
0 200.0000.0c34.d83b Et0/2 11 00:00:18 2 200 0 10
4 server 2037.0000.0000.0001:0001 2
4 server2 2037.0000.0000.0001:0001 2
1 200.0000.0c34.d83c Et0/2 11 00:00:18 2 200 0 10
4 server 2037.0000.0000.0001:0001 2
The following table describes the fields shown in the display:
Table: show ipx eigrp neighbors Field Descriptions
Field Description
process Autonomous system number specified in the ipx router configuration command
200
H Handle, an arbitrary and unique number inside this router that identifies the
neighbor
Address IPX address of the EIGRP peer
Interface Interface on which the router is receiving hello packets from the peer
Hold Length of time, in seconds, that the Cisco IOS software will wait to hear from the
peer before declaring it down (If the peer is using the default hold time, this
number will be less than 15. If the peer configures a nondefault hold time, it will
be reflected here).
Uptime Elapsed time (in hours, minutes, and seconds) since the local router first heard
from this neighbor
Q Cnt Number of IPX EIGRP packets (Update, Query, and Reply) that the Cisco IOS
software is waiting to send
SRTT Smooth round-trip time, this is the number of milliseconds it takes for an IPX
EIGRP packet to be sent to this neighbor and for the local router to receive an
acknowledgment of that packet
RTO Retransmission timeout (in milliseconds), this is the amount of time the Cisco
IOS software waits before retransmitting a packet from the retransmission queue
to a neighbor
Seq Num Sequence number of the last Update, Query, or Reply packet that was received
from this neighbor
Type Contains codes from the Codes field to indicates how service was learned
Name Name of server
Address Network address of server
Port Source socket number
Misconceptions:
None
Related commands:

Command:
Mode:
Router#
Syntax:
show ipx eigrp topology [network-number] [active] [all-links] [as
as_number] [pending] [summary] [zero-successors]
Syntax Description:
network-number (Optional) IPX network number whose topology table entry to display
active Show only active entries
all-links Show all links in topology table
as Show only entries for this autonomous system
pending Show only entries pending transmission
summary Show a summary of the topology table
zero-successors Show only zero successor entries
To display the EIGRP topology table, use the show ipx eigrp topology EXEC command.
Examples:
The following is a sample of output from the show ipx eigrp topology command:
Router#show ipx eigrp topology
IPX EIGRP Topology Table for process 109

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - Reply status
P 160, 1 successor via Connected, FastEthernet
via Redistributed (287744/0)
P 164, 1 successors, flags: U, FD is 200
P A112, 1 successors, FD is 0
via Connected, FastEthernet1/2
P AAABBB, 1 successors, FD is 10003
via Redistributed (287744/0),
A A112, 0 successors, 1 replies, state: 0, FD is 0
via 160.0000.0c00.8ea9 (332800/307200), r, FastEthernet0/1
The table below describes the fields shown in the output.
Table: show ipx eigrp topology Field Descriptions
Field Description
Codes State of this topology table entry. Passive and Active refer to the EIGRP
state with respect to this destination; Update, Query, and Reply refer to
the type of packet that is being sent.
P - Passive No EIGRP computations are being performed for this destination
A - Active EIGRP computations are being performed for this destination
U - Update Indicates that an update packet was sent to this destination
Q - Query Indicates that a query packet was sent to this destination
R - Reply Indicates that a reply packet was sent to this destination
r - Reply status Flag that is set after the Cisco IOS software has sent a query and is
waiting for a reply
42, 160, and so Destination IPX network number

on
successors Number of successors. This number corresponds to the number of next

hops in the IPX routing table.
FD Feasible distance. This value is used in the feasibility condition check. If

the neighbor's reported distance (the metric after the slash) is less than
the feasible distance, the feasibility condition is met and that path is a
feasible successor. Once the router determines it has a feasible successor,
it does not have to send a query for that destination.
replies Number of replies that are still outstanding (have not been received) with
respect to this destination. This information appears only when the
destination is in Active state.
state Exact EIGRP state that this destination is in. It can be the number 0, 1, 2,
or 3. This information appears only when the destination is Active.
via IPX address of the peer who told the Cisco IOS software about this
destination. The first n of these entries, where n is the number of
successors, are the current successors. The remaining entries on the list
are feasible successors.
(345088/319488) The first number is the EIGRP metric that represents the cost to the
destination. The second number is the EIGRP metric that this peer
advertised.
The following is a sample of output from the show ipx eigrp topology command when you
specify an IPX network number:
Router#show ipx eigrp topology 160
IPX-EIGRP topology entry for 160

State is Passive, Query origin flag is 1, 1 Successor(s)
Routing Descriptor Blocks:
Next hop is Connected (FastEthernet0/0), from 0.0000.0000.0000
Composite metric is (0/0), Send flag is 0x0, Route is Internal
Vector metric:
Load is 1/255
Minimum MTU is 1500
Hop count is 0
Next hop is 164.0000.0c00.8ea9 (FastEthernet0/1), from 164.0000.0c00.8ea9
Composite metric is (307200/281600), Send flag is 0x0, Route is External
This is an ignored route
Vector metric:
Load is 1/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 0000.0c00.8ea9
External protocol is RIP, metric is 1, delay 2
Administrator tag is 0 (0x00000000)
Flag is 0x00000000
Table: show ipx eigrp topology Field Descriptions—Specific Network
Field Description
160 IPX network number of the destination
State is ... State of this entry. It can be either Passive or Active. Passive
means that no EIGRP computations are being performed for this
destination, and Active means that they are being performed.
Query origin flag Exact EIGRP state that this destination is in. It can be the number
0, 1, 2, or 3. This information appears only when the destination is
Active.
Successor(s) Number of successors. This number corresponds to the number of

next hops in the IPX routing table.
Next hop is ... Indicates how this destination was learned. It can be one of the
following:
Connected—The destination is on a network directly

connected to this router.
Redistributed—The destination was learned via RIP or
another EIGRP process.
IPX host address—The destination was learned from that
peer via this EIGRP process.
from Peer from whom the information was learned. For connected and
redistributed routers, this is 0.0000.0000.0000. For information
learned via EIGRP, this is the peer's address. Currently, for
information learned via EIGRP, the peer's IPX address always
matches the address in the "Next hop is" field.
Composite metric is EIGRP composite metric. The first number is this device's metric
to the destination, and the second is the peer's metric to the
destination.
Send flag Numeric representation of the "flags" field described in Table. It is

0 when nothing is being sent, 1 when an Update is being sent,
3 when a Query is being sent, and 4 when a Reply is being sent.
Currently, 2 is not used.
Route is ... Type of router. It can be either internal or external. Internal routes
are those that originated in an EIGRP autonomous system, and
external are routes that did not. Routes learned via RIP are always
external.
This is an ignored route Indicates that this path is being ignored because of filtering
Vector metric: This section describes the components of the EIGRP metric
Minimum bandwidth Minimum bandwidth of the network used to reach the next hop
Total delay Delay time to reach the next hop
Reliability Reliability value used to reach the next hop
Load Load value used to reach the next hop
Minimum MTU Minimum MTU size of the network used to reach the next hop
Hop count Number of hops to the next hop
External data: This section describes the original protocol from which this route
was redistributed. It appears only for external routes.
Originating router Network address of the router that first distributed this route into
EIGRP
External External protocol from which this route was learned. The metric
protocol..metric..delay will match the external hop count displayed by the show ipx route
command for this destination. The delay is the external delay.
Administrator tag Not currently used
Flag Not currently used
Misconceptions:
None
Related commands:
show ipx route

Command:
show ipx interface
Mode:
Router#
Syntax:
show ipx interface [type number] [brief]
Syntax Description:
type (Optional) Interface type. It can be one of the following types: asynchronous,
dialer, Ethernet (IEEE 802.3), FDDI, loopback, null, serial, Token Ring, or tunnel.
brief Brief summary of IPX interface status and configuration
To display the status of the IPX interfaces configured in the Cisco IOS software and the parameters
configured on each interface, use the show ipx interface EXEC command.
Examples:
The following is a sample of output from the show ipx interface command:
Router#show ipx interface fastethernet 0/1
FastEthernet0/1 is up, line protocol is up

IPX address is C03.0000.0c05.6030, NOVELL-ETHER [up] line-up, RIPPQ: 0, SAPPQ : 0
Delay of this Novell network, in ticks is 1
The following is a sample of output from the show ipx interface command when NLSP is enabled:
Router#show ipx interface fastethernet 1

IPX address is E001.0000.0c02.8cf9, SAP [up] line-up, RIPPQ: 0, SAPPQ : 0
Delay of this IPX network, in ticks is 1 throughput 0 link delay 0
IPX NLSP is running on primary network E001
RIP compatibility mode is AUTO (OFF)
SAP compatibility mode is AUTO (OFF)
Level 1 Hello interval 20 sec
Level 1 Designated Router Hello interval 10 sec
Level 1 CSNP interval 30 sec
Level 1 LSP retransmit interval 5 sec, LSP (pacing) interval 1000 mSec
Level 1 adjacency count is 1
Level 1 circuit ID is 0000.0C02.8CF9.02
Table: show ipx interface Field Descriptions
Field Description
Ethernet1 is ..., Type of interface and whether it is currently active and inserted into the
line protocol is ... network (up) or inactive and not inserted (down)
IPX address is ... Network and node address of the local router interface, followed by the
type of encapsulation configured on the interface and the interface's status.
Refer to the ipx network command for a list of possible values.
NOVELL-ETHER Type of encapsulation being used on the interface, if any
[up] line-up Indicates whether IPX routing is enabled or disabled on the interface. The
"line-up" indicates that IPX routing has been enabled with the ipx routing
command. The "line-down" indicates that it is not enabled. The word in
square brackets provides more detail about the status of IPX routing when
it is in the process of being enabled or disabled.
RIPPQ Number of packets in the RIP queue
SAPPQ Number of packets in the SAP queue
Secondary address Address of a secondary network configured on this interface, if any,

is ... followed by the type of encapsulation configured on the interface and the
interface's status. Refer to the ipx routing command for a list of possible
values. This line is displayed only if you have configured a secondary
address with the ipx routing command.
Delay of this IPX Value of the ticks field (configured with the ipx delay command)
network, in ticks,
...
throughput Throughput of the interface (configured with the ipx spx-idle-time

interface configuration command)
link delay Link delay of the interface (configured with the ipx link-delay interface
configuration command)
IPXWAN Indicates whether IPXWAN processing has been enabled on this interface
processing... with the ipx ipxwan command
IPX SAP update Indicates the frequency of outgoing SAP updates (configured with the ipx
interval update interval command)
IPX type 20 Indicates whether forwarding of IPX type 20 propagation packets (used by
propagation packet NetBIOS) is enabled or disabled on this interface, as configured with the
forwarding... ipx type-20-propagation command.
Outgoing access Indicates whether an access list has been enabled with the
list ipx access-group command
IPX Helper access Number of the broadcast helper list applied to the interface with the ipx
list helper-list command
SAP Input filter Number of the input SAP filter applied to the interface with the ipx input-
list sap-filter command
SAP Output filter Number of the output SAP filter applied to the interface with the ipx
list output-sap-filter command.
SAP Router filter Number of the router SAP filter applied to the interface with the ipx
list router-sap-filter command
SAP GNS output Number of the Get Nearest Server (GNS) response filter applied to the
filter list interface with the ipx output-gns-filter command
Input filter list Number of the input filter applied to the interface with the
ipx input-network-filter command
Output filter list Number of the output filter applied to the interface with the
ipx output-network-filter command
Router filter list Number of the router entry filter applied to the interface with the ipx
router-filter command
Netbios Input host Name of the IPX NetBIOS input host filter applied to the interface with the
access list ipx netbios input-access-filter host command
Netbios Input bytes Name of the IPX NetBIOS input bytes filter applied to the interface with
access list the ipx netbios input-access-filter bytes command
Netbios Output Name of the IPX NetBIOS output host filter applied to the interface with
host access list the ipx netbios input-access-filter host command
Netbios Output Name of the IPX NetBIOS output bytes filter applied to the interface with
bytes access list the ipx netbios input-access-filter bytes command
Update time How often the Cisco IOS software sends RIP updates, as configured with
the ipx update sap-after-rip command
Watchdog Indicates whether watchdog spoofing is enabled of disabled for this
spoofing ... interface, as configured with the ipx watchdog-spoof command. This
information is displayed only on serial interfaces.
IPX accounting Indicates whether IPX accounting has been enabled with the ipx
accounting command
IPX fast switching Indicates whether IPX fast switching is enabled (default) or disabled for
IPX autonomous this interface, as configured with ipx route-cache command. (If IPX
switching autonomous switching is enabled, it is configured with the ipx route-cache
cbus command.)
IPX SSE switching Indicates whether IPX SSE switching is enabled for this interface, as
configured with the ipx route-cache sse command
IPX NLSP is Indicates that NLSP is running and the number of the primary IPX network
running on primary on which it is running
network E001
RIP compatibility State of RIP compatibility (configured by the ipx nlsp rip interface
SAP compatibility State of SAP compatibility (configured by the ipx nlsp sap interface
Level 1 Hello Interval between transmission of hello packets for nondesignated routers
interval (configured by the ipx nlsp hello-interval interface configuration
command)
Level 1 Designated Interval between transmission of hello packets for designated routers
Router Hello (configured by the ipx nlsp hello-interval interface configuration
interval command)
Level 1 CSNP CSNP interval (as configured by the ipx nlsp csnp-interval interface
interval configuration command)
Level 1 LSP LSP retransmission interval (as configured by the ipx nlsp retransmit-
retransmit interval interval interface configuration command)
LSP (pacing) LSP transmission interval (as configured by the ipx nlsp lsp-interval
interval interface configuration command)
Level 1 adjacency Number of Level 1 adjacencies in the adjacency database

count
Level 1 circuit ID System ID and pseudonode number of the designated router. In this
example, 0000.0C02.8CF9 is the system ID, and 02 is the pseudonode
number.
Misconceptions:
None
Related commands:
ipx access-list
ipx network
ipx routing

Command:
show ipx route
Mode:
Router#
Syntax:
show ipx route [network] [default] [detailed]
Syntax Description:
network (Optional) Number of the network whose routing table entry you want to display.
This is an eight-digit hexadecimal number that uniquely identifies a network cable
default (Optional) Displays the default route. This is equivalent to specifying a value of
FFFFFFFE for the argument network.
detailed (Optional) Displays detailed route information.
To display the contents of the IPX routing table, use the show ipx route user EXEC command.
Examples:
The following is a sample of output from the show ipx route command:


C 7000 (TUNNEL), Tu1
S 200 via 7000.0000.0c05.6023, Tu1
R 300 [02/01] via 100.0260.8c8d.e748, 19s, Et1
S 2008 via 7000.0000.0c05.6023, Tu1
R CC0001 [02/01] via 100.0260.8c8d.e748, 19s, Et1
Table: show ipx route Field Descriptions
Field Description
Codes Codes defining how the route was learned.
L - Local Internal network number.
C - Connected Directly connected primary network.

primary network
c - connected Directly connected secondary network.

secondary
network
S - Static Statically defined route via the ipx route command.
R - RIP Route learned from a RIP update.
E - EIGRP Route learned from an Enhanced IGRP (EIGRP) update.
W - IPXWAN Directly connected route determined via IPXWAN.
8 Total IPX routes Number of routes in the IPX routing table.
No parallel paths Maximum number of parallel paths for which the Cisco IOS software
allowed has been configured with the ipx maximum-paths command.
Novell routing Indicates whether the Cisco IOS software is using the IPX-compliant
algorithm variant routing algorithms (default).
in use
Net 1 Network to which the route goes.
[3/2] Delay/Metric. Delay is the number of IBM clock ticks (each tick is
1/18 seconds) reported to the destination network. Metric is the number
of hops reported to the same network. Delay is used as the primary
routing metric, and the metric (hop count) is used as a tie breaker.
via network.node Address of a router that is the next hop to the remote network.
age Amount of time (in hours, minutes, and seconds) that has elapsed since
information about this network was last received.
uses Number of times this network has been looked up in the route table.
This field is incremented when a packet is process-switched, even if the
packet is eventually filtered and not sent. As such, this field represents
a fair estimate of the number of times a route gets used.
Ethernet0 Interface through which packets to the remote network will be sent.
(NOVELL- Encapsulation (frame) type. This is shown only for directly connected
ETHER) networks.
is directly Indicates that the network is directly connected to the router.

connected
When the Cisco IOS software generates an aggregated route, the show ipx route command
displays a line item similar to the following:
NA 1000 FFFFF000 [**][**/06] via 0.0000.0000.0000, 163s, Nu0
In the following example, the router that sends the aggregated route also generates the aggregated
route line item in its table. But the entry in the table points to the null interface (Nu0), indicating
that if this aggregated route is the most-specific route when a packet is being forwarded, the router
drops the packet instead.

NA 1000 FFFFF000 [**][**/06] via 0.0000.0000.0000, 163s, Nu0

L 2008 is the internal network
C 89 (SAP), To0
C 91 (SAP), To1
N 2 [19][01/01] via 91.0000.30a0.51cd, 317s, To1
N 3 [19][01/01] via 91.0000.30a0.51cd, 327s, To1
N 20 [20][01/01] via 1.0000.0c05.8b24, 2024s, Et0
N 101 [19][01/01] via 91.0000.30a0.51cd, 327s, To1
NX 1000 [20][02/02][01/01] via 1.0000.0c05.8b24, 2024s, Et0
N 2010 [20][02/01] via 1.0000.0c05.8b24, 2025s, Et0
N 2011 [19][02/01] via 91.0000.30a0.51cd, 328s, To1
The following is a sample of output from the show ipx route detailed command:
Router#show ipx route detailed

R - RIP, E - EIGRP, N - NLSP, X - External, s - seconds, u - uses

C E001 (SAP), Et0
C D35E2 (NOVELL-ETHER), Et2
R D34 [02/01]
-- via E001.0000.0c02.8cf9, 43s, 1u, Et0
N D36 [20][02/01]
-- via D35E2.0000.0c02.8cfc, 704s, 1u, Et2
10000000:1000:1500:0000.0c02.8cfb:6:0000.0c02.8cfc
NX D40 [20][03/02][02/01]
-- via D35E2.0000.0c02.8cfc, 704s, 1u, Et2
10000000:2000:1500:0000.0c02.8cfb:6:0000.0c02.8cfc
R D34E1 [01/01]
-- via E001.0000.0c02.8cf9, 43s, 1u, Et0
NX D40E1 [20][02/02][01/01]
-- via D35E2.0000.0c02.8cfc, 704s, 3u, Et2
10000000:2000:1500:0000.0c02.8cfb:6:0000.0c02.8cfc
N D36E02 [20][01/01]
-- via D35E2.0000.0c02.8cfc, 705s, 2u, Et2
10000000:2000:1500:0000.0c02.8cfb:6:0000.0c02.8cfc
The table below explains the additional fields shown in the display.
Table: show ipx route detailed Field Descriptions

Field Description
1u Number of times this network has been looked up in the route table. This
field is incremented when a packet is process-switched, even if the packet
is eventually filtered and not sent. As such, this field represents a fair
estimate of the number of times a route gets used.
10000000 (NLSP only) Throughput (end to end).
3000 (NLSP only) Link delay (end to end).
1500 (NLSP only) MTU (end to end).
0000.0c02.8cfb (NLSP only) System ID of the next-hop router.
6 (NLSP only) Local circuit ID.
0000.0c02.8cfc (NLSP only) MAC address of the next-hop router.
Misconceptions:
None
Related commands:
clear ipx route
ipx route

Command:
show ipx servers
Mode:
Router#
Syntax:
show ipx servers [detailed] [network network_number] [unsorted |
[sorted [name | net | type]]] [regexp name]
Syntax Description:
unsorted (Optional) Does not sort entries when displaying IPX servers.
sorted (Optional) Sorts the display of IPX servers according to the keyword that
follows.
name (Optional) Displays the IPX servers alphabetically by server name.
net (Optional) Displays the IPX servers numerically by network number.
type (Optional) Displays the IPX servers numerically by SAP service type. This
is the default.
regexp (Optional) Displays the IPX servers whose names match the regular
name expression.
detailed Comprehensive display including path detail
network Display Services on a particular network
To list the IPX servers discovered through Service Advertising Protocol (SAP) advertisements, use
the show ipx servers EXEC command.
Examples:
The following is a sample of output from the show ipx servers command when NLSP is enabled:
Router#show ipx servers
9 Total IPX Servers
N+ 4 MERLIN1-VIA-E03 E03E03.0002.0004.0006:0451 4/03 4 Et0
N+ 4 merlin E03E03.0002.0004.0006:0451 4/03 3 Et0
N+ 4 merlin 123456789012345 E03E03.0002.0004.0006:0451 4/03 3 Et0
S 4 WIZARD1--VIA-E0 E0.0002.0004.0006:0451 none 2
N+ 4 dtp-15-AB E002.0002.0004.0006:0451 none 4 Et0
N+ 4 dtp-15-ABC E002.0002.0004.0006:0451 none 4 Et0
N+ 4 dtp-15-ABCD E002.0002.0004.0006:0451 none 4 Et0
N+ 4 merlin E03E03.0002.0004.0006:0451 4/03 3 Et0
N+ 4 dtp-15-ABC E002.0002.0004.0006:0451 none 4 Et0
Table: show ipx servers Field Descriptions

Field Description
Codes: Codes defining how the service was learned.
S - Static Statically defined service via the ipx sap command.
P - Periodic Service learned via a SAP update.
E - EIGRP Service learned via EIGRP.
N - NLSP Service learned via NLSP.
H- Indicates that the entry is in holddown mode and is not reachable.

Holddown
+ - detail Indicates that multiple paths to the server exist. Use the show ipx servers
detailed EXEC command to display more detailed information about the
paths.
Type Contains codes from Codes field to indicates how service was learned.
Name Name of server.
Net Network on which server is located.
Address Network address of server.
Port Source socket number.
Route Ticks/hops (from the routing table).
Hops Hops (from the SAP protocol).
Itf Interface through which to reach server.
The following example uses a regular expression to display SAP table entries corresponding to a
particular group of servers in the accounting department of a company:
Router#show ipx servers regexp ACCT\_SERV.+

9 Total IPX Servers
S 108 ACCT_SERV_1 7001.0000.0000.0001:0001 1/01 2 Et0
S 108 ACCT_SERV_2 7001.0000.0000.0001:0001 1/01 2 Et0
S 108 ACCT_SERV_3 7001.0000.0000.0001:0001 1/01 2 Et0
See the table above for show IPX servers field descriptions.
Misconceptions:
None
Related commands:
None

Command:
show ipx traffic
Mode:
Router#
Syntax:
show ipx traffic [since boot | since show ]
Syntax Description:
since boot IPX protocol statistics since system booted
since show IPX protocol statistics since last show command was issued
To display information about the number and type of IPX packets transmitted and received, use the
show ipx traffic user EXEC command.
Example:
The following is a sample of output from the show ipx traffic command:
Router>show ipx traffic
System Traffic for 0.0000.0000.0001 System-Name: router

Time since last clear: never
Rcvd: 0 total, 0 format errors, 0 checksum errors, 0 bad hop count
0 packets pitched, 0 local destination, 0 multicast
Bcast: 0 received, 0 sent
Sent: 0 generated, 0 forwarded
0 encapsulation failed, 0 no route
SAP: 0 Total SAP requests, 0 Total SAP replies, 1 servers
0 SAP General Requests, 2 sent, 0 ignored, 0 replies
0 SAP Get Nearest Server requests, 0 replies
0 SAP Nearest Name requests, 0 replies
0 SAP General Name requests, 0 replies
0 SAP advertisements received, 324 sent, 0 Throttled
0 SAP flash updates sent, 0 SAP format errors
RIP: 0 RIP requests, 0 ignored, 0 RIP replies, 3 routes
0 RIP advertisements received, 684 sent, 0 Throttled
0 RIP flash updates sent, 0 atlr sent
2 RIP general requests sent
0 RIP format errors
Echo: Rcvd 0 requests, 0 replies
0 unknown: 0 no socket, 0 filtered, 0 no helper
0 SAPs throttled, freed NDB len 0
Watchdog:
0 packets received, 0 replies spoofed
Queue lengths:
IPX input: 0, SAP 0, RIP 0, GNS 0
SAP throttling length: 0/(no limit), 0 nets pending lost route reply
Delayed process creation: 0
EIGRP: Total received 0, sent 0
Updates received 0, sent 0
Queries received 0, sent 0
Replies received 0, sent 0
SAPs received 0, sent 0
NLSP: Time since last clear: never
NLSP: Level-1 Hellos (sent/rcvd): 0/0
PTP Hellos (sent/rcvd): 0/0
Level-1 LSPs sourced (new/refresh): 1/0
Level-1 LSPs flooded (sent/rcvd): 0/0
LSP Retransmissions: 0
Level-1 CSNPs (sent/rcvd): 0/0
Level-1 PSNPs (sent/rcvd): 0/0
Level-1 DR Elections: 0
Level-1 SPF Calculations: 1
Level-1 Partial Route Calculations: 0
LSP checksum errors received: 0
Trace: Rcvd 0 requests, 0 replies
Table: show ipx traffic Field Descriptions
Field Description
Rcvd: Description of the packets received
total Total number of packets received
format errors Number of bad packets discarded (for example, packets with
a corrupted header). Includes IPX packets received in an
encapsulation that this interface is not configured for.
checksum errors Number of packets containing a checksum error. This

number should always be 0, because IPX rarely uses a
checksum.
bad hop count Number of packets discarded because their hop count
exceeded 16
packets pitched Number of times the device received its own broadcast
packet
local destination Number of packets sent to the local broadcast address or

specifically to the router
multicast Number of packets received that were addressed to an IPX

multicast address
Bcast: Description of broadcast packets the router received and sent
received Number of broadcast packets received
sent Number of broadcast packets sent, including those the router

is either forwarding or has generated
Sent: Description of packets the software generated and sent and

those the software received and routed to other destinations
generated Number of packets sent that the router generated itself
forwarded Number of packets sent that the router forwarded from other
sources
encapsulation failed Number of packets the software was unable to encapsulate
no route Number of times the software could not locate a route to the
destination in the routing table
SAP: Description of the Service Advertising Protocol (SAP)

packets sent and received
Total SAP requests Cumulative sum of SAP requests received:
SAP general requests

SAP Get Nearest Server (GNS) requests
Total SAP replies Cumulative sum of all SAP reply types: General, Get Nearest
Server, Nearest Name, and General Name
servers Number of servers in the SAP table

SAP General Requests, Number of general SAP requests, sent requests, ignored
received, sent, ignored, requests, and replies. This field applies to Cisco IOS Release
replies 11.2 and later.
SAP Get Nearest Server, Number of GNS requests and replies. This field applies to
requests, replies Cisco IOS Release 11.2 and later.
SAP Nearest Name Number of SAP Nearest Name requests and replies. This
requests, replies field applies to Cisco IOS Release 11.2 and later.
SAP advertisements Number of SAP advertisements generated and then sent as a

received and sent result of a change to the routing or service tables
Throttled Number of SAP advertisements discarded because they

SAP flash updates sent Number of SAP flash updates generated and sent because of
changes to routing or service tables
SAP format errors Number of incorrectly formatted SAP advertisements

received
RIP: Description of the Routing Information Protocol (RIP)

packets received and sent
RIP requests Number of RIP requests received
ignored Number of RIP requests ignored
RIP replies Number of RIP replies sent in response to RIP requests
routes Number of RIP routes in the current routing table
RIP advertisements Number of RIP advertisements received from another router

received
sent Number of RIP advertisements generated and then sent
Throttled Number of RIP advertisements discarded because they

RIP flash updates sent Number of RIP flash updates generated and sent and number
of advertisements to lost routes sent because of changes to
atlr sent the routing table.
RIP general requests sent Number of RIP general requests generated and then sent
RIP format errors Number of incorrectly formatted RIP packets received
Echo: Description of the ping replies and requests received and sent
Rcvd requests, replies Number of ping requests and replies received
Sent requests, replies Number of ping requests and replies sent
unknown Number of unsupported packets received on socket
no socket, filtered, no Number of packets that could not be forwarded because

helper helper addresses were improperly configured
SAPs throttled Number of SAP packets discarded because they exceeded

buffer capacity
freed NDB len Number of Network Descriptor Blocks removed from the
network but still needing to be removed from the routing
table of the router
Watchdog: Description of the watchdog packets the software handled
packets received Number of watchdog packets received from IPX servers on

the local network
replies spoofed Number of times the software responded to a watchdog

packet on behalf of the remote client
Queue lengths Description of outgoing packets currently in buffers waiting

to be processed
IPX input Number of incoming packets waiting to be processed
SAP Number of outgoing SAP packets waiting to be processed
RIP Number of outgoing RIP packets waiting to be processed
GNS Number of outgoing GNS packets waiting to be processed
SAP throttling length Maximum number of outgoing SAP packets allowed in the
buffer. Additional packets received are discarded.
nets pending lost reply Number of "downed" routes being processed by the Lost
route Route Algorithm
EIGRP: Total received, sent Description of the Enhanced Interior Gateway Protocol
(EIGRP) packets the router received and sent
Updates received, sent Number of EIGRP updates received and sent
Queries received, sent Number of EIGRP queries received and sent
Replies received, sent Number of EIGRP replies received and sent
SAPs received, sent Number of SAP packets received from and sent to EIGRP
neighbors
NLSP: Description of the NetWare Link Services Protocol (NLSP)

packets the router sent and received
Level-1 Hellos (sent/rcvd) Number of LAN hello packets sent and received
PTP Hellos (sent/rcvd) Number of point-to-point Hello packets sent and received
Misconceptions:
None
Related commands:
None

Command:
show isdn active
Mode:
Router#
Syntax:
show isdn active
Syntax Description:
Displays current call information, including called number, the time until the call is disconnected,
AOC (Advice of Charge) charging units used during the call, and whether the AOC information is
provided during calls or at end of calls.
Example:
Router#show isdn active
-------------------------------------------------------------------------------
ISDN ACTIVE CALLS
-------------------------------------------------------------------------------
History Table MaxLength = 320 entries
History Retain Timer = 15 Minutes
-------------------------------------------------------------------------------
Call Calling Called Duration Remote Time until Recorded Charges
Type Number Number Seconds Name Disconnect Units/Currency
-------------------------------------------------------------------------------
Out 9876543222 Active(10) idacom 11
u(E)
Out 9876543210 Active(34) idacom 115 5 u(D)
-------------------------------------------------------------------------------
Misconceptions:
None
Related commands:
show isdn status

Command:
show isdn status
Mode:
Router#
Syntax:
show isdn status [dsl | interface-type number]
Syntax Description:
Displays the status of a specific digital signal link (DSL) or a specific
dsl | interface-type
ISDN interface. The dsl range can vary, depending on the hardware
number
platform. Interface-type can be bri or serial.
Displays the status of all ISDN interfaces or, optionally, a specific digital signal link (DSL) or a
specific ISDN interface. The dsl range can vary , depending on the hardware platform. Interface-
type can be bri or serial.
Example:
Router#show isdn status
Global ISDN Switchtype = basic-5ess

ISDN BRI0 interface
Layer 1 Status:
ACTIVE
Layer 2 Status:
Layer 3 Status:
ISDN BRI1 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN BRI2 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN BRI3 interface
Layer 1 Status: ACTIVE
Layer 2 Status:
Layer 3 Status:
ISDN BRI4 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN BRI5 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN BRI6 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN BRI7 interface
Layer 1 Status:
DEACTIVATED
Layer 2 Status:
Layer 3 Status:
ISDN Serial0:15 interface
dsl 8, interface ISDN Switchtype = primary-ni
Layer 1 Status:
ACTIVE
Layer 2 Status:
Layer 3 Status:
Total Allocated ISDN CCBs = 0
Misconceptions:
None
Related commands:
show isdn active

Command:
show line
Mode:
Router#
Syntax:
show line [line-number | aux number | console number | tty number
| vty number]
Syntax Description:
aux Auxiliary line
line-
number The line number to be shown
To display the parameters of a terminal line, use the show line EXEC command.
Example:
The following sample output from the show line command shows that line 17 is a virtual terminal
line with a transmit and receive rate of 9600 bps. Also shown is the modem state, terminal screen
width and length, and so on.
Router#show line 17
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns
A 17 VTY 9600/9600 - - - - - 1 0 0/0
Line 17, Location: "", Type: ""

Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600
Status: Ready, Connected, Active, No Exit Banner, Async interface active
Capabilities: Line usable as async interface
Modem state: Ready
Special Chars: Escape Hold Stop Start Disconnect Activation
^^x none - - none
Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch
never never none not set
Session limit is not set.
Time since activation: never
Editing is enabled.
History is enabled, history size is 10.
Full user help is disabled
Allowed transports are lat telnet rlogin mop. Preferred is lat.
No output characters are padded
No special data dispatching characters
Line is running SLIP routing for address 1.0.0.2.

0 output packets queued, 0 input packets.
Group codes: 0
The table describes the fields in the show line output.

Table: Show Line Field Descriptions
Field Description
Tty Line number. In this case, 17.
Typ Type of line. In this case, a virtual terminal line (VTY), which is active, in
asynchronous mode denoted by the preceding `A.' Other possible values are:
CTY---console
AUX---auxiliary port
TTY---asynchronous terminal port
lpt---parallel printer
Tx/Rx Transmit rate/receive rate of the line.

A Indicates whether autobaud has been configured for the line. A value of F
indicates that autobaud has been configured; a hyphen indicates that it has not
been configured.
Modem Types of modem signals that have been configured for the line. Possible values
include
callin
callout
cts-req
DTR-Act
inout
RIisCD
Roty Rotary group configured for the line.

AccO, AccI Output or Input access list number configured for the line.
Uses Number of connections established to or from the line since the system was
restarted.
Noise Number of times noise has been detected on the line since the system restarted.
Overruns Hardware (UART) overruns and/or software buffer overflows, both defined as the
number of overruns or overflows that have occurred on the specified line since the
system was restarted. Hardware overruns are buffer overruns; the UART chip has
received bits from the software faster than it can process them. A software
overflow occurs when the software has received bits from the hardware faster than
it can process them.
Line Current line.
Location Location of the current line.
Type Type of line, as specified by the line global configuration command.
Length Length of the terminal or screen display.
Width Width of the terminal or screen display.
Baud rate Transmit rate/receive rate of the line.
(TX/RX)
Status State of the line: Ready or not, connected or disconnected, active or inactive, exit
banner or no exit banner, async interface active or inactive.
Capabilities Current terminal capabilities. In this case, the line is usable as an asynchronous
interface.
Modem state Modem control state. This field should always read READY.
Special Chars Current settings of special characters that were input by the user (or taken by
default) from the following global configuration commands:
escape-character
hold-character
stop-character
start-character
disconnect-character
activation-character
Timeouts Current settings that were input by the user (or taken by default) from the
following global configuration commands:
exec-timeout
session-timeout
dispatch-timeout
modem answer-timeout
Session limit Maximum number of sessions.
Time since Last time start_process was run.
activation
Editing Whether or not command line editing is enabled.
History Current history length, set by the user (or taken by default) from the history
Full user help Whether or not full user help has been set by the user with the terminal full-help
command or by the administrator with the full-help line configuration command.
Allowed Current set transport method, set by the user (or taken by default) from the
transports transport preferred line configuration command.
are...
characters are Current set padding, set by the user (or taken by default) from the padding line
padded configuration command.
data Current dispatch character set by the user (or taken by default) from the dispatch-
dispatching character line configuration command.
characters
Line Definition of the specified line's protocol and address.
output, input Number of output and input packets queued on this line.
packets
Group codes AT group codes.
Misconceptions:
None
Related commands:
clear line

Command:
show memory
Mode:
Router>
Router#
Syntax:
show memory [memory-type] [free] [summary]
Syntax Description:
memory- (Optional) Memory type to display (processor, multibus, io,sram). If type is

type not specified, statistics for all memory types present are displayed.
free (Optional) Displays free memory statistics.
summary (Optional) Displays a summary of memory usage including the size and
number of blocks allocated for each address of the system call that allocated
the block.
Use the show memory EXEC command to show statistics about memory, including memory-free
pool statistics.
The show memory command displays information about memory available after the system image
decompresses and loads.
Examples:
The following is a sample of output from the show memory command:
Router#show memory

Processor B0EE38 5181896 2210036 2971860 2692456 2845368
Processor memory
B0EE38 1056 0 B0F280 1 18F132 List Elements
B0F280 2656 B0EE38 B0FD08 1 18F132 List Headers
B0FD08 2520 B0F280 B10708 1 141384 TTY data
B10708 2000 B0FD08 B10F00 1 14353C TTY Input Buf
B10F00 512 B10708 B11128 1 14356C TTY Output Buf
B11128 2000 B10F00 B11920 1 1A110E Interrupt Stack
B11920 44 B11128 B11974 1 970DE8 *Init*
B11974 1056 B11920 B11DBC 1 18F132 messages
B11DBC 84 B11974 B11E38 1 19ABCE Watched Boolean
B11E38 84 B11DBC B11EB4 1 19ABCE Watched Boolean
B11EB4 84 B11E38 B11F30 1 19ABCE Watched Boolean
B11F30 84 B11EB4 B11FAC 1 19ABCE Watched Boolean
Router#
The following is a sample of output from the show memory free command:
Router#show memory free

Processor B0EE38 5181896 2210076 2971820 2692456 2845368
Processor memory
24 Free list 1
CEB844 32 CEB7A4 CEB88C 0 0 0 96B894 SSE Manager
52 Free list 2
72 Free list 3
76 Free list 4
80 Free list 5
D35ED4 80 D35E30 D35F4C 0 0 D27AE8 96B894 SSE Manager
D27AE8 80 D27A48 D27B60 0 D35ED4 0 22585E SSE Manager
88 Free list 6
100 Free list 7
D0A8F4 100 D0A8B0 D0A980 0 0 0 2258DA SSE Manager
104 Free list 8
B59EF0 108 B59E8C B59F84 0 0 0 2258DA (fragment)
The display of show memory free contains the same types of information as the show memory
display, except that only free memory is displayed, and the information is displayed in order for
each free list.
The first section of the display includes summary statistics about the activities of the system
memory allocator. The table below describes significant fields shown in the first section of the
display.
Table: show memory Field Descriptions—First Section

Field Description
Head Hexadecimal address of the head of the memory allocation chain
Total(b) Sum of used bytes plus free bytes
Used(b) Amount of memory in use
Free(b) Amount of memory not in use
Lowest(b) Smallest amount of free memory since last boot
Largest(b) Size of largest available free block
The second section of the display is a block-by-block listing of memory use.

Table below describes significant fields shown in the second section of the display.
Table: Characteristicsof Each Block of Memory—Second Section
Field Description
Address Hexadecimal block of addresses
Bytes Size of block in bytes
Prev. Address of previous block (should match Address on previous line)
Next Address of next block (should match address on next line)
Ref Reference count for that memory block, indicating how many different processes
are using that block of memory
PrevF Address of previous free block (if free)
NextF Address of next free block (if free)
Alloc Address of the system call that allocated the block

PC
What Name of process that owns the block, or "(fragment)" if the block
is a fragment, or "(coalesced)" if the block was coalesced from
adjacent free blocks
The show memory io command displays the free I/O memory blocks. On the Cisco 4000, this
command quickly shows how much unused I/O memory is available.
The following is a sample of output from the show memory io command:

Router#show memory io

6132DA0 59264 6132664 6141520 0 0 600DDEC 3FCF0 *Packet Buffer*
600DDEC 500 600DA4C 600DFE0 0 6132DA0 600FE68 0
600FE68 376 600FAC8 600FFE0 0 600DDEC 6011D54 0
6011D54 652 60119B4 6011FEO 0 600FE68 6013D54 0
614FCA0 832 614F564 614FFE0 0 601FD54 6177640 0
6177640 2657056 6172E90 0 0 614FCA0 0 0
Total: 2723244
The show memory sram command displays the free SRAM memory blocks. For the Cisco 4000,
this command supports the high-speed static RAM memory pool to make it easier to debug or
diagnose problems with allocation or freeing of such memory.
The following is a sample of output from the show memory sram command:
Router#show memory sram

7AE0 38178 72F0 0 0 0 0 0
Total 38178
The show memory command on the Cisco 4000 includes information about SRAM memory and
I/O memory, and appears as follows:
Router#show memory

Processor 49C724 28719324 1510864 27208460 26511644 15513908
I/O 6000000 4194304 1297088 2897216 2869248 2896812
SRAM 1000 65536 63400 2136 2136 2136

1000 2032 0 17F0 1 3E73E *Init*
17F0 2032 1000 1FE0 1 3E73E *Init*
1FE0 544 17F0 2200 1 3276A *Init*
2200 52 1FE0 2234 1 31D68 *Init*
2234 52 2200 2268 1 31DAA *Init*
2268 52 2234 229C 1 31DF2 *Init*
72F0 2032 6E5C 7AE0 1 3E73E Init
7AE0 38178 72F0 0 0 0 0 0
The show memory summary command displays a summary of all memory pools as well as
memory usage per Alloc PC (address of the system call that allocated the block).
The following is a partial sample output from the show memory summary command. This
command shows the size, blocks, and bytes allocated. Bytes equal the size multiplied by the
blocks. For a description of the other fields, see Table 20 and Table 21.
Router#show memory summary

Processor B0EE38 5181896 2210216 2971680 2692456 2845368
Processor memory
Alloc PC Size Blocks Bytes What
0x2AB2 192 1 192 IDB: Serial Info
0x70EC 92 2 184 Init
0xC916 128 50 6400 RIF Cache
0x76ADE 4500 1 4500 XDI data
0x76E84 4464 1 4464 XDI data
0x76EAC 692 1 692 XDI data
0x77764 408 1 408 Init
0x77776 116 1 116 Init
0x777A2 408 1 408 Init
0x777B2 116 1 116 Init
0xA4600 24 3 72 List
0xD9B5C 52 1 52 SSE Manager
.......................
0x0 0 3413 2072576 Pool Summary
0x0 0 28 2971680 Pool Summary (Free Blocks)
0x0 40 3441 137640 Pool Summary(All Block Headers)
0x0 0 3413 2072576 Memory Summary
0x0 0 28 2971680 Memory Summary (Free Blocks)
Misconceptions:
None
Related commands:
show processes

Command:
show modemcap
Mode:
Router#
Syntax:
show modemcap [modem-name]
Syntax Description:
modem-
name (Optional) The name of the modem (such as Codex_3260).
To display the values set for the current modem, use the show modemcap EXEC command. This
display lists the modems for which the router has entries. To display the attributes associated with
a specific modem, use the show modemcap EXEC command with the optional modem name
argument.
Example:
Router#show modemcap
default
codex_3260
usr_courier
usr_sportster
hayes_optima
global_village
viva
telebit_t3000
microcom_hdms
microcom_server
nec_v34
nec_v110
nec_piafs
cisco_v110
mica
Misconceptions:
None
Related commands:
modemcap entry
modemcap edit

Command:
show processes
Mode:
Router>
Router#
Syntax:
show processes [cpu]
Syntax Description:
cpu (Optional) Displays detailed CPU utilization statistics.
Use the show processes EXEC command to display information about the active processes.
Examples:
The following is a sample of output from the show processes command:
Router#show processes
CPU utilization for five seconds: 21%/0%; one minute: 2%; five minutes: 2%
PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Process
1 Mwe 2FEA4E 1808 464 3896 1796/3000 0 IP-EIGRP Router
2 Lst 11682 10236 109 93908 1828/2000 0 Check heaps
3 Mst 3AE9C 0 280 0 1768/2000 0 Timers
4 Lwe 74AD2 0 12 0 1492/2000 0 ARP Input
5.ME 912E4 0 2 0 1892/2000 0 IPC Zone Manager
6.ME 91264 0 1 0 1936/2000 0 IPC Realm Manager
7.ME 91066 0 30 0 1784/2000 0 IPC Seat Manager
8.ME 133368 0 1 0 1928/2000 0 CXBus hot stall
9.ME 1462EE 0 1 0 1940/2000 0 Microcode load
10 Msi 127538 4 76 52 1608/2000 0 Env Mon
11.ME 160CF4 0 1 0 1932/2000 0 MIP Mailbox
12 Mwe 125D7C 4 280 14 1588/2000 0 SMT input
13 Lwe AFD0E 0 1 0 1772/2000 0 Probe Input
14 Mwe AF662 0 1 0 1784/2000 0 RARP Input
15 Hwe A1F9A 228 549 415 3240/4000 0 IP Input
16 Msa C86A0 0 114 0 1864/2000 0 TCP Timer
17 Lwe CA700 0 1 0 1756/2000 0 TCP Protocols
18.ME CCE7C 0 1 0 1940/2000 0 TCP Listener
19 Mwe AC49E 0 1 0 1592/2000 0 BOOTP Server
20 Mwe 10CD84 24 77 311 1652/2000 0 CDP Protocol
21 Mwe 27BF82 0 2 0 1776/2000 0 ATMSIG Input
The following is a sample of output from the show processes cpu command:
Router#show processes cpu
CPU utilization for five seconds: 5%/2%; one minute: 3%; five minutes: 2%
PID Runtime (ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 1736 58 29931 0% 0% 0% Check heaps
2 68 585 116 1.00% 1.00% 0% IP Input
3 0 744 0 0% 0% 0% TCP Timer
4 0 2 0 0% 0% 0% TCP Protocols
5 0 1 0 0% 0% 0% BOOTP Server
6 16 130 123 0% 0% 0% ARP Input
7 0 1 0 0% 0% 0% Probe Input
8 0 7 0 0% 0% 0% MOP Protocols
9 0 2 0 0% 0% 0% Timers
10 692 64 10812 0% 0% 0% Net Background
11 0 5 0 0% 0% 0% Logger
12 0 38 0 0% 0% 0% BGP Open
13 0 1 0 0% 0% 0% Net Input
14 540 3466 155 0% 0% 0% TTY Background
15 0 1 0 0% 0% 0% BGP I/O
16 5100 1367 3730 0% 0% 0% IGRP Router
17 88 4232 20 0.20% 1.00% 0% BGP Router
18 152 14650 10 0% 0% 0% BGP Scanner
19 224 99 2262 0% 0% 1.00% Exec
The table below describes significant fields shown in the two displays.
Table: show processes Field Descriptions
Field Description
CPU CPU utilization for the last 5 seconds. The second number indicates the percent
utilization of CPU time spent at the interrupt level.
for five
seconds
one minute CPU utilization for the last minute
five minutes CPU utilization for the last 5 minutes
PID Process ID
Q Process queue priority. Possible values: H (high), M (medium), L (low).
Ty Scheduler test. Possible values: * (currently running), E (waiting for an event), S

(ready to run, voluntarily relinquished processor), rd (ready to run, wakeup
conditions have occurred), we (waiting for an event), sa (sleeping until an
absolute time), si (sleeping for a time interval), sp (sleeping for a time interval
(alternate call), st (sleeping until a timer expires), hg (hung; the process will
never execute again), xx dead. (The process has terminated, but not yet been
deleted).
PC Current program counter
Runtime CPU time the process has used, in milliseconds

(ms)
Invoked Number of times the process has been invoked
uSecs Microseconds of CPU time for each process invocation
Stacks Low water mark/Total stack space available, shown in bytes
TTY Terminal that controls the process
Process Name of process
5Sec CPU utilization by task in the last 5 seconds
1Min CPU utilization by task in the last minute
5Min CPU utilization by task in the last 5 minutes
Note Because the network server has a 4-millisecond clock resolution, run times are considered
reliable only after a large number of invocations or a reasonable, measured run time.
Misconceptions:
None
Related commands:
show memory

Command:
show protocols
Mode:
Router>
Router#
Syntax:
show protocols
Syntax Description:
Use the show protocols EXEC command to display the configured protocols.
This command shows the global and interface-specific status of any configured Level 3 protocol;
for example, IP, DECnet, IPX, AppleTalk, and so forth.
Example:
The following is sample output from the show protocols command:
Router#show protocols
Global values:
Internet Protocol routing is enabled
DECNET routing is enabled
XNS routing is enabled
Appletalk routing is enabled
X.25 routing is enabled
Decnet cost is 5
Serial 0 is up, line protocol is up
Decnet cost is 5
Serial 1 is down, line protocol is down
AppleTalk address is 999.1, zone Magnolia Estates
Misconceptions:
This command displays information about routed protocols not routing protocols. For information
about routing protocols, use the show ip protocols command.
Related commands:
show ip protocols

Command:
show queueing
Mode:
Router#
Syntax:
show queueing [custom | fair | priority | red]
Syntax Description:
custom (Optional) Status of the custom queueing list configuration.
fair (Optional) Status of the fair queueing configuration.
priority (Optional) Status of the priority queueing list configuration.
red (Optional) Status of the Weighted Random Early Detection (WRED)

configuration.
To list all or selected configured queueing strategies, use the show queueing privileged EXEC
command.
Examples:
The following is a sample of output from the show queueing custom command:
Router#show queueing custom
List Queue Args

3 10 default
3 3 interface Tunnel3
3 3 protocol ip
3 3 byte-count 444 limit 3
The following is a sample of output from the show queueing command. There are two active
conversations in the serial interface 0. Weighted fair queueing ensures that both of these IP data
streams—both using TCP—receive equal bandwidth on the interface while they have messages in
the pipeline, even though there is more FTP data in the queue than RCP data.
Router#show queueing
Current fair queue configuration:
Interface Discard Dynamic Reserved

threshold queue count queue count
Serial0 64 256 0
Serial1 64 256 0
Serial2 64 256 0
Serial3 64 256 0
Current priority queue configuration:
List Queue Args

1 high protocol cdp
2 medium interface Ethernet1
Current RED queue configuration:
Interface: Ethernet3 Exp-weight-constant: 9

Class Min-th Max-th Mark-prob
0 20 40 1/10
1 22 40 1/10
2 24 40 1/10
3 26 40 1/10
4 28 40 1/10
5 31 40 1/10
6 33 40 1/10
7 35 40 1/10
rsvp 37 40 1/10
Misconceptions:
None
Related commands:
custom-queue-list
fair-queue
priority-group

Command:
show running-config
Mode:
Router#
Syntax:
show running-config
Syntax Description:
Example:
!
version 12.1
!
hostname Router
!
boot system flash
!
!
!
!
!
ip subnet-zero
no ip domain-lookup
!
!
!
!
--More--
Misconceptions:
config.
Related commands:
show startup-config

Command:
show standby
Mode:
Router#
Syntax:
show standby [type number [group]] [brief]
Syntax Description:
type number (Optional) Interface type and number for which output is displayed.
group (Optional) Group number on the interface for which output is displayed.
brief (Optional) A single line of output summarizes each standby group.
To display Hot Standby Router Protocol (HSRP) information, use the show standby EXEC
command.
If you want to specify a group, you must also specify an interface type and number.
Examples:
The following is a sample of output from the show standby command:
Router#show standby
FastEthernet0/0 - Group 0
Local state is Active, priority 100, may preempt
Hellotime 3 holdtime 10
Next hello sent in 0:00:00
Hot standby IP address is 198.92.72.29 configured
Active router is local
Standby router is 198.92.72.21 expires in 0:00:07
Tracking interface states for 2 interfaces, 2 up:
Up FastEthernet0/0
Up Serial0/0
The following is a sample of output from the show standby command with a specific interface and
the brief keyword:
Router#show standby fastethernet0 brief
Interface Grp Prio P State Active addr Standby addr Group addr
Et0 0 100 Standby 171.69.232.33 local 172.19.48.254
The table below describes the fields in the display.
Table: show standby Field Descriptions
Field Description
Ethernet0 - Interface type and number and Hot Standby group number for the
Group 0 interface
Local state is ... State of local router; can be one of the following:
Active—Current Hot Standby router

Standby—Router next in line to be the Hot Standby router
priority Priority value of the router based on the standby priority, standby
preempt command
may preempt Indicates that the router will attempt to assume control as the active
(indicated by P in router if its priority is greater than the current active router
the brief output)
Hellotime Time between hello packets (in seconds), based on the standby timers
command
holdtime Time (in seconds) before other routers declare the active or standby
router to be down, based on the standby timers command
Next hello sent in Time in which the Cisco IOS software will send the next hello packet (in
... hours:minutes:seconds).
Hot Standby IP IP address of the current Hot Standby router. The word "configured"
address is ... indicates that this address is known through the standby ip command.
configured Otherwise, the address was learned dynamically through HSRP hello
packets from other routers that do have the HSRP IP address configured.
Active router is ... Value can be "local" or an IP address. Address of the current active Hot
Standby router
Standby router is Value can be "local" or an IP address. Address of the "standby" router
... (the router that is next in line to be the Hot Standby router)
expires in Time (in hours:minutes:seconds) in which the standby router will no

longer be the standby router if the local router receives no hello packets
from it.
Tracking List of interfaces that are being tracked and their corresponding states.
interface states Based on the standby track command.
for ...
Misconceptions:
None
Related commands:
standby ip
standby timers
standby track

Command:
show startup-config
Mode:
Router#
Syntax:
show startup-config
Syntax Description:
Example:
!
version 12.1
!
hostname Router
!
!
!
!
!
!
ip subnet-zero
!
!
!
!
no ip address
shutdown
--More--
Misconceptions:
Related commands:
show running-config
copy

Command:
show status
Mode:
Router#
Syntax:
show status
Syntax Description:
This command is used to display the status of the BRI channels.
Example:
Router#show status
Misconceptions:
None
Related commands:
show isdn active
show isdn status

Command:
show version
Mode:
Router>
Router#
Syntax:
show version
Syntax Description:
To display the configuration of the system hardware, the software version, the names and sources
of configuration files and the boot images, use the show version EXEC command.
Example:
Router>show version
IOS (tm) 1600 Software (C1600-NY-M), Version 12.1(3), RELEASE SOFTWARE (fc1)
Compiled Wed 05-Jul-00 11:06 by cmong
Image text-base: 0x02005000, data-base: 0x025E3D40
ROM: System Bootstrap, Version 11.1(12)XA, EARLY DEPLOYMENT RELEASE SOFTWARE (f)
ROM: 1600 Software (C1600-RBOOT-R), Version 11.1(12)XA, EARLY DEPLOYMENT RELEAS
Router uptime is 2 days, 5 hours, 33 minutes
System returned to ROM by power-on
System image file is "flash:c1600-ny-mz.121-3.bin"
cisco 1605 (68360) processor (revision C) with 18432K/6144K bytes of memory.
Processor board ID 07708942, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
Basic Rate ISDN software, Version 1.1.2
FastEthernet/IEEE 802.3 interface(s)
1 ISDN Basic Rate interface(s)
U interface for ISDN Basic Rate interface.
--More--
Misconceptions:
None
Related commands:
None

Command:
show authentication
Mode:
Switch> (enable)
Syntax:
show authentication
Syntax Description:
Use the show authentication command to display authentication information.
Example:
This example shows how to display authentication information:
Console>show authentication
Console Session Telnet Session Http Session
Login Authentication:
--------------------- ---------------- --------------- -----------
tacacs disabled disabled disabled

radius disabled disabled disabled
kerberos disabled disabled disabled
local enabled(primary) enabled(primary) enabled(primary)
attempt limit 3 3 -
lockout timeout (sec) 230 seconds 120 seconds 120 seconds
Enable Authentication: Console Session Telnet Session Http Session

---------------------- ----------------- ---------------- ----------------
tacacs disabled disabled disabled
radius disabled disabled disabled
kerberos disabled disabled disabled
local enabled(primary) enabled(primary) enabled(primary)
attempt limit 3 3 -
lockout timeout (sec) disabled 600 seconds 600 seconds
(*) primary
Console>
Misconceptions:
None
Related Commands:
set authentication login

Command:
show cam
Mode:
Switch> (enable)
Syntax:
show cam count {dynamic | static | permanent | system} [vlan]
show cam {dynamic | static | permanent} mod_num/port_num
show cam mac_addr [vlan]
Syntax Description:
count Keyword that displays only the number of CAM entries.
dynamic Keyword that displays dynamic CAM entries.
static Keyword that displays static CAM entries.
permanent Keyword that displays permanent CAM entries.
system Keyword that displays system CAM entries.
vlan (Optional) Variable that specifies the number of the VLAN. If a VLAN is not
specified, all VLANs are displayed.
mod_num Variable that specifies the number of the module.
port_num Variable that specifies the number of the port.
mac_addr MAC address.
Use the show cam command to display the CAM table.
If you display the output associated with the MAC address of an ATM dual PHY OC-12 module,
additional information is displayed, including the VCD, VPI, VCI, and VC type.
If you enter the show cam command on the Catalyst 4000 family switches, the ASE CAM table
entries are displayed.
Example:
This example shows how to display dynamic CAM entries for all VLANs:
Console>show cam dynamic
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry.
VLAN Dest MAC/Route Des Destination Ports or VCs / [Protocol Type]

---- ------------------ ----------------------------------------------------
1 00-60-5c-86-5b-81 4/1 [ALL]
v1 00-60-2f-35-48-17 4/1 [ALL]
1 00-80-24-f3-47-20 1/2 [ALL]
1 00-60-09-78-96-fb 4/1 [ALL]
1 00-80-24-1d-d9-ed 1/2 [ALL]
1 00-80-24-1d-da-01 1/2 [ALL]
1 08-00-20-7a-63-01 4/1 [ALL]
Total Matching CAM Entries Displayed = 7

Console>
This example shows the output associated with the MAC address of an ATM dual PHY OC-12
module, which includes the dynamic CAM entries for all VLANs:
Console>show cam dynamic
VLAN Dest MAC/Route Des Destination Ports or VCs

---- ------------------ ----------------------------------------------------
12 00-14-14-14-14-1c 6/1
12 00-14-14-14-14-1d 6/1
12 00-14-14-14-14-1a 6/1
12 00-14-14-14-14-1b 6/1
12 00-14-14-14-14-18 6/1
12 00-14-14-14-14-19 6/1
12 00-14-14-14-14-16 6/1
12 00-14-14-14-14-17 6/1
12 00-14-14-14-14-14 6/1
12 00-14-14-14-14-15 6/1
6 00-14-14-14-14-16 4/1 VCD:98 VPI:0 VCI:127 Type: LANE Data Direct
6 00-14-14-14-14-1a 4/1 VCD:98 VPI:0 VCI:127 Type: LANE Data Direct
6 00-14-14-14-14-1b 4/1 VCD:98 VPI:0 VCI:127 Type: LANE Data Direct
6 00-14-14-14-14-1c 4/1 VCD:98 VPI:0 VCI:127 Type: LANE Data Direct
6 00-14-14-14-14-1d 4/1 VCD:98 VPI:0 VCI:127 Type: LANE Data Direct
Do you wish to continue y/n [n]? n
Total Matching CAM Entries Displayed = 21

Console>
The table below describes the fields in the ATM dual PHY OC-12 module show cam dynamic
output.
Table: show cam dynamic Command Output Fields
Field Description
VCD VCD of the VC
VPI VPI of the VC
VCI VCI of the VC
Type Type of virtual circuit (LANE Data Direct, LANE bus, or AAL5SNAP PVC)
This example shows routers listed as the CAM entries. If the MAC address belongs to a router, it is
shown by appending an "R" to the MAC address. If a VLAN is specified, then only those CAM
entries matching the VLAN number are displayed.
Console>show cam 00-00-81-01-23-45
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router Entry
Router Watergate with IP address 172.25.55.1 has CAM entries:

VLAN Dest MAC/Route Des Destination Ports or VCs
---- ------------------ ----------------------------------------------------
1 00-00-81-01-23-45R 2/9 [IP]
2 00-00-81-01-23-45R 2/10 [IP]
Total Matching CAM Entries = 2
Console>
Misconceptions:
None
Related Commands:
None

Command:
show cgmp leave
Mode:
Switch> (enable)
Syntax:
show cgmp leave
Syntax Description:
Use the show cgmp leave command to display the status of the CGMP leave feature.
Example:
This example shows how to display the status of the CGMP leave feature:
Console>show cgmp leave
CGMP: enabled
CGMP leave: enabled
CGMP FastLeave: enabled
Console>
Misconceptions:
None
Related Commands:
set cgmp
set cgmp leave

Command:
show cgmp statistics
Mode:
Switch> (enable)
Syntax:
show cgmp statistics [vlan_id]
Syntax Description:
vlan_id (Optional) Variable that specifies the VLAN number for which to display CGMP
statistics.
Use the show cgmp statistics command to display CGMP statistics.
Example:
This example shows how to display CGMP statistics for VLAN 1:
Console>show cgmp statistics 1
CGMP enabled
CGMP statistics for vlan 1:

valid rx pkts received 211915
invalid rx pkts received 0
valid cgmp joins received 211729
valid cgmp leaves received 186
valid igmp leaves received 0
valid igmp queries received 3122
igmp gs queries transmitted 0
igmp leaves transmitted 0
failures to add GDA to EARL 0
topology notifications received 80
number of CGMP packets dropped 2032227
Console>
The following table describes the fields in the show cgmp statistics output:
Table: show cgmp statistics Command Output Fields
Field Description
Valid rx pkts received Number of valid CGMP packets received
Invalid rx pkts received Number of invalid CGMP packets received
valid cgmp joins received Number of CGMP group-specific queries received
valid cgmp leaves received Number of CGMP leaves received
valid igmp leaves received Number of IGMP leaves received
valid igmp queries Number of IGMP reports received

received
igmp gs queries Number of IGMP group specific-equivalent queries transmitted

transmitted by the switch
igmp leaves transmitted Number of IGMP leaves transmitted by the switch
failures to add GDA to Number of times that the switch failed to add a multicast entry
EARL (GDA) to the EARL table
topology notifications Number of topology change notifications received by the

received switch
number of CGMP packets Number of IGMP packets dropped by the switch

dropped
Misconceptions:
None
Related Commands:
set cgmp

Command:
show config
Mode:
Switch> (enable)
Syntax:
show config {system | mod_num} [all]
Syntax Description:
system Keyword that specifies to display system configuration.
all (Optional) Keyword that specifies all modules and system configuration
information, including the IP address.
Use the show config command to display the non-default system configuration.
Examples:
This example shows how to display the nondefault system and module configuration:
Console> (enable) show config
This command shows non-default configurations only.

Use 'show config all' to show both default and non-default configurations.
..........
begin
!
# ***** NON-DEFAULT CONFIGURATION *****
!
!
#Time: Thu Dec 23 1999, 21:56:01
!
#version 5.4(0.52)MIA7-Eng
#System Web Interface Version 5.0(0.25)
!
set editing disable
!
#frame distribution method
set port channel all distribution mac unknown
!
#snmp
set snmp trap 0.0.0.0
set snmp trap 0.0.0.0
!
#kerberos
set kerberos server 0.0.0.0
set kerberos server 0.0.0.0
set kerberos realm
set kerberos realm
!
#vtp
set vtp domain Lab_Network
set vtp v2 enable
set vtp pruning enable
set vlan 1 name default type ethernet mtu 1500 said 100001 state active
set vlan 2 name VLAN0002 type ethernet mtu 1500 said 100002 state active
set vlan 303 name VLAN0303 type fddi mtu 1500 said 100303 state active
set vlan 801 name VLAN0801 type trbrf mtu 4472 said 100801 state active bridge
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state acti
set vlan 1005 name trbrf-default type trbrf mtu 4472 said 101005 state active b
set vlan 802 name VLAN0802 type trcrf mtu 4472 said 100802 state active parent
set vlan 1003 name trcrf-default type trcrf mtu 4472 said 101003 state active p
set vlan 3 translation 303 translation 0
!
#ip
set interface sc0 1 1.10.11.212/255.255.255.0 1.10.11.255
set ip route 0.0.0.0/0.0.0.0 172.20.52.126

set ip route 0.0.0.0/0.0.0.0 172.20.52.125
set ip route 0.0.0.0/0.0.0.0 172.20.52.121
!
#rcp
set rcp username 1
!
#dns
set ip dns server 171.68.10.70 primary
set ip dns server 171.68.10.140
set ip dns enable
set ip dns domain cisco.com
!
#spantree
set spantree fwddelay 4 801

set spantree maxage 10 801
#portfast
set spantree portfast bpdu-guard enable
#vlan 802
set spantree portstate 802 block 801
#vlan 1003
set spantree portstate 1003 block 1005
!
#syslog
set logging server 172.20.101.182
!
#set boot command
set boot config-register 0x100
set boot system flash bootflash:cat6000-sup.5-4-0-52.bin
!
#HTTP commands
set ip http server enable
set ip http port 1922
!
# default port status is disable
!
#mls
set mls nde disable
!
#qos
set qos enable
set qos map 1q4t 1 1 cos 2
!
#Accounting
set accounting commands enable config stop-only tacacs+
!
# default port status is enable

!
#module 1 : 2-port 1000BaseX Supervisor

!
#module 2 empty
!
#module 3 : 48-port 10/100BaseTX (RJ-45)
set spantree portfast 3/8 enable
!
#module 4 empty
!
#module 5 : 48-port 10/100BaseTX (RJ-45)
!
#module 6 empty
!
set vlan 100 6/1
set spantree portcost 6/1 200
!
#module 7 : 24-port 10/100BaseTX Ethernet
set vlan 5 7/5
set vlan 100 7/23
set vlan 200 7/9
set port disable 7/5
set port name 7/9 1528 Hub

set port security 7/10 enable
set port security 7/10 maximum 200
set port security 7/10 00-11-22-33-44-55
set port security 7/10 violation restrict
set port security 7/10 age 30
set trunk 7/1 desirable isl 1-1005
set trunk 7/10 off negotiate 1-1005
set trunk 7/23 on isl 1-1005
set spantree portcost 7/23 150
set spantree portvlancost 7/23 cost 50 100
!
#module 8 empty
!
#module 9 empty
!
#module 15 empty
!
#module 16 empty
end
Console>
This example shows how to display default and nondefault configuration information:
Console> show config all
begin
!
# ***** ALL (DEFAULT and NON-DEFAULT) CONFIGURATION *****
!
#Current Time: Thu Dec 23 1999, 14:01:24
!
#version 5.4(0.52)
!
set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set prompt Console>
set length 24 default
set logout 20
set banner motd ^C^C
!
#system
set system baud 9600
set system modem disable
set system name
set system location
set system contact
!
... <truncated display>
#gvrp
set gvrp dynamic-vlan-creation disable
set gvrp disable
end
console>
This example shows how to display nondefault system configuration information:

Console> show config system
begin
!
!
!
#version 5.4(0.52)
!
!
#set boot command
set boot config-register 0x2
set boot system flash bootflash:kk1
end
Console>
This example shows how to display all system default and nondefault configuration information:
Console> show config system all
begin
!
#system
set system name
set system location
set system contact
!
end
Console>
This example shows how to display nondefault configuration information for module 1:
Console> show config 1
..............
begin
!
!
!
!
#version 5.4(0.52)
!
!
#module 1 : 4-port 10/100BaseTX Supervisor
!
end
Console>
This example shows how to display default and nondefault configuration information for
module 1:
Console> show config 1 all
begin
!
#module 1 : 4-port 10/100BaseTX Supervisor
set module name 1
set vlan 1 1/1-4
set port channel 1/1-4 off
set port flowcontrol 1/1-4 receive on
set cdp enable 1/1-4
set trunk 1/1 auto negotiate 1-1005
set trunk 1/4 auto negotiate 1-1005
set spantree portfast 1/1-4 disable
set spantree portvlancost 1/4 cost 99
set port gvrp 1/1-4 disable
set gvrp registration normal 1/1-4
set gvrp applicant normal 1/1-4
set port gmrp 1/1-4 enable
set gmrp registration normal 1/1-4
set gmrp fwdall disable 1/1-4
!
end
Console>
Misconceptions:
By default, this command shows only nondefault configurations. To view the
entire configuration, use the keyword all.
Related Commands:
None

Command:
show interface
Mode:
Switch> (enable)
Syntax:
show interface
show interface trap
Syntax Description:
trap Keyword that displays the trap interface
Use the show interface command to display information about network interfaces and standard
SNMP link trap operation.
Example:
This example shows how to display information on all network interfaces:
Console> show interface
sl0: flags=50<DOWN,POINTOPOINT,RUNNING>
slip 0.0.0.0 dest 0.0.0.0
sc0: flags=63<UP,BROADCAST,RUNNING>
vlan 100 inet 172.20.52.37 netmask 255.255.255.248 broadcast 172.20.52.39
me1: flags=62<DOWN,BROADCAST,RUNNING>
inet 172.20.52.37 netmask 255.255.255.224 broadcast 172.20.52.63
Console>
This example shows how to display whether the trap interface is enabled or
disabled:
Console> (enable) show interface trap
Interface Trap
-------- ----
sc0 enabled
me1 disabled
sl0 disabled
Console> (enable)
The table below describes the fields in the show interface command output:
Table: show interface Command Output Fields
Field Description
me1 Information on the me1 interface
flags Flags indicating the interface state (decoded in the subsequent

field).
<UP,BROADCAST, Interface state (UP, DOWN, BROADCAST, LOOPBACK,

RUNNING> POINTOPOINT, or RUNNING)
inet IP address of the interface
netmask Network mask for the interface
broadcast Broadcast address for the interface
sl0 Information on the SLIP interface
<UP,POINTOPOINT, Interface state (UP, DOWN, BROADCAST, LOOPBACK,

RUNNING> POINTOPOINT, or RUNNING)
slip IP address of the SLIP interface
dest IP address of the host to which the console port will be

connected
sc0 Information on the in-band interface
vlan Number of the VLAN to which the sc0 interface has been
assigned (known as the management VLAN)
Interface Type of interface

Trap Status of whether the trap is enabled or disabled
Misconceptions:
None
Related commands:
set interface

Command:
show mls
Mode:
Switch> (enable)
Syntax:
show mls
show mls rp {ip_addr} [noalias]
show mls entry {[destination {ip_addr_spec}] [source
{ip_addr_spec}] | [flow {protocol} {src_port [port_num]}
{dst_port}]} [rp {ip_addr}]
show mls include
show mls nde
Syntax Description:
rp Keyword used to specify a route processor the MLS entry will be displayed.
ip_addr Route-processor IP address, or route-processor name if DNS is used.
noalias (Optional) Keyword used to specify all route processors are present in IP format,
rather than their names.
entry Keyword used to specify the MLS packet entry.
destination (Optional) Keyword used to specify the destination IP address.
ip_addr_spec (Optional) Full IP address or a subnet address in the following formats:
ip_subnet_addr,ip_addr/subnet_mask, ip_addr/#subnet_mask_bits.
source (Optional) Keyword used to specify the source IP address.
flow (Optional) Keyword used to specify additional flow information (protocol family
and protocol port pair) to be matched.
protocol (Optional) Keyword used to specify flow information; valid values include:tcp,
udp, icmp, or a decimal number for other protocol families.
src_port (Optional) Source port IP address; used with port_num to specify the port pair if
protocol is tcp or udp.
port_num (Optional) TCP/UDP port number (decimal); used with src_num to specify the port
pair if protocol is tcp or udp.
dst_port (Optional) Destination port IP address.
include Keyword used to display all route processors currently included to run multilayer
switching.
nde Keyword used to display NDE information.
Use the show mls command set to display Multilayer Switching Layer 3 packet information in the
multilayer switching-based Catalyst 5000 series switch.
If you are entering any of the show mls commands on a Catalyst 5000 series switch without MLS,
the following warning message is displayed:
MLS not supported on feature card.
If you enter the show mls commands with no arguments, general MLS information and all MLS-
RP information is displayed.
If DNS is disabled, no name can be specified or shown. If noalias is specified, all route-processors
are present in IP format, rather than their names if DNS is enabled.
A value 0 for src_port and dst_port means "don't care."
Use the following syntax to specify an IP subnet address:
ip_subnet_addr—This is the short subnet address format. The trailing decimal number 00 in
an IP address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example,
172.22.36.00 indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0),
and 173.24.00.00 indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0).
However, this format can only identify a subnet address with a length of 8, 16, or 24 bits.
ip_addr/subnet_mask—This is the long subnet address format. For example,
172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a
subnet address of any bit number. To provide more flexibility, the ip_addr is allowed to be a
full host address, such as 172.22.253.1/255.255.252.00.
ip_addr/maskbits—This is the simplified long subnet address format. The mask bits specifies
the number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit
subnet address. The ip_addr is allowed to be a full host address, such as 172.22.254.1/22,
which has the same subnet address as 172.22.252.00/22.
When you enter the show mls entry command, the keyword destination option specifies the
entries matching this destination IP address specification. The keyword source option specifies the
entries matching this source IP address specification. An ip_addr_spec can be a full IP address or a
subnet address. If you do not specify a keyword, it is treated as a wildcard, and all entries are
displayed.
Examples:
These examples show how to use the show mls command set:
Console>(enable) show mls
Multilayer switching enabled
Multilayer switching aging time = 1800 seconds
Multilayer switching fast aging time = 0 seconds, packet threshold = 1
Destination flow
Total packets switched = 101892
Active entries = 2153
Netflow data export enabled
Netflow data export configured for port 8010 on host 10.0.2.15
Total packets exported = 20
MLS-RP IP MLS-RP ID Xtag MLS-RP MAC-Vlans

-------------- ------------------- ------ -------------------------------
172.20.25.2 0000808cece0 2 00-00-80-8c-ec-e0 1-20
00-00-80-8c-ec-e1 21-30
00-00-80-8c-ec-e2 31-40
00-00-80-8c-ec-e3 41-50
00-00-80-8c-ec-e4 51-60
172.20.27.1 0000808c1214 3 00-00-80-8c-12-14 1-20,31-40

00-00-80-8c-12-15 21-30
00-00-80-8c-12-16 41-50
Console>(enable)
Console>(enable) show mls entry rp 172.20.27.1
Destination IP Source IP Pr DstPt SrcPt Destination Mac Vlan Po

-------------- ------------ ---- ------- ------ ---------------------- ---- --
MLS-RP 172.20.27.1:
172.20.22.16 172.20.27.139 TCP DNS DNS 00-60-70-6c-fc-24 4 2/
172.20.21.17 172.20.27.138 TCP 7001 7003 00-60-70-6c-fc-25 3 2/
Console>
Console> show mls entry
Destination IP Source IP Pr DstPt SrcPt Destination Mac Vlan Port

-------------- ------------ ---- ------- ------ ---------------------- ---- ----
MLS-RP 172.20.25.1:
172.20.22.14 172.20.25.10 UDP 80 50648 00-60-70-6c-fc-22 4 2/1
MLS-RP 172.20.26.1:
172.20.20.15 172.20.25.148 UDP 50650 80 00-60-70-6c-fc-23 2 2/2
MLS-RP 172.20.27.1:
172.20.22.16 172.20.27.139 TCP DNS DNS 00-60-70-6c-fc-24 4 2/3
172.20.21.17 172.20.27.138 TCP 7001 7003 00-60-70-6c-fc-25 3 2/4
Console>
Console>(enable) show mls entry destination 172.20.22.14/24

-------------- ------------ ---- ------- ------ ---------------------- ---- ----
MLS-RP 172.20.25.1:
172.20.22.14 172.20.25.10 UDP 80 50648 00-60-70-6c-fc-22 4 2/
MLS-RP 172.20.27.1:
172.20.22.16 172.20.27.139 TCP DNS DNS 00-60-70-6c-fc-24 4 2/
Console>
Console>(enable) show mls entry rp 172.20.27.1

-------------- ------------ ---- ------- ------ ---------------------- ---- ----
MLS-RP 172.20.27.1:
172.20.22.16 172.20.27.139 TCP DNS NS 00-60-70-6c-fc-24 4 2/3
172.20.21.17 172.20.27.138 TCP 7001 7003 00-60-70-6c-fc-25 3 2/4
Console>
Console>(enable) show mls include
Included MLS-RP
---------------------------------------
170.67.2.13
170.67.2.12
Console>(enable)
Console>(enable) show mls nde
Netflow data export enabled.

Netflow data export configured for UDP port 1098 on host 172.20.15.1
Source filter is 171.69.194.140/255.255.255.0
Destination port filter is 23
Total Netflow Data Export packets = 26784
Console>(enable)
Misconceptions:
None
Related commands:
set mls
clear mls

Command:
show module
Mode:
Switch> (enable)
Syntax:
show module [mod_num]
Syntax Description:
mod_num (Optional) Variable that specifies the number of the module. If a module number
is not specified, all modules are displayed.
Use the show module command to display module status and information.
If you remove a module and replace it with a different type module, a message appears in the show
module display that states that the module configuration is inconsistent with the current module
type. To clear the message, you can either enter the clear config mod_num command for the
module or set different parameters for the new module.
For Catalyst 4000 family switches, the show module command displays the supervisor engine as
having "1" slot.
For Catalyst 4000 family switches, in the show module command display, the combination of the
32-port module (WS-X4502) and 4-port 100FX card results in an entry that reads 36 ports. If the
uplink card is not installed, only ports 1 to 32 are listed.
Although me1 resides on the supervisor engine module for the Catalyst 4000 family switches, me1
port information is not displayed by the show module or show port commands.
Examples:
This example shows how to display status and information for module 3:
Console> show module 3
Mod Slot Ports Module-Type Model Sub Status
--- ---- ----- ------------------------- ------------------- --- --------
3 3 9 Gigabit Ethernet WS-X5410 no ok
Mod Module-Name Serial-Num
--- ------------------- --------------------
3 00007285650
Mod MAC-Address(es) Hw Fw Sw
--- -------------------------------------- ------ ---------- -----------------
3 00-e0-1e-38-48-cc to 00-e0-1e-38-48-d7 0.2 4.1(0.53-E 5.1(0.59))
Console>
This example shows how to display status and information for the Catalyst 4000 family switch:
Console> show module
Mod Slot Ports Module-Type Model Sub Status

--- ---- ----- ------------------------- ------------------- --- --------
1 1 0 Switching Supervisor WS-X4012 yes ok
2 2 6 1000BaseX Ethernet Ext WS-X4306
3 3 6 1000BaseX Ethernet WS-X4306 no ok
Mod Module-Name Serial-Num
--- ------------------- --------------------
1 JAB023806JR
2 JAB0240004D
3 JAB024000YY
Mod MAC-Address(es) Hw Fw Sw
--- -------------------------------------- ------ ---------- -----------------
1 00-10-7b-f8-03-00 to 00-10-7b-f8-06-ff 0.1 4.4(0.14) 5.1(0.57)
2 00-10-7b-f6-b1-a8 to 00-10-7b-f6-b1-ad 0.2
3 00-10-7b-f6-b2-1a to 00-10-7b-f6-b2-1f 0.2
Console>
The table below describes the possible fields in the show module command output.
Table: show module Command Output Fields
Field Description
Mod Module number
Slot Slot number
Module-Name Name of the module (if configured)
Ports Number of ports on the module
Module-Type Module type (such as 10BASE-T Ethernet or Token Ring)
Model Model number of the module
Serial-Num Serial number of the module
Status Status of the module. Possible status strings are ok, disable, faulty, other,
standby, and error.
MAC- MAC address or MAC address range for the module. Token Ring module
Address(es) MAC addresses appear in noncanonical format.
Hw Hardware version of the module1
Fw Firmware version of the module2
Sw Software version on the module
SMT User- User-data string defined for the FDDI module

Data
T-Notify T-Notify timer value configured for the FDDI module
CF-St Configuration management state of the FDDI module

ECM-St Entity Coordination Management state of the FDDI module
Bypass Status of whether an optical bypass switch is present
Sub-Type3 Submodule type
Sub-Model3 Model number of the submodule
Sub-Serial3 Serial number of the submodule
Sub-Hw3 Hardware version of the submodule
1Hw for the supervisor engine module displays the supervisor engine module's EARL hardware
version.
2Fw for the supervisor engine module displays the supervisor engine module's boot version.
3This field displays EARL information; this field is dd on the Catalyst 4000 family and
Catalyst 2948G switches.
Misconceptions:
None
Related Commands:
None

Command:
show multicast group
Mode:
Switch> (enable)
Syntax:
show multicast group [mac_addr] [vlan_id]
Syntax Description:
mac_addr (Optional) Destination MAC address.
vlan_id (Optional) Variable that specifies the number of the VLAN.
Use the show multicast group command to display the multicast group configuration.
Examples:
This example shows how to display the multicast group configuration for VLAN 1:
Console> show multicast group 1
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
---- ----------------- ----- ----------------------------------
1 01-00-5e-00-01-28* 3/1,12/9
1 01-00-5e-63-7f-6f* 3/1,12/5,12/9
Total Number of Entries = 2
Console>
This example shows how to display the multicast group configuration for a specific MAC address
on VLAN 5:
Console> show multicast group 01-00-5E-00-00-5C 5
VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol Type]
---- ----------------- ----- ----------------------------------
5 01-00-5E-00-00-5C 3/1, 3/9
Total Number of Entries = 1
Console>
The table below describes the fields in the show multicast group command output.
Table:show multicast group Command Output Fields
Field Description
VLAN VLAN number
Dest MAC/Route Group destination MAC address

Des
* Status of whether the port was configured manually as a multicast

router port
CoS CoS value
Destination Ports List of all the ports that belong to this multicast group. Traffic destined
or VCs to this group address will be forwarded on all these ports.
Total Number of Total number of entries in the multicast group table that match the
Entries criteria specified by the command.
Misconceptions:
None
Related commands:
set cgmp

Command:
show port
Mode:
Switch> (enable)
Syntax:
show port [mod[/port]]
Syntax Description:
mod (Optional) Variable that specifies the number of the module.
port (Optional) Variable that specifies the number of the port on the module.
Use the show port command to display port status and counters.
If you do not specify a mod, the ports on all modules are shown.
If you do not specify a port, all the ports on the module are shown.
In the Status field for the switch ports, the following applies:
connected indicates the port is operational.
Note connected is also displayed for the status of a port that is receiving remote fault
indications. Remote fault indications are not sent until the link comes up and both ends
can hear each other. This means that the link is up and working correctly. According to
the 802.3z Gigabit Ethernet Specification, a link partner is not allowed to send remote
fault indications until after the link comes up successfully.
notconnect indicates the port is off or there is no GBIC in port.

faulty indicates the port failed diagnostics tests.
remfault indicates the far end station cannot synchronize with its receive signal.
disable indicates the port has been manually disabled.
remdisable indicates the far end port has been manually disabled.
configerr indicates that this port is not satisfied with the output of flow control and or duplex
negotiation.
remcfgerr indicates that the far end port is not satisfied with the output of flow control and or
duplex negotiation.
disagree indicates that the two ports have failed to agree on a duplex condition or that
autonegotiation has failed.
In the show port command display, the combination of the 32-port module (WS-X4502) and 4-
port 100FX card results in an entry that lists 36 ports. If the uplink card is not installed, only ports
1 through 32 are listed.
Although me1 resides on the supervisor engine module for the Catalyst 4000 family switches, me1
port information is not displayed by the show module or show port CLI commands.
Example:
This example shows how to display the status and counters for ports on module2:
Console> show port 2
Port Name Status Vlan Level Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
2/1 connected 1 normal full 1000 1000BaseSX
2/2 connected 1 normal full 1000 1000BaseSX
2/3 notconnect 1 normal full 1000 No GBIC
2/34 reflector rspan-2 normal a-full a-100 10/100BaseTX
Port Security Secure-Src-Addr Last-Src-Addr Shutdown Trap IfIndex
----- -------- ----------------- ----------------- -------- -------- -------
2/1 disabled No disabled 90

Port Send FlowControl Receive FlowControl RxPause TxPause Unsupported
admin oper admin oper opcodes
----- -------- -------- -------- -------- ------- ------- -----------
2/1 desired off off off 0 0 0
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
----- ---------- ---------- ---------- ---------- ---------
2/1 - 0 1 0 0
2/2 - 8 2 8 0
2/3 - 0 0 0 0
2/4 - 0 0 0 0
2/5 - 0 0 0 0
2/6 - 0 0 0 0
Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants
----- ---------- ---------- ---------- ---------- --------- --------- ---------
2/1 0 0 0 0 1 0 0
2/2 0 0 0 0 1 0 0
2/3 0 0 0 0 0 0 0
2/4 0 0 0 0 0 0 0
2/5 0 0 0 0 0 0 0
2/6 0 0 0 0 0 0 0
Last-Time-Cleared
--------------------------
Fri Apr 9 1999, 18:54:17
Console>
The table below describes the possible fields (depending on the port type queried) in
the show port command output.
Table: show port Command

Output Fields
Field Description
Port Module and port number.
Name Name (if configured) of the port.
Status Status of the port. For the Catalyst 4000 family and Catalyst 2948G
switches, possible displays are connected, notconnect, faulty, remfault,
disable, remdisable, configerr, remcfgerr, reflector, and disagree.
Vlan VLANs to which the port belongs.
Duplex Duplex setting for the port (auto, full, fdx, half, hdx, a-half, a-hdx, a-full, or
a-fdx).
Speed Speed setting for the port Valid values are auto, 10,100, 155, a-10, a-100,4,
16, a-14,or a-16.
Type1 Port type, for example, 100BASE-FX MM, 100BASE-FX SM,

10/100BASE-TX.
Security Status of whether port security is enabled or disabled.
Secure-Src- Secure MAC address for the security enabled port.

Addr
Last-Src-Addr Source MAC address of the last packet received by the port.
Shutdown Status of whether the port was shut down because of security.
Trap Status of whether port trap is enabled or disabled.

IfIndex Number of the ifIndex.
Broadcast- Broadcast threshold configured for the port.

Limit
Broadcast- Number of broadcast/multicast packets dropped because the broadcast limit

Drop for the port was exceeded.
Send admin Flow-control administration. Possible settings: on indicates the local port
sends flow control to the far end; off indicates the local port does not send
flow control to the far end; desired indicates the local end sends flow
control to the far end if the far end supports it.
FlowControl Flow-control operation. Possible setting: disagree indicates the two ports
oper could not agree on a link protocol.
Receive admin Flow-control administration. Possible settings: on indicates the local port
requires the far end to send flow control; off indicates the local port does
not allow the far end to send flow control; desired indicates the local end
allows the far end to send flow control.
FlowControl Flow-control operation. Possible setting: disagree indicates the two ports
oper could not agree on a link protocol.
RxPause Number of Pause frames received.
TxPause Number of Pause frames transmitted.
Unsupported Number of unsupported operating codes.

Opcodes
Align-Err Number of frames with alignment errors (frames that do not end with an
even number of octets and have a bad CRC) received on the port.
FCS-Err The number of valid size frames with FCS errors but no framing errors
Xmit-Err Number of transmit errors that occurred on the port (indicating that the
internal transmit buffer is full)
Rcv-Err Number of receive errors that occurred on the port (indicating that the
internal receive buffer is full)
UnderSize Number of received frames less than 64 octets long (but are otherwise well-
formed)
Single-Col Number of times one collision occurred before the port transmitted a frame
to the media successfully
Multi-Coll Number of times multiple collisions occurred before the port transmitted a
frame to the media successfully
Late-Coll Number of late collisions (collisions outside the collision domain)
Excess-Col Number of excessive collisions that occurred on the port (indicating that a
frame encountered 16 collisions and was discarded)
Carri-Sen Number of times the port sensed a carrier (to determine whether the cable is
currently being used)
Runts Number of received runt frames (frames that are smaller than the minimum
IEEE 802.3 frame size) on the port
Giants Number of received giant frames (frames that exceed the maximum IEEE
802.3 frame size) on the port
Last-Time- Last time the port counters were cleared

Cleared
Auto-Part The number of times the port entered the auto-partition state due to
excessive consecutive collisions
Data-rate The number of valid size frames experienced overrun or underrun

mismatch
Src-addr The number of times the last source address changed

change
Good-bytes The total number of octets in frames with no error
Short-event The number of times activity with a duration less than the ShortEventMax
Time (74 to 82 bit times) is detected
1These fields will change according to the system configuration.
Misconceptions:
None
Related commands:
None

Command:
show port capabilities
Mode:
Switch> (enable)
Syntax:
show port capabilities [mod_num[/port_num]]
Syntax Description:
mod_num (Optional) Variable that specifies the number of the module.
/port_num (Optional) Variable that specifies the number of the port on the module.
Use the show port capabilities command to display the capabilities of the modules and ports in a
switch.
Example:
This example shows how to show the port capabilities for module 1, port 1:
Console> (enable) show port capabilities 1/1
Model WS-X5530
Port 1/1
Type 10/100BaseTX
Speed auto,10,100
Duplex half,full
Trunk encap type 802.1Q,ISL
Trunk mode on,off,desirable,auto,nonegotiate
Channel 1/1-2,1/1-4
Broadcast suppression percentage(0-100)
Flow control receive-(off,on),send-(off,on)
Security yes
Membership static,dynamic
Fast start yes
QOS scheduling rx-(none),tx-(none)
CoS rewrite yes
ToS rewrite IP-Precedence
Rewrite yes
UDLD Capable
Voice vlan no
Table below describes the possible fields (depending on the type of port queried) and the values in
the show port capabilities command output.
Table: show port capabilities Command Output Fields
Field Description
Model Module model number
Port Module number and port number
Type1 Port type (for example, 100BASE-FX MM, 100BASE-FX SM, or

10/100BASE-TX)
Speed1 Port speed setting (for example, auto, 100, or 1000)
Duplex Duplex mode (half, full, auto, fdx, hdx, or no)
Trunk encap Trunk encapsulation type (ISL, 802.1Q, 802.10, or no)

type
Trunk mode Trunk administrative status of the port (on, off, auto, desirable, nonegotiate,
or no)
Channel Status of which ports can form a channel group. The ports are shown in
mod_num/port_num format. For example, 3/1-2 indicates module 3, ports 1
and 2. In addition, any ports in range [mod/1-mod/high_port] or no ports
may be indicated.
Broadcast Number of packets-per-second (pps) of broadcast/multicast traffic allowed

suppression on the port (0 to 150000) or the percentage of total available bandwidth that
can be used by broadcast/multicast traffic (0 to 100).
Flow control Flow-control options that can be set (receive-[off, on, desired], send-[off,
on, desired], or no)
Security Status of whether port security is enabled (yes or no)
Membership Method of membership assignment of a port or range of ports to a VLAN

(static or dynamic)
Fast Start Status of whether the spanning tree port fast-start feature on the port is
enabled (yes or no)
QoS (rx-(none),tx-(none))
Scheduling
CoS Rewrite Status of whether the port supports COS rewrite (yes or no)
ToS Rewrite Status of whether the port supports TOS rewrite (IP-Precedence)
Rewrite Status of whether the port supports inline rewrite (yes or no)
UDLD Status of whether the port supports UDLD (Capable, Not capable)
Voice Vlan Status of whether the port supports voice or VLAN (yes or no)
1These fields will change depending on the system configuration.
Misconceptions:
If you do not specify a mod_num, the ports on all modules are shown.
If you do not specify a /port_num, all the ports on the module are
shown.
Related Commands:
None

Command:
show spantree
Mode:
Switch> (enable)
Syntax:
show spantree [vlan | mod/port] [active]
Syntax Description:
vlan (Optional) Variable that specifies the number of the VLAN.
mod/port (Optional) Variable that specifies the number of the module and the port on the
module.
active (Optional) Keyword that displays only the active ports.
Use the show spantree command to display spanning tree information for a VLAN. If the VLAN
number is not specified, the default is VLAN 1.
Examples:
This example shows how to display the spanning tree configuration for VLAN 64:
Console> show spantree 64
VLAN 64
Spanning tree enabled
Designated Root 00-10-79-57-88-00

Designated Root Priority 8191
Designated Root Cost 3061
Designated Root Port 6/48
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
Bridge ID MAC ADDR 00-50-3e-8f-8c-00

Bridge ID Priority 4160 (bridge priority: 4096, sys ID ext: 64)
Bridge Max Age 6 sec Hello Time 2 sec Forward Delay 4 sec
Port,Vlan Vlan Port-State Cost Priority Fast-Start Group-method
--------- ---- ------------- ----- -------- ---------- ------------
1003 1005 inactive 80 32 disabled
Console>
This example shows how to display only the active ports:

Console> show spantree active
VLAN 1
Spanning tree enabled
Spanning tree type ieee
Designated Root 00-60-70-4c-70-00

Designated Root Priority 32768
Designated Root Cost 19
Designated Root Port 1/1
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
Bridge ID MAC ADDR 00-e0-1e-9b-2e-00

Bridge ID Priority 32768
Bridge Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec
Port Vlan Port-State Cost Priority Fast-Start Group-Method

--------- ---- ------------- ----- -------- ---------- ------------
1/1 1 forwarding 19 32 disabled
3/1-2 1 forwarding 19 32 disabled redundancy
The table below describes the possible fields in the show spantree command output.
Table: show spantree Command Output Fields
Field Description
VLAN VLAN for which spanning tree information is shown
Spanning tree Status of whether Spanning Tree Protocol is enabled or disabled
Designated Root MAC address of the designated spanning tree root bridge
Designated Root Priority of the designated root bridge

Priority
Designated Root Total path cost to reach the root

Cost
Designated Root Port through which the root bridge can be reached (shown only on
Port nonroot bridges)
Root Max Age Amount of time a BPDU packet should be considered valid
Hello Time Number of times the root bridge sends BPDUs
Forward Delay Amount of time the port spends in listening or learning mode
Bridge ID MAC Bridge MAC address

ADDR
Bridge ID Bridge priority

Priority
Bridge Max Age Bridge maximum age
Hello Time Amount of time the bridge sends BPDUs
Forward Delay Amount of time the bridge spends in listening or learning mode
Port Port number
Vlan VLAN to which the port belongs
Port-State Spanning tree port state (disabled, inactive, not-connected, blocking,

listening, learning, forwarding, bridging, or type-pvid-inconsistent)
Cost Cost associated with the port
Priority Priority associated with the port
Fast-Start Status of whether the port is configured to use the fast-start feature
Group-Method How the multiple ports are treated (redundancy=dual PHY and FDDI;
repeater=RSM; channel=Fast EtherChannel)
Misconceptions:
None
Related commands:
set spantree backbonefast
set spantree disable
set spantree enable
set spantree fwddelay
set spantree hello
set spantree maxage
set spantree portcost
set spantree portfast
set spantree portpri
set spantree portvlancost
set spantree portvlanpri
set spantree root
set spantree uplinkfast
show spantree backbonefast

Command:
Mode:
Switch> (enable)
Syntax:
Syntax Description:
Use the show spantree backbonefast command to display whether the spanning tree Backbone
Fast Convergence feature is enabled.
Example:
This example shows how to display whether the spanning tree Backbone Fast Convergence feature
is enabled:
Console> show spantree backbonefast
Backbonefast is enabled.
Console>
Misconceptions:
None
Related commands:

Command:
show trunk
Mode:
Switch> (enable)
Syntax:
show trunk [mod_num[/port_num]] [detail]
Syntax Description:
mod_num (Optional) Variable that specifies the number of the module.
/port_num (Optional) Variable that specifies the number of the port.
detail (Optional) Keyword that displays detailed information about the specified trunk
port.
Use the show trunk command to display trunking information for the switch.
Using the show trunk command without a module or port number displays the actively trunking
ports.
To display the trunking configuration for a port that is not actively trunking, specify the
module and port number of the port you want to display.
Examples:
This example shows how to display trunking information for the switch:
Console> (enable) show trunk
* - indicates vtp domain mismatch
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
2/1 auto dot1q trunking 1
4/9 auto isl trunking 1
4/10 desirable isl trunking 1
Port Vlans allowed on trunk

-------- ---------------------------------------------------------------------
2/1 1-1005
4/9 1-1005
4/10 1-1005
Port Vlans allowed and active in management domain
-------- ---------------------------------------------------------------------
2/1 1-5,10,50,152,500,521-524,570
4/9 1,4-5,1003,1005
4/10 1,4-5,1003,1005
Port Vlans in spanning tree forwarding state and not pruned

-------- ---------------------------------------------------------------------
2/1 1-5,10,50,152,500,521-524,570
4/9 1005
4/10 1005
Console> (enable)
This example shows how to display trunking information for a specific port:
Console> (enable) show trunk 4/5
* - indicates vtp domain mismatch
Port Mode Encapsulation Status Native vlan

-------- ----------- ------------- ------------ -----------
4/5 nonegotiate dot1q trunking 1
Port Vlans allowed on trunk

-------- ---------------------------------------------------------------------
4/5 1-1005
Port Vlans allowed and active in management domain

-------- ---------------------------------------------------------------------
4/5 1-3,1003,1005
Port Vlans in spanning tree forwarding state and not pruned

-------- ---------------------------------------------------------------------
4/5 1005
Console> (enable)
The table below describes the fields in the show trunk command output.
Table: show trunk Command Output Fields

Field Description
Port Module and port numbers
Mode Trunk administrative status of the port (on, off, auto, or desirable)
Encapsulation Trunking type configured by administration
Status Status of whether the port is trunking or nontrunking
Native VLAN Number of the native VLAN for the trunk link (for 802.1Q trunks,
the VLAN for which untagged traffic can be transmitted and
received over the trunk; for ISL trunks, packets are tagged on all
VLANs, including the native VLAN).
Vlans allowed on trunk Range of VLANs allowed to go on the trunk (default is 1 to 1000)
Vlans allowed and Range of active VLANs within the allowed range
active in management
domain
Vlans in spanning tree Range of VLANs that actually go on the trunk with Spanning Tree
forwarding state and Protocol forwarding state
not pruned
Misconceptions:
None
Related commands:
set trunk
clear trunk

Command:
show vlan
Mode:
Switch> (enable)
Syntax:
show vlan [trunk]
show vlan vlan [notrunk]
show vlan mapping
show vlan type
Syntax Description:
trunk (Optional) Keyword that specifies to force the display to show information only
on trunk ports.
vlan Variable that specifies the number of the VLAN. If the VLAN number is not
specified, all VLANs are displayed.
notrunk (Optional) Keyword that specifies to force the display to show information only
on nontrunk ports.
mapping Keyword to display VLAN mapping table information.
type Variable that specifies the type of VLAN. Valid values are Ethernet, FDDI, and
FDDInet.
Use the show vlan command to display VLAN information. Each Ethernet switch port and
Ethernet repeater group belong to only one VLAN. Trunk, FDDI/CDDI, and ATM ports can exist
on multiple VLANs.
Examples:
This example shows how to display information for all VLANs:
Console> show vlan
VLAN Name Status IfIndex Mod/Ports, Vlans

---- -------------------------------- --------- ------- ------------------------
1 default active 5 1/2
6/1-48
7/2-24
2 VLAN0002 active 339
801 VLAN0801 active 338 338 802
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
901 enet 100901 1500 - - - - - 0 0
999 trbrf 100999 4472 - - 0xe ieee - 0 0
1002 fddi 101002 1500 - 0x0 - - - 0 0
1003 trcrf 101003 1500 0 0x0 - - - 0 0
1004 fdnet 101004 1500 - - 0x0 ieee - 0 0
1005 trbrf 101005 1500 - - 0x0 ibm - 0 0
VLAN AREHops STEHops Backup CRF

---- ------- ------- ----------
1003 7 7 off
Console>
This example shows how to display information for all VLAN trunks:
Console> show vlan trunk

---- -------------------------------- --------- ------- ------------------------
1 default active 5 2/1-2
6/4-8
10 VLAN0010 active 18 6/1,6/3
11 VLAN0011 active 19 6/2
1002 fddi-default active 6
1003 token-ring-default active 9
1004 fddinet-default active 7
1005 trnet-default active 8 8
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
11 enet 100011 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
21 enet 100021 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
31 enet 100031 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 1500 0 0x0 - - - 0 0
1004 fdnet 101004 1500 - - 0x0 ieee - 0 0
1005 trbrf 101005 1500 - - 0x0 ibm - 0 0
VLAN Inst DynCreated RSPAN

---- ---- ---------- --------
1 1 static disabled
10 static disabled
11 static disabled
20 static disabled
21 static disabled
30 static disabled
31 static disabled
1002 - static disabled
1003 1 static disabled
1004 2 static disabled
1005 - static disabled
VLAN AREHops STEHops Backup CRF 1q VLAN

---- ------- ------- ---------- -------
1003 7 7 off
Primary Secondary Secondary-Type Ports

------- --------- -------------- ------------
10 20 isolated 6/1,6/3
11 21 isolated 6/2
30 - -
- 31 isolated
This example shows how to display the VLAN mapping table information:
Console> show vlan mapping
802.1q vlan ISL vlan Effective
------------------------------------------
3000 300 true
Console>
This example shows how to display information for a specific VLAN and type:
Console> show vlan 2 fddi

---- -------------------------------- --------- ------- ------------------------
1002 fddi-default active 6
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
2 fddi 101002 1500 - - - - - 0 0

---- ---- ---------- --------
2 - static disabled
Console>
This example shows how to display information for nontrunk ports only on a specific VLAN:
Console> (enable) show vlan 2 notrunk

---- -------------------------------- --------- ------- ------------------------
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
2 enet 100002 1500 - - - - - 0 0

---- ---- ---------- --------
2 - static disabled
VLAN AREHops STEHops Backup CRF 1q VLAN

---- ------- ------- ---------- -------
Console>
The table below describes the fields in the show vlan command output.
Table: show vlan Command Output Fields
Field Description
VLAN VLAN number
Name Name, if configured, of the VLAN
Status Status of the VLAN (active or suspend)
IfIndex Interface Index, assigned by SNMP
Mod/Ports, Ports that belong to the VLAN

VLANs
Type Media type of the VLAN

SAID Security association ID value for the VLAN
MTU Maximum transmission unit size for the VLAN
Parent Parent VLAN, if one exists
RingNo Ring number for the VLAN, if applicable
BrdgNo Bridge number for the VLAN, if applicable
Stp Spanning-Tree Protocol type used on the VLAN
BrdgMode Bridging mode for this VLAN. Possible values are SRB and SRT; the
default is SRB.
Trans1 First translational VLAN used to translate FDDI or Token Ring to

Ethernet
Trans2 Second translational VLAN used to translate FDDI or Token Ring to

Ethernet
AREHops Maximum number of hops for All-Routes Explorer frames. Possible

values are from 1 through 13; the default is 7.
STEHops Maximum number of hops for Spanning-Tree Explorer frames. Possible

values are from 1 through 13; the default is 7.
Backup CRF Status of whether the TrCRF is a backup path for traffic
Misconceptions:
None
Related commands:
set trunk
set vlan
show trunk

Command:
show vtp domain
Mode:
Switch> (enable)
Syntax:
show vtp domain
Syntax Description:
Use the show vtp domain command to display VLAN Trunk Protocol (VTP) domain information.
Example:
This example shows how to display VTP domain information:
Console> show vtp domain
Domain Name Domain Index VTP Version Local Mode Password

-------------------------------- ------------ ----------- ----------- ----------
1 2 server -
Vlan-count Max-vlan-storage Config Revision Notifications

---------- ---------------- --------------- -------------
15 1023 5 disabled
Last Updater V2 Mode Pruning PruneEligible on Vlans

--------------- ------- -------- -------------------------
172.20.44.30 enabled disabled 2-1000
Console>
The table below describes the fields in the show vtp domain command output.
Table: show vtp domain Command Output Fields

Field Description
Domain Name Name of the VTP domain
Domain Index Domain index number of the domain
VTP Version VTP version number
Local Mode VTP mode (server, client, or transparent)
Password Password required or not
Vlan-count Total number of VLANs in the domain
Max-vlan-storage Maximum number of VLANs allowed on the device
Config Revision VTP revision number used to exchange VLAN information
Notifications Notifications to SNMP (enabled or disabled)
Last Updater IP address through which VTP was last updated
V2 Mode Status of VTP V2 mode is enabled or disabled
Pruning Status of VTP pruning is enabled or disabled
PruneEligible on Vlans VLANs on which pruning is allowed
Misconceptions:
None
Related commands:
set vtp

Command:
show vtp statistics
Mode:
Switch> (enable)
Syntax:
show vtp statistics
Syntax Description:
Use the show vtp statistics command to display VLAN Trunk Protocol (VTP) statistics.
Example:
This example shows how to display VTP statistics:
Console> show vtp statistics
VTP statistics:
summary advts received 0
subset advts received 0
request advts received 0
summary advts transmitted 1
subset advts transmitted 1
request advts transmitted 0
No of config revision errors 0
No of config digest errors 0
VTP pruning statistics:
Trunk Join Transmitted Join Received Summary advts received from

non-pruning-capable device
-------- --------------- ------------- ---------------------------
5/1-2
Console>
The table below describes the fields in the show vtp statistics command output.
Table: show vtp statistics Command Output Fields

Field Description
summary advts received Total number of summary advt received
subset advts received Total number of subset advt received
request advts received Total number of request advts received
summary advts transmitted Total number of summary advts transmitted
subset advts transmitted Total number of subset advts transmitted
request advts transmitted Total number of request advts transmitted
No of config revision errors Number of config revision errors that have

occurred
No of config digest errors Number of config revision digest errors that have
occurred
Trunk Trunk port participating in VTP pruning
Join Transmitted Number of VTP-Pruning Joins transmitted
Join Received Number of VTP-Pruning Joins received
Summary advts received from non- Number of summary advts received from
pruning-capable device nonpruning-capable devices
Misconceptions:
None
Related commands:
set vtp

Command:
show interface (switch)
Mode:
Switch#
Syntax:
show interface [interface-id | vlan number] [flow-control |
pruning | status | switchport [allowed-vlan | prune-elig | native-
vlan]]
Syntax Description:
interface-id ID of the module and port.
vlan VLAN number of the management VLAN. Valid IDs are from 1 to 1000. Do
number not enter leading zeroes.
flow- Displays flowcontrol information for the specified port.

control
pruning (Optional) Display pruning information for the trunk port.
status (Optional) Display the status of the interface.
switchport (Optional) Display the administrative and operational status of a switching

(nonrouting) port.
allowed-vlan—Display the VLAN IDs that receive and transmit all types
of traffic on the trunk port. By default, all VLAN IDs are included.
prune-elig—Display the VLAN ID whose flood traffic can be pruned.

By default, all VLANs, except VLAN 1 and 1002 through 1005, are
pruning-eligible on the trunk.
native-vlan—Display the native VLAN ID for untagged traffic when the

port is in 802.1Q trunking mode.
Use the show interface privileged EXEC command to display the administrative and operational
status of a switching (nonrouting) port.
Examples:
The following is a sample of output from the show interface gi0/1 flow-control command.
Switch#show interface gi0/1 flow-control
Any,Input only
The display shows two values separated by a comma. The first value is the value you configured by
using the flowcontrol command or through the Cluster Management Suite (or the default value if
you did not configure it). The first value displayed can be one of the following settings:
None—Flow control is not enabled.

Asymmetric—Only the transmit or receive flow control is enabled.
Symmetric—Both the transmit and receive flow control are enabled.
Any—Any type of flow control is supported.
The second value in the display represents the flow control value that is autonegotiated with the
link partner and can be one of the following settings:
None—Flow control with the link partner does not occur.

Output only—The interface can only transmit pause frames but not receive any.
Input only—The interface can only receive pause frames but not transmit any.
Output and Input—The interface can transmit and receive pause frames.
Note If you execute the show interface interface-id flow-control command on a GigaStack
Gigabit Interface Converter (GBIC), the first value in the display is the setting for both
GigaStack GBIC ports, and the second value is the autonegotiated setting for both ports.
The following is a sample of output from the show interface fa0/2 switchport command. Table:
describes each field in the display.
Switch#show interface fa0/2 switchport
Name: fa0/2
Switchport: Enabled
Administrative Mode: Trunk
Operational Mode: Trunk
Administrative Trunking Encapsulation: ISL
Operational Trunking Encapsulation: ISL
Negotiation of Trunking: Disabled
Access Mode VLAN: 0 (inactive)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: 1-30, 50, 100-1005
Trunking VLANs Active: 1-4
Pruning VLANs Enabled: 2-1001
Priority for untagged frames: 0

Voice VLAN: none
Appliance trust: none
Table: Show Interface fa0/2 Switchport Field Descriptions
Field Description
Name Displays the port name
Switchport Displays the administrative and operational status of the port. In

this display, the port is in switchport mode.
Administrative Mode Displays the administrative and operational mode
Operational Mode
Administrative Trunking Displays the administrative and operational encapsulation

Encapsulation method. Also displays whether trunking negotiation is enabled.
Operation Trunking
Encapsulation
Negotiation of Trunking
Access Mode VLAN Displays the VLAN ID to which the port is configured
Trunking Native Mode Lists the VLAN ID of the trunk that is in native mode. Lists the
VLAN allowed VLANs on the trunk. Lists the active VLANs on the
trunk.
Trunking VLANs
Enabled
Trunking VLANs Active
Pruning VLANs Enabled Lists the VLANs that are pruning-eligible

Priority for untagged Displays the port priority on incoming untagged frames
frames
Voice VLAN Displays the voice VLAN
Appliance trust Displays how the appliance (telephone) connected to the

specified port handles priority traffic received on its incoming
port
The following is a sample of output from the show interface fa0/9 pruning command when
pruning is enabled in the VTP domain:
Switch#show interface fa0/9 pruning
Port Vlans pruned for lack of request by neighbor

Fa0/9 3,4
Port Vlans traffic requested of neighbor

Fa0/9 1-3
The following is a sample of output from the show interface status command:
Switch#show interface status
Port Name Status Vlan Duplex Speed Type
------- ------------------ ------------ -------- ------ ------- ----
Fa0/1 connected trunk A-Full A-100 100BASE-TX/FX
Fa0/2 notconnect 1 Auto Auto 100BASE-TX/FX
<output truncated>
Misconceptions:
None
Related commands:
switchport mode

Command:
show mac-address-table security
Mode:
Switch#
Syntax:
show mac-address-table security
Syntax Description:
Use the show (mac-address-table security) privileged Exec command to display the addressing
security configuration.
Example:
This example shows how to display the address table security information.
hostname#show mac-address-table security
Action upon address violation : Suspend
InterfaceAddressing SecurityAddress Table SizeClear Address

----------------------------------------------------------------------------
Ethernet 0/1Enabled 10Yes
Ethernet 0/2DisabledN/A No
Ethernet 0/3DisabledN/ANo
Misconceptions:
None
Related commands:
None
Command:
show spanning-tree
Mode:
Switch#
Syntax:
show spanning-tree [brief] | [summary] | [vlan stp-list]
[interface interface-list] | [{begin | exclude | include}
expression]
Syntax Description:
brief Display a brief status of the spanning tree
summary Display a summary of the spanning-tree states
vlan stp-list (Optional) List of spanning-tree instances. Each spanning-tree instance is

associated with a VLAN ID. Enter each VLAN ID separated by a space.
Valid IDs are from 1 to 1001; do not enter leading zeroes.
Ranges are not supported.
interface List of ports for which spanning-tree information is displayed. Enter each
interface-list port separated by a space. Ranges are not supported.
| begin (Optional) Display begins with the line that matches the specified
expression
| exclude (Optional) Display excludes lines that match the specified expression
| include (Optional) Display includes lines that match the specified expression
expression Expression in the output to use as a reference point
Use the show spanning-tree privileged EXEC command to display spanning-tree information for
the specified spanning-tree instances.
If the variable stp-list is omitted, the command applies to the Spanning Tree Protocol (STP)
instance associated with VLAN 1.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain
output are not displayed, but the lines that contain Output are displayed.
Examples:
The following is a sample of output from the show spanning-tree summary command:
Switch#show spanning-tree summary
UplinkFast is disabled
Name Blocking Listening Learning Forwarding STP Active

-------------------- -------- --------- -------- ---------- ----------
VLAN1 23 0 0 1 24
-------------------- -------- --------- -------- ---------- ----------
1 VLAN 23 0 0 1 24
Switch#show spanning-tree brief
VLAN1
Spanning tree enabled protocol IEEE
ROOT ID Priority 32768
Address 0030.7172.66c4
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
VLAN1
Spanning tree enabled protocol IEEE
ROOT ID Priority 32768
Address 0030.7172.66c4
Port Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
------- ------- ---- ---- --- ---- -------------- -------
Fa0/11 128.17 128 100 BLK 38 0404.0400.0001 128.17
Fa0/12 128.18 128 100 BLK 38 0404.0400.0001 128.18
Fa0/13 128.19 128 100 BLK 38 0404.0400.0001 128.19
Fa0/14 128.20 128 100 BLK 38 0404.0400.0001 128.20
Fa0/15 128.21 128 100 BLK 38 0404.0400.0001 128.21
Fa0/16 128.22 128 100 BLK 38 0404.0400.0001 128.22
Fa0/17 128.23 128 100 BLK 38 0404.0400.0001 128.23
Fa0/18 128.24 128 100 BLK 38 0404.0400.0001 128.24
Fa0/19 128.25 128 100 BLK 38 0404.0400.0001 128.25
Fa0/20 128.26 128 100 BLK 38 0404.0400.0001 128.26
Fa0/21 128.27 128 100 BLK 38 0404.0400.0001 128.27
Port Designated
Name Port ID Prio Cost Sts Cost Bridge ID Port ID
------- ------- ---- ---- --- ---- -------------- -------
Fa0/22 128.28 128 100 BLK 38 0404.0400.0001 128.28
Fa0/23 128.29 128 100 BLK 38 0404.0400.0001 128.29
Fa0/24 128.30 128 100 BLK 38 0404.0400.0001 128.30
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
The following is a sample of output from the show spanning-tree command for VLAN 1:
Switch#show spanning-tree vlan 1
Spanning tree 1 is executing the IEEE compatible Spanning Tree protocol

Bridge Identifier has priority 32768, address 00e0.1eb2.ddc0
Configured hello time 2, max age 20, forward delay 15
Current root has priority 32768, address 0010.0b3f.ac80
Root port is 5, cost of root path is 10
Topology change flag not set, detected flag not set, changes 1
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0
Interface Fa0/1 in Spanning tree 1 is down

Port path cost 100, Port priority 128
Designated root has priority 32768, address 0010.0b3f.ac80
Designated bridge has priority 32768, address 00e0.1eb2.ddc0
Designated port is 1, path cost 10
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 0, received 0
...
The following is a sample of output from the show spanning-tree interface command for port 3:
Switch#show spanning-tree interface fa0/3
Interface Fa0/3 (port 3) in Spanning tree 1 is down

Port path cost 100, Port priority 128
Designated root has priority 6000, address 0090.2bba.7a40
Designated bridge has priority 32768, address 00e0.1e9f.4abf
Designated port is 3, path cost 410
Timers: message age 0, forward delay 0, hold 0
BPDU: sent 0, received 0
Misconceptions:
None
Related commands:
spanning-tree
spanning-tree forward-time
spanning-tree max-age
spanning-tree port-priority

Command:
show vlan (IOS)
Mode:
Switch#
Syntax:
show vlan [vlan]
Syntax Description:
vlan Number from 1 to 1005.
Use the show vlan privileged Exec command to display the settings of VLAN configuration
parameters.
If you do not specify vlan, the system displays all VLAN configuration parameters. This command
is not functional when bridge groups are enabled.
Example:
This example shows how to display the settings of the VLAN configuration parameters:
hostname#show vlan
VLAN NameStatusPorts
---- -------------------------------- --------- ----------------------------
1 defaultactive1-15
2 VLAN0002 active16-18
3 VLAN0003 active
4 VLAN0004active
5 VLAN0005active
6 VLAN0006active
7 VLAN0007active
8 VLAN0008active
9 VLAN0009active
10 VLAN0010active
11 VLAN0011active
12 VLAN0012active
13 VLAN0013active
14 VLAN0014active
15 VLAN0015active
1002 fddi-defaultsuspended
1003 token-ring-defaultsuspended
1004 fddinet-defaultsuspended
1005 trnet-defaultsuspended
VLANTypeSAIDMTUParentRingNoBridgeNoStpTrans1Trans2
------------------------------------------------------
1enet1000011500000IEEE10021003
2enet1000021500000IEEE00
3enet1000031500000
4enet1000041500-000
5enet1000051500-000
6enet1000061500-000
7enet1000071500-000
8enet1000081500-0---00
9enet1000091500-0-- -00
10enet1000101500-0---00
11enet1000111500-0---00
12enet1000121500-0---00
13enet1000131500-0---00
14enet1000141500-000
15enet1000151500000
1002FDDI1010021500000IEEE11003
1003Token_Ring1010031500100510IEEE111002
1004FDDI_Net1010041500001IEEE00
1005Token_Ring_Net1010051500001IEEE00
Misconceptions:
None
Related commands:
spantree

Command:
show vtp
Mode:
Switch#
Syntax:
show vtp {counters | status} | [{begin | exclude | include}
expression]
Syntax Description:
counters Display the VTP counters for the switch.
status Display general information about the VTP management domain.
| begin (Optional) Display begins with the line that matches the specified expression.
| exclude (Optional) Display excludes lines that match the specified expression.
| include (Optional) Display includes lines that match the specified expression.
expression Expression in the output to use as a reference point.
Use the show vtp privileged EXEC command to display general information about the VLAN
Trunk Protocol (VTP) management domain, status, and counters.
Expressions are case sensitive. For example, if you enter | exclude output, the lines that contain
output are not displayed, but the lines that contain Output are displayed.
Examples:
The following is a sample of output from the show vtp counters command. The table describes
each field in the display.
Switch#show vtp counters
VTP statistics:
Summary advertisements received : 38
Subset advertisements received : 0
Request advertisements received : 0
Summary advertisements transmitted : 13
Subset advertisements transmitted : 3
Request advertisements transmitted : 0
Number of config revision errors : 0
Number of config digest errors : 0
Number of V1 summary errors : 0
VTP pruning statistics:
Trunk Join Transmitted Join Received

Summary advts received from
non-pruning-capable device
---------------- ---------------- ---------------- ---------------------------
Fa0/9 827 824 0
Fa0/10 827 823 0
Fa0/11 827 823 0
Table: Show VTP Counters Field Descriptions
Field Description
Summary Advts Number of summary advertisements received by this switch on its

Received trunk ports. Summary advertisements contain the management
domain name, the configuration revision number, the update
timestamp and identity, the authentication checksum, and the
number of subset advertisements to follow.
Subset Advts Number of subset advertisements received by this switch on its trunk
Received ports. Subset advertisements contain all the information for one or
more VLANs.
Request Advts Number of advertisement requests received by this switch on its

Received trunk ports. Advertisement requests normally request information on
all VLANs. They can also request information on a subset of
VLANs.
Summary Advts Number of summary advertisements sent by this switch on its trunk
Transmitted ports. Summary advertisements contain the management domain
name, the configuration revision number, the update timestamp and
identity, the authentication checksum, and the number of subset
advertisements to follow.
Subset Advts Number of subset advertisements sent by this switch on its trunk
Transmitted ports. Subset advertisements contain all the information for one or
more VLANs.
Request Advts Number of advertisement requests sent by this switch on its trunk
Transmitted ports. Advertisement requests normally request information on all
VLANs. They can also request information on a subset of VLANs.
No. of Configuration Number of revision errors.

Revision Errors
Whenever you define a new VLAN, delete an existing one, suspend
or resume an existing VLAN, or modify the parameters on an
existing VLAN, the configuration revision number of the switch
increments.
Revision errors increment whenever the switch receives an

advertisement whose revision number matches the revision number
of the switch, but the MD5 digest values do not match. This error
indicates that the VTP password in the two switches is different, or
the switches have different configurations.
These errors indicate that the switch is filtering incoming

advertisements, which causes the VTP database to become
unsynchronized across the network.
No. of Configuration Number of MD5 digest errors.

Digest Errors
Digest errors increment whenever the MD5 digest in the summary
packet and the MD5 digest of the received advertisement calculated
by the switch do not match. This error usually indicates that the VTP
password in the two switches is different. To solve this problem,
make sure the VTP password on all switches is the same.
These errors indicate that the switch is filtering incoming

advertisements, which causes the VTP database to become
unsynchronized across the network.
No. of V1 Summary Number of version 1 errors.

Errors
Version 1 summary errors increment whenever a switch in VTP V2
mode receives a VTP version 1 frame. These errors indicate that at
least one neighboring switch is either running VTP version 1 or VTP
version 2 with V2-mode disabled. To solve this problem, change the
configuration of the switches in VTP V2-mode to disabled.
Summary Advts Number of VTP summary messages received on the trunk from
Received from non- devices that do not support pruning.
pruning-capable
device
The following is a sample of output from the show vtp status command. Table below describes
each field in the display.
Switch#show vtp status
VTP Version : 2
Configuration Revision : 1
Maximum VLANs supported locally : 68
Number of existing VLANs : 7
VTP Operating Mode : Server
VTP Domain Name : test1
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x3D 0x02 0xD4 0x3A 0xC4 0x46 0xA1 0x03
Configuration last modified by 172.20.130.52 at 3-4-93 22:25:
Table: Show VTP Status Field Descriptions
Field Description
VTP Version Displays the VTP version operating on the switch. By default,
2950 switches implement version 1 but can be set to
version 2.
Configuration Current configuration revision number on this switch

Revision
Maximum Maximum number of VLANs supported locally

VLANs
Supported
Locally
Number of Number of existing VLANs

Existing VLANs
VTP Operating Displays the VTP operating mode, which can be server, client, or
Mode transparent
Server: a switch in VTP server mode is enabled for VTP and sends
advertisements. You can configure VLANs on it. The switch guarantees
that it can recover all the VLAN information in the current VTP database
from nonvolatile storage after reboot. By default, every switch is a VTP
server.
Client: a switch in VTP client mode is enabled for VTP, can send
advertisements, but does not have enough nonvolatile storage to store
VLAN configurations. You cannot configure VLANs on it. When a VTP
client starts up, it does not transmit VTP advertisements until it receives
advertisements to initialize its VLAN database.
Transparent: a switch in VTP transparent mode is disabled for VTP,

does not transmit advertisements or learn from advertisements sent by
other devices, and cannot affect VLAN configurations on other devices
in the network. The switch receives VTP advertisements and forwards
them on all trunk ports except the one on which the advertisement was
received.
VTP Domain Name that identifies the administrative domain for the switch
Name
VTP V2 Mode Displays if VTP version 2 mode is enabled. All VTP version 2 switches
operate in version 1 mode by default. Each VTP switch automatically
detects the capabilities of all the other VTP devices. A network of VTP
devices should be configured to version 2 only if all VTP switches in the
network can operate in version 2 mode.
VTP Traps Displays whether VTP traps are transmitted to a network management
Generation station
MD5 Digest A 16-byte checksum of the VTP configuration
Configuration Displays the date and time of the last configuration modification.
Last Modified Displays the IP address of the switch that caused the configuration
change to the database.
Misconceptions:
None
Related commands:

Command:
default-information originate
Mode:
Syntax:
default-information originate [route-map mapname]
no default-information originate [route-map mapname]
Syntax Description:
route- (Optional) Routing process will generate the default route if the route map is
map satisfied
To generate a default route into RIP, use the default-information originate router configuration
command. To disable this feature, use the no form of this command.
Example:
Router(config-router)#default-information originate route-map condition
Misconceptions:
None
Related Commands:
None

Command:
ip classless
Mode:
Router(config)#
Syntax:
ip classless
no ip classless
Syntax Description:
At times the router might receive packets destined for a subnet of a network that has no network
default route. To have the Cisco IOS software forward such packets to the best supernet route
possible, use the ip classless global configuration command. To disable this feature, use the no
form of this command. When this feature is disabled, the software discards the packets when a
router receives packets for a subnet that numerically falls within its subnetwork addressing
scheme.
Example:
Router(config)#ip classless
Misconceptions:
None
Related Commands:
ip subnet-zero

Command:
ip default-gateway
Mode:
Router(config)#
Syntax:
ip default-gateway ip address
no ip default-gateway ip address
Syntax Description:
ip-address IP address of the router
To define a default gateway (router) when IP routing is disabled, use the ip default-gateway
global configuration command. To disable this function, use the no form of this command.
Example:
Router(config)#ip default-gateway 192.31.7.18
Misconceptions:
The ip default-gateway command is often used to try to set the router's default route. This is
incorrect. The ip default-gateway setting is only used when ip routing is disabled. This command
does not set the router's default route.
Related Commands:
None

Command:
ip default-network
Mode:
Router(config)#
Syntax:
ip default-network network-number
no ip default-network network-number
Syntax Description:
network-number Number of the network
To select a network as a candidate route for computing the gateway of last resort, use the
ip default-network global configuration command. To remove a route, use the no form of this
command.
The Cisco IOS software uses both administrative distance and metric information to determine the
default route. Multiple ip default-network commands can be given. All candidate default routes,
both static (that is, flagged by ip default-network) and dynamic, appear in the routing table
preceded by an asterisk.
If the IP routing table indicates that the specified network number is subnetted and a non-zero
subnet number is specified, then the system will automatically configure a static summary route.
This static summary route is configured instead of a default network. The effect of the static
summary route is to cause traffic destined for subnets that are not explicitly listed in the IP routing
table to be routed using the specified subnet.
Example:
The following example defines a static route to network 10.0.0.0 as the static default route:
Router(config)#ip route 10.0.0.0 255.0.0.0 131.108.3.4
Router(config)#ip default-network 10.0.0.0
In the preceeding example, the ip default-network command will only be in effect if network
10.0.0.0 exists in the router's routing table.
Misconceptions:
None
Related Commands:
show ip route

Command:
ip route
Mode:
Router(config)#
Syntax:
ip route prefix mask {address | interface} [distance] [tag tag]
[permanent]
no ip route prefix mask {address | interface} [distance] [tag tag]

[permanent]
Syntax Description:
prefix IP route prefix for the destination
mask Prefix mask for the destination
address IP address of the next hop that can be used to reach that network
interface Network interface to use
distance (Optional) An administrative distance
redistribution via route maps
permanent (Optional) Specifies that the route will not be removed, even if the interface
shuts down
To establish static routes, use the ip route global configuration command. To remove static routes,
Example:
Router(config)#ip route 10.0.0.0 255.0.0.0 131.108.3.4 110
Misconceptions:
None
Related Commands:
show ip route

Command:
clear config all
Mode:
Switch> (enable)
Syntax:
clear config all
Syntax Description:
all Keyword that clears all information about modules and system configuration, including
the IP address.
Use the clear config command to clear information about the system or module configuration
stored in NVRAM.
When you clear the configuration using the clear config all command, the default switch
configuration is restored. The information that is cleared includes manually configured IP
addresses and IP addresses learned through DHCP or RARP.
When you clear the configuration, the IP address and subnet mask on the me1 and sc0 interfaces
are set to 0.0.0.0. The me1 interface is brought down, and the sc0 interface is brought up.
Before using the clear config all command, save a backup of the configuration.
Example:
This example shows how to delete all the configuration information:
Switch (enable)>clear config all
Misconceptions:
None
Related Commands:
configure (CLI)
show config

Command:
clear mls
Mode:
Switch> (enable)
Syntax:
clear mls include {{ip_addr} | all}
clear mls nde flow
clear mls statistics
clear mls entry {[destination {ip_addr_spec}] [source
{ip_addr_spec}] | [flow {protocol}{src_port} {dst_port}] | all}
Syntax Description:
include Keyword used to remove the inclusion of the specified routers.

ip_addr Route-processor IP address, or name of the route processor if DNS is enabled.
all Keyword used to remove all routers from participation in the flow.
nde flow Keywords used to reset the filter to the defaults.
statistics Keyword used to clear the following statistics: total packets switched and total
packets exported (for NDE).
entry Keyword used to purge the specified NFLS entry, or all entries if all is
specified. All matching NFLS entries are purged.
destination (Optional) Keyword used to specify the destination IP address.
ip_addr_spec (Optional) Full IP address or a subnet address in the following formats:
ip_subnet_addr, ip_addr/subnet_mask, or ip_addr/#subnet_mask_bits.
source (Optional) Keyword used to specify the source IP address.
flow (Optional) Keyword used to specify additional flow information (protocol
family and protocol port pair) to be matched.
protocol (Optional) Keyword used to specify flow information; valid values include
tcp,udp, icmp, or a decimal number for other protocol families.
src_port (Optional) Source port IP address.
dst_port (Optional) Destination port IP address.
all (Optional) Keyword used to specify all NFLS entries.
Use the clear mls command set to clear the MLS feature in the Catalyst 5000 series switch.
If you enter any of the clear mls commands on a Catalyst 5000 series switch without MLS, the
following warning message is displayed:
When you remove an RSM from the Catalyst 5000 series switch, it is immediately removed from
the inclusion list and all the NFLS entries for the RSM are removed.
Up to 16 routers can be explicitly included.
To use a router as an NFLS, you must meet the following conditions:
The router must be included (either explicitly or automatically).

The MLS feature must be enabled in the Catalyst 5000 series switch.
The Catalyst 5000 series switch must know the router's MAC-VLAN pairs.
Use the following syntax to specify an IP subnet address:
ip_subnet_addr—This is the short subnet address format. The trailing decimal number 00 in
an IP address YY.YY.YY.00 specifies the boundary for an IP subnet address. For example,
172.22.36.00 indicates a 24-bit subnet address (subnet mask 172.22.36.00/255.255.255.0),
and 173.24.00.00 indicates a 16-bit subnet address (subnet mask 173.24.00.00/255.255.0.0).
However, this format can only identify a subnet address with a length of 8,16, or 24 bits.
ip_addr/subnet_mask—This is the long subnet address format, for example,
172.22.252.00/255.255.252.00 indicates a 22-bit subnet address. This format can specify a
subnet address of any bit number. To provide more flexibility, the ip_addr is allowed to be a
full host address, such as 172.22.253.1/255.255.252.00.
ip_addr/maskbits—This is the simplified long subnet address format. The mask bits specifies
the number of bits of the network masks. For example, 172.22.252.00/22 indicates a 22-bit
subnet address. The ip_addr is allowed to be a full host address, such as 172.22.254.1/22,
which has the same subnet address as 172.22.252.00/22.
If you do not use the all argument in the clear mls entry command, you must specify at least one
of the other three keywords (source, destination, or flow) and its arguments.
A 0 value for source_port and destination_port clears all entries. Unspecified options are treated as
wildcards and all entries are cleared.
Example:
This example shows how to disable MLS for the Stargate router (IP address 172.20.15.1):
Console> (enable) clear mls include Stargate
Multilayer switching is disabled for router 172.20.15.1 (Stargate)

Console>(enable)
This example shows how to clear additional flow information (protocol family and protocol port pair):
Console> (enable) clear mls nde flow
Netflow data export filter cleared.

Console>(enable)
This example shows how to clear MLS statistics, including: total packets switched and total packets export
(for NDE):
Console> (enable) clear mls statistics
Netflow data export statistics cleared.

Console>(enable)
This example shows how to clear the MLS entries with destination IP address 172.20.26.22:
Console>(enable) clear mls entry destination 172.20.26.22
Multilayer switching entry cleared.

Console>(enable)
This example shows how to clear specific MLS entries for destination IP address 172.20.26.22:
Console>(enable) clear mls destination 172.20.26.22 source 172.20.22.113 flow tcp 520 32
Multilayer switching entry cleared

Console>(enable)
Misconceptions:
None
Related Commands:
set mls
show mls

Command:
clear trunk
Mode:
Switch> (enable)
Syntax:
clear trunk mod ports [vlans]
Syntax Description:
mod Variable that specifies the number of the module.
ports Variable that specifies the number of the ports on the module.
vlans (Optional) Variable that specifies one or more VLANs to remove from the allowed
VLAN list for the trunk port; valid values are from 2 to 1005.
Use the clear trunk command to restore a trunk port to its default trunk type and mode or to clear
specific VLANs from the allowed VLAN list for a trunk port.
If you specify VLANs, those VLANs are removed from the list of VLANs allowed on the trunk.
Traffic for the removed VLANs is not forwarded over the trunk port.
Default VLANs cannot be cleared from the allowed VLAN list on the trunk.
To add VLANs that you have removed, use the set trunk mod_num/port_num vlan_range
command.
Example:
This example shows how to clear VLANs 200 to 500 from the trunk port on port 2 of module 1:
Console> (enable) clear trunk 1/2 200-500
Removing Vlan(s) 200-500 from allowed list.

Port 1/2 allowed vlans modified to 1-199,501-1000.
Console> (enable)
This example shows how to clear the trunk on port 2 of module 1:

Console> (enable) clear trunk 1/2
Port(s) 1/2 trunk mode set to auto.

Port(s) 1/2 trunk type set to isl.
Console> (enable)
Misconceptions:
None
Related Commands:
set trunk
show trunk

Command:
clear vlan
Mode:
Switch> (enable)
Syntax:
clear vlan vlan
Syntax Description:
vlan Variable that specifies the number of the VLAN, valid values are from 2 to 1000.
Use the clear vlan command to delete an existing VLAN from a management domain.
Follow these guidelines for deleting VLANs:
When you delete a normal-range Ethernet VLAN in VTP server mode, the VLAN is removed
from all switches in the same VTP domain.
When you delete a normal-range VLAN in VTP transparent mode, the VLAN is deleted only
on the current switch.
You can delete an extended-range VLAN only on the switch where it was created.
Example:
This example shows how to clear an existing VLAN (VLAN 4) from a management domain:
Console> (enable) clear vlan 4
This command will deactivate all ports on vlan 4 in the entire management domain:
Do you want to continue(y/n) [n]? y
VLAN 4 deleted
Console> (enable)
Misconceptions:
When you clear a VLAN on a switch configured as a VTP server, the VLAN is deleted from the
entire VTP domain. Every switch in that VTP domain will delete the VLAN.
When you clear a VLAN, all ports assigned to that VLAN become inactive. However, the VLAN
port assignments are retained until you move the ports to another VLAN. If the cleared VLAN is
reactivated, all ports still configured on that VLAN are also reactivated.
When you clear a private VLAN (primary, isolated, or community), the ports are set to inactive and
are not assigned to any VLAN. The private VLAN mappings for the selected VLAN are also
cleared. ACL to VLAN mappings are also deleted.
Related Commands:
set vlan
show vlan

Command:
clear vtp pruning
Mode:
Switch> (enable)
Syntax:
clear vtp pruning vlan_num
Syntax Description:
vlan_num Variable that specifies the number of VLANs to be made ineligible for
pruning. Valid values are from 1 to 1005.
Use the clear vtp pruning command to specify the VLANs in the VTP domain that are ineligible
for pruning.
VTP pruning prevents traffic in each pruning-eligible VLAN from being transmitted on a VLAN
trunk if no stations belonging to that VLAN are located across that trunk. Use the set vtp
command to enable VTP pruning.
Use the set vtp pruning command to make the VLANs eligible for pruning again.
Example:
This example shows how to make VLANs 200 to 500 ineligible for pruning:
Console> (enable) clear vtp pruning 200-500
Vlans 1,200-500,1001-1005 will not be pruned on this device.

VTP domain Company modified.
Console> (enable)
Misconceptions:
None
Related Commands:
set vtp
show vtp statistics
set vtp pruneeligible
set vtp pruning

Command:
configure (CLI)
Mode:
Switch> (enable)
Syntax:
configure host file [rcp]
Syntax Description:
host Variable that specifies the IP address or IP alias of the host.
file Variable that specifies the name of the configuration file.
rcp (Optional) Keyword that specifies rcp as file transfer method.
Use the configure command to download a configuration file from a host and execute each
command in that file.
Example:
Refer to the Software Configuration Guide-Catalyst 4000 Family, 2948G, and 2980G Switches for
information on how to construct a configuration file to download using the configure command.
The following is a sample configuration file. Each line contains a command, except for the lines
that begin with ! or #. On some servers (NT), the TFTP directory might not be /tftpboot.
begin
show time
set ip alias conc7 198.133.219.207
set ip alias montreux 198.133.119.42
set ip alias cres 192.122.174.42
set prompt system5>
set password
# empty string old password
pingpong
pingpong
end
#
This example shows how to configure the switch using a configuration file downloaded from a
TFTP server:
Console> (enable) configure 192.122.174.42 system5.cfg
Configure using system5.cfg from 192.122.174.42 (y/n) [n]? y
/
Done. Finished Network Download. (446 bytes)
>> show time
Wed Nov 11 1998, 17:42:50
>> set ip alias conc7 198.133.219.207
IP alias added.
>> set ip alias montreux 198.133.219.40
IP alias added.
>> set ip alias cres 192.122.174.42
IP alias added.
>> set prompt system5>
>> set password
Enter old password:
Enter new password: pingpong
Retype new password: pingpong
Password changed.
Misconceptions:
None
Related Commands:
show config

Command:
copy (CLI)
Mode:
Switch> (enable)
Syntax:
copy file-id {config | flash | rcp | tftp}
copy config {file-id | flash | rcp| tftp} [all]
copy tftp {file-id | flash | config}
copy rcp {file-id | flash | config}
copy flash {file-id | tftp | rcp | config}
Syntax Description:
file- Variable that specifies the file on which to perform the copy action, where file-id
id is in the format [[m/]device:][filename].
m/ = The module where the Flash device is located (such as the standby
supervisor engine, an FDDI module, or an ATM module). Module 1 is assumed
if a different module is not specified.
device: = Device where the file is located. Valid Flash devices are bootflash:,
slot0:, and slot1:. You can also specify tftp: as the device name. The colon (:) is
required after the device name.
filename = Name of the system image or configuration file.
config Keyword that copies the switch configuration file to the specified file, or that the
specified file will be used to configure the switch.
flash Keyword that copies the file to or from the Flash file system
rcp Keyword that copies the file to or from an rcp server
tftp Keyword that copies the file to or from a TFTP server

all (Optional) Keyword that copies the entire configuration to the specified
destination configuration file. If you do not use the all keyword, only nondefault
commands are copied to the destination configuration file.
Use the copy command set to upload or download a Flash image or a switch configuration to or
from a Flash device, rcp server, or TFTP server.
The Catalyst 4000 family switches support only the bootflash: Flash device.
If you use the flash keyword as the copy source or destination, you are prompted for the Flash
device name. If you are copying a software image to multiple intelligent switching modules of the
same type, use the flash keyword as the copy destination. The switch automatically determines
which modules to copy the image to based on the header in the source image file. If you want to
copy a software image to a single intelligent switching module in a switch with multiple modules
of the same type, you must specify the destination file-id as m/bootflash: (do not specify a
filename).
Examples:
This example shows how to upload the non-default switch configuration to a file named cat.cfg on
the slot0: Flash device:
Console> (enable) copy config slot0:cat.cfg
Upload configuration to slot0:cat.cfg

649324 bytes available on device slot0, proceed (y/n) [n]? y
.........
/
Configuration has been copied successfully. (10200 bytes)
Console> (enable)
This example shows how to upload both the default and non-default switch configuration to a file
named lab2.cfg on a TFTP server:
Console> (enable) copy config tftp:lab2.cfg all
IP address or name of remote host [172.20.22.7]? y
Upload configuration to imgFile:lab2.cfg (y/n) [n]? y

.........
/
Configuration has been copied successfully. (10299 bytes).
Console> (enable)
This example shows how to upload the non-default switch configuration to the cat.cfg file on the
slot1: Flash device:
Console> (enable) copy config flash
Flash device [bootflash]? slot1:
Name of file to copy to [configFile]? cat.cfg
Upload configuration to slot1:cat.cfg

749124 bytes available on device slot1, proceed (y/n) [n]? y
.........
/
Configuration has been copied successfully. (200345 bytes).
Console> (enable)
This example shows how to upload an image from a remote host into Flash using rcp:
Console> (enable) copy rcp flash
IP address or name of remote host []? 172.20.52.3
Name of file to copy from []? cat5000-sup3.4-2-1.bin
Flash device [bootflash]?

Name of file to copy to [cat5000-sup3.4-2-1.bin]?
4369664 bytes available on device bootflash, proceed (y/n) [n]? y
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
File has been copied successfully.
Console> (enable)
This example shows how to upload the running configuration on a Catalyst 4000 family,
Catalyst 2948G, or Catalyst 2980G switch to an rcp server for storage:
Console> (enable) copy config rcp
Name of file to copy to []? cat5000_config.cfg
Upload configuration to rcp:cat5000_config.cfg, (y/n) [n]? y
.....
/
Configuration has been copied successfully.
Console> (enable)
This example shows how to configure a switch using a configuration file downloaded from an rcp
server:
Console> (enable) copy rcp config
Name of file to copy from []? dns-config.cfg
Configure using rcp:dns-config.cfg (y/n) [n]? y
/
Finished network download. (134 bytes)
>>
>> set ip dns server 172.16.10.70 primary
172.16.10.70 added to DNS server table as primary server.
>> set ip dns server 172.16.10.140
172.16.10.140 added to DNS server table as backup server.
>> set ip dns enable
DNS is enabled
>> set ip dns domain corp.com
Default DNS domain name set to corp.com
Console> (enable)
This example shows how to configure the switch using a configuration file on a Flash device:
Console> (enable) copy flash config
Flash device [bootflash]?

Name of configuration file? test.cfg
Configure using bootflash:test.cfg (y/n) [n]? y
/
Finished download. (10900 bytes)
>> set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
Password changed.
>> set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
Password changed.
>> set prompt Console>
>> set length 24 default
Screen length set to 24.
>> set logout 20
.....
Console> (enable)
This example shows how to copy a file from a TFTP server to a Flash device:
Console> (enable) copy tftp bootflash:
Address or name of remote host [172.20.22.7]?

Enter source file name [cat4000-sup.4-5-1.bin]?
Enter destination file name [cat4000-sup.4-5-1.bin]?
6942528 bytes available in flash, proceed (y/n) [n]?y
Console> (enable)
Misconceptions:
None
Related Commands:
None

Command:
session
Mode:
Switch> (enable)
Syntax:
session mod
Syntax Description:
mod Variable that specifies the number of the module
Use the session command to access the CLI of an intelligent module such as a Catalyst 5000
family RSM, RSFC, or ATM module.
After you enter this command, the system responds with the Enter Password: prompt, if a password
is configured on the module.
To end the session with the intelligent module, enter the quit command.
Example:
This example shows how to open a session with an ATM module (module 4):
Console> session 4
Trying ATM-4...
Connected to ATM-4.
Escape character is `^]'.
ATM>
2
Misconceptions:
None
Related Commands:
None

Command:
set authentication login
Mode:
Switch> (enable)
Syntax:
set authentication login attempt count [console | remote]
set authentication login lockout time [console | remote]
set authentication login {radius | tacacs | kerberos}enable

[console | telnet | http | all] [primary]
set authentication login {radius | tacacs | kerberos}disable

[console | telnet | http | all]
set authentication login local {enable | disable} [console |

telnet | http | all]
Syntax Description:
attempt Keyword and variable that specify the number of login attempts.
count
remote (Optional) Keyword that specifies the authentication method applies to remote
logins such as Telnet, SSH, kerberos, and HTTP.
lockout Keyword and variable that specify that the period of time a user is locked out
time of the switch after unsuccessfully attempting login.
radius Keyword that specifies RADIUS authentication for normal mode access.
tacacs Keyword that specifies TACACS+ authentication for normal mode access.
kerberos Keyword that specifies Kerberos authentication for normal mode access.
enable Keyword that enables the specified authentication method for normal mode
access.
console (Optional) Keyword that applies the authentication method to console
sessions.
telnet (Optional) Keyword that applies the authentication method to Telnet sessions.
http (Optional) Keyword that applies the authentication method to HTTP sessions.
all (Optional) Keyword that applies the authentication method to all sessions.
primary (Optional) Keyword that specifies that the specified authentication method be
tried first.
disable Keyword that disables the specified authentication method for normal mode
access.
local Keyword that specifies local authentication for normal mode access.
Use the set authentication login command to configure the switch to use TACACS+, Kerberos,
RADIUS, or local authentication to authenticate normal (login) mode access on the switch.
Examples:
This command allows you to choose the authentication method for the web interface. If you configure the
authentication method for the HTTP session as RADIUS, then the username or password is validated
using the RADIUS protocol, and TACACS+ and Kerberos authentication is set to disable for the HTTP
sessions. By default, the HTTP login is validated using the local login password.
You can specify the authentication method for console, telnet, http, or all by entering the console,
telnet, http, or all keywords. If you do not specify console, telnet, http, or all, the authentication method
default is for all sessions.
The maximum number of login attempts from SNMP and the command-line interface (CLI) can be
configured. The configurable range is from 0 to 10. To disable login attempts, set the level to 0. Failed
login system logs are generated at level 5. If you are attempting access to enable mode, and the password
fails more than the number of attempts allowed, the system will disable the execution of the enable
command for the lockout time.
The lockout time is configurable from SNMP and the CLI. The configurable range is from 30 to 600
seconds (half a minute to ten minutes). For console login, the console will not allow logging in during
that time. For remote logins the connection will be closed when the limit is reached, and any subsequent
login attempts from that station will be closed immediately by the switch.
When attempt limit checking is disabled, the lockout restriction is no longer applicable.
This example shows how to set the login attempt to 5 for both console and remote sessions:
Console> (enable) set authentication login attempt 5
Login authentication attempts for console and remote login set to 5.
Console> (enable)
This example shows how to set the login attempt to 7 for remote sessions:
Console> (enable) set authentication login attempt 7 remote
Login authentication attempts for remote login set to 7.
Console> (enable)
This example shows how to set the login attempt to 8 for console sessions:
Console> (enable) set authentication login attempt 8 console
Login authentication attempts for console login set to 8.
Console> (enable)
This example shows how to set the lockout time for both console and remote sessions to 50 seconds:
Console> (enable) set authentication login lockout 50
Login lockout time for console and remote login set to 50 seconds.
Console> (enable)
This example shows how to set the lockout time for console sessions to 5 minutes:
Console> (enable) set authentication login lockout 300 console
Login lockout time for console login set to 5 minutes.
Console> (enable)
This example shows how to set the lockout time for remote sessions to 7 minutes and 10 seconds:
Console> (enable) set authentication login lockout 430 remote
Login lockout time for console and remote login set to 7 minutes and 10 seconds.
Console> (enable)
This example shows how to disable TACACS+ authentication access for Telnet sessions:
Console> (enable) set authentication login tacacs disable telnet
tacacs login authentication set to disable for the telnet sessions.

Console> (enable)
This example shows how to disable RADIUS authentication access for console sessions:
Console> (enable) set authentication login radius disable console
radius login authentication set to disable for the console sessions.

Console> (enable)
This example shows how to disable Kerberos authentication access for Telnet sessions:
Console> (enable) set authentication login kerberos disable telnet
kerberos login authentication set to disable for the telnet sessions.

Console> (enable)
This example shows how to set TACACS+ authentication access as the primary method for HTTP
sessions:
Console> (enable) set authentication login tacacs enable http primary
tacacs login authentication set to enable for HTTP sessions as primary authentication
method.
Console> (enable)
Misconceptions:
None
Related Commands:
show authentication

Command:
set banner motd
Mode:
Switch(enable)#
Syntax:
set banner motd c [text] c
Syntax Description:
c Variable that specifies the delimiting character used to begin and end the message.
text (Optional) Variable that specifies the message of the day.
Use the set banner motd command to create a login banner that is displayed when users access the
switch.
The banner cannot contain more than 3070 characters, including tabs. Tabs display as eight
characters but take only one character of memory.
You can use either the clear banner motd command or the set banner motd command to clear
the message-of-the-day banner.
Example:
This example shows how to set the message of the day using the pound sign (#) as the delimiting
character:
Console> (enable) set banner motd #
** System upgrade: starting: 6:00am Tuesday.
** Please log out before leaving on Monday. #
MOTD banner set.

Console> (enable>
This example shows how to clear the message of the day using the set banner motd command:
Console> (enable) set banner motd ##
MOTD banner cleared.

Console> (enable>
Misconceptions:
None
Related Commands:

Command:
set cgmp
Mode:
Switch> (enable)
Syntax:
set cgmp {enable | disable}
Syntax Description:
enable Keyword that enables CGMP on the switch.
disable Keyword that disables CGMP on the switch.
Use the set cgmp command to enable or disable Cisco Group Management Protocol (CGMP) on
the switch.
CGMP requires that you connect the switch to a router running CGMP.
Example:
This example shows how to enable CGMP on a device:
Console> (enable) set cgmp enable
CMGP support for IP multicast enabled.
Console> (enable)
This example shows how to disable CGMP on a device:

Console> (enable) set cgmp disable
CMGP support for IP multicast disabled.
Console> (enable)
This example shows what happens if you try to enable CGMP if IGMP snooping is already
enabled:
Console> (enable) set cgmp enable
Disable IGMP Snooping feature to enable CGMP.

Console> (enable)
Misconceptions:
None
Related Commands:
set cgmp leave
show cgmp leave

Command:
set cgmp leave
Mode:
Switch> (enable)
Syntax:
set cgmp fastleave {enable | disable}
Syntax Description:
enable Keyword that enables CGMP leave processing.
disable Keyword that disables CGMP leave processing.
Use the set cgmp leave command to enable or disable Cisco Group Management Protocol
(CGMP) leave processing.
Example:
This example shows how to enable CGMP leave processing:
Console> (enable) set cgmp leave enable
CMGP leave processing enabled.
Console> (enable)
This example shows how to disable CGMP leave processing:

Console> (enable) set cgmp leave disable
CMGP leave processing disabled.
Console> (enable)
Misconceptions:
None
Related Commands:
set cgmp
show cgmp leave

Command:
set enablepass
Mode:
Switch> (enable)
Syntax:
set enablepass
Syntax Description:
Use the set enablepass command to change the privileged (enable) mode password on the switch.
Passwords are case sensitive; they may be 0 to 30 characters in length, including spaces.
The command prompts you for the old password. If the password you enter is valid, you are
prompted to enter a new password and to verify the new password.
Example:
This example shows how to establish a new password:
Console> (enable) set enablepass
Enter old password: <old_password>
Enter new password: <new_password>
Retype new password: <new_password>
Password changed.
Console> (enable)
Misconceptions:
None
Related Commands:
enable
set password

Command:
set interface
Mode:
Switch> (enable)
Syntax:
set interface {sc0 | me1 | sl0} {up | down}
set interface sc0 [vlan] [ip_addr [netmask [broadcast]]]
set interface sc0 [vlan] [ip_addr/netmask[broadcast]]
set interface me1 ip_addr [netmask [broadcast]]
set interface me1 ip_addr/netmask [broadcast]
set interface sl0 slip_addr dest_addr
set interface sc0 dhcp {renew | release}
Syntax Description:
sc0 Keyword that specifies the in-band management interface.
me1 Keyword that specifies the out-of-band management Ethernet interface.
sl0 Keyword that specifies the SLIP interface.
up Keyword used to bring the interface into operation.
down Keyword used to bring the interface out of operation.
vlan (Optional) Variable that specifies the number of the VLAN to be assigned to the
interface.
ip_addr (Optional) Variable that specifies the IP address to assign to the interface.
netmask (Optional) Variable that specifies the subnet mask or mask bits to assign to the
interface.
broadcast (Optional) Variable that specifies the broadcast address to assign to the interface.
slip_addr Variable that specifies the SLIP source address of the console port.
dest_addr Variable that specifies the SLIP destination address of the host to which the
console port will be connected.
dhcp Keyword used to perform DHCP operations on the sc0 interface.
renew Keyword used to renew the lease on a DHCP-learned IP address.
release Keyword used to release a DHCP-learned IP address back to the DHCP IP

address pool.
Defaults
The default configuration has the IP address, subnet mask, and broadcast address of the in-band
management interface (sc0) and out-of-band management Ethernet interface (me1) set to 0.0.0.0,
with the sc0 interface in VLAN 1. The default configuration for the SLIP interface (sl0) is that the
SLIP source and destination addresses are set to 0.0.0.0.
Use the set interface command to set the network interface configuration and to enable or disable
standard SNMP trap operation.
The Catalyst 4000 family switches support three IP management interfaces: sc0, sl0, and an out-of-
band management Ethernet interface (me1). The me1 interface is not attached to the switching
fabric. If both the sc0 and me1 interfaces are configured, the supervisor engine software determines
which interface to use when performing standard transmission and reception of IP packets based
on the local routing table. Operations that use this functionality include TFTP, ping, Telnet, and
SNMP.
You can enter the netmask value in dotted decimal format or you can specify the number of bits in
the netmask (for example, 204.20.22.7/24).
Example:
This example shows how to use set interface sc0 and set interface sl0 from the console port. It
also shows how to bring down interface sc0 using a terminal connected to the console port:
Console> (enable) set interface sc0 192.200.11.44 255.255.255.0
Interface sc0 IP address and netmask set.
Console> (enable) set interface sl0 192.200.10.45 192.200.10.103
Interface sl0 SLIP and destination address set.

Console> (enable) set interface sc0 down
Interface sc0 administratively down.

Console> (enable)
This example shows how to set the IP address for sc0. If you do not specify a subnet mask, the
default mask for that IP address class is used (for example, 255.255.0.0 for a class B address):
Console> (enable) set interface sc0 172.20.52.123
Interface sc0 IP address and netmask set.

Console> (enable)
This example shows how to set the VLAN, IP address, and subnet mask bits for the sc0 interface:
Console> (enable) set interface sc0 5 172.20.52.123/28
Interface sc0 vlan set, IP address and netmask set.

Console> (enable)
This example shows how to change the VLAN membership of the sc0 interface:
Console> (enable) set interface sc0 2
Interface sc0 vlan set.

Console> (enable)
This example shows how to take the sc0 interface down:

Console> (enable) set interface sc0 down
Interface sc0 administratively down.

Console> (enable)
This example shows how to bring the sc0 interface up:

Console> (enable) set interface sc0 up
Interface sc0 administratively up.

Console> (enable)
This example shows how to set the IP address and netmask for me1:
Console> (enable) set interface me1 10.10.10.20/24
Interface me1 IP address and netmask set.
Console> (enable)
This example shows how to set the SLIP source and destination addresses for the console port on
the sl0 interface:
Console> (enable) set interface sl0 10.1.1.1 10.1.1.2
Interface sl0 slip and destination address set.

Console> (enable)
This example shows how to release a DHCP IP address assigned to the sc0 interface:
Console> (enable) set interface sc0 dhcp release
Console> (enable)
This example shows how to renew the lease on a DHCP IP address assigned to the sc0 interface:
Console> (enable)
This example shows how to release a DHCP IP address assigned to the sc0 interface and obtain a
new IP address from the DHCP server:
Console> (enable)
This example shows how to renew the lease on a DHCP-assigned IP address:

Console> (enable) set interface sc0 dhcp renew
Renewing IP address...
Console> (enable) Sending DHCP packet with address:00:90:0c:5a:8f:ff
dhcpoffer
Sending DHCP packet with address:00:90:0c:5a:8f:ff
Timezone set to '', offset from UTC is 7 hours 58 minutes
Timezone set to '', offset from UTC is 7 hours 58 minutes
NTP server 172.16.25.253 added
NTP server 172.16.25.252 added
%MGMT-5-DHCP_S:Assigned IP address 172.20.25.244 from DHCP Server 172.20.25.254
Console> (enable)
This example shows how to release the lease on a DHCP-assigned IP address:

Releasing IP address...
Console> (enable) Sending DHCP packet with address:00:90:0c:5a:8f:ff
Done
Console> (enable)
Misconceptions:
On the Catalyst 4000 family switches, when entering the set interface me1 or set interface trap
{sc0 | sl0 | me1} command, sc0 and me1 cannot be configured as up when both are in the same
subnet or overlapping subnets. If you specify an IP address and subnet for the sc0 or me1 interface
that causes an overlap, the me1 interface is kept up or brought up, and the sc0 interface is brought
down. The only exception is when both the me1 and sc0 interfaces have IP address 0.0.0.0. In this
case, the me1 interface is brought down and the sc0 interface is brought up to allow the DHCP and
RARP to run on the sc0 interface.
Related Commands:
show interface (switch)

Command:
set ip dns domain
Mode:
Switch> (enable)
Syntax:
set ip dns domain name
Syntax Description:
name Default DNS domain name
Use the set ip dns domain command to set the default DNS domain name.
If you specify a domain name on the command line, the system attempts to resolve the host name
as entered. If the system cannot resolve the host name as entered, it appends the default DNS
domain name as defined with the set ip dns domain command. If you specify a domain name with
a trailing dot, the program considers this an absolute domain name.
Example:
This example shows how to set the default DNS domain name as yow.com:
Switch> (enable) set ip dns domain yow.com
Default DNS domain name set to yow.com.

Switch> (enable)
Misconceptions:
None
Related Commands:
set ip dns server

Command:
set ip dns server
Mode:
Switch> (enable)
Syntax:
set ip dns server ip_addr [primary]
Syntax Description:
ip_addr IP address of the DNS server
primary (Optional) Keyword that specifies to configure a DNS server as the primary server
Use the set ip dns server command to set the IP address of a DNS server.
You can configure up to three DNS name servers as backup. You can also configure any DNS
server as the primary server. The primary server is queried first. If the primary server fails, the
backup servers are queried.
Example:
These examples show how to set the IP address of a DNS server:
Switch> (enable) set ip dns server 198.92.30.32

Switch> (enable)
Switch> (enable) set ip dns server 171.69.2.132 primary

Switch> (enable)
Switch> (enable) set ip dns server 171.69.2.143 primary

Switch> (enable)
This example shows what happens if you enter more than three DNS name servers as backup:
Switch> (enable) set ip dns server 161.44.128.70
DNS server table is full. 161.44.128.70 not added to DNS server table.
Switch> (enable)
Misconceptions:
None
Related Commands:
set ip dns domain

Command:
set ip http port
Mode:
Switch> (enable)
Syntax:
set ip http port {port_num} [default port_num]
Syntax Description:
port_num Variable that specifies the TCP port number. Valid values are from 1 to
65535.
default (Optional) Keyword and variable that specify the TCP default port number.
port_num Valid values are from 80 to 65535.
Use the set ip http port command to configure the TCP port number for the HTTP server.
Examples:
This example shows how to set the IP HTTP port default:
Console> (enable) set ip http port default
HTTP TCP port number is set to 80.
Console> (enable)
This example shows how to set the IP HTTP port number:

Console> (enable) set ip http port 2398
HTTP TCP port number is set to 2398.
Console> (enable)
Misconceptions:
None
Related Commands:
set ip http server

Command:
set ip http server
Mode:
Switch> (enable)
Syntax:
set ip http server {enable | disable}
Syntax Description:
enable Keyword that enables the HTTP server.
disable Keyword that disables the HTTP server.
Use the set ip http server command to enable or disable the HTTP server.
Example:
This example shows how to enable the HTTP server:
Console> (enable) set ip http server enable
HTTP server is enabled.

Console> (enable)
This example shows the system response when the HTTP server enable command is not
supported:
Console> (enable) set ip http server enable
Feature not supported.

Console> (enable)
This example shows how to disable the HTTP server:

Console> (enable) set ip http server disable
HTTP server disabled.
Console> (enable)
Misconceptions:
None
Related Commands:
set ip http port

Command:
set ip route
Mode:
Switch> (enable)
Syntax:
set ip route default gateway [metric] [primary]
set ip route destination[/netmask] gateway
Syntax Description:
default Keyword that specifies the entry as a default route.
gateway Variable that specifies the IP address or IP alias of the router.
metric (Optional) Variable that specifies the value used to indicate the number of hops
between the switch and the gateway.
primary (Optional) Keyword that specifies the primary default route.
destination Variable that specifies the IP address or IP alias of the network, or IP address,
DNS hostname, or IP alias of a specific host to be added.
/netmask (Optional) Variable that specifies the subnet mask or mask bits to assign to the
interface.
Use the set ip route command to add IP addresses or aliases to the IP routing table.
You can configure up to three default gateways. You can specify a primary default gateway using
the primary keyword. If a primary is not designated, the first default gateway you configure is the
primary.
The switch forwards all off-network IP traffic generated by the switch itself to the primary default
gateway unless the primary is unavailable. The entries in the IP routing table are only used for IP
traffic generated by the switch itself (for example, Telnet, ping, or TFTP sessions from the switch
CLI), not for IP data traveling through the switch.
On the Catalyst 4000 family switches, the supervisor engine software automatically determines
whether a default gateway is reached through the sc0 interface or the me1 interface.
You can enter the destination and gateway as either an IP alias or IP address in dotted format (for
example, 172.20.52.7). You can enter the destination network mask in dotted decimal format or
you can specify the number of bits in the netmask (for example, 204.20.22.7/24). CIDR IP address
and subnet mask values are accepted for the destination network address.
Examples:
This example shows how to add three default routes to the IP routing table:
Console> (enable) set ip route default 172.20.52.35
Route added.
Route added.
Route added.
Console> (enable)
This example shows how to add a route to network 10.10.0.0/16 through gateway 172.20.52.33:
Console> (enable) set ip route 10.10.0.0/16 172.20.52.33
Route added.
Console> (enable)
This example shows how to add a route to a specific host:

Console> (enable) set ip route 172.20.50.2/32 172.20.52.41
Route added.
Console> (enable)
Misconceptions:
None
Related Commands:
None

Command:
set logout
Mode:
Switch> (enable)
Syntax:
set logout timeout
Syntax Description:
timeout Variable that specifies the number of minutes until the system disconnects an idle
session automatically. Valid values are from 0 to 10000. Setting the value to 0
disables the automatic disconnection of idle sessions.
Use the set logout command to specify the number of minutes the system waits before
automatically disconnecting an idle session. The default value is 20 minutes.
Example:
This example shows how to set the number of minutes until the system disconnects an idle session
automatically:
Console> (enable) set logout 20
Sessions will be automatically logged out after 20 minutes of idle time.

Console> (enable)
This example shows how to disable the automatic disconnection of idle sessions:
Console> (enable) set logout 0
Sessions will not be automatically logged out.

Console> (enable)
Misconceptions:
None
Related Commands:
None

Command:
set mls
Mode:
Switch> (enable)
Syntax:
set mls agingtime [agingtime]
set mls disable
set mls enable
set mls include {ip_addr}
Syntax Description:
agingtime Keyword used to specify the aging time (in seconds) for an MLS entry.
agingtime (Optional) MLS aging time of shortcuts to an MLS entry.

disable Keyword used to disable IP shortcut functions on the Catalyst 5000 series switch,
disable any NFCP message processing, delete any existing shortcut entries, and
prevent new shortcut entries from being established.
enable Keyword used to enable IP shortcut functions on the switch, enable NFCP message
processing, and allow new shortcut entries to be established.
include Keyword used to include the specified router(s) to participate in MLS.
ip_addr Router IP address, or name of the router if DNS is enabled.
Use the set mls command set to configure the MLS feature in the Catalyst 5000 series switch.
If you enter any of the set mls commands on a Catalyst 5000 series switch without MLS, the
following warning message displays:
The set mls disable command disables IP shortcut functions on the Catalyst 5000 series switch,
does not process any NFCP messages, deletes any existing shortcut entries, and prevents new ones
from being established.
The set mls enable command enables the IP shortcut function on this device, processes NFCP
messages, and starts establishing shortcuts for IP data packets.
The Catalyst 5000 series switch does not process NFCP messages from routers that are not
configured to participate in MLS. You must use the set mls include command to configure a
router to participate in MLS. You can specify multiple router entries on the same command line.
The included router entries are saved in NVRAM and retained across a power cycle.
You must enable DNS to resolve the router's IP address.
Example:
These examples show how to use the set mls command set to configure MLS:
console>(enable) set mls agingtime 512
MLS aging time set to 512 seconds.

Console> (enable)
console>(enable) set mls agingtime fast 32 0
MLS fast aging time set to 32 seconds for entries with no more than 0 packet switched.
Console> (enable)
Console> (enable) set mls disable
Multilayer switching disabled

Console> (enable)
Console> (enable) set mls enable

Multilayer switching enabled
Console> (enable)
Console> (enable) set mls include 170.170.2.1
Multilayer switching enabled for router 170.170.2.1

Console> (enable)
Console> (enable) set mls include Stargate
Multilayer switching enabled for router 172.20.15.1 (Stargate)

Console> (enable)
Misconceptions:
None
Related Commands:
clear mls
show mls
Command:
set mls agingtime fast
Mode:
Switch> (enable)
Syntax:
set mls agingtime fast [fastagingtime] [pkt_threshold]
Syntax Description:
fastagingtime (Optional) Valid values are: 32, 64, 96 or 128 seconds. A "0" entry disables fast
aging. If a value is not specified, the default value is used.
pkt_threshold (Optional) Valid values: 0, 1, 3, 7, 15, 31, and 63 packets. A "0" entry disables fast
aging. If a value is not specified, the default value is used.
Use the set mls agingtime fast command to specify the MLS aging time of shortcuts to an MLS
entry that has no more than pkt_threshold packets switched within fastagingtime seconds after it is
created.
If you enter any of the set mls agingtime fast commands on a Catalyst 5000 series switch without
MLS, the following warning message displays:
mls not supported on feature card.
If fastagingtime is not configured exactly the same as the valid values, it is adjusted to the closest
one. A typical value for fastagingtime and pkt_threshold is 32 seconds and 0 packet, respectively
(it means no packet is switched within 32 seconds after the entry is created).
Agingtime applies to an MLS entry that has no more than <pkt_threshold> packets switched within
<fastagingtime> seconds after it is created. A typical example is the MLS entry destined to/sourced
from a DNS or TFTP server. This entry may never be used again after it is created. For example,
only one request goes to a server and one reply returns from the server, and then the connection is
closed.
The agingtime fast option is used to purge entries associated with very short flows, such as DNS
and TFTP.
We recommend that you keep the number of MLS entries in the MLS cache below 32K. If the
number of MLS entries is more than 32K, some flows (less than 1 percent) are sent to the router.
To keep the number of MLS cache entries below 32K, enable agingtime fast. Initially set it at 128
seconds. If the number of cache entries continues to exceed 32K, decrease the setting; start with
96, then 64, and 32 as necessary.
If cache entries continue to exceed 32K, decrease the normal agingtime in increments of 64
seconds from the 256-second default.
Example:
This example shows how to use the set mls agingtime fast command to set the agingtime:
console>(enable) set mls agingtime fast 32 0
MLS fast aging time set to 32 seconds for entries with no more than 0 packet switched.
Console> (enable)
Misconceptions:
None
Related Commands:
show mls

Command:
set password
Mode:
Switch> (enable)
Syntax:
set password
Syntax Description:
Use the set password command to change the normal (login) mode password on the switch.
Passwords are case sensitive; they may be 0 to 30 characters in length, including spaces.
The command prompts you for the old password. If the password you enter is valid, you are
prompted to enter a new password and to verify the new password. A zero-length password is
allowed by pressing Return.
Example:
This example shows how to set the normal (login) mode password:
Console> (enable) set password
Enter old password: <old_password>
Enter new password: <new_password>
Retype new password: <new_password>
Password changed.
Console> (enable)
Misconceptions:
None
Related Commands:
set enablepass

Command:
set port channel
Mode:
Switch> (enable)
Syntax:
set port channel mod/port [admin_group]
set port channel mod/port mode {on | off | desirable | auto}

[silent | non-silent]
set port channel all mode off
set port channel all distribution {ip | mac} [source | destination

| both]
set port channel all distribution {session} [source | destination

| both]
Syntax Description:
mod/port Variable that specifies the number of the module and the port on the
module.
admin_group (Optional) Variable that specifies the number of administrative group. Valid
values are from 1 to 1024.
mode Keyword that specifies the EtherChannel mode.
on Keyword to enable and force specified ports to channel without PAgP.
off Keyword to prevent ports from channeling.
desirable Keyword to set a PAgP mode that places a port into an active negotiating
state, in which the port initiates negotiations with other ports by sending
PAgP packets.
auto Keyword to set a PAgP mode that places a port into a passive negotiating
state, in which the port responds to PAgP packets it receives, but does not
initiate PAgP packet negotiation.
silent (Optional) Keyword to use with auto or desirable when no traffic is
expected from the other device to prevent the link from being reported to
STP as down.
non-silent (Optional) Keyword to use with auto or desirable when traffic is expected
from the other device.
all mode off Keywords to globally turn off channeling on all ports.
all Keywords to apply frame distribution to all ports in the switch.

distribution
ip Keyword that specifies the frame distribution method using IP address

values.
mac Keyword that specifies the frame distribution method using MAC address
values.
source (Optional) Keyword that specifies the frame distribution method using
source address values.
destination (Optional) Keyword that specifies the frame distribution method using
destination address values.
both (Optional) Keyword that specifies the frame distribution method using
source and destination address values.
session Keyword to allow frame distribution of Layer 4 traffic.
both (Optional) Keyword that specifies the frame distribution method using
source and destination Layer 4 port number.
Use the set port channel command set to configure EtherChannel on Ethernet module ports.
Make sure that all ports you intend to channel are configured properly. For complete information
on EtherChannel configuration restrictions, refer to the Software Configuration Guide-Catalyst
4000 Family, Catalyst 2948G, and Catalyst 2980G Switches.
Because of the port ID handling by the spanning tree feature, the maximum supported number of
channels is 126 for a 6-slot chassis.
Administrative groups specify which ports can form an EtherChannel together. An administrative
group can contain a maximum of eight ports. However, administrative group membership is
restricted by hardware capabilities. Use the show port capabilities command to determine which
ports can form a channel together.
On the Catalyst 4000 family switches, an EtherChannel bundle can consist of any two to eight
ports. Ports in an EtherChannel do not have to be contiguous, nor do they have to be on the same
module. With the on mode, a usable EtherChannel exists only when a port group in on mode is
connected to another port group in on mode.
If you are running QoS, make sure that bundled ports are all of the same trust types and have
similar queueing and drop capabilities.
Disable the port security feature on the channeled ports (see the set port security command). If
you enable port security for a channeled port, the port shuts down when it receives packets with
source addresses that do not match the secure address of the port.
You can configure up to eight ports on the same switch in each administrative group.
When you assign ports to an existing admin group, the original ports associated with the admin
group will move to an automatically picked new admin group. You cannot add ports to the same
admin group.
If you do not enter an admin_group, it means that you want to create a new administrative group
with admin_group selected automatically. The next available admin_group is automatically
selected. If you do not enter the channel mode, the channel mode of the ports addressed are not
modified.
The silent | non-silent parameters only apply if desirable or auto modes are entered.
If you do not specify silent or non-silent, the current setting is not affected.
To support jumbo frames, channeling ports need to have the same jumbo frame setting on each
port.
This command is not supported by non-EtherChannel-capable modules.
Example:
This example shows how to create an EtherChannel on ports 5 and 6 of module 4:
Console> (enable) set port channel 4/5-6 on
Port(s) 4/5-6 are assigned to admin group 56.

Port(s) 4/5-6 channel mode set to on.
Console> (enable)
This example shows how to remove an EtherChannel on ports 5 and 6 of module 4:

Console> (enable) set port channel 4/5-6 mode auto
Port(s) 4/5-6 channel mode set to auto.
Console> (enable) show port channel
This example shows the display when the port list is exceeded:
Console> (enable) set port channel 2/1-9 1
No more than 8 ports can be assigned to an admin group.
Console> (enable)
This example shows how to disable EtherChannel on module 4, ports 4 to 6:

Console> (enable) set port channel 4/4-6 mode off
Port(s) 4/4-6 channel mode set to off.
Console> (enable)
This example shows the display output when you assign ports to an existing admin group. This
example moves ports in admin group 96 to another admin group and assigns module 4, ports 4 to 6
to admin group 96:
Console> (enable) set port channel 4/4-6 96
Port(s) 4/1-3 are moved to admin group 97.
Console> (enable)
This example shows how to set the channel mode to off for module 4, ports 4 to 6 and assign those
ports to an automatically selected admin group:
Console> (enable) set port channel 4/4-6 off
Port(s) 4/4-6 channel mode set to off.
Console> (enable)
This example shows how to configure the EtherChannel load-balancing feature:

Console> (enable) set port channel all distribution ip destination
Channel distribution is set to ip destination.
Console> (enable)
Misconceptions:
None
Related Commands:
None

Command:
set port duplex
Mode:
Switch> (enable)
Syntax:
set port duplex mod_num/port_num {full | half}
Syntax Description:
full Keyword that specifies full-duplex transmission.
half Keyword that specifies half-duplex transmission.
Use the set port duplex command to configure the duplex type of an Ethernet or Fast Ethernet port
or range of ports.
You can configure Ethernet and Fast Ethernet interfaces to either full duplex or half duplex.
The set port duplex command is not supported on Token Ring ports.
You cannot configure the duplex mode on Gigabit Ethernet ports (they are always in full-duplex
mode).
Example:
This example shows how to set port 1 on module 2 to full duplex:
Console> (enable) set port duplex 2/1 full
Port 2/1 set to full-duplex.
Console> (enable)
This example shows how to set port 1 on module 2 to half duplex:

Console> (enable) set port duplex 2/1 half
Port 2/1 set to half-duplex.
Console> (enable)
Misconceptions:
None
Related Commands:
set port speed
set port membership

Command:
set port enable
Mode:
Switch> (enable)
Syntax:
set port enable mod_num/port_num
Syntax Description:

Use the set port enable command to enable a port or a range of ports.
Example:
This example shows how to enable port 3 on module 2:
Console> (enable) set port enable 2/3
Port 2/3 enabled.

Console> (enable)
Misconceptions:
None
Related Commands:
None

Command:
set port membership
Mode:
Switch> (enable)
Syntax:
set port membership mod_num/port_num {dynamic | static}
Syntax Description:
mod_num Variable that specifies the module number.
port_num Variable that specifies the port number.
dynamic Keyword that specifies to configure the port for dynamic VLAN membership.
static Keyword that specifies to configure the port for static VLAN membership.
Use the set port membership command to configure ports for dynamic or static VLAN
membership.
Ports configured for dynamic VLAN membership obtain their VLAN assignment through VMPS.
Ports configured for static VLAN membership obtain their VLAN assignment through the set vlan
command.
When a port is assigned a VLAN dynamically, the show port command output identifies the
VLAN as dynamic. If the dynamic port is shut down by a VMPS, its status is shown as shutdown.
This command is not supported by the Access Gateway module.
Dynamic VLAN support for VVID includes these restrictions to the following configuration of
MVAP on the switch port:
You can configure any VVID on a dynamic port including dot1p and untagged, except when
the VVID is equal to dot1p or untagged. If this case, then you must configure VMPS with the
MAC address of the IP phone. When you configure the VVID as dot1p or untagged on a
dynamic port, this warning message displays:
VMPS should be configured with the IP phone mac's.
You cannot change the VVID of the port equal to PVID assigned by the VMPS for the
dynamic port.
You cannot configure trunk ports as dynamic ports, but an MVAP can be configured as a
dynamic port.
Example:
This example shows how to set the port membership VLAN assignment to dynamic on module 3,
ports 1 to 3:
Console> (enable) set port membership 3/1-3 dynamic
Ports 3/1-3 vlan assignment set to dynamic.

Spantree port fast start option enabled for ports 3/1-3.
Console> (enable)
This example shows how to configure a port for static VLAN membership on module 3, ports 1 to
3:
Console> (enable) set port membership 3/1-3 static
Ports 3/1-3 vlan assignment set to static.

Console> (enable)
Misconceptions:
None
Related Commands:
set port enable
show port

Command:
set port name
Mode:
Switch> (enable)
Syntax:
set port name mod_num/port_num [port_name]
Syntax Description:
port_name (Optional) Variable that specifies the name of the port.
Use the set port name command to configure a name for a port.
If you do not specify the name string, the port name is cleared.
Example:
This example shows how to set port 1 on module 4 to Snowy:
Console> (enable) set port name 4/1 Snowy
Port 4/1 name set.
Console> (enable)
Misconceptions:
None
Related Commands:

Command:
set port security
Mode:
Switch> (enable)
Syntax:
set port security mod/port... [enable | disable] [mac_addr] [age
{age_time}]
[maximum {num_ of_mac}] [shutdown {shutdown_time}][violation
{shutdown | restrict}]
Syntax Description:
mod/port... Variable that specifies the number of the module and the port on the
module.
enable (Optional) Keyword used to enable port security.
disable (Optional) Keyword used to disable port security.
mac_addr (Optional) Secure MAC address of the enabled port.
age age_time (Optional) Keyword and variable that specify the duration for which
addresses on the port will be secured; valid values are 0 (to disable)
and from 1 to 1440 (minutes).
maximum (Optional) Keyword and variable that specify the maximum number of
num_of_mac MAC addresses to secure on the port; valid values are from
1 to 1025.
shutdown (Optional) Keyword and variable that specify the duration for which a
shutdown_time port will remain disabled in case of a security violation; valid values
are 0 (to disable) and from 1 to 1440 (minutes).
violation (Optional) Keyword that specifies the action to be taken in the event of
a security violation.
shutdown Keyword to shut down the port in the event of a security violation.
restrict Keyword to restrict packets from unsecure hosts.
Use the set port security command set to configure port security on a port or range of ports.
If you enter the set port security enable command but do not specify a MAC address, the first
MAC address seen on the port becomes the secure MAC address.
You can specify the number of MAC addresses to secure on a port. You can add MAC addresses to
this list of secure addresses. The maximum number is 1024.
The set port security violation command allows you to specify whether you want the port to shut
down or to restrict access to insecure MAC addresses only. The shutdown time allows you to
specify the duration of shutdown in the event of a security violation.
We recommend that you configure the age timer and the shutdown timer if you want to move a
host from one port to another when port security is enabled on those ports. If the age_time value is
less than or equal to the shutdown_time value, the moved host will function again in an amount of
time equal to the shutdown_time value. The age timer begins upon learning the first MAC address,
and the disable timer begins when there is a security violation.
Example:
This example shows how to set port security with a learned MAC address:
Console> (enable) set port security 3/1 enable
Port 3/1 port security enabled with the learned mac address.
Console> (enable)
This example shows how to set port security with a specific MAC address:
Console> (enable) set port security 3/1 enable 01-02-03-04-05-06
Port 3/1 port security enabled with 01-02-03-04-05-06 as the secure mac address.
Console> (enable)
This example sets the shutdown time to 600 minutes on port 7/7:
Console> (enable) set port security 7/7 shutdown 600
Secure address shutdown time set to 600 minutes for port 7/7.
Console> (enable)
This example sets the port to drop all packets that are coming in on the port from insecure hosts:
Console> (enable) set port security 7/7 violation restrict
Port security violation on port 7/7 will cause insecure packets to be dropped.
Console> (enable)
Misconceptions:
This command is not supported by the NAM.
Related Commands:

Command:
set port speed
Mode:
Switch> (enable)
Syntax:
set port speed mod_num port_num {10 | 100 | 1000 | auto}
Syntax Description:
port_num Variable that specifies the number of the port on the module.
10 Keyword that specifies a transmission rate of 10 Mbps on 10/100 Fast Ethernet

ports.
100 Keyword that specifies a transmission rate of 100 Mbps on 10/100 Fast
Ethernet ports.
1000 Keyword that specifies a transmission rate of 1000 Mbps on a 1000BASE-T

port.
auto Keyword that specifies autonegotiation for transmission speed and duplex
mode on 10/100 Fast Ethernet ports. On 1000BASE-T Gigabit Ethernet ports,
this keyword specifies that autonegotiation determines the master and slave
links.
Use the set port speed command to configure transmission speed or autonegotiation. In the default
mode, autonegotiation manages the transmission speed, duplex mode, master link, and slave link.
On 1000BASE-T Gigabit Ethernet ports, autonegotiation determines which side of the link is
master and which side is slave.
You can configure Ethernet interfaces on the 10/100-Mbps Ethernet switching modules to either
10 Mbps or 100 Mbps, or to autosensing mode, allowing them to sense and distinguish between
10-Mbps and 100-Mbps port transmission speeds and full-duplex or half-duplex port transmission
types at a remote port connection. If you set the interfaces to autosensing mode, they automatically
configure themselves to operate at the proper speed and transmission type.
If you change the transmission speed of a port that is open to 4 Mbps or 16 Mbps, the port will
close and reopen at the new transmission speed. If a port closes and reopens on an existing ring
using a transmission speed different from that which the ring is operating, the ring will beacon.
If you set the port speed to auto, duplex mode is automatically set to auto.
Example:
This example shows how to configure port 1 on module 2 to auto:
Console> (enable) set port speed 2/1 auto
Port 2/1 speed set to auto-sensing mode.
Console> (enable)
This example shows how to configure port 2 on module 2 setting port speed to 10 Mbps:
Console> (enable) set port speed 2/2 10
Port 2/2 speed set to 10 Mbps.
Console> (enable)
This example shows how to configure port 4 on module 3 setting port speed to 16 Mbps:
Console> (enable) set port speed 3/4 16
Port(s) 3/4 speed set to 16Mbps.
Console> (enable)
Misconceptions:
None
Related Commands:
set port duplex
Command:
set prompt
Mode:
Switch> (enable)
Syntax:
set prompt prompt_string
Syntax Description:
prompt_string String to use as the command prompt.
Use the set prompt command to change the prompt for the CLI.
If you use the set system name command to assign a name to the switch, the switch name is used
as the prompt string. However, if you specify a different prompt string later, using the set prompt
command, that new string is used as the prompt.
Example:
This example shows how to set the prompt to system100>:
Console> (enable) set prompt system100>
system100> (enable)
Misconceptions:
None
Related Commands:
set system name

Command:
Mode:
Switch> (enable)
Syntax:
set spantree backbonefast {enable | disable}
Syntax Description:
enable Keyword that enables Backbone Fast Convergence.
disable Keyword that disables Backbone Fast Convergence.
Use the set spantree backbonefast command to enable or disable the spanning tree Backbone Fast
Convergence feature.
Example:
This example shows how to enable Backbone Fast Convergence:
Console> (enable) set spantree backbonefast enable
Backbonefast enabled for all VLANs.

Console> (enable)
Misconceptions:
This command is not available in MISTP mode.
This command is not available in MST mode.
For BackboneFast Convergence to work, you must enable it on all switches in the network.
When you try to enable BackboneFast and the switch is in MISTP or MISTP-PVST+ mode, this
message is displayed:
Cannot enable backbonefast when the spantree mode is MISTP-PVST+.
Related Commands:
show spantree

Command:
Mode:
Switch> (enable)
Syntax:
set spantree disable vlan
set spantree disable all
set spantree disable mistp-instance instance
set spantree disable mistp-instance all
Syntax Description:
vlan Variable that specifies the number of the VLAN; valid values are from
1 to 1005 and from 1025 to 4094.
all Keyword that specifies all VLANs.
mistp-instance Keyword and variable that specify the instance number; valid values are
instance from 1 to 16.
mistp-instance all Keywords that delete all instances.
Use the set spantree disable command set to disable the spanning tree algorithm for all VLANs or
a specific VLAN or disable spanning tree instance.
Example:
This example shows how to disable the spanning tree for VLAN 1:
Console> (enable) set spantree disable 1
VLAN 1 bridge spanning tree disabled.
Console> (enable)
This example shows how to disable spanning tree for a specific instance:
Console> (enable) set spantree disable mistp-instance 2
MI-STP instance 2 disabled.

Console> (enable)
Misconceptions:
If you do not specify a VLAN number or an instance number, 1 is assumed.
When an instance is enabled, the Spanning Tree Protocol starts running on that instance.
When an instance is disabled, the switch stops sending out config TLVs for that instance and starts
flooding incoming TLVs for the same instance (but checks the VLAN mapping on the incoming
side). All the traffic running on the VLANs mapped to the instance is flooded as well.
Related Commands:
set spantree enable
show spantree

Command:
set spantree enable
Mode:
Switch> (enable)
Syntax:
set spantree enable vlans
set spantree enable all
set spantree enable mistp-instance instance
set spantree enable mistp-instance all
Syntax Description:
vlans Variable that specifies the number of the VLAN; valid values are from
1 to 1005 and from 1025 to 4094.
all Keyword that specifies all VLANs.
instance from 1 to 16.
mistp-instance all Keywords that enable all instances.
Use the set spantree enable command set to enable the spanning tree algorithm for all VLANs, a
specific VLAN, a specific instance, or all instances.
Example:
This example shows how to activate spanning tree for VLAN 1:
Console> (enable) set spantree enable 1
VLAN 1 bridge spanning tree enabled.
Console> (enable)
This example shows how to activate spanning tree for an instance:

Console> (enable) set spantree enable mistp-instance 1
-STP instance 1 enabled.

Console> (enable)
Misconceptions:
MISTP and VTP pruning cannot be enabled at the same time.
Related Commands:
show spantree

Command:
set spantree fwddelay
Mode:
Switch> (enable)
Syntax:
set spantree fwddelay delay [vlans]
set spantree fwddelay delay mistp-instance [instances]
set spantree fwddelay delay mst
Syntax Description:
delay Variable that specifies the number of seconds for the bridge forward
delay; valid values are from 4 to 30 seconds.
vlans (Optional) Variable that specifies the number of the VLAN; valid values
are from 1 to 1005 and from 1025 to 4094.
mistp-instance Keyword and optional variable that specify the instance number; valid
[instances] values are from 1 to 16.
mst Keyword that sets the forward delay time for the IST instance and all
MST instances. See the "Usage Guidelines" section for more
information.
Use the set spantree fwddelay command to set the bridge forward delay for a VLAN or an
instance.
Example:
This example shows how to set the bridge forward delay for VLAN 100 to 16 seconds:
Console> (enable) set spantree fwddelay 16 100
Spantree 100 forward delay set to 16 seconds.
Console> (enable)
This example shows how to set the bridge forward delay for an instance to 16 seconds:
Console> (enable) set spantree fwddelay 16 mistp-instance 1
Instance 1 forward delay set to 16 seconds.

Console> (enable)
Misconceptions:
If you enable MISTP, you cannot set the VLAN bridge forward delay.
If you enable PVST+, you cannot set the instance bridge forward delay.
If you enter the set spantree fwddelay delay mst command, you set the forward delay time for the
IST instance and all MST instances. You do not need to set the forward delay time for each MST
instance.
Related Commands:
show spantree

Command:
set spantree hello
Mode:
Switch> (enable)
Syntax:
set spantree hello interval [vlans]
set spantree hello interval mistp-instance instances
set spantree hello interval mst
Syntax Description:
interval Variable that specifies the number of seconds the system waits before
sending a bridge hello message (a multicast message indicating that the
system is active). Valid values are from 1 to 10 seconds.
vlans (Optional) Variable that specifies the number of the VLAN; valid values are
from 1 to 1005 and from 1025 to 4094.
mistp- Keyword and variable that specify the instance number; valid values are
instance from1 to 16.
instances
mst Keyword that sets the hello time for the IST instance and all MST instances.
See the "Usage Guidelines" section for more information.
Use the set spantree hello command to set the bridge hello time for a VLAN or an instance.
Example:
This example shows how to set the spantree hello time for VLAN 100 to 3 seconds:
Console> (enable) set spantree hello 3 100
Spantree 100 hello time set to 3 seconds.
Console> (enable)
This example shows how to set the spantree hello time for an instance to 3 seconds:
Console> (enable) set spantree hello 3 mistp-instance 1
Spantree 1 hello time set to 3 seconds.

Console> (enable)
Misconceptions:
If you enable MISTP, you cannot set the VLAN hello time.
If you enable PVST+, you cannot set the instance hello time.
If you enter the set spantree hello interval mst command, you set the hello time for the IST
instance and all MST instances. You do not need to set the hello time for each MST instance.
Related Commands:
show spantree

Command:
set spantree maxage
Mode:
Switch> (enable)
Syntax:
set spantree maxage agingtime [vlans]
set spantree maxage agingtime mistp-instance instances
set spantree maxage agingtime mst
Syntax Description:
agingtime Variable that specifies the maximum number of seconds that the system
retains the information received from other bridges through Spanning Tree
Protocol. Valid values are from 6 to 40 seconds.
vlan (Optional) Variable that specifies the number of the VLAN; valid values
are from 1 to 1005.
instances from 1 to 16.
mst Keyword that sets the maximum aging time for the IST instance and all
MST instances. See the "Usage Guidelines" section for more information.
Use the set spantree maxage command to set the bridge maximum aging time for a VLAN or an
instance.
Example:
This example shows how to set the maximum aging time for VLAN 1000 to 25 seconds:
Console> (enable) set spantree maxage 25 1000
Spantree 1000 max aging time set to 25 seconds.
Console> (enable)
This example shows how to set the maximum aging time for an instance to 25 seconds:
Console> (enable) set spantree maxage 25 mistp-instance 1
Instance 1 max aging time set to 25 seconds.

Console> (enable)
Misconceptions:
If you enable MISTP, you cannot set the VLAN maximum aging time.
If you enable PVST+, you cannot set the instance maximum aging time.
If you enter the set spantree maxage agingtime mst command, you set the maximum aging time
for the IST instance and all MST instances. You do not need to set the maximum aging time for
each MST instance.
Related Commands:
show spantree

Command:
set spantree portcost
Mode:
Switch> (enable)
Syntax:
set spantree portcost mod/port cost [mst]
Syntax Description:
mod/port Variable that specifies the number of the module and the port on the module.
cost Variable that specifies the number of the path cost; see the "Usage Guidelines"
section for more information.
mst (Optional) Keyword that sets the path cost for an MST port.
Default Port Cost—Short Mode

Port Speed Default Port Cost
4 Mb 250
10 Mb 100
16 Mb 62
100 Mb 19
155 Mb 14
1 Gb 4
10 Gb 2
Default Port Cost—Long Mode

Port Speed Default Port Cost
100 Kb 200,000,000
1 Mb 20,000,000
10 Mb 2,000,000
10 Mb 200,000
1 Gb 20,000
10 Gb 2,000
100 Gb 200
1 Tb 20
10 Tb 2
Use the set spantree portcost command to set the path cost for a port.
If the spanning tree mode is short and long or MISTP, valid cost values are from 1 to 65535,
otherwise, valid cost values are from 1 to 2,000,000.
The Spanning Tree Protocol uses port path costs to determine which port to select as a forwarding
port. You should assign lower numbers to ports attached to faster media (such as full duplex) and
higher numbers to ports attached to slower media.
Example:
This example shows how to set the port cost for port 12 on module 2 to 19:
Console> (enable) set spantree portcost 2/12 19
Spantree port 2/12 path cost set to 19.

Console> (enable)
Misconceptions:
None
Related Commands:
show spantree

Command:
set spantree portfast
Mode:
Switch> (enable)
Syntax:
set spantree portfast mod/port {enable [trunk] | disable |
default}
Syntax Description:
enable Keyword that enables the spanning tree PortFast-start feature on the port.
trunk (Optional) Keyword that enables the spanning tree PortFast start feature on the
port.
disable Keyword that disables the spanning tree PortFast-start feature on the port.
default Keyword that sets the spanning tree start feature back to its default setting.
Use the set spantree portfast command to allow a port that is connected to a single workstation or
PC to start faster when it is connected.
When a port configured with the spantree portfast enable command is connected, the port
immediately enters the spanning tree forwarding state instead of going through the normal
spanning tree states such as listening and learning.
If the trunk keyword is used, the spanning tree PortFast-start feature is enabled on the specified
trunk.
Example:
This example shows how to enable the spanning tree PortFast-start feature on port 2 on module 1:
Console> (enable) set spantree portfast 1/2 enable
Warning: Connecting layer 2 devices to a fast-start port can cause temporary spanning tr
loops. Use with caution.
Spantree port 1/2 fast start enabled.
Console> (enable)
This example shows how to enable the spanning tree PortFast-start feature on the trunk port:
Console> (enable) set spantree portfast 3/2 enable trunk
Warning: Connecting layer 2 devices to a fast-start port can cause temporary spanning
tree loops. Use with caution.
Spantree port 1/2 fast start enabled.
Console> (enable)
Misconceptions:
None
Related Commands:
show spantree

Command:
set spantree portpri
Mode:
Switch> (enable)
Syntax:
set spantree portpri mod/port priority [mst]
Syntax Description:
priority Variable that specifies the number that represents the cost of a link in a spanning
tree bridge; valid values are from 0 (high priority) to 63 (low priority).
mst (Optional) Keyword that sets the bridge priority for an MST port.
Use the set spantree portpri command to set the bridge priority for a spanning tree port.
Example:
This example shows how to set the priority of port 1 on module 4 to 63:
Console> (enable) set spantree portpri 4/1 63
Bridge port 4/1 priority set to 63.

Console> (enable)
Misconceptions:
Related Commands:
show spantree

Command:
set spantree portvlancost
Mode:
Switch> (enable)
Syntax:
set spantree portvlancost mod_num/port_num [cost cost_value]
[preferred_vlans]
Syntax Description:
cost cost_value (Optional) Keyword that indicates the path cost. The port VLAN cost
applies only to trunk ports; valid values are from 1 to 65535.
preferred_vlans (Optional) Variable that specifies the preferred VLANs. If you do not list a
specific VLAN, the VLANs that were listed in prior use of this command
are affected. If you do not list a specific cost, and previous cost values are
specified in prior use of the command, then the port VLAN cost is set to
one less than the current port cost for a port. However, this might not
ensure load balancing in all cases; valid values are from 1 to 1005.
Use the set spantree portvlancost command to assign a lower path cost to a set of VLANs on a
port.
Example:
These examples show various ways to use the set spantree portvlancost command:
Console> (enable) set spantree portvlancost 2/10 cost 25 1-20
Cannot set portvlancost to a higher value than the port cost, 10, for port 2/10.
Console> (enable)
Console> (enable) set spantree portvlancost 2/10 1-20
Port 2/10 VLANs 1-20 have a path cost of 9.

Console> (enable)
Console> (enable) set spantree portvlancost 2/10 cost 4 1-20

Port 2/10 VLANs 1-20 have path cost 4.
Console> (enable)
Console> (enable) set spantree portvlancost 2/10 cost 6 21

Console> (enable)
These examples show how to use the set spantree portvlancost command without explicitly
specifying cost:
Console> (enable) set spantree portvlancost 1/2

Console> (enable)
Console> (enable) set spantree portvlancost 1/2 21
Port 1/2 VLANs 1-20,22-1005 have path cost 3100.

Port 1/2 VLANs 21 have path cost 3099.
Console> (enable)
Misconceptions:
None
Related Commands:
show spantree

Command:
set spantree portvlanpri
Mode:
Switch> (enable)
Syntax:
set spantree portvlanpri mod_num/port_num priority [vlans]
Syntax Description:
priority Variable that specifies the number that represents the cost of a link in a spanning
tree bridge. The priority level is from 0 to 63, with 0 indicating high priority and
63 indicating low priority.
vlans (Optional) Variable that specifies the VLANs that use the specified priority
level.
Use the set spantree portvlanpri command to set the port priority for a subset of VLANs in the
trunk port.
Example:
You can use this command to add VLANs to a specified port priority level. Subsequent calls to this
command do not replace VLANs that are already set at a specified port priority level.
The set spantree portvlanpri command applies only to trunk ports.

Misconceptions:
None
Related Commands:
show spantree

Command:
set spantree root
Mode:
Switch> (enable)
Syntax:
set spantree root [secondary] [vlans] [dia network_diameter]
[hello hello_time]
set spantree root [secondary] mistp-instance instances [dia

network_diameter]
set spantree root [secondary] mst {instance | {[dia

network_diameter] [ hello hello_time]}}
Syntax Description:
secondary (Optional) Keyword that designates this switch as a secondary root, if

the primary root fails.
vlans (Optional) Variable that specifies the number of the VLAN; valid
dia (Optional) Keyword that specifies the maximum number of bridges

network_diameter between any two points of attachment of end stations; valid values are
from 2 to 7.
hello hello_time (Optional) Keyword that specifies, in seconds, the duration between
generation of configuration messages by the root switch; valid values
are from 1 to 10.
mistp-instance Keyword and variable that specify the instance number; valid values
instances are from 1 to 16.
mst instance Keyword and variable that set the forward delay time for the IST
instance and all MST instances
Use the set spantree root command to set the primary or secondary root for specific VLANs of the
switch or for all VLANs of the switch.
Examples:
This example shows how to set the primary root for a range of VLANs:
Console> (enable) set spantree root 1-10 dia 4
VLANs 1-10 bridge priority set to 8192

VLANs 1-10 bridge max aging time set to 14 seconds.
VLANs 1-10 bridge hello time set to 2 seconds.
VLANs 1-10 bridge forward delay set to 9 seconds.
Switch is now the root switch for active VLANs 1-6.
Console> (enable)
This example shows how to set the primary root for an instance:
Console> (enable) set spantree root mistp-instance 2-4 dia 4
Instances 2-4 bridge priority set to 8192

VLInstances 2-4 bridge max aging time set to 14 seconds.
Instances 2-4 bridge hello time set to 2 seconds.
Instances 2-4 bridge forward delay set to 9 seconds.
Switch is now the root switch for active Instances 1-6.
Console> (enable)
This example shows how to set the primary root for MST instance 5:
Console> (enable) set spantree root mst 5
Instance 5 bridge priority set to 24576.

Instance 5 bridge max aging time set to 16.
Instance 5 bridge hello time set to 2.
Instance 5 bridge forward delay set to 15.
Switch is now the root switch for active Instance 5.
Console> (enable)
This example shows how to set the secondary root for MST instance 0:
Console> (enable) set spantree root secondary mst 0

Console> (enable)
This example shows how to set the maximum number of bridges and the hello time of the root for
MST instance 0:
Console> (enable) set spantree root mst 0 dia 7 hello 2
Switch is now the root switch for active Instance 0.
Console> (enable)
These examples show that setting the bridge priority to 8192 was not sufficient to make this switch
the root. So, the priority was further reduced to 7192 (100 less than the current root switch) to
make this switch the root switch. However, reducing it to this value did not make it the root switch
for active VLANs 16 and 17.
Console> (enable) set spantree root 11-20.
VLANs 11-20 bridge priority set to 7192

VLANs 11-10 bridge max aging time set to 20 seconds.
VLANs 1-10 bridge hello time set to 2 seconds.
VLANs 1-10 bridge forward delay set to 13 seconds.
Switch is now the root switch for active VLANs 11-15,18-20.
Switch could not become root switch for active VLAN 16-17.
Console> (enable)
Console> (enable) set spantree root secondary 22,24 dia 5 hello 1
VLANs 22,24 bridge priority set to 16384.

VLANs 22,24 bridge max aging time set to 10 seconds.
VLANs 22,24 bridge hello time set to 1 second.
VLANs 22,24 bridge forward delay set to 7 seconds.
Console> (enable)
Misconceptions:
If you do not specify a VLAN number, VLAN 1 is used.
This command runs on backbone or distribution switches.
This command increases path costs to a value greater than 3000.
If you enable MISTP, you cannot set the VLAN root. If you enable PVST+, you cannot set the
instance root.
You can run the secondary root many times to create backup switches for use in case of a root
failure.
The set spantree root secondary bridge priority value is 16,384 except when MAC reduction or
MISTP are enabled, then the value is 28,672.
The set spantree root bridge priority value is 16,384 except when MAC reduction or MISTP are
enabled, then the value is 24,576.
Related Commands:
show spantree

Command:
set spantree uplinkfast
Mode:
Switch> (enable)
Syntax:
set spantree uplinkfast enable [rate station_update_rate] [all-
protocols {off | on}]
set spantree uplinkfast disable
Syntax Description:
enable Keyword that enables a fast switchover.
rate (Optional) Keyword and variable that specify the number of multicast
station_update_rate packets transmitted per 100 ms when an alternate port is chosen after
the root port goes down.
all-protocols (Optional) Keyword that specifies whether the switch generates

dummy multicast packets for all protocol groups (IP, IPX, and
Group) in a network with switches using protocol filtering.
off (Optional) Keyword that prevents the switch from generating

multicasts for all protocol groups.
on (Optional) Keyword that causes the switch to generate multicasts for

all protocol groups.
disable Keyword that disables Uplink Fast Switchover.
Use the set spantree uplinkfast command to enable and Uplink Fast Switchover to alternate ports
when the root port fails. This command applies to a switch, not to a WAN.
The set spantree uplinkfast enable command has the following results:
Changes the bridge priority to 49152 for all VLANs (allowed VLANs).
Increases the path cost and port VLAN cost of all ports to a value greaterthan 3000.
On detecting the failure of a root port, an instant cutover occurs to analternate port selected
by Spanning Tree Protocol.
If you run set spantree uplinkfast enable on a switch that has this feature already enabled, only
the station update rate is updated. The rest of the parameters are not modified.
If you run set spantree uplinkfast disable on a switch, the UplinkFast feature is disabled, but the
switch priority and port cost values are not reset to the factory defaults. To reset the values to the
factory defaults, enter the clear spantree uplinkfast command.
The default station_update_rate value is 15 packets per 100 ms, which is equivalent to a 1 percent
load on a 10-Mbps Ethernet port. If you specify this value as 0, the switch does not generate
station-update-rate packets.
Use the all-protocols on keywords on switches that have UplinkFast enabled but do not have
protocol filtering enabled, and that are connected to upstream switches in the network that have
protocol filtering enabled. The all-protocols on keywords cause the switch to generate multicasts
for each protocol-filtering group.
On switches with both UplinkFast and protocol filtering enabled, or if no other switches have
protocol filtering enabled, you do not need to use the all-protocols on keywords.
Example:
This example shows how to enable the spantree UplinkFast feature and specify the number of
multicast packets transmitted to 40 packets per 100 ms:
Console>(enable) set spantree uplinkfast enable rate 40
VLANs 1-1005 bridge priority set to 49152.

The port cost and portvlancost of all ports increased to above 3000.
Station update rate set to 40 packets/100ms.
uplinkfast turned on for bridge.
Console> (enable)
This example shows how to disable the spantree UplinkFast feature:

console> (enable) set spantree uplinkfast disable
Uplinkfast disabled for switch.

Use clear spantree uplinkfast to return stp parameters to default.
console>(enable) clear spantree uplink
This command will cause all portcosts, portvlancosts, and the
bridge priority on all vlans to be set to default.
Do you want to continue (y/n) [n]? y
VLANs 1-1005 bridge priority set to 32768.
The port cost of all bridge ports set to default value.
The portvlancost of all bridge ports set to default value.
uplinkfast disabled for bridge.
Console> (enable)
This example shows how to enable the all-protocols feature:

Console> (enable) set spantree uplinkfast enable all-protocols on
uplinkfast update packets enabled for all protocols.

uplinkfast already enabled for bridge.
This example shows how to disable the all-protocols feature:

Console> (enable) set spantree uplinkfast disable all-protocols off
uplinkfast all-protocols field set to off.

uplinkfast already enabled for bridge.
Console> (enable)
Misconceptions:
None
Related Commands:
show spantree

Command:
set system name
Mode:
Switch> (enable)
Syntax:
set system name [name_string]
Syntax Description:
name_string (Optional) Variable text string that identifies the system
Use the set system name command to configure a name for the system.
In Catalyst 4000 family software release 4.4 and later, if you use the set system name command to
assign a name to the switch, the switch name is used as the prompt string. However, if you specify
a different prompt string using the set prompt command, that string is used for the prompt. If no
name is specified, the system name is cleared.
The system name can be 255 characters long, and the prompt can be 20 characters long. The
system name is truncated appropriately when used as a prompt; a greater-than symbol (>) is
appended to the truncated system name. If the system name was found from a DNS lookup, it is
truncated to remove the domain name. If the prompt is obtained using the system name, it is
updated whenever the system name changes. You can overwrite this prompt any time by setting the
prompt manually. Any change in the prompt is reflected in all current open sessions.
Example:
This example shows how to set the system name to Information Systems:
Console> (enable) set system name Information Systems
System name set.

Console> (enable)
Misconceptions:
None
Related Commands:
set prompt

Command:
set tacacs key
Mode:
Switch> (enable)
Syntax:
set tacacs key key
Syntax Description:
key Variable that specifies printable ASCII characters used for authentication and
encryption. Key length must be less than 100 characters.
Use the set tacacs key command to set the key for TACACS+ authentication and encryption.
The key must be the same as the key used on the TACACS+ server. All leading spaces are ignored.
Spaces within the key and at the end of the key are included. Double quotation marks are not
required, even if there are spaces between words in the key, unless the quotation marks themselves
are part of the key. The key can consist of any printable ASCII characters except the tab character.
Example:
This example shows how to set the authentication and encryption key:
Console> (enable) set tacacs key Who Goes There
The tacacs key has been set to Who Goes There.

Console> (enable)
Misconceptions:
None
Related Commands:
set tacacs server

Command:
set tacacs server
Mode:
Switch> (enable)
Syntax:
set tacacs server ip_addr [primary]
Syntax Description:
ip_addr Variable that specifies the IP address of the server on which the TACACS+ server
resides.
primary (Optional) Keyword that specifies to designate the specified server as the primary
TACACS+ server.
Use the set tacacs server command to define a TACACS+ server.
You can configure a maximum of three servers. The primary server, if configured, is contacted
first. If no primary server is configured, the first server configured becomes the primary server.
Example:
This example shows how to configure the server on which the TACACS+ server resides and to
designate it as the primary server:
Console> (enable) set tacacs server 170.1.2.20 primary
170.1.2.20 added to TACACS server table as primary server.

Console> (enable)
Misconceptions:
None
Related Commands:
set tacacs key

Command:
set trunk
Mode:
Switch> (enable)
Syntax:
set trunk mod_num/port_num [on | off | desirable | auto |
nonegotiate] [vlan_range] [isl | dot1q dot10 | lane | negotiate]
Syntax Description:
port_num Variable that specifies the number of the port on the module.
on (Optional) Keyword that forces the port to become a trunk port and persuade
the neighboring port to become a trunk port. The port becomes a trunk port
even if the neighbor port does not agree to become a trunk. The only possible
mode for ATM ports is on.
off (Optional) Keyword that forces a port to become a nontrunk port and
persuades the neighboring port to become a nontrunk port. The port becomes a
nontrunk port even if the neighbor port does not agree to become a nontrunk
port. This is the default mode for FDDI trunks. This option is not allowed for
ATM ports.
desirable (Optional) Keyword that causes a port to negotiate actively with the neighbor
port to become a trunk link. This mode is not allowed on FDDI and ATM
ports.
auto (Optional) Keyword that causes the port to become a trunk port if the
neighboring port tries to negotiate a trunk link. This mode is not allowed on
FDDI and ATM ports. This is the default mode for Fast Ethernet and Gigabit
Ethernet ports.
nonegotiate (Optional) Keyword that forces the port to become a trunk port but prevents it
from sending DTP frames to its neighbor. This mode is allowed only on ISL
and IEEE 802.1Q trunks.
vlan_range (Optional) VLANs to add to the list of allowed VLANs on the trunk; valid
isl (Optional) Keyword that specifies an ISL trunk on an Ethernet port.
dot1q (Optional) Keyword that specifies an IEEE 802.1Q trunk on an Ethernet port.
IEEE 802.1Q trunks are supported in Catalyst 5000 family and 2926G series
software release 4.1(1) and later with 802.1Q-capable hardware. Automatic
negotiation of 802.1Q trunks is supported in software release 4.2(1) and later.
In software release 4.1, you must use the nonegotiate keyword with 802.1Q
trunks.
dot10 (Optional) Keyword that specifies an IEEE 802.10 trunk on a FDDI or CDDI
port.
lane (Optional) Keyword that specifies an ATM LANE trunk on an ATM port.
negotiate (Optional) Keyword that causes the port to become an ISL (preferred) or
802.1Q trunk, depending on the configuration and capabilities of the
neighboring port.
Use the set trunk command to configure trunk ports and to add VLANs to the allowed VLAN list
for existing trunks.
Trunking capabilities are hardware dependent. Refer to the Module Installation Guide for your
switch to determine the trunking capabilities of your hardware, or enter the show port capabilities
command.
The Catalyst 4000 family switches use the DTP (formerly known as DISL) to negotiate trunk links
automatically on Fast Ethernet and Gigabit Ethernet ports. Whether a port will negotiate to become
a trunk port depends on both the mode and the trunk type specified for that port. Refer to the
Software Configuration Guide-Catalyst 4000 Family, 2948G, and 2980G Switches for detailed
information on how trunk ports are negotiated.
DTP is a point-to-point protocol. However, some internetworking devices might improperly

forward DTP frames. You can avoid this problem by ensuring that trunking is turned off on ports
connected to non-Catalyst 4000 family devices if you do not intend to trunk across those links.
When enabling trunking on a link to a Cisco router, enter the nonegotiate keyword to cause the
port to become a trunk but not generate DTP frames. The nonegotiate keyword is available in
Catalyst 4000 family software release 2.4(3) and later.
For trunking to be negotiated on Fast Ethernet and Gigabit Ethernet ports, the ports must be in the
same VTP domain. However, you can use the on or nonegotiate keywords to force a port to
become a trunk, even if it is in a different domain.
To remove VLANs from the allowed list for a trunk, enter the clear trunk mod_num/port_num
vlan_range command. When you first configure a port as a trunk, the set trunk command always
adds all VLANs to the allowed VLAN list for the trunk, even if you specify a VLAN range (the
specified VLAN range is ignored).
To remove VLANs from the allowed list, enter the clear trunk mod_num/port_num vlan_range
command. To later add VLANs that were removed, enter the set trunk mod_num/port_num
vlan_range command.
If you do not enter a trunk-type keyword, the value is unchanged from the previous configuration.
The dot1q trunk type is the only trunk type supported by the Catalyst 4000 family switches.
To return a trunk to its default trunk type and mode, enter the clear trunk mod_num/port_num
command.
If you enter the set trunk command on a Token Ring port, you receive a message indicating that
the port is "not a trunk-capable port."
When you are running the set trunk command on an Access Gateway module, you have limited
usage of the command.
Examples:
This example shows how to set port 2 on module 1 as a trunk port:
Console> (enable) set trunk 1/2 on
Port(s) 1/2 trunk mode set to on.

Console> (enable)
This example shows how to set port 2 on module 1 as a nontrunk port:

Console> (enable) set trunk 1/2 off
Port(s) 1/2 trunk mode set to off.

Console> (enable)
This example shows how to set port 2 on module 1 as a preferred trunk port:
Console> (enable) set trunk 1/2 desirable
Port(s) 1/2 trunk mode set to desirable.
Console> (enable) 2000 Jan 11 09:16:29 %DTP-5-TRUNKPORTON:Port 1/2 has become ik
This example shows how to add VLANs 5 through 50 to the allowed VLAN list for a trunk port
(VLANs were previously removed from the allowed list with the clear trunk command):
Console> (enable) set trunk 1/1 5-50
Adding vlans 5-50 to allowed list.
Port(s) 1/1 allowed vlans modified to 1,5-50,101-1005.
Console> (enable)
This example shows how to set port 5 on module 4 as an 802.1Q trunk port in
desirable mode:
Console> (enable) set trunk 4/5 desirable dot1q
Port(s) 4/5 trunk mode set to desirable.

Port(s) 4/5 trunk type set to dot1q.
Console> (enable)
This example shows how to set port 1 on module 1 as an ISL trunk port:
Console> (enable) set trunk 1/1 isl
Port(s) 1/1 trunk type set to isl.
Console> (enable)
Misconceptions:
None
Related Commands:
clear trunk
show trunk

Command:
set vlan
Mode:
Switch> (enable)
Syntax:
set vlan {vlan} {mod/port}
set vlan {vlan} [name {name}] [type {type}] [state {state}] [said
{said}] [mtu {mtu}]
[mode {bridge_mode}] [stp {stp_type}] [translation vlan_num]
[pvlan-type {pvlan_type}] [rspan]
Syntax Description:
vlan Variable that specifies the number of the VLAN.
mod/port Variable that specifies the number of the module and port.
name name (Optional) Keyword and variable that defines a text string used as the
name of the VLAN (1 to 32 characters).
type type (Optional) Keyword and variable that identify the VLAN type as 802.1Q.
state state (Optional) Keyword and variable that specify whether the state of the
VLAN is active or suspended. VLANs in suspended state do not pass
packets.
said said (Optional) Keyword and variable that specify the security association
identifier; valid values are from 1 to 4294967294.
mtu mtu (Optional) Keyword and variable that specify the maximum transmission
unit (packet size, in bytes) that the VLAN can use; valid values are from
576 to 18190.
mode (Optional) Keyword and variable that specify the bridge mode; valid
bridge_mode values are srt and srb.
stp stp_type (Optional) Keyword and variable that specify the version of the Spanning
Tree Protocol to use: source routing transparent (ieee), source route
bridging (ibm), automatic source selection (auto).
translation (Optional) Keyword and variable that specify a translational VLAN used
vlan_num to translate FDDI to Ethernet; valid values are from 1 to 1005.
pvlan-type (Optional) Keyword and variable that specify the private VLAN type. See
pvlan-type the "Usage Guidelines" section below for valid values.
rspan (Optional) Keyword that creates a VLAN for remote SPAN.
Use the set vlan command to group ports into a VLAN.
The VLAN numbers are always ISL VLAN identifiers, and not 802.1q VLAN identifiers.
VLAN 1 parameters are factory configured and cannot be changed.
If you specify a range of VLANs, you cannot use the VLAN name.
If you enter the mistp-instance none command, the specified VLANs are unmapped from any
instance they are mapped to.
If you are configuring normal range VLANs, you cannot use the set vlan command until the
Catalyst 4000 family switch is either in VTP transparent mode (set vtp mode transparent) or until
a VTP domain name has been set (set vtp domain name). To create a private VLAN, UTP mode
must be transparent.
You cannot set multiple VLANs for ISL ports using this command. The VLAN name can be from
1 to 32 characters in length. If you are adding a new VLAN or modifying an existing VLAN, the
VLAN number must be within the range of 1 to 1000 and 1025 to 4094.
If you want to use the extended range VLANs (1025 to 4094), you must enable the MAC address
reduction feature using the set spantree macreduction command. When you enable MAC address
reduction, the pool of MAC addresses used for the VLAN spanning tree is disabled, leaving a
single MAC address that identifies the switch.
You must configure a private VLAN on the supervisor engine.
Valid values for pvlan-type are the following:
primary specifies the VLAN as the primary VLAN in a private VLAN.

isolated specifies the VLAN as the isolated VLAN in a private VLAN.
community specifies the VLAN as the community VLAN in a private VLAN.
twoway-community specifies the VLAN as a bidirectional community VLAN that carries
the traffic among community ports and to and from community ports to and from the MSFC.
Non-trunk promiscuous ports do not support the twoway community type for remapping.
none specifies that the VLAN is a normal Ethernet VLAN, not a private VLAN.
Only regular VLANs with no access ports assigned to them can be used in private VLANs. Do not
use the set vlan command to add ports to a private VLAN; use the set pvlan command to add
ports to a private VLAN.
VLANs 1001, 1002, 1003, 1004, and 1005 cannot be used in private VLANs.
VLANs in a suspended state do not pass packets.
Example:
This example shows how to set VLAN 850 to include ports 4 through 6on module 3. Because ports
4 through 6 were originally assigned to VLAN 1, the message reflects the modification of VLAN
1:
Console> (enable) set vlan 850 3/4-6
VLAN 850 modified.

VLAN 1 modified.
VLAN Mod/Ports
---- -----------------------
850 3/4-6
Console> (enable)
This example shows how to set VLAN 7 as a primary VLAN:

Console> (enable) set vlan 7 pvlan-type primary
Console> (enable)
This example shows how to set VLAN 901 as an isolated VLAN:

Console> (enable) set vlan 901 pvlan-type isolated
Console> (enable)
This example shows how to set VLAN 903 as a community VLAN:

Console> (enable) set vlan 903 pvlan-type community
Console> (enable)
This example shows how to set VLAN 2 as an RSPAN vlan:

Console> (enable) set vlan 2 rspan
VTP advertisements transmitting temporarily stopped,
and will resume after the command finishes.
Vlan 2 configuration successful
Console> (enable)
Misconceptions:
None
Related Commands:
show vlan
clear vlan

Command:
set vmps server
Mode:
Switch> (enable)
Syntax:
set vmps server ip_addr [primary]
Syntax Description:
ip_addr Variable that specifies the IP address of the VMPS server
primary (Optional) Keyword that identifies the specified device as the primary VMPS
server
Use the set vmps server command to configure the IP address of the VMPS server to be queried.
You can specify the IP addresses of up to three VMPS servers. You can define any VMPS server
as the primary VMPS server.
If the primary VMPS server is down, all subsequent queries go to a secondary VMPS server.
VMPS checks on the primary server's availability once every five minutes. When the primary
VMPS server comes back online, subsequent VMPS queries are directed back to the primary
VMPS server.
To use a co-resident VMPS (when VMPS is enabled in a device), configure one of the three VMPS
addresses as the IP address of interface sc0.
Examples:
This example shows how to define a VMPS server:
Console> (enable) set vmps server 192.168.10.140 primary
192.168.10.140 added to VMPS table as primary domain server.
Console> (enable) set vmps server 192.168.69.171
192.168.69.171 added to VMPS table as backup domain server.

Console> (enable)
Misconceptions:
None
Related Commands:
None

Command:
set vmps state
Mode:
Switch> (config)
Syntax:
set vmps state {enable | disable}
Syntax Description:
enable Keyword used to enable VMPS.
disable Keyword used to disable VMPS.
Use the set vmps state command to enable or disable VMPS.
Before using the set vmps state command, you must use the set vmps storage command to
specify the IP address of the server from which the VMPS database is downloaded.
Example:
The following examples show the set vmps state enable and set vmps state disable commands and the
system's responses to these commands.
Console> (enable) set vmps state enable
Vlan membership Policy Server enabled.
TFTP server IP address is not configured
Unable to contact the TFTP server 198.4.254.222
File "vmps_configuration.db" not found on the TFTP server 198.4.254.222
Enable failed due to insufficient resources.
Console> (enable) set vmps state disable
All the VMPS configuration information will be lost and the resources released on disabl
Do you want to continue (y/n[n]):y
VLAN Membership Policy Server disabled.
Misconceptions:
None
Related Commands:
None

Command:
set vtp
Mode:
Switch> (enable)
Syntax:
set vtp [domain domain_name] [mode {client | server | transparent
| off}] [passwd passwd] [pruning {enable | disable}] [v2 {enable |
disable}]
Syntax Description:
domain domain_name (Optional) Keyword and variable that identify the VLAN
management domain. The domain_name can be from 1 to 32
characters in length.
mode {client | server | (Optional) Keywords that specify the VTP mode
transparent | off}
passwd passwd (Optional) Keyword and variable that specify the VTP password;
the VTP password can be from 8 to 64 characters in length.
pruning {enable | (Optional) Keywords to enable or disable VTP pruning for the
disable} entire management domain
v2 {enable | disable} (Optional) Keywords to enable or disable version 2 mode
Use the set vtp command to set the options for VTP.
All switches in a VTP domain must run the same version of VTP. VTP version 1 and VTP
version 2 do not operate on switches in the same VTP domain.
If all switches in a domain are VTP version 2-capable, enable VTP version 2 on one switch (using
the set vtp v2 enable command). The version number is automatically propagated to the other
version 2-capable switches in the VTP domain.
If the VTP password has already been defined, entering passwd 0 (zero) clears the VTP password.
VTP supports four different modes: server, client, transparent, and off. If you make a change to the
VTP or VLAN configuration on a switch in server mode, that change is propagated to all of the
switches in the same VTP domain.
If the receiving switch is in server mode and its revision number is higher than the sending switch,
the configuration is not changed. If the revision number is lower, the configuration is duplicated.
VTP can be set to either server or client mode only when dynamic VLAN creation is disabled.
If the receiving switch is in server mode, the configuration is not changed.
If the receiving switch is in client mode, the client switch changes its configuration to duplicate the
configuration of the server. Be sure you make all VTP or VLAN configuration changes on a switch
in server mode.
If the receiving switch is in transparent mode, the configuration is not changed. Switches in
transparent mode do not participate in VTP. If you make VTP or VLAN configuration changes on
a switch in transparent mode, the changes are not propagated to the other switches in the network.
When you configure VTP "off" mode, the switch behaves the same as in VTP transparent mode
with the exception that VTP advertisements are not forwarded.
The pruning keyword is used to enable or disable VTP pruning for the VTP domain. VTP pruning
causes information about each pruning-eligible VLAN to be removed from VTP updates if there
are no stations belonging to that VLAN on a particular switch port. Use the set vtp pruneeligible
and clear vtp pruning commands to specify which VLANs should or should not be pruned when
pruning is enabled for the domain.
Use the clear config all command to remove the domain from the switch.
Example:
This example shows how to use the set vtp command:
Console> (enable) set vtp domain Engineering mode client
VTP domain Engineering modified

Console> (enable)
This example shows what happens if you try to change VTP to server or client mode and dynamic
VLAN creation is enabled:
Console> (enable) set vtp mode server
Failed to Set VTP to Server. Please disable Dynamic VLAN Creation First.
Console> (enable)
This command shows how to set VTP to off mode:

Console> (enable) set vtp mode off
VTP domain modified

Console> (enable)
Misconceptions:
This command is not supported on extended-range VLANs.
VTP pruning and MISTP cannot be enabled at the same time.
Be careful when you use the clear config all command. This command clears the entire switch
configuration, not just the VTP domain.
Related Commands:
set vlan
show vlan
show vtp domain

Command:
Mode:
Switch> (enable)
Syntax:
set vtp pruneeligible vlans
Syntax Description:
vlans Variable that specifies the range of VLAN numbers; valid values are from 2 to 1000.
Use the set vtp pruneeligible command to specify the VTP domain on which VLANs are prune
eligible.
VTP pruning causes information about each pruning-eligible VLAN to be removed from VTP
updates if there are no stations belonging to that VLAN on a particular switch port. Use the set vtp
command to enable VTP pruning.
By default, VLANs 2 to 1000 are pruning eligible. You do not need to use the set vtp pruning
command unless you have previously used the clear vtp pruning command to make some VLANs
pruning ineligible. If VLANs have been made pruning ineligible, use the set vtp pruning
command to make them pruning eligible again.
Examples:
This example shows how to configure pruning eligibility for VLANs 120 and 150:
Console> set vtp pruneeligible 120,150
Vlans 120,150 eligible for pruning on this device.

VTP domain nada modified.
Console>
In this example, VLANs 200 to 500 were made pruning ineligible using the clear vtp pruning
command. This example shows how to make VLANs 220 to 320 pruning eligible again:
Console> set vtp pruneeligible 220-320
Vlans 2-199,220-320,501-1000 eligible for pruning on this device.

Console>
Misconceptions:
None
Related Commands:
clear vtp pruning
set vlan
show vtp domain

Command:
set vtp pruning
Mode:
Switch> (enable)
Syntax:
set vtp pruning vlans
Syntax Description:
vlans Variable that specifies the range of VLAN numbers; valid values are 2 to 1000.
Use the set vtp pruning command to specify which VLANs in the VTP domain are eligible for
pruning.
VTP pruning causes information about each pruning-eligible VLAN to be removed from VTP
updates if there are no stations belonging to that VLAN out a particular switch port. Use the set
vtp command to enable VTP pruning.
By default, VLANs 2 to 1000 are pruning eligible. You do not need to use the set vtp pruning
command unless you have previously used the clear vtp pruning command to make some VLANs
pruning ineligible.
If VLANs have been made pruning ineligible, use the set vtp pruning command to make them
pruning eligible again.
Examples:
This example shows how to configure pruning eligibility for VLANs 120 and 150:
Console> (enable) set vtp pruning 120,150
Vlans 120,150 eligible for pruning on this device.

VTP domain nada modified.
Console> (enable)
In this example, VLANs 200-500 were made pruning ineligible using the clear vtp pruning
command. This example shows how to make VLANs 220 to 320 pruning eligible again:
Console> (enable) clear vtp pruning 200-500
Vlans 1,200-500,1001-1005 will not be pruned on this device.

Console> (enable)
Console> (enable) set vtp pruning 220-320
Vlans 2-199,220-320,501-1000 eligible for pruning on this device.

Console> (enable)
Misconceptions:
None
Related Commands:
set vlan
clear vtp pruning
show vtp domain

Command:
show cgmp
Mode:
Switch#
Syntax:
show cgmp
Syntax Description:
Use the show cgmp privileged Exec command to display the Cisco Group Management Protocol
(CGMP) status, CGMP Fast Leave status, CGMP hold time, multicast group information, and
multicast router information.
Example:
This example shows how to display CGMP status for managed devices.
hostname# show cgmp
CGMP Status : Enabled

CGMP Fast Leave Status : Disabled
CGMP Holdtime (secs) : 600
Allow reserved address to join as GDA: Enabled
VLAN Address Destination

-----------------------------------------------------------------------
1 0100.5E00.0128 Fa2
VLAN Router Address Expiration Interface

-----------------------------------------------------------------------
1 00E0.1E68.7751 589 sec Fa2
Misconceptions:
None
Related Commands:
cgmp
cgmp leave-processing

Command:
write
Mode:
Switch> (enable)
Syntax:
write {host file | network | terminal} [rcp all]
write memory
Syntax Description:
host Variable that specifies the IP address or IP alias of the host
file Variable that specifies the name of the configuration file
network Keyword that specifies interactive prompting for the IP address or IP alias of the
host and the filename to upload
terminal Keyword that displays the nondefault configuration file on the terminal
rcp (Optional) Keyword that uploads a software image to a host using RCP
all (Optional) Keyword that specifies all modules and system configuration
information, including the IP address
memory Keyword that uploads the current configuration to a specified location
Use the write command to upload or display nondefault configurations to a host, terminal, or
memory.
The write host file command is a shorthand version of the write network command.
You cannot use the write network command to upload software to the ATM module. With the
write network command, the file must already exist on the host (use the UNIX touch filename
command to create the file).
The write memory command is applicable only when the switch is set to save its configuration to
a text file.
Examples:
This sample session assumes that module 1 is a 2-port supervisor engine module; module 2 is a 12-
port 10/100BASE-T switched Ethernet module; modules 3 and 5 are empty; and module 4 is a
FDDI module. Details of the ATM configuration must be accessed through the special module
mode.
This example shows how to upload the system5.cfg file to the mercury host using the write
network command:
Console> (enable) write network
IP address or name of host? mercury
Name of configuration file to write? system5.cfg
Upload configuration to system5.cfg on mercury (y/n) [y]? y
/
Done. Finished Network Upload. (9003 bytes)
Console> (enable)
This example shows how to upload the system5.cfg file to the mercury host using the write
network rcp command:
Console> (enable) write network rcp
IP address or name of host? mercury
Name of configuration file to write? system5.cfg
/
Console> (enable)
This example shows how to upload the system5.cfg file to the mercury host using the
write host file command as a shorthand method:
Console> (enable) write mercury system5.cfg
/
Console> (enable)
This example shows how to use the write terminal all command to display the entire (default and
nondefault) configuration file on the terminal (partial display):
Console> (enable) write terminal all
begin
set password $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set enablepass $1$FMFQ$HfZR5DUszVHIRhrz4h6V70
set prompt Console>
!
#system
set system name
set system location
set system contact
!
#snmp
set snmp community read-only public
set snmp community read-write private
set snmp community read-write-all secret
set snmp trap disable
!
#vlan/trunk
set vlan 1 1/1-2,4/1
set vlan 2 2/1-5
!
#trunks
!
#cam
set cam agingtime 1 300
set cam agingtime 2 300
!
#ip
set interface sc0 0.0.0.0 0.0.0.0 0.0.0.0
set interface sl0 0.0.0.0 0.0.0.0
set ip redirect enable
set ip unreachable disable
set ip fragmentation enable
set ip alias default 0.0.0.0
set arp agingtime 1200
!
...
<<<<output truncated>>>>
Console> (enable)
This example shows how to upload the running system configuration to a pre-specified location:
Console> (enable) write memory
Upload configuration to bootflash:switch.cfg

7165844 bytes available on device bootflash, proceed (y/n) [n]? y
Console> (enable)
Misconceptions:
By default, the write command will upload or output only nondefault configurations. Use the
keyword all to upload or output both default and nondefault configurations.
Related commands:
show config

Command:
cgmp
Mode:
Switch(config)#
Syntax:
cgmp [leave-processing | holdtime time]
no cgmp [leave-processing | holdtime]
Syntax Description:
holdtime (Optional) Set the amount of time a router connection is retained

before the switch ceases to exchange messages with it
Number of seconds a router connection is retained before the switch
time ceases to exchange messages with it. You can enter a number from
10 to 6000 (seconds).
leave-processing (Optional) Enable Fast Leave processing on the switch
Use the cgmp global configuration command to enable Cisco Group Management Protocol
(CGMP). You can also enable and disable the Fast Leave parameter and set the router port aging
time. Use the no form of this command to disable CGMP. By default CGMP is enabled and Fast
Leave is disabled. The default holdtime is 300 seconds.
Usage Guidelines:
CGMP must be enabled before the Fast Leave option can be enabled. Fast Leave processing
optimizes the use of network bandwidth by reducing the delay between members of a multicast
group leaving the group and the actual pruning of multicast traffic to that segment.
Example:
This example shows how to enable CGMP on a switch:
Switch(config)#cgmp
The following command enables CGMP Fast Leave processing:
Switch(config)#cgmp leave-processing
Misconceptions:
None
Related Commands:
show cgmp

Command:
duplex
Mode:
Switch(config-if)#
Syntax:
duplex {full | half | auto}
no duplex
Syntax Description:
full Specifies full-duplex operation.
half Specifies half-duplex operation.
auto Specifies the auto negotiation capability. The interface automatically operates at half or full
duplex, depending on environmental factors, such as the type of media and transmission
speeds for the peer routers, hubs, and switches used in the network configuration.
To configure the duplex operation on an interface, use the duplex interface configuration
command. Use the no form of this command to return the system to half-duplex mode, which is
the system default.
To use the auto-negotiation capability (that is, detect speed and duplex modes automatically), you
must set both speed and duplex to auto. Setting speed to auto negotiates speed only, and setting
duplex to auto negotiates duplex only.
Table describes the access server's performance for different combinations of the duplex and speed
modes. The specified duplex command configured with the specified speed command produces
the resulting system action.
Duplex Commands Speed Commands Resulting System Action
duplex auto speed auto Auto negotiates both speed and duplex
modes.
duplex auto speed 100 or speed 10 Auto negotiates both speed and duplex
modes.
duplex half or duplex speed auto Auto negotiates both speed and duplex
full modes.
duplex half speed 10 Forces 10 Mbps and half duplex.
duplex full speed 10 Forces 10 Mbps and full duplex.
Example:
The following example shows the different duplex configuration options you can configure on a
Cisco AS5300:
Enter configuration commands, one per line. End with CNTL/Z.
Router(config-if)#duplex ?
auto Enable AUTO duplex configuration
full Force full duplex operation
half Force half-duplex operation
Misconceptions:
For the Cisco AS5300, the duplex {full | half | auto} command syntax replaces the following two
earlier duplex commands:
half-duplex
full-duplex
You will get the following error messages if you try to use these commands on a Cisco AS5300:
Router(config-if)#full-duplex
Please use duplex command to configure duplex mode
Router(config-if)#
Router(config-if)#half-duplex
Please use duplex command to configure duplex mode

Related Commands:
speed

Command:
login authentication
Mode:
Syntax:
login authentication {default | list-name}
no login authentication {default | list-name}
Syntax Description:
default Uses the default list created with the aaa authentication login command.
list-name Uses the indicated list created with the aaa authentication login command.
To enable AAA authentication for logins, use the login authentication line configuration
command. Use the no form of this command to either disable TACACS+ authentication for logins
or to return to the default.
Usage Guidelines
This command is a per-line command used with AAA that specifies the name of a list of AAA
authentication methods to try at login. If no list is specified, the default list is used (whether or not
it is specified in the command line).
Caution If you use a list-name value that was not configured with the aaa authentication login
command, you will disable login on this line.
Entering the no version of login authentication has the same effect as entering the command with
the default keyword.
Before issuing this command, create a list of authentication processes by using the global
configuration aaa authentication login command.
Example:
The following example specifies that the default AAA authentication is to be used on line 4:
Router(config-line)#login authentication default
The following example specifies that the AAA authentication list called list1 is to be used on line
7:
Router(config-line)#login authentication list1
Misconceptions:
None
Related Commands:

Command:
port group
Mode:
Switch(config-if)#
Syntax:
port group group-number [distribution {source | destination}]
no port group
Syntax Description:
group-number Port group number to which the port belongs. The range is
from 1 to 6.
distribution {source | (Optional) Forwarding method for the port group.

destination}
source—Set the port to forward traffic to a port group based
on the packet source address. This is the default forwarding
method
destination—Set the port to forward traffic to a port group
based on the packet destination address.
Use the port group interface configuration command to assign a port to a Fast EtherChannel or
Gigabit EtherChannel port group. Up to six port groups can be created on a switch. Up to eight
ports can belong to a source-based or destination-based port group. Use the no form of this
command to remove a port from a port group.
The following restrictions apply for all ports:
Do not group Fast Ethernet and gigabit ports together.

No port group member can be configured for Switched Port Analyzer (SPAN) port
monitoring.
No port group member can be enabled for port security.
You can create up to six port groups of all source-based, all destination-based, or a
combination of source-based and destination-based port groups. A source-based port group
can have up to eight ports in its group. A destination-based port group can also have only
eight ports in its group. You cannot mix source-based and destination-based ports in the same
group.
Port group members must belong to the same set of VLANs and must be all static-access or
all trunk ports.
When a group is first formed, the switch automatically sets the following parameters to be the
same on all ports:
VLAN membership of ports in the group

VLAN mode (static or trunk) of ports in the group
Encapsulation method of the trunk
Native VLAN configuration if the trunk uses IEEE 802.1Q
Allowed VLAN list configuration of the trunk port
Spanning Tree Protocol (STP) Port Fast option
STP port priority
STP path cost
Protected port
Configuration of the first port added to the group is used when setting the above parameters for
other ports in the group. After a group is formed, changing any parameter in the above list changes
the parameter on all other ports.
Use the distribution keyword to customize the port group to your particular environment. The
forwarding method you choose depends on how your network is configured. However, source-
based forwarding works best for most network configurations.
Example:
The following example shows how to add a port to a port group by using the default source-based
forwarding:
Switch(config-if)#port group 1
The following example shows how to add a port to a group by using destination-based forwarding:
Switch(config-if)#port group 2 distribution destination
You can verify the previous commands by entering the show port group command in privileged
EXEC mode.
Misconceptions:
None
Related Commands:
None

Command:
port security
Mode:
Switch(config-if)#
Syntax:
port security [action {shutdown | trap} | max-mac-count addresses]
no port security
Syntax Description:
action {shutdown | (Optional) Action to take when an address violation occurs on this
trap} port.
shutdown—Disable the port when a security violation occurs.

trap—Generate an SNMP trap when a security violation occurs
max-mac-count (Optional) The maximum number of secure addresses that this port can
addresses support. The range is from 1 to 132.
Use the port security interface configuration command to enable port security on a port and
restrict the use of the port to a user-defined group of stations. Use the no form of this command to
return the port to its default value.
If you specify trap, use the snmp-server host command to configure the SNMP trap host to
receive traps.
The following restrictions apply to secure ports:
A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group.
A secure port cannot have Switched Port Analyzer (SPAN) port monitoring enabled on it.
A secure port cannot be a dynamic-access port or a trunk port.
Example:
The following example shows how to enable port security and what action the port takes in case of
an address violation (shutdown).
Switch(config-if)#port security action shutdown
The following example shows how to set the maximum number of addresses that the port can learn
to 8.
Switch(config-if)#port security max-mac-count 8
You can verify the previous commands by entering the show port security command in privileged
EXEC mode.
Misconceptions:
None
Related Commands:
None

Command:
spanning-tree
Mode:
Switch(config)#
Syntax:
spanning-tree [vlan stp-list]
no spanning-tree [vlan stp-list]
Syntax Description:
vlan (Optional) List of spanning-tree instances. Each spanning-tree instance is

stp-list associated with a VLAN ID. Valid IDs are from 1 to 1001. Enter each VLAN ID
separated by a space. Do not enter leading zeroes. Ranges are not supported.
Use the spanning-tree global configuration command to enable Spanning Tree Protocol (STP) on
a VLAN. Use the no form of the command to disable STP on a VLAN.
Disabling STP causes the VLAN or list of VLANs to stop participating in STP. Ports that are
administratively down remain down. Received Bridge Protocol Data Units (BPDUs) are forwarded
like other multicast frames. The VLAN does not detect and prevent loops when STP is disabled.
You can disable STP on a VLAN that is not currently active, and verify the change by using the
privileged EXEC show running-config or the show spanning-tree vlan stp-list command. The
setting takes effect when the VLAN is activated.
If the variable stp-list is omitted, the command applies to the STP instance associated with VLAN
1.
You can enable STP on a VLAN that has no ports assigned to it.
Example:
The following example shows how to disable STP on VLAN 5:
Switch(config)#no spanning-tree vlan 5
You can verify the previous command by entering the show spanning-tree command in privileged
EXEC mode. In this instance, VLAN 5 does not appear in the list.
Misconceptions:
For 2950 series of switches.
Related commands:
show spanning-tree

Command:
spanning-tree cost
Mode:
Switch(config-if)#
Syntax:
spanning-tree [vlan stp-list] cost cost
no spanning-tree [vlan stp-list] cost
Syntax Description:
vlan (Optional) List of spanning-tree instances. Each spanning-tree instance is associated

stp-list with a VLAN ID. Valid IDs are from 1 to 1001. Enter each VLAN ID separated by
a space. Do not enter leading zeroes. Ranges are not supported.
cost Path cost can range from 1 to 65535, with higher values indicating higher costs.
This range applies whether or not the IEEE STP has been specified
Use the spanning-tree cost interface configuration command to set the path cost for Spanning
Tree Protocol (STP) calculations. In the event of a loop, spanning tree considers the path cost when
selecting an interface to place into the forwarding state. Use the no form of this command to return
to the default value.
1.
You can set a cost for a port or on a VLAN that does not exist. The setting takes effect when the
VLAN exists.
Example:
The following example shows how to set a path cost value of 64 for VLAN 1:
Switch(config-if)#spanning-tree vlan 1 cost 64
EXEC mode.
Misconceptions:
None
Related commands:
show spanning-tree
spanning-tree portfast
spanning-tree priority

Command:
Mode:
Switch(config)#
Syntax:
spanning-tree [vlan stp-list] forward-time seconds
no spanning-tree [vlan stp-list] forward-time
Syntax Description:
vlan stp- (Optional) List of spanning-tree instances. Each spanning-tree instance is

list associated with a VLAN ID. Valid IDs are from 1 to 1001. Enter each VLAN ID
seconds Forward-delay interval from 4 to 200 seconds.
Use the spanning-tree forward-time global configuration command to set the forwarding-time
for the specified spanning-tree instances. The forwarding time determines how long each of the
listening and learning states last before the port begins forwarding. Use the no form of this
command to return to the default value.
1.
You can set the forwarding-time on a VLAN that has no ports assigned to it. The setting takes
effect when you assign ports to it.
Example:
The following example shows how to set the spanning-tree forwarding time to 18 seconds for
VLAN 20:
Switch(config)#spanning-tree vlan 20 forward-time 18
EXEC mode.
Misconceptions:
None
Related commands:
show spanning-tree

Command:
spanning-tree hello-time
Mode:
Switch(config)#
Syntax:
spanning-tree [vlan stp-list] hello-time seconds
no spanning-tree [vlan stp-list] hello-time
Syntax Description:

seconds Interval from 1 to 10 seconds.
Use the spanning-tree hello-time global configuration command to specify the interval between
hello Bridge Protocol Data Units (BPDUs). Use the no form of this command to return to the
default interval.
1.
You can set the hello time on a VLAN that has no ports assigned to it. The setting takes effect
when you assign ports to it.
Example:
The following example shows how to set the spanning-tree hello-delay time to 3 seconds for
VLAN 20:
Switch(config)#spanning-tree vlan 20 hello-time 3
EXEC mode.
Misconceptions:
None
Related commands:
show spanning-tree
spanning-tree

Command:
spanning-tree max-age
Mode:
Switch(config)#
Syntax:
spanning-tree [vlan stp-list] max-age seconds
no spanning-tree [vlan stp-list] max-age
Syntax Description:

seconds Interval the switch waits between receiving BPDUs from the root switch.
Enter a number from 6 to 200.
Use the spanning-tree max-age global configuration command to change the interval between
messages the spanning tree receives from the root switch. If a switch does not receive a Bridge
Protocol Data Unit (BPDU) message from the root switch within this interval, it recomputes the
Spanning Tree Protocol (STP) topology. Use the no form of this command to return to the default
interval.
The max-age setting must be greater than the hello-time setting.
1.
You can set the max-age on a VLAN that has no ports assigned to it. The setting takes effect when
you assign ports to the VLAN.
Examples:
The following example shows how to set spanning-tree max-age to 30 seconds for VLAN 20:
Switch(config)#spanning-tree vlan 20 max-age 30
The following example shows how to reset the max-age parameter to the default value for
spanning-tree instances 100 through 102:
Switch(config)#no spanning-tree vlan 100 101 102 max-age
You can verify the previous commands by entering the show spanning-tree command in
Misconceptions:
None
Related commands:
show spanning-tree

Command:
Mode:
Switch(config-if)#
Syntax:
spanning-tree [vlan stp-list] port-priority port-priority
no spanning-tree [vlan stp-list] port-priority
Syntax Description:
vlan stp-list (Optional) List of spanning-tree instances. Each spanning-tree instance is

associated with a VLAN ID. Valid IDs are from 1 to 1001. Enter each VLAN
ID
port-priority Number from 0 to 255. The lower the number, the higher the priority.
Use the spanning-tree port-priority interface configuration command to configure a port priority,
which is used when two switches tie for position as the root switch. Use the no form of this
command to return to the default value.
1.
You can set the port priority on a VLAN that has no ports assigned to it. The setting takes effect
when you assign ports to the VLAN.
Example:
The following example shows how to increase the likelihood that the spanning-tree instance 20 is
chosen as the root switch on port fa0/2:
Switch(config)#interface fa0/2
Switch(config-if)#spanning-tree vlan 20 port-priority 0
You can verify the previous commands by entering the show spanning-tree command in
Misconceptions:
None
Related commands:
show spanning-tree

Command:
Mode:
Switch(config-if)#
Syntax:
no spanning-tree portfast
Syntax Description:
Use the spanning-tree portfast interface configuration command to enable the Port Fast feature
on a port in all its associated VLANs. When the Port Fast feature is enabled, the port changes
directly from a blocking state to a forwarding state without making the intermediate Spanning Tree
Protocol (STP) status changes. Use the no form of this command to return the port to default
operation.
Use this feature only on ports that connect to end stations.
This feature affects all VLANs on the port.
A port with the Port Fast feature enabled is moved directly to the spanning-tree forwarding state.
Example:
The following example shows how to enable the Port Fast feature.
Switch(config-if)#spanning-tree portfast
You can verify the previous commands by entering the show running-config in privilege EXEC
mode.
Misconceptions:
None
Related commands:
show spanning-tree

Command:
spanning-tree priority
Mode:
Switch(config)#
Syntax:
spanning-tree [vlan stp-list] priority bridge-priority
no spanning-tree [vlan stp-list] priority
Syntax Description:

bridge- A number from 0 to 65535. The lower the number, the more likely the switch
priority will be chosen as root.
Use the spanning-tree priority global configuration command to configure the switch priority for
the specified spanning-tree instance. This changes the likelihood that the switch is selected as the
root switch. Use the no form of this command to revert to the default value.
1.
You can configure the switch priority on a VLAN that has no ports assigned to it. The setting takes
effect when you assign ports to the VLAN.
Example:
The following example shows how to set the spanning-tree priority to 125 for a list of VLANs:
Switch(config)#spanning-tree vlan 20 100 101 102 priority 125
EXEC mode.
Misconceptions:
None
Related commands:
show spanning-tree

Command:
spanning-tree uplinkfast
Mode:
Switch(config)#
Syntax:
spanning-tree uplinkfast [max-update-rate pkts-per-second]
no spanning-tree uplinkfast [max-update-rate pkts-per-second]
Syntax Description:
max-update-rate pkts- The number of packets per second at which stations address update
per-second packets are sent. The range is 0 to 1000.
Use the spanning-tree uplinkfast global configuration command to accelerate the choice of a new
root port when a link or switch fails or when Spanning Tree Protocol (STP) reconfigures itself. Use
the no form of this command to return to the default value.
When you enable UplinkFast, it is enabled for the entire switch and cannot be enabled for
individual VLANs.
When you enable UplinkFast, the bridge priority of all VLANs is set to 49152, and the path cost of
all ports and VLAN trunks is increased by 3000. This change reduces the chance that the switch
will become the root switch.
When you disable UplinkFast, the bridge priorities of all VLANs and path costs are set to their
default values.
Do not enable the root guard on ports that will be used by the UplinkFast feature. With UplinkFast,
the backup ports (in the blocked state) replace the root port in the case of a failure. However, if
root guard is also enabled, all the backup ports used by the UplinkFast feature are placed in the
root-inconsistent state (blocked) and prevented from reaching the forwarding state.
Example:
The following command shows how to enable UplinkFast:
Switch(config)#spanning-tree uplinkfast
EXEC mode.
Misconceptions:
None
Related commands:
show spanning-tree

Command:
spantree
Mode:
Switch(config)#
Syntax:
spantree {[bridge-group bridge-group...] | [vlan vlan-list...]}
no spantree {[bridge-group bridge-group...] | [vlan vlan-list...]}
Syntax Description:
bridge-group Up to four numbers between 1 and 4 (separated by spaces).
vlan-list Up to ten numbers specified by values between 1 and 1005 (separated by spaces).
Use the spantree global configuration command to enable the Spanning-Tree Protocol (STP) on
up to four bridge groups or up to ten VLANs. Use the no spantree command to disable STP for
the specified bridge groups or for the specified VLANs.
Examples:
This example shows how to disable STP on bridge group 4 and bridge group 2:
hostname(config)#no spantree bridge-group 4 2
This example shows how to enable STP for VLAN 16, 24, and 30:
hostname(config)#spantree vlan 16 24 30
Misconceptions:
For 1900 and 2820 series of switches.
Related commands:
None
Command:
speed
Mode:
Switch(config-if)#
Syntax:
speed {10 | 100 | auto}
no speed
Syntax Description:
10 Configures the interface to transmit at 10 Mbps.
100 Configures the interface to transmit at 100 Mbps.
auto Turns on the Fast Ethernet auto-negotiation capability. The interface automatically
operates at 10 or 100 Mbps depending on environmental factors, such as the type of
media and transmission speeds for the peer routers, hubs, and switches used in the
network configuration.
To configure the speed for a Fast Ethernet interface, use the speed interface configuration
command. Use the no form of this command to disable a speed setting.
The auto negotiation capability is turned on for the Fast Ethernet interface by either configuring the
speed auto interface configuration command or the duplex auto interface configuration command.
Table describes the system's performance for different combinations of the duplex and speed
modes. The specified duplex command configured with the specified speed command produces
the resulting system action.
Table: Relationship between Duplex and Speed Commands

Duplex Command Speed Command Resulting System Action
duplex auto speed auto Auto negotiates both speed and duplex
modes.
duplex auto speed 100 or speed Auto negotiates both speed and duplex
10 modes.
duplex half or duplex speed auto Auto negotiates both speed and duplex
full modes.
Example:
The following example shows the configuration options for the speed command:
switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

switch(config)# interface fastethernet 0
switch(config-if)# speed ?
10 Force 10 Mbps operation

100 Force 100 Mbps operation
auto Enable AUTO speed configuration
Misconceptions:
None
Related commands:
duplex

Command:
squeeze
Mode:
Switch#
Router#
Syntax:
squeeze filesystem:
Syntax Description:
filesystem: Flash file system followed by a colon.
To permanently delete Flash files by squeezing a Class A Flash file system, use the squeeze EXEC
command.
When Flash memory is full, you might need to rearrange the files so that the space used by the files
marked "deleted" can be reclaimed. When you issue the squeeze command, the router copies all
valid files to the beginning of Flash memory and erases all files marked "deleted." At this point,
you cannot recover "deleted" files and you can write to the reclaimed Flash memory space.
In addition to removing deleted files, the squeeze command removes any files that the system has
marked as error. An error file is created when a file write fails (for example, the device is full). To
remove error files, you must use the squeeze command.
Example:
The following example instructs the router to permanently erase the files marked "deleted" from
the Flash memory card inserted in slot 1:
Router#squeeze slot1:
Misconceptions:
The squeeze operation might take as long as several minutes because it can involve erasing and
rewriting almost an entire Flash memory space
Related commands:
delete
erase
dir
cd

Command:
switchport access
Mode:
Switch(config-if)#
Syntax:
switchport access vlan {vlan-id | dynamic}
no switchport access
Syntax Description:
access Configure the interface as a static-access port; valid values are from 1 to 1005.
vlan vlan-
id
access Specify that the access mode VLAN is dependent on the VLAN Membership
vlan Policy Server (VMPS) protocol. The port is assigned to a VLAN based on the
dynamic source MAC address of a host (or hosts) connected to the port. The switch
sends every new MAC address received to the VMPS server to obtain the
VLAN name to which the dynamic-access port should be assigned. If the port
already has a VLAN assigned and the source has already been approved by the
VMPS, the switch forwards the packet to the VLAN.
Use the switchport access interface configuration command to configure a port as a static-access
or dynamic-access port. If the mode is set to access, the port operates as a member of the
configured VLAN. If set to dynamic, the port starts discovery of its VLAN assignment based on
the incoming packets it receives. Use the no form of this command to reset the access mode to the
default VLAN for the switch.
The no switchport access command resets the access mode VLAN to the appropriate default
VLAN for the device.
The port must be in access mode before the switchport access vlan command can take effect. For
more information, see the switchport mode command.
An access port can be assigned to only one VLAN.

The VMPS server (such as a Catalyst 6000 series switch) must be configured before a port is
configured as dynamic.
These restrictions apply to dynamic-access ports:
The software implements the VLAN Query Protocol (VQP) client, which can query a VMPS
such as a Catalyst 6000 series switch. The Catalyst 3550 switches are not VMPS servers. The
VMPS server must be configured before a port is configured as dynamic.
Use dynamic-access ports only to connect end stations. Connecting them to switches or
routers that use bridging protocols can cause a loss of connectivity.
Configure the network so that Spanning Tree Protocol (STP) does not put the dynamic-access
port in an STP blocking state. The Port Fast feature is automatically enabled on dynamic-
access ports.
Dynamic-access ports can only be in one VLAN and do not use VLAN tagging.
Dynamic-access ports cannot be configured as:
Members of an EtherChannel port group (dynamic-access ports cannot be grouped with
any other port, including other dynamic ports).
Source or destination ports in a static address entry.
Monitor ports.
Example:
This example shows how to assign a port already in access mode to VLAN 2 (instead of the default
VLAN 1):
Switch(config-if)#switchport access vlan 2
You can verify your settings by entering the show interfaces interface-idswitchport privileged
EXEC command and examining information in the Administrative Mode and Operational Mode
rows.
Misconceptions:
None
Related commands:
switchport mode
show interface

Command:
switchport mode
Mode:
Switch(config-if)#
Syntax:
switchport mode {access | trunk}
no switchport mode {access | trunk}
Syntax Description:
Set the port to access mode (static-access). The port operates as a nontrunking, single
access VLAN interface that transmits and receives nonencapsulated frames. An access port can
be assigned to only one VLAN.
Set the port to a trunking VLAN Layer-2 interface. The port transmits and receives
trunk encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-
to-point link between two switches or between a switch and a router.
Use the switchport mode interface configuration command to configure the VLAN membership
mode of a port. Use the no form of this command to reset the mode to the appropriate default for
the device.
Configuration by using the access or trunk keywords takes affect only when the port is changed to
the corresponding mode by using the switchport mode command. The static-access and trunk
configurations are saved, but only one configuration is active at a time.
The no switchport mode form resets the mode to static access.
Examples:
The following example shows how to configure a port for access mode:
Switch(config-if)#switchport mode access
The following example shows how to configure a port for trunk mode:
Switch(config-if)#switchport mode trunk
Misconceptions:
None
Related commands:
None

Command:
switchport trunk
Mode:
Switch(config-if)#
Syntax:
switchport trunk encapsulation {isl | dot1q}
no switchport trunk encapsulation
Syntax Description:
isl Set the encapsulation format to Inter-Switch Link (ISL). The switch encapsulates all
received and transmitted packets with an ISL header. The switch filters native frames
received from an ISL trunk port.
dot1q Set the tagging format to IEEE 802.1Q. With this format, the switch supports
simultaneous tagged and untagged traffic on a port.
Use the switchport trunk encapsulation interface configuration command to set the
encapsulation format on the trunk port. Use the no form of this command to reset the format to the
default. This command is available only in the Enterprise Edition Software.
You cannot configure one end of the trunk as an 802.1Q trunk and the other end as an ISL or
nontrunk port. However, you can configure one port as an ISL trunk and another port on the same
switch as a 802.1Q trunk.
This command is only applicable on switch platforms and port hardware that support both formats.
Example:
The following example shows how to configure the encapsulation format to 802.1Q:
Switch(config-if)#switchport trunk encapsulation dot1q
You can verify the previous command by entering the show interface interface-id switchport
command in privileged EXEC mode.
Misconceptions:
None
Related commands:
None

Command:
switchport trunk allowed vlan
Mode:
Switch(config-if)#
Syntax:
switchport trunk allowed vlan {add vlan-list | all | except vlan-
list | remove vlan-list}
no switchport trunk allowed vlan
Syntax Description:
add vlan- List of VLAN IDs to add. Valid IDs are from 1 to 1001. Separate
list nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to
designate a range of IDs. Do not enter leading zeroes.
all Add all VLAN IDs to the list.
except List of exception VLAN IDs VLANs are added except the ones specified. Valid
vlan-list IDs are from 1 to 1001. Separate nonconsecutive VLAN IDs with a comma and
no spaces; use a hyphen to designate a range of IDs. Do not enter leading zeroes.
remove List of VLAN IDs to remove. Valid IDs are from 1 to 1001. Separate
vlan-list nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to
Use the switchport trunk allowed vlan interface configuration command to control which
VLANs can receive and transmit traffic on the trunk. Use the no form of this command to reset the
allowed list to the default value.
When the no switchport trunk allowed vlan form is used, the allowed list is reset to the default
list, which includes all VLANs.
In the variable vlan-list, separate nonconsecutive VLAN IDs with a comma; use a hyphen to
designate a range of IDs. You cannot remove VLAN 1 or 1002 to 1005 from the list.
A trunk port cannot be a secure port or a monitor port. However, a static-access port can monitor a
VLAN on a trunk port. The VLAN monitored is the one associated with the static-access port.
Example:
The following example shows how to add VLANs 1, 2, 5, and 6 to the allowed list:
Switch(config-if)#switchport trunk allowed vlan add 1,2,5,6
Misconceptions:
None
Related commands:
switchport mode

Command:
switchport trunk pruning
Mode:
Switch(config-if)#
Syntax:
switchport trunk pruning vlan {add vlan-list | all | except vlan-
list | remove vlan-list}
no switchport trunk pruning
Syntax Description:
add vlan- List of VLAN IDs to add. Valid IDs are from 2 to 1001. Separate
list nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to
all Add all VLAN IDs to the list.
except List of exception VLAN IDs (VLANs are added except the specified ones).
vlan-list Valid IDs are from 2 to 1001. Separate nonconsecutive VLAN IDs with a
comma and no spaces; use a hyphen to designate a range of IDs. Do not enter
leading zeroes.
remove List of VLAN IDs to remove. Valid IDs are from 2 to 1001. Separate
vlan-list nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to
no Set the pruning list to the default.
Use the switchport trunk pruning interface configuration command to configure the VLAN
pruning-eligible list for ports in trunking mode. Use the no form of this command to return the
pruning list to the default setting. The pruning-eligible list applies only to trunk ports. Each trunk
port has its own eligibility list. If you do not want a VLAN to be pruned, remove it from the
pruning-eligible list. VLANs that are pruning-ineligible receive flooded traffic.
Example:
The following example shows how to remove VLANs 3 and 10-15 from the pruning-eligible list:
Switch(config-if)#switchport trunk pruning vlan remove 3,10-15
Misconceptions:
None
Related commands:
vtp pruning

Command:
vlan
Mode:
Switch(vlan)#
Syntax:
vlan vlan-id [name vlan-name] [media {ethernet | fddi | fdi-net |
tokenring | tr-net}]
[state {suspend | active}] [said said-value] [mtu mtu-size] [ring
ring-number]
[bridge bridge-number | type {srb | srt}] [parent parent-vlan-id]
[stp type {ieee | ibm | auto}] [are are-number] [ste ste-number]
[backupcrf {enable | disable}] [tb-vlan1 tb-vlan1-id] [tb-vlan2
tb-vlan2-id]
no vlan vlan-id [name vlan-name] [media {ethernet | fddi | fdi-net

| tokenring | tr-net}]
[state {suspend | active}] [said said-value] [mtu mtu-size] [ring
ring-number]
[bridge bridge-number | type {srb | srt}] [parent parent-vlan-id]
[stp type {ieee | ibm | auto}] [are are-number] [ste ste-number]
[backupcrf {enable | disable}] [tb-vlan1 tb-vlan1-id] [tb-vlan2
tb-vlan2-id]
Catalyst 2950 switches support only Ethernet ports. You can

configure only FDDI and Token Ring media-specific characteristics
for VLAN Trunking Protocol (VTP) global advertisements to other
switches. These VLANs are locally suspended.
Syntax Description:
Table 1 lists the valid syntax for each media type.
Table 1: Valid Syntax for Different Media Types

Media Type Valid Syntax
Ethernet vlan vlan-id [name vlan-name] media ethernet

[state {suspend | active}]
[said said-value] [mtu mtu-size] [tb-vlan1 tb-vlan1-
id] [tb-vlan2 tb-vlan2-id]
FDDI vlan vlan-id [name vlan-name] media fddi [state

{suspend | active}]
[said said-value] [mtu mtu-size] [ring ring-number]
[parent parent-vlan-id] [tb-vlan1 tb-vlan1-id] [tb-
vlan2 tb-vlan2-id]
FDDI-NET vlan vlan-id [name vlan-name] media fdi-net [state

{suspend | active}]
[said said-value] [mtu mtu-size] [bridge bridge-
number]
[stp type {ieee | ibm | auto}] [tb-vlan1 tb-vlan1-id]
[tb-vlan2 tb-vlan2-id]
If VTP V2 mode is disabled, do not set the stp type

to auto.
Token Ring VTP V2 mode is disabled.
vlan vlan-id [name vlan-name] media tokenring

[parent parent-vlan-id]
[tb-vlan1 tb-vlan1-id] [tb-vlan2 tb-vlan2-id]
Token Ring concentrator VTP V2 mode is enabled.

relay function (TRCRF)
vlan vlan-id [name vlan-name] media tokenring
[parent parent-vlan-id]
[bridge type {srb | srt}] [are are-number] [ste ste-
number]
[backupcrf {enable | disable}] [tb-vlan1 tb-vlan1-
id] [tb-vlan2 tb-vlan2-id]
Token Ring-NET VTP V2 mode is disabled.
vlan vlan-id [name vlan-name] media tr-net [state

{suspend | active}]
number]
[stp type {ieee | ibm}] [tb-vlan1 tb-vlan1-id] [tb-
vlan2 tb-vlan2-id]
Token Ring bridge relay VTP V2 mode is enabled.

function (TRBRF)
vlan vlan-id [name vlan-name] media tr-net [state
{suspend | active}]
number]
[stp type {ieee | ibm | auto}] [tb-vlan1 tb-vlan1-id]
[tb-vlan2 tb-vlan2-id]
VLAN Configuration Rules
Table 2 describes the rules for configuring VLANs.

Table 2: VLAN Configuration Rules
Configuration Rule
VTP V2 mode is enabled, Specify a parent VLAN ID of a TRBRF that already

and you are configuring a exists in the configuration.
TRCRF VLAN media type.
Specify a ring number. Do not leave this field blank.
Specify unique ring numbers when TRCRF VLANs

have the same parent VLAN ID. Only one backup
concentrator relay function (CRF) can be enabled.
VTP V2 mode is enabled, Do not specify a backup CRF.

and you are configuring
VLANs other than TRCRF
media type.
VTP V2 mode is enabled, Specify a bridge number. Do not leave this field blank.
and you are configuring a
TRBRF VLAN media type.
VTP V2 mode is disabled. No VLAN can have an STP type set to auto.
This rule applies to Ethernet, FDDI, FDDI-NET, Token

Ring, and Token Ring-NET VLANs.
Add a VLAN that requires The translational bridging VLAN IDs that are used
translational bridging (values must already exist in the configuration.
are not set to zero).
The translational bridging VLAN IDs that a
configuration points to must also contain a pointer to
the original VLAN in one of the translational bridging
parameters (for example, Ethernet points to FDDI, and
FDDI points to Ethernet).
The translational bridging VLAN IDs that a

configuration points to must be different media types
than the original VLAN (for example, Ethernet can
point to Token Ring).
If both translational bridging VLAN IDs are configured,

these VLANs must be different media types (for
example, Ethernet can point to FDDI and Token Ring).
vlan-id ID of the configured VLAN. Valid IDs are from 1

to 1001 and must be unique within the
administrative domain. Do not enter leading
zeroes.
name (Optional) Keyword to be followed by the VLAN

name.
vlan-name ASCII string from 1 to 32 characters that must be

unique within the administrative domain.
media (Optional) Keyword to be followed by the VLAN

media type.
ethernet Ethernet media type.
fddi FDDI media type.
fdi-net FDDI network entity title (NET) media type.
tokenring Token Ring media type if the VTP V2 mode is

disabled.
TRCRF media type if the VTP V2 mode is
enabled.
tr-net Token Ring network entity title (NET) media type

if the VTP V2 mode is disabled.
TRBRF media type if the VTP V2 mode is enabled.
state (Optional) Keyword to be followed by the VLAN

state.
active VLAN is operational.

suspend VLAN is suspended. Suspended VLANs do not
pass packets.
said (Optional) Keyword to be followed by the security

association identifier (SAID) as documented in
IEEE 802.10.
said-value Integer from 1 to 4294967294 that must be unique

within the administrative domain.
mtu (Optional) Keyword to be followed by the

maximum transmission unit (packet size in bytes).
mtu-size Packet size in bytes from 1500 to 18190 that the

VLAN can use.
ring (Optional) Keyword to be followed by the logical

ring for an FDDI, Token Ring, or TRCRF VLAN.
ring-number Integer from 1 to 4095.
bridge (Optional) Keyword to be followed by the logical

distributed source-routing bridge. This bridge that
interconnects all logical rings having this VLAN as
a parent VLAN in FDDI-NET, Token Ring-NET,
and TRBRF VLANs.
bridge- Integer from 0 to 15.

number
type Keyword to be followed by the bridge type.

Applies only to TRCRF VLANs.
srb Source-route bridging VLAN.
srt Source-route transparent bridging VLAN.
parent (Optional) Keyword to be followed by the parent

VLAN of an existing FDDI, Token Ring, or
TRCRF VLAN. This parameter identifies the
TRBRF to which a TRCRF belongs and is
required when defining a TRCRF.
parent-vlan- Integer 0 to 1001.

id
stp type (Optional) Keyword to be followed by the

spanning-tree type for FDDI-NET, Token Ring-
NET, or TRBRF VLAN.
ieee IEEE Ethernet STP running source-route

transparent (SRT) bridging.
ibm IBM STP running source-route bridging (SRB).
auto STP running a combination of source-route

transparent bridging (IEEE) and source-route
bridging (IBM).
are Keyword to be followed by the number of all-

routes explorer (ARE) hops. This keyword applies
only to TRCRF VLANs.
are-number Integer from 0 to 13 that defines the maximum

number of ARE hops for thisVLAN.
ste Keyword to be followed by the number of

spanning-tree explorer (STE) hops. This keyword
applies only to TRCRF VLANs.
ste-number Integer from 0 to 13 that defines the maximum

number of STE hops for this VLAN.
backupcrf Keyword to be followed by the backup CRF mode.

This keyword applies only to TRCRF VLANs.
enable Enable backup CRF mode for this VLAN.
disable Disable backup CRF mode for this VLAN.

tb-vlan1 and (Optional) Keyword to be followed by the first and
tb-vlan2 second VLAN to which this VLAN is
translationally bridged. Translational VLANs
translate FDDI or Token Ring to Ethernet, for
example.
tb-vlan1-id Integer from 0 to 1001.

and tb-
vlan2-id
Use the vlan VLAN configuration command to configure VLAN characteristics. Use the no form
of this command to delete a VLAN and its configured characteristics.
When the no vlan vlan-id form is used, the VLAN is deleted. Deleting a VLAN automatically
resets to zero any other parent VLANs and translational bridging parameters that refer to the
deleted VLAN.
When the no vlan vlan-id name vlan-name form is used, the VLAN name returns to the default
name (VLANxxxx, where xxxx represent four numeric digits [including leading zeroes] equal to
the VLAN ID number).
When the no vlan vlan-id media form is used, the media type returns to the default (ethernet).
Changing the VLAN media type (including the no form) resets the VLAN MTU to the default
MTU for the type (unless the mtu keyword is also present in the command). It also resets the
VLAN parent and translational bridging VLAN to the default (unless the parent, tb-vlan1, or tb-
vlan2 keywords are also present in the command).
When the no vlan vlan-id state form is used, the VLAN state returns to the default (active).
When the no vlan vlan-id said form is used, the VLAN SAID returns to the default (100,000 plus
the VLAN ID).
When the no vlan vlan-id mtu form is used, the VLAN MTU returns to the default for the
applicable VLAN media type. You can also modify the MTU by using the media keyword.
When the no vlan vlan-id ring form is used, the VLAN logical ring number returns to the default
(0).
When the no vlan vlan-id bridge form is used, the VLAN source-routing bridge number returns
to the default (0). The vlan vlan-id bridge command is only used for FDDI-NET and Token Ring-
NET VLANs and is ignored in other VLAN types.
When the no vlan vlan-id parent form is used, the parent VLAN returns to the default (0). The
parent VLAN resets to the default if the parent VLAN is deleted or if the media keyword changes
the VLAN type or the VLAN type of the parent VLAN.
When the no vlan vlan-id stp type form is used, the VLAN spanning-tree type returns to the
default (ieee).
When the no vlan vlan-id tb-vlan1 or no vlan vlan-id tb-vlan2 form is used, the VLAN
translational bridge VLAN (or VLANs, if applicable) returns to the default (0). Translational
bridge VLANs must be a different VLAN type than the affected VLAN, and if two are specified,
the two must be different VLAN types from each other. A translational bridge VLAN resets to the
default if the translational bridge VLAN is deleted, if the media keyword changes the VLAN type,
or if the media keyword changes the VLAN type of the corresponding translational bridge VLAN.
Examples:
This example shows how to add an Ethernet VLAN with default media characteristics. The default
includes a vlan-name of VLANxxx, where xxxx represents four numeric digits (including leading
zeroes) equal to the VLAN ID number. The default media option is ethernet; the state option is
active. The default said-value variable is 100,000 plus the VLAN ID; the mtu-size variable is
1500; the stp-type option is ieee. The VLAN is added if it did not already exist; otherwise, this
command does nothing.
Switch(vlan)#vlan 2
This example shows how to modify an existing VLAN by changing its name and MTU size:
Switch(vlan)#no vlan name engineering mtu 1200
You can verify your settings by entering the show vlan privileged EXEC command.
Misconceptions:
None
Related commands:
show vlan (IOS)

Command:
vlan database
Mode:
Switch#
Syntax:
vlan database
Syntax Description:
Use the vlan database privileged EXEC command to enter VLAN configuration mode from the
command-line interface (CLI). From the CLI, you can add, delete, and modify VLAN
configurations and globally propagate these changes by using the VLAN Trunking Protocol (VTP).
To return to the privileged EXEC mode from the VLAN configuration mode, enter the exit
command.
Example:
This example shows how to enter the VLAN configuration mode from the privileged EXEC mode:
Switch#vlan database
Switch(vlan)#
Misconceptions:
This command mode is different from other modes because it is session-oriented. When you add,
delete, or modify VLAN parameters, the changes are not applied until you exit the session by
entering the apply or exit commands. When the changes are applied, the VTP configuration
version is incremented. To exit the session without applying any of the changes made, use abort.
Related commands:
vlan
Command:
vtp
Mode:
Switch(vlan)#
Syntax:
vtp {server | client | transparent}
no vtp {server | client | transparent}
Syntax Description:
server Place the switch in VTP server mode. A switch in VTP server mode is
enabled for VTP and sends advertisements. You can configure VLANs on it.
The switch can recover all the VLAN information in the current VTP database
from nonvolatile storage after reboot.
client Place the switch in VTP client mode. A switch in VTP client mode is enabled
for VTP, can send advertisements, but does not have enough nonvolatile
storage to store VLAN configurations. You cannot configure VLANs on it.
When a VTP client starts up, it does not transmit VTP advertisements until it
receives advertisements to initialize its VLAN database.
transparent Place the switch in VTP transparent mode. A switch in VTP transparent mode
is disabled for VTP, does not transmit advertisements or learn from
advertisements sent by other devices, and cannot affect VLAN configurations
on other devices in the network. The switch receives VTP advertisements and
forwards them on all trunk ports except the one on which the advertisement
was received. The configuration of multi-VLAN ports causes the switch to
automatically enter transparent mode.
Use the vtp VLAN database command to configure the VLAN Trunk Protocol (VTP) mode. Use
the no form of this command to return to the default setting.
The no vtp client and no vtp transparent forms of the command return the switch to VTP server
mode.
The vtp server command is the same as no vtp client or no vtp transparent except that it does
not return an error if the switch is not in client or transparent mode.
Example:
The following example shows how to place the switch in VTP transparent mode:
Switch(vlan)#vtp transparent
You can verify the previous commands by entering the show vtp status command in privileged
EXEC mode.
Misconceptions:
The Catalyst 2950 switches support up to 64 VLANs.
Related commands:
vtp domain
vtp password
vtp pruning

Command:
vtp domain
Mode:
Switch(vlan)#
Syntax:
vtp domain domain-name
Syntax Description:
domain- ASCII string from 1 to 32 characters that identifies the VTP administrative
name domain for the switch. The domain name is case sensitive.
Use the vtp domain VLAN configuration command to configure the VLAN Trunking Protocol
(VTP) administrative domain.
The switch is in the no-management-domain state until you configure a domain name. While in the
no-management-domain state, the switch does not send any VTP advertisements even if changes
occur to the local VLAN configuration. The switch leaves the no-management-domain state after
receiving the first VTP summary packet on any port that is trunking or after you configure a
domain name by using the vtp domain command. If the switch receives its domain from a
summary packet, it resets its configuration revision number to zero. After the switch leaves the no-
management-domain state, it cannot be configured to reenter it until you clear the nonvolatile
RAM (NVRAM) and reload the software.
Domain names are case sensitive.
After you have configured a domain name, it cannot be removed. You can only reassign it to a
different domain.
Example:
This example shows how to set the administrative domain for the switch:
Switch(vlan)#vtp domain OurDomainName
Misconceptions:
None
Related commands:
vtp password

Command:
vtp password
Mode:
Switch(vlan)#
Syntax:
vtp password password-value
no vtp password password-value
Syntax Description:
password Set the password for the generation of the 16-byte secret value used in MD5
digest calculation to be sent in VTP advertisements and to validate received
VTP advertisements.
password- ASCII string from 8 to 64 characters. The password is case sensitive.

value
Use the vtp password VLAN configuration command to configure the VLAN Trunking Protocol
(VTP) administrative domain password. Use the no form of this command to remove the
password.
Passwords are case sensitive. Passwords should match on all switches in the same domain.
When the no vtp password form of the command is used, the switch returns to the no-password
state.
Example:
This example shows how to configure the VTP domain password:
Switch(vlan)#vtp password ThisIsOurDomain'sPassword
Misconceptions:
None
Related commands:
vtp domain

Command:
vtp pruning
Mode:
Switch(vlan)#
Syntax:
vtp pruning
no vtp pruning
Syntax Description:
Use the vtp pruning VLAN database command to enable pruning in the VLAN Trunk Protocol
(VTP) administrative domain. Use the no form of this command to disable pruning.
If you enable pruning on the VTP server, it is enabled for the entire management domain.
Only VLANs included in the pruning-eligible list can be pruned.
VLANs 2 through 1001 are pruning-eligible on 2900 XL and 3500 XL trunk ports.
Pruning is supported with VTP version 1 and version 2.
Example:
The following example shows how to enable pruning in the proposed new VLAN database:
Switch(vlan)# vtp pruning
You can verify the previous commands by entering the show vtp status command in privileged
EXEC mode.
Misconceptions:
None
Related commands:
switchport trunk pruning

Command:
ip http authentication
Mode:
Router(config)#
Syntax:
ip http authentication {aaa | enable | local | tacacs}
no ip http authentication {aaa | enable | local | tacacs}
Syntax Description:
aaa Indicates that the AAA facility is used for authentication.
enable Indicates that the enable password method, which is the default method of HTTP server
user authentication, is used for authentication.
local Indicates that the local user database as defined on the Cisco router or access server is
used for authentication.
tacacs Indicates that the TACACS or XTACACS server is used for authentication.
Use the ip http authentication global configuration command to specify a particular
authentication method for HTTP server users. Use the no form of this command to disable a
configured authentication method.
The ip http authentication command enables you to specify a particular authentication method
for HTTP server users. The HTTP server uses the enable password method to authenticate a user at
privilege level 15. The ip http authentication command now lets you specify enable, local,
TACACS, or AAA HTTP server user authentication.
Example:
The following example specifies TACACS as the method of HTTP server user authentication:
Router(config)#ip http authentication tacacs
Misconceptions:
None
Related Commands:
ip http server

Command:
ip http port
Mode:
Router(config)#
Syntax:
ip http port number
no ip http port
Syntax Description:
number Port number for use by Clickstart or the Cisco Web Browser Interface
To specify the port to be used by the Cisco IOS ClickStart software or the Cisco Web browser
interface, use the ip http port global configuration command. To use the default port, use the no
Example:
The following example changes the http port to be 81.
Router(config)#ip http port 81
Misconceptions:
None
Related Commands:
ip http server

Command:
ip http server
Mode:
Router(config)#
Syntax:
ip http server
no ip http server
Syntax Description:
To enable a Cisco router to be configured from a browser using the Cisco IOS ClickStart software,
and to enable any router to be monitored or have its configuration modified from a browser using
the Cisco Web browser interface, use the ip http server global configuration command. To disable
this feature, use the no form of this command.
This feature is enabled on Cisco 1003, Cisco 1004, and Cisco 1005 routers that have not yet been
configured. For Cisco 1003, Cisco 1004, and Cisco 1005 routers that have already been
configured, and for all other routers, this feature is disabled.
Example:
The following example configures the router so that you can use the Cisco Web browser interface
to issue commands to it:
Router(config)#ip http server
Misconceptions:
None
Related Commands:
ip http port
ip http authentication

Command:
encapsulation x25
Mode:
Router(config-if)#
Syntax:
encapsulation x25 [dte | dce ] [ddn | bfe ] | [ietf ]
Syntax Description:
dte (Optional) Specifies operation as a DTE. This is the default X.25 mode.
dce (Optional) Specifies operation as a DCE.
ddn (Optional) Specifies DDN encapsulation on an interface using DDN X.25 Standard
Service.
bfe (Optional) Specifies BFE encapsulation on an interface attached to a BFE device.
ietf (Optional) Specifies that the interface's datagram encapsulation defaults to use of the
Internet Engineering Task Force (IETF) standard method, as defined by RFC 1356.
To specify a serial interface's operation as an X.25 device, use the encapsulation x25 interface
One end of an X.25 link must be a logical DCE and the other end a logical DTE. (This assignment
is independent of the interface's hardware DTE or DCE identity.) Typically, when connecting to a
public data network (PDN), the customer equipment acts as the DTE and the PDN attachment acts
as the DCE.
Cisco has long supported the encapsulation of a number of datagram protocols, using a standard
means when available and a proprietary means when necessary. Recently the IETF adopted a
standard, RFC 1356, for encapsulating most types of datagram traffic over X.25. By default, X.25
interfaces use Cisco's traditional encapsulation method. To use RFC 1356 encapsulation, specify
the ietf keyword. For details see the x25 map command.
To correctly interoperate with the Defense Data Network (DDN) or a Blacker Front End (BFE)
device, Cisco X.25 interfaces must derive their X.121 address from the IP address assigned to that
interface. To use the appropriate algorithm for deriving the X.121 address, specify either the ddn
or the bfe keyword. Use the ddn keyword when connecting to the Defence Data Network (DDN),
or the bfe keyword when connecting to a Blacker Front End (BFE) device. For proper operation,
the derived X.121 address must not be changed.
A router DDN attachment can operate as either a DTE or a DCE device. A BFE attachment can
operate only as a DTE device. The ietf option is not available if either the ddn or bfe option is
selected.
Example:
The following example configures the interface for connection to a BFE device:
Router(config-if)#encapsulation x25 bfe
Misconceptions:
None
Related Commands:
x25 map

Command:
x25 address
Mode:
Router(config-if)#
Syntax:
x25 address x121-address
Syntax Description:
x121- The variable-length X.121 address assigned to this interface by the X.25 network
address service provider.
To set the X.121 address of a particular network interface, use the x25 address interface
When an X.25 interface on a router is connected to an X.25 network, the network administrator
assigns it an X.121 address. X.25 interfaces that perform X.25 switching only do not require an
X.121 address.
Example:
The following example sets the X.121 address for the interface:
Router(config-if)#encapsulation x25
Router(config-if)#x25 address 00000123005
The address must match that assigned by the X.25 network service provider.
Misconceptions:
None
Related commands:
None
Command:
x25 default
Mode:
Router(config-if)#
Syntax:
x25 default protocol
no x25 default protocol
Syntax Description:
protocol Specifies the protocol to assume; may be ip or pad .
To set a default protocol, use the x25 default interface configuration command. To remove the
default protocol specified, use the no form of this command.
This command specifies the protocol assumed by the Cisco IOS software for incoming calls with
unknown or missing protocol identifier in the call user data (CUD). If you do not use the x25
default interface configuration command, the software clears any incoming calls with
unrecognized CUD.
Example:
The following example establishes IP as the default protocol for X.25 calls:
Router(config-if)# x25 default ip
Misconceptions:
None
Related commands:
x25 map
Command:
x25 hic
Mode:
Router(config-if)#
Syntax:
x25 hic circuit-number
Syntax Description:
circuit-number VC number from 1 to 4095, or 0 if there is no incoming-only VC range.
To set the highest incoming-only virtual circuit (VC) number, use the x25 hic interface
Usage Guidelines
When X.25 calls are placed across the interface between an X.25 DTE and the X.25 network,
virtual circuits (VC) are established to carry the data associated with the calls. These VCs fall into
the following categories: Permanent Virtual Circuits (PVCs), incoming-only, both-way, and
outgoing-only. All VCs are numbered, and each of these categories occupies a consecutive range.
All PVCs must be numerically lower than all incoming-only VCs, which in turn must be lower
than all both-way VCs, which in turn must be lower than all outgoing-only VCs.
Example:
The following example sets a valid incoming-only VC range of 1 to 5:
Router(config-if)#x25 lic 1
Router(config-if)#x25 hic 5
Misconceptions:
None
Related commands:
x25 lic
x25 hoc
x25 htc
x25 loc
x25 ltc

Command:
x25 hoc
Mode:
Router(config-if)#
Syntax:
x25 hoc circuit-number
Syntax Description:
To set the highest outgoing-only virtual circuit (VC) number, use the x25 hoc interface
the following categories: Permanent Virtual Circuits (PVCs), incoming-only, two-way, and
than all two-way VCs, which in turn must be lower than all outgoing-only VCs.
Example:
The following example sets a valid outgoing-only VC range of 2000 to 2005:
Router(config-if)#interface serial 0/0
Router(config-if)#x25 loc 2000
Router(config-if)#x25 hoc 2005
Misconceptions:
None
Related commands:
x25 loc
Command:
x25 htc
Mode:
Router(config-if)#
Syntax:
x25 htc circuit-number
Syntax Description:
circuit-number VC number from 1 to 4095, or 0 if there is no two-way VC range.
To set the highest two-way virtual circuit (VC) number, use the x25 htc interface configuration
command.
Usage Guidelines
the following categories: Permanent Virtual Circuits (PVCs), incoming-only, two-way, and
than all two-way VCs, which in turn must be lower than all outgoing-only VCs.
Example:
The following example sets a valid two-way VC range of 5 to 25:
Router(config-if)#x25 ltc 5
Router(config-if)#x25 htc 25
Misconceptions:
None
Related commands:
x25 lic
x25 hic
x25 hoc
x25 loc
x25 ltc

Command:
x25 ips
Mode:
Router(config-if)#
Syntax:
x25 ips bytes
Syntax Description:
bytes Byte count. It can be one of the following values: 16, 32, 64, 128, 256, 512, 1024, 2048,
or 4096.
To set the interface default maximum input packet size to match that of the network, use the x25
ips interface configuration command.
Usage Guidelines
X.25 network connections have a default maximum input packet size set by the network
administrator. Larger packet sizes require less overhead processing. To send a packet larger than
the X.25 packet size over an X.25 virtual circuit, the Cisco IOS software must break the packet
into two or more X.25 packets with the more data bit (M-bit) set. The receiving device collects all
packets with the Mbit set and reassembles the original packet.
Set the x25 ips and x25 ops commands to the same value unless your network supports
asymmetric input and output packet sizes.
Example:
The following example sets the default maximum packet sizes to 512:
Router(config-if)#x25 ips 512
Router(config-if)#x25 ops 512
Misconceptions:
Nones
Related commands:
x25 ops

Command:
x25 lic
Mode:
Router(config-if)#
Syntax:
x25 lic circuit-number
Syntax Description:
To set the lowest incoming-only virtual circuit (VC) number, use the x25 lic interface
Usage Guidelines
Example:
The following example sets a valid incoming-only VC range of 1 to 5, and sets the lowest two-way
VC number:
Router(config-if)#x25 lic 1
Router(config-if)#x25 hic 5
Misconceptions:
None
Related commands:
x25 hic
x25 hoc
x25 htc
x25 loc
x25 ltc

Command:
x25 loc
Mode:
Router(config-if)#
Syntax:
x25 loc circuit-number
Syntax Description:
circuit-number VC number from 1 to 4095, or 0 if there is no outgoing-only VC range.
To set the lowest outgoing-only virtual circuit (VC) number, use the x25 loc interface
Example:
The following example sets a valid outgoing-only virtual circuit range of 2000 to 2005:
Router(config-if)#x25 loc 2000
Router(config-if)#x25 hoc 2005
Misconceptions:
None
Related commands:
x25 lic
x25 hic
x25 hoc
x25 htc
x25 ltc

Command:
x25 ltc
Mode:
Router(config-if)#
Syntax:
x25 ltc circuit-number
Syntax Description:
circuit-number VC number from 1 to 4095, or 0 if there is no two-way VC range.
To set the lowest two-way virtual circuit (VC) number, use the x25 ltc interface configuration
command.
Example:
The following example sets a valid two-way virtual circuit range of 5 to 25:
Router(config-if)#x25 htc 25
Misconceptions:
None
Related commands:
x25 lic
x25 hoc
x25 htc
x25 loc
x25 hic

Command:
x25 map
Mode:
Router(config-if)#
Syntax:
x25 map protocol address [protocol2 address2[...[protocol9
address9]]] x121-address [option]
no x25 map protocol address x121-address
Syntax Description:
protocol The upper layer protocol to be associated with the X.121 address specified in this
map. To specify a protocol, use the protocol's keyword as listed in the table
below. As many as nine protocol and address pairs can be specified in one
command line.
address Protocol address.
x121- X.121 address of the remote host.

address
option (Optional) Additional functionality that can be specified for originated calls. Can
be any of the options listed in Table.
To set up the LAN protocols-to-remote host mapping, use the x25 map interface configuration
command. To remove an existing x25 map, use the no form of this command with the appropriate
network protocol(s) and X.121 address arguments.
Routers use connections across X.25 networks to provide a transport path for higher layer
protocols. To ensure that these connections are established to the correct destinations, the routers
must be configured with the X.121 address of the X.25 destination for a given higher layer
protocol. The x25 map command is used to do this, as well as specify other options and parameters
that the router must use when connecting to the specified destination.
Two methods are available to encapsulate traffic; Cisco's traditional encapsulation method, and the
IETF standard defined in RFC 1356. The IETF method allows for a single virtual circuit to be used
by multiple higher layer protocols. Cisco's traditional encapsulation method is used by default.
Include the method option keyword to specify an alternative encapsulation technique.
When you configure multiprotocol maps, you can specify a maximum of nine protocol and address
pairs in an x25 map command. However, you can specify a protocol only once. For example, you
can specify the IP protocol and an IP address, but you cannot specify another IP address. If
compressedtcp and ip are both specified, the same IP address must be used.
Bridging is supported only if you are using Cisco's traditional encapsulation method. For correct
operation, bridging maps must specify the broadcast option.
Since most datagram routing protocols rely on broadcasts or multicasts to send routing information
to their neighbors, the broadcast keyword is needed to run such routing protocols over X.25.
Encapsulation maps might also specify that traffic between the two hosts should be compressed,
thus increasing the effective bandwidth between them at the expense of memory and computation
time. Because each compression virtual circuit requires memory and computation resources,
compression must be used with care and monitored to maintain acceptable resource usage and
overall performance.
OSPF treats a nonbroadcast, multiaccess network such as X.25 in much the same way as it treats a
broadcast network by requiring the selection of a designated router. In previous releases, this
required manual assignment in the OSPF configuration using the neighbor router configuration
command. When the x25 map command is included in the configuration with the broadcast, and
the ip ospf network command (with the broadcast keyword) is configured, there is no need to
configure any neighbors manually. OSPF will now run over the X.25 network as a broadcast
network. (Refer to the ip ospf network interface configuration command for more detail.)
Note The OSPF broadcast mechanism assumes that IP class D addresses are never used for
regular traffic over X.25.
You can modify the options of an x25 map command by restating the complete set of protocols
and addresses specified for the map, followed by the desired options. To delete a map command,
you must also specify the complete set of protocols and addresses. The options can be omitted.
Once defined, a map's protocols and addresses cannot be changed. This requirement exists because
the Cisco IOS software cannot determine whether you want to add to, delete from, or modify an
existing map's protocol and address specification, or simply mistyped the command. To change a
map's protocol and address specification, you must delete it and create a new map.
A given protocol-address pair cannot be used in more than one map on the same interface.
Table below lists the protocols supported by X.25.
Table: Protocols Supported by X.25

Keyword Protocol
apollo Apollo Domain
appletalk AppleTalk
bridge Bridging1
clns ISO Connectionless Network Service
compressedtcp TCP/IP header compression
decnet DECnet
ip IP
ipx Novell IPX
pad PAD links 2
qllc System Network Architecture (SNA) encapsulation in X.253
vines Banyan VINES
xns XNS
1Bridging traffic is supported only for Cisco's traditional encapsulation method, so a bridge
map cannot specify other protocols. 2Packet Assembly/Disassembly (PAD) maps are used to
configure session and protocol translation access, therefore, this protocol is not available for
multiprotocol encapsulation. 3Qualified Logical Link Control (QLLC) is not available for
multiprotocol encapsulation.
Note The CMNS map form is obsolete; its function is replaced by the enhanced x25 route
command.
Table lists the map options supported by X.25 using the x25 map command.
Table: x25 map Options
Option Description
compress Specifies that X.25 payload compression be used for mapping the traffic to
this host. Each virtual circuit established for compressed traffic uses a
significant amount of memory (for a table of learned data patterns) and for
computation (for compression and decompression of all data). Cisco
recommends that compression be used with careful consideration to its
impact on overall performance.
method {cisco Specifies the encapsulation method. The choices are as follows:
| ietf | snap |
multi}
cisco—Cisco's traditional encapsulation method; not available if
more than one protocol is to be carried. If the method option is not
specified then Cisco encapsulation is used.
ietf—Standard RFC 1356 operation: protocol identification uses the
standard encoding, which is compatible with RFC 877. Multiprotocol
virtual circuits are used only if needed.
snap—RFC 1356 operation where IP is identified with SNAP rather
than the standard IETF method. SNAP encapsulation is NOT
compatible with RFC 877.
multi—Forces a map that specifies a single protocol to set up a
multiprotocol virtual circuit when a call is originated; also forces a
single-protocol PVC to use multiprotocol data identification methods
for all datagrams sent and received.
no-incoming Use the map only to originate calls.
no-outgoing Do not originate calls when using the map.
idle minutes Specifies an idle timeout for calls other than the interface default;
0 minutes disables the idle timeout.
reverse Specifies reverse charging for outgoing calls.
accept-reverse Causes the Cisco IOS software to accept incoming reverse-charged calls. If
this option is not present, the Cisco IOS software clears reverse-charged
calls unless the interface accepts all reverse-charged calls.
broadcast Causes the Cisco IOS software to direct any broadcasts sent through this
interface to the specified X.121 address. This option also simplifies the
configuration of OSPF; see "Usage Guidelines" for more detail.
cug group- Specifies a closed user group number (from 1 to 9999) for the mapping in
number an outgoing call.
nvc count Sets the maximum number of virtual circuits for this map or host. The
default count is the x25 nvc setting of the interface. A maximum number
of eight virtual circuits can be configured for each map. Compressed TCP
may use only 1 virtual circuit.
packetsize in- Proposes maximum input packet size (in-size) and maximum output
size out-size packet size (out-size) for an outgoing call. Both values typically are the
same and must be one of the following values: 16, 32, 64, 128, 256, 512,
1024, 2048, or 4096.
windowsize in- Proposes the packet count for input window (in-size) and output window
size out-size (out-size) for an outgoing call. Both values typically are the same, must be
in the range 1 to 127, and must be less than the value set by the x25
modulo command.
throughput in Sets the requested throughput class values for input (in) and output (out)
out throughput across the network for an outgoing call. Values for in and out
are in bits per second (bps) and range from 75 to 48000 bps.
transit-delay Specifies the transit delay value in milliseconds (0 to 65534) for an

milliseconds outgoing call, for networks that support transit delay.
nuid username Specifies that a network user ID (NUID) facility be sent in the outgoing
password call with the specified Terminal Access Controller Access Control System
(TACACS) username and password (in a format defined by Cisco). This
option should be used only when connecting to another Cisco router. The
combined length of the username and password should not exceed 127
characters. This option only works if the router is configured as an X.25
DTE.
nudata string Specifies the network user identification in a format determined by the
network administrator (as allowed by the standards). This option is
provided for connecting to non-Cisco equipment that requires an NUID
facility. The string should not exceed 130 characters and must be enclosed
in quotation marks ("") if there are any spaces present. This option only
works if the router is configured as an X.25 DTE.
roa name Specifies the name defined by the x25 roa command for a list of transit
Recognized Operating Agencies (ROAs, formerly called Recognized
Private Operating Agencies, or RPOAs) to use in outgoing Call Request
packets.
passive Specifies that the X.25 interface should send compressed outgoing TCP
datagrams only if they were already compressed when they were received.
This option is available only for compressed TCP maps.
Examples:
The following example maps IP address 172.20.2.5 to X.121 address 000000010300. The
broadcast keyword directs any broadcasts sent through this interface to the specified X.121
address.
Router(config-if)#x25 map ip 171.20.2.5 000000010300 broadcast
The following example specifies an ROA name to be used for originating connections:
Router(config)#x25 roa green_list 23 35 36
Router(config-if)#x25 map ip 172.20.170.26 10 roa green_list
The following example specifies a network user ID (NUID) facility to send on calls originated for
the address map:
Router(config-if)#x25 map ip 172.20.174.32 2 nudata "Network User ID 35"
Strings can be quoted, but quotation marks are not required unless embedded blanks are present.
Misconceptions:
None
Related commands:
x25 map compressedtcp

Command:
x25 map compressedtcp
Mode:
Router(config-if)#
Syntax:
x25 map compressedtcp ip-address [protocol2 address2
[...[protocol9address9]]]
x121-address [option]
no x25 map compressedtcp address [protocol2 address2

[...[protocol9address9]]]
x121-address
Syntax Description:
ip- IP address.
address
protocol (Optional) The upper layer protocol to be associated with the X.121 address
specified in this map. To specify a protocol, use the protocol's keyword as listed
in the table below. As many as nine protocol and address pairs can be specified
in one command line.
address (Optional) Protocol address.
x121- X.121 address.

address
option (Optional) The same options as those for the x25 map command; see Table
earlier in this chapter.
To map compressed TCP traffic to an X.121 address, use the x25 map compressedtcp interface
configuration command. To delete a TCP/IP header compression map for the link, use the no form
of this command.
Cisco supports RFC 1144 TCP/IP header compression (THC) on serial lines using HDLC and
X.25 encapsulation. THC encapsulation is only slightly different from other encapsulation traffic,
but these differences are worth noting. The implementation of compressed TCP over X.25 uses one
virtual circuit to pass the compressed packets. Any IP traffic (including standard TCP) is separate
from TCH traffic; it is carried over separate IP encapsulation virtual circuits or identified
separately in a multiprotocol virtual circuit.
Note If you specify both ip and compressedtcp in the same x25 map compressedtcp
command, they must both specify the same IP address.
The nvc map option cannot be used for TCP/IP header compression, because only one virtual
circuit can carry compressed TCP/IP header traffic to a given host.
Example:
The following example establishes a map for TCP/IP header compression on serial interface 4:
Router(config-if)#ip tcp header-compression
Router(config-if)#x25 map compressedtcp 172.20.2.5 000000010300
Misconceptions:
None
Related commands:
x25 map

Command:
x25 modulo
Mode:
Router(config-if)#
Syntax:
x25 modulo modulus
Syntax Description:
modulus Either 8 or 128. The value of the modulo parameter must agree with that of the device
on the other end of the X.25 link.
To set the window modulus, use the x25 modulo interface configuration command.
Usage Guidelines
X.25 supports flow control with a sliding window sequence count. The window counter restarts at
zero upon reaching the upper limit, which is called the window modulus. Modulo 128 operation is
also referred to as extended packet sequence numbering, which allows larger packet windows.
Example:
The following example sets the window modulus to 128:
Router(config-if)#x25 modulo 128
Misconceptions:
None
Related commands:
x25 win
x25 wout
Command:
x25 ops
Mode:
Router(config-if)#
Syntax:
x25 ops bytes
Syntax Description:
bytes Byte count that is one of the following: 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096.
To set the interface default maximum output packet size to match that of the network, use the x25
ops interface configuration command.
X.25 networks use maximum output packet sizes set by the network administrator. Larger packet
sizes are better because smaller packets require more overhead processing. To send a packet larger
than the X.25 packet size over an X.25 virtual circuit, the Cisco IOS software must break the
packet into two or more X.25 packets with the more data bit (M-bit) set. The receiving device
collects all packets with the M-bit set and reassembles the original packet.
Set the x25 ips and x25 ops commands to the same value unless your network supports asymmetry
between input and output packets.
Example:
The following example sets the default maximum packet sizes to 512:
Router(config-if)#x25 ips 512
Router(config-if)#x25 ops 512
Misconceptions:
None
Related commands:
x25 ips

Command:
x25 pvc
Mode:
Router(config-if)#
Syntax:
x25 pvc circuit protocol address [protocol2 address2[...[protocol9
address9]]] x121-address
[option]
no x25 pvc circuit
Syntax Description:
circuit Virtual-circuit channel number, which must be less than the virtual circuits
assigned to the switched virtual circuits (SVCs).
protocol Protocol type, entered by keyword. Supported protocols are listed in the Table
below. As many as nine protocol and address pairs can be specified in one
command line.
address Protocol address of the host at the other end of the PVC.
x121- X.121 address.

address
option (Optional) Provides additional functionality or allows X.25 parameters to be

specified for the PVC. Can be any of the options listed in Table.
To establish an encapsulation permanent
virtual circuit (PVC), use the encapsulating version of the x25 pvc interface
configuration command. To delete the PVC, use the no form of this command
with the appropriate channel number.
PVCs are not supported for ISO CMNS.
You no longer need to specify a datagram protocol-to-address mapping before

you can set up a PVC; a map is implied from the PVC configuration.
Configurations generated by the router will no longer specify a map for
encapsulating PVCs.
When configuring a PVC to carry CLNS traffic, use the X.121 address as the
subnetwork point of attachment (SNPA) to associate the PVC with a CLNS neighbor
configuration. When configuring a PVC to carry transparent bridge traffic, the
X.121 address is required to identify the remote host to the bridging function.
Other encapsulation PVCs do not require an X.121 address.
Table lists supported protocols.
Table: Protocols Supported by X.25 PVCs
Keyword Protocol
apollo Apollo Domain
appletalk AppleTalk
bridge Bridging1
clns OSI Connectionless Network Service
compressedtcp TCP/IP header compression
decnet DECnet
ip IP
ipx Novell IPX
qllc SNA encapsulation in X.252
vines Banyan VINES
xns XNS
1Bridgingtraffic is supported only for Cisco's traditional encapsulation method, so a bridge

PVC cannot specify other protocols.
2QLLC is not available for multiprotocol encapsulation.
Table below lists supported X.25 PVC options.
Table: x25 pvc Options

Option Description
broadcast Causes the Cisco IOS software to direct any broadcasts sent through this
interface to this PVC. This option also simplifies the configuration of
OSPF.
method {cisco | Specifies the encapsulation method. The choices are as follows:
ietf | snap | multi}
cisco—Single protocol encapsulation; not available if more than

one protocol is carried.
ietf—Default RFC 1356 operation; single-protocol encapsulation
unless more than one protocol is carried, and protocol
identification when more than one protocol is carried.
snap—RFC 1356 operation where IP is identified when more than
one protocol is carried using the SNAP encoding.
multi—Multiprotocol encapsulation used on the PVC.
packetsize in-size Maximum input packet size (in-size) and output packet size (out-size)
out-size for the PVC. Both values are typically the same and must be one of the
following values: 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096.
passive Specifies that transmitted TCP datagrams will be compressed only if

they were received compressed. This option is available only for PVCs
carrying compressed TCP/IP header traffic.
windowsize in- Packet count for input window (in-size) and output window (out-size)
size out-size for the PVC. Both values are typically the same, must be in the range 1
to 127, and must be less than the value set for the x25 modulo
command.
Example:
The following example establishes a PVC on channel 2 to encapsulate VINES and IP with the far
host:
Router(config-if)#x25 pvc 2 vines 60002A2D:0001 ip 172.20.170.91 11110001
Misconceptions:
None
Related commands:
x25 map

Command:
x25 win
Mode:
Router(config-if)#
Syntax:
x25 win packets
Syntax Description:
packets Packet count that can range from 1 to one less than the window modulus.
To change the default incoming window size to match that of the network, use the x25 win
interface configuration command.
Usage Guidelines
This command determines the default number of packets a virtual circuit can receive before
sending an X.25 acknowledgment. To maintain high bandwidth utilization, assign this limit the
largest number that the network allows.
Set x25 win and x25 wout to the same value unless your network supports asymmetric input and
output window sizes.
Example:
The following example specifies that 5 packets may be received before an X.25 acknowledgment
is sent:
Router(config-if)#x25 win 5
Misconceptions:
None
Related commands:
x25 modulo
x25 wout

Command:
x25 wout
Mode:
Router(config-if)#
Syntax:
x25 wout packets
Syntax Description:
packets Packet count that can range from 1 to one less than the window modulus.
To change the default outgoing window size to match that of the network, use the x25 wout
interface configuration command.
This command determines the default number of packets a virtual circuit can send before waiting
for an X.25 acknowledgment. To maintain high bandwidth utilization, assign this limit the largest
number that the network allows.
Set x25 win and x25 wout to the same value unless your network supports asymmetric input and
output window sizes.
Example:
The following example specifies a default limit of 5 for the number of outstanding
unacknowledged packets for virtual circuits:
Router(config-if)#x25 wout 5
Misconceptions:
None
Related commands:
x25 modulo
x25 win

Ciscopedia - All Ccna-Ccnp Commands

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ciscopedia - All Ccna-Ccnp Commands

Uploaded by

Copyright:

Available Formats

Empowering the Internet Generation

Print Formatting Conventions for IOS Commands

interface type number

ip broadcast-address [ip-address mask]

ip address ip-address mask [secondary]

interface [type slot/port-adapter/port] [ethernet | serial]

queue-list list-number queue queue-number limit limit-number

access list access-list-number {deny | permit} source [source-wildcard]

show ip route [address [mask] | protocol]

Please send comments and suggestions for Ciscopedia to: ciscopedia-quality@cisco.com

This command first appeared in Cisco IOS Release 10.3.

Table: AAA Accounting Methods

Copyright © 2002, Cisco Systems, Inc.

Table: aaa authentication arap Methods

Copyright © 2002, Cisco Systems, Inc.

Copyright © 2002, Cisco Systems, Inc.

Table: aaa authentication login Methods

This command cannot be used with TACACS or extended TACACS.

Router(config)#aaa authentication login MIS-access group tacacs+ enable none

Copyright © 2002, Cisco Systems, Inc.

Table: aaa authentication nasi Methods

This command cannot be used with TACACS or extended TACACS.

Router(config)#aaa authentication nasi list1 group tacacs+ enable none

Router(config)#aaa authentication nasi default group tacacs+ enable none

Copyright © 2002, Cisco Systems, Inc.

Copyright © 2002, Cisco Systems, Inc.

Table: aaa authentication ppp Methods

This command cannot be used with TACACS or extended TACACS.

Router(config)#aaa authentication username-prompt "Enter your name here:"

Copyright © 2002, Cisco Systems, Inc.

no aaa authorization {network | exec | commands level| reverse-

Method keywords are described in the table below.

Table: AAA Authorization Methods

Group TACACS+---The network access server exchanges authorization information with

Network---Applies to network connections. This can include a PPP, SLIP, or ARAP

Accept the request as is

Router(config)#aaa authorization network scoobee group radius local

Copyright © 2002, Cisco Systems, Inc.

Copyright © 2002, Cisco Systems, Inc.

Copyright © 2002, Cisco Systems, Inc.

© Cisco Systems, Inc. 2001, 2002

no tacacs-server host hostname

Copyright © 2002, Cisco Systems, Inc.

Copyright © 2002, Cisco Systems, Inc.

Router(config-time-range)#absolute 8:00 18 december 2002 8:00 3 january 2003

Copyright © 2002, Cisco Systems, Inc.

Router#access-enable host timeout 5

Copyright © 2002, Cisco Systems, Inc.

IP extended access-list: access-list access-list-number [dynamic

TCP extended access-list: access-list access-list-number [dynamic

permit Permits access if the conditions are matched.

· Use a 32-bit quantity in four-part, dotted-decimal format.

· Use the keyword any as an abbreviation for a source and

· Use host source as an abbreviation for a source and source-

There are three alternative ways to specify the source wildcard:

· Use a 32-bit quantity in four-part, dotted-decimal format.

· Use the keyword any as an abbreviation for a source and

· Use host source as an abbreviation for a source and source-

Wildcard bits set to one do not need to be contiguous in the source-

· Use a 32-bit quantity in four-part, dotted-decimal format.

· Use host destination as an abbreviation for a destination and

destination- Wildcard bits to be applied to the destination. There are three