To use a MAC access control list (ACL) to control inbound traffic on an Ethernet service instance, use the
macaccess-groupincommand in service instance configuration mode. To remove a MAC ACL, use the
no form of this command.
macaccess-groupaccess-list-namein
nomacaccess-groupaccess-list-namein
Syntax Description
access-list-name
Name of a MAC ACL to apply to an interface or subinterface (as specified by the mac
access-listextended command).
Command Default
A MAC ACL is not applied to the Ethernet service instance.
Command Modes
Service instance configuration (config-if-srv)
Command History
Release
Modification
12.2(33)SRD
This command was introduced.
Cisco IOS XE Release 3.5S
This command was integrated into Cisco IOS XE Release 3.5S.
Usage Guidelines
Themacaccess-groupincommand is used to apply MAC ACLs on Ethernet service instances. After a networking device receives a packet, the Cisco IOS software checks the source MAC address of the packet against the ACL. If the MAC ACL permits the address, the software continues to process the packet.
If a MAC ACL does not exist on the Ethernet service instance, all packets are passed.
Examples
The following example shows how to apply a MAC ACL called mac_layer on inbound traffic to service instance 100:
Device> enable
Device# configure terminal
Device(config)# mac access-list extended mac_layer
Device(config-ext-macl)# permit 00aa.bbcc.ddee 0.0.0 any
Device(config-ext-macl)# exit
Device(config)# interface gigabitethernet 2/0/0
Device(config-if)# service instance 100 ethernet
Device(config-if-srv)# encapsulation dot1q 100
Device(config-if-srv)# mac access-group mac_layer in
Related Commands
Command
Description
macaccess-listextended
Defines a MAC ACL.
showethernetserviceinstance
Displays information about Ethernet service instances.
mac aging-time
To set the aging time of MAC addresses in a bridge domain, use the macaging-time command in bridge-domain configuration mode. To remove an aging time setting, use the no form of this command.
macaging-timeseconds
nomacaging-time
Syntax Description
seconds
Aging time, in seconds. The range is from 1 to 600. The default is 300.
Command Default
If a MAC address aging time is not configured, the default MAC address aging time of 300 seconds is used.
Command Modes
Bridge-domain configuration (config-bdomain)
Command History
Release
Modification
Cisco IOS XE Release 3.2S
This command was introduced.
Usage Guidelines
Use this command if you want to change the aging time of a learned MAC address.
Examples
The following example shows how to configure an aging time of 25 seconds for MAC addresses in bridge domain 1:
Router(config)# bridge-domain 1
Router(config-bdomain)# mac aging-time 25
mac limit action flooding disable
To prevent flooding (overloading) of a bridge-domain when the maximum number of learned MAC destination addresses is exceeded, use the
maclimitactionfloodingdisable command in bridge domain configuration mode. To allow flooding, use the
no form of this command.
maclimitactionfloodingdisable
nomaclimitactionfloodingdisable
Syntax Description
This command has no arguments or keywords.
Command Default
The flooding is allowed.
Command Modes
Bridge domain configuration (config-bdomain)
Command History
Release
Modification
15.3(1)S
This command was introduced.
Cisco IOS XE Release 3.8S.
This command was integrated into Cisco IOS XE Release 3.8S.
Usage Guidelines
When a Layer 2 device receives a packet, the destination MAC address is examined and the device looks at the MAC address table. Each MAC address table contains information and attributes such as the following:
MAC address
Bridge-domain ID
Interface type and number
Service instance number
Forwarding policy
If the system finds a match (for example, bridge-domain ID), the packets are forwarded to the appropriate interface associated with the bridge domain. If the system does not find a match, copies of the packets are forwarded to each interface associated with the bridge domain. This is known as “flooding.”
Eventually, the packet reaches the correct interface destination and that destination replies. This reply allows the system to learn that the destination belongs to a specific interface and an entry in the MAC address table is created. The next time a packet with that destination is received, the packet is simply forwarded to the correct interface.
However, there is a limit to the number of MAC address entries that can be included in the MAC address table. This is known as the MAC address limit. When this limit is reached, the system cannot learn the new destination. Thus, this destination will always be flooded, which results in system degradation. Use the
maclimitactionfloodingdisable command to prevent flooding the destination. If flooding is disabled, when the packet’s MAC address destination is unknown, the packet is discarded.
Examples
The following example shows how to prevent flooding of a bridge-domain when the maximum number of learned MAC destination addresses is exceeded.
To set the maximum number of MAC addresses allowed on a bridge domain, use the
maclimitmaximumaddresses command in bridge domain configuration mode. To return to the default setting, use the
no form of this command.
maclimitmaximumaddressesmaximum-addresses
nomaclimitmaximumaddresses [maximum-addresses]
Syntax Description
maximum-addresses
Maximum number of MAC addresses allowed. The maximum varies by device.
Command Default
The maximum number of MAC addresses allowed by the device.
Command Modes
Bridge domain configuration (config-bdomain)
Command History
Release
Modification
12.2(33)SRD
This command was introduced.
Cisco IOS XE Release 3.7S
This command was integrated into Cisco IOS XE Release 3.7S
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
15.3(1)S
This command was integrated into Cisco IOS Release 15.3(1)S.
Examples
The following example shows how to set the maximum number of MAC addresses on a specific bridge domain to 1000:
Device> enable
Device# configure terminal
Device(config)# bridge-domain 100
Device(config-bdomain)# mac limit maximum addresses 1000
Related Commands
Command
Description
macsecuritymaximumaddresses
Specifies the maximum number of MAC addresses allowed on an Ethernet service instance.
mac limit maximum addresses (service instance)
To set the maximum number of MAC addresses allowed on an Ethernet service instance, use the
maclimitmaximumaddresses command in service instance configuration mode. To return to the default setting, use the
no form of this command.
maclimitmaximumaddressesmaximum-addresses
nomaclimitmaximumaddresses [maximum-addresses]
Syntax Description
maximum-addresses
Maximum number of MAC addresses allowed. The maximum varies by device.
Command Default
The maximum number of MAC addresses allowed by the device.
Command Modes
Service instance mode (config-if-srv)
Command History
Release
Modification
15.3(1)S
This command introduced.
Cisco IOS XE Release 3.8S
This command was integrated into Cisco IOS XE Release 3.8S.
Examples
The following example shows how to set the maximum number of MAC addresses on an Ethernet service instance to 1000:
Device> enable
Device# configure terminal
Device(config)# configure terminal
Device(config)# interface fastethernet0/0
Device(config-if)# service instance 100 ethernet
Device(config-if-srv)# encapsulation dot1q 100
Device(config-if-srv)# bridge-domain
Device(config-if-srv)# mac limit maximum addresses 1000
mac security
To configure MAC security and the various MAC security elements on an Ethernet service instance, use the
macsecurity command in service instance configuration mode. To return to the default MAC security setup on the service instance, use the
no form of this command.
(Optional) Sets up a MAC address to be permitted or denied.
permit
(Optional) Adds the specified MAC address as a permit MAC address for the Ethernet service instance.
deny
(Optional) Adds the specified MAC address as a deny MAC address for the Ethernet service instance.
mac-address
(Optional) MAC address to be declared a permit or deny MAC address.
aging
(Optional) Sets the aging time of the addresses in the MAC address table.
static
(Optional) Specifies that the mac security
agingtimeaging-time command is also applicable to permitted MAC addresses.
Note
The
macsecurityagingtimeaging-time command sets the aging time of the addresses in the MAC address table to <n> minutes. By default, this affects only dynamically learned addresses--permit addresses are not affected by the application of this command.
sticky
(Optional) Specifies that the
macsecurityagingtime command is also applicable to dynamically learned sticky MAC addresses.
time
(Optional) Sets up the aging-time functionality for the MAC security aging operation.
aging-time
(Optional) Aging time of the addresses in the MAC address table, in minutes.
inactivity
(Optional) Specifies that the aging time of <n> minutes be measured from the instant that the MAC address was last encountered on the service instance.
maximum addresses
(Optional) Sets the maximum number of MAC addresses allowed on the Ethernet service instance.
maximum-addresses
(Optional) Maximum number of MAC addresses allowed on the Ethernet service instance.
sticky
(Optional) Enables the “sticky” feature on a secured Ethernet service instance. This means that MAC addresses that are learned dynamically on the Ethernet service instance are kept persistent across line transitions and device reloads.
address
(Optional) Sets up a MAC address to be declared as a sticky MAC address.
mac-address
(Optional) MAC address to be declared as a sticky MAC address.
violation
(Optional) Configures the desired violation response on the Ethernet service instance.
Note
If a violation response (protect or restrict) is not configured, the default response is shutdown mode.
protect
(Optional) Configures a protect violation response on the Ethernet service instance.
restrict
(Optional) Configures a restrict violation response on the Ethernet service instance.
Command Default
MAC security is disabled.
Command Modes
Service instance configuration (config-if-srv)
Command History
Release
Modification
12.2(33)SRD
This command was introduced.
Cisco IOS XE Release 3.7S
This command was integrated into Cisco IOS XE Release 3.7S
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
Usage Guidelines
The MAC security operation is enabled on an Ethernet service instance by the
macsecurity command.
Configuring or removing MAC security elements is permitted irrespective of whether MAC security is enabled. Configured elements become operational only when the
macsecurity command is issued and MAC security is enabled.
Examples
The following example shows how to enable MAC security on Ethernet service instance 100:
The following example shows how to configure a MAC address permit with three addresses:
Device> enable
Device# configure terminal
Device(config)# interface gigabitethernet 3/0/1
Device(config-if)# service instance 200 ethernet
Device(config-if-srv)# encapsulation dot1Q 200
Device(config-if-srv)# bridge-domain 100
Device(config-if-srv)# mac security maximum addresses 3
Device(config-if-srv)# mac security address permit a2aa.aaaa.aaaa
Device(config-if-srv)# mac security address permit a2aa.aaaa.aaab
Device(config-if-srv)# mac security address permit a2aa.aaaa.aaac
Device(config-if-srv)# mac security
The following example shows how to enable a MAC address violation protect response on a service instance:
Device> enable
Device# configure terminal
Device(config)# interface gigabitethernet 2/0/0
Device(config-if)# service instance 100 ethernet
Device(config-if-srv)# encapsulation dot1Q 100
Device(config-if-srv)# bridge-domain 200
Device(config-if-srv)# mac security address permit a2aa.aaaa.aaaa
Device(config-if-srv)# mac security address permit a2aa.aaaa.aaab
Device(config-if-srv)# mac security address permit a2aa.aaaa.aaac
Device(config-if-srv)# mac security violation protect
Device(config-if-srv)# mac security
The following example shows how to enable MAC address security aging on a service instance, with the aging time set to 100 minutes:
Device> enable
Device# configure terminal
Device(config)# interface gigabitethernet 3/0/1
Device(config-if)# service instance 200 ethernet
Device(config-if-srv)# encapsulation dot1Q 200
Device(config-if-srv)# bridge-domain 100
Device(config-if-srv)# mac security aging time 100
Device(config-if-srv)# mac security
The following example shows how to configure a MAC address limit of 1000 on a service instance.
Device> enable
Device# configure terminal
Device(config)# interface gigabitethernet 2/0/0
Device(config-if)# service instance 150 ethernet
Device(config-if-srv)# encapsulation dot1Q 150
Device(config-if-srv)# bridge-domain 100
Device(config-if-srv)# mac security maximum addresses 1000
Device(config-if-srv)# mac security
The following example shows how to configure sticky MAC addressing on an Ethernet service instance:
Device> enable
Device# configure terminal
Device(config)# interface gigabitethernet 2/0/1
Device(config-if)# service instance 100 ethernet
Device(config-if-srv)# encapsulation dot1Q 100
Device(config-if-srv)# bridge-domain 150
Device(config-if-srv)# mac security sticky
Device(config-if-srv)# mac security
Related Commands
Command
Description
bridge-domain(serviceinstance)
Binds the service instance to a bridge-domain instance.
encapsulationdot1q
Defines the matching criteria to be used to map ingress dot1q frames on an interface to the appropriate service instance.
serviceinstanceethernet
Sets up an Ethernet service instance and places the CLI in service instance configuration mode.
mac static address
To configure a static MAC address, use the macstaticaddress command either in service instance configuration mode or in VFI neighbor configuration mode. To remove a static MAC address, use the no form of this command.
(Optional) Specifies that when a router detects the same MAC address on a different port, the MAC address entry is to be updated with the new port.
This keyword is available only for static unicast MAC addresses.
disable-snooping
(Optional) Disables Internet Group Multicast Protocol (IGMP) snooping on the multicast MAC address.
This keyword is available only for IPv4 and IPv6 static multicast MAC addresses.
Command Default
MAC static addresses are not configured.
Command Modes
Service instance configuration (config-if-srv)
VFI neighbor configuration (config-vfi-neighbor)
Command History
Release
Modification
12.2(33)SRE
This command was introduced.
Usage Guidelines
Static MAC addresses are related to a Layer 2 bridge domain table; therefore, only bridged services are supported.
Static MAC address configuration is supported only on Ethernet virtual circuit (EVC) bridge domain interfaces and VFI pseudowires.
A unicast static MAC address and MAC security cannot be simultaneously configured on the same Ethernet flow point (EFP). A static MAC multicast address and MAC security can be simultaneously supported on the same EFP.
The number of MAC addresses (unicast and multicast) is limited to 1024 per bridge domain, pseudowire, virtual forwarding instance (VFI), or system.
Examples
The following example shows how to configure a MAC static address in service instance configuration mode:
To specify a B-component destination address (B-DA) for a group of service instance IDs (I-SIDs), use the mactunneladdressdestinationdefault command in MAC-in-MAC tunnel configuration mode. To remove a MAC tunnel address, use the no form of this command.
To map a service provider backbone bridge MAC address to a customer MAC address, use the mactunneladdressdestinationmap command in MAC tunnel service configuration mode. To remove a bridge mapping, use the no form of this command.
48-bit MAC address of the service provider bridge.
Command Default
Service provider and customer bridges are not mapped.
Command Modes
MAC tunnel service configuration (config-tunnel-srv)
Command History
Release
Modification
12.2(33)SRE
This command was introduced.
Usage Guidelines
The MAC address specified can be either a unicast or a multicast address. If a packet’s destination is a backbone edge bridge, the MAC address must be a unicast address.
Examples
The following example shows how to map a customer bridge to a service provider backbone bridge:
Router(config)# ethernet mac-tunnel virtual 1
Router(config-tunnel-mimn)# service instance 1 ethernet
Router(config-tunnel-srv)# mac tunnel address destination map 3333.1111.1111 5555.2222.2222
maximum meps
To specify the number of maintenance endpoints (MEPs) across the network in a maintenance association, use the
maximummeps command in Ethernet connectivity fault management (CFM) service configuration mode. To restore the default value, use the
no form of this command.
maximummepsmax-num
nomaximummeps
Syntax Description
max-num
Integer from 1 to 65535. The default is 100.
Command Default
A maximum number of MEPs is not configured.
Command Modes
Ethernet CFM service configuration (config-ecfm-srv)
Command History
Release
Modification
12.2(33)SXI2
This command was introduced.
12.2(33)SRE
This command was integrated into Cisco IOS Release 12.2(33)SRE.
15.1(2)S
This command was integrated into Cisco IOS Release 15.1(2)S.
Usage Guidelines
When the configured maximum is reached, continuity check messages (CCMs) from other remote MEPs are ignored and a warning message is displayed.
Output of the
showrunningall command displays “maximum meps 100” when the default value is configured.
Examples
The following example shows how to configure a maximum of 50 MEPs:
Device(config)# ethernet cfm domain operatorA level 5
Device(config-ecfm)# service vlan-id 5 port
Device(config-ecfm-srv)# maximum meps 50
Related Commands
Command
Description
showrunningall
Shows the running configuration with default values.
mep archive-hold-time
To set the amount of time, in minutes, that data from a missing maintenance end point (MEP) is kept in the continuity check database or that entries are held in the error database before they are purged, use the
meparchive-hold-time command in Ethernet connectivity fault management (CFM) configuration mode. To restore the default number of minutes, use the
no form of this command.
meparchive-hold-timeminutes
nomeparchive-hold-timeminutes
Syntax Description
minutes
Integer from 1 to 65535 that specifies the number of minutes that data from a missing MEP is kept before it is purged. The default is 100.
Command Default
The command is enabled, and the archive hold time is set to 100 minutes.
Cisco pre-Standard CFM Draft 1 (CFM D1)
Ethernet CFM configuration (config-ether-cfm)
Ethernet CFM configuration (config-ecfm)
Command History
Release
Modification
12.2(33)SRA
This command was introduced.
12.4(11)T
This command was integrated into Cisco IOS Release 12.4(11)T.
12.2(33)SXH
This command was integrated into Cisco IOS Release 12.2(33)SXH.
12.2(33)SXI2
This command was integrated into Cisco IOS Release 12.2(33)SXI2.
In this release the command is supported only in CFM IEEE.
Cisco IOS XE Release 3.5S
This command was integrated into Cisco IOS XE Release 3.5S.
15.3(1)S
This command was integrated into Cisco IOS Release 15.3(1)S.
Usage Guidelines
When you reset the archive hold time, the new hold time applies only to entries in the database that occur after the reset. Entries made before the hold time was reset are not affected by the change.
Different archive hold times can be set for MEPs in different domains.
Note
A missing MEP is a remote MEP that sends a 0 expiration time in its continuity check or a remote MEP whose entry in the local continuity check database expires after it exceeds its lifetime.
In CFM IEEE, output of the
showrunningall command displays “mep archive hold-time 100” when the default value is configured.
Examples
The following example shows how to set a timeout period of 1000 minutes in CFM D1:
The following example shows how to set a timeout period of 1000 minutes in CFM IEEE:
Device(config-ecfm)# mep archive-hold-time 1000
Related Commands
Command
Description
showrunningall
Shows the running configuration with default values.
mep crosscheck mpid evc
To statically define a remote maintenance endpoint (MEP) within a maintenance domain, use the
mepcrosscheckmpidevccommand in Ethernet CFM configuration mode. To delete a remote MEP, use the
no form of this command.
Integer in the range from 0 to 8191 that forms the maintenance point ID (MPID).
evc-name
String that identifies the Ethernet virtual circuit (EVC).
mac
(Optional) Indicates that the MAC address of the MEP is specified.
mac-address
(Optional) MAC address in the format abcd.abcd.abcd.
Command Default
Remote MEPs are not configured.
Command Modes
Ethernet CFM configuration (config-ether-cfm)
Command History
Release
Modification
12.2(33)SRD
This command was introduced.
12.2(50)SY
This command was integrated into Cisco IOS 12.2(50)SY.
Usage Guidelines
The
mepcrosscheckmpidevc command is available on the Cisco 7600 Series Route Switch Processor 720 (RSP 720) and the Cisco 7600 Series Supervisor Engine 720.
Use the
mepcrosscheckmpidevc command to statically configure remote MEPs that are part of a domain. These remote MEPs can be used in the cross-check operation. The cross-check operation works only when local MEPs are configured that correspond to the statically configured remote MEPs.
Examples
The following example shows how to define a MEP within a maintenance domain with an ID of 20, in EVC evc5, and with MAC address a5a1.a5a1.a5a1:
Router(config-ether-cfm)# mep crosscheck mpid 20 evc evc5 mac a5a1.a5a1.a5a1
Related Commands
Command
Description
ethernetcfmdomain
Defines a CFM maintenance domain at a particular maintenance level.
ethernetcfmmepcrosscheck
Enables cross-checking between the list of configured remote MEPs of a domain and MEPs learned through CCMs.
ethernetcfmmepcrosscheckstart-delay
Configures the maximum amount of time that a device waits for remote MEPs to come up before the cross-check operation is started.
mepcrosscheckmpidvlan
Statically defines a remote MEP within a maintenance domain.
showethernetcfmmaintenancepointsremotecrosscheck
Displays information about remote maintenance points configured statically in a cross-check list.
mep crosscheck mpid vlan
To statically define a remote maintenance endpoint (MEP) within a maintenance domain, use the
mepcrosscheckmpidvlancommand in Ethernet CFM configuration mode. To delete a remote MEP, use the
no form of this command.
Integer in the range from 0 to 8191 that forms the maintenance point ID (MPID).
vlan-id
Integer in the range from 1 to 4094 that identifies the VLAN.
mac
(Optional) Indicates that the MAC address of the MEP is specified.
mac-address
(Optional) MAC address in the format abcd.abcd.abcd.
Command Default
No remote MEPs are configured.
Command Modes
Ethernet CFM configuration (config-ether-cfm)
Command History
Release
Modification
12.2(33)SRA
This command was introduced.
12.4(11)T
This command was integrated into Cisco IOS Release 12.4(11)T.
12.2(33)SXH
This command was integrated into Cisco IOS Release 12.2(33)SXH.
12.2(50)SY
This command was integrated into Cisco IOS Release 12.2(50)SY.
Usage Guidelines
Use the
mepcrosscheckmpidvlan command to statically configure remote MEPs that are part of a domain. These remote MEPs can be used in the cross-check operation. The cross-check operation only works when local MEPs are configured that correspond to the statically configured remote MEPs.
Examples
The following example shows how to define a MEP within a maintenance domain with an ID of 20, in VLAN 5, and with MAC address a5a1.a5a1.a5a1:
Router(config-ether-cfm)# mep crosscheck mpid 20 vlan 5 mac a5a1.a5a1.a5a1
Related Commands
Command
Description
ethernetcfmdomain
Defines a CFM maintenance domain at a particular maintenance level.
ethernetcfmmepcrosscheck
Enables cross-checking between the list of configured remote MEPs of a domain and MEPs learned through CCMs.
ethernetcfmmepcrosscheckstart-delay
Configures the maximum amount of time that a device waits for remote MEPs to come up before the cross-check operation is started.
showethernetcfmmaintenancepointsremotecrosscheck
Displays information about remote maintenance points configured statically in a cross-check list.
mep mpid
To statically define the maintenance endpoints (MEPs) within a maintenance association, use the
mepmpid command in Ethernet connectivity fault management (CFM) service configuration mode. To remove MEP definitions, use the
no form of this command.
mepmpidmpid
nomepmpid
Syntax Description
mpid
Integer from 1 to 8191 that identifies the MEP.
Command Default
No MEPs are statically defined.
Command Modes
Ethernet CFM service configuration (config-ecfm-srv)
Command History
Release
Modification
12.2(33)SXI2
This command was introduced.
12.2(33)SRE
This command was integrated into Cisco IOS Release 12.2(33)SRE.
15.1(2)S
This command was integrated into Cisco IOS Release 15.1(2)S.
Usage Guidelines
Use this command to manually configure a list of MEPs in a maintenance association. The device logs a warning when a discovered MPID is not on the list of configured MPIDs.
Examples
The following example shows how to configure a MEP with an ID of 25:
Device(config)# ethernet cfm domain operatorA level 5
Device(config-ecfm)# service vlan-id 5 port
Device(config-ecfm-srv)# mep mpid 25
mip auto-create
To enable the automatic creation of a maintenance intermediate point (MIP) at a maintenance domain level, use the
mipauto-create command in Ethernet connectivity fault management (CFM) configuration mode. To disable the automatic creation of a MIP, use the
no form of this command.
mipauto-create [lower-mep-only]
nomipauto-create [lower-mep-only]
Syntax Description
lower-mep-only
(Optional) Creates a MIP only if there is a MEP for the service in another domain at the next lower active maintenance domain level.
Command Default
MIPs will not be created.
Command Modes
Ethernet CFM configuration (config-ecfm)
Command History
Release
Modification
12.2(33)SXI2
This command was introduced.
12.2(33)SRE
This command was integrated into Cisco IOS Release 12.2(33)SRE.
Usage Guidelines
This command configures the MIP creation policy for members of a maintenance domain to apply for automatically creating a MIP at the domain maintenance level.
If you manually configure a MIP for the maintenance association, it will override the
mipauto-create command for the MIP for that maintenance association. The
mipauto-create command also has lower precedence than the MIP creation policy at the maintenance association.
Examples
The following example shows how to enable the automatic creation of a MIP in the customerA domain at maintenance level 5:
To configure the policy for a maintenance association to dynamically create maintenance intermediate points (MIPs) at the enclosing maintenance domain level, use the
mipauto-create command in Ethernet connectivity fault management (CFM) service configuration mode. To disable the dynamic creation of a MIP, use the
no form of this command.
mipauto-create
[ lower-mep-only | none ]
nomipauto-create
[ lower-mep-only | none ]
Syntax Description
lower-mep-only
(Optional) Creates a MIP only if there is a MEP for the service in another domain at the next lower active maintenance domain level.
none
(Optional) Indicates that MIPs should not be dynamically created.
Command Default
The default behavior is to defer to the MIP configuration policy of the enclosing maintenance domain.
Command Modes
Ethernet CFM service configuration (config-ecfm-srv)
Command History
Release
Modification
12.2(33)SXI2
This command was introduced.
12.2(33)SRE
This command was integrated into Cisco IOS Release 12.2(33)SRE.
15.1(2)S
This command was integrated into Cisco IOS Release 15.1(2)S.
Usage Guidelines
If the
lower-mep-only or
none options are not configured, a MIP is created at the maintenance association.
This command has lower precedence than the manual configuration of a MIP for a maintenance association. For example, if you manually configure a MIP for a maintenance association, that manual configuration overrides the dynamic configuration from this
mipauto-create command.
Examples
The following example shows how to configure the policy for a maintenance association to dynamically create MIPs at the enclosing maintenance domain level:
To specify that the port-channel is a Multi-chassis Link Aggregation Control Protocol (mLACP) port-channel, use the mlacpinterchassisgroupcommand in port-channel interface configuration mode. To return to the default setting, use the no form of this command.
mlacpinterchassisgroupgroup-id
nomlacpinterchassisgroupgroup-id
Syntax Description
group-id
The group-id
should match the configured redundancy group.
Command Default
Default behavior is normal single chassis port-channel.
Command Modes
Port-channel interface configuration (config-if)
Command History
Release
Modification
12.2(33)SRE
This command was introduced.
Usage Guidelines
The mlacpinterchassisgroup command enables Multi-chassis LACP on the port-channel and specifies the interchassis group to which the port-channel belongs.
Examples
This example shows how to specify that interchassis group 1 is an mLACP group:
Creates a port-channel virtual interface and puts the CLI in interface configuration mode.
mlacp lag-priority
To set the Link Aggregation Control Protocol (LACP) port priorities for each of the local member links in the Link Aggregation Group (LAG), use the mlacplag-priority command in interface configuration mode. To disable the LACP port priorities, use the no form of this command.
mlacplag-prioritypriority-value
nomlacplag-priority
Syntax Description
priority-value
Integer from 1 to 65535 that defines the port priority. If you enter the command without a priority value, 32768 is used.
Command Default
This command is disabled. LACP port priorities are not set.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.2(33)SRE
This command was introduced.
Usage Guidelines
Port priority determines which ports should be activated and which should be left in standby mode when there are hardware or software limitations on the maximum number of links allowed in a LAG. For multichassis operation in active/standby mode, the port priorities for all links connecting to the active point of attachment (PoA) must be higher than the port priorities for links connecting to the standby PoA. For example, select the PoA with the highest port priority to be the active PoA, and dynamically adjust the priorities of all other links with the same key to an equal value.
Note
A numerically lower-priority value equates to a higher LACP priority. The active PoA should be specified by configuring the numerically lower LACP priority value.
This command is used to force a failover during operation in the following two ways:
Set the active PoA’s LAG priority to a value greater than the LAG priority on the standby PoA. This results in the quickest failover because it requires the fewest LACP link state transitions on the standby links before they turn active.
Set the standby PoA’s LAG priority to a value numerically less than the LAG priority on the active PoA. This results in a slightly longer failover time due to standby links having to signal OUT_OF_SYNC to the dual-homed device (DHD) before the links can be brought up and go active.
In some cases the operational priority and the configured priority may differ when dynamic port priority management is used to force failovers. In this case, the configured version will not be changed unless the port channel is operating in the “nonrevertive” state. Enter the showlacpmulti-chassisport-channelcommand to view the current operational priorities. Enter the showrunning-config command to view the configured priority values.
Dynamic port priority changes are not automatically written back to the running configuration or NVRAM configuration. If you want the current priorities to be used when the system reloads, the mlacplag-priority command must be used and the configuration must be saved.
Examples
The following example shows how to set the mLACP LAG priority to 1000:
Creates a port-channel virtual interface and enters interface configuration mode.
mlacp node-id
To define the node ID used in the Link Aggregation Control Protocol (LACP) port-ID field by a member of the Multichassis LACP (mLACP) redundancy group, use the mlacpnode-idcommand in interchassis redundancy configuration mode. To remove the node ID, use the no form of this command.
To define and advertise the system MAC address to the Multichassis Link Aggregation Control Protocol (mLACP) members of the redundancy group for arbitration, use the mlacpsystem-maccommand in interchassis redundancy configuration mode. To disable the advertising of the system MAC address, use the no form of this command.
mlacpsystem-macmac-address
nomlacpsystem-macmac-address
Syntax Description
mac-address
MAC address in aabb.ccdd.eeff format.
Command Default
The default value used for arbitration is the chassis backplane MAC address.
The lowest numerical MAC address in the specified interchassis group will be used by the mLACP.
Examples
The following example shows how to set the MAC address 1298.acfd.3bc5 to be advertised to the mLACP members of interchassis group 1 in the redundancy group for arbitration:
redundancy
interchassis group 1
protocol iccp
member ip 10.1.1.1
monitor peer route-watch
backbone interface GigabitEthernet6/1
mlacp node-id 1
mlacp system-mac 1298.acfd.3bc5
mlacp system-priority 100
Related Commands
Command
Description
interchassisgroup
Configures an interchassis group within the interchassis redundancy configuration mode and assigns a group number.
To define the system priority to be advertised to other members of the Multichassis Link Aggregation Control Protocol (mLACP) redundancy group for arbitration, use the mlacpsystem-priority command in interchassis redundancy configuration mode. To return the system priority to the default value, use the no form of this command.
mlacpsystem-prioritypriority-value
nomlacpsystem-priority
Syntax Description
priority-value
Integer from 1 to 65535 that is the priority for the physical interfaces. The default is 32768.
Command Default
The default value for the system priority is set to 32768.
Each device that runs the mLACP has an mLACP system priority value. You can accept the default value of 32768 for this parameter, or you can configure a value between 1 and 65535. The mLACP uses the system priority with the MAC address to form the system ID and also during negotiation with other systems. The system ID is unique for each virtual device context (VDC).
When setting the priority, note that a higher number means a lower priority.
This command does not require a license.
Examples
The following example shows how to set the system priority to 100 for interchassis group 1 in the redundancy group for arbitration:
redundancy
interchassis group 1
protocol iccp
member ip 10.1.1.1
monitor peer route-watch
backbone interface GigabitEthernet6/1
mlacp node-id 1
mlacp system-mac 1298.acfd.3bc5
mlacp system-priority 100
Related Commands
Command
Description
interchassisgroup
Configures an interchassis group in the interchassis redundancy configuration mode and assigns a group number.
To monitor local Tx and Rx aggregated counters for losses, use the
monitorlosscountercommand in Ethernet CFM interface configuration mode. To turn off monitoring, use the
no form of this command.
monitorlosscounter
[ prioritycos-range ]
nomonitorlosscounter
Syntax Description
priority
(Optional) Monitors local Tx and Rx counters for loss functionality.
cos-range
(Optional) String that identifies the class of service.
Command Default
Counters are not maintained when this command is not configured.
This command was integrated into Cisco IOS XE Release 3.5S.
Usage Guidelines
An aggregate counter includes both the Tx and Rx counters for all traffic matching an Ethernet flow point (EFP) and for all class-of-service (CoS) values defined by the
encapsulation command, when a priority is not defined by the
monitorlosscounter command. If a priority is defined by the
monitorlosscountercommand, separate Rx and Tx counters are maintained for each priority defined.
Examples
The following example shows how to configure monitoring for loss counters:
Device(config)# ethernet cfm domain test level 5
Device(config-ecfm)# service vlan-id 17
Device(config-ecfm-srv)# exit
Device(config-ecfm)# exit
Device(config)# interface gigabitethernet 1/1
Device(config-if)# ethernet cfm mep domain test mpid 5 vlan 17
Device(config-if-ecfm-mep)# monitor loss counter
monitor service instance
To assign an Ethernet service instance used to monitor the ring port, use the
monitor service instance command in the Ethernet ring port configuration mode. To remove the assignment, use the
no form of this command.
monitorserviceinstanceinstance-id
nomonitorserviceinstance
Syntax Description
instance-id
Instance ID. Valid entries are numbers in the range of 1 to 4000.
Command Default
An Ethernet ring instance is not assigned to monitor the ring port.
Command Modes
Ethernet ring port configuration (config-erp-ring-port)
Command History
Release
Modification
Cisco IOS XE Release 3.6S
This command was introduced.
15.2(4)S
This command was integrated into Cisco IOS Release 15.2(4)S.
Usage Guidelines
The port being monitored can be either port0 or port1. Assigning a service instance to monitor the ring port is optional. Monitoring can also be achieved by using Connectivity Fault Management (CFM) and maintenance endpoints (MEPs).
Examples
The following is a sample configuration in which the
monitor service instance command has been enabled to monitor the port. In this example, the ring port being monitored is port0.
Device> enable
Device# configure terminal
Device(config)# ethernet ring g8032 ring1
Device(config-erp-ring)# port0 interface fastethernet 0/0/1
Device(config-erp-ring-port)# monitor service instance 1
Device(config-erp-ring-port)# end
non-revertive
To specify a ring instance as non-revertive, use the
non-revertive command in Ethernet ring configuration mode. To remove this specification, use the
no form of this command.
non-revertive
nonon-revertive
Syntax Description
This command has no arguments or keywords.
Command Default
By default, ring instances are revertive.
Command Modes
Ethernet ring configuration (config-erp-ring)
Command History
Release
Modification
Cisco IOS XE Release 3.6S
This command was introduced.
15.2(4)S
This command was integrated into Cisco IOS Release 15.2(4)S.
Examples
The following is an example of the
non-revertive command used in an Ethernet ring configuration.
To specify an operations, maintenance, and administration (OAM) protocol for an Ethernet virtual connection (EVC), use the
oamprotocol command in EVC configuration mode. To remove an OAM protocol configuration for an EVC, use the
no form of this command.
To specify an Ethernet ring as an open ring, use the
open-ring command in Ethernet ring configuration mode. To remove the specification, use the
no form of this command.
open-ring
noopen-ring
Syntax Description
This command has no arguments or keywords.
Command Default
The Ethernet ring is not specified as an open ring.
Command Modes
Ethernet ring configuration (config-erp-ring)
Command History
Release
Modification
Cisco IOS XE Release 3.6S
This command was introduced.
15.2(4)S
This command was integrated into Cisco IOS Release 15.2(4)S.
Usage Guidelines
The command evaluates whether the Automatic Protection Switching (APS) channel is an open or closed ring. If the APS channel is an open ring, the Ethernet Ring Protection (ERP) protocol always allows Ring Automatic Protection Switching ( R-APS) messages to be sent, but data traffic may be blocked by the ERP process.
This command must to be configured on every node in the open ring, not just on the endpoints of the ring.
Examples
The following is an example of the
open-ring command used in an Ethernet ring configuration.
To enable out put of time of day messages using a 1PPS interface, use the
output command in global configuration mode. To disable PTP output, use the
no form of this command.
output1ppsslot /bay
[ offsetoffset-value [negative] ]
[ pulse-widthpulse-amount
{ ns | us | ms } ]
nooutput1ppsslot /bay
[ offsetoffset-value [negative] ]
[ pulse-widthpulse-amount
{ ns | us | ms } ]
Syntax Description
1pps
Configures the device to send 1 packet per second (1PPS) time of day messages using the RS422 port or 1PPS port. You can select 1PPS output with or without selecting a timing port.
slot
Slot of the 1PPS interface.
bay
Bay of the 1PPS interface.
offset
(Optional) Specifies an offset to compensate for a known phase error such as network asymmetry.
offset-value
Amount of offset in nanoseconds. The range is from 0 to 500,000,000.
negative
Specifies a negative offset 1PPS output value.
pulse-width
(Optional) Specifies a pulse width value.
pulse-amount
Amount of the pulse width. The range is from 1 to 4096.
For 1PPS output using the RS422 port, you must specify a value of at least 2 ms.
ns
Specifies a pulse width value in nanoseconds.
us
Specifies a pulse width value in microseconds.
ms
Specifies a pulse width value in milliseconds.
Command Default
Time of day message output is not enabled.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(31)SB2
This command was introduced.
15.0(1)S
This command was integrated into Cisco IOS Release 15.0(1)S.
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
Usage Guidelines
If you want to provide output frequency clock, configure this command in PTP slave mode. This command only applies to platforms that have 1PPS ports.
Examples
The following example shows how to configure output clocking:
Enables PTP input clocking using the 1.544 Mhz, 2.048 Mhz, or 10 Mhz timing interface or phase using the 1PPS or RS-422 interface.
peer
To define the target label distribution protocol (LDP) peer provider
edge (PE) information, use the
peercommand in Layer 2 (L2) subscriber group command mode. To
disable the information configured for the target LDP peer, use the
no form of this command.
Specifies the target LDP destination network address and
network mask of the peer PE devices that belong to the authorization group.
vc-id
Virtual circuit (VC) ID of the peer PE device. Valid values
are from 1 to 4294967295.
vc-id-range
(Optional) Upper range for the VC ID. Valid values are from
1 to 4294967295.
Command Default
Target LDP peer PE device information is not configured and label
bindings are not advertised.
Command Modes
L2 subscriber group configuration (config-l2-sub-gr)
Command History
Release
Modification
15.1(2)S
This command was introduced.
Usage Guidelines
You can use the
peer command to define the target Any
Transport over MPLS (ATOM) LDP peer information. The target LDP peer sends LDP
virtual circuit (VC) advertisements in an MPLS aggregation network.
When an LDP VC label advertisement message arrives, if there is no
xconnect configured, based on the host address, the network address, and the VC
ID of the peer, an attempt to identify a service authorization group is made.
The message is treated as a First Sign of Life (FSOL) only when a match is
found for the message, and a request is sent to the policy plane for subscriber
authorization. However, if no match is found, no subscriber authorization will
be attempted.
When a label withdraw message is received, the system checks if a
corresponding xconnect is already created. If the xconnect is found, it will be
removed. Xconnect will not be destroyed in response to a pseudowire status
message.
You must be sure to define mutually exclusive service authorization
groups. Within a router, the
destination-host-address and
vc-id-range combination must be unique to
identify a unique service authorization group.
Examples
The following example shows how to configure the host information for
a peer PE device with a VC ID range:
Creates an L2 subscriber authorization group and enters L2
subscriber group mode.
pseudowire(Layer2)
Defines the maximum and watermark limits for a pseudowires
from a peer PE device.
service-policytypecontrol(Layer2)
Attaches an ISG control service policy to an L2 subscriber
authorization group.
period (CFM-AIS-link)
To configure a specific Alarm Indication Signal (AIS) transmission interval on a server maintenance endpoint (SMEP), use the
period command in CFM SMEP AIS configuration mode. To remove the interval configuration, use the
no form of this command.
periodseconds
noperiod
Syntax Description
seconds
Integers 1 or 60 that specify the time interval, in seconds, between AIS transmissions. The default is 60.
This command was integrated into Cisco IOS Release 15.0(1)XA.
15.1(1)SY
This command was integrated into Cisco IOS Release 15.1(1)SY.
Cisco IOS XE Release 3.8S
This command was integrated into Cisco IOS XE Release 3.8S.
Usage Guidelines
When the default value is configured, “period 60” is displayed when the
showrunningall command is issued.
Examples
The following example shows how to configure an AIS transmission interval of 1 second:
Device(config)# ethernet cfm ais link-status global
Device(config-ais-link-cfm)# period 1
Related Commands
Command
Description
showrunningall
Displays the running configuration with default values.
ping ethernet
To send Ethernet connectivity fault management (CFM) loopback messages to a destination maintenance endpoint (MEP) and maintenance intermediate point (MIP), use the
pingethernet command in privileged EXEC mode.
MAC address of the destination MEP in the format abcd.abcd.abcd.
mpidmpid
Specifies a MEP identifier (MPID) and value. Range: 1 to 8191.
multicast
Specifies a multicast loopback message.
domaindomain-name
Specifies the domain where the destination MEP resides. Maximum: 154 characters.
port
Specifies a port MEP.
service
Specifies the maintenance association (MA) within the domain.
short-ma-name
The short-name identifier for the MA service. The domain name and short MA name combined cannot exceed 48 bytes.
iccicc-codemeg-id
ITU Carrier Code (ICC) (maximum: 6 characters) and unique maintenance entity group (MEG) ID Code (UMC) (maximum: 12 characters).
numberma-number
The MA number. Range: 0 to 65535.
vlan-idvlan-id
The primary VLAN ID. Range: 1 to 4094.
vpn-idvpn-id
The VPN ID. Range: 1 to 32767.
coscos-value
(Optional) Specifies a class of service (CoS) for a MEP that will be sent in Ethernet CFM messages. CoS value range: 0 to 7.
ICC (maximum: 6 characters) and UMC (maximum: 12 characters).
The default is retrieved from the MEP identified by the MPID if the
cos keyword is not configured. If the
mpid keyword is not configured, the default is the highest priority on the egress interface.
sourcesource-mpid
(Optional) Specifies an MEP’s CoS that will be sent in Ethernet CFM messages. Source MPID value range: 1 to 819.
de
(Optional) Specifies whether the packet is drop-eligible. The
de option is platform-dependent.
pad
(Optional) Specifies padding data type, length, value (TLV) .
data-pattern
(Optional) The data pattern of data TLV in hexadecimal format.
test
(Optional) Specifies test TLV.
pattern-typepattern-value
(Optional) Specifies a pattern type for loopback messages, allowing you to use Test TLV in one-line command format. Pattern value for loopback messages:
0: Null signal without CRC-32
1: Null signal with CRC-32
2: PRBS 2 (-31) without CRC-32
3: PRBS 2 (-31) with CRC-32
validate
(Optional) Specifies that the reply data is validated.
level
Indicates that a maintenance level is specified.
level-id
Number from 0 to 7 that indicates the maintenance level.
Command Default
A CFM ping operation to the specified MEP and MIP is performed.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(33)SXI2
This command was introduced.
12.2(33)SRE
This command was integrated into Cisco IOS Release 12.2(33)SRE.
15.1(1)T
This command was integrated into Cisco IOS Release 15.1(1)T.
15.2(1)S
This command was integrated into Cisco IOS Release 15.2(1)S. The
serviceicc keyword was added to provide support for the ICC-based MEG identifier.
Cisco IOS XE Release 3.5S
This command was integrated into Cisco IOS XE Release 3.5S.
Cisco IOS XE Release 3.7S
This command was modified.
Support for ITU-T Y.1731 CFM Test TLV was added.
The
port keyword was deprecated and options to specify the MA service via the
service keyword were introduced.
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
Usage Guidelines
Use this command to test connectivity between MEPs.
If the continuity check database does not have entries for the specified MPID, an error message is displayed notifying you to use the
pingethernetmac-address command instead.
If a domain name is more than 154 characters in length, a warning message is displayed notifying you that the maintenance domain ID (MDID) will be truncated to 43 characters in continuity check messages (CCMs) if “id <fmt> <MDID>” is not configured.
This command can be issued by specifying keywords and arguments as one command or as an extended command in which you specify options line by line.
The CFM ping (loopback) supports up to 1488 bytes.
In Cisco IOS XE Release 3.7S and later releases, support for ITU-T Y.1731 CFM Test TLV allows you to specify one of four pattern values for loopback messages:
0: Null signal without 32-bit cyclic redundancy check codes (CRC-32)
1: Null signal with CRC-32
2: Pseudorandom bit sequences (PRBS) 2 (-31) without CRC-32
3: PRBS 2 (-31) with CRC-32
Null signal means padding 0 for the payload of the Test TLV.
You can initiate the loopback message with Test TLV either by specifying the
pad test pattern-type keyword in the one-line command format or using the extended command format, as shown in the examples.
You can also use Test TLV to validate the packet data on the initiator side.
For Cisco ASR 901 Series Aggregation Services Routers, if a domain name has more than 43 characters, a warning message is displayed notifying you that the maintenance domain ID (MDID) will be truncated to 43 characters in continuity check messages (CCMs) if “id <fmt> <MDID>” is not configured.
Examples
The following example shows how to send an Ethernet CFM loopback message to a destination MEP using the extended command format:
Device# ping
Protocol [ip]: ethernet
Multicast [n] :
Mac Address : 0015.6215.46d0
Maintenance Domain : vik-vfi-ofm
Use short-MA-name [n]: y
Short-MA-name format(text, vlan-id, number, vpn-id) [text]:
Short-MA-name: zzz
Source MPID [555]:
Repeat Count [5]:
Datagram Size [100]: 9000
% A decimal number between 64 and 1488.
Datagram Size [100]:
Timeout in seconds [5]:
Interval in seconds [0]:
Extended commands [n]:
Type escape sequence to abort.
Sending 5 Ethernet CFM loopback messages to 0015.6215.46d0, timeout is 5 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
Device# ping
Protocol [ip]: ethernet
Multicast [n] :
Mac Address : 0015.637b.4e00
Maintenance Domain : CUSTOMER
Use short-MA-name [n]: y
Short-MA-name format(text, vlan-id, number, vpn-id) [text]:
Short-MA-name: zzz
Source MPID [2345]:
Repeat Count [5]:
Datagram Size [100]: 9000
% A decimal number between 64 and 1488.
Datagram Size [100]:
Timeout in seconds [5]:
Interval in seconds [0]:
Extended commands [n]:
Type escape sequence to abort.
Sending 5 Ethernet CFM loopback messages to 0015.637b.4e00, timeout is 5 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
The table below describes the significant fields in the display.
Table 1 ping ethernet Field Descriptions
Field
Description
Protocol [ip]
Protocol name. The value within the brackets indicates the default value. If no value is specified, the default is considered.
Multicast [n]
Specifies a multipoint address. The value within the brackets indicates the default value. If no value is specified, the default is considered.
MAC Address
MAC address of the interface.
Maintenance Domain
Specifies the maintenance domain.
Short-MA-name
Specifies the short MA name.
Source MPID [555]
Specifies a maintenance point identifier. The value within the brackets indicates the default value (555).
Repeat Count [5]
Number of ping packets that are sent to the destination address. The value within the brackets indicates the default value (5).
Datagram Size [100]
Size of the ping packet (in bytes). The value within the brackets indicates the default value (100).
Timeout in seconds [5]
Timeout (in seconds). The ping is declared successful only if the ECHO REPLY packet is received before the time interval. The value within the brackets indicates the default value (5).
Interval in seconds [0]
Timeout interval (in seconds). The value within the brackets indicates the default value (0).
Extended commands
Specifies whether a series of additional commands appears.
The following example shows how to initiate a loopback message with Test TLV using a one-line command that specifies pattern type 0: NULL signal without CRC-32:
Device# ping ethernet mpid 2 domain yyy service zzz pad test pattern-type 0
Type escape sequence to abort.
Packet sent with test TLV type 0: NULL signal without CRC-32
Sending 5 Ethernet CFM loopback messages to aabb.cc00.6500, timeout is 5 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
The following example shows how to initiate a loopback message using the extended command format and not specifying Test TLV:
Device# ping
Protocol [ip]: ethernet
Multicast [n]:
Mac Address: aabb.cc00.6500
Maintenance Domain: yyy
Use short-MA-name [n]: y
Short-MA-name format(text, vlan-id, number, vpn-id) [text]:
Short-MA-name: zzz
Source MPID [1]:
Repeat Count [5]:
Datagram Size [100]:
Timeout in seconds [5]:
Interval in seconds [0]:
Extended commands [n]: y
Class of Service [2]:
Set DE bit? [no]:
Validate reply data? [no]:
Test TLV? [no]:
Data pattern [0xABCD]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Packet has data pattern 0xABCD
Sending 5 Ethernet CFM loopback messages to aabb.cc00.6500, timeout is 5 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
The following example shows how to initiate a loopback message using the extended command format and specifying Test TLV and pattern type 1: NULL signal with CRC-32:
Device# ping
Protocol [ip]: ethernet
Multicast [n]:
Mac Address: aabb.cc00.6500
Maintenance Domain: yyy
Use short-MA-name [n]: y
Short-MA-name format(text, vlan-id, number, vpn-id) [text]:
Short-MA-name: zzz
Source MPID [1]:
Repeat Count [5]:
Datagram Size [100]:
Timeout in seconds [5]:
Interval in seconds [0]:
Extended commands [n]: y
Class of Service [2]:
Set DE bit? [no]:
Validate reply data? [no]:
Test TLV? [no]: yes
Pattern Type (0: NULL, 1: PRBS) [0]: 0
Pattern Type with CRC? [no]: yes
Sweep range of sizes [n]:
Type escape sequence to abort.
Packet sent with test TLV type 1: NULL signal with CRC-32
Sending 5 Ethernet CFM loopback messages to aabb.cc00.6500, timeout is 5 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
The following example shows how to initiate a loopback message using the extended command format, specifying Test TLV and pattern type 3: PRBS 2(-31) with CRC-32, and also specifying that the packet is validated:
Device# ping
Protocol [ip]: ethernet
Multicast [n]:
Mac Address: aabb.cc00.6500
Maintenance Domain: yyy
Use short-MA-name [n]: y
Short-MA-name format(text, vlan-id, number, vpn-id) [text]:
Short-MA-name: zzz
Source MPID [1]:
Repeat Count [5]:
Datagram Size [100]:
Timeout in seconds [5]:
Interval in seconds [0]:
Extended commands [n]: y
Class of Service [2]:
Set DE bit? [no]:
Validate reply data? [no]: yes
Test TLV? [no]: yes
Pattern Type (0: NULL, 1: PRBS) [0]: 1
Pattern Type with CRC? [no]: yes
Sweep range of sizes [n]:
Type escape sequence to abort.
Packet sent with test TLV type 3: PRBS 2^(-31) with CRC-32
Reply data will be validated
Sending 5 Ethernet CFM loopback messages to aabb.cc00.6500, timeout is 5 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
The following examples show how to send an Ethernet CFM loopback message to a destination MEP using the "extended ping" format for Cisco ASR 901 Series Aggregation Services Routers:
Router# ping
Protocol [ip]: ethernet
Mac Address : aabb.cc03.bb99
Maintenance Domain : Domain_L5
VLAN [9]:
Source MPID [220]:
Repeat Count [5]:
Datagram Size [100]:
Timeout in seconds [5]:
Interval in seconds [0]:
Extended commands [n]:
Type escape sequence to abort.
Sending 5 Ethernet CFM loopback messages to aabb.cc03.bb99, timeout is 5 seconds:!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Router# ping
Protocol [ip]: ethernet
Multicast [n] : y
Maintenance Domain : Domain_L5
VLAN [9]:
Source MPID [220]:
Datagram Size [100]:
Timeout in seconds [5]:
Interval in seconds [0]:
Extended commands [n]:
Type escape sequence to abort.
Sending 5 Ethernet CFM loopback messages to 0180.c200.0035, timeout is 5 seconds:
Reply to Multicast request from aabb.cc03.bb99, 0 ms
Total Remote MEPs replied: 1
ping ethernet evc
To send Ethernet connectivity fault management (CFM) loopback messages to a maintenance endpoint (MEP) or maintenance intermediate point (MIP) destination, use the
pingethernetevccommand in privileged EXEC mode.
MAC address of the remote maintenance point in the format abcd.abcd.abcd.
mpid
Integer from 0 to 8191 that identifies the MEP.
domain
Indicates a domain is specified.
domain-name
String with a maximum of 154 characters that identifies the domain.
level
Indicates that a maintenance level is specified.
level-id
Integer from 0 to 7 that identifies the maintenance level.
evc-name
String that identifies the Ethernet virtual circuit (EVC).
coscos-value
Specifies the class of service (cos) and the value for the cos.Integer from 0 to 7 that identifies the value for cos.
sourcempid
(Optional) Indicates a source maintenance point.
Command Default
A basic CFM ping operation to the specified MAC address (MEP or MIP) is performed.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(33)SRD
This command was introduced.
12.2(50)SY
This command was integrated.
Usage Guidelines
A local MEP must be configured for the same level and EVC before you can use this command.
The optional
source keyword is available only when you enter a domain name. The
source keyword is useful when there are multiple local MEPs in the same domain, level, and EVC as the ping target. For outward facing MEPs, choosing the source MPID implicitly selects the interface from which the ping will be sent.
Examples
The following example shows how to send an Ethernet CFM loopback message to MAC address 1010.pcef.1010 at maintenance level 2 on evc5:
Sends an echo request packet to an address, and then awaits a reply to determine whether a device can be reached or is functioning.
pingethernetvlan
Sends Ethernet CFM loopback messages to a MEP or MIP destination.
ping ethernet mpid vlan
Note
Effective with Cisco IOS Release 12.4(11)T, the
pingethernetmpidvlan command is replaced by the
pingethernetvlan command. See the
pingethernetvlan command for more information.
To send Ethernet connectivity fault management (CFM) loopback messages to a maintenance endpoint (MEP) destination, use the
pingethernetmpidvlan command in privileged EXEC mode.
Indicates a domain where the destination MEP resides is specified.
domain-name
String with a maximum of 154 characters that identifies the domain.
level
Indicates a maintenance level is specified.
level-id
Integer from 0 to 7 that identifies the maintenance level.
vlan-id
Integer from 1 to 4094 that identifies the VLAN.
Command Default
A basic CFM ping operation to the specified maintenance endpoint ID (MPID) is performed.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(33)SRA
This command was introduced.
12.4(11)T
This command was replaced by the
pingethernetvlan command.
Cisco IOS XE Release 3.5S
This command was integrated into Cisco IOS XE Release 3.5S.
15.3(1)S
This command was integrated into Cisco IOS Release 15.3(1)S.
Usage Guidelines
Use this command to test connectivity between MEPs.
If the continuity check database does not have entries for the specified MPID, an error message displays indicating that the command cannot be used.
Examples
The following example shows how to send an Ethernet CFM loopback message to MPID 3075, maintenance domain operatorv, maintenance level 3, VLAN ID 4325:
Device# ping ethernet mpid 3075 domain operatorv level 3 vlan 4325
Type escape sequence to abort.
Sending 5 Ethernet CFM loopback messages, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/62/72 ms
Related Commands
Command
Description
ping
Sends an echo request packet to an address, and then awaits a reply to determine whether a device can be reached or is functioning.
pingethernetvlan
Sends Ethernet CFM loopback messages to a destination MAC address.
ping ethernet vlan
To send Ethernet connectivity fault management (CFM) loopback messages to a maintenance endpoint (MEP) or maintenance intermediate point (MIP) destination, use the
pingethernetvlan command in privileged EXEC command mode.
MAC address of the remote maintenance point in the format abcd.abcd.abcd.
mpid
Integer from 0 to 8191 that identifies the MEP.
domain
Indicates a domain is specified.
domain-name
String with a maximum of 154 characters that identifies the domain.
level
Indicates that a maintenance level is specified.
level-id
Integer value of 0 to 7 that identifies the maintenance level.
vlan-id
Integer value of 1 to 4094 that identifies the VLAN.
sourcempid
(Optional) Indicates a source maintenance point.
Command Default
A basic CFM ping operation to the specified MAC address (MEP or MIP) is performed.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(33)SRA
This command was introduced.
12.4(11)T
The optional
source keyword and
mpid argument were added in Cisco IOS Release 12.4(11)T.
12.2(33)SXH
This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 3.5S
This command was integrated into Cisco IOS XE Release 3.5S.
15.3(1)S
This command was integrated into Cisco IOS Release 15.3(1)S.
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
Usage Guidelines
A local MEP must be configured for the same level and VLAN before you can use this command.
The optional
source keyword is available only when you enter a domain name. The
source keyword is useful when there are multiple local MEPs in the same domain, level, and VLAN as the ping target. For outward facing MEPs, choosing the source MPID implicitly selects the interface from which the ping will be sent.
Examples
The following example shows how to send an Ethernet CFM loopback message to MAC address 4123.pcef.9879 at maintenance level 3, VLAN ID 4325:
Sends an echo request packet to an address, and then awaits a reply to determine whether a device can be reached or is functioning.
port0
To connect port0 to the local node of the Ethernet ring, use the
port0
command in Ethernet ring configuration mode. To disconnect the port, use the
no form of this command.
port0interface typenumber
no port0
Syntax Description
interfacetypenumber
Interface type and number. Enter the
interface keyword followed by the interface type and interface number.
Command Default
Port0 is not connected to the local node of the Ethernet ring.
Command Modes
Ethernet ring configuration (config-erp-ring)
Command History
Release
Modification
Cisco IOS XE Release 3.6S
This command was introduced.
15.2(4)S
This command was integrated into Cisco IOS Release 15.2(4)S.
Usage Guidelines
This command also enters Ethernet ring port configuration mode (config-erp-ring-port).
Examples
The following is an example of the
port0 command used in an Ethernet ring configuration.
To specify an Ethernet service instance for ring port0, use the
port0 service command in Ethernet ring instance aps-channel configuration mode. To change the specification, use the
no form of this command.
port0serviceinstanceinstance-id
no port0serviceinstanceinstance-id
Syntax Description
instance-id
Instance identifier. Valid entries are in the range of 1 to 4000.
Command Default
An Ethernet service interface for ring port0 is not specified.
Command Modes
Ethernet ring instance aps-channel configuration (config-erp-inst-aps)
Command History
Release
Modification
Cisco IOS XE Release 3.6S
This command was introduced.
15.2(4)S
This command was integrated into Cisco IOS Release 15.2(4)S.
Examples
The following is an example of the
port0 service instance command used in an Ethernet ring configuration.
Device> enable
Device# configure terminal
Device(config)# ethernet ring g8032 ring1
Device(config-erp-ring)# instance 1
Device(config-erp-inst)# aps-channel
Device(config-erp-inst-aps)# port0 service instance 2
port1
To connect port1 to the local node of the Ethernet ring, use the
port1 command in Ethernet ring configuration mode. To disconnect the port, use the
no form of this command.
port1
{ interfacetypenumber | none }
noport1
Syntax Description
interfacetype
number
Interface type and number. Enter the
interface keyword followed by the interface type and interface number.
none
Indicates that the ring port is an open ring.
Command Default
Port1 is not connected to the local node of the Ethernet ring.
Command Modes
Ethernet ring configuration (config-erp-ring)
Command History
Release
Modification
Cisco IOS XE Release 3.6S
This command was introduced.
15.2(4)S
This command was integrated into Cisco IOS Release 15.2(4)S.
Usage Guidelines
This command also enters Ethernet ring port configuration mode (config-erp-ring-port).
Examples
The following is an example of the
port1 command used in an Ethernet ring configuration.
To specify an Ethernet service instance for ring port1, use the
port1 command in Ethernet ring instance aps-channel configuration mode. To change the specification, use the
no form of this command.
port1serviceinstance
{ instance-id | none }
noport1
Syntax Description
instance-id
Service instance identifier. Valid entries are in the range of 1 to 4000.
none
Indicates that the ring port is an open ring.
Command Default
An Ethernet service instance for ring port1 is not specified.
Command Modes
Ethernet ring instance aps-channel configuration (config-erp-inst-aps)
Command History
Release
Modification
Cisco IOS XE Release 3.6S
This command was introduced.
15.2(4)S
This command was integrated into Cisco IOS Release 15.2(4)S.
Examples
The following is an example of the
port1 service instance command used in an Ethernet ring configuration.
Device> enable
Device# configure terminal
Device(config)# ethernet ring g8032 ring1
Device(config-erp-ring)# instance 1
Device(config-erp-inst)# aps-channel
Device(config-erp-inst-aps)# port1 service instance 2
port-channel load-balance
To set the load distribution method among the ports in a bundle, use the
port-channelload-balance command in global configuration mode. To reset the load distribution to the default settings, use the
no form of this command.
port-channelload-balancemethodmoduleslot
noport-channelload-balance
Syntax Description
method
Load distribution method; see the “Usage Guidelines” section for a list of valid values.
module
Specifies the module on which the load-distribution method is set. This keyword is supported only on DFC systems.
slot
Number of the slot in the module.
Command Default
The defaultmethod is
src-dst-ip.
Command Modes
Global configuration (config)
Command History
Release
Modification
12.2(14)SX
This command was introduced on the Supervisor Engine 720.
12.2(17d)SXB
This command was modified to support the Supervisor Engine 2.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH
This command was modified. The following keywords were added:
dst-mixed-ip-port,src-dst-mixed-ip-port,src-mixed-ip-port,andexcludevlan.
These keywords are supported on systems that are in PFC3C or PFC3CXL mode (PFC3C or PFC3CXL with no DFC3A or DFC3B/BXL) only.
The
excludevlankeyword is added only for IP-related load balance options.
12.2(50)SY
This command was modified. The following methods were added:
vlan-dst-ip
vlan-dst-mixed-ip-port
vlan-src-dst-ip
vlan-src-dst-mixed-ip-port
vlan-src-ip
vlan-src-mixed-ip-port
These methods are supported only in Cisco IOS Release12.2(50)SY.
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
Usage Guidelines
Valid
method values are as follows:
dst-ip--Loads distribution on the destination IP address. Option to exclude VLAN in the distribution is provided using the
excludevlankeyword along with this method.
dst-mac--Loads distribution on the destination MAC address.
dst-mixed-ip-port--Loads distribution on the destination IP address and TCP or User Datagram Protocol (UDP) port. Option to exclude VLAN in the distribution is provided using the
excludevlankeyword along with this method.
dst-port--Loads distribution on the destination port.
src-dst-ip--Loads distribution on the source transfer or XOR-destination IP address. Option to exclude VLAN in the distribution is provided using the
excludevlankeyword along with this method.
src-dst-mac--Loads distribution on the source XOR-destination MAC address.
src-dst-mixed-ip-port--Loads distribution on the source XOR-destination IP address and the TCP or UDP port. Option to exclude VLAN in the distribution is provided using the
excludevlankeyword along with this method.
src-dst-port--Loads distribution on the source XOR-destination port.
src-ip--Loads distribution on the source IP address. Option to exclude VLAN in the distribution is provided using the
excludevlankeyword along with this method.
src-mac--Loads distribution on the source MAC address.
src-mixed-ip-port--Loads distribution on the source IP address and the TCP or UDP port. Option to exclude VLAN in the distribution is provided using the
excludevlankeyword along with this method.
src-port--Loads distribution on the source port.
vlan-dst-ip--VLAN, Dst IP Address
vlan-dst-mixed-ip-port--VLAN, Dst IP Address, and TCP/UDP Port
vlan-src-dst-ip--VLAN, Src XOR, Dst IP Address
vlan-src-dst-mixed-ip-port--VLAN, Src XOR Dst IP Address, and TCP/UDP Port
vlan-src-ip--VLAN, Src IP Address
vlan-src-mixed-ip-port--VLAN, Src IP Address, and TCP/UDP Port
The
port-channelload-balancemethodmoduleslot command is supported on DFC systems only.
The
port-channelper-moduleload-balance command allows you to enable or disable port-channel load-balancing on a per-module basis. You can enter the
port-channelload-balancemethodmoduleslot command to specify the load-balancing method on a specific module after you have entered the
port-channelper-moduleload-balancecommand.
The following keywords are supported on systems that are in PFC3C or PFC3CXL mode (PFC3C or PFC3CXL with no DFC3A or DFC3B/BXL) only:
dst-mixed-ip-port
src-dst-mixed-ip-port
src-mixed-ip-port
Note
If you change the load-balancing method, EtherChannel ports on DFC-equipped switching modules or an active supervisor engine in a dual supervisor engine configuration will flap.
Examples
The following example shows how to set the load-distribution method to
dst-ip:
Device(config)#
port-channel load-balance dst-ip
The following example shows how to set the load-distribution method on a specific module:
Creates a port-channel virtual interface and enters interface configuration mode.
port-channelload-balancempls
Sets the load distribution method among the ports in the bundle for MPLS packets.
showetherchannel
Displays the EtherChannel information for a channel.
port-channel load-balance (interface)
To configure a member link for load balancing, a default service instance weight, or weighted load balancing on port-channel member links, use the port-channelload-balance command in interface configuration mode. To cause the default weight to revert to 1 and to disable weighted load balancing, use the no form of this command.
Configures a member link for egress load balancing.
link-id
Integer from 1 to 16 that identifies the member link.
When used with the weighted keyword, the link-id is a comma-delimited list of member link IDs to use for weighted load balancing.
weighted
Configures weighted load balancing on the port channel.
defaultweight
Configures a default weight for a service instance.
weight
Integer from 1 to 10000 that is the weight value. The default is 1.
When used with the rebalance keyword, this value is the threshold weight used to trigger automatic rebalancing. The default is 4.
all
Configures load balancing across all active member links.
rebalance
Sets or disables the automatic rebalance threshold.
disable
Disables automatic rebalancing.
Command Default
Service instance weight and weighted load balancing are not configured.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
15.0(1)S
This command was introduced.
Usage Guidelines
When weighted load balancing enabled, the weight configured using this command is inherited by all service instances on the port channel that have not been specifically configured with a weight.
Configuring a default weight is optional; the default weight value is 1.
Use of the weightedand link keywords is required to enable weighted load balancing on a port channel. When the all keyword is configured, traffic is distributed across all active member links in the port channel. When one or more member links is specified, traffic is distributed across only those member links. To allow for out-of-order configuration, link IDs not yet assigned to member links may be specified. Issuing this command with the weighted and link keywords more than once under the same port-channel interface results in overwriting the command settings previously configured.
If this command is configured with a list of link IDs and the member link corresponding to one of those link IDs is later configured with a different ID, a warning is displayed on the console that notifies the user that the action will affect the current load-balancing activity.
When the disable keyword is configured, automatic rebalancing is not performed and the operator must manually invoke rebalancing by issuing the port-channelload-balanceweightedrebalancecommand in privileged EXEC mode.
When the disable keyword is not configured, either the configured or a default weight is used to automatically rebalance service instances. Automatic rebalancing occurs when the average absolute deviation (AAD) of the current distribution exceeds the configured threshold and when the resulting AAD of the rebalanced distribution is less than the current AAD. If automatic rebalancing does not result in a lower AAD, the rebalancing is not done, even if the current AAD exceeds the threshold.
The AAD calculation is (1/n
)*Sum(|w(i
) - m|) for all n
member links where:
n
= number of member links
m
= mean of member link weights (sum of all Ethernet service instance weights divided by n
)
w
(i
) = sum of Ethernet service instance weights on member link i
Two conditions cause the port-channelload-balancecommand to fail:
An invalid weight is configured.
An invalid link ID is provided.
Examples
The following example shows how to configure port-channel load balancing for all port-channel member links:
Router(config)# interface port-channel1
Router(config-if)# port-channel load-balance weighted link all
port-channel load-balance mpls
To set the load-distribution method among the ports in the bundle for
Multiprotocol Label Switching (MPLS) packets, use the
port-channelload-balancemplscommand in global configuration mode. To reset the load
distribution to the default settings, use the
no form of this command.
port-channelload-balancempls
{ label | label-ip }
noport-channelload-balancempls
Syntax Description
label
Specifies using the MPLS label to distribute packets; see
the “Usage Guidelines” section for additional information.
label-ip
Specifies using the MPLS label or the IP address to
distribute packets; see the “Usage Guidelines” section for additional
information.
Command Default
label-ip
Command Modes
Global configuration
Command History
Release
Modification
12.2(14)SX
Support for this command was introduced on the Supervisor
Engine 720.
12.2(33)SRA
This command was integrated into Cisco IOS Release
12.2(33)SRA.
Usage Guidelines
This command is not supported on Cisco 7600 series routers that are
configured with a Supervisor Engine 2.
If you select
label, these guidelines apply:
With only one MPLS label,
the last MPLS label is used.
With two or more MPLS
labels, the last two labels (up to the fifth label) are used.
If you select
label-ip, these guidelines apply:
With IPv4 and three or
fewer labels, the source IP address XOR-destination IP address is used to
distribute packets.
With four or more labels,
the last two labels (up to the fifth label) are used.
With non-IPv4 packets,
the distribution method is the same as the
label method.
Examples
This example shows how to set the load-distribution method to
label-ip:
Creates a port-channel virtual interface and enters
interface configuration mode.
showetherchannel
Displays the EtherChannel information for a channel.
port-channel load-balance weighted rebalance
To perform a rebalancing of all port-channel interfaces configured with weighted load balancing, use the port-channelload-balanceweightedrebalance command in privileged EXEC mode.
(Optional) Specifies a port channel enabled for weighted load balancing.
port-channel
(Optional) Specifies an Ethernet channel of interfaces.
number
(Optional) Integer from 1 to 564 that identifies the port-channel interface.
Command Default
Load rebalancing is not performed.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
15.0(1)S
This command was introduced.
Usage Guidelines
If a port-channel interface is specified, only that interface is rebalanced; otherwise all port channels with weighted load balancing enabled are rebalanced.
This command may be used when automatic rebalancing is disabled via the port-channelload-balanceweightedrebalancedisable command or when a rebalancing of service instances is desired prior to reaching the automatic rebalance threshold.
If the specified interface is not a port channel enabled for weighted load balancing, the port-channelload-balanceweightedrebalancecommand has no effect on load balancing on that interface.
Examples
The following example shows how to force a rebalancing of service instances, based on their assigned weights, for all port channels with weighted load balancing enabled:
Configures a member link for load balancing, a default service instance weight, or weighted load balancing on port-channel member links.
priority1
To set a preference level for a Precision Time Protocol clock, use the
priority1 command in PTP clock configuration mode. To remove a priority1 configuration, use the
no form of this command.
priority1priorityvalue
nopriority1priorityvalue
Syntax Description
priorityvalue
Number value of the preference level. The range is from 0 to 255; lower values indicate a higher precedence. The default value is 128.
Command Default
The default preference level is 128.
Command Modes
PTP clock configuration (config-ptp-clk)
Command History
Release
Modification
15.0(1)S
This command was introduced.
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
Usage Guidelines
Slave devices use the priority1 value when selecting a master clock. The priority1 value has precedence over the priority2 value.
Examples
The following example shows how to configure a ptp priority1 value:
To set a set a secondary preference level for a Precision Time Protocol clock, use the
priority2 command in PTP clock configuration mode. To remove a priority2 configuration, use the
no form of this command.
priority2priorityvalue
nopriority2priorityvalue
Syntax Description
priorityvalue
The number value of the preference level. The range is from 0 to 255; lower values indicate a higher precedence. The default value is 128.
Command Default
The default preference level is 128.
Command Modes
PTP clock configuration (config-ptp-clk)
Command History
Release
Modification
15.0(1)S
This command was introduced.
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
Usage Guidelines
Slave devices use the priority2 value to select a master clock; the priority2 value is only considered when the device cannot use priority1 and other clock attributes to select a clock.
Examples
The following example shows how to configure the ptp priority2 value:
To associate an Ethernet ring profile with an instance, use the
profile command in Ethernet ring instance configuration mode. To remove the association, use the
no form of this command.
profileprofile-name
noprofile
Syntax Description
profile-name
Ethernet profile name. The profile name can be a maximum of 32 alphanumeric characters.
Command Default
An Ethernet ring profile is not associated with an instance.
Command Modes
Ethernet ring instance configuration (config-erp-inst)
Command History
Release
Modification
Cisco IOS XE Release 3.6S
This command was introduced.
15.2(4)S
This command was integrated into Cisco IOS Release 15.2(4)S.
Usage Guidelines
Associating an Ethernet ring profile with an instance is optional. The Ethernet ring profile is owned by the Ethernet Ring Protection (ERP) controller.
Examples
The following is an example of the
profile command used in an Ethernet ring configuration.
To define the maximum and watermark limits for pseudowires from a
peer provider edge (PE) device, use the
pseudowirecommand in Layer 2 (L2) subscriber group command mode. To
disable the maximum and watermark limits, use the
no form of this command.
pseudowire
{ maximum | watermarkhigh }
limit
nopseudowire
{ maximum | watermarkhigh }
Syntax Description
maximum
Specifies the maximum number of Any Transport over MPLS
(AToM) virtual circuits (VCs) allowed to be configured from the peer PE
devices.
watermarkhigh
Specifies the high watermark limit for the AToM VCs from
the peer PE devices.
limit
High watermark value. Valid values are from 1 to 16384.
Command Default
The maximum and watermark limits for pseudowires from the peer PE
devices is not configured.
Command Modes
L2 subscriber group configuration (config-l2-sub-gr)
Command History
Release
Modification
15.1(2)S
This command was introduced.
Usage Guidelines
If the number of AToM VCs exceed the maximum and watermark limits for
the pseudowire, syslog messages are displayed.
Examples
The following example shows how to configure the maximum number of
AToM VCs on a pseudowire:
Router# configure terminal
Router(config)# l2 subscriber authorization group group1
Router(config-l2-sub-gr)# pseudowire maximum 58
Related Commands
Command
Description
l2subscriber
Creates an L2 subscriber authorization group, and enters L2
subscriber group mode.
peer
Defines the target LDP peer PE information.
service-policytypecontrol(Layer2)
Attaches an ISG control service policy to an L2 subscriber
authorization group.
ptp clock
To create a Precision Time Protocol (PTP) clock and specify the clock mode, use the
ptpclock command in the global configuration mode. To remove a PTP clock configuration, use the
no form of this command.
Sets the PTP clock to transparent clock mode; the router modifies outgoing PTP sync and delay-request messages to account for residence time using the correction field in the follow-up message.
boundary
Sets the PTP clock to boundary clock mode; the router participates in selecting the best master clock and can act as the master clock if no better clocks are detected.
domain
The PTP clocking domain number. Valid values are from 0 to 127.
Command Default
A PTP clock is not created and the clock mode is not specified.
Command Modes
Global configuration (config)
Command History
Release
Modification
15.0(1)S
This command was introduced.
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
Usage Guidelines
This command creates a new PTP clock and enters clock configuration mode.
Examples
The following example shows how to configure a PTP clock and enter clock configuration mode:
To perform an encapsulation adjustment on a frame egressing a service instance, use the
rewriteegresstag command in service instance configuration mode. To delete an encapsulation adjustment, use the
no form of this command.
Translates a single VLAN tag to two different VLAN tags.
2-to-1
Translates two different VLAN tags to a single VLAN tag.
2-to-2
Translates two VLAN tags to two different VLAN tags.
Command Default
The frame is left intact on egress.
Command Modes
Service instance configuration (config-if-srv)
Command History
Release
Modification
Cisco IOS XE Release 3.2S
This command was introduced.
Usage Guidelines
Use the
rewriteegresstagcommand to modify packet VLAN tags. You can use this command to emulate traditional 802.1Q tagging and to facilitate VLAN translation and IEEE 802.1QinQ (QinQ) encapsulation. An encapsulation method must be configured before you can use the
rewriteegresstag command.
Examples
The following example shows how to specify the encapsulation adjustment that is needed on the ingress frame to the service instance:
To specify the encapsulation adjustment to be performed on a frame ingressing a service instance, use the
rewriteingresstag command in Ethernet service configuration mode. To delete the encapsulation adjustment, use the
no form of this command.
Specifies either the outermost tag or the two outermost tags for removal from a packet.
symmetric
(Optional) Indicates a reciprocal adjustment to be done in the egress direction. For example, if the ingress pops a tag, the egress pushes a tag and if the ingress pushes a tag, the egress pops a tag.
push
Adds a tag.
dot1ad
Specifies an IEEE 802.1ad tag.
vlan-id
Integer in the range 1 to 4094 that identifies the VLAN.
dot1q
Specifies an IEEE 802.1Q tag.
second-dot1q
Specifies a different 802.1Q tag at the ingress service instance.
vlan-type
Specifies the type of VLAN protocol.
0x88a8
Specifies the protocol type 0x88a8.
0x9100
Specifies the protocol type 0x9100.
0x9200
Specifies the protocol type 0x9200.
translate
Translates, by VLAN ID, a tag or a pair of tags defined in the
encapsulation command.
1-to-1
Translates a single tag defined by the
encapsulation command to a single tag defined in the
rewriteingresstag command.
1-to-2
Translates a single tag defined by the
encapsulation command to a pair of tags defined in the
rewriteingresstag command.
2-to-1
Translates, by VLAN ID, a pair of tags defined by the
encapsulation command to a single tag defined in the
rewriteingresstag command.
2-to-2
Translates, by VLAN ID, a pair of tags defined by the
encapsulation command to a pair of tags defined in the
rewriteingresstag command.
Command Default
The frame is left intact on ingress (the service instance is equivalent to a trunk port).
Command Modes
Ethernet service (config-if-srv)
Command History
Release
Modification
12.2(33)SRB
This command was introduced.
Cisco IOS XE Release 3.2S
This command was integrated into Cisco IOS XE Release 3.2S.
Cisco IOS XE Release 3.5S
This command was implemented on the Cisco ASR 903 Router.
15.1(2)SNH
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
Usage Guidelines
The
symmetric keyword is accepted for all rewrite operations only when a single VLAN is configured in encapsulation. If a list of VLANs or a range of VLANs is configured in encapsulation, the
symmetric keyword is accepted only for push rewrite operations.
The
pop keyword assumes the elements being popped are defined by the encapsulation type. The exception case should be drop the packet.
The
translate keyword assumes the tags being translated from are defined by the encapsulation type. In the 2-to-1 option, the “2” means 2 tags of a type defined by the
encapsulation command. The translation operation requires at least one “from” tag in the original packet. If the original packet contains more tags than the ones defined in the “from,” the operation should be done beginning on the outer tag. Exception cases should be dropped.
Examples
The following example shows how to specify the encapsulation adjustment to be performed on the frame ingressing the service instance:
Sets the encapsulation method used by an interface.
rpl
To specify one ring port on the local node as the Ring Protection Link (RPL) owner, neighbor, or next neighbor, use the
rpl command in Ethernet ring instance configuration mode. To remove the specification for the port as the RPL owner, neighbor, or next neighbor, use the
no form of this command.
To indicate the contents of the Sender ID TLV field transmitted in Ethernet connectivity fault management (CFM) messages for members of a maintenance domain, use the
sender-id command in Ethernet CFM configuration mode. To send no sender ID information, use the
no form of this command.
sender-idchassis
nosender-idchassis
Syntax Description
chassis
Sends only the chassis ID information.
Command Default
The Sender ID TLV is not included in messages.
Command Modes
Ethernet CFM configuration (config-ecfm)
Command History
Release
Modification
12.2(33)SXI2
This command was introduced.
12.2(33)SRE
This command was integrated into Cisco IOS Release 12.2(33)SRE.
Usage Guidelines
This command has lower precedence than the
sender-id command issued at the maintenance association. To override the configuration at the maintenance association, configure the service ID as “none.”
Examples
The following example shows how to include only the chassis ID information in the Sender ID TLV:
To indicate the contents of the Sender ID TLV field transmitted in Ethernet connectivity fault management (CFM) messages for the maintenance association, use the
sender-id command in Ethernet CFM service configuration mode. To send no sender ID information, use the
no form of this command.
sender-id
{ chassis | none }
nosender-id
{ chassis | none }
Syntax Description
chassis
Sends only the chassis ID information.
none
No sender ID information is sent.
Command Default
The Sender ID TLV is not included in messages.
Command Modes
Ethernet CFM service configuration (config-ecfm-srv)
Command History
Release
Modification
12.2(33)SXI2
This command was introduced.
12.2(33)SRE
This command was integrated into Cisco IOS Release 12.2(33)SRE.
Usage Guidelines
This command has higher precedence than the
sender-id command issued for the maintenance domain.
The default is that the enclosing maintenance domain determines the Sender ID.
Examples
The following example shows how to include only the chassis ID information in the Sender ID TLV:
Device(config)# ethernet cfm domain customerA level 5
Device(config-ecfm)# service vlan-id 17 port
Device(config-ecfm-srv)# sender-id chassis
service (CFM-srv)
To configure a maintenance association within a maintenance domain and enter Ethernet connectivity fault management (CFM) service configuration mode (config-ecfm-srv), use the
service command in Ethernet CFM configuration mode. To remove the configuration, use the
no form of this command.
service
{ ma-name | ma-num | vlan-idvlan-id | vpn-idvpn-id }
[ port | vlanvlan-id
[ directiondown ] ]
Integer from 0 to 65535 that identifies the maintenance association.
vlan-id
Configures a primary VLAN.
vlan-id
Integer from 1 to 4094 that identifies the primary VLAN.
vpn-id
Configures a virtual private network (VPN).
vpn-id
Integer from 1 to 32767 that identifies the VPN.
port
(Optional) Configures a DOWN service direction without a VLAN association.
vlan
(Optional) Configures a VLAN.
direction
(Optional) Configures the service direction. The default is “up.”
down
(Optional) Configures the direction toward the LAN.
Command Default
No maintenance associations are configured.
Command Modes
Ethernet CFM configuration (config-ecfm)
Command History
Release
Modification
12.2(33)SXI2
This command was introduced.
12.2(33)SRE
This command was integrated into Cisco IOS Release 12.2(33)SRE.
Usage Guidelines
The maintenance association ID (MAID) is a combination of a maintenance domain ID and the short maintenance association name, and the length of the MAID TLV should not exceed 48 characters.
If you configure the same short maintenance association name for two VLANs in the same domain, an error message is displayed and the command is rejected.
If you specify the service direction as down (outward to the LAN), you can create multiple outward services at the same level containing an overlapping set of VLANs. The set of VLANs in an outward service can also overlap with inward services. A set of VLANs between inward services at the same level must be unique.
Examples
The following example shows how to configure a maintenance association with the ID 10, VLAN 17, and service direction toward the LAN within the customerA maintenance domain:
Device(config)# ethernet cfm domain customerA level 5
Device(config-ecfm)# service 10 vlan-id 17 direction down
Device(config-ecfm-srv)#
service evc
To set a universally unique ID for a customer service instance (CSI) within a maintenance domain, use the
serviceevc command in Ethernet CFM configuration mode. To remove a universally unique ID for a service within a maintenance domain, use the
no form of this command.
String of a maximum of 100 characters that identifies the CSI.
evc
Specifies the Ethernet virtual circuit (EVC).
evc-name
String that identifies the Ethernet virtual circuit (EVC).
vlan
Specifies the VLAN.
vlan-id
String the VLAN ID. Range is from 1 to 4094.
direction
Specifies the service direction.
down
Specifies the direction towards the LAN.
Command Default
No universally unique ID is set for the CSI.
Command Modes
Ethernet CFM configuration (config-ether-cfm)
Command History
Release
Modification
12.2(33)SRD
This command was introduced
15.1(2)S
This command was integrated into Cisco IOS Release 15.1(2)S.
12.2(50)SY
This command was integrated into Cisco IOS Release 12.2(50)SY.
Usage Guidelines
A fully qualified service ID consists of a service ID plus a domain name. Service IDs identify customers within a domain. Ethernet connectivity fault management (CFM) requires that service IDs are unique in a network.
You must configure a service EVC before you can configure a maintenance endpoint (MEP) for a domain.
The following restrictions apply when you issue the
serviceevc command:
Maintenance domains on the same device cannot have the same name.
Two domains at the same maintenance level cannot be on the same EVC unless one or both of the domains are outward domains.
A service ID must be unique within a single maintenance domain.
For two domains at the same maintenance level, the same service ID can be used for two different EVCs. If you try to configure the same service ID for two EVCs in the same domain, the command is rejected and an error message is displayed.
Specifying a domain as outward allows you to create multiple outward domains at the same level with a set of services that overlap. These EVCs can also overlap with inward domains. Note that a set of EVCs overlapping inward domains at only the same level must be unique.
You can use the same service ID in the same EVC or different EVCs if the service IDs are in different levels.
Before you remove a service ID, all MEPs corresponding to the service must be removed.
On Cisco 7600 series routers, a VLAN service and an EVC service may have the same service ID if the bridge domain is associated with an EVC and the bridge-domain ID equals the VLAN service ID. This situation occurs because the bridge domain and the VLAN of the same number form a single broadcast domain representing the same CFM service.
Examples
The following example shows how to configure an Ethernet CFM service with EVC evc100:
ethernet cfm domain PROVIDER level 4
service provider_100 evc evc100
The following example shows how to configure Ethernet CFM service on a Cisco Route Switch Processor 720. You must configure the VLAN and EVC services with the same name because VLAN 100 and bridge domain 100, which is associated with EVC 100, represent a single broadcast domain.
Sets a unique service ID within a maintenance domain.
service icc
To set the ITU-T Y.1731 Carrier Code (ICC)-based maintenance entity group (MEG) identifier within a maintenance domain, use the
serviceicc command in Ethernet CFM configuration mode. To remove the ICC-based MEG identifier, use the
no form of this command.
serviceiccicc-codemeg-code { evcevc-name | [ direction down | vlan ] | port | vlanvlan-idinner-vlaninner-vlan-id }
noserviceiccicc-codemeg-code { evcevc-name | [ direction down | vlan ] | port | vlanvlan-idinner-vlaninner-vlan-id }
Syntax Description
icc-code
String from 1 to 6 characters that identifies the ITU carrier code.
meg-code
String from 1 to 12 characters that identifies the unique MEG code.
evc
Specifies the Ethernet virtual circuit (EVC).
evc-name
String from 1 to 100 characters that identifies the EVC.
directiondown
(Optional) Configures a DOWN service direction.
vlan
(Optional) Configures a primary VLAN.
port
Configures a DOWN service direction without a VLAN association.
vlan-id
Integer from 1 to 4094 that identifies the primary VLAN.
inner-vlan
Specifies the inner VLAN.
inner-vlan-id
Integer from 1 to 4094 that identifies the inner VLAN.
Command Default
The ICC-based MEG code is not set.
Command Modes
Ethernet CFM configuration (config-ecfm)
Command History
Release
Modification
15.2(1)S
This command was introduced.
Cisco IOS XE Release 3.5S
This command was integrated into Cisco IOS XE Release 3.5S.
Usage Guidelines
To enter the Ethernet CFM configuration mode, use the
ethernetcfmdomainlevel command.
The
service icc command places the command-line interface (CLI) into Ethernet connectivity fault management (CFM) service configuration mode (config-ecfm-srv).
Examples
In the following example, an ICC-based MEG code of icc1 has been configured.
Router(config)# ethernet cfm domain customerA level 5
Router(config-ecfm)#service icc icc1 1234567890 evc evc5 direction down
Router(config-ecfm-srv)#
Related Commands
Command
Description
ethernetcfmdomainlevel
Defines a CFM maintenance domain at a particular maintenance level and puts the CLI into Ethernet CFM configuration mode.
service instance dynamic
To configure an Ethernet Layer 2 context service instance on an interface and to enter service instance configuration mode, use the serviceinstancedynamiccommand in interface configuration mode. To delete an Ethernet Layer 2 context service instance, use the no form of this command.
serviceinstancedynamicL2-idethernet
noserviceinstanceid
Syntax Description
L2-id
Layer 2 context identifier. Valid values are from 1 to 4000.
ethernet
Configures an Ethernet instance.
Command Default
Ethernet Layer 2 context service instances are not configured.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
15.1(2)S
This command was introduced.
Usage Guidelines
The serviceinstancedynamic command defines that a service instance is an Ethernet Layer2 context. This command works as a forwarder service for this service instance. If this command is configured, then you cannot configure any other forwarding services such as xconnect, bridge-domain and connect. This command configured on any platform indicates that the traffic classified on this service instance is not going to be dropped, instead the traffic will be punted to the First Sign of Life (FSOL) handling mechanism.
Examples
The following example shows how to define an Ethernet Layer 2 service instance and enter service instance configuration mode:
Router(config)# interface ethernet 0/0
Router(config-if)# service instance dynamic 100 ethernet
Related Commands
Command
Description
encapsulationdot1q
Defines the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance.
initiator
Enables an initiator for detecting the FSOL under Ethernet Layer 2 context.
service instance ethernet
To configure an Ethernet service instance on an interface, use the
serviceinstanceethernet command in interface configuration mode. To delete a service instance, use the
no form of this command.
serviceinstance
[ trunk ]
idethernet [evc-name]
noserviceinstance
[ trunk ]
idethernet
Cisco ASR 901 Series Aggregation Services Router
serviceinstanceinstance-idethernet
[ evc-name ]
Syntax Description
trunk
(Optional) Indicates that the service instance will be configured on a trunk interface.
id
Integer that uniquely identifies a service instance on an interface. The value varies by the platform. Range: 1 to 4294967295. The identifier need not map to a VLAN and is local in scope to the interface.
evc-name
(Optional) String that associates an Ethernet virtual connection (EVC) to the service instance. Maximum: 100 bytes.
instance-id
Service instance number that identifies the Ethernet Flow Point (EFP). Range: 1 to 8000.
Command Default
No Ethernet service instances are defined.
Command Modes
Interface configuration (config-if)
Command History
Release
Modification
12.2(25)SEG
This command was introduced.
12.2(33)SRB
This command was implemented on the Cisco 7600 series routers.
12.2(33)SRE
This command was modified. The
group command is now available after entering Ethernet service configuration mode.
Cisco IOS XE Release 3.5S
This command was integrated into Cisco IOS XE Release 3.5S to provide support for the Cisco ASR 903 Router. This command was modified to include support for Ethernet Flow Points (EFPs) on trunk ports (interfaces). The optional
trunk keyword was added.
Cisco IOS XE Release 3.7S
This command was modified. Support for short maintenance-association (MA) names in the MEP parser syntax was added.
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
Usage Guidelines
A service instance is a configuration object (container) that holds all management and control-plane attributes and parameters that apply to that service instance on a per-port basis. Different service instances that correspond to the same EVC must share the same name. Service instances are associated with a global EVC object through their shared name.
After you enter the
serviceinstanceethernet command, the device enters Ethernet service configuration mode, and these configuration commands are available:
default—Sets the service instance to its default state.
ethernetlmice-vlanmap—Configures Ethernet Local Management Interface (Ethernet LMI) parameters. See the
ethernetlmice-vlanmap command.
exit—Exits Ethernet service configuration mode and returns to global configuration mode.
no—Negates a command or returns a command to its default setting.
group(service group)—Allows a member to be added to a service group. The service group must already exist when the
group command is issued.
In Cisco IOS XE Release 3.7S and later releases, configuring a local maintenance endpoint (MEP) on EFPs is rejected when there are multiple MAs mapping to the same service in the domain.
Examples
The following example shows how to define an Ethernet service instance and enter Ethernet service configuration mode for an EVC:
Device> enable
Device# configure terminal
Device(config)# interface ethernet 0/0
Device(config-if)# service instance 333 ethernet test
Device(config-if-srv)#
The following example shows how to configure a short MA name in the MEP parser syntax.
The following example shows how to define an Ethernet service instance and enter Ethernet service configuration mode for an EVC on a Cisco ASR 901 Series Aggregation Services router:
Configures Ethernet Local Management Interface parameters.
group(servicegroup)
Adds a member to a service group.
showethernetserviceinstance
Displays information about configured Ethernet service instances.
service instance ethernet (mac-tunnel)
To define an Ethernet flow point (EFP) that corresponds to a specific service instance ID (I-SID) encapsulation and to place the command-line interface (CLI) into MAC tunnel service configuration mode, use the serviceinstanceethernetcommand in MAC-in-MAC tunnel configuration mode. To delete an EFP, use the no form of this command.
serviceinstanceidethernet
noserviceinstanceid
Syntax Description
id
Integer in the range of 1 to 16384 that identifies an EFP.
This command is required to do MAC-in-MAC tunneling.
The service instance ID is unique for all MAC tunnels; for example, if service instance 10 is configured under MAC tunnel 1, service instance 10 cannot be configured under any other MAC tunnel.
Examples
The following example shows how to define an EFP and place the CLI into MAC tunnel service configuration mode:
To set a universally unique ID for a customer service instance (CSI) within a maintenance domain, use the
servicevlan command in Ethernet connectivity fault management (CFM) configuration mode. To remove a universally unique ID for a service within a maintenance domain, use the
no form of this command.
servicecsi-idvlanvlan-id
noservicecsi-idvlanvlan-id
Syntax Description
csi-id
String of a maximum of 100 characters that identifies the CSI.
vlan-id
Integer from 1 to 4094 that identifies the VLAN.
Command Default
No universally unique ID is set for the CSI.
Command Modes
Ethernet CFM configuration (config-ether-cfm)
Command History
Release
Modification
12.2(33)SRA
This command was introduced.
12.4(11)T
This command was integrated into Cisco IOS Release 12.4(11)T.
12.2(33)SXH
This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 3.5S
This command was integrated into Cisco IOS XE Release 3.5S.
15.3(1)S
This command was integrated into Cisco IOS Release 15.3(1)S.
Usage Guidelines
A fully qualified service ID consists of a service ID plus a domain name. Service IDs identify customers within a domain. Ethernet CFM requires that service IDs are unique in a network.
You must configure a service VLAN before you can configure a MEP for a domain.
The following restrictions apply when you issue the
servicevlan command:
Maintenance domains on the same device cannot have the same name.
Two domains at the same maintenance level cannot be on the same VLAN unless one or both of the domains are outward domains.
A service ID must be unique within a single maintenance domain.
For two domains at the same maintenance level, the same service ID can be used for two different VLANs. If you try to configure the same service ID for two VLANs in the same domain, the command is rejected and an error message displays.
Specifying a domain as outward allows you to create multiple outward domains at the same level with a set of services that overlap. These VLANs also can overlap with inward domains. Note that a set of VLANs overlapping inward domains at only the same level must be unique.
You can use the same service ID in the same VLAN or different VLANs if the service IDs are in different levels.
Before you remove a service ID, all MEPs corresponding to the service must be removed.
Examples
The following example shows how to set a unique service ID within a maintenance domain:
Device(config-ether-cfm)# service firstinstance vlan 35
service-policy type control policy
To attach an Intelligent Service Gateway (ISG) control service policy
to a Layer 2 subscriber authorization group, use the
servicepolicytypecontrolpolicycommand in Layer 2 subscriber group configuration mode. To
remove the configuration, use the
no form of this command.
service-policytypecontrolpolicypolicy-name
noservice-policytypecontrolpolicypolicy-name
Syntax Description
policy-name
Specifies the ISG control service-policy name.
Command Default
The global control policy is used.
Command Modes
Layer 2 subscriber group configuration (config-l2-sub-gr)
Command History
Release
Modification
15.1(2)S
This command was introduced.
Usage Guidelines
ISG control policies define the actions that are taken in response to
specific events and conditions. You can configure an ISG control policy to
control the behavior of the dynamically created Ethernet ISG sessions.
To define a control policy, you must define a control class map to
identify events and conditions, and then define a control policy map to bind
the control class map to different actions. You can define the control policy
at the global level, interface level, or dynamic Ethernet session target level.
If control policies are configured at multiple levels, the control policy at
the inner level has higher precedence over those at levels above the inner
level.
Examples
The following example shows how to define an ISG control policy and
attach it to a Layer 2 subscriber authorization group:
Router# configure terminal
Router(config)# policy-map type control SampleControlPolicyMap1
R1(config-control-policymap)# class type control always event session-start
R1(config-control-policymap)# exit
Router(config)# l2 subscriber authorization group group1
Router(config-l2-sub-gr)# service-policy type control policy SampleControlPolicyMap1
Related Commands
Command
Description
l2subscriber
Creates a Layer 2 subscriber authorization group and enters
Layer 2 subscriber group mode.
peer
Defines the target LDP peer PE information.
pseudowire(Layer 2)
Defines the maximum and watermark limits for pseudowires
from a peer PE device.
show bridge-domain
To display bridge-domain information, use the
showbridge-domain command in privileged EXEC mode.
(Optional) Identifier for the bridge-domain instance. Integer in the range 1 to Platform_Upper_Bound, where Platform_Upper_Bound is a platform-specific upper limit.
c-mac
(Optional) Displays a specified customer bridge domain.
mac
(Optional) Displays MAC address data.
Note
The
mac keyword is not supported on the Cisco ASR 1000 Series Aggregation Services Router.
security
(Optional) Displays MAC security information.
address
(Optional) Displays addresses.
When used with the
security keyword, displays secure addresses on a specified service instance.
When used with the
static keyword, displays static addresses in a specified bridge domain.
Note
The
address keyword is not supported on the Cisco ASR 1000 Series Aggregation Services Router.
last
(Optional) Displays the last violation recorded on the specified bridge domain.
violation
(Optional) Displays information about the last violation recorded on the specified bridge domain.
statistics
(Optional) Displays the number of secured MAC addresses and related statistics.
static
(Optional) Displays static MAC information.
table
(Optional) Displays commands related to the MAC address table.
mac-address
(Optional) Displays the MAC address.
aging-time
(Optional) Displays the time, in minutes, that an entry remains before aging out of the MAC address table.
count
(Optional) Displays the total number of addresses in a bridge-domain table.
split-horizon
(Optional) Displays bridge-domain information for a split-horizon.
group
(Optional) Displays bridge-domain information for a split-horizon group.
group-number
(Optional) Number of a specific split-horizon group for bridge-domain information display.
all
(Optional) Selects all ports in split-horizon groups for bridge-domain information display.
none
(Optional) Selects ports that do not belong to any split-horizon group for bridge-domain information display.
stats
(Optional) Displays bridge-domain statistics.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(33)SRD
This command was introduced.
12.2(33)SRE
This command was modified. The
address,
aging-time,
count,
static, and
table keywords and the
mac-address argument were added.
Cisco IOS XE Release 3.5S
This command was integrated into Cisco IOS XE Release 3.5S to provide support for the Cisco ASR 903 Series Aggregation Services Router. This command was modified to provide support for Ethernet Flow Points (EFPs) on trunk ports (interfaces).
15.1(2)SNG
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
15.3(1)S
This command was integrated into Cisco IOS Release 15.3(1)S. The command was modified to display the MAC address limit for the bridge domain.
Usage Guidelines
This command is useful for system monitoring and troubleshooting.
This command is available on both linecards and route processors. To invoke this command on a linecard, log in to the linecard. To invoke this command on a route processor, use the
remotecommandmodule command; for example,
remotecommandmodule16bridge-domain25.
Note
The
remotecommand command is not supported on the Cisco ASR 1000 Series Aggregation Services Router.
Examples
The following is sample output of the
showbridge-domain command. The output varies slightly by platform. The fields are self-explanatory.
Device# show bridge-domain 10
Bridge-domain 10 (2 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet0/2/2 service instance 10
GigabitEthernet0/2/3 service instance 10
MAC address Policy Tag Age Pseudoport[VC-lbl,egr-intf]
0000.5200.010E fwd dynamic 300 GigabitEthernet0/2/3.EFP10
0000.5200.010C fwd dynamic 300 GigabitEthernet0/2/3.EFP10
0000.5200.0107 fwd dynamic 299 GigabitEthernet0/2/3.EFP10
0000.5200.0104 fwd dynamic 300 GigabitEthernet0/2/3.EFP10
The following is sample output where the MAC address limit is displayed:
Device# show bridge-domain 100 mac address
Bridge-domain 100 (2 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 5 minute(s)
Maximum address limit: 10240 Current addresses: 300
Ethernet0/0 service instance 100
Maximum address limit: 200 Current addresses: 100
1 ports belonging to split-horizon group 1
Ethernet0/0 service instance 101 (split-horizon group 1)
Maximum address limit: 300 Current addresses: 150
Software Bridging Info for Bridge Domain 100, contains 2 ports
MAC address Pseudoport
The table below describes the significant fields shown in the display.
Table 2 show bridge-domain Field Descriptions
Field
Description
Maximum address limit
The maximum MAC addresses configured for the bridge domain.
Current addresses
The current number of MAC addresses learned for the bridge domain.
Note
This information may not display for all platforms.
The following example shows the sample output where information of the Ethernet over Generic Routing Encapsulation (GRE) for a specific bridge domain are displayed:
Device# show bridge-domain 10
Bridge-domain 10 (2 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 180 second(s)
GigabitEthernet2/0/0 service instance 1
Virtual-Ethernet1 service instance 1
MAC address Policy Tag Age Pseudoport
0000.0000.0002 forward dynamic 177 Virtual-Ethernet1.EFP1 sGRE src:11.1.1.1 dst:1.1.1.2
0000.0000.0001 forward dynamic 180 GigabitEthernet2/0/0.EFP1
Related Commands
Command
Description
clearbridge-domain
Clears bridge-domain attributes that are not needed.
remotecommand
Executes a Cisco 7600 Series Router command directly on the console or a specified module without having to log into the Cisco 7600 Series Router first.
showethernetserviceinstance
Displays information about Ethernet service instances.
showethernetserviceinterface
Displays interface-only information about Ethernet customer service instances.
show cfmpal
To display Ethernet connectivity fault management (CFM) platform adaptation layer (PAL) information, use the showcfmpalcommand in user EXEC or privileged EXEC mode.
The type and the number of the interface. The supported interfaces are FastEthernet, GigabitEthernet, and port channel.
fwd_vlan
Displays the CFM forward VLAN list.
vlan-number
The VLAN number to test the CFM.
level
Displays the CFM level for the interface.
vlan_list
Displays the CFM VLAN list.
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
Release
Modification
12.4(22)T
This command was introduced.
Usage Guidelines
Use the available keywords and arguments to restrict the display to information about a specific Ethernet CFM PAL.
Examples
The following are sample outputs from the showcfmpal command. The fields are self-explanatory.
Router# show cfmpal info
CFM enable status Disabled
reg_used_ether_cfmpal_process_rx is Not Used
reg_used_raw_enqueue for LINK_ETHER_CFM is Not Used
flowpoint (fp) count 0
max configured level (MCL) -2
cfmpal cfmpal1 mac addr 0005.0050.9c00,
CFM multicast mac address BASE 0100.0ccc.ccc0
CFM multicast mac address MASK 0000.0000.000f
Router# show cfmpal epl
flowpoint count 0, MCL -2
Router# show cfmpal interface fastethernet 0/0 level
FastEthernet0/0 is not on epl, it is in transparent level
show ethernet cfm domain
To display information for an Ethernet Connectivity Fault Management (CFM) domain, use the
showethernetcfmdomain command in privileged EXEC mode.
showethernetcfmdomain
[ domain-name | brief ]
Syntax Description
domain-name
(Optional) String of a maximum length of 154 characters.
brief
(Optional) Displays brief details about the configured maintenance domains.
Command Default
All information about all the configured domains is displayed when no keyword or argument is used.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(33)SXI2
This command was introduced.
12.2(33)SRE
This command was integrated into Cisco IOS Release 12.2(33)SRE.
12.4(20)T
This command was integrated in a release earlier than Cisco IOS Release 12.4(20)T.
Cisco IOS XE Release 2.4
This command was integrated into Cisco IOS XE Release 2.4.
15.1(2)S
This command was integrated into Cisco IOS Release 15.l(2)S. The Source field was added to the command output.
Cisco IOS XE Release 3.5S
This command was modified. The Source field was added to the command output.
Cisco IOS XE Release 3.6S
This command was modified. Information about the local maintenance endpoint (MEP) was added to the Static MEPs counters.
Usage Guidelines
When a domain name is not specified, information for all domains is displayed.
If a domain name is more than 43 characters in length, a warning message is displayed notifying that the maintenance domain ID (MDID) will be truncated to 43 characters in continuity check messages (CCMs) if “id <fmt> <MDID>” is not configured.
When the
brief keyword is used, the command output shows the following summary data:
Domain name
Domain index
Domain level
Number of maintenance associations in the domain
Archive hold time for the error and continuity check databases for the domain
Examples
The following is sample output from the
showethernetcfmdomainbrief command.
Device# show ethernet cfm domain brief
Domain Name: XCTEST
Level: 5
Total Services: 1
Services:
Type Id Dir CC CC-int Static-rmep Crosscheck MaxMEP Source MA-Name
XCON N/A Up Y 10s Disabled Disabled 100 Dynamic XCSVC
The table below describes the significant fields shown in the display.
Table 3 show ethernet cfm domain brief Field Descriptions
Field
Description
Domain Name
Name of the domain.
Level
Maintenance domain level.
Services
Number of services running.
The following is sample output from the
showethernetcfmdomain command for domain called dom22:
Device# show ethernet cfm domain
Domain Name: dom22
Level: 3
Total Services: 1
Services:
Type Id Dir CC CC-int Static-rmep Crosscheck MaxMEP Source MA-Name
BD-V 10 Dwn Y 100ms n/a Disabled 100 Static lvl3
Static MEPs:
For local MEP on FE1/0/0 service instance 1:
MPID Type Id Static-rmep-Up Crosscheck-Up
2 BD-V 10 No n/a
The table below describes the significant fields shown in the display.
Table 4 show ethernet cfm domain Field Descriptions
Field
Description
Domain Name
Name of the domain.
Level
Maintenance domain level.
Total Services
Number of services running.
Services
The services currently running.
Type Id
Service type and ID.
Dir
Either up (toward the switch) or Dwn (toward the LAN or wire).
CC
Continuity check message (CCM) status (Y for enabled or N for disabled).
CC-int
Time, in milliseconds, between CCMs.
Static-rmep-Up
Status of the remote MEP.
MaxMEP
Number of maximum MEPs allowed.
Source
Static origin or dynamically created.
MA-Name
Name of the maintenance association.
Crosscheck-Up
Status of the cross-check function.
Related Commands
Command
Description
showethernetcfmmaintenance-pointsremote
Displays information about remote maintenance points in the continuity check database.
showethernetcfmmaintenance-pointsremotecrosscheck
Displays information about remote maintenance points configured statically in a cross-check list.
showethernetcfmmaintenance-pointsremotedetail
Displays information about a remote maintenance point in the continuity check database.
show ethernet cfm errors
To display Connectivity Fault Management (CFM) continuity check error conditions logged on a device since it was last reset or since the log was last cleared, use the
showethernetcfmerrors command in privileged EXEC mode.
(Optional) Indicates that a maintenance domain is specified.
domain-name
(Optional) String of a maximum of 154 characters in length.
level
(Optional) Indicates that a maintenance level is specified.
level-id
(Optional) Integer from 0 to 7 that identifies the maintenance level.
configuration
(Optional) Displays the configuration error list information; for example, port, VLAN, and error condition.
domain-id
(Optional) Displays error conditions by domain ID.
domain-name
Number of the Domain. The range is from 0 to 65535.
mac-address
(Optional) MAC address of the maintenance domain.
dns
(Optional) Displays a domain name service (DNS).
dns-name
(Optional) String of a maximum of 43 characters in length.
null
Indicates there is not a domain name.
service
(Optional) Displays a maintenance association within the domain.
icc
(Optional) Displays error conditions by the ITU-T Y.1731 Carrier Code (ICC)-based maintenance entity group (MEG) identifier.
icc-code
(Optional) String that identifies the ICC. String of a maximum length of six characters.
meg-code
(Optional) String that identifies the unique MEG code. String of a maximum length of 12 characters.
maintenance-association-name
(Optional) String that identifies the maintenance association.
number
(Optional) Specifies a maintenance association by a numerical ID.
maintenance-association-number
(Optional) Integer that identifies the maintenance association.
vlan-id
(Optional) Displays a VLAN.
vlan-id
(Optional) Integer from 1 to 4094 that identifies the VLAN.
vpn-id
(Optional) Displays a VPN.
vpn-id
(Optional) Integer from 1 to 32767 that identifies the VPN.
Command Default
In CFM IEEE, errors for all domains are displayed when no maintenance domain is specified.
In CFM D1, errors for all domains and all levels are displayed when no maintenance domain or maintenance level is specified.
Command Modes
Privileged EXEC (#)
Command History
Release
Modification
12.2(33)SRA
This command was introduced.
12.4(11)T
This command was integrated into Cisco IOS Release 12.4(11)T.
12.2(33)SXH
This command was integrated into Cisco IOS Release 12.2(33)SXH.
12.2(33)SXI2
This command was integrated into Cisco IOS Release 12.2(33)SXI2.
15.0(1)XA
This command was integrated into Cisco IOS Release 15.0(1)XA.
12.2(54)SE
This command was integrated into Cisco IOS Release 12.2(54)SE.
12.2(50)SY
This command was integrated into Cisco IOS Release 12.2(50)SY.
15.2(1)S
This command was integrated into Cisco IOS Release 15.2(1)S. The order of the columns shown in the display was rearranged, and the
icc keyword was added to provide support for the ICC-based MEG identifier.
Cisco IOS XE Release 3.5S
This command was integrated into Cisco IOS XE Release 3.5S.
Cisco IOS XE Release 3.6S
This command was modified to include information about the local maintenance endpoint (MEP).
15.1(2)SNH
This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.
15.3(1)S
This command was integrated into Cisco IOS Release 15.3(1)S.
Usage Guidelines
Errors that are logged and displayed by the
showethernetcfmerrors command vary according to the version of CFM in use. Errors include the following:
MEP-Down—Maintenance endpoint (MEP) timed out or is advertising a 0 lifetime.
Configuration Error—A continuity check message (CCM) is received that has a maintenance point ID (MPID) matching the local device, but the source MAC address is different.
Forwarding Loop—A CCM is received that has the same MPID and same MAC address as the local device.
Cross-connected—A CCM is received and the service ID does not match the service ID configured on the device for that VLAN.
Cross-check Missing MEP—The cross-checking delay timer has expired, and the configured remote MEP did not come up.
Cross-check Unknown MEP—An unexpected remote MEP came up.
Receive AIS—A MEP detects a mismerge, which is an unexpected MEP condition, or a signal fail condition resulting in peer MEPs receiving an alarm indication signal (AIS) frame.
Error conditions are kept in a log for the duration of the archive hold time configured on the maintenance domain or until the error condition is cleared, whichever occurs first.
Examples
The following is sample output from the
show ethernet cfm errors command:
Device# show ethernet cfm errors
--------------------------------------------------------------------------------
MPID Domain Id Mac Address Type Id
MAName Reason Lvl Age
Local MEP Identifier
--------------------------------------------------------------------------------
2 abc 0000.0000.0000 BD-V 10
lvl3 Remote MEP missing 3 2s
Mpid: 1, Domain: abc, MA: lvl3
1 abc aabb.cc00.2901 BD-V 10
lvl3 Unknown MEP 3 2s Mpid: 1, Domain: abc, MA: lvl3
The following is sample output from the
show ethernet cfm errors command when MEPs are configured for two Maintenance Associations (MAs), MA1 and MA2, and MA2 is configured as an alias to MA1 using the alias command:
Device# show ethernet cfm errors
--------------------------------------------------------------------------------
MPID Domain Id Mac Address Type Id
MA Name Reason Lvl Age
Local MEP Info
--------------------------------------------------------------------------------
21 lvl3 aabb.cc00.2a03 BD-V 10
ma1 Receive RDI 3 0s
MPID: 11 Domain: lvl3 MA: ma1
10 lvl3 0000.0000.0000 BD-V 20
ma2 (ma1) RMEP missing 3 0s
MPID: 21 Domain: lvl3 MA: ma2 (ma1)
2 lvl3 aabb.cc00.2c02 BD-V 10
ma2 Crossconnect Err 3 0s
MPID: 11 Domain: lvl3 MA: ma1
2 lvl3 aabb.cc00.2c02 BD-V 20
ma2 Crossconnect Err 3 0s
MPID: 21 Domain: lvl3 MA: ma2 (ma1)
The table below describes the significant fields shown in the display.
Table 5 show ethernet cfm errors Field Descriptions
Field
Description
MPID
Identifier of the MEP on which the error occurred.
Domain Id
Identifier of the domain affected by the error.
Mac Address
MAC address of the remote MEP on which the error occurred.
Type
Type of MEP.
Id
Identifier of the VLAN on which the error occurred.
MAName
Name of the maintenance association where the error occurred.
Reason
Explanation of why the error occurred.
Lvl
Maintenance level at which the error occurred.
Age
Time (in seconds) that the error has been in the error database.
Local MEP Identifier
Identifier of the local maintenance endpoint.
The following is sample output from the
showethernetcfmerrors command when the optional
configuration keyword is used:
Device# show ethernet cfm errors configuration
--------------------------------------------------------------------------------
CFM Interface Type Id Level Error type
--------------------------------------------------------------------------------
Fe0/0/0 VLAN 100 1 CFMLeak
The table below describes the significant fields shown in the display.
Table 6 show ethernet cfm errors configuration Field Descriptions
Field
Description
CFM Interface
CFM supported interface on which the error occurred.
Type
Type of MEP.
Id
Identifier of the VLAN on which the error occurred.
Level
Maintenance level at which the error occurred.
Error type
Type of error.
The following is sample output from the
showethernetcfmerrors command for CFM error conditions at maintenance level 3:
Device# show ethernet cfm errors level 3
Level Vlan MPID Remote MAC Reason Service ID
5 102 40 aabb.cc00.ca10 Receive AIS service test
The table below describes the significant fields shown in the display.
Table 7 show ethernet cfm errors Field Descriptions
Field
Description
Level
Maintenance level at which the error occurred.
Vlan
VLAN on which the error occurred.
MPID
Identifier of the MEP on which the error occurred.
Remote MAC
The MAC address of the remote MEP on which the error occurred.
Reason
Explanation of why the error occurred.
Service ID
Identifier of the entity affected by the error.
Related Commands
Command
Description
alias
Configures an MA alias within a domain.
showethernetcfmmaintenance-pointslocal
Displays information about maintenance points configured on a device.
showethernetcfmmaintenance-pointsremotecrosscheck
Displays information about remote maintenance points configured statically in a cross-check list.
showethernetcfmmaintenance-pointsremotedetail
Displays information about a remote maintenance point in the continuity check database.