Feedback
Contents
ip arp inspection vlan through lease
- ip arp inspection vlan
- ip arp inspection vlan logging
- ip arp proxy disable
- ip default-gateway
- ip dhcp bootp ignore
- ip dhcp class
- ip dhcp conflict logging
- ip dhcp database
- ip dhcp excluded-address
- ip dhcp ping packets
- ip dhcp ping timeout
- ip dhcp pool
- ip dhcp snooping
- ip dhcp snooping binding
- ip dhcp snooping database
- ip dhcp snooping information option
- ip dhcp snooping limit rate
- ip dhcp snooping verify mac-address
- ip dhcp snooping vlan
- ip dhcp use
- ip domain list
- ip domain lookup
- ip domain name
- ip name-server
- ip proxy-arp
- ip route
- ip routing
- ip source binding
- ip verify source vlan dhcp-snooping
- ipv6 address dhcp
- ipv6 dhcp guard attach-policy
- ipv6 dhcp ping packets
- ipv6 dhcp pool
- ipv6 dhcp server
- lease
ip arp inspection vlan
To enable DAI on a per-VLAN basis, use the ip arp inspection vlan command in global configuration mode. To disable DAI, use the no form of this command.
Usage Guidelines
For vlan-range, you can specify a single VLAN identified by a VLAN ID number, a range of VLANs separated by a hyphen, or a series of VLANs separated by a comma.
You must specify on which VLANs to enable DAI. DAI may not function on the configured VLANs if the VLAN has not been created or is a private VLAN.
ip arp inspection vlan logging
To control the type of packets that are logged, use the ip arp inspection vlan loggingcommand in global configuration mode. To disable this logging control, use the no form of this command.
ip arp inspection vlan vlan-range logging { acl-match { matchlog | none } | dhcp-bindings { permit | all | none } }
no ip arp inspection vlan vlan-range logging { acl-match | dhcp-bindings }
Syntax Description
vlan-range
Number of the VLANs to be mapped to the specified instance. The number is entered as a single value or a range; valid values are from 1 to 4094.
acl-match
Specifies the logging criteria for packets that are dropped or permitted based on ACL matches.
matchlog
Specifies that logging of packets matched against ACLs is controlled by the matchlog keyword in the permit and deny access control entries of the ACL.
none
Specifies that ACL-matched packets are not logged.
dhcp-bindings
Specifies the logging criteria for packets dropped or permitted based on matches against the DHCP bindings.
permit
Specifies logging when permitted by DHCP bindings.
all
Specifies logging when permitted or denied by DHCP bindings.
none
Prevents all logging of packets permitted or denied by DHCP bindings.
Usage Guidelines
By default, the matchlog keyword is not available on the ACEs. When you enter the matchlog keyword, denied packets are not logged. Packets are logged only when they match against an ACE that has the matchlog keyword.
The acl-match and dhcp-bindings keywords merge with each other. When you set an ACL match configuration, the DHCP bindings configuration is not disabled. You can use the no form of this command to reset some of the logging criteria to their defaults. If you do not specify either option, all the logging types are reset to log on when the ARP packets are denied. The two options that are available are as follows:
- acl-match --Logging on ACL matches is reset to log on deny.
- dhcp-bindings --Logging on DHCP bindings is reset to log on deny.
ip arp proxy disable
To globally disable proxy Address Resolution Protocol (ARP), use the ip arp proxy disable command in global configuration mode. To reenable proxy ARP, use the no form of this command.
Usage Guidelines
The ip arp proxy disable command overrides any proxy ARP interface configuration. The default ip arp proxy command returns proxy ARP to the default behavior, which is enabled.
ip default-gateway
To define a default gateway (router) when IP routing is disabled, use the ip default-gateway command in global configuration mode. To disable this function, use the no form of this command.
Command History
Release
Modification
10.0
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Usage Guidelines
The Cisco IOS software sends any packets that need the assistance of a gateway to the address you specify. If another gateway has a better route to the requested host, the default gateway sends an Internet Control Message Protocol (ICMP) redirect message back. The ICMP redirectmessage indicates which local router the Cisco IOS software should use.
Examples
The following example defines the router on IP address 192.31.7.18 as the default router:
ip default-gateway 192.31.7.18Related Commands
Command
Description
ip redirects
Enables the sending of ICMP redirect messages if the Cisco IOS software is forced to resend a packet through the same interface on which it was received.
show ip redirects
Displays the address of a default gateway (router) and the address of hosts for which an ICMP redirect message has been received.
ip dhcp bootp ignore
To enable a Dynamic Host Configuration Protocol (DHCP) server to selectively ignore and not reply to received Bootstrap Protocol (BOOTP) request packets, use the ip dhcp bootp ignorecommand in global configuration mode. To return to the default behavior, use the no form of this command.
Usage Guidelines
A DHCP server can forward ignored BOOTP request packets to another DHCP server if the ip helper-address command is configured on the incoming interface. If the ip helper-address command is not configured, the router will drop the received BOOTP request.
ip dhcp class
To define a Dynamic Host Configuration Protocol (DHCP) class and enter DHCP class configuration mode, use the ip dhcp classcommand in global configuration mode. To remove the class, use the no form of this command.
Usage Guidelines
DHCP class configuration provides a method to group DHCP clients based on some shared characteristics other than the subnet in which the clients reside.
Examples
The following example defines three DHCP classes and their associated relay agent information patterns. Note that CLASS3 is considered a “match to any” class because it has no relay agent information pattern configured:
ip dhcp class CLASS1 relay agent information ! Relay agent information patterns relay-information hex 01030a0b0c02050000000123 relay-information hex 01030a0b0c02* relay-information hex 01030a0b0c02050000000000 bitmask 0000000000000000000000FF ip dhcp class CLASS2 relay agent information ! Relay agent information patterns relay-information hex 01040102030402020102 relay-information hex 01040101030402020102 ip dhcp class CLASS3 relay agent informationip dhcp conflict logging
To enable conflict logging on a Dynamic Host Configuration Protocol (DHCP) server, use the ip dhcp conflict logging command in global configuration mode. To disable conflict logging, use the no form of this command.
Command History
Release
Modification
12.0(1)T
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Usage Guidelines
A DHCP server database agent should be used to store automatic bindings. If a DHCP server database agent is not used, specify the no ip dhcp conflict logging command to disable the recording of address conflicts. By default, the DHCP server records DHCP address conflicts in a log file.
Examples
The following example disables the recording of DHCP address conflicts:
no ip dhcp conflict loggingRelated Commands
Command
Description
clear ip dhcp conflict
Clears an address conflict from the Cisco IOS DHCP server database.
ip dhcp database
Configures a Cisco IOS DHCP server to save automatic bindings on a remote host called a database agent.
show ip dhcp conflict
Displays address conflicts found by a Cisco IOS DHCP server when addresses are offered to the client.
ip dhcp database
To configure a Cisco IOS Dynamic Host Configuration Protocol (DHCP) server and relay agent to save automatic bindings on a remote host called a database agent, use the ip dhcp database command in global configuration mode. To remove the database agent, use the no form of this command.
ip dhcp database url [ timeout seconds | write-delay seconds | write-delay seconds timeout seconds ]
no ip dhcp database url
Syntax Description
Command History
Release
Modification
12.0(1)T
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Usage Guidelines
A DHCP database agent is any host (for example, an FTP, TFTP, or rcp server) or storage media on the DHCP server (for example, disk0) that stores the DHCP bindings database. You can configure multiple DHCP database agents, and you can configure the interval between database updates and transfers for each agent.
The DHCP relay agent can save route information to the same database agents to ensure recovery after reloads.
In the following example, the timeout value and write-delay are specified in two separate command lines:
ip dhcp database disk0:router-dhcp timeout 60 ip dhcp database disk0:router-dhcp write-delay 60However, the second configuration overrides the first command line and causes the timeout value to revert to the default value of 300 seconds. To prevent the timeout value from reverting to the default value, configure the following on one command line:
ip dhcp database disk0:router-dhcp write-delay 60 timeout 60Examples
The following example specifies the DHCP database transfer timeout value as 80 seconds:
ip dhcp database ftp://user:password@172.16.1.1/router-dhcp timeout 80The following example specifies the DHCP database update delay value as 100 seconds:
ip dhcp database tftp://172.16.1.1/router-dhcp write-delay 100ip dhcp excluded-address
To specify IP addresses that a Dynamic Host Configuration Protocol (DHCP) server should not assign to DHCP clients, use the ip dhcp excluded-address command in global configuration mode. To remove the excluded IP addresses, use the no form of this command.
ip dhcp excluded-address [ vrf vrf-name ] ip-address [last-ip-address]
no ip dhcp excluded-address [ vrf vrf-name ] ip-address [last-ip-address]
Usage Guidelines
Use the ip dhcp excluded-address command to exclude a single IP address or a range of IP addresses.
The DHCP server assumes that all pool addresses can be assigned to the clients. You cannot use the ip dhcp excluded-address command to stop the DHCP server from assigning the pool addresses (assigned to an interface using the ip address pool command) to the clients. That is, the ip dhcp excluded-address command is not supported for the addresses assigned using the ip address pool command.
Examples
The following example shows how to configure an excluded IP address range from 172.16.1.100 through 172.16.1.199:
Router> enable Router# configure terminal Router(config)# ip dhcp excluded-address vrf vrf1 172.16.1.100 172.16.1.199Related Commands
Command
Description
ip dhcp pool
Configures a DHCP address pool on a Cisco IOS DHCP server and enters DHCP pool configuration mode.
network (DHCP)
Configures the subnet number and mask for a DHCP address pool on a Cisco IOS DHCP server.
ip address pool
Enables the IP address of an interface to be automatically configured when a DHCP pool is populated with a subnet from IPCP negotiation.
ip dhcp ping packets
To specify the number of packets a Dynamic Host Configuration Protocol (DHCP) server sends to a pool address as part of a ping operation, use the ip dhcp ping packets command in global configuration mode. To prevent the server from pinging pool addresses, use the no form of this command. To return the number of ping packets sent to the default value, use the default form of this command.
Command History
Release
Modification
12.0(1)T
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Usage Guidelines
The DHCP server pings a pool address before assigning the address to a requesting client. If the ping is unanswered, the DHCP server assumes (with a high probability) that the address is not in use and assigns the address to the requesting client.
Setting the number argument to a value of 0 completely turns off DHCP server ping operation .
Examples
The following example specifies five ping attempts by the DHCP server before ceasing any further ping attempts:
ip dhcp ping packets 5Related Commands
Command
Description
clear ip dhcp conflict
Clears an address conflict from the Cisco IOS DHCP server database.
ip dhcp ping timeout
Specifies how long a Cisco IOS DHCP Server waits for a ping reply from an address pool.
show ip dhcp conflict
Displays address conflicts found by a Cisco IOS DHCP server when addresses are offered to the client.
ip dhcp ping timeout
To specify how long a Dynamic Host Configuration Protocol (DHCP) server waits for a ping reply from an address pool, use the ip dhcp ping timeout command in global configuration mode. To restore the default number of milliseconds (500) of the timeout, use the no form of this command.
Command History
Release
Modification
12.0(1)T
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Examples
The following example specifies that a DHCP server will wait 800 milliseconds for a ping reply before considering the ping a failure:
ip dhcp ping timeout 800Related Commands
Command
Description
clear ip dhcp conflict
Clears an address conflict from the Cisco IOS DHCP Server database.
ip dhcp ping timeout
Specifies the number of packets a Cisco IOS DHCP Server sends to a pool address as part of a ping operation.
show ip dhcp conflict
Displays address conflicts found by a Cisco IOS DHCP Server when addresses are offered to the client.
ip dhcp pool
To configure a Dynamic Host Configuration Protocol (DHCP) address pool on a DHCP server and enter DHCP pool configuration mode, use the ip dhcp pool command in global configuration mode. To remove the address pool, use the no form of this command.
Command History
Release
Modification
12.0(1)T
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Usage Guidelines
During execution of this command, the configuration mode changes to DHCP pool configuration mode, which is identified by the (config-dhcp)# prompt. In this mode, the administrator can configure pool parameters, like the IP subnet number and default router list.
Related Commands
Command
Description
host
Specifies the IP address and network mask for a manual binding to a DHCP client.
ip dhcp excluded-address
Specifies IP addresses that a Cisco IOS DHCP server should not assign to DHCP clients.
network (DHCP)
Configures the subnet number and mask for a DHCP address pool on a Cisco IOS DHCP server.
ip dhcp snooping
To globally enable DHCP snooping, use the ip dhcp snoopingcommand in global configuration mode. To disable DHCP snooping, use the no form of this command.
Usage Guidelines
Wireless clients, or mobile nodes, gain access to an untrusted wireless network only if there is a corresponding entry in the DHCP snooping database. Enable DHCP snooping globally by entering the ip dhcp snoopingcommand, and enable DHCP snooping on the tunnel interface by entering the ip dhcp snooping packets command. After you enable DHCP snooping, the process snoops DHCP packets to and from the mobile nodes and populates the DHCP snooping database.
Examples
This example shows how to enable DHCP snooping:
Router(config) # ip dhcp snoopingThis example shows how to disable DHCP snooping:
Router(config) # no ip dhcp snoopingRelated Commands
Command
Description
ip dhcp snooping packets
Enables DHCP snooping on the tunnel interface.
show ip dhcp snooping
Displays the DHCP snooping configuration.
show ip dhcp snooping binding
Displays the DHCP snooping binding entries.
show ip dhcp snooping database
Displays the status of the DHCP snooping database agent.
ip dhcp snooping binding
To set up and generate a DHCP binding configuration to restore bindings across reboots, use the ip dhcp snooping binding command in privileged EXEC mode. To disable the binding configuration, use the no form of this command.
ip dhcp snooping binding mac-address vlan vlan ip-address interface type number expiry seconds
no ip dhcp snooping binding mac-address vlan vlan ip-address interface type number
Syntax Description
mac-address
MAC address.
vlan vlan
Specifies a valid VLAN number; valid values are from 1 to 4094.
ip-address
IP address.
interface type
Specifies the interface type; possible valid values are ethernet, fastethernet, gigabitethernet , tengigabitethernet.
number
Module and port number.
expiry seconds
Specifies the interval after which binding is no longer valid; valid values are from 1 to 4294967295 seconds.
Usage Guidelines
When you add or remove a binding using this command, the binding database is marked as changed and a write is initiated.
ip dhcp snooping database
To configure the Dynamic Host Configuration Protocol (DHCP)-snooping database, use the ip dhcp snooping database command in global configuration mode. To disable the DHCP-snooping database, use the no form of this command.
ip dhcp snooping database { bootflash:url | ftp:url | rcp:url | scp:url | sup-bootflash: | tftp:url | timeout seconds | write-delay seconds }
no ip dhcp snooping database { timeout seconds | write-delay seconds }
Syntax Description
bootflash: url
Specifies the database URL for storing entries using the bootflash.
ftp: url
Specifies the database URL for storing entries using FTP.
rcp: url
Specifies the database URL for storing entries using remote copy (rcp).
scp: url
Specifies the database URL for storing entries using Secure Copy (SCP).
sup-bootflash:
Specifies the database URL for storing entries using the supervisor bootflash.
tftp: url
Specifies the database URL for storing entries using TFTP.
timeout seconds
Specifies the abort timeout interval; valid values are from 0 to 86400 seconds.
write-delay seconds
Specifies the amount of time before writing the DHCP-snooping entries to an external server after a change is seen in the local DHCP-snooping database; valid values are from 15 to 86400 seconds.
Usage Guidelines
You must enable DHCP snooping on the interface before entering this command. Use the ip dhcp snooping command to enable DHCP snooping.
Examples
This example shows how to specify the database URL using TFTP:
Router(config)# ip dhcp snooping database tftp://10.90.90.90/snooping-rp2This example shows how to specify the amount of time before writing DHCP snooping entries to an external server:
Router(config)# ip dhcp snooping database write-delay 15ip dhcp snooping information option
To enable Dynamic Host Configuration Protocol (DHCP) option 82 data insertion, use the ip dhcp snooping information option command in global configuration mode. To disable DHCP option 82 data insertion, use the no form of this command.
Command Default
DHCP option 82 data insertion is enabled by default. Accepting incoming DHCP snooping packets with option 82 information from the edge switch is disabled by default.
Usage Guidelines
DHCP option 82 is part of RFC 3046. DHCP is an application-layer protocol that is used for the dynamic configuration of TCP/IP networks. The protocol allows for a relay agent to pass DHCP messages between the DHCP clients and DHCP servers. By using a relay agent, servers need not be on the same network as the clients. Option 82 (82 is the option’s code) addresses the security and scalability issues. Option 82 resides in the relay agent when DHCP packets that originate from the forwarding client are sent to the server. Servers that recognize Option 82 may use the information to implement the IP address or other parameter assignment policies. The DHCP server echoes the option back to the relay agent in its replies. The relay agent strips out the option from the relay agent before forwarding the reply to the client.
When you enter the ip dhcp snooping information option allow-untrusted on an aggregation switch that is connected to an edge switch through an untrusted interface, the aggregation switch accepts packets with option 82 information from the edge switch. The aggregation switch learns the bindings for hosts connected through an untrusted switch interface. You can enable the DHCP security features, such as dynamic Address Resolution Protocol (ARP) inspection or IP source guard, on the aggregation switch while the switch receives packets with option 82 information on untrusted input interfaces to which hosts are connected. You must configure the port on the edge switch that connects to the aggregation switch as a trusted interface.
Caution
Do not enter the ip dhcp snooping information option allow-untrusted command on an aggregation switch that is connected to an untrusted device. If you enter this command, an untrusted device might spoof the option 82 information.
Examples
This example shows how to enable DHCP option 82 data insertion:
ip dhcp snooping information optionThis example shows how to disable DHCP option 82 data insertion:
no ip dhcp snooping information optionThis example shows how to enable the switch to accept incoming DHCP snooping packets with option 82 information from the edge switch:
ip dhcp snooping information option allow-trustedip dhcp snooping limit rate
To configure the number of the DHCP messages that an interface can receive per second, use the ip dhcp snooping limit ratecommand in interface configuration mode. To disable the DHCP message rate limiting, use the no form of this command.
Usage Guidelines
This command is supported on Layer 2 switch-port and port-channel interfaces only.
Typically, the rate limit applies to the untrusted interfaces. If you want to set up rate limiting for the trusted interfaces, note that the trusted interfaces aggregate all DHCP traffic in the switch, and you will need to adjust the rate limit of the interfaces to a higher value.
ip dhcp snooping verify mac-address
To verify that the source MAC address in a DHCP packet matches the client hardware address on an untrusted port, use the ip dhcp snooping verify mac-address command in global configuration mode. To disable verification, use the no form of this command.
Usage Guidelines
For untrusted DHCP snooping ports, DHCP snooping verifies the MAC address on the client hardware address field to ensure that a client is requesting multiple addresses from a single MAC address. You can use the ip dhcp snooping verify mac-address command to trust the ports or you can use the no ip dhcp snooping verify mac-address command to leave the ports untrusted by disabling the MAC address verification on the client hardware address field.
Examples
This example shows how to verify that the source MAC address in a DHCP packet matches the client hardware address on an untrusted port:
Router(config)# ip dhcp snooping verify mac-addressThis example shows how to turn off the verification of the MAC address on the client hardware address field:
Router(config)# no ip dhcp snooping verify mac-addressip dhcp snooping vlan
To enable DHCP snooping on a VLAN or a group of VLANs, use the ip dhcp snooping vlan command in global configuration mode. To disable DHCP snooping on a VLAN or a group of VLANs, use the no form of this command.
Usage Guidelines
DHCP snooping is enabled on a VLAN only if both the global snooping and the VLAN snooping are enabled.
Enter the range of VLANs using this format: 1,3-5,7,9-11.
Examples
This example shows how to enable DHCP snooping on a VLAN:
Router(config)# ip dhcp snooping vlan 10This example shows how to disable DHCP snooping on a VLAN:
Router(config)# no ip dhcp snooping vlan 10This example shows how to enable DHCP snooping on a group of VLANs:
Router(config)# ip dhcp snooping vlan 10,4-8,55This example shows how to disable DHCP snooping on a group of VLANs:
Router(config)# no ip dhcp snooping vlan 10,4-8,55ip dhcp use
To control what information the Dynamic Host Configuration Protocol (DHCP) server accepts or rejects during address allocation, use the ip dhcp usecommand in global configuration mode. To disable the use of these parameters during address allocation, use the no form of this command.
ip dhcp use { class [aaa] | vrf { connected | remote } }
no ip dhcp use { class [aaa] | vrf { connected | remote } }
Syntax Description
class
Specifies that the DHCP server use DHCP classes during address allocation.
aaa
(Optional) Specifies to use the authentication, authorization, and accounting (AAA) server to get class name.
vrf
Specifies whether the DHCP server ignores or uses the receiving VPN routing and forwarding (VRF) interface during address allocation.
connected
Specifies that the server should use the VRF information from the receiving interface when servicing a directly connected client.
remote
Specifies that the server should use the VRF information from the receiving interface when servicing a request forwarded by a relay agent.
Command History
Release
Modification
12.2(13)ZH
This command was introduced.
12.3(4)T
This command was integrated into Cisco IOS Release 12.3(4)T.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(33)SRB
This command was integrated into Cisco IOS Release 12.2(33)SRB.
Cisco IOS XE Release 3.1S
This command was integrated into Cisco IOS XE Release 3.1S and implemented on the Cisco ASR 1000 Series Aggregation Services Routers.
Usage Guidelines
When the Cisco IOS DHCP server code is allocating addresses, you can use the ip dhcp usecommand to either enable or disable the use of VRF configured on the interface, or to configure DHCP classes. If you use the no ip dhcp use classcommand, the DHCP class configuration is not deleted.
Examples
The following example shows how to configure the DHCP server to use the relay agent information option during address allocation:
Router(config)# ip dhcp use classThe following example shows how to configure the DHCP server to disable the use of the VRF information option during address allocation:
Router(config)# no ip dhcp use vrf connectedip domain list
To define a list of default domain names to complete unqualified names, use the ip domain list command in global configuration mode. To delete a name from a list, use the no form of this command.
Command History
Release
Modification
10.0
This command was introduced.
12.2
The syntax of the command changed from ip domain-list to ip domain list.
12.4(4)T
The vrf keyword and vrf-name argument were added.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Usage Guidelines
If there is no domain list, the domain name that you specified with the ip domain name global configuration command is used. If there is a domain list, the default domain name is not used. The ip domain list command is similar to the ip domain name command, except that with the ip domain listcommand you can define a list of domains, each to be tried in turn until the system finds a match.
If the ip domain list vrf command option is specified, the domain names are only used for name queries in the specified VRF.
The Cisco IOS software will still accept the previous version of the command, ip domain-list.
Examples
The following example shows how to add several domain names to a list:
ip domain list company.com ip domain list school.eduThe following example shows how to add several domain names to a list in vpn1 and vpn2:
ip domain list vrf vpn1 company.com ip domain list vrf vpn2 school.eduRelated Commands
Command
Description
ip domain list
Defines a list of default domain names to complete unqualified hostnames.
ip domain lookup
Enables the IP DNS-based hostname-to-address translation.
ip domain retry
Specifies the number of times to retry sending DNS queries.
ip domain timeout
Specifies the amount of time to wait for a response to a DNS query.
ip name-server
Specifies the address of one or more name servers to use for name and address resolution.
ip domain lookup
To enable the IP Domain Naming System (DNS)-based host name-to-address translation, use the ip domain lookup command in global configuration mode. To disable the DNS, use the noform of this command.
ip domain lookup [ source-interface interface-type interface-number | nsap ]
no ip domain lookup [ source-interface interface-type interface-number | nsap ]
Command History
Release
Modification
10.0
This command was introduced.
12.2
This command was modified. The syntax of the command changed from ip domain-lookupto ip domain lookup.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Cisco IOS XE Release 2.1
This command was integrated into Cisco IOS XE Release 2.1.
15.0(1)M
This command was integrated into a release earlier than Cisco IOS Release 15.0(1)M. The nsap keyword was added.
Usage Guidelines
The Cisco IOS software will still accept the previous version of the command, which is ip domain-lookup. If the ip domain lookup command is enabled on a router, and you execute the show tcp brief command, the response time of the router to display the output is very slow. With both IP and ISO CLNS enabled on a router, the ip domain lookup nsap command allows you to discover a CLNS address without having to specify a full CLNS address given a host name. This command is useful for the ISO CLNS ping EXECcommand and when making CLNS Telnet connections.
Examples
The following example enables the IP DNS-based host name-to-address translation:
Router# configure terminal Router(config)# ip domain lookup Router(config)# endRelated Commands
Command
Description
ip domain list
Defines a list of default domain names to complete unqualified host names.
ip domain lookup
Enables the IP DNS-based host name-to-address translation.
ip domain retry
Specifies the number of times to retry sending DNS queries.
ip domain timeout
Specifies the amount of time to wait for a response to a DNS query.
ip name-server
Specifies the address of one or more name servers to use for name and address resolution.
show tcp brief
Displays a concise description of TCP connection endpoints.
ip domain name
To define a default domain name that the Cisco IOS software uses to complete unqualified hostnames (names without a dotted-decimal domain name), use the ip domain name command in global configuration mode. To disable use of the Domain Name System (DNS), use the noform of this command.
Syntax Description
vrf vrf-name
(Optional) Defines a Virtual Private Network (VPN) routing and forwarding instance (VRF) table. The vrf-name argument specifies a name for the VRF table.
name
Default domain name used to complete unqualified hostnames. Do not include the initial period that separates an unqualified name from the domain name.
Command History
Release
Modification
10.0
This command was introduced.
12.2
The syntax of the command changed from ip domain-nameto ip domain name.
12.4(4)T
The vrf keyword and vrf-name argument were added.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Usage Guidelines
Any IP hostname that does not contain a domain name (that is, any name without a dot) will have the dot and cisco.com appended to it before being added to the host table.
If the ip domain name vrf command option is specified, the domain names are only used for name queries in the specified VRF.
The Cisco IOS software will still accept the previous version of the command, which is ip domain-name.
Examples
The following example shows how to define cisco.com as the default domain name:
ip domain name cisco.comThe following example shows how to define cisco.com as the default domain name for vpn1:
ip domain name vrf vpn1 cisco.comRelated Commands
Command
Description
ip domain list
Defines a list of default domain names to complete unqualified hostnames.
ip domain lookup
Enables the IP DNS-based hostname-to-address translation.
ip domain retry
Specifies the number of times to retry sending DNS queries.
ip domain timeout
Specifies the amount of time to wait for a response to a DNS query.
ip name-server
Specifies the address of one or more name servers to use for name and address resolution.
ip name-server
To specify the address of one or more name servers to use for name and address resolution, use the ip name-servercommand in global configuration mode. To remove the addresses specified, use the no form of this command.
ip name-server [ vrf vrf-name ] server-address1 [server-address2...server-address6]
no ip name-server [ vrf vrf-name ] server-address1 [server-address2...server-address6]
Syntax Description
vrf vrf-name
(Optional) Defines a Virtual Private Network (VPN) routing and forwarding instance (VRF) table. The vrf-name argument specifies a name for the VRF table.
server-address1
IPv4 or IPv6 addresses of a name server.
server-address2...server-address6
(Optional) IP addresses of additional name servers (a maximum of six name servers).
Command History
Release
Modification
10.0
This command was introduced.
12.2(2)T
Support for IPv6 addresses was added.
12.0(21)ST
Support for IPv6 addresses was added.
12.0(22)S
Support for IPv6 addresses was added.
12.2(14)S
Support for IPv6 addresses was added.
12.2(28)SB
This command was integrated into Cisco IOS Release 12.2(28)SB.
12.2(25)SG
This command was integrated into Cisco IOS Release 12.2(25)SG.
12.4(4)T
The vrf keyword and vrf-name argument were added.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH
This command was integrated into Cisco IOS Release 12.2(33)SXH.
Cisco IOS XE Release 2.1
This command was introduced on Cisco ASR 1000 Series Routers.
Examples
The following example shows how to specify IPv4 hosts 172.16.1.111 and 172.16.1.2 as the name servers:
ip name-server 172.16.1.111 172.16.1.2This command will be reflected in the configuration file as follows:
ip name-server 172.16.1.111 ip name-server 172.16.1.2The following example shows how to specify IPv4 hosts 172.16.1.111 and 172.16.1.2 as the name servers for vpn1:
Router(config)# ip name-server vrf vpn1 172.16.1.111 172.16.1.2The following example shows how to specify IPv6 hosts 3FFE:C00::250:8BFF:FEE8:F800 and 2001:0DB8::3 as the name servers:
ip name-server 3FFE:C00::250:8BFF:FEE8:F800 2001:0DB8::3This command will be reflected in the configuration file as follows:
ip name-server 3FFE:C00::250:8BFF:FEE8:F800 ip name-server 2001:0DB8::3ip proxy-arp
To enable proxy Address Resolution Protocol (ARP) on an interface, use the ip proxy-arp command in interface configuration mode. To disable proxy ARP on the interface, use the noform of this command.
Command History
Release
Modification
10.0
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
ip route
To establish static routes, use the ip route command in global configuration mode. Toremove static routes, use the noform of this command.
ip route [ vrf vrf-name ] prefix mask { ip-address | interface-type interface-number [ip-address] } [dhcp] [distance] [ name next-hop-name ] [ permanent | track number ] [ tag tag ]
no ip route [ vrf vrf-name ] prefix mask { ip-address | interface-type interface-number [ip-address] } [dhcp] [distance] [ name next-hop-name ] [ permanent | track number ] [ tag tag ]
Syntax Description
Command History
Release
Modification
10.0
This command was introduced.
12.3(2)XE
The track keyword and number argument were added.
12.3(8)T
The track keyword and number argument were integrated into Cisco IOS Release 12.3(8)T. The dhcp keyword was added.
12.3(9)
The changes made in Cisco IOS Release 12.3(8)T were added to Cisco IOS Release 12.3(9).
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2(33)SXH
This command was integrated into Cisco IOS Release 12.2(33)SXH.
Usage Guidelines
The establishment of a static route is appropriate when the Cisco IOS software cannot dynamically build a route to the destination.
When you specify a DHCP server to assign a static route, the interface type and number and administrative distance may be configured also.
If you specify an administrative distance, you are flagging a static route that can be overridden by dynamic information. For example, routes derived with Enhanced Interior Gateway Routing Protocol (EIGRP) have a default administrative distance of 100. To have a static route that would be overridden by an EIGRP dynamic route, specify an administrative distance greater than 100. Static routes have a default administrative distance of 1.
Static routes that point to an interface on a connected router will be advertised by way of Routing Information Protocol (RIP) and EIGRP regardless of whether redistribute static commands are specified for those routing protocols. This situation occurs because static routes that point to an interface are considered in the routing table to be connected and hence lose their static nature. Also, the target of the static route should be included in the network(DHCP) command. If this condition is not met, no dynamic routing protocol will advertise the route unless a redistribute staticcommand is specified for these protocols. With the following configuration:
rtr1 (serial 172.16.188.1/30)--------------> rtr2(Fast Ethernet 172.31.1.1/30) ------> router [rip | eigrp] network 172.16.188.0 network 172.31.0.0
- RIP and EIGRP redistribute the route if the route is pointing to the Fast Ethernet interface:
ip route 172.16.188.252 255.255.255.252 FastEthernet 0/0RIP and EIGRP do not redistribute the route with the following ip routecommand because of the split horizon algorithm:
ip route 172.16.188.252 255.255.255.252 serial 2/1
- EIGRP redistributes the route with both of the following commands:
ip route 172.16.188.252 255.255.255.252 FastEthernet 0/0 ip route 172.16.188.252 255.255.255.252 serial 2/1With the Open Shortest Path First (OSPF) protocol, static routes that point to an interface are not advertised unless a redistribute staticcommand is specified.
Adding a static route to an Ethernet or other broadcast interface (for example, ip route 0.0.0.0 0.0.0.0 Ethernet 1/2) will cause the route to be inserted into the routing table only when the interface is up. This configuration is not generally recommended. When the next hop of a static route points to an interface, the router considers each of the hosts within the range of the route to be directly connected through that interface, and therefore it will send Address Resolution Protocol (ARP) requests to any destination addresses that route through the static route.
A logical outgoing interface, for example, a tunnel, needs to be configured for a static route. If this outgoing interface is deleted from the configuration, the static route is removed from the configuration and hence does not show up in the routing table. To have the static route inserted into the routing table again, configure the outgoing interface once again and add the static route to this interface.
The practical implication of configuring the ip route 0.0.0.0 0.0.0.0 ethernet 1/2 command is that the router will consider all of the destinations that the router does not know how to reach through some other route as directly connected to Ethernet interface 1/2. So the router will send an ARP request for each host for which it receives packets on this network segment. This configuration can cause high processor utilization and a large ARP cache (along with memory allocation failures). Configuring a default route or other static route that directs the router to forward packets for a large range of destinations to a connected broadcast network segment can cause your router to reload.
Specifying a numerical next hop that is on a directly connected interface will prevent the router from using proxy ARP. However, if the interface with the next hop goes down and the numerical next hop can be reached through a recursive route, you may specify both the next hop and interface (for example, ip route 0.0.0.0 0.0.0.0 ethernet 1/2 10.1.2.3) with a static route to prevent routes from passing through an unintended interface.
NoteConfiguring a default route that points to an interface, such as ip route 0.0.0.0 0.0.0.0 ethernet 1/2,displays a warning message. This command causes the router to consider all the destinations that the router cannot reach through an alternate route, as directly connected to Ethernet interface 1/2. Hence, the router sends an ARP request for each host for which it receives packets on this network segment. This configuration can cause high processor utilization and a large ARP cache (along with memory allocation failures). Configuring a default route or other static route that directs the router to forward packets for a large range of destinations to a connected broadcast network segment can cause the router to reload.
The name next-hop-name keyword and argument combination allows you to associate static routes with names in your running configuration. If you have several static routes, you can specify names that describe the purpose of each static route in order to more easily identify each one.
The track number keyword and argument combination specifies that the static route will be installed only if the state of the configured track object is up.
Recursive Static Routing
In a recursive static route, only the next hop is specified. The output interface is derived from the next hop.
For the following recursive static route example, all destinations with the IP address prefix address prefix 192.168.1.1/32 are reachable via the host with address 10.0.0.2:
ip route 192.168.1.1 255.255.255.255 10.0.0.2A recursive static route is valid (that is, it is a candidate for insertion in the IPv4 routing table) only when the specified next hop resolves, either directly or indirectly, to a valid IPv4 output interface, provided the route does not self-recurse, and the recursion depth does not exceed the maximum IPv4 forwarding recursion depth.
The following example defines a valid recursive IPv4 static route:
interface serial 2/0 ip address 10.0.0.1 255.255.255.252 exit ip route 192.168.1.1 255.255.255.255 10.0.0.2The following example defines an invalid recursive IPv4 static route. This static route will not be inserted into the IPv4 routing table because it is self-recursive. The next hop of the static route, 192.168.1.0/30, resolves via the first static route 192.168.1.0/24, which is itself a recursive route (that is, it only specifies a next hop). The next hop of the first route, 192.168.1.0/24, resolves via the directly connected route via the serial interface 2/0. Therefore, the first static route would be used to resolve its own next hop.
interface serial 2/0 ip address 10.0.0.1 255.255.255.252 exit ip route 192.168.1.0 255.255.255.0 10.0.0.2 ip route 192.168.1.0 255.255.255.252 192.168.1.100It is not normally useful to manually configure a self-recursive static route, although it is not prohibited. However, a recursive static route that has been inserted in the IPv4 routing table may become self-recursive as a result of some transient change in the network learned through a dynamic routing protocol. If this situation occurs, the fact that the static route has become self-recursive will be detected and the static route will be removed from the IPv4 routing table, although not from the configuration. A subsequent network change may cause the static route to no longer be self-recursive, in which case it will be re-inserted in the IPv4 routing table.
NoteIPv4 recursive static routes are checked at one-minute intervals. Therefore, a recursive static route may take up to a minute to be inserted into the routing table once its next hop becomes valid. Likewise, it may take a minute or so for the route to disappear from the table if its next hop becomes invalid.
Examples
The following example shows how to choose an administrative distance of 110. In this case, packets for network 10.0.0.0 will be routed to a router at 172.31.3.4 if dynamic information with an administrative distance less than 110 is not available.
ip route 10.0.0.0 255.0.0.0 172.31.3.4 110
NoteSpecifying the next hop without specifying an interface when configuring a static route can cause traffic to pass through an unintended interface if the default interface goes down.
The following example shows how to route packets for network 172.31.0.0 to a router at 172.31.6.6:
ip route 172.31.0.0 255.255.0.0 172.31.6.6The following example shows how to route packets for network 192.168.1.0 directly to the next hop at 10.1.2.3. If the interface goes down, this route is removed from the routing table and will not be restored unless the interface comes back up.
ip route 192.168.1.0 255.255.255.0 Ethernet 0 10.1.2.3The following example shows how to install the static route only if the state of track object 123 is up:
ip route 0.0.0.0 0.0.0.0 Ethernet 0/1 10.1.1.242 track 123The following example shows that using the dhcp keyword in a configuration of Ethernet interfaces 1 and 2 enables the interfaces to obtain the next-hop router IP addresses dynamically from a DHCP server:
ip route 10.165.200.225 255.255.255.255 ethernet1 dhcp ip route 10.165.200.226 255.255.255.255 ethernet2 dhcp 20The following example shows that using the name next-hop-name keyword and argument combination for each static route in the configuration helps you remember the purpose for each static route.
ip route 172.0.0.0 255.0.0.0 10.0.0.1 name Seattle2DetroitThe name for the static route will be displayed when the show running-configuration command is entered:
Router# show running-config | include ip route ip route 172.0.0.0 255.0.0.0 10.0.0.1 name Seattle2Detroitip routing
To enable IP routing, use the ip routing command in global configuration mode. To disable IP routing, use the noform of this command.
Command History
Release
Modification
10.0
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
Usage Guidelines
To bridge IP, the no ip routing command must be configured to disable IP routing. However, you need not specify no ip routing in conjunction with concurrent routing and bridging to bridge IP.
The ip routing command is disabled on the Cisco VG200 voice over IP gateway.
Disabling IP routing is not allowed if you are running Cisco IOS Release 12.2SX on a Catalyst 6000 platform. The workaround is to not assign an IP address to the SVI.
ip source binding
To add a static IP source binding entry, use the ip source binding command. Use the no form of this command to delete a static IP source binding entry
Syntax Description
mac-address
Binding MAC address.
vlan vlan-id
Specifies the Layer 2 VLAN identification; valid values are from 1 to 4094.
ip-address
Binding IP address.
interface type
Interface type; possible valid values are fastethernet, gigabitethernet, tengigabitethernet, port-channel num, and vlan vlan-id.
mod / port
Module and port number.
Usage Guidelines
You can use this command to add a static IP source binding entry only.
The no format deletes the corresponding IP source binding entry. It requires the exact match of all required parameter in order for the deletion to be successful. Note that each static IP binding entry is keyed by a MAC address and a VLAN number. If the command contains the existing MAC address and VLAN number, the existing binding entry is updated with the new parameters instead of creating a separate binding entry.
Examples
This example shows how to add a static IP source binding entry:
Router(config)# ip source binding 000C.0203.0405 vlan 100 172.16.30.2 interface gigabitethernet5/3This example shows how to delete a static IP source binding entry:
Router(config)# no ip source binding 000C.0203.0405 vlan 100 172.16.30.2 interface gigabitethernet5/3ip verify source vlan dhcp-snooping
To enable Layer 2 IP source guard, use the ip verify source vlan dhcp-snooping command in the service instance mode. Use the no form of this command to disable Layer 2 IP source guard.
ip verify source vlan dhcp-snooping [port-security]
no ip verify source vlan dhcp-snooping [port-security]
Usage Guidelines
The ip verify source vlan dhcp-snooping command enables VLANs only on the configured service instance (EVC) and looks for DHCP snooping matches only for the configured bridge domain VLAN.
Examples
This example shows how to enable Layer 2 IP source guard on an interface:
Router# enable Router# configure terminal Router(config)# interface GigabitEthernet7/1 Router(config-if)# no ip address Router(config-if)# service instance 71 ethernet Router(config-if-srv)# encapsulation dot1q 71 Router(config-if-srv)# rewrite ingress tag pop 1 symmetric Router(config-if-srv)# ip verify source vlan dhcp-snooping Router(config-if-srv)# bridge-domain 10ipv6 address dhcp
To acquire an IPv6 address on an interface from the Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server, use the ipv6 address dhcp command in the interface configuration mode. To remove the address from the interface, use the no form of this command.
Usage Guidelines
The ipv6 address dhcp interface configuration command allows any interface to dynamically learn its IPv6 address by using DHCP.
The rapid-commit keyword enables the use of the two-message exchange for address allocation and other configuration. If it is enabled, the client includes the rapid-commit option in a solicit message.
ipv6 dhcp guard attach-policy
To attach a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) guard policy, use the ipv6 dhcp guard attach-policy command in interface configuration or VLAN configuration mode. To unattach the DHCPv6 guard policy, use the no form of this command.
Syntax Available In Interface Configuration Mode
ipv6 dhcp guard [ attach-policy [policy-name] ] [ vlan { add | all | except | none | remove } vlan-id [ . .. vlan-id ] ]
no ipv6 dhcp guard [ attach-policy [policy-name] ] [ vlan { add | all | except | none | remove } vlan-id [ . .. vlan-id ] ]
Syntax Available In VLAN Configuration Mode
ipv6 dhcp guard attach-policy [policy-name]
no ipv6 dhcp guard attach-policy [policy-name]
Syntax Description
policy-name
(Optional) DHCPv6 guard policy name.
vlan
(Optional) Specifies that the DHCPv6 policy is to be attached to a VLAN.
add
(Optional) Attaches a DHCPv6 guard policy to the specified VLAN(s).
all
(Optional) Attaches a DHCPv6 guard policy to all VLANs.
except
(Optional) Attaches a DHCPv6 guard policy to all VLANs except the specified VLAN(s).
none
(Optional) Attaches a DHCPv6 guard policy to none of the specified VLAN(s).
remove
(Optional) Removes a DHCPv6 guard policy from the specified VLAN(s).
vlan-id
(Optional) Identity of the VLAN(s) to which the DHCP guard policy applies.
Usage Guidelines
This command allows you to attach a DHCPv6 policy to an interface or to one or more VLANs. DHCPv6 guard policies can be used to block reply and advertisement messages that come from unauthorized DHCP servers and relay agents that forward DHCP packets from servers to clients. Client messages or messages sent by relay agents from clients to servers are not blocked.
ipv6 dhcp ping packets
To specify the number of packets a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server sends to a pool address as part of a ping operation, use the ipv6 dhcp ping packets command in global configuration mode. To prevent the server from pinging pool addresses, use the no form of this command.
Usage Guidelines
The DHCPv6 server pings a pool address before assigning the address to a requesting client. If the ping is unanswered, the server assumes, with a high probability, that the address is not in use and assigns the address to the requesting client.
Setting the number argument to 0 turns off the DHCPv6 server ping operation
ipv6 dhcp pool
To configure a Dynamic Host Configuration Protocol (DHCP) for IPv6 server configuration information pool and enter DHCP for IPv6 pool configuration mode, use the ipv6 dhcp pool command in global configuration mode. To delete a DHCP for IPv6 pool, use the no form of this command.
Command History
Release
Modification
12.3(4)T
This command was introduced.
12.2(18)SXE
This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.4(24)T
This command was integrated into Cisco IOS Release 12.4(24)T.
Cisco IOS XE Release 2.1
This command was integrated into Cisco IOS XE Release 2.1.
12.2(33)SRE
This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.
12.2(33)XNE
This command was modified. It was integrated into Cisco IOS Release 12.2(33)XNE.
Usage Guidelines
Use the ipv6 dhcp poolcommand to create a DHCP for IPv6 server configuration information pool. When the ipv6 dhcp pool command is enabled, the configuration mode changes to DHCP for IPv6 pool configuration mode. In this mode, the administrator can configure pool parameters, such as prefixes to be delegated and Domain Name System (DNS) servers, using the following commands:
- address prefix IPv6-prefix [lifetime {valid-lifetime preferred-lifetime | infinite}]sets an address prefix for address assignment. This address must be in hexadecimal, using 16-bit values between colons.
- link-address IPv6-prefix sets a link-address IPv6 prefix. When an address on the incoming interface or a link-address in the packet matches the specified IPv6-prefix, the server uses the configuration information pool. This address must be in hexadecimal, using 16-bit values between colons.
- suboption number sets vendor-specific suboption number. The range is 1 to 65535. You can enter an IPv6 address, ASCII text, or a hex string as defined by the suboption parameters.
NoteThe hex value used under the suboption keyword allows users to enter only hex digits (0-f). Entering an invalid hex value does not delete the previous configuration.
Once the DHCP for IPv6 configuration information pool has been created, use the ipv6 dhcp server command to associate the pool with a server on an interface. If you do not configure an information pool, you need to use the ipv6 dhcp server interface configuration command to enable the DHCPv6 server function on an interface.
When you associate a DHCPv6 pool with an interface, only that pool services requests on the associated interface. The pool also services other interfaces. If you do not associate a DHCPv6 pool with an interface, it can service requests on any interface.
Not using any IPv6 address prefix means that the pool returns only configured options.
The link-address command allows matching a link-address without necessarily allocating an address. You can match the pool from multiple relays by using multiple link-address configuration commands inside a pool.
Since a longest match is performed on either the address pool information or the link information, you can configure one pool to allocate addresses and another pool on a subprefix that returns only configured options.
Examples
The following example specifies a DHCP for IPv6 configuration information pool named cisco1 and places the router in DHCP for IPv6 pool configuration mode:
Router(config)# ipv6 dhcp pool cisco1 Router(config-dhcpv6)#The following example shows how to configure an IPv6 address prefix for the IPv6 configuration pool cisco1:
Router(config-dhcpv6)# address prefix 2001:1000::0/64 Router(config-dhcpv6)# endThe following example shows how to configure a pool named engineering with three link-address prefixes and an IPv6 address prefix:
Router# configure terminal Router(config)# ipv6 dhcp pool engineering Router(config-dhcpv6)# link-address 2001:1001::0/64 Router(config-dhcpv6)# link-address 2001:1002::0/64 Router(config-dhcpv6)# link-address 2001:2000::0/48 Router(config-dhcpv6)# address prefix 2001:1003::0/64 Router(config-dhcpv6)# endThe following example shows how to configure a pool named 350 with vendor-specific options:
Router# configure terminal Router(config)# ipv6 dhcp pool 350 Router(config-dhcpv6)# vendor-specific 9 Router(config-dhcpv6-vs)# suboption 1 address 1000:235D::1 Router(config-dhcpv6-vs)# suboption 2 ascii "IP-Phone" Router(config-dhcpv6-vs)# endipv6 dhcp server
To enable Dynamic Host Configuration Protocol (DHCP) for IPv6 service on an interface, use the ipv6 dhcp server in interface configuration mode. To disable DHCP for IPv6 service on an interface, use the no form of this command.
ipv6 dhcp server [ poolname | automatic ] [rapid-commit] [ preference value ] [allow-hint]
no ipv6 dhcp server
Syntax Description
poolname
(Optional) User-defined name for the local prefix pool. The pool name can be a symbolic string (such as "Engineering") or an integer (such as 0).
automatic
(Optional) Enables the server to automatically determine which pool to use when allocating addresses for a client.
rapid-commit
(Optional) Allows the two-message exchange method for prefix delegation.
preference value
(Optional) Specifies the preference value carried in the preference option in the advertise message sent by the server. The range is from 0 to 255. The preference value defaults to 0.
allow-hint
(Optional) Specifies whether the server should consider delegating client suggested prefixes. By default, the server ignores client-hinted prefixes.
Command History
Release
Modification
12.3(4)T
This command was introduced.
12.2(18)SXE
This command was integrated into Cisco IOS Release 12.2(18)SXE.
12.4(24)T
The automatic keyword was added.
Cisco IOS XE Release 2.1
This command was integrated into Cisco IOS XE Release 2.1.
12.2(33)SRE
This command was integrated into Cisco IOS Release 12.2(33)SRE.
12.2(33)XNE
This command was integrated into Cisco IOS Release 12.2(33)XNE.
Cisco IOS XE Release 3.2SE
This command was integrated into Cisco IOS XE Release 3.2SE.
Usage Guidelines
The ipv6 dhcp server command enables DHCP for IPv6 service on a specified interface using the pool for prefix delegation and other configuration through that interface.
The automatic keyword enables the system to automatically determine which pool to use when allocating addresses for a client. When an IPv6 DHCP packet is received by the server, the server determines if it was received from a DHCP relay or if it was directly received from the client. If the packet was received from a relay, the server verifies the link-address field inside the packet associated with the first relay that is closest to the client. The server matches this link address against all address prefix and link-address configurations in IPv6 DHCP pools to find the longest prefix match. The server selects the pool associated with the longest match.
If the packet was directly received from the client, the server performs this same matching, but it uses all the IPv6 addresses configured on the incoming interface when performing the match. Once again, the server selects the longest prefix match.
The rapid-commit keyword enables the use of the two-message exchange for prefix delegation and other configuration. If a client has included a rapid commit option in the solicit message and the rapid-commit keyword is enabled for the server, the server responds to the solicit message with a reply message.
If the preference keyword is configured with a value other than 0, the server adds a preference option to carry the preference value for the advertise messages. This action affects the selection of a server by the client. Any advertise message that does not include a preference option is considered to have a preference value of 0. If the client receives an advertise message that includes a preference option with a preference value of 255, the client immediately sends a request message to the server from which the advertise message was received.
If the allow-hint keyword is specified, the server will delegate a valid client-suggested prefix in the solicit and request messages. The prefix is valid if it is in the associated local prefix pool and it is not assigned to a device. If the allow-hint keyword is not specified, a hint is ignored and a prefix is delegated from the free list in the pool.
The DHCP for IPv6 client, server, and relay functions are mutually exclusive on an interface. When one of these functions is already enabled and a user tries to configure a different function on the same interface, one of the following messages is displayed:
Interface is in DHCP client mode Interface is in DHCP server mode Interface is in DHCP relay modelease
To configure the duration of the lease for an IP address that is assigned from a Cisco IOS Dynamic Host Configuration Protocol (DHCP) server to a DHCP client, use the lease command in DHCP pool configuration mode. To restore the default value, use the no form of this command.
Syntax Description
days
Specifies the duration of the lease in numbers of days.
hours
(Optional) Specifies the number of hours in the lease. A days value must be supplied before you can configure an hours value.
minutes
(Optional) Specifies the number of minutes in the lease. A days value and an hours value must be supplied before you can configure a minutes value.
infinite
Specifies that the duration of the lease is unlimited.
Command History
Release
Modification
12.0(1)T
This command was introduced.
12.2(33)SRA
This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
